#ubuntu-server 2006-11-13
<eilker> what is the difference between kubuntu and kubuntu server ? is it only gui and lamp server ? if i install lamp server on kubuntu, does it become kubuntu server ?
<eilker> could someone answer me pls, i ask this question here, since yesterday....
<tengil> what packages do i need to run x11 forwarding on a dapper server? do i need more than openssh-server and (let's say) gedit?
<sharms> tengil: no
<sharms> tengil: just type ssh -X user@server, #~ command
<tengil> ok, but i get an empty $DISPLAY
<tengil> and it works on my old gentoo (which i'm replacing) so it's no network problems
<tengil> have also tried with -Y ...
<sharms> just have "X11Forwarding yes" in your sshd config, stop : start sshd then go
<tengil> sharms: yeah i've done that
<eilker> people i can access to my ftp server from console, but i cant access it from browser any ideas?
<tengil> i'm having other probs as well so i'll probably end up installing the desktop version as server...
<techwhore> tengil: i believe you also need xauth
<techwhore> tengil: try ssh -X xeyes
<techwhore> it would be so nice if I could save my ssh passwords in gnome-keyring
<tengil> techwhore: xauth did it, thanks both
<techwhore> ;)
<tengil> techwhore: i don't have xeyes
<techwhore> its in a separate package now. nevermind.
<tengil> i'm getting lots of output though; plugins, missing icons, python stuff
<techwhore> yup. ubuntu server doesn't install lots of X libraries and some other stuff.
<techwhore> do you know auto-apt ?
<tengil> not really
<techwhore> apt-cache show auto-apt
<techwhore> it's very handy when you need to install stuff that you don't know which package it's in
<tengil> ah great, i'll check it out
<techwhore> apt-get install auto-apt; auto-apt update
<techwhore> then you run, auto-apt search <something>
<techwhore> :)
<tengil> and it works
<tengil> anyone know how to fix this:  mdadm: /dev/md0 has been started with 1 drive (out of 2)
<tengil> it's not seeing my hda after install
<techwhore> tengil: try asking this in #ubuntu
<tengil> techwhore: ok
<tengil> thanks
<techwhore> np
#ubuntu-server 2006-11-14
<eilker>  ftp://localhost is working but ftp://myip  is not working , could anyone help me ??  /vsftpd here
<shwag> On ubuntu  useradd -k  does not work.  adduser works fine.  On gentoo useradd -k does work, and adduser is just a symbolic link to useradd.
<shwag> The server docs do not have a section about adding users.
#ubuntu-server 2006-11-15
<lwizardl> i know this is a dev channel but what if both the ubuntu/kubuntu channels aren't helping with issues?
<Discerer> what's the difference between ubuntu and ubuntu-server?
<Burgwork> Discerer: -server is ubuntu without any of the graphical stuff, currently
<Discerer> ok
<Discerer> guess I'll install desktop then get apache, mysql and php ontop myself
#ubuntu-server 2006-11-16
<vpol> hi all
<FlyingSquirrel32> If I have a daemon that I start like this: sudo /usr/sbin/mydaemon & then how do I add an init script and be sure that it returns so the rest of the things in init also run?
<FlyingSquirrel32> What I've done so far... sudo ln -s /root/syslog2mysql.sh /etc/init.d/syslog2mysql  
<FlyingSquirrel32> sudo update-rc.d syslog2mysql default 99
<FlyingSquirrel32> sudo chmod 700 /root/syslog2mysql.sh
<FlyingSquirrel32> then I run it using sudo /etc/init.d/syslog2mysql  It looks like it worked, but it doesn't return, which is a problem when rebooting because the whole system hangs.
<FlyingSquirrel32> nevermind, i just put it in rc.local
#ubuntu-server 2006-11-17
<gubluntu> i get:
<gubluntu> [    3.958346]  PCI: Address space collision on region 6 [000001ff00080000:000001ff000bffff]  of device 0000:00:05.0
<gubluntu> when trying to install ubuntu sparc on my sunfire v100
#ubuntu-server 2006-11-18
<erchache> only a question....on #ubuntu doesnt reply this question....
<erchache> ubuntu support ipmi from hp proliant servers?
<erchache> or need to apply debian patches?
<erchache> i have 2 dlxxx servers and plans to install ubuntu or debian....on debian has support but if has ubuntu too....i prefer ubuntu
#ubuntu-server 2006-11-19
<gubluntu> does anyone know if ubuntu server will auto-output shell to serial during install? or do i need to setup it to do so
<gubluntu> w/ a monitor
#ubuntu-server 2007-11-14
<Petaris_Aki> Hello
<spiekey> how can i capture all packets which the SYN flag using tcpdump?
<Gargoyle> kraut: It got you stumped too?
<kraut> Gargoyle: sorry, i need to fix a breakdown
<kraut> no time atm
<Gargoyle> np
<soren> nealmcb: Around?
<nealmcb> howdy
<soren> nealmcb: Hey.
<nealmcb> back home?
<soren> Yeah.
<nealmcb> nice
<soren> I also finally got round to looking at your ubuntu-jeos changes.
<soren> Apart from a few minor thing, it looks great!
<nealmcb> :-)
<nealmcb> I stumbled a while on the need to mark the vm type.....
<nealmcb> I also am wondering how this might hook in with some other similar tools...
<soren> Such as?
<nealmcb> libvirt and virt-manager
<nealmcb> qemu-make-debian-root
<soren> I'm working on libvirt and virt-manager right now.
<nealmcb> https://bugs.edge.launchpad.net/ubuntu/+source/qemu/+bug/63429
<ubotu> Launchpad bug 63429 in qemu "[Edgy] qemu-make-debian-root hasn't worked since Debian Sarge, and not even then" [Undecided,Confirmed]
<nealmcb> I still haven't gotten back to getting networking working right - need for local bridge-aware interfaces or something in qemu
<nealmcb> have you also read that forums thread?
<soren> Which forum thread?
<nealmcb> xen-create-image: http://www.debian-administration.org/articles/533
<nealmcb> http://ubuntuforums.org/showthread.php?t=549222&page=4
<nealmcb> how do you intend to package it?  hardy and  backport for gutsy?
<nealmcb> the forum thread has lots of questions about this release vs the demo last summer, which seemed to be a much smaller or somewhat different thing - can you shed light on that?
<soren> No :) I'm still trying to get some sort of overview over the entire situation.
<nealmcb> still no jeos iso released.  is the md5 341ca65a187c71643079a2f9ee5523b5  ubuntu-7.10-jeos-i386.iso  (seen in the wild)
<m1r> hello
<nealmcb> huh - what is http://cdimage.ubuntu.com/jeos/releases/7.10/release/
<m1r> i cant install landscape-client, i get : landscape-client: Depends: smartpm-core (>= 0.52-gutsy1-landscape1) but...
<m1r> nealmcb: that is virtualization based ubuntu
<nealmcb> m1r: right - I'm chatting with soren about it - and wondering why that one is there but not at http://releases.ubuntu.com/7.10/
<m1r> ah
<m1r> i was looking for it other day and cojuldnt find it
<soren> m1r: I think it only just got moved there a few days ago.
<soren> nealmcb: I'm not sure why it's not on releases.
<m1r> ok , tnx soren
<m1r> i thought i was searching for somthing unavailable :)
<avatar_> whats the problem with landscape-client?
<m1r> avatar_: i get error when adding 2nd host
<soren> nealmcb: I've just asked our release manager. He put it there, so he should know :)
<soren> m1r: Have you added the repository to the machine or are you just copying the landscape-client deb around?
<avatar_> deb http://landscape.canonical.com/packages/gutsy ./
<avatar_> thats were you can get it
<m1r> soren, added rep and key
<avatar_> % apt-cache policy landscape-client
<avatar_> landscape-client: Installed: 0.15.0-gutsy1-landscape1
<soren> nealmcb: the general answer to that is that releases.ubuntu.com is for the highest-traffic things, and has limited  space
<m1r> and when i try install i get missing dependencies
<m1r> landscape-client: Depends: smartpm-core (>= 0.52-gutsy1-landscape1) but...
<soren> Please put the output of "apt-cache showpkg smartpm-core" onto pastebin
<m1r> soren ; http://pastebin.ca/773448
<soren> m1r: What does "apt-get install smartpm-core=0.52-gutsy1-landscape1" do?
<m1r> let me check
<avatar_> i would like landscape-server to run localy
<avatar_> not so happy with canonical having al my data
<m1r> paranoia avatar_ ? :)
<avatar_> but sales@canonical.com is slow with answering my questions
<m1r> soren : smartpm-core: Depends: libc6 (>= 2.6-1) but 2.5-0ubuntu14 is to be installed
<avatar_> m1r: imho it conflicts with privacy terms
<ivoks> m1r: what version of landscape are you installing?
<m1r> hi ivoks
<m1r> the one from CP
<avatar_> canonical can view all information from our and our customers servers. Installed packages, users etc
<soren> m1r: You're running feisty on that box...
<m1r> soren, i think is gutsy
<soren> m1r: No :)
<ivoks> m1r: it isn't
<soren> m1r: 2.5-0ubuntu14 is from feisty.
<m1r> omg :P
<soren> m1r: If it doesn't know a libc > 2.6, it's not running gutsy.
<m1r> ye i see
<soren> There's a feisty version of landscape, isn't there?
<m1r> ok solved, many tnx guys
<soren> m1r: np
<ivoks> soren: so, how are you? :)
<soren> ivoks: I'm rocking!
<nealmcb> soren - cool - thanks for the trunk commit - yeah the kvm vs qemu needed cleaning up also
<nealmcb> nice changes
<nealmcb> though I don't know that I rate as an "author" :-)
<soren> nealmcb: Sure you do.
<nealmcb> ivoks: howdy!  thanks for your blog writeup - it was indeed a pleasure to hang out with you!
<ivoks> nealmcb: hi! no problem... :)
<ivoks> hopefully, we'll meet again on next UDS, or sooner ;)
<Gargoyle> anyone use drbd?
<ivoks> Gargoyle: me
<Gargoyle> after you fail over, and back again. if drbdadm state all returns Primary/Unknone and Secondary/Unknown on the two machines, is there a command I should be running to resync them?
<ivoks> they sync automaticaly
<ivoks> i have primary/primary
<ivoks> and when one dies, on reconnect, becomes secondary, but outdated
<ivoks> then they sync, and when that's over i have a mechanisam that makes it primary again
<zul> hey mathiaz
<mathiaz> hi zul
<Gargoyle> ivoks: I am using heartbeat, and it put things back over onto node 1, which is reporting as primary.
<Gargoyle> but node 2 is unknown.... Is this because heartbeat might have switched back too soon
<ivoks> oh... are you mounting fs?
<Gargoyle> ypu
<Gargoyle> yup
<ivoks> you can't do that if it's secondary
<Gargoyle> ivoks: Nahh that's handled by heartbeat. only gets mounted on promary
<ivoks> ok
<ivoks> so, primary has Primary/Unknown
<ivoks> and the 'rebooted' one has?
<Gargoyle> It not been rebooted yet, but it has Secondary/Unknown
<ivoks> then you have to connect it
<Gargoyle> It's like each node is in the correct state, just not aware what the other one is upto!
<ivoks> if you want to drop it's data:
<ivoks> drbdadm -- --discard-my-data connect all
<ivoks> and on the primary:
<ivoks> drbdadm connect all
<Gargoyle> do you have to do that each time it fails over, or was it just in the middle of a sync or something?
<ivoks> you have to do that only on split brain situtation
<ivoks> so, in real world, you will never use it :)
<Gargoyle> right, so if I unplugged my nic cables. and watched it fail over.
<ivoks> then hb should take care of making secondary - primary, and mounting filesystem
<Gargoyle> then plugged them back in, and heartbeat switched back to node 1 (even though I have told it not to) could that have caused split brain
<ivoks> no
<ivoks> that should be normal situation
<ivoks> old primary should resync first
<ivoks> to become secondary
<ivoks> after that it can become primary and get services back
<ivoks> imho, two primaries would be better solution
<ivoks> and some redhat tools instead of heartbeat
<Gargoyle> It'f for a high available mysql
<ivoks> i see
<ivoks> i did mysql ha like this:
<ivoks> mysql master-master replication with VIP over heartbeat
<ivoks> but i will replace heartbeat with redhat-cluster-suite
<ivoks> with master-master replication, you can also do load balancing
<Gargoyle> is rh cluster suit a lot better?
<ivoks> well, it includes a lot more than heartbeat
<ivoks> sine i'm using GFS on drbd, having redhat-cluster-suite is just natural way to go...
<Gargoyle> ivoks: I read quite a bit on GFS, got confused with some of it. Can GFS give you no single points of failure with 2 servers?
<ivoks> GFS is just a filesystem which can be mounted on more than computers
<ivoks> drbd provides high availability
<ivoks> with drbd you can create 'network mirror'
<ivoks> and then on top of drbd is GFS, and if you have primary/primary drbd, then you can mount /dev/drbd0 on two machines
<ivoks> and write on it at the same time
<Gargoyle> I just checked node 1 with the nic's stull unplugged. drbd still thinks it's primary.
<Gargoyle> I pulled the cables out 10 mins ago.
<ivoks> well yes
<ivoks> it is primary
<ivoks> it doesn't know if node1 or node2 is out
<kraut> grr
<ivoks> both nodes think they are the one that survived, and both are primary, right?
<Gargoyle> but heartbeat does. since it released the vip to node 2.
<kraut> Gargoyle: did you fixed your hb issue?
<Gargoyle> kraut: Not yet
<ivoks> Gargoyle: did you add drbd relevant stuff to ha.cf?
<nealmcb> soren: have you tried installing the jeos iso in qemu?  I just get initramfs on reboot
<ivoks> respawn hacluster /usr/lib/heartbeat/dopd
<ivoks> apiauth dopd gid=haclient uid=hacluster
<Gargoyle> ivoks: Not dopd
<kraut> god, damn it
<ivoks> Gargoyle: this way hb desides which one should be primary
<ivoks> decides
<Gargoyle> the guide I have says respawn hacluster /usr/lib/heartbead/ipfail
<ivoks> that's for IP
<ivoks> you need it also for drbd
<Gargoyle> ahhh!
<nealmcb> soren: since http://releases.ubuntu.com/7.10/ doesn't have all the releases, it should say so and link to the others.....
<Gargoyle> ivoks: does it matter which order they are in the file?
<ivoks> no
<soren> nealmcb: I honestly don't remember.
<ivoks> Gargoyle: one more thing
<ivoks> Gargoyle: in /etc/drbd.conf
<Gargoyle> yup...
<ivoks> Gargoyle: you need handlers { outdate-peer "/usr/lib/heartbeat/drbd-peer-outdater"; }
<ivoks> Gargoyle: under common {}
<Gargoyle> my haresources is just - mysql-01        drbddisk Filesystem::/dev/drbd0::/drbd::ext3 mysql 192.168.0.215
<ivoks> not haresources
<ivoks> ha.cf and drbd.conf
<Gargoyle> yeah, but I was just checking my haresources looked ok to you - since this guide seems to have an error or two.
<Gargoyle> ivoks: I have "outdate-peer /usr/sbin/drbd-peer-outdater" in the resource section.
<ivoks> well, do you have that file? i don't :)
<ivoks> there is /usr/lib/drbd/outdate-peer.sh, tough...
<Gargoyle> damn!
<Gargoyle> :)
<ivoks> Gargoyle: don't worry
<Gargoyle> so do I change it on my resource or common? (I only have 1 resource so I am assumng it doesnt matter!)
<ivoks> HA and LB isn't trivial to set up...
<ivoks> i've put it in common
<ivoks> but should be ok in resource too, yes...
<ivoks> dendrobates: hi there
<dendrobates> ivoks: hi
<zul> someone say they were working on libvirt and virt-install?
<soren> Me.
<soren> zul: ^^
<zul> soren: ah ok...good..
<zul> let me know if you need to bounce stuff off of me
<soren> zul: I'll keep that in mind.
<nealmcb> soren, zul - so do we need a plan for bridging/combining libvirt, virt-manager, virt-install, ubuntu-jeos-builder for xen and qemu?
<nealmcb> has anyone written up the virtualization blueprint based on the uds discussions?
<soren> Possibly. I need to look into how much of ubuntu-jeos-builder's job virt-install can do.
 * nealmcb nods
<zul> afternoon
<nealmcb> zul afternoon here in Boulder too :-)  where are you?
<zul> ottawa,canada
<mralphabet> what determines the contents of "Suggested Packages" when you install something?
<mralphabet> IE apt-get install blah
<mralphabet> Suggested Packages
<ivoks> debian/control file
<mralphabet> some-other-package
<mralphabet> who would change one? moatas?
<soren> mralphabet: Each package can Suggest: other packages.
<mralphabet> er, motus?
<soren> Depends on the package.
<mralphabet> k, thanks
<soren> If it's in universe, yes. If it's in main, core-dev's can do it.
<ivoks> mralphabet: motus for universe, core for main
<ivoks> i feel like in real server
<ivoks> everything is redundant :)
<soren> *g*
<soren> I also feel like a real server...
<soren> ...but that's because I seem to never stop working.
<ivoks> hehe
<ivoks> then you are ubuntu-server :)
<ivoks> we should rethink heartbeat :/
<ivoks> i know i was the one asking for it, but every day it takes one year of my life...
<soren> ivoks: Heh. Have you looked into redhat-cluster-suiter?
<soren> *suite
<ivoks> yes
<ivoks> i'm planing to replace my heartbeat installations with redhat cluster suite
<nealmcb> zul, soren: fwiw, I registered the libvirt project for the hardy libvirt package and configured the cvs import
<soren> nealmcb: Ah, handy.
<nealmcb> I'm happy to hand it over to Daniel Veillard  or the "registry" group or whoever
<ajmitch> as long as you stick around it shouldn't be necessary
<ajmitch> or put ubuntu-server as the team to own it
<ajmitch> so that team members can update things where necessary
#ubuntu-server 2007-11-15
<nealmcb> has anyone tried the virt-manager packages at https://edge.launchpad.net/~marceloshima/+archive ?
<ajmitch> can't say I have, haven't looked at virt-manager since I last bothered trying to package it :)
<ajmitch> when it was horribly RH-centric
<soren> I'm uploading some stuff to my ppa as we speak, actually.
<nealmcb> soren: when is your bedtime, anyway :-)
 * nealmcb pictures soren's famous raised eyebrow looking back at him....
<soren> HAHA!
<ajmitch> heh
<soren> nealmcb: Erm... Yes, I suppose it is slightly over my bedtime.
<ajmitch> looks like everything in the server team is being taken care of, I can sit back :)
<soren> My wife's out of town, so there's noone around to tell me that I should stop working and go to bed. I don't deal with that very well :)
<zul> ajmitch: you been sitting back anyways
<soren> ajmitch: You're more than welcome to handle eBox for me.
<ajmitch> zul: sure
<nealmcb> let's schedule a server team meeting at a time when ajmitch can't complain - then we can assign him stuff :-)
<ajmitch> soren: but it's perl!
<ajmitch> nealmcb: what, server team meetings at a different time? impossible!
<soren> ajmitch: No shit?
<soren> :p
<soren> Aw, crap. python-gtk-vnc needs to be newed before I can get anywhere from here. Now I actually need to go to bed.
<ajmitch> alright, good night soren :)
<ajmitch> nealmcb: I gave up on trying to have a sane meeting time - 4AM isn't particularly suitable
<soren> ajmitch: What? You sleep?
<ajmitch> no point getting others to change if I'm not actively helping
<soren> slacker
<ajmitch> aren't you off to bed now?
<soren> Well, I just remembered I have a kvm package I wanted to upload. After that.
<ajmitch> hehe
<ajmitch> so, in about 2 hours
<zul> soren: better check to see if the kvm package actually works with the kernel we will be shipping ;)
<soren> Right. At which point it'll be 4 AM here. Perfect time for a meeting, IMO. You know, right after your working day is over?
<soren> zul: Bah. I'll worry about that when the kernel team gets off their arses and uploads a new kernel. :D
<zul> soren: good point :)
<ajmitch> so who's doing the web app stuff for hardy?
<soren> ajmitch: I am.
<soren> ajmitch: Well, eBox upstream mostly. And me.
 * soren kicks quilt
<ajmitch> so, that covers the various web app stacks like RoR, django/turbogears/pylons, php, whatever perl crack there is?
<soren> Ah, I thought you meant eBox.
<ajmitch> sorry, I changed topic :)
<soren> Um.. Not sure.
<soren> You?
<ajmitch> I work mainly with web app stuff here
<soren> Yay, go ajmitch!
<ajmitch> uh oh
 * ajmitch wants to see some grok+storm loving going on :)
<soren> Oh no.
<ajmitch> oh no?
<soren> More stuff I've never heard of that I'll probably need to worry about at some point.
<ajmitch> you've heard of storm
<ajmitch> I know you have
<soren> AAh, right.
<ajmitch> grok is zope3 with a sprinkle of sanity
<soren> I packaged it, didn't I?
<ajmitch> yes
<soren> That was nice of me.
<ajmitch> grok covers up most of the ZCML ugliness
<ajmitch> configuration via xml snippets, I don't know who thought that was sane
<soren> "It has been said that XML is like violence; if a little doesn't solve the problem, use more."
<ajmitch> so very true
<ajmitch> zope3 is being split into *lots* of python eggs
<ajmitch> which will be fun to package up & keep in sync
<ajmitch> but there's at least a lot more effort to have reusable buits & mix & match using WSGI
<soren> I'll also need to figure out what an egg is. (apart from an ingredient in pan cakes)
<soren> Ubuntu has almost all the python stuff I need, so I've never had to worry about that sort of thing.
<ajmitch> you can get eggs from the cheese shop
<ajmitch> it's a python packaging format :)
<soren> So it's a blob full of python?
<ajmitch> I can install grok by doing 'easy_install grokproject'
 * soren kicks soyuz
<ajmitch> essentually, and it specifies dependencies & the like
<soren> I see.
<ajmitch> doko can explain far more about them if you catch him at a sane hour :)
<ajmitch> there's a whole pile of python web app stuff floating around now
 * ajmitch is trying to catch up with various developments
<soren> w00t!
<soren> Accepted: kvm 1:52+dfsg-0ubuntu1 (source)
<soren> I'm off to bed.
<soren> Thank you! I'm here all week!
<ajmitch> good night (again)
<kgoetz> hi all. someone sugested i work on https://help.ubuntu.com/7.10/server/C/postfix.html, so i've started working through it. the bit where it says "openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024" doesnt meantion that you need to put a passhrase on the key, but the key wont generate without one.
<kgoetz> is this key something that doesnt neeed unlocking by postfix?
<fujin> kgoetz: drop -dse3
<fujin> -des3 will not require a password
<fujin> Anyone familiar with iptables? I'm seeing dropped packets like this: Nov 15 16:30:05 puppet kernel: [627596.871424] Dropping Packet: IN=eth0 OUT= MAC=00:50:56:b1:16:8d:00:50:56:b1:30:86:08:00 SRC=172.16.10.10 DST=172.16.10.5 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=44914 DF PROTO=TCP SPT=60350 DPT=8140 SEQ=2189760867 ACK=1425929938 WINDOW=781 RES=0x00 ACK RST URGP=0 OPT (0101080A043AE2FF007B7CE8)
<fujin> there is a rule the matches the traffic
<fujin> (allow all established, related, allow new to 8140)
<kgoetz> well i'mi getting prompted for one.
<fujin> kgoetz: regenerate it without -des3
<kgoetz> that didnt ask for a password
<kgoetz> s/word/phrrase
<fujin> huh?
<fujin> regenerate it without the key, drop -des3
<malloc64> i just installed a fresh gutsy server and would like to throw on fluxbox. i have been through several tutorials, none of which have gotten me running. what is the list of packages i need to install in order to run fluxbox?
<kgoetz> apt-get install fluxbox ?
<fujin> *why* would you install fluxbox on a server
<malloc64> why do i always have to justify wanting to have a lightweight gui on my personal lan server? if you know the answer to y question please do not waste time berating my decisions, if you do not, please refrain from berating my decisions.
<malloc64> thanks kgoetz, but that doesn't even begin to get me there.
<kgoetz> malloc64: because runninga  gui on a server is a waste of resources. flux is in universe, incase thats disabled
<malloc64> kgoetz: the issue is that as a server, it comes with none of the underlying xorg. i have tried installing a great deal of the pieces, but i want to avoid going the full desktop package as that is overkill. i just want the base.
<ajmitch> 'waste of resources' isn't a big problem on a personal server
<ajmitch> malloc64: also grab x-window-system
<kgoetz> my server has 128mb of ram :)
<malloc64> again, i choose not to dialogue on the philosophy of having a small gui on MY server. if you cannot help me, thanks anyway
<kgoetz> we both helped you. we also have our own opinion. deal with it
<sommer> kgoetz: did you figure out the cert issue?
<malloc64> kgoetz, no one has answered my question
<malloc64> and you don't have to be a dick
<ajmitch> noone?
<malloc64> unless i missed the minimal list of packages i need to install on a fresh 7.10 server install to get fluxbox working, no.
<ajmitch> see what I told you above
<malloc64> sorry ajmitch. i did that as well and it also failed. i don't remember if that was with the unable to connect to xserver or could not load databse errors.
<ajmitch> and how were you startign X?
<kgoetz> sommer: still looking at it atm
<malloc64> i have tried in vain with all the following packages: xinit, x-window-system, fluxbox, xorg. in all concievable iterations
 * ajmitch doesn't see startx in that list
<sommer> kgoetz: just wanted to mention that the following commands produce an unencrypted key that doesn't requre a password.
<malloc64> i have tried startx, startfluxbox and one or two others i found in a forum
<sommer> malloc64: you might read through this thread: http://ubuntuforums.org/archive/index.php/t-186298.html
<malloc64> the previous list was just packages installed
<sommer> it's what I've used to install X on a server install.
<sommer> x-window-system-core, xserver-xorg, fluxbox is probably what you're looking for.
<malloc64> sommer: thanks. i will give that a shot. i am hoping to avoid the desktop environment mentioned in the link as i have been told it is more than needed. i shall try your suggestions.
<malloc64> thanks again to ajmitch for your input.
<sommer> malloc64: np
<kgoetz> sommer: are you the one i can ask about https://help.ubuntu.com/7.10/server/C/postfix.html, or is it docteam? i have a bunch of 'why's about teh postfix guide
<sommer> kgoetz: sure you can ask me... I just did an update a couple of days ago.
<sommer> I hate to say it, but the website is already out of date.
<kgoetz> sommer: the guide tells you to set "PWDIR="/var/spool/postfix/var/run/saslauthd"", why not whats listed at teh bottom of the file "# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
<kgoetz> will it have a different end result?
<sommer> kgoetz: nope you should be good either way.
<sommer> the current though is to actually use Dovecot SASL with Postfix instead of Cyrus SASL
<sommer> because of Postfix's chroot, which can cause issues with other services needing to authenticate using Cyrus SASL
<sommer> here's a link to the wiki: https://help.ubuntu.com/community/PostfixDovecotSASL
<sommer> also if you've downloaded the docs from the repo those instructions are in the new docs
<kgoetz> are you hinting i should rip out cyrus and try dovcot ?:S
<sommer> kgoetz: you can go either way, but IMHO Dovecot SASL is easier to integrate with Postfix
<sommer> mostly due to the Postfix chroot
<sommer> there's always 100 ways to skin the cat... I'd go with what you're comfortable with, and what meets your needs
<kgoetz> i'm missing /var/run/saslauthd/mux . is that something i need?
<kgoetz> hm. -m should be it.
<sommer> kgoetz: did you install sasl2-bin?
<kgoetz> sommer: yes. and i put OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" in my default/saslauthd. when i sudo ln -s /var/spool/postfix/var/run/saslauthd/ /var/run/saslauthd the test succeeds
<sommer> kgoetz: sweet, then you should be good to go.
<kgoetz> sommer: but i'll hae to relink it each time the server reboots (tempfs i thought?) is there a way to see *why* its looking there?
<sommer> kgoetz: yep... just going to remind you of that.
<sommer> another reason we recommend using Dovecot SASL... at this time there aren't a lot of applications that use it
<sommer> works great with Postfix though :)
<sommer> kgoetz: I'm not sure what you mean when you say "whay it's looking there"?
<kgoetz> *grherhubarb*
<sommer> do you mean Postfix looking to /var/run/saslauthd ?
<kgoetz> sasl is looking there.
<kgoetz> testsaslauthd -u kgoetz -p pass |less
<kgoetz> connect() : No such file or directory
<kgoetz> put in the symlink and it works
<kgoetz> perhaps that means its working, because its outputting to /var/spool/postfix/var/run/saslauthd, but the test tool doesnt know that? hm...
<sommer> kgoetz: yep most applications will look in /var/run/saslauthd but if you want to use that directory you'll have to break Postfix out of chroot
<kgoetz>  sudo testsaslauthd -u kgoetz -p pass -f /var/spool/postfix/var/run/saslauthd/mux
<kgoetz> 0: OK "Success."
<kgoetz> stupid tool. i lost 3-4 days over that
<lamont> sommer: at least the daemons that need sasld :-)
<sommer> lamont: Yes, definitely... heh
<kgoetz> hm. so i have 250-STARTTLS, but dont seem to have AUTH-LOGIN PLAIN. still. good start perhaps
<malloc64> sommer: you're a lifesaver. it's running right now. 4 hours to screw it up, 20 minutes to fix it. thanks!
<sommer> malloc64: no problem
<sommer> kgoetz: did you edit /etc/postfix/sasl/smtpd.conf and add the lines in step 1 of the STMP Authentication section?
<sommer> lamont: I was wondering if I could send you the updated mail section of the "official" docs for review?
<lamont> sommer: sure... note that if you've dug into SASL, you're ahead of me....
<sommer> I sent it to ScottK last week, but I believe he's busy with RL stuff and hasn't had time to get to it
<kgoetz> sommer: i have cram-md5 and digest-md5 as well as the two suggested (i already had them)
<sommer> lamont: cool, the new version has some big changes and the SASL section is a small part.
<sommer> added a Troubleshooting section and I just wanted to make sure that part was kosher.
<sommer> kgoetz: you should be ready to rock some SMTP-AUTH then.
<sommer> lamont: do you use Gnome or KDE?  to view the DocBook you need yelp installed unfortunetley.
<sommer> (unfortunetely depending on which desktop env you use)
<lamont> sommer: gnome is the desktop I use.  although seb128 would disagree
<kgoetz> as long as it means stuff works, i'm fine with it, but teh guide says i should get output i didnt ;) thought i'd ask
<sommer> lamont: heh... should I send it to the address you have listed in LP?
<sommer> kgoetz: np, the guide output will vary depending on how closely you follow it I think
<sommer> and also depending on your setup (which additional packages you have installed etc)
<kgoetz> sommer: since i sort of half hacked it in on top of my existing setup, i suppose it'll look different :)
<lamont> sommer: lamont@u.c is probably best for that, yes
<sommer> lamont: cool I'll get that to you.  No huge hurry, whenever you have time is fine.
<lamont> ok.  it'll probably be thanksgiving weekend that I get to it
<sommer> lamont: sounds good thanks again.
<TillUnn> Hello guys. I'm trying to run "show ip bgp" but system says that there's no such command& also I can't find a package with 'show' inside. What should I do?
<kgoetz> ip <foo>
<lamont> hrm.. given a fax modem card... have we documented how to tie that into sending/receiving faxes?
<lamont> or do I get to do more work?
<sommer> lamont: I don't think we have that documented, at least not in the Server Docs, you might try the wiki.
<lamont> yeah
<lamont> I'll go looking
<sommer> I remember looking into Hylafax a while back at another job.
<sommer> Seems like it had some cool features
 * lamont just installed mgetty-fax
<lamont> both are in universe
<kgoetz> debian policy becomes a pain when you want to install (say) plugins in squirrelmail :\
<lamont> kgoetz: not really... it just means that squirrelmail needs to support an interface for doing so
<lamont> TillUnn: that's the right command if you're on a Cisco box...  ip --help is a good start, what you're after would be "netstat -rn" or "ip route show"
<lamont> depending on which one best fits your expectations
<TillUnn> thank you :)
<kgoetz> does that postfix+TLS setup from the website also support SSL?
<lamont> TLS == SSL
<lamont> well, close enough
<lamont> that is, TLS uses SSL to provide the secure layer
<kgoetz> so it works with outlook express/other random client?
<kgoetz> i got the impression it was different enough to be incompatible with ssl
<kgoetz> sasl is complainging about password verification failure http://pastebin.ca/774351. do i take that to mean my sasld+ldap is broken?
<sommer> kgoetz: there was/is an issue with outlook express, but this option takes care of it AFAIK: sudo postconf -e 'broken_sasl_auth_clients = yes'
 * lamont dunno.  bedtime for me.
<lamont> before I get keyprints on my face
<kgoetz> sommer: i have that set, so i guess i'll have to check when we get to testing
<kgoetz> lamont: night.
<sommer> later lamont, have a good one
<sommer> kgoetz: sasld+ldap may be broken... are there any logs verifing that from slapd?
<kgoetz> sommer: just turned on sasld debugging, half a tic i'll do slapd
<kgoetz> hm. i'm getting flat connection refused wtih debuggin on
<kgoetz> Nov 15 16:24:51 newmoon postfix/smtpd[8080]: warning: connect #4 to subsystem public/pre-cleanup: No such file or directory
<nealmcb> aj - what about django? - zope just seemed so overly complicated and obscure, though I guess zope3 is lots better
<sommer> kgoetz: not sure, have you tried using SMTP-AUTH with a non-ldap user?
<kgoetz> sommer: there are no non-ldap users - only ldap andmy local account (and my ldap ID is the same as my local, only passowrd is different)
<nealmcb> ajmitch: [oops] ^
<nealmcb> (not trying to start a flame war, just curious....)
<sommer> kgoetz: are you testing with your local account?
<sommer> also, have you configured Postfix to lookup users in LDAP?
<sommer> I assume you have, but thought I'd check :)
<kgoetz> i've tried both my passwords
<kgoetz> and i've got postfix setup for ldap correctly *i think * :)
<sommer> kgoetz: have you tried the ldap connection without SMTP-AUTH (also assuming your box isn't live on the net yet)
<kgoetz> its not live no.
<sommer> sendmail -bv user@your.domain I believe should work if you have ldap setup correctly... never used ldap with Postfix myself though.
<kgoetz> localmail works (or worked when i tries a few days ago). it was stuff coming in externally that was the issue
<sommer> kgoetz: I forget did you have the system docs check out of bzr?
<kgoetz> sommer: checked them out last night (at home)
<sommer> if so the Postfix section now includes a Troubleshooting section... you might try the log level options to see if you can get more info
<kgoetz> the one on the web has no section - will the bzr have different stuff? i notice its 4 weeks old
<sommer> kgoetz: right, the latest update to the email section was on the 13th.
<kgoetz> wonder why the checkout location isnt being updated :(
<sommer> the docs are frozen for each release, so the updates won't make it to the web until Hardy.
<kgoetz> i checked out the hardy docs
<sommer> https://code.edge.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy
<sommer> is updated... is that what you mean?
<kgoetz> looks like its just edubuntu that is old. i do have the update from the 13th for ubuntu-hardy
<sommer>  kgoetz: the server guide should be the same for all branches.
 * kgoetz hasnt looked yet
<sommer> np, just another idea to try... it just feels like you should be getting an error that will point to the culprit :)
<kgoetz> i've turned postfix debugging up to '2'
<kgoetz> :)
<kgoetz> have to be tomorrows job now - gotta head home. thanks for the help :)
<sommer> kgoetz: np, have a good one.
<Kamping_Kaiser> aaaah. home is where the work isnt.
<kraut> moin
<Kamping_Kaiser> hey
<ajmitch> nealmcb: fwiw, I do use django :)
<ajmitch> nealmcb: they cover different areas, I'd say
<Gargoyle> anyone used watchdog with heartbeat?
<zul_> morning
<juliux> hi
<mojojoe> anyone here who can answer some server questions for me?
<mojojoe> would be greatly appreciated.
<mojojoe> might even blow a kiss or two ;)
<zul> mojojoe: just ask your questions and someone will hopefully ask
<zul> er answer...
<zul> need more coffee
<mojojoe> I've got like 10-15 questions.
<mojojoe> Lol... where do I begin?
<zul> at the beginning of course
<avatar__> !ask
<ubotu> Don't ask to ask a question. Just ask your question :)
<mojojoe> I hate that bot.
<mojojoe> Ok, I'm having a server network issue. When I configure everything according to this tutorial: http://www.howtoforge.com/perfect_server_ubuntu7.10_p3 it screws up the hostname and it basically disappears.
<mojojoe> What am I doing wrong?
<mojojoe> Ok, I think I'm going to take a break from ubuntu. Go back to Windows 2003 server, works better, and I'm just too noobish to not have payed support. Thanks all.
<dthacker> no patience
<avatar__> indeed
<zul> yep
<juliux> does somebody know if /etc/iftab is on dapper still in use?
<zul> hi dendrobates
<avatar__> /etc/iftab is in use on dapper/feisty/gutsy
<dendrobates> zul: Hi
<phaidros> hi, is there such a thing like rpm --verify in the deb world?
<phaidros> the rpm one is nice because it checks size, MD5 sum, permissions, type, owner and group of  each file of the package.
<phaidros> therefor it checks complete package integrity ..
<phaidros> I couldn't find anything as complete in the debworld. I know there is debsums, but thats just part of the game :)
<phaidros> or what kind of tool would be preferred to do that task on a deb based machine? tripwire?
<soren> ls -l
<soren> Yeah, that'll work.
 * soren grumbles
<Gargoyle> any drbd users online?
<soren> ! justask
<ubotu> Don't ask to ask a question. Just ask your question :)
<lamont>  /nick grumbly-soren
<Gargoyle> soren: I did just ask...
<soren> meh :)
<Gargoyle> ;)
<soren> In that case: Yes.
<soren> Now, if that was all, I'll be on my way..
<Gargoyle> he he
<Gargoyle> since your still here, what's a good way to configure auto recovery. currently my net section has "after-sb-0/1/2pri disconnect" can drbd automatically resync?
<Gargoyle> heartbeat seems to be working ok. with node 2 being Primary/Unknown and Node 1 being Secondary/Unknown after the link is restored.
<Gargoyle> Are there any recommondations for specific apps (in my case a mysql database) or is discard-younger-primary a good option?
<Gargoyle> Or am I looking in completely the wrong section for a "clean" recovery?
<Gargoyle> ahh, I get it now...
<Gargoyle> I was reading the docs wrong. D'oh! I thought the three different rules were evaluated in order to come out with an answer!
<Gargoyle> I have gone for discard-zero-changes, discard-secondary and disconnect.
<Gargoyle> I am testing my cluster and I have just done a network fail and restore on the backup node, drbd has come back and on the backup is correctly showing Sec/Pri. But the active node is showing Pri / Unknown. Anyone got any ideas?
<treb0r> hello chaps.
<treb0r> can anybody give me a good reason to use ubuntu server over debain on a dedicated box to be used mainly as a lamp server?
<dantalizing> ubuntu cds are shinier
<treb0r> I need to decide, and right now it looks like I'm going with debian...
<Gargoyle> the ubuntu installer has a 1 "click" option. Does the debian?
<mathiaz> treb0r: why would you go with debian ?
<treb0r> mathiaz: because that is the traditional choice, and I know it well...
<treb0r> Gargoyle: I won't be installing it myself. The company I'm leasing the box from will do it..
<Gargoyle> in that case, I'm with dantalizing
<Gargoyle> Ubuntu is shinier!
<treb0r> hmmm
<mathiaz> treb0r: ubuntu is based on debian - things are done the same way
<treb0r> mathiaz: Yes, I realise that. just need to know what the advantages (if any) would be to using ubuntu server
<mathiaz> treb0r: ubuntu comes with AppArmor which is an easy way to implement security policies.
<spiekey> howdy!
<Petaris_Aki> is there a way to get auth-client-config to reconfigure?
<Petaris_Aki> it died the last time around, before the configuration was done
<Petaris_Aki> now it won't come up again
<Petaris_Aki> I tried dpkg-reconfigure auth-client-config but it doesn't do anything
<Babatos> dumb question. i have box i want to do server on. it has a promise fasttrak sata card. the boot cd rom drvs do not seem to use the promise drvs, but the oss ones, which i understand, however the issue is that the oss drvs do not see a cfg raid, just each drv. anyway to add a drive to the boot cd?
<ivoks> ah... fasttrack and supertrack...
<ivoks> promise drivers are for 2.4 kernel, and thus unusable
<ivoks> oss drivers were working untill promise changed firmware
<ivoks> since then they also stoped developing linux drivers
<ivoks> other than that, promise cards provide very low performance
<ivoks> you will get better performance with $100 card and linux software raid
<Babatos> ivoks i know that however it is for a box that i need support of the raid rebuild with the promise bios as there will not always be a linux dude around to fix linux raid.
<Babatos> btw that was about the preforance, i did not know the other stuff. thanks. i will get get a 3ware
<Goosemoose> hi
<Goosemoose> i just installed ubuntu onto a machine im going to use as a server, after the first boot i get Grub Loading Stage 1.5
<ivoks> Babatos: 3ware is the best choice
<Goosemoose> Grub Loading, please wait, error 2
<Babatos> i just hoped not to have to as i had the promise card :)
<Goosemoose> Any ideas what's up? I tried reinstalling, same problem
<ivoks> Goosemoose: you have more than one disk on that computer?
<Goosemoose> yes
<Goosemoose> i had 2 set up in a raid configuration
<Goosemoose> hardware raid
<ivoks> then that's one
<Goosemoose> i noticed when installing though it showed both drives so i just chose one
<Goosemoose> so, i cant use raid?
<ivoks> Goosemoose: then you don't have hardware raid
<Goosemoose> of course i do
<Goosemoose> its built into the motherboard
<Goosemoose> hi end asus board
<ivoks> it's not hardware rai
<ivoks> d
<ivoks> you can't get hardware raid on MB
<Goosemoose> when i boot up it shows me the raid configuration
<ivoks> no mather what writes on plastic box
<ivoks> Goosemoose: hardware raid controller value is like 5 MBs
<ivoks> what you have is fake raid
<ivoks> something that salles people like to call RAID, but it's actually software raid
<Goosemoose> hmm
<ivoks> fake raids are like softmodems
<ivoks> http://thebs413.blogspot.com/2005/09/fake-raid-fraid-sucks-even-more-at.html
<Goosemoose> mb says Intel Raid for SATA using ICH5R chipset
<ivoks> Goosemoose: raid controler costs over $400
<ivoks> how much did you pay for MB?
<Goosemoose> yes, i realize, i have several hardware raid controllers on my other servers
<Goosemoose> this was a small one a built a year ago
<Goosemoose> about $250
<ivoks> that's a fakeraid
<Goosemoose> ok
<Goosemoose> so then how do i setup ubuntu without the error?
<ivoks> disable raid in bios
<ivoks> and if you really need raid, use linux raid
<Goosemoose> ok, will do
<mralphabet> Goosemoose: 'hardware' raid refers to a raid controller that has a XOR processor on board
<fujin> I'm sure it has a little more than that. Generally, anyway.
<fujin> the megaraid cards we get with our dell boxes even have a RAM stick on em.
<mralphabet> fujin: I have a promise raid controller that does not have onboard xor, it offloads to the cpu
<mralphabet> it has a stick of ram on it
<fujin> yes, the promise are notorious for being pretend hardware raid, like that ;|
<mralphabet> yes, ;| indeed
<fujin> I try to avoid them where possible, but have had great success with these megaraid cards (dell)
<mralphabet> aye
<mralphabet> fujin: oh, you meant "hardware raid will have more then just the XOR processor", right?
<fujin> indeed
<mralphabet> yes
<Goosemoose> yeah this says its a promise card
<Goosemoose> i have a few 3ware cards on my other servers
<Goosemoose> oh well setting up without
<mralphabet> my point was that a raid card without a XOR processor really does not qualify as "hardware raid"
<ivoks> 3ware rulez :)
<Goosemoose> any of you guys implement integration with an AD domain?
<Goosemoose> I've setup an ubuntu machine now that authenticates logins against the domain and it's working nicely
<ivoks> wait for the next ubuntu release for that :)
<Goosemoose> trying to get the next steps going
<Goosemoose> already got it, whats coming up next?
<ivoks> sure you can make it work even now...
<ivoks> but, there'll be more goods in new version
<Goosemoose> cool
<Goosemoose> im setting up 280 machines
<Goosemoose> So, I'm going to need to map the home directory to that on the domain so when the students log into an ubuntu box they see the same stuff as their windows box
<Goosemoose> do i just use pam-mount?
<ivoks> i guess
<Goosemoose> any of you worked on deploying machines over the network?
<Goosemoose> ive found a method using a TFTP server
<Goosemoose> but it doesnt really allow a lot of customization
<Goosemoose> i was hoping to just image one machine and deploy it that way, then have a script change the computer name , maybe a few other things
<ivoks> well...
<ivoks> you need dhcp server serving a hostname
<ivoks> kickstart, maybe preseed and that's it
#ubuntu-server 2007-11-16
<pablasso> stupid question, i made some users with useradd, but the prompt for them looks horrible, it looks like 'sh-3.1$', even though i copied the same .bashrc to their home that im using on the root account with a beauty prompt, what could it be?
<halcyonCorsair> does anyone here know much about snmp?
<avatar_> whats your problem?
<halcyonCorsair> i want to add some 3rd party mibs
<halcyonCorsair> and then look up the information they reference
<halcyonCorsair> help anyone?
<kraut> moin
<avatar_> halcyonCorsair__: mbrowse - a SNMP MIB browser
<halcyonCorsair__> avatar_: does it let me add 3rd-party mibs?
<avatar_> halcyonCorsair__: you can open 3rd-party mibs in mbrowse
<halcyonCorsair__> ok
<halcyonCorsair__> can i get snmpwalk to show the names of stuff, rather than iso.2.4.5.6.61.1.1 kind of thng?
<captbaritone_> anyone about?
<avatar_> !ask
<ubotu> Don't ask to ask a question. Just ask your question :)
<CrummyGummy> Hi, any idea what this is?
<CrummyGummy> Can't exec "/tmp/sun-java6-bin.config.4051": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168.
<CrummyGummy> open2: exec of /tmp/sun-java6-bin.config.4051 configure  failed at /usr/share/perl5/Debconf/ConfModule.pm line 58
<CrummyGummy> It seems to show up quite often in installs.
<soren> CrummyGummy: Is your /tmp a separate partition mounted with noexec, perhaps?
<CrummyGummy> soren: yes
<soren> And you're still curious why it won't execute scripts in /tmp ? :)
<soren> "Can't exec "/tmp/sun-java6-bin.config.4051": Permission denied at  /usr/share/perl/5.8/IPC/Open3.pm line 168.
<soren> "
<soren> It can't possibly be more clear than that :)
<CrummyGummy> nope, now I'm curious if its important. I wa under the impression that having noexec mount for scripts is a good way to do things...
<soren> You've mounted it noexec. Hence, if something tries to execute something there... It won't work.
<soren> ...and apparantly the package in question extracts stuff into /tmp and tries to execute something there.
 * CrummyGummy is off to change the mounting options.
<soren> Feel free to file a bug against the package, though. It's bound to cause problems for others as well.
<CrummyGummy> I'll do that, thanks.
<CrummyGummy> chmod 766 /tmp/ should fix the security problem.
<soren> Er.. no.
<soren> ...but it will likely make a lot of stuff blow up in your face :)
<CrummyGummy> really, there weren't any problems (besides above) when it was mounted noexec. How is this so different?
<soren> CrummyGummy: Revoking execute privileges on /tmp from anyone but root?
<soren> CrummyGummy: Um, it'll only make every other user's attempt at doing pretty much anything in /tmp fail.
<frippz> is there a way to import a csv-export file from a Windows 2000 Server DNS-server into BIND?
<Kamping_Kaiser> frippz, does the server use AD?
<Kamping_Kaiser> if its a non-AD server it will be saving to a bind compaitible config file
<frippz> well, I'm not entirely sure. this is just a zone that I'm exporting
<frippz> the win2k-server is not a primary dns
<Kamping_Kaiser> the above is all i know about windows and dns server :)
<frippz> ok :)
<Kamping_Kaiser> :)
<zul> morning
<frippz> hmm, well there must be a migration guide somewhere on the web for this
<Kamping_Kaiser> frippz, long shots, but try #bind and ##windows
<frippz> Kamping_Kaiser: thanks, will give that a go as well
<Kamping_Kaiser> good luck
<susscorfa> i just instaled apache and latex2html on a ubuntu machine but there are latex2html files in the /var/www is there any good reseason for that or where should i pose this question
<randomwalker> hi, i have a bunch of sites running on the same machine, and because of this apache seems to take like 10 seconds to start
<randomwalker> not sure why
<randomwalker> any idea how i can make it start faster?
<sommer> randomwalker: you might check which modules you have loading and make sure you have to have them.
<sommer> ls /etc/apache2/mods-enabled/
<randomwalker> sommer, thanks, just checked, looks like only a few basic modules
<sommer> from my experience I've had mod_perl cause Apache to start slower than normal... upgrade of memory helped that though :)
<randomwalker> basically i didnt' change the ubuntu defaults
<randomwalker> thing is, when there's only 1 site it loads immediately
<randomwalker> so i'm thinking its redoing everything for each site
<sommer> you might double chech your vhosts...
<randomwalker> what should i check for?
<sommer> good question
<randomwalker> its ok, no big deal, i was hoping there was an easy fix
<sommer> you might also disable all but one than re-enable them one at a time to see if it's a specific one causing the slowness
<randomwalker> ah, good idea, thanks
<sommer> you could also search on optimizing apache... I've tweaked some of the Min/MaxSpareServers settings and had good results before
<sommer> but you'll definitley want to be careful doing that... could have a negetive affect under laod
<sommer> *load rather
<randomwalker> oh ok
<davidlondon> i'm a bit stuck, trying to set up a 2 interface lan at work with an ubuntu server and 3 xp machines
<davidlondon> eth0 connects to the net via adsl modem and eth1 is the internal lan-should eth0 be dhcp?
<davidlondon> ?
<davidlondon> anyone know a good guide for a 2 inteface server install
<mralphabet> davi^TAB^TAB
<mralphabet> wth, stay around for an answer why don't you
<sommer> oh sweet... autocomplete in irc!!!  Woot and stuff
 * sommer feels like noob
<sommer> mralphabet: just think if he hadn't left I would have kept copy and pasting peoples names... heh
<sommer> lamont: ScottK, I've added a Mail Filtering section to the system docs.  Is it cool if I send it to you for review?
<mralphabet> sommer: hah!  well don't let me stop you from your copy / paste fun . . .
<dthacker-work> The file-print server and easy-business server blueprints seem dormant.  Are there any plans for these around Hardy?
<mralphabet> dthacker-work: I believe so, yes
<dthacker-work> mralphabet: are there other more current documents I should be looking at?
<mralphabet> dthacker-work: I am not sure, I just remember them talking about those things after gutsy release
<mariocesar_bo> Hello, I just install Ubuntu Server just few seconds ago ... I am getting Fatal Errors when I try to use sudo. like $sudo ls, outputs: sendmail: fatal: open /etc/postfix/main.cf no such file or directory
<mariocesar_bo> hello, any help?
<Triplee23> Hi, anyone with knowledge on sysctl.conf?
<leonel> man sysctl.conf ?
<Triplee23> Yes, i know but it is not working. I am trying to permanently change the value of net.ipv4.igmp_max_memberships but every time I boot the value is reset to 1. Any idea on how to manage this?
<Triplee23> I have added this to sysctl.conf "net.ipv4.igmp_max_memberships=4" but this does not help. sysctl.conf is run during boot by /etc/rcS.d/S17procps.sh
#ubuntu-server 2007-11-17
<lamont> sommer: send any postfix-ish stuff you want at me
<zul> evening
<sommer> lamont: cool thanks man
<lamont> sommer: I figure that I can liberate parts of it, especially configuration type stuff, and make the package better.  so it's all good.
<The_Kernel> how do I install ldap?
<sommer> The_Kernel: sudo apt-get install slapd... if you want OpenLDAP that is.
<sommer> lamont: party!
<zylstra555> Hello. Are there bots (the bad kind) that have humans sitting behind a computer deciphering CAPTCHA system text?
<joerlend> I'm making a virtual machine template and I need to find all references to the hostname. How do I do that?
<pschulz01> joerlend: Are you asking for a searck of the entire root directory?
<joerlend> not really. That would involve searching through all files.. I'm using ubuntu-desktop, mailserver, lamp and sshserver tasks. If someone knows which files are involved.. ?
<antdedyet> joerlend: there are at least /etc/hosts & /etc/hostname
<joerlend> yes, I know about those and I've edited them, other stuff still uses the old hostname.
<pschulz01> joerlend: /etc/postfix/main.cf
<kgoetz> grep -r `hostname` /etc/
<joerlend> kgoetz?
<joerlend> oh.. Yes, that might be helpful. I'll try it, though I don't think everything calls it hostname.
<kgoetz> joerlend: search your hostname in /etc/, then you know what files its in
<kgoetz> grep -r -e `hostname` -e hostname /etc/
<pschulz01> joerlend: /etc/apache2/?
<antdedyet> joerlend: backticks (` `) tell the shell to execute a command and the returned value is substituted for `hostname`
<lamont>  /etc/mailname is what mailers use, by policy
<joerlend> why doesn't everything just refer to /etc/hostname?
<kgoetz> your mailname might not be your hostname
<kgoetz> ditto httpd and any number of other services
<joerlend> oh, right.
<lamont> sommer: of course I have yelp installed... it's part of ubuntu-desktop.. :-)
<lamont> sommer: so does this mean that you're running that other desktop??? :-)
<J-_> What code can I put into a php page to show my MySQL enabled/disabled stuff?
<J-_> When I first set up my server there was a way, but, now I can't remember how I did it.
<susscorfa> phpinfo() ? maybe and look which modules are enabled
<J-_> hmm I think that may be it
<susscorfa> ok
<J-_> do I just put phpinfo() in the file and save it as whatever.php?
<susscorfa> well you should first start php <?php phpinfo(); ?>
<susscorfa> but then write it to whatever.php and it should work
<J-_> thanks
<susscorfa> but afterwords delete this file again because phpinfo() can give unnessisary info to hackers / crackers
<J-_> ... really? So it's not safe to show it to someone?
<susscorfa> well it is a good use to not show it i believe
<J-_> Okay, thanks very much for the info. =)
<J-_> saved me
<susscorfa> it gives info about your configureation so that is only a entry for other people
<susscorfa> np
<nealmcb> well that seemed like an exciting 24 hours....
<nealmcb> (re: USN 544) - thanks to the folks that work the long hours, who I won't wake up now by mentioning them :-)
<rickp> Does Ubuntu work with 2X - 2X TerminalServer?
<rickp> more specifically Ubuntu Server 7.10
<rickp> anyone with experience with X2 with Ubuntu server?
<rickp> ^^ 2X TerminalServer ^^
<rickp> I'll try back later
<m1r> hello
<m1r> i have dhcp server setup problem, can someone help ?
<sommer> m1r: what's the specific issue?
<m1r> hi sommer
<m1r> i need to get eth0 serving dhcp server from chillispot
<m1r> but when i put my server
<m1r> i mean when i put network config as
<m1r> auto eth0
<m1r> it dont allow to get up
<m1r> unknown interface eth0
<m1r> but on 7.04 on same network setup that works with np
<sommer> m1r: what's chillispot?
<sommer> do you have more than one NIC?
<m1r> yes
<m1r> wlan0 conected to AP
<m1r> eth0 should serve as internal dhcp server
<m1r> chillispot is captive portal package
<sommer> does it work if you stop the wlan0 interface?
<sommer> ah
<m1r> let me check what happenes when i stop wlan0
<sommer> roger that standing by
<sommer> heh
<m1r> same , ignoring it
<sommer> is the interface working, just not dhcpd?
<m1r> laptop------AP-------eth0/wlan0-----AP-----internet
<m1r> this is setup
<sommer> and your eth0 is working, or no?
<m1r> i am conecting on eth0 dhcp so it works, but in network restart it says it is ignoring eth0 all the time
<sommer> ah and you want to turn eth0 into a dhcp server? or did I not understand that correctly?
<m1r> yep
<m1r> so packages from eth0 can go tun0 to wlan0
<m1r> but now, i just want to get eth0 workable in sistem
<sommer> ah... try commenting everything for wlan0 in /etc/network/interfaces... then restart networking
<m1r> strange is that i have samesetup on 7.04 and it works with just: auto eth0 ; then it serves dhcp requests
<sommer> also here's a link that may help: http://www.cyberciti.biz/tips/linux-how-to-setup-multi-homing-networking.html
<m1r> let me see
<sommer> you might also check the scripts in /etc/network/if-* and see if they're running another daemon that isn't being run in 7.04
<m1r> there is problem right in start
<sommer> sweet
<m1r> routing should be going thru chillispot
<sommer> yep that would do it.
<m1r> i will check scripts first to see if dirent
<m1r> scripts seems same
#ubuntu-server 2007-11-18
<elubin> where is the file located that handles the startup script on ubuntu?
<elubin> i have a dhcp server running on my ubuntu pc and just installed rcconf and was wondering if the dhcp startup script handles both the ip address of the computer itself as well as the dhcp server or if they are separate
<osmosis> how come sshd doesnt have a incremental delay features ?
<osmosis> I did apt-get install cacti , and its all setup. ..but it never told me the default user and pass to login to cacti with.
<osmosis> how do I setup snmpd.conf on hosts so I can use cacti?
<osmosis> anyone tell me what this means ? http://dpaste.com/25278/
<svschwartz> hi2all
<svschwartz> somebody knows any plans for tomcat6 packages in gutsy ? :)
<svschwartz> server
<XPertKnobTwiddlr> i'm building a wireless router using gutsy ... last time i built one of these it was based on the 2.4 kernel using an atheros card.  it looks like the wireless devices were split, wlan0 for managed mode and wmaster0 for master mode... is that right?  if not, what is wmaster0 vs wlan0?
<kraut> moin
<phaidros> XPertKnobTwiddlr: never looked out for that specific problem, but for a wireless router OpenWRT kamikaze or even FreiFunk Firmware (if embedded device like WRT or such) is way better than huge distro.
<XPertKnobTwiddlr> phaidros: you're right...  but this machine will actually have many other purposes
<XPertKnobTwiddlr> XPertKnobTwiddlr: it's a pIII , i plan to have it function as a wifi router, ethernet gateway, mercurial repository w/ www interface, and perhaps even a hardware mpeg encoder
<XPertKnobTwiddlr> eh, probably not the mpeg encoder
<phaidros> nice ..
<phaidros> but to your atheros problem ..
<phaidros> with gutsy I just have wifi0 (shown as wifi0-00 in ifconfig -a)
<XPertKnobTwiddlr> hmm, im not having an atheros problem
<XPertKnobTwiddlr> i just wanted to know about the new net device names (new, relative to 2.4, lol)
<phaidros> wlan0 and wmaster0 are not what I experience with my atheros card on gutsy
<phaidros> a IC :)
<XPertKnobTwiddlr> ie:  what is the difference between wlan0 and wmaster0 ?
<phaidros> never seen each of them :)
<XPertKnobTwiddlr> i would assume that they point to the same device, but one is master and the other is managed mode
<phaidros> I think one belongs to sumthin like hostAP and the other .. proxim card :D
<phaidros> *no clue*
<XPertKnobTwiddlr> hmm
<XPertKnobTwiddlr> ok
<XPertKnobTwiddlr> and i was also unclear before when i mentioned the atheros card -- that's still in a different machine currently running 2.4
<XPertKnobTwiddlr> the gutsy box has a prism54 inside
<XPertKnobTwiddlr> i dont even know if that driver permits a master mode
<phaidros> ok, see thats where wlan0 comes from
<XPertKnobTwiddlr> yes
<phaidros> iwconfig wlan0 mode master
<phaidros> see what it does :)
<XPertKnobTwiddlr> normally i use pastebin, but it's ok to paste 2 lines, right?
<XPertKnobTwiddlr> eh, one line says enough:      SET failed on device wlan0 ; Invalid argument.
<XPertKnobTwiddlr> so, that'
<XPertKnobTwiddlr> s what made me think i might have to use the wmaster0 device
<XPertKnobTwiddlr> however:
<phaidros> well, that seems the driver doesn't support it.
<XPertKnobTwiddlr> wmaster0  no wireless extensions.
<phaidros> uhm, as I'm no expert on proxim, you might want to ask in #freifunk or #openwrt .. helpful ppl ..
<XPertKnobTwiddlr> ok, well if that's the case, then i'll yank the atheros card from the older 2.4 box and see if gutsy treats that one any different
<XPertKnobTwiddlr> ah, thanks :-)
<phaidros> yepp, should so
<phaidros> atheros way easier :D
<XPertKnobTwiddlr> meanwhile....  eventually i will build a specialized system for router only...  i'll probably install it to a CF disk... do you recommend any specific distro for a small installation that specializes in this?
 * XPertKnobTwiddlr googles openWRT :-)
<Nafallo> .org
<XPertKnobTwiddlr> yeah, found it :-)
<XPertKnobTwiddlr> thanks
<Nafallo> hmm. we still have alsa-modules in the server flavour of the kernel?
<phaidros> o nice
<svschwartz> where can I find complete documentation about debian packaging ? something like MaximumRPM
<soren> svschwartz: What's maximumrpm? http://www.maximumrpm.com/ looks less than helpful..
<svschwartz> http://www.rpm.org/max-rpm/
<svschwartz> it's all about red hat package menagement :)
<soren> svschwartz: http://doc.ubuntu.com/ubuntu/packagingguide/C/ ?
<svschwartz> thank you soren :) how is your project ? sohobuntu as i remember :)
<phaidros> where would I put the '--askpass' option for openvpn, if I'd like to give the pass to a certain vpn key by file?
<phaidros> is that somewhere in /etc/default/openvpn possible or do I have to tweak the init script?
<phaidros> ok, well. I have just put # askpass /path/to/file into the vpn.conf and that works :P
<svschwartz> why whould server care about passwords in key files?
<svschwartz> it is up to sysadmin to check this option, isn't is ?
<svschwartz> it
<phaidros> well. a server is in this case any machine that does routing between vpns. and there is a vpn partner is is not willing to give out keys without passes. therefor I have to give the pass to openvpn via config or script.
<phaidros> config worked.
<phaidros> nothing special here.
<svschwartz> i see :) some time ago I was deploying openvpn too, and passes where keys for the certificates for the peers, so when one esteblishes vpn connection he was asked for password of this certain certificate. did i missed something?
<svschwartz> phaidros: router between vpns? he must be peer for every vpn right ?
<svschwartz> it
<phaidros> yes, true
<phaidros> we have large clouds of free community mesh networks and interconnect them via vpn
<phaidros> to have fallback there is not only one vpn gateway between them :)
<phaidros> maybe freifunk is a buzzword you know.
<phaidros> berlin has 600 nodes, leipzig 500, weimar 200 .. and so on .. alot of free networks around germany
<phaidros> I wonder something else .. why isn't tor updated to 1.2.18 in gutsy??
<phaidros> there was a security update end of oct ..
<phaidros> ok filed a bug
<Nafallo> ScottK: (reading old mails) I don't have universe enabled because the my mailserver, but rather other things :-)
<Nafallo> ScottK: oh right, I don't want to do spam or virus filtering though :-P
<davidlondon> hi all, I am trying to setup a firewall/gateway -i have a 2 interface setup but cannot get internet sharing to work. If eth0 gets its ip address from the adsl router and the router's address is 198.162.1.1 so I set eth1 as the lan interface to 192.168.0.1 but it does not work
<stiv2k> i dont understand why i transferring stuff to my server over SFTP (802.11g wireless) wont go any faster than like 680 KB/s
<leonel> signal noise  + encryption + bandwidth
<KurtKraut> How can I know how much traffic has passed thru a specific port to a specific host ?
<ivoks> you need to install some monitoring tools
<KurtKraut> ivoks, do have any tool name in mind ?
<ivoks> ntop
<Nafallo> iptables :-)
<somerville32> sharewall
<somerville32> or shorwall
<m1r> evening
<m1r> how can i bring up eth0 without assinging anything to it ?
<nealmcb> m1r: tell us more about what you want to do
<m1r> hi nealmcb , i need to bring eth0 up with only two options in /etc/network/interfaces , auto eth0
<m1r> but all the time i get erros of ignoring card
<m1r> on 7.04 server , i have similar setup and it is working, on 7.10 i have wlan0/eth0 , and i cant get eth0 up if i dont assign all atributes to it, and i would need to setit to start only with : auto eth0 ; and with no other config option
<nealmcb> m1r: I still don't see what you're trying to do with the interface, or exactly what commands you're running or what errors you're getting
#ubuntu-server 2008-11-10
<KingOfDos> Someone here that can give me a suggestion about a SoundBlaster 1024 Live when i'm using Alsa? I can't find the propper input device from console.
<jmarsden> KingOfDos: See https://wiki.ubuntu.com/DebuggingSoundProblems
<spiritssight> Is they any one willing to assist in helping with setup a server for a non-profit if so please PM me
<spiritssight> I am hoping a person in the US so it would be easer to talk then to try and type
<jmarsden> spiritssight: I suggest reading http://www.sabi.co.uk/Notes/linuxHelpAsk.html and then asking a more specific question to the channel?  Your questions could mean you need a few days of (unpaid?) consulting (!), or that you have one specific issue you would like help with...
<spiritssight> Ok, I am asking for someone that is willing to setup a server for the non-profit from the install to the making sure the domain works with the system, and yes sadly it would be unpaid as the non-profit does not have any money and I don't either, this is why trying to setup a server on a computer I have instead of paying for one and seeing we need a little more then what is allowed on cheap accounts we are going this rout
<KingOfDos> jmarsden: i'm trying to record/stream from a TV card with vlc. i have to give vlc a proper v4l-adev, but don't know what input is a specific type (the internal cd_in or aux_in for example)
<KingOfDos> I had found some information in /proc/asound/Live/pcmXX/info (where XX is something like 1c, 2c, 2p, etc).
<zul> spiritssight: you might get more traction with your local linux users group or emailing the ubuntu-server mailing list
<antihc3> I just installed server and everything went verywell but then i loged out and relogged in now it says i am not in the sudo list 0_0
<antihc3> any suggestions how to edit sudo file now
<spiritssight> Is it a good idea to use LVM for one harddrive
<spiritssight> 55 gb harddrive
<KingOfDos> jmarsden: the sount itself is working. i'd checked it with vlc and some mp3 file. that plays nice.
<KingOfDos> but i just cannot find the right input for my recording/streaming
<spiritssight> I am doing a install with out doing any parts just to get a feel for the install the I will reinstall again :-)
<spiritssight> oops thats was not for here :-)
<spiritssight> Still looking for help throw
<antihc3_> is there a list of groups that the first user is a member of after server install
<jmarsden> antihc3: Yes, the admin group is the one you care about.  WHat does     grep ^admin /etc/group    output?
<antihc3_> jmarsden, admin:x:114:
<antihc3_> yea i was playing with useradd and messed up my groups
<jmarsden> antihc3_: Hm, so there is noone in your admin group.
<jmarsden> Can you boot into recovery mode and fix things from there?
<antihc3_> that is where i am now
<jmarsden> KingOfDos: vlc... on a server?? This has gone from being "about a SoundBlaster 1024 Live" to being about vlc, I think...
<KingOfDos> cvlc ;)
<jmarsden> antihc3_: sorry, I need to go AFK for a while.  Back in 20 mins or so... bad timing...
<KingOfDos> console version. but that's not my question. i've got the TV card working, but just no audio.
<KingOfDos> connected the audio_out from my tvcard to the cd_in at my soundblaster.
<KingOfDos> and there is audio on that cable (tested it with a headphone and a few wires), so that's not the problem.
<KingOfDos> i just don't know what device i can use for the actual recording
<antihc3_> jmarsden, thanks i did usermod -a -G admin
<KingOfDos> i'd tested it with /dev/snd/pcm* (one by one) as adev (audio input device for vlc)
<KingOfDos> even changed the connector from cd_in to aux_in, and others. this makes no effect. checked the alsamixer for it's volumes, thats also correct.
<spiritssight> jmarsden: I pm you
<lukehasnoname> Can I manage samba shares through SWAT?
<jmarsden> lukehasnoname: What happens when you try?
<lukehasnoname> All I see are "Home, Status, View, Password
<lukehasnoname> "
<lukehasnoname> none of those pages allow to create shares
<lukehasnoname> that I see
<jmarsden> lukehasnoname: Are you logged into SWAT as a user with the privs to create new shares??  I used SWAT ages ago, but not under Ubuntu... will try installing it here and seeing how that goes...
<lukehasnoname> ah yes, you're right
<lukehasnoname> I'll try root and get back to you.... but right now it's CTF time across campus
<jmarsden> CTF?  Call The Firebrigade?  What??  Anyway, OK... :-)
<lukehasnoname> capture the flag
<jmarsden> lukehasnoname: Ah, OK!  Have fun!
<CarlFK> at the end of u-server install, I have a dialog "installation is complete.  you need to restart... (Restart no)"
<CarlFK> mouse is not working, and I can't seem to hit the button with the keyboard
<jmarsden> CarlFK: Try the TAB key to move around and the Press Enter to press the button once it is highlighted?
<CarlFK> treid that.  it is the only dialog/button, so not much to tab to
<jmarsden> And Enter won't work?  Odd.  CAn you Ctrl-Alt-Del ?
<CarlFK> well, I am connected via vnc to a vm - sending C-A-D didn't
<jmarsden> CarlFK: Then just issue some sort of reboot command to that vm?
<CarlFK> i don't have access to that :)
<CarlFK> box is at a friends house.  Ill have to disturb his teevee watching....
<jmarsden> You don't have a way to reboot your own VM?  ... Ah, well... then you can wait until his TV programme is finished, or risk his anger and beig disturbed :-)
<CarlFK> oh brother.  it wasn't the u-server cd...
<jmarsden> Guessing... You reinstalled Ubuntu on the hardware, thinking it was a VM??
<CarlFK> heh
<CarlFK> no - restarted the VM, and I have gnome.
<jmarsden> Ah, OK... so you're all set for some remote computing fun :-)
<CarlFK> I was wondering about the new options on the u-server cd menu
<CarlFK> there was some confusion as to what .iso to get
<CarlFK> im trying to test some x64 stuff, and I don't have a good x64 box to test on
<CarlFK> I have my laptop, but I don't really want to kernel panic it (which is a result of what I am testing)
<jmarsden> Well, I guess you can now download the right ISO to your virtual desktop, export it to somewhere on the underlying real machine's filesystem, then build another VM using that ISO?
<CarlFK> that sounds like work :)
<CarlFK> Ill make an ssh tunnel to my box, ssh back though the tunnel, and crash the vm
<CarlFK> actually, working with gnome-term over vnc isn't terible
<CarlFK> where is a good place to put a one line script to run on boot, before any gui comes up? ssh -R 2222:127.0.0.1:22 sshd.personnelware.com
<hads> As root or a standard user?
<CarlFK> standard
<hads> Probably in cron @reboot
<CarlFK> ohh... heard of that
<CarlFK> ï»¿@reboot happens at the begining?  I would have guessed as part of the shutdown
<jmarsden> CarlFK: Do man 5 crontab to check :-)
<CarlFK> jmarsden: thanks.
<CarlFK> hmm, if the script doesn't return.. is cron ok with that?
<jmarsden> CarlFK: I'm not sure... can the script do ssh -R 2222:127.0.0.1:22 sshd.personnelware.com &    # So it returns but leaves the ssh process running?
<CarlFK> wtf.. ssh is somehow causing a gui dialg to come up asking for my pw so it can do key exchange ?
<CarlFK> oh.. create the keyring...
<CarlFK> hmm.
<CarlFK> yeah, looks like this work:  make_tunnel.sh &
<mylogic> anyone recommend any particular irc bouncers for ubuntu server?
<kraut> moin
<uvirtbot> New bug: #296233 in openldap (main) "package libldap-2.4-2 2.4.11-0ubuntu6.1 failed to install/upgrade: ????? libldap-2.4-2 ?? ????? ? ?????????" [Undecided,New] https://launchpad.net/bugs/296233
<frith> sorry to ask here, i am trying to benchmark a number of servers, bonnie++ give me a good disk performance measuring stick, but what can i use for cpu and memory performance?
<KingOfDos> moin. does someone know a method to "fake" the ALSA driver? i want a seperate "stream" for each input instead of a /dev/dsp witch I cannot use from VLC (VLC is NOT supporting ALSA on a "working" way)
<KingOfDos> so for example, a pseudo-driver that will redirect all the audio from the aux_in to /dev/soundcard1/aux_in
<stka> hi
<stka> I like to get saslauthd using ldap as mechanism I configured /etc/defaults/saslauthd as followed http://phpfi.com/376133 /etc/saslauthd.conf looks like this http://phpfi.com/376134. When I start saslauthd with "/etc/init.d/saslauthd start" sasl is not working. Wenn I start saslauthd over cli with "saslauthd -d -a ldap -r -V" everything works fine. So what did I forgot?
<stka> solution --> https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/138931
<uvirtbot> Launchpad bug 138931 in cyrus-sasl2 "Can't use saslauthd to authenticate both postfix and cyrus due to /var/run/saslauthd being on tmpfs" [Undecided,New]
<francesco___> hello how i find my mac address ?
<ascent> ifconfig shows it
<francesco___> no...
<ascent> unless it's unsupported/unrecognized.
<francesco___> wait its Hwaddr???
<ascent> yes
<francesco___> ok
<francesco___> ;)
<francesco____> how i see my assigned ip address?
<ascent> ifconfig
<francesco____> no really this 1 not show ..
<francesco____> lol
<francesco____> no yes
<francesco____> but
<francesco____> is strange
<francesco____> i m connected with wifi
<francesco____> for to see it i must type iwconfig???
<francesco____> but iwconfig do not show it against ifconfig yes.. why ?
<Deeps> iwconfig will show you the wireless configuration setting, e.g. what access point your connected to, what speed you're synced at, signal strength, etc.
<francesco____> ok
<Deeps> it wont show you your IP settings
<francesco____> ok
<Deeps> ifconfig does that
<francesco____> ok so all interfaces are in ifconfig , and iwconfig is the configuration of wirless
<Deeps> yep
<francesco____> thx .. ascent i sorry for befor if i said no... lol
<_ruben> ifconfig is ancient, ip ftw
<moo---> :O
<moo---> noo
<moo---> you don't take away my ipconfig, do you?
<moo---> ifconfig
<francesco____> hello how can be that the password in my terminal is wrong ??
<francesco____> if i type su
<francesco____> then passowor say me... authentication falied
<_ruben> !sudo
<ubottu> sudo is a command to run programs with superuser privileges ("root"). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (Gnome), or !kdesu (KDE)
<_ruben> dont use su
<Gargoyle> yeah, sudo -s is much better! :)
<scientes> do i need the server kernel to be a xen Dom0
<scientes> ?
<uvirtbot> New bug: #286119 in samba (main) "firefox 3.0.3 crashes (no SIG) on most pages w images: 8.10beta AMD64" [Undecided,Incomplete] https://launchpad.net/bugs/286119
<_ruben> samba .. firefox .. eh? :p
<TrioTorus> In openldap, the posixAccount objectclass provides the loginShell attribute, but it is not mandatory. If no loginShell is given how does ubuntu handle that? In my new setup, such a user gets /bin/sh as loginshell, isn't that a tad dangerous?
<andol> TrioTorus: Perhaps I'm slow today, but how is that dangerous?
<sommer> TrioTorus: /bin/sh is a sybolic link to dash
<sommer> by default anyway
<TrioTorus> well, shouldn't it default to /bin/false if no loginShell is provided?
<andol> TrioTorus: Now I see your point.
<andol> TrioTorus: Not sure if I agree thought :) In my world the default state of an account is active, so setting /bin/false is something which should be actively done
<TrioTorus> andol: yes I follow that too, but my opinion is that a default should be at least set (either /bin/false or something else) but I was surprised to see that I get /bin/sh when loginShell is not specified at all.
<TrioTorus> when using openldap
<TrioTorus> you could argue that it is the responsibility of the script you use to specify a loginshell for a new user account, but if even openldap doesn't think loginShell is a mandatory attribute for a posixAccount, the system's fallback for that shouldn't be /bin/sh  -  I'm thinking.
<CarlFK> is there a u-x64 channel?
<CarlFK> or.. why does bash crash: echo hi foo>x.sh; chmod u+x x.sh; ./x.sh  = malloc: ../bash/dispose_cmd.c:241: assertion botched; free: called with unallocated block argument
<_ruben> because its invalid code perhaps, should crash tho
<uvirtbot> New bug: #296349 in logwatch (universe) "logwatch replaces hostname with number" [Undecided,New] https://launchpad.net/bugs/296349
<CarlFK> if I accedenly installed u-desktop, how can I disable gdm from starting?
<CarlFK> without doing apt-get remove ... don't feel like waiting
<sommer> CarlFK: sudo update-rc.d -f gdm remove
<CarlFK> sommer: thanks
<nealmcb> anybody know the status of alfresco in ubuntu?  I see this announcement about the partner repository - why partner?  I thought it was GPL.  http://www.ubuntu.com/news/alfresco-enterprise-content-management
<Omahn> kirkland: I'm just testing the hardy-proposed packages for degraded RAID and I'm guessing that after replacing a failed disk in to the md, I'll need to re-run grub-install /dev/md, is this correct?
<kirkland> Omahn: yes, that's true
<kirkland> Omahn: we've discussed a wrapper tool that would do this
<Omahn> kirkland: No problem. I'm guessing that's something that will be included in the documentation anyway.
<kirkland> Omahn: but for now, it's manual
<kirkland> Omahn: exactly
<Omahn> Oh, cool, that's even better.
<kirkland> Omahn: i discussed with sommer at some point ;-)
<Omahn> It all seems to be working for me so far. Testing in VMware at the moment but I'm hoping to get some physical hardware to test on tomorrow.
<Omahn> Hmm. Seems my testing in VMware isn't going to be particularly valid. WS6.5 is taking the second disk and changing it to sda on power on when the first disk is removed.
<kirkland> Omahn: i'd be interested in your experience
<kirkland> Omahn: all of my testing has been in KVM
<Omahn> kirkland: No problem, I'll be posting in the bug report, hopefully sometime tomorrow on the VMware tests and later in the week for physical, assuming I can get my hands on some.
<Omahn> kirkland: What's the delay on boot when one of the disks is missing? Seems like a long time.
<kirkland> Omahn: 3 minutes, in Hardy
<kirkland> Omahn: 30 seconds, in Intrepid
<kirkland> Omahn: it's annoyingly long, in my opinion'
<Omahn> kirkland: Any way of reducing it in Hardy? ;-)
<Omahn> kirkland: I rebooted the first couple of times.. :-)
<Omahn> kirkland: A spinner, or anything really, to the screen would be useful.
<kirkland> Omahn: hmm, you could hack /usr/share/initramfs-tools/scripts/local
<kirkland> Omahn: search for "slumber"
<kirkland> Omahn: then you'd have to re-run update-initramfs
<Omahn> kirkland: Thanks, I'll check it out.
<kirkland> Omahn: it somewhat invalidates the testing I'm requesting, though ... :-/
<Omahn> kirkland: ha, no problem, I'll just stick with the standard test case for now. BTW, I've tested everything successfully bar the kernel options. (which I'll be testing in the morning)
<kirkland> Omahn: wow, thanks dude!
<Omahn> kirkland: No problem. ttfn.
<nijaba> nealmcb: there are 2 versions of alfresco.  The community version is GPL, the enterprise version is not
<nijaba> nealmcb: I believe the PR refers to the enterprise version
<nijaba> nealmcb: feel free to package the community version, we'll gladly put it in universe ;)
<zul> mathiaz: what do you think about an SRU for samba to move to 3.2.4 for intrepid?
<mathiaz> zul: which bugs are fixed by 3.2.4?
<zul> probably alot of the winbind crashes i have gone through them yet
<zul> i can put it on the agenda for the meeting tomorrow though
<mathiaz> zul: sure
<fbond> Hi, is 64-bit kernel + 64-bit userspace stable these days?  Would I be better off with 64-bit kernel + 32-bit userspace (assuming I don't need >2GB memory for any given process)?
<ascent> I'd pick 64bits
<fbond> ascent: 64-bit userspace?  Any particular reason?
<Nafallo> 128-bit isn't here yet? ;-)
<ascent> I'm running quite a few debian servers with 64 bits OS, never had problems with it. Since ubuntu is a derative, I'd feel godo using 64 bits ubuntu as well
<fbond> ascent: Okay, thanks.
<ascent> I don't see the point of using 32 bits on 64 bits hardware anymore
<fbond> I'm mostly concerned about userspace bugs due to bad assumptions about pointer arithmetic, etc.
<ascent> never had 64 bits related issues
<ascent> OK, well, 'm not into it that much but from my experiences, I'm happy with 64bits
<ascent> NBot a programmer myself however :)
<Nafallo> start running 32-bit and later decide to add a service that needs lots of memory... good luck keeping your userspace intact without going through evil hops of cold fire!
<Nafallo> the safe bet is 64 ;-)
<fbond> Okay, thanks.
<nealmcb> nijaba: the press release notes both the labs and the enterprise version.  http://www.alfresco.com/products/networks/compare/ says this about both enterprise and labs: "100% Open Source "  so I'm still puzzled about why it would be in partner - especially the first "labs" version which is called "GPL" elsewhere on their site.  Here is an update.  http://forums.alfresco.com/en/viewtopic.php?f=8&t=13934
<jmarsden> nealmcb: alfresco used to use a weird modified licence that was not officially "open source", but I think they recently switched to GPL?
<nealmcb> jmarsden: ahh - could be...
<jmarsden> There was a lot of fuss about tehir claiming to be "open source" but not really being such... but I think that is all past history now...
<nealmcb> that would be good material for their wikipedia entry
<jmarsden> Looks like they changed in Feb 2007, so not exactly a recent change... http://opensource.osdir.com/node/109.html
<sandstrom> How can I allow hostname lookups (eg. host yahoo.com) through my firewall using UFW?
<samuraipenguin> ufw allow 53
<samuraipenguin> 99.9% of dns queries are UDP, but, tracking down a fix for that .1% makes it worth leaving 53/tcp open as well.
<sandstrom> thanks. I'll try
<sandstrom> I think my server is somehow setup to run hostname lookups on another port than 53. How can I see which port a process is attempting to use?
<samuraipengui1> hostname lookups are extremely tiny, but netstat -ant should let you see active connections.
<jmarsden> sandstrom: If you have ufw turned on, logically, do   sudo ufw logging on   and then read the log?
<fbond> Is 64-bit kernel with 32-bit userspace supported by Ubuntu Server?
<sandstrom> sounds logical yes. I didn't know about the logging but will look at it
<jmarsden> sandstrom: ufw help shows the basic ufw commands :-)
<sandstrom> I'm new. Thanks!
<sandstrom> jmarsden: stupid question, but where can I see the log?
<jmarsden> I'd guess /var/log/messages -- I don't use ufw on this machine...
<sandstrom> it's empty
<jmarsden> sandstrom: I just tested it here... /var/log/messages just like otehr iptables firewalling solutions.
<jmarsden> sandstrom: DO something you know your ufw rules will deny, then grep -u ufw /var/log/messages
<jmarsden> if /var/log/messages is *empty* on a Ubuntu server ... are you sure syslogd is running properly??
<sandstrom> I do "host yahoo.com" which timesout when the firewall is enabled. Then I look in /var/log/messages and see some "MARKâ¦" but nothing else.
<sandstrom> no, I'm not sure
<jmarsden> sandstrom: OK, so do  sudo ufw deny proto tcp to any port 12345   and then    telnet 1.2.3.4 12345  and then grep UFW /var/log/messages
<jmarsden> There should be lines with "[UFW BLOCK INPUT]:" in them.
<sandstrom> nope
<sandstrom> this is the content of /var/log/messages: http://pastie.org/311544
<jmarsden> This is a real Ubuntu server installation?  It's very odd to see so little in there...
<jmarsden> Does    sudo /sbin/iptables -L -v | grep LOG    output some rules including the string "UFW BLOCK" ?
<samuraipengui1> jmarsden: i have a LAMP/mail server, and i've got nothing but MARK and syslogd restarts in /var/log/messages for the last 20 days, since it booted.
<jmarsden> Interesting, I get all kinds of stuff in there on my servers...
<NickBee> Guys, need help with network configuration ... am a newbie on linux
<NickBee> i had managed to set up the networking right, and the server has been running for 3 months now when i had to reboot it
<NickBee> and the network is down again
<NickBee> I am able to ping localhost
<ascent> that's the downside of reboots, you'll lose connection for a bit ;)
<NickBee> but thats it, can't ping anywhere else
<ascent> so, what's the error youget?
<NickBee> it takes forever to return from ping
<ascent> dns failure?
<ascent> tried pinging an ip?
<NickBee> pinging to ip says: Host unreachable
<ascent> default route set OK ?
<ascent> and, dou you even have an ip ?
<ascent> besides 127.0.0.1
<NickBee> i am not sure about route
<ascent> which most of us will have
<NickBee> but yes, it has a static IP
<ascent> is it set?
<NickBee> yes, i checked the inerfaces file and it seems ok
<NickBee> ubuntu is running as a VM
<NickBee> and i am unable to ping even the host
<NickBee> before reboot, everything was fine
<samuraipengui1> check ifconfig -- is the network interface up?
<NickBee> yes
<ascent> you rebooted the domu or the dom0?
<NickBee> domu/dom0 ?
<ascent> host or client os?
<NickBee> both
<ascent> and is the host connected to the internet?
<NickBee> yes
<ascent> only the client has trouble?
<NickBee> yup
<ascent> what's the ip you see in the clients ifconfig?
<jmarsden> sandstrom: I think ufw does not log *output* packets it blocks...
<sandstrom> that might be it
<NickBee> i see the correct IP
<sandstrom> I've tried to use isof -i to find the port
<NickBee> i.e. 216.245.223.251
<jmarsden> sandstrom: if you do   sudo ufw default enable    does the host lookup then work OK?
<ascent> nickbee: and it's statically set ?
<sandstrom> with ufw default allow it works
<NickBee> yes
<ascent> what does your route tabel look like?
<jmarsden> sandstrom: That's what I meant, my mistake.  OK.  So let's add a logging rule for the output packets...
<NickBee> can't copy paste from the v machine
<NickBee> let me try to tell
<NickBee> first entry
<NickBee> dest: 216.245.223.248
<NickBee> gateway: 0.0.0.0
<NickBee> genmask: 255.255.255.248
<NickBee> Flags: U
<NickBee> Metric: 0
<NickBee> Ref: 0
<NickBee> Use: 0
<NickBee> Iface: eth0
<NickBee> Line 2
<NickBee> Dest: 0.0.0.0
<NickBee> Gateway: 216.245.223.249
<ascent> can you ping that ip ?
<NickBee> Genmask: 0.0.0.0
<ascent> that gateway?
<ascent> 216.245.223.249
<NickBee> oh, can't ping the gateway
<NickBee> dest host unreachable
<ascent> but from your host you can? or perhaps, that's the ip of the host?
<NickBee> nope, thats not the IP of my host
<ascent> but can the host ping that ip ?
<NickBee> yes
<NickBee> network from host is fine
<NickBee> and thats the same gateway as set on host
<ascent> what does the bridge config look like, on the host?
<NickBee> host is windows server 2003
<ascent> And damn to all of you for having popcorn and a coke and just sit back and relax while I'm debugging my ass off ;)
<NickBee> where to check brige config?
<ascent> So, can you verify the bridge?
<ascent> I don't know. Never played with win2k3
<NickBee> hmm..
<NickBee> the machine has 2 network cards
<NickBee> from the faint memory i have, i think the problem was that ubuntu was trying to acess the internet  from the card which was meant for local machine
<NickBee> for Intranet i mean
<jmarsden> sandstrom: Maybe we can use tcpdump to see what is happening... try   tcpdump -i any udp &  and then do host yahoo.com and see what tcpdump outputs?
<sandstrom> tryingâ¦
<ascent> brb, dinner
<NickBee> Ok
<NickBee> guys anyone having some spare time/energy to debug a network issue ;)
<sandstrom> jmarsden: this is the output: http://pastie.org/311573
<jmarsden> sandstrom: OK... now do sudo ufw default allow and then host yahoo.com and see what the tcpdump output says then... at the moment you're just not getting anything coming back in at all...
<NickBee> Figured it out .... thanks!!!
<sandstrom> jmarsden: sorry for the delay. here we have it: http://pastie.org/311573
<jmarsden> sandstrom: I don't understand this... is 192.35.82.50 (fsdata.se) your nameserver?
<sandstrom> yes
<sandstrom> thats likely
<sandstrom> it's a VPS
<jmarsden> Maybe you can try    ufw allow from 192.35.82.50
<jmarsden> It's not exactly the "right" approach to this, but it might work :-)
<sandstrom> jmarsden Cool that did the trick. Thanks a million!
<jmarsden> No problem... as long as noone on that nameseer machine attacks you the firewall will still do its job :-)
<sandstrom> okey, I think I'll be safe!
<sandstrom> thanks again!!
<sandstrom> smb (samba) autostarts on my webserver. Is it needed for any of apache, php, ssh, sftp or subversion? if not; how can I disable it's autostart?
<ascent> probably not needed, use update-rc.d to disable it at bootup
<ascent> you can always put it back there if you do happen to need it
<sandstrom> how do I use update-rc.d ?
<ascent> man update-rc.d?
<sandstrom> thanks!!
<ascent> lol
<darkvertex> !ssh
<ubottu> SSH is the Secure SHell protocol. See https://help.ubuntu.com/community/SSHHowto for usage. Putty is a nice SSH client for Windows; it can be found at http://www.chiark.greenend.org.uk/~sgtatham/putty/
<ScottK> leonel: New Debian clamav package for Etch ought to be a good hint for security updates.
<leonel> ScottK: I'll check if ther's a cve  or  do you know if there's any ?
<ScottK> I haven't looked.  Just saw it was uploaded today.  It wouldn't have gone to -security if it wasn't.
<leonel> ScottK: ok i'll do
<jpds> Can someone please tell me a way to mirror a specific release with debmirror?
<kinections> does anybody here have success with using elilo with ubuntu server?
<jmarsden> jpds: Does the info at https://help.ubuntu.com/community/Debmirror help?
<jpds> jmarsden: Thanks!
<jmarsden> jpds: You're welcome
<RediXe> Looking for any information on extracting all the data on a MS Exchange Server and getting it put onto an Ubuntu-Server.
<jmarsden> RediXe: *All* the data?  You can export mailboxes to PST files using exmerge, and then read those using readpst under Linux... is that the kind of thing you need?
<jmarsden> I'm not sure how to convert all the calendar/contact data... but for email xfer the above method should work.
<RediXe> jmarsden: Well, I'm not sure as I have never played with an MSE Server. My boss if flying to a client and he is asking me for idea's on how to get the data on the server to our servers. I know this includes emails but I believe is wants everything else too.
<jmarsden> You might have to look and running one fo the exchange alternatives like openexchange or ZImbra and converting to that???  But I know little to nothing about those/
<ababs213> s
<ScottK> AFAIK Openchange is supposed to support that kind of thing.
<ScottK> There's a version in Intrepid, not sure how complete it is.
<nixternal> anyone having issues with 8.10 and grub not installing or working after a clean install?
<ababs213> can anyone assit with apache and ubntu ?
<samuraipengui1> ababs213: just ask.
<ababs213> http://127.0.1.1 shows the  'it works' text, but  on internal ip address  http://192.168.1.88 it does not show 'it works'
<ababs213> i thought this was supposed to work for both
<samuraipengui1> ababs213: firewall in the way?
<nealmcb> ababs213: so you're just running a default apache install, and trying different urls?
<ascent> or just not configured for both ups?
<ababs213>  inet addr:192.168.1.88  Bcast:192.168.1.255  Mask:255.255.255.0 is what i have
<samuraipengui1> also, try netstat -nat | grep www -- see if it's listening on 0.0.0.0:www or 127.0.0.1:222
<ascent> whats 222?
<nealmcb> lol
<samuraipenguin> s/222/www/
<nealmcb> 222 is near www
<ascent> ah
 * samuraipenguin fails at typing
<ascent> well, there's a difference
<ascent> 0.0.0.0 means every available ip
<ascent> where 127.0.0.1 only represents localhost
<ababs213> ï»¿netstat brings in 192.168.1.88:59296      209.85.137.125:5222     ESTABLISHED
<ascent> so?
<ababs213> i though i could access the 'it works' using both local host and the ip address of the computer.......is it not effectively the same thing ?
<jmarsden> ababs213: Not necessarily.  Try netstat -nat | grep LISTEN and see where your apache httpd is listening...
<ascent> depends on what port it listens
<nealmcb> ababs213: the important thing is what it is listening on - try just netstat -nl
<samuraipenguin> yeah, i'm lazy and use -nat for everything.
<ababs213> tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
<ababs213> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
<ababs213> tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
<ababs213> tcp        0      0 192.168.1.88:59296      209.85.137.125:5222     ESTABLISHED
<ababs213> tcp        0      0 192.168.1.88:56840      216.165.191.52:6667     ESTABLISHED
<ababs213> tcp        0      0 192.168.1.88:41832      66.163.181.169:5050     ESTABLISHED
<ababs213> tcp        0      0 192.168.1.88:44322      207.46.107.17:1863      ESTABLISHED
<jmarsden> OK, so the :80 is the apache... httpd.  You failed to |grep LISTEN apparently?!
<samuraipenguin> ababs213: okay, that's enough.  apache is listening on all available addresses.  so there must be a firewall somewhere that is blocking the connection.
<jmarsden> ababs213: if you    telnet 192.168.1.88 80     what happens?
<ababs213> http://pastebin.com/m2e01e0e6
<jmarsden> ababs213: That's the result of a telnet???
<ababs213> no the -nl
 * jmarsden waits for the result of the telnet...
<ababs213> Trying 192.168.1.88...
<ababs213> Connected to 192.168.1.88.
<jmarsden> It connected... OK.  type in     GET / HTTP-1.1  and press Enter.
<ascent> get / <enter> <encter>
<samuraipenguin> try typing "GET / HTTP/1.0" without quotes
<jmarsden> :-)
<samuraipenguin> lol, too much help at once, methinks
<ascent> okay, I'll stop ;)
<ababs213> Trying 192.168.1.88...
<ababs213> Connected to 192.168.1.88.
<ababs213> Escape character is '^]'.
<ababs213> GET/HTTP/1.0
<ababs213> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<ababs213> <html><head>
<ababs213> <title>501 Method Not Implemented</title>
<ababs213> </head><body>
<ababs213> <h1>Method Not Implemented</h1>
<ababs213> <p>GET/HTTP/1.0 to / not supported.<br />
<ascent> \o/
<ababs213> </p>
<ababs213> <hr>
<ascent> there ya go
<ababs213> <address>Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.3 with Suhosin-Patch Server at testhost Port 80</address>
<ababs213> </body></html>
<ascent> that's for that complete plage mage
<ababs213> Connection closed by foreign host.
<ascent> mate
<hads> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<ascent> I really needed that ;)
<ababs213> http://pastebin.com/d7b08a40e
<jmarsden> ababs213: You didn't type in some spaces either side of the / ?
<jmarsden> But it looks like the server is alive.
<ascent> it's jsut fine
<ascent> and if this works, your browser also works
<ababs213> i also got this when i started apache sorry Warning: DocumentRoot [/home/var/www] does not exist
<ababs213> apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
<ascent> it may just not be configured with apache
<ababs213> but it works on 127.0.1.1 ?
<jmarsden> /home/var/www ?  That's weird.
<ababs213> just not local ip
<jmarsden> ababs213: Did someone or something edit the httpd.conf file ?
<ababs213> i havent yet touched it as i dont fully understand it
<jmarsden> What does    grep -i documentroot /etc/apache2/sites-available/*        output?  Should be just a couple of lines.
<ababs213> yes just one
<ababs213> 	DocumentRoot /var/www/
<ababs213> the var and www only has root permissions but does that make a difference ?
<jmarsden> ababs213: /var/www should be 755 (that is rwxr-xr-x)  What does ls -ld /var/www  output?
<jmarsden> I don't like the way the warning referred to /home/var/www but the documentroot is /var/www -- that feeld very odd.
<jmarsden> s/feeld/feels/
<ababs213> drwxr-xr-x 3 root root 4096 2008-11-07 22:22 /var/www
<jmarsden> That's fine.
<jmarsden> So the main issue is that something with hostname looking is broken, so the "could not reliably determine FQDN" thing happens.
<ababs213> any suggestions on getting this resolved ? thanks
<jmarsden> OK... what does    hostname    say ?
<samuraipenguin> ababs213: to go back to the beginning, what happens when you browse to http://<your ip> ?
<jmarsden> Do you have a domain name (such as ababs.com) to use for this web server?
<ababs213> no
<ababs213> just wanted to get local working before i start on port forwarding
<ababs213> via a router
<jmarsden> what does    hostname   output?  I'd suggest making it a fully qualified domain name, say   mypc.mydomain.local
<jmarsden> Then edit /etc/hosts to match, and restart apache2
<ababs213> just add in another local host line with the local ip address ?
<ababs213> currently looks like this
<ababs213> 127.0.0.1	localhost
<ababs213> 127.0.1.1	abc-laptop
<ababs213> 127.0.1.1	testhost
<jmarsden> Ah.  You didn't set up networking at install time, or something.  Make one that says   192.168.1.88 testhost.mydomain.local
<jmarsden> (if the hostname is testhost
<jmarsden> Well, actually, 192.168.1.88 testhost.mydomain.local testhost        would be better still.
<jmarsden> and get rid of anoth other lines containing testhost in that file.
<jmarsden> *any other lines...
<jmarsden> Done?
<ababs213>  Restarting web server apache2       ==   Warning: DocumentRoot [/home/var/www] does not exist /    ï»¿httpd (no pid file) not running
<jmarsden> Well, we got rid of one warning :-)
<jmarsden> BTW did you run a command      hostname testhost.mydomain.local    to set the hostname?
<ababs213> http://pastebin.com/d2a562611
<ababs213> cool
<ababs213> works but still not on that particular ip address
<jmarsden> The leading *s on some of those lines ion /etc/hosts are weird...
<ababs213> no they are the ones i *'d
<frish> hey, can any1 help me  with virt-viewer on ubuntu 8.10 ? it complains about X error...
<ababs213> jmarsden......should it work with the local ip as well ?
<ababs213> as without this working im not sure if port forwarding will work
<ababs213> from external to router to laptop
<jmarsden> Yes, it should... what happens if you now do      w3m http://192.168.1.88
<ababs213> Not Found The requested URL / was not found on this server.
<ababs213>  Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.3 with Suhosin-Patch Server at 192.168.1.88 Port 80
<jmarsden> OK, and    w3m  http://127.0.1.1    shows what?
<ababs213> It works!
<ababs213> with 127 even with the * in front of the text ?
<jmarsden> Hm.  Somehow we have a bad documentroot /home/var/www that is messing things up for just the "real" IP...
<samuraipenguin> purge/reinstall apache?
<jmarsden> Not yet :-)
<jmarsden> Let's try       find /etc/apache2 -type f | xargs grep /var/www
<ababs213> /etc/apache2/sites-available/default:	DocumentRoot /var/www/
<ababs213> /etc/apache2/sites-available/default:	<Directory /var/www/>
<ababs213> /etc/apache2/httpd.conf:     DocumentRoot /home/var/www
<ababs213> ps ive already reinstalled this one
<ababs213> once
<jmarsden> ababs213: So someone *did* edit /etc/apache2/httpd.conf !
<jmarsden> Edit the file /etc/apache2/httpd.conf  -- by default it should be empty.... so let's look at what is in there...
<ababs213> only just now i did put the * in front of the 127.xxx ip's ? hmm could it have been changed due to the 127 error i got earlier on restarting apache ?
<jmarsden> Never mind your weird /etc/hosts file for right now.... what is in the httpd.conf ?
<jmarsden> (And how did it get there, since you didn't edit it until now)?
<jmarsden> If it is big just pastebin it...
<ababs213> <VirtualHost *>       ServerName testhost       DocumentRoot /home/var/www  </Virtualhost>
<ababs213> thats it
<jmarsden> OK, just delete that completely so the file is empty, and restart apache.
<jmarsden> I'd love to know who or what put that *in* there... but we'll probably never know!
<ababs213> sudo /etc/init.d/apache2 stop
<ababs213> it wont even remove the file ?  abc@abc-laptop:~$ sudo rm etc/apache2/httpd.conf
<ababs213> rm: cannot remove `etc/apache2/httpd.conf': No such file or directory
<Deeps> sudo rm /etc/apache2/httpd.conf
<Deeps> you missed the leading /
<ababs213> oh year thanks
<jmarsden> ababs213: You don't want to do that.  Just edit it to be present but zero length....
<jmarsden> Just like it is when you first install apache2 :-)
<ababs213> apache2: Syntax error on line 189 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/httpd.conf: No such file or directory
<jmarsden> ababs213: Are you reading what I just wrote??
<jmarsden> Now try     touch /etc/apache2/httpd.conf
<ababs213> yes after
<jmarsden> Then restart apache2
<ababs213> http://pastebin.com/d65879a01
<jmarsden> Odd, we already fixed that once.  Anyway, see if    w3m http://192.168.1.88 now works OK
<ababs213> cool
<ababs213> it works
<samuraipenguin> at the bottom of apache2.conf add: ServerName testserver or similar.
<ababs213> as does the 127
<ababs213> as does http://testhost.mydomain.local.testhost/
<ababs213> thanks you very much gentlemen
<ababs213> ok im going to try the port forwarding now as well
<jmarsden> OK.  You perhaps want to edit /etc/hosts so it is more like http://pastebin.com/d14712e1e
<ababs213> jmarsden i think that has done it also got rid of all errors on restart of apache as well
<jmarsden> Good :-)
<ababs213> so it was in the main both the conf file and the httpd files
<ababs213> thanks very much
<uvirtbot> New bug: #296327 in samba (main) "smb:/// No application is registered as handling this file" [Undecided,Confirmed] https://launchpad.net/bugs/296327
<jmarsden> You're welcome.  Now back up everything in /etc :-)
<ababs213> will do is best pratice to call the files .bak and keep them there or copy them to another directory ?
<jmarsden> ababs213: You are configuring a server and do not know how to do backups?  This is bad...  I'd do    tar zcf ~/etc-backup-2008011010.tar.gz /etc
<ababs213> just learning
<ababs213> never programmed before
<jmarsden> ababs213: This is not programming.  This is system administration.
<ababs213> once the server is set up then i start the programming
<ababs213> php and mysql
<ababs213> thanks again for your help
<jmarsden> OK.
<kees> mathiaz: can I nominate you to handle the merge of sysklogd and ntp?  I touched it last, but I was just mucking with hardening.
<owh> kees: Is that in relation to the bug that has ntp starting and stopping? I'll have a look for the number.
<owh> kees: Bug #114505
<uvirtbot> Launchpad bug 114505 in ntp "ntp brought up before network is ready; fails not resolve any ip or host names; ntp does not recover" [Medium,Fix released] https://launchpad.net/bugs/114505
<owh> kees: If not, carry on :)
<kees> owh: no, unrelated.  I had fixed a different ntp bug where it would just instantly deadlock as soon as an interface came up at all.  :P
<owh> kees: Excellent, does it do that by stopping ntp and restarting it :)
<kees> owh: well, it's a bit of a mess, since ntp is trigger to restart when an interface comes up.
<owh> kees: And that was to deal with ntpdate not updating if ntp was running :(
<owh> It's baaaad all round.
<kees> owh: yeah, and ntp before starting will call ntpdate.  in debian, they used the same lock file, so it'd just immediately deadlock.  :(
<owh> kees: I submitted the patch to do the restart, but it was only ever a bandaid. I don't even have a handle yet on how it's supposed to work, let alone what to do to make it do that :)
<owh> kees: It's like this quagmire of init scripts, time-outs, startups and restarts :(
 * kees nods
<owh> kees: I'd love to get my hands dirty and track it all down but I'm not even sure where to start because it appears as if there are bugs overlaying bugs, so picking it up at one end is likely to not actually get you closer to a fix. Having random people add "fixes" of course doesn't help :(
<mathiaz> kees: IIRC someone else did the merge for sysklogd last time.
<mathiaz> kees: but I'll have a look at it.
<kees> mathiaz: cool, thanks
<ababs213> need some assistance with hosting my webserver
<ababs213> ive managed to get apache up and running locally with help from this channel
<ababs213> now have got port forwarding on the router
<ababs213> but no website
<owh> ababs213: What happens?
<ababs213> trace route using network tools shows my ip address
<ababs213> traceroute using external ip shows local ip address
#ubuntu-server 2008-11-11
<jmarsden> ababs213: Are you testing the port forwarding from *outside* your local network?
<ababs213> outside
<ababs213> so router port forwarding to local computer ip address
<jmarsden> ababs213: Can the local server get out to the Internet OK -- ping yahoo.com works, for instance?
<ababs213> yes that is fine
<owh> So, you can ping the machine behind the firewall?
<ababs213> but externally they cant access my basic webside
<ababs213> yes
<owh> Does your router port forward port 80?
<ababs213> i havent actually got a website just the "it works!" on apache server
<owh> ababs213: Hold on, can they see that from the outside?
<ababs213> no they cant
<ababs213> tcp port forward to 80
<owh> Right, so, is your router forwarding port 80?
<ababs213> Protocol                           Port (or Range)                           Host Port                           Timeout (sec)                                                                                                                                                          TCP                           80                           0                           86400
<owh> ababs213: To the correct IP address?
<jmarsden> Host appears to be empty?
<owh> As in, forward incoming requests to port 80 on your server address.
<owh> jmarsden: It does :)
<jmarsden> Put 192.168.1.88 in there (or whatever the local server IP was)
<owh> ababs213: Yeah, you're missing some bits :)
<ababs213> ok let me do some changes i will also need to make sure that the port forward is going to the right ip address.
<Eressolar> Right. When I direct a web browser to my server's SSH port, a page with the text "SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2" is shown. Is it possible to turn this ssh server signature off?
<jmarsden> Eressolar: Only by turning sshd off.
<jmarsden> You could set up some sort of "port knocking" security so the port is not open except after a "knock", if you are into doing that...
<jmarsden> See https://help.ubuntu.com/community/PortKnocking for info on that.  But what are you really trying to achieve?
<Eressolar> jmarsden: well, I prefer to have the signatures off in the (very unlikely) event a security hole is discovered in ssh, so any potential attacked would not be able to easily know which version I'm running.
<Eressolar> Probably paranoia overkill, I know. I've heard of port knocking, but I don't believe my humble server is quite worth the  effort and potential headache.
<jmarsden> Eressolar: Trouble is many ssh clients use that signature to determine how to behave, so you really can't run SSH with no signature.  Port knocking would hide SSH from attackers, at the expense of every SSH uer havingto "kock" before sshing in to your server.
<hads> Yeah, SSH requires the version banner
<ScottK> Generally SSH attackers hit servers fast enough I'm pretty sure they aren't optimzing for a particular target.
<hads> There's also fail2ban and those type of things
<jmarsden> Theoretically you could patch and recompile openssh-server to display a different version banner, but I really doubt it's worth the effort.
<Eressolar> probably not :p I have faith enough in my ssh config, so I ought to not worry so much over it.
<uvirtbot> New bug: #296630 in openldap (main) "Modification of cn=config prevents bind at next directory restart" [Undecided,New] https://launchpad.net/bugs/296630
<uvirtbot> New bug: #293539 in samba (main) "package samba failed to install/upgrade: Conflicts found! Please edit `/etc/samba/smb.conf' and sort them out manually." [Undecided,Incomplete] https://launchpad.net/bugs/293539
<Trustn01> can any body help me with sql and freeradius
<kraut> moin
<Bergcube> I am in the process of setting up eGroupware on Ubuntu 8.10 server.  I want to do user authentication from M$ AD.  I do not want the Ubuntu server to act as a DNS or LDAP server on the LAN. Egroupware says "Checking extension ldap is loaded or loadable: False".  Does anybody know what package I should install to make eGroupware work without installing "too much"?
<Bergcube> Or maybe even: How do I get Ubuntu 8.10 server to authenticate from M$ AD?
<jmarsden> Bergcube: I suspect that is just looking for a php ldap extension.  Did you try installing php5-ldap ?
<jmarsden> The second question is harder :-)
<Bergcube> jmarsden~  Maybe.  No, I didn't try installing anything yet......  I am googling.  Usually I find it's best to read first and install later....
<jmarsden> See https://help.ubuntu.com/community/ActiveDirectoryHowto for some clues on that
<Bergcube> The second Q need not be answered if I get the first under control.  :-D
<jmarsden> Bergcube: OK.  Installing php5-ldap is safe, it doesn't change how normal Ubuntu user auth is done or anything like that.
<Bergcube> Will try that then!
<Bergcube> :-)
<Bergcube> Turns out it was already installed.  So then it probably wasn't it.
<jmarsden> OK.  So is there and egroupware extension called ldap that it could be looking for?
<Bergcube> Could be.  But AFAIK I have installed ALL the EGW packages.  At least the EGW metapackage description says it does so.  But good idea!  I will search the respository.
<Bergcube> Hah!  The solution was a true nobrainer.  I am ashamed.  A quick reboot and the error was gone.
<jmarsden> It's nice when the answer is that simple :-)
<Bergcube> Very nice.  And a lot simpler.
<ascent> Rebooting solves all the problems!
<Bergcube> Then somebody should reboot the US economy.  I hear there are some rumours of trouble over there.
<ascent> Perhaps we should reboot the world.
<Deeps> problems aren't just in the usa :/
<Bergcube> World 2.0 !
<ascent> AJAX!
<Bergcube> Well, back to configuring.  TTFN good people!
<maxstirner1> hello, i am having problems getting the standard hardy ubuntu courier pop3/imap going (as installed by tasksel) - any pointers for post-install configuration?
<sannnn> When I install bugzilla3 on ubuntu 8.10 server edition I end up with a fine installation according to ubuntu but where to configure or how to use the thing is totally unclear. Anyone here got some experience?
<sannnn> For instance I found /usr/share/bugzilla3/debian/apache.conf which sets up a virtual host.. this doesn't work by default. For phpmyadmin I didn't have to do anything. I could really use some help
<Trustn01> who can help me with setting up a internet server
<sannnn> An internet server? What do you mean router, http, ssl, mail?
<Trustn01> have a server connected to internet want to give internet to clients and need to monitor it
<sannnn> something like this: https://help.ubuntu.com/community/Router
<Trustn01> something like that i have every thig setup server gets internet from eht0 gives out internet using dhcp on eth1  only problem is that i need to monitor connections and setup accounts
<Trustn01> what will be the best to use to control client login and bandwith usage
<Deeps> sounds like you need some cybercafe-esque software
<Trustn01> something like that but would like to run it on ubuntu
<Trustn01> is there something for ubuntu
<Deeps> personally i have no idea, google might
<Deeps> googling 'cyber cafe ubuntu' indicates other people have asked this before
<Deeps> https://answers.launchpad.net/ubuntu/+question/12168 looks particularly relevant to your interests
<Trustn01> will have a look
<Deeps> gl
<yann2> hello
<yann2> anyone using munin here? I am looking for feedback on runin munin with the rrds in ramfs, if anyone is doing that..
<ascent> I'm just running it in disc-mode :)
<yann2> I've got terrible disk issues, it may be a combination of munin and poor i/o, but I am trying to improve it
<Omahn> kirkland: I have a question about your degraded RAID test case if you're available..
<wB3> hello, E: method http has died unexpectedly! in guest os(kvm with ubuntu intrepid)
<wB3> python-urllib can fetch from the same mirror normally
<ScottK> leonel: Did you also see the patch discussed on the pkg-clamav list?
<leonel> ScottK: http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/2008-November/000177.html
<ScottK> Yes.  That's the one.
<ScottK> mathiaz: I have to give regrets for the Server Team meeting today.  The main thing needed for the libdb migration task is someone to go through the rdpends and move them up to 4.6.
<ScottK> The only trick is packages that use transcations need special care.
<ScottK> Since Debian has migration as a release goal for Lenny, mostly there should be patches in Debian for this.
<soren> ScottK: I thought we already consolidated libdb to 4.6?
<ScottK> soren: I think Main got done.
<ScottK> Maybe it's done and I failed to notice.
<soren> Maybe I'm making this all up.
<soren> Maybe there is no libdb at all.
<zul> i remember doing alot of them
<ScottK> Nope.  4.2 - 4.5 are still there in Intrepid.
<ScottK> Except for slapd it looks based on casual observation of the apt-cache rdepends output that Main is done.
<soren> Yeah, not even main is done. slapd depends on libdb4.2
<soren> Oh, ok :)
<BrunoXLambert> Is there any kind of "official" inventory program in ubuntu? I mean something like ocsinventory-ng but that actually works
<Omahn> kirkland: You're clarification on the degraded RAID booting makes perfect sense. I've run out of time for today but I'll be updating the bug report tomorrow to report that everything works successfully on both virtual hardware (VMware) and physical tin.
<Omahn> *Your
<kirkland> Omahn: ah, cool, thanks so much for testing
<kirkland> Omahn: was that you, that I was responding to?
<Omahn> kirkland: Yep.
<kirkland> Omahn: it's a sensitive topic, "newly degraded"
<Omahn> kirkland: I can imagine :-)
<kirkland> Omahn: but we figured that just begged more explanation
<kirkland> Omahn: we'll need to document it better, though ;-)
<Omahn> kirkland: I think it's the right behaviour, just needs documenting on wherever the documentation ends up.
<kirkland> Omahn: agreed
<kirkland> Omahn: i think it *might* be in the mdadm manpage
<Omahn> kirkland: And on a Ubuntu wiki page I'm guessing?
<sannnn> Is there information (for ubuntu) or someone with experience with a bugzilla setup
<kirkland> Omahn: well, probably the Ubuntu Server Guide, which has the "official" RAID section
<kirkland> Omahn: and perhaps help.ubuntu.com/community, which is a wiki
<kirkland> Omahn: there are some RAID pages there
<kirkland> Omahn: feel free to take the lead on that one ;-)
 * kirkland is swamped as it it :-)
<Omahn> kirkland: :-)
 * Omahn adds to the TODO list
<Omahn> Actually, I was going to ask you something earlier..
<Omahn> I've done a slightly different test case to the one you mention in the SRU bug report.
<kirkland> k
<kirkland> different how?
<Omahn> In the bug report you have both disks running independently at different times.
<Omahn> I have always rescrubbed the array after breaking it each time.
<Omahn> If each disk is used independently then the user is always going to have some data loss.
<zoopster> speaking of docs - will the 8.10 Official ServerGuide be posted soon?
<Omahn> (Even if it's only a couple of minutes of logs)
<Omahn> I suspect my results are still valid though.
 * Omahn heads home
<kirkland> Omahn: yes, you're absolutely right ...  if you boot off of each disk independently (without the other), and then you boot with both attached, that's a bad scenario ;-)
<kirkland> Omahn: i suspect that mdadm will use the more recently touched disk
<kirkland> Omahn: but I can't confirm that
<\sh> ScottK: taking care of the rest of the libdb* to 4.6 crap
<\sh> new buildserver needs something to do ,)
<\sh> hmm...why don't we have openNMS in our repos?
<mncvn> Hi.
<mathiaz> kirkland: right - mdadm will use the most recently touched disk
<mathiaz> kirkland: I think we've already talked about that some weeks ago
<kirkland> mathiaz: right, Omahn, mathiaz confirmed this
<kirkland> mathiaz: howdy!
<mncvn> Everyone can help me???
<mathiaz> !ask | mncvn
<ubottu> mncvn: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<mncvn> I want study how to configure Ubuntu Server. Where should i start????
<zoopster> https://help.ubuntu.com/8.04/serverguide/C/index.html is a great place to start
<mncvn> zoopster: Thanks, I'll start from this.
<zoopster> mncvm: if there are specific q's just ask, but this will get you installed and configured with the basics
<mncvn> zoopster: Yes thanks, I want to begin from the basic. And after that, if i've any problem, may i personal ask you???
<zoopster> mncvn: you are best to ask the question in this channel - I may or may not be available to answer but someone will
<mncvn> ah...........yes, sure
<mncvn> zoopster: Thanks, bibi
<zul> kirkland: do you want to merge php5 again?
 * zul is trying to spread the pain around again
<kirkland> zul: arg....
<kirkland> zul: yeah, i suppose i can
<zul> kirkland: thanks ;)
<uvirtbot> New bug: #225919 in openldap (main) "package update-manager 1:0.87.24 failed to install/upgrade: ErrorMessage: SystemError in cache.commit(): E:Sub-process /usr/bin/dpkg returned an error code (1), E:Sub-process /usr/bin/dpkg returned an error code (1)" [Medium,Triaged] https://launchpad.net/bugs/225919
<slicslak> i just used tasksel to deselect mail and it also uninstalled all my LAMP stuff!!!
<slicslak> i just duplicated this on another server.  is this a bug or what?
<scientes> can i do two exec lines in upstart?
<mynous> is there a way to disable the ebox web configuration page?
<zul> what do you mean by disable?
<mynous> the http config page, make it inaccessable
<mynous> also, does ebox use postgresql?
<zul> mynous: not that I know of and it uses mysql
<mynous> weird, for some reason i have postgresql AND mysql running. i only installed mysql
<ivoks> zul: ebox uses postgre
<zul> ivoks: i could have sworn it uses mysql
<mynous> is there an easy way to uninstall ebox, i know when i installed it the server needed to be manually restarted
<ivoks> apt-get purge ebox.*
<mynous> shouldnt need a restart?
<ivoks> restart?
<ivoks> what's restart?
<ivoks> removing programs on linux doesn't require restart of computer
<mynous> well doing apt-get install ebox-all, the server locked up and required a manual reboot
<ivoks> unless we are talking about kernel or libc
<mynous> ok
<ivoks> that didn't lock up server, something else might have
<mynous> dunno i got : Setting up ebox-network (0.11.99-0ubuntu1) ...    and then no response until a restart of the server
<ivoks> ebox set network and firewall :)
<mynous> yeah that sucked
<albertux> hello
<albertux> quick question
<gravity1187> albertux: wassup
<albertux> Hey gravity, is there a way to setup encrypted folders on hardy server as in intrepid ibex?
<albertux> i see a huge dependency list when i try to install ecryptfs-utils on hardy
<albertux> i think even sudoku is required
<albertux> lol
<gravity1187> I remember talk about it, but I don't remember what the final answer was
<gravity1187> googling now
<gravity1187> your trying to just to the user homefolder correct
<gravity1187> albertux: the short answer is yes it just wasn't supported in main in hardy as it is in Ibex
<albertux> well i just need to store some config files
<albertux> i haven't yet chosen a folder
<albertux> but just because i need to install ecryptfs-utils without the thousand dependencies
<albertux> it looks like is tied to the desktop install
<gravity1187> looking at the dependents now
<gravity1187> http://packages.ubuntu.com/hardy/ecryptfs-utils
<andol> albertux: Well, there is always the option of using EncFS instead. Still, it's a bit hackish, so I wouldn't use it on lots of users.
<andol> albertux: http://www.andreasolsson.se/2008/08/21/my-private-eee-folder/
<albertux> that's basically what i need, i'll give it a try. thanks a lot.
<uvirtbot> New bug: #296952 in mysql-dfsg-5.0 (main) "mysqlhotcopy failed on table with hyphen in name" [Undecided,New] https://launchpad.net/bugs/296952
<espacious> some packages are not upgraded how can i force the upgrade?
<espacious> trought apt-get
<espacious> ok found out just had to apt-get install those packages
#ubuntu-server 2008-11-12
<uvirtbot> New bug: #297012 in bacula (universe) "package bacula-director-mysql 2.4.2-1ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/297012
<mncvn> Hi.................... someone from viet nam???
<uvirtbot> New bug: #297025 in samba (main) "smbclient 3.2.3 does not handle the -N option consistently with past versions." [Undecided,New] https://launchpad.net/bugs/297025
<e-jat> where can i refer to migrate AD to ldap ?
<osmosis> hows the stability of intrepid server so far? kvm?
<colton> Does ubuntu server have a graphical user interface?
<ropetin> colton: Yup,  you just have to install it
<ropetin> Whichever one you'd like
<colton> Ok. So what's the biggest difference between server, and non-server?
<colton> Does it come preinstalled with php, mysql, etc.?
<ropetin> If you select the appropriate option during install yes
<ropetin> Otherwise it's just an 'apt-get' away
<colton> So, im having trouble installing an operating system on my computer. When it loads up, from the disc, it says" press enter to continue with the installation, however, when I press enter nothign happens. . .
<ropetin> Which O/S?
<colton> Debian. but it doesn't matter if it' s vista or ubuntu server, same problem.
<ropetin> HW issues?
<colton> A while back my keyboard stopped working, I had to change the usb slot it went into and, well, for some reason I think that might be affecting my connection with the computer.
<colton> Could it be that my key board will only communicate with one of the slots on my motherboard when an OS is not installed, but then, when the OS gets control, it is capable of using any usb port?
<dantalizing> colton: lamp server install is one of the options when you install ubuntu server...otherwise those things (php, mysql) would be added manually
<colton> thx
<colin_> hi im trying to setup a server to manage clients accounts what should i use
<kraut> moin
<kaushal> hi
<kaushal> I have installed Nagios2 on Ubuntu 8.04 Linux OS
<kaushal> using https://help.ubuntu.com/community/Nagios2
<kaushal> I cannot see any services.cfg and hosts.cfg under /etc/nagios2/ directory
<kaushal> where can i find it ???
<hads> ...
<kaushal> hads, are you referring to me
<_ruben> kaushal: you'll probably have to populate those files yourself
<\sh> grmpf...why the heck is smtpguard still depending on libdb4.3 when the b-d is already on libdb-dev and the package in general already knew about bdb 4.6
<piti> Hi. I have a running mail server : postfix, doecot, with virtual domains and users (so admin via postfixadmin). Now I'd like to add mailman to the stuff. How the connections between each services must be to have a well working environement ?
<piti> I mean I don't want to break everything doing that, should I try adding it to the exisiting mail stuff, or should I do that on another server ?
<soren> \sh: What makes you say the b-d is on libdb-dev?
<\sh> soren: well...funny...1.1.3-3 just reached jaunty (with the change to libdb-dev and bdb 4.6) I wonder why the bug was opened in march...the package reached debian in september and why nobody requested UVE sync exception...anyway, jaunty sync was on 2008-11-05 the same goes for bdb 4.7 but smtpguard was just faster with the build thej bdb 4.7 the fourth dimension is time...:(
<soren> piti: Integrating mailman with your existing setup is a delicate process. It's very difficult to guide you based on the information you've given.
<piti> soren: so I should put it on another system, if I son't want to break the existing one ?
<\sh> oh wow...
<soren> piti: As I said: It's very hard to guide you based on the information you've given. Knowing that you use postfix and dovecot and have setup virtual domains doesn't reveal much about *how* you've done all of that. What I recommend is for you to consult the mailman documentation.
<soren> it outlines how to integrate with postfix quite well.
<soren> And then you need to make an educated judgment as to whether it will interfere with your existing setup in a bad way.
<piti> soren: but I may give more informations if needed. I tried consulting the mailman doc, but it was something obsure for me
<soren> The safe choice, of course, is to install it on a different machine. If you're competent enough, that's just not necessary.
<piti> I did it two days ago, but I encountered a trouble: the web interface is ok, I used some of the commands I found in /var/lib/mailman/bin , but the list_admins commands doesn't show me anyone.
<piti> list_lists already shows me the three list I did to test, but I'm not able to admin them...
<piti> and if I use the wbeinterface to create or admin the lists, I have an error saying I'm not allowed to create new lists...
<soren> dunno. I've never created new lists from the web. I always do it from the command line.
<oly> anyone recommend a reliable app for backing up a ubuntu server ?
<oly> should i use rsync ideally i would like notifications when the backups are complete or error
<ascent> bacula, if you want a capable but big beast :)
<Deeps> !backup
<ubottu> There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<oly> and if its relevant it will be backed up to a samba share which gets stored on a tape from there
<oly> okay will check out those links
<rjune> is there a "blessed" interface for working with ldap?
<sommer> rjune: ldap-utils
<sommer> rjune: I've used ldapscripts and smbldaptools as well
<sommer> for gui tools you might check out phpldapadmin and luma
<\sh> we should get the apache directory eclipse plugin into ubuntu ;)
<sommer> that's not a bad idea
 * sommer puts that on things to look into list
<\sh> sommer: it's one of the nicest ldap frontends I saw till today...
<ScottK> Anyone interested in getting clamav 0.94.1 back into Dapper/Gutsy/Hardy, have a look: https://wiki.ubuntu.com/MOTU/Clamav  Need testing.
<rjune> Luma? I'll look into that, thanks sommer
<rjune> I've been using GOsa, which is nice. but needs love
<mvo> hi, a quick question: can xen use blockdevice in the qemu/kvm qcow2 format? i.e. when using libvirt, can I just create a xen instance and attach a qcow2 file to it?
<jmedina> mvo: propably the latest version
<jmedina> to find it out, you better read your xen documentation
<jmedina> I know this year the xen team added a patch for qcow2 images
<mvo> thanks jmedina
<jmedina> but I dont remember to which version, probably 3.3
<alonswartz> are there any RubyOnRails developers in the room? I would like to get your thoughts on how you setup a rails development/production server (apt vs. gems)
<alonswartz> Are there any debian/ubuntu guys in the room? I would like to get your thoughts on how you setup a rails development/production server (apt vs. gems)
<alonswartz> oops! sorry for the double post....
<\sh> hmm...for a xen server...should I install linux-image-virtual?
<jmedina> \sh: not sure
<jmedina> I always install ubuntu-xen-server
<jmedina> alonswartz: you can ask in the ubuntu server mailing list
<jmedina> I remember there was someone preparing a rails enviroment for intrepid
<\sh> jmedina: yes...I did..but somehow I'm not sure on intrepid..I'm missing a kernel
<jmedina> \sh: I have not used intrepid, for server virtualization I prefer to attach to the stable (LTS) releases
<\sh> jmedina: my other servers are hardy, sure..but I was in an adventure mood yesterday evening ;)
<jmedina> even for my destkop
<jmedina> jejeje
<jmedina> \sh: xen 3.3?
<\sh> yepp
<jmedina> the green edition :D
<\sh> hmm...if this is right (http://ubuntuforums.org/showthread.php?t=963625) I need to downgrade to hardy ,-)
<\sh> anyhow going home for now
<jmedina> \sh: why?
<zoopster> In intrepid, trying to run vmbuilder based on the docs I receive an error on device-mapper - incompatible libdevmapper 1.02.27... anyone know what I am doing wrong? this was an upgrade from 8.04 to 8.10 and install of vmbuilder afterwards
<BitTorment> hi, i'm having memory problems on my shared hosting server
<BitTorment> i was wondering if there are any sysadmin that could have a look at the stats and see if I have a right to complain the company
<BitTorment> i know this isn't related to ubuntu-server directly, but thought you might be able to lend a hand
<BitTorment> http://pastebin.com/m7fa6a87d
<leonel> ScottK:  will clamav 94.1 make into intrepid ???
<ScottK> leonel: I think so.
<ScottK> That was the original plan.
<leonel> ok
<leonel> so we must search for clamav  cves or bugs  for 94.0 ?? or go  to 94.1 ?
<leonel> this for intrepid ?
<jmedina> BitTorment: you have plenty of memory
<jmedina> I mean, your system
<lifestream> BitTorment, check your scripts and see if they might be causing trouble. if not, and you still thing  the server is no good, it might be time for you to get a vps
<BitTorment> jmedina, it's a shared node, so that is shared over serveral server instances
<BitTorment> lifestream, it is a vps - which is why i dont think this should be happening
<jmedina> BitTorment:  but, that problems?
<lifestream> ah
<BitTorment> you can see that my top process is only using 38mb
<BitTorment> and only 28mb is available to the whole server
<jmedina> +/- cache and buffers
<BitTorment> the +/- cache and buffers are unfortunately not for my processes
<jmedina> sometimes I prefer to use memstat
<jmedina> like this
<jmedina> http://debaday.debian.net/2008/10/19/memstat-identify-what-is-using-up-virtual-memory/
<BitTorment> my main concern is the amount of swap being used
<BitTorment> i think that is causing the slowness on serving requests
<BitTorment> but am I correct in thinking that my processes aren't the problem? -- my most memory hungry process is using only 38mb
<BitTorment> (top is sorted by memory usage there)
<ascent> jmedina: nice app! never knew it existed :)
<fevel> Hi
<fevel> I would like to set up an authenticated proxy using ubuntu server, Is there any documents that I could read about the subject?
<kraut> fevel: just search for squid
<kraut> do you mean web proxy?
<Faust-C> does the 64bit version lack any software?
<rrittenhouse> Does anyone know why i can't seem to get write permissions when i mount a server via sftp using Connect To Server in gnome... connecting as www-data with using public key auth.  and the folder  has read/write access to the folder?
<Faust-C> compared to 32bit
<rrittenhouse> Faust-C: I can tell you first hand using it for a desktop is iffy if you have to use a lot of flash :P
<Faust-C> im referring to server
<Faust-C> desktop i would use 32
<rrittenhouse> Faust-C: I'm not sure. I have a 64bit machine with 8gb of ram but flash was so bad I opted to use only 4gb of it. In relation to server I believe you can go check the package repos online if your looking for a specific package. Aside from that I'm not sure what varies off the top of my head. Anyone else?
<Faust-C> ic
<arrrghhh> is there a way for rm to show progress?  i replaced cp with gcp (rsync) and now i'd like some visual feedback with rm as well...
<jmarsden|work> arrrghhh: rm -v looks appropriate?
<arrrghhh> jmarsden, that works
<arrrghhh> maybe i should've read the man page lol.  i figured it was like mv and cp, no actual progress.
<jmarsden|work> arrrghhh: I thin cp -v would work too, instead of replacing cp :-)
<arrrghhh> well
<arrrghhh> it does... but not really.  it gives me the progress of what file it's on... but not what that file's progress is
<arrrghhh> plus rsync is a much better way to do it as it won't copy anything that's already there.
<LoveGuru> HI, i m running Ubuntu Server i installed LAMP on it.. i want to know its installed correctly and working or not .. could someone help me with that?
<ScottK> leonel: I've gone through and pulled out what I think are the security related changes from earlier releases that we missed.  I'm currently having some hard drive trouble here.  If I mail the patches (they are commits from the clamav svn) to you, could you look and see about assembling them into an update?
<leonel> ScottK:  send it  I check that
<ScottK> OK.
<ScottK> leonel: To what address?
<ScottK> PM it to me if you don't want it logged.
<corelist> hi, any one have had any experience around fibre optice netwokrs with ubuntu-server? i am asked to run a gateway with linux, my choise is gonna be ubuntu, and first issue seems to be driver for pci media converters!
<mattwalstonfromj> Post install for ltsp-standalone failed when restarting dhcpd.  I checked log, no mention, attempted to run in foreground as root and get the following message: Can't create PID file /var/run/dhcpd.pid: Permission denied.  My system is running on 8.10.  Any ideas?
<ScottK> mattwalstonfromj: Does /var/run/dhcp exist?
<mattwalstonfromj> ScottK: No
<mattwalstonfromj> ScottK: I can touch the file and delete it.  Also no dhcpd process are running.
<ScottK> It sounds like a bug in an init script as generally the pid file should be at /var/run/$PACKAGE/$PACKAGE.pid, but it should work OK there.
<ScottK> Not sure what to do though.
<nijaba> mattwalstonfromj: did you try to put AppArmor in complain mode?
<ScottK> Good thought.
 * ScottK is trying to hunt down the ltsp maintainer.
<stgraber> hey there
<mattwalstonfromj> nijaba: just resolved... apparently init script uses /etc/ltsp/dhcpd.conf if present instead of my /etc/dhcp/dhcpd.conf
<ScottK> mattwalstonfromj: ^^ stgraber is the Ubuntu ltsp maintainer
<nijaba> ScottK: ogra it is, right?
<stgraber> mattwalstonfromj: that's right, you should use /etc/dhcp/dhcpd.conf
<ScottK> nijaba: stgraber now.
<stgraber> nijaba: ogra is too busy with ubuntu mobile, I'm doing LTSP now
<nijaba> stgraber: congratulations
<ogra> nijaba, i'm just the upload bitch until stgraber gets upload rights
<nijaba> heh
<ogra> then i will concetrate on upstream work only wrt ltsp
<stgraber> ogra: btw, don't forget to answer that mail to motu-council :)
<mattwalstonfromj> stgraber: i just moved it to dhcpd.conf to .dist and it worked... fyi, this was a distribution upgrade
<ogra> its way easier to develop on it if you dont have the release schedule sitting in your back
<ogra> stgraber, will do soon, sorry got a massively busy day
<stgraber> ogra: yeah, and for me release schedule matches our own customer update schedule so quite easy to do both actually :)
<ogra> yep
<stgraber> ogra: btw, I have the latest ltsp and ldm in my PPA, they seem to work, just some fixes and packaging work to do before I get something to upload to Jaunty
<ogra> perfect !
<arrrghhh> what is the _best_ way to get files off of an ubuntu server to a windows machine?  i already have nfs setup on the ubuntu server.
<sommer> arrrghhh: probably samba, but you could also use winscp... if you have ssh setup on the ubuntu machine
<arrrghhh> yea winscp is moving at 1200k..
<arrrghhh> on a local network i figured it should be a _little_ faster than that...
<sommer> heh, so would I
<sommer> you could also setup an ftp connection from one to the other
<arrrghhh> 9gb is going to take 2 hrs to transfer lol
<arrrghhh> well vsftp is runnin on the srever
<arrrghhh> server
<jmedina> samba
<sommer> I've found that xcopy is usually the fastest way to move files in windows
<jmedina> samba is preconfigured in ubuntu
<arrrghhh> yea i should probably work with samba
<sommer> so if you setup samba and map a drive it should be faster
<jmedina> to share the homes for the users
<arrrghhh> what do you mean "preconfigured"?
<jmedina> and automatically create samba accounts for all the locan users in /etc/passwd
<arrrghhh> jmedina, so what do i have to do to get samba working?  i don't see anything available on the windows client.
<arrrghhh> does rsync follow bind mounts?
<arrrghhh> anyone know how to rsync /home?
<lukehasnoname> rsync -avh /home/ /backupdir/
<andol> arrrghhh: Not sure on bind mounts, but how hard is it for you to test it yourself? :)
<arrrghhh> i don't have permissions i guess
<andol> lukehasnoname: I belive you actually mean rsync -avH? :)
<lukehasnoname> >_>
<andol> arrrghhh: yes, rsync works in a bind mount.
<arrrghhh> i want it to ignore bind mounts.
<arrrghhh> is that possible?
<andol> arrrghhh: -x will do that for you
<arrrghhh> really now sweet
<arrrghhh> oh of course  --one-file-system
<andol> arrrghhh: Actually, I might have been wrong about that :) sorry
<andol> sorry
<arrrghhh> i guess i could test out some --exclude rules
<lukehasnoname> exclude bugs me because it doesn't work the way it says... the syntax in the instructions is ambiguous at best
<arrrghhh> hrm
<arrrghhh> what would be the best way to backup my /home partition?
<arrrghhh> since it's on a separate parition i figured it would be easy to backup...
<andol> arrrghhh: That very much depends on what you want to accomplish, what you have in it, where you want to back it up to, etc
<arrrghhh> i mainly want everything, but stick to the /home partition, i don't want it to follow the bind mounts i have in place.  i'd like it to backup from my desktop to my NAS server.
<arrrghhh> i seem to be having extra trouble since it is the /home and permissions etc.
<cgillogly> question: anyone know why GVFS makes files read-only when i connect to a server using www-data, but when i connect to another server (using root because of the retarded previous admin) it doesn't do that ... the permissions on the dir and files i'm trying to edit from are correct, 755 & 644 (dir / file)
<cgillogly> fyi, i'm using hardy for the server and ibex for the client connecting
<fromport> this is probably better channel to ask this:  after a forced reboot (poweroutage) my ubuntu server cannot find any LVM partitions anymore. anybody has some hints/tricks ?
<maw_> I need help with "time" / "timezones". I set my timezone to be ETC/GMT-7
<maw_> however, on reboot my time changes into the future to exactly the time of "GMT+7"
<maw_> the hwclock is set to the correct GMT-7 time, but when the OS reboots it is showing GMT+7 time..
#ubuntu-server 2008-11-13
<maw_> http://pastebin.com/d7bdb390d
<maw_> ^ pastebin of the issue
<uvirtbot> maw_: Error: "pastebin" is not a valid command.
<jmarsden|work> maw_: Generally, for servers, you want to set the hardware clock to UTC and tell Ubuntu you have done that, and then set your local timezone appropriately.
<maw_> right.
<maw_> however, I always want my system to be in GMT-7
<maw_> never move for DST
<maw_> I guess I can choose 'America/Phoenix' but that is not totally correct for my use case
<maw_> anyways
<maw_> my hwclock is set correctly for GMT-7
<maw_> and is 'UTC'
<maw_> on reboot I see the time (in the OS) changing exactly to GMT+7
<maw_> what the heck...
<jmarsden|work> Those two things are contradictory!  Either your hwclock is set to UTC, *or* it is set to some other timezone...
<jmarsden|work> what does    hwclock --show    output ?
<maw_>  hwclock --show
<maw_> Wed 12 Nov 2008 05:21:34 PM GMT-7  -0.541926 seconds
<maw_> ^ this :)
<uvirtbot> maw_: Error: "this" is not a valid command.
<jmarsden|work> OK, and    date     says the same thing?
<maw_> date
<maw_> Thu Nov 13 07:22:25 GMT-7 2008
<maw_> as you can see, the time is accurate to what GMT+7 would be
<maw_> and this is my issue... or my fail :P
<jmarsden|work> I think you have told Ubuntu your hwclock is set to UTC, and then you set your hwclock to local time... which confused Ubuntu.
<maw_> hm
<maw_> ok so... "sudo hwclock --utc"
<maw_> than.. "sudo date <actual GMT-7 time>
<maw_> reboot?
<jmarsden|work> Well, there's a config file somewhere to say your system hwclock runs as UTC or not... maybe under /etc/sysconfig/ (or is that only on RHEL/Centos...)
<maw_> it is /etc/default/rcS
<maw_> UTC=yes or UTC=no
<maw_> 'man rcS'
<maw_> currently I have it set to "yes"
<jmarsden|work> OK, so decide: you want to set hwclock to UTC, or not?  Right now it is yes but your lock time is set otherwise :-)
<jmarsden|work> I'd leave it at yes and set the hwclock to UTC, personally.
<maw_> sure, setting hwclock ot UTC is fine
<maw_> and I will sync it to UTC
<maw_> jmarsden|work: the way you wrote the last few messages made me understand this dilemma differently... let me try your suggestion
<maw_> as in
<maw_> IF hwclock == UTC then "hwclock" output should show UTC time
<jmarsden|work> No, hwclock --show always shows local time.
<maw_> where I was saying "yes it is UTC" but than setting GMT-7
<maw_> what about hwclock with no parameters?
<jmarsden|work> set the system time using date and then do  hwclock --systohc --utc   and all should line up.
<jmarsden|work> I think hwclock with no params still shows localtime
<maw_> so when you say set system time... you suggest set system time to match GMT-7 correct?
<jmarsden|work> Try      date --set 11121630  ; hwclock --systohc --utc
<jmarsden|work> maw_: Yes, to your desired local time.
<jmarsden|work> It is now 16:30 on 12 Nov in the GMT-7 local tz, right?
<jmarsden|work> Hence the 11121630 in my above suggestion
<maw_> actually 5pm
<maw_> 17:31:40
<jmarsden|work> Yes, you're right.
<jmarsden|work> So     date --set 1121733 ; hwclock --systohc --utc
<jmarsden|work> So     date --set 11121733 ; hwclock --systohc --utc
<maw_> yap
<maw_> and I have
<jmarsden|work> Did that work?
<maw_> going to reboot
<jmarsden|work> OK.
<maw_> does /etc/init.d/hwclock.sh do something different compared to /sbin/hwclock?
<jmarsden|work> I'm not sitting at a Ubuntu box right now... read the hwclock.sh to see what it does :-)
<maw_> yes sir :D
<maw_> ok box is coming up
<espacious> hello, i used to connect to my AP with my usb adapetr in Ubuntu since i upgraded(reinstalled) i cant make it work. it works via ndiswrapper and need a sis driver i setuped all right but when i try to manualy connect to my ap the network manager or better the whole pc frezes.can please someone assist me a bit?
<maw_> ya it is still not working as I expected.
<maw_> cmorrow@nvp-mta001:~$ date
<maw_> Thu Nov 13 07:36:39 GMT-7 2008
<maw_> cmorrow@nvp-mta001:~$ hwclock
<maw_> Wed 12 Nov 2008 05:36:37 PM GMT-7  -0.579722 seconds
<maw_> cmorrow@nvp-mta001:~$ cat /etc/timezone
<maw_> Etc/GMT-7
<maw_> notice the "date" command
<maw_> the time it shows it exactly correct to GMT+7
<maw_> however, if my timezone is 'America/Phoenix' than everything works
<jmarsden|work> Hmmm.  Well, I suppose the tzdata *could* be wrong... seems unlikely.  What does    TZ=GMT date   day
<maw_> sorry?
<jmarsden|work> What does    TZ=GMT date      say?
<jmarsden|work> (you can temporarily set the TZ environment var and then run the date command...   TZ=GMT date
<maw_> cmorrow@nvp-mta001:~$ echo $TZ
<maw_> GMT
<maw_> cmorrow@nvp-mta001:~$ date
<maw_> Thu Nov 13 07:40:06 GMT-7 2008
<maw_> like that?
<hads> As in running `TZ=GMT date`
<maw_> cmorrow@nvp-mta001:~$ TZ=GMT date
<maw_> Thu Nov 13 00:41:24 GMT 2008
<jmarsden|work> maw_: On one line:     TZ=GMT date
<maw_> cmorrow@nvp-mta001:~$ TZ=GMT date
<maw_> Thu Nov 13 00:41:24 GMT 2008
<maw_> cmorrow@nvp-mta001:~$ TZ=GMT-7 date
<maw_> Thu Nov 13 07:41:44 GMT 2008
<maw_> cmorrow@nvp-mta001:~$ TZ=GMT+7 date
<maw_> Wed Nov 12 17:41:49 GMT 2008
<maw_> that is the output of that command with GMT,GMT-7 and GMT+7
<maw_> someone put the wrong math somewhere :P
<maw_> cmorrow@nvp-mta001:~$ TZ=America/Phoenix date
<maw_> Wed Nov 12 17:43:37 MST 2008
<maw_> Arizone and GMT-7 should be the same thing
<jmarsden|work> There is no timezone named GMT-7.  No file called that exists under /usr/share/zoneinfo
<jmarsden|work> I think you don't understand what the TZ var does?
<maw_> there is a ETC/GMT-7 option
<maw_> and I can set that two ways
<maw_> 1 using "tzselect" and choosing " none - I want to specify the time zone using the Posix TZ format."
<maw_> or 2) using dpkg-reconfigure and choose the option "GMT-7"
<maw_> under "other"
<maw_> however, I just noticed this in the 'tzselect' program
<maw_> "Please enter the desired value of the TZ environment variable.
<maw_> For example, GST-10 is a zone named GST that is 10 hours ahead (east) of UTC."
<maw_> they use "GST" which is an acronym no one uses
<maw_> and they use +  and - in a different fashion than common knowledge
<jmarsden|work> maw_: You can just copy the file /usr/share/zoneinfo/Etc/GMT-7 to /etc/localtime
<jmarsden|work> If you don't like the utilities :-)
<maw_> that isn't the point. Be empathetic with a user who has read all the man pages, used the correct utilities and has a understanding of the conventions used everywhere else
<jmarsden|work> OK, somehow you need a zoneinfo file for a time zone seven hours behind GMT.
<jmarsden|work> Either the file /usr/share/zoneinfo/Etc/GMT-7 is correct, or it is not.
<jmarsden|work> One way to find out is to copy it to /etc/localtime and see what the output of date then shows you.
<maw_> unfortunately that file puts me GMT+7 ahead in time
<maw_> whereas GMT+7 puts me GMT-7 in time
<maw_> let me try a manual copy as you sugegsted to verify this claim
<jmarsden|work> Then use the one named GMT+7, if that is what works.
<maw_> would you agree this is not intuitive and may be a bug?
<maw_> or is it correct and I just fail at comprehending what's up :P?
<jmarsden|work> I've never used non-geographic zoneinfo files, but it does seem odd if a file named GMT-7 shows time 7 hours ahead of GMT.
<maw_> ya me either
<maw_> my need for using this is the fact we never want our system to deviate from GMT-7
<maw_> as in... the system should not following DST
<maw_> and always be -7hours from GMT
<maw_> so, logically I thought GMT-7 would accomplish that ...(5hours later here we are ;)
<maw_> I should stop being stubborn and just choose 'America/Phoenix' as it is _always_ GMT-7
<jmarsden|work> Well, now you seem to have the hw clock set correctly, so you can now copy the file named GMT+7 into place and use that, if it does what you need, who cares what its name is?!
<maw_> well
<maw_> what if there is a patch that changes 'America/Phoenix' to use DST... maybe in the future they might respect DST
<maw_> who knows
<maw_> it may just burn me
<jmarsden|work> No patch is going to edit your /etc/localtime file.
<jmarsden|work> And update might update file sunder /usr/share/zoneinfo, sure.
<maw_> jmarsden|work: thanks for your time
<jmarsden|work> No problem :-)
<jerky_2> so i'm having some performance problems on my myth box. i'm running mythbuntu 8.10 now but the problem was there on 8.04 too. my box will be running fine (frontend, backend, even mythcommflag sometimes) and then all of a sudden it starts stuttering pretty badly for a few seconds. it doesn't seem to happen at any specific interval...
<jerky_2> but when i take a look at the 'top' output, it always corresponds with 'mysqld' jumping up the CPU usage column. when it drops off the top CPU users the performance problems are gone. any ideas for what could be wrong or how to troubleshoot this?
<maw_> are you familiar with mysql database at all?
<jerky_2> not much
<maw_> well when you see mysqld running at high CPU are you performing a intensive query? (what did you just click in the gui)?
<jerky_2> mythcommflag can use tons of CPU with no problems because its nice value of 17 is being respected, so i thought i could just nice up mysqld and maybe achieve the same results
<jerky_2> well i didn't click anything, but very likely mythtv is doing some intensive query automatically
<jerky_2> i'm not sure how to troubleshoot this though... figure out what it's doing and if there's any way i can streamline it
<maw_> I am not familiar with that appliance... but you could trace the mysql that is running
<maw_> http://dev.mysql.com/doc/refman/5.0/en/slow-query-log.html
<maw_> also... normally people wouldn't limit CPU to a DB
<jerky_2> i see, but what if the query is not terribly important? like mythtv is probably just searching all of my recordings (lots) every so often to see if any should be deleted or something like that.
<maw_> well if thereis a slow query
<maw_> maybe you can find out how it is searching those tables
<maw_> and make an index on the table
<jerky_2> yeah that is probably my next best shot... i'll give this slow query log thing a try
<maw_> that would be the logical thing if you have noticed performance getting worse over time
<maw_> if this is a sudden performance issue maybe it's due to an update or something
<jmarsden|work> jerky_2: You could just renice the mysqld and see if everything then works??
<jerky_2> jmarsden, that's what i'm thinking. i'm trying to figure out how to do it... looks like /etc/init.d/mysql should be my answer
<maw_> that will stop/start the DB
<jerky_2> looks like mysqld does not have any nice options but mysqld_safe does
<jmarsden|work> jerky_2: Well, for a test, just use ps  to find the process id of the mysqld and then renice 10 12345
<jmarsden|work> if 12345 is the PID
<jerky_2> brilliant! i didn't know about that command :)
<jmarsden|work> apropos nice willlist all commands relating to nice ...
<jmarsden|work> then you can man renice and there you go :-)
<jerky_2> hah, awesome. learn something new every day
<jerky_2> well ok, i just reniced it up to 10. i'll give some HDTV viewing a shot and let you know if i'm happy :) thanks!
<jmarsden|work> No problem.
<ScottK> leonel: Your first set of security updates are rolled out.
<jpv950> I'm trying to configure mod_userdir, I added "UserDir public_html" to /etc/apache2/sites-available/default, but it complains there is no such module... how do I enable it please?
<hads> sudo a2enmod
<jpv950> hads, are you replying to me?
<hads> jpv950: Yah, `sudo a2enmod userdir`
<jpv950> ok thanks :)
<unfo> jpv950:  see, it is better to go on IRC and ask than to spend time looking it up yourself :)
<jpv950> great, it's doing its magic now, no errors reported. thanks again
<hads> np
<jpv950> unfo, absolutely :)
<unfo> jpv950:  you are welcome.
<unfo> even though I didn't do any of the answering :)
<jpv950> hehe I would still be banging my head if you hadn't insisted
<jpv950> this is cool, I'm SSHing into a lamp stack running on a virtual machine on my laptop...
<jpv950> it was surprisingly easy to set up
<uvirtbot> New bug: #297473 in ubuntu "lexmark 1000 " [Undecided,New] https://launchpad.net/bugs/297473
<unfo> stopgo:  ask again here.  Maybe someone will help you, maybe not, but your chances are better.
<stopgo> ok, thanks unfo
<stopgo> ï»¿does anyone have experience setting up a mail server?  i'm trying to understand what different functions dovecot and postfix serve.
<unfo> stopgo:  also tell them how many users you are supporting, and why you want to set up a mail server at all :)
<infinity> stopgo: lamont probably knows everything you need to know.
<stopgo> i'm running a website and i need to set up a handful of mail addresses located at our domain
<stopgo> thanks infinity, i guess i'll pm him
<infinity> stopgo: To be fair, I said that purely to annoy him, since both he and I are headed to bed, and we were both trying to avoid being helpful tonight.
<stopgo> oh, ok then.
<unfo> stopgo:  repeat: also tell the channel how many users you are supporting, and why you want to set up a mail server at all :)
<stopgo> i'm running a web server to host my website, foobar.com.  we have maybe 5 site devs wanting email addresses dev1@foobar.com, dev2@foobar.com, etc., and setting up a mail server seemed to be the appropriate way to do this.
<jmedina> stopgo: Postfix is an MTA, it handles SMTP protocol, its function is send and receive email from/to others smtp servers, or relay email from email cients to local and remote users.
<hads> https://help.ubuntu.com/8.04/serverguide/C/email-services.html
<jmedina> Dovecot it is a POP3 and IMAP Servers, it is used by the email clients (Mail User Agents) to collect or read mail
<jmedina> so, you need both
<stopgo> ah, thanks a lot hads and jmedina
<jmedina> you are welcome
<unfo> stopgo:  how about Google Apps for Your Domain?  or cPanel?
<stopgo> thanks unfo, but i should be able to get it running with the info i just received above
<unfo> stopgo: it is more work, and you will get more spam.  But enjoy :)
<\sh> moins
<timreichhart> does anybody know what would be a best 56k modem to use for a fax server?
<timreichhart> does anybody know what would be a best 56k modem to use for a fax server?
<jmedina> fax server? that old and stupid machines?
<jmedina> the one that mekes people go back in technology?
<timreichhart> well see i am running a business and most of my vendors require a fax for placing orders with him
<timreichhart> so that is why i need a fax server
<timreichhart> ok i guess this chat room is dead and no help
<hads> IRC takes longer than 90 seconds
<timreichhart> what do you mean it takes more then 90secs?
<timreichhart> to get a simple answer
<jmedina> timreichhart: the best modems are externals, but I dont know where to buy one
<jmedina> I remember to use 3Com
<nijaba> timreichhart: people do not stare at their IRC waiting for a question to come.  The guy that has your answer might be coding something atm and will get back to IRC in 2, 3, 10 min...
<jmarsden> timreichhart: Cost no object at all?  You can buy high end FAX cards designed for FAX server use... how many FAX lines will you need?  Only one?
<timreichhart> so your saying jmedina any external rs232 56k modem will work
<nijaba> timreichhart: single or multiple line need?
<timreichhart> just 1
<hads> Yeah, if you go external you know you're getting a real modem
<jmarsden> Maybe http://www.usr.com/products/modem/business-product.asp?sku=USR3453c&adv=homepage
<jmarsden> Not cheap but works well even on bad phone lines...
<nijaba> USR modems have always been my first pick
<jmarsden> More or less any external RS232 modem "will work", but reliability and noise rejection cost $$, basically.
<jmedina> yeap, I said 3com meaning USR
<timreichhart> ok
 * hads hasn't used a modem in so long
<timreichhart> so any 3com/USR rs232 modem will work correct?
<jmedina> yeap
<nijaba> timreichhart: pretty much, yep
<jmedina> well the last I used was 8 years ago
<nijaba> timreichhart: just make sure you don't buy an internal one
<jmedina> there was otheres white, smaller an cheaper that the USR3453
<timreichhart> what about this one? http://trendnet.com/products/proddetail.asp?prod=110_TFM-560X&cat=51
<jmarsden> Looks like a cheap generic, and only has Class1 FAX command support... you can probably get it to work, but you may be trading up front cost for reliability.  You'll be using HylaFAX?
<jmarsden> It's been a while since worked with this stuff, but from memory HylaFAX likes Class 2.0 support.
<hads> Faxes are icky
<jmarsden> Yes, but sometimes customers want them...
<jmarsden> timreichhart: HylaFAX web site is http://www.hylafax.org/ . http://www.hylafax.org/content/Hardware_Compatibility_List may be of interest to you?
<timreichhart> thanks for that link there jmarsden
<jmarsden> No problem.
<timreichhart> well i have a winmodem right now but that is giving me problems
<jmarsden> No surprises there :-)  See http://tldp.org/HOWTO/Unix-Hardware-Buyer-HOWTO/ for advice on hardware... BTW I am a contributor to that so may be slightly biased :-)
<jmarsden> Section 3.10.2 says in part: "Also, avoid anything called a "Windows Modem" or "WinModem", ..."
<kraut> moin
<uvirtbot> New bug: #297574 in mysql-dfsg-5.0 (main) "Grant sentence doesn't work" [Undecided,New] https://launchpad.net/bugs/297574
<uvirtbot> New bug: #286878 in php5 (main) "utf8_decode bug" [Undecided,Confirmed] https://launchpad.net/bugs/286878
<\sh> hmm..what's the best way to get rid of non used lvm snapshot devices?
<\sh> lvremove doesn't work...umount doesn't work neither
<deejoe> if it's still mounted and umount doesn't work, chances are good it is still being used by some process
<deejoe> lsof | grep partial-name-of-volume
<\sh> deejoe: they are sbuild lvm snapshots...so I'm sure nothing valuable is accessing them..only ksnaphd
<zoopster> Did the graphical front end for vmbuilder make it into intrepid?
<\sh> lsof df -h
<\sh> argl
<uvirtbot> New bug: #297670 in net-snmp (main) "libsnmp-perl: get() returns wrong values" [Undecided,New] https://launchpad.net/bugs/297670
<uvirtbot> New bug: #282298 in samba "Intrepid Beta: No Access to NAS samba share any more." [Low,Confirmed] https://launchpad.net/bugs/282298
<uvirtbot> New bug: #296916 in sysstat (universe) "Please sync sysstat 8.1.6-2 (main) from Debian unstable (main)." [Wishlist,Fix released] https://launchpad.net/bugs/296916
<oneseventeen> is there a good tutorial on setting up an SFTP server using ubuntu?
<ascent> aptitude install openssh-server
<ascent> ;)
<oneseventeen> I use SSH for my webserver now, but I'm thinking more a "newbies guide to user administration and SFTP sandboxes"
<ascent> ah oke
<oneseventeen> I'm going to be giving users outside the company usernames and passwords
<ascent> well, by default, ssh enabled users can also use sftp
<ascent> since it's the same layer/program
<oneseventeen> yeah, I'm guessing I just need to set permissions in a config file somewhere
<ascent> well, if you want sandboxes (jails, chroots, virtual servers), you may need some extra work
<oneseventeen> hmm, that might be better to search for, ssh user administration and ssh chroots
<oneseventeen> are tehre any performance gains using ubuntu server 64 bit?
<tacone> shuold "sudo stop apache2" work ?
<tacone> i get --> stop: Unknown job: apache2
<Deeps> it shouldn't, no
<jmedina> tacone: you can use /etc/init.d/apache2 stop
<oneseventeen> tacone: for stopping apache I usually use sudo /etc/init.d/apache2 stop
<Deeps> if you want to stop a service, i believe the ubuntu way is sudo invoke-rc.d apache2 stop
<oneseventeen> (should have looked before typing)
<tacone> yes i know oneseventeen. i was just wondering what stop and start are all about.
<jmedina> or apache2ctl stop
<Deeps> or use the init scripts as everyone else does
<Deeps> tacone: bash job controls
<jmedina> I dont like invoke-rc.d
<tacone> i miss the definition of bash jobs then :-)
<jmedina> you need to know the name of the service
<jmedina> I prefer to use /etc/init.d/a<tab>
<jmedina> and take advantage of bash completion features
<DaSkreech> Hello can I get some help with Landscape ?
<ScottK> kirkland: ^^^
<ScottK> He's looking at your MOTD stuff.
 * DaSkreech waves at kirkland
<oneseventeen> is it normal for Scanning the mirror... to take forever?
<oneseventeen> (during initial ubuntu-server setup)
<sommer> oneseventeen: I'd think the amount of time would depend on your internet connection and the number of user's using the mirror
<DaSkreech> ScottK: kirkland sleeps a lot?
<ScottK> Not usually.
<docta_v> if i'm booting from RAID1 and i want grub to manage installing to both disks, do i just edit the device.map to make hd0 set to md0?
<Weasel[DK]> docta_v, i usually do root(hd0,0) setup(hd0) and root(hd1,0) setup(hd1) from within grub
<Weasel[DK]> i do not mess with any files... and i work great.. if one disk is missing, it will boot on the other....
<Weasel[DK]> guess that is what you wanted ?
<peppe__> salve a tutti
<docta_v> Weasel[DK]: according to the grub wiki there is native support for md devices now
<peppe__> c'Ã¨ qualche italiano??
<docta_v> that would be helpful to me because i'm managing an increasingly large number of servers
<docta_v> since version 1.95
<docta_v> heh the ubuntu version is .97
<docta_v> what's up with that?
<docta_v> ah grub2 still experimental hmm
<Weasel[DK]> hehe
<Weasel[DK]> suppose you still need grub on all disks MBR
<docta_v> i'm guessing the ubuntu installer probably isn't smart enough to do that
<Weasel[DK]> no, dont think so
<jmedina> there is some information about RAID1 and grub in the server guide
<Weasel[DK]> dont forget to save a copy of the partintion table of each disk.... it is so much easier to replace if something happens
<jmedina> it is something discussed for the intrepid release
<docta_v> ah... too bad i'm in the process of moving everything to hardy
<docta_v> and then sticking with that for 2-3 years
<docta_v> :)
<Weasel[DK]> dito
<jmedina> docta_v: but you can see the discussions about that and get some ideas
<docta_v> is there an easy way to verify if grub has already been installed on a given mbr?
<jmedina> in the ubuntu server mailing lists there is a huge discussion about the topic
<docta_v> cool
<docta_v> what Weasel[DK] was describing above is the standard way to deal with it
<jmedina> docta_v: you can cat the fist 512kb of your disc
<docta_v> but it looks like we'll get native support in grub once ubuntu starts using grub2
<jmedina> I dont think grub2 will be available in the next year
<docta_v> yeah, no worries
<docta_v> i've gotten this far without it
<tonyyarusso> So this is a tad concerning:  "The following packages were automatically installed and are no longer required: libklibc klibc-utils busybox-initramfs iptables
<tonyyarusso> iptables?  Anyone know how that got on the list?
<jmedina> probably you uninstalled a package which depends on iptables
<celeph_> Hi, is there a way to use logical volume from a guest system in kvm/libvirt ?
<akuma55> can some one take a look at this and tell me what i need to do http://pastebin.com/m5c733c4f
<ascent> install a compiler ?
<akuma55> witch one?
<ascent> gcc for isntance
<akuma55> ok ill tryint
<akuma55> try it*
<akuma55> i did  but then it say this http://pastebin.com/d49841594
<ascent>  Originally Posted by joe_bruin  View Post
<ascent> Aha, I have the answer:
<ascent> You must have libc6-dev-i386 (not just libc6-i386) installed! The Wine Wiki neglects to mention this.
<ascent> from ubuntu forums
<zul> akuma55: sudo apt-gete isntall build-essential
<akuma55> trying that now zul
<akuma55> it worked
<akuma55> thanx
<zamarax> I have a question, do you think I will notice substantial performance increase in my websites rendering in the browser if I switch from 100mbps connection to 1Gbps?
<hads> That would depend how saturated your link is.
<DaSkreech> !find easy_install
<wazon> hi!
<wazon> I need some help
<wazon> could someone help me installing a simple fetchmail + postfix with imap???
<DaSkreech> apt-get install postfix?
<wazon> I've read lots of howtos
<jmedina> wazon: and what did you learn?
<wazon> but all of them use procmail
<wazon> and I'd like to use as few components as posible
<jmedina> wazon: and what do you want to do ?
<wazon> not using procmail
<wazon> I'm sure I've seen one howto doing that
<wazon> but I can't find it aagain
<wazon> I think the problem is I don't know how to tell fetchmail to use postfix instead of procmail...
<DaSkreech> apt-get install --prefix=/dev/brain googlefu
<DaSkreech> please don't try that
<wazon> xD
<jmedina> wazon: what do you want to do?
<wazon> use fetchmail + postfix WITHOUT procmail
<jmedina> you can do a lot of things with fetchmail and postfix
<jmedina> postfix by default doesnt use procmail
<jmedina> unless you install it and set the mailbox_command in main.cf
<wazon> but
<wazon> does fetchmail sends the mails it fetches to procmail?
<wazon> I think thats my problem...
<jmedina> nop unless you use the mda option within fetchmail config
<wazon> uhm
<wazon> so, if I don't use that option, fetchmail will pass the mail to postfix?
<jmedina> I think I still dont understand what you want to do with fetchmail and postfix
<jmedina> and what for
<wazon> I want to fetch my mail from several accounts to my server
<wazon> and deliver it to local users
<wazon> when I manage that, I'd want imap access to that mail on my server
<wazon> and probably webamail as well
<wazon> *webmail
<wazon> and I'd like to use Maildir format
<wazon> not mbox
<wazon> is it an easier way to get this than postfix and fetchmail?
<wazon> I'm not new to linux, but this is the first server I manage
<wazon> so I'm kind of a newbye
<wazon> jmedina: what do you think? Am I in the right way?
<wazon> hey
<wazon> will you guys recommend me squirrellmail or mailman?
<wazon> and is it better to use dovecot or courier for imap?
<ScottK> wazon: Dovecot is the one the Ubuntu supports and is best covered in our documentation.  Squirrllmail is a webmail program.  Mailmain is a mailing list manager.  Depending on which you want, pick that one.
<wazon> aps
<wazon> I thought Mailman was also webmail
<wazon> I'll use then dovecot + squirrellmail
<wazon> thanks!
<wazon> how can I see the installed version of postfix I have in my pc?
<Deeps> dpkg -l | grep postfix
<DaSkreech> apt-cache policy postfix
<wazon> thanks
<DaSkreech> though postfix --version probably works as well :)
<shoot^> hey guys. for some reason, my fileserver does not automatically reconnect to the wireless network if the router is reset - i have to manually reset the box. any suggestions?
#ubuntu-server 2008-11-14
<donspaulding> hi all, is there a guide somewhere that shows how to setup UML on an ubuntu server?
<donspaulding> (google's not been much help so far)
<jmarsden> I googled for "ubuntu uml" and found http://users.piuha.net/martti/comp/ubuntu/en/uml.html -- is that not helpful?
<donspaulding> jmarsden: nice, thanks!
<jmarsden> donspaulding: No problem.
<dell> how are you all i need help me how to put it sing ~  in ubuntu server
<dell> in my key don't have it sing
<hads> Huh?
<subir> how can i enable ssh access to ubuntu 8.04?
<ropetin> subir:sudo apt-get install openssh-server
<subir> ropetin, already installed it
<subir> ropetin, but cannot ssh it
<ropetin> What happens when you try to?
<subir> ropetin, says no route to host
<subir> ropetin, i can ssh to localhost, but not to IP from the same machine
<ropetin> That's basically telling you it's a network issue.  Why would you use the external IP when connecting from the local machine?  What happens if you try the IP from a different machine?
<subir> ropetin, ssh: connect to host 192.168.10.5 port 22: No route to host
<ropetin> OK, what IP is assigned to teh server, what IP is assigned to the client, and can you ping from one to the other?  It's either going to be a networking issue, or a firewall issue
<ropetin> Are you running ufw?
<subir> ropetin, server: 192.168.10.5; client: 192.168.10.57
<subir> ropetin, the client cannot ping the server
<ropetin> So it's a networking issue then :)
<ropetin> Unless of course it's a firewall issue.  Can you confirm if either is firewalled?
<jmarsden> subir: Are both machines physically connected to the same LAN subnet (to the same switch or whatever)
<subir> jmarsden, ya
<jmarsden> Check the output of    ifconfig eth0    on both machines very carefully, (maybe pastebin it so we can see it)?
<ropetin> maybe pastebin a traceroute from one to teh other too?
<subir> ropetin, jmarsden ok it was a networking issue...anyways thnx :)
<ropetin> NP!
<subir> ropetin, jmarsden i'm trying to have svn server with code web browsing as well as site web browsing
<subir> ropetin, any link/pointer would be great!
<LoveGuru> Is there anyone who can help me to fix LAMP server :<  i did apache works fine. some problem with mysql i can't figure out whre is the problem how can i fix it. thanks.
<ropetin> subir: I remember seeing a tutorial about that on HowToForge
<ropetin> Maybe do a search there?
<ropetin> LoveGuru: What's the exact issue?
<LoveGuru> ropetin: mysql wont start
<LoveGuru> or u can say won't work
<subir> ropetin, okay thnx
<ropetin> Does it generate any kind of error?
<LoveGuru> ropetin: ya when i bootup my linux it gave me error on start. can i get that error from any log file?
<LoveGuru> i really don't remember it
<subir> ropetin, is this the one you are referring to? http://www.howtoforge.com/debian_subversion_websvn
<ropetin> There was one specific to Ubuntu if I remember
<ropetin> BUt that would work too
<freaky_t> does svn+ssh work by default? oO
<ropetin> With those directions yes, but I have no idea in general
<freaky_t> ok ;D
 * ropetin used svn once and found it to be overkill for his needs
<freaky_t> thanks
<subir> ropetin, okay
<jmarsden> subir: See https://help.ubuntu.com/community/Subversion
<subir> jmarsden, thnx
<jmarsden> No problem
<subir> ropetin, jmarsden any idea how to enable public_html on ubuntu as on centos?
<jmarsden> subir: I think you just would edit the apache2 config files to do your will... see under /etc/apache2/
<subir> jmarsden, i think that feature is there by default in centos
<ropetin> Isn't /var/www the equivalent of public_html?
<ropetin> Or are you talking about for each user?
<jmarsden> Probably.  So read the config files for apache in Centos and add the relevant lines
<jmarsden> I think you just need a line that says      Userdir public_html  in there ?
<jmarsden> I have one RHEL server I admin, but its httpd.conf has been... highly modified from the defaults :-)
<subir> ropetin, for each user...i just found out one
<subir> ropetin, jmarsden by enabling userdir module in apache2
<subir> jmarsden, :)
<timreichhart> hey guys
<timreichhart> I am just wondering if anybody could tell me how to configure 2 56k modems
<ropetin> timreichhart: do it the same as one, only twice?
<timreichhart> oh ok
<ropetin> What kind of modem and what issues are you currently having?
<timreichhart> well i just bought 2 Conexant 56k V.92  CX11252-11 PCI Data/Fax
<timreichhart> Modem (OEM) and i want to have one modem for incoming faxes and one for outgoing
<timreichhart> if that even possible to do
<timreichhart> ?
<ropetin> Sure, definitely possible.  You'd just have to install them (I'll see if I can find instruction) and then in teh fax software you're using (HylaFAX?) specify which one for each function
<timreichhart> im going to use hylafax and web base frontpage of avantfax
<ropetin> In which case it's designed to work with multiple modems
<timreichhart> yes
<ropetin> https://help.ubuntu.com/community/DialupModemHowto
<ropetin> That covers conexant
<timreichhart> yes I do see that
<timreichhart> thanks for that info
<ropetin> Np!
<ivarss> Hi *. Perhaps I am missing the obvious, but how do I include new schema files in openldap configuration? Intrepid ships with openldap v2.4 which uses new cn=config style configuration and not slapd.conf Thanks and please point me to the right direction if this is not a proper place to ask.
<kraut> moin
<ropetin> Yup
<uvirtbot> New bug: #297675 in tomcat6 (main) "catalina.policy and bootstrap.jar should be copied on soft linked" [Undecided,Incomplete] https://launchpad.net/bugs/297675
<netrat> i'm currently booting ubuntu over the network with AoE, which works fine. the only thing that doesn't work properly is the shutdown procedure. could anyone point me to some documentation? how does the shutdown process differ if you have an NFS root filesystem?
<philsf> how can I enable access for 'debian-sys-maint' in mysql-server? http://paste.ubuntu.com/71867/
<philsf> or, where should I rtm?
<sommer> philsf: take a look at /etc/mysql/debian.cnf
<philsf> sommer: there are entries for 'debian-sys-maint' for both [client] and [mysql_upgrade], both have the password var empty
<philsf> should I set a password? should I paste this file?
<sommer> philsf: mine have what I assume is a generated password, so it probably wouldn't hurt to try adding one
<philsf> sommer: shouldn't this have happened upon installation?
<philsf> sommer: oh, I just found a useful README.Debian, thanks and sorry for the noise
<sommer> philsf: I would've thought so
<uvirtbot> New bug: #298126 in samba (main) "package samba-common 2:3.2.3-1ubuntu3 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/298126
<akuma5> im haveing trouble installing vhcs on hardy any body know why
<sandstrom> How can I restrict a users access to the home-folder solely?
<Celephais> Hi, how can i use lvm with kvm?
<zoopster> sandstrom: as in you don't want them to see other areas of the filesystem on a given machine?
<levander> Do the dovecot packages for Ibex include ManageSieve?
<ewook> did you check the repository-info?
<akuma55> hello how do i create a new mysql db
<vensign> akuma55 you can execute mysqladmin create databasename
<akuma55> error: 'Access denied for user 'root'@'localhost' (using password: NO)'
<vensign> akuma55 mysqladmin -u root -p create databasename
<vensign> you have the mysql root password?
<byte_slave> hello everyone!
<byte_slave> how canm i see which are the ssh established tunnels?
<byte_slave> in this moment?
<_jmedina> to your server?
<_jmedina> you can use
<_jmedina> w
<_jmedina> no wait, that only tellyou about local and remote users
<_jmedina> but it doensnt say it is a ssh connection
<_jmedina> it could be telnet :)
<vensign> byte_slave you can use netstat -an | grep :22
<vensign> to see the active connections to port 22 (ssh port)
<akuma55> vensign, thanx it worked
<akuma55> got wordpress up
<vensign> you're welcome akuma55
<byte_slave> netstat -an | grep :22 only tells me the connections not the tunnels inside it i guess
<akuma55> vensign,  do you know how i can move everything in a directory out in to anther folld
<akuma55> folder?
<akuma55> *
<Deeps> mv /path/to/source/dir/* /path/to/destination/dir/
<vensign> you are rigth byte_slave sorry I dont remember if you can see the tunnels
<uvirtbot> New bug: #297758 in samba (main) "samba got "ERRDOS - ERRnoaccess" error after upgrade from Gutsy to 8.04" [Undecided,New] https://launchpad.net/bugs/297758
<vensign> akuma55 Deeps give you the answer
<akuma55> im trying it now
#ubuntu-server 2008-11-15
<akuma55> what is the command to del
<andol> akuma55: To delete a file? rm
<akuma55> yeah andol
<LoveGuru> is there anyhelp with " grsecurity " or any tutorial which one can help me out with install/configuration. thanks.
<akuma55> LoveGuru, is it like fwknop
<LoveGuru> akuma55: sorry didn't know anythg about "fwknop" well grsecurity i believe is for secure kernel
<akuma55> to secure it?
<akuma55> or pen it
<akuma55> ?
<LoveGuru> secure it
<akuma55> andol do you know?
<andol> akuma55: Thought I already gave you the answer :) it is rm
<akuma55> LoveGuru, ill try it if it work ill make a tut
<andol> andol: rm filename
<andol> hmm..not sure why I addressed that to myself :)
<akuma55> oh sorry
<akuma55> hehe
<andol> akuma55: https://help.ubuntu.com/8.10/basic-commands/C/
<LoveGuru> :/
<Knifa> When I ssh into my 8.10 server, I see a little system information usage printout. How is that done?
<Knifa> I looked in the ssh config and in pam.d but I couldn't find it at all.
<ScottK> LoveGuru: I'm not familiar with grsecurity, but I'd recommend familiarizing yourself with the security measures already built into Ubuntu's kernel and the overall system before adding potentially incompatible 3rd party tools.
<ScottK> LoveGuru: https://wiki.ubuntu.com/SecurityTeam has links to some of the relevant information.
<LoveGuru> ScottK: thanks was not here :)
<jmarsden> What is the package name in Intrepid that adds mod_security (for apache2) ?
<ropetin> apt-cache search mod_security
<ropetin> What does that give you?
<jmarsden> Nothing, that's why I am asking :-)
<ropetin> Hehhe, OK
<jmarsden> Looks like it used to be called libapache2-mod-security in earlier releases, but... something seems to have changed in Intrepid
<ropetin> Yeah, I couldn't find it at all
<jmarsden> Google searches show howtos for older distro versions, none yet for Intrepid... hmm.  And it is not in /etc/apache2/mods-available/ by default, I checked there also.
<kees> jmarsden: Debian (and Ubuntu) removed mod-security from the archives: http://packages.qa.debian.org/liba/libapache-mod-security.html
<kees> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=313615
<uvirtbot> Debian bug 313615 in libapache-mod-security "License conflict makes binary undistributable" [Grave,Open]
<jmarsden> Ah, thanks.  Sad, but that explains it.
<kees> yeah.  if the upstream could be convinced to relicense, that'd be nice.  :P
<jmarsden> Hmm, apparently the Apache2 licence is officially GPLv3 comptible, but not GPLv2 compatible...
<jmarsden> Upstream already fixed the license!  http://blog.modsecurity.org/2008/06/modsecurity-lic.html
<jmarsden> I wonder how hard it would be for me to package it? :-)
<kees> jmarsden: should be pretty easy -- just grab the old packaging.  :)  http://packages.qa.debian.org/liba/libapache-mod-security.html
<chimp> When setting up a mail server (postfix), is there a way to have to accept emails for $user@......   without $user existing on the system. I don't really want to clutter the server up with lots of users
<lukehasnoname> bug #255368
<uvirtbot> Launchpad bug 255368 in ebox "ebox: Depends: libapache-authcookie-perl but it is not installable " [Undecided,Confirmed] https://launchpad.net/bugs/255368
<lukehasnoname> So what's happening with this bug? Is the lib going to be added, or is ebox going to be modified to not depend on that lib?
<jmarsden> chimp: Sure there is.  Virtual users are your friend.  Try man 5 virtual or read most guides on setting up Postfix
<jmarsden> chimp: For lots of users, yu might want to read https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto
<chimp> cheers
<jmarsden> chimp: No problem
<kraut> moin
<Carroarmato0> Hi, I'm setting up a server using Quota's,  but when  entering the command  'quotacheck -avugm'   I get a message saying that although the kernel has support for journaled quota's, it's not enabled. How can I change that?
<lucabecchetti> hi boys, i create a repository in /home/svn/repos and all work fine, form more computers i con checkout the repos, now i go to my webroot from console and in /var/www/proj i checkout a repository with users test, then i create a post-commit script, but i recevie this error, svn: Can't open file '/var/www/proj/.svn/lock': Permission denied, if i use sudo all it's ok, i use ubuntu server, some idea?????
<lucabecchetti> ok, i delete all, now i have a repository correctly created, and i need to create a working copy in apache2 root
<lucabecchetti> how can i do???
<lucabecchetti> nobody can help me?
<frith> i want to create an catch all alias, is this possible?
<frith> *: user
<arpu> hello
<arpu> i do an update from 8.04 to 8.10 with sudo do-release-upgrade
<arpu> at the beginning the programm say i have to start liloconf ?
<arpu> i think i use grub but in the menu list now 8.10 kernel is shown
<arpu> iam afraid to restart the server :-/
<frith> arpu, well just install a bootloader to start with
<frith> i would just put on grub
<arpu> hi frith i think grub is installed from 8.04
<frith> well it shouldn't simply vanish
<frith> you might want to manually reinstall it if you are worried
<arpu> how can i do this
<frith> hmmm
<frith> its more worrying you don't know how, its fair simple however
<frith> https://help.ubuntu.com/community/GrubHowto
<arpu> frith:  hmm but this is a simple update why this dies not work ?
<arpu> i do an update-grub
<arpu> i hope this works now ?
<frith> did the dist upgrade work?
<arpu> yes i do an do-release-upgrade
<frith> well if you look in /boot/grub/menu.lst
<frith> you will see some kernels
<frith> make sure they exists
<arpu> yes now after update-grub the new kernel is in there
<frith> and it exists in /boot?
<frith> i would manually rub grub
<frith> if i was paranoid
<frith> the problem is you don't sound too sure if you are using lilo or grub at boot time
<arpu> i have no lilo in /boot
<frith> dpkg -l | grep lilo
<frith> arpu, lilo is in /etc
<frith> /etc/lilo.conf
<frith> iirc
<arpu> ii  lilo                                  1:22.8-4ubuntu1               LInux LOader - The Classic OS loader can loa
<frith> ok so it is installed
<frith> so someone has been playing
<arpu> i have no lilo.conf
<frith> like i said, to make yourself confident that it will reboot just run grub again
<arpu> update-grub ?
<frith> grub
<frith> root (hd0)
<frith> boot (hd0,1)
<frith> depends how the system is configured
<arpu> hmm my fstab lokks strange
<arpu> proc /proc proc defaults 0 0
<arpu> none /dev/pts devpts gid=5,mode=620 0 0
<arpu> /dev/sda1 none swap sw 0 0
<arpu> /dev/sda2 / ext3 defaults,relatime 0 0
<arpu> no UIDS ?
<frith> do you have /dev/sda ?
<arpu> yes sda  sda1  sda2
<frith> you should be fine
<frith> hmmm, what should i use for a webmail client?
<arpu> boot (hd0,1)
<arpu> Starting up ...
<arpu> Error 8: Kernel must be loaded before booting
<NCommander> arpu, sounds like grub decided to go bleck
<arpu> NCommander: sorry i do not understand
<NCommander> arpu, it sounds like your grub configuration went and self-destructed
<arpu> what can i do ?
<NCommander> arpu, grab a Ubuntu server CD (or an Ubuntu Desktop alternate CD), type rescue at the prompt, then try to reinstall the bootloader
<arpu> NCommander: this server is in an server house
<arpu> i can not use a cd :D
<arpu> anyone can hep ?
<arpu> :-/
<frith> arpu, i guess you didn't see if you could install grub?
<arpu> i think it is installed
<frith> so when the server starts up you get a grub boot menu? or press esc
<arpu> i only have a remote ssh account
<arpu> and i am afraid of reboot the server
<Guest30588> installing ubuntu server 8.10 on new server. server won't boot off the main SCSI hardrive. GRUB says that the device does not exist by UUID.
<david_trebacz> i have reinstalled from the CD several times and reformated pertions. Each time I get stuck at this point.
<david_trebacz> new to IRC -I'm aslo guest30588 -sorry
<david_trebacz> My system is using and Adaptec onboard SCSI controller AIC-7902, but I'm not trying to do anything with redundant disks at this point. Just get a booted ubuntu server system.
<david_trebacz> Actual error message by grub is: Gave up on waiting for root device. ALERT! dev/disk/by-uuid/ disk ID here does not exist. Dropping to shell. I'm now sitting at a busybox shell prompt.
<arpu> david_trebacz: maybe i have the same problem
<ssd7> https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/278176
<uvirtbot> Launchpad bug 278176 in mdadm "Intrepid ubuntu server won't boot RAID1" [Undecided,New]
<ssd7> i think that is the same problem too
<ssd7> there seem to be some work arounds in there
<ssd7> about using rootdelay= as a boot option
<david_trebacz> Brilliant! by typing exit the server did boot allow it to boot. At least now I have an operating system.
<jmarsden> david_trebacz: If you wait a couple of minutes and then type     exit    at the ... good :-)
<david_trebacz> I'll read the bug report further to see if I can contrbute more information -thanks!
<ScottK> david_trebacz: See http://www.ubuntu.com/getubuntu/releasenotes/810#Boot%20failures%20on%20systems%20with%20Intel%20D945%20motherboards
<yann2> ahm, i got a openssh-server: cant be installed because of a dependancy...  openssh-client 1.4.7p1.8ubuntu1 (openssh-client 1/4/7p1.8ubuntu2 is to be installed)
<yann2> but no  1.4.7p1.8ubuntu2 in main...
<yann2> (ubuntu hardy x86 freshly installed)
<yann2> works by removing openssh-client and then install openssh-server again.. but is definitely broken by default.. never seen this bug before :(
<ScottK> You should be installing 1:4.7p1-8ubuntu1.2 for Hardy.
<ScottK> yann2: That one is in both hardy-security and hardy-updates.
<ScottK> yann2: I'd suggest checking to make sure you have the security updates repository enabled.
<yann2> oh -updates and -security, that must be what i am missing
<yann2> sorry for the noise
<ScottK> yann2: No problem.  You do want those.
<frith> hi i am looking for mod-security for apache
<XiXaQ> I'm going to setup an ldap/nfs system for centralized users. The guides I read all mention the use of automount. Is there any disadvantage to having /home mounted from nfs all the time?
#ubuntu-server 2008-11-16
<yann2> I am trying to setup an AD caching server, using kerberos and samba. The kerberos setup is done, the machine is part of the domain; how can i get samba to make it act as a domain controller? any link to a good documentation would be much appreciated
<XiXaQ> this is cool stuff, I think :)
<XiXaQ> never used thiese kinds of stuff before, so thiese technologies still have the new-smell. :)
<yann2> well I think it's quite tough :/
<XiXaQ> tough is synonymous with cool in norwegian slang :)
<XiXaQ> have you used many similar tools before?
<yann2> well I've used samba for file sharing :P and got kerberos to work ^^
<yann2> else, no
<yann2> aaactually
<yann2> automount, I think I've done this before
<yann2> solaris actually uses automount by default - it's a very neat setup
<yann2> be sure to have root in /root and you should be safe - it's not uncommon
<yann2> as far as I understood automount enables you to spread user homes accross several servers, it's nice :)
<lukehasnoname> the irc logs are down
<lukehasnoname> or something is wrong
<XiXaQ> I'm not entirely clear on what kerberos really is :)
<XiXaQ> yann2, but that sounds like a useful feature...
<yann2> lukehasnoname > url of the irclogs?
<yann2> lukehasnoname > depending on the bot I may be able to do something
<yann2> http://logs.ubuntu-eu.org/freenode/2008/  < this? :/
<yann2> *opening a ticket*
<yann2> ah no seems fine - which logs lukehasnoname ?
<lukehasnoname> irclogs.ubuntu.com
<XiXaQ> the thing that's catching my attention at the moment, is the limit on 16 groups per user on ldap? That limit will easily be reached if you're going to base limitations on applications on that, such as who can run system monitor, etc.
<yann2> right that's not me :) I'm off to bed, good night
<yann2> XiXaQ > there is a limit of 14 groupes per user on NFS v3...
<yann2> very, very, very painful in some cases
<XiXaQ> yann2, 14? Are you sure? I read about that just a few hours ago. I was recently certain the limit is 16?
<yann2> I am speaking of NFS not ldap
<yann2> could be 16 :)
<XiXaQ> but you're right. It was NFS. :)
<yann2> well then I can confirm, and I think that's for nfs v3 only
<XiXaQ> oh... But the applications will be local to the system, so that's probably not too important anyway..
<XiXaQ> I wonder how I can disallow users to run applications in their homes?
<yann2> can't :)
<`6og> mount with noexec for a start.
<`6og> but ultimately, you cant
<yann2> ah :] anyway, good night
<`6og> yann2, aw, you beat me to it :p
<`6og> later mate
<XiXaQ> what does that mean?
<XiXaQ> if I mount /home with noexec, then files on that partition can't be executed?
<`6og> they cant be run as executables. its still posible to run shell scripts with `sh scriptname` though (iirc)
<XiXaQ> ah.
<paul68> can someone help me out with the following problem I have this setup isp dlink router 192.168.0.1 eth1 192.168.0.10 server eth1 192.168.1.22 linksys ap. I can ping from my laptop which is attached to my dlink towards eth1 but not able to go futher. I cannot ping from my server my laptop which has ip 192.168.0.1 the server is not able to access the internet either what can I do to solve this
<teddy__> I have chosen ubuntu-server as my server distro of choice..it used to be gentoo, and centos...
<teddy__> ubuntu-server boots faster than any server distro i have seen.  Ubuntu-server is amazingly fast on the bootup.  However many installs in ubuntu-server do not complete fully, and require a lot of wwork to get them working.
<XiXaQ> teddy__, examples?
<kraut> moin
<slytherin> Hi all. I was wondering what kind of updates to java stack would people like to have on server side. Is struts update and jsf addition, something that people are interested in?
<sidewalk> is there any way to upgrade ubuntu server with something else than do-release-upgrade?
<Deeps> you could alter your sources.list and dist-upgrade, but it's not recommended
<sidewalk> i want to do a upgrade remotely
<sidewalk> and the open ports to the machine are limited
<sidewalk> where can i find documentation on it?
<sidewalk> no links?
<Deeps> ubuntu homepage
<Deeps> click on server
<Deeps> explains how to do a command line upgrade
<Deeps> and it can be done over ssh
<Deeps> which requires a single tcp port, by default port 22
<Deeps> sorry, get ubuntu has a link to 'how to upgrade'
<sidewalk> when running that script, "do-release-upgrade" it wants to open a new ssh port, which i cannot access
 * Deeps has a try
<Deeps> at what stage does it ask you to open a new ssh port?
<maswan> sidewalk: nah, it opens a new ssh port which you can connect to if something goes wrong with the normal ssh
<Deeps> ah, a failsafe sshd, smart
<sidewalk> therefor i would like an alternate way of upgrading
<maswan> sidewalk: I've never had something go wrong with it, so I've never connected to that other sshd
<sidewalk> okey
<sidewalk> then im with you :-)
<sidewalk> lets hope nothing goes wrong :P
<maswan> (I've mostly just upgraded dapper->hardy though, I haven't tried intrepid yet)
 * Deeps cancels upgrade
<sidewalk> im doing 7.10 ow
<lilliz[]> Hi I have a ubuntu server 6.06 on a harddisk that I had to switch to another hardware, seems to boot ok but the NICs are not operativ is there some way to add drivers for it later ?
<lilliz[]> Its basically the same hardware except that there might be a diffrent nic
<TwelveGauge> I'm trying to configure the DNS server for my website. I'm behind a router, do I use the local machine IP address or use my ISP IP address? Didn't have much luck using the ISP IP address.
<Deeps> are you running the dns server on your local machine?
<Deeps> if so, and you're behind a router/firewall/nat gateway, ensure port 53 (tcp + udp) is allowed and forwarded to the machine
<TwelveGauge> yeah
<TwelveGauge> they were open and forwarded but dig domain got nothing
<TwelveGauge> configured it using my ISP adress
<TwelveGauge> should I use the local machine IP?
<TwelveGauge> for forwarding maybe?
<Deeps> on the machine, do dig @localhost domain
<Deeps> if that doesn't work, the issue isn't network related, but rather your configuration of your dns server
<TwelveGauge> ok... thanks.
<Deeps> if you want more detailed help, gimme the domain in question and your wan ip
<TwelveGauge> I gotta reconfigure everything. started over from scratch since it wasn't working.
<TwelveGauge> but thanks
<XiXaQ> for a mailserver, what's the best way to prevent spam? Spamhaus.org is one option. Is it expensive? Are there other such services that can be used? This will be a small mail system.
<paul68> can someone help me out with a routing problem on my server
<zoopster> paul68: just ask a question and someone may be able to help
<stiv2k> uhh
<stiv2k> well, I swapped out the hard drive from my old machine into a new one
<stiv2k> and it boots perfectly but I notice that there's no eth0 anymore
<stiv2k> the chip is intel 82801db networking
<stiv2k> i cant really remember how to configure networking on command line
<stiv2k> and furthermore why its gone like that
<stiv2k> i think the driver might be e100 im not sure
<stiv2k> anyone???
<ScottK> stiv2k: Is the network card eth1 now then?
<stiv2k> no
<stiv2k> ScottK, ifconfig only shows lo
<stiv2k> im sure the driver is e100 btw
<stiv2k> ScottK, im stuck, I don't know how to make it recognize the chip
<ScottK> I'm not sure.  When I've moved hard drives it's always just worked for me.
<stiv2k> ScottK, I think it has nothing to do w/ moving the hard drives but rather something with 8.10 and e100
<stiv2k> http://www.trap17.com/forums/installing-drivers-ubuntu-hardy-heron-t59623.html
<stiv2k> http://www.ubuntugeek.com/fix-for-intel-cards-with-broken-eeprom-e100-driver.html
<stiv2k> ScottK, ^
 * ScottK dunno.
<stiv2k> ScottK, where can I find more information about this so it hopefully gets resolved/
<stiv2k> ??
<ajmitch> stiv2k: does 'ifconfig -a' show anything more?
<stiv2k> hold
<stiv2k> ajmitch, I swapped in another LAN card so that it works in the meantime
<stiv2k> but the e100 is built in so
<stiv2k> its always there
<stiv2k> ajmitch, ifconfig -a shows it now
<ajmitch> ok, so it's detected but the interface isn't configured & up
<stiv2k> ajmitch, when I try to bring it up it says no such device
<ajmitch> bringing it up with ifup, or ifconfig?
<stiv2k> ifup
<ajmitch> ifup only goes from configured interfaces in /etc/network/interfaces
<stiv2k> ajmitch, what do you suggest
 * ajmitch can't recall if udev still has a list of mac-device name mappigns
<ajmitch> but you could just put in the appropriate interface entry with whatever its new device name is in /etc/network/interfaces & bring it up
 * ajmitch hasn't had to reconfigure networking for a few releases
<stiv2k> ajmitch, i tried that
<stiv2k> hold
<stiv2k> wtf!!!
<ajmitch> something's working now?
<stiv2k> um
<stiv2k> i dont think so
<stiv2k> i configured eth1 to be exactly like eth0
<stiv2k> then I said ifup eth1
<stiv2k> and changed the network cable over to that device
<stiv2k> From 192.168.1.118 icmp_seq=30 Destination Host Unreachable
<stiv2k> and by configured I mean I configured it to be static ip
<ajmitch> if they're exactly the same, with the same IP address & both interfaces up,  you'll have problems
<stiv2k> well only one of them is connected to the network
<stiv2k> does it still matter?
<stiv2k> should I make the ip different then
<ajmitch> it'd help
<stiv2k> alright
<stiv2k> ok
<stiv2k> now they are both connected to the network
<stiv2k> on different ips
<stiv2k> if I ping the one that's known to work...
<stiv2k> http://stiv2k.info/phpsysinfo/
<stiv2k> oops
<stiv2k> 64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.973 ms
<stiv2k> and the other one (eth1)
<stiv2k> From 192.168.1.118 icmp_seq=2 Destination Host Unreachable
<stiv2k> ajmitch, so it doesn't seem to be working at all
#ubuntu-server 2009-11-09
<erieslab233> ok I need some quick honest advice
<erieslab233> ok so it need not be quick but honest anyway
<erieslab233> I just bought 8 quad core 3.4ghz 8GB servers for my new rack...
<erieslab233> I have like 30 thin clients currently
<erieslab233> I wanna cluster all these new servers
<erieslab233> how many hours should be a reasonable quote to outsource it to an admin?
<erieslab233> or is this a project I can do myself from a simple readme file?
<erieslab233> In theory this should be like 20x the power I have now, really wanting to do something quick before I lose my drive on it lol
 * tonyyarusso has utterly no idea
<tonyyarusso> You can probably do it yourself, but it will take a bit more than one readme file to figure it out
<erieslab233> I figured as much... it is possible though?
<erieslab233> one massive computer? like rendering a 2 hour movie in 5 minutes ?
<tonyyarusso> Yes.
<erieslab233> nobody has any guesses as to what an honest quote would be? I mean if $600 is honest I will just have to accept it
<tonyyarusso> There are two general approaches you could take.
<erieslab233> ok
<tonyyarusso> The first would be to declare a cluster of those 8 computers, to always work together.
<erieslab233> k
<tonyyarusso> The second would be to use "cloud computing" tools to apportion resources as needed for different things.
<erieslab233> like a virtualization technique?
<tonyyarusso> Yeah, but even more so
<erieslab233> I think I want the first :P
<erieslab233> sounds better
<erieslab233> any native libraries do it?
<erieslab233> not a plug and play type request probably
<erieslab233> i have only found one project working on it that seemed within a hobbyist's reach
<erieslab233> that's why I ask
<erieslab233> hmm I wonder if the ltsp guys might know
<tonyyarusso> Well, I'm just doing an apt-cache search, and some of interest includ redhat-cluster-suite, openais, gridengine-*, ltsp-cluster-*, mpich2, and related items.
<tonyyarusso> The LTSP-cluster packages look particularly interesting.
<erieslab233> wow more than google turned up
<erieslab233> or at least google documentation searches
<erieslab233> thank you!
<tonyyarusso> np - good luck!
<PleXuS> anyone known the command how to detect a soft raid?
<PleXuS> mdadm
<dragon> what's the easiest way of setting up an outgoing mail server on karmic server?
<twb> dragon: a satellite, or a smarthost?
<dragon> twb: meaning?
<twb> If you don't understand the question, then step #1 is to understand it
<dragon> twb: and you're here to complicate things.
<twb> A smarthost is capable of sending mail to arbitrary destinations.  Smarthosts are usually called mail.example.net.
<twb> Typically each ISP or organization will have a single smarthost.
<dragon> twb: better
<twb> You then have a bunch of "satellites".  All they know how to do is send ALL their outbound mail to a designated smarthost.
<twb> So for example a home office might send all its outbound mail to mail.isp.net or smtp.gmail.com
<dragon> twb: I'm setting up a smarthost, a single server sending mail directly to the outside world.
<twb> Then you probably want to install postfix, which is the default MTA on Ubuntu.
<twb> Personally I would encourage people to configure satellites where possible, since this is much simpler.
<dragon> twb: I tried postfix during karmic-rc-server installation, but it failed to install.
<dragon> brb
<dragon> back, sorry
<dragon> twb: would satellite do what I'm trying to accomplish?
<dragon> twb: if so, I'd be happy to go that way.
<twb> dragon: if you have a reliable path to a smarthost, it will.
<twb> For example, if you're setting up a VPS, your VPS provider might have a smarthost
<dragon> twb: does an SMTP server qualify?
<twb> That depends what the SMTP server does.
<twb> If it accepts mail from your server (to any destination), and then forwards it on, then it is a smarthost.
<dragon> twb: Does Gmail's SMTP service qualify?
<twb> You can have a non-smarthost SMTP server that will accept email from anyone, but only if the mail is for users on itself.
<twb> smtp.gmail.com is a smarthost, provided you have an account there.
<twb> You might need to be careful if you have more than one local user, because I think smtp.gmail.com might rewrite the From header field to your gmail account.
<MatBoy> mhh nice... proftp has leaks
<twb> IMO you ought to use vsftpd or not FTPd at all
<MatBoy> why not ?
<MatBoy> proftpd is nice with sql, but that is the issue atm :)
<twb> Because it's the only implementation that seems to prioritize security, and FTP is definitely a protocol that needs all the security-conscious implementation that you can handle.
<twb> And for authenticated FTP *uploading* I would be using SFTP (i.e. OpenSSH).
<MatBoy> yes true
<MatBoy> I know that, but normal FTP should do
<uvirtbot> New bug: #478827 in openldap (main) "openldap database backend back_perl has undefined symbols (aka slapd-perl back-perl)" [Undecided,New] https://launchpad.net/bugs/478827
<dragon> twb: how'd I go about setting up a satellite?
<twb> Install msmtp
<twb> Install msmtp-mta, rather
<twb> Then you basically add a couple of lines to /etc/msmtprc that say "the smarthost is foo.net, and you should claim to be bar.net"
<twb> You can also do this with postfix, of course.
<pmatulis> MenZa: right, the /etc/update-motd.d stuff.  well to me it's more of a system thing and less of a user thing
<MenZa> pmatulis: Well, this is a system thing, I guess...
<dragon> !prefix
<ubottu> As you can see, this is a large channel. If you're speaking to someone in particular, please put their nickname in what you say (use !tab), or else messages get lost and it becomes confusing :)
<dragon> so ubottu exists here, I see.
<russlar> !hammertime
<ubottu> Sorry, I don't know anything about hammertime
<bogeyd6> dragon derp derp
<dragon> ...
<dragon> how do I change a server's FQDN?
<twb> Edit /etc/hosts and /etc/hostname, and run "hostname fred", where "fred" is the new value in /etc/hostname.
<dragon> twb: thanks
<twb> If you also want to change the external FQDN that OTHER hosts see, you will need to edit DNS records somewhere
<pmatulis> twb: a reboot is actually required in order for the kernel to be aware of the new hostname
<twb> pmatulis: really?  Bleh
<twb> pmatulis: where does the kernel remember the hostname?
<twb> I thought it was only handled by hostname(8) being called early during boot
<twb> hostname(1), apparently
<pmatulis> twb: without a reboot you could change the kernel.hostname sysctl setting
<pmatulis> twb: i imagine that's where uname gets it
<twb> pmatulis: hostname(1) sets that, I just checked
<poningru> dantaliz1ng, OMG
<twb> Hahaha, I just broke sudo
<poningru> I would love to see the kvm/libvirt based upgrade tester
 * poningru is the ubuntu-us-ct contact
<twb> $ sudo hostname arthur
<twb> $ cat /proc/sys/kernel/hostname --> arthur
<twb> $ sudo hostname Clio --error--> sudo: unable to resolve host arthur
<poningru> and is going to start hosting upgrade testing sessions here
<twb> Fortunately I can root this box directly.
<poningru> and the upgrade test I was scratching my head about
<poningru> I finally came up with a procedure of dd'ing the hdd image and then booting into that using vmware to do the upgrade
<maxagaz> how to check on which harddisk is my current directory ?
<poningru> ... but seriously if you have that upgrade tester ... I would love to test it out
<poningru> maxagaz, mount
<poningru> and then see which one it is in
<poningru> you can have issues if it is bind mounted though
<uvirtbot> New bug: #478855 in bind9 (main) "cannot maintain old config file in bind9" [Undecided,New] https://launchpad.net/bugs/478855
<uvirtbot> New bug: #478857 in postfix (main) "package postfix (not installed) failed to install/upgrade: el subproceso script pre-installation nuevo devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/478857
<marks256> would it be better to have a 4x dual core server at 32 bit (16gb of ram), or a 2x dual core 64 bit machine (4gb of ram)? This would be for rendering with blender 3d
<jmarsden> maxagaz: df .
<maxagaz> jmarsden, :)
<jmarsden> marks256: If I understand the question right, I'd say that 8 CPU cores with 16GB of RAM should be more capable than 4 CPU cores and 4GB of RAM for most tasks... I doubt blender is an exception to that.
<marks256> jmarsden, that is exactly what i was thinking
<marks256> jmarsden, but the 32 bit vs 64 shouldn't matter much when there is that many more cores and that much more ram?
<jmarsden> Not *that* much.  But it is an odd comparison, since any modern machine with 8 cores and 16GB is surely perfectly capable of running a 64bit OS... so why not run a 64bit OS on the beefier machine and get the best of both? :)
<marks256> the processors in the beefier machine are AMD Opteron 875's @ 2.2GHz which are 32 bit processors
<jmarsden> Um.  I think the Opteron 875 is basicaly an Althon 64 with ECC RAM support... they should be 64bit capable... did you try booting it from a 64bit liveCD?
<marks256> I don't even own the machine yet :)
<jmarsden> OK, then at least do some Googling about that processor...
<marks256> yep i am right now
<jmarsden> http://www.trustedreviews.com/cpu-memory/review/2005/04/21/AMD-Dual-Core-Opteron-875/p1  is an old review that says it is 64bit for example
<marks256> http://www.newegg.com/Product/Product.aspx?Item=N82E16819105079
<marks256> yep newegg says it's 64 bit too
<marks256> NEAT! :)
<jmarsden> What makes you think Opteron 875s are 32bit... ?
<jmarsden> Right.
<marks256> you konw. i'm not sure why i thought they were 32 bit :)
<jmarsden> OK... problem solved... :)
<marks256> thank you much! ;)
<jmarsden> No problem :)
<biscuit_> Is there a way to pipe all incoming email to a domain to a script?
<jmarsden> biscuit_: Yes.  Details depend on what MTA you are using, whether you want to use procmail, etc.  But yes, it is possible.
<biscuit_> Well I've had issues with postfix so I'm going the exim4 route
<biscuit_> I guess I read a lot of vmail guides and such, but I just want all email sent to a domain forwarded to a script. From there I handle all the filtering, etc
<jmarsden> OK, then I suggest you ask in #exim for info on the specifics, because I'm not very familiar with exim4 :)
<biscuit_> Well I mean, if there's a way to do if with another MTA I'm willing to change ;)
<twb> biscuit_: you could also ask #postfix about whatever bugged you with postfix :-)
<dragon> how can I configure postfix to send mail through Gmail's SMTP servers?
<twb> dpkg-reconfigure -plow postfix
<twb> Pick "satellite" and follow the prompts
<dragon> twb: thanks
<dragon> twb: it didn't ask about smtp authentication - smtp.gmail.com would require that..
<twb> I don't know how to make postfix do that -- try #postfix
<dragon> ok
<jmarsden> http://ubuntu-tutorials.com/2008/11/11/relaying-postfix-smtp-via-smtpgmailcom/  may be relevant
<dragon> jmarsden: thanks
<twb> dragon: earlier you asked about host renaming, I think you missed this: 13:18 <twb> If you also want to change the external FQDN that OTHER hosts see, you will need to edit DNS records somewhere
<dragon> twb: ah I never got that.
<efremovvk> hello
<jmarsden> efremovvk: Welcome to #ubuntu-server
<efremovvk> some problems after upgrades (9.10)
<jmarsden> efremovvk: Please be more specific (and this *is* on 9.10 server edition, right?)
<efremovvk> yes
<efremovvk> i upgraded server from 9.04 to 9.10
<efremovvk> no problems
<efremovvk> but system installed kernel generc-pae
<efremovvk> after some upgrades it installs server kernel
<efremovvk> but it is no such problem
<efremovvk> after yesturday`s upgrade there problem with MySQL
<efremovvk> after upgrade I reboots my machine once..
<efremovvk> and after Mysql say "can`t lock socket'
<efremovvk> no any mysql porcesses I found on server
<efremovvk> I starts tasksel
<twb> efremovvk: your native language is Russian?
<efremovvk> but no LAMP there on my system
<efremovvk> yes :0
<efremovvk> yes :)
<twb> efremovvk: you can also try #ubuntu-ru if you prefer to speak Russian
<efremovvk> I know
<twb> efremovvk: but it is OK to ask in English here :-)
<efremovvk> but may be it is ubuntu-server problem
<efremovvk> i solved it
<efremovvk> but may be some one can`t
<efremovvk> so
<efremovvk> there was no LAMP
<jmarsden> It is fine to ask in English in here.  Is that the full exact error message from MySQL?  Can you pastebin the output of  sudo service mysql start?  Did you habe to delete the socket /var/run/mysqld/mysqld.sock ?
<efremovvk> where no /var/run/mysqld/mysqld.sock
<efremovvk> and no /var/run/mysqld/
<jmarsden> Ok, so how did you solve the issue?
<efremovvk> package mysql-server was deleted from my server
<efremovvk> i installed mysql-server
<efremovvk> but binaries was in my system
<twb> Maybe the upgrade got confused and tried to resolve a conflict by removing mysql-server
<efremovvk> may be
<efremovvk> now apt-get dist-upgrade try to install postgresql
<twb> Yeah, you should use "aptitude full-upgrade" now
<twb> And check that it won't remove stuff
<twb> I think apt-get is still dumb
<efremovvk> hm...now no asks for postgre
<twb> I usually do an "aptitude safe-upgrade" first, which should not install or remove anything, only upgrade.
<twb> Maybe Ubuntu documentation says to do it a different way -- I am too lazy to check.
<twb> A long time ago it wanted me to upgrade via a GUI, so I ignored it :-)
<efremovvk> :)
<efremovvk> I should use aptitude instead apt-get
<terinjokes> kblin: i doubt your still on, but i just got back... no luck, still have no internet conncetion on my desktop
 * efremovvk run away to learn aptitude
<twb> efremovvk: mostly it has the same commands as apt-get
<efremovvk> twb: thanks. apt-get most closely to me
<terinjokes> kblin: scratch that, it's connected, but it's not passing through DNS requests
<terinjokes> kblin: i've gone around the issue tonight (bfcause i need to get actual work done) by setting the DNS on the clients to OpenDNS... but this is something i need to fix
<terinjokes> (anyone else is free to chrip in)
<jmarsden> terinjokes: Is the problem with DNS lookups happening only on desktop machines (in which case, ask in #ubuntu) or on a server (in which case, here in #ubuntu-server is the right place!)?
<terinjokes> jmarsden: the server (the physical box *this* irssi is on) seems to be doing lookups fine... this box is the gateway for the network, and handles DHCP
<jmarsden> OK.  So the issue is that if you set /etc/resolv.conf on the desktops to point to the local Ubuntu server for DNS resolution, ... it doesn't "work"?
<twb> tshark time!
<jmarsden> twb: My thoughts exactly :)
<terinjokes> i can try... i just assume that was supposed to be handled by DHCP
<twb> terinjokes: DHCP doesn't do DNS resolution.
<twb> terinjokes: it tells the DHCP client where to go for DNS resolution, though.
<jmarsden> terinjokes: Well, maybe it is... DHCP can provide a DNS server Ip address the client should use.
<twb> I would typically use dnsmasq to provide both DHCP and DNS to client workstations.
<jmarsden> On a client desktop if you do     dig @server yahoo.com      does that lokup work?
<terinjokes> ok set it to the server's address
<jmarsden> ?  I asked what the issue was and you used my question as a possible "answer" to the issue? :)
<terinjokes> jmarsden: i might have misread
<terinjokes> jmarsden: no... cannot resolve
<jmarsden> "cannot resolve"?  What exact error did dig @server yahoo.com give you?  where server is the name or IP of your server machine...
<terinjokes> allowing it to be handled by DHCP, cannot resolve
<jmarsden> That does not sound like a dig error message to me.
<terinjokes> jmarsden: i ran ping... no dig
<jmarsden> terinjokes: sudo apt-get install dnsutils     and then use dig
<terinjokes> "Ping request could not find host yahoo.com"
<terinjokes> jmarsden:which would be excellent... if it was a ubuntu box
<jmarsden> terinjokes: Ok, what client OSes are you using?  Can you boot a client from a Ubunut liveCD for testing?
<terinjokes> i'm not asking for tech support on the desktop... from what i see, it's doing it's job... it's a failure on the ubuntu-server
<terinjokes> Win7
<jmarsden> You/we need to determine what the client machines see when they try to do a DNS lookup... so we need to find a way to get that info.
<jmarsden> nslookup is a DOS command you can use for that, if all your client machines run Windows.
<terinjokes> jmarsden: Server: UnKnown (nt passed one from DHCP?)
<twb> I expect Windows got it when they stole BSD's TCP/IP stack ;-)
<twb> terinjokes: does your DHCP server provide an option 11 value in the DHCPRESPONSE?
<twb> (I think it's 11...)
<jmarsden> terinjokes: When you just type nslookup at a DOS prompt, what does it output?
<terinjokes> jmarsden: an interactive prompt
<jmarsden> Before the prompt... what does it say? :)
<terinjokes> twb: i'm running dhcp3 (likely)
<twb> jmarsden: I would normally do "nslookup google.com" all on one line.
<jmarsden> Default server: something    and then Address: something    would be conventional.
<jmarsden> twb: this way I can see what DNs sevrer windows thinks it wants to use ...
<terinjokes> Default Server: UnKnown   \n    Address: fec0:0:0:fff::1
<jmarsden> OK, there is your problem :)
<jmarsden> If you type in to nslookup the line      set server 192.168.1.1
<jmarsden> or whatever your server's IP address is...   and then  type in on a separate line     yahoo.com
<jmarsden> does it then resolve yahoo.com for you?
<terinjokes> my ubuntu-server is 192.168.3.1 (you mean that?)
<twb> jmarsden: or even just "dnslookup example.net 192.168.1.1"
<twb> s/^d//
<jmarsden> terinjokes: Yes
<terinjokes> twb: which is how *I* know the command :P
<jmarsden> terinjokes: I am assuming the ubuntu-sevrer is running a DNS service of some kind, bind or dnsmasq or whatever, right?
<twb> It's a pity that everyone uses nslookup or dig, because host's output is much more attractive...
<jmarsden> twb: Neither dnslookup nor host exist by default in Windows, though... nslookup does.
<jmarsden> I'll us an existing program over a nonexistent one any time :)
<terinjokes> jmarsden: no... i kinda wanted it to pass DNS to whatever the server was using
<twb> jmarsden: sucks, eh?
<twb> jmarsden: I was just musing
<twb> terinjokes: then you need to tell dhcpd to tell clients to use that upstream DNS server
<terinjokes> jmarsden: im happy to install one, as i planned on it anyways
<jmarsden> terinjokes: Ah.  OK!  So, what did you tell your dhcp server on ubuntu-server to give out as a DNS sevrer address to the clients?
<twb> terinjokes: they won't magically know
<terinjokes> jmarsden: i did at one point, but getting masquerading working was a fun ordeal
<arrrghhh> hey all, i'm trying to do something a little unorthodox i think, but the end result should be nice.  i use mpd to play music on my headless server, i have an amp hooked up to the local speakers.  i'd like to stream the music to another room, synced as close as possible.  i've tried using pulse, but i think i'm running into issues running pulse headless, as it's normally based on per-user sessions.
<jmarsden> terinjokes: That's a confusing answer.   On the Widnows machine what does    ipconfig /all |find "DNS Servers"    output?
<terinjokes> jmarsden: no i do not... happen to know the conf option?
<twb> arrrghhh: the mpd part is straightforward.  I can't help with pulseaudio
<twb> arrrghhh: there used to be NAS (network audio sound) for that, but I guess pulseaudio is the new/chromatic/shit replacement..
<arrrghhh> twb, well mpd seems to work OK.  i don't know what the best method of streaming sync'd music...
<twb> (I can't help with NAS either, of course...)
<arrrghhh> hrm
<arrrghhh> lol
<arrrghhh> naturally...
<twb> Oh, also, mpd doesn't link against pulseaudio, so of course it will just ignore pulse
<arrrghhh> ?
<terinjokes> "option domain-name-servers"
<jmarsden> terinjokes: option domain-name-servers 4.2.2.1   (or whatever the IP of the real DNS server is), in the right place in /etc/dhcp3/dhcpd,conf
<twb> The major downside of pulseaudio is that to add "plugins" you need to write code and recompile the damn thing.
<twb> arrrghhh: try xmms2 -- it's the bloatier, featureful equivalent of mpd
<arrrghhh> hrm.  is there a better method?
<arrrghhh> oh.  i love mpd, i was hoping to stick with it.  i'll check it out, can xmms2 run headless?
<twb> aptitude install xmms2-plugin-pulse, and go from there
<twb> xmms2 is a daemon, not a GUI
<arrrghhh> ah, ok.
<twb> It's just like mpd, only bloatier
<arrrghhh> hrm
<arrrghhh> ok
<twb> e.g. its wire protocol is a binary protocol instead of simple text
<arrrghhh> and what about controlling the music from client machines?
<twb> And supports the equivalent of IMAP's IDLE as well as mpd's shitty polling, and such
<twb> arrrghhh: there are a heap of xmms2 clients -- I think xmms2 is also network-transparent
<arrrghhh> ok
<twb> (As far as the client/server part; not the server-to-speakers part)
<twb> arrrghhh: you can talk to #xmms2 about all that
<arrrghhh> i love music player minion - plugin for firefox.  so long as i can find a client that works well with giant playlists, i'll be ok.  mpd+mpm handle my 35,000+ playlist beautifully.
<jmarsden> terinjokes: Did that help?  Or even work? :)
<twb> arrrghhh: IME xmms2 is probably better at handling very large playlists, once you have the database cached
<twb> arrrghhh: of course, it doesn't work with NFS, due to sqlite (grr!!!)
<twb> But then if you're using firefox, you won't be able to use NFS either.
<terinjokes> jmarsden: just renewed the windows box... working great (you guys are awesome thanks!)
<arrrghhh> NFS?  i use nfs for file sharing, is there another nfs?
<jmarsden> Cool, no problem.
<twb> All network filesystems have huge file locking issues, and sqlite (which xmms2 and firefox3 both use heavily) in turn relies heavily on file locking.
<twb> In practice you can probably just say "STFU, xmms2, I'm aware of the risks" and have no problems.
<twb> But I sure as shit wouldn't store any important data in a sqlite database (or ANY database) that's accessed over a network filesystem.
<terinjokes> jmarsden: now... the question becomes... will it work across reboots? :D
<terinjokes> twb: i access a MySQL database over a network
<jmarsden> If you edited the conf file, then yes, it should be permanent.  You can restart your dhcpd as a near-equivalent of a server reboot if you want to test it.
<twb> Eh, my opinion of MySQL is unprintable.
<arrrghhh> twb, ok.  that's fine, i don't think that'll be used.
<terinjokes> jmarsden: i meant the masquerading it took two days of trial and error to get working
<jmarsden> Hmmm.  Well, what did you do to make it work?
<jmarsden> What file(s) did you edit, in particular?
<twb> terinjokes: that just means you're not very good at it :-)
<terinjokes> jmarsden: iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
<jmarsden> You ran these commands by hand in a shell, or you put them in a script, or... ?
<terinjokes> (after flush the old rules)
<qman__> terinjokes, that is not persistent, you need to either iptables-save or create a script or something
<terinjokes> jmarsden: i didn't really mean to paste it yet
<qman__> I forget what the ubuntu way is for that
<terinjokes> qman__: i know... was about to say i *already* had that same line in a iptables load in my /etc/network/interfaces
<twb> #netfilter can help you with iptables
<twb> qman__: probably ufw :-/
<terinjokes> i'll jump over... thanks again guys
<twb> qman__: debian finally got iptables-persistent a few months ago
<twb> Presumably it'll sync soon
<twb> By 10.04, which is all I care about ;-)
<terinjokes> twb: my college wifi is called "ufw" so i'm trying to advoid that package, lol
<arrrghhh> lol
<qman__> twb, I just write my own script and add it to dhclient-exit-hooks.d
<arrrghhh> yea, i think the new "ubuntu" way of doing firewall changes is with ufw.
<twb> qman__: what, even on servers that don't use dhclient?
<twb> qman__: IMO it belongs in if-pre-up.d, if-up.d, or rcS.d
<qman__> twb, on those I use rc.local or if-up.d
<qman__> but I get my internet IP dynamically
<qman__> so dhclient-exit-hooks.d it is
<twb> Why do you need that information in your iptables-restore script?
<terinjokes> twb: me?
<twb> qman__: why do you need to know your own IP in your iptables-restore script?
<qman__> twb, port forwarding
<twb> Hmph
<qman__> also, I don't want to be picking up all the random garbage floating on my ISP's network
<qman__> there's a lot of it
<arrrghhh> twb, so you think streaming with pulse is the best method, and xmms2 will handle it better?
<twb> I have heard an argument that port forwarding is nearly as bad as putting the firewalled host directly on the net
<twb> That you'd be MUCH better off using a simple proxy on the firewall
<twb> I'm trying to remember which one was mentioned for SMTP
<qman__> I can't do mail, my ISP blocks it
<twb> The idea being that then the firewall blocks invalid layer 4(?) conversations
<qman__> I've got web pages on alternate ports, VPN, SSH, and some other stuff I have to let through
<twb> You don't need to port forward SSH; you could just use -oProxyCommand with a jailed account on the firewall.
<twb> Not that I'm necessarily recommending that...
<qman__> I only allow SSH to the firewall from specific hosts
<qman__> internet-facing SSH is on another machine
<qman__> that isn't allowed to connect to the firewall host
<twb> qman__: and yet you let anyone into the "gooey inner filling" of your network by port-forwarding SSH?
<qman__> I need the access
<twb> I mean, I'm not saying that you've made a complete balls-up of it, I'm just saying that recently I have become very suspicious of port forwarding ever being the Right Thing
<qman__> it's pretty well locked down, but it comes down to what I need
<twb> Particularly if your bastion isn't some embedded appliance, and can actually run something that needs a good 8MB of memory
<arrrghhh> twb, so you think streaming with pulse is the best method, and xmms2 will handle it better?
<qman__> the bastion is a 200MHz box with 256MB of RAM
<twb> arrrghhh: yes
<twb> qman__: wow
<qman__> it can only handle about 5 simultaneous SSH sessions
<qman__> and I've taken care to make sure only the designated accounts can log in
<twb> qman__: dude, my system has 16MB of RAM and 16MB of nonvolatile storage
<twb> That was a "wow, that's big" not a "wow, that's small"
<terinjokes> wow... that's big!
<twb> terinjokes: yeah, I deliberately got the "deluxe" unit
<twb> When there's a decent armel one with a ADSL2+ modem that can be driven by a FOSS driver, I'll upgrade to it and put emdebian down.
<twb> (This is in my imagination, where d-i supports JFFS2 and MTD.)
<twb> qman__: oh, and I wouldn't use rc.local, since that runs AFTER every service is up -- so you have a window where you have services but no firewall.)
<qman__> twb, yeah, that's just a dirty hack for when a system is misbehaving
<twb> Fairy nuff
<arrrghhh> twb, excuse my ignorance, but what do i have to do to set xmms up?  it's installed, looks like the daemon is running...
<twb> arrrghhh: talk to #xmms2
<arrrghhh> sweet...
<arrrghhh> i was hoping since you suggested it....
<terinjokes> twb: works, thanks!
<twb> arrrghhh: I basically got too annoyed and just use mplayer with internet radio now
<twb> http://cybersource.com.au/~twb/Preferences/.bin/radio ?
<twb> Nope, too old
<arrrghhh> twb, hrm.  ook...
<arrrghhh> i have a feeling i'm going to go back to mpd, but we'll see.  so far i can't get any client to connect to xmms2
<arrrghhh> twb, so do you know how to get pulse and xmms2 workin?  i still think i have an issue with my pulse setup.  i can't run pavucontrol or alsamixer.
<spartan07> I'm having problems having hardy server to recognize all 4 cores. im running a quad core. has anyone come across this issue?
<KurtKraut> spartan07, how did you concluded some cores are not being recognized?
<spartan07> hwinfo >/home/seg02/hardware_info.txt
<spartan07> shows 1 core
<spartan07> but cpu as intel quad core
<KurtKraut> spartan07, install the package htop and run it. Does it show four bars at the top, like 4 cores?
<spartan07> I also run htop and it only shows 1 cpu
<spartan07> lol
<spartan07> shows only 1 cpu.
<spartan07> my i7 shows 8 cpus
<spartan07> im guessing for the threads
<KurtKraut> spartan07, please put the result of cat /proc/cpuinfo on www.pastie.org and then paste here the URL.
<spartan07> http://www.pastie.org/689819
<KurtKraut> spartan07, you pasted the whole output?
<spartan07> yea
<spartan07> #00FF14
<spartan07> http://www.pastie.org/689821
<KurtKraut> spartan07, Is your system up to date? Do a sudo aptitude update;sudo aptitude upgrade
<spartan07> there it is again from command prompt to finish
<spartan07> sudo apt-get update the same?
<KurtKraut> spartan07, what do you mean 'the same'?
<spartan07> the same as sudo aptitude update?
<spartan07> http://www.pastie.org/689823
<KurtKraut> spartan07, you must do two commands: 1) sudo aptitude update 2) sudo aptitude upgrade
<spartan07> 2 packages are being held back
<KurtKraut> spartan07, you should only do command number 2 when command number 1 is finnished
<spartan07> yes I was just asking if aptitude and apt-get are any different
<KurtKraut> spartan07, slightly different. aptitude is smarter.
<spartan07> I have tried both and they seem to do the same, so I was asking because I was curious.
<spartan07> ahh, good to know
<KurtKraut> spartan07, is there a good reason for keeping this server running an old version of Ubuntu?
<spartan07> LTS
<spartan07> production server
<spartan07> other than that no
<KurtKraut> spartan07, but hardy is not the latest LTS.
<spartan07> ?
<spartan07> 8.04 is not the latest LTS
<KurtKraut> spartan07, sorry, it is. I thought Hardy was released in 2007.
<spartan07> maybe a problem with the 64 bit version?
<spartan07> im running kernel Linux 2.6.24-24-server #1 SMP Tue Jul 7 19:39:36 UTC 2009 x86_64 GNU/Linux
<KurtKraut> spartan07, we need to exclude the possibility of outdated software, mainly kernel. If you reboot with the latest kernel of Ubuntu 8.04 and the problem still exists, this will need further investigation. The right place for that is posting all the data you have about the issue on ubuntuforums.org
<KurtKraut> spartan07, does aptitude tells you there is a newer version of the kernel for you?
<spartan07> what command do i run to find out?
<KurtKraut> spartan07, you must do two commands: 1) sudo aptitude update 2) sudo aptitude upgrade
<spartan07> i posted update output on last paste bin url
<spartan07> 1 sec
<spartan07> http://www.pastie.org/689830
<spartan07> The following packages have been kept back: linux-image-server linux-server
<spartan07> should I just sudo aptitude linux-image-server linux-server  ??
<KurtKraut> spartan07, now do a sudo aptitude full-upgrade
<spartan07> ahh , ok
<KurtKraut> spartan07, oops, sorry
<KurtKraut> spartan07, that's not correct.
<spartan07> lol done
<spartan07> its down loading
<spartan07> is there a way to cancel ?
<KurtKraut> spartan07, is it downloading only linux-image-server and linux-server?
<spartan07> full upgrade will take me to 9.01 correct?
<spartan07> full upgrade
<KurtKraut> spartan07, is it downloading several packages? If yes and you're at the download phase, you can abort with CTRL+C
<spartan07> can I do a cntl+c?
<KurtKraut> spartan07, if it is still downloading and not installing, yes.
<spartan07> done
<twb> Technically it's often safe to interrupt dpkg, too.
<spartan07> Get:1 http://us.archive.ubuntu.com hardy-updates/main linux-image-2.6.24-25-server 2.6.24-25.63 [17.8MB]58% [1 linux-image-2.6.24-25-server 13738342/17.8MB 77%]
<twb> I wouldn't depend on that as a strategy, though
<spartan07> KurtKraut: thats where it stopped.
<spartan07> should I just sudo aptitude linux-image-server linux-server  ??
<KurtKraut> twb, there is a newer version of linux-image for spartan07  but aptitude is not making the update after 'sudo aptitude safe-upgrade', it tells the package was kept back. What does spartan07 need to do to have an up to date kernel?
<twb> KurtKraut: that's because it'll want to remove linux-generic or linux-kernel-generic or something
<twb> Try a full-upgrade and pay attention to what it wants to remove
<KurtKraut> twb, but he wants to stick to an LTS version.
<twb> spartan07: run "aptitude full-upgrade -sy" and pastebin the output.
<twb> KurtKraut: if he hasn't fucked with sources.list, it won't upgrade out of LTS
<KurtKraut> twb, oh, okay.
<KurtKraut> spartan07, so, I was right before :P
<twb> KurtKraut: this is a known issue (to me, at least) with LTS -- the security update for linux server kernel didn't include an update to one of the metapackages
<twb> So either remove the metapackage (which is what I do), or don't apply the kernel's security update
<twb> -s will simulate a full-update and let us confirm that this is the problem.
<spartan07> http://www.pastie.org/689835
<KurtKraut> twb, let me explain you his problem. He is running Hardy on a Intel Core 2 Quad and Ubuntu doesn't seem to recognize all cores. Only one. Before proceeding on an investigation, I'm telling spartan07 that it is important to have the latest kernel availuable for him
<twb> spartan07: pastebin the output of "cat /proc/cpuinfo", too.
<spartan07> http://www.pastie.org/689837
<twb> spartan07: yeah, that's perfectly fine to do an "aptitude full-upgrade"
<twb> It's just whinging because the kernel's changing a minor version, which means that a "new" package is being installed.
<spartan07> is this core recognition a known issue? I would think many servers are multi core now a days
<spartan07> done, rebooting - 1sec
<twb> spartan07: I don't know.
<twb> processor       : 3 [...]
<twb> model name      : Intel(R) Core(TM)2 Quad CPU    Q9550  @ 2.83GHz
<twb> My 8.04 server can see four cores.
<twb> Linux plum 2.6.24-23-openvz #1 SMP Thu Apr 2 00:25:58 UTC 2009 x86_64 GNU/Linux
<twb> I suggest you ask the BIOS if it is doing anything stupid
<spartan07> that was my next thought "BOIS"
<spartan07> *BIOS
<spartan07> when I checked it said all 4 cores were enabled
<spartan07> I would not be able to check since im doing this all though ssh until morning
<twb> spartan07: check tomorrow, then
<twb> Someone will still be in here, even if I'm not
<spartan07> still showing 1cpu so it will have to wait till morning.
<spartan07> thank you for the support guys
<twb> I hear you can also use dmidecode to check BIOS settings
<spartan07> http://www.pastie.org/689841
<spartan07> Under Processor Information it says 4 and enabled
<KurtKraut> spartan07, so after upgrade and reboot, /proc/cpuinfo still shows one core?
<spartan07> yea
<KurtKraut> spartan07, have you searched on ubuntuforums.org if someone had the same problem?
<spartan07> im kinda thinking of just trying out 9.1 64bit
<spartan07> yea did not find much under the server part, hardy desktop had this issue with some laptops
<twb> spartan07: you could just cherry-pick the 9.10 (it's not "9.1") kernel and see if the problem is fixed.
<twb> spartan07: that will save you a tedious and possibly useless install
<spartan07> in all honesty I would not know what to cherry pick
<spartan07> what would be the command to upgrade on the command line to 9.10?
<twb> !8.04 -> 8.10
<ubottu> Sorry, I don't know anything about 8.04 -
<twb> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<twb> !release notes
<ubottu> Sorry, I don't know anything about release notes
<twb> spartan07: have a look at that stuff and get back to us if you need more help
<twb> My advice regarding upgrades will be rather baroque and draconian
<spartan07> ok, Im on it. thank you very much for the help
<spartan07> lol
<spartan07> ok, gnight guys and thanks again
<uvirtbot> New bug: #478973 in freeradius (universe) "expiration functionality of FreeRADIUS 2.1.0 is broken" [Undecided,New] https://launchpad.net/bugs/478973
<iarwain> Hi. I have a question about Ubuntu Enterprise Cloud. Imagine I have 2 machines for the local cloud. Will I be able to start an instance that uses the resources of both nodes? or must they be 2 or more to use all the resources?
<sindre> Is there anyone here that have experience with using Tomcat and MySQL on ubuntu?
<twb> !anyone >sindre
<twb> Stupid ubottu!
<ubottu> sindre, please see my private message
<twb> Good ubottu!
<sindre> The problem is that I have a tomcat web developer who have some issues connecting to the mysql db he created. We attempted to run the same application from his desktop machine, where we created a mysql user with permission to connect from his ip. this worked. So I believe there is problems with the jdbc application
<sindre> sorry
<sindre> He has tomcat installed on his desktop computer, which were able to run his tomcat code without trouble (connecting to the database on the ubuntu server). But when we attempt to run the same web application from the ubuntu server, the connection to mysql fails
<sindre> MySQL and Tomcat from the 9.10 repositories
<sindre> I also installed libmysql-java
<sindre> telnet localhost 3306 from a ssh session on the server works fine.
<twb> As for me, I can't help.
<sindre> Thanks for replying and helping me help others help myself anyway
<sindre> :)
<qman__> sindre, I don't know anything about tomcat, but it might be just a regular old mysql issue
<qman__> in mysql, 'user'@'localhost' and 'user'@'1.2.3.4' are two different users
<qman__> so make sure you have the right user setup
<sindre> I'll check it. thanks
<twb> Goddamn mysql localhost hack
<twb> Or is it "127.0.0.1"?
<twb> Whichever one magically uses sockets
<qman__> not sure, but those are two different users as well
<qman__> I think localhost uses sockets
<twb> I hate that
<sindre> I have 'sindre'@'localhost' (same username for the external IP I tried, and it worked fine)
<qman__> did you set the password for both users?
<qman__> and the permissions
<sindre> yes
<qman__> ok then, I see no reason why it shouldn't work
<sindre> I think it's the java side of it
<sindre> kind of ruled out MySQL when it worked with same MySQL installation on a different tomcat server
<qman__> very well could be, like I said, I don't really know anything about tomcat
<qman__> sounds like mysql is set up correctly though
<sindre> I find it very difficult to google issues with tomcat. Been struggling with this since last week (I'm just a sys admin who tries to make the server work)
<alex88> if a bug in launchpad has "fix committed" status, is ti completely fixed in updates?
<soren> alex88: No.
<soren> alex88: Which bug?
<alex88> https://bugs.launchpad.net/bugs/446146
<uvirtbot> Launchpad bug 446146 in linux "Several Huawei USB dongle don't work with kernel 2.6.31-12.40 (2.6.31.1 update related)" [High,Fix committed]
<alex88> maybe it's fixed in some rc kernel..but i'm not so familiar wth bug system..
<alex88> soren: any clue?
<soren> alex88: It's probably in karmic-proposed. I can't see for sure.
<alex88> soren: thanks, i'll try those updates
<soren> Have fun.
<alex88> thanks..xD
<soren> Remember to disable karmic-proposed again once you've installed the kernel.
<soren> You may not want to just blindly accept all the stuff in -proposed.
<sindre> http://pastebin.org/52079 here is a summary of my problem.
<twb> If only target-release or similar could be used for that kind of pinning :-/
<alex88> i'll do it..thanks
<alex88> twb: no familiar with tomcat.. i'm sorry...
<sindre> updated pastebin: http://pastebin.org/52093
<ttx> sindre: you should disable TOMCAT6_SECURITY in /etc/default/tomcat6 and see if it changes something
<ttx> sindre: on Ubuntu tomcat runs by default with a security manager, while the upstream binary distribution of tomcat doesn't
<sindre> ttx: I'll try it. thanks
<sindre> it's commented out in the default tomcat6 configuration file
<ttx> sindre: that's because it defaults to yes.
<ttx> set TOMCAT6_SECURITY=no
<ttx> (it's not as bad as it looks)
<sindre> did it and restarting tomcat
<sindre> ttx: you are a brilliant man!
<ttx> sindre: I cheat. I packaged it.
<sindre> thanks for giving me an easy way to install tomcat and for helping me figuring out the issue I was having. :)
<ttx> sindre: If that works, it means you'll have to hack the securitymanager profiles in order to make it work with SECURITY=yes
<ttx> or just drop the securitymanager altogether
<ttx> since it's very coplex to get right.
<sindre> It's noe exposed to the internet, so I'll be ok without security
<ttx> complex, even
<ttx> "security" is just about running the JVM inside a security sandbox and giving it rights to do stuff with the system
<ttx> so it's another layer for defense in depth
<ttx> but it's tricky to configure and the main cause of strange bugs with our packaging
<twb> Is securitymanager some Java-specific thing?
<ttx> twb: yes
<ttx> it's a jvm option
<twb> Right, carry on
 * twb doesn't do Java
<ttx> we already run tomcat6 as a specific user, so it's secure enough for most cases
<ttx> twb: good idea, I shouldn't do Java either.
<twb> I was going to point half-heartedly at apparmor and make bowel-movement type noises
<ttx> twb: we could replace using securitymanager by default with using apparmor by default
<ttx> twb: it's so much easier to configure :)
<twb> I'm kinda suspicious of all the MACs, particularly accidentally allowing stuff
<ttx> also tomcat has security manager support but upstream doesn't like it so much -- they usually talk bad words about Ubuntu for us using it by default
<twb> But also because every damn admin says "oh, selinux?  I `configured' it by putting it into complain mode"
<twb> (Learn mode?  Whatever.  The one that doesn't enforce policy.)
<ttx> twb: complex MAC is usually worse than no MAC, unless in the hands of very experienced people
<ttx> twb: that's the whole story behind Ubuntu's backing of Apparmor
<twb> ttx: eh, my understanding of apparmour is that it's a slightly easier flavour of suck
<ttx> twb: my experience is slightly better.
<twb> I'd like to understand NTFS' ACLs so that I can explain why they're dumb, too
<twb> We currently have some amazingly fugly layers in the security cake at some prisons
<twb> But yeah, I will grant you that apparmour is easier to get going than selinux
<twb> By 2100 I hope to have gotten around to some turnkey "default deny" apparmor policies, like I currently know how to do for packets with netfilter.
<twb> Hm.  Wikipedia says TOMOYO (another path-based MAC) is in Linux proper.
<twb> Never mind, it's just using LSM like everything else.
<toddobryan> I'm having Kerberos trouble. I can kinit, but I can't su with the Kerberos password, and I get this message:
<toddobryan> Nov  9 06:15:14 server1 su[3889]: Libgcrypt warning: missing initialization - please fix the application
<toddobryan> in syslog.
<twb> Oh gods, I hate krb
<twb> toddobryan: I assume your /etc/pam.d is sane-ish?
<toddobryan> Well, I ran sudo auth-client-config -a -p kerberos_example
<toddobryan> So if it's not, it's auth-client-config's fault.
<toddobryan> But I looked in there and it seemed to make sense.
<twb> toddobryan: good-o
<twb> My last attempt predates auth-client-config, but I have had great success with it's lac_ldap
<twb> lac_example?
<toddobryan> Any idea what the libgcrypt problem could be?
<toddobryan> That seems to appear whenever I try to su...
<twb> Call me silly, but any reason you're trying with su and not login or sudo or ssh?
<twb> Not that I particularly expect those to work better
<toddobryan> Well, I don't know what's different, but I used sudo pam-auth-update krb5 and it works, now.
<toddobryan> So something about auth-client-config and pam-auth-update is inconsistent with each other.
<toddobryan> But now, I have to run to school. Thanks, twb!
<twb> I feel old
<twb> I will pretend that he's a lecturer at school
<twb> Then I will not feel so old
<uvirtbot> New bug: #475546 in krb5 (main) "Memory leaks in version 1.6.dfsg.3~beta1-2ubuntu1.1" [Low,Incomplete] https://launchpad.net/bugs/475546
<uvirtbot> New bug: #477011 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: installed pre-removal script alt i?lemi ??k?? durumunda hata d?nd?rd?:: 1" [Low,Incomplete] https://launchpad.net/bugs/477011
<uvirtbot> New bug: #476142 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: " [Low,Incomplete] https://launchpad.net/bugs/476142
<uvirtbot> New bug: #478415 in vnc (main) "login thru ssh then start vncserver causes endless create and destroy processes with no names" [Undecided,New] https://launchpad.net/bugs/478415
<uvirtbot> New bug: #477333 in sysstat (universe) "cron job is overly noisy" [Wishlist,Confirmed] https://launchpad.net/bugs/477333
<RayMcCoy> My Ubuntu Server 8.04.3 located at http://liliput.mine.nu is serving very, very slow, even accessing from my local network
<RayMcCoy> I did an ApacheBenchmark and that seems to be fast, so it must be something with the connection
<RayMcCoy> when I ping the server with big packet size (like 1024 bytes) I get timeouts all the time, but 32 bytes it replies ok most of the time
<RayMcCoy> But I wgetted some external big files (like a ubuntu iso) from the server through SSH and I get full download speed for my connection (10mbit), so at least downstream seems to work OK...
<RayMcCoy> any help would be appreciated :)
<uvirtbot> New bug: #479185 in bind9 (main) "bind 9 won't install" [Undecided,New] https://launchpad.net/bugs/479185
<zul> ttx: ping
<ttx> zul: pong
<zul> ttx: mind if I take the openvpn merge from you?
<ttx> zul: be my guest
<Blusion`Afk> Hello :) I have an question to ask; Can I run Plesk on an Ubuntu server?
<lenios> according to http://www.parallels.com/fr/products/plesk/reqs , you can on 8.04
<Blusion`Afk> Thanks
<uvirtbot> New bug: #479226 in likewise-open5 (universe) "Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user" [Undecided,New] https://launchpad.net/bugs/479226
<Blusion`Afk> Ubuntu 8.04 LTS <- plesk can run on that distro.
<lenios> that's what they say
<Blusion`Afk> But?
<Blusion`Afk> okay
<lenios> i don't use that, i can't tell you
<Blusion`Afk> It's okay
<Blusion`Afk> It's was just a question ;) You are using DirectAdmin, lenios?
<lenios> i don't
<lenios> but if i had to choose one, i'll probable check webmin first
<Blusion`Afk> Okay :)
<incorrect> how can i measure the performance of my DNS server in terms of response time
<Jeeves_> incorrect: What dns server are you running?
<Jeeves_> Some report it themselves
<incorrect> Jeeves_, i am not running the dns server
<incorrect> i am comparing dns performance from the UK / USA where ever
<Jeeves_> incorrect: Ah, ok. Well, dig reports the Query time
<uvirtbot> New bug: #479250 in mysql-dfsg-5.0 (main) "ORDER BY DESC in InnoDB not working" [Undecided,New] https://launchpad.net/bugs/479250
<googa> what is the difference between sendmail.cf and sendmail.conf and is there a channel for more on topic conversation
<Jeeves_> Hey, that's my bug! :)
<googa> hey!
<Jeeves_> googa: I guess not much people use sendmail in here (they are wise, imho ;))
<googa> I guess not
<googa> hey
<googa> im pretty new to the irc scene
<googa> and a bit bewildered, is there any way of searching for specific channels?
<Jeeves_> Not that I know of
<kane_> googa: depends a bit on your client. /list should give you a listing of all the channels on the server though
<iarp> you could try searchirc.com
<kane_> googa: http://www.irchelp.org/irchelp/chanlist
<googa> ok thanks!
<googa> great found one!
<incorrect> oh yes dig does report the query time, i couldn't see it
<zul> ttx: why is some of the ideas in italics?
<ttx> zul: see top
<zul> well duh
<ScottK> nxvl: Any chance you could look into Bug #413252 ?  Looks very straightforward, but I think it ought to be an SRU for Karmic too.
<uvirtbot> Launchpad bug 413252 in courier "package courier-base 0.61.2-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [High,Triaged] https://launchpad.net/bugs/413252
<sc0tt-> hi folks, I've just installed ubuntu-server on a box and noticed upon boot thats its not loading a usb wifi adapter, what steps can I take to get it working?
<sc0tt-> (the wifi is detected and works fine in karmic desktop)
 * soren calls it a day
<mok0> I'd like to use the ubuntu mail stack: postfix/dovecot with procmail. Can I just redefine postfix's mailbox_command line?
<\sh> mok0, why do you want dovecot + procmail, while you could use sieve?
<aubre> can anyone help me register my UEC with Landscape? The machine itself is in Landscaper, but when I try to register my cloud it says "There was an error communicating with the cloud.:
<\sh> mok0, just read http://wiki.dovecot.org/LDA/Sieve and you forget about procmail at all ;) and there is an procmail2sieve converter
<jimlovell777> I have a question regarding .htaccess on my server. This is a example of my htaccess file http://pastebin.com/d360c4244. What I'm trying to accomplish is to remove trailing /'s, redirect http://www. to just http://, prevent hotlinking, and remove php file extensions. For example http://www.mysite.com/contact.php/ would become http://mysite.com/contact. My example works except for two cases, when I want to go to a directory like my
<jimlovell777> site.com/images/ and when I try to link to my forums located at mysite.com/forums. /forums gets rewritten to /home/me/..... Any ideas?
<mok0> \sh, I have a procmail setup that I've used for 10 years and I'd rather not switch
<mok0> \sh does sieve work from the default setup?
<\sh> mok0, it should...I have an ISP setup with postfix + dovecot so I don't use ubuntus default setup
<mok0> \sh, OK, thanx.
<mok0> I will look at sieve, if I can convert my (huge) .procmail script I might go with that
<\sh> mok0, as written on this wiki page, there is a procmail2sieve converter...never used it myself, but if it can help you, try it :)
<mok0> \sh, I will
<jimlovell777> Is there a better place to ask my question?
<Pici> jimlovell777: Perhaps #httpd for apache questions
<jimlovell777> Pici: Ok thanks
<bogeyd6> !apache | jimlovell777
<ubottu> jimlovell777: LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<chimp_> I have a server connected by serial cable. When it boots it never reaches the stage to ask my user name, however it does get ssh server started so I ssh into it. I'm trying to work out why it wont get to the stage of logging in, any ideas how i can?
<kane_> chimp_: the start up logs are usually a good place to start; syslog, messages, dmesg
<NRVate> chimp_ -- so you are using something like console=ttyS0 to boot the server?
<NRVate> hence, you see the kernel output on the serial console, but the serial console never issues a login prompt?
<chimp_> yes
<NRVate> ok.  so you don't have a getty process running for the port
<chimp_> syslog is doing this
<chimp_> Jan  1 02:29:51 ubuntu init: tty3 main process (4423) terminated with status 1
<chimp_> Jan  1 02:29:51 ubuntu init: tty3 main process ended, respawning
<chimp_> repeatedly
<chimp_> still..
<chimp_> Its on an arm board
<NRVate> huhm.
<NRVate> tty3 would be the third virtual console, right?
<chimp_> its running through tty1 to tty6 terminating and respawning
<NRVate> huhm :|
<NRVate> wonder why it's chunking on a simple virtual console
<NRVate> is there.. no video at all on this machine?
<chimp_> Nope
<chimp_> It has just the serial out
<NRVate> ok.. you might start by removing tty?.conf from /etc/init
<NRVate> but first, copy one to ttyS0.conf
<NRVate> edit it, change ttyx to ttyS0
<NRVate> n boot
<NRVate> (that's assuming you are using ubuntu 9.10)
<chimp_> 9.04
<NRVate> .. before 9.10 the usual /etc/inittab file is still used.. but 9.10 switched to upstart and hence /etc/init/<something>.conf files instead
<NRVate> hmm lemme look at my 904 machine
<chimp_> # Example how to put a getty on a serial line (for a terminal)
<chimp_> #
<chimp_> T0:23:respawn:/sbin/getty -L ttyS0 115200 vt220
<chimp_> Is the end of inittab (rest is commented)
<NRVate> makes sense.. so standard inittab syntax
<NRVate> hmm, my 904 machine does seem to have /etc/inittab *confused*
<NRVate> (would be nice if ubuntu stuck with something for more than 6 months...)
<NRVate> ok, people.. so where the bleep is the inittab in 904?
<chimp_> Mine is as you said /etc/inittab
<NRVate> hmm, that doesn't exist on mine
<NRVate> maybe its different on the amd64 build
<NRVate> looks like /etc/event.d for my install.. strange.
<chimp_> Mine is one generated using debconf
<NRVate> anyways, you should be able to remove the tty1-tty6 lines from inittab so you stop erroring on them
<NRVate> and I'd guess that above ttyS0 line should be what you need to spawn a getty on the serial line
<NRVate> assuming ttyS0 is the valid device, AND it supports 115.2kbit
<chimp_> But it never spawns it
<smoser> soren, can you make me the assignee of https://blueprints.launchpad.net/ubuntu/+spec/server-karmic-ec2-release-process ?
<chimp_> Yeah it does
<NRVate> what if you run it manually via your SSH sesssion?
<NRVate> might spit you a useful error :)
<chimp_> The rest (tty1-tty6) are commented in inittab
<chimp_> running it manually just gave me access
<chimp_> haha
<chimp_> i can log in via serial now, wtf?
<chimp_> Is the inittab bit never ran?
<NRVate> ahh. so tty1-6 shouldn't be spawning in the first place if it's using /etc/inittab ??
<NRVate> thats my guess.
<NRVate> do you have /etc/event.d ?
<chimp_> yep
<NRVate> my 904 install.. has no /etc/inittab
<NRVate> but.. looks like my getty's are spawned from there
<NRVate> maybe try editing /etc/event.d/tty1
<NRVate> and change tty1 so ttyS0 on the getty line
<NRVate> err.. exec /sbin/getty with the same params that worked from the command line
<chimp_> lol, that is a real hack
<NRVate> looks like the last line of the file is just an exec
<NRVate> well i suppose you could.. nuke tty1-6 files.. create ttyS0 file, etc.. that'd be "proper".. lol.
<chimp_> I wonder if its related to this arm board running jffs2 on a 512mb nand
<chimp_> It takes *FOREVER* to boot
<chimp_> Im having trouble with ubifs for time being
<NRVate> hmm. well, dmesg output should be timestamped
<NRVate> so you can see where it's hanging up
<chimp_> I get a giving up message on bootup saying mount took longer than 120s
<NRVate> wow, insane.
<chimp_> yeah its jffs2
<NRVate> will the device cooperate with a most standard filesystem?
<NRVate> err mORE
<chimp_> It reads the entire disk before mounting
 * NRVate giggles
<chimp_> It needs to be a nand filesystem
<chimp_> It needs ubifs tbh, but im struggling to get it working
<chimp_> It was jaffs2 before but I also had issues with no one seemingly using it
<NRVate> huhm.. ive yet to play much with all that
<chimp_> Basically theres no controller chip that does the wear leveling for you that you find in sd cards or ssd drives, so the file system has to handle it for you
<NRVate> makes sense
<NRVate> ubifs looks real new
<NRVate> along with logfs.. interesting.. haven't seen this before
<NRVate> so.. ubifs came out in 2.6.27
<NRVate> 9.04.. uses 2.6.28, right?
<NRVate> wonder if there are significant fixes in the later kernels you may need?
<chimp_> Yeah too new.. the tools for it dont exist on the debian sarge install that comes with this board, so im struggling to set it up to use ubifs for the newer filesystem and kernel i run on it
<chimp_> Im running 2.6.31 on it
<NRVate> ah, gotcha.
<chimp_> It has some patches in it that some bloke wrote to make it read the nand faster
<NRVate> right on. i assume the root fs is on the nand device?
<chimp_> yep
<chimp_> I cant make it boot from the sd card because of some hard coded rom issues
<NRVate> hehe that complicates things a bit
<chimp_> Im trying to cross compile mtd-utils but ive had issues
<chimp_> and mtd-utils only has ubifs support in 9.10 (while im 9.04)
<chimp_> right im off to see my GP cheers for the help NRVate
<NRVate> whew.. sounds fun!
<NRVate> good luck chimp, sounds like a fun project
<NRVate> i've been wanting to play with some ARM stuff
<NRVate> keep seeing their office on the ride home haha
<NRVate> cheers :)
<chimp_> Where, london?
<nxvl> ScottK: will take a look
<NRVate> Austin, Tx
<ScottK> nxvl: Thanks.
<mephx> Hello, I chose to configure networking later during 9.10 ubuntu server install. After install and bootup networking init script simply doesn't work. Are there any further steps besides configuring /etc/network/interfaces? Ifup eth0 works...
<uvirtbot> New bug: #479365 in squid (main) "assertion failure" [Undecided,New] https://launchpad.net/bugs/479365
<mephx> anyone?
<mephx> :S
<kane_> mephx: if you have some log output of how it doesn't work, that would be very helpful
<mephx> kane_: i can't find any relative output regarding what's happening
<mephx> ifup works, /etc/init.d/networking restart clears the current configuration and does not re-set it
<kane_> mephx: odd -- did you edit that file at all?
<mephx> the init script?
<kane_> yeah
<mephx> no
<mephx> i installed 9.10 server on 2 servers
<mephx> simultaneous
<kane_> mephx: and they both have this problem?
<mephx> one of them got network configuration, the other one i chose to configure it later
<mephx> the one configured during install worked, the other doesn't
<mephx> I could always add ifup eth0 to local, but that looks $#itty
<kane_> mephx: /etc/init.d/networking basically does an ifup/ifdown. try capturing the output and see what it does
<kane_> mephx: another thing to look at would be the runlevels this is being executed at
<mephx> also, it does not show on rcconf
<mephx> networking
<mephx> can't neither get it to output anything
<kane_> mephx: you can't get /etc/init.d/networking to output anything?
<mephx> kane_: i'm now debugging it by hand
<mephx> ifup -a differs from ifup eth0
<mephx> mmm
<mephx> lol
<mephx> lacking auto eth0 line
<mephx> ifup -a sucks
<mephx> thanks for the headsup
<mephx> don't know why, but i always associated auto line in ifaces to dhcp
<kane_> mephx: you did the hard work :) glad we got it fixed
<mephx> thanks again kane_
<kane_> my pleasure
<eqx311> hi :)
<eqx311> guys.. does anyone of you has a luck with Xen and Karmic ?
<eqx311> ..
<eqx311> :)
<linux_dr> I'm looking at the Model API reference... is there something like an afterLoad and afterUnload callback?
<linux_dr> Oops... wrong channel.. lol
<uvirtbot> New bug: #479428 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: subprocess new pre-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/479428
<uvirtbot> New bug: #284416 in whois (main) "whois package contains unrelated binary 'mkpasswd'" [Low,Fix released] https://launchpad.net/bugs/284416
<spy6> hi there
<spy6> does anybody know, if ubuntu is certified for oracle (db)?
<MagicFab> spy6, it's not
<sammy> are there any scripts /window 3
<Pici> sammy: What?
<sammy> are there any ways to view the status of multiple init.d services at the same time?
<sammy> gentoo has things like rc-status that show you the started/stopped status of all services or all services in a particular run level
<Pici> sammy: You could try server --status-all , but I'm not sure if thats the recommended way to do it.
<sammy> if you mean `service --status-all` :) that seems to give me what I'm looking for. I'm okay with a complete list of all init scripts- its not terribly important that I be able to filter it by current run level. thank you!
<uvirtbot> New bug: #259426 in autofs (main) "autofs shoud be started after slapd" [Low,Confirmed] https://launchpad.net/bugs/259426
<Baversjo> Is http://www.symfony-project.org/book/1_2/08-Inside-the-Model-Layer available for doctrine?
<Baversjo> Wrong chat >.<
<erichammond> "A friend" needs some advice on letting Windows users have a single logon no matter which computer on the network they are using.  Is there an Ubuntu service which can be used to do this LDAP-like thing for Windows?  Is there a better place to ask?
<fxhp> vmbuilder jeos runs successfully, but when I start the VM the guest hardware cannot find the harddrive....
<fxhp> erichammond: windows calls this a domain (active directory)
<ruben23> hi where i can download netboot file for ubuntu desktop...?
<mooselix> Greetings, channel.
<ruben23> fro pxe server
<mooselix> Might anyone have any ideas or tips for removing extra services and reducing the amount of code on an Ubuntu server running Apache, MySQL, PHP & friends?
<mooselix> I'm looking to lighten the footprint and increase security.
<fxhp> mooselix, I would look into kvm+JEOS
<fxhp> Just Enough Operating System
<fxhp> Its a version of ubuntu that is tiny and works well with VM.
<erichammond> fxhp: Thanks for the "active directory" tip.  I'm finding howto's but they mostly seem to describe how an Ubuntu client can connect to a Windows server.  I'll keep looking.
<fxhp> What are you trying to do?
<fxhp> Build a ubuntu server that allows for windows computers to authenticate with it?
<fxhp> That would be LDAP
<fxhp> Why does my jeos VM no have a harddrive?
<erichammond> fxhp: Yes, authentication, and if possible, loading browser cookie/bookmark settings.  Looks like we're going to have to bring in somebody who knows Windows a bit more than we do.
<fxhp> LDAP is used for authentication, for browser settings you would need windows "Group Policy" which is part of active directory... I don't think that functionality is part of ubuntu
<uvirtbot> New bug: #479621 in eucalyptus (main) "Re bundled karmic image fails to boot" [Undecided,New] https://launchpad.net/bugs/479621
<fxhp> Does anyone here have experience with vmbuilder and jeos?  I need help.
<Beardedchimp> Heres an interesting question can I, and what happens if I overwrite the kernel while running the os (my guess is maybe the kernel is entirely in ram and it wont notice)
<Beardedchimp> This is for an arm board
<Beardedchimp> Going to overwrite the nand and update the kernel while running
<Beardedchimp> :)
<Beardedchimp> Kernel is in its own parition
<micahg> is there an issue with software raid and 2.6.31?
<fxhp> Still having trouble with my VM's seeing their harddrives
<fxhp> If anyone has a chance to help me, that would be great.
#ubuntu-server 2009-11-10
<qman__> erichammond, yeah, what you're looking for is a replacement for active directory
<qman__> samba 4 is designed to help with this, but samba 3 is a bit tougher
<qman__> it basically requires ldap and a specific kerberos implementation
<qman__> I've yet to actually get it to work, myself, but I've seen it done
<RoAkSoAx> I've tested samba4 and created and AD Server, created users, groups, used windows tools to manage the AD and was able to log in computers to the AD
<qman__> nice
<qman__> good to know samba 4 is making progress
<fxhp> qman__, I think that the user in need of that information has already left the chat.
<RoAkSoAx> qman__, it was pretty impressive!!
<fxhp> what would cause my jeos VM's built with vmbuilder to not have their harddrives linked in the config (xml)  I have to manually attach them using virsh edit
<erichammond> qman__: Thanks. If you solve it, consider documenting the steps in a howto.  At this point, I think I can admit that my Windows foo is insufficient to tackle it alone.
<eqx311> ok, so help me with this dissision. I need run bunch of virtuals on older xeon hardware without vmx
<eqx311> what should I use to make it running
<eqx311> I just spend 4 days of compiling and compiling of kernel 2.6.31.5 + xen 3.4.2-rc2 and I can not make that xen running :)
<micahg> is there an issue with software raid and 2.6.31?
<StrangeCharm> i seems to have made an arror writing my fstab, and have to manually mount my volumes. what's the correct way to mount volumes in an lvm on an encrypted volume?
<StrangeCharm> how do you mount an lvm stored on an encrypted volume?
<micahg1> is there an issue with software raid and 2.6.31?
<goose> does anybody know why "mkdir ~/public_html" doesn't create a folder any longer at http://domain.org/~chris/ for me? :/
<fxhp> goose, It still works for me
<fxhp> mkdir ~/asdf
<goose> ?
<goose> fxhp: you want me to make a dir named "asdf" in my home folder?
<fxhp> No
<fxhp> I was expressing that the syntax still creates a folder
<goose> ah :p yes, the folder is created
<fxhp> your question was pretty ambiguous.
<goose> but it's no longer shown at http://domain.org/~chris/
<goose> is what I meant
<fxhp> what do you use as a web server?
<fxhp> apache?
<goose> yes
<fxhp> lighTPD?
<goose> apache2
<fxhp> Does apache point at your home dir?
<goose> it does by default, iirc? I'll double check, though
<micahg> is there an issue with software raid and 2.6.31?
<fxhp> software raid and the new kernal?
<fxhp> kernel *
<goose> don't see anything off in my /etc/apache2/apache.conf, and my httpd.conf is blank :S
<fxhp> blank...?
<fxhp> Did youedit with sudo?
<goose> yeah... absolutely nothing in it
<micahg> fxhp: yes
<micahg> it wouldn't boot
<micahg> can't find /dev/md0
<micahg> I have a boot partition
<fxhp> micahg: did this happen after an upgrade?
<micahg> yes, I upgraded from jaunty -> karmic
<fxhp> eek
<micahg> I got rid of the UUIDs and it didn't help
<micahg> luckily I still had my old 2.6.28 kernel
<goose> fxhp: the module to enable that dir to be transferred to HTTP wasn't enabled. fixed now.
<fxhp> goose: good to hear.
<fxhp> micahg, so that raid array still exists but grub is unable to load it?
<micahg> yes
<micahg> well, it's not grub
<micahg> it drops me into busybox
<fxhp> micahg, can you see the array in busybox?
<fxhp> see the files?
<micahg> no, it can't find the array
<fxhp> I don't know...
<fxhp> I was planning on setting up raid5 on 5 drives.
<fxhp> Never got around to it
<JerVA> I know this is not support related channel
<JerVA> But I have user that is having NIS related issue with server with 10+ clients
<micahg> JerVA: this is a support channel for servers :)
<JerVA> Hi there again micahg
 * micahg is not usually in here
<JerVA> Should I refer this user to this channel?
<JerVA> I think this may be server related issue
<micahg> if it's on the server side, yeah
<JerVA> Ok I'll refer this user
<micahg> channel seems quiet right now though
<JerVA> Hello thieusoai
<thieusoai> hi
<JerVA> micahg - this is thieusoai that needs assistance with NIS related issue I mentioned
<thieusoai> I have problem with NIS ---  all my clients machine (which authenticates login etc via NIS) cannot open any network related apps (e.g., pidgin, xchat, firefox).
<thieusoai> if I log in a local account , then everything is fine.
 * micahg doesn't know about NIS unfortunately
<micahg> maybe someone else does
<tonyyarusso> I set it up once, but I don't pretend to understand it.
<thieusoai> The server runs Ubuntu-8.04 Server .   The clients run various OS including Debian / Ubuntu Hardy, Karmic, Jaunty, etc  _all_ face the same problems
<thieusoai> yeh -- been working on this for almost 10 hrs
<thieusoai> so frustrated :(
<JerVA> Did you try to do the server reset including clients?
<thieusoai> yeh I did,  I reboot the server as well as the clients
<JerVA> Like powercycling?
<thieusoai> I turn off all the clients,  and server, then start the server
<thieusoai> and one client
<thieusoai> and test on that client
<micahg> thieusoai: have you seen this: https://help.ubuntu.com/community/SettingUpNISHowTo
<thieusoai> yeh micahg , I did
<thieusoai> the weird part is that I was able to log in using NIS just fine  ,
<thieusoai> it's just in X
<thieusoai> when all the network-apps hang
<thieusoai> but in tty's ,  everything works (e.g., I can use elinks and such)
<nxvl> kirkland: around?
<thieusoai> also the home directory of user is mounted via nfs
<thieusoai> not sure if it's related
<JerVA> you mean ntfs
<thieusoai> no, nfs
<JerVA> ok
<thieusoai> but I am not sure if it's related
<thieusoai> because I can see all those files just fine
<JerVA> No updates or anything to do with Update Manager?
<thieusoai> nope, I don't think it is due to updating.   Because we didn't touch the Server at all for quite a long time
<thieusoai> only when this problem arises today
<thieusoai> then we decided to update it
<thieusoai> but it still the same
<JerVA> Maybe it is hardware-related issue?
<JerVA> Run some network tests ?
<thieusoai> on the server ?
<JerVA> why not
<JerVA> see where in the end is the issue
<thieusoai> I am not sure what network test to run  ?
<thieusoai> yeh it would be good to localize where the problem is
<JerVA> http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS
<JerVA> I'm googling what I can :)
<JerVA> I think this one may help out better
<JerVA> http://www.yolinux.com/TUTORIALS/NIS.html
<thieusoai> thanks JerVA
<JerVA> anytime
<thieusoai> I'll check them out -- but now I think gotta go dinner and come back
<JerVA> Okay.
<JerVA> thanks for helping out micahg
<micahg> JerVA: sorry I couldn't be more help
<JerVA> no problem
<JerVA> I tried what I can
<JerVA> I'm not an expertise on NIS either
<erichammond> smoser, mdz: My first time trying to use euca2ools and I found that to rebundle an image for EC2 I had to install ec2-ami-tools from multiverse anyway just to get the EC2 cert.  Seems like the Karmic AMI is not usable without ec2-ami-tools for rebundling which is the first thing most EC2 tutorials want you to try.
<smackd> hi all... trying to send mail.. i have installed the postfix-dovecot package... it wont let me send... anyideas i can check on...?
<ScottK> smackd: Look in /var/log/mail.log.  It will tell you why
<smackd> ok it says this.. the same relay message what is that
<smackd> Nov  7 18:07:05 76 postfix/smtpd[1534]: NOQUEUE: reject: RCPT from unknown[76.199.50.233]: 554 5.7.1 <matt14213@yahoo.com>: Relay access denied; from=<matt@$
<maxagaz> hi
<maxagaz> on a server, I have : "/dev/sda1  142G  137G     0 100% /" the percentage doesn't look correct
<oh_noes> is there a boot screen/splash-screen for hardy?
<jmarsden> oh_noes: For Ubuntu server there is no graphical splash screen... there is no GUI :)
<oh_noes> well ive used hardy as a base for an appliance i made
<oh_noes> i was looking into boot screen, preferbly text based
<oh_noes> but i wasnt sure what options are available
<jmarsden> oh_noes: You are creating appliances that assume a "PC" style VGA screen will be attached at boot time?  Usually appliances can't assume that, can they?
<jmarsden> For example, when you start an instance of the appliance up in the cloud on Amazon EC2, where will the "boot screen" be displayed?
<Fraxtil> How do I configure GRUB in Ubuntu 9.10 server? It seems there's no /boot/grub/stage1
<russlar> Fraxtil: 9.10 uses grub2 on fresh installs
<jmarsden> Fraxtil: If you did a fresh install it most likely used grub2 instead of grub
<russlar> !grub2
<ubottu> GRUB2 is the default Ubuntu boot manager in Karmic. For more information and troubleshooting on GRUB2 please refer to https://wiki.ubuntu.com/Grub2
<Fraxtil> okay then
<Fraxtil> How can I run update-grub, since I can't log in anymore?
<Fraxtil> *or boot it in the first place
<jmarsden> Fraxtil: Boot the machine from a CD, perhaps.  Sounds like there is a story behind your apparently simple question "How do I configure GRUB"... how did you break it in the first place?
<Fraxtil> jmarsden: I thought I could backup everything from an encrypted LVM and put it onto a regular ext3 filesystem, but that changed partition orders and stuff
<jmarsden> OK.  Sounds like booting from CD would be a useful way to go (if the system is local to you), then mount your ext3 partition(s), chroot into the real system and use update-grub.
<twb> If grub is working, you can just pick "rescue" to immediately get root
<twb> If grub simply can't find the root partition or the kernel, you can also just edit it by hand enough to boot (the "e" key), and then get update-grub working from there.
<AliTarihi> Hi. anyone can help me with OpenFire installation. I'm newbie to server things. I've installed it but I get connection refused on admin console
<crohakon> I would like to turn off the DHCP client and set my server to a static IP on my LAN. Anyone got a guide that will help me with that?
<Boohbah> crohakon: http://www.debianadmin.com/ubuntu-networking-for-basic-and-advanced-users.html
<crohakon> Boohbah, thanks
<crohakon> How can I test of my DNS server is using, via the server itself over SSH?
<nagumo> anyone have experience with kerberized nfs4?
<maxagaz> i have installed a mirror for hardy, jaunty and karmic on a server, and then removed the lines for karmic, but karmic packages are still here, how to clean my mirror ?
<crohakon> well, I must say, I think I have noticed in the speed of opening websites using my own DNS server rather then charters...
<crohakon> noticed an increase*
<KurtKraut> crohakon, are you also caching the DNS queries?
<crohakon> How do I check? I am just now setting this all up and testing.
<KurtKraut> crohakon, what software you're using to have your own DNS server?
<crohakon> bind9?
<KurtKraut> crohakon, it does not cache queries by default. I recommend you to search for how to do that on Google.
<crohakon> What is the benefit?
<KurtKraut> crohakon, I'd like also to request your vote on this: http://brainstorm.ubuntu.com/idea/20842/
<crohakon> What is the benefit of enabling caching?
<KurtKraut> crohakon, to be short: much, much, much faster internet browsing.
<crohakon> you got my votes.
<KurtKraut> crohakon, thanks
<crohakon> All that is required is simply adding the IP numbers of your ISP's DNS servers. <--- To enable caching I need to use the IP of my ISP's DNS servers why?
<qman__> crohakon, you don't need caching
<qman__> you're running your own server with root hints
<qman__> caching is if you want to cache from your ISP's DNS
<qman__> it's a completely different setup
<KurtKraut> crohakon, no you don't. But using your ISP DNS and them caching its results are also an improvement of performance.
<KurtKraut> qman__, saying 'you don't need caching' is like 'you don't need to use seat belts on cars'
<qman__> both accomplish the same goal
<KurtKraut> :D
<qman__> he doesn't need a caching server, because he has a server that uses root hints
<qman__> instead of his ISP's DNS
<crohakon> Yes, I am trying to avoid using charters DNS all together.
<KurtKraut> qman__, even caching for local queries is a performance booster.
<crohakon> KurtKraut, I believe caching for local queries is enabled by default with bind9... though, I could be wrong.
<qman__> that's what I thought, too
<KurtKraut> crohakon, AFAIK, no. But you can do the test with the command dig. Do a 'dig www.google.com' twice and see how many miliseconds both queries took.
<qman__> 60ms; 0ms
<crohakon> 1ms; 1ms
<KurtKraut> qman__, crohakon, so it is caching.
<qman__> I think it caches for like 5 minutes
<crohakon> only 5 minutes?
<KurtKraut> qman__, if it does, it is not correct. It should cache until the TTL of the query. Each DNS query tells to the server when it is expected to expire and should be kept until that time.
<macno> Hi, I need to install samba 3.2 o 3.3 on 8.04 LTS. I checked in backports but aren't there. any suggestions?
<qman__> I don't know for sure, I was just guessing, because my server is pretty on top of DNS changes
<qman__> it's more accurate than my ISP's DNS, by a considerable margin
<crohakon> I kept having issues where I would go to, say, www.ubuntu.com and it would not resolve. I would wait a minute, try again, and it would work... with charter. I was hoping running my own DNS server would make that less likely.
<qman__> it will
<KurtKraut> crohakon, have you tried OpenDNS.com?
<qman__> openDNS is alright, but not as fast as running your own server
<KurtKraut> qman__, OpenDNS + local cache is as good as querying directly to root servers.
<soren> smoser: Done.
<crohakon> KurtKraut, now that this is working and I can notice the improvement I think I am just going to stick with it. I already had the box running as a LAMP server using dyndns.com... so it it running when ever I have power anyway.
<ttx> soren: o/
<ttx> soren: haven't seen any blueprints from you yet...
<soren> ttx: No, sorry about that. Last night didn't work out as planned :(
<ttx> soren: ok, please do it today then ;)
<ttx> soren: put yourself as assignee +drafter if you intend to do it, only as drafter if you want to lead the discussion about it, or leave blank if you don't really want to lead it or do it.
<soren> ttx: Sounds easy enough.
<ttx> soren: doesn't mean you won't end up doing it, just that it's open :)
<soren> Gah.
<soren> ttx: What's the naming scheme for specs this time?
<ttx> server-lucid-*
<ttx> though it doesn't really help in getting their list, given how blueprint search "works"
<twb> Haha, lucid name clash gets me again
<twb> I was trying to work out when Lucid became a font foundry.
<twb> (Lucid Inc, that is.)
<soren> ttx: Who should I be defaulting to for approver? You? mdz?
<soren> Myself (if I'm not the drafter, of course)?
<ttx> ttx: mdz
<ttx> soren: mdz
<soren> ttx: Got it, thanks.
<soren> ttx: I'm not sure how to file the "automated testing" spec thing. It's vast and I doubt it will fit in a single session.
<soren> ttx: Also, I'm not sure it makes sense to split it into e.g. "mail", "web", "databases", etc.
<soren> ttx: Can we schedule a session on Monday, where we essentially schedule the next 3-4 sessions on the subject and reserve timeslots for those now?
<soren> I have a hunch that people more familiar with automated testing will have a better idea about how to split up this discussion.
<ttx> soren: i'll talk about it to mdz
<soren> The first session may be about what we want to test... Another one could be about how, when, and where..
<soren> I don't know, really.
<soren> It's rather new to me, to be honest.
<soren> I just know I want to do a lot of it for this cycle.
<ttx> soren: I think we should have a formal session about Automated testing to discuss the targets and methods, then several ad-hoc discussions on specific targets
<ttx> Having a blueprint on "automated tseting" will allow to schedule the first one
<soren> ttx: Oh, right, you said there'd be plenty of open slots, right?
<soren> I forget about that for a minute.
<ttx> and having it scvhedule relatively early will allow for several breakout sessions on the subject during the week
<soren> Right, exactly.
<ttx> soren: There should be open slots, yes
<soren> ttx: Are you doing any of the scheduling or is it all mdz?
<ttx> soren: it's all mdz
<zul> morning
<python_root> night
<soren> afternoon
<python_root> This makes a complete MAN morning afternoon night
<alvin> Is installation of ubuntu-server from USB stick officialy supported?
<ttx> zul: do you plan to file a blueprint on calendaring ?
<soren> alvin: sure.
<soren> ttx: I have an old spec: https://blueprints.edge.launchpad.net/ubuntu/+spec/server-karmic-virtual-appliance  I'd like to just start a new one on virtual appliances for lucid. What state should I put the old one (so that it doesn't show up in the usual lists)?
<ttx> You should make the new oe supersede the old one
<soren> ttx: Clever.
<ttx> (go to the old one, select mark superseded, then type really fast to select)
<alvin> soren: good, in that case I have found a bug (I think). This weekend, I installed an Atom 330 server with 4 disks. Ubuntu is installed FROM usb stick ON another USB stick. The stick containing the installer is /dev/sde and the target device is /dev/sdf. After the successful installation, I unplug the installation stick. Now, the root drive is the other stick and it becomes /dev/sde.... dun, dun, duuuun,... No boot.
<alvin> I changed the value in /boot/grub/grub.conf and /etc/fstab, because they where both wrong.
<alvin> Shouldn't they both use UUID by default, (fstab and grub)
<soren> alvin: Ah. You never said anything about installing /to/ a USB stick :) I'm not sure that's supported.
<soren> alvin: but yes, I would have thought everything would use UUID's.
<soren> alvin: which version of Ubunt uis this?
<alvin> soren: Well, true :-) (but it is handy if you want those 4 drives to work in RAID and have only 4 SATA connections)
<alvin> soren: karmic
<alvin> soren: On  EVERY new karmic installation of ubuntu-server I noticed UUID's are no longer used!
<alvin> I did about 10 of those fresh installations. No UUID in sight. Not in grub and not in fstab
<soren> alvin: All of them from USB?
<alvin> No, only 1. The rest are normal disks.
<soren> "from".
<soren> Not "to".
<alvin> From cd, to sata or sas
<soren> Ok.
<soren> The server CD, I presume?
<alvin> yes, the default one
<alvin> oh, and also the kubuntu (alternate) cd
<alvin> I thought it must have been a new policy. Upgraded installations still use UUID
<soren> Upgrades don't make changes to fstab.
<soren> Usually.
<soren> alvin: Are you using lvm?
<alvin> soren: Yes, but I always use a separate non-lvm /boot
<soren> cjwatson: Oh, you're in here as well... Saves me the trouble of repeating everything to you :)
<cjwatson> as I said on #ubuntu-installer, the installer hasn't changed in this regard
<alvin> It hasn't?
<cjwatson> well, let's say no intentional change
<cjwatson> we've never used UUIDs for LVM, but continue to do so elsewhere, to the best of my knowledge
<alvin> I did a fresh install today and this is in the /etc/fstab of that server:
<alvin> /dev/cciss/c0d0p1       /boot           ext2    defaults                        0       2
<cjwatson> please post your fstab somewhere
<cjwatson> cciss I'm not sure about, although aren't those controller numbers stable?
<cjwatson> I wouldn't mind a quick look through /var/log/installer/syslog
<alvin> Could very well be. It's only one server that uses it here. I'll find some other fresh installations.
<alvin> let me see
<cjwatson> the code involved contains no special-casing of cciss, though
<ca2sat> ip a
<zul> ttx: https://bugzilla.samba.org/show_bug.cgi?id=6880
<uvirtbot> bugzilla.samba.org bug 6880 in libsmbclient "cannot list workgroup servers" [Major,Resolved: fixed]
<alvin> /var/log/installer/syslog of a server, using cciss: http://paste.ubuntu.com/315068/
<alvin> This is from the 'usb stick install'. (note that I changed it from /dev/sdf1 to /dev/sde1):
<alvin> /dev/sde1                       /               ext2    noatime,errors=remount-ro       0       1
<alvin> Other note: I didn't have to change it in order to boot. Only the grub root= had the be adjusted for that! (df showed /dev/sde1, while /dev/sdf1 was the value in /etc/fstab)
<alvin> I'm now looking at a virtual karmic server, and /boot is UUID there, so it looks like I'm mistaken and I'm seeing this only in the case of cciss and an install on an USB stick. I do have another installation, but I'll check tonight. It can't boot currently, due to bug 461133
<uvirtbot> Launchpad bug 461133 in mountall "karmic: nfs shares are not mounted at boot" [Medium,Incomplete] https://launchpad.net/bugs/461133
<ttx> zul: ew
<ttx> zul: will it ever end
<zul> ttx: nope unless microsoft kills off windows which im hoping they do next week
<ttx> zul: good plan
<zul> ttx: im pretty sure we have a bug open about that ;)
<zul> soren: i bet you would be glad to know that windows 7 works on kvm ;)
<soren> zul: Absolutely thrilled.
<soren> I'm beside myself.
<uvirtbot> New bug: #468771 in php5 (main) "php5 crashed with SIGSEGV in _Unwind_ForcedUnwind()" [Medium,New] https://launchpad.net/bugs/468771
<alvin> Well, I'm sorry for the wrong information. Apparently, UUID's are still used (except on cciss and unsupported USB-sticks). It would be nice to introduce it on USB sticks too.
<zul> well that made it choke
<alvin> A related question: what is the official way to change root=/dev/sdX to root=UUID=...  in the new grub?
<Jeeves_> alvin: Uh, edit /boot/grub/menu.lst?
<alvin> Jeeves: No, I mean in grub2
<alvin> That file no longer exists and /boot/grub/grub.conf should not be altered manually
<soren> jdstrand: Ooh, two-factor authentication!
<jdstrand> soren: we all decided you would be both interested and a great asset in the session :)
<jdstrand> soren: so I subscribed you
<alvin> There is extensive documentation about adding new entries to grub, but there's nothing in there about changing an existing configuration.
<zul> jdstrand: is that because he has it already?
<jdstrand> zul: well, I know he's played with a lot of different auth methods, and I thought he did use it currently, yes
<ttx> smoser, kirkland: around ?
<kirkland> ttx: yup
<smoser> here
<ttx> kirkland: mdz asked me to make sure the necessary blueprints were filed so that he can bootstrap scheduling
<ttx> kirkland: are you planning to file one about appliances and one about bugfixes blitzes ?
<kirkland> ttx: wasn't planning on either
<ttx> (the latter might be known as bugdays/bugweeks and could be discussed with QA)
<kirkland> ttx: i understood soren to own appliances now
<ttx> soren, kirkland: we need at least one session on the subject
<alvin> Another thing about the usb stick installation. blkid does not report /dev/sde. The drive is mounted, but I can not see the UUID. (it may not be supported, but I'm mentioning it anyway. I'm quite happy with the solution of installing Ubuntu on a stick to create a simple NAS. It's at least 3x faster than FreeNAS.)
<ttx> Filing the blueprint doesn't mean you have to set yourself as drafter/assignee
<soren> ttx: I'm filing one on appliances.
<ttx> soren: cool, thx
<smoser> ttx, i'm mostly in order, i wanted to go ahead and fill out 2 more blueprints regarding OVF, though.
<soren> ttx: (That was the one where I wanted to mark the old one superseded a couple of hours ago.)
<smoser> i'll start that now.
<soren> jdstrand: Sounds great.
<ttx> smoser: are you the one that suggested working on ec2-/euca- tools  compatibility on the IdeaPool ?
<smoser> i dont know. if not i'll add quickly.
<smoser> actually i think i did ad dthat last night.
<smoser> unless i forgot to hit save
<smoser> hold on
<smoser> yeah, its there, ttx, search for bug 435140
<uvirtbot> Launchpad bug 435140 in euca2ools "euca2ools should provide ec2-* symlinks/alternatives" [Wishlist,Confirmed] https://launchpad.net/bugs/435140
<smoser> oh. sorry,k i completely missed your question. yes, i added that last night.
<smoser> i just added my name to it
<ttx> smoser: I'm not sure it warrants a blueprint by itself
<ttx> but I can't find anything to include it into
<smoser> yeah, that was mainly  my reason for putting it there and not making a blueprint :)
<ttx> smoser: file it, because if we end up doing it, we'll be glad to have a blueprint -- we need a testing plan
<smoser> ttx, ok. blue print in the works.
<TeTeT> soren: Hi, I get an error when running 'vmbuilder xen ubuntu' on karmic - Soemthing is wrong, no valid xen kernel for the suite jaunty found by rmadison. Any ways to get around this?
<TeTeT> soren: think I figured it out - does not work behind a proxy by default
<soren> TeTeT: Ah.
<TeTeT> soren: setting http_proxy and all is good :) Was just confused by the error message
<soren> Yeah, it's rather opaque.
<aubre> Where do I put an official SSL certificate for use with Eucalyptus (UEC) ?
<\sh> anyone who was doing lately an dist-upgrade from jaunty to karmic server and having no network after that?
<soren> \sh: Using bonding or bridging?
<\sh> (without do-release-upgrade)
<\sh> soren, yepp
<\sh> bonding + vlan
<soren> Add a sleep 20 to /etc/init/networking before "ifup -a".
<soren> and..
<soren> Err...
<soren> Something clever in rc2 to make sure it waits for lo.
<\sh> soren, do we have a bug for that?
<soren> \sh: I don't know. I kind of gave up on the issue after arguing for two hours whether it was even a regression.
<Carroarmato0> My server keeps restarting sshd about 2-3 minutes after a connection, afterwards it's not available on the network anymore
<Carroarmato0> It's a fresh install of 9.10
<zul> Carroarmato0: are you using dhcp?
<Carroarmato0> yes
<ttx> smoser: maybe extend the xc2 one
<Carroarmato0> the server get's a static op from the routers dhcp
<zul> Carroarmato0: try using a static connection
<Carroarmato0> zul, I'll try
<zul> ttx: ^^^ thats another thing to fix for lucid
<ttx> smoser: rewording server-lucid-xc2 so that it includes both topics sounds good to me
<smoser> ttx, the reason i didn't put that there...
<aubre> I'm trying to test landscape cloud management with UEC, I got a real certificate for my front-end, where do I put it and how do I get the front page to use it?
<smoser> is that we definitely *could* just add another layer of indirection and fix the compatibility there.  however, i would think that for many things, euca2ools needs to be fixed.
<smoser> ie, i think there is one argumetn i ran into recently where euca2ools only takes '-K' not '--key' or something... stuff like that, you could work around in 'xc2' but would be better done in euca2ools
<Carroarmato0> zul, also something I've noticed is that whenever that problem occures, the server behaves as if it were frozen (not shutingdown when pressing the power button)
<ttx> smoser: I think its part of the same discussion
<ttx> smoser: its an and/or
<smoser> well.. i dotn know. but i'm ok with adding it to the xc2 blueprint.
<zul> Carroarmato0: the reason probably why its restarting every 2-3 minutes is that your dhcp lease time is pretty short and there is a hook to restart network services when dhcp queries a new ip address you should be fine with a static IP address
<ttx> smoser: gives more chance that both subjects will be discussed
<ttx> smoser: ... I think
<smoser> well, done
<Carroarmato0> zul, I never had that issue before with the previous release, might the dhcp default settings have been changed with the latest one?
<zul> Carroarmato0: maybe I cant say for sure
<aubre> what is the actual software within UEC that runs on port 8443?
<soren> \sh: Sorry, I want to help, but I can't. See #ubuntu-devel, if you're in the mood.
<Carroarmato0> zul, thx I'll report back when I'm confident the problem doesn't happen anymore
<zul> Carroarmato0: thanks
 * soren goes to pick up daughter at day care.
<aubre> looks like I'll be writing some more documentation when I figure this out
<\sh> soren, I'll try to get a solution there...because it's really a nasty thing
<uvirtbot> New bug: #480048 in eucalyptus (main) "euca-register fails with syntax error" [Undecided,New] https://launchpad.net/bugs/480048
<Carroarmato0> zul, It seems like the server droped off the net again
<zul> Carroarmato0: oh well that sucks
<Carroarmato0> zul, I've set the static address in and did a  /etc/init.d/networking restart
<zul> Carroarmato0: changing the ip is something you want to do at the console anyways
<Carroarmato0> zul, oow I have leaned a lot from changing ip's on a remote connection ;)
<Carroarmato0> zul, It's all about preparation and scripting against worse case scenarios :D
<Carroarmato0> but I'll hook the server to a screen
<Carroarmato0> zul, some other weirnesse's that happen when the server gets knocked off the net, keyboard doesn't respond anymore
<_ruben> sounds more like crash to me than
<_ruben> s/than/then
<soren> \sh: Yes, it is. I spent a lot of time trying to explain this, but the answer was simply "it was racy before, too".
<uvirtbot> New bug: #479990 in mysql-dfsg-5.1 (main) "Causes MySQL to get "temp file operation failed" errors" [Undecided,Incomplete] https://launchpad.net/bugs/479990
<zul> lamont: ping
<\sh> soren, there needs to be a sane solution...if not, udev + whatever magic we are doing today is nothing for a server linux ;)
<\sh> while the releases before karmic it worked (luck or not)
<soren> \sh: We know what the solution is. It just hasn't been implemented yet.
<\sh> soren, where would you place the call to if-up if not /etc/init/networking.conf ? I'll can test and confirm or say it doesn't work out
<soren> I would probably change network-interface.conf to call "ifup -a" instead of whatever it does now.
<\sh> well..
 * soren /really/ goes to pick up daughter at day care
<Carroarmato0> zul, I think it was a combination of short dhcp lease time and openVPN causing some havok with bridging that gave all those problems
<zul> Carroarmato0: ah good
<Carroarmato0> I'm going to try loging out of the server and using it as usual incase it's being sneaky and stop working again after I logout of the console
<Carroarmato0> zul, everything seems to work fine, thanks for your help :)
<zul> Carroarmato0: no probs
<acalvo> hi
<acalvo> does anyone uses openldap monitor capability=?
<TeTeT> ttx: hi, any chance to get the euca2ools backported to Ubuntu 8.04?
<ttx> TeTeT: I have no clue. Not sure how many build-deps are missing
<ttx> TeTeT: ... and can't look into it right now
<TeTeT> ttx: ok, any chance to have a look before end of november? I need to know if I need to install ec2 tools on the virtual servers for training, or wait for euca2ools to appear in a PPA or so.
<ttx> TeTeT: oh sure!
<ttx> soren: any hint on how difficult that would be ? ^
<eradicus> hi I'm using ubuntu 9.04 is there a way to install ubuntu-server packages?
<azteech> eradicus: just use apt-get from a terminal, and install which ever server package you want to. Or you can use synaptic package manager to select the packages you want installed.
<bogeyd6> eradicus the server is the 9.04 desktop without the desktop :)))) you can use apt to manage the software and install any server software you like
<bogeyd6> !server
<ubottu> Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server-specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is 8.04. For more info see https://help.ubuntu.com/community/ServerFaq/ and https://help.ubuntu.com/8.04/serverguide/C/index.html - Use the #ubuntu-server channel for support
<zul> ttx: can you have a look at  bug #472785?
<uvirtbot> Launchpad bug 472785 in eucalyptus "can't register SC" [Undecided,New] https://launchpad.net/bugs/472785
<ttx> zul: not today, sorry :)
<zul> ttx: at your leisure :)
<eradicus> bogeyd6, yeah I figured, it was just before there's a single-liner apt-get command for installing the ubuntu server packages on ubuntu desktop, the package name was ubuntu-server I think.
<googa> is there other type of mail servers then MTA:s?
<NRVate> in 9.x i think it's broken out.. like lamp-server, etc.
<uvirtbot> New bug: #475354 in eucalyptus (main) "Hostname not set correctly on UEC cloud due to IP address in local-hostname manifest data" [Medium,Incomplete] https://launchpad.net/bugs/475354
<eradicus> NRVate, lamp-server is non-existent too, so selecting packages manually is the way to go
<aubre> New Documentation - How to Connect UEC to Landscape - https://help.ubuntu.com/community/UEC/Landscape
<aubre> comments/criticisms are welcome
<aubre> is there a way to make stunnel commands persistent across reboots?
<aubre> or an Ubuntu-standard way?
<uvirtbot> New bug: #479493 in gnome-system-tools (main) "NTP services installation crashes" [Undecided,New] https://launchpad.net/bugs/479493
<jmarsden> aubre: Configure it in /etc/stunnel/*.conf and it should be started as a daemon at boot time for you, I think.
<aubre> jmarsden: thanks
<jmarsden> aubre: Also /etc/default/stunnel4 (set ENABLED=1 in there)
<aubre> jmarsden: thanks again
<jmarsden> aubre: You're welcome
 * soren pauses for dinner
<aubre> jmarsden: looks like /etc/default/stunnel4 is ENABLED=1 by default
<jmarsden> aubre: Nice.  It wasn't for me on Jaunty.
<aubre> jmarsden: Updated https://help.ubuntu.com/community/UEC/Landscape with a method that should be persistent across reboots.
<jmarsden> aubre: OK.  I'm more familiar with  stunnel than with UEC :)
<aubre> jmarsden: I'm the other way around lol.
<uvirtbot> New bug: #480151 in sysstat (universe) "Package sysstat with Ubuntu Server" [Undecided,New] https://launchpad.net/bugs/480151
<uvirtbot> New bug: #480152 in samba (main) "Samba service doesn't start automatically" [Undecided,New] https://launchpad.net/bugs/480152
<kirkland> howdy mathiaz :-)
<kirkland> mathiaz: ttx was looking for you earlier
<kirkland> mathiaz: he left about an hour ago
<mathiaz> kirkland: yeah - send an email instead
<mathiaz> kirkland: about blueprints
<kirkland> mathiaz: right-o
<kirkland> mathiaz: basically, they're due today
 * mathiaz nods
<uvirtbot> New bug: #480173 in munin (universe) "Missing dependency for tomcat plugins (libxml-simple-perl)" [Undecided,New] https://launchpad.net/bugs/480173
<mcas> hi is anyone still using 8.04 server?
<mcas> i have a strange problem with squid and logrotate
<mcas> it doesn't work :-(
<kane_> mcas: since it's an LTS, i'm sure people still do :) what's happening to your squid & logrotate?
<mcas> i have a logfile of 2gb ... that doesn't sound like daily logrotes
<kane_> mcas: that depends on your traffic and verbosity. checking the head & tail of that would let you know for sure
<mcas> ok kane_ i check it
<sommer> who is the lucid blueprint approver?
<zul> mdz
<sommer> ah, thanks :)
<cemc> I've configured dspam+postfix according to https://help.ubuntu.com/community/Postfix/Dspam
<cemc> question: what's the real diffenrence in puttin dspam below smtpd_client_restrictions as opposed to smtpd_recipient_restrictions ?
<cemc> if you have /./, is there really any difference?
<jcastro> kirkland, your plenary is on thursday, followed by eucalyptus. So thursday is all -server plenaries
<kirkland> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/458904
<uvirtbot> Launchpad bug 458904 in eucalyptus "When installing a node, euca_find_cluster fails to locate the cluster controller if instances are running" [High,Fix committed]
<IcyPolecat> hiya anyone here familier with KVM for virtualisation?
<mathiaz> kirkland: lp:~ubuntu-core-dev/eucalyptus/ubuntu-karmic/
<cemc> IcyPolecat: you should try over at #ubuntu-virt
<IcyPolecat> cemc, did that - no one home
<kirkland> IcyPolecat: ask your questions
<kirkland> IcyPolecat: if someone knows the answer, they will respond
<IcyPolecat> kirkland, thanks
<IcyPolecat>  I have a massive prolem with my KVM host - after 188 days of uptime I finally did some patching, rebooted and now none of the VMs are accessible via network. They're showing as up in virsh but no ping nothing
<kirkland> Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html | http://www.catb.org/~esr/faqs/smart-questions.html | Be patient.  Don't ask to ask, just ask. | server guide: http://tinyurl.com/65jzxw | https://wiki.ubuntu.com/ServerTeam
<uvirtbot> New bug: #480234 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/480234
<kirkland> IcyPolecat: sounds like your bridge configuration might have gotten eaten
<IcyPolecat> kirkland, how would I verify?
<kirkland> IcyPolecat: what were you upgrading from and to?
<IcyPolecat> kirkland - updating packages mostly - load of updates to lib-birt and kernel
<kirkland> IcyPolecat: what version of ubuntu are we talking about
<IcyPolecat> host is 8.10 guests are all JEOS 8.04
<IcyPolecat> 64bit host 32 bit guests
<kirkland> IcyPolecat: it's probably the libvirt update that affected your network configuration
<paul__> whats the next android phone for t-mobile ?
<IcyPolecat> kirkland, ok ... any ideas how I can verify / discover the problem?
<kirkland> IcyPolecat: find out what version you upgraded from and to
<IcyPolecat> kirkland, how? does apt keep an audit log?
<kirkland> smoser: ping
<kirkland> smoser: regarding https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/461156
<uvirtbot> Launchpad bug 461156 in euca2ools "User data is not parsed correctly by Eucalyptus in some cases" [High,In progress]
<kirkland> smoser: ttx indicated that he wanted this fixed in an SRU at a high priority
<kirkland> smoser: do you know if he has a proposed fix for this?
<kirkland> smoser: b/c I don't know how to solve it right now
<kirkland> IcyPolecat: yes, dpkg and/or apt keeps logs.  all logs are in /var/log
<IcyPolecat> kirkland, ok found them - am looking for the relevent log entry now
<PleXuS> anyone else having issue's with Palimpsest SoftRaid tool ?
<smoser> kirkland, no. we really need a fix from euc
<kirkland> smoser: okay, thanks.
<smoser> or just to sit down and do it.
<smoser> i have pinged nurmi and nekro in irc, but never gotten anything back
<uvirtbot> New bug: #319656 in nmap (main) "nmap script engine error" [High,In progress] https://launchpad.net/bugs/319656
<micahg> my software raid array won't boot in 2.6.31, drops me into busybox
<micahg> I have the /boot partition on an ext2 drivee
<genii> micahg: Did you put the raid driver names in the list of stuff that initramfs is supposed to have available at boot?
<micahg> genii: is that new for karmic?
<genii> micahg: No, it's been the same for a while.
<micahg> genii:  it boots fine under 2.6.28
<micahg> even under karmic
<genii> micahg: The 2.6.28 raid driver would be loading from the initrd then, but not on the new kernel unless you specified in the /etc/initramfs-tools/modules    the raid drivers to include for every new kernel you install
<micahg> genii: why isn't that happening by default
<genii> micahg: Possibly because you made your array after you (originally) installed.
<ttx> mathiaz: yo
<mathiaz> ttx: o/
<mathiaz> ttx: registering blueprints
<ttx> looking...
<mathiaz> ttx: "Etckeeper system integration" <- not sure what you mean about that
<micahg> genii: I made it during install
<micahg> of jaunty
<ttx> mathiaz: its more about missing steps before we can integrate etckeeper more generally (like by default)
<mathiaz> ttx: ok
<ttx> mathiaz: for example bug 376388
<uvirtbot> Launchpad bug 376388 in etckeeper "~/.bazaar created owned by root (when run under sudo)" [Medium,Confirmed] https://launchpad.net/bugs/376388
<mathiaz> ttx: I was thinking about dpkg conffile integration as well
<ttx> we can talk about it in the etckeeper/puppet session
<mathiaz> ttx: right
<mathiaz> ttx: I almost named the blueprint -puppet-etckeeper-dpkg-integration
<mathiaz> ttx: that would require someone from fondations team though
<mathiaz> ttx: as it requires a dpkg expert :)
<ttx> mathiaz: right
<mathiaz> ttx: "Login experience - for corporate environments" should probably be pushed to the desktop team
<mathiaz> ttx: IIRC pitti was on a call about that last spring
<ttx> mathiaz: we'll have the desktop team at the likewise session at UDS
<mathiaz> ttx: ok - so this point can be discussed during the session as well
<majuk> Hey guys. I just got my Ubuntu box set up as a Windows PDC. After I ran the command "net groupmap list" via SSH, I lost all login capabilities to the box under normal operation. Recovery booting works, but smbd is unable to start and keeps reporting that it is re-reading smb.conf
<majuk> If anyone can save me from re-rolling out this box, I will love you forever.
<cemc> I don't have any apparmor in /etc/rcX.d, still it starts up. how can I disable it for good? (karmic)
<mathiaz> ttx: anything else to discuss?
<ScottK> cemc: You really should fix the broken profile and not disable it.
<mathiaz> ttx: I'm about to jet out for lunch
<ttx> mathiaz: no, sounds good
<mathiaz> ttx: hold on
<mathiaz> ttx: this is dustin
<mathiaz> ttx: i just shut my laptop down
<mathiaz> ttx: so i uploaded another eucalyptus to -proposed, fixing your avahi-daemon.conf issue
<mathiaz> ttx: i didn't see any obvious, easy fix for the userdata one, though
<ttx> mathiaz: you sound texan
<mathiaz> ttx: so i uploaded what i had
<mathiaz> ttx: okay, kirkland -> is done
<ttx> mathiaz/kirkland: ok will test tomorrow
<mathiaz> ttx: cool - have a nice evening
<majuk> I only get "Ubuntu v9.0.4 tlpserv tty1" and another log in prompt when attempting to log in. The box and its services are running, I am able to access the Apache served pages without issue.
<mathiaz> ttx: sea ya!
<majuk> Remote sessions are terminated as soon as they're established...
<cemc> ScottK: it just pissed me off, spent an hour trying to figure out why some kvm guest didn't want to start up :)
<jdstrand> cemc: add apparmor=0 to the kernel command line or remove the apparmor package. that said, if you are having a problem with a specific profile, you might consider disabling only the problematic profile instead of all of apparmor (there is quite a bit protected these days)
<jdstrand> cemc: if you are having problems with the libvirt profile, please file a bug against the libvirt package
<cemc> jdstrand: found apparmor=0. is that also valid for desktops? apparmor on desktops I mean.
<cemc> jdstrand: I will, as long as I'm messing with it :)
<jdstrand> cemc: you can disable the apparmor driver for libvirt only. see /usr/share/doc/libvirt-bin/README.Debian
<jdstrand> cemc: but yes, apparmor=0 for any Ubuntu kernel
<jdstrand> again, that is not recommended
<cemc> I ment using apparmor in general on desktops
<jdstrand> cemc: a lot is protected by apparmor on the desktop
<jdstrand> cups, guest-session, evince, dhclient
<jdstrand> possibly firefox-3.5 is you enabled it
<jdstrand> sudo aa-status
<jdstrand> ^ that will show what is being protected
<uvirtbot> jdstrand: Error: "that" is not a valid command.
<jdstrand>  ^ that will show what is being protected
 * ttx disappears
<cemc> funky stuff
<cemc> with libvirt apparmor profiles
<cemc> ooooh, I think I got it now
<jdstrand> all the kvm processes run as root when using qemu://system
<cemc> holy cr*p.... yeah
<jdstrand> it was imperative that they be confined
<cemc> I'm using whatever.ovl as a disk in the xml, there's a reference to it
<cemc> but ovl is just an overlay to something else,
<cemc> which doesn't appear in the xml file,
<cemc> so it's not added to the profile
<cemc> so apparmor doesn't know about it,
<cemc> and it doesn't allow it to be opened
<jdstrand> that sounds like a known bug
 * jdstrand goes to find it...
<cemc> myeah, it's all in the syslog, one just has to know how to read it and what to look for
<jdstrand> cemc: are you using a backing store with libvirt storage pools? or just created a pristine image with the snapshot/overlay listed as the disk file?
<IcyPolecat> kirkland, you still online?
<cemc> jdstrand: just used kvm-img create
<cemc> no pools
<jdstrand> cemc: yeah, that is bug #470636
<uvirtbot> Launchpad bug 470636 in libvirt "AppArmor security driver does not support backingstore" [Medium,Triaged] https://launchpad.net/bugs/470636
<jdstrand> cemc: well, the title doesn't reflect that, but you are hitting the same problem the reporter is
<jdstrand> cemc: the problem is that the pristine file isn't known to libvirt at all
<cemc> yes, I got that now
<cemc> it does complain about it in syslog
<cemc> I just didn't realize
<jdstrand> cemc: I can't fix that, but I will fix the driver so that users can use a <backingstore> (which lets libvirt know about it)
<jdstrand> cemc: backinstore doesn't work atm either
<jdstrand> cemc: but, it is easy to work around-- just edit /etc/apparmor.d/libvirt/libvirt-<uuid>
<cemc> I'm fairly new to kvm too, I don't really know about that
<cemc> jdstrand: mhm, now that I know what the problem is, I should be able to fix it
<cemc> hm, thanks a lot
<jdstrand> cemc: I suggest subscribing to the bug. I'll likely put a test case in there that will show how to do all the backingstore stuff
<cemc> done
<jdstrand> cemc: but I won't be fixing that bug super soon-- definitely for lucid though
<cemc> jdstrand: no problem, I'll do testing when needed
<jdstrand> cemc: excellent. sorry you hit this issue. I'll appreciate the testing
<jdstrand> depending on the changes, I may SRU it
<cemc> cool
<jdstrand> I need to write the patch, and I need to decide the best way to rework the xml given to virt-aa-helper (since the <backingstore> is represented in the machine definition
<jdstrand> s/is/isn't/
<jdstrand> anyhoo-- I'll fix it
<cemc> could you just do a 'kvm-img info' -like thing on the images present in the xml and read out all the backing file paths? or that's what you mean?
<jdstrand> cemc: yes, I could but this would allow an avenue for the attacker to escape the VM, or at least overwrite arbitrary files on the host. If the VM is compromised, the attacker has write access to the disk file, which could be modified to point to another file on the disk
<jdstrand> cemc: ie, libvirt shouldn't be looking at the attacker controlled file for information
<cemc> I see
<cemc> jdstrand: for a quick(er) fix, could I just add a /dir/** rw to usr.sbin.libvirtd where /dir is where I keep all the images for all current (and future) guests?
<jdstrand> cemc: sure. just keep in mind it is a security trade off, and you won't have guest isolation, only host protection
<jdstrand> cemc: that may be all you care about (eg, if these VMs are accessible via the network and aren't likely to be under attacker control)
<cemc> you mean the guests won't be protected from each other and this could be an issue (not for me in this case, it's just a home desktop for me)
<cemc> yes
<cemc> just in this case, generally is not a good idea, I got it
<jdstrand> cemc: yes
<jdstrand> cemc: you said to usr.sbin.libvirtd though-- it should be /etc/apparmor.d/abstractions/libvirt-qemu though
<jdstrand> cemc: usr.sbin.libvirtd is for the libvirtd daemon, for the guests, it is a combination of files-- to affect all guests, modify /etc/apparmor.d/abstractions/libvirt-qemu
<cemc> right
<cemc> jdstrand: it worked. thanks again.
<jdstrand> cemc: sure, np!
<majuk> So I enabled Samba as a Windows domain controller and elected it browse master for my subnet. Unfortunately, apparently something was not set up correctly with tbdsam (I'm guessing because I hadn't added a user for Samba yet) because it proceeded to take down ALL authentication for the server. I am now totally unable to log in, either remotely or locally. Attempts to change passwords for current users fails. Any ideas for trouble shooting this situatio
<majuk> n from the recovery root console would be greatly appreciated.
<majuk> The prospect of starting over makes me physically ill.
<twb> majuk: you can't log into the Ubuntu server on which Samba is running?
<majuk> twb, Correct
<twb> majuk: then you have broken the Ubuntu part, irrespective of what you've done to Samba
<majuk> twb, Well, I can log in, but I am just kicked back out to another login prompt
<majuk> twb, Right
<twb> majuk: boot a live CD and fix /etc/pam.d
<twb> Oh, you CAN log in.
<twb> That suggests your default shell is busted or something
<majuk> twb, Yea, I thought that as well. But adding new users with different shells makes no difference
<majuk> twb, And as root I am able to SU to the other users
<twb> majuk: you said you couldn't log in
<twb> majuk: if you can get root, then you CAN log in: as root.
<majuk> twb, ok
<twb> Are you doing "su majuk" or "su majuk -"?
<majuk> twb, But only through the recovery console
<majuk> twb, su majuk
<majuk> twb, Any ideas for troubleshooting? I am open to anything.
<twb> majuk: OK, so you can't log in as root normally, only by picking "rescue" from the bootloader, and then picking "shell" or similar in the popup dialog that has other options like "resume booting" and "fix xorg"?
<twb> I suppose if root has no password, you wouldn't be able to log in as root anyway.
<twb> You should be trying "su majuk -", since that will use a *login* shell.
<majuk> twb, You are correct.
<majuk> twb, That works. I am given a command line as the user majuk
<majuk> But if I try to change the password, it requests my current PW and then drops me down to a new command line, never prompts me for the new password
<twb> Yeah, that indicates you have busted pam.d up
<majuk> twb, Yea, and I didn't touch it personally. Any idea how to restore or cleanse it?
<majuk> I'm not a PAM guru. :(
<twb> One moment
<majuk> kk
<twb> majuk: run "auth-client-config --show-system" and pastebin the results
<majuk> sec
<twb> If you're transcribing by hand, newlines are important, but you needn't preserve spacing.
<majuk> twb, Yea, gonna have to transcribe, gimme a minute to type this out
<majuk> twb, http://pastebin.com/macf1c1e
<twb> Yeah, someone has put samba stuff in there
<twb> So that your user accounts come out of the Samba database
<majuk> twb, that would explain it, the samba DB is not complete.
<twb> I don't know how they would've gotten there if you didn't ask for them to get there
<majuk> I might have. I'm moderately new to Samba and everything is so automated. I've been reading howTos and running commands I'm not 100% sure what they do.
<twb> OK, grasshopper.  Today's lesson is not to blithely run whatever some web page tells you to run.
<majuk> '$net groupmap list' was the last thing I ran before everything went south
<twb> For example, when I told you to run auth-client-config before, you should have checked the manpage first, to make sure it wasn't a totally stupid thing to do
<twb> Since neither I nor you know what else has happened to this system, if you haven't got anything important on it, I would advise you to blow it away and start again.
<majuk> Yea
<majuk> This is ridiculous. 'net' only does samba admin stuff. And before that all I was doing was editing the Samba config and rebooting it's daemon
<majuk> what
<majuk> the
<majuk> expletive
<majuk> So twb, how'd you deduce it's referring to samba for it's user info?
<twb> majuk: that pastebin refers to "smb", i.e. samba (or Windows)
<majuk> Yea. It has 'optional' in there though
<majuk> Whatever
<twb> Yes, but the whole rest of the file is wacky
<majuk> ah
<twb> It wouldn't surprise me if whichever blog you pulled that from, the author hadn't even tried to log in with a non-Samba account after configuring it
<twb> PAM is a massive bitch to get right
<majuk> Yea. Oh well. And me without my install USB
<majuk> Someone come to Texas and end me.
<twb> Just go out into the street and talk about healthcare for all
<mathiaz> kirkland: http://www.stgraber.org/2009/11/06/lxc-containers-or-extremely-fast-virtualization
<majuk> twb, LOL, yea. I just re-rolled out the server. Commencing config and self-loathing. Thanks again for your help.
<twb> majuk: no worries
<twb> I recommend etckeeper to help you keep track of what changed in /etc and why.
<majuk> Noted.
<majuk> I'm out. Later man
<uvirtbot> New bug: #479614 in samba (universe) "Nautilus hangs from time to time" [Undecided,New] https://launchpad.net/bugs/479614
#ubuntu-server 2009-11-11
<mathiaz> kirkland: https://blueprints.launchpad.net/~mathiaz/+specs?role=registrant&searchtext=server-lucid
<linux_dr> #cakephp
<xperia2> hello to all. have a question about bind. i am able to access my server over the web domain "mydomain.com" but "www.mydomain.com" wont work. it looks like i need to added a new entry to the bind 9 file db.mydomain.com
<RoyK> xperia2: did    you add it? did you update the serial? did you reload?
<xperia2> RoyK: dont want to break the file as i dont know what exactly i have to put for a line in this file
<xperia2> will upload the file to pastebin so you can see it
<xperia2> RoyK: okay this here is the file with my entrys http://pastebin.com/d1d5e0401
<xperia2> it would be great to know what i need to change so both version of the domain "www.mydomain.com" and "mydomain.com" works !
<RoyK> xperia2: the serial at line 8 must be updated for the zone to be reloaded. the usual way to to set this is YYYYMMDDXX where XX is a counter
<RoyK> to add www, just  add
<RoyK> www     IN      A       80.254.182.249
<RoyK> or even better a cname
<RoyK> as in
<RoyK> WWW IN CNAME wificom.ch.
<RoyK> cname is an alias
<xperia2> RoyK: wooow very intersting !
<xperia2> will change this now as you said !
<RoyK> next time, look up the bind docs
<RoyK> also, set TTL to something lower
<xperia2> well i have allready the ubuntu wiki pages opened and looked but i dont wanted to break something.
<RoyK> it's set to 7 days
<RoyK> set it to 86400 (24 hours) or perhaps even 7200 (two hours(
<RoyK> s/.$/)/
<xperia2> and the wikipages dont really tell what is needed to be done for resolving this problem.
<RoyK> http://www.bind9.net/manuals is a fine place   to start
<twb> RoyK: does "IN" denote an "IN" record, or is that just some command's format for an A record?
<RoyK> 'internet'
<RoyK> as in ipv4
<xperia2> RoyK: ahh okay :-) i look allways at the wiki pages !
<twb> Right, thanks
<ScottK> Actually IN is a DNS record class.
<xperia2> RoyK: a specific question. if i want also to have subdomains like "www.sub1.mydomain.com" and also "sub1.mydomain.com" what is the better solution ?
<ScottK> It is the only one in use at the moment
<RoyK> $ORIGIN sub1.mydomain.com
<RoyK> www IN A x.x.x.x
<RoyK> in that order
<RoyK> or just www.sub1.mydomain.com. in a x.x.x.x
<RoyK> mark the period at the end of .com.
<xperia2> no i want to have about 10 sub domains
<RoyK> that means "don't add the origin defined above"
<xperia2> but i am wondering if i should use the cname entry
<twb> Wouldn't it be better for each machine to have a "real" name, like "zippy", and then CNAME www to zippy, and for the domain root (example.net) have something smart enough to redirect to www.example.net for port 80 and mail.example.net for port 25, and so on?
<twb> The latter being an MX, I guess
<RoyK> xperia2: this isn't really an ubuntu question, but keep it short, and I'll answer it. it's a bind question after all
<xperia2> twb: yes i want this for receiving mails on my server
<RoyK> create one A and then a bunch of CNAMEs to that
<RoyK> and create one A for the MX and  reference  to that from the other domains or subdomains
<xperia2> okay give me a moment for doing that !
<twb> The point being that "example.net" isn't a host's name, it's a domain.  If you later introduce a second host "griffy", you don't want to have to piss about in zippy:/etc/hosts and such during the migration
<RoyK> I didn't say he should define everything as the domain name
<RoyK> the mx points to the domain
<RoyK> everything else are hosts
<RoyK> even the domain name itself
<RoyK> you can even define the domain name as a cname to a host if   you want to
<RoyK> as in
<RoyK> @ cname somehost
<RoyK> given $ORIGIN yourdom.com
<RoyK> but night
<Campulung> how i can install ubuntu server under windows?
<twb> Campulung: badly
<twb> Campulung: why do you want to do that?
<Campulung> because i want to use windows too
<Campulung> in same time
<twb> Campulung: why?
<Campulung> i have an office aplication who run only in windows
<ScottK> On a server?
<Campulung> no
<twb> A single host shouldn't be performing both server and workstation roles.
<Campulung> i can run ubuntu server under windows?
<Campulung> in same time?
<twb> Campulung: that is technically possible, but it is stupid.
<xperia2> RoyK: i have changed the file now. http://pastebin.com/d41283b30 however i am a litlle unsure about the mail entry for the subdomain gallery
<Campulung> i need ubuntu server for ehcp
<Campulung> What should I do?
<twb> Inherit a lot of money from a dead aunt, move to Jamaica and sit on the beach all day drinking
<xperia2> twb: nice one but even this dont make happy the whole life :-)
<jetole> hey guys, I am running ntpd on a server, 9.04 / Jaunty. time is becoming further and further out of sync with the NTP servers quite fast. It seems like about every 10 seconds it becomes 1 second out of date. Does anyone know what would cause this?
<twb> jetole: not running an ntp daemon
<twb> jetole: oh, if it's losing one-tenth of a second to the second, that's different
<twb> That's "buy a new motherboard" kind of territory.
<jetole> twb, it is running and I am running the nagios check ntp check now but on the server in real time with the watch command and I am watching it
<twb> If you weren't running ntp, I would expect you to lose maybe a minute to the day.
<jetole> twb: it's a VM and it's the only vm out of 1/2 dozen that this is occuring to
<twb> jetole: OK, VM's are a whole different ballpark
<jetole> why?
<twb> jetole: which virtualization technology?  VMware?
<jetole> kvm
<twb> I don't know the right fix for kvm.
<jetole> I don't think it is kvm
<twb> First of all try booting with notsc.
<twb> (Booting the VM, that is.)
<jetole> why would this be the only vm running on this host
<jetole> what is notsc?
<twb> jetole: I don't know.
<twb> notsc means "don't trust the hardware clock"
<jetole> ok, let me try, it's a mail server so I can reboot it and proper mail servers will send again
<twb> I don't expect that to help much...
<xperia2> twb: do you know if the last line in my bind9 config file is right for receiving mails to my subdomain "gallery.mydomain.ch" ? http://pastebin.com/d41283b30
<jetole> hmm
<twb> jetole: for other VM technologies, particularly VMware, I have seen that running ntp inside the VM is "wrong", and you are instead supposed to use a funky bridge that makes it sync via the virtualization layer
<twb> Which in vmware is done with the vmware-tools kernel blob crap
<jetole> twb, well perhaps but again, this is one among more then a half dozen running on the host server with this issue
<jetole> twb: actually I think it can be done trusting the hardware clock with ntp turned off
<twb> Shrug
<twb> I would ask the KVM people if they know of this issue
<jetole> well the hardware clock for a vm is the software clock of the host
<jetole> yeah good idea
<twb> Sorry, that was what I was implying earlier, I should've said so outright
<mathiaz> stgraber: LXC support should be enabled in libvirt in karmic
<stgraber> it's
<stgraber> though apparmor blocks it
<stgraber> and the userland tools for LXC were outdated
<kirkland> stgraber: oh?  poke jdstrand about that
<stgraber> once I updated LXC, then libvirt is outdated but work is going on upstream
<stgraber> so for Lucid I have good hopes to have both the userland tools working correctly (already have that with a git snapshot in my PPA) and libvirt is being worked on to follow these lxc changes
<stgraber> apparmor isn't a big deal to fix, it's just about allowing libvirt to call two additional binaries IIRC though there's not much point in fixing that in Karmic as userland LXC doesn't work correctly
 * stgraber currently has 3-4 users at the office running LXC on netbooks or atom-based thin clients with 10 contexts or so each ;)
<twb> ubottu: LXC
<ubottu> Sorry, I don't know anything about LXC
<stgraber> twb: Linux containers. http://www.stgraber.org/2009/11/06/lxc-containers-or-extremely-fast-virtualization
<twb> Is that a competitor for OpenVZ?
<stgraber> it may very well be its replacement as it's entirely included in the upstream kernel
<twb> Bloody awesome
<stgraber> yep
<twb> I hate openvz
<stgraber> I liked OpenVZ but not being able to run it on your laptop was kind of frustrating
<Campulung40> where i can find unbuntu 32b ?
<stgraber> LXC's tools aren't as good as OpenVZ's but with the libvirt module we shouldn't need them anyway ;)
<Campulung40> from where download ubuntu 32-bit ?
<Campulung40> *ubuntu server
<twb> I don't like OpenVZ's tendency to hang the whole system when I mount -t aufs
<crohakon> Campulung, www,ubuntu.com
<crohakon> Campulung, www.ubuntu.com
<Campulung40> here is only 64b version
<Campulung40> i need 32-bit
<Campulung40> look: http://www.ubuntu.com/getubuntu/download-server
<ajmitch> Campulung40: there's an "alternative download options" link there which will show you the 32-bit version
<Campulung40> tx ajmitch ...
<kirkland> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/454405
<uvirtbot> Launchpad bug 454405 in eucalyptus "the CC is returning incorrect networkIndex values on describeInstances" [Critical,Fix committed]
<dragon> how do I configure what service runs at which runlevel?
<dragon> I'm aware of the presence of /etc/rc.d script hooks, but I'm looking for a tool
<kirkland> mathiaz: http://www.google.com/intl/en/press/pressrel/20091110_free_airport_wifi_holiday.html
<kirkland> mathiaz: since you use virsh a lot, feel free to add helpful hints to: https://help.ubuntu.com/community/KVM/Virsh
<smackd> how do you refresh /etc/hosts in commandline
<jdstrand> stgraber: please file bugs for LXC and libvirt. these have to be simple profiling bugs for libvirtd since only the qemu driver has guest protection
<jdstrand> stgraber: I can then get lucid fixed at least, and get the changes pushed upstream
<jdstrand> stgraber: though, if I have another libvirt SRU, I might just fix it in karmic too (the profiling bugs)
<stgraber> bug 480478
<uvirtbot> Launchpad bug 480478 in libvirt "libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc" [Undecided,New] https://launchpad.net/bugs/480478
<stgraber> jdstrand: ^
<jdstrand> stgraber: thanks!
<stgraber> np
<jdstrand> I think there is another binary or too-- I'll fix them
<jdstrand> two
<jdstrand> stgraber: btw, would 0.7.2 be good? I figure I'll do the merge sometime soon
<uvirtbot> New bug: #480478 in libvirt (main) "libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc" [Medium,Triaged] https://launchpad.net/bugs/480478
<stgraber> jdstrand: I'm not sure, that will include a whole lot of upstream changes in the lxc driver for libvirt but they did a whole lot more afterwards and changelog isn't very clear on that.
<stgraber> jdstrand: I see it's in unstable so I may just upload a backport to my PPA and do some tests with it tomorrow (if I find the time)
 * stgraber would love to have some working to show at UDS (including libvirt support)
<jdstrand> stgraber: I'll try to get the merge before UDS
<jdstrand> I'm going to upstream a couple of other things too, so maybe we'll have 0.7.3 soon in lucid (though not UDS soon)
<uvirtbot> New bug: #480479 in backuppc (main) "package backuppc 3.1.0-4ubuntu1.1 failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/480479
<smackd> can anyone point me to a good site or help me setup this.. i want to make it so that, say user  bob and user bill have different domains for the email address.. i have a few domains on this server... how can i do this.
<twb> smackd: tell postfix to accept email for both domains
<twb> smackd: then go to the pub and have a drink
<smackd> lol
<smackd> pub
<smackd> too far
<smackd> twb, the accepting part is set-up.. its when an email is sent
<smackd> it only shows the main domain
<twb> On the envelope From, or the message From?
<smackd> ok sorry.. forgot to say im using squirrelmail as the client for this
<smackd> figured it out
 * smackd kicks himself
<Chris_Davis> any one here know about secure file storage? I need to create a client portal solution for accountants to share sensitive data with their clients and visa versa. I would be willing to pay a reward for the right solution
<jmarsden> Chris_Davis: That's a very broad question; does your specification have all the details about what "secure" means in this context, and whether you care about secure *transmission* as well as secure *storage* of the data?  What legal issues are there that have a bearing on this in your country/jurisdiction?  To get a useful answer you will probably need to point people at the detailed RFP...
<Chris_Davis> it's for the USA and for both transfer and storage
<Chris_Davis> there are HIPPA guidelines that people often talk about
<jmarsden> Chris_Davis: There are several open source "web file manager" apps that could work for you, appropriately secured over SSL/TLS.  Things like http://boxroom.rubyforge.org/
<Chris_Davis> secure enough to store client SSN#s?
<ScottK> Chris_Davis: If you're seriously concerned about security, before you have stuff on the actual internet, you really, really need to have some serious design expertise and security review.  It's not a problem you'll solve with casual IRC chat.
<Chris_Davis> ScottK, true, but if it isn't worth it and will cost too much in legal fees, etc to do
<Chris_Davis> I can save my time and money before going to a lawyer and paying them $200/hour too look up what a GB is
<jmarsden> Chris_Davis: You are wasting other people's time if you ask questions like "secure enough to store client SSN#s?" before you define your requirements.  We're back to "what secure means in this context" ... you have not provided that definition... define "secure enough"... secure from what class of attackers with what resources for what time period, to start with... overall you need to define your project requirements
<jmarsden>  in more depth.  Write a clear RFP, or point us to the existing one.
<Chris_Davis> secure period, can't access the data period
<Chris_Davis> I need a way for cpas to share data with clients and only that client
<Chris_Davis> with audit trail
<jmarsden> secure period implies you cannot do it on the Internet period.
<jmarsden> Have them ship data by secure courier in briefcases chained to the bonded couriers wrist, etc.
<jmarsden> If you know so little about security you think that "secure period" is feasible among networked computers, you are totally unqualified for this kind of work.
<Chris_Davis> it isn't a line of work for me
<Chris_Davis> I just do project management
<Chris_Davis> I wanted to know what was possible
<Chris_Davis> and get a trail to follow
<Chris_Davis> luckily, another channel was kind enough to just mention PKI, and I've been happily reading ever since
<ScottK> Chris_Davis: Not "Secure.  Period.", BTW.  Anyone who is giving you security answers in absolultes is either leading you on or doesn't know what they're talking about.
<ScottK> Seriously, you need to have someone figure this out who understands it.  If you're actually worried about security, do it yourself makes about as much sense as do it yourself brain surgery.
<Chris_Davis> I'm not trying to do it myself, but others have had to work out similar problems
<Chris_Davis> at the moment they are agreeing that PKI is the "best" way
<ScottK> In general, that's true.
<Chris_Davis> right, I'm not expecting to get a fool-proof answer
<Chris_Davis> but this isn't my area at all
<Chris_Davis> and before I post a job saying "something to do with file storage"
<Chris_Davis> I'd prefer to narrow it down
<Chris_Davis> in this case to PKI
<Chris_Davis> then I can learn advantages and disadvantages, etc
<uvirtbot> New bug: #478333 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 (not installed) failed to install/upgrade: le sous-processus nouveau script pre-installation a retourn? une erreur de sortie d'?tat 1" [Low,Invalid] https://launchpad.net/bugs/478333
<maxagaz> Ctrl+z pause & put in background a task, how to just put a task in background and get it back ?
<KurtKraut> maxagaz, I belive it is: fg NUMBER
<KurtKraut> maxagaz, the number was shown right after the CTRL+Z
<jmarsden> maxagaz: ctrl-Z and then fg (to get it back in the foreground) or bg (to get it running in the background.  Default jobspec is the current job, which is the one you just created with ctrl-Z, so there should be no need to specify a number for this.  help fg
<roxy007>  HI there, I have a question..i just install ldap in ubuntu server but i cant find the file sldap.conf, Is no was installed.Somebody know what i can resolve this problem?
<jmarsden> roxy007: WHat are you trying to do, and why do you think there *should* be a file called sldap.conf ??
<roxy007> hi jmarsden, yes ...i install before in another servers and always was this file and i needed also to configurate this file
<roxy007> i want install a ldap server
<jmarsden> sldap.conf?  or slapd.conf?
<jmarsden> Maybe http://www.howtoforge.com/installing-and-configuring-openldap-on-ubuntu-intrepid-ibex  will give you some ideas?
<jmarsden> I think you are looking for slapd.conf, you asked for sldap.conf -- those are different things!
<roxy007> yes ...
<roxy007> thats rght
<roxy007> do you know how i can resolve it?
<jmarsden> Did you read the HOWTO?  It includes a sample slapd.conf -- so that would be one way.
<jmarsden> Also see https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html
<jmarsden> roxy007: Note that the slapd.conf approach is old and no longer considered a good way to configure slapd, as I understand it.  You can and should be using the cn=config stuff instead.  That is why there is no slapd.conf provided by default.
<roxy007> ah..ok, i undestand now..thanks a lot
<jmarsden> No problem.
<asentaja> can CUPS be used without a GUI
<jmarsden> asentaja: Yes.
<kaushal> hi
<kaushal> any one used ntop ?
<crohakon> I want to format and repartition my external hard drive. I do not want to use NTFS or FAT32 but I still want windows to be able to access files off of it. Is this possible? And if so, what file system do I use?
<atomic_1> if you format it with ext3/4, you would have to get that utility for windows
<atomic_1> which is slooow
<uvirtbot> New bug: #480332 in munin (universe) "package munin-node 1.2.6-13ubuntu3 failed to install/upgrade: subprocess installed post-installation script killed by signal (Interrupt)" [Undecided,Invalid] https://launchpad.net/bugs/480332
<crohakon> what command do I use to update my server via ssh terminal?
<smackd> apt-get update
<smackd> or sudo apt-get update
<smackd> if not sudo su root
<crohakon> and that will actually download and install any updates?
<smackd> no
<smackd> sudo apt-get upgrade
<smackd> will install em
<smackd> update just gets the list of files
<crohakon> perfect, thank you.
<smackd> np.
<_ruben> upgrade wont install new packages though, which is the case with kernel upgrades for instance, use apt-get dist-upgrade instead to cover those as well
<crohakon> _ruben, if I use sudo apt-get dist-upgrade will that upgrade me to 9.10 from 9.04?
<crohakon> well, sleep time it is. Goodnight
<RoyK> no
<RoyK> do-release-upgrade will
<_ruben> crohakon: it would only do so if you'd had altered you sources.list as well
<\sh> moins
<chimp_> I have an obscure error when trying to install dhcp3-server on an arm board
<chimp_> Can't exec "/tmp/dhcp3-server.config.23361": Permission denied at /usr/share/perl/5.10/IPC/Open3.pm line 168.
<chimp_> open2: exec of /tmp/dhcp3-server.config.23361 configure  failed at /usr/share/perl5/Debconf/ConfModule.pm line 59
<chimp_> It then fails to preconfigure, and doesnt start, any ideas?
<chimp_> Ahh i think I worked out the problem, fstab had /tmp mounted no exec
 * soren goes to lunch
<VEB> how to uninstal ubuntu desktop from server?
<Jeeves_> apt-get remove ubuntu-desktop
<Jeeves_> And than tons of packages that can be removed too
<Jeeves_> probably with 'apt-get autoremove'
<VEB> Reading package lists... Done
<VEB> Package ubuntu-desktop is not installed, so not removed
<VEB> but is instaled
<Jeeves_> Well, no. It isn't :)
<VEB> but i have the grafic interface
<VEB> and all the options from desktop
<Jeeves_> How did you install that than?
<VEB> apt-get install ubuntu-desktop
<Jeeves_> ok
<Jeeves_> So you probably de-installed that allready
<ESEDU> is my printer device URI that specified in lpinfo -v
<ESEDU> ?
<ESEDU> how can i find out my printer URI
<acalvo> to anyone who uses LDAP: how can I change the cn=admin,dc=domain,dc=com password in a RTC system?
<acalvo> is there any attribute (like the olcRootDN) that I can use to specify a password
<acalvo> ?
<nyk2005> My mysql server fails to start. I somehow messed up the database of the first install, purged it and cleaned all traces of it by hand. But now it still fails to start and even to install the package using aptitude. What can it be?
<soren> nyk2005: What kind of errors are you getting?
<nyk2005> soren: just [fail]
<nyk2005> soren: nothing in the logs
<soren> You said you can't even install it using aptitude.
<soren> How does that fail?
<nyk2005> and during package install: "invoke-rc.d: initscript mysql, action "start" failed"
<soren> Ok, so the package install, but fails to run.. Hm. When you say you cleaned all traces of it... What exactly did you do?
<nyk2005> find / | grep mysql
<nyk2005> and remove all that
<nyk2005> when I just run /usr/bin/mysqld_safe, it starts then says "mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended"
<nyk2005> and in /var/log/messages "Nov 11 13:23:18 biodata2 kernel: [46908.006040] type=1503 audit(1257942198.520:839): operation="open" pid=22153 parent=22046 profile="/usr/sbin/mysqld" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/sys/devices/system/cpu/""
<nyk2005> what kind of message is this?
<soren> Erk..
<soren> Did "find / | grep mysql" show anything in /var/lib/dpkg/info ?
<soren> What version of Ubuntu is this?
<atomic_1> nyk2005: that's probably apparmor
<atomic_1> i had the same messages with bind
<soren> It is apparmour, yes.
<nyk2005> ah because I also deleted the profile
<soren> Yeah. Now nothing will work.
<nyk2005> shit... so just aptitude remove/install to get it...
<soren> purge.
<soren> Not just remove.
<nyk2005> but I can't because it then tries to start mysql.. :)
<soren> And you still haven't answered my question.
<soren> 13:26:27 < soren> Did "find / | grep mysql" show anything in /var/lib/dpkg/info ?
<soren> ...and did you delete any of that?
<soren> ..although it trying to start mysql when you remove it suggests that at least some of that stuff is still around.
<Jeeves_> soren: Isn't "find /var/lib/dpkg/info | grep mysql" more efficient? :)
<soren> Jeeves_: Depends on what you're trying to do.
<nyk2005> soren: no I didn't touch any of the OS stuff
<soren> nyk2005: Except apparmour.
<asentaja> how do i find out my device URI
<nyk2005> soren: ah yes..
<nyk2005> soren: because it has "mysql" in it and resides in /etc... which made it susceptible..
<nyk2005> soren: so i just replace the file from here:soren
<nyk2005> soren: I mean http://ubuntuforums.org/showthread.php?t=849274
<asentaja> nyk2005: how do i find out my device URI
<nyk2005> nyk2005: what device?
<asentaja> printer
<nyk2005> printer has an uri? why not use cups?
<soren> asentaja: Why do you need it?
<asentaja> adding printer with lpadmin
<soren> nyk2005: I don't know.
<soren> nyk2005: 13:26:50 < soren> What version of Ubuntu is this?
<asentaja> lpadmin printer1 -v device URI
<asentaja> server 9.04
<asentaja> or 9.10
<asentaja> I am using cups
<nyk2005> soren: actually /etc/apparmor.d/usr.sbin.mysqld exists, it just has a parsing error: "AppArmor parser error in /etc/apparmor.d/usr.sbin.mysqld at line 352: Could not open '(null)"
<mok0> I have a question about sieve scripts: Is there an "#include xxxx" so I can organize the code in several files?
<nyk2005> but that file never has that many lines..
<soren> mok0: Which sieve implementation are we talking about?
<soren> nyk2005: I can't help you when you don't answer my questions.
<mok0> soren: the one in Ubuntu's mail stack, I believe it's CMU's
<soren> mok0: Err..
<soren> mok0: Dovecot, you mean?
<nyk2005> asentaja: if your cups is configured from the webinterface it's enough (at least for me) to access it by name.
<mok0> soren: yes
<soren> mok0: Which version?
<mok0> soren: karmic :-)
<asentaja> it dosent have a web interface
<asentaja> im using command line
<asentaja> "lpadmin" command
<mok0> soren: I've been looking for a while, and I'm afraid everything goes into one huge file, which sux IMO
<soren> mok0: http://wiki.dovecot.org/LDA/Sieve#Include_scripts
<mok0> soren: my hero! :-)
<soren> :)
<soren> dovecot in Karmic is 1.1.11. Bear that in mind when reading that page.
<mok0> soren: you mean, it's the newest version I guess
<zul> morning
<soren> mok0: Well, there's a 1.2 dev version.
<mok0> soren: ah I see
<soren> mok0: If that page talks about "CMU sieve" vs. "Dovecot Sieve", "CMU sieve" is the one you should pay attention to.
<mok0> soren: ok, thanks
<soren> Dovecot uses CMU Sieve in 1.0 and 1.1.
<soren> 1.2 can use either.
<asentaja> I dont know how it works adding a printer threw web interface, but i need to use the command line tool lpadmin for that, and it needs the URI for it
 * mok0 hurries off to translate old procmail recipes to sieve-format :-)
 * soren makes a coffee run
<ESEDU> asentaja goes fuc***g mad
<nyk2005> asentaja: it's very comforable in the webinterface, all done by wizards.. :)
<nyk2005> just cupsserver:631
<ESEDU> do you need GUI for the web interface i think yes?
<ESEDU> see ubuntu server is only command line
<ESEDU> I think the URI is something like /dev/usb*
<ESEDU> but not really sure
<mok0> soren, can you use variables inside a sieve script?
<mok0> soren: n/m
 * MenZa slides soren a steaming hot mug of coffee.
 * atomic_1 intercepts it
<MenZa> :O
<soren> :(
<ESEDU> please why wont anyone help me
<soren> Because we have no clue about printing, I suppose.
<uvirtbot> New bug: #479900 in nut (universe) "Nut upgrade overwrites /etc/nut/nut.conf" [Medium,Triaged] https://launchpad.net/bugs/479900
 * MenZa virtualises soren 
<\sh> soren, just a reminder, all ideas of keybuk weren't successful
<soren> How about mine?
<\sh> I'll test it just now...
<\sh> soren, you meant just exec ifup -a in /etc/init/network-interface.conf
<soren> Yes.
<soren> It will have a side effect, though.
<\sh> I think this is also too early for that...
<mok0> How do I incorporate spam filtering in Ubuntu's mail stack?
<soren> \sh: What do you mean?
<\sh> soren, when I read the file correctly, it will be always triggered when udev adds an interface...
<soren> Exactly.
<\sh> soren, which means, an ifup -a will fail the same way, because not all interfaces are added at some time...
<soren> Right..
<soren> So?
<soren> It will also be called when all the necessary interfaces are called, at which point it will succeed.
<\sh> the bonding e.g.  will be available, but without any interfaces added to the bond...(this happens as well with keybuk ideas)
<soren> Err... when all the necessary interfaces have been added, I mean.
<soren> The bond interface doesn't fail to be configured if the nic's are not available?
<soren> Oh, ffs..
<\sh> nope...the bond0 interface is there...
<\sh> but without the needed NICs it's useless, and e.g. an vlan interface which is using the vlan_raw_device bond0 doesn't work
<soren> I understand.
<soren> I just expected ifenslave's ifup script to bail out if the listed interfaces were unavailable..
<soren> but it doesn't. How "clever".
<\sh> well, tbh, bonding interfaces are somewhat sick...it needs to be auto bond0 and you need to set something like 0.0.0.1 as address to be used as e.g. vlan_raw_device
<soren> Oh!
<soren> I think I may have the solution.
<soren> \sh: Try this: /usr/share/doc/ifenslave-2.6/examples/two_hotplug_ethernet
<\sh> oh
<\sh> there is a bug in this example ;)
<soren> What?
<soren> ah, i see.
<\sh> ;)
<soren> There may actually be two..
<soren> Let me check.
<soren> Ah, no, it's probably only the one.
<\sh> soren: this will be fun with a setup like this: http://www.sourcecode.de/content/network-setup-freaks-me-out
<garymc> Ok anyone help me out? I need to View and Edit PDF files in my GUI. I can view new files fine. As soon as I save them they become unviewable? What is my solution?
<soren> \sh: What does eth0 and eth1 do all by themselves?
<\sh> soren, nothing :)
<soren> garymc: Wrong channel.
<\sh> soren, they are just the way out of the server ...
<garymc> yeah there is no right channel
<\sh> garymc, #ubuntu is the right one
<soren> garymc: #ubuntu
<soren> No right channel does not mean that any channel is the right channel.
<garymc> no help there
<\sh> soren, the hotplug didn't work
<soren> garymc: That does not mean that this magically becomes the right channel.
<soren> \sh: You changed /etc/init/network-interface.conf back to the way it was to begin with, right?
<\sh> soren, yepp
<\sh> soren, /etc/init.d/networking restart after login works as expected...
<\sh> just not during boot up time
<soren> Can you work out why it fails?
<\sh> soren, can I somehow pass --debug to upstart and tell upstart to log into a file? just working from an ILO so I need some logfile
<\sh> soren, (--debug via kernel-commandline is known)
<Daviey> Hey, i don't think i can make today's meeting.  However, i've posted some comments regarding spamassassin which was ne of my action'sfrom last week.
<Daviey> (to ubuntu-server ml)
<soren> \sh: Don't know.
<ttx> smoser: ping
<\sh> let's see if someone from #u-d  has a clue
<Daviey> \sh: surely you can direct the verbosity to the ttyS of iLo?
<\sh> Daviey, you mean direct the output of kernel + upstart through ttyS ilo port 3002? ;-)
<Daviey> \sh: i mean, the fact it's iLo makes no differnet, surely.  It's just a (serial) console.
<Daviey> difference*
<Daviey> I assume you have ipmi aswell?
<\sh> oh well...playing with our firewall....
<Daviey> well if you cna get shell into the network, just run the ipmitools on a box within the network- and ssh to that :)
 * Daviey has to run, ttfn
<ttx> meeting -> #ubuntu-meeting
<\sh> Daviey, this is hard...:) because our ilo network is not reachable from within the production network...
<smoser> ttx, here
<ttx> smoser: after the meeting
<\sh> grmpf
<Fenix|work> Greetings and salutations!
<Joelio> Hi all, is it possible to run a cluster head as a node too? I.e. is it possible to run a cloud on one machine (I'm testing)
<mok0> Jeez these sieve scripts ignore everything I try to do... :-(
<zul> ttx: so the samba sru
<zul> ttx: i was going to do an samba karmic SRU tomorrow but I was going to add that libsmbclient nautilus bug as well and go through the changelog and see if we can cherrypick any others
<ttx> zul: ok
<ttx> mathiaz, kirkland: see https://bugs.launchpad.net/ubuntu-release-notes/+bug/458904/comments/32
<uvirtbot> Launchpad bug 458904 in eucalyptus "When installing a node, euca_find_cluster fails to locate the cluster controller if instances are running" [High,Fix committed]
<mathiaz> ttx: hm - right
<mathiaz> ttx: has the avahi-daemon update been already published?
<ttx> mathiaz: yes
<mathiaz> ttx: :(
<ttx> (in -proposed)
<ttx> mathiaz: though it should be fixed in eucalyptus, no ?
<mathiaz> ttx: ha - in -proposed that's good then
<mathiaz> ttx: well - technically yes
<mathiaz> ttx: however if the avahi update is pushed at the same time as eucalyptus to -updates
<mathiaz> ttx: it will be restarted
<ttx> hmmm
<ttx> mathiaz: I don't know how acceptable that would be :)
<ttx> mathiaz: could you comment on the bug ?
<mathiaz> ttx: right - I agree that's is a bit stretched
<ttx> mathiaz: but it's true I tested a 7.1 -> 7.2 eucalyptus update alone
<ttx> since avahi update was picked up already
<mathiaz> ttx: right - I've added a comment
<mathiaz> ttx: and I'll do the test
<mathiaz> ttx: with both avahi and eucalyptus published at the same time
<ttx> mathiaz: maybe that's what kirkland tested.
<mathiaz> ttx: may be.
<ttx> mathiaz: not sure how we can validate the fix for bug 454405
<uvirtbot> Launchpad bug 454405 in eucalyptus "the CC is returning incorrect networkIndex values on describeInstances" [Critical,Fix committed] https://launchpad.net/bugs/454405
<mathiaz> ttx: yeah - me neither
<mathiaz> ttx: upstream said so?
<ttx> mathiaz: well, they could help in validating the fix
<ttx> since we lack a clear testcase.
<googa> anyone there?
<googa> can I ask a question
<mathiaz> !ask | googa
<ubottu> googa: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<googa> How do clients use printers on a print server lets say working CUPS?
 * soren goes to dinner
<cemc> how can I select a specific mirror at install time?
<cemc> or specify one local (apt-proxy) mirror
<\sh> anyone online with similar problems as described in #446031 ?
<cemc> \sh: I have almost the same setup, only with dhcp, and I have no problems
<\sh> cemc, running karmic?
<cemc> \sh: yes
<\sh> cemc, can you paste your /e/n/i ?
<cemc> http://pastebin.ubuntu.com/316127/
<cemc> looks similar, only with dhcp
<\sh> cemc, can you try with a static ip ?
<cemc> \sh: not right now, gf is working on the comp. but I have a laptop, also with Karmic, and I can try there. I don't have bridge there right now, but I had a couple of days ago, and it also worked fine, just gimme a sec
<\sh> cemc, no NM on it?
<cemc> \sh: http://pastebin.ubuntu.com/316135/ - this is the config right now, just copy-pasted from the bug and changed the IPs
<\sh> and it works?
<cemc> \sh: I have NM on it, but it doesn't manage anything because of the auto stuff in /e/n/i
<cemc> yes, it works, I'm writing from it right now
<cemc> it's a Karmic upgraded from Jaunty. but the other one is a clean Karmic install
<cemc> both 64bit
<\sh> cemc, I don't use bridging but bonding I had the very same problem as lars, does bridging needs a manual eth0 device ?
<cemc> \sh: that's what I have in /e/n/i, it says manual for eth0. and if I do ifconfig, I can see eth0, it's up, with no IP address
<cemc> I guess it needs to be up for the network to work, even if through bridge
<\sh> cemc, hmm..strange...
<cemc> \sh: did you see the fix in the bug ?
<\sh> cemc, it was me with the fix ;)
<cemc> ah, ok
<\sh> I debugged now for 2 days with soren because of this...and this works as expected.
<cemc> what created /var/run/network anyway?
<cemc> I have that on both my machines
<\sh> I'm just trying to test this out, or if something else might be  happening
<\sh>  /var/run is a tmpfs...and ifup checks in /var/run/network/ the interface states
<cemc> I see, but what created /var/run/network ?
<\sh>  /etc/init/network-interface.conf creates this directory inside the pre-start script, but somehow when /etc/init/networking.conf is processed, this directory is not there and the call to ifup -a failes
<\sh> cemc: in your case, eventually /etc/init/network-interface.conf or some magic network-manager script
<cemc> \sh: I see... anything else I can do?
<\sh> cemc, nope...thx for your help :) I'm doing some more testing tomorrow, when I inject the new ifupdown package into my auto-dist-upgrading puppet recipe
<cemc> \sh: sure, np
<uvirtbot> New bug: #480820 in mysql-dfsg-5.0 (main) "mysql-server-5.0 package upgrade problem" [Undecided,New] https://launchpad.net/bugs/480820
<\sh> hmm...puppetd is still not started correctly, doesn't write the pid file, so stopping won't work either
<cemc> i
<cemc> if I want alias rm='rm -i' system-wide, where do I put it? I want it to be set for everbody, local user, login through ssh, etc
<generaldisarray> yo yo, i'm running libvirt-qemu and I'm trying to get usb passthru working, I've edited my apparmor to enable it and tried everything else i can find on google but it's still not working, after enable with apparmor and adding a USB physical device with virt-manager, I get the error "Error starting domain: internal error Timed out while reading monitor startup output".... anyone have any ideas how to get this to work?
<cemc> generaldisarray: you might want to try in #ubuntu-virt
<generaldisarray> doh thanks cemc i didnt realize there was a diff. group will do
<cemc> np
<zul> cemc: /etc/bashrc
<Hypnoz> /etc/.bashrc
<cemc> thx
<Hypnoz> err I thought /home/<user>/.bashrc
<Hypnoz> didn't realize you could put on in /etc/
<Hypnoz> so /etc/bashrc is called each time someone logs in?
<RayMcCoy> I have good download but terrible (less than 3kb/s) upload speed from my server in my local network, any tips? For more enfo please check this thread in the Ubuntu Forums http://ubuntuforums.org/showthread.php?t=1320471 thanks!
<Hypnoz> what app are you uploading with
<Hypnoz> and have you tried uploading with another computer on your network?
<Hypnoz> cemc: if you're still there the file you want is /etc/profile
<Hypnoz> cemc: /etc/bashrc doesn't affect login shells
<Hypnoz> cemc: unless its referenced by each users ~/.bashrc
<uvirtbot> New bug: #480885 in eucalyptus (main) "Eucalyptus avahi publication jobs failed to restart if avahi-daemon is restarted" [Low,In progress] https://launchpad.net/bugs/480885
<cemc> Hypnoz: I see
<cemc> (was a netsplit)
<smackd> hi.. im trying to setup a mailserver and need to know how to let users add email accounts without having shell access
<cemc> smackd: you could try installing postfix with virtual users and postfixadmin (web interface).
<smackd> cool. i have postfix installed. is virtual users a config option or another package?
<alex88> config option..to provide mail to non-system's user account
<cemc> smackd: well, that's a little bit more complicated, you may need to read up on some stuff. try this: https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto
<cemc> but this is not a quick "i need it now" thing :)
<marks256> how would i ssh into a remote server, and run a command and be able to close the tunnel? is this what a job is?
<\sh> marks256, ssh user@server "/bin/ls" ?
<marks256> \sh, what does the material in quotes do?
<\sh> marks256, it's example to remotely get a directory listing (ls) actually you don't need the quotes
<marks256> what i want to do is to ssh into a remote server to do some video rendering, but it's going to take about 16 hours, so i'd like to be able to turn my computer off, and not have to leave the ssh tunnel open on my computer
<\sh> marks256, oh...for that "screen" is the right tool for you
<Pici> !screen
<ubottu> Screen is a window manager for terminal sessions, also useful over SSH. The 'screen-profiles' package provides very useful additional utilities. See https://help.ubuntu.com/community/Screen
<Pici> Hm, /me wonders if we should update that for byobu
<\sh> marks256, ssh to the server, start screen , start your job , do ctrl-A D for detaching screen, logout and come back after 16 hours, ssh to the server, start "screen -r" et voila
<\sh> ok.../me is gone for today...cu tomorrow
<marks256> oh
<marks256> ok thanks!
<marks256> i'll give that a shot
 * JanC <3 screen & byobu âº
<Mack_> hi
<Patrox> hi
<Mack_> Which sendmail is faster in ubuntu server?
<Mack_> in desktop I used exim, but idk if sendmail is faster in server
<xperia2> hello to all. i have a strange problem with apache vhosting. this here is my default file in the folder sites-availble http://pastebin.com/d1d584f0
<Mack_> xperia2:  ill look at mine now
<xperia2> from all vhosts only the last one "gallery" works ! all other give me 403 Forbidden
<xperia2> You don't have permission to access / on this server.
<xperia2> Mack_: thanks !
<Mack_> xperia2: do you have index.html in them all?
<xperia2> yes !
<Mack_> cuz thats the error my server gets w/o one
<Mack_> because the directory listings are off
<ScottK> Mack_: We tend to prefer Postfix.
<xperia2> hmmm
<Mack_> ScottK: hmm, hows the speed on that? Because using desktop, the built in sendmail took about 10 minutes to send an email
<Mack_> but wouldnt let the page load until it was sent
<xperia2> normally it works if i have only one vhost !
<ScottK> Mack_: If it's that slow that's a sign of some other problem.
<ScottK> Mack_: It looks like Postfix on my laptop usually takes between half a second and a second to send a mail.
<xperia2> i will backup now the default file and leave only one vhost for prooving that it works !
<Mack_> ScottK: well this was on my serverusing ubuntu desktop, and I'm switching that soon
<JanC> eh, postfix should be able to send mails in a fraction of a second  âº
<ScottK> JanC: Yes, usually DNS lookups are the major bottleneck
<JanC> I was just going to say: "maybe a second if you do all sort of DNS lookups "
<JanC> ;)
<JanC> certainly not a minute
<JanC> would be bad for a real ISP if they get 100 mails / second  ;)
<Mack_> xperia2: have u tried all the vhosts independently?
<Mack_> JanC: yeah, thats why I had a problem with it :P
<Mack_> whats the argument for password in mysql?
<Mack_> -u is user
<Mack_> but whats for password?
<kane_> -p
<kane_> see mysql --help ;)
<xperia2> Mack_: just wanted to say you that my vhosting works now for at least three websites. you was right about the empty folders.
<Mack_> the only thing I need to figure out is why directory indexing doesnt always enable like it should
<xperia2> what me makes scary a litlle is that my selfwritten php scripts in this folders have disapeared !
<xperia2> the websites in this folder worked great. i am asking me if the wordpress blog software coudl be responisble for this erase ?
<rickspencer3> kirkland may I ask who is doing UDS session scheduling for you guys? I see that some of the sessions are not on the server track.
<rickspencer3> I could fix that for you if you want
<mathiaz> rickspencer3: mdz is doing it
<rickspencer3> mathiaz shall I track them for you guys?
 * rickspencer3 does
<rickspencer3> mdz ^
<mathiaz> rickspencer3: sure - if mdz is fine with that
<mathiaz> rickspencer3: neither ttx nor kirkland nor me can schedule anything
<jmdz> hello all
<jmdz> can someone tell me is there a wiki or a guide to install dtc on ubuntu server
<dru> hi guys...im looking for some help with file premissions
<dru> Im setting up a secure samba share, im using a 700 file permission, however on login i dont have the correct permissions
<dru> any one know what i may be doing wrong ?
<dru> does samba need to have a certain file permission set to be able to log in ?
<dru> that would seem rather illogical
<orudie_> porn http://upload.wikimedia.org/wikipedia/commons/d/df/Body_painting.JPG
<dru> hey thats suse
<dru> not ubuntu
<orudie_> :)
 * dru shakes his fits like a mad man 
<Mack_> kane_: hmm, I tried -p and it didn't work :/
<kane_> mack: 'mysql -u username -p database' and then you'll be prompted for the db password
<Mack_> OH its -p=
<kane_> i promise that works :)
<Mack_> yeah
<Mack_> I did -p pass
<Mack_> well I'm using mysqldump
<Mack_> but its the same syntax for password
<mathiaz> rickspencer3: if you're looking into scheduling session for the server track, there a couple of them related to puppet
<mathiaz> rickspencer3: they have puppet in their name
<mathiaz> rickspencer3: upstream will only be at UDS on Monday and Tuesday
<mathiaz> rickspencer3: so if the schedule could take this into account that would be very helpful
<mathiaz> rickspencer3: upstream has been subscribed and marked as essential
<mathiaz> rickspencer3_: I'm not sure that he has entered his attendance dates yet
<rickspencer3_> mathiaz, I'm not scheduling
<rickspencer3_> (for server)
<rickspencer3_> but if you need some help adjusting a session at any time, please feel free to ask me
<mathiaz> rickspencer3_: ok
<rickspencer3_> mathiaz, is there one I can help with now?
<mathiaz> rickspencer3_: not really - AFAICT no sessions have been scheduled up to now
<mathiaz> rickspencer3_: hm
<mathiaz> rickspencer3_: actually no
<Mack> using a real client now
<marks256> can anyone recommend a good (affordable) model server? i've been looking at HP Proliant DL585's lately. They look pretty good. When i say affordable i mean less than $400. I need to do some pretty CPU/Memory intensive rendering
<Mack> i would recommend building one from scratch with that budget
<marks256> that's what i was thinking. I figured i could build a quad dual core system with 16gb of ram for less than a grand
<ninnypants> I'm trying to run postfix with virtual users using mysql but I keep getting this error
<ninnypants> Nov 10 21:43:08 Directories postfix/trivial-rewrite[12406]: warning: connect to  mysql server localhost: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<ninnypants> I can get results when I use postmap to run the config file but when postfix is actually handling email it can't connect
<kane_> ninnypants: is your mysql running, and is it configured to listen on a local socket?
<ninnypants> it's running but I'm not sure about listening to a local socket how do I check that?
<kane_> let me check the precise config directive. in the meantime, check if the file /var/run/mysqld/mysqld.sock even exists
<ScottK> Also postfix is, by default, in a chroot.  The socket needs to exist inside the chroot
<kane_> ah, very good point
<ninnypants> the sock exists I've already checked that
<kane_> then what ScottK said ^
<kane_> ninnypants: this may be topical for you as well: http://ubuntuforums.org/showthread.php?t=251119
<ninnypants> I'll check that thanks. also how do I know if something exists inside chroot?
<kane_> chroot to that dir, or cd to the dir and prefix it to the path. ie if your chroot is in /my/chroot, then it's /my/chroot/var/run/mysql/mysqld.sock
<kane_> ninnypants: however, looking at the forum post, it looks like the easy solution is to switch postifx to connect to mysql over tcp rather than unix socket
<kane_> and then all this headache goes away
<ScottK> That's generally the solution.
<ninnypants> ok thanks
<PaliPals> Anyone know NFS permissions well>
<PaliPals> ?
<verbal> has anyone installed 9.10 server on a dell poweredge R805? it has a dell sas 6 controller in raid1. i can install onto the disk but cant boot off it (grub it says no device found).
<PaliPals> I am having difficulty in understanding how to share a folder with two clients
<verbal> maybe i need to install a kernel mod in grub?
<verbal> cant seem to find anything online about it, only that REL5 and suse are supported
<PaliPals> How do I make a server update packages that were held back after I do a sudo apt-get upgrade?
<ScottK> PaliPals: sudo apt-get dist-upgrade usually does it
<PaliPals> I am on LTS and don't want to distro upgrade?
<ScottK> That doesn't change the release you are running.  It just allows new packages to be pulled in if needed
<PaliPals> Ah ok. That makes sense. Thanks
<PaliPals> So if I use sudo apt-get dist-update and apt-get dist-upgrade I shouldn't get held back packages anymore?
<PaliPals> Also, with NFS I have the server working and it mounts the shares fine. The issue is that when one client puts files on the server, the other client does not have perms to them.
<PaliPals> And vice versa.
<PaliPals> So, how do I get the perms right so they both can access?
<nnn0> anyone have had problems with apache after upgrade ? mine just don't respond anymore, it seems to be running, but it don't do jack no more except using alot of cycles. apache2ctl fullstatus etc just hangs. it's just wierd.
<ScottK> PaliPals: No such thing as dist-update.  Just update.
<PaliPals> K
<PaliPals> Thanks ScottK
<PaliPals> Any advice on my NFS post at all. I know it has something to do with groups but I am just missing the idea or something.
<Lownin> i can't find a newer version of rtorrent for 8.04 in backports, but this is my first time trying to use backports. am I missing something? I don't see it in there at all.
<verbal> ok, new development.
<verbal> when i boot the OS, it says it cant find the root device and there's no /dev/mapper/mybox etc.. and kicks me to busybox, but if exit busybox, then everything works. i've had some .. timing issues before. this seems like one of those
<ScottK> verbal: Add rootdelay=90 to the boot parameters and see if that works.
<ScottK> If it does, then you can try smaller values.
<verbal> ScottK: thanks i'll try that
<Lownin> i can't find a newer version of rtorrent for 8.04 in backports, but this is my first time trying to use backports. am I missing something? I don't see it in there at all.
<ScottK> Lownin: Looks like it was never backported, but there is very little different in newer releases anyway
<Lownin> I'm having some trouble with watch directories. I don't know if it's a bug so I was trying to rule that out.
<Lownin> Thanks for the info, ScottK
<ScottK> mathiaz: Do you know if we have a spec for server based calendaring solution?
<mathiaz> ScottK: hi! I think zul registered one
<ScottK> OK.  Thanks.
<ScottK> zul: ^^ what's it called?
#ubuntu-server 2009-11-12
<verbal> ScottK: that worked. thanks a lot
<ScottK> verbal: No problem.  Glad I could help.
<mathiaz> ScottK: https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-sogo-calendar
<ScottK> Thanks.
<jmdz> hello anybody here???
<KurtKraut> jmdz, you should make your question right away
<jmdz> :)
<jmdz> first is how many months does the karmic have in server support is it the standard 1yr
<ScottK> jmdz: It's 18 months (which is the standard(
<nyk2005> I fail to install mysql-server. I already installed and removed it before. Then purged it. But now the config script fails to start the mysql daemon and exits. When I start mysqld_safe from the command line, I get this error: "Can't start server: Bind on TCP/IP port: Address already in use". But no other mysqld is running and I checked with netstat -ap, and the port is free! What can it be?
<smackkd> how do i make my eth1 renew dhcp without bringing down eth0
<jmdz> ScottK thanks
<kane_> smackkd: ifup eth1 ?
<smackkd> aaah
<smackkd> thanks
<nyk2005> it should default to skip-networking, then it works! strange to set it to localhost... ?
<Joshhhhhh> I just installed ubuntu Server 9.10, and have created a new user after the installation was done. My user doesn't have any sort of bash history or console autocomplete. Is there something I missed?
<kane_> Joshhhhhh: is your shell bash? and do you have a home dir for the user?
<Joshhhhhh> kane_, I did specify the home directory for the user, but I didn't think about the shell not being bash..
<Joshhhhhh> let me check.
<Joshhhhhh> kane_, my new user's shell is /bin/sh, hmm, I never had to specify that as an option before
<kane_> type 'which bash'
<kane_> then 'chsh'
<kane_> it'll ask you for your new shell, and just give it the full path to the output of 'which bash'
<Joshhhhhh> kane_, should I wait for my compile job to finish?
<kane_> Joshhhhhh: just open a new terminal and do it there :)
<Joshhhhhh> kane_, I would be. I was just wondering if it would affect my running compile jo
<kane_> unless it's spawning a new user session, no
<Joshhhhhh> kane_, woot, it works. Thanks a bunch
<kane_> no worries Joshhhhhh
<Joshhhhhh> I've got a lot of configuring to do, I'm migrating to ubuntu-server after 10 years of Gentoo :)
<kane_> Joshhhhhh: welcome to the fold :)
<Joshhhhhh> I'm having a hard time getting familiar with all the repository complicated mess
<Joshhhhhh> In Gentoo, if it was in portage, it was available, one way or another
<kane_> Joshhhhhh: it can be a bit tricky in the beginning, but there's actually a very simple table that illustrates it: http://en.wikipedia.org/wiki/Ubuntu_(operating_system)#Package_classification_and_support
<Joshhhhhh> kane_, oh, awesome, thanks
<kane_> Joshhhhhh: you'll notice a lot of software vendors also set up their own apt-repo for their product, which you can add to your apt sources.list and it becomes magically available
<kane_> Joshhhhhh: rabbitmq for example: http://www.rabbitmq.com/debian.html#apt
<Joshhhhhh> So what happens in the situation of: E: Couldn't find package liblame-dev
<kane_> E: can't install till it can be found
<Joshhhhhh> That means it's probably available, but on a diferent package source?
<kane_> Joshhhhhh: the supported repos from canonical tend to not suffer from this, but 3rd party/unsupported stuff may depend on libraries not releases
<kane_> it's the apt equivalent of 'no such file or directory' :)
<Joshhhhhh> hmm
<kane_> Joshhhhhh: it's not happened to me in years, but it's usually a packaging mistake when it does
<Joshhhhhh> oh, it seems the package was modified to libmp3lame-dev
<Joshhhhhh> I'm following old instructions, apparently
<kane_> that's certainly possible; you'll often find that if 'libfoo-bar' got renamed or split out, a place holder package is put in place that pulls in the new version
<Joshhhhhh> oh, I think I saw that earlier. I can't quote the log entry, but....
<uvirtbot> New bug: #481072 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/481072
<w3rd_> hey guys, Im running ubuntu server and i have a LAMP server running
<w3rd_> i have installed some third party application for monitoring my ups
<w3rd_> after i upgraded i ran into issues
<w3rd_> the webserver for the admin panel on my ups software is clobbering all httpd access
<w3rd_> so i cant seem to access my files for my site
<russlar> w3rd_: do you need the web panel on the UPS software?
<w3rd_> no
<russlar> ok
<w3rd_> i would like to remove the software to access the files on my site
<w3rd_> i have tried to change web root via httpd.conf
<russlar> remove the software completely, or just turn off the web portion?
<w3rd_> and it will default to the path for the software running the admin web services for the ups
<russlar> editing httpd.conf probably won't help
<russlar> the ups app is hanging on to port 80
<w3rd_> well when i disable the service for the ups web admin it clobbers httpd completely and disables all functions
<ScottK> w3rd_: You should probably talk to the people you got the 3rd party software from.
<w3rd_> that is what i was thinking
<w3rd_> that is where im at with this whole thing
<bogeyd6> you need to change the port the ups app is listening on
<w3rd_> we have tried changing the port on the software to allow for attempting access elsewhere
<w3rd_> but i still am not able to access the files in web root
<w3rd_> i had some issues starting httpd after the upgrade
<w3rd_> i guess the upgrade from apache 2, to 2.2 has some issues with naming conventions
<w3rd_> but i was able to get the darn thing to start finally once i modified the modules...
<w3rd_> but does that make sense at all that i cant access web root, could it be an issue with the way that i modified the configuration file? that doesnt seem to hold if i am able to access port 80 traffic for the ups software, right??
<some_name> hey guys, sorry about that.. had to bounce earlier
<some_name> basically i was whining about the issue with the UPS software
<some_name> my server was running a webserver and running a client application that utilizes webservices and after i upgraded i was no longer able to access the content in webroot
<some_name> im only able to see the webserver content for the admin panel of my ups client app
<some_name> i was hoping that if i removed the application this would allow the httpd to free up..
<some_name> is there way to check for what services utilize port 80 and which are first to be accessed if there is some sort of priorirty established for web services?
<android6011> I want to use this for a home server. but for energy reasons i want it to sleep after an hour of inactivity. if another computer tries to access it via network (http,ssh etc) will it auto wake up or does it depend on bios?
<twb> android6011: that's dependent on hardware
<android6011> ok
<uvirtbot> New bug: #314552 in ntp (main) "package ntpdate 1:4.2.4p4+dfsg-6ubuntu2 failed to install/upgrade: failed in buffer_read(fd): files list for package `ubuntu-system-service'" [Undecided,Invalid] https://launchpad.net/bugs/314552
<porkpie> i guy's I have an urgent problem....    I issue the command reboot or shutdown -r now but the server doesn't respond
<porkpie> It's like something is stopping the process from running
<porkpie> It's a production server as well .....
<\sh> moins
<porkpie> are there any other commands I can use to force a reboot
<porkpie> \sh: Morin
<porkpie> Morning even
<porkpie> Can you help with this problem please ....  I don't have access to the physical server to reboot it
<twb> What was that container (a.k.a. zone/jail) system that's in recent mainline kernels?
<porkpie> what process would stop a reboot or shutdown command
<\sh> porkpie, can you paste the output after you issued the "reboot" command?
<twb> Ah, LXC
<porkpie> \sh: that is just it .... no output at all
<\sh> porkpie, not even anything in /var/log/messages or /var/log/syslog?
<porkpie> \sh: http://pastebin.com/m11ebe484
<qman__> porkpie, seems to me like it IS shutting down, but something is holding it up
<qman__> possibly a program that won't let go of an IO operation, or maybe failing hardware?
<porkpie> qman__: it a virtual system
<porkpie> qman__: vmware
<qman__> when are those messages in relation to when you ran reboot?
<\sh> porkpie, access to the vmware console? do it the hard way...I can't see anything related to your reboot in our paste
<porkpie> \sh: I am just waiting for the reboot now  ....
<porkpie> \sh: sent a request
<cemc> can I raid1-ize an existing partition on a disk without losing data?
<qman__> cemc, not that I'm aware of, raid requires a different partition type, then puts your filesystem on top of the raid
<qman__> it might be possible but would require some trickiness
<qman__> cemc, you might be able to build half a raid1 on the other disk, copy the data, then repartition the original disk and join it to the array
<qman__> of course I wouldn't try such a thing without backups
<cemc> qman__: mhm
<ESEDU> destination "printer1" is not accepting jobs
<ESEDU> whats wrong
<ESEDU> It is a HP Laser Jet 1320 printer
<cemc> ESEDU: it's a network printer, right?
<ESEDU> right
<cemc> is it on? :) do you have ping to it?
<ESEDU> yes its on
<ESEDU> but its not on network, its connected usb
<cemc> I see. we have one here and last time I had some similar error it was because of the network. on USB i don't know
<ESEDU> how do you add a driver to it
<ESEDU> u know
<ESEDU> like lpadmin -p printer1 -v /dev/usb/lp0 -m "?????"
<ESEDU> the -m is for  model, and it always says unable to copy ppd file, when i try to put something there
<ESEDU> I know its someting so simple i just dont get it
<cemc> hm, I have cups installed, I think it went easy with that, it has some web interface, or something
<cemc> HP LaserJet 1320 hpijs, 3.9.8 - this is what I have at 'Make and Model' (in gnome System / Administration / Printing)
<cemc> (it's a Karmic desktop...)
<ESEDU> Im working a command line, no GUI :/
<ESEDU> how do Install driver for my printer
<ESEDU> over 8 hours, ive been trying to get this work
<ESEDU> no progress
<ESEDU> how hard can it be to install a printer
<ESEDU> apparently very hard.........
 * \sh doesn't use printers../me is using PDF and email ;)
<ESEDU> -.-
<acalvo> ESEDU: follow the how-to for CUPS
<acalvo> does anyone here use Nagios?
<ESEDU> done that
<ESEDU> there is no lpadmin instruction
<acalvo> ESEDU: so? use the web administration panel to add it to your CUPS
<ESEDU> I dont have a GUI
<acalvo> you have already have a WEB-GUI
<acalvo> localhost:600
<ESEDU> nothing comes up with that command
<acalvo> sorry, localhost:631
<ESEDU> so i just write localhost:631 on the command line
<acalvo> it's a WEB-GUI
<ESEDU> what is
<acalvo> you have to use an internet browser, such as firefox
<ESEDU> how do i open it
<ESEDU> but i only have command line
<acalvo> well, you can use lynx then
<acalvo> or -- even better -- use a browser in a machine that is on the same lan as the server
<ESEDU> can u be more specific?
<ESEDU> how
<ESEDU> I got it open on lynx
<acalvo> ESEDU: CUPS provides a web interface to manage it. Search the main page of CUPS for more information (or the tutorial in help.ubuntu.com)
<Omahn> Does anyone know of a guide to setting up Linux Virtual Server on Ubuntu?
<ESEDU> what is the windows equivelent of cups
<atomic_1> the Print Spooler service ? :)
<johe|work> has anyone mentioned nagios problems with 9.10. I have an problem with duplicate entries of checkcommands.cfg. but grep command shows only one definition in one file
<atomic_1> did you grep the entire config folder
<johe|work> atomic_1, yes i did
<incorrect> can anyone suggest a virtual host provider offering 9.10 in japan?
<incorrect> hongkong maybe
<ESEDU> how do I get files off my memory stick
<ESEDU> form the command line
<ESEDU> i put my memory stick in the usb and in /dev there is now a sdb
<ESEDU> anyone?
<twb> ESEDU: mount /dev/sdb /mnt && cp -a /mnt /root/
<twb> Or some variation on that theme
<yoshi765> DAMN FREENODE
<ESEDU> after specifing the printers on the server, how can a client use it
<len> hi guys, can any1 help me? I got 2 computers sharing files using NFS but something is wrong, I can't list or copy files between those computers. The ls /mnt/computer1 is enough to make my console freeze
<len> is there any log I could check from NFS?
<mok0> len, check /var/log/syslog for clues
<acalvo> I need a regular user to be able to manage a service (slapd), however, setting it on the sudoers file cause to fail when trying to load the configuration for that service, because it's owned by another user
<acalvo> how to solve that?
<len> mok0: seems that my remote server isnt responding. But I can ping it
<len> acalvo: have u tried to put him in a group taht can manage that service?
<len> taht*
<len> that**
<len> mok0: how can I get more info about this issue?
<mok0> len, have you installed the nfs-server?
<len> yes, It were perfect before the shutdown I needed to do on friday
<mok0> len, are you cross-mounting between macines A and B?
<len> mok0: nope. I had no entry on /etc/exports the computer2 till today.
<mok0> len, what is the content of your /etc/exports on the server?
<len> mok0: /fabrica <my computer2 ip>(ro,sync)
<acalvo> len: is there any other solution that does not compromise security?
<mok0> len, as root, create a directory somewhere, and try to mount computer1:/fabrica on it
<len> yes I have this dir
<mok0> len, mount kshanmu1@utmem.edu this_dir
<mok0> huh?
<mok0> len mount computer1:/fabrica this_dir
<mok0> paste-buffer pollution :-)
<mok0> Karmic upgrade broke my copy-paste using mouse-buttons
<len> mok0: I already have a dir mounted, but I cant list it right now... Do you want me to try to mount it again in another directory?
<mok0> len, no the server is hung
<mok0> len, umount -l /the_hung_dir
<mok0> len, then shutdown client and reboot server
<len> mok0: I did that before comming here
<mok0> len, ok, on server, what does exportfs say?
<len> 1 sec, I need to kill some ssh. I tryed to use tab complete on mount dir and console froze again
<len> I think Im gonna restart it again
<mok0> hehe yeah, NFS is one of the few things that makes rebooting necessary...
<len> client is rebooting now
<nyk2005> I installed postgresql, but now /etc/init.d/postgresql-8.4 start doesn't do a thing. The executable seems to be missing.
<len> My NFS server (computer1) exports: /fabrica 192.168.13.253(ro,sync)
<len> and I have /fabrica dir
<mok0> len, ok
<mok0> len 2 secs
<mok0> len, is lockd running?
<len> on client?
<mok0> len, on server
<len> seems so. I got kblockd/0 til /3 and lockd
<mok0> len, does /fabrica function normally on server?
<len> yes, people are accessing it now through samba
<mok0> ok
<mok0> len, try mouting machine1:/fabrica /mnt/xxxx (manually)
<mok0> len, I mean on the client
<len> mok0: yeah I figured it out :)
<mok0> len, good :)
<mok0> len, look for error messages in the log. It
<mok0> It is often permission problems
<len> its mounted
<len> mok0: may my bkp script is breaking nfs ?
<len> im going to try to move some files around just like my script
<mok0> len, bkp?
<len> back up
<mok0> ah
<mok0> len, do you use autofs?
<len> mok0: no, I mount the dir on script, then I umount it on the end
<mok0> len, ah.
<mok0> len, for backup, I suggest you use rsync
<mok0> len, look at "rsnapshot"
<mok0> len, then you can avoid using NFS, and rsync is more efficient
<len> I had plan of using rsync
<mok0> :)
<len> but I didnt had the time to read how to configure
<mok0> len, rsnapshot is very quick to set up
<len> Im not a linux expert, and I had to make some services to work the fastest way possible, so I did the way I know
<mok0> len, yeah, that's the way most of us have learned everything we know :-)
<len> mok0: BRB.
<mok0> len check out http://rsnapshot.org/
<mok0> len, you can then create a system that lets users see their own backup directories on the server, using autofs. It can work almost like "Time Machine" on the Mac.
<len> mok0: back
<len> mok0: what happens if a file get corruped on server?
<len> will I be able to recover it?
<mok0> len, uhm, that depends
<mok0> len, you mean with rsync?
<len> yes
<len> I mean, the file may get corrupted or deleted and my fear is that he syncs that too and I lose some important file
<mok0> len, if the file content has changed, then yes
<mok0> len, rsnapshot keeps N days of backups
<mok0> len, we use 40 here
<len> mok0: cool I'll run for rsnapshot
<mok0> len, it uses hard links to save space
<len> sorry about the newbie quest: But what is hard link?
<mok0> len, it's a directory entry that points to the same data area as the "mother" entry
<mok0> len, however, if you remove the "mother" file, you do not delete the file
<mok0> len, that's different with a symbolic link
<len> mok0: I got it. :)
<mok0> len, the "link number" is shown by ls -l, as the number after the -rw-rw-rw- thing
<mok0> Unix is sooo cool :-)
<len> I really like it, but I have a lot of trouble with some hardware, like my sound. And still have lot to learn yet
<len> and games.... I miss playing so much :P
<mok0> sound... O_o
<mok0>  len, get an xbox :-)
<mok0> I prefer not to have games on my computers :-)
<len> I had a problem with sound too. I bougth that Sound System With USB, but seems that only work with musicmatch... kinda annoying!
<len> mok0: here in Brazil we get xbox or ps3 3x the original price
<mok0> yikes
<speedo> hello, is someone using boot from iscsci i iBFT there?
<mok0> len, the only problem I
<mok0> 've had with sound is that the master volume tends to be muted when the machine has booted
<len> for example if I try to import ps3. From taxes I'll have to pay ps3 price + 60% of its value because of importing + anothers taxes + the profit from who is vending
<mok0> Haven't had time to figure out what to do about it, just  a minor nuisance since I rarely reboot
<mok0> len, take it up with G-12 or whatever :-)
<mok0> len, I've the impression that Brazil taxes foreign goods quite heavily. I guy wrote the same about a Garmin GPS
<mok0> s/I/1/
<len> mok0: it's heavy. Very often we see people crossing the board or entering here without saying that is bringing something inside the country so it wont have to pay
<len> I got my note that wax =X
<len> note = notebook
<mok0> :-X
<mok0> ... uhm, I can understand why you want to play games on your computer then :-)
<len> hahaha, true
<len> hey, Same problem without executing the script
<nyk2005> I installed postgresql, but now /etc/init.d/postgresql-8.4 start doesn't do a thing. The executable seems to be missing.
<mok0> nyk2005: check if the package is intact
<len> mok0: no deal with nfs. what's dpkg cmd to check if it's ok?
<mok0> debsums
<mok0> or rather, debsums postgresql-8.4
<len> mok0: no other command? I dont have it installed and no internet connection on it
<mok0> len, I don't understand...
<nyk2005> mok0: how?
<mok0> nyk2005: ^
<mok0> where "^" means "see scrollback"
<nyk2005> ok!
<uvirtbot> New bug: #481327 in logwatch (universe) "Logwatch has missing files header.html and footer.html." [Undecided,New] https://launchpad.net/bugs/481327
<len> mok0: to check if my nfs pkg is ok. I remember something with dpkg -<param to check if its ok> <pkg name>
<mok0> len, don't know that one
<mok0> len "man dpkg" ?? :)
<len> yeah... lazy mode off
<len> it was on XD
<nyk2005> mok0: it's all there, but doesn't include any binaries.
<mok0> len, if you don't have internet, how can you be on IRC ? :-P
<len> Im not using the server on this computer
<mok0> nyk2005: postgresql-8.4 contains the binary "postmaster" which is what you need
<len> sound strange... I meant Im using 3 computers, and the only one with internet is this one with IRC
<len> the server/client linux doessnt have conenction
<nyk2005> mok0: not in that package here...
<mok0> nyk2005: what distro are you using?
<nyk2005> mok0: newest ubuntu
<nyk2005> mok0: server
<mok0> nyk2005: what does dpkg -l postgresql-8.4 say?
<nyk2005> mok0: installed
<mok0> nyk2005: what does debsums postgresql-8.4 say?
<nyk2005> mok0: it lists files in /usr/lib and /usr/share
<nyk2005> mok0: and they're OK
<mok0> nyk2005: did you upgrade from jaunty or earlier?
<nyk2005> mok0: no, just installed yesterday
<mok0> nyk2005: what does sudo /etc/init.d/postgresql-8.4 start say?
<nyk2005> mok0: nothing.
<mok0> huh?
<nyk2005> mok0: and I checked the initscript, the exec it tried to run doesnt exist
<nyk2005> mok0: do_ctl_all doesn't exist
<mok0> nyk2005: what about /usr/share/postgresql-common/init.d-functions
<len> nyk2005: just a simple question: Did you installed using apt or did you donwload it from pg's site?
<nyk2005> len: aptitude
<nyk2005> mok0: this exists, but the do_ctl_all not
<mok0> nyk2005: do_ctl_all is a function defined inside that file
<mok0> nyk2005: that file should be source by /etc/init.d/post.... etc
<mok0> sourced
<acalvo> I need a regular user to be able to manage a service (slapd), however, setting it on the sudoers file cause to fail when trying to load the configuration for that service, because it's owned by another user
<mok0> acalvo: perhaps you can make that regular user part of the same group
<len> acalvo: why create a grp that can manage the servier and put him on that grp wont work?
<mok0> len, beat you to it :-)
<len> mok0: I gave this sugestion earlier, so I'm still wining :P
<mok0> nyk2005: I also installed a fresh karmic server the other day, and postgresql works out of the box
<acalvo> yes len, I know
<acalvo> but the security hole it can open is too risky, I think
<mok0> acalvo: what security hole is that?
<len> alcavo, what's the diference of put him on sudoers?
<acalvo> making an user part of a grup that has more privileges
<len> same risky on my point of view
<acalvo> in sudoers you can only access to the service
<acalvo> not to the files/directories owned by the user that runs the command of the service
<mok0> acalvo:  /etc/sudoers gives you quite granular control over priveledges
<mok0> acalvo: you can also manually let the user own the files that he/she is supposed to edit
<len> acalvo: and cant you create a new grp that have a restric permission to do what u need, and then u add the user to this grp?
<acalvo> my goal is to let a user (which is another service) control another service
<acalvo> anything else
<acalvo> all files are owned by the user who runs the service
<acalvo> not the user who would manage the service
<mok0> acalvo: unless the process check ownership of it's controlfiles, anyone can own them
<acalvo> that's the thing
<len> now its too deep to me... Ill just read and learn :P
<acalvo> in the config files of the service, it runs as another user, which controls the permissions of its configuration files
<mok0> acalvo: what service are we talking about?
<acalvo> sldapd
<acalvo> slapd
<nyk2005> mok0: strange...
<mok0> acalvo: ah, I am not familiar with it
<mok0> nyk2005: I'd try to dpkg --purge postgres and install it again
<acalvo> mok0: most services run as another user (like mysql), so the configuration files are owned by that user
<acalvo> it's a sanity check, I think
<acalvo> so nobody else can run the service
<acalvo> at least not with that configuration
<mok0> acalvo: OK, I see
<acalvo> if I put the user who has to have control to that service in the sudoers file
<acalvo> it can lauch the binary
<acalvo> but can't read the configuration files, because the binary is owned by him
<acalvo> however, I don't see any other solution that what you both suggested
<mok0> acalvo: It's worth trying
<len> acalvo: another sugestion, maybe u can create some init's file that starts and stop the service, and give the control of this file to ur user. Inside this file you may try changing user to start the service....
<len> mok0: seems I solved the problem with nfs
<mok0> len, good!
<len> mok0: the problem were the cable
<nyk2005> mok0: didn't work...
<acalvo> len: good point, but init files already do that
<acalvo> I'll go straight and add the user to the group owner of the files
<mok0> nyk2005: Hm, give us some more information to work on
<len> acalvo: I read something about ACL, Access Control Lists you may put 2 or more grps to a file or group of files
<len> with different permissions
<acalvo> you're right, I've read something about it too
<acalvo> but it would involve stopping a production server
<nyk2005> mok0: config dirs are also empty..
<mok0> nyk2005: what config dirs?
<nyk2005> mok0: /etc/postgres*
<len> acalvo: another solution, you may use RWXR-X--- and you can put the grp without modifying the configuration
<mok0> nyk2005: uhm, you should have a directory "8.4" in there.
<nyk2005> mok0: not there.
<mok0> nyk2005: something is seriously wrong with your installation
<nyk2005> mok0: yes, somehow!
<nyk2005> mok0: it's also strange that the auto-partitioner only assigned 2gb to the root partition, but 12gb for each of the many tmpfs partitions.
<nyk2005> mok0: already almost ran out of space when installing texlife
<acalvo> len: it's worth a shot
<mok0> nyk2005: yes, that's very odd, and wrong
<mok0> nyk2005: how much space have you got on your disk?
<nyk2005> mok0: maybe because the server has a very small primary hdd (only 40gb SD) and 24gb of ram, so it failed to partition correctly...
<mok0> nyk2005: you want just 2 partitions, /boot (512Mb) and / (the rest)
<nyk2005> mok0: argle.. :) why did it do that so wrongly?
<mok0> nyk2005: I don't know... weird
<nyk2005> mok0: where are the tmpfs defined? I didn't see them in fstab. So I can mount the other partions at /var or /tmp
<mok0> nyk2005: never mind the tmpfs, they are in memory
<nyk2005> mok0: yeah, I read so also, but why is then only 2gb available to root? hmm...
<mok0> nyk2005: can you do a "df -h" ?
<nyk2005> mok0: maybe a broken install try partitioned something away..
<nyk2005> mok0: only shows 2gb for / and the tmpfs
<nyk2005> and the raid
<mok0> nyk2005: could be... I always make the partions manually, they are never right for me
<_ruben> a large chunk is probably used for swap (based on memsize)
<nyk2005> mok0: strange is: /dev/sda6 is / and there's no /boot
<mok0> nyk2005: can you paste the line with / ?
<nyk2005> /dev/sda6             2.3G  1.9G  370M  84% /
<mok0> nyk2005: ah
<nyk2005> it's very wrong, but still don't why 370megs shouldn't be enough for psql...
<mok0> nyk2005: a tiny partion :-)
<mok0> nyk2005: it might have gone over while installing
<mok0> nyk2005: here's my df -h line:
<mok0> /dev/sdd3              28G  1,3G   26G   5% /
<nyk2005> mok0: true... because of the packages..
<mok0> nyk2005: right
<acalvo> will, it didn't work
<nyk2005> so your's would also fit in 2gb.. :)
<acalvo> I don't understand
<acalvo> if I run the init script as root
<acalvo> everything works
<acalvo> however, the init script starts the process with another user/group
<mok0> nyk2005: it would, but I am not sure I could install in 2 Gb... besides, you also need some space for postgresql's data
<nyk2005> mok0: I put all data on a separate raid5
<acalvo> so it should be able to read its configuration
<mok0> nyk2005: ok
<nyk2005> but you're right, I should probably reinstall :(
<mok0> nyk2005: I think so... you'll be scrounging for disk space from now on
<nyk2005> mok0: or at least mount that unused partitions as /var and then reinstall all packages. Can apt to that?
<mok0> nyk2005: but what happened to the rest of that disk?
<mok0> nyk2005: if you mount that partition and copy /var to it, then empty /var and mount the partition as /var...
<nyk2005> mok0: must have been partitioned before and then only used free space. I installed over a remote control interface, which had bad connection and was slow and unstable..  so had to try more than once to get it installed. it was very annoying... tried 3 debian ISOs, none worked. only ubuntu for some strange reason, if I turned off acpi...
<mok0> nyk2005: I think you need to reinstall :-)
<mok0> nyk2005: it will be faster than doing all the other shit
<mok0> acalvo: probably the binary runs suid to that user
<nyk2005> mok0: or copy the whole root to the larger, unused space!
<nyk2005> mok0: I try to fix it because I can reinstall from where I currently am, my upstream is to slow for virtual ISOs.
<nyk2005> I mean can't.. :)
<acalvo> maybe
<mok0> nyk2005: yikes.
<acalvo> quite confusing
<mok0> indeed
<mok0> nyk2005: but you will need to re-install every package I think. You can use dpkg --get-selections to save your current list of packages
<nyk2005> mok0: cool, thanks! that will fix it!
<mok0> nyk2005: good luck :_)
<len> mok0: time to eat
<len> thx for help
<mok0> len, np
<nyk2005> mok0: thanks! but why is /boot on root?
<mok0> nyk2005: The installer normally puts it on its own little partition
<mok0> nyk2005: In the olden days, the boot partition had to be the first one, I don't think it matters anymore
<mok0> nyk2005: some sysadms like to unmount /boot when the system is up
<nyk2005> mok0: ah yes, that what it's for...
<nyk2005> mok0: so doesn't matter that much... except I have to be even more careful when moving the root partition...
<mok0> nyk2005: it will be ... challenging :-)
<mok0> nyk2005: if you are clever, you can join partitions without destroying what's on there
<nyk2005> mok0: but at least R and mysql are running, which is what I'm currently using for work, so the system is not that broken.
<mok0> nyk2005: heh, Linux is rather robust
<mok0> nyk2005: things are hard when you don't have physical access to the hardware
<nyk2005> mok0: yes, the tools for remote installing are very bad!
<nyk2005> mok0: I mean except you have a very fast upstream..
<mok0> I read something on the interwebs where a sysadm upgraded a running Debian system to Ubuntu :-)
<nyk2005> mok0: What would be cool is an open netinstall server... doesn't this exists? The main problem are the virtual CDs (isos)...
<nyk2005> mok0: well ok, that also seems tricky...
<mok0> nyk2005: we have one that's used locally for upgrades etc.
<nyk2005> mok0: can you also use it for new installs?
<mok0> yes
<nyk2005> cool
<mok0> you set the new machine to boot from the net, and it fires up the installer
<Zodling> greetings everyone
<Zodling> anyone try useing iscsi install with a "Broadcom NetXtreme II 5709" ?
<Fenix|work> Greetings and salutations
<Fenix|work> I need some syslog-ng advice on setting up a central syslog server on an ubuntu-server box.  Can anyone assist?
<Fenix|work> I'd like to have a web based log viewer, and an email notification system for serious errors that are logged.
<Fenix|work> It also doesn't have to be syslog-ng, if someone has a better approach, but whatever the logger is needs to support syslog.
<Boohbah> Fenix|work: awstats?
<Boohbah> Fenix|work: web-based log viewer for all types of logs? how bout apache?/
<Fenix|work> apache logs, or using apache server to browse the logs in directory list?
<Fenix|work> I'm planning on creating a central logging server to log all of my ubuntu boxes, as well as using a syslog type service on all of my windows boxes to push their logs do the central server
<Fenix|work> that's a helluva lot of logs so I'd like something that'll make my life a little easier and has a GUI interface to help parse through logs.
<uvirtbot> New bug: #481364 in samba (main) "package samba-common 2:3.4.0-3ubuntu5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/481364
<acalvo> Fenix|work: skunk
<Fenix|work> ?
<Fenix|work> splunk?
<acalvo> Fenix|work: that
<acalvo> nagios + splunk
<_ruben> we use SEC to turn syslogs into scheduled mails
<_ruben> filtered that is
<Fenix|work> SEC?
<_ruben> Simple Event Correlator
<_ruben> !info sec
<ubottu> sec (source: sec): Simple Event Correlator. In component universe, is optional. Version 2.4.2-1 (karmic), package size 72 kB, installed size 352 kB
<Fenix|work> hmm
<Fenix|work> splunk I think will be costly for me...
<Fenix|work> I think I'll be dropping more than the 'free' version will allow.
<uvirtbot> New bug: #480617 in samba (main) "dpkg-reconfigure samba fails with sed error" [Low,Incomplete] https://launchpad.net/bugs/480617
<Fenix|work> Out of curiousity, what are the benefits of dumping logs into a database instead of a log file?
<Fenix|work> and what sort of performance hit would be incurred?
<_ruben> that'd depend on the db backend i guess .. and it'd allow for nice searching capabilities .. i wouldnt be a fan of it tho most likely
<Fenix|work> _ruben, what do you think the performance hit would be... would by mysql on the logging server, not on a dedicated database server
<_ruben> Fenix|work: i'd expect it to be dramatic compared to plain text files .. tho that's just a wild guess really
<Bilge> The ubuntu documentation recommends running `passwd -l root` to lock the root account and force the use of sudo
<Bilge> But this makes all root cron scripts fail
<Bilge> CRON[2696]: User account has expired
<jcastro> ttx, ping me when you have a few minutes, I'd like to show you how to schedule things in the summit system
<Bilge> Isn't there a better way to do this
<uvirtbot> New bug: #480922 in mysql-dfsg-5.1 (main) "mysql transition without meta-package" [Undecided,New] https://launchpad.net/bugs/480922
<sivang> anybody knwo if KVM can be used on an Atom machine ?
<sivang> anybody knows if KVM can be used on an atom machine ?
<jpds> sivang: Do: egrep '(vmx|svm)' --color=always /proc/cpuinfo - and find out.
<Fenix|work> acalvo, how do you use nagios and splunk?
<jpds> sivang: https://help.ubuntu.com/community/KVM - has more information.
<acalvo> Fenix|work: take a look at the nagios homepage
<Fenix|work> ok, so nagios + splunk + rove and I may be a happy camper
<acalvo> rove?
<acalvo> what does rove?
<Fenix|work> Rove is a company
<Fenix|work> they have a mobile admin app
<acalvo> oh
<Fenix|work> and remote control of things from a mobile phone
<Fenix|work> http://www.nagios.org/products/enterprisesolutions/rove/
<Fenix|work> was looking at Rove for something else...
<Fenix|work> they used to have another name... started with a K or something
<sivang> right , so my system does not support virualization
<roytech> hi
<roytech> hi
<Fenix|work> what's the default syslog dameon on ubuntu server?
<roytech> hi guy's
<roytech> im a newbe
<roytech> and i have some basic q's
<jpds> roytech: Ask away.
<roytech> ill give you basic run down ok?
<roytech> i wish to create a sever on a 100% linux
<roytech> enviroment
<roytech> to do the following
<roytech> to be a fille server
<roytech> and to be a user logon
<Bilge> Cool story bro
<roytech> and to enable a roaming profile for staff
<roytech> what is the best way to do this
<roytech> i have installed ldap
<roytech> samba
<roytech> and dns
<uvirtbot> New bug: #480601 in mysql-dfsg-5.1 (main) "mysql 5.1 client segfault talking to 4.0 server" [Low,Incomplete] https://launchpad.net/bugs/480601
<Fenix|work> roytech, so the user accounts aren't hosted on the server
<Bilge> Why is your grasp of English so shit when you're from England
<roytech> i would like them to be not sure how to though
<jussi01> !ohmy | Bilge
<ubottu> Bilge: Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.
<Fenix|work> you are using microsoft windows server for user accounts now?
<Fenix|work> if you're planning on using Ubuntu server to host your user accounts and have samba as the PDC... then 'roaming profiles' is irrelevant.  You use either Samba or an NFS mount to mount their home directory on their local system and whenever they log in they have their home directory available to them.
<Fenix|work> but a true roaming profile with their profile settings may be difficult.
<Fenix|work> I'd check the samba and nfs guides and see what you find
<Fenix|work> the Samba docs may have all the info you need to set up samba as a windows domain controller replacement.
<Fenix|work> by the way, you'll also need winbind
 * Fenix|work thinks that about covers it.
<roytech> brb sorry have put kids to bed
<bogeyd6> !activedirectory | roytech
<ubottu> roytech: You can learn more about ActiveDirectory intergration at  https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
<roytech> i'm not using any windows machines
<roytech> only ubuntu linux
<roytech> hi
<roytech> hi
<uvirtbot> New bug: #481510 in lm-sensors (main) "Can't read temperature with i2c_i801 anymore" [Undecided,New] https://launchpad.net/bugs/481510
<filemro3b> hi every body
<uvirtbot> New bug: #480849 in samba (main) "Samba daemon crashes when transfering large files to share in encrypted home dir" [Medium,Incomplete] https://launchpad.net/bugs/480849
<Mark21> Hello, I did setup Ubuntu 9.10 amd64 server on a system. After that I did connect multiple iscsi targets to it. Now I am looking for ways to use it (read: I need to know what device that I get with "multipath -ll" is what device in /dev/mapper/ (so I can put data on it)
<SirStan> With Postfix; does virtual_map or aliases support a one to many relation on emails to recipients?
<SirStan> nm clearly it does.
<uvirtbot> New bug: #481567 in php5 (main) "package libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/481567
<|rt|> I think I have a bug to report against samba in karmic but want to chase it down a bit more before writing it up....can someone tell me what file dpkg-reconfigure samba uses to make it's changes?
<|rt|> right now if you install samba on a fresh karmic server and then run sudo dpkg-reconfigure samba it will error out with a sed error
<|rt|> sed: -e expression #1, char 140: unknown option to `s'
<|rt|> that's the error it gets
<tonyyarusso> |rt|: My suspicion is debian/postinst
<tonyyarusso> |rt|: (line 60/61)
<|rt|> someone had already filed the bug
<bogeyd6> http://www.theregister.co.uk/2009/11/12/microsoft_patents_sudo/
<adurity> if I've got apache2 up and running, should I be able to `sudo netstat --ip -lp`and see the listening process
 * Fenix|work grumbles
<Fenix|work> I'm trying to install 9.1 and when trying to install the base system, I'm getting a debootstrap error of Failed to determine the codename for the release
<Fenix|work> using a USB dvdrom
<Fenix|work> anyone with any suggestions?
<Fenix|work> hmmm... seems that the usb dvdrom became unmounted
<Fenix|work> mounting /dev/sr1 /cdrom solved my problem
<cj> mdz: looks like you were the last to touch https://wiki.ubuntu.com/KernelTeam/EC2; you have any idea how one might get involved in moving things forward?
#ubuntu-server 2009-11-13
<cj> I could really use a recent kernel with xen pv-ops
<mdz> cj: if you click through to bug 418130, you'll see that we included an EC2 kernel with 9.10
<uvirtbot> Launchpad bug 418130 in Ubuntu Karmic "Karmic EC2 images don't use a karmic kernel" [High,Fix released] https://launchpad.net/bugs/418130
<mdz> cj, but to answer your question, #ubuntu-kernel are the folks to talk to about it
<cj> mdz: ah, thanks
<xperia2> hello to all. i have on ubuntu server a very strange problem with bind9. sometimes it works and sometimes it dont work. if i do at the moment a "nslookup www.wificom.ch" i get the error message "server fail !" accessing the site over the browser gives me the error message "ns.wificom.ch returned (NORECORDS)"
<xperia2> the strange thing is that bind9 worked with no probles last day but now i am asking me what the problem could be.
<genii> xperia2: Do you actually own that Swiss domain?
<xperia2> genii: yes ! it has worked also yesterday ! here is also the output of the "dig" command
<xperia2> http://pastebin.com/d65133b66
<xperia2> the first part looks quiet good !
<xperia2> the second part however refer to "67.215.66.132"
<genii> xperia2: whois is reporting correct IP of 80.254.182.249
<xperia2> yes that is my fix ip to the server !
<xperia2> ping works with no problem for the domain
<xperia2> just resolving of the domain dont work for some strange reason !
<genii> xperia2: When did you make your last zone changes, and how?
<xperia2> genii: this are my last changes for bind http://pastebin.com/d65133b66
<genii> Reading
<CppIsWeird>  if i want to run a graphical application on a ubuntu-server using X11 over SSH, does X11 need to be installed and running on the server?
<xperia2> genii: it looks like i have give you the wrong link ! this here is the right link with the bind9 zone changes http://pastebin.com/d4a8c82dc
<xperia2> for some strange reason "nslookup ns.wificom.ch" works and resolve good but all other domains like "nslookup www.wificom.ch" wont work
<smoser> jjohansen, ping
<smoser> could you look at https://bugs.launchpad.net/ubuntu/+source/udev/+bug/397187
<uvirtbot> Launchpad bug 397187 in ubuntu-on-ec2 "[karmic] udev requires new kernel, breaks on EC2 (dup-of: 418130)" [Undecided,Confirmed]
<uvirtbot> Launchpad bug 418130 in Ubuntu Karmic "Karmic EC2 images don't use a karmic kernel" [High,Fix released]
<jjohansen> sure
<smoser> the final comments there. i think that CJ is saying that we dont have a paravirt driver available for karmic
<jjohansen> hrmm, yeah I will take a look
<genii> xperia2: Looks like you may have some misplaced "@" there
<xperia2> yes i have removed the first mx line to the second bloch where also the maildomains for the other subdomains are declared
<xperia2> wanted to have separeted blocks for the domain and the mail resolving
<xperia2> will change it back in this case !
<genii> xperia2: /etc/bind/named.conf.local has that box listed as it's master?
<xperia2> genii: yes http://pastebin.com/d45456a9
<genii> xperia2: Ok. My dinner is ready, I'll return in 30-45 minutes
<xperia2> genii: okay ! have a nice dinner till later
<xperia2> ohh man this bind thing is really boring ! why does it dont work ! it is sure some stupid error.
<genii> Most often it's some typo in the file like a # instead of a ; for a comment line, or the yyyyMMddss isn't incremented each change, etc
<xperia2> genii: hmm whery strange ! have commented all mail entrys out and now it works !
<xperia2> need to find what line of the mail entrys couses the problem !
<xperia2> okay i think i have found the problem.
<xperia2> it works without any problems if i have only this line here
<xperia2> mydomain.com.     IN      MX      10      smtp.mydomain.com.
<xperia2> if i put a new line like this here for resolving mails for subdomains however it break bind9
<xperia2> subdomain1.mydomain.com.     IN      MX      10      smtp.mydomain.com.
<xperia2> does anybody know how to resolve this problem ?
<genii> xperia2: What does: named-checkzone wificom.ch /etc/bind/db.wificom.ch                report?
<xperia2> genii: if i do "sudo /etc/init.d/bind9 restart" it reports allways "OK"
<genii> xperia2: Thats not an answer to the question that i asked :)
<xperia2> i have assumed it :-) what exactly do i need to do for telling you that ?
<genii> xperia2: The named-checkzone will try to test your zone file and report any problems it can find.
<genii> So it may not report "OK" even if just starting up/restarting bind itself does
<xperia2> ahhh "named-checkzone" is a executable in this case ! okay give me a moment
<xperia2> okay at the moment it report
<xperia2> named-checkzone wificom.ch /etc/bind/db.wificom.ch
<xperia2> zone wificom.ch/IN: wificom.ch/MX 'smtp.wificom.ch' has no address records (A or AAAA)
<xperia2> zone wificom.ch/IN: loaded serial 2009111317
<xperia2> OK
<xperia2> now i will try to comment out a subdomain mail line
<genii> So you need to declare smtp name before you can use it as something for other names to point to
<xperia2> ahhh true ! but is smtp really good for ubuntu-server postfix ? i have seen also other examples that use mail instead smtp
<genii> I don't think it really makes any difference
<genii> It's just a naming convention
<xperia2> ahh okay in this case i will stick with smtp as it is more clear for me
<xperia2> genii: great catch with named-checkzone
<xperia2> genii:  named-checkzone wificom.ch /etc/bind/db.wificom.ch
<xperia2> dns_master_load: /etc/bind/db.wificom.ch:27: photos.wificom.ch: CNAME and other data
<xperia2> zone wificom.ch/IN: loading from master file /etc/bind/db.wificom.ch failed: CNAME and other data
<genii> xperia2: You might like to sometime check out the ubuntu-server guide, at http://doc.ubuntu.com/ubuntu/serverguide/C/ where DNS and other issues are covered at some length
<lamont> xperia2: yeah - you can't have CNAME and anything else for the same label
<xperia2> genii: if i uncoment a a line for resolving the subdomain mail adress it produce a conflict with the allready existing subdomain
<xperia2> so i need to have for every subdomain a non CNAME entry hmmm
<espacious> which is the best way to see all my installed packages to clean up if i can chose webmin or putty axx.
<lamont> mail hosts shouldn't be CNAMES at all, btw
<lamont> since they all get rewritten into the right hand side immediately
<genii> espacious: With dpkg --get-selections
<espacious> dpkg --get-selections
<espacious> got it.
<espacious> thanks
<lamont> dpkg -l
<lamont> --get-selections will also tell you the packages you don't have installed
<espacious> dpkg -l is better.
<espacious> it has descriptions
<xperia2> genii: thanks for the docs link but as allways the documentations is not complete and it dont handle the things that i am working !
<genii> espacious: Doesn't however tell you the installed/half-installed/deinstall states easily
<xperia2> i have allready looked at the configuration part for the dns part
<lamont> xperia2: what made you think that you needed all those CNAMEs?
<espacious> genii what command would?
<xperia2> lamont: as first i needed only subdomains and i have readed that it can be done very easy using cnames
<lamont> (fwiw, CNAME basically says "anytime they ask for LHS, they really mean RHS", so having any other data makes no sense.  On the bright side, bind9 made (or was it 8?) made that an error instead of just a warning that did the wrong thing
<xperia2> now i need the mail resolving for the subdomains and have started to put the new entrys
<lamont> I fear that the doc you're reading isn't clear about the definition of "subdomain"
<lamont> you only need MX RRs for whatever is on the right side of IN CNAME... if that needs to be different, then you don't get to be using CNAME
<lamont> likewise, just because it doesn't have an A RR doesn't mean it can't get mail
<xperia2> didnt know that this will not work. Yeah exactly i have searched the web now for nearly about a week now but i can say you sure that subdomains arent documented very well.
<lamont> mostly because the term is either meaningless or overloaded.
<xperia2> possible but it is used more and more with the time as the needing get bigger.
<lamont> there are fully quallified domain names (FQDNs), which live in zones.  zones contain one or more domains.
<lamont> so, for example, archive.za.ubuntu.com lives in the ubuntu.com zone and has 'archive.za IN A ..." in the ubuntu.com zone
<lamont> by traditional definitions, za.ubuntu.com would be a subdomain of ubuntu.com, but who cares?
<xperia2> lamont: okay i will do now the needed changes in my zone file and report back if it works !
<lamont> pulling resource records for za.ubuntu.com yields NXDOMAIN
<lamont> meh.  backwards on the example, fwiw
<lamont> za.archive.ubuntu.com has an CNAME, archive.ubuntu.com has (more than one) A RR
<lamont> zones always have SOA RRs and NS RRs or they don't work
<xperia2> lamont: is this line here okay ?
<xperia2> subdomain.mydomain.com IN A mydomain.com.
<lamont> A RR takes an IP, not a name
<lamont> what value does "subdomain" have?
<xperia2> in my case it is "photos"
<lamont> and will the MX host for photos also be the MX host for mydomain.com?
<xperia2> for more to be exact
<xperia2> photos.wificom.ch IN A 80.254.182.249
<lamont> because "photos.mydomain.com IN CNAME mydomain.com" says "whenever they ask any question about photos, give them the answers for mydomain.com"
<lamont> so if the MX list is the same, then CNAME will give you the MX list you want.  if that answer is wrong, then it's not really  "the same as", though it might have the same A RR
<xperia2> lamont: that with the MX Host is a litlle to much for my skills. i have postfix running on my ubuntuserver and i am able to send mails over a gateway
<lamont> fwiw, "CNAME" ("Canonical Name") has to be the worst possible name for what it does
<lamont> so... is wificom.ch also 80.254.182.249?
<xperia2> now i would like also to recieve the mails for all subdomains and maindomains on my ubuntuserver with posfix
<lamont> and if I send mail to photos, does it go to that IP?
<lamont> ah.
<xperia2> yes it goes all to this ip
<lamont> note that if you have photos CNAME bar, then the mail will show up as 'user@bar', not 'user@photo'.  This is the nature of email rewrites
<lamont> which, if the users are supposed to be different, is not what you want. :-(
<lamont> ah, so you're trying to move all mail handling to a diff IP than .249?
<lamont> (and fwiw, your use of "subdomains" is what I would call 'hostnames"...)
<xperia2> lamont: wait wait ! i will post the right zone file for you
<lamont> yeah - that should speed up the conversation
<xperia2> http://pastebin.com/d3f33dd47
<xperia2> have now changed the cname entry for the subdomain as you have said
<lamont> that's the whole file?
<xperia2> need only to make sure that resolving of the mail adress for the subdomain photos will works
<xperia2> lamont: at the moment yes will put with the time other subdomains
<lamont> those times in the SOA are way long... if I ask you for a name, and you don't have it, my nameserver will cache that answer for a week, and I won't get the answer even if you add it in 3 minutes.  (OT, but hey)
<lamont> I avoid using a Neg cache ttl of anything over 3600, for anything other than localhost
<lamont> so... in your file, "@" for a LHS (left hand side, first token) is ==  "wificom.ch", and any name that doesn't end with a '.' will have that appended to the name.
<xperia2> lamont: okay i will change that too.
<lamont> so "photos.wificom.ch" could be written as "photos"
<lamont> and line 22 could move up to between 15 and 16, and get an '@'
<lamont> fwiw, dig requires a little bit more to understand, but is much more explicit in what it tells you than /usr/bin/host
<xperia2> okay give me just a moment to chnage this two things
 * lamont wanders off for a couple min
<xperia2> lamont: sorry my laptop is for some reason heavy slow ! http://pastebin.com/d4f8820c
<xperia2> i have a lot of memory swap
<lamont> no worries
<xperia2> lamont: are the changes done by me right as you have said or did i messed something up ?
<lamont> so... when you've changed everything, and I send mail to user@www.wificom.ch, what IP should the mail be delivered to?
<xperia2> to the fix ip of the webserver where also the mail server and the dns server run and this is 80.254.182.249
<lamont> that is what will happen now.  /etc/init.d/bind9 reload and then say 'dig mx www.wificom.ch'
<xperia2> normally i would however preffer to have the mail adress "user@wificom.ch" but i assume this is no problem
<lamont> you'll get a CNAME RR, and then the MX rr for wificom.ch
<xperia2> okay will do !
<lamont> and the email will get rewritten into "user@wificom.ch"
<lamont> that last bit being the somewhat sticky bit...
<lamont> (depending on whether or not that's what you _want_ to happen)
<xperia2> lamont: it wont work as i have some syntax error
<xperia2> "near 'wificom.ch.': bad dotted quad"
<lamont> the other thing about mail delivery:  the rule is very simple.  1) fetch MX RRs for the target host.  2) if this host is in the list, remove every record with an equal or higher number in the priority field. 3) start with the lowest priority number and try them all until you run out. 4) if you still haven't delivered the mail, try A and AAAA RRs too.  5) try again later
<xperia2> its about this line here "photos.wificom.ch.     IN      MX      10      smtp.wificom.ch."
<lamont> photos  IN      A       wificom.ch.
<lamont> wificom.ch. is not A.B.C.D
<lamont> www.wificom.ch.		3600	IN	CNAME	wificom.ch.
<lamont> wificom.ch.		3600	IN	MX	10 smtp.wificom.ch.
<lamont> those last 2 are what I get after I fix the photos line
<xperia2> okay think have found the problem !
<xperia2> named-checkzone wificom.ch /etc/bind/db.wificom.ch
<xperia2> zone wificom.ch/IN: loaded serial 2009111325
<xperia2> OK
<lamont> http://pastebin.com/m50a96646
<lamont> that's after I munge a few things around, and drop the (now wrong) comment at the top, which also tells me that you started with the localhost file.
<xperia2> lamont: dig mx www.wificom.ch http://pastebin.com/d5c140ef2
<lamont> (a little reordering for clarity, and really pulling down the times in the SOA)
<lamont> xperia2: that's what I'd expect
<lamont> to better understand the dig output, see the output of: dig mx ubuntu.com. @ns1.canonical.com.
<lamont> question is what you asked
<lamont> answer is the answer
<lamont> authority is the NS list for the zone that has the answers
<lamont> additional is "other stuff you're probably about to ask for", and is not necessarily authoritative
<xperia2> lamont: okay will use your example zonefile! will now just dig mx ...
<lamont> so when I'm reading dig output, I ignore missing stuff in additional, and get worried if it has wrong answers there.
<lamont>  /usr/bin/host has much prettier output, and is therefore much less precise
<twb> hear hear
<twb> I always prefer host for the first pass
<lamont> twb: dig gets my attention, host gets maintained through the process of benevolent neglect.
<lamont> and sometimes, I feel sad about that.
<twb> Or even getent hosts
<lamont> xperia2: a bit more on those times (including the $TTL) - every answer your nameserver hands out comes with a "time to live" (TTL), which tells the requestor how long he may confidently cache the reply.  That is, you are saying "here is the answer, and I promise that won't change for $TTL (seconds)"
<lamont> promise accordingly.
<xperia2> lamont: okay i see now that the differnce is that ubuntu has AUTHORITY: 3 and i have AUTHORITY: 1
<lamont> ubuntu has 3 nameservers, you have one.
<xperia2> it differ also for ADDITIONAL:
<twb> Isn't it generally advisable to have a backup DNS?
<xperia2> ahh okay nice one :-)
<xperia2> twb: dont know where to put my other dns stuff ? some free dns resolver ?
<lamont> additional is filled in as: "if I have the A RRs for any of the NS/MX hosts in answer, then additional, add them.  If I don't, or run out of room, tough"
<lamont> xperia2: therein lies the challenge
<lamont> (finding a home for secondary)
<twb> zoneedit and dyndns
<twb> What could possibly go wrong?
<lamont> twb: you trol.,
 * lamont relies on a network of friends-who-run-networks
<twb> More seriously, maybe hcoop (for personal stuff)
<lamont> in the before time, one of the NS RRs for my home domain was palrel3.hp.com
<lamont> or was it relay.hp.com.  whatever, that's a decade old conversation
<twb> lamont: was that your workstation at work? ;-)
<lamont> part of the NS RRset for 'hp.com'.  I didn't admin it when my zone was added, but I was the one who dropped the zone as part of transitioning the administration of the machines to tier 2 support
<lamont> may have been a diff host too, now that I think about it more.
<xperia2> lamont: if i compare the two dig outputs for me it looks like it should work as my dig output is the same as the one of ubuntu !
<lamont> and yes, I do know people who use dyndns and then update the host record in the registry so as to have the NS RR glue point to their machine.  That way lies madness.
<lamont> xperia2: right
<twb> lamont: there are little scripts to do that automatically
<twb> Erm, I meant to update the dyndns A record.  Never mind, I'm dumb
<ScottK> twb: You mean dydns?
<ScottK> dydns == madness
<lamont> ScottK: +999
<twb> I was thinking ez-ipupdate and the other one that OpenWRT ships
<lamont> well, the services out there.. dynamic zone updates (ala nsupdate) can be love.
<twb> They hook into dhclient or pppoe and do an https PUT or so at the end of it
<xperia2> lamont: i thank you a lot for your teaching and helping ! you are a great man ! :-)
<lamont> no worries
<lamont> the problem with DNS is that it really _is_ that simple.  much of the confusion comes from people trying to understand it in the complexity they think it has
<xperia2> a last more general question before i quite.
<xperia2> i am planning since week to financial support ubuntu for theire great product especially the ubuntu-server
<xperia2> the problem is however the very high price in my eyes what they want for one year !
<xperia2> i dont want to make them down or put the prices low as i know how hard is it to earn money
<xperia2> but from my experience the price for the ubuntu-server package is just a dream price and not a market price
<xperia2> dont know how much people buy this service packages but i itself would like to see some new service package
<xperia2> for private people like me that have a home server
<lamont> I really don't have an answer to that - haven't ever looked into it
<xperia2> and dont use it in a company or for bussines
<xperia2> a good price would be about 40 to 60 Euros per Year or 50 to 75 USD
<ScottK> xperia2: For a home server user it is expensive.  If you can't contribute in money, contribute in helping out.
<ScottK> xperia2: Generally home server users don't buy the support contract.
<lamont> ScottK: I assume you'll be in dallas?
<ScottK> lamont: As long as this flu i currently have subsides, yes.
<lamont> yeah - if it's like what I had, it sucks
<xperia2> yeah i prefer to spend money rather to help out as first i am not really that ubuntu geek and with the time i have really bad feelings about using ubuntu for having fun and knowing money could be needed for more success
<xperia2> and i dont think home users dont want to have a support package
<xperia2> this is something that ubuntu has to think about !
<ScottK> xperia2: New people are the best ones for writing documentation for new people.
<ScottK> So there are contributions you can make.
<xperia2> i have lost more than a week for this dns stuff. with a home user service package it could be solved more faster and easy
<xperia2> and the best thing is people like lamont or other can earn additional money buy helping out ! i mean why does ubuntu dont provide this service to the public ?
<lamont> xperia2: well, a fair chunk of my income derives from Canonical already...
<xperia2> from what i see and understand is that the ubuntu managment is loosing a lot of money becouse of this. lots of home users are using ubuntu and have problems. look only the ubuntuforums they are full of questions like how can i do this how can i make this ...
<xperia2> Why dont you provide for this people a service package and engage more people for solving this the professional way really !
<lamont> I haven't looked at the support packages Canonical offers (or others, for that matter), but I would think it reasonable to believe that the price is set in consideration of the costs of providing that service.
<lamont> generally speaking, the open-source community has not embraced such a model.
<xperia2> lamont: i dont agree with you. first you need to ask yourself
<lamont> administering a payment system for thousands of people helping others would likely not be cost effective for the company, especially when so many of us have no issue in doing it without charge
<xperia2> how much money would a home user spend for answering and solving his questions !
<lamont> xperia2: well, in my case?  not much at all.
<lamont> but then, I do have a bit of experience in s/w engineering and such.
<xperia2> i am speaking general about ubuntu as you have said the cost are high that why the price is high !
<lamont> (apt-cache show bind9 | grep Maintainer)
<xperia2> for me whit such a pilosophy you cant earn really money and that is why probably the open source is loosing money
<ScottK> xperia2: My experience is that most home users won't pay at all.
<xperia2> lamont: woow :-)
<lamont> most of the folks I know doing support for fee are looking for clients with at least 12 computers, in an office, in order to consider taking them on as customers.
<lamont> anything less than that costs them more money than they can possibly charge for it.
<lamont> xperia2: I let others handle all the postfix questions though.... your bind9 struggles came across just as I was passing through, and CNAMEs are one of those not-understood things, so it seemed a good use of some time
<ScottK> My experience with small consulting jobs is that they just aren't worth the trouble (I've tried)
<lamont> ScottK: +99
<lamont> mind you, for $100/hr, I'm willing to consider exceptions to the rule... :-)
<lamont> somehow, most home users won't pay me that though.
<lamont> esp just for the consult to see if I'll take them on.
<lamont> that is, if I were doing that
<JanC> I know somebody who asks 120 euro / h for programming jobs  :P
<xperia2> lamont: this is a price that i will pay for a year :-) but look also how much does somebody cal you for problems in a year
<ScottK> xperia2: The problem is the expertise you want costs that much or more
<lamont> xperia2: if I stepped up and answered every question like yours tonight, I'd be here 24x7
<xperia2> i know that prices are high in the it world. but it looks like you dont want to understandme
<JanC> ScottK: BTW, I got up to 40 euro for 2h from a home user (that I wanted to help for free), so don't generalise  ;)
<JanC> plus beer
<ScottK> I once got US$25 via paypal as a thanks, so I know it's not universally true.
<ScottK> Just not enough true to be worth the trouble
<JanC> well, actually, this was for a non-profit, but he paid it himself
<JanC> they run a local news agency as a group of volunteers
<JanC> have 4 laptops running ubuntu, and sound didn't work, which wasn't funny as they provide local radio news  ;-)
<JanC> also, all local radio stations here run on Ubuntu + campcaster because thats' the only way they provide local news  :-P
<xperia2> well okay your experince is sure also true on the other side as you have allready said
<xperia2> and also confirmed my version that
<xperia2> ubuntu is loosing good money by not providing a service package to there users
<xperia2> mostly becouse ubuntu will become problems with the costs as of the high prices !
<JanC> there are service packages, right?
<lamont> xperia2: nothing stops anyone from offering ubuntu support for whatever they feel is a proper price.
<xperia2> Yeah exactly. Countrys that are unerdeveloped and dont have high living costs
<lamont> xperia2: after being involved in running several companies over the past decade, I can tell you that there's a world of difference between answering questions in IRC when it suits my mood, and giving someone a phone number to call me (even just during business hours), and have to respond to their questions.
<JanC> lamont: especially as often you have to investigate first too...
<lamont> that you haven't found anyone offering support at the price point you want tells me that no one has decided it's worth it to offer that price point yet.
<lamont> JanC: yep
<xperia2> lamont: i understand your position very good ! just wanted to answer t the fac if the costs are to high but the demand exist why not offering it by experts in countrys with less high personal costs
<JanC> lamont: well, sometimes volume is a problem to offer lower cost too
<lamont> JanC: big time
<xperia2> i mean in some countrys it people dont have even work and other earn maybe at maximim 300 USD per month
<lamont> JanC: raise the price, the demand goes down... somewhere in there is a nice max in the income/week curve.
<lamont> xperia2: and who are you saying should create this company to run support?
<xperia2> this are 3000 USD per year personal costs. i dotn understand really the ubuntu position why they dont offer a service package for private people !
<JanC> xperia2: there are countries where people earn < 10 USD / month too  ;)
<xperia2> lamont: it should be sure ubuntu that organise that but the service could go over mail in english language like server-support-private@ubuntu.com
<lamont> xperia2: every time I've seen a company _not_ offer a service, it's been because the projected income from the service did not justify the projected expenses to provide it.  simple business.  doesn't matter if you're selling soap, or computer support.
<xperia2> provided by sub companys or freelancer
<JanC> lamont: that's not always true, there is also the need for money to do initial investments etc.
<lamont> JanC: put together the proper business plan, and find funding.  the cost of the money is just one more cost
<JanC> making a business plan costs money too
<lamont> and if you want to tie up millions in resources to get 10-20K net per year, you need to be a farmer.. because no sensible commericial lender will loan you that in general
<JanC> âº
<lamont> seems most farm loans are secured with land that the bank will sell to be developments if they ever foreclose.  simple.
<xperia2> lamont: the cost arent the problem as you can start with people that earn 10 Euros per Month for answering the question. !
<JanC> well, the only bank in Belgium that saw a 30% increase in business last year was the farmers credit union  ;-)
<lamont> xperia2: after you vet them, and then there's the cost of administering the program.  those would be the bulk of the expenses for it.
<JanC> they are also one of the only banks that aren't publicly traded
<xperia2> what for a administration. i will goes all over mail !
<JanC> (they also own the largest internet bank & on-line trading website in Belgium though)
<JanC> running everythin on linux  ;)
<xperia2> private people write to a mail and explain her problems and wishes and the support answer it. thats way better than hanging for days in forums and waiting till somebody answer your question !
<lamont> xperia2: so lets say that I decided to start such a business.  and lets say that you tell me you're a hot support guy  and I should send you clients.  how do I know that you are?  how do I deal with the damage to my reputation for referring to you and you having unhappy clients?  mitigating those risks all cost time, effort, and therefore money
<JanC> xperia2: but professionals will also answer the easiest questions first
<lamont> xperia2: and what you're suggesting is already done by the various support mailing lists and such, to quite an effective level once the requestor gets an understanding of how/where to ask
<xperia2> lamont: JanC: man this question is very easy !
<lamont> xperia2: trivial, actually.
<JanC> which question?
<lamont> JanC: his bind question
<JanC> I didn't read that far back  ;)
<lamont> CNAME and other data
<JanC> I once fixed someones IIS nameserver with the BIND documentation, so it can't be dificult  ;-)
<lamont> BIND issues are a bit like LDAP issues, in that the docs tell you how to manage the database, but the applications that use it are the ones that tell you what the data means
<xperia2> i am speaking about the question "how do I know that you hot support guy for my bussiness"
<lamont> JanC: I prefer to fix IIS servers with a livecd
<lamont> xperia2: ah, well that question - sure it's a simple one.  It just requires time and effort to validate the answer in something beyond "trust me"
<xperia2> looks it is very easy: search for people in this countrys that have allready finished in the scool a it master or something like this
<JanC> lamont: IIS DNS server works with BIND configuration files, but the IIS GUI fucks them up, so I told him to keep his hands away from the GUI  ;)
<JanC> well, that was years ago
<lamont> heh
<lamont> xperia2: such a search would not find me.
<JanC> I doubt most peopel here have a masters  ;)
<xperia2> lamont: well becouse you dont want. it would cost you maximal 5 minutes work to get your people with very high skills. do you want a example ?
<lamont> xperia2: I hired into HPs MPE (OS) lab to work on device drivers prior to enrolling in a 4 year college.  My studies were in electrical engineering.  my paycheck was from software development
<lamont> I'm not interested in starting such a business, so no... don't really need the example.
<lamont> and I know plenty of people that have "proven" their technical abilities that I would never trust with supporting anyone.
<twb> If you want masters, go to #math
<lamont> twb: slaves are better
<lamont> wait.  that came out wrong;
<JanC> xperia2: looking back at your question, DNS is one of the more complicated things to understand
<lamont> JanC: mostly because it doesn't actually use the data that it's storing, for the most part
<twb> JanC: isn't it basically just like NIS?
<lamont> twb: only better, and different
<twb> Exactly
<twb> Maybe I'm weird in having grown up with NIS...
<lamont> I remember when I was learning LDAP... my frustrations that none of the LDAP docs told me what I wanted...  only to finally find that what I was actually looking for was documentation for the ldap-using app, not ldap
<lamont> though the app's docs made little sense until I understood some LDAP, and back and forth we bootstrap
<JanC> I don't have real experience with NIS, but even resolving basic DNS issues involves knowing what glue records & TTL are  ;)
<lamont> JanC: yep.
<xperia2> lamont: only a example for finding people that fit your needs for offering such a service.
<JanC> and I don't pretend to be a DNS guru, but at least I know that  ;)
<xperia2> go to the site it.com.mk visit the forum http://it.com.mk/forum/ go to the employment subforum
<xperia2> http://it.com.mk/forum/forumdisplay.php?f=136
<xperia2> make a posting with the title "Ubuntu Specialist Wanted" leave your email and you are done.
<lamont> though glue records can mostly be lalalaalalalalalalala for most basic questions that don't involve broken glue
<xperia2> BTW. Macedonia is that Land that have in all scools Ubuntu running :-)
<xperia2> Do you want me to tell this people arent in the position for solving problems like mine ?
<lamont> xperia2: no.  I want to not have to manage them.
<xperia2> and why do you think all questions need to be answered by the support
<lamont> who said they do?
<JanC> lamont: let's say that I recently saw a well-known conference website go off-line because of broken glue  ;)
<lamont> JanC: when glue is broken, it is the problem.  when it's not, it's a non-issue
<JanC> of course
<lamont> since most people are hosting DNS $ELSEWHERE, glue seldom factors in.  esp when we add in "make sure that your secondary is not one of the hosts in your domain"
<JanC> lamont: I don't want to feed the owners of domains that have primary & secondary pointing to the same host within the domain ;)
<lamont> having said that, it's _FASTER_ if you have all your nameservers inzone.
<lamont> sometimes they're tricky though...  they have 2 IPs that are on the same host.  "much better" :(
<JanC> and then they move and forget to change the glue too
<xperia2> lamont: didnt you said that the people arent proffesional enoght to answer all questions if i am not wrong
<xperia2> The normal answerable question will be answered other question that are specific can be put into a que.
<xperia2> I dont accepr just your thinking that such a service is to expensive and the people are to stupid to answer questions that are posted
<xperia2> day for day in the ubuntu forums.
<lamont> xperia2: no.  I said that if they aren't, then my reputation suffers, if I'm offering it as a for-fee service
<twb> lamont: depends if they live to tell the tale
<twb> This is why all my advice includes a halon discharge test
<lamont> twb: lol
<JanC> I think the issue is that it's often difficult to say how much time is needed to solve a problem
<twb> Regarding time estimates, I have had success with a 3-tuple approach: a "best case" estimate, a "worst case" estimate, and an "expected case" estimate.
<twb> The distance between them indicates to manglement in a measurable way the amount of risk/uncertainty
<JanC> sometimes it takes 3 hours to solve a problem with somebody on IRC, but i doubt they would want to pay an industry-conform rate for that  :P
<twb> JanC: well, IRC is for community, not industry
<JanC> and sometimes after those 3 hours I have to tell them I don't know the solution (or there isn't one); will they still pay me?  ;)
<JanC> twb: what i answer for free, I can also answer for payment  ;)
<JanC> and i doubt an SMB would be happy with "sorry there is no solution" and then pay  ;)
 * lamont wanders off with family, fun though this has been.
<ScottK> I've also found on small jobs the no pay rate is pretty high, so in the unusual event I do them now, it's always pay in advance.
<twb> JanC: they don't have to be happy
<JanC> lamont: have fun
<twb> JanC: they just have to pay
<ScottK> JanC: That also solves the will they pay if you don't fix it problem.
<twb> ScottK: I think my employers do it by an up-front credit check in advance, and forward defaulters to a collection agency
<ScottK> For small jobs it's not worth the trouble.
<twb> Yeah
<JanC> well, if they have to pay for no solution, they won't ask next time...
<ScottK> I'm a one person company, so I don't have an office staff to deal with such things.
<twb> ScottK: that's why I work in a company
<twb> The company exists to insulate me from the "normal" people
<JanC> lol
 * ScottK is getting close to a decade of not having worked for a company
<ScottK> Technically I do work for a company, but I'm it's owner and only employee
<twb> It means my income tax form auto-completes and stuff
<ScottK> Heh
<JanC> that would be the same if you'rethe only employee of your own company  ;)
<xperia2> lamont: sorry but you want just offer a high class expensive service for people that dont want that. most people have specific question like how can i configure conky or install it. what for repos do i need to activate and such a thing. for exactly such question people need a service package and dont tell me that the actuall solution of ubuntu is really good !
<xperia2> how many question over and over are posted in ubuntu ?
<JanC> xperia2: IIRC Canonical has end-user support now?
<twb> JanC: they have a call center in .ca somewhere
<ScottK> JanC: That's where this started.
<ScottK> xperia2 wants a less expensive support option for home server users
<xperia2> how many times did you read in the forums "Can you please read the wikipage .." and such on
<lamont> xperia2: I don't want to offer any for-fee support service to anyone for any rate.
<twb> I'm convinced that home users aren't worth supporting
 * ScottK neither
 * ScottK has had several business ideas in the last few years that he didn't pursue due to needing to provide user support.
<twb> They are too poor, too argumentative and too stupid.
<xperia2> Lamont: i know ! i am talknig more generally
<lamont> then don't tell me that I want to.
<twb> I especially like working for government
<lamont> Canonical and others are happy to provide for-fee services that they see a business model for.  If you see a business model in other things, well, go for it.
<twb> Because $boss spends a month getting the contract, and then I get a nice big project to work on.
<xperia2> Lamont: :-) okay
<snth> ScottK: How do you land your support jobs if you are the only employee?? like how do you market .. etc.?
<ScottK> Most of the projects I work on tend to be large, long projects and word of mouth does pretty well for me for marketing.
<JanC> actually, I love to work on end-user problems, I just doubt I can live on that...  ;)
<sbeattie> lamont: Oooh, MPE. There's a blast from the past.
<xperia2> wanted to tell only that i have found only that dell offers end-user support fo ubuntu for low price but didnt find that ubuntu is offering end-user support
<twb> I didn't know Dell even shipped Ubuntu
<ScottK> Desktops, not server.
<twb> Like I said
<ksoviero> are there any desktop guis for managing server services like apache, mysql, firewall, etc... all in one like windows or open suse?
<xperia2> ksoviero: what exactly do you want to make with this guis ? starting stoping apache only ?
<xperia2> for what do you need it ?
<xperia2> the ubuntu server boot the way exactly how i need it and should be ! why does it not fit for you ?
<ksoviero> more than that, managing virtual server, enabling and disabling modules, etc...
<ksoviero> with mysql, user managment, create and delete databases, create and edit tables
<xperia2> well for mysql you can use very good phpmyadmin
<xperia2> it is very easy for using
<ksoviero> web based wont work, for reasons I wont go into , it needs to be desktop based
<ksoviero> right now, webmin fits my needs perfectly, but, not I need something just like webmin, but desktop based
<xperia2> ksoviero: dont have experience with such desktop based guis for a server. best will be probably to ask in the mysql irc chanell
<ksoviero> ok, thank you
<xperia2> i am wondering if mysql even could have such a support
<xperia2> i am running my server with no screen and connect over ssh to the server and can do all thing on the laptop over the internet conncetion.
<xperia2> okay people. i need to do my works. want to thanks again for your help. see you again. bye
<nyne> in the openldap-server ubuntu server guide there are a few lines that are confusing me. Item 4 says to edit the following file  /tmp/ldif_output/cn=config/cn=schema/cn={8}misc.ldif and change a couple of lines but they don't say what to change them to.. could someone give me a  hand. im trying to set up openldap and have been stuck for a while
<uvirtbot> New bug: #481752 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/481752
<billybigrigger> anyone here use ebox? for some reason the ebox-mail package doesn't exist
<ESEDU> memort stick wont show up in /dev as sdb
<ESEDU> when I try to mount it says device does not exist
<gehengwang> can i install sever edition from hard disk?
<ESEDU> gehengwang: I dont think you can, you need a cd
<gehengwang> ESEDU: are you sure?
<ESEDU> gehengwang: why, cant u just get a cd
<gehengwang> ESEDU: where can i get it?
<ESEDU> U can order it for free from canonical home page, it takes for about 2 weeks to arrive
<ESEDU> or download the image for it from ubuntu pages and burn it on a cd
<gehengwang> ESEDU: and my CD-ROM doesn't always work better!
<ESEDU> gehengwang: /
<ESEDU> : /*
<gehengwang> ESEDU: ok, thanks!
<gehengwang> ESEDU: /
<gehengwang> ?
<ESEDU> i was supposed to draw a sad smiley : (
<gehengwang> oh
<gehengwang> an i also have a question!
<gehengwang> ESEDU: why desktop edition can install from hard disk?
<ESEDU> gehengwang: beats me. I to tried to install ubuntu server from hard drive, but some guy i recall saying that u cant, that u need a cd
<gehengwang> ESEDU: ok .but thanks
<ESEDU> np
<ESEDU> u might want to ask some else still, for im no hack :P
<gehengwang> ESEDU: ok
<acalvo> gehengwang: you can always do a network install
<alex88> how can i start a process with a lower priority?
<acalvo> [related to mail management] does anyone know how to implement a functionality so when a user sends a mail with a big attachment it is parsed by the MTA, generated a link to a website and mail to the receiver with that link?
<gehengwang> acalvo: can you tell me the details
<alex88> ok got it..nice command..
<acalvo> alex88: niceness maybe?
<acalvo> gehengwang: AFAIK, you can boot a system using a USB stick, or even a boot CD, and download all packages from internet
<alex88> acalvo: it's "nice -n priority Command"..thanks anyway
<\sh> moins
<acalvo> I'm trying to create a script (it's bash but it could be perl) to connect thru ssh to a machine an execute a command. However, this script has to be called by one user which does not have home directory (is the nagios user), so it does not have any ssh related file. I've point the ssh command to take a public rsa, but if I try to connect it asks for the authenticity of the host, and since is running in batch mode I cannot acc
<acalvo> ept nor reject it. Any solution?
<RoyK> create a nagios user on the remote machine
<acalvo> why? the script tries to ssh using the root user
<RoyK> omg
<RoyK> why on earth would you do that???
<acalvo> thus I can restart services on the remote machine
<RoyK> first, never let anyone in as the root user on ssh in the first place
<RoyK> man sudo
<acalvo> sudo does not work
<acalvo> I've tried that first
<RoyK> erm. it doesn't?
<acalvo> I mean
<acalvo> it works
<RoyK> what makes it _not_ work?
<acalvo> but if you run it as nagios it won't start the services because it does not launch the process as the user it should, and then it can't read the configuration files
<RoyK> opening up for root login over ssh is bad. automating root login over ssh is insane
<RoyK> sudo /etc/init.d/whateverprocess restart
<kwork> yeah some other user with sudo with nopasswd
<acalvo> I didn't find a better solution
<acalvo> first try was to modify sudoers file and add the nagios user to that service
<kwork> you can do everything thru sudo
<acalvo> however
<acalvo> I want to run remote cmds
<acalvo> so I've to set up in the remote machines
<RoyK> acalvo: make a script for what you want to do, sudo-run that script
<acalvo> nice point, didn't think of that!
<acalvo> RoyK: even if I'm running a ssh script?
<RoyK> then in  sudoers, allow only that script
<RoyK> even if you're doing a bloody ls command
<kwork> RoyK,  i think you need to enable these commands to that user aswell ?
<kwork> RoyK,  whats run inside script
<RoyK> just hte script
<RoyK> s/hte/the/
<acalvo> let's see
<kwork> RoyK,  strange, it didnot work for me like that
<kwork> RoyK,  should retest it
<RoyK> well, works for me (tm)
<kwork> RoyK,  thou it was openbsd maybe it was because of that
 * RoyK hands kwork a -gh
<RoyK> no. sudo works the same across platforms
<kwork> -gh whats that
<uvirtbot> New bug: #481847 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/481847
<RoyK> kwork: just picking on your spelling
<kwork> RoyK,  sorry im not native speaker
<RoyK> me neither
<Boohbah> http://www.goenglish.com/PeopleWhoLiveInGlassHousesShouldNotThrowStones.asp
<kwork> RoyK,  and irc has ruined my spelling to lazy level writing
<RoyK> but though is spelt though although some americans tend to spell though as tho and through as thru and so on, but fuck them :)
<Boohbah> in america, spelt is not a word
<Boohbah> at least not a verb
<RoyK> spelt, past form of 'spell'
<Boohbah> http://www.spelt.com/
<Boohbah> he grain is naturally high in fiber, and contain significantly more protein than wheat
<RoyK> I don't care if Americans can't type as long as some English people actually can
<acalvo> and that's how the internet collapsed
<Boohbah> RoyK: spelled, past tense of spell, in America
<Boohbah> sorry, i just noticed this was not #defocus
<RoyK> Boohbah: americans speak and write fucked up English. I don't use US english
<acalvo> is not working
<acalvo> the script gets executed
<acalvo> but it does not restart the service
<RoyK> what happens if you try to run the script manually using sudo, from the nagios user?
<acalvo> this is the script
<acalvo> http://paste.ubuntu.com/317711/
<acalvo> it works if I run it as the root user
<incorrect> is it possible to stop a package trying to configure itself when you apt-get install it?
<RoyK> erm
<RoyK> acalvo: why do you ssh further in the script?
<acalvo> to restart a service in a remote machine
<RoyK> what I do is I have a nagios user all over the boxes, ssh from nagios to nagios and run a script on the remote host
<RoyK> ssh nagios@somehost /run/this/script/on/the/host
<RoyK> on that host, I configure sudo
<RoyK> not on the nagios host
<RoyK> ssh nagios@somehost sudo /etc/init.d/bloodyservice restart
<RoyK> for instance
<acalvo> so I've to create a pair of public/private keys to ssh without asking for a password, right?
<RoyK> ssh-keygen
<RoyK> create the pair
<RoyK> copy .ssh/id_rsa.pub to the remote host's .ssh/authorized_keys
<acalvo> but how? the nagios user does not have a home folder nor a passwd, so I cannot su to that user
<RoyK> then create one!
<acalvo> since it is a service user, I don't think is a good idea modifying it
<acalvo> I don't want to break any further update
<RoyK> it's just a bloody user
<RoyK> an entry in /etc/passwd
<RoyK> etc
<acalvo> RoyK: it's a ldap based system
<acalvo> it's not as easy as /etc/passwd
<RoyK> but this isn't really an ubuntu-server question, /j #nagios
<mok0> Anyone around with a knowledge of postfix?
<mok0> I desperately need hints on how to get spamassassin to work with it
<ScottK> mok0: What's the problem?
<mok0> ScottK: Spamassassin doesn't mark the mails, as if it doesn't see them
<ScottK> mok0: Generally the recommendation is to integrate amavisd-new with postfix and have amavisd-new talk to spamassassin
<ScottK> mok0: amavisd-new will take care of that.
<mok0> ScottK: I thought amavisd was a virus scanner
<mok0> So, the package to install is amavisd-new ?
<ScottK> mok0: No.  It has some checks of it's own, but is primarily an integration point for other things like spamassassin and (if you want) clamav.
<ScottK> Yes
<ScottK> mok0: Which Ubuntu release is your server on?
<mok0> ScottK: karmic :-)
<mok0> ScottK: I'm moving the old mail server to a new setup, and I want to use Ubuntu's mailstack
<ScottK> mok0: https://help.ubuntu.com/9.10/serverguide/C/mail-filtering.html
<mok0> ScottK: thanks
<ScottK> You're welcome.
<mok0> ScottK: cool! The other guides I've seen on help.ubuntu.com are outdated
<RoyK> mok0: /j #spamassassin
<RoyK> or #postfix
<mok0> RoyK: Thanks, but I actually know sa quite well. It's postfix that's new to me
<mok0> heh ok
<mok0> ScottK: there's nothing on that page telling you to integrate amavisd with spamassissin. Does that work out of the box?
<ScottK> mok0: It's the changes in /etc/amavis/conf.d/15-content_filter_mode that do it.
<mok0> ScottK: right... I can see that it works now!
<ScottK> OK.  Great.
<mok0> ScottK: I think it would be good to have that whole mail chain set up in the dovecot-postfix package...
<mok0> ScottK: ... with the guidelines telling you how to _disable_ the parts you don't want
<ScottK> mok0: I agree.  I proposed the integration include spam/AV stuff, but postfix-dovecot was a first step.
<mok0> ScottK: and a really helpful first step!
<mok0> ScottK: it seems there weren't much site-specific stuff in the changes I just made to the conf files
<ScottK> No.  I'll add a spec for UDS on it.  I can at least ask.
<mok0> ScottK: Great!
<mok0> ScottK: that was fast! :-)
<ScottK> Doesn't take long to make a stub of a spec.
<acalvo> I'm quite interested in setting up spam/AV with postifx-dovecot
<acalvo> I'm stuck at having SASL installed
<acalvo> configured, I meant
<mok0> acalvo: I didn't do that step
<ccole1> i am running ubuntu server 8.10 and i have a backup script running as a cron job. the problem is that it does not not backup all the files as a cron, but when i run it manually it it backsup everything
<uvirtbot> New bug: #482086 in ntp (main) "System time is very slow and differs with real for about 1 minute per hour" [Undecided,New] https://launchpad.net/bugs/482086
<hvn> ccole1: see man 5 crontab   Sometimes you have to escape certain characters from the command cron runs. At least % signs are interpreted by cron
<hvn> Especially date command format strings could cause this to happen
<ccole1> @hvn my crontab entry is this 05 12 * * * /backup/backup.sh. it does not have any of the things mentioned that might cause problems
<ccole1> hvn: my crontab entry is this 05 12 * * * /backup/backup.sh. it does not have any of the things mentioned that might cause problems
<hvn> What is the location of the crontab? /etc/cron.d/ /etc/crontab or does it belong to a user directly?
<hvn> looks like your example does not have the user specified, so it probably is not, or should not be, under /etc/
<ccole1> I access it by using the command sudo crontab -e so i am making the assumption that it is the root user crontab
<hvn> ok, I think that is the case.  Does /var/log/syslog or other log files show anything related to the command?
<ccole1> just that it runs
<ccole1> no errors
<ccole1> it backs up my files only not the other users
<hvn> I have to admit that I have not used other than /etc/cron.* locations for running cronjobs
<hvn> Hmm, sounds like it does not run as root
<ccole1> let me check
<ccole1> when i check the details of the cron under webmin. it states that it runs as root
<ccole1> is there any other way to confirm this
<hvn> I just tried sudo crontab -e on a 8.04. The crontab ends up as /var/spool/cron/crontabs/root  and is owned by root:crontab
<hvn> From that it looks like it should run as root
<uvirtbot> New bug: #480618 in dhcp3 (main) "package dhcp3-server 3.1.1-1ubuntu2.1 failed to install/upgrade: EOF da stdin al prompt per il file di configurazione" [Low,Incomplete] https://launchpad.net/bugs/480618
<mok0> ccole1: are the user dirs on an NFS mounted drive?
<ccole1> the user directories are on an ext3 filesystem
<mok0> ccole1: ... local on the machine running the cron job?
<mok0> ccole1: because your server may not have root priveledges on a disk drive from a remote machine
<ccole1> the ubuntu machine is my file server using samba i connect each win xp machine to the server
<ccole1> so the cron job runs local on the server, and all files are store locally on the server
<mok0> ccole1: alright...  just a thought
<hvn> If you do sudo ls -l /var/spool/cron/crontabs/ do you see the crontab owned by root:crontab?
<ccole1> yeah
<ccole1> Nov  5 12:05:01 lostcity /USR/SBIN/CRON[7818]: (root) CMD (/backup/backup.sh)
<ccole1> the above is a line from my syslog
<mok0> ccole1: ought to work
<mok0> ccole1: get your script to output some messages about what it's doing
<ccole1> i have it outputting all messages it does not complain about anything it just does my directory and ignores everyone else
<ccole1> could it be the directory permissions
<hvn> ok. Then I would check the script and check what environment variables, including contents of PATH, it thinks are available.  The environment available to cron may not contain everything the script needs espcially when it is passed from cron to the script it launces.
<mok0> ccole1: your script is not executed under the same environment as root. Specifically, PATH might be different
<mok0> hehe
<mok0> hvn, beat me to it
<hvn> just slow typing :)
<mok0> hvn, ... or thinking :-)
<ccole1> i have set a directory mode of 700 for everyone, could that be the problem
<zul> ttx: ping
<ttx> zul: pongpong
<hvn> if it runs as root, the permissions should not matter
<zul> ttx: we have the same version of net-snmp for the last 3 releases of ubuntu i was thinking about looking at the version in debian/testing for lucid what do you think?
<ccole1> i have put my script up on pastebin the url is http://paste.ubuntu.com/317783/
<ccole1> output from the err log for this script is at http://paste.ubuntu.com/317784/
<ccole1> it runs perfectly when i run it manually
<mok0> ccole1: uhm... why don't you just use rsnapshot... it's much better than your script :-)
<mok0> ccole1: much less overhead and can save N days of backup
<mok0> ccole1: takes about 5 minutes to set up, can backup to a local or remote system
<ccole1> it feels like a cop out, like i could not get a simple script to work so instead i ran away
<mok0> ccole1: once you see what rsnapshot can do for you, you'll get over your hurt pride :-)
<ttx> zul: yes, good idea
<Italian_Plumber> not a cop out.. nothing wrong with using code someone else wrote that already does exactly what you need.  After all, you're already using open source... you couldnt' build your own kernel so you ran away. :)
<hvn> The first line of script is not e.g., #!/bin/sh
<mok0> hvn: is that important? I think cron spawns the shell... but good catch
<hvn> I am not sure how the executable to run it is chosen
<hvn> and if the pastebin errlog is from cron, it runs
<ccole1> let me try it now
<mok0> what's that "2>>" doing?
<Synthesis> I am trying to install Ubuntu 9.10 x64 on HP bl460c, everything goes fine during the install, but when i reboot, Grub cannot find the kernels or anything under /boot... Any suggestions ???
<zul> kirkland: *cough* there is seven new qemu-kvm bugs sitting there for you
<ccole1> it directs stderr to the file instead of the screen
<mok0> I can never remember these weird redirects
<mok0> Looks like C++ code :-P
<hvn> redirecting stderr.  that is why there is "Removing leading '/'" and not file list in the log
<acalvo> I'm trying to manage a service using another user. I've set up the sudoers file to let the user manage the init.d script, so it can fire it, but I'm getting errors with file permissions in the config files of the service.
<hvn> the file list resulting from v-option is going to stdout and ending up in email sent to root (if there is enough mailer installed)
<mok0> I still say: go for rsnapshot: http://rsnapshot.org/
<mok0> apt-gettable
<mok0> If you're clever, you can set it up so users have access to their own backups
<uvirtbot> New bug: #481203 in openssh (main) "Hardy 8.04.3 openssh does not forward X11 always  cannot open display" [Low,Incomplete] https://launchpad.net/bugs/481203
<ccole1> i added the #!/bin/sh. it run as before no dice
<hvn> I see that you have commented out line 20. If you enable it, does the file list from tar look as it should?
<ccole1> yeah it just list all the files that it is copying. that is why i took it out i wanted to focus on errors alone
<hvn> And that file list shows that not all home directories are traversed?
<ccole1> yes, it just traverses mine, and then continues on. it does not show any sort of error, which is vexing
<nyk2005> There's a strange thing: I can mount my raid5 (which I set up in a previous install using mdadm) using mount /dev/md0 /mnt/raid, but when I put /dev/md0 /mnt/raid xfs 0 0 in fstab, I get a bad-superblock error!
<nyk2005> Can it be a mdadm config thing? because I know I had to put some information there about the raid, but don't find the howto anymore..
<hvn> ccole1: I sounds like your home directory is the only one in /home  If tar can not access files, it logs an error.  Since there are no errors, it can access everything. Are you sure your /home is where the others have their home directories. Sorry if this obvious :)
<hvn> It's the straw grasphing momement :)
<hvn> Just a quick check. Disk space is not a problem?
<ccole1> ls -all /home reports everone in home
<ccole1> webmin reports about 8% disk space used
<hvn> Interesting problem. Can't really think why it is behaving like that.
<nyk2005> How can I have the tmpfs use less RAM? I have 80gb of ram and tmpfs used 5 partitions of 12gb each, leaving only 24gb of ram!
<kwork> 80gb of ram ?
<nyk2005> And they're all almost empty, while my processes get killed because they don't have enough ram... :(
<ccole1> me either and it is drving me crazy
<nyk2005> kwork: yes, it's a nice server! I got it as a gift from ETH biochemistry.. :)
<orudie_> thats a lot of ram
<kwork> nyk2005,  wiht kind of hardware is that
<kwork> what
<nyk2005> but no need to make tmpfs out of all of it, the server also has 80gb of SD hdd which is almost as fast..
<nyk2005> http://biodata2.ethz.ch/phpsysinfo
<Italian_Plumber> I'm running hardy on a Pentium III 450 (and corresponding old motherboard) with USB1.  Would I be able to install a PCI USB card and get USB2 speeds?
<hvn> ccole1: the tar command you are using. There is no chance that it is something else than /bin/tar?
<Italian_Plumber> I want to connect and external HD and make my own "NAS".
<hvn> There are no scripts or anything that run instead of /bin/tar
<ccole1> let me check
<ccole1> used sudo find / -name tar, it only turned up /bin/tar
<kwork> nyk2005,  sysinfo shows only 24gb
<orudie_> nyk2005, nice
<nyk2005> kwork: because the rest is used by tmpfs? That's why I'm asking about reducing that wastefull config!
<kwork> hmmmz indeed
<kwork> wicked config :D
<nyk2005> 5*12+24 =about= 80
<nyk2005> and those tmpfs are a waste of ram... the admin who gave me the machine already wondered what this "linux thing" is doing... :)
<mok0> nyk2005: it swapped out, doesn't take any ram
<nyk2005> And searching for ubuntu reduce size tmpfs in google only brings up lots of peples question about not understand what tmpfs is..
<nyk2005> mok0: really?
<mok0> yes
<nyk2005> mok0: but one of my R processes was killed last night!
<mok0> nyk2005: why?
<mok0> nyk2005: lack of scratch space?
<nyk2005> mok0: let me check the log..
<mok0> nyk2005: http://en.wikipedia.org/wiki/Tmpfs see the section on Linux
<mok0> nyk2005: it's pretty much standard in modern OSes
<nyk2005> mok0: the log end with "Killed". This only happens if the kernel has to kill something because it uses all RAM or some other trigger...
<kwork> nyk2005,  could you paste lshw total
<nyk2005> during mapping an exonarray, which takes some gigs of ram..
<kwork> of memory
<kwork> lshw -C
<kwork> lshw -C memory
<nyk2005> arg tunnels..
<nyk2005> ok
<nyk2005> just the last?
<kwork> theres total somewhere there
<nyk2005> http://biodata2.ethz.ch/lshw.txt
<mok0> !pastebin > nyk2005
<ubottu> nyk2005, please see my private message
<kwork> mok0,  ?
<kwork> nyk2005,  it seems its 24gb
<nyk2005> yeah?
<mok0> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at  http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<kwork> mok0,  why use pastebin over nano /var/www/somefile
<nyk2005> ah ye
<nyk2005> ah yes
<hvn> ccole1: Got me with the backup thing :(
<nyk2005> yeah I have a webserver just for that file.. :)
<mok0> kwork: pastebinit < file
<kwork> dunno i dont like to use pastebin at all
<hvn> Can't say what it could be apart from logging in and checking it myself. And that is not an option :)
<nyk2005> so it has 24gb of ram and the same amount of ram used by tmpfs sharedly.. strange, I saw it going to 80gb in bios..
<kwork> why would i want my configs to be floating around in some random server for who knows how long ?
<orudie_> nyk2005, what kind of connection do you have on this server ?
<nyk2005> kwork: I'll delete the file..
<kwork> nyk2005,  kk
<nyk2005> well thanks for all your help! I run the process again see if it gets killed again. after all last time I tried the install was broken.
<ccole1> thanks
<mok0> nyk2005: if your app uses /tmp extensively, and at the same time you do not have much RAM, your system could run out.
<nyk2005> orudie_: why? I have no idea... good one I guess, it's located in the newest server-room of the ETH in the new HIT building. the room looked like science fiction to me... servers almost frozen..
<mok0> nyk2005: you should configure your servers with plenty of swap space
<nyk2005> mok0: why? /tmp is on root... I though also it should at least be on tmpfs..
<mok0> nyk2005: /tmp is a filesystem mounted on /
<mok0> nyk2005: It takes no disk space away from /
<nyk2005> and I guess all will be ok, mainly I need a lot of ram and not so much /tmp..
<nyk2005> mok0: really? why doesn't this show up in fdisk or mtab then?
<mok0> nyk2005: not sure about R... does it have proper garbage collection?
<mok0> nyk2005: eerr .... I am talking about the default Ubuntu setup. Perhaps you changed it?
<nyk2005> mok0: well depends probably on the package..
<mok0> I guess
<nyk2005> mok0: nope, just installed default ubuntu-server
<mok0> Hm, you
<mok0> are right...
<orudie_> nyk2005, i cant ping your domain biodata2.ethz.ch
<orudie_> nyk2005, or your ip
<nyk2005> yeah if it fails again in R then it's probably that I'm using the package in an inefficient way. thanks for all the help, just wanted to be sure that the hardware is all ok..
<nyk2005> orudie_: it's of course firewalled
<Boohbah> nyk2005: why?
<Boohbah> nyk2005: what harm can ICMP echo packets do?
<orudie_> yeah you should be able to ping your server
<orudie_> just like ping google.com
<nyk2005> Boohbah: what good can it do me if someone pings my server?
<kirkland> soren: ping
<nyk2005> no...
<nyk2005> ah well... I wouldn't care honestly
<nyk2005> it's the admins that control the firewall and I'm happy to have http/https/ssh open
<Boohbah> it would let them know that your server is up
<nyk2005> the local admin knows..
<orudie_> where is the server located ?
<nyk2005> why ping?
<nyk2005> orudie_: zurich
<orudie_> oh
<nyk2005> why?
<nyk2005> you're there too?
<nyk2005> :)
<orudie_> no
<orudie_> i'm in New York
<orudie_> my ubuntu server is in Atlanta, Georgia
<nyk2005> oh!
<nyk2005> I'm also not in zurich anymore but in the train to bern... :
<nyk2005> now that it works finally
<orudie_> bern ?
<nyk2005> lets give it something to work on!
<nyk2005> yes, capital of switzerland
<orudie_> oh
<orudie_> are you in the moving train right now ?
<nyk2005> yes
<nyk2005> in a tunnel now.. :)
<orudie_> what is the primary purpose of the server, why does it need so much resources ?
<nyk2005> orudie_: analysis of mouse exon arrays and comparison to other data. running gigantic mysql and psql dbs
<nyk2005> orudie_: and well... anything I come up with. :)
<jcastro> ttx, around?
<ttx> jcastro: yes
<jcastro> I've given you scheduling powers in the summit system
<jcastro> I've been told you will be scheduling the server bits?
<ttx> jcastro: who told you that ?
<ttx> jcastro: mdz asked to schdule them himself.
<jcastro> jono did, and for me to help you?
<jcastro> oh
<jcastro> ok then
<jcastro> well, if worse comes to worse, you have the right rights to adjust thing
<ttx> jcastro: I might have missed the memo though :)
<jcastro> heh
 * zul bows down to our new overlord
<jcastro> ok so  just in case he gets hit by a bus
<ttx> jcastro: I had some rights already, not sure that was enough though
<jcastro> you just login to summit.ubuntu.com
<jcastro> and you can drag sessions around
<ttx> jcastro: inherited from when I handled the invitations
<ttx> jcastro: ok
<ScottK> ttx: I'd appreciate getting https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-more-mail-integration scheduled.
<zul> ttx: and sever-lucid-papercuts ;)
<ttx> ScottK: like I said, so far I've been asked to stay away from the scheduling, so I'll wait for the memo
<ScottK> Ah.  I misread.
<ScottK> jcastro: ^^^ would you please schedule https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-more-mail-integration then.
<ttx> ScottK: but I'll gladly help if I get the authorization to do so :)
<ScottK> Understand.
<jcastro> yeah, ttx or mdz need to schedule it
<jcastro> I don't touch tracks without the track lead telling me so
<ttx> jcastro: same here :P
<ScottK> OK.  Since ttx isn't scheduling, then we wait for mdz.
<jcastro> ttx, I was told you were backup man. ;)
<jcastro> but ok
<jcastro> ScottK, jono has authorized me to schedule your motu one at least
<ttx> jcastro: we got different messages.
<ScottK> jcastro: Thanks.
<orudie_> nyk2005, pm
<moonpup> would anyone happen to know why when using sftp, a user can create a directory and chmod the directory but a chgrp will fail with unable to
<moonpup>           setstat permission denied?
<mdz> ttx, jcastro, I've asked ttx to take responsibility for the second "roomful" of sessions
<jcastro> oh ok, so if there's a sever session scheduled but you need a second one in the slot then just handle it?
<jcastro> easy enough
<ttx> mdz: ah, ok.
<ttx> mdz: in a recent email ?
<ttx> kirkland, mathiaz: about eucalyptus -proposed validation: I'd need to do a complete reinstall to validate 7 -> 7.3 upgrade path and it looks like I won't have time to do so. Could you both have a look and validate the fixes if possible ?
<ttx> kirkland: you'll bring the cloud-in-a-bag in Dallas, right ?
<kirkland> ttx: i will bring the cloud with me
<kirkland> ttx: i'm on holiday today
<ttx> kirkland: ah sorry :)
<ttx> <kirkland> ttx: i will bring the cloud with me <-- sounds like David Lynch
<aubre> I won't be able to go to UDS, but I hope that for the European folks who are going for the first time - please do try the barbeque. Texas is known for their beef brisket. Here in Alabama, it's usually pork.
 * ttx looks at the schedule
<aubre> kirkland: what machines did you use to make the "cloud in a bag" ?
<kirkland> aubre: laptops
<aubre> kirkland: I know, I was wondering what models
<kirkland> aubre: dell vostro 1220's and thinkpad x61's
<aubre> tyvm
<aubre> kirkland: I am excited to be trying testdrive, it looks like a wonderful project
<kirkland> aubre: cool!  glad you like
<aubre> kirkland: I like the fact that when you go to look at the Vostro they make a point of saying that the CPU has VT support
<Boohbah> aubre: virtualized netbook... sounds... not useful.
<aubre> Boohbah: it is if you are showing someone UEC
<mdz> ttx, in an email I hadn't sent yet ;-)
<aubre> Boohbah: and you need a portable cloud
<ttx> mdz: ah :)
<Boohbah> Uranium Energy Corp?
<Boohbah> Utah eLearning Connection?
<aubre> Boohbah: Ubuntu Enterprise Cloud
<aubre> https://help.ubuntu.com/community/UEC
<ttx> ScottK: the mail session is not "accepted" for UDS yet, and I don't have the power to do so (yet)
<ttx> jcastro, mdz: ^
<ttx> https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-more-mail-integration
<jcastro> ttx, you need to be put in the uds-organizers lp group, only a tech board member can put you in that group.
<jcastro> in order to accept sessions for uds
<ttx> jcastro: ok :)
<ttx> smoser: ping
<smoser> here
<ttx> smoser: you proposed the following sessions on the secondary track:
<ttx> server-lucid-cloud-krd,   	 server-lucid-cloud-ovf
<ttx> do you agree to chair those at UDS ?
<smoser> yeah. thats fine.
<nyk2005> I have a mysql-server running, but when I move it's data dir from /var/lib to /mnt/raid (on a mounted raid5) it refuses to run as it can't create any files. But normal users can write there.
<glassresistor> im having trouble getting my bcm4312 card working with the new karmic server kernel
<glassresistor> i've tried reinstalling the bcmwl-kernel-source modalias and jockey but dkms fails
<brewmaste> is there anyway to tell my server that "myhost.com" is "192.xxx.xxx.xxx" if I connect through eth0, and it's "198.yyy.yyy.yyy" if I connect through eth1?
<glassresistor> reinstall of bcmwl --> http://paste.ubuntu.com/317861/
<glassresistor> jockey log --> http://paste.ubuntu.com/317873/
<glassresistor> will be on and off if someone know how to manually compile and do what dkms does and can point me to a tutorial that would be nifty
<nyk2005> I have a mysql-server running, but when I move it's data dir from /var/lib to /mnt/raid (on a mounted raid5) it refuses to run as it can't create any files. But the normal users can write there! What's wrong?
<Reepicheep> nyk2005: did you keep the owners and permissions?
<nyk2005> Reepicheep: yes
<Reepicheep> and I assume you updated the "datadir" in my.cnf
<nyk2005> yes
<nyk2005> strange, after chown root:root /mnt/raid/mysql/mysql_upgrade_info it worked.
<nyk2005> as if this had to belong to root..
<Reepicheep> nyk2005: what command did you use to copy the data?
<nyk2005> cp -r
<nyk2005> then chown -R mysql:mysql
<Reepicheep> cp -r doesn't keep owner and permissions
<Reepicheep> you may of needed to use "cp -ra" instead
<nyk2005> it doesn't work anymore now.. :(
<nyk2005> mush have been coincidence
<Reepicheep> nyk2005: so it was working but now it isn't working?
<nyk2005> Reepicheep: yes... very strange
<Reepicheep> you still have the data in /var/lib/mysql correct?
<nyk2005> and I just deleted /var/lib/mysql
<Reepicheep> nyk2005: what is the error now?
<nyk2005> Reepicheep: just "fail"
<nyk2005> Reepicheep: nothing in /var/log/messages
<nyk2005> Reepicheep: only a lot of "Nov 13 17:20:44 biodata2 kernel: [10484.346455] type=1503 audit(1258129244.995:475): operation="open" pid=18365 parent=18364 profile="/usr/sbin/mysqld" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/sys/devices/system/cpu/"
<nyk2005> similar problem: http://ubuntuforums.org/showthread.php?t=928445
<zul> yes its know
<nyk2005> what?
<nyk2005> ah: you also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
<Reepicheep> nyk2005: try starting it with mysqld_safe
<nyk2005> finally it works! apparmor ... is annoying
<jdstrand> the /sys/devices/system/cpu/ should be cosmetic
<TeTeT_> how do I expand my cloud with a second cluster controller/availability zone? I installed eucalyptus-cc and eucalyptus-sc on a host, then changed the /etc/eucalyptus/eucalyptus-cc.conf with a second availability zone name, and eucalyptus-ipaddr.conf with the second cluster controllers IP
<TeTeT_> however euca-describe-availability-zones verbose only shows the original avail. zone
<mok0> What could cause rsync to suddenly hang? I've copied several directories, but suddenly both rsync and ssh hang.
<mok0> Even ssh remote ls doesn
<mok0> t work
<aurigus> ping?
<mathiaz> ttx: hey
<mathiaz> ttx: I'll do the upgrade SRU validation
<jcastro> ttx: ok, the server sessions are all marked now, should be colored
<_markh_> Hi everyone. Just starting to learn about clouds with ubuntu. In the docs, it states that the front-end must exist on the same class C net as the nodes. Is this true? If so, how can I set up a cloud that mixes private nodes and public space (say EC2)?  Surely such a constraint would mean that I also couldn't easily have hosts from different server providers participating in a single cloud.
<axisys> is there a solaris live upgrade like feature on ubuntu? where you detach the mirror and then upgrade the OS on the detached inactive sub mirror device and boot from that .. and if something is wrong then you boot back to current boot env ?
<genii> axisys: The closest thing available that I'm aware of is ksplice
<jbernard> kirkland: when you get a chance, rcs_cost branch at lp:~jbernard/+junk/byobu
<Reepicheep> _markh_: by the same class "C" network it refers to that fact that the Cloud Controller and the Node each need to be able to communicate directly with each other on the same network
<Reepicheep> at least that's how I interpreted it.  You can have multiple interfaces on the controller and the nodes though
<Reepicheep> so they can communicate on a private network.. but yet the virtual machines get access to a different public network
<Reepicheep> or how every you configure it.
<_markh_> Reepicheep: Why the same network, isn't it sufficient for them just to be able to talk to each other through any route? Or does the controller broadcast data?
<Reepicheep> I'm not sure on that .. but I think it is because the nodes auto discover the controller
<Reepicheep> so yeah.. probably a broadcast
<Reepicheep> see: http://open.eucalyptus.com/wiki/EucalyptusNetworking_v1.6 for more info on the networking
<Reepicheep> you may need to use one of the "Managed" network modes
<_markh_> I'll check that link in a moment - thx. In my setup I am setting up a test cloud with two hardware machine. Host A has IP addresses 80.84.51.34 - 80.84.51.38 and 192.168.0.1, Host B has addresses 80.84.54.98-80.84.54.102 and 192.168.0.2. I'm at a loss to know how to set (address wise) up A as the controller and B as the node
<Jared_Gust> Can someone help me with cups?
<_markh_> Reepicheep: Got to dash (weekend here:) Thanks.
<Jared_Gust> I am having issue connecting to it using the web management interface on a remote machine.
<axisys> I upgraded from jaunty 64bit server to karmic 64bit server.. and now I do get the login prompt in console.. this page https://help.ubuntu.com/community/SerialConsoleHowto says to edit /etc/default/grub  .. but I dont see that file..
<axisys> I meant, I do not get the login prompt in console
<axisys> do I create the /etc/default/grub file ?
<axisys> would be nice if upgrade took care of it
<axisys> fresh install do not experience that issue
<axisys> /etc/init/ttyS0.conf  this did the trick on that file
<axisys> should I be brave and create a default grub /etc/default/grub ? if that breaks grub i need to network boot and install grub again ?
<Fenix|work> Greetings and salutations.
<Fenix|work> I've just set up server 9.1 and am trying to configure rsyslogd.
<Fenix|work> There used to be /etc/default/rsyslog, but that seems to not exist
<donspaulding> when running pgupgradecluster to move postgres from 8.2 to 8.3, the new cluster is being created with a default encoding of LATIN-1.  I'd prefer this to be UTF-8.  As I understand it, pgupgradecluster looks at some environment vars to guess the correct encoding.  Does anyone know how I can change the default?
<Fenix|work> if I create that file will it supersede the option settings in /etc/init.d/rsyslog still?
<axisys> genii: i think ksplice only prevents reboot
<axisys> genii: after kernel upgrade
<axisys> however that never worked for me .. i had it installed on my laptop and it requuired a reboot after that kernel upgrade
<ttx> stgraber: ping
<mathiaz> ttx: there is only one session about etckeeper?
<ttx> mathiaz: yes.
<mathiaz> ttx: server-lucid-puppet-etckeeper-integration?
<ttx> yes
<stgraber> ttx: pong
<ttx> stgraber: about the containers session
<ttx> stgraber: are you ok to chair that one ?
<th0mz> anyone having experience with crechendo product ?
<th0mz> (crescendo)
<StrangeCharm_> when i install mount points on different encrypted disks, and enter the passphrase for the first disk at boot, other messages intterrupt me before i can enter subsequent passphrases, is there a way around this?
<ttx> stgraber: ?
<StrangeCharm_> is it possible to switch those subsequnt disks to keyphrase mounting?
<StrangeCharm_> sorry keyfile
<ttx> stgraber: please email me the answer :)
<StrangeCharm_> can one run an ssh server from the installer disk (for remote installs) ?
<Jeeves_> StrangeCharm_: Yes
<Jeeves_> you can select packages to install somewhere
<StrangeCharm_> Jeeves_, how?
<Jeeves_> use 'Back' one time and you get this menu somehow
<Jeeves_> (Assuming your in the server-installer)
<Jeeves_> openssh is one of the packages that can be installed
<Jeeves_> Don't have an installer to find out how exactly, but afaik, you can use ssh in the installer
<Jeeves_> off to TopGear now :)
<StrangeCharm_> Jeeves_, i don't want to ssh from the installer; i want to be able to ssh into the installer
<Jeeves_> StrangeCharm_: Ah, no clue than.
<Fenix|work> ok, I'm confused... where's the startup options for rsyslogd stored?
<Jeeves_>  /etc/rsyslog.conf /etc/rsyslog.d/*
<Jeeves_> Ow
<Jeeves_> startup options
<ScottK> Actually that's per application over-rides.
<ScottK> The main config file is /etc/rsyslog.conf
<Jeeves_> startup is in /etc/init/rsyslog
<Jeeves_> which you shouldn't edit
<Fenix|work> once upon a time there used to be a /etc/default/rsyslog file with RSYSLOGD_OPTIONS="..." which overrode the ones in /etc/init.d/rsyslog
<Jeeves_> But I guess they missed a step in implenting upstart and keeping all the options :)
<Jeeves_> Fenix|work: They dropped /etc/init.d/ in Karmic
<Jeeves_> moved everything to /etc/init/
<Jeeves_> Which are upstart files
<Jeeves_> Which you cannot configure, regression, if you'd ask me :)
<Fenix|work> so I can't edit the /etc/init/* files then
<Fenix|work> so how do I override rsyslogd to allow remote connections? :)
<Jeeves_> You can, but you shouldn't
<Jeeves_> So I'd ask the package maintainer :)
<Jeeves_> Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
<sbeattie> Fenix|work: yuck. File a bug, /etc/default/rsyslog is still there, and should be honored.
<Jeeves_> sbeattie: It's not there. But you mean it should?
<sbeattie> Hunh, it is here, but that may be due to me ugprading through the karmic cycle.
<Fenix|work> fresh install of karmic, no /etc/default/rsyslog
<Fenix|work> looking in /etc/init/rsyslog.conf ... exec rsyslogd -c4 ... hardcoded right in the file
 * ScottK doesn't have one either (on an upgraded system)
<sbeattie> odd, I have it on two different karmic systems. Anyway, it's definitely a regression in configurability.
<Fenix|work> -c4 is a new option for rsyslogd ... -c4 selects the desired backward compatibility mode... so -c4 means no backwards compatibility as it's version 4
<jsalisbury> Fenix|work: I ran into the same issue.  I opened Bug 465657
<uvirtbot> Launchpad bug 465657 in rsyslog "Cannot Start UDP or TCP Listening for Logging From Remote Clients" [Undecided,New] https://launchpad.net/bugs/465657
<Fenix|work> let me add my two cents
<jsalisbury> Fenix|work: I found that the -r option is no longer used.  However, following the new procedure and uncommenting the two options to enable remote logging  in /etc/rsyslog.conf does not work either.
<Fenix|work> Grrr
<Fenix|work> jsalisbury, uncommenting those two lines for udp and adding ModLoad imtcp , $InputTCPServerRun 514 ... netstat -vatun shows that tcp and udp are both listening to 514
<jsalisbury> Fenix|work: so it works for you?  Hmm, failed for me.  I'll have to go back and retry it.
<Fenix|work> it shows that it's listening, but maybe fw is blocking, I haven't tried logging yet
<Fenix|work> anyone with bonding instructions handy?
<majuk> Hi all. I am trying once again to set up a PDC with Samba. It is my understanding that Windows machines need to give the root uname/pw to join the domain on the first login. It is there some way to set the root password in Ubuntu without booting through the recovery console or some other way to auth the Windows machines on the domain?
<jsalisbury> Fenix|work: I couldn't even get it to start listening
<Fenix|work> service rsyslog restart and it was good to go
<jsalisbury> Fenix|work:  Hmm.  must be me then ;-)
<Fenix|work> is there any fancy way to bond in 9.10 now? :)
<jsalisbury> Fenix|work:  Nice, its working for me now.  Just talking with you about it fixed it :-)  I guess I'll close that bug now.  Sorry, I don't know about bonding in Karmic - yet ;-)
<Fenix|work> we'll see how this works
<Fenix|work> jsalisbury, https://help.ubuntu.com/community/UbuntuBonding  -- works with karmic
<jsalisbury> Fenix|work: Thanks!
<TallJason> Ubuntu Server 9.10: How do I set up "shared physical device"?   tried the wiki on networking for virtualization and its not working
<donspaulding> anyone know how I can get pgupgradecluster to use a different encoding (UTF-8) than the one it's guessing I want based off of my system locale(LATIN-1)?
<majuk> Can anyone tell me, is LDAP necessary for Samba to function as a Windows PDC? I am so lost in the reeds right now.
<ahasenack> majuk: ldap is not necessary for that
<majuk> ahasenack, Thanks.
<majuk> Now if I could only figure out how to make it work. ><
<flaccid> is it possible to link up the snakeoil cert to postfix ?
<flaccid> like
<flaccid> root@starbug:~# ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/smtpd.crt
<flaccid> root@starbug:~# ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/smtpd.key
<flaccid> ok that works good
<Doorman352> I posted in #ubuntu questions about installing a GUI to experiment in Ubuntu Server 9.04, previously I tried Webmin and dont care for it. I have also been directed to ebox, or just use the desktop distribution. Can anyone offer a good supported solution to use a GUI to configure and experiment with to learn?
#ubuntu-server 2009-11-14
<tbessie> Hey folks - I'm having trouble in that 9.10 server installer always installs grub on the MBR, and doesn't let me choose.  Is that really the case, or am I missing something?
<centHOGG> tbessie: hi agin
<tbessie> centHOGG, There you go.  By your name, you're not using CentOS much, are you?  That was another thought?  Not lots of updates, lots of being hamstrung by rpm, but solid anyway
<centHOGG> ha
<centHOGG> yeah thats how i started linux with centos
<centHOGG> redhat
<centHOGG> tbessie: yeah they don't do much over there
<tbessie> centHOGG, We use CentOS here at work for all our virtual srevers
<centHOGG> so what kind of server are you setting up
<tbessie> centHOGG, Basic file server for my movies, mostly.  Pile o' 1TB and 2TB disks in it (4 in front in pop-out removeable trays, one inside for when I want it quieter, and a laptop boot drive)
<centHOGG> kewl
<centHOGG> been there
<centHOGG> heard of geexbox & freenas
<tbessie> FreeNas, yes - not geekbox - I don't car for any web-gui helper stuff, or something that's geared JUST towards being a NAS.  I want full control on a reasonably vanilla box.
<centHOGG> ok, so how do you want to stream your media?
<tbessie> I'm still trying to decide between EXT3, JFS or ZFS.  EXT4 is too possible-data-lossy-without-an-UPS, so I don't want to use that.
<centHOGG> my fav fs is reiserfs... becaus you can adjust it with acronis
<tbessie> I built a Windows XP htpc, so I generally have been mounting via Samba and playing with VLC, though I sometimes get strange network stuttering/stoppage lately.
<centHOGG> but i guess they are all ok
<centHOGG> what i have is server2003 to geexbox
<tbessie> The reason I built this server was I had 3 prebuilt NASs, and they were so underpowered I was getting annoyed
<centHOGG> you really don't need that much guts to spit out the media
<centHOGG> even the htpc can been limited... unless you are doing HD
<tbessie> I used to use ReiserFS, but I'm going along with the "he's in jail, so I'll stay away from it for now" crowd. Heh.
<centHOGG> ha
<tbessie> I'll look up geexbox.
<centHOGG> like i have to redo my media stripe because I redid my nas server
<centHOGG> i only use my nas for a mirror
<tbessie> I was asking on www.silentpcreview.com for my NAS-building advice.  Everyone thought I was doing overkill on my server, but I wanted to be able to use it for other things, just in case.
<centHOGG> so my media stripe got too big for the nas
<centHOGG> ok
<tbessie> I'm breaking all the rules because I'm not using any kind of RAID, ZFS or otherwise.
<centHOGG> what do you want your nas to do
<tbessie> I've never had a disk fail on me
<centHOGG> jin
<centHOGG> x
<centHOGG> jinx
<centHOGG> i just had one last month
<tbessie> Given the number of drives I have, it's bound to happen sometime - but I don't have things running all the time.
<centHOGG> tbessie: kewl hey pm me
<tbessie> The HTPC I built.. almost two years ago.  Limited tech for a cool, quiet, HD-doing graphics board.  So it's pretty powerful too, for what it does;
 * genii sips
<Doorman352> Is winbind and kerberos OT for this channel?
<Doorman352> Is windbind and kerberos questions OT for this channel?
<StrangeCharm__> how hard is it to move a system mount point to a volume on an encrypted volume? presumably, i have to arrange for the volume to be mounted at boot? i guess that I have to edit fstab and crypttab; are there other files i should edit? where can i find the documentation about what i should put in those files?
<JanC> Doorman352: no, but there might not be many people around to answer them now
<Doorman352> OK, thanks
<Doorman352> Trying to join a 9.04 server with SAMBA, to an existing windows 2003 doman with 2 DCs, it broke both DCs and scrambled the secure channels. Id like to find out what could have happened and how to do this so that the server shares credentials with AD.... the SAMBA how tos are where I started, so they obviously missed something I needed to do... Anyone with experience have any ideas?
<ScottK> Doorman352: Did you check the Ubuntu Server Guide on help.ubuntu.com?
<Doorman352> Yep, started there too.... seems every source has a different process and terminology.
<Doorman352> During the winbind process everything went horribly wrong.....
<Doorman352> The Ubuntu guide doesnt use kerberos, so I went to the Samba guides for help.....
<Doorman352> Tried in #Samab, but been quiet for two days, figured maybe here would have a veteran......
<uvirtbot> New bug: #479823 in euca2ools "euca2ools: euca-bundle-vol strips leading zero (0) from user id" [Medium,Confirmed] https://launchpad.net/bugs/479823
<ScottK> !weekend | Doorman352
<ubottu> Doorman352: It's a weekend.  Often on weekends, the paid developers, and a lot of the community, may not be around to answer your question.  Please be patient, wait longer than you normally would, or try again during the working week.
<Doorman352> Thought I was being patient.....
<JanC> ScottK: apparently "wait longer" wasn't an option  ;)
<i_is_broke> i am getting ready to run a server for port forwarding, and was wondering if 9.10 was stable enough or should i use 9.04?
<qman__> i_is_broke, if you want stable, use 8.04
<i_is_broke> qman__, well i know the next lts is 10.4 can i use 9.04 till then, and then switch to the lts?
<ScottK> Worst case you have to upgrade it two steps 9.04 -> 9.10 -> 10.04, but yes.
<i_is_broke> ok, thats cool
<i_is_broke> thanks for the info...
<JanC> if the only thing you want to do is "port forwarding", I think Ubuntu is overkill  ;)
<qman__> yes, you won't be able to upgrade directly to 10.04 from 9.04, you'll have to upgrade twice
<i_is_broke> JanC, why is that?
<i_is_broke> i also want to use it for storage, and back ups of other computers, maybe even print sharing.
<JanC> i_is_broke: that's a better reason then
<JanC> to use Ubuntu i mean
<i_is_broke> JanC, ya i can build a dsl box just for port forwarding...but i want to do some other stuff with it as well..thats why i was wanting to use ubuntu..its the easiest for me to use.
<i_is_broke> well the downloads are only giving me the 8.04 or the 9.10 is there somewhere else i can find the 9.04?
<jmarsden> i_is_broke: See the various links from http://releases.ubuntu.com/9.04/
<i_is_broke> jmarsden, ty
<jmarsden> No problem.
<i_is_broke> ok let me ask this then, is a lexmarks printer hard to install?
<jmarsden> i_is_broke: It all depends... if it is supported, it is easy... if not, it may be hard.  Try it and see :)
<i_is_broke> i was just checking there web site and the one that i have says its partially supported?
<i_is_broke> so it would probably be better if i went with a more adaptable printer or such.
<jmarsden> i_is_broke: A Lexmark laser will probably be easy.  Some of their very cheap inkjets may be ... less well supported in Linux, shall we say.
<jmarsden> i_is_broke: If you can, get a printer listed in the Linux printer database as being fully supported, sure.
<i_is_broke> well just gives me a reason to buy a new laser printer...:D but ill probably go with something i know is compatible with linux.
<i_is_broke> now i know what to tell the kids to get me for christmas..lmao
<jmarsden> i_is_broke: You are aware of http://www.openprinting.org/printer_list.cgi  right?
<i_is_broke> jmarsden, nope but am now..
<jmarsden> It's a decent general putrpose "how well suported is printer X under Linux" database.  Sometimes slightly out of date, but if it says the printer works well with Linux, it really should work well.
<i_is_broke> actually thats where i was when i found the one that says mine is partially supported.
<jmarsden> Ah, OK.
<i_is_broke> but i booked marked it.
<i_is_broke> and i want to thank all of you for your help and info.its been great
<i_is_broke> is the doc. good for setting up all this that i want to do? and is there any good ref. material for learning apache and some of the other server stuff as well?
<i_is_broke> i have never set up a server before, so ill probably be back once i have it up and running..lol
<jmarsden> Docs on printer setup are decent.  Read the Server Guide https://help.ubuntu.com/9.04/serverguide/C/  early on in your reading.
<i_is_broke> is it better to run a raid or lamp or just allocate hard drive space for different projects, isnt with the others if one hard drive fails messes with the whole system?
<jmarsden> If you have the hardware, RAID is useful on servers for improving reliability.  RAID1 (mirroring) is the simplest way to do that.
<i_is_broke> well i have a promise ultra100 pci ide card that i can add to it and install several more hard drives then what the motherboard gives me.
<i_is_broke> so raid1 would be the way to go, let me google that and see what i can do.if i have any questions where would the best place to ask be?
<jmarsden> If you are building a server running Ubuntu, here is not a bad place.  For hardware issues try #hardware (or is it ##hardware ?)
<i_is_broke> well im sure that the os will be ubuntu
<jmarsden> For software RAID, read https://help.ubuntu.com/community/Installation/SoftwareRAID (a bit old, but you will get the idea)
<i_is_broke> and really thanks for all the helpful links and info..i really appreciate it.
<jmarsden> i_is_broke: Since this is your first Ubuntu server, if it is for home use, don't go too nuts ... RAID 1 just needs two hard drives, both of which can connect to the motherboard IDE or SATA ports...
<jmarsden> Keeping things simple will help :)
<i_is_broke> ok.
<i_is_broke> thats what i thought too...i can always add later if need be.
<jmarsden> Right.
<i_is_broke> ok well ill leave you all alone for the rest of the night, as it looks like i have plenty of reading to do..lol
<jmarsden> Go for it.  Ask here if you have questions.
<i_is_broke> thanks much appreciated..
<jmarsden> No problem.
<donspaulding> how can I override the encoding that pg_upgradecluster is guessing incorrectly while trying to upgrade from 8.2 to 8.3?
<jmarsden> donspaulding: Try asking in #postgresql
<donspaulding> pg_upgradecluster is debian-specific, they don't answer too many questions for it :-/
<jmarsden> Ah, OK... then you need someone with deeper understanding of that aspect of Postgresql in Debian than I have, I'm afraid.  Are there no relevant bug reports in LaunchPad to give you clues?  If not, maybe you should file one!
<ninnypants> can someone help me decipher this postfix error http://pastebin.com/d13bc5d82
<ScottK> ninnypants: The distant end deferred your message.
<ScottK> ninnypants: That's the 451 4.5.0
<ninnypants> so the mail server I was sending it to rejected it?
<ScottK> ninnypants: "Error in processing, id=03231-02, parts_decode_ext FAILED: file(1) utility (/usr/bin/file) failed, exit 8, parsing failure - missing last 1 results at (eval 90) line 165. " is the reason it gives.
<ScottK> Deferred.
<ScottK> It'll get tried again.
<ninnypants> what would cause that?
<ScottK> It looks like the distant end it pretty broken though.
<ninnypants> how so? not sure I follow
<ScottK> Google says that's an amavisd-new error
<ScottK> Your deferral is local relay=127.0.0.1[127.0.0.1]:10024
<ScottK> So it's a problem in your amavisd-new.
<ScottK> ninnypants: What Ubuntu release are you running?
<ninnypants> 8.4
<ScottK> OK.
<ninnypants> how can I trouble shoot amavisd-new?
<ScottK> ninnypants: My recomendation is go through https://help.ubuntu.com/8.04/serverguide/C/mail-filtering.html very carefully and make sure your setup matches the docs.
 * ScottK needs to go to bed, so good luck.
<ninnypants> thanks
<Dregyek> : d
<Dregyek> hello
<Dregyek> hello
<Merlin_> I'm a massive noob at servers.  How do I install a guest with an X server?
<Merlin_> I'm a massive noob at servers.  How do I install a guest with an X server?
<xperia2> hello to all ! anybody here with postfix experience ? have problems to configure postfix for receieving mails from the internet.
<Pupeno> I've switched from php mod to php cgi and now phpmyadmin doesn't get executed as PHP, it gets served as a normal file. Do you know what should I do to have it working again?
<uvirtbot> New bug: #482561 in mysql-dfsg-5.1 (main) "mysql-server-core-5.1 needs mysqladmin but no dependency to packege added" [Undecided,New] https://launchpad.net/bugs/482561
<uvirtbot> New bug: #482589 in mysql-dfsg-5.1 (main) "[karmic] package mysql-server-5.1 (not installed) failed to install/upgrade: freeze at 'unpacking' part" [Undecided,New] https://launchpad.net/bugs/482589
<openeye> hello all
<openeye> someone present?
<eni23> hello guys. i'm searching a dns server. someone knows something (i need low ttl, because it's an changing-ip)
<openeye> hi eni23, maybe you can use bind?
<openeye> lol
<googa> is cups used with samba to provide printers to windows clients, or is samba used alone for that
<uvirtbot> New bug: #482619 in samba (main) "samba often fails to download complete files" [Undecided,New] https://launchpad.net/bugs/482619
<googa> can u add a linux server to a windows domain? how?
<openeye> sure its possible buddy
<openeye> http://ubuntuforums.org/showthread.php?t=390948
<googa> I have linux server in school which has a network. I assigned an ip for the server that will work in the network, now do I have to install samba and all this stuff so i can get DNS, vsftpd, CUPS services working from the linux server to computers in the network in my school
<openeye> i dont know why you would use samba for that?
<uvirtbot> New bug: #482638 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de sa?da de erro 10" [Undecided,New] https://launchpad.net/bugs/482638
<chrismat> How do you enable KSM in the kernel of 9.10?
<chrismat> is it possible to run 2.6.32 on 9.10?
<chrismat> can one dist-upgrade to lucid beta?
<ruadh> I'm looking for Ubuntu server 9.10 (32 bit), but can only find the 64 bit version. Can anyone help?
<ruadh> Can I take it that there's no 32 bit version? I'll have a look at Debian.
<ScottK> ruadh: There is.
<ScottK> (a 32 bit version)
<ruadh> ScottK, Where? I've had a good look for it but can't see it
<ScottK> ruadh: Click on "Alternative download options" on the server download page
<ruadh> Got it, thanks ScottK
<ScottK> No problem.
<maxgqc> Hi I have a problem with dhclient. I have 2 nic. eth0 is set to use dhcp, eth1 is static. But when dhclient runs, eth1 gets an ip address from its own dhcp-server that is running on the server. eth0 gets an ip from the cable modem which is ok. Any help about that ?
<chrismat> maxgcq
<chrismat> can you separate eth0 and eth1 in separate vlans?
<lhasbs> ubuntu doesnt seem to like being in a saved state in virtualbox
<lhasbs> ipv4 network is missing
<lhasbs> the /etc/init.d/networking restart doesnt re up it
<lhasbs> ?
<majuk> Hey guys, I'm having problems getting my Samba PDC server to resolve properly via bind9 (on the same server) to Windows boxes. Any suggestions or TSing points would be appreciated.
<benc1> is there an equivalent to debian daemontools in ubuntu?
<benc1> I have an erlang server that I want to run as a daemon at startup
<BT> I'm using Ubuntu Server 9.10, is there any way to start vncserver automatically?
<BT> it works fine when I run it manually via ssh, but adding it to rc.local it just doesn't seem to start
<axisys> i am failing to upgrade my server... i am getting this error http://pastebin.com/d416bc992
<axisys> anyone have experience something similar?
<axisys> how do I find out what is this is
<axisys> #
<axisys> An unresolvable problem occurred while calculating the upgrade:
<axisys> #
<axisys> E:Unable to correct problems, you have held broken packages.
<guntbert> axisys: my first guess: you have enabled some third-party-software, or proposed or backports
<axisys> guntbert: this is from /var/log/dist-upgrade/apt.log
<axisys> http://pastebin.com/d4d6ef80a
<axisys> i guess i should remove the mysql and rt since i am not using them
<guntbert> axisys: first have a look at your sources.lst - I've seen similar problems upgrading with ppa's and the like
<axisys> http://pastebin.com/f23ea31da this is all I have .. not not look bad
<axisys> s/not not/does not/
<lenios> sudo aptitude safe-upgrade doesn't show anything?
<axisys> lenios: no.. could be because i removed the mysql and rt already.. let me try to release upgarde again
<guntbert> axisys: yes, looks good - but then I cannot help - sorry
<lenios> i would try without multiverse enabled
<axisys> it is working now.. i guess removing those complained pkhgs helped
<axisys> lenios: should I stop the upgrade and add the multiverse ?
<axisys> oh wait you want it w/o
<lenios> you have it
<lenios> if it's working that way, it's ok
<axisys> lenios: ok.. so far so good
<axisys> lenios: /var/log/dist-upgrade/apt.log this was helpful
<StrangeCharm_> the installer supports encrypted roots. is it possible to mount additional encrypted volumes when the encrypted root is mounted, but - instead of using passphrases - using a keyfile on the root?
<lenios> StrangeCharm_, i guess you can read the passphrase from a file
<StrangeCharm_> lenios, why do that when luks supports keyfiles? or do you just mean that that might be the easiest way to do it? i assume that there's a file telling the OS which early crypto disks to mount, and i assume that i just have to edit that, but i don't know which it is.
<lenios> what about http://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile ?
<StrangeCharm_> lenios, that might be what i'm looking for
<Rascal999>  anyone know of a good flash player i can install server end? that can play avi's?
<Bilge> Does anyone know what to do about this error: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory
<Bilge> It exists at /usr/lib
<Bilge> Someone said to install ia32-libs package, but that chain installs half of the packages in the distro
<pvl1> can anyone explain to me if cloud computing is kinda likea VM
<jmarsden> pvl1: well, yes, it is, "kinda" :)  Have you read http://www.ubuntu.com/products/whatisubuntu/serveredition/cloud/faq ?  Maybe after that try https://help.ubuntu.com/community/UEC and https://help.ubuntu.com/community/EC2StartersGuide for some more details.
<embrik> wehre do I write the dns-addresse? I have written it in /etc/resolv.conf - but it is changed back to my old ISP's dns-addresse :-)
<embrik> My server is hardy, used as a router - it worked, but I wanted to play with ltsp-server. After I installed ltspserver, my computers on the LAN can't connect to the internet - because the dns is wrong. Should I write the dns-addresses in network/interfaces?
<pvl1> jmarsden, tyvm, im really interested in this ty
<embrik> anybody
<epinky> embrik: the only file is /etc/resolv.conf
<embrik> epinky, Ok - do you know why the adresse changes?
<embrik> epinky, Do you know what I write to restart dns?
<epinky> embrik: with dns(/etc/resolv.conf) no need to restart anything
<embrik> epinky, OK
<embrik> epinky, I installed ltspserver and built a client - when I couldn't get it working and I suddenly lost the internet on all my clients - I removed the ltspserver  - but I haven't been able to remove the client environment. Is it possible to just ecover from earlier to day. Everything worked an hour ago, before I started playing with this ltspserver...
<embrik> ecover = recover
<epinky> embrik: then you should remove ltspserver and build-client packages, maybe dhcpd also is misconfigured
<embrik_> My clients don't seem to get the right dns-addresse from my server (hardy). When I put in the right addresse in /etc/resolv.conf on the clients - they connect to the internet. But this isn't the way to do it, is it?
<epinky> embrik_: yep, you should add that entry(DNS address) in your dhcpd.conf  then restart the service
<embrik_> done that: option domain-name-servers 217.13.4.21;
<epinky> embrik_: yep, restarted service?
<embrik_> yes, the adresse has been there all the time - just a sec....
<embrik_> In resolv.conf on my clients the dns-server should be my hardy-local-server?
<epinky> embrik_: nope you don't have to modify resolv.conf, make sure your clients are using dhcp (not static)
<embrik_> they are using dhcp -  but after I played with ltsp an hour and a half ago - I lost connection to the internet on my clients. My server connects to the internet. nslookup www says: Server 217.13.4.21  server can't find www: NXDOMAIN. But this is when I have written the right dns-addresse in resolv.conf on the server. After a reboot - the dns in resolv.conf on the server changes back to the old ISP's adresse I had several months ago..
<epinky> embrik_: dhcpd (service) on your hardy works or not?
<gord-s> embrik_: if the server has 2 NICs, one from the internet (maybe DSL or cable router? and gets its adress this NIC from small DHCP server in router? that would change the server's /etc/resolv.conf i think
<gord-s> embrik_: but if yo have changed ISP in last few months, thats confusing
<gord-s> embrik_: also a handy command is     sudo /etc/init.d/dns-clean    this will re-do the resolv.conf if it is done automatically, perhaps by network manager from DHCP like I mentioned. All this I speak of is on the "internet/router/cables/ADSL side" if you have 2 NICS in your server
<gord-s> embrik_: please confirm your ISP DNS addresses are valid for the ISP today, even if you don't really want them there today, if you see what I mean, so we don't get confused by that
<uvirtbot> New bug: #482836 in samba (main) "Samba shared printers not accessible under Vista and Windows7" [Undecided,New] https://launchpad.net/bugs/482836
<embrik_> I have two NIC's on the server - but it has worked nice for quite a while - after I played with isntalling ltspserver - it stopped working. I'm sure that's the problem. I've removed ltspserver. But when I installed ltspserver, I built a client-environment. Taht I haven't been able to remove ..... I'm sorry my posting is a bit late according to your answers.. Ive been away for a couple of minutes
<ScottK> embrik_: Do you have the resolvconf package installed?
<gord-s> embrik_: noo problems sometimes takes an hour or so lol -- ok don't worry about removing the client-build, if no clients then nothing is used, just files sitting there no problem.
<gord-s> embrik_: i dont have my LTSP up today, it's down for maintenance, sorry (holidays)
<gord-s> but you odn't need anything specific configured in clients, all LTSP admin is done server-side with DHCP, unless you havea  boot problem with a client for example
<embrik_> ScottK, Hmm - no - Why is that gone? I install it now.
<ScottK> embrik_: No, it's sometimes known to cause problems like you have, I was going to suggest remove it.
<embrik_> ScottK, Ok - I've installed it - should I remove it?
<ScottK> Yes.
<embrik_> I'm confused - I know the ltspserver ting ruined this. I have bot ubuntu and kubuntu on my server - could that be? no of course not - but I'm trying to eliminate..
<epinky> ltsp just made a mess
<gord-s> embrik_: oh, another thing that can happen to the unaware - your DHCP server, if connected to the same physical switch as the "other" NIC, the "internet-facing one", your LTSP DHCPd can issue leases to the internetty-NIC, and it seems to loop.
<gord-s> embrik_: oh, another thing that can happen to the unaware - your DHCP server, if connected to the same physical switch as the "other" NIC, the "internet-facing one", your LTSP DHCPd can issue leases to the internetty-NIC, and it seems to loop.
<gord-s> oops
<embrik_> gord-s, I think you're getting somewhere - how do I stop the LTSP-dhcp?
<gord-s> <tired
<embrik_> gord-s, no, no, don't sleep from me now - I think you're up to something
<gord-s> well, temporarily,. erm,,,,,,, try sudo /etc/init.d/dhcp3d stop      <<<use tab-compleetion for the server name i think its dhcp3d or somthing
<gord-s> embrik_: then re-request a lease for the internet NIC
<gord-s> embrik_: so you have just one switch with both NICs plugged into it?
<embrik_> did I lose you?
<gord-s> no
<gord-s> u ok
<gord-s> embrik_: so you have just one switch with both NICs plugged into it?
<embrik_> no., I have two nic's eth0 for the internet (dhcp) and eth1 for the LAN
<gord-s> embrik_: ah ok, so eth0 goes >straight< to internet? via a modem/router/hole in wall?
<embrik_> gord-s, yes
<gord-s> embrik_: if so thats ok, but sometimes ppl plug both nics into same switch fabric, that CAN work, if you make the DHCP server a bit restricted to server only thin-client MACs
<gord-s> embrik_: unlike normal TCPIP, DHCP request flood out to the whole switch plane ports, at that stage the NIC has no IP so it cannot, therefore, be on a different subnet < that's where people get confused with this thing
<embrik_> gord-s, In fact I have no use for LTSP. Just trying it for fun, and now my shole family are waiting for the internet connection :-(
<gord-s> embrik_: correct cure is to make DHCPd recognise and server ONLY IPs to the known thin-client NIC MAC addresses, andignore all others
<gord-s> embrik_: hehe I know the feeleing
<embrik_> gord-s, Do you think the "playing-around" with ltsp has ruined my setup?
<gord-s> embrik_: well yes, but nothing drastic, dont panic :)
<jamesrfla> How well will a atom dual core 1.6GHz do with Ubuntu server and VMware server with at max 2 VM's running?
<gord-s> embrik_: what we need to know is - before you installed LTSP, did the family PCs get DHCP from the server on eth1 - or did they have static addresses for family PCs
<embrik_> gord-s, they got ip from server eth1
<gord-s> embrik_: OK good, now the LTSP will have changed the DHCP setip a little, becuase it installs the DCHPd from apt-, then >presumably< places a config file there from a script
<gord-s> embrik_: what you need to do, is re-make the DHCPd config file back to what you had before
<stiv2k> hi
<stiv2k> anyone here use transmission-daemon?
<embrik_> hmm - the dhcpd.conf file is not changed - I'm quite sure. Just a sec..
<gord-s> embrik_:  oh wait.....
<gord-s> embrik_: something about if LTSP installed trhe dhcpd.comnf in the LTSP tftpboot dir is used?
<embrik_> gord-s, what about /etc/ltsp/dhcpd.conf - can that influence on anything?
<gord-s> embrik_: yes thats it, thats the "new" one that being served right now - amnd problems - so,,,,, just rename the /etc/ltsp/dhcpd.conf to /etc/ltsp/dhcpd.conf.LTSP_ONLY
<gord-s> embrik_: and if your existing dhcpd.conf is OK, that should/might do it :)
<embrik_> done
<gord-s> yes thats it, thats the "new" one that being served right now - amnd problems - so,,,,, just rename the /etc/ltsp/dhcpd.conf to /etc/ltsp/dhcpd.conf.LTSP_ONLY [23:05] [gord-s(+i)] [2
<gord-s> oh sooo tired sorry
<embrik_> gord-s, OK - let's see
<gord-s> embrik_:you must restart the dhcp3 server
<embrik_> gord-s, ok - I may lose connection for a second
<gord-s> embrik_:sudo /etc/init.d/dhcp3-server restart
<gord-s> ok
<embrik_> gord-s, Thank you so much - I can not express what a relief this was - This give me more courage to continue my struggle in my regioon to work for free applications to be used in schools - I am a teacer running skolelinux
<gord-s> embrik_:  good, glad we sorted it :)
<embrik_> gord-s, thanks a lot and good night
<embrik_> gord-s, are you from Norway?
<gord-s> embrik_:main problem with LTSP is java runing in browsers, tey kill it :(   no North of England, UK
<embrik_> gord-s, Ok - then LTSP is not ready for schools yet, java and flash must run smoothly or else....  Night
<gord-s> embrik_: oh, flah i mean not java sorry, so tired -0) night
<gord-s> flash
<gord-s> jamesrfla: what sort of thing are you gong to run in VMs on the atom?
<jamesrfla> Windows server 2003 all the time. And maybe some other VM's but they will only be on when I need them
<gord-s> jamesrfla: hmmmm, not sure about that then, never run it but it's got a reputation for being very "heavy", presumably the GUI slows it down etc
<jamesrfla> Yeah it probably wouldn't work to well. Probably it will with just Ubuntu server edition running
<embrik_> exit
<embrik_> how do I leave the channel
<gord-s> jamesrfla:with 3 VM guests of debian serving DHCP/ldap  and tftp to about 200 users etc the host CPU load was about 5% on a athlonXP1700 rofl
<gord-s> jamesrfla: but a single XP guest just sittiing at the login screen slowed it down hugel so that as far as I've been into MSwindows for a long time
<jamesrfla> I see. So atom is a bust I guess. I probably need a dual core and quad core
<gord-s> jamesrfla:but hey, the server editions of MS must at least be optimised to do several things at once, surely, so u may be OK
<gord-s> jamesrfla:do you have a netbook with atome to test? before you build dedicated box
<jamesrfla> I am only going to use Server 2003 for remote desktop. I don't have a netbook to test it on but I did get a cheap rack mont and tried runing stuff on that but it was a P4 (dual core I guess) 3.0Ghz
<gord-s> hmm, u need windows RDP? for windows apps? i presume? my head is thinkng Virtualbox has built-in MS-RDP server for guests, but I just dont see how ythat helps you, I;'m too tired lol
<gord-s> jamesrfla:and it serves on port 3389 no less :)
<jamesrfla> Yeah to run Office 2007 or some other stuff for school. Virtual box can create a Microsoft RDP server?
<gord-s> jamesrfla:yes, it basically blows a picture of the guest machine down the wire, using the RDP protocol, confusing at first
<jamesrfla> Yeah it does. Where do I get it at?
<gord-s> jamesrfla:I had to do a triple-take when i saw it, felt kinda kinky using GnomeRDP to connect to a BSD box lol --- err, there's a Opensourcee edition, more for enterprise, but the "free" editions, ewhuich is closedsource, is free abd is apt-gettable if you add their repo
<Doorman352> remote desktop comes with 2003 server and xp
<jamesrfla> Doorman352: true. But with 2003 I can RDP into it twice
<gord-s> jamesrfla:yes, and thats what made me double/triple-take at virtualbox haha
<Doorman352> right 1 remote and 1 console
<gord-s> jamesrfla:virtualbox.org, downloads, then go for "virtualbox 3.0.10 binaries for linux hosts"
<jamesrfla> Doorman352: I think R2 is different because I can have 2 RDP and 1 console
<gord-s> jamesrfla:but do the APT compatible way, dont add the .deb manually
<Doorman352> Terminal server is also playing in the background with restrictions so you can get several....
<gord-s> jamesrfla: you add the relevant sources.list line, (for either hardy/jaunty etc), then grab the key and add it, then apt-get update <<<important<< then apt-get install it
<jamesrfla> gord-s: Or I can download the .deb package right from the stie
<gord-s> jamesrfla:yeah, but then maybe harder to get update,s dunno
<gord-s> jamesrfla:thats the whole point of using APT u see,never worry about stuff gettin out of date, and the Vbox thing seems to have a lot of patches
<gord-s> jamesrfla:add their repo and it will be seamless forever <famous last words lol
<jamesrfla> True
<gord-s> jamesrfla:you can cut and paste 3 lines to do it the apt way
<gord-s> jamesrfla: apt-get the dkms package too so that when Ubuntu roll a new kernel onto you their modules are done automatically too, its handy to have that anyways
<gord-s> jamesrfla: if you mess with virtualization or a lot of modules you might already have it
<gord-s> jamesrfla: its painless
<gord-s> jamesrfla: oh if you need to get a beefire processor, look for a E6300, it has the hardware Virtualization stuff built in but is relatively cheap as a desktop proc, I use one and it's pretty good for stonky VMs even though its slow clock speed etc
<jamesrfla> beefire processor?
 * jamesrfla googles
<gord-s> jamesrfla:yes, u know like a cow on fire  : user$ cowsay ouch
<jamesrfla> It is a intel core 2 duo?
<gord-s> jamesrfla:yes
<gord-s> jamesrfla:maybe about 100$US, 60GBP, 70EU?
<gord-s> sudo apt-get install cowsay
<gord-s> cowsay beef on fire
<jamesrfla> I am in the USA. So it is just a intel core 2 duo processor with virtualization
<gord-s> jamesrfla:one of those on a small motherboard and u have a great VM-box for remote VMs, put in basement and access by RDP into Virtualbox
<jamesrfla> gord-s: I was just going to install VM-ware server on top of Ubuntu server....
<gord-s> jamesrfla:yeah i used to use VMware svr but now virtualbox seems to have me hooked, not hit a mojor problem yet, tho i hit none with VMware either
<jamesrfla> That way I don't have GUi running....
<gord-s> jamesrfla:havint it via APT just seems more natural even somehow, less stress with updates etc.
<jamesrfla> Yeah when I do the install for my new server I will do that if Vmware offers that...
<gord-s> jamesrfla:yep, though you;ll be surprised how little impact fluxbox or JWM has on a running server, the main objection is that is X is installed it could be leveraged for a security comrpmise, but if not installed cant, probably old way of thinking
<gord-s> jamesrfla:in small outfit where u keep close eye on everything no real problems
<gord-s> jamesrfla:i leave fluxbox and slim or GDM even on most of my test servers here
<jamesrfla> Well I already know how to do everything I need to do without a GUI so why have one. I know fluxbox is very lite. So do you think I should get a dual or quad core to power my server?
<gord-s> jamesrfla:oh a dual s fine , though, dunno about the MSoffice haha
<gord-s> jamesrfla:i guess that whatever you need to make it run OK on a real windoze PC, is the minimum
<jamesrfla> Okay cool. Yeah just Server 2003 in a VM all the time and tons of other VM's but only running when I need them so maybe a max of a 2 or 3 VM's at a time
<gord-s> jamesrfla:after all its virtualised, so wont get faster, only slower. I dont know what MSwindows needs nowadays
<Doorman352> jamesrfla: What are you running on w2k3 server?
<jamesrfla> Just some applications I can't run in Linux like office 2007 for school. They want me to take the cert tests so I need it to study for
<Doorman352> you are going to run office on a server?
<gord-s> jamesrfla:oh i see, you are being certified on Office apps?
<jamesrfla> Sure why not. Then I can use it 2 times at once. I know it works
<Doorman352> jamesrfla: thats terminal server application mode and you'll still need a client to access it.
<jamesrfla> gord-s: yes and much more. Like Cisco and CompTIA stuff. Also tons of Microsoft certs but I really want to get some Linux certs
<jamesrfla> Doorman352: Ubuntu has a RDP client here somewhere
<Doorman352> terminal server isnt rdp, there totally different
<gord-s> jamesrfla:cool, not sure about the M$ stuff rofl. but yeah i guess u need Office to practice, OOo just somehow wont get you up to the grade
<gord-s> jamesrfla:same protocol tho RDP
<gord-s> jamesrfla:in the vendor-neutral protocol-centric way of looking at things (grows beard rapidly and turns into Stallman-esqe animal ready to start a rant)
<gord-s> jamesrfla:u can use Gnome-rdp or the plian ubuntu "terminal server client" on the menu
<gord-s> jamesrfla:both just GUI wrappers for rdesktop i think
<jamesrfla> Yep. Well thanks for you help. Why don't you get some sleep gord-s  since you said you were tierd.
<gord-s> jamesrfla:yeah good idea, I been working on bad hardwarew all day, pings of 3 seconds etc. SSH kinda grinds you down at those speeds
<gord-s> jamesrfla:nn all
<kane_> anyone in DFW currently? :)
#ubuntu-server 2009-11-15
<stiv2k> what is the T bit on a permissions mask?
<jamesrfla> later all
<stiv2k> nv
<stiv2k> nvm
<med\weed> ok figured it out
<med\weed> mrX rom should delete that cm_guardian dll
<med\weed> no exe's left.
<tbessie> Hey all - anyone know why server install doesn't let me choose where to install grub, but always installs in in the MBR?  Still trying to find out why this happens.
<orvonton> Hello all
<orvonton> I have just installed ubuntu server edition on my proliant server
<orvonton> It did not install a GUI by default.
<ScottK> That's by design
<orvonton> oh
<orvonton> I can install the gui if I want to?
<ScottK> Typically in Linux/Unix systems servers don't have a gui.
<ScottK> Certainly
<epinky> orvonton: Use Desktop instead
<ScottK> However any issues you have with it would be off topic for the server IRC channel for help.
<orvonton> Ok, so then most of the admin functions are performed from the command line?
<epinky> orvonton: yes, they are
<orvonton> Well, I mean, most people do not install a gui, is that right?
<orvonton> I guess I'm just spoiled with the desktop version
<qman__> orvonton, yes
<orvonton> it's my first time with a server, so excuse my ignorance
<qman__> generally, a GUI is considered unnecessary at best, and a security risk at worst
<orvonton> ok, then no gui
<orvonton> I will learn more that way anyway
<ScottK> In my opinion it's a bit of a learning curve to get started, but well worth it.
<ScottK> Yes, exactly.
<orvonton> any suggestions as to the path I might take
<qman__> orvonton, read the server guide
<orvonton> Should I start with an email server or something simpler?
<orvonton> I would like to provide some service
<orvonton> server guide, ok
<orvonton> got it
<qman__> orvonton, you need to decide what you want first, then find out how to do it
<orvonton> ok
<qman__> the server guide is a great starting point once you have your goal in mind
<orvonton> that's the problem
<orvonton> I dont have a goal yet
<orvonton> hmm
<orvonton> emai
<orvonton> web server
<orvonton> something
<orvonton> any suggestions?
<orvonton> my goal I guess is to learn how to run a server and provide some service on the net
<orvonton>   Ok, can you point me to the server guide?
<qman__> orvonton, it's in the topic, server guide: http://tinyurl.com/65jzxw
<epinky> orvonton: it's better to start with the concepts then practice is required, I mean RFC is a must
<qman__> if you're using a different version, just replace the version number in the URL
<orvonton> Thanks Qman
<orvonton> I will start reading
<orvonton> Qman, thanks again, I am looking at the url now. I have my work cut out for me.
<orvonton> I was very surprised when I installed ubuntu on my laptop; it found the wireless card and everything is working great; not so with Fedora
<orvonton> So as I progress with my server training, is this the correct group to come too for help?
<PlainFlavored> i hope so
<orvonton> ok, great
<orvonton> I guess I have a lot of reading to do.
<Doorman352> orvonton: I tried to join samba to my existing Windows domain to practice and it wasn't pretty, recomend to do all your testing away from critcal systems......
<ScottK> That's generally a good rule.
<orvonton> oh, absolutely
<Doorman352> unfortunately not possible for me as I didn't have two whole networks at my disposal.
<orvonton> not hooked into anything critical
<orvonton> stuck in the man cave
<orvonton> its going to be a long winter
<Doorman352> I used webmin to manage the server, but I'm told now that is not a good idea. The gui was much easier.....
<orvonton>  So far they tell me that the command line is the way to go
<orvonton> I think with the comman line you really have to know your stuff
<orvonton> That's probably a good thing
<orvonton> I'm so used to gui's
<orvonton> but I can do the command line
<Doorman352> how you learn is up to you, IMHO, however in your final endeavor you should eventually do it according to the best practices.
<orvonton> yes, but I'm sure now what the best practises are.
<orvonton> I mean not sure
<Doorman352> orvonton: I had trouble as a lot of how to docs insist on root access and that wasn't possible with ubuntu and sudo so they didnt work right.
<qman__> Doorman352, if you need root access, use sudo -i
<Doorman352> read my post again.....
<qman__> however, make sure the docs are specific to debian or ubuntu
<qman__> sudo -i gives you a root terminal
<Doorman352> but it didnt make persistent changes on some steps, hence why I said it didnt work with sudo for me.
<qman__> that has nothing to do with sudo, it has to do with incorrect instructions
<qman__> sudo -i gives you a root terminal, literally
<qman__> there is no "better" root than that
<orvonton> logging in as root, is not recommended; correct?
<qman__> yes
<orvonton> Well, running as root
<Doorman352> qman__: You are changing what I said, this is not about what sudo does. It is a statement that several how tos didnt work as they required root access and sudo didnt work.
<qman__> Doorman352, I am not putting words in your mouth, I'm saying, sudo -i IS root access
<qman__> and the problem is not with sudo, it is with the instructions
<Doorman352> qman__: That is what I said. It was a warning to watch out for certain how tos that will require root acces ans they didnt work.
<qman__> different distros do things different ways, so not instructions for another distro may not work on ubuntu
<orvonton> Well, thanks everyone for the advice. I'm going to go and do some reading. I will see you all soon.
<Doorman352> That is again what I said. I found a lot of BAD how tos.
<ScottK> The Ubuntu Server Guide is pretty carefully reviewed for each release.
<ScottK> BTW, if there's stuff you need to do that's not covered there, write it up and we'll get in the next release.
<Doorman352> it didnt cover kerberos and windbing for joining a samba to a windows domain.
<Doorman352> winbind
<Doorman352> hence my journey back to the darkside with windows.....
<ScottK> Doorman352: Well if you get it figured out, let us know.
<Doorman352> I wish somebody else with better skills would figure it out and let ME know......
<Doorman352> I sounded so simple....... my first step to getting rid of Microsoft...... Who new
<Doorman352> And the how tos at samba.org were very confusing and didn't match any of my screens or details.......
<Doorman352> What I need is a guide like: "Fed up with microsoft and want to replace their servers with your own Ubuntu servers in 3 easy steps"..... with pictures, lots of pictures
<qman__> Doorman352, the reason there isn't an easy how to is because that's not an easy process
<qman__> it's actually very complicated and buggy as of right now
<qman__> but when samba 4 releases, it will get a lot easier
<qman__> the whole goal behind samba 4 is an all in one domain controller replacement
<Doorman352> OK, I found that out. Nowhere did I find anything rating difficulties Samba was supposed to be simple....
<Doorman352> What could be more basic than a file server..... right?
<qman__> samba file sharing is not very difficult
<qman__> getting it to interact with a domain is
<qman__> simple workgroup file sharing is fairly straightforward
<Doorman352> Wish I had seen a single warning anywhere before I went down that road..... Now I lurk here and in #Samba waiting for someone whos done it to walk me through.
<Doorman352> workgroups wont work in my WAN
<qman__> the problem is that windows doesn't use standard implementations for kerberos and ldap, and it's completely undocumented
<qman__> but, samba 4 is going to address that
<Doorman352> maybe, but there are a lot of docs out there saying do this and it works....only it doesn't
<qman__> they even spent some time working with microsoft to get it right
<qman__> samba 3's domain compatibility is basically a cross between NT4 PDC and windows 2000 sharing attributes
<qman__> as such it doesn't really work well with newer windows installations
<Doorman352> I'd love to get rid of my DCs and redo everything following the LINUX user model instead, AD doesnt do anything magic for me....just beyond my learning curve ATM
<tonyyarusso> What do I need to do besides adding a Listen directive to access the CUPS web interface from another machine?  (Currently getting "403 Forbidden")
<Doorman352> SAMBA'a website said Windows 2003 Domain......
<qman__> you can get it to work with 2003, but you need to be in 2000 mixed mode IIRC
<qman__> and it's ridiculously complicated, and requires everything to be just so
<qman__> I've gotten linux clients to authenticate to AD, but that's it
<qman__> never did succeed in a samba DC
<Doorman352> yeah, it made a real mess
<ScottK> tonyyarusso: cups has an apparmor profile.  That may need to me modified.
<tonyyarusso> ScottK: ah.  Alternatively, can I add my printer from the command line?
<ScottK> No idea.
<ScottK> Printing has always just worked for me in Kubuntu, never needed to configure anything.
 * tonyyarusso notes that the documentation on this subject on h.u.c is a bit lacking
<tonyyarusso> ScottK: Yeah, it works great when I have the Gnome GUI - I'm just trying to figure out how to set it up headless.
<ScottK> Never needed it myself, sorry.
<Doorman352> Im running 2003 native and got to the winbind/kerberos parts when it Demoted my DCs and scrambled the secure channels, modified the UID for the domain accounts and then locked itself out of AD.... took MS 5 hours to recover, backups of system state were useless.
<Doorman352> qman__: needless to say I know my limitations and wont try it again without some support from a veteran..... Too bad as I want to show of what Ubuntu could do for my organization if we devoted more energy into using it.
<qman__> Doorman352, yeah, it definitely has a long way to go in that regard
<qman__> samba 4 isn't too far off though
<qman__> and that should really help
<Doorman352> too bad, hate the MS model of upgrade and buy more hardware even if you dont need it....
<ScottK> We're getting close on AD.  Samba 4 will be a big help.
<Doorman352> If I could use the budget I have for MS crud, I'd be running some sweet toys on the network..
<Doorman352> When is it expected?
<qman__> Doorman352, I don't think there's a set date, it's pre-alpha right now, but it does work
<qman__> still a lot of bugs to iron out
<qman__> and it's not totally feature complete yet
<Doorman352> Would be nice to have, but Im not going to enjoy the experience if it's buggy, gave up on 9.10 after I got it working as too much work for my users, so went back to 9.04
<Doorman352> in the mean time what is the current config for using Ubuntu on a windows network?
<tonyyarusso> ScottK: Do you know which kind of SSH port forwarding I would use to get around this?'
<ScottK> No.  Sorry
<ScottK> Doorman352: Unfortunately I don't have a Windows network.  Sorry.
<Doorman352> Wish I didn't either.... although then I wouldn't have a job.... ok nevermind
<ScottK> Heh
<tonyyarusso> ScottK: Whoo, figured it out - ssh -L 1631:localhost:631 192.168.1.215
<tonyyarusso> What packages allow cups to connect to Windows-served printers?
<uvirtbot> New bug: #482910 in apache2 (main) "Screen (the program) is buggy when called from apache2 and php5 in cgi mode" [Undecided,New] https://launchpad.net/bugs/482910
<ninnypants> I'm having trouble sending email from my server. the amavis permissions seem to be configured incorrectly. I followed the directions here:https://help.ubuntu.com/8.04/serverguide/C/mail-filtering.html when I set it up
<ninnypants> and these are the mail.log lines that are associated with it http://pastebin.com/d1973e5a5
<tonyyarusso> Found it - smbclient
<axisys> i am trying install over the network .. but i do not see any netboot/netboot.tar.gz in the iso.. i see this http://pastebin.com/f4ea267be
<axisys> where do I get netboot/netboot.tar.gz from ?
<jpiche> I have a system with a broken mysql install, and I need to reinstall the mysql-server package while making sure it re-generates the files in /etc when it does not... any advice?
<ScottK> jpiche: If you purge it instead of just remove it, that will happen.  sudo apt-get purge ...
<jpiche> ScottK, well, lets say the /etc/mysql was removed after the apt-get remove. how do i tell apt to regenerate a my.cnf?
<ScottK> Well if you manually removed it, then the packaging system assumes you don't want it there and won't put it back.
<ScottK> Install mysql again, this time purge, and then install fresh.
<jpiche> ScottK, okay, that makes sense. thanks
<axisys> ever since i upgraded to 9.10 my server stops responding after few mins.. i cannot get to it from console or ssh
<axisys> http://pastebin.com/f5a9fd8ec here is my dmesg
<ScottK> axisys: What type of CPU?
<axisys> ScottK: http://pastebin.com/f3e534a50 intel p 4
<axisys> ScottK: was working fine for last 6 months w/ 9.04
<axisys> and 8.10 as well before that
<ScottK> Dunno what to tell you then.
<ScottK> Sorry
<axisys> do I need to worry abou this? not sure if it was there in previous release or if relevant
<axisys> [    0.328055] * The chipset may have PM-Timer Bug. Due to workarounds for a bug,
<axisys> [    0.328057] * this clock source is slow. If you are sure your timer does not have
<axisys> [    0.328059] * this bug, please use "acpi_pm_good" to disable the workaround
<ScottK> I don't think so.
<axisys> [    1.001348] PnPBIOS: Disabled by ACPI PNP
<axisys> i know it is disabled in BIOS
<axisys> i guess i should enable it ?
<axisys> ScottK: what do you think might be the cause of loosing console or ssh response..?
<ScottK> Do you have local access to the server?
<axisys> ScottK: yes i do
<ScottK> My guess would be a kernel bug, but I'm not an expert in such things.
<Merlin_> anyone here?
<Merlin_> ey
<axisys>    /quit
<AnRkey> i'm having an issue with apt-proxy where I have to restart it quite often if one of the client PC's stops updating in the middle of an update. What is the recommended ubuntu-server apt caching proxy? Or is there a known fix for this issue with apt-proxy?
<Merlin_> Anyone know how to add a guest (with a GUI) to a virtual Ubuntu server?
<AnRkey> Merlin_, you cant really
<AnRkey> i think
<Merlin_> AnRkey: :O So you are saying there is no way to virtualise a server with guests that have GUIs? (like servers at school and universitys etc)
<qman__> Merlin_, you don't virtualize the server, you virtualize the guests
<qman__> I don't know the finer details of how KVM works, but when you need guests with GUIs, what you generally do is connect with a 'virtual console'-type application
<qman__> and run the guest GUI from a regular desktop machine, over the network
<qman__> this is how vmware server and virtual PC server both work, and I have to guess there is a way to do this with KVM as well
<Merlin_> qman__:  I installed Ubuntu server in Virtual Box and (have not port forwarded or anything, dunno how).  So I would install a new Ubntu Desktop Edition (in VB) and connect it to the server?
<Merlin_> qman__: After I find out how to port forward and so on
<googa> why do servers need static ip?
<KurtKraut> googa, they actually don't. But if you intend to run a daemon, like a httpd, having a static IP is important to avoid downtime.
<qman__> Merlin_, that's all handled in virtualbox's configuration
<qman__> you just create more machines and configure networking appropriately
<googa> KurtKraut: downtime?
<KurtKraut> googa, yes, leading your server to be unreachable through the internet if your IP address changes.
<Merlin_> qman__: so all I really need to do is install an Ubuntu Desktop Edition and connect to the server?
<qman__> Merlin_, I don't understand what you mean by "connect"
<googa> KurtKraut: IsinÂ´t also for say a dns server, so that it can be found from the same ip always by clients?
<KurtKraut> googa, sorry, I couldn't understand clearly your question. Are you asking me if DNS servers need to have a static IP?
<qman__> Merlin_, if you want a virtual desktop and a virtual server to be on the same network, you just configure virtualbox for it
<googa> KurtKraut: yes, and why
<googa> KurtKraut: same reason, downtime?
<qman__> googa, DNS servers need a static IP because you need to be able to reach them to get DNS queries
<qman__> other server types don't necessarily need a static IP, by using DNS
<qman__> but DNS needs to be there for it to work, so it's a catch-22 if you DNS server doesn't have a static IP
<KurtKraut> googa, let us make an analogy: think IP addresses like telephone numbers. So, a static telephone number is a phone that never changes. A dynamic phone number may change randomly, almost daily.
<googa> qman__: for consistensy in other words?
<qman__> googa, no, for it to work
<qman__> clients need to know where the DNS server is
<KurtKraut> googa, Police Departament has an important telefone number, and it is static: 911. If police had a dynamic telephone number, it would lead police to be unreachable by phone because nobody would now the current police number.
<qman__> if it's moving around all the time, things won't work
<googa> Ok
<Merlin_> qman__: what are servers called that schools and universities use that every computer is on?
<KurtKraut> googa, you should read http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html
<qman__> Merlin_, there really is no such thing, you use different servers for different purposes
<qman__> if you're looking for directory services, or single sign-on, check the server guide
<qman__> there's quite a few different ways to do that, including ldap and kerberos
<qman__> Merlin_, client machines aren't "on" a server, they simply connect to them to use functions provided by the server
<qman__> with the exception of thin clients, which actually do run on the server
<googa> KurtKraut: What is default gateway in terms of phone numbers :)?
<qman__> googa, the switch box at the telephone company
<Merlin_> qman__: I have never set up a server.  I want to set up a server, like university, and each computer signs in on to a desktop and the actions are regulated (such as you can't access certain websites, can't access C:/ directly).  I understand it is on Windows, however I want to do it on Linux.
<qman__> Merlin_, that's mostly done with client configuration
<qman__> with the exception of web filtering, which is done via a proxy server
<qman__> Merlin_, to restrict users from changing systemwide settings, simply don't add them to the admin group or sudoers file; ubuntu does not allow regular users to make changes to the system by default
<qman__> Merlin_, if you need to restrict them further, you will need to create chroot jails, or some form of mandatory access control, which is a fairly complex configuration and depends entirely on what your users need to do
<Merlin_> qman__: Aaah...
<qman__> but to affirm, unlike in windows, users are unprivileged by default
<qman__> they must be added to the admin group/sudoers file to make administrative changes
<googa> if I want a sub network for about 54 clients do I use a Net mask of 255.255.255.201?
<Merlin_> qman__: fair enough.  You said about restricting websites via a proxy server.
<qman__> googa, no, that's an invalid mask
<googa> So if I want a subnetwork for 254 clients ill use a net mask of 255.255.255.0
<Merlin_> qman__: How does this work?
<googa> and for 500 clients 255.255.0.0
<qman__> Merlin_, yes, if you want to filter web traffic, you need a proxy server, such as squid
<qman__> googa, for 500 clients you could use 255.255.252.0, or 255.255.0.0, or 255.0.0.0, it all depends on what IPs you're using and your preference
<googa> qman__: so in a short analogy what does a netmask do?
<qman__> Merlin_, in the proxy server configuration, you can create a blacklist, or a whitelist, or create user/password combinations
<qman__> googa, a netmask defines the separation between the network portion of the IP address and the host portion
<qman__> googa, http://www.ralphb.net/ipsubnet/
<Merlin_> qman__: How is this web blacklist work?  Does it go on the meta tags of the websites?
<qman__> Merlin_, no, you define in your proxy configuration what sites you don't want people to go to, by URL, wildcards supported
<qman__> so, if you didn't want your users to go to myspace, you would add a deny rule for *.myspace.com
<qman__> I don't remember the exact syntax but that's the general idea
<KurtKraut> googa, you're lacking some essential concepts of networking. You should dedicate a few hours on the internet reading about all those essential concepts. You need to understand them if you intend to maintain a server.
<Merlin_> qman__: I remember at school a few years ago that they blocked EVERY proxy server that I tried and I tried at least 50 of them.  So they manually denied all of them?
<qman__> Merlin_, what most schools and companies do is hire a third party service, which runs a proxy for them
<qman__> that service constantly searches the web for "bad" sites and maintains a large list
<googa> ok
<qman__> and provides a web proxy for the schools and companies to use
<qman__> the school would then configure its network such that all web traffic is directed through the third party proxy
<qman__> and so "bad" websites are blocked, including other proxy siets
<qman__> sites*
<Merlin_> qman__: is this third party server a software or a group of people?
<qman__> Merlin_, there are many companies that provide this type of service
<qman__> one example is websense
<qman__> I think openDNS offers a DNS-based filtering service too
<googa> Is joining linux machine to windows domain very complicated?
<qman__> googa, yes
<Merlin_> qman__: oh.  and this company would also search the websites visited (and maybe keylog??)?
<qman__> Merlin_, the company would definitely NOT keylog, but they may review visited URLs and check for content to update their lists
<googa> qman__: how accurate is this explanation?
<qman__> googa, what explanation?
<Merlin_> qman__: aah.. thanks
<googa> im sorry
<googa> http://www.linuxquestions.org/questions/slackware-14/join-linux-to-windows-domain-371794/
<googa> that
<qman__> googa, that is accurate, but not complete
<googa> what do you mean, not complete
<qman__> it would allow you to access file shares on a windows domain, but to actually "join" a domain, and share users and information, you need to configure winbind or ldap, and pam
<qman__> it is a fairly advanced configuration setup
<qman__> googa, that information also pertains to slackware, configuring it on ubuntu will be different
<googa> I have bind on a machine. will it not work using those settings in the link for windows users
<qman__> bind and winbind are two different programs, with two very different purposes
<googa> yes i see
<googa> tough, will a dns server not work for windows client without all those advanced configuring ldap pam ....
<qman__> googa, you do not need to join a domain to provide DNS
<googa> good
<qman__> the DNS server will work regardless
<googa> what about vsftpd daemon
<qman__> same
<googa> do you need to join domain for that to be availble
<googa> no?
<googa> good
<qman__> no
<googa> and last CUPS
<googa> what about that
<qman__> windows doesn't support connecting to CUPS out of the box
<googa> be more specific
<qman__> if you want to share printers to windows clients, I suggest sharing them with samba
<qman__> also, does not require joining the domain, though it is optional
<googa> are u sure, someone told me i can share them trew cups
<qman__> it is possible to connect windows to a CUPS printer, but it isn't the same as windows print sharing
<qman__> both ways work, it depends on what you want
<Merlin_> ey, qman__: How do you create a download limit?
<qman__> Merlin_, can you be more specific?
<Merlin_> qman__: I remember at school that you could not download files over 1GB.  If you tried you would only download the first GB of that file so, thus, the file would be useless.
<qman__> Merlin_, yes, squid supports that type of configuration
<qman__> I don't know off hand how to do it, but you should be able to find it
<Merlin_> qman__: Could people bypass this configuration?
<qman__> Merlin_, not if you configure squid as a transparent inline proxy
<qman__> however, this only works for http
<qman__> ftp and other protocols, if you allow them out, will not be limited by it
<qman__> it is possible to limit other protocols too, but I don't know how to do it, and it would probably require purchasing software or equipment
<Merlin_> qman__: what about using wget or by pausing the download, restarting the computer and resuming the download?
<qman__> Merlin_, it would still be prevented
<qman__> at least, I think it would
<qman__> you would have to test to make sure
<Merlin_> So there is no way to bypass this unless you didn't go through the proxy?
<Merlin_> aah
<qman__> a transparent inline proxy doesn't require any special client configuration, it just mangles all web traffic
<qman__> and applies the rules
<qman__> there are other ways to tackle the problem too
<qman__> such as with complicated firewall rules
<Merlin_> like what ways?
<qman__> you could create or buy a software or device designed specifically to do it, or you could configure the firewall in such a way that it would prevent files over a certain size from passing through
<qman__> a proxy is the simplest and most typical method
<Merlin_> aah
<qman__> generally when this type of configuration is needed, there is a large budget to be spent on it
<qman__> so as you might imagine getting better than a proxy can get expensive
<qman__> either in manpower to set it up or tools to do the job
<qman__> or both
<Merlin_> I could imagine
<Merlin_> By hosting a proxy server in a virtual environment, then connecting to that server in the same computer keeps the same IP, right?
<qman__> Merlin_, no, each of your virtual machines will have its own IP on the virtual network
<qman__> it's possible to bridge everything together but that would prevent any of this from working
<qman__> what you want is a virtual network routed to your real network, with all the VMs on the virtual network
<Merlin_> I don
<Merlin_> t understand
<Merlin_> By creating a virtual proxy server and connecting to it on the same computer will dramatically increase my security of the computer would it not?
<qman__> in order to configure the client and server in this way, you need to run a virtual network that is separate from your actual network
<qman__> and then route the two together
<Merlin_> To get all the machines with the same IP?
<qman__> Merlin_, the machines cannot have the same IP, they must have different IPs
<qman__> that's what the virtual network is for, to allow your virtual machines to each have their own IP on the network, and then you route your virtual network onto the real network
<qman__> effectively, it's as if your host machine was a router, and all the virtual machines were behind it on a switch
<Merlin_> aah
<qman__> now, that is not the only way to configure networking for virutal machines, but it is the way you need to configure them for this setup to work
<qman__> IIRC, virtualbox makes setting it up that way especially difficult, if not impossible
<Merlin_> To set up a server, the network would need to be on 'host-only'?
<qman__> I think the way you would need to do it is
<qman__> on all the clients, set host-only
<qman__> on the server, create two network adapters, one host-only, and one NAT or bridged
<qman__> then configure the server to route traffic for the clients
<Merlin_> ah ok
<qman__> but you would need to check into virtualbox's manual and support, because I remember having a hard time getting it to work that way
<qman__> I've done it on vmware, and on virtual PC just fine, but virtualbox was difficult
<Merlin_> You like VMware, virtual PC or VB better?
<qman__> depends on what for
<qman__> for performance, virtualbox is best
<qman__> for networking, vmware is best
<qman__> for a quick, easy, windows VM on a windows host, virtual PC is best
<Merlin_> mm.. k
<Merlin_> qman__: by connecting to a proxy that I would host in a virtual machine, this would increase my security, right?
<Merlin_> qman__: you there?
<qman__> Merlin_, it wouldn't really affect security at all
<qman__> it would merely alter your web browsing experience
<Merlin_> qman__: but then wouldn't a hacker/website only get the IP of the proxy server?  THEN they would have to get my IP from being in the proxy server?
<Merlin_> Thus, taking longer
<qman__> all the traffic is funneled through your external IP anyway
<qman__> and, attempting to hide your IP address is futile and pointless, in regards to security
<Merlin_> oh
<Merlin_> What about, since you are going through a proxy, then wouldn't the hacker only 'hack' into the proxy server, and since it is a virtual server, they cannot be much that would harm my computer??
<qman__> that is a pretty misguided view of how "hacking" works, but even in that scenario, your host machine is more accessible than the virtual machines running on it regardless if you use a proxy to browse the web
<qman__> to actually secure your network, you need to lock down access at the perimeter, your connection to the internet
<Merlin_> oh
<Merlin_> qman__: How would you make a user connect only to the proxy?
<qman__> Merlin_, you can configure the proxy to be inline and transparent
<qman__> so that all outbound web traffic is forced through it
<Merlin_> how would youuu do that?
<qman__> there are guides for it
<qman__> like this one: http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
<Merlin_> thanks
<qman__> obviously you need a little adapting to your network design, but it covers the squid configuration completely and gives you the concepts
<Merlin_> thx
<error404notfound> i have a remote VPS, it has 12G hd, out of which around 6G is used. I want to take its backup so that i can restore it in one command. I want whole backup without putting it down. ideas?
<uvirtbot> New bug: #483066 in postfix (main) "package postfix (not installed) failed to install/upgrade: ?????????? ????? ???????? pre-installation ????????? ??? ?????? 1" [Undecided,New] https://launchpad.net/bugs/483066
<error404notfound> what kind of backup do i need to restore a system state? by state i mean the same set of packages with relevant same set of configuration and documents as of now?
<error404notfound> any other option than just using dd?
<error404notfound> without putting the server down.... and it would be great if it could be incremental
<dassouki> what is the best way to create an sftp user to access a specific folder
<dassouki> and its subfolders
<pmatulis> dassouki: you want to limit what the connecting user can see?
<dassouki> pmatulis: just for wordpress, I want to create an sftp user, so I can automatically update my plugins folder
<dassouki> so it can only upload to that folder
<pmatulis> dassouki: you could force a chroot for that user
<pmatulis> dassouki: he would only be able to see his home folder for instance (that contains the dir you want him to update)
<dassouki> oooh k
<dassouki> so i need to use proftpd then
<pmatulis> dassouki: why?
<dassouki> pmatulis: i thought that's how you create an ftp user
<pmatulis> dassouki: you said you wanted to use sftp
<dassouki> sorry yes
<dassouki> FTPS
<pmatulis> dassouki: not sure about ftps, best to use sftp, it's secure and simple
<dassouki> ya the options are ftp or ftps
<dassouki> to enable automatic updating
<pmatulis> dassouki: k, dunno then
<dassouki> thanks for the help though :D
<pmatulis> dassouki: when i don't use sftp i use vsftpd
<pmatulis> dassouki: it can also chroot
<Wallace> I have just installed server, and it set up my primary network interface fine.  Now I want to setup the other interface...is there a simple configuration tool to do this, or do I have to start hacking scripts?
<pmatulis> Wallace: edit /etc/network/interfaces
<dassouki> pmatulis: ah so it's not a simple adduser then
<pmatulis> dassouki: vsftpd is a server, it allows users to connect and use that service, so, yes, you need to create those users
<TeTeT> pmatulis: doing some weekend work?
<pmatulis> TeTeT: yes
<Wallace> thanks pmatulis: how do I bring the interface up now? - just if-up eth0 ???
<pmatulis> Wallace: 'sudo ifup ethX' should do it, yes
<pmatulis> Wallace: also 'sudo service networking restart'
<Wallace> cool thx - now i just need to get ssh work....ahh, network restart
<Wallace_> sudo service networking restart says "restart: unknown instance:"
<Wallace_> hang on bbias
<ScottK> pmatulis: I'd ask what release wallace is on when he comes back.  sudo restart foo only works on 9.10
<maxgqc> Hi, I have a problem with dhclient. My server has 2 NIC. eth0 is configured using DHCP and eth1 has a static ip address defined in /etc/network/interfaces. But sometimes eth1 gets an ip address from the dhcp server that is running on the server. Any help would be appreciated
<pmatulis> ScottK: true
<pmatulis> ScottK: actually that command is available since 8.10 no?
<pmatulis> (service foo restart)
<uvirtbot> New bug: #482313 in dhcp3 (main) "dhclient-script ignores "option host-name" from DHCP-server" [Low,Confirmed] https://launchpad.net/bugs/482313
<uvirtbot> New bug: #482720 in php5 (main) "Php cron job fails when there are a lot of session files in /var/lib/php5" [Undecided,New] https://launchpad.net/bugs/482720
<johe> hi there,i have an problem with snmpd daemon in LTS, it dies after a while, i heared of an bug which should be solved 12ubuntu7, but 4ubuntu7 is still active in LTS, any hint
<johe> snmpd-5.4.1~dfsg-4ubuntu7 is what LTS use
<Knifa> Hello. I've just installed Samba on my server and configured it so home folders are shared and that users need to login using a valid account on the server itself. However, despite it being set up correctly as far as I can tell, I can't login using my username and password. Any ideas? I can pastebin the config if required.
<johe> Knifa, did you use smbpasswd for the accounts?
<Knifa> i havn't, no D:
<johe> Knifa, maybe you should :-)
<Knifa> oh, hmm.
<Knifa> i was assuming it would use the logins from the server D:
<johe> well, i always make it that way, but we use it as an pdc, just try ^^
<qman__> yeah, it's supposed to sync the two, but you usually have to set smbpasswd once on each user
<Knifa> ah okay
<Zeboss> hello
<Wallace> hi all.  I just installed server 9.10 today, and the installer kept reporting "fail" when configuring the packages.  I went ahead with the install anyway, it it all seems okay, except, when I start up the display gives me a few lines (e.g. fscking), and straight to a login prompt.  Some basic stuff wasn't installed (e.g. tcpdump, samba, apache, sendmail - IIRC, i selected samba and mail plus a few other options).  Do I need to re-install, or s
<Wallace> I kind of expected to see more starting services messages as it comes up
<qman__> Wallace, all the packages you listed are extras and not in the default install
<ScottK> It's not particularly expected, but it should be fixable rather than requiring a reinstall
<qman__> the 'mail' task installs postfix and dovecot, not sendmail
<ScottK> Wallace: One design rule in Ubuntu Server is that the base install has no open ports, so (for example) no MTA by default.
<Wallace> okay, thanks.  next, what imap4 server would you recommend...there seem to be a few options
<ScottK> Dovecot is the one that's supported
<Wallace> scott: ahh, okay...makes sense
<ScottK> Most people seem to like it.
<ScottK> Also Postfix is the supported MTA, not Sendmail.
<ScottK> Exim4 is also supported, but not so heavily documented.
<Wallace> scott: you said it's installed already...what do I need to do to enable it?
<Nexen|Zeboss> dovecot works fine
<ScottK> Wallace: Which 'it' are we talking about?
<Wallace> scott: i'm not familiar with postfix...can I use it to relay smtp from my internal net?
<ScottK> Yes.
<Wallace> scott: sry, dovecot...how to i enable dovecot
<Knifa> Okay, I used smbpasswd to add a new account with my username, but I still can't connect. D:
<qman__> Wallace, if it is installed, you just need to configure it, in /etc/dovecot
<ScottK> Wallace: Look in /topic for the link to the Ubuntu Server Guide.  It has very good docs on how.
<Wallace> qman: k, thx, i'll have a look
<Wallace> scott...er ubuntu server guide?  where do I find that..on the net or installed on the machine?
<qman__> Wallace, online, the link is in the channel topic
<Wallace> ..ah, thanks....and dovecot doesn't appear in /etc... the package is called "dovecot" right?  I can just apt-get it?
<qman__> Wallace, you can, or you can use tasksel to install the 'mail' task, which will install and configure (to a basic level) postfix and dovecot
<Wallace> qman: what is / how do i use "tasksel" ?
<qman__> you can either use the menu interface using "sudo tasksel", or IIRC it's "sudo tasksel install mail-server
<qman__> "
<Wallace> k, thanks guys, I'll look it up :)
<ScottK> There is also in Jaunty and later a package called dovecot-postfix you can install that will do all the configuring for you
<ScottK> (It may be postfix=dovecot)
<Wallace> ...ahh, the same interface as the installer...the one that failed earlier...interestingly mail, and a few other things are not selected.....that may be related to the error
<Knifa> Ugh. I added my user using smbpasswd for Samba on the server. Still can't connect. Just says it's incorrect.
<Wallace> Knifa: what client are you using?
<Knifa> i'm trying to connect to the server via windows 7 (but also tested on my macbook with the same error)
<Wallace> hmm, dunno about windows7, and tbh, it works fine with vista for me, but certainly with xp, you have to add a registry key "sendplaintextpassword" or something like that for it to work.  I'm guessing here..if it works with vista it ought to work with 7, but might be worth having a quick look into it
<qman__> samba works fine with XP out of the box
<Wallace> qman: never did for me...i always had to add that registry key....unless it's been worked around with newer versions of samba....like i said, i'm guessing really, but that's what i had to do
<qman__> Knifa, you did smbpasswd -a for your user, correct?
<Knifa> yep, i did.
<qman__> that always did it for me, maybe there's another problem
<qman__> are you sure the client is using the correct username?
<Knifa> yeah, definitely
<qman__> I don't know about mac, but windows tends to send a bunch of bogus creds before asking you
<qman__> hmm
<Knifa> i'm using the default config, apart from uncommenting the bit about sharing home folders
<Wallace> knifa: you may need to add an "interface" setting then, otherwise it may not allow connections
<qman__> Knifa, does the user's home directory exist and belong to him?
<Knifa> qman__ yeah, it does
<qman__> no, it works out of the box
<qman__> just add shares and users
<Wallace> ...or is the default interface to listen on anything
<Knifa> i don't think it would reject my login otherwise
<Knifa> it would just fail
<qman__> yeah
<qman__> it would just fail to connect, not fail to login
<qman__> Knifa, try re-setting your user's password (to the same thing)
<Wallace> ahh, okay, well i always set that up anyway, so world+dog can't connect via my external net interface
<qman__> the system password
<Knifa> still fails :[
<Knifa> i actually think it's rejecting connections now.
<Knifa> hrm
<Knifa> okay no it isn't
<qman__> and it's giving you NT authentication failure?
<Knifa> yeah
<Knifa> atleast i think so.
<qman__> what are you using on mac to test?
<qman__> windows doesn't give any helpful output
<Knifa> just the connect to server bit in finder
<Knifa> \\SERVER is not accessible. You might not have permission to use this network resource. on windows 7
<Knifa> mac says login is incorrect
<qman__> hm
<qman__> it would help if you had smbclient to test with
<Knifa> i can install it and see if it can actually connect to itself
<qman__> Knifa, check your /etc/samba/smb.conf, and see how the authentication section compares to this: http://pastebin.com/d5f312afe
<qman__> this is a working config
<Knifa> sorted it
<Knifa> encrypted passwords needs to be turned on
<Knifa> thanks :#
<Knifa> :3
<qman__> ah, yeah, that one's important :)
<Wallace> Okay, I can connect via imap, but can't send a test message.  When I try and use 'mail' on the command line to send, I get: postdrop: warning: unable to look up public/pickup: No such file or directory
<Wallace> have i forgotton to configure or install something?
<Wallace> ....and come to think of it, should I uninstall sendmail
<qman__> Wallace, this should be relevant: http://ubuntuforums.org/showpost.php?p=4541595&postcount=5
<Wallace> thanks...that did the trick...now just gotta figure out how to make it visible to dovecot
<Wallace> damn...I wonder if mail sent it via the smarthost....
<Wallace> does postfix deliver local mail locally by default, or does it relay everything?
<qman__> I'm not sure
<qman__> I know it can be configured both ways, but I don't know what the default is
<Wallace> k, i'll look into it...meantime how do I remove a package installed with apt-get ... specifically sendmail, I guess I don't need it
<Wallace> is there an apt-remove? I can't see one
<qman__> sudo apt-get remove, but you should use sudo apt-get purge
<qman__> to remove all the configuration files for sendmail
<Wallace> ahh, get-remove
<Wallace> thanks again :)
<qman__> remove just removes the binaries, purge removes all the configs
<Wallace> hmm, interesting, it says it wasn't installed....i swear i installed it earlier
<Wallace> ...actually, it says "the following packages were AUTOMATICALLY installed" (my emphasis) ... "use apt-get autoremove" to remove them
<qman__> yeah, when you install a package, the deps are auto selected, and when you remove it, those deps could still be installed
<qman__> it keeps track of it so you can easily remove them if you want
<Wallace> qman:  ahh, so sendmail is some sort of meta package then?
<Wallace> anyway, if i could just figure out what postfix was doing with my mail
<qman__> probably not
<Tru7h> Greetings! Does anybody know how I would go about connecting my server to a wireless network?
<Wallace> truth: in my case, i have a wireless access point with an ethernet port in it, which i just plug in and do a bit of config
<Wallace> oh, wait, you want to connect *to* a network, not create one
<Wallace> what wifi hardware do you have on the server?
<Tru7h> Wallace: I believe it's an Intel PRO/Wireless 2915.
<Bo7> Hi! I just did a fresh install of 9.10 server, The DHCP auto-config fails. what should I do? it works perfectly on 9.10 Desktop, but not with server. It's connected directly to the Internet.
<qman__> Bo7, unless you pay for multiple IPs, you can only connect one machine directly to the internet on home/small business plans
<qman__> if it is the one machine, contact your ISP
<Bo7> they support 5 ips. and it's connected directly to the port, so it should work
<qman__> in that case, they might be using the MAC address to identify your computers
<qman__> you'd have to contact them to find out
<qman__> server and desktop use the same DHCP client, so if desktop worked, server will too
<Bo7> iit worked when I ran Ubuntu Desktop, so I was thinking there's a difference in drivers or something?
<qman__> it has to be an external factor
<Bo7> hmm, I see
<qman__> now
<qman__> you did say dhcp failed to get an address right? in that it IS running?
<Bo7> when I run the setup yes
<KiLVaiDeN> hello everybody !
<qman__> Bo7, did you install anyway? if so, try running dhclient manually
<qman__> sudo dhclient eth0
<qman__> or whichever interface you're using
<Bo7> yes I tried that before, but now I just did a reinstall, and it failed again..
<Bo7> I'm considering downloading the LTS version and try that. Maybe 'll work better?
<qman__> it probably won't make any difference, but you can try if you want
<qman__> like I said, the problem is likely external, or it might be choosing the wrong interface during setup
<qman__> you don't need an internet connection to install, as long as you can get connected afterward and update
<Bo7> yeah. I tried to put some stuff in /e/n/interfaces before, didn't help..
<AnRkey> i'm having an issue with apt-proxy where I have to restart it quite often if one of the client PC's stops updating in the middle of an update. What is the recommended ubuntu-server apt caching proxy? Or is there a known fix for this issue with apt-proxy?
<Bo7> namely "auto eth0      and    iface eth0 inet dhcp"   but it got a ip6 address and failed
<qman__> Bo7, that's the correct configuration
<qman__> so as long as eth0 is the correct interface, and is detected by the system (shows up in ifconfig -a)
<qman__> then there's nothing wrong on the machine
<Bo7> yes, it says eth0, but it gets an ipv6 adress somehow..
<qman__> that's automatic
<Bo7> ahh
<qman__> even if you're not connecting, it assigns itself an ipv6 address automatically
<Bo7> oh okay
<qman__> sort of like the 169.254.x.x ipv4 address scheme
<qman__> but, the fact that it IS assigning itself an ipv6 address means the hardware is working
<qman__> and it has link
<Bo7> hmm, so what then? o_O
<qman__> it must be external, check the device it's plugged into, or contact your ISP
<Bo7> I'm gonna try the desktop live cd again to make sure
<KiLVaiDeN> i'm on my way to configure an email server, which one would you recommend ?
<Bo7> desktop is 32-bit, and server 64. but that won't matter right?
<KiLVaiDeN> Bo7, 64bit has always felt kinda unsupported to me on all distribs, but maybe it's a wrong opinion... I would suggest you install a 32 bit if you can, performance won't be that much impacted if you don't need the 64bit thing
<qman__> on the contrary, 64-bit is preferred
<qman__> though that does introduce another possible problem
<Bo7> I see, I just went with the default download from the site
<qman__> if there is a bug in the 64-bit driver, but not the 32-bit driver
<qman__> try the 32-bit to verify
<KiLVaiDeN> 32bit drivers are always more widely tested in my opinion, that's why I stick usually to 32 bit, but it's me, you can ignore my advice ^^
<Tru7h> Bo7: The 32/64 bit difference is the only variable I can see; it would make sense to test the 32-bit one to see if it works.
<Tru7h> Bo7: If it does, we know for certain where the problem is.
<Bo7> allright, I'll download 9.10 32-bit also then
<qman__> yeah
<qman__> 64-bit is clearly loading and using a driver though, so if it is that, it has to be a bug in it, not lack of support
<KiLVaiDeN> so... do you guys have a suggestion for a preferred mail server ?
<qman__> KiLVaiDeN, postfix + dovecot
<qman__> it's the setup used in the mail server task and is supported
<qman__> the other supported mail server is exim
<KiLVaiDeN> yeah i'm reading https://help.ubuntu.com/8.04/serverguide/C/email-services.html and they seem to go for that option too
<KiLVaiDeN> I managed an installation with qmail and it was quite ok too, but i think i'll follow the standard ;) thank you qman__
<Tru7h> Anyone know how to connect server 9.10 to wireless?
<KiLVaiDeN> what do you mean "connect server to wireless" ? is it a server distrib used as desktop ?
<Tru7h> I have a fresh install of server 9.10 and I want to connect it to a wireless network rather than wiring it.
<tsrk> I was upgrading the packages on my server, but samba had an interactive prompt and my SSH session was disconnected. The other session is still open and waiting for a response. What do I do now?
<RoAkSoAx> mdz, ping
<KiLVaiDeN> Tru7h, which tries have you done so far ?
<Tru7h> KiLVaiDeN: To be honest, I'm not even sure where to begin. I'm new to this.
<KiLVaiDeN> http://www.unixnewbie.org/how-to-setup-wireless-with-ubuntu-9-10/ have you tried this ?
<Tru7h> That, along with the other guides I've come across, only work with Ubuntu Desktop.
<Tru7h> I don't have a GUI so I can't follow those steps.
<KiLVaiDeN> you gotta check how iwconfig works, sorry i must go and anyways i'm not an expert about it
<KiLVaiDeN> bye
<mdz> RoAkSoAx, yes?
<RoAkSoAx> mdz, I was wondering if the Cluster Stack talk for the UDS has been scheduled, since I cannot find it in the schedule
<mdz> RoAkSoAx, I'm not sure; I think we may have a few sessions yet to schedule (there is plenty of space). ttx is the person to speak to
<RoAkSoAx> mdz, ok cool. Thanks. I'll talk to him :)
<alex88> i've a vps with ubuntu 9.04 minimal..and screen as a bottom toolbar with windows etc...another one vps with 9.10, but screen doesn't have any addictional feature...any help?
<Mark21> alex88: can you do: screen --version on both systems?
<Mark21> so just: screen --version
<alex88> sure..w8 a sec
<alex88> same: Screen version 4.00.03jw4 (FAU) 2-May-06
<alex88> for the first start on 9.04 it asked me for theme etc.. in 9.10 it doesn't ask anything
<Mark21> strange, I don't have an idea (I did think about different screen versions)
<twb> alex88: this is a feature
<twb> alex88: you must install "byobu" and run it instead of screen if you want the 9.04 behaviour on 9.10
<twb> In 9.04 a wrapper script was introduced which annoyed a lot of people.  Now it is off by default.
<alex88> twb: thanks man.. btw i think it easier to understand with byobu
<twb> alex88: I don't dispute this, and I think suddenly turning it off (in 9.10) was nearly as bad as turning it on without asking in 9.04.
<alex88> =) yeah it's the same thing..but i've skipped the screen first page..so my fault
#ubuntu-server 2010-11-15
<uvirtbot> New bug: #675355 in bind9 (main) "package libbind9-30 1:9.4.2.dfsg.P2-2ubuntu0.5 failed to install/upgrade: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/675355
<abstrakt> if I want to have users on the system already be the users who have email accounts, then I use postfix with dovecot sasl and mechanisms = plain login... if I want to have virtual users, then I'll need to setup up dovecot as per http://wiki.dovecot.org/HowTo/SimpleVirtualInstall instead
<abstrakt> is this correct?
<abstrakt> can someone help me with setting up dovecot virtual users for postfix?
<abstrakt> I tried the instructions here http://wiki.dovecot.org/HowTo/SimpleVirtualInstall but that doesn't work
<abstrakt> my postfix + dovecot + sasl implementation works fine
<abstrakt> but that's only good for users that already exist on the system
<arrrghhh> i added a job to my user's crontab, and it doesn't seem to be running... where does cron log to
<tonyyarusso> arrrghhh: Normally it sends mail to the running user.
<arrrghhh> hrm
<arrrghhh> in /var/mail...?
<tonyyarusso> arrrghhh: yeah
<AndyGraybeal> arrrghhh, tonyyarusso, would that show up in syslog at all?
<tonyyarusso> well, assuming delivery to the local system.
<AndyGraybeal> also?
<arrrghhh> i don't use any mail system on here
<arrrghhh> /var/mail is empty
<arrrghhh> let me check syslog
<tonyyarusso> AndyGraybeal: It *might* show up in mail log, but I don't think so for local accounts.  Don't remember offhand.
<tonyyarusso> arrrghhh: could also be $HOME/Mail or $HOME/Maildir - lots of ways to configure this I'm afraid :S  (or disable entirely)
<arrrghhh> well i never did anything in respect to mail
<arrrghhh> i don't have a $HOME/mail anything
<arrrghhh> .mail
<arrrghhh> Mail
<arrrghhh> nothin
<arrrghhh> nothing in syslog either.
<arrrghhh> oh wait
<arrrghhh> there may be 1 sec haha
<arrrghhh>  MAIL (mailed 56 bytes of output but got status 0x004b#012)
<arrrghhh> from cron
<arrrghhh> hrm
<arrrghhh> i know i've gotten mail from roots crontab
<arrrghhh> i'll put the command in there, see what happens..
<arrrghhh> so it looks like i do have a postfix/sendmail issue
<arrrghhh>  nas postfix/sendmail[8510]: fatal: open /etc/postfix/main.cf: No such file or directory
<arrrghhh> but i don't really need anything emailed outside of the local server... i mean i guess it would be nice to get email alerts, but i don't really want to set that up right now haha
<ehnde> how do i convert a desktop install to a server install?
<ehnde> i just want to get rid of x and all the bloat that comes with it
<ehnde> tried apt-get remove ubuntu-desktop and it just removed the metapackage
<twb> ehnde: apt-get autoremove?
<ehnde> didn't work either :(
<twb> What about "aptitude install" without arguments?
<arrrghhh> might have to remove the packages manually.
<arrrghhh> probably easier to backup your configs and install -server fresh...
<twb> Yeah.  If you installed the metapackage at install time, or from a stupid broken tool, your auto database won't be populated and apt will think ALL packages were manually installed.
<ehnde> i thought i was installing off of a server cd, didn't realize it was desktop
<ehnde> i'll just download a fresh iso
<arrrghhh> you installed desktop?
<arrrghhh> oh
<arrrghhh> yea dude if it's a fresh install, install server.
<arrrghhh> i think the kernel is different.
<arrrghhh> probably just compiled with some different options.
<ehnde> thanks
<arrrghhh> np
<twb> Have a look at /var/lib/apt/extended_states; see if the packages in question have Auto-Installed: 1
<twb> If not, reinstall is easiest
<twb> arrrghhh: you *can* install from the alternate CD and then just change the installed packages -- both installers back onto the same archive.
<arrrghhh> ...so the kernel isn't different?
<twb> The kernel that's installed by default is different
<arrrghhh> like i don't think desktop 32-bit is compiled with PAE support
<twb> But you can simple say "apt-get install linux-image-amd64-server" or so
<twb> Obviously doing the install from the right medium is still preferable.
<arrrghhh> haha fair enough
<ehnde> it was a virtual machine on esxi with 1gb of ram
<ehnde> heh
<ehnde> the website has changed drastically :o
<twb> What website?
<ehnde> ubuntu.com
<twb> I wouldn't know.  I just go to archive.ubuntu.com/dists/<release>/main/installer-<arch>/ or so
<twb> http://archive.ubuntu.com/ubuntu/dists/{hardy,lucid,maverick}/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/{linux,initrd.gz}
<zetheroo> how easy is it to install a GUI for ubuntu server?
<solidrock> hi guys, need some little help
<ehnde> lol we were just talking about the reverse of that
<solidrock> ahaha
<zetheroo> about removing the GUI/
<zetheroo> ?
<ehnde> zetheroo: do you mean remote management or a desktop, like gnome or kde?
<solidrock> removing GUI ?
<ehnde> yes...i was trying to remove ubuntu-desktop
<zetheroo> ehnde: desktop
<solidrock> ubuntu server comes on default cli
<zetheroo> yep
<ehnde> sudo apt-get install ubuntu-desktop
<blackshirt> zetheroo: you can remove ubuntu gui
<zetheroo> that easy eh ...
<solidrock> to remove it apt-get remove ubuntu-desktop
<uvirtbot> New bug: #675391 in openldap (main) "nssov overlay is missing" [Undecided,New] https://launchpad.net/bugs/675391
<solidrock> ei guys,
<zetheroo> won't apt-get remove ubuntu-desktop tear out a lot of stuff with it!?
<solidrock> yea
<solidrock> btw, i'm looking for ubuntu 8.10 backport address any idea on it?
<twb> solidrock: 8.10 is EOLd
<solidrock> yea, that's why backports comes on it
<twb> Er, no, that's why you should schedule an upgrade ASAP
<twb> EOLd software receives no security patches
<solidrock> i'm planning to switch on debian lenny but for the meantime i'm trying to install puppet on one of my ubuntu box
<twb> IIRC the repos are still available somewhere; they get moved to a secondary area at EOL
<solidrock> i'll be checking on it. This lately i've noticed while fetching for security updates it is no longer available and err comes on it.
<twb> RIght; that's because it's EOLd
<solidrock> what jaunty?
<arrrghhh> 9.04
<twb> jaunty is the codename for (IIRC) 9.04
<solidrock> i think jaunty is also EOLd
<twb> https://help.ubuntu.com/community/EOLUpgrades
<twb> solidrock: that covers the details you need; particularly it's s/archive/old-releases/ in sources.list
<solidrock> ei, can i upgrade from 8.10 to new release?
<twb> solidrock: yes
<solidrock> even on live
<twb> solidrock: you should follow the instructions on the page I linked to (and https://help.ubuntu.com/community/Upgrades)
<twb> solidrock: I don't know what "on live" means.
<solidrock> meaning even on live production network
<solidrock> do the upgrade require reboot ?
<twb> Upgrades to the kernel require a reboot
<twb> A new release usually involves a new kernel
<solidrock> so it's just a kernel what about the packages?
<twb> Most packages do not require a reboot.
<solidrock> would there be an upgrade for the packages?
<twb> Some low-level packages like udev and upstart might
<solidrock> ic..
<ehnde> 8.04 is supported until 2013 according to this https://wiki.ubuntu.com/LTS
<ehnde> am i reading that wrong?
<arrrghhh> it is
<arrrghhh> but 9.04 isn't an lts release
<ehnde> nvm you guys were talking about 8.10
<solidrock> yes we're talking on LTS release
<solidrock> 8.10 LTS ubuntu server
<arrrghhh> 8.10 isn't LTS
<arrrghhh> 8.04 is
<arrrghhh> 10.04 is
<arrrghhh> 6.06 is as well... but i think that just recently fell out of support.
<twb> arrrghhh: it did
<arrrghhh> yea
<ehnde> oh well...don't much care about my labserver. latest and greatest version works fine for me.
<solidrock> i'm running squid box on ubuntu 8.10
<solidrock> do you think guys do i need to go for an uograde
<twb> solidrock: if it exposed to untrusted networks (e.g. internet), definitely.
<solidrock> just using it on a private network
<arrrghhh> 8.10 will be difficult to upgrade if you let it sit tho.
<solidrock> aw
<arrrghhh> EOL upgrades suck
<arrrghhh> i think you're already in that situation tho
<arrrghhh> so i'd upgrade ASAP
<arrrghhh> or y'know just leave it
<arrrghhh> if you really don't care, there's nothing saying you _have_ to upgrade.
<solidrock> does anyone of you encounter problem while upgrading to lower to newer one?
<arrrghhh> you mean downgrade to 8.04?  not possible.
<blackshirt> it will break your system
<solidrock> upon checking the link i need to go for 2 upgrades
<solidrock> one for jaunty 9.04 and the other one is 9.10
<solidrock> way to ridiculous to do that if system lost its connection
<uvirtbot> New bug: #675396 in nmap (main) "Icon missing in Kubuntu Remix menu" [Undecided,New] https://launchpad.net/bugs/675396
<arrrghhh> solidrock, screen is your friend
<uvirtbot> New bug: #675398 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/675398
<Maleko> is anyone familiar with ulimit config.
<Maleko> i have a process that keeps on crashing with "CMDLCache:: Out of memoryCMDLCache:: Out of memory" message
<Maleko> there was still plenty of memory when the app crashed
<twb> Maleko: it should be trivial to check that by running ulimit -a in the parent environment
<twb> There is no memory ulimit by default.
<Maleko> twb: http://pastebin.com/3na9jsCD
<solidrock> ei guys, I've installed squid on my ubuntu jaunty after i rebooted the computer the squid did'nt start,  i still to manually start the squid
<SpamapS> solidrock: 1) jaunty has reached the end of its life, and is no longer maintained w/ security fixes/updates. 2) does /var/log/syslog give any clues?
<SpamapS> solidrock: also try 'ls -l /etc/rc2.d/*squid' .. so you see a symlink there with an 'S' in front of it?
<Maleko> twb: if theres no mem limit, why i still get that out of memory message then?
<SpamapS> Maleko: you can get an OOM error if you ask for *a lot* of RAM at once.
<Error404NotFound> I just setup a vsftpd server and getting http://pastebin.com/cZw5U2rX
<SpamapS> Maleko: also if you asked for shared memory, that has limits separate from regular memory limits
<Maleko> any workaround?
<solidrock> can i install chkconfig on ubuntu?
<SpamapS> solidrock: you can.. not sure if it works exactly right tho
<Maleko> also what does max locked memory refer to?
<SpamapS> Maleko: locked memory never swaps out to disk
<uvirtbot> New bug: #675429 in mysql-dfsg-5.1 (main) "Some ORDER BY ... DESC queries sorted incorrectly." [Undecided,New] https://launchpad.net/bugs/675429
<uvirtbot> New bug: #675448 in openssh (main) "ssh does not authenticate against kerberos" [Undecided,New] https://launchpad.net/bugs/675448
<zealiod> how can i broute with ebtables so that traffic coming in with a 802.1Q tag goes to eth1?
<twb> zealiod: ask #netfilter
<Willem65> hi everyone
<blackshirt> hi Willem65
<Willem65> am I still on?
<Willem65> forgive me if i'm clumsy, it's been a long time since I used irc
<twb> Willem65: you are.
<Willem65> I dropped in because I'm a little confused with all these firtualisation techniques in Linux
<Willem65> I'll be back in a little while. I need a graphical client :-)
<twb> Pussy
<Willem65> No :-)
<Willem65> Ok... I'll stick with this.
<Willem65> Regarding Ubuntu Hardy (8.04LTS)... Will it cause trouble using Xen, KVM and others together?
<twb> I use vmware-server 1.x and openvz on the same 8.04 server.
<twb> I don't know about xen and kvm together, specificall
<Willem65> I want to move away from VMWare.
<Willem65> It's a nice tool, but not open source
<twb> I hate vmware
<yann2> Willem65, upgrade to lucid if you plan on using KVM
<Willem65> at the moment, I have one VM running in Xen, works nicely. Next I wanted to migrate an existing VM (Fedora) from VMWare to Xen...
<Willem65> That is where the confusion started
<Willem65> Yann2, thanks for the hint. Lucid = 9.something, right?
<twb> I think the party line is: just use kvm for everything
<twb> Willem65: lucid is 10.04LTS
<Willem65> @twb, but in Lucid the Xen-tools package is missing, right?
<twb> I don't know.
<twb> Oh yeah, I remember.  Xen dom0 isn't supported in 10.04
<twb> Why do you want Xen?
<Willem65> Errr... Because it is the first OpenSource vm that I found :-)
<twb> So: ignorance.
<twb> 22:27 <twb> I think the party line is: just use kvm for everything
<Willem65> [blush]
<twb> I suggest you start with 10.04 and kvm and see how that goes
<twb> Assuming you have hardware VM support, that is.
<Willem65> @twb: I'll give it a go. Does it matter that it is a headless machine? I do everything from commandline.
<twb> It does not.
<Willem65> Sounds good.
<twb> kvm actually has better support than most; it can connect the guest's 80x25 vga console or serial console to a curses UI, a pty, or stdio
<twb> vbox can't do ANY of that unless you get the proprietary version
<zion_11> hi
<Willem65> Hmm :-) Thanks for all the hints. Let me have a go at kvm then!
<Willem65> Hi Zion
<zion_11> my boss wants the following kind of scenario.  2 webservers,  1 local and one at another site, if one server goes down for whatever reason. the offsite server kicks into gear and the "user" sees no or virtually no down time for the website...anyone familliar with that soft of thing?
<zion_11> sort^
<yann2> twb, virtualbox is oracle now anyway, and will probably go the same way as other projects, so I wouldnt invest a dime in it
<the_archit3ct> zion_11: what for ? website ?
<zion_11> yes, website
<Willem65> One more question about kvm before diving in all the way: Can a VM be migrated to another kvm enabled machine without too much fuss?
<the_archit3ct> zion_11: server 1 -> cron + send website tarball to the other server
<the_archit3ct> server 2 -> receive tarball, extract
<the_archit3ct> server 2 always accessible via ip
<Willem65> zion_11: Is the content of the website static or dynamic (e.g. database driven?)
<zion_11> dynamic
<the_archit3ct> and if server 1 is down, domain name => server 2 ip
<zion_11> how do i set that "IF" ?
<zion_11> i do a good bit of work with webservers/VM's and linux but im not really super-qualified in those areas...
<s093294> Hello. I have two server-boxes, one working as firewall(192.168.0.1) and another that have an pptp connection open(ppp0, 79.142.229.95). What iptables commands would i need for forwarding all trafic on the pptp box to the firewall. I just use the pptp box to create the pptp connection. (so i can provide all my forwarding rules on my firewall instead of to boxes)?
<Willem65> zion_11: Then you may want to use some kind of 'hot' replication between the main server and your backup.
<zion_11> i think im looking for something that can test connectivity and then somehow authorize a switchover of service
<zion_11> hmm
<the_archit3ct> zion_11: server 2 -> cron : ping server 1
<Willem65> I need to get going... Wife has sandwiches for me :-)
<the_archit3ct> if ping = 999 then change ip
<Willem65> Thanks for letting me pick your minds.
<the_archit3ct> just code a php or python thing
<Willem65> quit
<zion_11> ok, ive been talking with my boss (he just got in)
<zion_11> what we are looking at is, a 'front'
<zion_11> sorry
<zion_11> 'front facing' server
<zion_11> that has the task of detecting if server1 is up and would also direct web requests
<zion_11> if it detects that server1 is down it would then start forwarding the requests to server2
<the_archit3ct> yup
<zion_11> this "front-facing server" would  have to be in the same space as the "offsite" location to ensure availability
<the_archit3ct> this front facing server could be the server2
<the_archit3ct> no special need to have 3 servers
<the_archit3ct> server2 is a backup, so it will not have a lot of requests
<the_archit3ct> so you can do it check all time if server 1 is up
<zion_11> but how does that work with dns?
<zion_11> if client types ww.foobar.com and foobar is set to such and such IP...?
<palt> Im having a problem with home folder over NFS with gtk. When I log in to KDE everything works fine. But the moment I try to start a GTK app, the app just freezes. Same happens when I try to login to GNOME, the whole desktop freezes. However, on the command line or KDE the home folder is there with all my files and everything i accessible.
<zion_11> please go ahead i have to brb
<zion_11> back
<zion_11> ok so while talking to my boss it seems that perhaps 2 servers only would serve
<zion_11> you say that with cron (sadly i lack any cron experience) it has a feature to compress the whole website in a tarball and send it to another wbserver?
<mgolisch> palt: does the xsession-errors file contain any usefull information?
<mgolisch> probably related to creation of the gvfs mount points
<the_archit3ct> zion_11: cron just launch a command any second/minute/hour/day/year/century
<the_archit3ct> just make it launch a bash script
<the_archit3ct> wich make a tarball of your website and SQL bases
<the_archit3ct> but I've never done that
<the_archit3ct> it's just what I would have done :-)
<palt> mgolisch: I get some complaints about "Locale not supported by C-library." And it has some trouble parsing some of my config files. But I don't find anything about gvfs
<zul> morning
<blackshirt> zul: where do you come from zul..on my place, still night..
<jcastro> SpamapS: around?
<hggdh> Daviey: do you have an idea of when we will get euca-add-user working on natty?
<hggdh> Daviey: and good morning :-)
<Daviey> hggdh: hey!
<Daviey> hggdh: Hopefully, very, very soon
<hggdh> Daviey: thank you
<jdstrand> kees: hey. does your mouse work in libvirt/kvm guests on a natty host?
<jdstrand> kees: I upgraded and the mouse doesn't work :(
<abstrakt> any of you guys know much about postfix and dovecot (POP3/SMTP)... I tried both the setuid root trick and the sudo trick as detailed here http://wiki.dovecot.org/LDA but the instructions are a bit vague "Then start deliver as a user that belongs to secmail group." <- what does this mean exactly? how do I accomplish this? or this "Then configure your MTA to invoke deliver as user 'dovelda' and via sudo" <- what does that mean? I don't have a
<abstrakt> dovelda user only a dovecot user, am I supposed to make a new user called dovelda and if so, as before, how do I invoke the script "as" the dovelda user?
<DasEi> abstrakt: one by one, so ..
<DasEi> abstrakt: deliver as a user that belongs to secmail group ;; have a user peter, there is the group secmail  : sudo adduser peter secmail
<DasEi> abstrakt: I assume your app created that group, check yourself
<abstrakt> DasEi: my app?
<abstrakt> DasEi: what app would that be? and no, "my app" didn't create that group, I created that group manually
<DasEi> abstrakt: aka postfix,dovecot
<abstrakt> DasEi: no neither postfix nor dovecot created that group
<abstrakt> DasEi: I created it myself
<DasEi> abstrakt: so add the desired user to it as shown above
<abstrakt> DasEi: ahh, I see... so since dovecot delivers mail as the relevant system user, I should add my system user to that group
<abstrakt> DasEi: I was adding the dovecot user itself to that group
<abstrakt> DasEi: ok what about option number two? using sudo?
<DasEi> abstrakt: Å·our next question, be logged in as peter or dovelda or whatever, then start pulling mail from that account. If not in , a login peter (or whatever) brings you there
<DasEi> abstrakt: or use sudo to pull with superuserprivilegs (less secure)
<abstrakt> DasEi: no it's not about pulling the mail, it's about delivering the mail
<abstrakt> DasEi: checking the mail isn't as much of an issue (so far)
<DasEi> abstrakt: same approach
<abstrakt> DasEi: I still don't understand how to invoke sudo "as that user"... so you're saying that if I have a user such as johnsmith on my system, that when dovecot delivers mail it will deliver as johnsmith, so then I will need to add johnsmith to the sudoers file for the deliver command only?
<abstrakt> and I will need to add any and every other user on the system, who needs to receive mail, to the sudoers file as well, correct?
<DasEi> abstrakt: no, either have johnsmith in the secmail and deliver from that account or prefix delivering with sudo, so won't get a permission problem
<Alex90> hi, I'm trying to set up a server and it can resolve an address to an ip but then can't ping it. I've tried adding the default gateway with route add and it still can't get out.
<DasEi> Alex90: you can't ping the the server or the server can't ping ?
<abstrakt> DasEi: but the document says to prefix with sudo and run the command "as the dovelda" user
<abstrakt> DasEi: I don't have a dovelda user
<abstrakt> DasEi: only a dovecot user
<abstrakt> DasEi: in regards to sudo that is
<Alex90> DasEi: the server can't ping hosts on the internet
<DasEi> abstrakt: http://wiki.dovecot.org/LDA
<abstrakt> DasEi: yes I read that
<DasEi> Alex90: so sudo ping google.com doesn't work ? be aware many hosts drop pings for security reasons
<abstrakt> DasEi: I don't have a dovecotlda user
<DasEi> abstrakt: again dovelda is a user as johnsmith, with the ability of sudo for delivering mail, and it's an insecure approach
<Alex90> DasEi: no it doesn't but we can ping it form an external host. And I don't think it's being block as we had windows on that box before and it wored fine then.
<zul> SpamapS: ping
<abstrakt> DasEi: ok, got it
<eriksson25> anyone, need help with the comands for runing fsck on a ext4, its not mounted so just need the right comand
<DasEi> Alex90: any firewall installed ? what is terminal-response if you enter sudo ping google.com, just timeout ?
<abstrakt> DasEi: so I would need to give every user who receives mail access to sudo for that one deliver command
<DasEi> abstrakt? receives mail access ?
<DasEi> eriksson25: mount (check again its NOT mounted)
<DasEi> eriksson25: sudo fdisk -l (determine right partition)
<DasEi> eriksson25: sudo e2fsck /dev/whatever    ,with whatever your sdXX
<Alex90> DasEi: yes there's a firewall but that didn't stop windows on the same box pinging so I don't see it would stop it now. When we ping it resolves the ip address then timesouts
<DasEi> Alex90: try with fw down, that'll be the trick
<Alex90> DasEi: how do I take it down? /etc/init.d/fw down??
<DasEi> Alex90: which fw is installed ?
<DasEi> just ufw ?
<Alex90> alex90: no theres an ipcop box (just using iptables I believe)
<abstrakt> DasEi: yeah, deliver delivers mail as the user account of the user in question doesn't it? so if mail is going to johnsmith then deliver delivers as the user "johnsmith" and if it's going to "sallyjane" then it delivers as "sallyjane", so therefor both johnsmith and sallyjane (shell users with home dirs of /home/johnsmith and /home/sallyjane) would both need to be in the sudoers file with permission to run the dovecot deliver command as sud
<abstrakt> correct?
<Alex90> DasEi: I can't take down the firewall: coropate environment. But I don't understand why it would start blocking ping packets now when it didn't before and the only thing that's chagned is the OS.
<DasEi> Alex90: I speak of the serverbox, and if ping through that ipcop worked before as you said, it has to be the server
<DasEi> abstrakt: y/n.. yes:  deliver delivers mail as (or better from) the user account of the user in question
<Alex90> DasEi: right, I've tried adding the default gateway, which casued this problem on other servers I've set up here but it hasn't made any difference in this case. Any ideas?
<DasEi> abstrakt: no : if mail is going to johnsmith then deliver delivers as the user "johnsmith" , if mail is going to johnsmith by deliver, it depends who invoked deliver
<abstrakt> DasEi, "if mail is going to johnsmith" vs "if mail is going to johnsmith by deliver" I don't see the difference between these two
<DasEi> Alex90: I guess it's a fireall, try sudo ufw disable, and again , anything special like firestarter or such on the server ? basic freeing of iptables in following link, second task :
<qman__> Alex90, check the output of `sudo iptables -L`
<DasEi> http://www.cyberciti.biz/tips/linux-iptables-9-allow-icmp-ping.html
<qman__> regardless of the higher-level firewall installed, that will tell the whole story
<qman__> ubuntu, by default, has no firewall set up, so if you didn't set one up, it won't have one
<qman__> it should have no rules and say ACCEPT policy on all three
<DasEi> abstrakt: the problem your chewing on is the permission of the user invoking deliver, as deliver has to access the MTA, and, whereas mail going to another account than the invoking one, needs writeacces in that particular user home dir, too
<Alex90> qman__: even with ufw off it still can't ping and all the iptables policies said accept
<qman__> Alex90, then, either your networking is incorrectly configured, or your corporate firewall is blocking you
<eriksson25> DasEi, thx, worked =)
<DasEi> so just pull the plug again :)
<eriksson25> me?
<DasEi> eriksson25: just joking
<DasEi> as in how to corrupt filesystems
<eriksson25> =) Got a failed system disk. But managed to back it up, thanks to fsck.
<qman__> interesting
<qman__> ip a s is showing my interface state as unknown, despite me clearly being online
<nhck> How is it that for traceroute messenger.live.com on a ubuntu machine I get "unknown host messenger.live.com" I don't get this error on a windows machine?
<nhck> I can do any other e.g. traceroute www.tu-harburg.de which works on ubuntu&windows
<qman__> nhck, messenger.live.com is either not resolving to an IP, or is resolving to the wrong IP
<qman__> possibly DNS caching or pointing to a server with an outdated record
<jpds> Looking at all those CNAMEs, I'm surprised it's not slow as sin.
<jpds> nsatc.net has address 127.0.0.1 - well done.
<nhck> haha
<nhck> hmm, okay, I was already thinking that it shouldn't be possible to tell the os by traceroute
<jpds> nhck: traceroute doesn't work for me either; however host does.
<nhck> jpds: well the msn-empathy-thingy isn't working for one of the guys here so i was checking what was wrong with messenger.hotmail.com/messenger.live.com and this behavior was strange  I thought.
<jpds> nhck: There's a series of bugs about that, for instance: bug #255307.
<uvirtbot> Launchpad bug 255307 in pymsn "Can't connect to msn accounts" [Medium,Confirmed] https://launchpad.net/bugs/255307
<zul> SpamapS: no idea...check the php mailing list?
<SpamapS> zul: ack
<JanC> IIRC MSN moved to a new hostname or something
<eriksson25> Anyone, what is the comand for making a user without any home folder. Just username and passwd.
<nhck> eriksson25: useradd -M LOGIN
<eriksson25> thx
<jdstrand> hallyn: hey, so I upgraded to natty this morning and can't seem to get vnc to work
<jdstrand> hallyn: well, that isn't quite true-- it all works except for the mouse (ie, display, keyboard work, mouse no)
<jdstrand> hallyn: is this a known issue?
<jmgalloway> I have an ssh question
<bluefrog> jdstrand, #ubuntu+1 might be a better place for an anwser
<hallyn> jdstrand: haven't heard of it
<hallyn> jdstrand: vnc at all, or vnc to libvirt/kvm?
<jdstrand> hallyn: I am using libvirt. it does the whole '-vnc 127.0.0.1:0' thing
<hallyn> i've not heard of anything...
<jmgalloway> anyone here good with ssh?
<jdstrand> hallyn: I can connect with virt-viewer and virt-manager (gtk-vnc) and vncviewer: all work except the mouse
<jdstrand> hallyn: ie, I click in the vnc window and I can't move it around
<jdstrand> hmmm
<jmgalloway> I have an error on one of my machines that will not let me connect with ssh to it
<hallyn> jdstrand: btw, to upgrade to natty, you just tweaked /etc/apt/sources.list?
<hallyn> (tried that in a vm and it failed)
<jdstrand> hallyn: on servers: 'do-release-upgrade -d', on desktops 'update-manager -d'
<jmgalloway> I keep getting this at the command line when I try to connect with ssh:  Recieved disconnect from 192.168.1.122:  2:  Too many authentication failures for clcuser
<hallyn> hm, i told me nothing ws avail last week
<jmgalloway> anyone know how to fix this?
<hallyn> jmgalloway: hm, do you have too many keys loaded in your agent?
<hggdh> Daviey: be prepared... bounced the test rig last Friday, let it idling... today I found an OOM on the Walrus
<jdstrand> hallyn: did you add '-d'? that is the trick
<hallyn> i'll re-try, thx.
<hallyn> as for libvirt,
<hallyn> i've seen nothing on m-l
<hallyn> lemme check changelog
<jmgalloway> should I remove the keys on the remote computer?
<jdstrand> hallyn: I think it is a host problem tbh
<jdstrand> hallyn: but I guess it could be libvirt, Idk
<hallyn> jdstrand: can you fire up a regular vncserver and connect to that?
<hallyn> jmgalloway: no, just ssh into your localhost, and try from there
<jdstrand> hallyn: in the guest?
<hallyn> jdstrand: on the host
<hallyn> well, sure, and on the guest )
<hallyn> :)
<jmgalloway> ssh from where?
<nhck> jpds, qman__: I fixed it my manually installing papyon-0.5.2. There is no upstream release for that (yet)
<jmgalloway> run ssh to localhost on the remote box?
<hallyn> jmgalloway: ssh from localhost to localhost - just to give you an enviroment where you haven't laoded any ssh keys into your keyring
<hallyn> then from there try to ssh to remove host
<hallyn> jmgalloway: hm, or maybe just 'ssh -i .ssh/<thereightkey> remotehost' will work
<jmgalloway> ok i'll try that
<jmgalloway> didnt work
<jmgalloway> got the same error
<jmgalloway> I know it has something to do with the maxauthentries variable
<jmgalloway> on the remote machine's ssh_config script
<SpamapS> zul: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603174
<uvirtbot> Debian bug 603174 in php5 "Build php5-fpm SAPI" [Wishlist,Open]
<SpamapS> zul: looks like they stripped out php5-fpm for the squeeze release because it "didn't receive enough testing"
<SpamapS> :-(
<SpamapS> zul: so we'll probably need to maintain a delta until squeeze release, as we have already released php5-fpm packages
<zul> SpamapS: oh thats fine then...theyll probably add it back after
<s093294> Hello, i just set up iptables to reroute incoming trafic on port X to internal ip. It works for the eth1 interfaces global ip, but not the ppp0 interface(pptp ip). I can see that packages are recieved on the tcpdump of the ppp0 interface. Any ideas?
<zul> SpamapS: no big deal right now
<jmgalloway> I am still having the ssh problem
<jmgalloway> it seems that my ip address has been blocked
<patdk-wk> well, then you are just going have to wait for it to be unblocked
<jmgalloway> how long does that take?
<jmgalloway> it's an ubuntu 10.10 server
<s093294> is it possible to if request for a service is incoming on ppp0 interface to reply over the eth1 interface with a iptable rule? My issue is that my ISP make me pptp to get inetaccess and global ip. I can access my pc with the global ip, but the their firewall bloks the local subnet so it cant reply over the same interface
<jmgalloway> if I cannot ssh into a machine, and can from another, where would it block my IP address of the first machine?
<patdk-wk> jmgalloway, depends on how it's blocked
<patdk-wk> using fail2ban?
<RoyK> or denyhosts?
<aljosa> where can i set LANG env setting for apache user www-data?
<zul> Daviey: ping
<Daviey> zul: o/
<zul> Daviey: are we still moving to mysql?
<Daviey> zul: probably not :/
<zul> Daviey: k
<Daviey> zul: I think it's something we can re-look at in a few weeks
<zul> Daviey: ack
<SpamapS> Daviey: o/
<Daviey> Hey SpamapS o/
<Daviey> SpamapS: keeping well?
<SpamapS> Daviey: deleting email almost as fast as it comes in now
<Daviey> SpamapS: Use procmail to pipe it to /dev/null.... it's really fast! :)
<SpamapS> Daviey: as far as personal well being.. I'm recovering from the absolute fun of Hawaiian style steak plate lunch, complete with mac salad, rice, and mild food poisoning.
<Daviey> SpamapS:  Well the first part made me jealous, the second part equalised it :)
<Daviey> SpamapS: Hope you feel better soon.
<SpamapS> Daviey: I'm one cheezeburger away from feeling loads better.
<Daviey> \o/
<SpamapS> feeling very lonely all alone in the mumble server team room though. ;)
<Daviey> ;(
 * Daviey gets back to home life :)
<SpamapS> Daviey: cheers then!
 * SpamapS just remembered he needs to complete his duties as last week's meeting scribe
<RoyK> http://pic.phyrefile.com/b/bl/blayde/2010/11/15/0p25Y.gif
<SpamapS> RoyK: its nice to see the columbians having fun with their "product"
<zul> Daviey: the nova-manage stuff should be in a debconf question i think
<uvirtbot> New bug: #675711 in cloud-init "user-data scripts are run on first boot after a rebundle" [Undecided,New] https://launchpad.net/bugs/675711
<njin> hello to all, can someone take a look at this bug 661294 thanks
<uvirtbot> Launchpad bug 661294 in ubuntu "System lock-up when receiving large files (big data amount) from NFS server" [Undecided,New] https://launchpad.net/bugs/661294
<SpamapS> njin: looking now
<SpamapS> njin: you are "David" I presume?
<SpamapS> darn it
<hggdh> fire & forget...
<jcastro> hi SpamapS
<jdstrand> hallyn: so, I get very distracted for a bit. I can run a vnc server on my host and connect with gtkvncviewer and it works fine
<jcastro> SpamapS: I hear you're looking for easy things to SRU to practice
<jdstrand> hallyn: but if a crank up a vm, I cannot
<hallyn> jdstrand: and if you fire up a vnc server in the guest?
<jdstrand> I am trying that
<jdstrand> I am a vnc wimp and trying to get vino going without a mouse ;)
<jdstrand> well, that wasn't so bad
<jdstrand> hallyn: it works if I start vino in the guest and connect with the vino client
<jdstrand> I guess I can try with qemu alone
<jdstrand> hallyn: seems to be a qemu issue
<jdstrand> hallyn: if I do:
<SpamapS> zul: are we wanting to MIR libonig? This is in the php5 merge changelog:       * Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
<zul> SpamapS: it needs to be done
<hallyn> jdstrand: in that case it would be very interestig to see if it happens with the daily-build at https://launchpad.net/~ubuntu-server-edgers/+archive/server-edgers-qemu-kvm
<SpamapS> jcastro: Haha I am? ;) no, I'm looking for things to SRU to make sure lucid has a good reputation. ;)
<SpamapS> jcastro: easy is boooring. ;)
<jcastro> https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/666014
<uvirtbot> Launchpad bug 666014 in squid-deb-proxy "Avahi service for squid-deb-proxy does not start" [Medium,Fix committed]
<jcastro> easy peasy
<jdstrand> hallyn: eg /usr/bin/kvm -M pc -drive file=./foo.qcow2 -vnc :2
<SpamapS> zul: Ok, I'll file a MIR now.
<zul> SpamapS: thanks
<jdstrand> hallyn: vncviewer :2
<hallyn> jdstrand: well that had better work :)
<jdstrand> hallyn: that is what I am saying, it doesn't ;)
<jdstrand> hallyn: keyboard and display are fine, just no mouse
<jdstrand> hmm
<jdstrand> maybe I need to specify the mouse to kvm
<hallyn> what is the guest?
<jdstrand> hallyn: lucid/amd64
<jdstrand> huh
<jdstrand> hallyn: do I normally need to specify the mouse? I just noticed if I start a vm with libvirt, I don't see it in the kvm output...
<jdstrand> it is in the xml though...
<jdstrand> <input type='mouse' bus='ps2'/>
<hallyn> jdstrand: no, i always do kvm by hand and never specify mouse
<hallyn> default in qemu or vncclient may have changed, of course, which woudl suck
<jdstrand> hallyn: well, I'll file a bug
<SpamapS> jcastro: looking now
<SpamapS> zul: that line mentions libgdbm being in universe, but its not...
<zul> SpamapS: doh
<jdstrand> hallyn: fyi bug #675749
<uvirtbot> Launchpad bug 675749 in qemu-kvm "qemu-kvm mouse does not work when using -vnc" [Undecided,New] https://launchpad.net/bugs/675749
<zul> Daviey: can you review the natty-ubuntu-packaging branch when you get a chance
<Daviey> zul: gonna have to wait until tomorrow... won't do a good job at the moment, too tired
<eriksson25> Anyone know why this comand dosent work--Z useradd -r /bin/false -m /opt/chrooted/ventrilo ventrilo
<eriksson25> Anyone know why this comand dosent work--> "useradd -r /bin/false -m /opt/chrooted/ventrilo ventrilo"
<segv`> hmm, does the /etc/apt/preferences file have the ability to maintain source packages as well?
<SpamapS> segv`: how would you expect it to affect the 'apt-get source' command?
<segv`> figured the version of the package it's restricted/pinned would effect it
<SpamapS> zul: FYI, libqdbm, not libgdbm, was the culprit, and indeed, should stay in universe... as tokyocabinet is the replacement for it.
<cvance> I have an ubuntu server setup and I installed drupal via apt-get. It installed fine, but to www.domain.com/drupal6. I would like it installed to the root of www.domain.com, how can I change the configuration?
#ubuntu-server 2010-11-16
<delimiter> Hi, can someone explain the benefit of running the kernel 'linux-virtual' inside a kvm guest, if any?
<kiall> delimiter, I dont have any specifics - but I would imagine that the -virt kernel is lighter in that it doesnt contain hardware drivers for every piece of kit ubuntu supports, only those typically used in kvm/xen/esx etc
<cvance> I have an ubuntu server setup and I installed drupal via apt-get. It installed fine, but to www.domain.com/drupal6. I would like it installed to the root of www.domain.com, how can I change the configuration?
<SpamapS> cvance: you will need to modify the apache configs to do that.
<SpamapS> cvance: if you don't want to run anything else on your site, the simplest way is to change DocumentRoot to the location where drupal is installed.
<smoser> SpamapS, if you're bored (or if anyone is), you could review https://code.launchpad.net/~awstools-dev/+junk/iamcli . i'm wanting to get that into archive (bug 675686)
<uvirtbot> Launchpad bug 675686 in ubuntu "[needs-packaging] package amazon iamcli" [Wishlist,New] https://launchpad.net/bugs/675686
<cvance> SpamapS that sounds like a good idea. Could I symlink the /var/www directory to point to the /usr/share/drupal6 directory?
<zul> hallyn: now i am
<hallyn> zul: sorry - nm, i was going to ask a q about sru's
<hallyn> zul: oh, well, i still have a q about sru's:
<zul> hallyn: sure
<hallyn> how come we stopped doing sru nominations at server mtgs?
<hallyn> were we only doing those during lucid+1 cycle bc there were so many (lucid being fresh)?
<zul> because no one was bringing anything up
<zul> and we have such a huge freaking backlog
<hallyn> yeah
<hallyn> that's how i feel about qemu :)
<zul> heh..
<SpamapS> smoser: looking now
<hallyn> jdstrand: i built the natty kvm for maverick and installed it here, and got the same result.  interesting.  lemme try the daily build
<SpamapS> smoser: not really sure how that rules file works with no .install or anything else files. ???
<SpamapS> hrm.. anybody else using squid-deb-proxy on maverick? In addition to bug 666014 it just doesn't even seem to be starting the main squid-deb-proxy service
<uvirtbot> Launchpad bug 666014 in squid-deb-proxy "Avahi service for squid-deb-proxy does not start" [Medium,Fix committed] https://launchpad.net/bugs/666014
<twb> I use debmirror
<twb> Ew, a native package
<twb> Where's the to_ubuntu_mirrors  ACL defined?  I can't see it in the source package.
<SpamapS> acl to_ubuntu_mirrors dstdomain "/etc/squid-deb-proxy/mirror-dstdomain.acl"
<SpamapS> http_access deny !to_ubuntu_mirrors
<twb> Oh, sorry, I can't read
<SpamapS> ;)
<SpamapS> I'm just trying to figure out why it didn't get started on boot
<SpamapS> upstart.. please tell me what you're doing.. thanks... mmmmkay
<twb> Good luck debugging upstart
<SpamapS> its my new crusade
<twb> AFAICT it doesn't actually provide any useful debugging techniques
<SpamapS> It does, they're just not well documented.
<twb> The best they can tell you is to put "set -x" in the script begin, and the boot with --debug
<SpamapS> or rather, not well publicized. :)
<twb> And "console owner", of course.
<SpamapS> no, thats nasty
<SpamapS> cjwatson is working on having plymouth spit out upstart's dbus messages to make it easier to find these things though. :)
<twb> Admittedly, most of the problems I had last time were with mountall (which is kinda-but-not upstart) and plymouth hijacking the vga console even when booting without "splash"
 * SpamapS reboots and curses himself for not having a maverick VM ready.
<SpamapS> whoa. .I'd reboot but I don't have a power button on my panel
<twb> Does grep http_port /etc/squid-deb-proxy/squid-deb-proxy.conf|cut -d' ' -f2 succeed?
<SpamapS> twb: yes, 8000
<twb> And the start condition (started squid-deb-proxy and started avahi-daemon) is definitely met?
<SpamapS> no, squid-deb-proxy isn't starting
<SpamapS> runlevel [2345] should totally be met
<twb> Oh, sorry, I misread your original post
<SpamapS> Nov 15 18:10:29 clint-MacBookPro init: squid-deb-proxy main process (1205) terminated with status 1
<SpamapS> ahh
<SpamapS> well wife and baby are home so... bbl
<twb> Poor sod.
<twb> In d-i partman, how do I install to a RAID1 of *one* node?
<twb> Ah, looks like I tell the GUI "-n 2 /dev/sda", which is extremely counter-intuitive.
<twb> (Trying to tell it -n 1 just causes it to return to the same prompt without any error or hint as to what is wrong.)
<SpamapS> FATAL: ipcache_init: DNS name lookup tests failed.
<SpamapS> hrm
<SpamapS> ok.. so this is another bug
<SpamapS> squid needs the network up
<SpamapS> or more accurately, squid-deb-proxy needs it up
<SpamapS> since I think the main squid starts with -D
<SpamapS> nope.. squid.conf does (local-filesystems and net-device-up IFACE=!lo)
<SpamapS> which, I think we should have an event triggered at that point called "(ready-to-serve)"
<SpamapS> start on ready-to-serve reads so nicely
<twb> OK, so get this
<twb> If you do a tasks=standard install and configure raid, it causes postfix to be installed
<twb> I think it is taking recommends a bit far for an MTA to be pulled in by configuring software RAID.
<ScottK> This has been discussed pretty far before.
<ScottK> The rough consensus was that on servers people want to be notified about RAID failures more often than they don't.
<twb> I agree that there isn't an obviously superior decision to make
<twb> I'm just a bit grumpy
<ScottK> In any case, right or wrong, it's not by accident.
<twb> Mainly because I'm doing two installs in parallel for an RAIDed AoE, and only the "master" host knows about the RAID at install time, so only it got postfix.
<ScottK> It's a little stranger in the desktop RAID case.
<ScottK> Will the other one know to complain if it dies later?
<arrrghhh> cron seems to need postfix as well.  awesome.
<twb> ScottK: the other one is just exporting a disk over AoE, which the master host happens to use as a RAID node
<ScottK> arrrghhh: cron suggests an MTA.  That won't pull it in automatically.
<ScottK> I see.
<twb> This is an... unconventional setup :P
<arrrghhh> i seem to be having issues with it.. i don't have postfix installed, and i get errors in my syslog that cron can't send mail.  i should probably fix it.
<ScottK> arrrghhh: cron does like to send mail, so you probably should.  trivial enough to do.
<arrrghhh> i don't need it to send mail outside
<ScottK> Either you can then teach cron to be less verbose or learn something you ought to know about the system.
<twb> I *do* like that d-i is smart enough to install sshd if I use the network-console udeb, and smart enough to use serial if I do the install over serial.
<arrrghhh> how would i do that anyway?  point it to a pop3 smtp provider?
<arrrghhh> i ought to know about postfix...?
<ScottK> I mostly run mail servers, so it's not a problem.
<arrrghhh> i have no need for a mail server.
<ScottK> You can configure it for local delivery.
<twb> arrrghhh: if you're a sysadmin, you SHOULD learn at least one MTA.
<arrrghhh> everyone has different needs.
<arrrghhh> hrm.
<arrrghhh> pretty sure my provider wouldn't appreciate that traffic anyways...
<twb> In the same way that any unix sysadmin should know how to use vi, even if they normally use vim or emacs.
 * arrrghhh sucks and uses nano.
<twb> ScottK: OK, I tell a lie.  It seems that the non-RAID host is configuring postfix, just later in the d-i process.  Dunno what pulled it in.
<arrrghhh> guess i'm not a unix sysadmin, but that's why i use ubuntu i guess...
<twb> arrrghhh: sooner or later you'll run into a system that only has vi -- maybe it'll be a busybox rescue shell on ubuntu, even.
<twb> arrrghhh: at that point, it's better if you already know how to use vi :-)
<arrrghhh> i've tried.  many times.  just can't get the hang of it.
<arrrghhh> i'm sure it'd be one of those things if i do learn it, i'll get fast with it... but i just can't force myself to use it when nano is so simple lol
<twb> For me, nano is an automatic fail because it defaults to auto-wrapping
<arrrghhh> erm i didn't think it did on any of my ubuntu installs...
<arrrghhh> doesn't wrap lines for me.
<arrrghhh> puts a little $ at the end of the line if it goes off the window
<arrrghhh> maybe that's just how ubuntu is configured?  i've never changed any settings with nano.
<mattcen> Hi all. Is there any distinct location that says which packages are supported for the 5 years Server LTS?
<arrrghhh> well i would assume anything in the repo's mattcen...
<arrrghhh> anything that you install 3rd party... who knows.
<twb> Good GRIEF.  grub-extras allows you to insmod lua support IN YOUR BOOTLOADER.
<mattcen> arrrghhh: I don't believe that's correct. I believe you can't assume that 5 year support for everything in the 'main' repo for example; otherwise, every package would have 5 year server support, and nothing would have 3 year desktop support.
<arrrghhh> mattcen, well the base server install will be supported at the very least :P
<arrrghhh> i think they mean security updates
<arrrghhh> patches, etc.
<arrrghhh> doesn't apply to packages now that i think about it.
<twb> !ubuntu-maintenance-check
<twb> parent_location = http://bazaar.launchpad.net/%7Enijaba/ubuntu-maintenance-check/trunk/
<twb> That's the only way I *know* of, but I thought I once saw the support EOL for individual packages listed in an aptitude GUI
<mattcen> There's some hand-wavy info at https://help.ubuntu.com/community/Server/TechSpecs/1004LTS, but that's not particularly comprehensice
<mattcen> s/comprehensice/comprehensive/
<arrrghhh> lol looks empty
<arrrghhh> oh
<arrrghhh> linked the comma in d'oh
<twister004> hi guys.. I have smokeping running on my ubuntuserver... the web server is apache... about 2 days back, the web gui for smokeping stopped working... the process is still running, but I'm not able to access the gui for smokeping...
<twister004> please advise what could be the possible cause
<twister004> thanks in advance
<arrrghhh> didja try restarting the service?
<twister004> arrrghhh... yes I did
<twister004> it didn't work
<arrrghhh> do other pages load on the apache server...?
<twister004> it has something to do with the web service.. I also have nagios.. and it isn't workin either
<arrrghhh> restart apache?
<twister004> arrrghhh...some pages load.. I have a mediawiki.. that's working..
<twister004> gulp... production env
<arrrghhh> lol
<arrrghhh> maintenance hours?
<twister004> nop
<arrrghhh> hrm
<arrrghhh> i use smokeping with zenoss
<arrrghhh> never used it by itself...
<arrrghhh> and we use nagios, but i don't manage that box at work :P
<arrrghhh> hrm but the wiki is working
<arrrghhh> so it is unlikely that apache is the problem... but odd that both nagios and smokeping aren't working.
<twister004> i dont understand what went wrong in apache... the logs show the following warning: [error] an unknown filter was not added: PHP
<twister004> arrrghhh.. you think this could be the cause?
<arrrghhh> perhaps, but i have no clue what it means unfortunately...
<arrrghhh> does anything php work?
<arrrghhh> maybe that's the problem.
<arrrghhh> any updates recently?
<twister004> arrrghhh.. no updates were installed recently... how can i check if php is misbehaving?
<arrrghhh> well there's the php test page
<arrrghhh> when you first install it...
<twister004> arrrghhh.. where's the test page?.. how can I load it?
<twister004> it was installed many years back
<arrrghhh> i'd have to google it tbh
<twister004> arrrghhh.. could you direct me on some php stuff?.. Im new to this
<blackshirt> hello
<homecable> any one have problems booting a grsec kernel on 10.10 ?
<blackshirt> homecable: i don't have experience with grsec kernel
<Error404NotFound> anyone awake here?
<ChmEarl> on lucid I have a custom kernel and uname -m returns x86_64. It needs to say amd64. Can I config a fix for that?
<joschi> ChmEarl: x86_64 and amd64 are equivalent. you kernel is fine
<ChmEarl> joschi, the virtualusr script dies if arch returns x86_64 instead of amd64
<ChmEarl> joschi, might have a workaround cooked up
<twb> uname -m returns "x86_64" on ALL debian/ubuntu kernels
<twb> That is not a bug.
<twb> Obviously your script is broken
<qman__> mine returns i686
<qman__> but I am running karmic
<qman__> oh, nevermind, I thought it was an actual arch problem
<twb> qman__: obviously that's because you're not on an x86_64 cpu (or are running in x86-emulation mode)
<qman__> yeah, I just misunderstood the "problem", been awake too long ;)
<Zeu5> hi there , i am using LAMP inside ubuntu server. i am not sure but i can run this http://thecopyninja.com/info.php but i cannot run this http://www.thecopyninja.com/php/P06upcomingentrepreneur/index.php please advise?
<joschi> Zeu5: ask the developers of the php script in question. and well, obviously the file can't be found
<Zeu5> joschi: i wrote teh script myself. i placed it in the subfolders php > P06UpcomingEntrepreneur.
<joschi> Zeu5: you're already getting help in #httpd
<Zeu5> joschi: yup. thanks :)
<Zeu5> was concerned at first that its due to the way i configured my server. thank you
<ikonia>              lp;
<ikonia> oops
<ikonia> cat on laptop, sorry
<lieuwe> the sensors command gives all kind of weird min/max values, anyone here any idea what could be the cause? since min +0.08v and max +0.06v seems unlikely
<twb> In mdadm, how do you add a "best effort" mirror to an existing RAID1 array?
<twb> That is, I want to tell it that /dev/sdz should be kept in sync with md0 (/dev/sd[ab]), but if it can't keep up, not to slow down /dev/sd[ab] on its account
<twb> Ah, --write-behind
<uvirtbot> New bug: #675965 in apache2 (main) "Apache crashes with glibc detected and stack trace" [Undecided,New] https://launchpad.net/bugs/675965
<BuenGenio> hello
<BuenGenio> how come there are more SpamAssassin rules in Mandriva that Ubuntu? :-P
<twb> Because somebody changed something?
<eriksson25> Hi, Anyone know the comand for setting a users home folder. I have created a user test. And he shuld have home folder /hdd/users/test but when I log in with ssh with test it cant find the home folder and points to root
<alvin> eriksson25: usermod -d <username> Better read the manual of usermod first
<eriksson25> thx
<zul> Daviey: did you have a look at the bzr branch?
<kirkland> hallyn: hey
<kirkland> hallyn: you should use your ubuntu.com email address in changelogs
<kirkland> hallyn: I export DEBEMAIL="kirkland@ubuntu.com" in my .bashrc
<consumerism> how do i set a permanent hostname on ubuntu? i did hostname myhost and changed /etc/hosts, but the hostname is reset on reboot.
<patdk-wk> you never edited /etc/hostname?
<consumerism> patdk-wk: that file doesn't exist on my system
<consumerism> should it contain just the hostname i want? any special format?
<kirkland> hallyn: wow, first time i've noticed
<kirkland> hallyn: you always sign your changes with @canonical.com
<kirkland> hallyn: anyway, we're supposed to use @ubuntu.com for signing changelogs
<hallyn> kirkland: funny, there was something on the wiki about using canonical.com to give canonical credit for it beign done on its dime
<hallyn> kirkland: i'm fine either way.
<kirkland> hallyn: really ...
<hallyn> yeah, when i first joined up
<kirkland> hallyn: okay, well, i don't care
<hallyn> kirkland: well, if i'm doing it wrong, then i do :)
<kirkland> hallyn: any chance you can find that wiki page again?
<hallyn> will try
<soren> hallyn: Unless it changed, you're supposed to use @ubuntu.com in debian/changelog and @canonical.com virtually everywhere else.
<soren> hallyn: AFAIR, at least.. debian/changelog certainly were an exception to the general rule. I'm not 100% sure it was the only exception.
<soren> s/were/was/ grammar fail.
<soren> Weird.
<BuenGenio> anyone know where are update sources stored for SpamAssassin ?
<jdstrand> hallyn: thanks for the qemu-kvm fix :)
<jdstrand> fwiw, I still use @ubuntu.com for platform work...
<jdstrand> but I hardly keep up with the changing new hire wiki stuff
<hallyn> jdstrand: thanks, i'm switching
<hallyn> kirkland: we should talk sometime about how to offer the 0.13.0 to debian.  (not now, we have a few bugs to shake out :)
<kirkland> hallyn: ack
<uvirtbot> New bug: #676094 in tomcat6 (main) "Missing pid file check in tomcat6 init script causes failed startup" [Undecided,New] https://launchpad.net/bugs/676094
<smoser> SpamapS, regarding the simple rules file. dh makes magic happen if you have a very simple package with a 'make install'
<jdstrand> hallyn: qemu-kvm ftbfs on i386 and armel, which makes qemu-kvm on amd64 uninstallable because qemu-common isn't built :(
<smoser> zul, could i get you to review and possibly sponsor at https://bugs.launchpad.net/ubuntu/+bug/675686
<uvirtbot> Launchpad bug 675686 in ubuntu "[needs-packaging] package amazon iamcli" [Wishlist,New]
<zul> smoser: muhahha....muhahaha...sure :)
<zul> smoser: can i park it until this afternoon?
<smoser> absolutely not. i need it NOW!
<smoser> or, wait, thats right, i'm asking you a favor
<smoser> sure
<zul> smoser: :P
<AndyGraybeal> when sharing usb device inside KVM, does this work?  I'm wondering because I think it isn't working for me.  Do i need to disable accessing the device from linux?  so the device can be access only by the virtual machine?
<zul> hggdh: where is the latet uec preseed stuff?
<hggdh> zul: let me get the link
<hggdh> zul: http://bazaar.launchpad.net/~uec-testing-scripts-dev/uec-testing-scripts/preseeds/changes
<SpamapS> smoser: I guess I didn't see the Makefile in there doh
<zul> hggdh: thanks..mind if i start on a natty one
<smoser> SpamapS, its patched in
<hggdh> zul: not at all...
<smoser> quilt 3.0 format extracts and applies patches
<smoser> although i might have that wrong... ie, i think the commited code should have that, shouldn't it.
<zul> hggdh: cool thanks
<smoser> i'm kind of fuzzy on that.
<SpamapS> smoser: right, I didn't read the patches. Makes sense.
<smoser> so do you know, should i check the code in with patches applied ?
<SpamapS> smoser: I tend to just use .install files instead of patching in a Makefile .. but if there's a build step too.. then you kind of need a Makefile to get it right.. but then I wonder why its not in the orig source
<uvirtbot> New bug: #590537 in linux (main) ""lo: Disabled Privacy Extensions" keeps showing up in the system log" [Undecided,Confirmed] https://launchpad.net/bugs/590537
<smoser> SpamapS, cause there really is no build step.
<smoser> i just find a general 'make install' to be more useful than debian/rules install
<SpamapS> smoser: the install file would be a much clearer way to do it though, if all you're doing is copying files around
<smoser> well, its not only copying files. but i would still sort of disagree.
<smoser> 'make install DESTDIR=' is quite standard and expected.
<smoser> so i just added one that does that.
<kiall> smoser, you seem to know a thing or two about UEC ;) .. Neither my UEC instances, nor the euca community cloud instances can ping their own public IPs .. do you know if thats a bug? or bad config? or intended?
<smoser> oh. kiall its user error ;-)
<smoser> most likely
<smoser> security groups
<kiall> I'm not sure it is to be honest, I can ping the public IPs of other instances in the same security group, just not that one.. (in case you didnt get what I meant - Running a ping command on Instance X, aimed at Instance X's public IP fails)
<smoser> well, i dont know what that should do to be honest
<smoser> it seems inconsistent with other results
<smoser> i would suspect its a bug, at least worth opening one.
<kiall> it certainly works on EC2, and would require hairpin NAT on the CC to work ... which half works at the mo (ping another instances public IP, and you geta  reply from the private IP)
<mvo> hi, quick question - is vm-builder no longer maintained and if not, what is the new way to create a minimal kvm/qemu image (I need this for my automatic upgrade tester).
<jdstrand> mvo: it hasn't received as much love as it should... can it not create a natty vm?
<jdstrand> mvo: fyi, I still use it, but haven't tried a natty vm yet. if it doesn't work, I'll update it
<mvo> jdstrand: it tells me it can not create a maverick VM - that is a bit of a blow to me
<mvo> jdstrand: I use it too and I love it
<jdstrand> really... interesting
<jdstrand> let me look at it
<mvo> jdstrand: thanks, its enough that you verify that I'm not blind (or stupid) - I can fix it myself and I'm happy to do a SRU if its really not working
<jdstrand> mvo: I can confirm
<mvo> jdstrand: dang, thanks
<mvo> jdstrand: I test a fix now
<mvo> crazy!
<jdstrand> mvo: if you file a bug, I can get it fixed in natty. you can pursue an SRU if desired
<ScottK> Perhaps it just means you're supposed to be working on Natty and not Maverick now.
<jdstrand> heh
<mvo> jdstrand: don't worry, I take care of this one :) but it would be really good if it would get a bit more love  in the future (/me looks at soren)
<mvo> ScottK: heh :) it needs to create maverick chroots to test maverick -> natty upgrades
<ScottK> mvo: I know, but it was funnier my way.
<jdstrand> mvo: ok, thanks
<mvo> ScottK: that is true :)
<jdstrand> mvo: can you also update it for natty?
<jdstrand> mvo: meaning, create natty VMs as well as maverick?
<mvo> smoser: are you using vm-builder for the ec2 images? or do you have a different tool?
<mvo> jdstrand: in the sru ? or for natty? (or both ;) ?
<smoser> vm-builder slightly branched https://code.launchpad.net/~ubuntu-virt/vmbuilder/0.11
<smoser> (and old)
<jdstrand> mvo: for natty definitely, but I think for SRU would be great. it is one of those things like debootstrap...
<maxagaz> hi
<mvo> jdstrand: ok
<maxagaz> how to untar.gz all files of a drawer at once ?
<jdstrand> in fact, istr it being on one of the ReleaseCycle lists...
* You're now known as ubuntulog
<mvo> soren: if you add me to the approriate group I will be happy t merge/upload vmbuilder for natty with maverick and natty in it
<mvo> jdstrand: what branch did you use for your natty upload? or did you patch directly?
<mvo> jdstrand: aha, I see quilt?
<jdstrand> mvo: let me see...
<jdstrand> mvo: I'm not the maintainer per se, but have updated it a few times. I just would use quilt and upload and let the autoimporter deal
<mvo> jdstrand: thans, I will just do that
<jdstrand> sure
<mvo> jdstrand: I just asked you because you touched it last ;)
<jdstrand> I figured. that is all I did
* You're now known as ubuntulog_
* You're now known as ubuntulog
<jmgalloway> anyone here good with ssh?
<jmgalloway> I have an authentication failure question
<uvirtbot> New bug: #676141 in squid (main) "squid's apport hook should include /var/log/squid/cache.log in crash reports" [Wishlist,New] https://launchpad.net/bugs/676141
<jmgalloway> I keep getting this error:  Received disconnect from 192.168.1.131: 2: Too many authentication failures for clcuser
<jmgalloway> I have uninstalled, reinstalled, changed the maxauthtries variable in ssh_config, tried to re-exchange rsa keys....nothing works.
<jmgalloway> I have passwordless ssh login on each of my machines due to rsa key exchange.  two of my servers give me the too many authentication failure error...
<uvirtbot> New bug: #676144 in eucalyptus "ec2metadata should not add trailing / to requests" [Undecided,New] https://launchpad.net/bugs/676144
<smoser> mvo, as you probably guessed i already patched 'natty' string in
<mvo> smoser: do you use your own branch ? i.e. is that not going into trunk?
<smoser> well, that should go into trunk, yes.
<smoser> but i'm branched off 0.11
<smoser> just because i have never spent effort to move forward
<mvo> smoser: aha, ok
<mvo> smoser: thanks :)
<hallyn> SpamapS: Daviey: did you ever hear anything i said during the chat?
<Daviey> hallyn: no :(
<hallyn> hm.
<hallyn> at least i was able to hear y'all, which was an improvement
<hallyn> but i really don't see why ppl like the touch interfaces.  I want a scrollbar!
<RoAkSoAx> is there a meeting today? (if so 18:00 UTC or 19:00 UTC?)
<ScottK> Server meeting already happened
<RoAkSoAx> oh really? lol
<RoAkSoAx> ScottK: to what time has it been changed to?
<RoAkSoAx> nevermind I just remembered
<matt_keys> how do you tell lmsensors that a temperature sensors is a temperature sensor? I can see the correct results from sensors, but when I query 1.3.6.1.4.1.2021.13.16 it's putting them all into the misc category
<zaca> I need some help
<zaca> While installing my 32 bit server, after creating a username, another install progress bar appears and then just stops at 5%
<highvoltage> zaca: who doesn't?
<zaca> hmm
<zaca> Can you upgrade from desktop edition to server edition inside linux?
<matt_keys> zaca : sudo apt-get install ubuntu-desktop -y
<zaca> Thank you for your help, it's really appreciated.
<zaca> but won't that install the desktop version?
<zaca> I mean, I think I can have desktop ubuntu working fine
<zaca> from there, can I install/upgrade to server from the ubuntu desktop?
<ZMo> hi, which is the better distro for a kvm/corosync server between lucid and maverick? I mean, is there some particulary work on maverick about virtualization against lucid? Thanks
<matt_keys> sorry read that wrong... I suppose the opposite would work--sudo apt-get remove ubuntu-desktop
<matt_keys> server is just desktop without the guis...
<zaca> Ah, No extra functions are installed?
<zaca> anything like.. "sudo apt-get install ubuntu-server" ?
<matt_keys> zaca : https://help.ubuntu.com/community/ServerFaq#What%27s%20the%20difference%20between%20desktop%20and%20server?
<zaca> Thank you very much, matt.
<zaca> I'm switching from Microsoft Web Server
<zaca> 2008
<matt_keys> you just need server then
<zaca> i just need to install apache then
<zaca> it's an old desktop pc
<matt_keys> yeah just install server and select the LAMP category when it asks what to install
<zaca> Linux Server keeps getting stuck at %5 after creating a username.
<matt_keys> verify your installation media. i've had that happen a few times before from either a bad CDr or burn speed
<zaca> possibly
<hallyn> kees: drat, 'CAP_SYS_ADMIN' for dmesg, eh?
<zaca> the CD I burned just before worked perfectly
<zaca> so I am assuming
<kees> hallyn: as a possibility, yeah
<zaca> but now I don't have an os on the only machine with the cd burner. :p
<zaca> well, I'm going to run the server install for a moment here
<hallyn> kees: my 'drat' was at re-using cap-sys-admin
<zaca> "Check disk for defects"
<jjohansen> kees: oh please not CAP_SYS_ADMIN, a new cap maybe?
<hallyn> @jjohansen++ :)
<zaca> "Checking CD rom integrity"
<zaca> FAILED
<zaca> corrupted.
<qman__> it can also be caused by a failing/incompatible drive, too
<qman__> I haven't run into that problem since about 6.06, but still
<qman__> if it's an older machine, consider trying a different drive
<zaca> I think the drive is fine, but thanks, I'll try the second cd drive.
<zaca> and that isn't sarcasm. >.>
<slicslak> something is eating proc on my box, can't even run top
<slicslak> is there a lighter command (options for ps?) that show me the top proc eating processes?
<qman__> slicslak, yes, but I don't know them off the top of my head
<qman__> you can also use `top -n1`
<qman__> to output a single reading
<zaca> Ubuntu TRY desktop works fine
<zaca> going to use it to burn another server install disk
<zaca> actually...
<zul> smoser: whats the bug number again?
<smoser> SpamapS, if you're bored (or if anyone is), you could review https://code.launchpad.net/~awstools-dev/+junk/iamcli . i'm wanting to get that into archive (bug 675686)
<uvirtbot> Launchpad bug 675686 in ubuntu "[needs-packaging] package amazon iamcli" [Wishlist,New] https://launchpad.net/bugs/675686
<smoser> oops.
<smoser> but that is the bug. sorry for spam, spamaps
<zaca> Can I  "sudo apt-get install ubuntu-server" ? from inside TRY desktop?  Would that work to install the server?
<qman__> not exactly
<qman__> you'd have to first remove all the desktop stuff
<qman__> then switch kernels
<qman__> then install the server bits you want
<zaca> it's trying the desktop
<zaca> TRY running off the CD
<zaca> from there can I install the server to disk?
<qman__> not directly
<zaca> unfortunately, the other drive isn't connected/ out of comission
<zaca> is it possible to remove the live CD to burn another for a few minutes? >.>
<zaca> I'm probably asking very stupid questions
<zul> smoser: after a quick look at it....i have two things (1) fix the changelog (2) and in the debian/control move the ${misc:Depends} to the end
<smoser> what is wrong with changelog ? the ~natty ?
<zaca> Haha
<smoser> zul, ^
<zul> smoser: the ~ppa1 bit
<zul> er...ppa0 bit
<zaca> nevermind... won't even let me use the drive even though the live cd is out
<smoser> pushing those now
<zul> soser: lemme know when done ill upload it
<zaca> Thanks for your help guys
<zul> smoser: ^^^
<zaca> I know it's a bitch helping linux newbs. :D
<smoser> zul, done
<smoser> oops
<smoser> shoot
<smoser> lp:~awstools-dev/+junk/iamcli is done now.
<smoser> rev 21
<kees> jjohansen, hallyn: it's the syslog CAP again...
<kees> hallyn: see, we needed it now! :)
<SpamapS> smoser: did we file a blueprint to add all the missing aws tools as erichammond asked?
<hallyn> kees: no argument.  sadly, i only just realized that linux-security-module is another list whose subscription got dropped
<smoser> i dont know if there is a blueprint, SpamapS
<smoser> i dont think so
<hallyn> kees: i don't even remember what happened to htat patch
<kees> hallyn: it's gotta be in there somewhere...
<zaca> Awesomesauce, Booted up with Live Desktop, using the burner to burn another, hopefully good, server install cd
<hallyn> kirkland: if i wanted to switch kvm-pxe to use the new gpxe tree...  should i jsut create an ubuntu/natty/gpxe and have the ubuntu/natty/etherboot go away, or should i try and 'update' the etherboot tree with the gpxe contents?
<hallyn> kees: you mean in the archives?
<kees> hallyn: yeah, I assume. I mean, I remember reading it a while back.
<kirkland> hallyn: is gpxe a new project?  ie, is it separate from etherboot?
<uvirtbot> New bug: #676208 in backuppc (main) "package backuppc 3.1.0-6ubuntu4 failed to install/upgrade: underprocess installerade post-installation-skript gav felkod 1" [Undecided,New] https://launchpad.net/bugs/676208
<hallyn> kirkland: gpxe is the new etherboot
<kirkland> hallyn: i haven't looked at it much, but I'd think this would be a new package we'd need to add to the archive, no?
<kirkland> hallyn: ie, it's more than just a name change, right?
<hallyn> kirkland: right, and i'm going to
<hallyn> just wondering how
<hallyn> i dunno how much the actual code layout has changed
<hallyn> it is a new git tree
<kirkland> hallyn: okay, so first, check that debian hasn't packaged it yet
<kirkland> i don't see it
<kirkland> hallyn: perhaps look for an ITP (intend to package)
<kirkland> hallyn: and if it's not packaged, then yeah, we'd need to package it up
<kirkland> hallyn: as of debhelper7, packages from scratch are pretty trivial
 * hallyn 's eyes glaze over at 'debhelper7' :)
<hallyn> all right, ITP - obviously the way to go!
<hallyn> thanks
<hallyn> (in fact, maybe i/we asked about that a few months ago)
<zaca> Hey, Matt, thanks for the help
<SpamapS> kirkland: note that there's a new tool, 'pkgme' that should make packaging from scratch even easier... sort of the debhelper equivilent of dh_make.
<ScottK> SpamapS: You should consider some of the acronym expansion in that sentence.
<SpamapS> ScottK: I see no acronyms... ?
<ScottK> SpamapS: What is dh_make short for.
<ScottK> (specifically the dh part)
<SpamapS> ScottK: right, but dh_make is crusty and doesn't do what pkgme intends to do. ;)
<ScottK> OK.  But a debhelper version of debhelper make is nonsense.
<SpamapS> well its the debhelper equvilent.. I actually meant to type debhelper7 equivilent.. as the idea is to just type 'pkgme blah' like 'dh blah'
<SpamapS> though the end goal is really to be able to determine a) what IDE/build system/etc. was used to produce the cwd's source, and b) what is missing to fill in a complete debian dir from it.
<SpamapS> then of course, c) if all is available, make a debian dir.
<ScottK> Right.
<smoser> where is pkgme ?
<smoser> SpamapS, ^
<smoser> kirkland, ping
<kirkland> smoser: pong
<smoser> http://bazaar.launchpad.net/~smoser/+junk/uec-on-ec2/files has 'maverick-commands' that turn ec2 image into uec
<zaca> So far my server install is going smoothly, I ran the CD check and it passed
<smoser> err ec2 instance into a uec
<smoser> and that is functional
<smoser> so you can likely just scrape that for your live iso
<smoser> ie, somewhere in that 150 lines might be something that makes your iso work
<SpamapS> smoser: https://launchpad.net/pkgme
<eriksson25> Need help, I compiled some mantis driver for my tv card. But it jamed the system, wouldent boot, Only solution was to remove the card. Then it worked as usual. How can I remove this drivers?
<eriksson25> I installed with this, sudo dkms add -m mantis -v mercurial
<eriksson25> sudo dkms build -m mantis -v mercurial
<eriksson25> sudo dkms install -m mantis -v mercurial
<zaca> I'm installing ubuntu server
<zaca> and I'm unsure what each of all these packages I can install do
<zaca> I know I want the LAMP, print
<zaca> but I don't know what they all do >.>
<RoyK> just start off with ssh
<RoyK> then you can install the rest afterwards
<RoyK> if you need mysql and apache, use lamp, if not, just stick to a simple install
<zaca> I plan for this to be used for web serving, FTP, print serving
<zaca> I'd like to be able to remotely manage it
<zaca> Possibly mail
<RoyK> LAMP = linux + apache + mysql + php
<RoyK> for an ftp server, no need for that
<RoyK> for a web server, apache will do, unless you want wordpress or something on it
<zaca> my website uses a lot of PHP
<RoyK> all packages are installable after initial install
<RoyK> so never mind - just start out with ssh and lamp
<RoyK> lamp will install myql, which may not be needed, but it won't hurt much
<zaca> okay
<zaca> Sounds good to me.
<zaca> I just can't find a list online describing the function of each package/collection
<aCleverMoniker> Hey everyone.  I have a strange issue.  I can see /var/www shared from my server on both windows and osx boxes on my network, but I *don't* have nfs-kernel-server or samba installed.
<aCleverMoniker> I'm trying to figure out what is causing it to be shared.
<zaca> I've selected lamp,, mail, print, openSSH and I think I'll continue with that.
<RoyK> zaca: if you're a newbie (which I suspect you are), just start off with lamp+ssh and take it from there
<zaca> definitely a newby with linux and servers
<zaca> my skills are more limited to local networks and individual computers
<RoyK> zaca: never mind - learn as you go
<RoyK> aCleverMoniker: perhaps AFS is involved?
<zaca> I'm a beast with windows
<aCleverMoniker> RoyK: I'm not sure.  How would I check that?
<zaca> :D  but that's $300 software
<RoyK> aCleverMoniker: just install the nfs kernel server - never mind about the rest
<zaca> would you suggest using a password for MySQL?
<RoyK> zaca: would you recommend having a secure network?
<zaca> that's a yes
<aCleverMoniker> RoyK: I had it installed originally, but I was having trouble seeing anything in exports (except for /var/www) on my windows/mac boxes.  I decided to uninstall it and switch to samba, but when I uninstalled it, I'm still able to see /var/www.
<aCleverMoniker> So that's concerning.
<zul> smoser: do you want me to upload that?
<zaca> I usually accomplish that by very strict firewall use.
<smoser> yes please.
<zaca> talking out of my ass a little
<RoyK> zaca: firewall security doesn't count if you have a bad webapp where people can insert user/pass for the mysql db
<RoyK> zaca: and those things happen more often than you want to know
<zaca> -nods-
<zaca> I've noticed a large number of annoying dictionary attacks through ftp
<RoyK> never use ftp
<zaca> sftp then?
<RoyK> it's a highly insecure protocol
<zaca> very open to man in the middle
<RoyK> sftp, as in ftp over ssh, yes
<RoyK> sftp with ssl/tls is somehow insecure as well
<RoyK> ssh is quite secure
<zaca> This is also a home network
<zaca> the reason I'm still ignorant about it it because I haven't felt that security is absolutely needed.
<RoyK> imho all networks should be built by a fanatic paranoid sysadmin :Ã¾
<zaca> I'll be back in about 20 minutes, the server is installing the packages, I have to pick up my little brothers from school
<zaca> Thanks RoyK
<amarcolino> hi I can't seem to mount cdrom on a clean install of ubuntu lts running in vbox, command outputs mount: can't find /dev/cdrom in /etc/fstab or /etc/mtab
<amarcolino> what do I need to do to get the cdrom showing?
<matt_keys> how do you tell lmsensors that a temperature sensors is a temperature sensor? I can see the correct results from sensors, but when I query 1.3.6.1.4.1.2021.13.16 it's putting them all into the misc category
<zul> smoser: done
<smoser> whoowhoo
<zul> hggdh: do you want to file a bug on it?
<hggdh> I think I should. Hell is that there are no logs
<hggdh> zul: ^
<zul> *grr*
<hggdh> zul: bug 676245 opened; we do not have a way of getting the logs, but the kernel folks can access the system anytime they want
<uvirtbot> Launchpad bug 676245 in linux "Broadcom NetXtreme II BCM5709 not recognised on install" [Undecided,New] https://launchpad.net/bugs/676245
<zul> hggdh: sweet...thanks
<Zac> awesome sauce
<Zac> The server is finished installing
<Guest99415> booting up for the first time
<Guest99415> nick
<Guest99415> -nickname
<Guest99415> I forget how to do this
<ZacServerInstall> awesome
<okay> nick ZacharyUServer
<okay> hello
<ZacharyNewb> I've just installed my server, and it's now running
<ZacharyNewb> however I have no idea how to configure it
<ZacharyNewb> I'd like to start with web serving
<ZacharyNewb> I already have an entire website on the second ntfs drive
<ZacharyNewb> I'm starting with ddclient for dynamic ip address updating
<ZacharyNewb> how do I uninstall ddclient?
<ZacharyNewb> I need some help ?
<ZacharyNewb> How do I uninstall ddclient?
<jdstrand> hallyn: fyi, I uploaded libvirt
<jdstrand> hallyn: amd64 ftbfs because of the qemu-kvm ftbfs on amd64 I mentioned earlier today. when qemu-kvm is fixed can you either ping me or retry the libvirt builds?
<guntbert> ZacharyNewb: sudo apt-get remove ddclient
<ZacharyNewb> does that remove all of it's configuration files as well?
<guntbert> ZacharyNewb: no
<ZacharyNewb> Alright, I screwed up configuring it,
<ZacharyNewb> I'm trying to delete those settings and retry
<guntbert> ZacharyNewb: then sudo apt-get purge ddclient
<hallyn> jdstrand: well that's just whacky, bc the exact same source did build in my ppa at https://launchpad.net/~serge-hallyn/+archive/virt?field.series_filter=natty
<ZacharyNewb> awesome, I love you
<guntbert> ZacharyNewb: you're welcome :-) (have a look at the !serverguide   some time :-))
<ZacharyNewb> I'm trying to set up the dns updater
<hallyn> jdstrand: https://launchpad.net/ubuntu/natty/+source/qemu-kvm/+builds  the amd64 build passed according to this
<ZacharyNewb> what protocol do you think I need to use for no-ip.com ?
<guntbert> ZacharyNewb: look on their web site
<ZacharyNewb> they say http resquest
<ZacharyNewb> but that's not a listed option in ddclient ?
<jdstrand> hallyn: I'm sorry. I meant to say that libvirt ftbfs because qemu-common isn't available on amd64, because qemu-common is built in the i386 builds and it ftbfs
<hallyn> ah
<hallyn> ok, i'm asking on #ubuntu-devel about the i386 failure
<hallyn> hm, well, i suppose i'll try here in a chroot first
<hallyn> doh, i don't have a natty chroot yet :)
<guntbert> ZacharyNewb: If you're speaking to someone in particular, please put their nickname in what you say (use !tab), or else messages get lost and it becomes confusing :)
<ZacharyNewb> aha, of course
<jdstrand> hehe
<guntbert> ZacharyNewb: as an example: http://pastebin.com/ABK5t4Gd
<ZacharyNewb> guntbert: Yes, I found that.  Problem is I don't know the protocols for namecheap,  or their addresses or other settings.  Thanks you though,  I'm currently chatting with tech support.
<guntbert> ZacharyNewb: all right and Good luck :-)
<ZacharyNewb> guntbert: don't know if install gedit was a good idea >.>
<guntbert> ZacharyNewb: ??
<ZacharyNewb> guntbert: trying to edit the ddclient.conf file
<ZacharyNewb> don't know how to open it, perhaps using gedit?
<guntbert> ZacharyNewb: are you running a server with GUI?
<ZacharyNewb> nope, probably the reason why it's a bad ide
<air^> "nano ddclient.conf" ?
<ZacharyNewb> ahahaha
<ZacharyNewb> See, I realized I messed up when the server started installing tons of extra packages.
<air^> :)
<ZacharyNewb> so, "sudo apt-get purge gedit"  then?  remove all that crap I just installed? :p
<ZacharyNewb> -waiting recklessly to hit enter with the command typed in, for someone to yell at him "No, you moron!  don't do it that way!"
<ZacharyNewb> -
<ZacharyNewb> FIRE
<ZacharyNewb> well, gedit's removed now, but a metric ton of extra packages are now installed.
<fluvvell> ZacharyNewb, sudo apt-get autoremove
<ZacharyNewb> fluvvell: I'm starting over the server install completely.
<ZacharyNewb> I need to learn more about the process anyway.
<fluvvell> I'd not think that really necessary, but it can be a useful learning route.
<fluvvell> yes
<ZacharyNewb> Well now I'm stuck with..
<ZacharyNewb> The Server was absolutely perfect!
<ZacharyNewb> only the packages I needed! Barebones, simple and beautiful
<ZacharyNewb> then I recklessly run  install gedit
<ZacharyNewb> and I get a ton of extra crap
<ZacharyNewb> suddenly.
<ZacharyNewb> my virgin install has become very violated. ;_;
<ZacharyNewb> I have to reinstall completely, fresh
<fluvvell> ZacharyNewb, if gedit was the only thing you installed, its not hard to remove
<fluvvell> ZacharyNewb, and autoremove cleans out un-necessary packages after you remove-purge it
<fluvvell> Theres very little you can't undo during an ubuntu install
<ZacharyNewb> fluvvell:  I love linux now.  I've been all giddy since rediscovering it. :D
<ZacharyNewb> fluvvell: When I first started using it, it kept crashing, and was more difficult, now it's like a wetdream.
<fluvvell> ZacharyNewb, he he, whats not to love.  Re: gedit, when offering to install on my 8.04 server, it only wants to install 52 packages. Not what I'd call hugely problematic. (I'm remote accessing it via ssh)
<fluvvell> ZacharyNewb, and if I install it, then remove it later, apt-get autoremove will remove all 52 packages that are no longer needed.
<ZacharyNewb> fluvvell: In past dealings in windows, SSH was a total bitch to set up, so I decided not to use it, despite knowing it would then be less secure
<ZacharyNewb> fluvvell: I presume that ssh is much easier to use in linux?
<fluvvell> ZacharyNewb, its built in
<fluvvell> ZacharyNewb, and in windows, you just install putty. It takes all of about 5 seconds to download and install
<ZacharyNewb> fluvvell: This computer I'm chatting on is running windows 7, dual-booting with ubuntu netbook
<ZacharyNewb> rather, the two OSs are installed side by side
<fluvvell> ZacharyNewb, thats probably similar to how many of us started
<ZacharyNewb> fluvvell: am I able to remotely access and control ubuntu server from windows?
<fluvvell> I now only ever run windows in a virtual machine now.
<fluvvell> Not if they are on the same computer
<ZacharyNewb> no
<ZacharyNewb> fluvvell: Ubuntu Server is on my old desktop pc connected to the router under the cabinet.  Beforehand I had Windows Web Server 2008
<fluvvell> ZacharyNewb, the problem will be if you want to remote run any X based apps
<ZacharyNewb> fluvvell: X being the graphics engine for linux? which understandably wouldn't work with windows connections?
<fluvvell> ZacharyNewb, yeah, there are ways but it gets a bit complicated.
<fluvvell> but putty is your first point of call
<ZacharyNewb> Ng:  why do you keep toggling your nickname between uppercase and lowercase?
<ZacharyNewb> fluvvell: for now I'd like to start with basic stuff
<fluvvell> ZacharyNewb, yep good idea. Is your server installing now?
<ZacharyNewb> fluvvell: would you suggest I switch to linux netbook to access the server?
<Ng> ZacharyNewb: that's not me :)
<ZacharyNewb> fluvvell:  yes, it is. installing base system, it'll take longer since it's having to do it via optical disk
<ZacharyNewb> 83%
<ZacharyNewb> 90
<fluvvell> ZacharyNewb, Its not critical at this stage, have you got a copy of putty installed on the windows box?
<ZacharyNewb> not currently, one moment, I'll install it on here now
<fluvvell> then you can remote into the linux server.
<hallyn> jdstrand: interesting, the gentoo forums suggest problems due to parallel builds
<ZacharyNewb> fluvvell: What do I use to remote?
<hallyn> (which woudl expalin the somewhat random failures0
<ZacharyNewb> fluvvell: With Windows Web Server 2008, I was using Windows 7 RDC (Remote Desktop Connection) to conenct, and was merely using certificate authentication on some random back alley port
<ZacharyNewb> Now at  "Select and Install Software"
<ZacharyNewb> fluvvell: putty.exe is on my desktop, I opened it and now I have a bunch of options
<ZacharyNewb> fluvvell:  server isn't finished installing, but until then, Do I need any other application to use to remote into linux?
<kirkland> smoser: ping
<kirkland> smoser: i'm curious about the MIR items in https://blueprints.launchpad.net/ubuntu/+spec/cloud-server-n-desktop-images
<kirkland> smoser: I'd think for 11.04, we should be able to do this blueprint without MIR'ing stuff
<jdstrand> hallyn: interesting. I've seen that before, but not on qemu-kvm
<air^> hmm.
<air^> I got a folder shared both through afp (for mac useage) and through nfs (for xbmc).
<air^> I know netatalk supports "veto" to hide files, but what about nfs?
<fluvvell> ZacharyNewb, you only have a bash/command line on stock standard server install, so putty will give you that access.
<eriksson25> Plz, how do I get rid of a installed mantis driver that is installed with dkms
<cjc2010> How do I go about creating 10 mailboxes
<cjc2010> pls
<bluefrog> cjc2010, install a mail server
<cjc2010> pls name an easy to configure and light weight mail server for me to try
<eriksson25> Plz, how do I get rid of a installed mantis driver that is installed with dkms
<cjc2010> ^that supports IMAP4rev1
<uvirtbot> cjc2010: Error: "that" is not a valid command.
<cjc2010> ^ that supports IMAP4rev1
<uvirtbot> cjc2010: Error: "that" is not a valid command.
<cjc2010> that supports IMAP4rev1
<bluefrog> eriksson25, removing it seems a good idea
<uvirtbot> New bug: #676294 in openssh (main) "unable to open remote java application over ssh (UGBoJ)" [Undecided,New] https://launchpad.net/bugs/676294
<cjc2010> is Dovecot a good choice/
<cjc2010> is Dovecot a good choice?
<eriksson25> bluefrog Yes, but how, I compiled it with
<eriksson25> sudo dkms add -m mantis -v mercurial
<eriksson25> sudo dkms build -m mantis -v mercurial
<eriksson25> sudo dkms install -m mantis -v mercurial
<eriksson25> Any easy way to remove it?
<eriksson25> If I have tha tv card in that the mantis drivers is for it wount boot. Gives me all kinds of strange errors. If I remove the card it works fine.
<eriksson25> So I just want to remove the driver.
<bluefrog> dkms remove
<eriksson25> <bluefrog>, shuld I use -m or -all?
<bluefrog> don't know man dkms
<eriksson25> sudo dkms remove --all Mantis
<eriksson25> Gives
<eriksson25> Error! Invalid number of parameters passed.
<eriksson25> Usage: remove -m <module> -v <module-version> --all
<eriksson25>    or: remove -m <module> -v <module-version> -k <kernel-version>
#ubuntu-server 2010-11-17
<ZacharyNewb> can someone help me get remote access working on my server?
<ZacharyNewb> using ssh?
<ZacharyNewb> on the server, and putty on windows 7?
<eriksson25> Just install openssh
<ZacharyNewb> already did
<ZacharyNewb> I don't know what to do from here
<ZacharyNewb> http://beyond-sight.com/
<ZacharyNewb> router is forwarding correctly
<eriksson25> Oki, on putty, just set your server ip, port 22, and press open
<ZacharyNewb> eriksson25:  Connection refused.
<ZacharyNewb> eriksson25:  my router is probabaly not forwarding that port, one moment
<eriksson25> Exactly
<eriksson25> =)
<ZacharyNewb> How can I set my ubuntu ethernet ipaddress?
<ZacharyNewb> 192.168.1.250 for example?
<ZacharyNewb> it's currently 192.168.1.9
<eriksson25> Depends on, you can set it from the router. Binding its mac to a ip.
<eriksson25> You can set it grafical if you have it on the server. Or you can set it in commandline.
<eriksson25> did ssh work now?
<eriksson25> You shuld not have it on port 22.
<ZacharyNewb> havne't forwarded the port to the pc yet
<ZacharyNewb> verizon fios router
<ZacharyNewb> doesn't say anything about a mac address
<eriksson25> before you do that, change the port.
<ZacharyNewb> change port how?
<eriksson25> to a higher number like 5022 or something.
<ZacharyNewb> I don't know how to change the openssh port to something else
<eriksson25> open file /etc/ssh/sshd_conf
<ZacharyNewb> 26254 in this case, is what I'd like.
<ZacharyNewb> okay
<ZacharyNewb> sudo nano
<eriksson25> and there go down to port= and change it to whatever.
<eriksson25> Then you need to run /etc/init.d/ssh restart
<eriksson25> http://codesnippets.joyent.com/posts/show/319
<eriksson25> Thats how you set static ip to whatever you want on the server.
<ZacharyNewb> hm
<ZacharyNewb> ssh_restart
<ZacharyNewb> or ssh restart
<eriksson25> no _
<ZacharyNewb> nog being found as a command
<eriksson25> ssh restart
<nich0s> Restarting SSHD?
<ZacharyNewb> I cd  ed to the directory init.d
<eriksson25> No need.
<ZacharyNewb> ssh restart isn't doing anything
<eriksson25> Just type "/etc/init.d/ssh restar"
<SpamapS> kirkland: hey, how come ubuntu-vm-builder doesn't accept maverick inside maverick?
<nich0s> sudo service ssh restart
<eriksson25> And press enter.
<SpamapS> VMBuilder.exception.VMBuilderUserError: Invalid suite: "maverick". Valid suites are: dapper gutsy hardy intrepid jaunty karmic lucid
<ZacharyNewb> ssh start/running, process 1631
<eriksson25> or that way as nichos says
<eriksson25> Yes, now its using the new port.
<ZacharyNewb> awesome
<eriksson25> Portforard it and you are good to go.
<nich0s> ZacharyNewb: Welcome to Ubuntu.
<s093294> Hmm, wierd hehavior on iptables. I use iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4000 -jDNAT --to-destination 82.211.214.96   This dont work if i try to connect to ip of the ppp0 interface, if i change ppp0 to eth1 and connect to that ip the packages are send of to 82.211.214.96  (are there some special thing with pptp connections) ?
<ZacharyNewb> eriksson25:  those instructions on that link aren't working
<ZacharyNewb> no interfacing directory or file
<ZacharyNewb> wow, just found it nevermind
<eriksson25> =)
<TDoubleDg> Anyone familiar with using DRBD to create an active/active ISCSI target?
<ZacharyNewb> sudo nano interfaces
<ZacharyNewb> eriksson25: okay, I changed my ip address in the config file, and it matches that text except
<ZacharyNewb> he kept having "192.168.0.1"
<ZacharyNewb> I put "1.1"
<eriksson25> Yes ofc, since that would be your router.
<ZacharyNewb> is my rendition correct?
<ZacharyNewb> ofc = ofcourse, ah. xD
<ZacharyNewb> okay
<ZacharyNewb> do I need to reset the ethernet connection somehow for the change to take effect?
<ZacharyNewb> eriksson25:
<eriksson25> Yes, Dont remember how....
<nich0s> sudo service networking restart
<eriksson25> there you goo.
<ZacharyNewb> ah
<ZacharyNewb> eriksson25:  nich0s   Thanks, I also found "/etc/init.d/networking restart"
<ZacharyNewb> with yours, sudo service, IO'm getting "restart: unknown instance"
<eriksson25> Yup, two ways of doing the same thing.
<ZacharyNewb> the one I found works
<ZacharyNewb> requires sudo though
<ZacharyNewb> also
<ZacharyNewb> sudo ifdown -a
<ZacharyNewb> to bring them down
<ZacharyNewb> sudo ifup -a
<ZacharyNewb> back up
<ZacharyNewb> to turn the network adapters on and off all-together
<ZacharyNewb> okay
<ZacharyNewb> eriksson25: Router is portforwarding 26254
<ZacharyNewb> hm
<ZacharyNewb> connection refused
<eriksson25> on the server, run ifconfig
<eriksson25> And se if it says the correct ip
<ZacharyNewb> yes
<ZacharyNewb> correct ip
<eriksson25> Is the server within the same lan?
<ZacharyNewb> yes
<ZacharyNewb> beyond-sight.com
<eriksson25> Then you dont need portworading, thats only from outside.
<ZacharyNewb> is correctly being forwarded port 80 to the server, I get the web test page
<ZacharyNewb> true.
<ZacharyNewb> I travel sometimes as well
<ZacharyNewb> for now I'll test the network, you're right
<eriksson25> Yes, but we get it to work internat first.
<eriksson25> =)
<eriksson25> In putty, did you sett the internal ip? like 192. and then the new port
<ZacharyNewb> putty 192.168.1.250 port 26254
<ZacharyNewb> connection refused
<ZacharyNewb> however in the ethernet adapter settings you had me view, it's showing "bcast" (broadcast) as 192.168.0.255
<eriksson25> I say, reboot the server. Might me something with the ip numbers scruwing with you.
<eriksson25> That is correct.
<ZacharyNewb> doesn't it need to be 0.1 ?
<eriksson25> Or waait, now its noot.
<ZacharyNewb> like I changed all the others?
<eriksson25> Shuld be 1.255
<ZacharyNewb> -nods- I missed that then
<eriksson25> everyting has to be 192.168.1.x
<ZacharyNewb> and "network" 192.168.0.0 should be 192.168.1.1 ?
<ZacharyNewb> network card reset
<ZacharyNewb> trying again
<eriksson25> 1.0
<ZacharyNewb> k
<ZacharyNewb> fixed again
<ZacharyNewb> trying putty again
<eriksson25> dont know with win7, you might need to run it as admin.
<eriksson25> I use xp as my windows comp.
<ZacharyNewb> connection refused still
<ZacharyNewb> using local lan address
<ZacharyNewb> I'm going to ping beyond-sight.com to see if I get response
<ZacharyNewb> and see if the web default page still pops up
<ZacharyNewb> web default page still up
<ZacharyNewb> do I need to configure open ssh further perhaps?
<eriksson25> Reboot the server.
<ZacharyNewb> back in it's config file?
<ZacharyNewb> alright
<ZacharyNewb> do you know how I can do that from command line?
<eriksson25> you shuldent need to.
<eriksson25> sudo reboot now
<ZacharyNewb> thanks
<PatrickDK> hmm, sudo reboot lastnight :)
<ZacharyNewb> sudo reboot lastnight?  sat mean?
<eriksson25> He was funny
<PatrickDK> wishful thinking :)
<ZacharyNewb> I don't get it
<eriksson25> =)
<ZacharyNewb> Zachary newb here doesn't get it. >.>
<ZacharyNewb> I didn't realize I typed "I don't get it"
<PatrickDK> that is more funny than my lame attempt :)
<eriksson25> its ok.
<eriksson25> LAte night humur.
<ZacharyNewb> it had better be
<ZacharyNewb> awesome server back up
<eriksson25> Oki, try again and se what hapends.
<ZacharyNewb> connection refused again
<eriksson25> Oki, try port 22
<eriksson25> just for the fact.
<ZacharyNewb> whoa
<ZacharyNewb> got something new
<eriksson25> Wants to save a key?
<ZacharyNewb> "the server's host key is not cached in the registry"
<ZacharyNewb> yes
<eriksson25> Save it
<PatrickDK> ah, it's looking for a date
<ZacharyNewb> ...
<ZacharyNewb> what it called?
<ZacharyNewb> deflection?
<PatrickDK> your attempting to move it to an alternate port?
<eriksson25> Yes
<ZacharyNewb> yes, one previous attempt apparently failed
<ZacharyNewb> however changing the ip address did work
<PatrickDK> just edit /etc/ssh/sshd_config
<eriksson25> That what I told him.
<PatrickDK> Port xxxx
<ZacharyNewb> sshd ?
<ZacharyNewb> there's also a ssh_config
<PatrickDK> service ssh restart
<PatrickDK> ssh_config is for the client, sshd_config is for the server
<ZacharyNewb> nor did I restart it before I restarted the server
<PatrickDK> so ssh_config == outgoing
<PatrickDK> sshd_config == incoming
<eriksson25> <eriksson25> open file /etc/ssh/sshd_conf
<ZacharyNewb> awesome
<eriksson25> what I typed earlier
<PatrickDK> eriksson25, ya, I didn't scroll back that far :)
<eriksson25> Its cool
 * PatrickDK never runs ssh on alternate ports
<ZacharyNewb> oh my god
<eriksson25> Thats why I asked him to change putty to 22, since I belived he would missed it.
<ZacharyNewb> so much easier typing it into putty here next to this window
<eriksson25> =)
<eriksson25> So putty up and running?
 * PatrickDK has never used putty
<eriksson25> =), well some of us plays computergames, and dont come dragging about wine.
<eriksson25> I use linux, for Server, Router, HTPC
<ZacharyNewb> service ssh restart isn't working
<PatrickDK> heh, I use linux for everything
<PatrickDK> only use windows for vcenter
<ZacharyNewb> alright
<ZacharyNewb> nevermind, has to have sudo
<eriksson25> =)
<ZacharyNewb> Yes, Putty works, now I've switched opensshd port to 26254
<ZacharyNewb> including the client ssh port on the server too
<eriksson25> Good boy
<eriksson25> Now you are redy to do some real work. I am off to bed now.
<ZacharyNewb> YAY
<PatrickDK> man, I do like these new hp blades so much better than the old ones :)
<ZacharyNewb> Thank you, mother. >.<
<ZacharyNewb> PatrickDK:  I'm on a netbook
<eriksson25> No problem.
<eriksson25> Have fun.
<ZacharyNewb> PatrickDK: The Asus 1201n Dual core 1.6ghz, hyperthreading/4 virtual cores, with ion graphics, including a GPU
<ZacharyNewb> and it's overclockable to 2 ghz
<ZacharyNewb> $500
<PatrickDK> I can't use netbooks
<ZacharyNewb> this one is really nice
<ZacharyNewb> 3-4 hours regular use battery life, nicely sized keyboard, 11 inch screen
<ZacharyNewb> Full HD video
<PatrickDK> heh, I'm all about 6hours battery
<ZacharyNewb> I can run two 1080p monitors on this, dual screen, one on the VGA port and another on hdmi
<PatrickDK> using a t61p currently
<ZacharyNewb> This thing is wayyy too powerful to be compared to netbooks
<PatrickDK> I'm lacking hdmi on this one, my last one had it, loved it
<PatrickDK> lately I've been lazy
<ZacharyNewb> Actually, They compare my netbook to fully priced laptops
<PatrickDK> and just use my droid2 for everything
<ZacharyNewb> I'm jealous
<ZacharyNewb> I have a samsung propel
<ZacharyNewb> anywho
<PatrickDK> nothing is better I think than ssh+rsync on my phone :)
<ZacharyNewb> I need to configure the web server somehow
<ZacharyNewb> where to start?
<ZacharyNewb> PatrickDK:  apache is installed
<ZacharyNewb> My website is residing on the secondary hard drive (500 GB)
<ZacharyNewb> formatted probabaly as NTFS
<ZacharyNewb> sudo mkdir /media/windows
<ZacharyNewb> sudo mount /dev/hda1 /media/windows/ -t ntfs -o nls=utf8,umask=0222
<ZacharyNewb> clear
<ZacharyNewb> can someone help me?
<ZacharyNewb> I've just installed Ubuntu Server.  With your peoples' extensive help, I've configured it's ip address, mounted an extra drive and I'm not remotely accessing it through putty
<smoser> kirkland, regarding MIRs, if the -desktop is an official supported image, it can only include things in main
<kirkland> smoser: i think for Natty we should prove something unsupported, using Universe first
<kirkland> smoser: before we commit to stuff in Main
<smoser> we basically have something unsupported
<smoser> and have for 2 releases
<kirkland> smoser: right;  i'm thinking we should get heavier feedback on that for a cycle before we start picking and choosing what needs to go into Main
<smoser> thats fine. but for that we dont really need to do anything.
<smoser> a couple cloud-init scripts that allow people to test
<ZacharyNewb> Do any of you know how to format a second hard drive?
<ZacJstSetUpHisSr> lol
<SrvrUsrRdyToHelp> :D
<gksmithlcw> Hello?
<SrvrUsrRdyToHelp> Are people here?
<SrvrUsrRdyToHelp> Hello?
<SrvrUsrRdyToHelp> hello?
<SrvrUsrRdyToHelp> hello?
<SrvrUsrRdyToHelp> LaND HO
<ScottK> SrvrUsrRdyToHelp: There are people here, but this channel is usually pretty quiet this time of day.
<SrvrUsrRdyToHelp> ScottK: I see
<SrvrUsrRdyToHelp> ScottK: Well, I'm slowing peicing together my ubuntu server
<ScottK> Great.
<SrvrUsrRdyToHelp> ScottK:   remote access via putty with windows 7 netbook I have is working, ports, right now I just figured out how to format and mount a second hard drive, put it into the startup script to mount automatically, and now I'm thinking about how to configure apache server to serve my site, off of the second mounted hard drive
<ScottK> Sounds like you're making progress.
<SrvrUsrRdyToHelp> ScottK: Definitely.  Manually set all ethernet settings, etc etc etc
<SrvrUsrRdyToHelp> ScottK: Hours of fun, Are you enjoying your day?
 * ScottK has had a decent day, but is just about to head for bed.
 * SrvrUsrRdyToHelp is sorry to hear that. :(
<b0gatyr> hi everyone
<SrvrUsrRdyToHelp> hi there
<SrvrUsrRdyToHelp> what's up?
<SrvrUsrRdyToHelp> b0gatyr:  what's up?
<b0gatyr> not much ya know
<b0gatyr> how about you?
<TDoubleDg> Anyone here used DRBD to create an ISCSI Target?
<SrvrUsrRdyToHelp> someone here?
<SrvrUsrRdyToHelp> hello?
<TDoubleDg> sup
<TDoubleDg> .....
<TDoubleDg> :-\
<kaushal> hi
<kaushal> can someone please guide me about https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329 ?
<uvirtbot> Launchpad bug 379329 in openssh "CVE-2008-5161: OpenSSH CBC plaintext recovery" [Low,Fix released]
<Dark-Sun> hello people;
<SpamapS> kaushal: what about it?
<Dark-Sun> here's my scenario: i should make a web interface for iptables, (yes, it's a firewall web panel). problem is apache runs web page as "nobody" so i can't execute "iptables". question is "since there's a apache process run as root, is it possible to make apache use that process to run a web page?"
<SpamapS> Dark-Sun: no
<SpamapS> Dark-Sun: that process is only responsible for listening on port 80,  which is restricted to root access (all ports below 1024 are)
<SpamapS> Dark-Sun: You can, however, run iptables commands with sudo. However, I do not recommend this as this would mean anybody who can break into your web code can run any iptables command...
<SpamapS> Dark-Sun: is there any reason you don't want to use one of the existing iptables frontends, like smoothwall for instance?
<Dark-Sun> SpamapS: you mean that apache process can't do anything else but listening?
<SpamapS> Dark-Sun: basically, yes
<SpamapS> Dark-Sun: it just listens, and hands accepted connections to the child processes.
<Dark-Sun> SpamapS: actually i was about to do some other stuff beside firewall, and i was curious how they do this
<Dark-Sun> i got some work around clues, like jailing, a daemon running on the web server, but i don't know which one should i choose
<kaushal> SpamapS: hi
<kaushal> sorry was away
<kaushal> is there a fixed version available for 8.04 ?
<kaushal> I mean openssh-server
<SpamapS> Dark-Sun: a daemon that is chrooted off and very simple would work, as long as it has a way to verify who is communicating with it.
<SpamapS> kaushal: looks like https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/379329/comments/3 has a workaround that will work for hardy.
<uvirtbot> Launchpad bug 379329 in openssh "CVE-2008-5161: OpenSSH CBC plaintext recovery" [Low,Fix released]
<kaushal> SpamapS: ok
<kaushal> so is it to add this Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc to to ssh_config and sshd_config and restart the daemon and restart openssh server ?
<kaushal> and then rescan the server again with OpenVAS Server ?
<Dark-Sun> SpamapS: hummm... i should read more about it, thanks ;)
<SpamapS> kaushal: also mdeslaur has replied in bug #651720 about why the patch was not pushed back to hardy.
<uvirtbot> Launchpad bug 651720 in openssh "Hardy OpenSSH version out-of-date - security risks" [Undecided,Invalid] https://launchpad.net/bugs/651720
<Dark-Sun> SpamapS: did you mean "executing daemon with a user with limited root access"?
<kaushal> SpamapS: ok
<SpamapS> Dark-Sun: the daemon would have to either run as root, or use something like sudo to temporarily elevate its privileges for each command.
<Dark-Sun> SpamapS: i see. thanks :)
<uvirtbot> New bug: #676304 in samba (main) "Samba fails with files having colon in file name" [Undecided,New] https://launchpad.net/bugs/676304
<Callum__> is Empathy's MSN connecting broken for anyone else? the fix here: http://ubuntuforums.org/showpost.php?p=10003289&postcount=17 is already applied but it still doesn't want to connect
<twb> Callum__: that's probably offtopic for -server.
<Callum__> oh, oops
<Callum__> wrong channel
<Callum__> haha
<twb> SpamapS: I would do it by having the web page write to (say) /srv/www/rw/netfilter.rules, and have a separate root-owned cron job or inotify watcher that ran iptables-restore on it.
<twb> Although obviously web-based management of ANYTHING is WRONG.
<alvin> m0n0wall?
<twb> alvin: what about it?
<alvin> It's only web-based
<twb> Are you suggesting it *isn't* wrong?
<alvin> Certainly. I prefer the command line, but m0n0wall is a very nice piece of software.
<twb> Maybe you just have lower standards than I do
<alvin> You wouldn't say that if you had used m0n0wall, or something like it.
<twb> Using PHP in the boot sequence doesn't sound very clever to me.
<twb> I can get behind standardizing on XML as a configuration file format, though.
<alvin> neither is using upstart
<twb> Oh, definitely.  I hate upstart.
<binBASH> does someone know if drbd replication is only one way or is it possible to write in both machines?
<twb> alvin: the HTML they're using is pretty crap, at least.
<twb> I can see they're using tables for alignment and <td class=th> instead of <th>, in the first thirty seconds of RTFSing
<_ruben> binBASH: master/master is supported
<alvin> twb: You have m0n0wall running? Or do you mean their website itself?
<_ruben> does open up a nice can of worms though
<twb> alvin: I'm reading http://svn.m0n0.ch/wall/tags/release-1.32/webgui
<twb> alvin: obviously I'm not going to RUN anything PHP-based.
<alvin> ah, ok. Could be. But I only used it as an example of a well working and stable web-based systems. of course, there are others. Managing ZFS on Solaris web-based will simply not work, SWAT (samba) isn't the same as smb.conf either, and eBox isn't there yet. I only wanted to say there are exceptions.
<twb> _ruben: say, you have a clue, and you know about drbd.
<twb> _ruben: I have a deployment case with side-by-side identical hardware, each with a two-disk RAID1.  I want the backup unit's disks slaved to the production unit.  I have been doing nightly rsyncs, and I started looking at instead adding the slave's disks directly to the RAID1 (with --write-mostly) over AoE.
<twb> _ruben: is drbd a better idea than aoe in that case?
<twb> alvin: "it works" isn't the same as the Right Thing.
<twb> alvin: as far as "it works for me" goes, I'm relatively impressed by OpenWRT's solution, which involves a YAML-esque configuration format for everything, which has both a nvram get/set-style CLI and a lua-based web UI.
<alvin> twb: I agree. let's say: "it works very well and is stable". the Right Thing isn 't always the best solution. For example, Ubuntu removed libstdc++5 in Lucid. (Yes, the LTS). This broke many commercial applications and thus production systems. The right thing would have been to ask the commercial vendors to recompile their products, but you know you can't really do that.
<alvin> Good to know :) I'll look at OpenWRT
<twb> alvin: products that you can't recompile are inherently not The Right Thing :-)
<alvin> twb: No, but tell that to the management if your company really relies on it.
<twb> I could probably make a case that companies are the Wrong Thing, too -- but I'm not an economist :-)
 * twb impotently shakes fist at the world
<alvin> that brings a smile to my face
<_ruben> twb: afaik, drbd would be a nice a solution for that (dont have any hands-on experience with it yet though)
<twb> Nod
<twb> Now I have to convince <boss> to pay for another day of learning drbd (on top of aoe)
<_ruben> personally i'd prefer drbd over raid1+aoe
<_ruben> the latter sounds a tad hackish ;)
<twb> Nobody thought of drbd when aoe+md was proposed
<_ruben> hehe
<twb> The rsync technique we've been using for ages -- before USB keys were bootable, and we were doing it from a live cd.
<uvirtbot> New bug: #676418 in etckeeper (main) "not installing http[s]+webdav" [Undecided,New] https://launchpad.net/bugs/676418
<jpds> twb: csync maybe?
<jpds> Though I agree with the +1 for drbd.
<_ruben> so they're "offline" rsyncs??
<_ruben> as in: not from the running system itself
<twb> _ruben: no no
<twb> We have the slave run a live image, so to failover, all the monkey has to do is unplug the CD/USB key, and move the ethernet/power cables
<twb> Er, s/power//, but you would need to reboot the slave
<_ruben> ah
<twb> monkey-based failover was a core requirement
<twb> Consider a lucid server running about twenty lucid containers (broadly, one per service).  End users do not have access to the dom0, and creating/reconfiguring/destroying containers is an infrequent activity.
<twb> Is there ANY benefit to lxc-behind-libvirt instead of direct lxc?
<uvirtbot> New bug: #676439 in freeradius (main) "missing manpages, listed in the freeradius manpage" [Undecided,New] https://launchpad.net/bugs/676439
<_ruben> grr, $PS1 gets set/reset/overwritten in tons of places .. /etc/bash.bashrc and also a .bashrc in each user's homedir, and even within those files there's multiple blocks to set $PS1
<twb> _ruben: why is that bad?
<_ruben> twb: no easy way to change the prompt globally
<_ruben> guess i should mess up /etc/skel/ prior to adding users
<twb> _ruben: why do you want to do that?
<twb> I mean, /etc/bash.bashrc would be the Right Way, but it sounds like you want to prevent users changing it back to whatever they prefer
<_ruben> twb: nah, i want to offer a saner default (fqdn instead of short name)
<twb> That's /etc/skel and/or /etc/bash.bashrc, then
<twb> And too bad for existing users
<_ruben> fresh servers and only handful of users, so it's not big a deal, is kinda annoying though .. the only diff between root's .bashrc and users' .bashrc is the bash autocompletion being disabled for root
<_ruben> a saner approach would've been to use /etc/skel/.bashrc as /etc/bash.bashrc and give root it's own .bashrc (which it already has)
<_ruben> current approach sems like a cludge to me
<twb> _ruben: I am *strongly* opposed to putting "clever" things in the default /etc/bash.bashrc
<twb> RHEL does that and it makes me livid
<twb> e.g. I ssh into a RHEL box and it changes my terminal title to gibberish
<twb> And if you, a user, want to *disable* such functionality, your .bashrc becomes horribly complicated by lines like "if I running on RHEL>=3 then unset magic_variable; magic_function() {:;}"
<_ruben> why would a .bashrc nee... oh, home-on-nfs for instance
<twb> Right
<twb> Or even if you store $HOME in a VCS
<twb> Even the bloody command-not-found stuff annoys me
<twb> unset command_not_found_handle # Ignore Ubuntu's attempt to slow exit(126) to a crawl.
<_ruben> if only i could trick bash to show the fqdn to show up for \h .. then again, even the supposed-to-work \H doesnt result in fqdn being displayed
<twb> Then there's http://paste.debian.net/100030/ for when you're sshing from Debian/Ubuntu to a server without locales
<_ruben> why not just install command-not-found? :P
<twb> _ruben: because I don't have root on all hosts
<_ruben> ah
<twb> And even if I did, other users might want that
<twb> (Remember those "server" things that have >>1 user? ;-P)
 * twb rages on re-discovering you can't use kvm -curses with the lucid installer
<_ruben> i probably am the only user who actually cares about this stuff (users are sysadmins in my case, with only bare minimum linux knowledge)
<alvin> Is there an option for df I'm not seeing? I want df to output in bytes instead of kilobytes.
<twb> alvin: df -B 1 ?
<twb> WFM
<alcy> or df --blocksize=1
<twb> Same thing
<alcy> yup
<alvin> twb: ok, a valid option I didn't see. Thanks. (It also appears that the manual is not entirely correct. 1k blocks are used by default while the manual says 512b)
<alvin> ...and that's also in the man. I was looking at the man of another version...
<_ruben> Disk space is shown in 1K blocks by default, unless the environment variable POSIXLY_CORRECT is set, in which case 512-byte blocks are used.
<alvin> Yes, just saw it :-)
<alcy> where can I check out the installer's code ?
<alcy> server installer
<jpds> alcy: apt-get source debian-installer
<alcy> jpds: doh. thanks. :)
<twb> One day I'll set POSIXLY_CORRECT just to laugh at how much breaks
<_ruben> ;)
<twb> Did we decide where -t cgroup should be mounted, since /cgroup is a FHS violation?
<_ruben> bah .. with linux you can create a tunnel using ipv6 endpoints and carrying both ipv4 and ivp6 inside (mode any), but you can't do so over ipv4 :(
<_ruben> oh well, enough reason to tunnel ipv4 over ipv4 and ipv6 over ipv6
<twb> _ruben: just get native ipv6, man
<twb> Er, maaaaaan
<_ruben> twb: i do, but i don't have a vlan (yet) between the various pops
 * twb squints
<twb> If you have a native ipv6 connection to the IPv6 internet, surely you don't need a vlan
<twb> unless you mean you want to encrypt ipv6 traffic passing across the ipv6 internet?
 * jpds hugs the native v6 internets
<ZMo> hi, which is the better choise between maverick and luci for a KVM/corosync server? where i can get these kind of information, to know what is really changed about single kernel between these two distro? Thanks
<joschi> ZMo: if you plan to use that system some time, use the LTS release (-> lucid)
<joschi> ZMo: and for the kernel changes you'll need to check the kernel changelogs from kernel.org (or at least the short logs from kernelnewbies.org)
<_ruben> twb: dynamic routing between pops, that requires 'direct' connections between pops, so either vlans or tunnels
<ZMo> joschi, so is theren't a ubuntu kernel changelog?
<joschi> ZMo: yes, but these only contain infos about the patches applied by debian/ubuntu to the respective kernel versions
<alvin> ZMo: I'd also check Launchpad in order to know what bugs you will encounter in each version and whether they are important to you.
<_ruben> weird, openipmi package refers to /etc/sysconfig/ipmi .. didn't know debian/ubuntu even used to that dir
<twb> bad docs
<twb> bad docs?
<_ruben> ugh, more fail in the initscript
<_ruben> touches a file in /var/lock/subsys/, without checking if that dir even exists
<Ben604> Hello!
<twb> Boo!
<Ben604> don't suppose I could you trouble you guys for some support
<twb> Debian Policy requires that /var/run and /var/lock be supported as tmpfses
<twb> !ask | Ben604
<ubottu> Ben604: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Ben604> we're running ubuntu server within hyper-v, behind an internet proxy server
<Ben604> we can ping to our internal network fine
<Ben604> but can't reach the big wide world
<Ben604> the proxy settings match our other, non-virtualised, linux boxes
<Ben604> which can connect to the outside world fine.  Which leads me to believe it's a problem with hyper-v?
<twb> Ben604: so on the virtual Ubuntu server, you're running http_proxy=http://proxy.example.org:8080/ w3m http://example.net/ ?
<Ben604> yeah, that's correct
<twb> What error does it give?
<twb> Such issues are easiest to debug with "curl -vso/dev/null http://example.net/", but you probably don't have curl installed.
<twb> wget -vO/dev/null, I think, is the nearest equivalent
<Ben604> actually, that worked...
<Ben604> I'll be more specific
<twb> Ben604: OK, pastebin the output from curl
<Ben604> we definitely haven't got curl installed, I've just been reliably informed
<twb> Oh, you mean the *w3m* call worked?
<Ben604> it seems, that when I enter this command: http_proxy=http://proxy.example.org:8080/ w3m http://example.net/ ? it works fine, but it won't ping
<twb> ICMP won't work unless hyperv is bridging or natting traffic from the VM
<twb> If I were you, I'd ssh into your router(s) and start tcpdumping
<Ben604> we're trying to get some packages through apt-get, but that won't find anything, we've added the proxy settings to the etc/apt/apt.conf
<Ben604> (sorry about this, I'm sure you've noticed that I'm not exactly a long time Linux user!)
<twb> Ignorance is fine, as long as you're prepared to learn
<Ben604> can I use "ping" instead of "w3m" as a command?
<twb> Sure, but ping uses ICMP, not HTTP/TCP
<_ruben> Ben604: if w3m worked, try: sudo http_proxy=http://proxy.example.org:8080/ apt-get update
<twb> _ruben: he just set $http_proxy in /etc/apt/apt.conf, so he should be OK for apt-get runs from now on
<_ruben> twb: trying to rule out a wrong apt conf
<twb> OK
<_ruben> also, on proxied systems like this, it might be "useful" to just export http_proxy
<_ruben> any decent proxy-aware app will then use the proxy
<Ben604> right
<Ben604> sudo http_proxy=http://proxy.example.org:8080/ apt-get update  worked
<Ben604> so it looks like the apt.conf file is the problem.
<_ruben> Ben604: so either fix the apt config, or add 'export http_proxy=http://proxy.example.org:8080/' to your login script
<twb> Preferably both
<_ruben> wouldn't harm indeed
<twb> $ ssh ueo cat /etc/apt/apt.conf
<twb> Acquire::http::Proxy "http://proxy:8080/";
<twb> That's what is *should* look like.
<Ben604> guys, thank you very much!  nfs-common is now installing
<Ben604> just checked apt.conf, didn't have "/" at the end, would that have been critical?
<_ruben> apparently ;)
<Ben604> aw, isn't the linux community ace
<Ben604> through irc too!  It's almost as if it's 1997 again
<_ruben> aww bugger, ip's man page is horribly outdated
<eriksson25> Need help, WARNING: missing /lib/modules/2.6.35-22-generic, I need to reinstall the kernel to /lib/modules
<eriksson25> But how?
<_ruben> debian 504064
<uvirtbot> Debian bug 504064 in iproute "ip: missing documentation for ip link add|del" [Normal,Fixed] http://bugs.debian.org/504064
<alvin> Ben604: What version of Ubuntu are you running as a virtual machine?
<ojii> hi everyone
<ojii> I try to install rabbitmq-server on my ubuntu 8.04 server using the rabbitmq apt repository, but it complains about an old erlang-base version. how could I update that?
<twb> eriksson25: apt-get install --reinstall linux-image-2.6.35-22-generic ?
<twb> eriksson25: you should probably investigate what caused the issue
<twb> _ruben: my ip manpage explains ip link add... (sid)
<eriksson25> Noob behind the keybord.
<eriksson25> Thanks
<_ruben> twb: ah, nice
<twb> WTF, man
<twb> apt-get install ubuntu-keyring wants to pull in imagemagick and xloadimage
<_ruben> 10.10 does too apparently (list link add)
<_ruben> twb: only depends on gnupg (on lucid)
<eriksson25> How do I solve this?
<eriksson25> ***WARNING:*** You do not have the full kernel sources installed.
<eriksson25> This does not prevent you from building the v4l-dvb tree if you have the
<eriksson25> kernel headers, but the full kernel source may be required in order to use
<eriksson25> make menuconfig / xconfig / qconfig.
<_ruben> either install the full kernel source or ignore the warning
<twb> Why are you trying to compile anything from source?
<eriksson25> I am trying to compile mantis driver for a tv card.
<eriksson25> And I get that error, and then
<eriksson25> make[1]: Entering directory `/home/eriksson25/s2-liplianin/v4l'
<eriksson25> perl scripts/make_config_compat.pl /lib/modules/2.6.35-22-generic/build ./.myconfig ./config-compat.h
<eriksson25> File not found: /lib/modules/2.6.35-22-generic/build/include/linux/netdevice.h at scripts/make_config_compat.pl line 15.
<eriksson25> make[1]: *** [config-compat.h] Error 2
<eriksson25> It worked fine before, but then I needed to reinstall ubuntu after a hdd crash, and now....
<_ruben> i'd start by installing just the kernel headers, might be sufficient
<eriksson25> sudo apt-get install mercurial linux-headers-$(uname -r) build-essential
<eriksson25> not helping
<twb> How do you write an upstart job that takes an argument?
<twb> I want to write a dozen /etc/init/lxc-foo.conf with identical contents except for the VM name they refer to ("foo").
 * _ruben makes an uneducated guess: not possible? :P
<twb> Goddamn upstart
<twb> They have a special case for mounting filesystems, and a special case for rc.conf, but for us end users have to do everything by hand.
<twb> _ruben: I reckon I know
<twb> _ruben: you have lxc.conf that says "start on filesystem" and it's *body* is "for CONTAINER in $CONTAINERS; do start lxc-container CONTAINER=$CONTAINER; done"
<twb> Then you have lxc-container.conf which has a body referring to $CONTAINER
<soren> twb: Yup, that's what I'd do.
<soren> twb: (remember the "instance $CONTAINER" line)
<soren> twb: Otherwise it won't know to key off that variable.
<twb> Thanks.
<twb> soren: do you know offhand how to match "all filesystems are up and all interfaces are up"?
<soren> twb: There is no such notion.
<soren> twb: There never was.
<soren> twb: How will anyone know if I'm going to stick another USB disk or NIC in the box in two minutes?
<twb> I don't want to say e.g. "start when br-lan is up", because some containers will need a different interface
<twb> soren: OK, the debian lxc LSB hader I'm translating has Required-Start and Required-Stop of $syslog $remote_fs
<twb> My gods.  That actually seemed to work
<twb> soren: care to sanity-check it? http://paste.debian.net/100036/
<soren> twb: Is the space before .conf here intentional: do start lxc-container CONTAINER="$(basename "$CONTAINER") .conf"
<twb> Yes; it changes /etc/lxc/foo.conf to just foo
<soren> Um... No.
<soren> If it were inside the parentheses, yes.
<twb> # basename /etc/lxc/foo.conf .conf foo
<twb> Oh, sorry, I se
<twb> *see
<soren> That's not what you're doing, though.
<twb> It's because upstart conf files aren't sh, so Emacs doesn't highlight the ""'s correctly and I don't spot the mistake :-/
<twb> scratch that, I still would've missed it
<soren> I wouldn't have thought export was necessary.
<soren> ...but other than that, it looks ok.
<soren> Hmm..
<soren> Well, yeah, it's fine.
<twb> I'm not sure if it'll shutdown cleanly
<twb> Seems to have gone tits-up during reboot
<twb> Now I'm confused
<twb> after a reboot, "status lxc-container CONTAINER=hera" says there's no such instance -- but lxc-ls and lxc-ps can see it.
<twb> If I manually run "start lxc", I can see the "lxc-container (hera) start/running" line on tty1
<twb> But "status lxc-container CONTAINER=hera" still fails.
<twb> THEN, I manually run "start lxc-container CONTAINER=hera", and it *does* start, I can see it on tty1 and I can see its processes
<eriksson25> Anyone that can help me, have been strugeling with this for 3h straight.
<eriksson25> make -C /home/eriksson25/s2-liplianin/v4l
<eriksson25> make[1]: Entering directory `/home/eriksson25/s2-liplianin/v4l'
<eriksson25> perl scripts/make_config_compat.pl /lib/modules/2.6.35-22-generic/build ./.myconfig ./config-compat.h
<eriksson25> File not found: /lib/modules/2.6.35-22-generic/build/include/linux/netdevice.h at scripts/make_config_compat.pl line 15.
<eriksson25> make[1]: *** [config-compat.h] Error 2
<eriksson25> make[1]: Leaving directory `/home/eriksson25/s2-liplianin/v4l'
<eriksson25> make: *** [all] Error 2
<hallyn> twb: one thing that came out of UDS-n was that auto-starting of containers (and bridges for them) ought to be handled by libvirt.  (which means we first need to write a driver to have libvirt use contaienrs, but...)
<zul> wait i thought there was one already/
<twb> hallyn: I have yet to find a compelling reason to install libvirt
<hallyn> zul: (assuming that was to me) no, you can pretend to some degree, but the contaienrs are different
<twb> Note: libvirt already knows how to use LXC containers, directly, not using lxc-*(8).
<Amgine> mysql, after upgrade, fails to start, no socket created at /var/run/mysqld/. Error 2002 when trying ~$ mysql. my.cnf appears vanilla, has correct socket =.
<hallyn> the libvirt contaienrs are very limited (and shoudln't exist in that form)
<Amgine> How do I further trouble shoot mysql?
<twb> hallyn: OK, you've encouraged me not to use libvirt for containers in lucid :-)
<hallyn> twb: to have libvirt work with lxc containers I had to do http://s3hh.wordpress.com/2010/09/07/easier-creation-of-libvirt-lxc-containers/.
<hallyn> twb: my original thought had been lets have an upstart script for lxc.  the consensus at the talk was 'that's what libvirt does'  <shrug>
<zul> hallyn: heh maybe i should bookmark that ;)
<twb> hallyn: but that won't happen until the next LTS for me, so basically I'll ignore it
<twb> hallyn: "(Mind you, shutdown from inside a container doesnât work â you have to just kill init from the outside.)"
<twb> hallyn: did you solve that?
<hallyn> 08:32 < twb> hallyn: but that won't happen until the next LTS for me, so basically I'll ignore it
<hallyn> yup
<twb> I'm getting the same behaviour without libvirt
<twb> i.e. text-only dom0, text-only domu, run "lxc-start -n foo", log in and run "halt" -- it just sits there.
<twb> But "lxc-stop -n foo" works from a second shell on the dom0
<hallyn> regarding shutdown, not solved for libvirt.  lxc claims solve it somehow through the parent of the init
<hallyn> 'halt' works for me in lxc containers
<hallyn> oh, but im' on maverick
<twb> hallyn: inlxc 0.6 or 0.7?
<hallyn> yeah i don't really use 0.6 much
<twb> OK, I think that's something lxc fixed post-lucid.  I'll try backporting maverick's lxc.
<eriksson25> Hi, Anyway to remove linux headers, and source, and reinstall it all? How would I type then?
<twb> b0badabd2d3ec9c8506651bbb4900cc0ec3f8a16
<twb> support shutdown/reboot with upstart within a system container
<twb> eriksson25: "aptitude reinstall <package name>"?
<zul> SpamapS: ping...lemme know when you are around
<hallyn> twb: when you get your upstart script tuned, can you send it to the lxc or contaienrs list?
<twb> hallyn: I might just give up and use the debian sysvinit script (which starts them asynchronously, and stops them synchronously).
<twb> Ping me about it next week, by which time I should have decided what to do
<hallyn> twb: will do, thanks
<twb> Where "next week" means, like, eight days from now, not next monday :0)
<twb> hallyn: btw, do you know how to define a container that has >1 virtual interface?
<hallyn> twb: pretty sure you just list two in your .conf file
<twb> How does it know where each stanzas ends?
<twb> never mind, I'll test it out sometime
<hallyn> the next 'lxc.network.type' i believe.
<uvirtbot> New bug: #676503 in openldap (main) "slapd 2.4.21 memory leak in syncprov" [Undecided,New] https://launchpad.net/bugs/676503
<twb> Oooh.  I had forgotten that "lxc-stop" is a hard-stop
<twb> I will need to fix the shutdown script do something like "timeout 2m lxc-execute -n $container telinit 0 || lxc-stop -n $container"
<a_ok> Is there a way to make cpufreq work on 10.04?
<a_ok> I seem to mis a few modules
<twb> a_ok: just set the scaling governor at boot time, then leave it alone
<a_ok> twb: how do I do that?
<twb> $ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor ==> ondemand
<twb> If you get that, you're done -- you have nothing to do
<a_ok> ah thanks!
<a_ok> twb: no such file...
<a_ok> the cpufreq dir does not even exist
<twb> OK, please pastebin the output of "lsmod" and "cat /proc/cpuinfo"
<twb> FWIW, I have a bog standard 10.04 install and it has picked the ondemand governor without any input from me.
<twb> If you're not using an Intel amd64 processor it might have a harder time...
<a_ok> twb: I don't have any cpufreq modules here (i mean not to be found anywhere) so that should explain it
<twb> "cpufreq" isn't a module
<a_ok> twb: on my 8.04 servers I have cpufreq_conservative.ko cpufreq_ondemand.ko cpufreq_powersave.ko cpufreq_stats.ko and cpufreq_userspace.ko
<a_ok> do you have those?
<twb> Well, sure.  Those are the governors.
<twb> You also need a driver, like acpi-thingy or p4-clockmod
<twb> acpi-cpufreq
<afeijo> hi guys
<afeijo> I have an error with this script /usr/share/dtc/admin/cron.php
<afeijo> PHP Warning: Module imap already loaded in Unknown on line 0
<afeijo> it is emailing me every 10 minutes, lol
<afeijo> I cant find the problem :(
 * cwillu_at_work fails to refrain from pointing out that your problem is php
<afeijo> cwillu_at_work: probably, but I didnt install it, isnt dtc part of ubuntu?
<cwillu_at_work> !info dtc
<ubottu> Package dtc does not exist in maverick
<twb> cwillu_at_work: I have an infobot entry "most problems can be fixed by installing Debian".  I should write another one: "most web problems can be fixed by removing PHP"
<a_ok> twb: http://pastebin.com/yVPVZVrD
<cwillu_at_work> "Most problems can be fixed by installing Debian.  The remainder are fixed by removing PHP"
<a_ok> as you can see est is in there
<twb> cwillu_at_work: well, no.  The implication of the former is that the other problems are the ones introduced by Debian
<twb> Like, say, "I can't play crysis anymore"
<cwillu_at_work> this is a problem?
<a_ok> twb: well as I don't have any goveners at all or acpi-cpufreq (p4-clockmod is presend but won't load manually) id say this kernel does not support it...
<twb> a_ok: "dmesg -c >/root/dmesg~; modprobe acpi_cpufreq; dmesg"
<twb> p4-clockmod is, unsurprisingly, for Pentium 4s
<twb> An E5520 is generationally about at acpi_cpufreq.ko
<a_ok> FATAL: Module acpi_cpufreq not found.
<twb> a_ok: well, WTF
<twb> a_ok: is this a stock 10.04 kernel?
<a_ok> twb: yep the server one that is
<twb> I give up, sorry
<a_ok> ill try to see if there is an update
<twb> 2.6.32-25-server x86_64 here, acpi_cpufreq exists and is in use
<twb> Sorry, I tell a lie.  acpi_cpufreq doesn't exist, I *do* have working ondemand governor
<twb> acpi_cpufreq is apparently compiled in (i.e. =y) in Ubuntu kernels
<twb> a_ok: read through dmesg~, see if anything jumps out at you
<a_ok> twb: do I still need to install cpufreq-utils?
<twb> No
<twb> userspace packages have been obsolete for years
<a_ok> lol now they tell me
<twb> Sorry, I should've mentioned that at the start
<twb> Technically they're still useful if you want to switch from "ondemand" or "powersave" (on battery) to "performance" (on AC), but in practice you get that effect by just leaving it on "ondemand"
<a_ok> twb: yeah I want it on ondemand. I guess that 5520 is to new for the driver or something
<twb> dunno
<twb> i wouldn't have thought so
<a_ok> well nothing is loaded that is for sure
<twb> Hm, my Q9550 doesn't have it
<a_ok> ?
<a_ok> does not have what?
<twb> No /sys/class/devices/cpu
<TeTeT> any ideas why the following iscsi tgt targets.conf will not work in an exported target? Setting it up per command line is fine: http://pastebin.ubuntu.com/533489/
<twb> Oops, that's an 8.04+openvz kernel
<a_ok> twb: you mentioned another dir by the way
<a_ok>  /sys/devices/system/cpu/cpu0
<twb> In 8.04+openvz I can modprobe acpi_cpufreq and get a governor
<twb> a_ok: cpu0 is just the first cpu (or core)
<a_ok> yeah I can do the same on my 8.04
<a_ok> twb: I mean you are looking at class now
<twb> a_ok: same shit
<twb>  /sys is incestuous
<a_ok> ow
<twb> it's 2:40AM, I'm going home
<a_ok> thanks for the help
<a_ok> Ill file a repport or something
<kaushal> Hi
<kaushal> Are there certifications for Individuals on Ubuntu Server similar in the lines of RHCE ?
<uvirtbot> New bug: #676544 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/676544
<talntid> running ubuntu server... i have three servers. server1 can ping server2 and server3 fine. the ping runs fast, and has low ping time.
<talntid> server2 and server3, when they ping each other, or the server1, the ping time is low, but when i press enter to ping, it can take up to 3 seconds for the ping result to show. but it is still 0.1ms...
<talntid> any ideas why the ping command would be so sluggish, but still return acceptable ping times?
<joschi> talntid: sluggish name resolution
<joschi> talntid: check the name servers in your /etc/resolv.conf
<talntid> they match the fast server, except....
<TeTeT> kaushal: the Ubuntu Certified Professional certification was suspended, currently there's nothing like RHCE. You can still do the Ubuntu Professional course though
<talntid> 10.21.2.21 is listed before 10.21.1.21  on the sluggish machines, and on the speedy one, 1.21 is listed first
<joschi> talntid: test them with `dig` on each machine
<talntid> actually, 10.21.1.21 isn't pingable......
<joschi> talntid: so? icmp echo replies can be filtered
<talntid> right, but it's not... it was -down-
<talntid> now the machine is up
<talntid> ping is fast now.
<talntid> =]
<talntid> thanks!
<teep_> I'm running Ubuntu Server 10.04 LTS on a DL-380, serving primarily as Apache+php+mysql server and I've suffered recurring failures... about once a month, the webserver would run and serve some pages but I wouldn't be able to access the file system or the database and eventually the whole thing would come to a grinding halt... after a hard reboot it would work fine and I'd find no clue other than that syslog stopped logging a few days before
<teep_> I have the same problem at this very moment... I can ssh, list processes, kill processes and some other tasks... but shell will freeze completely on commands such as 'top' and 'ls /'
<teep_> does anyone have any clue what it could be or what I could try to test, right now, to find out more?
<air^> teep_: regular harddrives? hw raid? or san?
<alvin> teep_: see bug 407862 for the syslog. About the rest: have you tried logging in with another username? I have the same problem when encountering bug 635181. Logging in with another user works, and then I can reboot the system.
<uvirtbot> Launchpad bug 407862 in rsyslog "Messages not being sent to system logs" [Undecided,Confirmed] https://launchpad.net/bugs/407862
<uvirtbot> Launchpad bug 635181 in linux "High load average on Lucid for nominal/idle system use" [Undecided,New] https://launchpad.net/bugs/635181
<SpamapS> zul: pong I'm here now, wassup?
<teep_> hw raid
<zul> SpamapS: we are behind in the merges wanna divide up the list and get cracking?
<SpamapS> zul: sure, I'm still working on php
<teep_> I can log in at the moment and I think I can do a normal reboot... but I'd rather find out what's up
<zul> SpamapS: really?
<SpamapS> zul: well I had to stop to get my specs done
<zul> SpamapS: heh
<ScottK> teep_: hard drives full (df)?
<SpamapS> zul: is there any point in sending stuff back to debian while they're still frozen?
<teep_> no, checked that, hard drives not full
<zul> SpamapS: not really...just queue it up
<SpamapS> zul: I mean I guess its good to get the stuff into BTS
<teep_> I was killing syslog processes to see if they locked things up but that didn't help
<teep_> interestingly, shutting down apache with /etc/init.d/apache2 stop worked fine, but restarting it with start threw an error that the socket is already in use
<ScottK> SpamapS: As long as you give it an appropriate priority (like the DSO linking stuff is still wishlist in Debian), it's good to go ahead.
<teep_> commands like w and netstat cause the shell to freeze
<SpamapS> zul: I'm still wrapping up my last spec, if you want to pick a few merges I'll pick whats left and get started in about an hour.
<teep_> and I notice now that doing a ps, those commands aren't listed
<talntid> teep_, hows memory usage?
<zul> SpamapS:
<zul> SpamapS: sure
<teep_> talntid: how can I see this without running top?
<talntid> free
<zul> SpamapS: but first i must eat
<teep_> free causes the shell to freeze
<talntid> i'm thinking your memory is full. memory leak maybe... but likely. it's full
<talntid> cat /proc/meminfo
<teep_> talntid: I can still open new shells though... and if I don't use certain commands, the system appears quite responsive
<Mez> can anyone reccomend a good hosting company in DE?
<teep_> talntid: ah, cat /proc/meminfo works and lists 6GB free out of 10GB
<talntid> ok.. hmm..
<teep_> cat /proc/loadavg yields 40.98 40.19 38.36 ... that seems a bit high?
<talntid> very high
<jpds> teep_: Nice.
<teep_> now how to determine which process is running amock, without the help of top?
<talntid> and without ps
<talntid> lsof?
<talntid> see what files are open?
<teep_> lsof causes a freeze, alas
<talntid> indeed
<bluethundr> I am attempting to patch openssh to add the LPK patch.. but the process is failing and I have a question about some things I am finding in the rej files
<bluethundr> http://pastebin.ca/1994725
<bluethundr> to me it looks like (among other things) am missing some libraries
<bluethundr> shouldn't the ubuntu equivalent of red hat yum whatprovides be apt-cache search to find these missing libaries?
<talntid> brb
<alvin> teep_: That's an enormous load. Can you run iotop?
<teep_> alvin, nope, iotop freezes
<teep_> I notice now that apache2 never really stopped... trying to kill it
<teep_> there is no pid file for apache2
<talntid> killall apache2
<teep_> killall freezes
<teep_> funny thing is... doing a kill -9 on an individual apache2 process doesn't seem to respawn it... instead, it just keeps running
<bluethundr> is there any ubuntu specific version of the openssh source?
<teep_> right... I'm off for now... alvin , talntid and the rest... thanks for your help so far!
<bluethundr> I am attempting to patch it on 10.10 but dpkg is complaining about missing the debian/changelog
<burntoutlamp> hey people not sure if you're the right groupt o ask this or not but I need an open source alternative to active directory
<bluethundr> burntoutlamp, LDAP
<burntoutlamp> -.- anything easier than manually configging LDAP and Kerberos etc?
<burntoutlamp> apps perhaps similar to AD?
<bluethundr> configuring LDAP and kerberos IS easy ;)
<burntoutlamp> for you lol I am a n00b
<bluethundr> best way to become a non n00b is to practice my friend .. heh.. persistence pays
<c0nv1ct> doesn't samba3 have PDC support that is a bit more noob friendly?
<bluethundr> I think it does
<spike> hi
<c0nv1ct> or was that samba4
<highvoltage> hu spike
<burntoutlamp> bluethundr, to be honest I am on a time constraint as well. I would love to take the time to do that but I am somewhat crunched.
<bluethundr> hmm ok.. not sure what to recommend other than LDAP.. sorry
<spike> I've deboostrapped lucid and bundled it for ec2 with --kernel $aki . the instance boots up and on getconsole I can see a login prompt but it seems to have done nothing else
<bluethundr> anyone have any idea on best way to deal with the lack of debian/changelog in patching openssh?
<spike> ie it doesn't seem like it even tried to start the network or any daemon
<burntoutlamp> bluethundr, thanks dude
<bluethundr> burntoutlamp, no prob
<spike> any idea what it might be?
<burntoutlamp> I did find 389 dir server but it's fedora :<
<bluethundr> 389 indicates LDAP does it not? is this some slick simplification of LDAP of which I am unaware?
<J_P> Hi all
<burntoutlamp> maybe I dunno? like I said I am new. It is LDAP but I think makes it easy for people like me. I think I just might have stumbled upon an Apache solution also
<burntoutlamp> apache directory server
<J_P> I have problem using this: smbmount //192.168.0.1/ti /home/pc/net -o username=test,password=test => mount error(1): Operation not permitted. Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
<J_P> But if I execute that as superuser works..
<burntoutlamp> so if anyone else is interested I managed to just stumble upon that. and the site osalt.com in case anyone is not aware. this is great
<J_P> But I need to mount with mormal user.. How I do?
<bluethundr> does anyone know where I can download karmic koala 9.10 server off the top of their head?
<bluethundr> nevermind :) http://releases.ubuntu.com/karmic/
<zul> Daviey: ping
<Daviey> zul: o/
<zul> Daviey: umm...did you review the merge?
<Daviey> zul: i branched it....
<Daviey> zul: started looking :)
<zul> Daviey: uh huh :)
<J_P> anyone?
<zul> mathiaz: ping
<mathiaz> zul: o/
<zul> mathiaz: so puppet in natty right now is a rc mind if we update it?
<mathiaz> zul: about to upload the final release
<mathiaz> zul: ie 2.6.3
<zul> mathiaz: excelente thanks!
<Daviey> zul: branch looks awesome too me!
<zul> Daviey: cool ill upload it then
<Daviey> zul: sorry for the delay... really, i am
<zul> Daviey: riiiiight ;)
<NightDragon> hello all
<NightDragon> question: i have a Dell PE 6800, is there a way for me to install DRAC on it?
<NightDragon> specifically, the DRAC gui would be nice
<patdk-wk> isn't the whole point of drac is remote management? not local?
<NightDragon> yes, but i'm not sure how to access it
<NightDragon> (When you buy your server from an auction for 140 bux, documentation isnt really a big priority for the seller :-/)
<NightDragon> right now i can mess with IPMI a little bit through 'ipmitool'
<patdk-wk> it probably doesn't have real drac then, just drac-express
<NightDragon> no, the thing has a full blown DRAC if i remember correctly
<NightDragon> *2600, sorry
<NightDragon> well actually
<NightDragon> how do i check this?
<NightDragon> lspci?
<Daviey> zul / mathiaz: Should we look to unify the debian and ubuntu puppet packages?
<zul> Daviey: in the long run yes imho
<sahuaroaz> What is everyone using to set services to start at boot? Is chkconfig taking hold?
<Daviey> zul: If you are looking to do some work on puppet, would it be worth discussing it with the DM?  We are currently on a higher version than they are
<NightDragon> init.d
<patdk-wk> oh yuk
<patdk-wk> pe2600 + drac is pretty much crap
<NightDragon> :-/
<patdk-wk> it requires os support to do anything at all
<NightDragon> aah shit
<patdk-wk> http://support.dell.com/support/edocs/software/smdrac3/RAC/en/is/index.htm
<NightDragon> stupid windows
<zul> Daviey: yeah when debian unfreezes probably :)
<NightDragon> well, at least it makes a hell of a samba server for 140 bux :)
<Daviey> zul: i thought it had now thawed?
<NightDragon> actually, patdk i have a DRAC card at the ofic
<zul> Daviey: i thought it was still forzen
<NightDragon> *office
<NightDragon> for a 2650
<NightDragon> its probably plug-and-play compatable, yes?
<patdk-wk> no idea
<patdk-wk> I have never used drac
<patdk-wk> I use ilo2 a lot though
<NightDragon> whassat?
<NightDragon> right now it would be great to be able to manage hardware features through a GUI of some sort on my 2600.
<NightDragon> it seems that DRAC does that, but if theres something else, then i'm all for it
<Daviey> zul: Unstable has had lotta uploads recently
<NightDragon> right now my only problem with the server whatsoever is that i'm getting correctable ECC memory errors that i have to clear
<zul> Daviey: meh....
<mathiaz> Daviey: we're already in sync
<mathiaz> Daviey: I'm working from the debian maintainer tree
<Daviey> mathiaz: rly?
<mathiaz> Daviey: http://git.debian.org/?p=pkg-puppet/puppet.git;a=summary
<Daviey> mathiaz: ahh, rather than syncing?
<mathiaz> Daviey: natty and maverick branches are already hosted on alioth
<mathiaz> Daviey: because debian is frozen, the latest version of puppet is not in unstable
<mathiaz> Daviey: and the debian maintainers are focusing on squeeze
<mathiaz> Daviey: but we're already in sync
<mathiaz> Daviey: ie all the ubuntu changes are in the master branch
<Daviey> mathiaz: Ah, ok - that sounds great
<Daviey> mathiaz: Is there an ETA for an updated Unstable package?
<mathiaz> Daviey: nope
<mathiaz> Daviey: and unstable is currently used for getting packages into squeeze
<mathiaz> Daviey: so as long as squeeze is not released there won't be any new packages uploaded to unstable that are syncable
<Daviey> mathiaz: experimental ?
<mathiaz> Daviey: yes - that would be the case
<mathiaz> Daviey: however the master is not uploaded to experimental
<Daviey> mathiaz: are you one of the DM's?
<mathiaz> Daviey: no
<mathiaz> Daviey: I only have commit access to the git repo
<hggdh> JamesPage: what would we need to run Hudson now -- would, for example, http://cloudbees.com/ work?
<Daviey> mathiaz: zul seems to be keen to update the package to Final... if he pushes you a diff, can you sponsor it into debian git tree? :)
<mathiaz> Daviey: I'm about to upload the latest release to natty
<mathiaz> Daviey: the work is already done
<Daviey> mathiaz: hmm... the debian git tree still looks like rc3?
<mathiaz> Daviey: yes - because I haven't pushed it yet
<Daviey> ahh!
<Daviey> oh great... i'll shut up then :)
<J_P> hey.. anyone can help me with mount samba shared?
<J_P>  I have problem using this: smbmount //192.168.0.1/ti /home/pc/net -o username=test,password=test => mount error(1): Operation not permitted. Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
<J_P> with super user works
<b0gatyr> Hiya.
<SpamapS> kirkland: hey, approx is pretty nice.. :)
<SpamapS> kirkland: a lot easier than trying to make sure squid-deb-proxy-client gets installed. :)
<ScottK> SpamapS: But you still have an SRU to finish.
<SpamapS> ScottK: I have so .. so much to do. ;) Which one? the ipvsadm sru? The mongodb sru? :-P
<ScottK> SpamapS: Wasn't there one for squid-deb-proxy?
<SpamapS> ScottK: yes, there is... I suppose I should throw a branch up with "the solution" rather than just pointing out the problem. :)
<ScottK> Yes.
<SpamapS> I actually think for a simple LAN setup, pre-seeding squid-deb-proxy-client is probably easier than trying to override DNS...
 * ScottK doesn't have an opinion on the implementation, just that it ought to get fixed.
<SpamapS> Indeed, its severely broken as it stands right now.
 * SpamapS wonders if somebody has already written a command like 'ec2build' that does your build on a fresh ec2/euca instance...
<zul> SpamapS: yes its called vmbuilder :)
<RoAkSoAx> \/win 11
<RoAkSoAx> arrrgghhh
<SpamapS> zul: err, huh?
<SpamapS> zul: vmbuilder makes me a VM ... I want it to spawn a VM, copy the source package up, and build it.
<zul> SpamapS: vmbuilder makes your euca/ec2 iimages for you
<SpamapS> zul: no I want to use the stock ec2 image
<SpamapS> like.. ec2build -d maverick-amd64-c1.medium php5_blah.src
<zul> SpamapS: ah ok...thats different
<SpamapS> yeah... its that or buy a cheap 4 core box for doing builds here at home
<zul> SpamapS: you might be iobound rather than cpubound when you are using the ec2 instances to build though
<zul> but cheap virtualized (fake) 4 core box
<ScottK> Riddell recently built all of KDE pretty quickly on EC2.
<SpamapS> zul: but I will not be killing my machine, which is the main goal. :)
<wiredfool> any reason that my 10.04 servers would be periodically contacting bignay|auckland|atemoya.canonical.com? it's not updates, as I have a local apt-proxy
<SpamapS> wiredfool: did your servers come pre-installed w/ Ubuntu by any chance?
<wiredfool> they're virtual machines
<wiredfool> so, no.
<SpamapS> wiredfool: ah, then probably just the root kit canonical puts in the regular builds phoning home waiting for world domination orders. ;)
<wiredfool> I'm sure that's what an auditor would think
<SpamapS> wiredfool: whether or not you have a local apt-proxy, it may be that apt isn't using it all the time.
<SpamapS> auditors think what they're paid to think
<wiredfool> hmm.  maybe that's a dist-upgrade check
<ScottK> NTP defaults to using ntp.ubuntu.com.  Not sure if that relates.
<zul> grrr....
 * wiredfool has a supershort sources.list -- three lines. 
<wiredfool> port 80
<ScottK> That's a good posibility too
<zul> SpamapS: thats why you should have a second machine
<ScottK> wiredfool: I'd grab it with tcpdump and look rather than speculate.
<SpamapS> zul: I do.. "in the cloud!"
<wiredfool> scottk: yeah.  I was hoping that there was a quick answer
<zul> SpamapS: meh....im not going to argue about this right now ;)
<SpamapS> zul: I do builds all day on ec2 c1.medium's .. very quick and costs about $0.10
<SpamapS> zul: much cheaper than a second machine, and no power usage incurred at Los Angeles's ridiculous rates.
<zul> SpamapS: yes but i dont want to give amazon 10cents everytime i do something
<SpamapS> zul: I can reasonably build a 4 core box with a few cheap SATA disks for $250 .. thats a lot of $0.10 builds. ;)
<Aison> hello, when I logging to one of my ubuntu server with ssh, I get this nice welcom screen with the message about the current load and how many packages can be upgraded
<Aison> but on my 2nd ubuntu server I don't see anything, where can I turn that on?
<cwillu_at_work> Aison, /etc/update-motd.d/ I believe
<ZacharyNewb> Server is now web page serving! :D yay beyond-sight.com
<ZacharyNewb> the php is probably coded wrong, I need to fix the path links
<ZacharyNewb> anyone here?
<cwillu_at_work> the php is always coded wrong
<cwillu_at_work> poorly handled pages
<cwillu_at_work> or something
<cwillu_at_work> I like the black-on-black though
<ZacharyNewb> well
<ZacharyNewb> in this case
<ZacharyNewb> I've had to redo the php every time I put the site on another server
<ZacharyNewb> it's jst how it handles directories
<ZacharyNewb> It looks really nice when it's working
<ZacharyNewb> the navigation menu is distributed nicely among the leaves
<ZacharyNewb> and the links change colors to match the color scheme
<ZacharyNewb> Xalem:  I need to configure the software firewall, mail server, printer server
<SpamapS> ZacharyNewb: you can help yourself a lot by never ever using local files in your code.. thats sooo 2001
<ZacharyNewb> SpamapS: lol, what am I supposed to do?  link to other sites?  or link to my own site?
<ZacharyNewb> I can't trust other sites to keep the files up
<SpamapS> ZacharyNewb: if you're talking about includes, there's a path for that
<talntid> having trouble killing a process...
<talntid> tried kill, kill -9... it's still there.. it's firefox-bin.. any ideas?
<ZacharyNewb> talntid: sudo apt-get autoremove firefox ?
<ZacharyNewb> talntid: uninstalls it
<ZacharyNewb> sudo apt-get remove firefox
<ZacharyNewb> sudo apt-get autoremove firefox
<ZacharyNewb> sudo apt-get purge firefox
<talntid> it will still be in memory
<talntid> so long as its running
<ScottK> talntid: It's also not a very server related issue.
<dude1> .
<ZacharyNewb> I need some help setting up the ubuntu print server?
<uvirtbot> New bug: #676672 in php5 (main) "FTBFS on natty: SASL LDAP check fails (and other DSO problems)" [Undecided,In progress] https://launchpad.net/bugs/676672
<zul> SpamapS: https://lists.ubuntu.com/archives/ubuntu-devel/2010-November/031991.html
<SpamapS> zul: indeed, working on it how with php5
<SpamapS> zul: its actually dumber than that, php actually thought sasl_version *should* be in -lldap .. even though it has always been a direct part of sasl2
<zul> hehe
<zul> reason 1001 to hate php
<SpamapS> zul: maintaining PHP *will* teach you how to work around things done "the wrong way"
<zul> SpamapS: heh....im out of here l
<SpamapS> zul: Yeah I have to run some errands.. will hopefully wrap up php merge and ftbfs later today or tomorrow then get on top of those other merges
<zul> SpamapS: cool beans
<PeterNL> Hi. i can't ssh to my server, but I can ping it. Also apache doesn't seem to respond. What's happening?
<guntbert> PeterNL: no services running?
<PeterNL> There should be loots of things running
<guntbert> PeterNL: and please don't crosspost
<PeterNL> Sorry, but I thought there was noone here
<guntbert> I take it you cannot get to the server?
<guntbert> )in person)
<PeterNL> I'm sitting (almost) right next to it
<PeterNL> But theres no way I can connect a monitor or a keyboard
<guntbert> thinking...
<guntbert> PeterNL: test it with nmap
<PeterNL> ok
<PeterNL> Lots of ports are open, as they should be
<PeterNL> (exactly the ones I expexted to be open)
<guntbert> PeterNL: then you could try to reach other services... (just to see if it is alive at all - I sometimes had such failures with an old suse server, there only a manual reboot would help)
<PeterNL> ...nothing
<PeterNL> But I don't want to reboot it. The PSU fan has some problems with spinning up... Really...
<guntbert> PeterNL: with only a keyboard you could reboot it without powering down...
<PeterNL> I should try that. But the last time I booted it there was no keyboard present. I don't have any USB keyboards lying around, and PS/2 isn't hot swappable
<guntbert> PeterNL: well, I'm at the end of ideas then - sorry - but if it is an old machine it might have a reset button...
<PeterNL> It might...
 * PeterNL graps a flashlight
<PeterNL> grabs*
<PeterNL> ...there goes my almost 300-days uptime...
<PeterNL> Wait
<PeterNL> I might have a usb keyboard after all...
<PeterNL> ...maybe...
<eriksson25> Anyone in that can help me, updated to kernel 2.6.37 to try and fix one thing but didnt work. Now I want to reinstall the original 10.10 kernel. 2.6.35.22-generic
<air^> reboot and select the proper kernel in grub?
<eriksson25> I followed this steps and it was realy easy to change. But where do I finde the generic.
<eriksson25> http://ubuntuforums.org/showthread.php?p=10112818
<guntbert> eriksson25: server on a notebook?
<eriksson25> I want to reinstall it, since It was giving me alot of errors that I didnt get with a new installed .37
<eriksson25> server
<eriksson25> Trying to install mantis drivers, installed with dkms but didnt work so removed them and that made my system throwing me alot of weird errors.
<ZacharyNewb> could someone help me with the ubuntu server print server?  CUPS?
<guntbert> eriksson25: sorry, no help from me there, I only wondered because the .37 was supposed to fix a wireless issue with iwg4395...
<RoyK> ZacharyNewb: as always, ask a questiin, don't ask to ask
<eriksson25> mm, it was realy easy to setup
<eriksson25> But didnt help me =/
<ZacharyNewb> eriksson25: Thank YOU for your help yesterday.  beyond-sight.com is now page serving thanks to you. ;)
<ZacharyNewb> RoyK: Well, I followed some tutorial, which described configuring the CUPS to listen on a certain port so I could configure it on a webpage over the network
<PeterNL> I just did connect a monitor to my server, and it says "[timestamp] BUG: soft lockup - CPU#0 stuck for 11s! [apache2:PID]"
<eriksson25> No problem, my turn to sith with a problem. Just a litle more advance and hard to explain.
<PeterNL> ...and it doesn't respond to any key presses
<ZacharyNewb> RoyK:  Current problem, is I don't know why cups doesn't seem to be working on my server.  I've rebooted it (managing it through putty on a windows 7 netbook) set which port to use for the http:631 configuration, but the web configuration page doesn't show up when I try to access it over the network
<hggdh> zul: there?
<hggdh> smoser: there?
<uvirtbot> New bug: #676714 in euca2ools (main) "pull euca2ools 1.3.1 into natty" [Undecided,New] https://launchpad.net/bugs/676714
<ZacharyNewb> RoyK:  eriksson25   I've reinstalled the CUPs with sudo apt-get CUPS
<ZacharyNewb> RoyK: eriksson25  still doesn't seem work.
<mathiaz> SpamapS: re https://code.launchpad.net/~clint-fewbar/ubuntu/natty/cheetah/natty-merge-with-debian/+merge/39881
<mathiaz> SpamapS: are planning to go back to the merge before the EOW?
<eriksson25> I dont know anything about cups sorry.
<eriksson25> But google is your friend.
<PeterNL> maybe dpkg-reconfigure cups
<kirkland> hallyn: merging kvm now ... sorry for the delay
<hallyn> kirkland: np, thanks
<hallyn> hey does anyone know where the heck to get the openldap HEAD ?
<OneSoulLegion> Would anyone have some tips getting ubuntu server to install from a usb drive?
<eriksson25> Easy, read on the ubuntu.com
<hallyn> ah there it is
<soren> hallyn: Are they still on cvs?
<OneSoulLegion> eriksson25: Oh, I've tried that. Unfortunately I've run into some problems.
<soren> hallyn: You could just use the bzr mirror on Launchpad.
<eriksson25> Then say them. Hard for us to know what errors you have had.
<hallyn> soren: no i want to see the very latest
<soren> hallyn: I think that's HEAD.
<hallyn> http://www.openldap.org/devel/cvsweb.cgi
<hallyn> so i guess i'ts still cvs :)
<hallyn> no wonder googling for svn openldap was getting me nowhere
<OneSoulLegion> Aye, sorry. Basically, I'm trying to get it to install on an eeebox, and it tells me it can't find the cd-rom. Of course, the machine doesn't have a cd-rom drive and it's trying to install from a usb stick...
<kirkland> soren: did you get a chance to look at that live iso?
<soren> kirkland: Not at all, sorry.
<eriksson25> Well, that is a boot problem in the box, have you set it to boot from the usb?
<eriksson25> In my asus nootbook it is shown as a hdd.
<OneSoulLegion> Yeah, I've done that. And it finds the usb just fine, since it can start and run the installer.
<OneSoulLegion> It just fails partway through saying it can't copy the files from the cdrom.
<kirkland> soren: bummer;  any chance you could boot that puppy in a kvm and see if it's something silly/easy I'm missing?
<kirkland> soren: give it 10 minutes or so attention?
<eriksson25> And you did the usb with the usb creater software?
<OneSoulLegion> (as an aside, I was able to install the desktop version no problem with the same method, but then I realized I need the server edition)
<OneSoulLegion> I tried making it with the usb creator software, as well as unetbootn.
<eriksson25> Why did you need it?
<eriksson25> server eddi.
<OneSoulLegion> Been searching around various websites and tried everything for a few hours now. =)
<OneSoulLegion> Because I want to use the machine as a webserver?
<eriksson25> Well, no problem, install desktop eddi, remove genome, and instal LAMP and you are done.
<eriksson25> You got some more stuf there that is not needed but you wount notice. I run my server as desktop version for 3 years. Before I did a reinstall.
<OneSoulLegion> I'll have a look at that then... I guess I need it to accept my network card properly before I can get LAMP installed, though?
<eriksson25> Well, yes to dl stuf its needed. And to be a web server its surly needed.
<OneSoulLegion> Yeah, I'll have to agree with that =)
<eriksson25> =)
<OneSoulLegion> It seems mostly to have problems with the DHCP rather than the network card itself, at least.
<eriksson25> Do it, and skip serching for a loong time.
<eriksson25> Well, turn that of and put static ip on it then.
<OneSoulLegion> If I manually set the IP, it'll find and connect to my old webserver, but it won't find the gateway, nor will it get out to the 'net. So something seems a little wonky there.
<OneSoulLegion> (I'm basically trying to move over from my old Pentium-2 which is sounding like a lawnmower atm, to the new machine)
<eriksson25> Thats becouse you havent set a static dns and gatway.
<OneSoulLegion> Aye, sounds likely.
<OneSoulLegion> Where would I do that?
<eriksson25> hmm, dont remember on the top of my head. But google static dns ubuntu and you will find it.
<OneSoulLegion> Okay, thanks a lot for the help. =)
<kirkland> hallyn: done
<bluethundr> is there an automatic account management tool in ubuntu that is similar to auth-config under red hat that would allow automatic configuration of pam to do ldap lookups for it's information?
<mdeslaur> bluethundr: there's pam-auth-update
<bluethundr> mdeslaur, that's great thanks!
<mdeslaur> bluethundr: not sure if it'll do what you're looking for, but take a look
<bluethundr> hoping to get all of pam to listen to an ldap server
<bluethundr> I will look into it
<bluethundr> mdeslaur, yes I gave it a try, but no luck
<bluethundr> at any rate, here is how I tried to configure my /etc/pam.d/common-auth file: http://pastebin.ca/1995092
<bluethundr> as an example of how I tried to set this up
#ubuntu-server 2010-11-18
<konni> hello people .. I have one question .. I'm running 10.04 LTS with kernel 2.6.32-35  64 bit.. I'm looking for a safe way to upgrade the kernel to 2.6.35 without compiling it myself ..
<konni> I know about the http://kernel.ubuntu.com/~kernel-ppa PPA .. but I'm not sure that it contains the server edition of the kernel
<konni> can anyone tell me if adding the http://kernel.ubuntu.com/~kernel-ppa PPA to my sources list will upgrade the kernel to 2.6.35 server version or will i get the standard desktop version of the kernel ?
<bdjace> anyone have experience with ircd-hybrid?
<eriksson25> Anyone know what disk /dev/dm-xx is?
<twb> dm is the device mapper
<twb> It's used for LVM, LUKS, and a few other things (md raid?)
<eriksson25> Oki, well, got both lvm and md raid. But didnt have these before. And now they are there.
<eriksson25> Strange.
<twb> You probably just didn't notice them.
<eriksson25> Maby,
<chrismsnz> Hey guys, I read that Convirt 2.0 is now in the ubuntu partner repo - I can't seem to find it on my lucid installation though...
<crazifyngers> hey guys could anyone give me a hand recovering a raid-5 dm raid partition?  i can't get it to mount after moving the drives to a new computer
<snake> So i have lamp installed, but how do i get my site on the web. ( I can view my site on my network, but my friend says that he can't at his house.)
<crazifyngers> do you have consumer internet or business class internet?
<snake> consumer.
<crazifyngers> go into your router and port forward a nonstandard port say 9999 to port 80 of your internal webserver
<smoser> kirkland, it would be nice if you'd push the on 'iamcli' at https://launchpad.net/ubuntu/natty/+queue?queue_state=0&queue_text= for me.
<crazifyngers> then give your friend your external ip with the port number
<crazifyngers> if they use ie they will have to put http://yoursiteip:9999
<snake> so wait. it is asking me for the start and end ports
<crazifyngers> just make them the same
<crazifyngers> start 9999 end 9999
<crazifyngers> gonna throw my question up again...hey guys could anyone give me a hand recovering a raid-5 dm raid partition?  i can't get it to mount after moving the drives to a new computer /dev/md0 shows up in mdadm.conf with the same uid but when assembling it says "mdadm: /dev/md0 assembled from 1 drive - not enough to start the array."  but the drives are there and have the uuid listed
<snake> should I change the port in my config file to 9999?
<snake> crazifyngers, should I change the port in my config file to 9999?
<crazifyngers> you can if you want but if you do then it is port 9999 both internally and externally.  if you leave it at port 80 and forward port 9999 to 80 externally then you don't have to change it
<snake> how do i forward to 80? there is no setting for that in forwarding
<crazifyngers> well it's different for different routers
<snake> what should I type in for server ip address? my network ip?
<snake> hmm... it won't let me type in the other one... it must be my local ip
<crazifyngers> what do yoiu mean server ip address?  like what should you give to your friend?
<snake> it asks for server ip address. i think thats what i give to my friend
<crazifyngers> where does it ask for that?
<snake> in port forwarding
<crazifyngers> no the server ip is the internal ip
<snake> define internal?
<snake> you mean what i get when i do ifconfig?
<snake> for eth1
<crazifyngers> yes
<crazifyngers> internal=inside your lan
<snake> ok
<crazifyngers> external=outside your lan
<snake> and it should be TCP/UDP right?
<crazifyngers> depends on the website.   some streams do udp.  but you should be ok with both
<snake> so i give him my external with port like this: xx.xx.xx.xx:9999
<crazifyngers> yea
<crazifyngers> find your external if you don't know it go to ipchicken.com
<snake> yeah i already have it. but i dont think it's working.
<snake> should i try another port?
<crazifyngers> i would check your router
<crazifyngers> if you can get to it internally then maybe it is the port but doubtful
<snake> my router is a piece of crap netgear
<snake> i might as well throw it out the windows and let my dogs chew on it.
<snake> maybe it is because i am on wireless connection? should i switch to wired?
<crazifyngers> no a connection is a connection
<hallyn> jdstrand: the i386 qemu-kvm for natty is back up
<hallyn> alas, armel build failed, will have to keep looking into that :(
<hallyn> GAH!  it just ran out of memory
<chrismsnz> Does anybody know the ETA of getting Convirt 2.0 into canonical's partner repo?
<chrismsnz> i saw the announcement but it doesn't seem to be there at the moment
<not-twb> My ext3 root filesystem's "last mounted time" is in the future
<not-twb> This causes mountall to halt the boot process and just hang forever.
<not-twb> How can I set the last-mount-time parameter to now?  tune2fs doesn't appear to have such an option.
<not-twb> Hm, I'll try dropping into busybox to do it
<arrrghhh> anyone use rssdler in here?  i had it all setup, and it now only seems to run once instead of always running & checking on an interval...
<arrrghhh> i guess i could just setup a cron job to start it.
<themoebius> does anyone know, if I send data from one EC2 server to another in the same zone but using the public IP address, does AWS count it as data transfer out?
<uvirtbot> New bug: #676830 in munin (main) "pid_file in munin-node.conf is ignored." [Undecided,New] https://launchpad.net/bugs/676830
<uvirtbot> New bug: #676832 in eucalyptus ""Ghost" instance using a slot + elastic IP" [Undecided,New] https://launchpad.net/bugs/676832
<uvirtbot> New bug: #676833 in munin (main) "snmp__* plugins don't like host names." [Undecided,New] https://launchpad.net/bugs/676833
<j0nr> morning
<j0nr> can anyone tel me if this result of 'top' looks unusual in respect to memory usage. I keep getting screen sessions dropping out and am wondering if I keep running low on RAM: http://paste.pocoo.org/show/292944/
<pvh_sa> hi there, i've got a 10.10 server machine i want to build VMs on. i've tried with virt-install, but get an error ("failed to retrieve chardev info in qemu with 'info chardev'"), now looking at vmbuilder - but if i understand correctly vmbuilder pulls an install over the network, right?
<TeTeT> pvh_sa: correct, it will d/l packages from archive.ubuntu.com, unless you specify a local mirror
<pws> Hi guys... I'm seeing some reference in the 10.10 release announcements about gluster and ceph... does anyone know stable they are for real-world use in a cloud environment?
<pvh_sa> TeTeT, ok, not enough network here for that. back to trying to get virt-manager to work. thanks
<TeTeT> pvh_sa: good luck. I use virt-manager on Lucid quite often and it worked fine for me so far
<pvh_sa> TeTeT, i've googled this error and it comes up quite often but often with different causes. i suspect what might be happening is *another* error which means this 'info chardev' is just a symptom
<TeTeT> pvh_sa: never seen it, sorry
<j0nr> can anyone tel me if this result of 'top' looks unusual in respect to memory usage. I keep getting screen sessions dropping out and am wondering if I keep running low on RAM: http://paste.pocoo.org/show/292944/
<alvin> j0nr: Looks fine to me
<pvh_sa> has anyone here created a ubuntu vm using virt-install on 10.10? if so could you offer the commandline you used? thansk
<pvh_sa> thanks even
<yann2> using 10.4 pvh_sa
<pvh_sa> yann2, i'm going to install 10.04 just now to see if it works
<pvh_sa> on 10.10, i'm trying to install with a slightly altered version of one of the virt-install examples: virt-install --connect qemu:///system --name demo --ram 500 --disk path=/var/lib/libvirt/images/demo.img,size=5 --network network=default,model=virtio --disk path=/root/ubuntu-10.10-server-amd64.iso,device=cdrom --vnc
 * [diablo] is looking forward to his meeting with Canonical today at their offices... we plan to deploy Ubuntu Server in our  data centre :-) bye bye CentOS
<soren> [diablo]: Congratulations.
<soren> Daviey: Have you ever used Eucalyptus in SYSTEM mode?
<pws> So here's a question for you lovely people... does UEC run Windows images alright? I can't seem to find much documentation either way...
<mgolisch> pws: did you google?
<mgolisch> theres some howtos on howto deploy window images in eucalyptus opensource version
<pws> yes, I can find some vague references to 'I think it should be possible' and 'I'd like to', but nothing definite
<pws> Ah, that'll probably be a good thing to search for then, I'll go and look :-)
<pws> Thanks
<Daviey> soren: the mode where instances get their IP from the host network dhcpd?
<Daviey> soren: the mode where instances get their IP from the host network dhcpd?
<soren> Daviey: Yes.
<soren> Daviey: I think I found my answer now.
<Daviey> soren: groovy
<mgolisch> what do you use that cloud stuff for?
<soren> Daviey: I was just wondering what sort of IP Eucalyptus would claim they had. A couple of forum posts suggest 0.0.0.0.
<Daviey> soren: Yeah... i can't see how it could know
<Daviey> soren: If they were really devious they could do an arp lookup
<Daviey> I have used SYSTEM mode, but didn't observe the IP field output tbh... mainly that it was working :/
<soren> Daviey: Oh, I didn't expect it to know.
<soren> Daviey: I was just wondering if it actually assigned one internally ( and exposed it in euca-describe-instances) or if it actually didn't assign any.
<Daviey> soren: I could check :)
<soren> Daviey: I couldn't possibly ask you to do anything with Eucalyptus. I like you.
<Daviey> :o
<Daviey> soren:  Now you mention it... my rig is currently tied up with other software atm.
 * bond hi
<zul> Daviey: someone uploaded the new eucatools yet?
<Daviey> zul: no... smoser has it in hand tho
<zul> Daviey: if you want me to review it and upload it let me know..
<Daviey> zul: Well i did a pass of smoser's branch yesterday; but you may have seen that all of his patches have now gone upstream (\o/)... so i imagine smoser will track that for this upload..
<Daviey> If smoser can get that done today, i'm sure he'll appreciate a second pair of eyes
<zul> cool...
<hggdh> zul: I will add you on a write-up of the SRU thingies you will give me
<zul> hggdh: sure
<hggdh> (that is, in my BP)
<hggdh> zul: do you want to do the same with the admin of the dailies?
<zul> hggdh: sure
<hggdh> heh
<soren> Daviey: Ok, so I want to get the packaging branch in order.
<Daviey> soren: "in order" ?
<soren> Daviey: Yes, as in "get it sorted out".
<Daviey> soren: Oh awesome, what are you thinking?
<soren> Daviey: My current inclination (which changes by the hour, it seems) is to have a repository with just debian/* in it.
<soren> Daviey: That makes it simple to merge it into whichever branch of Nova you feel like building packages out of.
<zul> that would be good for me i think
<zul> and then you guys can cherrypick anything you guys want
<soren> Daviey: ...and if you don't want to use upstream code from bzr (which I, somewhat ironically (being upstream and all) don't), you can just check out this branch from the top-level dir, fiddle with things, and bzr commit does what you expect.
<soren> Daviey: Instead of having the root of the repo /be/ (rather than /contain/) debian/, in which case debcommit, for instance, no longer works.
<Daviey> soren: i entirelly agree that the packaging branch should not have the code in
<Daviey> hmm
<Daviey> soren: i was thinking ROOT:/debian/
<Daviey> so otherwise empty
<Daviey> this means that debcommit does still work
<soren> Daviey: I'm not sure I understand.
<Daviey> soren: a bzr tree with only one top level directory
<soren> Yes, that's what I'm suggesting.
<Daviey> i agree with that
<soren> Cool.
<Daviey> soren: Do you have plans for having a consistent location for per commit tarballs?
<Daviey> (/me is thinking, not hosted on LP)
<soren> Daviey: Already have that. Since yesterday. Try to keep up :)
<Daviey> ooooooo
<Daviey> what is it?
<soren> Daviey: http://nova.openstack.org/tarballs/
<Daviey> soren: and that includes the magical fairy dust, that bzr doesn't - right?
<soren> Daviey: Indeed.
<Daviey> soren: Ok... great
<zul> soren Daviey: the ubuntu-natty has config file changes that i had to do in order to get it working for natty
<soren> zul: Yeah, some of the defaults changed, too. We need to account for that somehow.
<Daviey> zul / soren:  There probably needs to be two tree's now... one for Maverick and one for Natty
<soren> We should also make all the various components use the same config file.
<soren> Daviey: Yes.
<zul> soren: agreed
<Daviey> soren: Do you want to clean the tree out?
<zul> the apport hook is already done as well
<Daviey> zul: damn.. you are fast.
<soren> Daviey: I do, I just wanted to get the bzr repo layout nailed down first.
<zul> Daviey: i had a 3 hour plane ride ;)
<soren> Daviey: But that seems to be a done deal now. I'll whip up a new repo so we can start from scratch.
<soren> If I didn't (and just bzr removed everything except debian/), merging it into code trees would be very awkward.
<Daviey> soren: Ok.. great..   We are still all peer reviewing each other
<Daviey> right?
<soren> Oui.
<Daviey> \o/
<soren> there's an openstack-ubuntu-packagers team on lp.
<Daviey> yeah, saw it
<soren> I'll make ubuntu-virt a member, along with Monty.
<Daviey> soren: A clean tree makes sense IMO
<soren> I just didn't get around to it yet.
<soren> Daviey: I just need to make sure I can actually merge it then (i.e. it won't complain about lack of common ancestry).
<soren> Daviey: I'll work it out. Give me 20 minutes.
<Daviey> soren: hmm.. should it ever need merging?
<soren> Daviey: "need" is such a strong word.
<soren> I think it's a valid use case.
<soren> It's needed to make recipe based builds work.
<Daviey> bzr branch lp:nova ; bzr branch lp:~openstack-packagers/etc debian ;  cd nova ; ln -s ../debian debian
<Daviey> ?
<Daviey> hmm
<Daviey> that is probably unwise actually :)
<soren> I can see how it can be convenient.
<soren> If you just want to track bleeding edge upstream and packaging, it's kind of handy to be ably to just use bzr for that.
<soren> It's not super important, but if it's easy enough to accomplish, I might as well.
<Daviey> soren: You can merge without common ancestry, in some situations... but TBH... working out how (i'm not clear myself), is probably a higher price than the reward
<soren> Daviey: I have a trick up my sleeve.
<soren> Daviey: You'll see.
<soren> :)
<soren> (if it works)
 * Daviey hopes it's not rude.
<zul> soren: example reciepe https://code.launchpad.net/~vcs-imports/couchdb/trunk/+recipes
<soren> zul: Oh, we're already using recipes to build nova.
<soren> I just don't want to do that anymore.
<soren> For a couple of reasons.
<zul> such as?
<soren> a) They're only built once a day. I want a package per commit.
<Daviey> TBH.. i'm not sold on recipes myself tbh.
<zul> so like a hudson hook or something?
<soren> b) We're building tarballs per commit.
<soren> b1) The tarballs have stuff in them that are not in bzr.
<soren> b2) The reason we resort to building from vcs is because upstream fail to provide tarballs per commit. We provide them, they should be used.
<soren> (I use "we" very confusingly to mean "Ubuntu" and "openstack" as I go along)
<zul> gotcha....what are in the tarballs that bzr doesnt have beside the .bzr directory (assumingly)
<Daviey> soren: With Mythbuntu we build daily (via cron fired script) for ~3 ubuntu releases and 2 upstream version snapshots (trunk and stable/fixes)... that seems to work well
<Daviey> users are normally happy.
<soren> b3) Even if we were to build from bzr during the dev cycle, once there's a release out, we should use the tarball. vcs snapshots are used to be able to track development when releases are too infrequent. It's error prone to have one way to build packages during dev and another once we near release (i.e. when the tarball is released).
<soren> b4) Everyone besides Ubuntu will be using the tarballs. Having Ubuntu also build from tarballs feeds into OpenStack's QA. We can be sure everything needed to build Nova properly is in the tarball.
<soren> c) Upstream is kindly asking that this is to be so.
<soren> that's a bit more than a couple, but I hope that's ok :)
<Daviey> soren: I agree with your comments fwiw.
<soren> zul: There's a ChangeLog.
<soren> zul: More stuff may turn up.
<zul> soren: right
<Daviey> zul: just noticed smoser is on holiday today and tomorrow... so re: euca2ools... it might make sense to leave until Monday, there is no huge rush, i guess
<soren> zul: it's like how you typically don't see the configure script in vcs for C projects, only the stuff needed to generate it.
<zul> Daviey: ack
<soren> zul: Part of making a tarball is building that configure script.
<soren> zul: ..and other sorts of things. Right now, it's just the changelog and maybe I leave out a bzr plugin that generates said changelog.
<soren> zul: I'm not sure.
<zul> soren: cool...i would love to see the script eventually for my own projects
<soren> zul: It's mostly done.
<zul> soren: throw it into a bzr branch when you are done if you havent already
<soren> Daviey: My trick failed me. :(
<Daviey> soren: what was it?
<soren> Daviey: See in #zr.
<soren> #bzr, that is.
<Daviey> k
<soren> Scroll back about a pageful.
<Lord_Rahl> Does anyone recommend a good NMS to monitor Asterisk
<Daviey> soren: oh aye,.. good idea
<soren> Daviey: Not good enough.
<Daviey> Lord_Rahl: depends exactly on your requirements
<Daviey> Lord_Rahl: nagios works well for checking it's working :)
<ssureshot> Logwatch doesn't seem to want to read my samba logs, anyone have a reason for this?
<Lord_Rahl> Daviey, I have try Nagios very labor intensive to setup. maybe I can find a plugin to add nodes, editing all the configs by hand sucks :)
<soren> Daviey: This kind of pisses me off a bit.
<soren> Daviey: It seems like a perfectly reasonable thing to be able to do.
<Daviey> soren: ack... svn allows it :)
<Daviey> infact, svn allows you to have external depends, that get pulled in when you co
<soren> Daviey: That's coming for bzr, too, I believe.
<soren> Daviey: Mostly driven by the need to be able to import such things from svn (and git, which also supports it).
<soren> This is why we can't import libvirt to bzr on launchpad. It nests gnulib.
<uvirtbot> New bug: #677019 in backuppc (main) "package backuppc 3.1.0-9ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/677019
<soren> Daviey: Not sure how to resolve this. There's not way to make up a common ancestry, apparantly.
<soren> Daviey: bzr-builder can deal with it, as it turns out. It has a "nest-part" option that does the right thing.
<soren> Daviey: The problem is if someone wants to manually merge them. It's doable (bzr merge -r 0..-1 lp:blahblha), but not obvious.
<soren> Bah, let's just do that .
<pmatulis> can anyone recommend any SNMP s/w to use with IPv6 ?
<soren> Daviey: lp:~openstack-ubuntu-packagers/ubuntu/natty/nova/ubuntu
<soren> Daviey: One thing that irks me a bit, though..
<soren> Daviey: If we push a fresh version to Natty, that pretty much blows my chances of putting the Austin release of Nova into Maverick.
<soren> Daviey: But I'm not completely sure that I care, really.
<soren> zul: Can you branch lp:~openstack-ubuntu-packagers/ubuntu/natty/nova/ubuntu and apply those changes of yours to that and do a merge proposal?
<zul> soren: sure
<soren> Daviey, zul: Awesome. "bzr bd -S" just works. It grabs the tarball from http://nova.openstack.org/tarballs/ automatically.
<zul> sweet well do that going forward probably
<soren> Yup. I'm looking forward to see how it works out when there's a new upstream revision.
<soren> jono: Mr. O'Bacon!
<jono> hey soren
<soren> jono: did I tell you one of my colleagues thought you were "John O'Bacon" when we were at CLS? That still cracks me up :)
<jono> lol
<jono> not the first, and probably not the last :)
<soren> There would have had to be an Irish guy with a first name of Bacon at some point for that to work. That'd be pretty awesome.
<zul> soren: http://paste.ubuntu.com/533899/
<zul> oh wait...i left ubuntu-virt i think
<zul> soren: yeah i did
<slestak> hiya guys.  just did a do-release-upgrade from 9.04 to 10.04.1.  my /etc/lsb-release still refers to jaunty.  I looked in the log for the upgrade and it said it installed the package lsb-release
<slestak> i also reinstalled lsb-release with no effect.
<slestak> is that safe to purge and install?
<soren> zul: Should I add you back to ubuntu-virt, or should I add ~motu to the packagers team?
<soren> zul: I'll do the latter regardless.
<soren> zul: Try again.
<soren> zul: Err.. Hang on, you were supposed to file a merge proposal, by the way.
<soren> zul: Not just push.
<hggdh> Daviey: should I expect Maverick's UEC to boot and work a Natty image?
<zul> soren: yeah i was trying to push to a seperate branch in the openstack-packagers team
<zul> could you add me to the ubuntu-virt team again?
<soren> zul: Just push to something under ~zulcss. No need to make it a team branch when it's being merged anyway.
<zul> soren: sure hold on
<soren> zul: but you're a member of openstack-ubuntu-packagers anyway now (by way of ~motu).
<zul> ack
<soren> zul: ...and now ~ubuntu-virt, too.
<zul> soren: i dunno if you want to add ~motu there though
<soren> zul: they can upload it anyway.
<zul> soren: well the merge request is there now
<soren> zul: no point in not letting them push to bzr first.
<zul> soren: i should be able to do merges in the future correct as well right?
<soren> zul: Yes.
<zul> soren: oh crap i just need to clear out one thing
<soren> zul: You need to clear out everything, it seems.
<soren> zul: Errr... What the?
<zul> soren: gimme a sec
<soren> zul: You've filed a merge proposal to get the branch I just created merged into lp:nova/ubuntu.
<soren> That's not what we want.
<zul> hold on
<hggdh> JamesPage: so... let's get Hudson rolling? :-)
<JamesPage> hggdh: sounds like we have the required approvals so yes!
<zul> soren: thats what it was defaulting to in launchpad. should be fixed now.
<soren> Don't see any merge proposals..
<Daniel__> hi
<mathiaz> zul: hey - I plan to remove myself from the administrator list for ubuntu-server-bugs
<zul> i just clicked on the button ;)
<mathiaz> zul: anyone else to replace me?
<JamesPage> hggdh: do you want to spin up the ec2 instance or shall I?
<mathiaz> zul: you'll be the only admin then
<soren> zul: I checked after you said it.
<zul> mathiaz: hggdh maybe?
<slestak> ive got a server that does not have a correct /etc/lsb-release
<hggdh> JamesPage: either way...
<hggdh> zul: me what?
<mathiaz> hggdh: do you mind if I set you as an administrator for ubuntu-server-bugs?
<Daniel__> I trying to install ubuntu server on hp dl120 g6 but it didn't recognize logical drive for SATA Array configured
<hggdh> mathiaz: not at all, please go ahead
<slestak> do release-upgrade appears to have me up to 10.04.1
<jgjones> Is this the best channel or is there another for running Ubuntu as virtual machine (standalone or in cloud)?
<zul> soren: launchpad is slow maybe
<mathiaz> hggdh: which email address?
<zul> i just got the merge request like 2 minutes ago
<hggdh> mathiaz: hggdh2 at gmail dot com
<soren> zul: You filed it against the maverick branch.
<soren> zul: Try again :)
<Daniel__> looks like ubuntu server doesn't recognize array controller b110i
<zul> fuuuuuuc
<Daniel__> any suggestions?
<hggdh> jgjones: either here or on #ubuntu-cloud
<jgjones> hggdh: thanks
<zul> soren: cross fingers :)
<mgolisch> Daniel__: it detects none of your disks at all?
<Daniel__> no it detects both fisical disks, but it doesn't detects the logical one 1+0 raid
<patdk-wk> oh, it's not a real raid card
<zul> soren: should be there now
<Daniel__> the array card is hp smart array B110i
<patdk-wk> ya, it's a softraid card
<mgolisch> Daniel__: its a fakeraid then
<soren> zul: It would really be helpful if you could actually describe the changes you're making.
<mgolisch> consider using os level software raid instead
<zul> soren: noted
<soren> zul: I mean... "Update build dependency" isn't helpful when I have to review things.
<Daniel__> yes it use a software provided as a small bios for HP
<zul> soren: I have updated the commit message in the merge proposal
<zul> and will have better commit message in the future ;)
<Cope> hi - i need django 1.2.3; i notice it's in sid
<Cope> is there a recommendation for getting this onto a lucid machine? backports? mirror sid and pin it?
<Daniel__> mgolisch you mean I can't use the builtin raid system, instead I have to use ubuntu software raid?
<mgolisch> Daniel__: yeah or search for a driver
<mgolisch> as its fake/software raid anyways id just use md raid
<Daniel__> mgolisch I found a driver for redhat linux but I don't how to install it with ubuntu
<soren> zul: I'll comment on it after I've eaten.
<zul> soren: sure
<zul> i need to go eat as well
<Daniel__> what about performance? It would be better to try find a driver or ubuntu server raid will do the job with same performance?
<pmatulis> Daniel__: performance with s/w raid is fine
<pmatulis> Daniel__: fakeraid is just, bleh
<Daniel__> ok guys, thank you very much for your help!
<talntid> Nov 18 10:08:12 ltsp1 kernel: [ 3943.664469] nfs: server fs1 not responding, still trying
<talntid> this is causing my machine to hang... any ideas on troubleshooting this? fs1 is pingable
<patdk-wk> don't hard mount it, or use hard + intr
<patdk-wk> man mount :)
<talntid> checking manpage
<talntid> the strong intr does not exist in the manpage... ?
<talntid> http://www.faqs.org/docs/linux_network/x-087-2-nfs.mountd.html
<talntid> =]
<patdk-wk> oh heh, they moved the nfs stuff to man nfs
<talntid> the file server, has 7.X loads...
<patdk-wk> mine gets up to 30+ at times
<patdk-wk> but it does take some work, to get it that high
<talntid> if I throw more processor/ram at it, will it help? or just delay the inevitable?
<patdk-wk> it would help (very little)
<patdk-wk> it's probably disk i/o it's waiting on
<talntid> hmmm
<talntid> possibly. any good way to test this?
<patdk-wk> top :)
<patdk-wk> vmstat :)
<talntid> i never understand the output of vmstat
<patdk-wk> it's the same as top :)
<patdk-wk> r = processes that are attempting to run
<patdk-wk> b = processes that are blocked? (never see this >0)
<patdk-wk> swap drive usage
<patdk-wk> free ram
<patdk-wk> buffer memory (to be written todrive)
<patdk-wk> cache (drive cache usage)
<patdk-wk> si/so swap in/out k/s
<patdk-wk> bi/bo disk in/out k/s
<patdk-wk> in interrupts/s
<patdk-wk> cs context switchs/s
<patdk-wk> us user cpu usage
<patdk-wk> sy system cpu usage
<patdk-wk> id idle cpu usage
<patdk-wk> wa wait cpu usage (this shows slow harddrive performance)
<talntid> http://pastebin.com/gbmdN6bs
<patdk-wk> so the higher the wa is, the faster you need to make your drives go, basically
<talntid> but I'm not sure what "sane" numbers would be, to compare to. will any machine do?
<talntid> to benchmark it against
<patdk-wk> doesn't matter
<patdk-wk> it's what ever is applicatable to you, and your usage
<patdk-wk> generally why benchmark numbers don't mean much
<patdk-wk> unless your doing the exact same thing as that benchmark
<talntid> vmstat: http://pastebin.com/9KZEsWxi
<patdk-wk> that is useless
<patdk-wk> you need like a lot of lines of output from vmstat
<talntid> seemed like it. it needs to update continually
<talntid> yeah :)
<patdk-wk> vmstat 10
<patdk-wk> let it for for like 10min or so
<patdk-wk> the first time is a summary line, since boot
<patdk-wk> defently use smartctl on your drives tocheck their health too
<talntid> okay, can do.
<talntid> this is a dell poweredge 2950 server, so it's not just a homebrew machine, too...
<patdk-wk> raid?
<talntid> raid5
<patdk-wk> then smartctl probably won't work
<talntid> but also running DRBD, if you are familiar with it
<patdk-wk> make sure you check the raid health
<patdk-wk> drbd slows everything down to a crawl
<patdk-wk> cause it has to confirm writes on the other machine
<_ruben>  depends on the drbd config tho
<talntid> it's set in dual primary mode
<patdk-wk> well, using non-write confirmation isn't that safe :)
<_ruben> ah, you like living on the edge
<talntid> i only write to one still, currently...
<patdk-wk> it still has to transfer that write from the first machine, to the second
<patdk-wk> confirm it's written
<patdk-wk> get that confirmation back, and tell your nfs client about it
<_ruben> indeed, if any way possible, disable the sync for a short while and see what happens
<_ruben> too many layers currently where it could be going wrong
<talntid> indeed
<patdk-wk> ya, and with drbd like that
<patdk-wk> either one could be slow, not both
<patdk-wk> so we have to figure out what machine also still :)
<_ruben> true ;)
<talntid> so, the setup is like this...
<talntid> ubuntu 10.10 host, xen virtualization.. ltsp server (ltsp1), fs1 drbd with fs2 on another physical server
<talntid> ldap for authentication throughout, and it shouldn't matter, but there is an asterisk server hosted on here too...
<patdk-wk> ltsp fs1 are all xen guests?
<talntid> yes
<_ruben> sure hope not ;)
<_ruben> ouch
<patdk-wk> yuk
<patdk-wk> another layer of issue :)
<talntid> recently, the thin clients (ltsp1) have been freezing a lot. has worked great for 2 years... now, ltsp1 can't see fs1 on occasion.. happening more often..
<talntid> when the thin clients freeze, ltsp1 has 70+ loads, and fs1 has 6-7.
<patdk-wk> you have lots and lots of stuff to look at
<_ruben> could very well be that the load reached a tippingpoint .. seen it far too often
<_ruben> could be a minor increase in load triggering it
<talntid> the users have not grown... same amt of users, too..
<_ruben> perhaps some decided to multitask (more)
<talntid> perhaps.
<patdk-wk> I doubt even that
<patdk-wk> 10.10 wasn't out 2 years ago
<talntid> on vmstat, id = 100 the whole time. :)
<talntid> no, 2 years ago, it was 8.04
<patdk-wk> just it's usage of cpu caches has changed I bet
<patdk-wk> and could of done this
<patdk-wk> if you where close already
<talntid> the swap to 10.10 was about 4 months ago
<_ruben> even more living on the edge eh?
<patdk-wk> I noticed on my system atleast, switching from a 1m to 2m cpu cache speed it up a crapload
<_ruben> it was release like 5 weeks ago
<burntoutlamp> hey people, I have a question largely because apache directory has not worked out for me. I am looking for a guide out there that will help me config LDAP on Ubuntu Serv 10.04 to push windows updates and other software to like 20 computers. I failed in my google effort. any ideas? merci!
<_ruben> burntoutlamp: push windows updates using a linux box? doubt that's gonna work (never looked at it tho)
<burntoutlamp> blast I need an active directory I cannot go on like this -.-
<_ruben> burntoutlamp: for stuff like that, yes you do indeed
<talntid> my bad: root@talon:~# cat /etc/issue
<talntid> Ubuntu 10.04.1 LTS
 * burntoutlamp backs up the question trolley
<burntoutlamp> so is it possible to push out windows updates using a linux server to 20 windows laptops -.- merci beaucoup
<_ruben> burntoutlamp: there might be alternatives, tho i doubt they'd bring any joy to the person admin'ing it ;)
<_ruben> burntoutlamp: same answer, i highly doubt that, and if there's a way, it sure won't be a pretty one
<_ruben> hell, even pushing out updates for 20 linux laptops is quite the challenge i bet ;)
<burntoutlamp> I am the one adminning it
 * burntoutlamp cries
<talntid> why not allow the machines to update themselves? trying to save the bandwidth?
<_ruben> burntoutlamp: given that the windows options are quite complex on their own (which doesnt really tell all that much really), i really doubt there's any FOSS alternative capable of the same/similar
<talntid> trying to distribute them locally, for speed?
<burntoutlamp> yeah
<burntoutlamp> right now I have to do it manually at each machine
<talntid> right, but you could set them to auto, or run boot scripts?
<talntid> if bandwidth is the issue, you can use squid3 to cache the files :)
<burntoutlamp> hmmmmmm
<burntoutlamp> I'd never thought of those alternatives
<_ruben> then again, windows update doesn't like proxies much
<talntid> agreed. when I did that, I set it up at the router level.
<talntid> so Windows update didn't know the difference. :)
<_ruben> transparent proxy? that'd work i guess
<burntoutlamp> ah very cool
<burntoutlamp> you guys are giving me some options I have not even thought of. I don't have nor am I able to set up a windows server here
<talntid> my vmstat output: any advice? http://pastebin.com/v0JfgEGR
<_ruben> nothing out of the ordinary there
<talntid> aisexec is using lots of resources, it seems..
<talntid> server is still at 7.0 load, with no traffic to it..
<talntid> I can reset fs1, but in a few hours, it will happen again.
<zul> Daviey: ping let me know when you are around.
<uvirtbot> New bug: #677153 in dhcp3 (universe) "dhclient assigns all interfaces connected to a bridge addresses" [Undecided,New] https://launchpad.net/bugs/677153
<uvirtbot> New bug: #677152 in dhcp3 (universe) "dhclient started on a bridge tries to assign addresses to all bridged devices (dup-of: 677153)" [Undecided,New] https://launchpad.net/bugs/677152
<bmw> hi all, I'm a linux newbie...   and I ran into a real problem!   I ahve been backup server 10.04 for the last few months with Clonezilla...   now my boss wants me to install re-install our setup onto a new server with a different processor, raid system etc...  and I'm getting a gazillion errors...!!   ubuntu doesn't like all these changes...   is there an old school method to use (TAR ??)
<bmw> instead of a disk image, would this TAR method of backup and restore work?  or is that just used for data files and not OS files...  like will it resore my mysql installation, php stuff etc...  or just the data files
<zul> mathiaz: ping where are we at the package set stuff?
<Lord_Rahl> need some help I am trying to enable php5-pdo and pcntl.so for lilac. I have all the ini set but it still come up that I do not have have enable.
<RoyK> bmw: usually making a database dump and copying the data files for other apps should do well
<Lord_Rahl> fyi it need them for php-cli
<bmw> RoyK:  problem i'm worried about is that php for this particular software on the server etc.. took hours to configure... i want that all to come across exactly
<RoyK> most of php is configured out of the box if you just install it from the packages
<RoyK> Lord_Rahl: you need what of php-cli?
<Lord_Rahl> pdo & pcntl
<mathiaz> zul: IIRC the DMB has taken ownership of the ubuntu-server-devs team
<mathiaz> zul: and handles upload privileges for the package set
<mathiaz> zul: the next step is to review the packages in there
<mathiaz> zul: and that I don't know how to review the 350+ packages in there
<zul> seriously 350+ ? :)
<Lord_Rahl> RoyK,  I have both .so but they are not loading is there a ini for php-cli
<RoyK> Lord_Rahl: /etc/php5/cli/php.ini
<Lord_Rahl> thanks I will check it out
<RoyK> that's on 10.10, but IIRC it's the same on lucid
<Lord_Rahl> RoyK,  Ok I added the to be loaded. Is there a way to reload the cli with out a reboot?
<RoyK> Lord_Rahl: no need for a reboot
<eagles0513875> hey guys
<eagles0513875> question for yall why am i getting this error
<Lord_Rahl> RoyK,  I restart apache but that did not do it
<eagles0513875> Nov 18 20:47:51 eagle dovecot: IMAP(jonathan): fchown(/home/jonathan/Maildir/.Sent/dovecot-uidlist.tmp, -1, 114(dovecot)) failed: Operation not permitted (egid=1000(jonathan), group based on /home/jonathan/Maildir/.Sent)
<RoyK> Lord_Rahl: are you using php-cgi?
<Lord_Rahl> yes
<RoyK> not fastcgi?
<eagles0513875> everything works fine sending and recieving but any emails i sent it cant add them to the send folder how can i fix the error above
<Lord_Rahl> no
<RoyK> cgi is something that belongs in the ninetees
<RoyK> cgi is _bad_
<Lord_Rahl> lol
<RoyK> I once DoSed one of Norway's largest news sites because of silly CGI
<RoyK> trying to fix a poll :Ã¾
<RoyK> cgi is simple, fork out a php/perl/something process on each request
<RoyK> fine, but what if there are 10k requests, and each process has a memory footprint of 3 megs........
<Lord_Rahl> eagles0513875,  does the user own the folder? are you using maildrop?
<eagles0513875> Lord_Rahl: yes user and group is jonathan
<eagles0513875> with drwx
<eagles0513875> permission
<eagles0513875> and im using dovecot + postfix
<Lord_Rahl> did you do a mkdir or maildirmake
<Lord_Rahl> eagles0513875, did you do a mkdir or maildirmake
<uvirtbot> New bug: #677161 in openssh (main) "tunnelled clear text passwords" [Undecided,New] https://launchpad.net/bugs/677161
<eagles0513875> mkdir Lord_Rahl but i think i have isolated the problem
<eagles0513875> which is the group being dovecot
<Lord_Rahl> eagles0513875, sweet
<eagles0513875> still not working lool
<eagles0513875> whops meant Lord_Rahl
<eagles0513875> Lord_Rahl: Nov 18 21:18:28 eagle dovecot: IMAP(jonathan): fchown(/home/jonathan/Maildir/.Sent/tmp/1290111508.M7146P6450.eagle, -1, 114(dovecot)) failed: Operation not permitted (egid=1000(jonathan), group based on /home/jonathan/Maildir/.Sent)
<Lord_Rahl> eagles0513875, do you have a tmp folder under .Sent
<eagles0513875> Lord_Rahl: ya i do and all permissions are the same on all folders
<Lord_Rahl> eagles0513875, Dont know maybe someone else can help. I use maildrop for that.
<Lord_Rahl> eagles0513875,  I can give you may script for senting up a mail server if that will help
<uvirtbot> New bug: #677181 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: el subprocÃ©s seqÃ¼Ã¨ncia pre-installation nova retornÃ  el codi d'eixida d'error 1" [Undecided,New] https://launchpad.net/bugs/677181
<GeekyAdam> vsftpd won't start. says the process is running, but its not. http://paste.ubuntu.com/534005/ any ideas why?
<raubvogel> GeekyAdam, how do you know it is not running?
<GeekyAdam> raubvogel: check the code, i did a "ps aux | grep vsftpd" with no results.
<raubvogel> Could it have started (PID 15984) and then crashed without cleaning up after itself?
<Nix82> Is anyone familiar with UEC? I have a few quick questions.
<raubvogel> As in need to see the logs?
<chrismsnz> Hey guys - I notice that canonical and convirture have partnered to offer convirt through the partner repository - anybody got this running? I can't find it after updating?
<GeekyAdam> raubvogel: logs empty :/
<raubvogel> After all, you said it claims to be running
<raubvogel> Usually that means a lock or pid file somewhere
<GeekyAdam> raubvogel: what do you mean by "lock or pid file somewhere"?
<Nix82> UEC Question: Say you have a cloud of 9 servers and you're running a VM within the cloud, if the node that's running that VM has a hardware failure, will UEC automatiacally move that VM to another node with no downtime? If not is that node recoverable without getting the down node back online?
<Nix82> VM*
<raubvogel> GeekyAdam, it does not seem to have the pid stored in a file
<raubvogel> I find it odd it did not even bother to write to its log file after you tried to start it manually
<GeekyAdam> raubvogel: i removed vsftpd via apt-get, deleted the conf file just to have a fresh one, reinstalled vsftpd, and again, it says its running at the end of the install, but its not running. and there's no log file. wtf???
<GeekyAdam> raubvogel: wait, there's no conf file either now...?
<GeekyAdam> if this were windows id be recommending a restart of the machine right about now...
<raubvogel> Try to remove it using apt-get remove --purge and then reinstall it.
<raubvogel> Then look for the pid it reports
<GeekyAdam> good idea. purging...
<GeekyAdam> raubvogel: that did it! running fine now. thx much. ^_^
<raubvogel> Sure thing
<Nix82>  
<ewook> anyone engaged Kernel: Neighbour table overflow issues?
<DeuceP> anyone here have any experience with squid?
<uvirtbot> New bug: #677231 in mysql-5.1 (main) "Can't purge mysql-server" [Undecided,New] https://launchpad.net/bugs/677231
<kirkland> smoser: ping
<kirkland> smoser: i tried to reproduce bug #676605
<uvirtbot> Launchpad bug 676605 in byobu "byobu broken on natty" [High,In progress] https://launchpad.net/bugs/676605
<kirkland> smoser: but couldn't
<kirkland> smoser: seems to be working correctly for me installed from today's daily natty server
<kirkland> smoser: when did you try?
<Aison> how can I get the package that is related to an installed file?
<ikonia> Aison: can you give me an example ?
<Aison> well, eg. I would like to know what package installed the file "/usr/bin/nano"
<Aison> but that's just an example ;)
<ikonia> Aison: apt-file is a good tip
<Aison> ok, nice
<mdeslaur> Aison: you can use "dpkg -S /usr/bin/nano" also
<ikonia> a nicer way
<Aison> thx
<entropy4> anyone know why my ubuntu server wouldnt be reachable by its host name? my windows machines can all ping each other by their computer names, and my ubuntu server can ping the win PCs by name
<entropy4> is there something related to netbios that i have to configure?
<ikonia> entropy4: is there a dns entry for it ?
<ikonia> entropy4: are the windows boxes in an AD domain ?
<snake> ok so i have apache running, but firestarter (my firewall control gui thing) doesn't even show it on the current connections list. does this mean it isn't even getting on the internent?
<snake> *internet
<ikonia> snake: telnet localhost 80 see if it's running
<snake> what do you mean? is that a command?
<ikonia> snake: yes
<snake> it says that it's connected.
<ikonia> snake: ok, so you know it's running, that's a good start
<ikonia> snake: what are you firewall rules ?
<snake> so then why is it not working? I can't give my friend my external IP and let him view my web server?
<entropy4> ikonia, i'm not running a DNS server, and no domain either
<ikonia> snake: are you using a nat on your router ?
<snake> what is nat?
<ikonia> entropy4: the linux machine will need a dns server to resolve host names or an entry in /etc/hosts
<ikonia> snake: it translates a private IP address to a public one
<snake> ok how could i figure out if i have that
<entropy4> ikonia the linux server has no issue resolving hostnames. its other machines that cannot connect by name to it
<ikonia> snake: what is your machines IP address ?
<ikonia> entropy4: how is it resolving hostnames without dns or a host file ?
<ikonia> entropy4: what name service are you using ?
<snake> my internal ip is 10.0.0.5
<ikonia> snake: is that the IP you are giving to your friend ?
<snake> no. i am giving him my external IP
<ikonia> snake: ok - so you need to get support for your router to find out how to do NAT on it,
<ikonia> snake: also make sure your router is not running a firewall
<ikonia> snake: while you are degugging disable the firewall on your ubuntu machine
<snake> ok
<entropy4> ikonia not sure if i understand what you mean. the linux box is pointing to my isp's dns server (in /etc/resolv.conf) is there more setup i need to do with /etc/hosts ?
<ikonia> entropy4: how does your ubunti machine know the ip/hostname mapping of your windows machines ?
<entropy4> ikonia sorry actually my router is functioning as a caching dns server.. i forgot
<entropy4> i think when hosts get an ip from the dhcp (from the routeR) it registers them in dns
<ikonia> entropy4: ok, so the ubuntu machine is probably not announcing it's self
<entropy4> so that might explain that
<snake> ok i found the NAT section in my router settings. all i have to do is tell it to switch to "Open" right?
<ikonia> snake: I don't know - thats up to you to configure your router
<entropy4> ikonia i guess one way around this would just be to setup static dhcp for my server
<snake> hmm.. alright thanks for the help anyway.
<entropy4> i will try it
<ikonia> entropy4: simple work around
<ikonia> entropy4: you could also configure dhclient to do a dns update, but I don't know what your router expects
<entropy4> me neither .. its a linksys but its running tomato firmware
<entropy4> hmm, still couldnt get it to work after doing static dhcp, then i found some post on ubuntu forums that said to install samba... i did and now i can ping it by name
#ubuntu-server 2010-11-19
<ikonia> entropy4: the netbios anounce
<entropy4> must be..
 * entropy4 makes a mental note for future occasions
<ikonia> (didn't think that would work to be honest)
<entropy4> the weird thing was that after setting up static dhcp, the dhcp server successfully entered the server's hostname into dns (confirmed by nslookup from windows box) but i still couldnt ping that hostname
<ikonia> entropy4: what dns service where the windows configured to use
<entropy4> the router
<ikonia> interesting
<entropy4> so ubuntu wasnt responding to pings to its hostname till samba was installed... or something..
<entropy4> anyway thanks for your help ikonia - afk for awhile
<ikonia> entropy4: you fixed it yourself
<ikonia> I would have put money on samba not working
<snake> alright i completly restarted my apache install (all config files and everything) plus i reset my port forwarding on my router. can anyone walk me through setting up apache? (NAT is ON)
<ikonia> snake: what makes you think it's not working ?
<snake> ikonia, i try to connect and it doesn't work
<ikonia> snake: what was your private IP addres? 10.1.1.5 ?
<snake> ???
<snake> you mean my external?
<ikonia> snake: you told me your private IP address earliaer
<ikonia> no your private
<snake> internal?
<snake> i don't know where to find private
<ikonia>  10.0.0.5
<ikonia> you told me it was  10.0.0.5 earlier
<ikonia> is that the right address for your internal address ?
<snake> -_- yes but isn't that IP only on my network?
<snake> yes
<ikonia> snake: correct
<snake> when i type ifconfig
<ikonia> snake: telnet 10.0.0.5 80
<snake> yes that works.
<snake> but
<snake> what about if my friend wants to connect
<ikonia> snake: then it's working and the problem is your nat
<snake> ....
<ikonia> snake: your nat is not working/being blocked
<ikonia> snake: some ISP's won't allow port 80 open
<snake> should i try another port?
<ikonia> snake: up to you, I personally think your nat is not setup
<snake> they don't give me very many options in NAT.
<snake> just 'opened' or 'secured'
<ikonia> what did you chose ?
<ikonia> choose
<snake> opened
<snake> after you told me about nat
<ikonia> snake: have you disabled the firewall on ubuntu, AND the one on the router ?
<snake> hang on, i have to find the one for my router and DESTROY it
<snake> err turn it off
<twb> I have a drbd question
<twb> The example in the ubuntu server guide works by mirroring two disks, one in each host.
<twb> If I want a RAID1 on each host, should I do an mdadm RAID1, and then run drbd on top?  Or can/should I tell drbd to do the local mirroring, too?
<ikonia> twb: for me, I'd use mdadm
<ikonia> twb: raid1 is for local mirroring
<twb> Right, I want a RAID1 array on each host, and then to use drbd to mirror the "master" host's array to the "slave" host's array
<ikonia> twb: seems reasonable
<ikonia> twb: it's device block level so host1@md0 -> host2@md0 seems reasonable
<twb> Nod.
<twb> Also, in lucid can I create a whole-disk drdb-slaved md RAID1, and then create partitions *inside* that?
<twb> HIstorically you couldn't partiton an mdadm array, but IIRC that changed recently
<ikonia> twb: I wouldn't use mdadm on a disk, but only partitions, but that's just my personal experience
<twb> Plan B is to do it the old way -- partition each disk normally, then create raid1 mirror and drdb-slaving for each partition separately
<ikonia> twb: I personally like plan b
<twb> okey dokey
<ikonia> (just personal preference though)
<twb> ikonia: do I have to compile the drbd kernel module?
<twb> Looks like it's using DKMS and choking because I'm in a chroot :-/
<twb> In lucid, what's the option to tell plymouth not to mess with my video at all?
<twb> For some reason I have a faulty host that stops signalling AT ALL when vga16fb/vesafb load
<twb> I've been trying things like vga=normal, video=vga16fb, video=vesafb:disable
<lifeless> twb: I don't remember offhand but its on the wiki under the kernelmodeswitch stuff
<twb> OK, so I have tried to set up drbd per ubuntu-serverguide_10.04, but I can't tell if it's working.
<twb> Is there a channel for drbd?
<twb> On the primary, http://paste.debian.net/100180/
<twb> AFAICT the primary can't see the secondary
<twb> OK, progress: http://paste.debian.net/100181/
<twb> Finally, I found a problem to fix! [  316.949668] block drbd0: The peer's disk size is too small!
<twb> That's it!
<twb> It's working!
<twb> Mua ha ha
<UndiFineD> twb, how many nodes ?
<twb> two
<arrrghhh> three
<twb> UndiFineD: so now I have it working for /srv, I need it to work for /
<UndiFineD> ^^ nice
<uvirtbot> UndiFineD: Error: "^" is not a valid command.
<ashtray> hello
<eagles0513875> hey guys is anyone alive in here  i need some help
<eagles0513875> is it possible to not have ones home folder encrypted after it has been setup that way?
<crimynal> I'm alive but I'm still a bit of a n00b
<eagles0513875> sigh ok
<eagles0513875> i dont wanna have to reformat my server over dovecot not liking an encrypted home dir
<eagles0513875> nobody else here
<eagles0513875> !encryption
<ubottu> For information on setting up encrypted private directories (8.10+) see https://help.ubuntu.com/community/EncryptedPrivateDirectory
<crimynal> what do you know... answer found after hitting page down a couple times
<eagles0513875> waiting on the page to load crimynal
<crimynal> you on a 12 boad modem or something?
<eagles0513875> no
<eagles0513875> university is heavily filtered :(
<crimynal> why the hell would you filter help.ubuntu.com? sounds more like you got put on bandwidth restriction for too much uploading
<eagles0513875> i dont upload
<crimynal> odd
<eagles0513875> we are on a 6mbps adsl connection
<eagles0513875> for close to 450 students
<eagles0513875> ffs
<crimynal> i'm on fios... for just me
<eagles0513875> fios?
<crimynal> yeah... its a verizon service, about 5-7x faster than your university's connection
<eagles0513875> nice
<eagles0513875> at home im on 10mbps cable business line
<ashtray> 6mbps dsl for 400 students?  That cant be right
<eagles0513875> ashtray: ya this school has issues
<eagles0513875> wifi infrastructure sucks major
<ashtray> any trouble loading web pages?
<eagles0513875> ha some pages
<ashtray> i imagine youtube is out of the question
<eagles0513875> they blocked all web based emails like gmail
<eagles0513875> the wiki
<eagles0513875> no
<eagles0513875> funnily enough
<eagles0513875> at least last i checked it wasnt
<eagles0513875> thats messed
<eagles0513875> i managed to get to u tube
<ashtray> If you can watch videos you must be on more than a 6mbps adsl line
<eagles0513875> they take some time to download and buffer
<crimynal> i'm getting 30Mb/s down and 25Mb/s up.... and my school encouraged forwarding your email through gmail
<eagles0513875> im fedup of gmail
<eagles0513875> starting my own business and i setup my own email server for my business running it on my 10mbps atm
<ashtray> what email software are u running
<ashtray> i'm looking for some email software for linux
<ashtray> for smtp
<ashtray> & imap
<crimynal> lamps?
<eagles0513875> crimynal: nope
<eagles0513875> ashtray: im using postfix + dovecot :)
<eagles0513875> dovecot i have setup to use imaps
<ashtray> thats web software crimynal
<eagles0513875> then i have web based squirrelmail
<ashtray> what type of linux are you running
<eagles0513875> just make sure your home directory isnt encrypted
<eagles0513875> ubuntu server lol
<eagles0513875> i followed the guides
<eagles0513875> !dovecot | ashtray
<ubottu> ashtray: IMAP and POP are protocols for fetching email. The officially-supported server in Ubuntu is Dovecot (packages "dovecot-imapd" for IMAP, and "dovecot-pop3d" for POP) - See also !MailServer for information on the SMTP protocol
<eagles0513875> !postfix
<ubottu> postfix is the default !MTA and !MDA on Ubuntu. For help, read https://help.ubuntu.com/community/Postfix and https://help.ubuntu.com/community/PostfixBasicSetupHowto - See also !MailServer
<eagles0513875> thats what im using
<eagles0513875> accounts are system accounts that are checked against the shadow file
<ashtray> !MailServer
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<eagles0513875> lol
<eagles0513875> i have them setup
<eagles0513875> but for some reason dovecot seems to hate an encrypted home directory
<ashtray> I'm going to be using EC2 though.  So my ubuntu will already be setup.  I need to know what i should run for smtp
<eagles0513875> ashtray: you can setup your own personal cloud
<eagles0513875> using ubuntu-server
<ashtray> eagles, stupid question here.... home directory isn't encrypted by default is it?
<eagles0513875> no
<eagles0513875> its specified during installation
<ashtray> didnt think so.  I've been having an RSA problem and thought maybe that was it for a sec
<eagles0513875> and i need to find out if its possible to having it not be encrypted after install
<eagles0513875> ashtray: O_o
<ashtray> i can set up my own personal cloud using ubuntu-server....hmmm
<ashtray> umm whatchou talkin bout eagles
<eagles0513875> !cloud
<eagles0513875> stupid bot
<eagles0513875> hold on ashtray
<ashtray> you mean on ec2 launch an ubuntu instance?
<ashtray> ok
<eagles0513875> no ubuntu instance
<eagles0513875> a private instance for your own personal cloud
<banker247_> hey guys, just installed apache2 and mysql to host my VtigerCRM software i'm working on getting setup.. now that my server is installed and running which user should adminster this server?
<eagles0513875> banker247_: not the root user just your user name you setup on the server then you sudo to edit the conf files etc
<eagles0513875> mysql i would create a 2nd user thats got full permissions and not use the root user for mysql
<eagles0513875> ashtray: http://www.ubuntu.com/cloud/private
<ashtray> i was reading that earlier
<eagles0513875> if your interested in doing something at home no expense and you gain cloud experience
<ashtray> its on canicals server?
<eagles0513875> no
<eagles0513875> your own servers
<banker247_> eagles0513875, i'm a bit confused as to who the "root user" is .. is it my login? that i sudo to root with?
<ashtray> I only have my desktop... is that enough?
<eagles0513875> you need at least 2 machines :(
<banker247_> i only have 1 login for my box.. when i want to run commands as root i sudo
<ashtray> fuck me
<eagles0513875> !language | ashtray
<ubottu> ashtray: Please watch your language and topic to help keep this channel family friendly.
<ashtray> I guess if I want to practice or something I will have to set up a VPC in amazon?
<eagles0513875> !sudo | banker247_
<ubottu> banker247_: sudo is a command to run command-line programs with  superuser privileges ("root") (also see !cli ) . Look at https://help.ubuntu.com/community/RootSudo for more information. For  graphical applications see !gksu (Gnome, XFCE), or !kdesudo (KDE). If you're unable to execute commands with  sudo see: http://www.psychocats.net/ubuntu/fixsudo
<ashtray> thats just as good right?
<eagles0513875> banker247_: you would sudo from your current account your on lets say if its banker247_  you just run sudo COMMAND password you used to login
<eagles0513875> ashtray: everyone has their own opinions about things
<ashtray> your opinion?
<eagles0513875> being a student and on a tight budget
<eagles0513875> i would setup a small one on my own hardware
<banker247_> eagles0513875, yup thats what i've been doing.. so by what you're saying when i did sudo apt-get install apache2 the apache2 installed under root?
<banker247_> ashtray, you can build your own box fairly good quality with under 100 bux ;)
<eagles0513875> thats the onlyw ay youll be able to install anything as there are some locations for files like /etc you cant modify without being sudo
<ashtray> I dont have 100.  I'm poorer than a college student.  lol
<banker247_> ashtray, you in USA?
<eagles0513875> lol
<ashtray> yeah virginia
<eagles0513875> ashtray: i am a student with no job
<ashtray> near DC
<banker247_> over 18?
<ashtray> yeah
<eagles0513875> and here i am working on starting my own business
<banker247_> calla craigslist add mow do some gen labor and you can make few hundos
<banker247_> ;)
<banker247_> anyhow.. check craigslist sometimes people are GIVING.. away computers
<banker247_> broken ones or what not.. just salvage em..
<eagles0513875> thing is banker247_
<ashtray> what about a ppc?
<ashtray> Could I just use a ppc as my second computer?
<eagles0513875> from what i was told you need a machine that supports virtualization at the hardware level
<eagles0513875> ppc = pocket pc
<ashtray> oh ok
<eagles0513875> with out hardware virtualization performance is lacking
<ashtray> i didn't think older machines would support virtualization
<banker247_> doesn't need to be older.. sometimes people give away new broken stuff
<banker247_> or a business going out of business liquidates.. its all over just look around
<banker247_> i'm 27... been toying with computers since i was 12 or so.. i used to build my own just from hitting up local businesses and taking their broken things.. i dont know if things have changed..
<banker247_> but i mean.. alot of these rigs within 5 years are comming with decent vid cards in them..
<eagles0513875> ya but you dont need a fancy graphics card for a server banker247_
<banker247_> here's a good starting point.. go on craigslist.. check your local area.. search for free
<ashtray> good idea
<banker247_> eagles0513875, yea thats what i mean.. so he shouldn't have a problem
<banker247_> ashtray, or get a job ;)
<ashtray> okay and back to reality ;)
<eagles0513875> im thinking of building a new i7 desktop and turning my core 2 quad into a server
<eagles0513875> have to wait for its ram to return had to rma back to corsair
<banker247_> ashtray, i gaurantee.. if you put effort into it you can find what you need via craigslist or garage sales.. if you don't want to get a job.. i mean there are ways of getting things done my friend
<ashtray> so what should the minimum specs be on a computer for virtualization?
<eagles0513875> ram is key
<eagles0513875> the more ram the more vms you can fit on it
<eagles0513875> my quad has 8gb of ram
<eagles0513875> so i coudl support up to 8 vms with 1gb per vm
<eagles0513875> or less or more
<eagles0513875> depends
<banker247_> eagles0513875, i've been learning linux for the last 6 months or so and i have to ask.. linux power users i'll assume you'd be one.. do you guys do pretty much everything out of the CLI? or you use the GUI at all really?
<eagles0513875> banker247_: on ubuntu there is a file called the sudoers file
<eagles0513875> and if a user is in there then they have super user privs
<eagles0513875> if not they are a normal user with out super users privs
<banker247_> eagles0513875, that went above my head
<eagles0513875> !root | banker247_
<ubottu> banker247_: Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<ashtray> haha
<eagles0513875> wb ashtray
<eagles0513875> wait you didnt leave that was someone else
<ashtray> nope.  i'm waiting for the movie Inception to finish unzipping.  Then I'm off to windblows because ubuntu can't play 1080 that well.
<ashtray> This movie is has so far taken 10 minutes to unzip and its not finished.  insane.
<eagles0513875> this makes no sense
<eagles0513875> any dovecot experts in here
<eagles0513875> hey coffeedude
<eagles0513875> mornign twb
<eagles0513875> any dovecot experts in here i have a question
<eagles0513875> and something im rather puzzled about
<eagles0513875> drwx------ 18 jonathan dovecot     4096 2010-11-19 06:41 Maildir <--- when the group is dovecot my email works like a charm when the group is jonathan like it says in the wiki i have permission issues
<eagles0513875> my home directory where my Maildir is is encrypted im not sure if that has anythign to do with it
<ikonia> eagles0513875: unencypt it, or re-create the partition
<ikonia> twb: how did you progress with your mirroring ?
<eagles0513875> ikonia: do you have any site i have been searching for something that will tell me how to permanently unencrypt my home directory but cant find anything
<twb> drbd or aoe?
<ikonia> eagles0513875: how did you encrypt it ?
<ikonia> twb: drbd
<eagles0513875> ikonia: during install it asked me if i wanted to encrypt my home directory and i hit yes and i checked and its using encryptfs
<ikonia> eagles0513875: if it was me, I'd copy the data off, blank the partition and put the data back
<eagles0513875> :-/
<eagles0513875> how does it work though with the group as dovecot and then if i change the group to jonathan it gives me hell
<ikonia> eagles0513875: or your could look on the first hit on google http://virtually-a-machine.blogspot.com/2010/08/howto-disable-ecryptfs.html
<eagles0513875> thats what im still trying to figure out and understand
<ikonia> eagles0513875: what are you on about "groups"
<eagles0513875> drwx------ 18 jonathan dovecot     4096 2010-11-19 06:41 Maildir <--- if i change dovecot to jonathan i get an error which complains about the /home/jonathan/Maildir not haveing +w which it does
<ikonia> eagles0513875: not for the user dovecot it doesn't
<ikonia> or ght egroup
<ikonia> eagles0513875: look at your permissions only the OWNER has permissions
<ikonia> dovegot is the group
<ikonia> dovecot even
<eagles0513875> i know but when i have the group set to jonathan though
<eagles0513875> i get this error Nov 19 08:53:23 eagle dovecot: IMAP(jonathan): mkdir(/home/jonathan/Maildir/cur) failed: Permission denied (euid=1000(jonathan) egid=1000(jonathan) missing +w perm: /home/jonathan)
<eagles0513875> the permissions are right according to the wiki i chmod 700 on that folder and all subfolders
<ikonia> shouldn't be 700 on all sub folders
<eagles0513875> the wiki says otherwise
<eagles0513875> the ubuntu dovecot wiki
<ikonia> eagles0513875: show me the URL
<twb> ikonia: I got it working for /srv, but not booting from drbd
<ikonia> twb: ahhh booting, bold move.
<eagles0513875> https://help.ubuntu.com/community/Dovecot ikonia
<ikonia> eagles0513875: then it's wrong
<eagles0513875> what should the appropriate permissions on the directory be
<eagles0513875> as well the user and group are fine as is?
<ikonia> eagles0513875: your running the dovecot process to delivery mail - it's the group dovecot, how can something with no access that directory be expected to deliver mail
<ikonia> or "read mail" I should say
<ikonia> not deliver
<eagles0513875> ikonia: it doesnt deliver it but when i restart dovecot it works
<eagles0513875> which i find very odd as well
<eagles0513875> so the way it is now is ok the way i have it?
<eagles0513875> ikonia: the way i have it now is fine or its still not right?
<ikonia> hang on
<ikonia> just taling to someone
<eagles0513875> ok
<ikonia> talking even
<ikonia> eagles0513875: your just using dovecot for imap yes ?
<eagles0513875> imaps yes
<ikonia> so the permissions on your home dirs maildir needs to be something that obviously you own, but dovecot can read/write to - what user are you running dovecot as ?
<eagles0513875> ikonia: thats the htop past of all dovecot related threads
<ikonia> ?
<ikonia> what is
<eagles0513875> whoops
<eagles0513875> here it is sry bout that ikonia http://pastebin.com/TNcAhrST
<ikonia> eagles0513875: I don't want a process list
<ikonia> eagles0513875: I want to know what user your running dovecot as
<eagles0513875> how can i determine that
<ikonia> eagles0513875: your running your own business as an ISP and hosting provider, come on
<eagles0513875> right now email im using for personal email nobody else
<ikonia> so ?
<ikonia> as someone who runs a hosting business for companies, you should be able to tell me what user a process is running as
<eagles0513875> root
<ikonia> are you sure ?
<eagles0513875> yes
<ikonia> so then the group/user permissions would not matter as root can do what it wants
<rdw200169> heh, this is fun to watch...
<eagles0513875> ok ikonia
 * eagles0513875 has to head to class
<eagles0513875> thanks for your help ikonia
<ikonia> I thought you'd have to leave
<ikonia> and your welcome
<rdw200169> no no, come back, i haven't finished my popcorn!
 * eagles0513875 slaps rdw200169
<eagles0513875> ikonia: last question
<eagles0513875> where would be the best place to discuss wiki updates
<ikonia> eagles0513875: you can change the wiki - it's public
<eagles0513875> ok might just end up doing that
<ikonia> change it to what ?
<ikonia> what needs changing
<eagles0513875> not entirely but the dovecot one needs some updating
<ikonia> from what I'm reading it looks fine
<eagles0513875> what bout the cmod -R 700 the step before that
<ikonia> why ? what's wrong with it
<eagles0513875> myuser mygroup would be jonathan jonathan
<ikonia> that's fine, your running dovecot as root
<eagles0513875> humm ok
<eagles0513875> if i wasnt
<ikonia> but you are
<eagles0513875> just a curiosity question here
<eagles0513875> if i wasnt though
<eagles0513875> the user would be jonathan jonathan or jonathan dovecot
<ikonia> why would you change a guide to something your not
<ikonia> but you are
<twb> I have new 2TB disks.  the installer wants me to create GPT disk labels; is there any reason I *should not* continue using msdos disk labels?
<ikonia> eagles0513875: think about it - something would need to write the that dir, the writing thing would need write access to mail dir to read/write to your mail box
<ikonia> twb: I believe msdos partitions can't support 2TB partitions
<ikonia> twb: I actually think eagles0513875 had his issue a while back
<eagles0513875> ya i did
<twb> ikonia: partman seems to disagree, fwiw
<eagles0513875> but ikonia turned out bad ram
<eagles0513875> errors galore
<eagles0513875> just sent it rma
<ikonia> eagles0513875: your disk problem turned out to be ram
<ikonia> really ?
<eagles0513875> ikonia: ill see once i get the ram back if i still have issues or otherwise
<ikonia> how odd/interesting
<eagles0513875> if the user and group are jonathan and the folder has rwx access shouldnt that still work
<eagles0513875> or would the group need rwx permissions as well
<ikonia> eagles0513875: it doesn't matter your running as root
<eagles0513875> ok
<shauno> it's not running as root
<ikonia> if your running as root it can go through those permissions fine
<ikonia> shauno: he said it was ?
<shauno> http://pastebin.com/CTi5QMqv  dovecot-auth and saslauthd are root, everything else is user dovecot, or user jonathan
<ikonia> shauno: exactly
<shauno> /usr/sbin/dovecot is running as root, but not all it's children are
<eagles0513875> ill be back
<eagles0513875> need to relocate
<eagles0513875> back
<eagles0513875> shauno:  is the user and group fine as jonathan dovecot?
<ikonia> eagles0513875: it depends who owns the process
<ikonia> if the process is owned by dovecot as your ps shows - no
<ikonia> as how can the user dovecot access something it has no access to
<ikonia> if the process is owned as Jonathan, then yes, as jonathan owns it
<ikonia> work it through in your head
<eagles0513875> since the ps shows a mix what do i do?
<ikonia> eagles0513875: I would suggest shutting everything down, and then on restart watch what happens
<eagles0513875> start up starts up fine im going by what is written in the logs
<ikonia> I didn't say it won't start up
<ikonia> I said watch what happens
<ikonia> what processes are running at start and owned by who
<eagles0513875> and now apache is acting up O_o cuz squirrelmail isnt loading
<ikonia> what happens when you connect - who luanches that process
<eagles0513875> parent process is started as root
<eagles0513875> child processes are dovecot ikonia
<ikonia> eagles0513875: ok - so work it through, if the directory is owned by Jonathan, and only the owner has access, will they be able to read/write to your maildir ?
<eagles0513875> so the group dovecot needs rwx permissions as well
<ikonia> eagles0513875: well, that's one possible solution, or make the process start as the mailbox owner (which it should do when you connect and auth)
<ikonia> eagles0513875: just work it through logically
<eagles0513875> ya i am will adjust the group permissions to have rwx
<soren> twb: "msdos" part tables support up to 2 TB.
<eagles0513875> thanks ikonia
<soren> twb: I'm not sure why the installer would switch to GPT if it's smaller than that.
<twb> My disks are labelled 2tb (i.e. equal, not less)
<soren> twb: That could mean at least 3 different things.
<twb> SCSI1 (0,0,0) (sda) - 2.0 TB ATA WDC WD2001FASS-0                                                                                                 â
<twb> ...according to partman
<soren> 2*10^12 bytes, for instance.
<twb> I don't think I've *ever* seen an HDD manufacturer that provided disks in GiB / TiB units
<soren> Or 2*1024*10^9 bytes. Or 2*1024^2*10*6 bytes.
<soren> twb: You mean specifically stating that it's "TiB" rather than "TB"?
<ikonia> soren: if the disks ship with a gpt table on them, the installer leaves it alone
<twb> No, I mean *delivering* 2**31 bytes when I ask for 2TiB
<soren> ikonia: Good point.
<ikonia> soren: I've got a 1TB disk that came with a gpt table on and ubuntu offered up gpt
<soren> twb: Ah.
<twb> ikonia: I'm in priority=low and clicking on the disk, to create a new disk label
<soren> twb: Ah, right. Well, the part table limit is 2 TiB, so 2 TB should be fine.
<eagles0513875> soren: you experiencing any issues with 2tb
<twb> btw, debian's d-i daily does the same (defaults to gpt on these disks)
<soren> eagles0513875: Largest disk I have is 1TB, so no :)
<twb> 1953514584 is the size reported by /proc/partitions
<twb> So actually *less* than 2TB (SI units)
<eagles0513875> ikonia: hopefully some new ram will fix my issues installing to my 2tb drive
<ikonia> eagles0513875: what made you think it was bad ram ?
<eagles0513875> ikonia: ran memtest for 12 hrs
<twb> Presumably they'll claim the "missing" 2% is for bad block replacement
<eagles0513875> came up with over 400 errors
<ikonia> eagles0513875: ahh, a very good sign
<eagles0513875> viva corsair  life tiem warrenty
<eagles0513875> submitting rma request and they got back to me in 25 min that they approved my rma
<eagles0513875> !watchdog | eagles0513875
<eagles0513875> ikonia: is there a wiki floating around for setting up watchdog?
<ikonia> eagles0513875: I have no idea, have a look
<eagles0513875> im looking on google and its not turning up anything for me
<eagles0513875> ill keep hunting
<eagles0513875> guys i am having a funky issue with squirrelmail and apache2
<eagles0513875> sometimes it doesnt load squirrelmail
<eagles0513875> but lets me see all the dir's i have in /var/www
<eagles0513875> and then after 5 min it will load squirrelmail
<ikonia> what does the log file say when you try to access it and it fails
<eagles0513875> ikonia: nothing in theapache 2 logs are showing out of the ordinary
<ikonia> eagles0513875: do you see the access request hit the log?
<eagles0513875> no
<eagles0513875> wait let me look again
<eagles0513875> not seeing anythign out of the ordinary in the log
<ikonia> I didn't ask for anything ordinary, I asked a clear and simple request for information
<ikonia> eagles0513875: do you see the hit request in the log, yes or no
<eagles0513875> no
<ikonia> eagles0513875: ok - so how do you expect it to work
<ikonia> that is out of the ordinary
<ikonia> you make a request and you don't see the hit in the log
<ikonia> that means it's not hitting the server
<ikonia> so how would the server ever respond
<eagles0513875> let me look again
<ikonia> as before, walk it thorugh
<ikonia> through
<eagles0513875> which apache log
<ikonia> eagles0513875: !!!!
<eagles0513875> ?
<ikonia> eagles0513875: you are running a web hosting business
<ikonia> eagles0513875: how can you not know this
<ikonia> eagles0513875: is it running off the root domain of the box
<eagles0513875> [Fri Nov 19 10:21:44 2010] [error] [client 194.204.113.45] PHP Notice:  Undefined variable: default_folder_prefix in /usr/share/squirrelmail/include/load_prefs.php on line 109, referer: http://webmail.eagleeyet.net/src/right_main.php
<eagles0513875> thats all i get in the erro log relateing to squirrelmail
<ikonia> eagles0513875: does that time stamp corrispond with your hit request ?
<eagles0513875> yes
<eagles0513875> from earlier havent tried again now
<ikonia> oh come on
<ikonia> help us to help you
<ikonia> your saying its failing
<ikonia> check !
<eagles0513875> seems to be behaving now
<ikonia> when it fails - work it through, apply common sense
<eagles0513875> ok
<ikonia> then what's left is the provlem and we can work it through
<ikonia> problem
<ikonia> I suggest clearing your logs also, so the next time you get an error, you know it's not an old entry
<eagles0513875> ok
<ikonia> eagles0513875: I'd seriously thinnk about trying to run a web hosting business....seriously
<twb> soren: I'm going to do one scratch install, just to see how borked gpt is (particularly gpt+extlinux)
<twb> soren: then I'll go back to msdos because I understand it
<ikonia> twb: gpt has good support
<twb> ikonia: gptmbr.bin isn't exactly intuitive.
<ikonia> yeah, I'll agree on that
<twb> If you can help me work it out, I'd appreciate it
<ikonia> I'll certainly try
<ikonia> I only really use GPT with IA64 HPUX and it handles it different
<ikonia> well, and on my mac, but I never mess with that
<twb> http://git.kernel.org/?p=boot/syslinux/syslinux.git;a=blob_plain;f=doc/gpt.txt;hb=HEAD
<ikonia> ughh, this looks fun
<eagles0513875> sob :( think they blocked ssh port
<jpds> Hmm.
<twb> eagles0513875: run your sshd on 443, then
<eagles0513875> might have to do that
<eagles0513875> twb: but there is something not right though with the connection on campus here
<eagles0513875> its super sluggish in general
<eagles0513875> i think they took dns down :-/ viva windows
<ikonia> what has that got to do with windows ?
<twb> Maybe he thinks windows still uses netbios
<ikonia> who knows
<eagles0513875> no it has AD
<ikonia> so ?
<halvors> Hi!
<ikonia> again - what has that got to do with windows
<eagles0513875> its offtopic im not goign to continue talking bout it.
<halvors> I would provide simple webhosting to my users
<ikonia> because you've just made a stupid comment
<twb> eagles0513875: I don't think AD distributes the hosts database via LDAP.
<halvors> Web, Email, and SSH
<ikonia> halvors: ok - what's up ?
<eagles0513875> this is not home network thsi is school network its all windows mostly
<halvors> Whats the simples whay to create new domains on my server?
<ikonia> eagles0513875: so - if someone takes something down - it won't work
<ikonia> eagles0513875: I've just shut down my email serve "viva linux"
<halvors> Is there some simple hjosting panels i can use, also i will have a solotion that not need SSH to create new domains.
<ikonia> halvors: the hosting tools such as webmin and cpanel don't work well with the default config layouts within ubuntu
<halvors> ikonia: So it's impossible to host simply with Ubuntu Server?
<twb> halvors: webmin and cpanel aren't supported here
<twb> halvors: you could probably make them work if you tried
<ikonia> halvors: I'm not aware of a tool that I'd consider good and stable (and simple) thats secure and compatible with ubuntu's layout, but I don't use such tools so may be out of touch
<twb> halvors: ebox is allegedly blessed by Ubuntu, but I can't vouch for it or support it myself
<HackeMate> good morning
<HackeMate> I beg a few help just for confirm I'm doing it well
<eagles0513875> morning HackeMate :)
<eagles0513875> HackeMate: just ask your question
<HackeMate> I have this local7.* /var/log/dhcpd/dhcpd.log in rsyslog.d, it works well, but now I want to rotate the log daily and as max size 4096
<HackeMate> so in /etc/logrotate.conf I put size=4096k
<HackeMate> and rotate daily
<HackeMate> but it does nothing with this file
<HackeMate> my question is: do I need create a /var/log/dhcpd/dhcpd.log { size=4096k }?
<HackeMate> or the dhcpd/dhcpd.log is wrong
<HackeMate> I swear I was reading the man logrotate for a week but I dont get this, I'm not native english
<anebi> hi, how can i check in init script which user is running the script or his uid?
<twb> anebi: why do you want to know?
<anebi>  twb: i wan to check if the script is started with root and if is, then to run the script with su -c and use other username
<twb> anebi: why?
<twb> Starting your daemon with start-stop-daemon --user nobody would be a better way to go about it.
<anebi> twb: yes, i will change the init script in this format when i get more time, but for now i need to use su - and to check for the user that is running the script
<ikonia> anebi: all init scripts are run as root
<anebi> ikonia: thanks
<www2> hi i want to know suport the bind9 buld form the ubuntu repasetory DLZ as defauld?
<ikonia> www2: DLZ ?
<www2> database suport in BIND e.g. mysql
<ikonia> ooh I don't know, good question
<ikonia> I've never done it with bind -> mysql before
<www2> oke
<mrmist> that sounds potentially painful
<www2> i heft done one time early but on a vm
<www2> as test
<twb> Why not postgres, if you have enough zones to warrant a database?
<soren> Or drizzle.
<soren> twb: Why postgres if all you need is to store simple, structured data?
<twb> Because I've never met a DBA that liked mysql
<soren> I've never met a DBA that liked any DB.
<soren> twb: I've always found that people use PostgreSQL because they need some of the fancier features. If you don't need them, MySQL seems the better choice (since it's (AFAIK) generally faster).
<www2> @soren i agree with you
<twb> The aforementioned DBA bigots explained that mysql is faster because it doesn't implement an actual ACID RDBMS
<www2> and i wand only use as a test server on my privet computer
<twb> That if you went out of our way to configure it to be reliable, it'd be slower than postgres
<twb> Of course, I'm not a DBA, so I'm only speaking second-hand.
<soren> twb: a) InnoDB is ACID compliant, and has been around since forever.
<soren> twb: b) If this is just to store DNS entries, ACID doesn't seem like much of a concern.
<twb> In that case, why SQL/RDBMS instead of something from the bdb/couch/tokyocabinet line of databases?
<twb> Oops, s/couchdb//
<twb> Never mind, I'm just being a bigot and I don't REALLY need to know the answer.
<www2> now i heft install allready instald my sql for my older projects
<www2> brb
<HackeMate> :(
<HackeMate> I just wanted to know if I should put /var/log/dhcpd/dhcpd.log or /var/log/local7
<uvirtbot> New bug: #677411 in tomcat6 (main) "tomcat6-user should include in webapps ROOT, manager, doc etc." [Undecided,New] https://launchpad.net/bugs/677411
<ahaney3> hi, I'm trying to get a webserver running in EC2, when I attempt to ssh via ahaney3@seelabmac1:~$ ssh -i rss.pem root@ec2-174-129-127-238.compute-1.amazonaws.com I get Connection to ec2-174-129-127-238.compute-1.amazonaws.com closed.
<ahaney3> what's my user name?
<jpds> ahaney3: root?
<uvirtbot> New bug: #677413 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.1 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/677413
<RoyK> anyone here that knows a good chassis for a home NAS? preferably something compact that can take, say, 4 SATA drives...
<tmade> Hello everybody. IÂ´m running ubuntu server 10.10 and installed gnome. How can i disable running x? IÂ´ve "update-rc.d -f gdm remove" and i get  "Removing any system startup links for /etc/init.d/gdm ..." but x is still starting!?
<tmade> i want to get konsole login and beeing able to start gnome with "startx"
<tmade> nobody has an hint?
<twb> Has anyone written a free (e.g. Affero GPL) landscape server component?
<ahaney3>  hi, I'm trying to get a webserver running in EC2, when I attempt to
<ahaney3>           ssh via ahaney3@seelabmac1:~$ ssh -i rss.pem
<ahaney3>           root@ec2-174-129-127-238.compute-1.amazonaws.com I get Connection to
<ahaney3>           ec2-174-129-127-238.compute-1.amazonaws.com closed.           [06:35]
<ahaney3> <ahaney3> what's my user name?
<twb> ahaney3: I imagine that depends on what OS image you're running
<tmade> hello, iÂ´ve installed gnome on 10.10 server. how can i start on konsole login? i already run "update-rc.d -f gdm remove" and it worked, but x is still starting!?
<twb> tmade: gdm is not an sysvinit job in 10.04
<twb> Er, from 10.04 onwards
<twb> Instead, it's an upstart job, and you need to go in /etc/init/gdm.conf and modify "start on"
<pmatulis> tmade: you can also edit /etc/default/grub
<tmade> thanks..iÂ´ll try
<tmade> pmatulis: how is grub related to x?
<tmade> pmatulis: what do i have to edit in /etc/default/grub?
<twb> tmade: btw, "konsole" is a KDE terminal emulator.  In english, the text mode is "console" or "fbcon".
<tmade> twb: iÂ´m new on ubuntu...i know about upstart. below start thereÂ´s "start on (filesystem           and started dbus           and (drm-device-added card0 PRIMARY_DEVICE_FOR_DISPLAY=1                or stopped udevtrigger))". How to edit? I expected there are runlevels defined!?
<twb> tmade: just comment out the entire "start on" line(s)
<tmade> twb...ok, console
<patdk-wk> I don't think runlevels have existed for a long time now
<patdk-wk> it's all emulated
<tmade> ah..that easy. IÂ´m an experianced linux user(mainly on rhel), but ubuntu is that different...
<twb> patdk-wk: he's quoting runlevel events, which still exist in upstart
<twb> But you're right that they're basically spoofed
<tmade> why?
<tmade> for me it is great
<tmade> ..like it was :-)
<twb> Which, of course, leads to tmade's problem of being unable to disable gdm by simply putting "runlevel 3, please" in his bootloader
<twb> (Which is the old RH way.)
<ScottK> Even pre-upstart, runlevels in Ubuntu didn't work like on RH.
<twb> true
<tmade> ok
<tmade> why is runlevel 2 on ubuntu the same like on all other distribution i know runlevel 3. there isnÂ´t runlevel 3 on ubuntu?
<ScottK> Mentally I find it useful to treat RH and derivatives and Debian and derivatives like they are two different operating systems.
<tmade> Scottk: you are right
<ScottK> On Ubuntu and Debian run levels 2 - 6 do the same things.
<twb> By default
<tmade> what means rl 3 on debian /ubuntu?
<tmade> twb: uncommenting the "start" is working!! thanks...
<tmade> everybody told me "update.rc" to edit services
<twb> tmade: that's the Debian/old way
<tmade> quite frustrating to execute a command and getting exit code 0 without success
<twb> I totally agree
<twb> Also frustrating that you have to edit a free-form text file in order to disable a server
<twb> *service
<tmade> thereÂ´s no other way?
<twb> If there is, I don't know it
<Daviey> hggdh: Around?
<tmade> ok...donÂ´t like this
<tmade> chkconfig is (was) just great
<zul> hello
<tmade> pmatulis: just because of curiousitiy: "you can also edit /etc/default/grub". how can i start/stop services there?
<twb> If apt dependency for me to install a service, but I NEVER want to start it, I can do
<twb> dpkg-divert --rename /etc/init/foo.conf
<twb> haha
<twb> I was trying to edit a file on a remote and getting really confused... until I realized I was in mg, not vi
<twb> "why isn't ^[$ going to the EOL?!"
<uvirtbot> New bug: #677459 in samba (main) "Programs fail to install: package samba-common 2:3.4.7~dfsg-1ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/677459
<soren> twb: Just delete it.
<patdk-wk> the file? or mg? :)
<twb> soren: yeah, good point.  It's a conffile
<soren> patdk-wk: Or the whole server. That should stop it good.
<twb> soren: otoh then I can't bring it back when <users> complain that <avahi> is still needed
<soren> twb: Rename it.
<twb> That's what dpkg-divert did :-{P
<soren> Well, yes.
<soren> I thought you were asking for ways that did not involve dpkg-divert.
<twb> Sorry, no
<soren> I deliver. You complain :)
<soren> If it's not named <something>.conf, upstart ignores it.
<twb> What I want is to prevent services *auto*starting, but still allow auto-stopping and manual stop/start/restarting, *without* editing a file
<twb> i.e. the equivalent of "update-rc.d foo disable"
<twb> The purpose being to allow stuff like puppet to reliably disable services without needing to know how to parse upstart's file format
<soren> twb: Yeah, not sure how I'd do that.
<soren> Daviey: So... Merge proposals would fly through when they were really simple, right?
 * soren twiddles thumbs
<Daviey> soren: Sorry... i hadn't seen the mail yet... but this ping helps you queue jump.
 * twb points at the queue jumper
<soren> Daviey: https://code.launchpad.net/~soren/ubuntu/natty/nova/webob-dependency/+merge/41300
<twb> NORK NORK!
<Daviey> soren: seen it now!
 * soren points at things anyway
<Daviey> soren: 43 mins... pah... that is no patience :)
<twb> Daviey: need to organize an interrupt queue
<soren> Daviey: I am *waiting* for this build to work.
<soren> Daviey: This is the sort of stuff I was talking about.
<Daviey> soren: I should probably comment that you haven't described why that is now a needed dep?
<twb> Dunno about you guys, but I wrote me an imapbiff so rt tickets IRQ me.
<soren> Daviey: Adding another build-dependency is hard to get wrong, and even if I did, fixing it would be a 2 second task.
<twb> http://paste.debian.net/100207/
<Daviey> twb: I can see merit in a indicator widget that pings me when there is a merge proposal waiting on me
<soren> Daviey: You have that, you know?
<twb> soren: irc doesn't count :P
<soren> No.
<Daviey> soren: This is related to the great twisted drop?
<soren> Daviey: No, it's related to changes in the aPI.
<soren> Daviey: We just happen to use webob upstream now.
<soren> Daviey: Without this dependency, crap fails.
<soren> Daviey: I added the dependency because *it was missing*.
<soren> Daviey: Seriously, you expect me to explain why we chose to use webob upstream?
<soren> Daviey: Because, srsly, then you can do this on your own. I don't need this.
<soren> s/explain/justify/ whatever.
<soren> lptools has review-notifier. It tells you when you have reviews to do. It's lovely. Crashy, but lovely.
<Daviey> soren: no... i wasn't asking you to justify why upstream adopted it
<Daviey> soren: I'm not trying to make the process harder... really i'm not
<soren> Daviey: then what *are* you trying to do?
<Daviey> soren: make it "better"
<soren> Daviey: Try harder.
<Daviey> soren: We are a team, right?
<soren> Daviey: Yes?
<Daviey> soren: Improving collaboration.. is what this is trying to achieve
<Daviey> soren: I think waiting 43 mins, and getting frustrated is perhaps unfair on the rest of us.
<Daviey> soren: Equally, you found a few things you weren't happy with on zul's branch... This is what it's all about...  we shouldn't be backing out changes, due to disagreements... it should surely be solved in the merge proposal?
<soren> Look, whatever. I just thought it'd be better for everyone if we all used the same packaging. *You* insisted on reviewing even the most miniscule of detils.
<soren> details.
<Daviey> soren: I can see you are frustrated, and that is not what i want at all.
<Daviey> soren: Do minute changes need reviewing on the upstream branches?
<soren> They do.
<hggdh> Daviey: called?
<Daviey> soren: what is the difference then?
<Daviey> hggdh: hold fire
<soren> Daviey: Openstack has an implicit promise that we keep trunk clean, functional and good.
<Daviey> soren: I'm not trying to dictate a process... i really want your input, if you have suggestions.
<soren> Daviey: a) Ubuntu has no such promise.
<Daviey> soren: The server team want to try and add that :)
<soren> Daviey: b) This is not going to turn into a package in Ubuntu until someone rolls a package out of it.
<ScottK> Daviey: The platform is not releasable at all times, so at least on the surface that sounds like overreaching.
<soren> Daviey: We expect people to be able to take any tarball of Nova and run it.
<soren> Daviey: I don't for a second expect people to grab half-baked Ubuntu versions of packages.
<Daviey> soren: What is the main concern you have?
<zul> dudes....relax
<soren> Daviey: That I have a job I need to do.
<Daviey> soren: Well, we want to help with that... not getting in the way.
<soren> Daviey: ...and now I need to block on stuff for no good reason. A big change to the packaging would be a good reason. Adding a build-dependency is not a good reason.
<soren> I'm not even *adding* a build-dependency.
<soren> I'm documenting it.
<Daviey> soren: If this package ever gets in main, then as you know... we need to justify each depends that isn't already in main.
<soren> You were doing such a good job at keeping this constructive....
<uvirtbot> New bug: #677476 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/677476
<Daviey> soren: ugh?  Sorry, i really am trying.
<soren> Daviey: If upstream adds a dependency (we did), not documenting in debian/control does not "fix" that.
<ScottK> It sounds to me like the review point should be before upload, not at each committ to a packaging branch.
<soren> Daviey: If you have a problem with the dependency, take it up with upstream. We're just trying to package stuff here.
<Daviey> ScottK: Hmm... the trouble with that is bulk...  per-commit review is easy to manage... would you enjoy doing a 1000 line diff?
<soren> Daviey: How's this:
<ScottK> Daviey: No, but I'd be frustrated if I was stuck waiting on reviews for a one liner.
<soren> We all subscribe to changes to the packaging branch, and get to shout and scream if someone does something stupid.
<Daviey> soren: I agree... but this is the Ubuntu package.... with UEC last cycle, we had to patch out some stuff as we didn't have the depends that upstream needed...
<Daviey> So, whilst we ALWAYS want to... sometime we can't always provide the deps upstream needs.
<soren> subversion worked that way for years and years.
<ScottK> Daviey: That's a problem you solve when you have it, not in advance for all possible packages.
<Daviey> ScottK: Within 2 mins of soren asking for the review, it was done and pushed :/
<zul> soren: i think Daviey's point is that he was just asking why it was needed.
<soren> zul: I realise.
<ScottK> Daviey: Certainly, but the review really doesn't add value in this case.
<Daviey> ScottK: This isn't all packages.
<Daviey> ScottK: I disagree.
<zul> and a review was probably not needed in this case
<ScottK> Daviey: The issue isn't the 2 minutes, it's the 45 minutes and the cost of multiple context swtiches.
<ScottK> That sort of thing really screws with developer workflow.
<soren> Daviey: So what would you have expected? A build log from a failed build? Output of "grep -r import.webob ."?
<Daviey> ScottK: Hmm..  I don't think anyone complained of context shifting here. :/
<soren> Daviey: Part of being a team (as you pointed out we were) is trusting each other just a tiny bit.
<ScottK> Daviey: It sounds to me like soren isn't finding the process helpful.
<Daviey> soren: I was confused why it wasn't a needed dep, but now is... When you said it's new upstream, then it solved that concern for me.
<Daviey> ScottK: And the reason we are talking is to try and improve it.
<Daviey> soren: Oh... i don't want you thinking at all, that it's a lack of trust - it's really, really, not.
<matti> What are you talking about folks?
 * matti is trying to make a heads and tails out of the conversation ..
<Daviey> matti: Merge code review, vs just push and maybe ask questions later.
<matti> Ah.
<zul> soren Daviey: in this case it probbaly should be like done on irc saying soren: im adding a build dependency because of so so daviey: ok....there done
<matti> Daviey: Thanks :)
<Daviey> soren: If I make it so merge proposals go to my inbox, and try that nifty widget - that would probably increase the speed i see it... would that help?
<Daviey> (currently Launchpad mail goes into a subfolder)
<Daviey> soren: I think i would benefit from knowing your ramifications of a merge proposal taking an ~hour.
<soren> Daviey: I'm just really, really disappointed that we can't just assume that if I add a build-dependency, it's because it's needed to build the thing.
<Daviey> soren: Hmm.. would it help if we schedule a call?  Sometimes it's easier to thrash this stuff out verbally.
<soren> Daviey: We talked about this face-to-face in Orlando. I raised these concerns then.
<Daviey> soren: I really must insist, it's not a lack of trust or confidence thing
<ScottK> Daviey: To sort of quote Jono, this doesn't sound like a very JFDI kind of process.
<Daviey> soren: It might be valid to note zul's merge proposal from yesterday... He didn't document why he added a dep, and you called him on it?    Whilst i'm in no mind that you know the code better, is this a similar situation?
<Daviey> ScottK: I don't think you are helping tbh.
<soren> Daviey: I *know* zul did not add a dependency on greenthreads upstream.
<soren> Daviey: So why it needs adding in the packaging isn't clear to me. At all.
<soren> ScottK: I do.
<soren> fwiw
<smoser> kirkland, ping
<smoser> Daviey, ping
<ScottK> Thanks.
<smoser> i'd like to put ubuntu packaging branch for euca2ools somewhere. right now i think that kirkland has that at ~core-dev, which is useless for daviey and i
<zul> smoser: are you a member of ubuntu-virt?
<Daviey> smoser: put it in ~ubuntu-virt... that is what we did with euca... and is a good location IMO.
<smoser> yes.
<smoser> thats what i was thinking
<smoser> ok. i'm putting it htere.
<Daviey> soren: I think we can formulate a process that can work...  lets have the weekend to ponder about it?
<soren> Daviey: Are you going to do it?
<Daviey> soren: wassat?
<soren> Daviey: Formulate a process that can work.
<Daviey> soren: No, i mean - lets have the weekend to think about it... and kick off a discussion on Monday?
<soren> Daviey: Formulating from scratch by committee is virtually impossible. Someone usually writes a draft to get started.
<Daviey> soren: Ok, if you are happy for me to do that... i will.
<zul> thats reasonable
<soren> Daviey: Hey, you can draft all you want. Doesn't mean I'll agree :)
<zul> thats not :)
<uvirtbot> New bug: #677485 in tomcat6 (main) "Tomcat 6 installation failure due to sed" [Undecided,New] https://launchpad.net/bugs/677485
<Daviey> soren: Well yes... you can do that... but it would be ideal if we can have a plan we all agree on :)
<soren> Daviey: That's what I'm saying. We can't actually write (as in sit down and type) the thing together.
<soren> Daviey: So someone must write a draft first, and have it discussed/mangled afterwards.
<soren> Daviey: And I'm happy for to draft it.
<soren> Daviey: Err... Happy for *you* to draft it.
<Daviey> soren: Ok, i'm happy to do that
<soren> Daviey: ..then we will discuss that, adjust to make everyone happy (or at least equally miserable) and agree.
<Daviey> soren: So i can better understand the issue can you send me a quick email with your main concerns, and also hilight which circumstances it blocks you as an upstream.
<Daviey> That'll make it easier to come to a resolution i feel
<soren> whereto?
<Daviey> dave@ubuntu.com
<soren> ok
<Daviey> soren: It would also be useful to know what your end goal requirements are.
<Daviey> soren: I appreciate it can also be a challenge being an upstream and a ubuntu developer at times :(
<soren> To be honest... It used to be quite easy.
<zul> soren: i just replied to your merge review from yesterday
 * ttx just read backlog. Happy to contribute to the discussion when we'll have a good starting point
<ttx> fwiw euca packaging was successful by having open branches and whoever released it was supposed to review changes (default to trusted rather than untrusted)
<ttx> We had way more of small incremental packaging improvements from everyone that way.
<ttx> I think new Ubuntu releases should use peer reviewing, not necessarily each commit to a packaging branch.
<ttx> Daviey, soren ^
<ball> soren!
<Daviey> ttx: yeah... the concern I have is a huge diff at the end before upload... although, regular uploads absolves this
<ttx> Daviey: if it's a packaging branch, you just have to review packaging changes, right
<Daviey> ttx: true
<Daviey> ttx: I'm going afk, but i'll keep that in mind and send it on Monday to devel-discuss
<ttx> so unless you review the packaging completely, that should be manageable
<ttx> s/review/change/
<ttx> Daviey: ack
<Daviey> ack... i really need to dash.. but thanks
<smoser> mdeslaur, did you get a response from me on the ssh thread ?
<soren> ball: eh?
<ball> soren: Sorry.  I just haven't seen you for some time.
<soren> ball: Sorry, having trouble mapping "ball" to an actual name.
<ball> soren: ball is my actual name ;-)
<mdeslaur> smoser: yeah, from your gmail account?
<soren> ball: Ah. irssi says your name is "Lay off the cookies" :)
<ball> Oh, that's so appropriate for me this morning. :-9
<mdeslaur> smoser: that's pretty much how I thought it worked, thanks for the clarification
<smoser> ugh.
<smoser> fudge
<eagles0513875> ikonia: there is something that squirrelmail doesnt like is if i change the permissions to rwx for the group O_o
<smoser> i hate iphone
<smoser> :)
<ikonia> eagles0513875: permissions where ?
<eagles0513875> Maildir directory
<eagles0513875> Nov 19 16:00:25 eagle dovecot: IMAP(jonathan): mkdir(/home/jonathan/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1000(jonathan) egid=1000(jonathan) missing +w perm: /home/jonathan)
<eagles0513875> just tried to login right now ikonia
<smoser> mdeslaur, so you would not suggest that we need to turn off password auth then, right ?
<ikonia> eagles0513875: what user id is squriell mail being launched under (unix level id - not application user)
<mdeslaur> smoser: I still recommend we do it...it's just not critical or urgent
<ikonia> (clearly with the correct spelling rather than the utter tosh I've just typed)
<mdeslaur> smoser: do amazon firewall instances between each other? I'm curious now :)
<smoser> your instances can talk to your intsances via internal ips
<smoser> (possibly un-firewalled, but i'm not usre)
<eagles0513875> ikonia: would squirrelmail have a uid if its just runs of apache
<mdeslaur> smoser: can an instance talk to another customer's instance, either using the private ips or using the public ips without going through a firewall?
<mdeslaur> smoser: my questioning is unrelated to ssh :)
<smoser> oh, then i can be more open :)
<smoser> instances can talk on internal IPs
<smoser> so, my ugess, swithout reading, is that firewall applies to internal and external identically
<smoser> i've just not played much with the internal IPs.
<smoser> it would make sense though, especially given a little trick amazon plays to its customers favor
<ikonia> eagles0513875: it's being run as apache then
<smoser> if you lookup a ec2 ip address from internal to ec2, you'll get an internal IP back.
<eagles0513875> ikonia: it be haves fine with the permissions drwx and thats it
<smoser> so that hostname based communication uses internal IP addresses, which gets you reduced rates
<eagles0513875> any other permissions given to the Maildir give problems
<eagles0513875> not only in squirrelmail with thunderbird
<ikonia> eagles0513875: ok - so think it through
<eagles0513875> i reverted the permissions to the way they were before
<ikonia> eagles0513875: first of all, squrill mail does not actually read the Maildir filesystem
<mdeslaur> smoser: I wonder if they isolate customers between each other or if the firewalling is done at the main box that does the NAT
<ikonia> eagles0513875: it makes an imap connect to the imap server and generates html based on that
<eagles0513875> ok
<ikonia> eagles0513875: so if you re-read that error message you'll find it's dovecot that's complaining - not squirellmail
<mdeslaur> smoser: anyway...it's something to put on my free-time to-do list :P
<ikonia> eagles0513875, so lets walk it through again
<ikonia> eagles0513875: what user is owning the dovecot process that squirellmail connects as ?
<smoser> mdeslaur, what do you mean by isolate ?
<mdeslaur> smoser: can customer A port scan customer B via the private network
<smoser> mdeslaur, probably
<smoser> oh
<smoser> wait
<ikonia> smoser: thats a concern
<smoser> probably not
<ikonia> that's less a concern ;)
<eagles0513875> ikonia: the parent process is root all child process are mostly dovecot with 3 imap processes being jonathan
<smoser> mdeslaur, i think not. you can check, but i'm almost certain its no. otherwise, the firewall would be too easily avoided.
<smoser> and thus really, useless.
<ikonia> eagles0513875: ok - so from that, what does that tell you
<mdeslaur> smoser: well, it limits connections from non-customers
<mdeslaur> smoser: malicious customers are easy to punish, malicious internet, not so much :)
<smoser> mdeslaur, that works if your customer base is small
<mdeslaur> true
<smoser> yes, internet much larger than intranet
<smoser> but for amazon, intranet == very large
<mdeslaur> also true
<eagles0513875> ikonia: since the parent process is root just drwx are only needed on the Maildir not for the group as well
<ikonia> eagles0513875: no
<ikonia> eagles0513875: it means there are two different users connecting after the auth, the first one (jonathan) is probably you, the second is probably squirellmail (doevcot)
<ikonia> eagles0513875: do you agree/disagree with that ?
<eagles0513875> correct
<eagles0513875> so i probably need to tweak saslauthd
<ikonia> eagles0513875: ok - so if your connect (jonathan) works it's because you are the owner and has permissions, but if what permissions would you see if you where connecting as the USER dovecot
<eagles0513875> or modify dovecot to allow the same account to access the server more then once?
<ikonia> many users can access the same account, it's imap
<ikonia> eagles0513875: look at the error - it's file system permissions, keep it simple
<eagles0513875> its complaining about +w on /home/jonathan/Maildir
<eagles0513875> which it has
<ikonia> the user jonathan can access your maildir becuse it's the owner, what would happen if the user dovecot tries to access it
<soren> Daviey: Sent.
<eagles0513875> it wont be able to as the group permissions arent set
<ikonia> eagles0513875: there we go
<ikonia> eagles0513875: and what is the error complaining of ?
<eagles0513875> ikonia: Nov 19 16:00:25 eagle dovecot: IMAP(jonathan): mkdir(/home/jonathan/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1000(jonathan) egid=1000(jonathan) missing +w perm: /home/jonathan)
<ikonia> eagles0513875: ok "permission" denied
<eagles0513875> drwx------  7 jonathan jonathan 4096 2010-11-12 11:08 jonathan <-- thats my home folder permissions
<ikonia> eagles0513875: so again - walk it through, the connection is coming from the user "dovecot" does that user have access, no, what is the error "permission denied" what does that tell you ?
<eagles0513875> that i probably need sudo to access the folder
<ikonia> NO!
<eagles0513875> that the groups are missing rwx permissions
<ikonia> eagles0513875: the user dovecot - can that access that folder, no, the error is permission deneid, what do you need to do to resolve that
<eagles0513875> make the Maildir have the user dovecot
<ikonia> NO !
<ikonia> then your user can't access it
<ikonia> look at "group"
<eagles0513875> give the group dovecot rwx access
<ikonia> eagles0513875: is the user dovecot a member of the group dovecot ?
<eagles0513875> your asking if jonathan in my case is a member of the dovecot group
<ikonia> no
<ikonia> I'm not
<ikonia> I'm asking in clear english - is the USER dovecot a member of the GROUP dovecot
<eagles0513875> and yes it is
<eagles0513875> i think i got it O_o
<eagles0513875> no i dont i thought i was on to something
<ikonia> eagles0513875: then you can change the group permissions with confidence
<eagles0513875> ikonia: would adding the users jonathan to the group dovecot work as well?
<ikonia> eagles0513875: if you change the group ownership to dovecot and give it group read/write access, then the user jontahan (you) will have full control, and the webmail cilent (dovecot) will have read-write access
<ikonia> eagles0513875: there is nothing wrong with the user jonathan
<ikonia> why are you even looking at that
<ikonia> think about what I'm saying
<ikonia> the problem is the dovecot user - not jonathan
 * eagles0513875 re reads again
<eagles0513875> ok
<qman__> chgrp dovecot /home/jonathan/Maildir; chmod g+rwX /home/jonathan/Maildir
<eagles0513875> qman__: i think i got it solved
<eagles0513875> thanks ikonia
<b0gatyr> greetings
<ikonia> eagles0513875: are you sorted now ?
<eagles0513875> si senor (yes sir)
<ikonia> excellent
<ikonia> well done
<kirkland> mathiaz: ping
<mathiaz> kirkland: o/
<kirkland> mathiaz: can you mumble or phone?
<mathiaz> kirkland: sure
<kirkland> mathiaz: what's your preference?
<zul> soren: done
<kirkland> mathiaz: ?
<kirkland> mathiaz: we lost you on mumble
<uvirtbot> New bug: #677535 in dhcp3 (universe) "package dhcp3-server (not installed) failed to install/upgrade: cannot access archive: No such file or directory" [Undecided,New] https://launchpad.net/bugs/677535
<twb> GRAAH
<twb> lxc 0.7's lxc-ubuntu template generates a rootfs that works
<twb> I modify it slightly, and mine doesn't work
<nigelb> zul: hi, just wanted your take on the patch in bug 382832
<uvirtbot> Launchpad bug 382832 in libnss-ldap "Need comment for line added to /etc/ldap.conf by nssldap-update-ignoreusers(8)" [Wishlist,Triaged] https://launchpad.net/bugs/382832
<nigelb> you had +1'd it a while back
<zul> nigelb: yeah I havent had a chance to get to it yet
<bluethundr> we have our sudoers stored in LDAP on our network
<nigelb> zul: Can I help in anyway?
<bluethundr> under centOS this works by setting up /etc/ldap.conf to talk to the ldap server and setting up files ldap in nsswitch.conf
<nigelb> forward it upstream, debdiff it.. anything I can do?
<zul> nigelb: sure a debdiff would be nice :)
<nigelb> zul: awesome! on it!
<bluethundr> I have the same settings in ubuntu 9.10 but for some reason sudo does not work here as it does under CentOS
<bluethundr> I thought for a moment that LDAP resolution under Ubuntu may look to /etc/ldap/ldap.conf on the client side, but putting sudoers_base in there doesn't seem to do the trick either
<nigelb> zul: there is also bug 644632 with a patch.  Can you take a quick look so I can package it together?
<uvirtbot> Launchpad bug 644632 in libnss-ldap "nssldap-update-ignoreusers needs to be configurable to ignore users" [Low,New] https://launchpad.net/bugs/644632
<bluethundr> also getent passwd and getent group talks to ldap just fine on the ubuntu box
<zul> nigelb: im ok with it
<nigelb> zul: cool, I'll put boht of them onto one debdiff
<eagles0513875> ikonia: sry to bother ya again but what exactly is this telling me Nov 19 16:45:50 eagle dovecot: IMAP(jonathan): fchown(/home/jonathan/Maildir/dovecot-uidlist.tmp, -1, 114(dovecot)) failed: Operation not permitted (egid=1000(jonathan), group based on /home/jonathan/Maildir
<patdk-wk> eagles0513875, I thought we went over that a few days ago, your using encrypted home dirs
<eagles0513875> patdk-wk: ikonia helped me today and all permissions issues are resolved now
<patdk-wk> ah
<patdk-wk> you turned off encrypted home dirs?
<eagles0513875> no
<eagles0513875> still encrypted
<ikonia> eagles0513875: it doesn't work with encypted file systems
<eagles0513875> ahh i was thinking permission issue possibly again on that particular file in the directory
<ikonia> eagles0513875: there are a few notes on the web that say it doesn't like encypted file systems, they may be wrong but a few people appear to be having issues with it, so I'd at least have %50 confidence that it doesn't like encypted file systems
<eagles0513875> ya im regretting encrypting my home dir
<patdk-wk> the solution is pretty simple though
<patdk-wk> don't store your email in your home dir
<patdk-wk> or unencrypt
<ikonia> the permissions issues appear to be fixed, but from what I'm reading this is beyond that
<eagles0513875> ikonia: thing is it seems to work i can send and recieve emails just fine
<ikonia> eagles0513875: that's not dovecot
<ikonia> dovecot doesn't send mail
<patdk-wk> dovecot doesn't even receive, unless you use it's lda
<qman__> operation not permitted generally means something being made impossible
<qman__> apparmor/selinux, encrypted file systems, that sort of thing
<surajram> Hello! I am going to try out Ubuntu Private Cloud, and was wondering if the cloud controller can also act as a node controller.
<uvirtbot> New bug: #638145 in eucalyptus "metadata service returns 500 error on Lucid" [Undecided,New] https://launchpad.net/bugs/638145
<ScottK> mdeslaur: I'm thinking the "here's what you do to SSH" stuff should be in the server guide too if it's not.
<mdeslaur> ScottK: it's liked in the server guide
<ScottK> OK.
<mdeslaur> s/liked/linked/
<talntid> I can't get pptpd VPN to work. It used to work just fine, but then stopped. I am not getting errors in logs, but it doesn't connect.. any suggestions for troubleshooting?
<talntid> on the client, it says: anon warn[open_inetsock:pptp_callmgr.c:326]: connect: Connection refused
<talntid> | anon fatal[callmgr_main:pptp_callmgr.c:124]: Could not open control connection to SERVERIP
<c0nv1ct> "Connection refused" implies the port is closed, can you netcat to it?
<talntid> I have never uses netcat
<talntid> used
<c0nv1ct> just try a simple connection: nc ipaddress port
<talntid> installing
<c0nv1ct> if it is refused then either it is filtered or nothing is listening
<talntid> conn refused.
<c0nv1ct> or it is the wrong port :)
<talntid> lsof -i :1723 shows nothing... hmm
<amokpaule> Hello, can i dissable the login for a certain user but this user should still be able to work in the system. Same as it can be set for the root acc?
<remix_tj> amokpaule: passwd -l user
<remix_tj> this command sets his password as expired and the user can not login
<remix_tj> but can be used as user
<amokpaule> Many thanks :)
<zul> SpamapS: ping
<zul> SpamapS: ill be adding your plymouth apache passphrase thingy tonight
<snake_> Is there a diagnostic for checking why an apache server does not work.
<Pici> snake_: Define 'does not work;
<Pici> !doesntwork
<ubottu> Doesn't work is a strong statement. Does it sit on the couch all day? Does it want more money? Is it on IRC all the time? Please be specific! Examples of what doesn't work tend to help too.
<SpamapS> zul: cool! I think it needs a little polish.. haven't looked at it since rc
<zul> SpamapS: we might remove it later on if plymouth gets fixed properly
<SpamapS> zul: plymouth does the right thing I think
 * SpamapS is finding it hard to concentrate, as the starbucks he has selected to finish his afternoon in has become overrun with shrill high school gossip girls..gggaaahhhh
<snake_> Pici, oh sorry. i have help somewhere else now. (but they asked the same thing lol)
<SpamapS> omg but then like I just and like my besfriendislike omg fmliwilljusttextyouandlikeletsgo to denver
<SpamapS> =-o
<Pici> snake_: Yeah, I saw. ;)
<snake_> where do i change the settings of my port number and ip address for apache2?
<SpamapS> snake_: /etc/apache2 , there are a few ways to do it depending on what you want. You want the Listen directive most likely
#ubuntu-server 2010-11-20
<SpamapS> zul: every time I do bug triage I'm reminded that we REALLY need to go over the mysql maintainer scripts and figure out why they never seem to work right. ;)
<ewook> SpamapS: that sounds like a great idea. who thought using service for managing it a better idea? ... *grumbles*
<SpamapS> ewook: service isn't allowed in maintainer scripts. ;)
<SpamapS> ewook: I actually think there's a race condition in /lib/init/upstart-job .. but smarter people may disagree or feel its not as important as I do.
<ewook> well, count me out of the smarter part :P
<mdeslaur> SpamapS: oh, please please please! :)
<ewook> I thought you were talking about the package in general
<mdeslaur> SpamapS: every security update, I see the massive amounts to failed to upgrade bugs that get filed
<SpamapS> mdeslaur: I think there are two problems. One is that we aren't trusting dh_installinit ... the other is, I think, the upstart-job race condition.
<SpamapS> but.. we'll see... I've added it to my todo list. :)
 * SpamapS signs off for a bit
<iclebyte2> has anyone had trouble with 'screens' not updating in zabbix?
<Dravekx> what's the difference between 10.10 and 10.10LTS ?
<Pici> Dravekx: 10.10 is not an LTS release.
<Pici> !lts
<ubottu> LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server. The current LTS version of Ubuntu is !Lucid (Lucid Lynx 10.04)
<Dravekx> ahh.
<Pici> LTS releases come out every two years. So: 6.06, 8.04, 10.04, etc.
<Dravekx> Pici, thx
<Pici> Dravekx: sure
<centaur5> Any ideas on how I can find out why jesred isn't redirecting any traffic from squid? No configuration changed but it quit working and I can't find any error logs for jesred. Is there anything that can tell me what's happening?
<Evanah> hi
<Evanah> anyone here? i need help with running a game under wine, after installing and trying to run it an error pops out saying: "Failed to initialize direct3D. Aborting." does anyone know how to fix this?
 * ball is not here.
<ball> Evanah: You're running a game on Ubuntu Server?
<Evanah> no, i just need help with this so i came here, cause i'm desperate and can't solve this, i've tried ubuntu forums and all
<Evanah> this is my first time here, sorry if i'm asking for help in a wrong place
<ball> Evanah: Where do you live?  There may be a regional Ubuntu channel where you can find help.
<Evanah> Serbia, Europe..
<Evanah> ok i won't bother u anymore, thnx anyway;)
<ball> Evanah: Don't leave yet, I'm trying to look something up for you.
<ball> Have you asked in #ubuntu-cs ?
<ball> Oh hang on, that forwarded me to #ubuntu-cz for some reason
 * ball is confused
<Evanah> no, but i see now there's just "ubuntu" chat room, not ubuntu-server :) i'll try there
<Evanah> thanks again bye
 * ball gives up
<mike929031238120> hey im having trouble finding a link to an iso for ubuntu server ppc
<mike929031238120> nevermind. cdimage.ubuntu.com is where it's at
<MTecknology> Using this - http://dpaste.com/277575/ - I have php working - be every so often I seem to get 502 errors. Any ideas why that would be happening?
<uvirtbot> New bug: #431008 in clamav (main) "Reverts permissions on milter socket on upgrade" [Undecided,Expired] https://launchpad.net/bugs/431008
<MTecknology> Any ideas how to revert to a specific revision in subversion?
<Dravekx> is there a way to re-install ubuntu server via remote ssh?
<Dravekx> can someone tell me what the purpose of 10.10 is (since 10.04 LTS seems like the better standard) ?
<eagles0513875> was giving me issues again ikonia so i guess i have to setup a 2nd account with an unencrypted home direcotry
<uvirtbot> New bug: #677764 in vsftpd (main) "package vsftpd (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/677764
<icekk> Hi, I installed cvs on my ubuntu box, can log into it from the box itself, but connection is denied when another box tries to connect
<icekk> any ideas
<maddog> hiho
<maddog> i have a strange problem with one of my ubuntu servers (10.10), the server has a hardware raid 6 and a crypto volume on that. when i copy data via cifs on that volume, the complete server hangs every 300mb for some seconds and then continues as if nothing happened
<uvirtbot> New bug: #677790 in ntp (main) "package ntp 1:4.2.4p8 dfsg-1ubuntu2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/677790
<uvirtbot> New bug: #677799 in backuppc (main) "Please merge backuppc 3.2.0-1 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/677799
<apporc> Hi everyone, Is it that xen is not supported in 10.04?
<apporc> : Hi everyone, Is it that xen is not supported in 10.04?
<apporc> : Hi everyone, Is it that xen is still not supported in 10.04?
<uvirtbot> New bug: #677822 in naturaldocs (main) "[MIR] naturaldocs" [Undecided,New] https://launchpad.net/bugs/677822
<eagles0513875> hey guys
<eagles0513875> hey ikonia
<StrangeCharm> i'm trying to use the partition manager on the install disk. i can't seem to set my /boot partition as bootable. what am i doing wrong?
<Dibbler___> hello , can someone that has hands on experience with this matter , if there are noticable speed differences when installing ubuntu completely encrypted , i need to set up a remote unmanaged pc which at some points may contain sensitive data ..
<Dibbler___> i am mostly worried about overhead when doing things like unpacking a few gigs of rar or 7zip files
<ikonia> Dibbler___: sorry, not following what your asking
<Dibbler___> humm , ok ,
<Dibbler___> i am installing a new copy of ubuntu server , i am considering the option of encrypting the whole thing when enstalling
<Dibbler___> since thes erver will be standing somewhere ... public.
<Dibbler___> installing sorry
<Patrickdk> depends on the cpu
<Patrickdk> but even my cellphone does aes256 at 24MB/sec
<Dibbler___> it's a crappy 1 core athlon at 1.2 ghz
<Patrickdk> most real cpu's these days should give you a good 100MB/sec
<Patrickdk> oh, that is going be lie 30MB/sec
<Patrickdk> and I dunno why you would ever worry about rar or 7zip
<Dibbler___> meh
<Patrickdk> even if you used raw disk without anything, those would still be unbearably slow
<Dibbler___> well anything basically
<Dibbler___> i was juat taking it as an example
<Dibbler___> any file transfers
<Patrickdk> like I said, it will cap out at 30MB/sec
<Patrickdk> you have to pick if that is usable for you or not
<Patrickdk> what drive you putting in it?
<Dibbler___> old pata 80 gig
<Patrickdk> so that will crap out at 50-60MB/sec
<Dibbler___> yes
<Patrickdk> so as long as you don't use the cpu for stuff, you wouldn't notice
<Dibbler___> so that won't be the bottleneck anyway
<eagles0513875|2> ikonia: is there anything out of the ordinary i need to do to my Maildir if i create a new user and move my current users Maildir to another home folder? or should it work out of the box for me with out any tweaking?
<Dibbler___> that's why i take unrar as an example
<Dibbler___> so i would assume i would get ... meeh 15 mb/sec
<Patrickdk> unrar will use 95% cpu
<Dibbler___> instead of 30
<Dibbler___> than thats fine
<Patrickdk> unrar on that system, would only get 15mb/s maybe, without encryption
<ikonia> eagles0513875|2: just copy it
<eagles0513875|2> ok
<Dibbler___> so the encryption would only give 5% overhead then
<Patrickdk> cause unrar is slow
<Dibbler___> and stuff like ... idk parity chacking
<Patrickdk> now if you tested it with fast encryption, like lzo or something, then the drive would slow it down (or encryption)
<Dibbler___> would cap put at 30
<Dibbler___> so i'd have 50% speed for that..
<Patrickdk> parity chacking?
<eagles0513875|2> also ikonia are all new users created with an encrypted home dir or by default they dont have an encrypted home dir?
<Dibbler___> which would be fine i guess
<Dibbler___> thnx for the info
<Dibbler___> parity checking
<ikonia> eagles0513875|2: have you encypted the file system ?
<eagles0513875|2> no
<eagles0513875|2> just a simple ext4 partition  no file system encryption
<ikonia> eagles0513875|2: then no
<eagles0513875|2> ok
<eagles0513875|2> thanks
<Dibbler___> things that arren't cpu intensive
<Dibbler___> thnx for the opinion Patrickdk
<Dibbler___> ill install both and check the difference
<Patrickdk> you mean like md5/sha?
<Patrickdk> those are somewhat cpu intensive
<Dibbler___> whatever the default is ubuntu server uses when installing
<Dibbler___> i haven't looked into it in detail tbh
<Patrickdk> heh? why do you care about it when you install ubuntu
<Patrickdk> that will be a one time thing
<Patrickdk> so if it takes weeks, why do you really care?
<Dibbler___> what ?
<Dibbler___> you asked me what type of encryption
<Patrickdk> no I didn't
<Dibbler___> i told you , the default on install
<Dibbler___> <Patrickdk> you mean like md5/sha?
<Patrickdk> "parity checking"
<Dibbler___> ah
<Patrickdk> or did you really mean to use parity bits? those are so unreliable
<Dibbler___> i meant whatever quickpar does
<Dibbler___> par2
<Dibbler___> par
<Patrickdk> rs encoding
<Patrickdk> I've never cared to benchmark that
<Dibbler___> i get full drive speed on that on my regular computer
<Dibbler___> so i wan't expecting overhead
<Dibbler___> wan't
<Dibbler___> wasn't
<Dibbler___> sorry for the typo's I was born with only 1 finger
<Dibbler___> anyway ill install both and check the difference , if it gives 30 MB/sec i can live with that i supose
<eagles0513875|2> hey ikonia on the new account im getting this mail error Nov 20 17:58:23 eagle dovecot: IMAP(jaquilina): fchown(/home/jaquilina/Maildir/dovecot-uidlist.tmp, -1, 114(dovecot)) failed: Operation not permitted (egid=1001(jaquilina), group based on /home/jaquilina/Maildir) its showing the inbox but not a list of my folders on squirrelmail
<eagles0513875|2> also getting this error Nov 20 17:59:58 eagle dovecot: IMAP(jaquilina): file_dotlock_open() failed with subscription file /home/jaquilina/Maildir/subscriptions: Operation not permitted
<eagles0513875|2> never mind i fixed it
<Psi-Jack> Okay, so when I try to setup in /etc/network/interfaces, a bond, I have bond_mode, bond_miimon, bond_downdelay, bond_updelay, and slaves directives defined, but it never ifenslaves the interfaces specified in slaves.
<cemc> anybody here any experience with RAID0 on SSD for / ?
<Psi-Jack> cemc: Using Raid on SSD is by itself not smart with current tech.
<cemc> because of no TRIM ?
<cemc> or are there other considerations?
<Psi-Jack> Especially because of that, but SSD has a limitation on how many times it can write, too, and raid causes extra writing.
<cemc> raid0 too ?
<Psi-Jack> Yes
<cemc> I see
<Psi-Jack> You would basically blow both of them up at the same time. heh
<eagles0513875|2> patdk-wk: wowie never thought an encrypted home directory would create so much havock
<cemc> Psi-Jack: thanks
<cemc> Psi-Jack: same thing with LVM? say I have 2x80GB SSDs and I do a big 160GB LV ?
<cemc> I guess only TRIM won't work here, right?
<Psi-Jack> That should work, actually. Using mirror, striping, or spanning lvm.
<Psi-Jack> But of course, mirror would have the same basic effect of raid0.
<RoyK> striping is a little like russian roulette...
<cemc> but will I have TRIM there?
<cemc> would*
<Psi-Jack> cemc: As far as I know, yes.
<Psi-Jack> However you might have to take the vg offline to run TRIM.
<cemc> to "run" TRIM ?
<Psi-Jack> Seems you know very little about SSD. heh
<cemc> well not that much, indeed
<cemc> with having TRIM I meant like with ext4's discard
<cemc> not 'manual' TRIM
<cemc> where I have to run some tool to do it
<cemc> or some script (wiper.sh?)
<Psi-Jack> Hmmm, with that, I wouldn't know, then.
<cemc> as I understand it, if you have ext4 on top of a sda, and use discard, the kernel tells the drive to TRIM directly. but if you have LVM under it ?
<Psi-Jack> yeah, I doubt it would work.
<cemc> it probably wouldn't make sense, so you'll have to do it 'manually', like running some script to do it, even with offline VG
<cemc> or offlined raid, from maybe a livecd or something
<cemc> but I don't like the idea of having to run some 'experimental' script that would potentially destroy the LVM or RAID stuff (by accident :) )
<cemc> you could also dump the data to a hdd, then wipe the disks clean, and redo everything, like every 6 months or so (this is a desktop we're talking about). but that's meh ;)
<icekk> d
<Ejdesgaard> I have installed 10.04.1 server x86 on a soekris net5501-70, with a intel 2200BG. I wan't to set it up as an access point, for my wifi only devices to connect to... But i'm missing a guide for it... any suggestions?
<centaur5> Does anybody know of a way I can see what's happening between Squid and Jesred? For some reason it's not redirecting anything even though no configuration changes have taken place.
<AprilToo> Installing 10.10 server from a USB, it boots fine and I get several steps into the installation. Then it says failed to copy file from CDROM, retry? yes or no. I can execute to the ash shell and see that my USB drive is mounted /cdrom and the contents of it.
<AprilToo> what directory or file should I be looking for that the installer isn't finding on /cdrom?
<StrangeCharm> does the bootable flag need to be set on my /boot partition to start up correctly?
<qman__> 99% of the time, no
<qman__> I do anyway just to avoid any potential problems
<SpaceBass> hey folks - installed 64bit 10.04 on mac mini hardware - boots to a black screen with blinking cursor
<SpaceBass> anyone else using minis?
<shauno> how old's the mini?
<shauno> short version: if "ioreg -l -p IODeviceTree | grep firmware-abi" (under osx) doesn't return EFI64, you'll likely have issues
<uvirtbot> New bug: #677942 in vm-builder (universe) "package python-vm-builder 0.12.4-0ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/677942
<Aison> hello, i'm using cacti to montior some network devices. But somehow I can no longer configure cacti. The menu point Management -> Devices is suddenly blank
<Aison> error.log of apache says:  Floating point exception (8)
<uvirtbot> New bug: #677945 in drbd8 (main) "package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/677945
<Aison> argh, I hate NFS, you don't know HOW I hate NFS ;)
<Aison> eg. a simple rsync with an nfs source: Stale NFS file handle (116)
<halvors> Hi!
<halvors> I am runnning a email server
<halvors> I'am new to that
<halvors> tSo how do i add domains to the email server?
<halvors> How can i add email users and adresses to the email server?
#ubuntu-server 2010-11-21
<halvors> How can i create new domains and users to my email server?
<michael_> is there a way to boot the ubuntu server iso from grub2?
<webdude> i am currently installing lamp-server using 'taskel. and it's stuck at 91%
<webdude> is that normal, or am I gonna have to do something?
<webdude> yeah it's still stuck...
<SpaceBass> webdude that sounds stuck
<armence> Hello all. I just realized that installing the server edition with encrypted LVM means I can't restart without supplying the passphrase... That's not going to work out for me. Is there something I can do about that?
<armence> Short of reinstalling that is...
<airtonix> can someone inspect this general setup and tell me why i can't ping a hostname in my dns server but i can get a dig result for the hostname ? http://pastebin.com/p2WWXrPx
<joschi> airtonix: just because a name server can resolve a name doesn't mean that the system having that name/ip address is actually accessible
<airtonix> joschi, i can ping the ip address though
<airtonix> joschi, and the name im trying to resolve is the same machine that bind9 lives on
<joschi> airtonix: your resolv.conf is working?
<airtonix> joschi, you mean can i ping google.com ?
<joschi> airtonix: no. is your bind server in your resolv.conf?
<airtonix> joschi, it is
<joschi> airtonix: search and domain in your resolv.conf are correct?
<airtonix> joschi, im not enitrely sure
<airtonix> joschi, so according to this setup : http://pastebin.com/X7Yg9RJn , my search domain should be "local" ?
<joschi> airtonix: yes
<airtonix> joschi, cheers :)
<airtonix> (i actually should use something other than local so it doesn't interfer with avahi)
<joschi> usually "localdomain" is fine
<airtonix> does this mean i have to rebuild my ldap structure too ?
<airtonix> or can i just change the last dc from local to dc=home
<airtonix> (and any other references to dc=local)
<talntid> I don't think so. I use LDAP and have changed my resolv.conf..
<airtonix> another problem i'm having is with openldap on ubuntu 10.04, since i am using cn=config format, im not sure how i go about modifying it to create authentication audit logs
<airtonix> talntid, yeah thanks, i just changed the dns stuff and ldap still works fine (except i really need to get some auditing happening)
<talntid> now sure what you are asking
<talntid> er, not sure
<talntid> i use LDAP to authenticate users on thin clients
<talntid> (among other things, of course)
<airtonix> talntid, well currently i only have apache using authentication directives to use ldap database... and apache shows its own authentication attempt logs (lacking a bit) but i want to have ldap show the logs for authentication attempts itself
<airtonix> i mean i dont want to fragment the logging of ldap authentication out amongst the individual daemons that use ldap
<talntid> It should go into auth.log
<talntid> in my experience
<airtonix> talntid, i have no auth.log
<talntid> oh, and that's the issue
<airtonix> talntid, my slapd is using cn=config format too
<airtonix> talntid, even when i initialy experimented with slapd, it never created an auth.log in /var/logs
<talntid> I set mine up 3 years ago... and havn't had to touch it... definately not an expert...
<talntid> mine does log though...
<talntid> checking configs to see if something is special about it
<airtonix> talntid, i assume to reconfigure yours you change /etc/ldap/ldap.conf and restart slapd ?
<talntid> indeed
<airtonix> talntid, because with cn=config format, i can rm /etc/ldap/ldap.conf and slapd still runs fine
<airtonix> (just means that i have to work out how to edit the database)
<talntid> using GQ ?
<airtonix> sorry im new to ldap, what is GQ ?
<joschi> airtonix: I'd recommend apache directory studio. it's a bit heavy weight but also very comfortable if you work a lot with directory services
<talntid> GQ is a ldap client
<airtonix> joschi, thats what i use at the moment
<airtonix> joschi, it's very impressive (it even looks like it acts as a temporary ldap server ? )
<talntid> oh, that looks nicer than GQ =D
<airtonix> but really, what i want to do is have all authentication attempts logged to a single log rotated file
<Dravekx> I keep being told to go with 10.04LTS rather than 10.10 for a simple home/media/web server. Does it really matter since it's a hobby server? :(
<airtonix> it would be less frustrating ?
<joschi> Dravekx: 10.04 has longer support times (hence LTS - long time support)
<joschi> Dravekx: so if you plan to use your system longer than 1.5 years and don't want to upgrade every 6 months or every year, 10.04 is worth to think about
<talntid> does it matter? probably not.
<talntid> most of us use 10.04 though :)
<airtonix> joschi, so how do i edit the config of an ldap server that uses cn=config format ?
<airtonix> joschi, in some places i read that i simply use directory studio
<joschi> airtonix: ehm, just connect to that ldap server with the proper credentials and edit the cn=config part of the tree with your editor
<airtonix> joschi, ok i connect as usual, but i do not see cn=config there
<joschi> airtonix: advanced ldap editors will also give you a list of possible attributes dependeing on the objectClass
<airtonix> joschi, but in my /etc/ldap/ there is no slapd.conf or ldap.conf
<joschi> airtonix: doesn't have to. the new style config is saved in /etc/ldap/slapd.d/
<airtonix> joschi, so how do i edit that ?
<joschi> airtonix: if you've started your openLDAP configuration as described in https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html, you can simply use the user which you gave access to
<joschi> airtonix: in https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html it would be cn=admin,dc=example,dc=com
<airtonix> joschi, yep thats how i connect to the remote machines ldap server, but i cant see how i edit the config
<joschi> airtonix: it should be shown as a normal branch of your DIT
<airtonix> i only child item of the DIT node is "Root DSE"
<airtonix> it has (2) after it but i can only see one child item under "Root DSE"
<joschi> airtonix: then it's probably not the ldap admin user you're logging in with
<airtonix> actually when i press refresh on "Root DSE", i get this error in the search log window : http://pastebin.com/7e7JBb2A
<airtonix> ok i just had to sudo nano /etc/ldap/slapd.d/cn=config.ldif and change the olcLogLevel
<airtonix> then restart slapd
<airtonix> joschi, talntid cheers for the patience
<StrangeCharm> i just set up a new ubuntu install, but when i try to boot into the new system, my machine halts after 'verifying dmi pool data' what's going on? [i'm certain that i'm booting from the right disk]
<l3dx> I've installed ubuntu server to a encrypted raid1 array. currently the grub menu is not shown when booting up. anyone know if it's possible to enable? or is the encryption making it impossible..
<l3dx> I want the grub menu in order to run memtest
<RoyK> l3dx: press shift during boot
<l3dx> RoyK: no luck
<l3dx> after bios it went straight to password
<l3dx> password for decryption that is
<RoyK> l3dx: reconfigure grub not to hide the menu
<l3dx> thought I'd done that
<l3dx> I'll double check
<RoyK> I think the ones you're looking for are GRUB_HIDDEN_TIMEOUT=0 and GRUB_HIDDEN_TIMEOUT_QUIET=true in /etc/default/grub
<l3dx> ah, I hadn't ran update-grub afterwards
<l3dx> I'm trying to figure out why it crashes occasionally, and suspect hardware failure. apart from smartmontools and memtest, what else coud I do?
<RoyK> smartmontools usually aren't very good for catching crashes
<RoyK> what sort of crashes are these?
<RoyK> panics? OOPSes? hangs?
<l3dx> hangs
<RoyK> hard hangs?
<l3dx> if a hard hang is when there's no way to interact, then yes
<RoyK> does alt+sysrq+something give you anything?
<RoyK> as in http://en.wikipedia.org/wiki/Magic_SysRq_key
<l3dx> hmm
<l3dx> do you mean if the command gives  me anything after a crash? or right now in order to find information
<RoyK> the logs may give you info after the crash - these keystrokes may give you valuable info during a crash/hang
<RoyK> a hard hang is when these won't work
<RoyK> such a hard hang is mostly due to bad hardware
<l3dx> ok
<l3dx> http://pastebin.com/0hXWAspj
<l3dx> I noticed this error now. don't know if it can cause crashes
<RoyK>   40 51 80 00 f5 61 40  Error: UNC 128 sectors at LBA = 0x0061f500 = 6419712
<RoyK> AFAICS that's 128 uncorrectable sectors
<RoyK> meaning, in English, "Get a new drive and use the magnets in old one for fun"
<l3dx> :)
<l3dx> but could it cause hangs?
<RoyK> it shouldn't
<RoyK> it should cause tons of error messages about unreadable sectors
<RoyK> even if you unplug a drive on a non-hotplug linux system, linux shouldn't hang
<RoyK> I've done my testing on that :)
<l3dx> hehe :)
<RoyK> but start off with memtest86
<RoyK> see if you find anything there
<l3dx> yes
<RoyK> if not, wait for the next hang and try to dig further with magic sysrq
<uvirtbot> New bug: #678134 in openssh "ssh/scp to localhost/127.0.0.1 should not update known_hosts" [Undecided,New] https://launchpad.net/bugs/678134
<RoyK> l3dx: what did the memtest say?
<l3dx> it has only been running for 25 minutes, but so far no errors
<c0nv1ct> when apache forces a browser to download a file instead of displaying it, this usually means i am missing a module right?  all of a sudden cacti is doing this and i'm not sure what I did to cause it
<c0nv1ct> it seems to be acting as if php isnt working, yet a simple page with phpinfo(); works fine
<l3dx> RoyK: any thoughts on how long I should let memtest work?
<RoyK> l3dx: how many passes has it gone through?
<l3dx> I stopped it some minutes ago. don't know how many
<RoyK> well, just try to run the server again
<RoyK> debug further if it happens again
<RoyK> is there a pattern when this usually happens?
<RoyK> high i/o load or something?
<RoyK> btw, what is this server doing?
<RoyK> c0nv1ct: download the file to see what it is - it can be anything, really...
<c0nv1ct> RoyK, huh? it is a php file, one that should be displayed not downloaded
<airtonix> ugh i just spent the last siz hours trying to find information about how to enable the cn=monitor object to a already configured and running slapd database that does not use /etc/ldap/ldap.conf... and i could find nothing!
<airtonix> six
<airtonix> http://www.linuxtopia.org/online_books//network_administration_guides/ldap_administration/monitoringslapd_Monitor_configuration_via_cn=config5.html
<airtonix> :(
<RoyK> c0nv1ct: it should, at lest if php is configured correctly
<c0nv1ct> RoyK, that is the thing... I have other php webbaps functioning normally, but Cacti and phpsysinfo both act as if php doesnt exist and has the browser download it
<RoyK> c0nv1ct: HEAD http://your.tld/phpinfo.php (that file having one line '<?php phpinfo(); ?>'
<RoyK> )
<c0nv1ct> yep, already made that file, all looks good
<RoyK> but not cacti?
<RoyK> if so, I'd guess #cacti is a place to start
<c0nv1ct> cacti just has me download a file called "download" which is its index.php
<c0nv1ct> phpsysinfo which i just installed shows the same behavior
<RoyK> how did you enable php for the other sites?
<c0nv1ct> it is enabled in apache with a2enmod
<RoyK> that should be global
<c0nv1ct> i didnt have to do anything specific in the other apps for it to work
<c0nv1ct> i just installed torrentflux just to see, and it works fine out of the box
<c0nv1ct> Cacti was working though, i only noticed it today after trying phpsysinfo and having it not work
<RoyK> which version is this?
<RoyK> ubuntu release ver
<c0nv1ct> 10.10, just a little home server
<RoyK> just tried installing phpsysinfo on my 10.10 test box - no problems there....
<RoyK> if you've installed something custom or have made changes to the apache setup, that might be the reason
<c0nv1ct> i shouldnt have, i just set this up a few weeks ago
<RoyK> if you choose to download the php file, does that show you the source or the content?
<c0nv1ct> it opens in Geany
<RoyK> geany?
<c0nv1ct> source code editor
<arrrghhh> oh i remember this one.  every php page you hit it asks you to download instead of opening the page?
<c0nv1ct> arrrghhh, no
<arrrghhh> oh sorry.  i'll shutup now :P
<c0nv1ct> ok, now it is getting weirder
<c0nv1ct> on another box, cacti is working, but phpsysinfo still downloads the file
<c0nv1ct> this is with chrome on both machines, firefox locally loads both just fine
<c0nv1ct> ffs, i guess the server is fine, something is up with the browsers
<AnirbanHazra> I hav php mcrypt installed on my server. still it is showing "Cannot load mcrypt extension. Please check your PHP configuration." !!
<SpaceBass> is iptables on by default on a fresh install of 10.04 server
<RoyK> no
<RoyK> SpaceBass: man ufw
<SpaceBass> anything on a fresh install that would prevent incoming traffic?
<RoyK> SpaceBass: normally no incoming traffic will be allowed unless you install server software that allows that :Ã¾
<RoyK> not even ssh is in by 'default'
<SpaceBass> gotcha
<AnirbanHazra> anybody help ! FYI : I am using Ubuntu 8.04 LTS
<RoyK> AnirbanHazra: do you need mcrypt?
<SpaceBass> running web, ssh and asterisk - can't get the asterisk sip connections to register with remote servers
<arrrghhh> iptables is available... but it's not blocking anything.
<RoyK> SpaceBass: try #asterisk
<SpaceBass> RoyK, Im there too
<SpaceBass> just want to rule out platform issues
<RoyK> SpaceBass: not likely - I've been running asstrix on ubuntu for quite some time until I got a new job where I didn't have to work with that shite
<arrrghhh> ssh and web work fine?
<SpaceBass> arrrghhh, yes and local sip working fine - suggests its further upstream, although feel fairly sure the problem is on that host and not the edge router
<arrrghhh> hrm.  yea, can't really help with astrisk in here.
<RoyK> SpaceBass: try fiddling around with sipsak or nmap to see if asterisk answers
<SpaceBass> understandable
<arrrghhh> it's probably not the platform, and from the sound of it it's not your provider either.  some ISPs like to block traffic they deem unsuitable for residential connections (assuming you're on one...)
<SpaceBass> I migrated from a CentOS box running asterisk that had been working fine to a new Ubuntu install - dont think its ISP
<arrrghhh> indeed.
<RoyK> SpaceBass: what's your IP? I can check from here if I can contact 5060/udp if you like
<SpaceBass> 98.117.75.200
<SpaceBass> thanks RoyK
<RoyK> 5060/udp open|filtered sip
<RoyK> 5061/udp closed        sip-tls
<RoyK> looks open to me
<SpaceBass> appreciate the check
<RoyK> SpaceBass: set debug=9 on asterisk
<RoyK> and verbose=9
<SpaceBass> RoyK, yeah been watching debug messages all morning
<RoyK> debug won't be necessary, I think
<RoyK> you should see SIP connection attempts, even nmap scans, with verbose=9
<SpaceBass> yeah, just seeing registration attempts over and over
<RoyK> using packaged asterisk or something built from source?
<SpaceBass> built from source
<RoyK> I guess #asterisk will be the place to ask, then
<SpaceBass> working that angle too :D
<SpaceBass> thanks for the help!
<RoyK> damn - 1.8 released
<SpaceBass> yep! and includes google voice support
<RoyK> perhaps it's a wee bit better than old 1.4
<arrrghhh> ooooo gv support.
<RoyK> do you know if digium has gotten around to supporting PLC in codecs supporting that?
<arrrghhh> that makes me want to play with it now :P
<SpaceBass> RoyK, to tell the truth, I dont know
<RoyK> I paid for the jitterbuffer that went into 1.4, but by 1.4 release, Digium's g.729 codec couldn't keep up with that
<airtonix> so after playing with a python script that automates authentication attempts against an openLDAP server with many valid and non valid users... i found it does not report : valid users with wrong password attempts, invalid users. It only reports valid user with valid password attempts.
<SpamapS> airtonix: "It" being slapd?
<airtonix> yes
<klaas> hey, I'm using btrfs on ubuntu 10.04 server but it seems to be causing high load even though system is not really doing much
<klaas> btrfs-transacti btrfs-endio-wri those two use 100% of one core each
<arrrghhh> i don't think that file system is fully supported on linux
<klaas> its in main ubuntu system -- you can even select it in the installer :)
<Doonz> hey guys quick question. Im looking at replacing the main hdd in my server. right now its currently a 120gb single drive. Im looking at replacing it with 2x 500gb in raid 1. is there anything i have to do special or can i just clone the single drive using acronis to the new array?
<ScottK> It's considered experimental, IIRC.
<ScottK> (btrfs)
<arrrghhh> +1
<arrrghhh> btrfs is not 'stable' on linux.  as in the linux kernel
<arrrghhh> klaas, what's wrong with ext4?
<arrrghhh> Doonz, what's acronis?  windows utility?  i would not think a bit-for-bit copy be a good idea in your situation, if that's what you're implying.
<uvirtbot> New bug: #678249 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: Unterprozess neues pre-installation-Skript gab den Fehlerwert 128 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/678249
<Doonz> arrrghhh: its a linux based hdd cloning reimaging
<klaas> arrrghhh I already use btrfs and on a normal day it works great :)
<arrrghhh> linux-based?  acronic?
<Doonz> yea
<arrrghhh> klaas, well it doesn't seem to be working so well today ;)
<arrrghhh> Doonz, link me to a download for linux.
<klaas> yeah I googled my problem seems to be known and fixed in newer kernels
<Doonz> http://www.acronis.com/homecomputing/
<arrrghhh> uhm
<arrrghhh> it makes me download an exe lol
<Doonz> yeah but the cd that it creates loads a linux distro
<arrrghhh> trial versions?
<Doonz> anyhow. why couldnt i just clone the hdd onto another one?
<arrrghhh> well maybe it's smart enough, but i would think it would want a 120gb disk
<Doonz> allows for online expansion
<arrrghhh> well that's up to you Doonz.  i wouldn't come asking for help with it in here tho :D
<Datz> Hi, I just logged into a machine via the terminal, and tried to resume a screen session. Now there is just a blank line, and I can't exit with ctl + c
<mrrothhh> hi
<mrrothhh> anyone of a applaince
<mrrothhh> that works as a
<mrrothhh> pxe deployment server
<mrrothhh> to deploy / install ubuntu, windows and so forth
<arrrghhh> you can setup pxe
<arrrghhh> you want a virtual appliance...?
<arrrghhh> that's all setup and ready to go
<arrrghhh> i don't know of one... i bet there's one out there tho.
<mrrothhh> yea
<mrrothhh> the only otherproduct I see is altiris
<mrrothhh> but it not free
<airtonix> mrrothhh, drbl
<airtonix> mrrothhh, clonezilla server with drbl provides this
<Dibbler_> anyone know of a file manager like midnight commander , but with a web interface ?
<RoyK> klaas: don't use btrfs in production unless you like games like russian roulette
<RoyK> Dibbler_: why on earth would you want to expose your filesystem on web?
<Dibbler_> Royk do you know of any ?
<RoyK> no
<Dibbler_> thnx
<RoyK> google knows
<Dibbler_> taht's why i asked here
<Dibbler_> cause i don't know how to use google
<Queops> Does anyone have a comprehensive and simple samba server guide that allows me ubuntu server to share files with windows computer only?
<guntbert> Queops: did you see the server guide?
<Queops> oh yes... *depressed*
<Queops> Doesn't give me a single hint about how to make my windows computers connect to it
<Queops> Nor what settings to have
<air^>  \\<ip-adress> ?
<Queops> What special settings should I have, how come theres no authentication?
<air^> What guide did you use? This one? https://help.ubuntu.com/10.10/serverguide/C/samba-fileserver.html
<air^> "guest ok: allows clients to connect to the share without supplying a password."
<air^> And what's so special about any settings? ;)
<Queops> What is the port
<Queops> could you tell me please?
<air^> port? from windows, just write \\<ip> and it will understand.
<Queops> Hmm curious, I'm really new to this samba thing
<Queops> Let me re-check everything :P
<Queops> (tbh im really new to networking at all)
<air^> Samba works just as a regular windows share.
<Queops> air^: if I follow the official guide religiously
<Queops> it should work?
<air^> Queops: that's what the guide's are for.
<Queops> generally yeh, though sometimes they are outdated :p
<air^> Queops: thing is, you should try to understand the guide, not just follow it.
<Queops> That's one of my problems, I try to understand instead of following them
<Queops> and i get confused, but np, ill take my time
<Queops> :D
<Queops> I always ask, why the hell is this entry here and there and what not.
<Queops> Is it safe to remove samba folder in etc folder when samba is not present?
<Queops> I kinda want to reset the settings
<Queops> air^: ^
<air^> Queops: have you really edited anything there that you need to reset?
<Queops> Kinda, I was messing with it on webmin :p
<air^> Queops: I just tested the guide, works fine. (installed samba on my 10.10 server, activated one share on one user account).
<Queops> And now I regret it and want to follow the guide simply :x
<Dibbler_> there are some funky settings and weird things you have to do in windows to get full speed though
<Dibbler_> for me there was anyway
<air^> Dibbler_: let's hold that back for the first step to get it working :)
<Dibbler_> you can just copy your smb.conf
<Queops> So it's safe to remove?
<Queops> it will make new ones upon install again?
<guntbert> !webmin | Queops
<ubottu> Queops: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Dibbler_> and mess with a copy all you want
<Queops> Noooooooooooooooooooooooooooooooooooooooooooo
<Queops> Really?
<Queops> That sucks!
<air^> what's wrong with using terminal :D
<Queops> What should I use :( I felt so proud
<Queops> Yeh i like having putty on
<Queops> and the webpage with nice graphics and al
<Queops> all :(
<Dibbler_> you'll live without
<Queops> *sniff*
<Dibbler_> vi or nano do just finbe
<Queops> Curses!
<Queops> Ok thanks for the help
<Dibbler_> it's all in 1 big hapopy config file !
<Queops> I'll stick around here, just discovered the channel :)
<Dibbler_> happy
<Queops> Well is there any kind of webmin thing that doesn't mess with ubuntu server?
<Queops> and a web-putty when i'm away?
<Dibbler_> if all webmin changes is the smb.conf.. and you don't have it change anything else .. meybe it won't be that bad
<Dibbler_> maybe
<guntbert> Queops: why would you use putty on linux?
<Queops> Oh but i'm on windows
<Queops> managing the ubuntu server :p
<air^> well in that case putty should be just fine :)
<Queops> hehe allright you guys win
<Queops> no web interface
<air^> Actually I'd like some kind of lightweight status web gui.
<air^> Kinda like Nagios without all the mess of setting it up :D
<Queops> See? See??
<Queops> I would love a simple
<Queops> show status thingie
<Queops> over the net
<Dibbler_> i ned a replacement for MC , web i asked here earlier
<Dibbler_> no serious replies
<Queops> :(
<Queops> Blasted, I love working with servers
<Queops> :p
<Queops> Why wont webmin guys fix the problems?
<Queops> Ubuntu server is uber used
<izinucs> Does the server install have suspend/hibernate built in?  The reason I ask is I'd like to install it on a laptop and have it running with the lid closed ie.. suspend/hibernate is not needed or wanted.. If it's there how do I disable it?
<Queops> I tried buuntu server on laptop once
<Queops> I didnt suspend or hibernate
<Queops> when lid closes
<Queops> It didn't*
<izinucs> Queops: nice.. thanks
<Queops> I don't think developers would bother with including such thing on server
<Queops> most of them have no screen after set-ups
<izinucs> I was curious.. if the install identifies the machine as a laptop I thought it might pull in more/different configs because of that.
<NightDragon>  hello question... i would like to take ntop and redirect it  to /dev/tty10, but i would like to daemonize it so i can lock the console and continue to have htop run on dev/tty10
<Queops> izinucs not with me
<Dibbler_> i don't even have a video card
<Dibbler_> too warm
<NightDragon> any ideas?
<Queops> Hmm what's an easy way to give a file to a windows server with a vanilla server?
<Queops> Kinda need to give a ssh key to my windows pc
<Queops> :p
<Queops> er
<Queops> to a windows computer*
<Dibbler_> mount a share
<Dibbler_> using root
<Dibbler_> to a shared window dir
<Queops> with samba?
<Dibbler_> yes
<Queops> argggggggghhh :D ok ok
<Queops> thanks.
<Dibbler_> smbmount //192.168.1.1/winsharedir /home/yourself/music -o username=blablabla,password=blablabla,uid=1000,mask=000
<qman__> well, you could install an sshd on the windows server, but that opens it to a whole slew of vulnerabilities
<qman__> if you just need to push one file, you can use smbclient
<Dibbler_> or
<Queops> =O
<Dibbler_> just sshd on linux and scp it to you
<Dibbler_> winscp
<Dibbler_> should work
<Queops> ah hold on a sec
<Queops> Assuming I have OpenSSH installed
<Queops> I can transfer files with it?
<Dibbler_> yu just need winscp
<Dibbler_> yes
<Queops> Ah that's great then
<qman__> you can use smbclient somewhat similar to ftp/sftp
<Queops> I'm downloading WinSCP
<Queops> Or was... stupid sourceforge :( re-downloading
<Queops> When it says "By default the public key is saved in the file ~/.ssh/id_dsa.pub, while ~/.ssh/id_dsa is the private key. Now copy the id_dsa.pub file to the remote host and append it to ~/.ssh/authorized_keys by entering:"
<Queops> authorized keys on the host?
<Queops> and send .pub to remote?
<draven_sol> in a raid 10 during the install the installer asks for active and spare drives. what do the spare drives do? are they the raid 1 portion or just dead drives until made active?
<Dibbler_> hot spares take over when one fails
<Dibbler_> you basiclaly lose a channel for doing nothing
<Dibbler_> you can easily replace it manually after it has failed
<Dibbler_> hot spares are for unattended systems imo
<draven_sol> Dibbler_, thanks for the information. i have 4 1.5 tb drives which i want to use with raid 10.  if i make all active and one fails is my array going to be broken or just degraded and the drive is replaceable?
<Dibbler_> wat wil je nu , een niieuwe bak voor die extra computer die je toch niet gaat zien... of een compleet stille ventilateur
<Dibbler_> ooops
<Dibbler_> mt
<Dibbler_> draven yes
<Dibbler_> in 10 yes
<Dibbler_> if you have a real raid card you better use 5 though
<Dibbler_> not 10
<Dibbler_> you'd have 4.5 T instead of 3
<Dibbler_> if it's a software raid 5 is bad
<draven_sol> when i set up the raid 10 with 2 active and 2 spares i only had 1.5 available, when i have done it with all 4 active i get 3 TB available which would lead me to believe that 2 are mirroring and two are splitting the data. it's a software raid
<air^> what's specifically bad with raid 5 if it's sw?
<Dibbler_> transfer speeds
<Dibbler_> too much xor
<Dibbler_> to be done
<Dibbler_> by cpu
<air^> I just setup a fileserver, initial test shows pretty good speed.
<Dibbler_> not bad per se .. as in you'll lose data ...
<Queops> Ok I used the samba tutorial... now it just times out when trying to map a new network folder on windows
<air^> 11GB file transfferd over gigabit -> nas (3 disks in sw raid-5), constant write speed 95MB/S
<Dibbler_> well i have an areca 1261ML in raid5 i get about 1/2 gig/sec burst
<air^> that should be about 760MB/s.
<Dibbler_> well
<air^> read was from x25 ssd, as my other internal drive tended to be the limit.
<air^> and the fileserver is an intel i3, so it probably has enough cpu power.
<Dibbler_> i'm always using close to 100% cpu
<Dibbler_> i can't have my filesystem hogging cpu time
<Dibbler_> this is a pointless discussion
<air^> yeah. it's just a matter of useage.
<Dibbler_> still if draven wants the extra storage , raid 5 is an option
<air^> I got lots of cpu free. So I don't mind wasting some on the drives.
<Dibbler_> of course
<air^> (this is just at home, I wouldn't consider sw raid in any business case)
<draven_sol> with software raid my understanding is 4 active drives on a 10 gives me 3 TB use and the failover if one drive fails. additionally it sounds as if raid 5 isn't as reliable as raid 10
<Dibbler_> not really
<Dibbler_> riad 5 just uses a lot of processing
<Dibbler_> raid
<Dibbler_> 1 drive can fail at a time
<Dibbler_> same as in raid 10
<Dibbler_> well no
<Dibbler_> in raid 2 2 can fail , it just has to be the right ones lol
<Dibbler_> but basically , if you have the extra cpu power
<Dibbler_> raid 5 is an option
<Dibbler_> your 4 drives you give you 4.5 tb and 1.5 would contain redundant data
<draven_sol> since i'm encrypting the entire disk on the fly i'll stick with raid 10 to minimize cpu usage and i don't need the extra 1.5 tb of data that the raid 5 gives
<Dibbler_> yes
<Dibbler_> you get about 30 mB/sec per gigahertz i would think
<Dibbler_> VERY roughly
<draven_sol> thanks for the discussion and information
<Dibbler_> p :)
<Dibbler_> n
 * draven_sol goes afk to redo the server
<Queops> Anyone has a clue why I can't access the samba share i made :(
<draven_sol> Queops, file/folder permissions, firewall
<air^> Queops: guest or user?
<Queops> I putted guest ok just to try
<air^> Queops: try "sudo smbpasswd <username>" to reset that at least.
<air^> ok.
<Queops> and I made ufw allow 137,138,139
<Queops> just in case.
<Queops> lol
<Queops> Should I do that sudo?
<Queops> I made sudo chown nobody.nogroup /srv/samba/share/ as shown in the guid
<air^> the smbpasswd command just allows you to reset the smb password for that certain user.
<Queops> and on windows map new network.. assign it some later and inputted \\localipoftheserver
<air^> but it shouldn't matter if you use guest.
<Queops> letter*
<air^> and what does windows say?
<Queops> just a sec, let me time out
<air^> btw, no need to map new network drive right away, just write \\ip in the path field of file explorer
<Queops> yeh that doesnt do anything
<Queops> lol
<air^> ok, so it does not ask for passwd.
<Queops> Nope
<air^> restarted smbd ?
<Queops> Positive
<air^> k. then I'd guess it's a fw issue.
<Queops> My guess
<Queops> I got an idea lol
<Queops> If it is.. I'm gonna slap myself..
<Queops> What are the ports?
<air^>            The default ports are 139 (used for SMB over NetBIOS over TCP) and port 445 (used for plain SMB over TCP).
<air^> (from man smbd)
<Queops> What is the default thingie then, NetBIOS or plain
<Queops> Well ill put both
<Queops> Windows says it cant access it
<air^> still timeouts?
<air^> or some other error?
<Queops> well i assume "cant access" is a time out because it takes a while to present the error
<air^> and nothing in the log on ubuntu?
<Queops> Where can I see that
<air^> Somewhere in /var/log/
<Queops> sec
<air^> maybe syslog
<Queops> theres samba on va rlog
<Queops> no just a bunch of thing of cups
<Queops> its not installed
<air^> jup, seems to be logging separately.
<air^> well. I gotta go get some sleep now.
<Queops> hehe do that
<air^> :)
<air^> good luck.
<air^> cya
<Queops> cya :)
<Queops> ...
<FarmCretin> ive been searching for what i thought would be simple, hibernating my headless storage monster. im finding dozens of posts, dpm, acpi, apm, gnome-power-manager, scripts, .suspend vs .hibernate   please help.
#ubuntu-server 2011-11-14
<RoyK> patdk-lap: I know, and it's not easily configurable, and it's not globally configurable
<RoyK> seems to me either lucid has some stone age version of pastebinit, or it should be fixed up a bit
<patdk-lap> hmm, lucid normally does
<patdk-lap> if work lets up some, I need to submit a crapload of bug reports
<patdk-lap> for things like that
<patdk-lap> mytop needs a small patch to make it mysql 5.0+ compatable
<patdk-lap> and other things like that
<patdk-lap> have them all pushed out to my ppa
<patdk-lap> so all patches are already in place, just need to track it all down and submit them
<RoyK> seems a lot has happened between pastebinit 1.1 and 1.2, and that 1.0 perhaps should have been named 0.1 :P
<arooni-mobile> once i set up a /etc/init.d script; how do i give it "life" i.e.. make it so it gets run on every startUP?
<smw> arooni-mobile, I like to use sys-rc-conf
<philipballew_> How hard would it be to set up a vpn server through ssh remotely?
<args[0]> I just installed darkstat on my ubuntu VPS, this is my first time using it.. read on some forums that this daemon saves charts and data on web pages and can be accessed by localhost:666 , how can i access it if im not on the system and using it as VPS? myIP:666 doesn't work. thanks
<greppy> args[0]: you could setup an ssh port forward to see it.
<kklimonda> philipballew: hmm, it should be doable but rather risky
<sattu94> Hi, I am trying to install Ubuntu 10.04 LTS Server to on a virtual RAID1 drive created using two 1TB HDDs. during the Installation when it tries to detect disks, it says that it has found some RAID devices, and asks if I want to activate them. After selecting 'Yes'. It Scans all the devices but only shows the 'sdc', which is the pendrive through which the installation is taking place. I dont see an option to partition the virtual RAID1 drive.
<sattu94> It is an Intel Rack Server, SR26UR
<sattu94> It is an Intel Rack Server, SR2600UR
<_ruben> what is virtual raid1 .. you mean fakeraid or so? .. if so, i suggest disabling the raid features in the bios and use plain software raid
<sattu94> _ruben: yea, i guess i'll do that.
<_ruben> sattu94: in most cases software raid will perform way better than fakeraid, and is better to manage as well
<sattu94> _ruben: Thank You.
<alex88> hi guys
<alex88> i've a nfs where are stored some images to be processed, i want to have multiple machine that process these images, which can be scaled to increase the processing power, how should i implement the queue? i was thinking to use a mysql table with polling and use locks to prevent multiple istances work on same image
<Jeeves_> Is it just me, or does upstart render /etc/init.d/networking useless
<Jeeves_> A restart of the service does not deconfigure any interfaces
<Jeeves_> It just runs ifup -a
<Jeeves_> But no ifdown anywhere
<Jeeves_> bug #890189
<uvirtbot> Launchpad bug 890189 in upstart "`restart networking` does not deconfigure an interface" [Undecided,New] https://launchpad.net/bugs/890189
<eagles0513875_> hey guys i am having some issues trying to compile some source code for libreoffice
<eagles0513875_> i get an error saying a cups dev file isn't installed when it is actually installed.
<eagles0513875_> does anyone have any ideas what the issues might be
<nuscly> eagles0513875_: a version mismatch between cups
<eagles0513875_> ok
<eagles0513875_> nuscly: i don't think so as it seems others i have asked don't seem to have this issue
<nuscly> eagles0513875_: perhaps it's a dependancies of cups
<eagles0513875_> nuscly: the missing dev file that the source code is telling me I'm missing is installed
<nuscly> eagles0513875_: find the code that detect the version to understand the problem
<eagles0513875_> there isn't much code in this bash script :( to tell me what the issue is
<hallyn> SpamapS, what is the deal with this annoying /lib/init/failsafe.conf?
<Daviey> morning hallyn o/
<hallyn> Daviey, hey
<hallyn> oh, i see what's going on.  i have a dummy br0 being defined, and failsafe.conf gets uppity about it not being on the net
<TREllis> Daviey: o/
<Daviey> hey TREllis
<Daviey> TREllis: silly question, but is ifupdown-extra required?
<TREllis> Daviey: er, required? don't think so. if so, epic fail as I don't have that installed
<TREllis> ifenslave was the only thing I grabbed
<Daviey> TREllis: I have NFI, sorry.
<Daviey> TREllis: The system boots, but you have no networking right?
<Daviey> TREllis: if so, can you restart networking using serial console, and see if it works correctly?
<Daviey> (and provide dmesg output?)
<TREllis> Daviey: https://help.ubuntu.com/community/UbuntuBonding has no mention of ifupdown-extras, so don't think it's required
<TREllis> Daviey: restarting has no affect, but starting the bonding manually works
<TREllis> Daviey: I have hundreds of these " bonding: bond0: Warning: Found an uninitialized port" as mentioned in public bug lp#889423
<TREllis> Daviey: but let me grab a proper dmesg
<Daviey> TREllis: seen, bug 482419 ? I wonder if that regression has bene re-introduced
<uvirtbot> Launchpad bug 482419 in ifenslave-2.6 "802.3ad interface bonding fails if started too early" [Medium,Fix released] https://launchpad.net/bugs/482419
<Daviey> TREllis: *certain* that restarting networking doesn't fix it?
<TREllis> Daviey: yeah saw that, fix released tho?
<Daviey> TREllis: yeah, wondered iof it had been re-introduced
<TREllis> Daviey: ah ok
<TREllis> Daviey: let me try some tests
<Daviey> TREllis: did you see comment #69 btw?
<Daviey> TREllis: yes, so the patch from that Fix Released has been dropped
<Daviey> However, it does have a "early_setup_master" addition, which i guess should have mitigated it.
<Daviey> TREllis: It would be interesting to see if moving setup_master, directly under add_master solves the issue.
<TREllis> Daviey: confused now
<TREllis> Daviey: early_setup_master is a interfaces file option?
<Daviey> TREllis: no, sorry.. it's in a pre-up script.
<Daviey> TREllis: hold fire, let me create a patch
<TREllis> k
<Daviey> TREllis: $ wget http://pb.daviey.com/tt12/ -O - | sudo patch /etc/network/if-pre-up.d/ifenslave
<_ruben> i ran into that very bug last week .. the only "reliable" workaround was doing it all "by hand", as in: up modprobe bonding... up ip link.. up ifenslave.. etc
<Daviey> _ruben: on oneiric?
<_ruben> yes
<zul> good morning
<_ruben> Daviey: the patch you mentioned worked properly like once out of 10 reboots
<_ruben> Daviey: what could've been playing a part in it was the fact that the 3 interfaces participating in the bond didn't have any link (staging setup)
<Daviey> Well it seems to be known that it might not work properly with upstart. :/
<Daviey> _ruben: TREllis is currently trying the Debian experimental current version on Oneiric
<Daviey> (and i just prepaired that patch against Oneiric archive, doh.. hope it still applied.)
<uvirtbot> New bug: #890219 in apache2 (main) "suexec-custom is not working correctly: only reading the www-data user config file." [Undecided,New] https://launchpad.net/bugs/890219
<uvirtbot> New bug: #890230 in samba (main) "package winbind (not installed) failed to install/upgrade: il sottoprocesso vecchio script di pre-removal ha restituito lo stato di errore 128" [Undecided,New] https://launchpad.net/bugs/890230
<TREllis> Daviey: I've got side tracked a bit, should be able to test it a little later :)
<Daviey> TREllis: slacker. :)
<TREllis> Daviey: lol
<Daviey> TREllis: I bet you are busy watching The Return of Frank James.
<zul> oh crap....i have a dead fish in the office
<jasef> Omnomnom
<jasef> Wait... is it a pet fish?
<jasef> Cause if so, not omnomnom
 * koolhead17 is awake finally
<jamespage> morning all
<irvie> have to move my backup server to another room so i want to do any updates at this time so i only have to reboot it once
<irvie> already did an apt-get update and upgrade
<irvie> anything else i should check? i believe it's 10.04 server
<koolhead17> irvie, sounds good. cat /etc/lsb-release will tell you about ubuntu server version you are uing :)
<irvie> yep, 10.04.3 LTS
<irvie> so now i can just shutdown and power it back upa nd everything shoudl be good
<irvie> :D
<irvie> hopefully :p
<irvie>  10:04:09 up 245 days,  1:29,  2 users,  load average: 0.00, 0.00, 0.00
<irvie> :(
<irvie> how can i see the link speed on my NIC?
<irvie> lolz RX bytes:9414931995665 (9.4 TB)  TX bytes:220667948142 (220.6 GB)
<_ruben> irvie: depending on the driver, there might be some hints in the output of dmesg, ethtool should be able to tell it as well
<patdk-wk> irvie, use ethtool or mii-diag
<patdk-wk> hmm, mii-diag is reporting wrong results for me, but ethtool is correct
<uvirtbot> New bug: #453747 in samba "Wrong folder size on folder in smb shares" [Low,Triaged] https://launchpad.net/bugs/453747
<SpamapS> hallyn: /lib/init/failsafe.conf? Is that new in precise?
<SpamapS> hallyn: or you mean /etc/init/failsafe.conf ?
<hallyn> SpamapS: it's on oneiric
<hallyn> it was making my netbook wait 2 minutes at boot, just bc i had 'auto br0' in /etc/network/interfaces but no connection at boot
<hallyn> well, it's not that simple, of course.  it's just the failsafe, so somethign else is waiting.  runlevel 2 is waitin gon a net connection?
<hallyn> SpamapS: you wrote it, at any rate :)
<SpamapS> hallyn: yes
<SpamapS> /etc/init/failsafe.conf then, yes I wrote it and smoser and I put together the changes to /etc/network/if-up.d/upstart to make static-network-up work, which is what is waited on in rc-sysinit now
<SpamapS> hallyn: if you had read the release notes, you would have known that all 'auto' interfaces will be waited on :)
<irvie> koolhead17, migration successful :]
<hallyn> SpamapS: that's assenine
<hallyn> SpamapS: there are auto devices that are not meant to be 'up'
<hallyn> or put another way,
<SpamapS> thats what network manager is for
<hallyn> you say 'up', but br0 was up - but plymouth couldn't ping
<hallyn> network manager is not usable if you dont' use gnome
<hallyn> and some peopel don't
<SpamapS> To quote the occupy folks.. you are, the 1% ;)
<hallyn> SpamapS: i know it's solving a problem, and don't have a better solution, we don't need to discuss it right now :)
<SpamapS> I have a solution for you 1%'ers for 12.04
<hallyn> SpamapS: but i'd like to talk about it sometime
<hallyn> how will it solve it?
<SpamapS> We will create another group, auto-nowait
<hallyn> i'm happy with that solution
<hallyn> ok.  i'll probably reinstall the netbookt from scratch (half lucid, half 12.04) so that's fine with me
<kirkland> morning folks
<hallyn> morning kirkland
<SpamapS> You can work around it right now by just changing /etc/rc-sysinit to not wait for static-network-up
<hallyn> nice cloudy morning for ya?
<SpamapS> err
<SpamapS> /etc/init/rc-sysinit.conf
<koolhead17> irvie,  :D
<koolhead17> lynxman, hellos
<hallyn> SpamapS: for now i worked around it by getting rid of the auto br0 :)  that was itself just a test af ew months ago anyway
<kirkland> <Kiall> 18:00:27> ubuntu seems to be pushing byobu over tmux .. <-----  byobu is sort of a compliment, or enhancement layer on either screen or tmux
<kirkland> Kiall> 18:00:58> Kinda getting used to byobu .. Its enabled by default on all the EC2/UEC/Cloud images now...
<kirkland> Kiall: unfortunately, that's being removed in an SRU very soon
<SpamapS> hallyn: AHA!
<hallyn> kirkland: paul t. is giving me hope of an improved dvtm so i don't need byobu-tmux for the inside-a-screen splitting :)
<hallyn> (see planet.u.c. from friday i think)
<SpamapS> oi.. my sup index just went over 100,000 messages
 * SpamapS should delete more
<kirkland> hallyn: heh, byobu/tmux couldn't hold your attention, huh?
<hallyn> SpamapS: 0 inbox :)
<SpamapS> I have 0 inbox all the time!
<SpamapS> since in sup, you just "archive" what you don't want to deal with now. :)
<hallyn> kirkland: it's great for somet hings, but i prefer dvtm's tiling behavior
<kirkland> hallyn: cool, i'm installing dvtm now
<SpamapS> but right now... having shunned email for 3.5 days.. I'm looking at 2000 inbox
<hallyn> but it doesn't do backscrolling so i dont' use it all that much
<kirkland> hallyn: does dvtm replace gnome-terminal, or byobu/tmux?
<hallyn> kirkland: uh what?  it doesn't replace anything, it enhacnes :)
<hallyn> kirkland: i use dvtm inside screen inside gnone-terminal or xterm or st
<hallyn> (except i don't)
<kirkland> hallyn: neat, i'll have to play with it
<hallyn> kirkland: you may hate it.  it depends on what you're used to i think.  But it's ideal behavior for me.
<zul> Daviey: ping
<hallyn> kirkland: hae you ever used dwm?
<kirkland> hallyn: nope
<hallyn> kirkland: cool then i'll be especially interested in what yout hink of dvtm :)
<Daviey> zul:
<zul> Daviey: so python-passlib made it into the archive i think we should revist doing an SRU for keystone with the port change
<Daviey> zul: \o/
<zul> Daviey: so i take it you agree? :)
<Daviey> zul: well if keystone doesn't currently work, changing the default port will not break systems
<zul> Daviey: yeah that will make it easier
<zapotah> a good network monitoring tool that shows realtime bandwidth stats per application
<zapotah> does the server distro ship with one or which one do you recommend
<RoyK> zapotah: dunno about any tool for that, but I guess you could configure munin to do it with some iptables tweaks
<RoyK> zapotah: that'll be for incoming connections, though, dunno for outgoing, but I guess it should be possible
<zapotah> hmm
<zapotah> hoping for an easy solution
<zapotah> like top for cpu and mem usage
<zapotah> etc
<RoyK> zapotah: network is a bit more tricky
<RoyK> zapotah: try asking on #munin - someone has probably done that already
<just-a-visitor> zapotah: There is iftop, but it is per-connection not per process.
<RoyK> or iptraf
<just-a-visitor> Yes, that is what I was looking for... but still they are based on packets.
<RoyK> just-a-visitor: you can do stuff like iptables [...] --uid-owner to add counters per uid or gid, but I don't think there's an easy way to monitor network usage per process
<RoyK> zapotah: nethogs, perhaps
<just-a-visitor> RoyK: Cool, I did not know about it. Thanks!
<zapotah> nethogs shows tcp only apparently
<zapotah> id need to monitor mainly udp traffic
<RoyK> just-a-visitor: you might want to try to build 0.8.0 from source - http://sourceforge.net/projects/nethogs/files/
<RoyK> zapotah: sorry, that was for you ^^
<just-a-visitor> RoyK: Btw, I am also looking at it right now. :)
<hallyn> stgraber: gah, something went wonky with the last lxc push, bc my branch stacked on the precise udd branch now won't fetch
<zapotah> ill have to look at this later... so tired after 48hrs and no sleep x.x
<zapotah> not making any progress
<Daviey> SpamapS: Your cobbler branch, are you uploading that to precise soonly?
<Daviey> rbasak has based a branch on yours, that would be good to co-upload.
<SpamapS> my branch?
<SpamapS> Daviey: refresh my memory, its been eons :p
<Daviey> https://code.launchpad.net/~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes/+merge/77771
<Daviey> SpamapS: ^^
<Daviey> SpamapS: Do you want to rebase your branch to current precise, and review + sponsor rbasak's changes at the same time?
<Daviey> it seems to be an entire security upload, so i guess we should see about prepairing a -security upload aswell.
<Daviey> (for oneiric)
<Daviey> zul: Are you planning a cobbler new upstream version upload soonly?
<zul> Daviey: yeah
<zul> 2.2.2 is suppose to be out soon
<Daviey> zul: When are you planning a snapshot?
<zul> my arm can be twisted for tomorrow
<SpamapS> Daviey: indeed.. ugh.. ok, just now finishing with the monday morning flood of email.. will look at this next.
<SpamapS> rbasak: where are your proposed cobbler changes?
<Daviey> zul: well can you talk to SpamapS and rbasak, about if they should base their branch on current or tommorrow's
<rbasak> SpamapS: https://code.launchpad.net/~racb/ubuntu/oneiric/cobbler/858878_858883/+merge/81996
<SpamapS> Awesome sauce would be if zul just pulled in my changes and rbasak's changes ;)
<zul> yes that would be awesome :)
<zul> SpamapS:  where are your changes
<Daviey> zul: see rbasak's branch, it includes SpamapS..  (but needs rebasing.)
<zul> SpamapS: nm found it
<zul> SpamapS: we should probably do an SRU as well
<Daviey> zul: rbasak & SpamapS's changes are all -security.
<SpamapS> argh.. 2 hours of inbox clearing has produced 96 more threads to deal with
<zul> Daviey: ah good...the csrf stuff should already made it in
<Daviey> SpamapS: You need something like, http://pastebin.com/ALiL1ksn on your Maildir.
<Daviey> I find it makes my mail processing much faster
<patdk-wk> people still use maildir?
<Daviey> patdk-wk: what do you use?
<patdk-wk> mdbox
<zul> Daviey:  i have a secretary for processing email ;)
<lynxman> zul: what's her name?
<patdk-wk> it's just hell to backup all the inodes maildir uses :(
<adam_g> Daviey: lol
<zul> lynxman: big bertha
<Daviey> patdk-wk: wait, you really think mdbox is more mainstream than *either* maildir or mbox?
<patdk-wk> mainstream? no :)
<patdk-wk> but aren't you cutting edge? :)
<Daviey> patdk-wk: no. :)
<rbasak> "Note that with dbox the Index files actually contain significant data which is held nowhere else."
<Daviey> patdk-wk: well i have 15857 inodes left.. so that'll last until the end of the week.
<rbasak> So why are they called Index files then?
<patdk-wk> rbasak, cause they are kept in the path the index files where kept in before?
<Daviey> mail is one of the last tennents on one of my hardy xen servers that i really CBA to touch.
<patdk-wk> I redo mine often, the last hardy xen guest I have to move though is mail also, exchange 2007 :(
<Daviey> hah
<Daviey> <-- courier
<patdk-wk> I oviously use dovecot for most things :)
<patdk-wk> hmm, 400megs of indexs, and 3gigs of email (compressed)
<patdk-wk> the indexs would only be about 100megs if it wasn't for the search databases
<Daviey> patdk-wk: What do you use for searching mail?
<patdk-wk> imap
<patdk-wk> or you could use doveadm
<Igoru> i'm trying to compile a PHP extension, but it suddenly dies when the compiling process gets to line "config.status: executing libtool commands". any idea about how to track this problem? :(
 * mdeslaur is looking for someone to steal his puppet merge
<mdeslaur> oh, wait, it's a sync...forget it
<potatoe> Is there a way to flag certain processes to be higher priority or lower priority when the system is swapping ? ( ie, process mysqld should never be swapped, process joe-bin should be swapped first when there is not enough memory )
<kyconquers> I'm trying to stress test a few different configurations of mail servers, does anyone have any recommendations for good applications or libraries to use?
<Igoru> i'm trying to compile a PHP extension, but it suddenly dies when the compiling process gets to line "config.status: executing libtool commands". any idea about how to track this problem? :(
<Daviey> adam_g: Do you want to discuss cobbler-enroll?
 * zul perks his ears up
<adam_g> Daviey: sure
<Daviey> smoser: here?
<smoser> here
<Daviey> adam_g, smoser, zul, roaksoax: Right..
<Daviey> Fat image vs (ab)using d-i
<Daviey> lets get this cracked out.
<zul> im all ear
<zul> ears even
<kyconquers> Can anyone recommend a library or application for stress testing an email server?
<Daviey> adam_g, smoser, zul, roaksoax http://pad.ubuntu.com/OrchestraDiscoveryBloatedVsDI
<Daviey> Just so the topic is clear, this will mean moving away from the DI cobbler-enlist we currently have, to something probably python based in a fat image
<Daviey> who is mynameisjonas?
<Daviey> Using my own etherpad server allows me to ban people who annoy me :)
<hallyn> elitist
<smoser> why would this thing be python?
<adam_g> if all we're talking about is system hardware discovery and reporting (to cobbler?), we could accomplish that by 1, extending cobbler to store that data. 2, writing some shell to gather the info. 3, extending cobbler-enlist to post it
<adam_g> honestly, the facts that ship with facter related to this don't do anything that couldn't be rewritten in shell
<Daviey> zul: ?
<zul> doesnt matter to me really python or something else
<Daviey> zul: can you comment on, "   - (We will need to do that anyway) "
<zul> Daviey: ah i mean we are going to have to add the security bits anyways
<Daviey> zul: on the pad please :)
<Resistance> Daviey:  i'm curious why you posted the etherpad link if you want only specific people to read it :P
<Resistance> ;P
<smoser> DATA LOSS!
<Daviey> Resistance: that is not the case, but i want those that are inputting data to identify themselves.
<smoser> awesome!
<Resistance> i see.
<Daviey> smoser: blame jamespage
<zul> but jamespage is awesome
<smoser> good thing htat iddn't happen at UDS.
<jamespage> DATA LOSS == 'User Error'
<smoser> if this was written in go, it would have rocked.
<Daviey> it's a feature, called garbage collection, right jamespage ?
<zul> smoser: hehe
<jamespage> 'User Error' == 'Smoser Error'
<Resistance> Daviey:  so i suppose that random users who want to lurk the data are kicked? ;P
<jamespage> Daviey: well I guess most things smoser writes are garbage so you might be right :-)
<smoser> this is all quite true
<Resistance> lool
<Daviey> Resistance: no.. not at all
<Resistance> Daviey:  so if I were interested in lurking the data, i wouldnt be kicked when i attempted to lurk?  ;P
<smoser> jamespage, enable chat on etherhpad on ubuntu.com
<jamespage> lol
<adam_g> is the plan to extend cobbler to store the hw data we gather at first boot?
<zul> adam_g: yes
<adam_g> can we add the pad what we plan on gathering and storing?
<Daviey> Resistance: no.
<adam_g> Oops! A server error occured. It's been logged.
<smoser> ok
<adam_g> jamespage: ^ ?!
<zul> adam_g:  i dont see why not
<smoser> right
<smoser> at least the error has been loged
<smoser> logged
<smoser> we may have lost all your data
<smoser> but we logged an error
<adam_g> smoser: you want to email support@etherpad.com or shall i ?
<Daviey> Resistance: although, i'm always apprehensive of those that hide their id.
<smoser> do you think they can restore the data ?
<jamespage> I think that would be your best course of action
<Resistance> Daviey:  true.  Granted, my etherpad ID is still in there from UDS... shows up as Resistance (irc) or EvilResistance (irc)
<zul> adam_g:  macaddr, cpu, cpu_core, arch, nics, mem, etc, etc
<Resistance> because i remoted in for UDS :P
<Daviey> Resistance: were you at UDS?
<Daviey> ahh
<Resistance> Daviey:  no i remoted in
<adam_g> zul: etc etc is what im interested in getting down. :) to see if theres antyhing we can't get from  /proc and /sys
<Daviey> Resistance: is this something which interests you?
 * Resistance wishes he was at UDS though
<Resistance> Daviey:  no, but i was just curious what you'd do ;P
<Resistance> and i agree with you, people hiding their IDs are evil
<Resistance> :Lp
<smoser> wwDWd
<Daviey> adam_g: I think everything can be grokked from /proc, /sys or parsing dmesg
<zul> adam_g: right....problem is we have to to take arm into account as well
<Daviey> zul: arm exposes all 3 of those data entry points :)
<smoser> Daviey, of course, its all easy.
<zul> Daviey: not if we want to use dmi info ;)
<smoser>  i was actually just thinking that using /bin/sh seems like overkill to me for reading through /proc /sys and such.
<adam_g> Daviey: zul if thats what we need to do, we can depend on some shell scripts to aggregate all of that information somewhere, and cobbler-enlist to post it back to orchestra
<smoser> i was thinking i'd re-write a library of C functions like strlen and strdup and such
<smoser> and then use that
<zul> adam_g: yeah that sounds simple enought
<zul> smoser: bleah
<smoser> it can't be that hard to re-invent things, can it?
<smoser> </sarcasm>
<Daviey> smoser: we don't have that many options, really.
<smoser> so, reading data about the system from /proc /sys, "should" be easy
<adam_g> how about: shell to gather system information, dump it in a file or directory, preseeded cobbler-enlist runs with an option to read its arguments from that file, posts back the information thats there
<smoser> the fact is that things arent ever easy
<Daviey> smoser: I'm not saying easy, but for the limited data we require.. not overly hard to do in shell.
<smoser> you will find that what you get is not consistent or complete across systems by different manufacturors
<smoser> and then you'll start to account for those things
<smoser> and then you'll realize that facter (or other tools) already did those things
<smoser> and thats why they exist
<Daviey> smoser: okay, i think we need to review the "other tools"
<smoser> and then you'll decide that it wa
<Daviey> facter really can't be an option, due to being ruby - which we have in neither d-i env or too much to put in a fat image
<smoser> i'm largely just guessing. it may be that the kernel magically makes everything easy
<smoser> but i really doubt it.
<Daviey> smoser: well parsing text files is almost as bad as screenscraping, i see that
<adam_g> quickly peaking at facter.. its designed to be portable among different OS's. but for its linux purposes, its just parsing the standard places (/proc/cpuinfo, /proc/meminfo, etc)
<Daviey> it's not like i can say cpu = kernel.give-me-metric("cpu"), and get reliable output.
<smoser> well, you can parse all that garbage on the server side if you want
<smoser> which  makes it easier
<Daviey> There is a python fork of facter, but that was less than clean
<Daviey> (we don't have python in d-i env either)
<zul> hdt-project.org but uses dmi info
<Daviey> smoser: post a blob back, and parse it in python via cobbler?
<Daviey> zul: we ruled out hdt for being the worst of both worlds, no?
<zul> Daviey: yeah but do we really need dmi info
<Daviey> zul: don't think so
<smoser> that is what i was suggesting, yes.
<zul> then i think it should be back on the table
<smoser> essentially: tar -C /sys cvzf - . | post-to-cobbler
<Daviey> smoser: well, we are modifying the api regardless.. so either way works for me
<Daviey> it does seem somehow cleaner to post params, rather than a blob.. but shrug
<Daviey> zul: but what advantage?
<zul> Daviey: that it already parses the information already?
<Daviey> zul: it gives us the worst of both worlds.
<Daviey> It's C, so speed of development is slower than Python.
<Daviey> It requires writes for tftp, so insecure.
<Daviey> we could extend the fake cobbler tftpd service for this.
<Daviey> but it seems we have neither the free enviroment of d-i, or the fat image benefits.
<adam_g> looking at facter some more, theres no reason why its linux-specific (or ubuntu-specific) functionality couldnt be easily reproduced easily in shell. im interested in lookin at other solutions as well, but i suspect its all the same
<zul> Daviey: gotcha
<Daviey> adam_g: the python fork just parsed those files, looked hacky
<Daviey> smoser: why do you feel posting back a blob is better than individual calls?
<Daviey> and parsing in the client?
<adam_g> Daviey: im not sure what other / better ways there are
<smoser> well if the client is d-i, then the parsing that stuff is just going to be more painful than it would be on the other side.
<smoser> if collecting the data is simply just grabbing some directories, then just grab those, and parse on the server where you have some sane programming language.
<smoser> you may even be able to trick facter into thinking that it is looking at that data
<smoser> or somehow otherwise hijack stuff.
<Daviey> adam_g: I think it is the best way, but my memory of the python fork was done hacky.
<adam_g> http://paste.ubuntu.com/738553/
<smoser> well, clearly, re-implementing it in sh is not going to be hacky!
<smoser> :)
<Daviey> smoser: so, parsing in python will be safer than parsing in busybox shell, is your thought?
<smoser> s/safer/easier/
<smoser> faster
<adam_g> i agree with smoser that parsing macaddr's out of 'ip addr list' is easier in python (or other)
<smoser> i've parsed macaddrs out of ip addr before
<Daviey> adam_g: the reason i wrote the mac address stuff in C was to avoid doing it in sh.
<Daviey> That is done.. so not a concern.. the other parts have similar concerns?
<adam_g> Daviey: if we standardize on something (shell, python on the server-side, whatever) i'd like to use that for macaddrs (instead of ioctl) as well as everything
<Daviey> I agree with that.
<Daviey> I am leaning towards it being easier to grok this data in shell, than add a parser component to cobbler.
<zul> oh hell yes
<zul> im afraid of adding bloat to cobbler as well
<Daviey> smoser: are you still leaning towards fat image vs d-i ab(using)?
<smoser> how would it be easier to grock this data in shell than add a parser compenent to cobbler?
<smoser> you're posting this somewhere
<smoser> the thing that takes the post can store the whole blob and then parse it in python
<smoser> the d-i abusing is really going to basically depend upon everything you want being available via /proc or /sys. anything more complex than that is going to get difficult.
<smoser> ie, like getting dmi, or some other bits.
<adam_g> which is why we should create a definitive list of everything we need to gather, to see what is easily available and what is not
<smoser> +1
<zul> +1
<adam_g> zul: are you planning on upstreaming cobblers hw inventory stuff?
<Daviey> smoser: grocking in shell is a standalone script, integrating this in cobbler will require more thought to make sure the workflow is followed
<Daviey> zul has shown that adding simple single fields is pretty straightforward.
<smoser> if you can add a simple single field
<smoser> then you add one that is "sysinfo-dump"
<smoser> you store in that a hex dump of what you got
<smoser> then you additionally populate whatever other fields you were going to add anyway
<zul> its easy for a single field probably a bit more work to store the sysinfo-dump
<smoser> why?
<smoser> its 1 field
<smoser> is there something particularly difficult about the string s-y-s-i-n-f-o ?
<zul> parsing the info and storing them on how cobbler stores them
<smoser> cobbler has some entry point to which "field" is posted.  you just handle that field (sysinfo-dump) by populating it and others.
<smoser> but maybe i'm missing something.
<zul> smoser: cobbler only has the ability to store a single field afaik
<smoser> what?
<smoser> <Daviey> zul has shown that adding simple single fields is pretty straightforward
<zul> smoser: i dont think it has the ability to store large chunks of info
<smoser> i'm only proposing adding a single field.
<smoser> i dont really care.
<zul> anyways
 * adam_g lunch
<Daviey> hmm
<Daviey> i walk away for 2 mins, and it falls apart :)
<Daviey> smoser: are you suggesting that the sysinfo is stored as a blob long term, and cobbler internals parse it on demand.. or parse it when first posted back?
<smoser> i was suggesting you store it long term just because there is no reason to throw it away
<smoser> but it would clearly not make sense to parse it on demand if it doesnt change
<Daviey> smoser: so when object foo is called, if it = None, it parses it and inserts it?
<Daviey> smoser: i missed your reply stating if you were still in the fat image, or d-i abusing camp.. did you comment?
<smoser> i was just suggesting the time when it is posted back, you go thorugh and update all the dpenedent fields and store it.
<smoser> i think that you're going to end up re-examining "fat image" either sooner or later.
<smoser> but i dont know which.
<smoser> i think the first thin gyou should do is decide what you wan tto collect, as adam_g suggested.
<smoser> if you can get all that from /proc and /sys then it makes sense for the moment to go with that.
<Daviey> So... Disk quantity and size, number of cpu cores, memory, arch .. i'm not sure there is anything else we /need/ is there?
<smoser> i dont knwo. people have mentioned dmi info.
<smoser> what is the stated goal of this exercise ?
<smoser> to be able to categorize a machine into some bucket similar to 'm1.small' 'm1.large' and the like ?
<Daviey> smoser: So the data can be manipulated to make decisions how how to install the boxes.
<Daviey> smoser: yeah, basically.
<Daviey> but i don't think it can be abstracted so closely to ec2 style strings.
<smoser> well, fwiw, amount of disk is almost certainly insufficient for actually classifying stuff.
<smoser> i'd suspect that you care more about the speed or reliability of disk than the size
<smoser> or at least sometimes you do
<Daviey> smoser: it's really for determining if the machine has lots of storage or not.
<Daviey> 10G vs 10TB. :)
<smoser> but thats almost certainly not enough informatoin
<smoser> isn't it?
<Daviey> smoser: I think it's /enough/ for 12.04.. agree?
<smoser> well, it depends.
<smoser> maybe it is.
<smoser> but if my goal is to let juju take control and dynamically decide whihc is a node and which is a api server or volume server, it sprobably not enough info
<smoser> right?
<smoser> wouldn't you need to know much more about what its connections are?
<smoser> i guess that'd be hard to get anyway
<Daviey> smoser: I think that is a >12.04 target really.
<zul> it all depends on what info you want and how you store it
<Daviey> well yes.
<Daviey> roaksoax: Currently we have an admin user where we give out the creds freely.  What do you think about adding a user flag, which makes it so the user can only add/edit the same mac machine?
<Daviey> perhaps the password for the user would be the mac address?
<roaksoax> Daviey: From my point of view cobbler's user password should be set on install
<roaksoax> Daviey: maybe orchestra can then handle the creation of another user
<roaksoax> Daviey: cause, the password for cobbler user is encrypted so it is not publicly available to anyone
<roaksoax> is it?
<Daviey> roaksoax: yes, but for a remote enlistment service we need to give it away like free beer.
<Daviey> which, as you can understand, is less than cool
<roaksoax> Daviey: right, well cobbler has a feature on which you can add owners to certain stuff, i.e. add an owner for a system
<roaksoax> but that system I believe has to be added first
<roaksoax> Daviey: now, when registering remotely, we need to provide admin/user password in order to, obviously, add a new system
<Daviey> roaksoax: yes, but i was wondering about extending to have a user setting that only allows it to add/edit it's own mac addresses
<Daviey> not entirely secure, but /better/ than what we have atm
<Daviey> Unless you have a better plan?
<roaksoax> Daviey: afaik, you need the administrator user/pass (cobbler) to add systems, but you can have owners of the system that can only edit values within systems for example
<roaksoax> Daviey: from cobbler wiki: "If you want to control which users/groups can create objects, this will probably require modifying the python authz_ownership implementation slightly -- see the "Customization" section for more details. I am open to proposals on what this may require, though in general, it's important to remember the purpose of the ownership module is to help the users perform the tasks they need to do -- if they are being annoying an
<roaksoax> Daviey: https://fedorahosted.org/cobbler/wiki/AuthorizationWithOwnership
<roaksoax> Daviey: so what you are looking for is just an authentication module that allows adding systems only?
<Daviey> roaksoax: are you following what i am saying?
<Daviey> really yes, a module that only allows adding/removing of their own system
<Daviey> Having 100000's of users isn't a good idea
<smoser> Daviey, so above, i think that we should go forward with d-i scraping of /proc and /sys
<smoser>  * get a list of all the data we want to have
<roaksoax> Daviey: right, but if you add a user that can add/remove their own sytem, is having 1 user per syustem, which isn't good idea as you say
<smoser>  * start some little script to collect it
<smoser> my leaning towards collecting a ton of info and saving it off to the server was because we're almost certain to throw away useful information when we grab it in /proc or /sys in shell
<smoser> but if we throw it all to the server it is at least there later for subsequent re-examination and improvement.
<Daviey> smoser: it's probably harder for us to SRU the client component.
<Daviey> [Dmeaning overposting is /better/
<roaksoax> Daviey: i personally don't see the point of adding a user that can add/remove its own system cause that would mean 1 user per system
<Daviey> roaksoax: I was wondering about a virtual user, where the password is the mac address or something?
<Daviey> thoughts?
<roaksoax> Daviey: but then it is a passwordless user then... cause... if it is gonna use its mac address (which cobbler does not know about), then it is the same as not authenticating at all
<lynxman> Daviey: roaksoax: smoser: hey guys, question for you, I have a broadcom USB 2.0 controller on a server and Oneiric doesn't detect any disks I connect to it (used to work in CentOS 5), doing lsusb shows the controller root hub being present, thoughts?
<roaksoax> lynxman: maybe there's no drivers for it
<roaksoax> broadcoms were always a PITA
<lynxman> roaksoax: yeah it's confusing because it shows up both in lspci and lsusb
<roaksoax> lynxman: yeah that's it most likely... i have always find problems with broadcoms
<lynxman> roaksoax: darn :/
<roaksoax> Daviey: what probably makes more sense is to have a user that can only add/remove system but can't access anything else
<roaksoax> Daviey: i.e. orchestra user
<adam_g> roaksoax: currently, cobbler-enlist makes creates a new system and then modifies it (to set its mac, name, profile, etc) not sure what that means for access control
<roaksoax> adam_g: yeah basically cobbler has 2 modules, authentication, and authorization
<roaksoax> adam_g: by default we use authentication is based on users on a config file
<roaksoax> and authorization is all users have access to everything
<Daviey> where did lynxman go?!
<roaksoax> adam_g: there's another module on which allows the definition of owners/groups bu that's only to edit things
<roaksoax> such as systems
<lynxman> Daviey: here o/
<roaksoax> adam_g: now, if we wanted to create a user that can *only* add systems, then, we would need to write a new authorization module
<lynxman> Daviey: still trying to solve this usb thing :)
<Daviey> lynxman: dmesg | pastebinit , pls :)
<lynxman> Daviey: yessir
<lynxman> Daviey: http://paste.ubuntu.com/738683/
<lynxman> Daviey: http://paste.ubuntu.com/738684/
<Daviey> lynxman: hmm
<Daviey> nothing interesting
<lynxman> Daviey: yeah, no clues at all except the disks not being detected
<lynxman> Daviey: which is annoying, used to work in centos5, and those are my backups
<Daviey> :(
<lynxman> indeed
<Daviey> lynxman: odd that ssh and apport exit non zero
<lynxman> Daviey: it was first boot, didn't reboot the machine again since its syncing glusterfs
<Daviey> ahh
<lynxman> Daviey: I should before going prod tomorrow...
<zul> Daviey: nak on the macaddr passwd
<uvirtbot> New bug: #890465 in puppet (main) "init script should cleanup environment" [Undecided,New] https://launchpad.net/bugs/890465
<Daviey> zul: negativity isn't that helpful, counter a suggestion with a better one :)
<zul> Daviey: if i only had one :)
<roaksoax> Daviey: 1 user that can only add systems
<Daviey> roaksoax: just add, or edit aswell?
<roaksoax> Daviey: add/edit/remove
<Daviey> roaksoax: is that secure?
<roaksoax> Daviey: well we would have to write our own authorization module...
<roaksoax> Daviey: secure as in the user won't have access to anything else within cobbler but it is the same approach as using the cobbler user
<Daviey> roaksoax: I'd like that to be a plan B... If we can come up with a better (secure) solution, i'd be overjoyed.
<roaksoax> Daviey: ok
<Daviey> roaksoax: If we think what UEC did.. The central server published it's ssh public key (discovered via avahi)), which the node added as an authorized_key, allowing the server to ssh TO the client to $do-stuff.
<Daviey> This wasn't ideal, but more secure than what we currently have.
<kirkland> jcastro: ping
<kirkland> jcastro: i'm releasing a byobu with a feature you requested :-)  I thought you might like to test it out
<roaksoax> Daviey: right, in this case we have a slightly different escenario as we are doing things over the API and doing it autmoatically, or manually, they both require user/password authentication, which is, in turn same level of security on both cases (auto registration/manual registration)
<Daviey> roaksoax: aye, but in the old scenario - a node couldn't fiddle with other nodes central registration.
<roaksoax> Daviey: right, but we can make this special user to only *add* systems and not allow it to edit/remove
<Daviey> roaksoax: but as adam_g said, we add a base profile, then edit it.
<roaksoax> Daviey: right, but isn't it better to add the profile with all the required information?
<roaksoax> Daviey: cause, how will this work. Are we having a bloated image PXE booted?
<roaksoax> Daviey: cuase, from my point of view, the "registration" process should already provide all the details we want to gather
<roaksoax> and should do in one step
<roaksoax> we can still have 1 user per system with password its mac address and as user its hostname
<roaksoax> but even so, the admin will hve to add the system first, and then assign the ownership
<Daviey> roaksoax: I might be mistaken, but i believe it has to be a multi-stage API process.
<roaksoax> Daviey: well I guess that will depend on how we are registering the system
<roaksoax> in the first place
<roaksoax> caus eif we use a bloated image then we can just acess the API once
<roaksoax> and that;s it
#ubuntu-server 2011-11-15
<roaksoax> by adding a system with all the necessary info
<Daviey> roaksoax: hmm, bloated or d-i, shouldn't make a difference
<roaksoax> Daviey: ok, so either way, we can only access the API once
<Daviey> roaksoax: I'm saying, that i'm not sure it can be achieved with one API call.
<roaksoax> Daviey: why wouldn't it?
<Daviey> roaksoax: I think you have to create the base object, then manipulate it.
<Daviey> (i'm not certain on this)
<roaksoax> Daviey: uhmmmm i haven't actually check that
<adam_g> roaksoax: we first create a new system, then modify it a number of times (set its name, profile, mac addrs, etc)
<roaksoax> I'll have to look into that
<adam_g> followed by a call to save_system
<Daviey> adam_g: Is your understanding that you have to do it that way aswell?
<roaksoax> right but the authentication is only done once, isn't it?
<roaksoax> ahh noo
<roaksoax> never mind
<Daviey> roaksoax: yes, but...
<roaksoax> everytime we pass the token
<Daviey> you auth once, but get returned a token which you use forever more
<roaksoax> yep, multiple calls with a token
<roaksoax> Daviey: well what i just thought of is that maybe, that token should only authorize the modification of the newly added system
<roaksoax> since I pressume that those tokens are unique per authentication
<roaksoax> and used per authorization
<Daviey> roaksoax: As we use TCP, we could do ACL based on source IP address to match to a system profile?
<adam_g> Daviey: AFAICS, yeah.. thats the reqquired workflow for creating a new system with the parameters we want. im not sure how 'new_system, modify_system, modify_system, save_system' translates on the other end, in terms of authentication/authorziation
<Daviey> adam_g: annoyingly (as i've guessed you noticed), debugging server side is less than fun.
<roaksoax> Daviey: or somehow match the passed token with the system id being passes based on the token used on creation time
<Daviey> I'm not sure that helps TBH.
<roaksoax> Daviey: nor do I, just and idea
<Daviey> roaksoax: Keep 'em, ideas, rolling out.
<adam_g> roaksoax: is there anything equivilent to early/late_commands that get executed server-side before/after a machine is provisioned?
<Daviey> adam_g: what are you thinking?
<adam_g> Daviey: just daydreaming... generating per-machine client certificates, shipping those in the preseed, and then revoking after the node has phoned home, or a timeout expired
<Daviey> adam_g: at the very least, http://cobbler_host/cblr/svc/op/nopxe/system/$system_name could probably be made wider with a hook
<Daviey> ie, the late_command to disable pxe after install.
<Daviey> I wonder if storing a hidden data value, such as machine serial number and using that to validate against is viable.
<Daviey> ie, you'd probably only know that if you have access to the box, confirming you are the mac address owner.
<Daviey> still not clean IMO.
<adam_g> Daviey: authing based on mac address seems tough since cobblers never seen the machines mac until cobbler-enlist is run, no?
<Daviey> adam_g: Yeah, it would require more complexity to work around that.
<SpamapS> save me some backscroll.. what problem are you guys looking to solve?
<SpamapS> other than Daviey's insomnia?
<Resistance> they want to solve why the universe exists
<Resistance> :P
<Resistance> lol i kid
<SpamapS> we did that last year.. 10.10.10 ;)
<Resistance> SpamapS:  they wanted to solve why the OTHER universe exists :p
<twb> Resistance: it exists because Canonical are too tightarse to provide support for the vast majority of packages they steal from Debian
<twb> adam_g: also MACs can be spoofed trivially and are inherently discoverable
<Daviey> twb: Is that really a helpful comment?
<twb> adam_g: at least, unless you operate a prison like me, where you can dictate physical access :-)
<Daviey> SpamapS: Currently there is a shared username:password we need to give to everyone that asks for it.. not secure.
<twb> Daviey: maybe not, I didn't read much scrollback
<Daviey> adam_g: We could have a profile just for adding new systems, and then disown it from that user blocking further updates.
<Daviey> (post save_system)
<twb> Daviey: you're PXE-installing arbitrary h/w, and want to match the preseed (&c) to the h/w model?
<Daviey> twb: no, we have a minimal boot enviroment that will be booted when a new server is racked (provisioning server doesn't yet know about it), it posts back mac address and other data via an xmlrpc api
<Daviey> currently the api user has full admin access.
<twb> Eek
<SpamapS> Daviey: so the u:p that is used to save systems.. is also capable of doing other damage?
<Daviey> As we ship the creds via a preseed on first boot, everyone can get the creds to the server
<SpamapS> Daviey: I don't know if thats really such a huge concern.
<twb> Why can't that specific API call be anonymous?
<patdk-lap> dunno if you want people anonymously adding new systems
<Daviey> twb: well in part, it is a privildged operation as adding a system requires multiple API calls.
<SpamapS> anonymously adding systems is still quite dangerous
<Daviey> That is, add a new system - then add data about the system
<Daviey> If it's purely anon, then anyone can edit any profile.
<twb> But surely the call is informative only -- it's not making changes to the system
<Daviey> well it is, because you need to do a >1 stage process.
<twb> "Hi my name is Fred I have mac xx:xx.. and I am a pizza box"
<Daviey> Add system Fred.
<Daviey> Fred mac address is xx:xx
<Daviey> Fred you are a pizza box
<Daviey> That is 3 API cals.
<Daviey> calls*
<twb> Sounds to me like the right thing is to change the API
<twb> or s/change/extend/
<Daviey> Well... something we can do, is have a registeration user.
<Daviey> Add system Fred, owned by reg_user
<Daviey> Fred Mac address is xx:xx.
<Daviey> Fred, add more data
<Daviey> save()
<Daviey> Fred is now owned by !- reg_user
<patdk-lap> you lost me 20 fred's ago :)
<SpamapS> Daviey: this is considered purely a time-saving operation for the admins right, admins still need to confirm these systems.
<Daviey> So the shared user/pass for reg_user cannot make further changes to that profile.
<twb> So the first operation creates fred and at the same time sets up bidirectional authentication based on some secret and/or keys to which the default preseed isn't privy?
<Daviey> SpamapS: well default yes, but it should be optional.
<SpamapS> I'm just concerned that there will be an instance where systems are accidentally put into the provisioning VLAN and .. whoops.. reboot and it gets blanked.
<Daviey> twb: well the first API call is to auth with a plain user:password, which returns a token object which is used on all further API calls for that session
<Daviey> SpamapS: well yes, which is why it needs to default to manual.
<Daviey> Use case being plugging my laptop into the LAN and rebooting :)
<Daviey> That would make me somewhat upset.
<twb> Turn off PXE on your laptop them :P
<patdk-lap> you have pxe boot by default on your laptop?
<twb> patdk-lap: I used to
<SpamapS> so manual in that all this will do is boot, register, reboot into the manual "boot from disk" menu.. ok
<Daviey> twb: never! :)
<Daviey> SpamapS: yeah
<SpamapS> Right ok, so yeah, if there were an API call which would allow you to give away your ownership to another user, that would solve the issue would it not?
<Daviey> I think currently the best plan is disowning a system from a minimal prived shared cred user when it is enlisted.
<SpamapS> essentially, do all the bits with fred, then change owner to "admin" and when save returns, you can no longer touch the machine
<Daviey> SpamapS: yeah, i'm not sure there is an xmlrpc query for it.. but it's certainly supported via the cobbler pythonic api - so might be easy to expose if it doesn't already
<SpamapS> This would still allow malicious abuse of the cobbler system by a single node on the provisioning network though.
<Daviey> SpamapS: well it would allow someone to add a bazillion systems
<SpamapS> Exactly
<SpamapS> So perhaps another enhancement is to add user quotas.
<Daviey> I'm not what we can do about that
<SpamapS> and have the reg user limited to 100
<SpamapS> That would be a fairly straightforward change I think.
<Daviey> well that wouldn't stop them disowning, and adding to the admin pool.
<SpamapS> admin would also have 100 quota
<SpamapS> or at least, a sane quota that they could raise themselves
<Daviey> SpamapS: we could ARP lookup the mac address as an isValid() validation check.. but perhaps that is overcomplicating.
<Daviey> err, scrub that
<Daviey> i'm tired.
<SpamapS> can spoof that
<SpamapS> yeah you're not supposed to be around at my EOD :)
<SpamapS> this is usually when we make fun of you
<Daviey> SpamapS: I could make the same comment to you, most days :)
<Daviey> err, my SOD.
<Daviey> SpamapS: How is that cobbler precise upload looking? :)
<Daviey> Right, /me goes AWOL.
<Daviey> nn
<SpamapS> Daviey: zul promised to look at rbasak's changes and mine as well
<Daviey> SpamapS: zul is the reason i don't have a pony.
<SpamapS> He's also responsible for you losing your cookies via jackass is he not? ;)
<Daviey> SpamapS: no comment..:)
<zul> SpamapS: that was a classic
<uvirtbot> New bug: #890501 in cloud-init (main) "EC2 cloud-init overwrites 127.0.1.1 in /etc/hosts on every reboot" [Undecided,New] https://launchpad.net/bugs/890501
<flickerfly> I have a LAMP/SSH server I just installed today. I've been unable to login via the console. I have been able to login from ssh, when I try to change the user password, it gives the error "passwd: Authentication token manipulation error" after entering the first password. I don't even get to confirm it. Any idea what's going on?
<ChmEarl> flickerfly, is your user in the admin group? type groups
<flickerfly> yes
<flickerfly> it is actually the user the installer created, but I just checked to be sure
<ChmEarl> sudo passwd <UN>
<flickerfly> so the password change worked, but I still can't log in at the console
<flickerfly> I can still login with ssh with the new password
<flickerfly> Nov 14 19:03:47 portal login[8651]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost=  user=username
<flickerfly> Nov 14 19:03:50 portal login[8651]: FAILED LOGIN (1) on '/dev/tty1' FOR 'username', Authentication failure
<ChmEarl> flickerfly, sudo usermod -s /bin/bash <UN>
<ChmEarl> in case the shell is wrong
<ChmEarl> if the shell is OK, nm
<flickerfly> shell is good
<flickerfly> I just grep'd /etc/passwd to be sure
<twb> flickerfly: pastebin output of this: egrep -v '^[[:space:]]*(#|$)' /etc/pam.d/common-* /etc/nsswitch.conf
<qman__> have you changed the hostname?
<flickerfly> no hostname change
<qman__> in sshd.conf, PermitRootLogon is Yes by default, but if you have changed that to No, root can't log in over shell
<flickerfly> qman__: http://pastebin.com/uEjyPtJV
<twb> flickerfly: do the same for /etc/ssh/sshd_config as well
<flickerfly> I'm not trying to login root, ssh is working fine
<flickerfly> it's the console that fails
<yaboo> trying to setup a ssh tunnel and getting the error open failed: administratively prohibited: open failed
<yaboo> any idea why
<twb> flickerfly: the files you pasted look fine to me
<twb> flickerfly: "ssh works" -- works with password, or key, or both?
<flickerfly> ssh works with password, I haven't transferred keys or anything like that yet. This is a very fresh install.
<flickerfly> here is the sshd_config: http://pastebin.com/VfmCu7V7
<twb> I can't see what would be wrong
<twb> If you create a new user (adduser) can he get in?
<twb> Maybe the account is locked -- check "getent shadow fred" FSVO fred -- but don't paste that because it contains the password
<flickerfly> the user can get in via ssh so the account isn't locked
<yaboo> flickerfly, I am able to telnet localhost port 10162, that the ssh tunnel works on and get the telnet prompt of the service
<yaboo> two setup sshd_config looks on have PermitTunnel, AllowTCPForwarding
<qman__> yaboo, administratively prohibited means one of two things that I know
<qman__> either you're trying to bind to a port < 1024 on one end or the other, which is not allowed as a non-root user
<yaboo> but when I do a snmpwalk it fails and does the administratively prohibited
<yaboo> qman__, using port 10162
<qman__> or you're using a user account which is not allowed in sshd.conf to tunnel
<qman__> one one end, what about the other?
<yaboo> qman__, how can I check this, something new to me
<qman__> paste your ssh line used to create the tunnel
<qman__> by default, all users are permitted to do this, but if you implemented any SFTP-only or other restrictions you probably disabled it
<yaboo> su - cactiuser -c "ssh -f -N -g -p 22 -L 10162:localhost:161 cactiuser@remotemachines"
<qman__> there yo ugo
<yaboo> have setup snap to be tcp port, can telnet to the port
<qman__> 10162:localhost:161
<twb> yaboo: ow
<yaboo> can snmpwalk on the remote machine
<qman__> port 161 is < 1024
<qman__> and requires root to bind to
<yaboo> but 161 is the remote machine
<qman__> doesn't matter
<yaboo> but it works for another tunnel
<twb> qman__: not the way he's using it
<twb> qman__: he's binding to 10162 locally and connecting to 161 remotely
<yaboo> yes
<yaboo> twb ok how do I get around this
<twb> qman__: I do that all the time with e.g. ssh -fNL 8080:www:80 example.net
<twb> qman__: I'm not root there
<qman__> ah, I misread it
<qman__> you're right
<twb> qman__: easy mistake
<qman__> I was thinking the opposite direction
<twb> qman__: the mnemonic is that you write "www:80" not "80:www"
<qman__> because that's what I have to do to set up backuppc tunnels
<twb> yaboo: don't use -g or -p 22 unless you actually need them
<yaboo> twb ok
<twb> yaboo: also safer to use 127.0.0.1 because localhost might not resolve
<yaboo> ok -g and -p gone
<yaboo> and localhost changed to 127.0.0.1
<twb> yaboo: is the ssh client running 4.8 or higher?
<twb> yaboo: if so try ssh -w 127.0.0.1:161 cactiuser@remotemachines, see if you can interact with it at all
<twb> Also if cactiuser has /bin/false as his login shell, su - will do the Wrong Thing; sudo -u will not.
<yaboo> two try the ssh as the cacti user?
<twb> It's "twb"
<twb> And I don't really care who you ssh as
<yaboo> twb get bad tun device
<twb> Hang on
<twb> Sorry I meant -W not -w
<yaboo> trying now
<flickerfly> another piece to this puzzle, if I create a new user and try to login to the console as this user, it fails the same way.
<qman__> flickerfly, I'm going to guess your issue is a hardware one
<flickerfly> I'm dealing with a virtual machine here
<qman__> if it works over SSH, but not locally, and it's failing authentication, it's quite likely the password is not being entered as you think
<ChmEarl> flickerfly, xen?
<flickerfly> vmware
<twb> qman__: ah, like his caps key is down or some shit
<twb> qman__: or he is typing dvorak but the VM is reading it as qwerty
<qman__> yeah, or broken keys, but in the VM world, it's more likely a failure to map keys correctly by the VM software
<twb> vmware needs to die
<flickerfly> twb: I have to type the username so those problems present themselves
<flickerfly> Yeah, not real thrilled with vmware, but that's not my choice
<twb> flickerfly: I'm out of ideas
<flickerfly> ok
<flickerfly> maybe I'll just have some windows qwerty user try it tomorrow then
<flickerfly> perhaps there something amiss in the whole RDP -> vSphere stuff
<yaboo> two its just hangs at the moment after I type the password
<flickerfly> I've been cursing RDP all day for it's breaking my dvorak keyboard :-)
<flickerfly> thanks for the ideas folks
<twb> flickerfly: rdesktop takes a -k option
<flickerfly> Yeah, but I'm on a mac because of the VPN software
<twb> flickerfly: cisco?
<flickerfly> no Watchguard
<flickerfly> It is OpenVPN based, but I haven't taken the time to derive the config and all.
<twb> Ugh, not sure what they- ah, OK
<flickerfly> That part doesn't pay :-)
<twb> It should be trivial and then you wouldn't have to use OS X
<yaboo> twb I think the previous command you gave me failed I typed in the password on the remote machine and no command prompt so far
<twb> -W connects stdio to that port
<twb> like netcat
<flickerfly> Yeah, once the deadline is sunk, I'll probably give it a look, but I think there is a hitch because it downloads a new config each time it connects and this changes frequently. I wonder if they are expiring certs fast or something
<twb> flickerfly: more likely just poor design
<yaboo> ok two, so I make a connection
<twb> flickerfly: analyse the configs they are probably mungable
<flickerfly> twb: perhaps you are right
<yaboo> twb so I guess the point of the above command proves.
<yaboo> thanks for the help guess you guys are out of ideas also
<yaboo> two worked out the issue
<yaboo> GatewayPorts yes needs to be set
<twb> yaboo: ok that's odd
<twb> yaboo: ah, you only need that for -g
<twb> yaboo: you should not be using -g unless you have a firewall on the ssh client side
<yaboo> two the other side has a firewall
<twb> That doesn't help
<yaboo> sorry btw yes have firewalls on both sides so need the -g
<twb> If you use -g, then everyone on your local network can access that port
<yaboo> two I am the only one on the machine who has access to the port
<twb> not machine, NETWORK
<yaboo> twb ok so leave the -g out then
<twb> For example suppose you do "twb@example.net$ ssh -fNL 8080:secret.google.com:80 ssh google.com"
<twb> That exposes secret.google.com:80 to all users on example.net
<twb> If you add -g, it exposes that port to all users on *.example.net
<yaboo> two makes sense
<yaboo> so I avoid the minus g
<twb> Yes, unless of course you need to, in which case do it but lock it down
<yaboo> twb true
<twb> Grah
<twb> Stupid cut-down ubuntu busybox
<twb> no less, no vi, more doesn't actually wait after each page.
<twb> I'm stuck using sed -n 1,25p scripts/casper to read the bloody script
<twb> And the ramdisk is twice the size of the debian one anyway because of stupid useless plymouth
<twb> And flipping casper seems to work with a partitioned, FAT32 USB key, but not an unpartitioned extlinux one
<twb> Er, unpartitioned ext2 one
<twb> >rage<
<twb> In other news, it looks like SOEs built with latest lucid-updates & -security no longer detect PS/2 mice
<twb> *my* SOEs, that is
<twb> pub time
<KaZeR_W> hi there
<KaZeR_W> is this the right place to get help with preseed? i can't get it to honor some directive (e.g. do not ask for keyboard configuration)
<_ruben> KaZeR_W: #ubuntu-installer is probably a slightly more apropriate place
<_ruben> KaZeR_W: but keyboard config can't preseeded, it can be kickstarted tho
<_ruben> i have it specified on my tftp boot cmdline
<KaZeR_W> _ruben, i have is specified too, but it still asks for it. currently i have : "append initrd=ubuntu-server/initrd.gz priority=critical locale=fr_FR url=http://10.151.2.201:4568/ks/00:50:56:ba:00:17.ks auto=true locale=fr_FR console-setup/layoutcode=fr console-setup/ask_detect=false netcfg/choose_interface=eth0 debconf/priority=critical --"
<KaZeR_W> i'll ask in #ubuntu-installer too, thanks
<_ruben> let's what i have specified
<KaZeR_W> _ruben, ? did you mean let's see ?
<_ruben> KaZeR_W: yes, and something came up and i forgot i was gonna take a look :)
<_ruben> append ramdisk_size=14984 debian-installer/locale=en_US console-setup/layoutcode=us url=http://.... vga=normal initrd=lucid-i386/initrd.gz --
<_ruben> debian-installer/locale versus locale probably will do the trick
<KaZeR_W> thanks _ruben trying right now
<koolhead17> hi all
<KaZeR_W> _ruben, still the same. my append line now read as "append initrd=ubuntu-server/initrd.gz priority=critical debian-installer/locale=fr_FR auto=true console-setup/layoutcode=fr console-setup/ask_detect=false netcfg/choose_interface=eth0 debconf/priority=critical --"
<KaZeR_W> do i need to specify a url to get command line arguments to be taken in account?
<_ruben> only reason i can think of if it still asks for keyboard stuff, is that either fr_FR and/or fr aren't valid values
<KaZeR_W> the french keyboard is preselected in the keyboard selection menu, but it still asks
<_ruben> i dont specify ask_detect, might be interfering (perhaps it's reverse boolean for instance)
<KaZeR_W> interesting : using append initrd=ubuntu-server/initrd.gz priority=critical debian-installer/locale=en_US auto=true console-setup/layoutcode=us console-setup/ask_detect=false netcfg/choose_interface=eth0 debconf/priority=critical it doens't ask for the keyboard
<_ruben> which gets us back to my idea of fr_FR and/or fr being wrong :)
<KaZeR_W> indeed :)
<KaZeR_W> i'll try to pinpoint which one it is exactly
<koolhead17> zul: hey
<koolhead17> lynxman: howdy
<_ruben> KaZeR_W: select it by hand and use the debconf tools to figure it out :)
<KaZeR_W> _ruben, console-setup/layoutcode=fr works so i guess it's debian-installer/locale
<_ruben> KaZeR_W: simple solution: don't use localized stuff ;-)
<KaZeR_W> _ruben, yes :)
<BuddyOfBuddy> Hello I am using amazon cloud   on ec2...I am try to enable pawword based login in ssh
<_ruben> why reduce security??
<BuddyOfBuddy>  so I set /etc/ssh/sshd_config -> PasswordAuthentication yes
<BuddyOfBuddy> and sudo /etc/init.d/ssh restart
<BuddyOfBuddy> but it still not working
<BuddyOfBuddy> I get Permission denied (publickey).
<BuddyOfBuddy> _ruben:  bcos private key auth is pain in the ass
<maxb> PasswordAuthentication only applies to SSH protocol 1
<BuddyOfBuddy> i can connect from any where
<maxb> The similar method in protocol 2 is covered by KeyboardInteractiveAuthentication
<BuddyOfBuddy> so what should I do to allow password authetication
<BuddyOfBuddy> i cant find any setting like KeyboardInteractiveAuthentication in sshd_config
<KaZeR_W> _ruben, i'm giving up on trying to build the preseed myself. i'll try with the debconf tool once installed. thanks for your help
<BuddyOfBuddy> please let know how to gid rid of forced private key authetication torture
<BuddyOfBuddy> I need to login via password in ssh
<KaZeR_W> BuddyOfBuddy, which user are you trying to login as ?
<BuddyOfBuddy> i create a new user
<BuddyOfBuddy> I am trying login with it
<BuddyOfBuddy> even if try with ubuntu it give public ket denied error
<KaZeR_W> in fact i agree with ruben. using a private key is much better. what's wrong with it?
<uvirtbot> New bug: #541747 in asterisk "undefined modules in loaded-by-default modules" [Undecided,New] https://launchpad.net/bugs/541747
<BuddyOfBuddy> I need  to create lots of users in server ....I dont want waste my time create provate keys for every one
<BuddyOfBuddy> plus on natilus u just mount ssh using user name and password
<BuddyOfBuddy> private key is torture for me
<maxb> you're a poet and you didn't know it
<KaZeR_W> for user in john jane julie; do ssh-keygen -f ~$user/.ssh/id_rsa -t rsa; done
<maxb> Although really the users ought to be generating their own keys and never sharing the private half with the server
<_ruben> exactly
<BuddyOfBuddy> yeah in perfect world
<BuddyOfBuddy> but how to enable password based authetication ....is there a quick way
<BuddyOfBuddy> i want my freedom
<BuddyOfBuddy> :-)
<maxb> Enable KeyboardInteractiveAuthentication if not already enabled, configure user accounts with passwords and valid shells, that's it
<BuddyOfBuddy> in etc/ssh/sshd_config ? or some ther file
<BuddyOfBuddy> so set -> KeyboardInteractiveAuthentication  yes  in -> /etc/ssh/sshd_config  ??
<BuddyOfBuddy> ok resolved
<BuddyOfBuddy> thanks
<KaZeR_W> how can one generate a full preseed file for installing a clone of a server ? debconf-get-selections seems to report way too much informations
<KaZeR_W> and in fact some other informations are missing
<KaZeR_W> ok "debconf-get-selections --installer" seems to be what i need
<uvirtbot> New bug: #890649 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/890649
<Syria> Hello, Can I download files from server to a specific folder? like var/www
<Syria> using wget
<_ruben> cd var/www && wget ....
<Syria> _ruben:  Thank you.
<Syria> _ruben:  Is this correct? var/www && wget http://wordpress.org/latest.zip
<ersi> No
<ersi> you need to Change Directory by using cd first (cd stands for Change Directory)
<ersi> issue "cd /var/www"
<ersi> then wget latest of wordpress
<Syria> ersi:  Thank you.
<_ruben> then again .. downloading the latest wordpress zipfile into /var/www doesn't make much sense in the first place, but that's a different story ;)
<Syria> _ruben:  I have a lot of files that I want to donwload to the dir var/www that's why I wanted to know how. :)
<ersi> Syria: note that '/' in front of the path is like "C:" sort of in Windows, ie saying just var/www means one thing while /var/www means another. One is a absolute path, one is relative. If you're in the dir /home/syria/ and make var/www and downloads files there.. I'll be in /home/syria/var/www and not in /var/www :)
<Syria> ersi:  This is a new information to me thanks again.
<ersi> You're very welcome :)
<koolhead17> Syria, did you check ubuntu server guide
<Syria> koolhead17: Actually no.
<koolhead17> Syria, you should TBH :D
<Syria> koolhead17:  I will do that very soon, Thanks.
<koolhead17> Syria, https://help.ubuntu.com/10.10/serverguide/C/
<koolhead17> :)
 * koolhead17 wonders why server channel topic still points to 10.4 guide /o.0\
<ersi> It's very good, in my opinion. It covers a lot
<koolhead17> ersi, indeed :)
<ersi> koolhead17: probably for the same reason you linked the 10.10 one? :D
<koolhead17> ersi, very true
<ersi> The changes aren't *that* disturbingly great, but there is changes
<ersi> Syria: For the absolutely latest Ubuntu server guide, go to here instead: https://help.ubuntu.com/11.10/serverguide/C/ (Only thing that differs is the number 10.10 to 11.10)
<koolhead17> EricJ, typo i meant 11.10 :D
<koolhead17>  * ersi
<koolhead17> ersi, i donno if its policy to keep latest LTS on topic :D
<ersi> might be, would not be so strange
<Syria> The latest LTS is 10.04 right?
<filo1234> yes it is
<uvirtbot> New bug: #890362 in glance (main) "Should glance user's shell be /bin/false?" [Undecided,New] https://launchpad.net/bugs/890362
 * Daviey wonders if that is a question or a bug
<azzid> I have a broken disk in my server, I get alot of output to my console every time it tries to access the disk, how can I prevent the errors temporarily? I need to reconfigure mdadm, fail the disk and so on, but the screen is so full of errors I cant really work.
<azzid> probably a pretty basic thing, but I can't really formulate it to apply my google-fu
<ersi> azzid: 'reset' or 'clear' :)
<ersi> or doesn't that work over yer console?
<azzid> ersi: clear will clear what is currently on the screen, but the error keeps appearing like every other second so I need to redirect it somehow
<ersi> azzid: How about hopping over to another console?
<azzid> it follows me if I switch tty =/
<azzid> ssh is not affected, but the network driver is wrong so thoose sessions die after ~20 seconds
 * ersi hugs his serial console
 * koolhead17 kicks himself
<ersi> I think you're unfortunally in shit creek without a paddle, my good sir :|
<ersi> How about booting from another source, like a thumbdrive?
<ersi> (I know this'll probably be a PITA)
<filo1234> ersi: try tty --silent or --quiet
<hallyn> zul, what kind of assinine package do you have to write to fail update, then refuse --purge saying 'reinstall first'?  (yes, i'm blaming YOU for rabbitmq-server :)
<zul> hallyn: gah?
<azzid> ersi: seems im not all out of luck, while asking the question mdadm seems to have stopped bothering the disk, so now the console is usable again! =)
<azzid> filo1234: will try tty --silent if the screen starts fill up with crap again
<smb> hggdh, jamespage Hm, I fear we still will be asked about news on bug 790712. Cannot say I got anything. Is this still happening (might be worked around by more ram and none of us really notices)
<uvirtbot> Launchpad bug 790712 in linux "20110531 i386 server ISO: order 5 allocation failure during install" [High,Confirmed] https://launchpad.net/bugs/790712
<ersi> azzid: Huzzah!
<hggdh> smb: we did indeed work around by raising the default memory size of the VMs to 764 (from 512)
<hggdh> smb: I have been trying to reproduce it without success
<smb> hggdh, Hm, so what do you think. Should we close the bug for now until we trigger it again?
<uvirtbot> New bug: #890691 in rabbitmq-server (main) "rabbitmq-server won't upgrade or purge" [Undecided,New] https://launchpad.net/bugs/890691
<hggdh> smb: let me try one more time
<smb> hggdh, Sure. Or alternatively reset the memory value back to 512 for the automated tests and wait. At least that we can then use as the status update for our action? :)
<hggdh> smb: yes. I will update the bug
<jcastro> kirkland: sorry I missed your message about byobu
<jcastro> kirkland: also, I am sure this will be useful for something down the road: https://github.com/holman/spark
<kirkland> jcastro: heh, no worries
<kirkland> jcastro: neat;  jhunt has a branch with some of this in byobu
<jcastro> oh cool
<kirkland> jcastro: i need to revisit it now that we're on tmux
<kirkland> jcastro: it depends on utf8
<kirkland> jcastro: which is pretty broken in screen
<kirkland> jcastro: but works like a champ with tmux
<jcastro> woo
<mtaylor> kirkland: ping
<mtaylor> kirkland: have you noticed the new behavior of add-apt-repository?
<Daviey> mtaylor: The warning message?
<mtaylor> yes
<mtaylor> Daviey: sort of makes automation scripts, well, unhappy
<Daviey> mtaylor: automation, who uses THAT?
<mtaylor> Daviey: oh. silly me. I forgot.
<Daviey> mtaylor: does -y, not automated it?
<mtaylor> Daviey: shouldn't users who need that confirmation in oneiric be using the Ubuntu Software Center anyway?
<mtaylor> Daviey: it does - unless I'm writing automation scripts which also need to work on pre-oneiric
<Daviey> mtaylor: it's not silently ignored pre-oneiric?
<mtaylor> Daviey: OR - following any of the bazillion cut-and-paste instructions on installing software on the web
<mtaylor> Daviey: nope
<Daviey> *sigh*
<mtaylor> yup.
<Daviey> mtaylor: can you raise a bug?
<mtaylor> turns out ppa's are REALLY popular :)
<mtaylor> I was writing one right, but then thought I should ping somneone first
<Daviey> mtaylor: suggestions for a fix also welcome. :)  .. Perhaps respecting a env variable?
<mtaylor> Daviey: honestly, I would revert the confirmation
<mtaylor> Daviey: it has no real use in server environments
<mtaylor> Daviey: and in desktop environments, the recommended end-user interface is the software center
<mtaylor> although if it's got to stay - respecting an env var, or perhaps a config file which could be created via d-i preseed questions
<mtaylor> Daviey: and then we can just add that preseed option to the various standard preseed files that we use
<mtaylor> https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/890708
<uvirtbot> Launchpad bug 890708 in software-properties "Confirmation question is a UI regression breaking scripts" [Undecided,New]
<Daviey> mtaylor: I'm not entirely sure why it was added.
<mtaylor> Daviey: I don't either - although it feels like one of those times that desktop use cases intruded into the world of things that are highly used in server land
<Daviey> mtaylor: well -y was added for this use case, but i understand portability.
<kirkland> mtaylor: Daviey: haven't noticed, that's bad :-(
<mtaylor> kirkland: yeah, right?
<kirkland> mtaylor: totally a big pile of suck
<mtaylor> kirkland: should I write an inflamatory blog post? :)
<kirkland> mtaylor: scathing
<kirkland> mtaylor: :-P
<Daviey> mtaylor: sure thing, if you want it added to the bottom of the pile :)
<mtaylor> Daviey: the bottom of the pile of inflamatory blog posts I write? - I'm sure that pile is way to large for anything to get noticed on the bottom of it ;)
<zul> mtaylor:  ping, https://jenkins.openstack.org/job/nova-ppa/1342/console why is my email address used?
<kirkland> mtaylor: or, better yet, just ask mvo :-)
<kirkland> mtaylor: i bet mvo fixes it within minutes :-)
<mtaylor> zul: because?
<kirkland> mtaylor: can you jump into #ubuntu-devel?
<mtaylor> zul: looking
<kirkland> mtaylor: let's poke mvo about it
<mtaylor> kirkland: joining now
<zul> mtaylor: i just find it odd :)
<kirkland> mtaylor: i just pinged him there
<mtaylor> oh for shit's sake. my irc client has quit joining channels again
<mtaylor> what a pile of ass
<mtaylor> zul: I'm guessing because you were the last person to commit to the packaging branch? or that you were the person who edited the changelog last?
<mtaylor> zul: I'd have to look a little further
<zul> mtaylor: ah i was just curious no biggy
<kirkland> mtaylor: you coming?  mvo is here now
<mtaylor> kirkland: I'm unable to join the channel because my irc client got borked (and I have a few tabs that I need data from)
<kirkland> mtaylor: heh
<kirkland> mtaylor: okay, Daviey and i are talking to mvo now
<mtaylor> kirkland: any chance I could be a diva and ask him to come in here for a sec?
<mtaylor> kirkland: or - you can probably handle it
<mtaylor> kirkland: did you see my preseed-related suggestion to Daviey above?
<kirkland> mtaylor: we can handle it, and the irc nazis might get on us for moving a conversation that belongs in ubuntu-devel away from it
<kirkland> mtaylor: <mvo> kirkland: hm, so it does check is sys.stdin.isatty() - in what env do the scripts run?
<phunyguy_work> Hey folks, I am also in the Kubuntu channel, having some issues with the most recent kernel available (I think), Networking is really flaky.  It was suggested I come in here and make a request to see if there is a newer kernel package that is pre-release, and if I can have it.
<yann2> hello! If i want to change the configuration file used by vsftpd, do I need to edit the path directly in the upstart script?
<hggdh> smb: I really cannot repeat it on precise's kernel (bug 790712), and jibel confirms we are not seeing it. How do you want to proceed with it?
<uvirtbot> Launchpad bug 790712 in linux "20110531 i386 server ISO: order 5 allocation failure during install" [High,Confirmed] https://launchpad.net/bugs/790712
<hggdh> smb: close fixed by unknown on precise?
<smb> hggdh, I would tend to close it, either invalid or fix released with a comment. And I am not too hot for trying to find a solution for oneiric, given that for the testing case it is enough to increase memory a bit.
<hggdh> smb: will close it this way, then
<smb> hggdh,  Thanks- This sounds like one of these things that would take much more time to find any fix for than the actual use would be
<hggdh> smb: I agree
<hggdh> smb: precice's task closed fix released, oneiric and natty wontfix
<smb> smb, Ok, sounds good to me. Thanks
<hallyn> stgraber,  lp:~serge-hallyn/ubuntu/precise/lxc/lxc-default-config2 is now rebased on top of precise's lxc, tests fine for me.  (speaking of tests, i guess we should have a little testsuite)
<stgraber> hallyn: ouch, your branch contains quite a lot of changes in .pc, basically destroying all of them and re-creating all of them :)
<hallyn> no, it can't.  I re-did that without killing .pc
<hallyn> maybe i failed on push
<stgraber> hallyn: hmm, "Leave as "false" if you'll use virbr0 or another existing" but USE_LXC_BRIDGE="true" :)
<hallyn> but anyway i was just going to dput, not merge the bzr source, so hopefully the archive will dtrt
<hallyn> stgraber, oops, i did change that after commenting :)
<hallyn> do you think default on is ok?
<hallyn> comment fix pushed
<stgraber> I think it's going to make it easier for quite a lot of users yes. Ideally this should be a mandatory debconf question once the default file is generated using a debconf template
<stgraber> hallyn: should you use dnsmasq's pid file to kill dnsmasq instead of trying to find it in the process list?
<stgraber> *shouldn't
<hallyn> Hm, I suppose.  (I don't trust pidfiles in general, but long as I'm creating it...)
<stgraber> hallyn: also, in 0015-ubuntu-templ-use-updates.patch, policy is to always use security.ubuntu.com for -security IIRC
<Daviey> ahs3 meet hallyn, hallyn meet ahs3 :)
<stgraber> and last comment (I'm done reading the diff :)), shouldn't 'cp debian/lxc.conf debian/lxc/etc/lxc/lxc.conf' be moved to lxc.install?
<hallyn> Daviey, i've asked ahs3 :)
<zul> Daviey: 2.2.2 is tagged so ill just do that
<hallyn> stgraber, maybe;  I probably was thinking it was going to be a rename, that debian/lxc.conf wouldn't bre acceptable
<stgraber> other than these few notes, changes look good
<hallyn> stgraber, I don't like that policy (re security) but ok :)
<hallyn> feh, that means i need another fix to the patch I sent upstream
<stgraber> hallyn: I think the idea was that archive.u.c can be mirrored/overriden/... and so isn't necessarily up to date, security.ubuntu.com should always directly hit the main security mirrors and so should always be up to date
<stgraber> security updates also get copied to archive.u.c (in the -updates pocket) so once your mirror catches up, you can grab it from there without touching security.u.c
<hallyn> ok, still have to fix the dnsmasq one...
<hallyn> then, with thes # of changes, i'd better re-test everything :)
<hallyn> thanks for the feedback
<stgraber> np
<ahs3> hallyn: lemme guess, netcf :)?  today's your day, dude
<hallyn> ahs3, yay!
<medberry> L)
<medberry> :)
<SpamapS> doh!
<SpamapS> I forgot 1600 UTC is now 08:00 for me.
<hallyn> we tried to tell you last week :)
<SpamapS> who did?
<hallyn> but SOMEONE was on holiday
<SpamapS> Tuesday I was most certainly not
<hallyn> hm
<SpamapS> I just missed it because I was *asleep*
<hallyn> well, i'm getting old
<hallyn> i need a nap, and get off my lawn while you're at it
<Daviey> SpamapS: you now have a tonne of bugs :P
<SpamapS> Daviey: as opposed to before, when I only had half a ton of bugs
<Daviey> SpamapS: heh.
<SpamapS> I didn't see minutes from last week's meeting
<Daviey> SpamapS: bug 887410, might want your love.
<uvirtbot> Launchpad bug 887410 in apache2 "plymouth ask-for-passphrase" [Medium,New] https://launchpad.net/bugs/887410
<SpamapS> I noticed that mathiaz's old "generate the minutes" script doesn't work anymore with the new format.
<Daviey> SpamapS: the transsition bugs that were opened last cycle, are you looking to resolve them this cycle
<SpamapS> Daviey: which transition?
<Daviey> SpamapS: the runlevel ones
<Daviey> SpamapS: wow, more than i thought
<Daviey> https://bugs.launchpad.net/ubuntu/+bugs?field.tag=runlevel1 - how importiant are these?
<SpamapS> Daviey: yes my plan is to take care of them all this cycle if possible
<SpamapS> Daviey: 2 or 3 have already been fixed
<SpamapS> They're all quite simple really
<Daviey> SpamapS: Do you want to document how to fix, might be good bitesize bugs for new contributors?
<SpamapS> Daviey: First I want to get the automated boot testing fleshed out
<SpamapS> Daviey: that way if these seemingly bitesized fixes break something we should find out
<jeiworth> hi all
<Daviey> SpamapS: great!
<jeiworth> am struggling a bit configuring ocsinventoy with gpli, i remember back in the day i successfully configured it to periodically scan ip ranges for open ports etc. for machines that do not have the agent running, anyone can give me a hand in this? or, since we are just starting the implementation, alternatives for automatcially inventorizing  and managing are still welocome :)
<pmatulis> jeiworth: what specific problem are you having?
<jeiworth> pmatulis: ok, i have installed ocsinventory and gpli on a 11.10 server using packet manager, the interconnection between the two work fine, also any machine i install the agent on appears shortly after in the ocsinventroy. so far so good, but what i also want is that the agents (or the server) scan the local net to see what ip's have open ports and which ones
<jeiworth> pmatulis: this happens for ip and snmp scans
<jeiworth> pmatulis: or better, they don't happen at all ;)
<pmatulis> jeiworth: well it installs on ubuntu fine.  it sounds like an issue at the app level
<hallyn> stgraber, (sigh :) new version pushed to bzr and tested
<jeiworth> pmatulis: yes, it must be somewhere in the config
<pmatulis> jeiworth: if anyone in this channel is familiar with this s/w then they will speak up but i feel you will get better help in another forum
<jeiworth> pmatulis: thanks, yeah, i am checking google and their own chat but they don't seem too responsive there
<zul> Daviey: still around?
<roaksoax> kirkland: ping
<kirkland> roaksoax: yo!
<roaksoax> kirkland: yo! just upgrade tmux in lucid from your byobu ppa
<roaksoax> kirkland: and got this:
<roaksoax> Setting up tmux (1.5-1~lucid1) ...
<roaksoax> /var/lib/dpkg/info/tmux.postinst: 7: dpkg-maintscript-helper: not found
<kirkland> roaksoax: i think that can be ignored
<kirkland> roaksoax: this is a backport of tmux
<kirkland> roaksoax: let me see what that's doing
<roaksoax> kirkland: yeah it doesn't really fail or anything but just in case :)
<kirkland> roaksoax: yeah, it's benign
<kirkland> if dpkg-maintscript-helper supports rm_conffile; then
<kirkland>     dpkg-maintscript-helper rm_conffile /etc/init.d/tmux-cleanup 1.4-6 -- "$@"
<kirkland> fi
<roaksoax> kirkland: alrighty ;)
<kirkland> roaksoax: i can fix that, if you think that might scare people?
<roaksoax> kirkland: well... it warned me but maybe regular users wont even notice it as it didn;t fail to install or anything
<Daviey> zul: yup
<kirkland> roaksoax: okay, thanks
<kirkland> roaksoax: if there's any more complaints about it, i'll just add a command -v test to it
<zul> Daviey: should we move the css for cobbler to orchestra?
<kirkland> zul: +1
<kirkland> zul: i think that "skin" belongs in orchestra
<kirkland> zul: note that the Canonical Design Team was supposed to help us with that
<Daviey> zul: Yeah, i'm not a fan of patching the upstream theme.  We shouldn't have done that
<zul> Daviey: k ill drop that one
<zul> roaksoax: fyi the arm doesnt apply anymore :(
<hallyn> stgraber, ok i'm going to try pushing (as a test to see if i have the upload perms now)
<stgraber> hallyn: if you don't, just poke me and I'll fix them :)
<bladernr> Hey gang... I have a server hardware question for you... it's been a while since I was on the Hardware OEM side of things, so I'm a bit out of touch with the latest and greatest...  Are there servers being sold with converged devices (NIC/ISCSI) and are there servers being sold with physical 10GbE adapters
<bladernr> I'm curious about what's being shipped on the motherboard, not via PCIe options.
<bladernr> Also, anyone know of servers being sold with onboard FC?
<bladernr> FWIW, I'm working on beefing up hardware testing on servers running Ubuntu Server for the 12.04 cycle and trying to sort out what we currently test and what areas we may be missing.
<kyconquers> can anyone recommend a good stress test library?
<bladernr> kyconquers:  not sure about a library, but there's a tool in universe called 'stress' that seems to do a good job of stress testing systems.
<bladernr> Phoronix also has some usual server benchmark tests that hit things like PostgreSQL, MySQL, Apache, etc.
<patdk-wk> sysbench does a good job
<patdk-wk> bladernr, I don't know of any motherboards with onboard fiber at all
<palt> I'm having a problem with upgrading a postgres cluster from 8,4 to 9.1
<palt> Getting an error that pg_upgradecluster cannot read the encoding
<palt> The encoding for all the databases is UTF-8 so it should be the same for all the databases
<palt> We only have the standard main cluster
<bladernr> patdk-wk:  I don't either, and I was stretching a bit with that one, but I do know that there were boards coming that had converged network devices and onboard 10GbE at least... just don't know how common those are right now
<bladernr> ^^ outside of blades that use different infrastructure
<uvirtbot> bladernr: Error: "^" is not a valid command.
<bladernr> sheesh...
<Dulcin> Where can I find logs of crontab on ubuntu 11.10? And/or -- how do I enable logging?
<patdk-wk> bladernr, there have been servers with onboard nic/iscsi for atleast 6 years, and the 10gig onboard for 3 years
<patdk-wk> in fact, all my servers have onboard nic/iscsi combo
<patdk-wk> and the ones I bought in the last year are all 10gig onboard
<SpamapS> Dulcin: should be in /var/log/syslog
<hallyn> robbiew, hi, do you know why https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-kvm doe snot show up in https://blueprints.launchpad.net/~ubuntu-server/+specs?role=assignee ?
<Dulcin> SpamapS: is it possible to create a seperate log for crontab only?
<patdk-wk> edit /etc/rsyslog.conf
<pmatulis> Dulcin: 'grep -r cron /etc/rsyslog*'
<SpamapS> actually add a file to /etc/rsyslog.d
<SpamapS> #cron.*             /var/log/cron.log
<pmatulis> SpamapS: ;)
<patdk-wk> oh heh, changed on me :)
<robbiew> hallyn: checking
<robbiew> hallyn: needed some switches flipped ;)
<robbiew> done
<hallyn> robbiew, great, thanks
<zul> yay down to 20 cobbler patches
<koolhead17> o.0
<njin> Hello fellows, does ubuntu server use Network-Manager ?
<njin> by default?
<smoser> no
<njin> smoser, thanks
<pmatulis> njin: how could it?  n-m is a graphical tool
<cwillu_at_work> pmatulis, false.
<pmatulis> cwillu_at_work: n-m won't bring in the graphical stuff?
<cwillu_at_work> pmatulis, network-manager just recommends network-manager-{gnome,kde,whatever}
<cwillu_at_work> I use it headless for appliances
<pmatulis> cwillu_at_work: ah ok, so i can install network-manager in a cli environment and that's all that will get installed?
<cwillu_at_work> yep; (noting that apt-get installs recommends by default, but that can be disabled temporarily)
<pmatulis> cwillu_at_work: heh, ok
<Randolph> hi all
<vasosanitario> opa
<vasosanitario> algum brasileiro?
<guntbert> !br | vasosanitario
<ubottu> vasosanitario: Por favor, use #ubuntu-br para ajuda em portuguÃªs. Para entrar no canal por favor faÃ§a "/join #ubuntu-br" sem as aspas. Para a comunidade local portuguÃªsa, use #ubuntu-pt. Obrigado.
<hggdh> now, to have a nick of 'toilet bow' is indeed something
<kyconquers> is there an application or test to tell how long an email server will take per email?
<ikonia> kyconquers: no but you can bench mark it yourself
<kyconquers> ikonia, how?
<ikonia> kyconquers: write a shell script to inject 100 identical emails, then view the logs on the mail server and see how long it takes to process and how long it takes for hte queue to go down
<ikonia> do this on a local lan so that you know your public internet connection is not a problem
<ikonia> then you know the servers capabilities (roughly - you can go as in depth as you want, ram queues, io times etc)
<kyconquers> thank you ikonia
<Dulcin> I notice this error in my cron log: (CRON) DEATH (can't open or create /var/run/crond.pid: Permission denied)
<Dulcin> what is it trying to do and should I change file permissions on that file?
<zul> [ubuntu/precise] cobbler 2.2.2-0ubuntu1 (Accepted)
<zul> eod
<roaksoax> zul: yay!!
<lcb> hi. i installed xfce one one of ubuntu servers i have because i need some minimal graphical interface on it. due to a faulty GPU on that computer i could get to a feasible xfce by going into recovery mode and after selecting "Resume". That seems to me is the best video mode to use. How and where could i make it as default?
<kirkland> jcastro: +1 :-)
<Daviey> zul: nice one
<swharper> when installing a raid configuration (new/blank install) shouldn't I have the RAID build on separate drives from the OS?
<patdk-lap> depends what your attempting to do
<swharper> basically I have 7 1.5TB drives and 1 640GB drive. i had planned on installing the OS on the 640 and build the RAID out of the remaining 1.5TB drives
<patdk-lap> if you only have two disks, oviously the raid will be on the same drives
<patdk-lap> if you have more disks, you still might want the os drives to be raided, for their own protection
<patdk-lap> that is fine
<swharper> but when I try to partition during the install it is freezing at 50%
<patdk-lap> if your os drive dies, you jsut have to rebuild
<swharper> i can tell the RAID is being built because it takes about 24 hours for the lights to stop flashing,but the install still hangs
<patdk-lap> dunno if I would bother attempting to do that at install time
<patdk-lap> I would just install
<patdk-lap> then build the raid later
<swharper> hm
<patdk-lap> I only config stuff at install if it's needed for the os
<patdk-lap> but that is just me
<swharper> is there a good front end for mdadm?
<patdk-lap> mdadm :)
<swharper> haha
<patdk-lap> you want gui? your in the wrong channel
<swharper> im coming from openfiler, which was relatively easy
<swharper> so then basically just pick the 640gb, tell it to automatically partition that drive then deal with the rest of em once the server is up?
<patdk-lap> that is how I do it
<swharper> thanks
<kklimonda> has someone configured "integrated" openldap with kerberos? i.e. kerberos stores it's database in ldap, and ldap uses kerberos for authentication? Is it right that I have to still have to store password for users used by kerberos to access ldap in ldap itself?
<willwh> hi guys, I deployed this: http://majic.rs/book/initd-scripts/running-irssi-on-boot - when I reboot however, no screen/irssi session
<willwh> works fine invoked like, /etc/init.d/irssid start
<willwh> and I ran update-rc.d defaults irssid
<willwh> How do I go about debugging what is failing here? :)
<medberry> willwh, possibly a race. Possibly the network isn't fully up yet. I'd break it down into two parts: see if screen is coming up. If so, then see why irssi is failing.
<medberry> use logs 2> output and if necessary, strace and friends.
<medberry> alternatively just put a sleep in the script and see if that is a shortcut work around.
<willwh> medberry: screen doesn't come up
<medberry> willwh, doesn't screen need a tty?
<savid> Is there an automation-friendly way to enable the "universe" packages in /etc/apt/sources.list?
<swharper> greatâ¦reboot after install and right after verifying DMI pool data - "error:fd0 read error.  error: no such disk."
<yaboo> what software is good to automatically keep up a ssh tunnel
<kklimonda> hmm, are NFSv4 ACLs supported in Ubuntu?
<SpamapS> yaboo: I just use 'keep-one-running' from run-one
<swharper> now im at the grub rescue prompt
<SpamapS> yaboo: its in 11.10 and later
<yaboo> SpamapS, I am using 10.04
<SpamapS> yaboo: then something like  'while true ; do ssh -xzyz foo ; sleep 1 ; done
<yaboo> SpamapS, cool
<mtaylor> SpamapS: there's an ssh config command which will send the keepalives
<mtaylor> TCPKeepAlive yes
<mtaylor> ServerAliveInterval 300
<mtaylor> in your .ssh/config
<yaboo> mtaylor, .ssh/config not /etc/ssh/sshd_config?
<mtaylor> yaboo: it's a client config
<mtaylor> not a server one
<yaboo> mtaylor, can it be /etc/ssh/ssh_config?
<SpamapS> mtaylor: but that won't respawn the tunnel if ssh dies
<mtaylor> correct
<yaboo> would like it to respawn the tunnel
<mtaylor> oh - sorry, I was following your answer wrong
<yaboo> have keys setup for passwordless logins
<m_3> yaboo: http://paste.ubuntu.com/739777/ is a quick and dirty cronjob that worked for me in the past... you might wanna work to make it a bit more robust though
<yaboo> m_3, thanks will look at it then
#ubuntu-server 2011-11-16
<uvirtbot> New bug: #890917 in bacula (main) "bacula won't uninstall" [Undecided,New] https://launchpad.net/bugs/890917
<Roasted> anybody tinker with 11.10 in a Meru wireless network yet?
<kaushal> Hi
<kaushal> Is there a way to implement chroot home directory using sftp in openssh server 4.7 ?
<kaushal> I am on Ubuntu Server 8.04
<jandrusk> Try http://shapeshed.com/journal/chroot_sftp_users_on_ubuntu_intrepid/
<kaushal> jandrusk: the version mentioned is 4.9
<kaushal> openssh-server version is 4.7 in 8.04 LTS
<qman__> correct, that functionality was not available in that version
<qman__> you must use a traditional jail, I've used jailkit in the past
<qman__> caveats being said jail applies to the user in all contexts, not just SFTP, and it requires more effort to set up
<qman__> my suggestion is to upgrade
<qman__> hardy's only got about a year and a half left on it for support as it is
<Roasted> hi
<Roasted> anybody tinker with 11.10 in a Meru wireless network yet?
<twb> +1 for internal-sftp + chroot
<jandrusk> Why not just upgrade to the latest?
<qman__> LTS has its merits to be sure
<qman__> but I would upgrade to lucid
<twb> lucid is lts anyway
<kklimonda> hmm, are server upgrades from 6.06 to 10.04 (or from 8.04 to 12.04) supported?
<qman__> they were, and may still be
<qman__> 6.06 to 8.04 may be tricky but was a supported option
<qman__> 8.04 to 10.04 is supported and 10.04 to 12.04 will be supported
<qman__> if you mean skipping an upgrade, then the answer is no
<qman__> they must be done incrementally
<twb> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade
<twb> kklimonda: there is copious documentation.  If you have read it and still have problems, ask away
<twb> (As qman says, you need to upgrade to each LTS in turn.)
<kklimonda> I don't really have problems :) I was just wondering if skipping LTS is supported (Kubuntu team did support upgrades that skipped releases, I was wondering if maybe server team does that too)
<twb> AFAIK no
<jMyles> I'm trying to get a computer to boot via PXE to my Orchestra Server, but I'm not running DD-WRT and I don't exactly understand the role of the "Static Lease"
<jrwr|offline> a Static lease is where a router gives a machine the same IP everytime via DHCP
<twb> jMyles: do you have access to the dnsmasq.conf ?
<jMyles> twb: I'm using Zentyal, which I think uses dhcp3 instead of dnsmasq
<twb> OK that has an icky format but can be done
<twb> In dnsmasq you jsut say "go use /etc/ethers"
<qman__> also known as a DHCP reservation, in dhcp3 it's defined in a host block
<qman__> like so: http://pastebin.com/11i0wgW2
<twb> I call it "fixed DHCP" to avoid confusion with static (non-DHCP) allocations
<qman__> I call it reservations because that's the microsoft term, and microsoft DHCP was the first time I'd ever heard of or used it
<qman__> and yes, "static DHCP" is very prone to confusion
<qman__> and, unlike most microsoft terms, that one is unambiguous and technically accurate
<twb> I don't know anything about microsoft
<twb> It's fixed like a nail, not like a dog
<jMyles> OK, got around the Zentyal issue.  Now, when we boot via PXE, we are given a list of profiles, but not the 'system' with the image (iso) that we have specified.
<twb> WHich one is zentyal again
<twb> Oh it's one of the webmin/cpanel things
<twb> turnkey ebox distro
<cgkades> It seems that I havent had any updates to my server in a few months. Any idea how to track down if 1) I'm up to date 2) if something is blocking updates?
<twb> cgkades: check if sources.list looks sane, run apt-get update, run apt-get dist-upgrade --dry-run
<jMyles> We can't seem to make orchestra work - if we pick one of the prefab profiles it goes through the kickstart and then hangs.  We don't have an option to boot an image.
<twb> jMyles: dunno about orchestra, sorry.  All my stuff is in-house work that predates it.
<SpamapS> boutil: jMyles using 11.10 ?
<SpamapS> err
<SpamapS> sorry
<SpamapS> jMyles: using 11.10 ?
<twb> cgkades: also check your release (lsb_release -a) and see if it has been end-of-lifed, in which case there are no updates, but you should upgrade to a new release
<jMyles> yep 11.10
<SpamapS> jMyles: hangs on the first boot or still during the installer?
<cgkades> twb: looks like i'm on 9.10 i thought i was on 10.04 LTS
<jMyles> SpamapS: It goes through what looks like the initrd, past DHCP config, and then hangs on the pinkish screen
<twb> SpamapS: why does orchestra use ks instead of preseeding?
<cgkades> twb: thanks for the help
<SpamapS> twb: it doesn't
<SpamapS> twb: but cobbler was built around the word kickstart.. so sometimes kickstart is used as the word. But it is definitely built on pre-seeds.
<twb> Ah, cobbler comes from the FC world?
<SpamapS> Yeah, Cobbler just moved off Fedorahosted onto Github today actually
<SpamapS> jMyles: have to run, but if its hanging during the install, you should see the logs on the cobbler server. If its hanging on first boot, try booting without 'quiet' and with '--verbose' on the grub cmdline
 * SpamapS disappears
<twb> RTFL FTW :P
<jMyles> SpamapS: Where and when during the PXE boot am I supposed to see the images or systems I create in the cobbler gui?
<jMyles> SpamapS: BTW, I am also getting a python AttributeError when I try to create an image: 'NoneType' object has no attribute 'os_version
<twb> jMyles: dunno about orchestra, but normally PXE boot will load the PXE ROM off the local h/w, that will do a DHCP request, it will then do TFTP to fetch $filename (usually pxelinux.0) from the TFTP server (defaults same as DHCP server).
<jMyles> twb: That part seems to be working in this case.
<twb> Once pxelinux.0 takes over it usually tries to fetch a MAC- or IP-specific .cfg file, falling back to pxelinux.cfg/default.  THAT then usually tells it to load some more config files, a menu.c32 or similar, etc, allowing the user to pick a boot option
<twb> Once they do, pxelinux.0 THEN will pull down (still over TFTP) a kernel and ramdisk, and these are loaded.
<twb> They then will follow their coding and boot: options to find and pull down everything else, usually preseed.txt or so coming down either via TFTP (very new) or HTTP/FTP/NFS (traditional)
<twb> Oh, during that last pull down there will be a second DHCP request, which a clever DHCP server might serve something different for
<patdk-lap> gpxe is nice, downloads and configs over http
<patdk-lap> but I just can't get the damned thing to fit in under a 64k rom
<patdk-lap> atleast not with iscsi support, haven't attempted it without iscsi
<twb> Eh, TFTP is a better protocol for the job
<patdk-lap> that depends
<patdk-lap> tftp has no authenication or protection
<twb> I admit the setup is a pain if you don't already have a TFTPd and you DO have an HTTPd
<patdk-lap> and I dunno any tftp that allow scripts to change the returned files
<patdk-lap> but my goal was to add iscsi netboot, to systems that didn't have iscsi nic
<twb> You mean like CGI instead of static HTTP?
<patdk-lap> yep
<twb> IMO if you're getting fancy like that (or auth) then OK, http
<twb> But I think it's a bit silly to be serving secrets during the boot process...
<patdk-lap> I think some things also get odd, and do http range requests for boot also, not sure though
<twb> static serving, put the smarts inside the pxelinux.0 (or equivalent) chainloader, no secrets so no auth needed
<patdk-lap> not sure of the idea there is
<patdk-lap> unless it's just to keep unautherized people off that network
<twb> fuse curlftpfs is pretty cute for mounting the sq over HTTP (using range requests), but I think I'll stick to nfs/nbd/aoe :-)
<patdk-lap> secrets burned into rom, with https
<twb> patdk-lap: if you want to keep unauthorized people off the net then bloody well lock it down properly (physical layer, etc), not in the bootloader :-/
<patdk-lap> twb, hard to do that in a classroom
<twb> Oh is this one of those stupid things where lecturers want to make sure people who are studying other classes shouldn't get access to their teaching materials
<patdk-lap> doubt that
<patdk-lap> more of a thing of ignoring random things that shouldn't be on the network I guess
<patdk-lap> just seen people doing it
<twb> If students have physical access, they can bring in their own gear unless you lock it down in the switch with MAC whitelisting &c
<patdk-lap> never really played with why, myself
<twb> I mean, what's the attack vector that they're trying to close
<patdk-lap> no clue
<qman__> IME it's more incompetence or resources limiting things
<qman__> my university had the problem every time the linux 101 course hit DHCP they'd bring the whole LAN down
<twb> qman__: certainly IME teaching staff are clueless about tech :-/
<qman__> because they were either too dumb or too cheap to put a router in that room
<twb> qman__: haha, and STP
<twb> qman__: I have several stupid customers that have STP-less SXs, and regularly they will plug the SX into itself
<twb> <bam> no more net
<qman__> yeah
<patdk-lap> I really should bother with stp more
<twb> patdk-lap: like, at all? ;-P
<patdk-lap> my switchs will heal themselfs
<patdk-lap> but they bring things up and down for a few min before it settles down
<twb> you probably paid extra for name-brand switches
<twb> And not a name like "Hong's Lucky Dragon genuine IOS-compatibule"
<patdk-lap> all my cisco switchs died a quick death
<twb> So what, procurve?
<patdk-lap> never liked hp
<patdk-lap> atleast switchs
<patdk-lap> normally go with the netgear l3 switchs
<patdk-lap> only have had the poe models of those ever fail me
<twb> netgear's just cisco these days
<patdk-lap> no
<patdk-lap> that is linksys
<twb> Oh, sorry
<twb> Brain fart
<patdk-lap> and I would never call linksys switchs cisco
<patdk-lap> if it doesn't run ios it's not cisco
<patdk-lap> I think all catos is dead these days
<patdk-lap> I do use cisco switchs in the hp blade systems
<patdk-lap> only cause I don't trust the hp switchs at all
<patdk-lap> man, long past sleep time
<T3CHKOMMIE> hey guys, im trying to set up some special hard drive mirroring stuff. I am trying to get hardive to mirror with an external hardrive, and idea how to set up this type of RAID 1?
<twb> T3CHKOMMIE: don't do that
<T3CHKOMMIE> twb, its an experiment for an OS I am testing.
<twb> T3CHKOMMIE: USB HDD enclosures are flaky enough that you'll be dumped into degraded mode regularly
<twb> degraded mode = won't boot without a human holding its hand
<T3CHKOMMIE> its not a boot drive. ive got that on another exter device. its just a simple partition im trying to key "synced" with the orignal on the pc.
<twb> ASIDE from that caveat, you should be able to simply tell mdadm to use /dev/sda and /dev/sdb, where they are the internal and external drivers respectively.
<twb> If you're just trying to keep *files* synced, use rsync, not RAID
<T3CHKOMMIE> is rsyn instantanious?
<twb> (Come to think of it, the slow speed of USB2 would kill you're I/O to the main disk as well, even with write-behind enabled.)
<twb> T3CHKOMMIE: no, rsync is a batch process
<twb> !rsnapshot
<twb> Stupid bot
<T3CHKOMMIE> ya im trying to get instantanious syncing. :(
<twb> T3CHKOMMIE: you aren't gonna get what you want
<twb> T3CHKOMMIE: not without some crippling tradeoffs wrt. speed and robustness, anyway
<T3CHKOMMIE> well then, looks like im back to programming this shit by hand.
<twb> http://rsnapshot.org/ <-- I recommend this
<twb> T3CHKOMMIE: if you're programming, then is this for a database or something?
<T3CHKOMMIE> its a data structure I am designing. and I am trying to get it off the ground. I am using a combination of a few hard drives, jump drives and NILFS to get a web server set up that can go down, come back online with only a few seconds of down time and almost no data loss.
<T3CHKOMMIE> so far i got it all working. i am just trying to get my internal media to be 100% cloned to my external media with in a minute of write.
<T3CHKOMMIE> i was thinking if i did a softRAID ( i know its clunky and risky) i would have exactly two bit for bit copies one one internal drive and one external that i could then move to hardware that is working and have no down time for my site.
<T3CHKOMMIE> I am almost 100% possitive im going to meet my goal. I just need to figure out how to keep my /dev/sdb1 and /dev/sdc1 identical... RAID1 seemed to be the obvious choise.
<twb> That sounds like EC2's job
<T3CHKOMMIE> EC2?
<twb> "der cloud"
<twb> Rapid provisioning, high availability, etc.
<T3CHKOMMIE> ya, its just something for my small site... i cant afford cloud space :(
<Sensiva> Hello, I upgraded a xen vps jaunty server to karmic using alternate CD method, and now the server opens the maintenance shell opens, and it doesn't continue to boot. Any ideas what to do?
<SpamapS> Sensiva: no reason given, just right into the maintenance shell?
<Sensiva> SpamapS http://pastebin.com/fRfxE43N
<SpamapS> Sensiva: ahh, looks like / needs an fsck..
<Sensiva> I did
<SpamapS> Sensiva: it turns up clean then?
<Sensiva> now aptitude tells that upstart is broken (unmet dependencies)
<Sensiva> SpamapS yes
<SpamapS> Not sure I ever really trust aptitude. ;)
<SpamapS> still, so after an fsck, you were able to boot.. but then something else was broken?
<Sensiva> I got the maintenance shell after upgrade reboot, tried fsck then reboot. no luck
<SpamapS> Sensiva: sorry to give you any false hope.. Its about time I went to bed. :p
<Sensiva> :D
<SpamapS> Sensiva: maybe try mounting the root fs next tho
<Sensiva> it's mounted read only
<args[0]> g #macosx
<koolhead17> hi all
<koolhead17> hola Daviey
<Syria> Hello, I have installed phpmyadmin, mysql-server, apache and php5 on my server, how can I know what is the data base host address? it has to be the same ip address of the server right?
<ersi> By default, it's configured to listen to all interfaces if I'm not mistaken. So any address the server has, it'll respond on port 3306
<ersi> But you can't log on remotely, unless you first configure users/hosts
<Syria> ersi:  I am trying to install wordpress remotly from another computer on the same LAN and this is the IP of the server and I connect to phpmyadmin using it 192.168.10.35 but when I type it as data base host it doesn't work! username and password are correct.
<ersi> Yeah, for the same reason I stated above :)
<ersi> you need to command line hax this boat up the creek first
<Syria> ersi: How can I do that please?
<ersi> Syria: That's a part of administrating a MySQL database. I'd recommend looking at: http://dev.mysql.com/doc/refman/5.1/en/adding-users.html
<ersi> specifically the GRANT statement
<Syria> ersi:  Thank you.
<Syria> ersi:  I have done this on a my VPS before and I didn't face such probelms. May I know why did this happen please?
<ersi> you probably followed a guide which told you do issue some GRANT statement :)
<ersi> Or you had PHPMyAdmin on localhost, and logged on as root
<ersi> as in on the VPS
<Syria> I know nothing about coding and that grant thing scared me a lot. http://dev.mysql.com/doc/refman/5.1/en/grant.html
<Syria> ersi: On my VPS I was installing wordpress from my GUI browser firefox.
<KaZeR_W> hi there
<KaZeR_W> i'm still having some issues with preseed. i just installed a server using this network preseed : http://pastie.org/2871469 and after installation the host is using dhcp. what's wrong?
<Syria> ersi: I have created a new user and the problem is solved.. thank you :)
<ersi> Syria: Awesome :-)
<lynxman> morning o/
<uvirtbot> New bug: #891071 in puppet (main) "puppet lucid backport doesn't support upstart" [Undecided,New] https://launchpad.net/bugs/891071
<KaZeR_W> for the life of me, i can't understand how to preseed a server using static ip settings. it's always using dhcp in the end
<uvirtbot> New bug: #891085 in postfix (main) "package postfix 2.8.5-2~build0.11.04 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 75" [Undecided,New] https://launchpad.net/bugs/891085
<jehoshua02> htaccess mod_rewrite is kicking my trash today. I have a fresh Ubuntu LAMP server. How do I get rewrite to work?
<xranby> jehoshua02: 1. update the config to first enable the module then add the rewrite  and 2. restart the server
<jehoshua02> xranby: https://help.ubuntu.com/community/ApacheMySQLPHP#Edit_Apache_Configuration
<jehoshua02> ^???
<uvirtbot> jehoshua02: Error: "???" is not a valid command.
<jehoshua02> This one right? /etc/apache2/apache2.conf
<jehoshua02> I'm unfamiliar with the layout of apache2 config files.
<jehoshua02> thanks.
<xranby> jehoshua02: http://httpd.apache.org/docs/current/mod/mod_rewrite.html
<xranby> jehoshua02: can you paste what your rewrite rules look like?
<jehoshua02> I need to enable the mod first.
<jehoshua02> If I have problems with the rules I'll let you know.
<xranby> jehoshua02: to enable the mod add   RewriteEngine on
<jehoshua02> xranby: sudo a2enmod rewrite
<jehoshua02> hmm...
<jehoshua02> looks like that just creates a symlink in /etc/apache2/mods-enabled/, which is what I tried already.
<jehoshua02> k, so there must be something else.
<xranby> jehoshua02: yes you need to update the configuration files
<jehoshua02> xranby: I think it's AllowOverride in the site default
<xranby> jehoshua02: than you can create a .htaccess  file with the rest of the configuration in the webservers www folder
<xranby> this file needs to contains three lines
<xranby> 1.  RewriteEngine On
<xranby> 2. RewriteBase   /xyz
<xranby> 3. RewriteRule   ^oldstuff\.html$  newstuff.html
<xranby> jehoshua02: have you restarted the apache server using apache2ctl restart ?
<jehoshua02> yep
<jehoshua02> hmm... still not working.
<xranby> jehoshua02: double check that       AllowOverride All
<xranby> jehoshua02: can you paste what your rewrite rules looks like?
<jehoshua02>   1 Options +FollowSymLinks
<jehoshua02>   2 RewriteEngine On
<jehoshua02>   3 RewriteBase /
<jehoshua02>   4 RewriteCond %{REQUEST_FILENAME} !-f
<jehoshua02>   5 RewriteCond %{REQUEST_FILENAME} !-d
<jehoshua02>   6 RewriteRule ^(.*) index.php/$1
<xranby> if you have the 1-6 numbers in the config file then remove the numbers
<jehoshua02> xranby: the numbers are only part of vim configuration.
<jehoshua02> xranby: any other ideas?
<xranby> jehoshua02: pasye any error mesasge you recive
<xranby> and check your access log
<jehoshua02> 403 forbidden
<xranby> can the webserver access the folder?
<jehoshua02> /var/www/
<jehoshua02> yes.
<jehoshua02> inside that folder theres the .htaccess, index.php, and media/
<jehoshua02> index.php and media/ are symlinks.
<xranby> jehoshua02: tro figure out why you get a 403 forbidden.. it are totally unrelated to the rewrite rules
<jehoshua02> xranby: I know. Never said they were.
<jehoshua02> ah, I mentioned htaccess at the start. sorry.
<spoonbow> Good morning
 * spoonbow slaps spoonbow around a bit with a large trout
<atomms> hi! i've got a cron that properly uses sendmail to send mails but when i use a php webform to send mails they go nowhere, is php using also sendmail for delivery?
<atomms> #debian +l 1177
<atomms> Mode #debian +l 1177 by debhelper
<Guest9461> hi there
<Guest9461> I am trying to rdesktop via a ubuntu server but i'm not getting a connection, I'm connecting to a VM via headless mode, the only thing i've changed on the host was the hostname, would this cause the rdesktop to error? I am still trying to connect via the IP
<jehoshua02> Guest9461: Just curious, is this a VirtualBox server? I have one setup. I had to make sure Guest Additions were properly installed to get rdp and other features working.
<Guest9461> it's a ubuntu server and virtualbox is installed onto it
<Guest9461> I then ssh into the server and launch VBoxHeadless
<Guest9461> and then rdesktop into the server
<jehoshua02> Guest9461: Cool. I have the same thing. I use PHPVirtualBox installed on my laptop to connect to the server though.
<Guest9461> oh?
<jehoshua02> PHPVirtualBox has a flash component that does the rdp.
<Guest9461> nice? and what are the benefits to that?
<jehoshua02> Web-based management of VBox VMs.
<jehoshua02> Instead of having to remember all the command lines for Vboxmanage
<Guest9461> eitherway, I just changed the hostname of the server, and the damn rdesktop command is no longer working, and I can't find out why
<Guest9461> Oh, that's nice...
<jehoshua02> Guest9461: It's possible.
<Guest9461> I just read it all up and setup the one box as it's a free (kinda) way of using windows on my server
<Guest9461> hmmmm yea, wish I never did... silly move really...
<jehoshua02> Here's the steps I followed to setup everything, including PHPVirtualBox: http://www.grokensteins.org/2011/11/ubuntu-1004-lts-virtualbox-412.html
<jehoshua02> Guest9461: But about your host name problem...
 * jehoshua02 thinking
<jehoshua02> Guest9461: Can you connect to the server via IP instead of hostname?
<Guest9461> nope, always used the IP
<Guest9461> i can ssh in fine via the terminal
<Guest9461> and even run the virtual machine via headless mode
<jehoshua02> Guest9461: then I don't see why changing the host name would break anything.
<Guest9461> VBoxHeadless -s NAMEOFMACHINE
<Guest9461> but rdesktop isn't connecting into it...
<Guest9461> it's not a firewall, as i've checked and also checked on different connections
<jehoshua02> Guest9461: you were able to rdp before correct?
<Guest9461> i've just done a sudo apt-get dist-upgrade and am updating virtualbox to see if that makes a difference
<Guest9461> yes always
<ersi> Guest9461: Have you installed the extras? You need to have those to get VRDP
<ersi> The regular package doesn't have the extras with them
<ersi> VRDP == extra
<jehoshua02> Guest9461: yep, maybe try reinstalling Guest Additions.
<Guest9461> yes the extras were always installed as I was rdesktop'ing into it fine earlier
<Guest9461> okay brb
<Guest9461> but I know the extras are installed
<ersi> Have you upgraded virtualbox? In that case, reinstall the Extpack
<jehoshua02> Guest9461: ah, yes, right, there's guest additions, and there's the extras. Perhaps you'll need to reinstall one/both.
<ersi> I had this trouble when going from 3.X to 4.X
<Guest9461> as the VBoxHeadless -s NAME command is bringing up "listening on 3389"
<ersi> Yeah, but it doesn't bind to it right? If you netstat
<Guest9461> so it's listening, just not connecting....
<ersi> I was quite confused when that happened as well
<Guest9461> it's odd as I was in it earlier today, and I just decided to change the server hostname, and that's it, so the only thing I could have thought of
<ersi> Hm.
<Guest9461> unless the crappy XP vdi broke?
<Guest9461> it's an XP vm
<ersi> unlikely, you should atleast get a blackscreen RDP in that case I think
<Guest9461> I just get denied
<ersi> I'd try #vbox on freenode, those guys kick ass at debugging VBox
<Guest9461> i've tried rdesktop via linux 2 machines and also via windows 7 on another machine
<ersi> but I'd still recommend doing an extpack clean and reinstall
<Guest9461> okay np i'll reinstall right now see if I can sort it and then if not i'll head there
<Guest9461> thanks
<Guest9461> also I did learn more jehoshua02 introduced me (just) to PHPvirtualbox
<ersi> Yeah, I'm checking it out as well - it seems sweet. It's grown a lot more since last time I checked it out
<jehoshua02> Guest9461, ersi: it's figgin sweet. Incredible work.
<jehoshua02> Guest9461: I run PHPVirtualBox in WAMP on my laptop.
<Guest9461> i guess it's all getting more popular, I was thinking at the time I learned this I was one of the few people in the world crazy enough to do it all this way... guess it's clearly not the case lol
<jehoshua02> Guest9461: Actually, I think that us crazy people just know how to find eachother.
<jehoshua02> IRC!!!!!
<Guest9461> lol :)
<Guest9461> well... xchat for me ;) lol
<ersi> It's still using the IRC protocol ;)
<Guest9461> yea I knew i'd get that as soon as i hit enter... i was always memorised from an early age by the MIRC logo and the smiley lol
<ersi> yeah, I figured :)
<jehoshua02> I hate smileys :)
<zul> good morning
<elz89> !ask | zul
<ubottu> zul: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Daviey> elz89: Did i miss where zul asked to ask a question?
<ersi> Daviey: Yes, you and me both, buddy.
<elz89> Daviey: I thought he may have said 'good morning'to check if anyone was around?
<ersi> zul: g'day! :)
<Daviey> elz89: ah, no - This is zul's office, he walked in and said Hi.  He is a respected member of the ubuntu server team :)
<zul> i dunno about respected :)
<Daviey> hah
<elz89> Ahh sorry I am relatively new, zul, my appologies.
<elz89> And I have just come from spending some time watching over #ubuntu and trying to help people. You know how heated it gets over there. lol.
<ersi> Yeah, hehe
<Daviey> elz89: Welcome!@
<elz89> Daviey: what is that?
<Daviey> a 'welcome' with a typo before i pressed enter.
<elz89> Daviey: thank you, I am not going to be very valued, as I am still a pup. I have been into linux for a couple of years now. I run my own homebrew stuff, and I have just finished converting my Mum, Step Dad, Little bro and Little sisters computers to Ubuntu, (sis runs Lubuntu - crap PC), then they have a ubuntu server there backup up, media server, dhcp, dns, ntp etc... still playing around and trying to learn and servers.
<hallyn> Daviey, hey, last night i did the syslog-ng merge request just bc i didn't have perms to push it to the archive myself.  if i prefer i can sling you a debdiff (though it'll be huge, since its an upstream merge)  it tests fine.
<elz89> I have no idea why I just told you that but I guess I wanted you to get I feel fior what I am doing right now.
<pmatulis> elz89: thank you for exposing yourself.  let us know if you are interested in helping the ubuntu server community
<ersi> elz89: Welcome :-) I've had something similar poppin' before
<elz89> pmatulis: I am very interested, been looking into some documentation I would like to upgrade a little. I don't know where to start really, so I just try to help on IRC, and just set things up and tests things out. I also do some objective-c stuff in xcode, love iOS :-P
<elz89> I am trying to get everyone I can onto Ubuntu and it is working! :-)
<elz89> My mum says that she is making huge savings in electric alone, now that the whole house in running this great OS.
<pmatulis> elz89: let me know if you want to help out with the ubuntu server guide, i'm looking for technical reviewers
<elz89> pmatulis: you are on ;-)
<elz89> feel free to PM.
<Daviey> hallyn: debian -> ubuntu debdiff might be easier.
<hallyn> sure.  or a udd merge request :)  do you want the debdiff?
<hallyn> grr.  ctrl-w in xchat
<hallyn> Daviey, lemme know what you want :)  I can send you a tarball of the .dsc/etc like i used to too, but i *know* you hate that :)
<Daviey> hallyn: debdiff works for me.. I'm sure it'll be great.. I prefer UDD, if i'm likely going to ask for changes.. But this will be a perfect debdiff, right? :)
<hallyn> Daviey, of course :)
<hallyn> apart from two weirdness i had to change, it's almost a sync
<hallyn> ok, i'll post a debidff, biam
<hallyn> Daviey, http://people.canonical.com/~serge/syslog-merge-3.3.1.debdiff
<Daviey> hallyn: assume that is because systemd isn't in main?
<hallyn> that package doesn't exist in precise
<hallyn> my testing, fwiw, consisted of forwarding syslog msgs from one canonistack instance to another
<Daviey> hallyn: That is Great to hear!
<Daviey> hallyn: you know it will build-dep wait on, libevtlog-dev ?
<Daviey> (it's universe)
<Daviey> hallyn: If you believe it to be required, i'll upload.. but can you raise and follow up on a MIR?
<Daviey> If it doesn't add benefit, can we drop it as a build-dep?
<hallyn> Daviey, thanks, no i didn't notice that.  I don't know what it is or if we need it, will get back to you
<hallyn> Daviey, well the changelog entry was:    * Build-Depend on libevtlog-dev (>= 0.2.12-5~) for correct shlibs.
<hallyn> grr
<hallyn> I'm afraid it may need to be MIRd
<lynxman> Daviey: I'm checking the mcollective debdiff descriptions and they're right I reckon http://paste.ubuntu.com/740266/
<hallyn> Daviey, no, syslog-ng is in universe
<Daviey> lynxman: Did "Description: build server orchestration or parallel job execution systems" come from Ubuntu or Debian?
<Daviey> hallyn: you are kidding me?
<hallyn> nope :)  i guess rsyslog is out default?
<hallyn> maybe we should MIR syslog-ng
<Daviey> hallyn: quite right, my bad - sorry.
<hallyn> Daviey, is that something lintian would have warned about otherwise, or not?
<hallyn> (cause it did come up empty)
<Daviey> hallyn: sadly, not.
<hallyn> good to know
<hallyn> somethign ineed to be more careful about in the future (bc it didn't occur to me)
<hallyn> thanks
<Daviey> hallyn: Good, o - Uploading, looks perfect and builds here!
<hallyn> Daviey, and on a related note, the libvirt i was wanting to upload now build-depends on libnuma (popular user request), but that is in universe
<hallyn> GAH
<zul> hallyn: have you figured out the gnome-keyring stuff?
<Daviey> hallyn: really popular?
<hallyn> zul, i opened a bug on it, yes
<hallyn> Daviey, not sure.  but the guy who last wanted it wanted it so bad he went and fixed it through debian
<Daviey> hallyn: I wonder what people are using it for.
<hallyn> dunno, but they'll be turning into rabid anti-ubuntu pro-debian fans soon
<lynxman> Daviey: From debian
<hallyn> zul, bug 888119
<uvirtbot> Launchpad bug 888119 in juju "fixes for new error interface" [Undecided,In progress] https://launchpad.net/bugs/888119
<lynxman> Daviey: if you don't fancy it we can change it as well, but I find it an unnecessary point of delta
<Daviey> lynxman: aaaaahhhh... sorry, i thought that was our strings
<hallyn> no that's not it
<lynxman> Daviey: no no :)
<Daviey> lynxman: agreed, as close to possible as debian as possible on this. :)
<hallyn> heh.  zul: bug 888199
<uvirtbot> Launchpad bug 888199 in p11-kit "spurious warning about gnome-keyring-pkcs11.so" [Undecided,New] https://launchpad.net/bugs/888199
<zul> hallyn: i would be concenered :)
<lynxman> Daviey: so if everyone agrees on the activemq switch I think this one is golden by now :)
<hallyn> zul, opinion on libnuma?
<zul> hallyn: do it
<hallyn> MIR it?
<Daviey> lynxman: lets upload that baby.
<lynxman> Daviey: \o/
<hallyn> feh. there are already 10 MIRs to do for $(*&%(*$&% spice
<hallyn> zul, 'do it' meant MIR libnuma?
<zul> hallyn: yeah i dont see the problem with it, if people want it then why not
<hallyn> zul, ok.  for this first merge though i guess i have to turn it off
<hallyn> (merge is otherwise ready, wiating to build in ppa and on some more testing)
 * hallyn back in an hour
<hallyn> AHA!
<hallyn> ahs3, you uploaded numactl;  would you have any concerns about MIRing it?
<KaZeR_W> anyone here familiar with preseeding? i'm having issues with the network config. it always uses dhcp, whatver i do
<ahs3> hallyn: hrm, that was in a previous life :).  no, i think it would be fine; the maintainer is pretty active and it seems like reasonably stable code.
<hallyn> ahs3, ok, cool, thx.  (now, really, bakc in an hour :)
<koolhead17> bwahhhhh  internet connection
<robbiew> rbasak: hey, if you need additional pandaboards, I suggest getting smoser and/or roaksoax to send you theirs....as the boards are insanely backordered right now
<smoser> i can send one to rbasak. i haven't used mine. i dont *want* to give it up, but i think it makes sense.
<rbasak> great, thanks!
<rbasak> I'm not sure what I'll be doing with them yet, but I guess I'll need them for juju testing!
<elz89> How can I attach more than one client to a 'screen' ? I run irssi on a server, and I want to be able to mimic both sessions through my tv, and my netbook in kitchin, as I move around my flat. Sad I know, but just always wanted to know how it could be done?
<andol> elz89: screen -x
<elz89> andol: so I need to relaunch this because at the moment I do 'screen -S irssi && irssi'
<elz89> So I need 'screen -x -S irssi && irssi' ?
<elz89> then I can ssh from tv and netbook, and 'screen -r irssi' on both clients?
<elz89> infact I should just 'man screen' and have a better look shouldn't I? lol
<elz89> andol: will they mimic eachother, or should I pi** off and have a play?
<andol> elz89: screen -x replaces screen -r
<andol> elz89: Of course, if you don't need to open at different places at the same time you can just do a combined detached and open; screen -dr
<elz89> andol: I would like to attach to ssh'd clients to the same 'screen'
<greppy> elz89: the answer you seek should be in the man page.
<elz89> greppy: yeah sorry having a lazy moment, I guess it was because its really important. I was feeling lonely :-P
<elz89> "Attach to a not detached screen session." should say "Attach to a currently attached screen session." maybe? lol
<elz89> does anyone argee with me that if it was written that way, it would make more sense?
<uvirtbot> New bug: #891204 in libvirt (main) "Essential configuration in /etc/libvirt/qemu.conf commented out" [Undecided,New] https://launchpad.net/bugs/891204
<elz89> At the bottom of 'man screen' it says "A weird imagination is most useful to gain full advantage of all the features."
<hallyn> Daviey, syslog-ng, the .xz suffix is the only problem, right?  is that an ubuntu archive-specific thing?
<uvirtbot> New bug: #891227 in nova (main) "nova.conf force_dhcp_release doesn't take any parameter" [Undecided,New] https://launchpad.net/bugs/891227
<hallyn> Daviey, (separately) filed bug 891232
<uvirtbot> Launchpad bug 891232 in numactl "[MIR] numactl" [Undecided,New] https://launchpad.net/bugs/891232
<uvirtbot> New bug: #891229 in nova (main) "nova-manage_flagfile_location.patch identation error" [Undecided,New] https://launchpad.net/bugs/891229
<m_3> SpamapS: could VoltDB packages be put in universe?  I think they're GPL3
<Daviey> hallyn: *sigh* i assumed Launchpad now had that support.
<m_3> https://wiki.ubuntu.com/MOTU is a dead link
<hallyn> Daviey, well it complains about the dpkg version or something
<hallyn> Daviey, upload fails says INFO 	Require Pre-Depends: dpkg (>= 1.15.6) when using xz compression.
<hallyn> (it's too bad it requires further delta against debian, but...)
<hallyn> Daviey, do you want to add that in-line, or do you want a new debdiff?
<Daviey> hallyn: I think Launchpad needs a newer dpkg version before we can use the native package
<Daviey> I think it needs a re-pack of the orig tarball for now.
<Daviey> *sigh*
<hallyn> Daviey, are you sure a 'pre-depends' wont' work?
<Daviey> hallyn: No, i'm not certain.. can i suggest uploading to a PPA to see what happens?
<hallyn> ok
<hallyn> (not convinced the ppa will fail/succeed the same way though)
<hallyn> can i put pre-depends on the source pkg?
<hallyn> no wait that doesn't even make sense.  Pre-depends is about before the binary package is installed
<hallyn> yowza, crashed xchat.  i think it's time to switch
<hallyn> Daviey, is there any downside to just repacking?
<hallyn> i had been working with the result of 'bzr bd -S -- -sa -vxyz' and it had jsut created the .orig.tar.gz for me
<philipballew_> would it be possible to set up a vpn server remotely?
<SpamapS> m_3: haven't looked at VoltDB
<SpamapS> m_3: does look like that would work though
<m_3> SpamapS: helping them own the volt charms (from hadoopworld)... they were asking about packaging too
<Daviey> hallyn: no downside, just more work.
<hallyn> I can toss you the built package ify ou prefer.  (otherwise, just take my bzr tree and bzr bd -S it)
<uvirtbot> New bug: #891252 in euca2ools "--config option is not honored" [Undecided,New] https://launchpad.net/bugs/891252
<Daviey> hallyn: I'm going for a lunch shortly... but will pick it up after?
<koolhead17> * honored
<hallyn> Daviey, ok
<SpamapS> m_3: yeah, the best path to the distro is really to setup a PPA and then ask for a review of the packages inside it. :)
<m_3> ah, gotcha
<m_3> SpamapS: perhaps the "VoltDB Charmers" team ppa?
<hallyn> Daviey: you can either grab the bzr tree and build, or grab http://people.canonical.com/~serge/syslog-ng-merge-3.3.1.tar.gz
<SpamapS> m_3: heh that would be cool
<elz89> andol: greppy: quick question, any way to get round the fact I have different physical sized screens when using the 'screen -x' method?
<SpamapS> zul: btw, thanks for uploading 2.2.2 with my patches! :-D
<zul> SpamapS:  no problem all in a days work
<SpamapS> Probably need to SRU some of those
<zul> SpamapS: i thought they made it into security
<SpamapS> zul: oh maybe they did
<Daviey> not as yet, afaik
<Daviey> rbasak's branch is based on SpamapS.. SpamapS would you might verifying you are happy, and we can ask for sponsorship.
<Daviey> s/might/mind
<zul> launchpad says no
<zul> i dont think SpamapS needs sponsorship anymore :)
<Daviey> zul: I think he does to -security :)
<zul> Daviey: ah the security team got their own ways of doing things
<Daviey> yas.
<robo> hello: I'm getting this error. W: GPG error: http://downloads-distro.mongodb.org dist Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9ECBEC467F0CEB10
<robo> I'm trying to install mongodb and from their page http://www.mongodb.org/display/DOCS/Ubuntu+and+Debian+packages#UbuntuandDebianpackages-gpgkey it says to do sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 -- but that fails
<robo> so I get that it needs the public key... but any ideas how i can get the public key and manually install it?
<robo> or maybe even tell ubuntu to not worry about this particular repo
<Resistance> robo:  the Key exists in the system.
<Resistance> When you do sudo apt-key... what do you get?
<Resistance> s/system/keyserver/
<robo> Resistance, i get an error that it couldn't find it
<robo> sec, i'll pastepot
<robo> oh, that worked from my laptop but not from the server...
<robo> firewall
 * Daviey ponders offering avahi publication service for cobbler
<robo> Resistance, I take it that apt-key doesn't use port 80. I get this error from the server: gpgkeys: HTTP fetch error 7: couldn't connect to host
<Resistance> nope it doesnt
<Resistance> at least not afaik
 * Resistance runs some checks
<robo> okay, so i can simply grab the key then import it using apt-key from a file
<robo> so on my workstation i imported the key. Is there a way to dump that key into a file? This way I can import it on the server?
<robo> Or is there a better way to do this?
<Resistance> the better way is to use apt-key :/
<Resistance> and yes, i read your previous statement :P
<savid> I know there's a way to set the default editor system-wide using update-alternatives,  but is there a way to do this per-user?
<robo> savid, the EDITOR environment variable?
<savid> robo,  yeah that's what I thought of doing,  but apparently visudo doesn't respect that variable
<patdk-wk> normally it's EDITOR or VISUAL
<patdk-wk> I used to always set both
<roaksoax> kirkland: ping
<kirkland> roaksoax: yo!
<roaksoax> kirkland: yo! so I was testing the autoreloding thingy for powernapd and it works like a charm
<roaksoax> kirkland: but that's only for the "general" config
<roaksoax> kirkland: do you think it should also be for the monitors?
<kirkland> roaksoax: yeah, i think so
<kirkland> roaksoax: but again, this is going to be *very* expensive
<roaksoax> kirkland: kirkland yeah, but since it is checking the time of modifucation of the config file is not that expensive anymore
<robo> Resistance, any suggestions on what i can do?
<kirkland> roaksoax: hmm, yeah
<roaksoax> kirkland: though for now I'll just leave the general configuration autoreloading and look into the monitors later
<Resistance> robo:  perhaps temporarily deactivate the firewall while you get the key?
<robo> Resistance, yeah, that's not going to happen :-)
<Resistance> although that restrictive of a firewall not allowing you outbound is pretty harsh
<Resistance> robo:  then i got nothing.  there's pretty much no *easy* way other than using apt-key... *shurgs*
 * Resistance has a meeting he has to get to anywayws
<robo> we have proxy servers that allow port 80. Apparently apt-key doesn't use port 80 or it doesn't respect Acquire::http::Proxy
<kirkland> roaksoax: cool
<robo> okay, ty for your time Resistance
<savid> I set EDITOR=/usr/bin/vi and VISUAL=$EDITOR,   visudo doesn't seem to use it though.  oh well.
<roaksoax> kirkland: now, for integrating bryce's modules/services, I was thinking on 1. either writing a new binary that disables services/modules or 2. script under /etc/pm/power.d. What do you think?
<robo> savid, it's probably something with sudo, not visudo
 * Resistance hates systems redesign meetingns
<Resistance> namely cause i have to implement the design changes >.>
<Resistance> </off>
<robo> enjoy
<kirkland> roaksoax: cool
<kirkland> roaksoax: i thought we have a script that enables/disables services/modules?
<roaksoax> kirkland: yeah bryce's script. though it needs adaptation to support pm-powersave approach if we place it on /etc/pm/power.d
<kirkland> roaksoax: right
<kirkland> roaksoax: so it should be a wrapper script in /etc/pm/power.d
<kirkland> roaksoax: that looks at our config file
<kirkland> roaksoax: and enables/disables those modules/services
<kirkland> roaksoax: probably two separate scripts, one for modules, one for services?
<roaksoax> kirkland: ok, I think that sounds better
<hallyn> ahs3, sorry, just to be sure i understood right, you're just saying rename netcf1 to libnetcf1 and netcf-dev to libnetcf-dev, right?  (or did i also get the contents wrong?  hmm, i'll take another look)
<kirkland> roaksoax: cool
<ahs3> hallyn: you've got it right
<hallyn> ahs3, thx
<ahs3> hallyn: another question occurred to me -- have you run piuparts on the package?
<hallyn> never heard of it
<hallyn> (that's a no :)
<hallyn> interesting
<hallyn> trying to think how i'm gonna remember that name.  what on earth does it stand for?
<ahs3> heh.  i need to understand it better myself, but it's a nice QA check on a deb
<hallyn> dude that looks aweseome
<ahs3> package-install-update-blah-blah ... i dunno :)
 * hallyn goes to run that on the syslog-ng merge
<ahs3> cool.  it gets run on the entire archive from time to time...kinda handy
 * ahs3 wonders if ubuntu does that... ?
<hallyn> ahs3, i'm guessing not, because we have all those install/upgrade manual tests as apart of the qa testing before release
<Daviey> ahs3: It's been discussed, but not as yet.  We've only just got a lintian service!
<ahs3> hallyn: nod.  i'm poking around at the QA folks to see what'll happen :)
<hallyn> great black bear, or hornet's nest?  now we'll know.
<ahs3> Daviey: heh.  well, get on the ball!  what are you doing chatting with me :-)?
<Daviey> ahs3: http://yes.sir.daviey.com
<ahs3> lmao
<adam_g_> Daviey: do we have the different requirements and installation scenarios for orchestra/cloud documented anywhere? i dont see it on the whiteboard/blueprint. there was quite a bit discussed at UDS
<Daviey> adam_g: it's still being pulled together
<Daviey> adam_g: We need to build on what we have already done, but also cater for the demo experience aswell as deployment
<Daviey> There was a thought to use the liveusb model for that, but i'm not sure that is that good.  Do you have thoughts?
<adam_g> Daviey: right. i think the demo experience within a larger infrastructure will difficult to nail down, but if we've having everything laid out and defined, we can see what overlaps
<adam_g> liveusb = orchestra-live?
<Daviey> perhaps.
<Daviey> I'm not entirely convinced it'll be less work doing that TBH
<zul> i think a demo is a bonus if it can be done then great but..
<kklimonda> hmm, any idea why do I have to edit common-password after enabling pam-krb5 to get changing password working?
<dub_> hi, i have problem setting up new install with 10.04, but the part manager dont set the "bootable flag" on, any idea?
<kklimonda> (by default pam_krb5 entry is requisite and I have to change it to [success=2 default=ignore] or sufficient)
<kklimonda> jdstrand: hey, what's the status of auth-client-config? It hasn't been updated since intrepid, nor pushed to debian and it overlaps some pam-auth-update features.
<dub_> any human can help me?
<jdstrand> kklimonda: yep. I don't do much with it. I keep meaning to fix the couple of bugs that are open against the sample profiles, but it hasn't been a priority. people should be using pam-auth-update. I haven't removed/demoted it cause people have told me they use it
<Matrix3000> 11.10 will easy up to 12.04 right?
<RoyK> Matrix3000: yes
<RoyK> !ask @ dub_
<ubottu> RoyK: I am only a bot, please don't think I'm intelligent :)
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<genii-around> Hm. !ask should maybe also say something about give us !details
<genii-around> !details
<ubottu> Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<dub_> RoyK, <dub_> hi, i have problem setting up new install with 10.04, but the part manager dont set the "bootable flag" on, any idea?
<dub_> at 16:30 hrs
<ninjix> RoyK: can you describe the storage config you are using?
<RoyK> ninjix: what storage config? the one for backups? for scientific data? for high-speed file/database access?
<ninjix> ;) meant for dub_
<ninjix> want to know more about the disk arrangement
<patdk-wk> royk, the one for little availablility :)
<Matrix3000> if i need to install java openjdk-6-jre is recommended instead of sun-java6-jre right?
<RoyK> patdk-wk: heh - those 100TB boxes run well now, with better controllers and no FSCKING WD drives
<patdk-wk> all upgraded to megasas now?
<ninjix> Matrix3000: I find it depends on the how Ubuntu/Debian friendly the app developers are
<patdk-wk> or well, the sas2008 chipset?
<Matrix3000> ah ok
<jcastro> kirkland: hey do you have your slides from that power talk you did at some $conference?
<ninjix> I default to the Oracle/Sun when I'm hosting services or apps that cater to the entire Linux community
<Matrix3000> i think oracle is moving it from java-jre to openjdk anyways
<jcastro> I need to steal content for a lug meeting tonight
<kirkland> jcastro: yup
<patdk-wk> jcastro, wget mirror works well :)
<Matrix3000> http://openjdk.java.net/faq/
<kirkland> jcastro: http://blog.dustinkirkland.com/2011/08/powernap-your-data-center-linuxcon-2011.html
<jcastro> ta
<jcastro> kirkland: didn't you have another too?
<Matrix3000> Yes. Oracle and IBM announced in October 2010 that we will collaborate in the OpenJDK Community to develop the leading open-source Java SE implementation, and make the OpenJDK Community the primary location for open-source Java SE
<RoyK> patdk-wk: lsi9201
<kirkland> jcastro: yeah, i did linuxcon and linux plumbers this year
<kirkland> jcastro: and roaksoax did Texas Linux Fest
 * jcastro nods
<kirkland> jcastro: you need the originals?
<jcastro> nope, I am all good
<RoyK> ninjix: what did you mean storage config? I have one server with 8TB on striped mirrored 1TB drives and some SSDs for read and write caching, it's blazingly fast - I have three backup target machines, two with 11 x 7-drive RAIDz2 and some spares, and one with an 8-drive RAIDz2, all 2TB hitachi deskstar
<RoyK> add another server for scientific data with a mix of RAIDz2 levels (I suddenly had to extend storage very quickly
<ninjix> nice
<Randolph> hi all
<Resistance> where can i find documentation about sudoers?  including common configuration options
<RoyK> Resistance: man sudoers?
<Randolph> RoyK, grilled ;)
<Resistance> RoyK:  without using man.  i'm stuck on a windows system
<RoyK> Resistance: ssh into a linux system or perhaps use google?
<Randolph> Resistance, on windows system you can install cygwin
<guntbert> Resistance: you can find it on the web, google "man sudoers" :)
<RoyK> !lart
<ubottu> LART has been disabled in this bot.
<RoyK> hrmf
<patrickmw> roaksoax, jamespage referred me to you. thought you could help answer this question.  the qa lab control the CDUs from the Enablement "Sentry Switch".  We'd like Orchestra to manage the power. Does that CDU type match any of the supported types in this wiki: https://fedorahosted.org/cobbler/wiki/PowerManagement#WhatsSupported
<kklimonda> jdstrand: and is there a tool similar to pam-auth-update we can use to modify nsswitch.conf ?
<kklimonda> hmm, there is update-nsswitch proposed for debian, but they yet again got stuck at discussing "the right way to do it"..
<kklimonda> over a year ago.. sigh
<jdstrand> yeah, there is not
<jdstrand> (afaik)
<roaksoax> patrickmw: let me look into it
<jrwr|offline>  I want to use a compression proxy (Ziproxy) and I want it to also compress SSL'd Content as well, I use it over a ssh tunnel so SSL being in the clear is not a issue for me
<sbeattie> jamespage: could you sync libnb-parser-java (bug 890504)? It's blocking netbeans from building.
<uvirtbot> Launchpad bug 890504 in libnb-javaparser-java "Sync libnb-javaparser-java 7.0.1-1 (universe) from Debian testing (main)" [Wishlist,Triaged] https://launchpad.net/bugs/890504
<andygraybeal> how do you guys set up your network printers?
<andygraybeal> i have ubuntu 10.04 as my server.
<andygraybeal> do you use lpd://ip-address/passthru ?
<andygraybeal> or something else?
<andygraybeal> and do you use PCL drivers or postscript drivers?
<SpamapS> andygraybeal: I always used cups and ipp:// urls
<andygraybeal> SpamapS, okay - that's is what i would like to do too.
<andygraybeal> why not lpd:// ?
<SpamapS> andygraybeal: as to drivers.. typically PCL is faster as it is quite a bit less verbose.
<andygraybeal> yea, fast is what i need, precision is not.
<SpamapS> andygraybeal: because ipp is more modern? No real reason. :)
<andygraybeal> SpamapS, okay awsome.  thank you.
<andygraybeal> for some reason, when i go to setup the network printer - i select 'IPP' and it says "host" and "queue" - i type in 192.168.2.180 and the 'verify' button... doesn't become enabled, and neither does the 'apply' button -- i wonder if something is wrong.
<andygraybeal> i tried just now to type ipp://192.168.2.180 - and nothign still
<swharper> im going through a fresh server install setting up a raid 5.  if i understand this correctly i want to partition each drive with 2 physical volume for raid partitions.  one small on and one "max", then set the bootable flag to on?
<swharper> for each drive?
<andygraybeal> oh i'm using the printer console in the gui, maybe i should instead be using the cups website on localhost.
#ubuntu-server 2011-11-17
<swharper> when i follow the instructions outlined in 4.1 of the server guide i get an error saying no root partition is defined
<swharper> http://dl.dropbox.com/u/3136063/ubuntu1.jpg
<swharper> this is the current partition scheme
<swharper> the sandisk is the installer usb stick
<SpamapS> swharper: after you split the physical drives up, you need to create md's
<SpamapS> swharper: I don't see RAID instructions here https://help.ubuntu.com/10.04/serverguide/C/index.html
<swharper> yeah im in the process of doing that nowâ¦  but for some reason im only seeing the 5gb partitions, except in 2 instances
<swharper> https://help.ubuntu.com/11.10/serverguide/C/serverguide.pdf
<swharper> section 4.1 advanced install
<SpamapS> Heh wow the numbering on that is weird
<swharper> on the partition table?
<SpamapS> swharper: no in the PDF
<swharper> oh
<SpamapS> 4.1 is not really the section number
<SpamapS> Anyway
<SpamapS> Ok so you need to do the 'Configure Software RAID' step
<atruno-> does zoneedit cost money to host a website with your own domain ?
<swharper> oddly this is what i get when i try to configure the sw raid
<swharper> http://dl.dropbox.com/u/3136063/ubuntu2.jpg
<swharper> for some reason only 2 of the drives show the large partition
<swharper> s
<SpamapS> swharper: did you possibly not mark it as 'use as RAID' when you created the partitions?
<swharper> they're all marked as raid...
<swharper> in the first screenshot
<SpamapS> swharper: weird
<SpamapS> swharper: possibly a bug w/ > 1TB partitions
<SpamapS> swharper: I notice the drive model is different on sdf ..
<SpamapS> swharper: maybe the WDC's have different geometry that isn't playing nice?
<SpamapS> swharper: I have to leave, but my suggestion would be to try 999GB
<philipballew> Is there any way to set up ssh when the network I am on wont allow for any ports to be opened?
<SpamapS> philipballew: ssh out to a box and forward back..   ssh -R 2222:127.0.0.1:22 my-remote-box
 * SpamapS disappears
<swharper> for some reason the bootable flag won't stay on either
<swharper> once i go into the raid config page
<qman__> these days the bootable flag is largely irrelevant
<qman__> I had a lot of trouble with the 11.10 installer trying to use disks that had been in a fakeraid
<qman__> I ended up having to zero the whole disks before dmraid would behave and stop screwing things up
<swharper> thats what im gonna try to do now
<swharper> i want to 0 everything and start over
<swharper> but these disks have been partitioned a bazillion times
<swharper> can this be done from the installer?
<qman__> technically yes but I'd suggest booting something else
<qman__> like recovery mode and drop to shell, or systemrescuecd
<swharper> hm
<swharper> all ive got here is my install stick
<qman__> well, back the installer up to before partitioning
<qman__> then press alt+F2
<qman__> and pressing enter should give you a shell
<swharper> ok
<swharper> done
<swharper> fsck not found...
<qman__> fsck doesn't have anything to do with zeroing disks
<qman__> but that shell might be a busybox, I don't remember
<qman__> which is pretty much useless
<swharper> it is
<qman__> yeah, you'll have to boot recovery mode
<qman__> reboot, and when it gives you options, choose repair a broken system
<qman__> then when it gives you more options, choose to drop to a shell in the live environment
<swharper> k
<qman__> the versions in lucid and earlier are annoying but work
<qman__> the newer ones may have been fixed, I don't know
<swharper> hmm one of the options is "assemble raid array"
<swharper> from rescue mode
<qman__> don't do that
<swharper> "device to use as root file system"
<qman__> you don't want to load any of the stuff on your disks, you just want the installer environment
<swharper> so probably sda1? which shoudl be the usb disk
<swharper> that or do not use a root file system
<qman__> worth trying I guess
<qman__> do not use
<qman__> that's what you're after
<swharper> k
<swharper> ok dropped into the shell
<swharper> its busybox though :P
<qman__> no, it should be dash
<qman__> and '/bin/bash' should work
<swharper> hm
<qman__> well, it did in older versions
<qman__> I honestly have not used the current versions, most of my systems are lucid
<qman__> in any case, it's not needed
<qman__> if dd is there you're good
<swharper>  '/bin/bash not found'
<qman__> dd if=/dev/zero of=/dev/sd? bs=2M
<qman__> where sd? is the disk you want to zero
<swharper> right
<swharper> cool
<swharper> thanks
<twb> qman__: in examples recommend /dev/sdz9 to avoid users idiotically copy-and-pasting what you write
<twb> *to avoid explosions when
<qman__> valid point, just me thinking in shell
<twb> btw, boot flag is important to /usr/lib/syslinux/mbr.bin
<swharper> damn, no diskutil
<qman__> pretty sure that command doesn't expand as-is though
<swharper> how can i get a list of drives
<qman__> fdisk -l
<swharper> th
<swharper> x
<twb> Also if his problem is that he lands in initramfs after mdadm finds /dev/md2p1 instead of /dev/md0 and /dev/md1, the problem is that lucid defaults to 0.9 mdadm on-disk format; manually create the array using 1.x format and it'll be fine
<twb> fdisk -l is worse than /proc/partitions IMO
<twb> qman__: btw als re "zeroing disks", you probably only need to zero the first and last few blocks -- although doing the latter in dd is a bit fiddly.
<swharper> itll take awhile to zero 1.5tb, yes?
<twb> swharper: yes, like an hour
<swharper> k
<swharper> fml
<swharper> :)
<swharper> 7 hrs
<qman__> twb, while that usually works, dmraid is particularly thick and you have to find the magic places where it defines the fake raid
<qman__> and in that case it's simpler just to zero it
<twb> qman__: by dmraid do you mean the mdadm parts of d-i partman?
<qman__> possibly
<twb> qman__: or more like mdadm --assemble --scan
<qman__> whichever is used to detect fakeraids and assemble them
<qman__> used to be dmraid -ay
<twb> Well fakeraid (as distinct from mdadm) can FOAD
<qman__> agree
<twb> Like CCISS or whatever,  I hate that stuff, don't use it
<twb> If your RAID card didn't cost hundreds of dollars and include a BBU or a flash-type thingo, don't use it
<qman__> but someone decided that when I say "No" to "RAID arrays found, do you want to assemble these arrays" I actually meant yes
<twb> qman__: lame
<twb> qman__: if it were me I'd go buy a 4port pcie sata card and ignore the southbridge ports :P
<qman__> because they show up in the partitioner
<twb> You probably need to blcaklist the cciss driver or something
<qman__> which wouldn't be a problem, except that it completely breaks the partitioner
<qman__> it doesn't even use the chipset
<qman__> it reads the data and assembles it in software
<qman__> I
<qman__> I've recovered data from nvraids and such this way with non-fakeraid controllers
<qman__> I know for a fact it can do this with nvraid and AMD raid, not sure if intel's stuff works or not but it tries
<patdk-lap> qman__, heh? dmraid offers a wipe raid id from drive option
<patdk-lap> cciss driver is a real raid
<patdk-lap> I forget what the fakeraid one is called
<qman__> didn't know it could do that
<qman__> but finding that out otherwise would have required reading the (rather large) manual for a piece of software I don't intend to use
<qman__> I start all the zeroings and walk away, it's done like 20 minutes later
<patdk-lap> 20min?
<patdk-lap> what are you using? 80gig drives?
<twb> patdk-lap: it's not real if I need a special bloody driver to create /dev/cciss0 instead of /dev/sda
<patdk-lap> looks like -E
<qman__> the last time, they were 250s
<twb> (Well, OK technically it probably is h/w raid, just the raid card doesn't bother to emulate a SATA bus.)
<qman__> 20 minutes may be slightly exaggerated, but it wasn't enough time to cause an issue
<patdk-lap> twb, that is true, but what hardware raid does bother to?
<twb> patdk-lap: you're not making me feel better :-/
<lifeless> twb: sata attached raid cabinets do :)
<twb> Haha, SANs exporting themselves as a big iSCSI or smoething ;P
<patdk-lap> hmm, interesting
<patdk-lap> my old adaptec ones show up as sda
<twb> patdk-lap: yeah that's what I expect
<patdk-lap> but that is just cause the adaptec driver displays it to linux as a scsi device
<twb> Oh.
<patdk-lap> ya, used to all my hp's just doing cciss
<patdk-lap> but then, used to freebsd, and freebsd never does anything consistant :)
<patdk-lap> every driver names it after itself :)
<patdk-lap> that really annoyed me changing nics
<qman__> the hardware controller has to be really good for me to bother using it, because mdadm is so featureful and compatible
<twb> qman__: hear hear
<twb> It shits me that $sales can't convince $customer to go mdadm
<patdk-lap> qman, for hardware raid, it's all about the bbwc
<twb> Because the world has taught $customer that only hw raid is any good
<patdk-lap> if you don't get bbwc, mdadm is the way to go
<twb> +1
<patdk-lap> a person I deal with, had some servers colo
<patdk-lap> and they reinstalled them with dmraid
<patdk-lap> webserver couldn't even handle the traffic of a single user
<patdk-lap> reinstall with mdadm, they where fine
<twb> haha
<qman__> yeah, the write cache is the only good reason to use hardware, and since most linuxes and such have much better disk caching in general than windows, it's not even that painful to not have
<patdk-lap> depends what you write
<patdk-lap> lots of fsync calls, you need that write cache
<qman__> yeah
<patdk-lap> but if not, it doesn't matter
<patdk-lap> but these days, if you do lots of fsyncs your normally looking at ssd instead :)
<qman__> that was one of the things I first noticed the very first time I used linux
<qman__> that the disk was not thrashing itself to death, and the system freezing waiting on disk operations
<qman__> system not freezing*
<twb> if you do a lot of fsyncs you need your code fixed
<patdk-lap> a database?
<patdk-lap> you always fsync each transaction
<patdk-lap> be it to a temp commit log, or the table itself
<twb> >hand waving<
<twb> This is not my area of expertise; I just heard a lot of yelling because people were Doing It Wrong and when they use a modern fs their shit explodes
<iggi__> anyone know of a place to get support for ZeroC ICE in IRC?
<swharper> from what im reading it'll take a little over a day to zero a 1.5tb drive :P
<swharper> x7
<swharper> blah
<dork> anyone know of any issues w/ oneiric server failing boot after initrd saying "Mount: too many levels of symbolic links"
<twb> swharper: are you doing it now, with dd?
<twb> swharper: send it a USR1 and it'll give you a progress report
<twb> Hmm, caveat: busybox dd might not...
<dork> any ideas? getting "Mount: too many levels of symbolic links" when in recovery kernel, regarding /run
<dork> this box hasn't been touched since the last wave of problems 2 weeks ago
<dork> no promising search results
<qman__> fsck?
<dork> clean
<qman__> if it's not mountable, not many other options
<dork> actually it's about /run
<dork> too many levels of symbolic links
<dork> some loop going on here
<qman__> does it work if you load a different kernel maybe?
<qman__> or perhaps boot live and chroot, then deal with it?
<dork> yeah i just odnt know how to deal with it
<dork> i can chroot in
<dork> basically /run is symlinking to /var/run
<dork> and when i cd to either i get that error
<qman__> might have managed to have inifinitely self-referencing symlinks
<twb> dork: /var/run moved to /run because stupid new init systems can't manage to even mount /var without having dbus running first
<twb> dork: depending on your release and if you have upgraded from an older one, maybe your box didn't handle the transition well
<qman__> I don't have any newer-than-lucid systems to look at
<dork> the upgrade was horrible
<dork> i had a whole bunch of problems spent 16 hours at the dc
<dork> now i'm here again
<dork> after the box hasn't been touched
<dork> though this problem didn't exist until days after i managed to iron out the upgrade related problems
<dork> any suggestion on the best approach for this
<qman__> unfortunately I don't have any experience with this and I don't have time to get out my laptop (only system running oneric) and cross-check things with you
<swharper> can i send a USR1 in mid process?
<qman__> but that's where I'd start, reference a working system and see what those directories look like
<dork> http://uksysadmin.wordpress.com/2011/10/14/upgrade-to-ubuntu-11-10-problem-waiting-for-network-configuration-then-black-screen-solution/
<twb> swharper: sure
<twb> swharper: but if the client doesn't like it, it'll bomb
<swharper> ack
<swharper> eff it
<twb> Shrug
<qman__> I use kill -SIGUSR1 to get dd status fairly often
<swharper> im doing one of the drives using diskutility on my mac
<twb> If I were you I'd just blat the start and end of disk
<twb> qman__: yes but does that work with busybox dd
<swharper> and its progress is showing 1 day, 13 hrs
<qman__> that I don't know
<qman__> that seems way too long, even for 1.5TB disks
<swharper> its doing 3 passes
<swharper> over usb2
<qman__> yeah, that's a bad plan
<qman__> last one I did was 250GB disks on SATA2
<qman__> and you only need 1 pass
<swharper> ah
<swharper> i guess i could cancel this one
<qman__> nothing is going to mistakenly read old data after a single zero pass
<twb> swharper: don't do USB2
<qman__> and even data recovery tools are going to be hard pressed to get much after it
<swharper> disk utility gave me 5 options i believe....
<twb> At least get esata
<qman__> in short
<twb> If you're trying to wipe the drive, use an angle grinder not dd
<swharper> well the server running dd is esata
<qman__> if you're worried about data passed a single zero pass, you should just destroy the disks physically
<twb> Right
<qman__> past*
<swharper> ok
<swharper> there was another option that did 25 passes
<swharper> glad i didnt choose that :)
<qman__> options for the paranoid, that haven't been relevant since disks were < 1GB
<swharper> ok i stopped it
<swharper> on the mac
<swharper> ill redo with 1 pass
<qman__> no need, it's probably good
<qman__> I just know that the first 200MB is not enough to clear out an intel fakeraid
<qman__> and I only suggested that solution under the impression that it wouldn't take more than a couple hours for all of the disks, if run simultaneously
<swharper> hm
<swharper> well dd has been running for almost 3
<qman__> send a siguser1 and find out how many blocks it's done
<qman__> even if it stops it, you can start again at that point with switches, or just leave it be and move on
<swharper> while thart proc is running in the same shell?
<qman__> no, need a second shell
<qman__> well
<swharper> im in recovery mode...
<qman__> unless you ctrl z, bg 1, kill -siguser1 pid
<qman__> and that's provided all those are there, which they may not be in a busybox
<swharper> id have to start it over then, yes?
<qman__> dd supports arguments which tell it where to start and finish
<swharper> alright i stopped it
<qman__> if it does die, you'll see the spot where it stopped
<swharper> disk utility is giving me 12 hours on the usb2 cartridge
<qman__> USB is really slow
<swharper> yeah
<qman__> USB 2.0 runs at 480mbps data rate, but actual throughput is much less
<swharper> now that that proc is stopped can i see how far dd got?
<qman__> ctrl z?
<swharper> yeah
<qman__> that just pauses
<swharper> hm
<swharper> says stopped
<qman__> you must bg 1 or fg 1 to resume
<qman__> in background or foreground respectively
<qman__> in background allows you to run other commands, such as kill -siguser1
<cwillu_at_work> just bg or fg will work
<swharper> bg 1 says no such job
<cwillu_at_work> just do bg, if there's a job that can be backgrounded, it'll be backgrounded
<swharper> bg worked
<qman__> do you know the pid of the dd process?
<swharper> now kill - siguser1 pid?
<qman__> without that space, yes
<qman__> kill -siguser1 pid
<swharper> right, ok
<qman__> it should cause it to display the position
<swharper> bad signal name 'siguser1'
<cwillu_at_work> "killall -USR1 dd" or "kill -USR1 <pid>"
 * cwillu_at_work hands qman__ a proofreader
<qman__> the implementation must be different from systemrescuecd
<qman__> because the things that I said are true in systemrescuecd
<cwillu_at_work> then systemrescuecd made gratuitous changes to how things work
<swharper> 510082
<cwillu_at_work> (or more likely, has kill as a shell builtin, that doesn't match bash's or the standard kill binary)
<qman__> it should say blocks in, blocks out, bytes transferred
<cwillu_at_work> swharper, what was the dd line you ran originally?
<swharper> now 511328+0 records out
<cwillu_at_work> 511328 * 512byte blocks, assuming the default wasn't changed on the command line
<qman__> I told him to use bs=2M, for performance reasons
<cwillu_at_work> okay, so 511328 * 2M
<cwillu_at_work> it's written a terabyte
<swharper> dd if=/dev/zero of=/dev/sdh bm=2M
<swharper> was the original
<cwillu_at_work> swharper, how big is the drive?
<swharper> 1.5tb
<cwillu_at_work> okay, it's 2/3's done
<swharper> ok
<swharper> cool
<cwillu_at_work> swharper, also, you meant bs=2M, right?
<cwillu_at_work> (bm isn't a thing)
<swharper> yes, sorry
<cwillu_at_work> I usually use bs=1M, just so that the numbers are directly meaningful :p
<swharper> i can have dd running on all these drives simultaneously
<cwillu_at_work> yep
<cwillu_at_work> but if they're all connected via usb, you're not gonna get done any faster
<swharper> noâ¦they're not in the server
<qman__> it will if they're over SATA though
<swharper> they're all sata
<swharper> i yanked one out and put it in a cradle
<swharper> connected to my laptop
<qman__> because with SATA, it's one disk per channel, unless you've got a multiplexer
<cwillu_at_work> okay;  just rerun it as "dd if=/dev/zero of=/dev/sdwhichever bm=1M &" for each one
<cwillu_at_work> and then "killall -USR1 dd" will spit out the numbers for each one
<swharper> how do i make it a background process from the get go
<cwillu_at_work> swharper, run what I told you :p
<qman__> the ampersand on the end
<swharper> ah, right
<swharper> thanks
<qman__> anyway, difference noted
<qman__> I usually do this kind of thing from systemrescuecd because it's convenient
<swharper> ok, got em all hummin now
<swharper> awesome
<uvirtbot> New bug: #891389 in bind9 (main) "CVE-2011-4313 improper assert" [Medium,Fix released] https://launchpad.net/bugs/891389
<uvirtbot> New bug: #891472 in libvirt (main) "apparmor profile for libvirt does not allow hooks to be executed" [Undecided,New] https://launchpad.net/bugs/891472
<uvirtbot> New bug: #891527 in cobbler (universe) "cobblerd fails to start: NoSectionError" [Undecided,New] https://launchpad.net/bugs/891527
<Daviey> hey adam_g o/
<Modris> hi, i install ubuntu server on "hyper v 2008 r2" with legacy NIC., but my ping responce time is dramatically from 1 to 2000ms all time
<Modris> ubuntu desktop on the same hyper-v respond nice 1ms
<Modris> i'm not linux expert. just need configure firebird on linux, i take ubuntu desktop and all is good, now i want make it on server edition and ... see previus post my problem.
<Daviey> Modris: Is hyperv host overcomitted?
<koolhead17> hi all
<Modris> excuse my bad english... overcomitted is what? that is standart hyper-v
<Modris> i try http://www.panterlo.com/2010/10/10/ubuntu-10-10-and-hyper-v-r2/ but without success... now i go back to standart installation
<lynxman> morning o/
<koolhead17> hola lynxman :D
<lynxman> koolhead17: hey :)
<Daviey> Modris: sorry, i mean - is hyperv host server doing too much?
<Daviey> Do you have too many virtual machines, and not enough resources to go around?
<Modris> Daviey: No, hyper-v is in idle, also work ubuntu-desktop and ping is <1ms all time, and one xp_test_pc and pint to it is <1ms too
<Daviey> Modris: we don't really test against hyper-v, so we kinda lack the experience and potential issues.  This means we can't be a great deal of help.  Sorry :/
<Modris> ok, thanks... then You suggest go-google? and search or maybe hyper-v irc, but i think they are dont specialize on ubuntu :-)
<Daviey> Modris: I'd be suprised if other distro / OS's didn't see the same behaviour TBH
<Modris> Daviey: i think problem is with nic drivers... if ping response time with ubuntu-desktop also was bad, then i just take it and don't search for solution, but with desktop edition all is right and that's why i keep looking for solutions
<Daviey> Modris: Hmm, can you not provide a different virtual nic?
<Daviey> (kvm you can do this, so assume you can with hyper-v?)
<Modris> inb hyper are only two nic - 1) network adapter 2) legacy network adapter i try both but by default ubuntu-server can see only legacy network adapter
<Modris> maybe need add network adapter too and then give drivers by hand... but driver in linux for me is not clear enought
<Modris> in http://www.panterlo.com/2010/10/10/ubuntu-10-10-and-hyper-v-r2/  are talking about synt adapters, but ... i try step-by-step without success
<Modris> what virtualization platform You use for test ubuntu guests?
<rbasak> Is the desktop kernel usable on server? Might that work?
<Modris> rbasak: maybe, how know that? for desktop i use 11.04, but for server 11.10 maybe that is point of solution?
<Modris> What changes is between ubuntu 10.04 and 11.10 who can affect /etc/initramfs-tools/modules in http://blog.allanglesit.com/2010/05/ubuntu-and-hyper-v-the-paths-to-enlightenment/ are solultion for network problems, but it don't work for 11.10
<Modris> i dont try it for 10.04, but will to figure out work or not with it.
<RoyK> http://i.imgur.com/AIMWw.jpg
<AdvoWork> on my one system i access files by http://IP:8080/dir/dir etc  but on my other one :8080 doesnt work, i edited /etc/apache2/ports.conf and changed the listen to 8080 but now it says a file I know is correct is not actually there, any suggestions please? tried editing /etc/apache2/sites-available/default and changed virtual hosts to <VirtualHost *:8080> and added NameVirtualHosts *:8080 and restarted apache but then get: [warn] NameVirtual
<AdvoWork> Host *:80 has no VirtualHosts
<AdvoWork> actually, the file now works since doing that last bit, but i still get the warn message
<koolhead17> https://help.ubuntu.com/10.04/serverguide/C/httpd.html
<adac> Hi guys. I was wondering on LTS server versions... I have a lot of updates now shown...but since months there has been noone marked as "critical" anymore. Does ubuntu not support or do packages not being flagged with "critical" at ubuntu at all?
<soren> What do you mean "marked as \"critical\""?
<adac> soren, I guess critical should mean apckages that have a security sissue fixed
<soren> But where is it marked as critical? Where do you see this mark?
<adac> soren, it normaly shoudl be set somewhere when you do a apt-get update
<adac> then for example wehn you login via ssh it shows you
<adac> if i remember correctly
<adac> (since it was long time there was any critical anymore)
<adac> at least it is like that in debian
<adac> 23 packages can be updated.
<adac> 19 updates are security updates.
<adac> soren, ^^
<adac> when you login via ssh
<adac> soren, http://superuser.com/questions/199869/check-number-of-pending-security-updates-in-ubuntu
<soren> Sure. "Security updates".
<soren> adac: If there are known security issues, they get fixed. There are (awesome) people assigned to take care of just that.
<adac> soren, is "security" and "critical" upgrade a difference?
<adac> soren, yes but my point is that i get noticed about if there are security upgrades
<soren> adac: If you don't see any security updates, you either don't have any packages installed that have required updates, you're offline, or you're running an unsupported version of Ubuntu.
<soren> adac: Of course it makes a difference.
<soren> adac: You asked specifically about a type of updates marked as "critical".
<adac> yes i thought this might is the same
<adac> ok i see so i hve to check also for securtiy upgrades
<soren> adac: It *is* the same, but AFAIK, nothing on ubuntu server calls them "critical" updates rather than "security" updates.
<adac> soren, in the nagiso plugin they are called critical
<adac> so tehrerfor i might confused this
<soren> adac: Hence my question, "What do you mean \"marked as \\"critical\\"\""?
<adac> "official nagios plugin"
<adac> soren, yeah i got it thank you!
<soren> We have an offical nagios plugin?
<soren> Wow.
<soren> I didn't realise.
<adac> soren, someon of packed it. so its original packed ubuntu nagios plugin
<adac> someone of you
<adac> there are a lot of plugins who are not in this package
<adac> i would rather cal them unofficial therefore
<adac> soren, so what command does show me the "security" updates pending?
<spiekey> Hello!
<spiekey> i have a QLogic FC Hostbus adapter and a SAN attached to it.
<spiekey> i would like to use multipath and i think therefore i need device-mapper
<spiekey> but my devices wont get listed in /dev/mapper/    :-(
<spiekey> any ideay why? Do i have to use dmsetup?
<soren> adac: Might I ask why it's important? Do you not want general updates, but only security updates?
<adac> soren, exactly. my nagios installation shoudl only warn me if there are security upgrades available. I dont care about other ones (since this would then result in nearly daily notifications)
<soren> adac: Then why don't you disable them?
<zul> good morning
<adac> soren, I first need to know with which comand line command i can show if there are security updates. then i can answer your last question
<soren> adac: You're holding my answer hostage until you get an answer to a question that doesn't apply at all once you disable the non-security updates? Seriously?
<adac> soren, well I need to check first if tehre are any security updates at the moment. then i can tell you if the "orignal" nagios plugin simply fail to detect them.
<adac> then i can anser you if your idea would solve my probelm when using the original nagios plugin (the spippet in apt-check)
<adac> shipped
<soren> adac: If you don't need non-security updates, just disable them, and then any update "apt-get upgrade" suggests will be security updates. Simple.
<soren> I don't know what the nagios plugin does to filter out non-security updates.
<adac> soren, you eman like disable them in the sources.list?
<soren> yes
<adac> soren, i thin that wouldnÃt still show me the security upgrades, since apt-cron already downloaded all packages to upgrade
<adac> can i clean this somehow?
<adac> apt-get clean all
<adac> yes that did the trick
<adac> seems that there are 64 securty upgrades
<adac> 46 sorry
<adac> soren, oh lol! now also nagios shows me 46 critical upgrade
<adac> s
<adac> how is that possible
<adac> soren,  with only security repo i have 64, and with the others additinaly enabled i have 54. when i have only securtiy upgrades enabled nagios does complain. when I have all enabled (all repos) then nagios doesn't. Maybe because he fetches the security packages from another repository?
<soren> As I said: I don't know what the nagios plugin does to count those updates.
<adac> soren, yeah i see
<adac> soren, still i would like to know if there is a command that shows me avaliable security upgrades
<soren> Your nagios plugin.
<adac> soren, lol
<adac> soren, no seriosly via ssh  login on another private server also the different types of updates are shown. what command is used on that?
<soren> adac: "shown"? You mean in the info you see at login?
<adac> soren, right
<soren> adac: landscape-sysinfo
<adac> soren, tank you!
<adac> thank
<jpds> soren getting tanked, bad idea.
<zul> Daviey: ping
<soren> jpds: :)
<Daviey> zul: hola
<zul> Daviey: so im thinking about nova/swift/glance/keystone SRU
<Daviey> eeek
<zul> so there isnt a tarball for 2011.3.1 so i was thinking of doing a snapshot
<zul> so something like 2011.3.1~gitXXXX
<zul> what do you think?
<zul> and document the shit out of everything
<Daviey> adac / soren : Or, sudo /etc/update-motd.d/90-updates-available ?
<adac> jpds, hehe. what does soren do when he is tanked?
<Daviey> zul: Is it worth finding out WHY there isn't a snapshot?
<zul> Daviey: because they dont do stable releases
<soren> Daviey: Oh, it's a separate script now?
<adac> Daviey, don't have this binary
<zul> ttx: ^^^
 * soren is living in the past
<Daviey> but otherwise, yeah - that versions tring seems safe.
<adac> or script
<zul> soren: derpa derpa
<soren> zul: derka derka derka
<Daviey> soren: you aren't still wearing flares, and sporting a mullet are you?
<zul> i still laugh when i see that
<ttx> zul: the only 2011.3.1 being considered is Keystone so far
<ttx> doesn't mean you can't release 2011.3+chuck
<ttx> instead of 2011.3.1~chuck
<soren> Daviey: Not that far in the past, no.
<ttx> (nova code still shows 2011.3 as version, not 2011.3.1)
<zul> how about 2011.3.1+git20111117
<soren> No. Not +.
<ttx> zul: because there is no such thing as nova 2011.3.1
<ttx> and there might never be
<zul> how about 2011.3.1~git<git hash>
<ttx> 2011.3+git20111117
<soren> What ttx says.
<Daviey> 2011.3+gitFOO sounds better i guess
<zul> k
<Daviey> zul: fancy rebasing https://launchpad.net/ubuntu/+source/nova/2011.3-0ubuntu6.1, and re-uploading for SRU?
<zul> Daviey: thats the plan
<jamespage> roaksoax: $insert_cobbler_system_definitions in /etc/cobbler/dnsmasq.template does not appear to be working in oneiric
<jamespage> do I need to poke something to make it setup static entries for systems I have configured?
<roaksoax> jamespage: what are you configuring on each of the systems?
<jamespage> roaksoax: I'm configuring an IP address for each of the interfaces registered for a given system
<roaksoax> jamespage: /var/lib/cobbler/cobbler_hosts
<roaksoax> jamespage: so they appear there ^^
<stgraber> hallyn: so, looking at what we need to do to get rid of lxcguest this cycle :) on top of getting Daniel's patch in the kernel (shutdown/reboot) and mountall modified to be LXC aware, we also need to do something about lxc-is-container and the consoles spawned by upstart
<stgraber> I can't remember us discussing these two other things at UDS
<stgraber> I think it might be worth renaming lxc-is-container to some kind of universal is-container command that'd return lxc / libvirt-lxc / openvz / ... depending on what's in use
<stgraber> and move that to some core packages
<stgraber> (or merge into a similar command, not sure if we already have something like that for VMs)
<stgraber> for consoles, I think it'd be interesting to make upstart a bit more clever so it doesn't spawn gettys on non working devices and spawns a getty on /dev/console if it's a container
<hallyn> stgraber, yes the console thing occurred to me ont he flight out from orlando
<hallyn> for lxc-is-container, i think in the session i said that would be the one thing left in lxcguest
<hallyn> but i suppose we can add something to either upstart or coreutils instead
<hallyn> the console thing gets interesting (in a bad way :) when you try to fire up lxc with smoser's cirros, btw
<stgraber> I'd really like to see lxcguest go away completely, otherwise people will expect lxc-is-container to be around and will fail when they don't use our template :)
<hallyn> and so yes, if we could find an intelligent way to fire up getty on consoles which happen to be up, that'd be neat
<hallyn> stgraber, hm, i see, our work items in the blueprint are insufficient for that
<hallyn> and hwo did you end up owning the mountall one?  (not that i mind :)
<stgraber> because mountall is a foundations team thing :)
<hallyn> yay
<stgraber> so it should be easier for me to nag jhunt_ about it :)
<hallyn> noted those into the blueprint so i don't forget again
<stgraber> thanks
<EMKO> i made a new user with root how do i add this user so it can use sudo i tried to add it to group admin but that doesnt exist
<roaksoax> zul: just want to run it with you so I'm not installing files that shouldn't be
<roaksoax> zul: http://paste.ubuntu.com/741305/
<zul> roaksoax: what is this?
<roaksoax> zul: cobbler
<roaksoax> zul: lp #891527 let me to find other missing files
<uvirtbot> Launchpad bug 891527 in cobbler "cobblerd fails to start: NoSectionError" [High,In progress] https://launchpad.net/bugs/891527
<zul> roaksoax: looks good?
<zul> er...looks good
<roaksoax> zul: alright ;)
<EMKO> so when i use sudo do i use the roots password or the account im loged in with?
<uvirtbot> New bug: #857956 in glance "[SRU] Control file needs python-httplib2 dependency" [Medium,Fix committed] https://launchpad.net/bugs/857956
<hallyn> zul, are you able to run the libvirt qa regression test on precise and have it pass?
<zul> hallyn: i havent tried recently
<hallyn> I've tried on a host and in a vm.  Using the oneiric version of libvirt on precise!  still get a heap of failures
<hallyn> zul, do you have something you can try on?
<hallyn> i'd like confirmation that i'm nto going nouts,
<zul> hallyn: i can later this afternoon
<hallyn> but i'm thinking it's some other change now
<hallyn> ok, thanks
<hallyn> i'll sit on the libvirt merge in the meantime
<zul> is it a big one?
<hallyn> well it's to 0.9.7-2...
<hallyn> not particularly big,
<hallyn> and it doesn't introduce NEW failures over any other libvirt in my tests.  but if it did, they might be getting masked by all my inexplicable failures
<hallyn> you think i should just push?
<zul> hehe
<hallyn> I was using it on mjy laptop with no probs
<zul> ok ill take a stab at it this afternoon
<hallyn> ok
<hallyn> i wonder if the cahnge about default admin users may have affected it
<hallyn> hm, lemme try the proposed precise package on the oneric vm
<hallyn> you know i've never used synergy before.  i'm loving it.  of course it's completely insecure, but that's the thrill isn't it :)
<hallyn> zul, if you also want to run against the merged pkg, it's in ppa:serge-hallyn/virt and source is at http://people.canonical.com/~serge/libvirt_0.9.7-2ubuntu1-package.tar.gz
<zul> k
<Zanzacar> I have been trying to use screen for multiple tty sessions and I am kind of getting lost in it does anyone have any other recommendations?
<JanC> Zanzacar: byobu makes using screen easier
<robbiew> huats: ping
<Zanzacar> JanC: I will look into that
<huats> hey robbiew !
<huats> how are you ?
<robbiew> good :)
<micahg> zul: is there a reason cobbler doesn't use distro-info and hard codes release names?
<zul> micahg: no there isnt, it was a redhat project
<micahg> ok, well, FYI, distro-info will probably be something that's SRUd, so things taking advantage of it can have an up to date release list
<hallyn> Daviey, are you around today?
<zul> Daviey: lemme know when you are around as well..
<negronjl> SpamapS: ping
<SpamapS> negronjl: pong, sup?
<negronjl> SpamapS: Re: https://bugs.launchpad.net/bugs/720302  Can you tell me what would be a use case scenario for this ?
<uvirtbot> Launchpad bug 720302 in juju "Juju should provider leader selection support" [Wishlist,Confirmed]
<SpamapS> negronjl: ceph is one example..
<SpamapS> negronjl: there are some actions that can only happen once per cluster.
<SpamapS> negronjl: so a leader is needed to only have those actions happen on the leader.
<negronjl> SpamapS: ...enough said ... I totally get it now
<SpamapS> negronjl: you can fake it now with relation-list and sorting..
<SpamapS> negronjl: but with leader election, we'd provide a way to detect that you're the leader *before* any peer relationships were established.
<negronjl> SpamapS: perfect ... that would be awesome to have.
<SpamapS> negronjl: and perhaps more important, hooks for when leader changes.
<hallyn> ahs3, I've sent an email inquiring about the xml file copyrights.  Meanwhile http://people.canonical.com/~serge/netcf-0.1.9-package-v2.tar.gz should address the other concerns and is lintian-approved :)
<ahs3> hallyn: groovy.  i'll try to take a look later today (/me is arguing with virtio right this minute...)
<malac0da> can anyone gimme a hand with setting up apache?
<SpamapS> malac0da: can you maybe be more specific what you want to do with apache?
<malac0da> im having 2 issues
<adam_g> zul: hi
<malac0da> i have it set to just an index of files(not the directory i want which is problem 1 but i can live with) but it wont let me download the files it says its forbidden
<zul> adam_g: hola
<SpamapS> malac0da: probably because the files are not accessible by the 'www-data' user which apache runs as.
<malac0da> so the solution being?
<adam_g> zul: hey, regarding bug #891445 is there any reason why the sysv init script from squid was converted to upstart job for squid3, rather than the init script from squid3?
<uvirtbot> Launchpad bug 891445 in squid3 "package squid3 3.1.15-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Confirmed] https://launchpad.net/bugs/891445
<zul> adam_g: not really
<malac0da> the folder it is set to access is the default /var/www but i wanted to move it to /home/user/www
<malac0da> but for some reason it wont
<zul> adam_g: patches accepted
<malac0da> I added DocumentRoot... and <Directory ... and still goes to default location
<adam_g> zul: cool. thanks. i might touch up the squid3 upstart some more if you dont mind
<zul> adam_g: i dont
<malac0da> Sooo...I guess I will just go somewhere else then?
<SpamapS> malac0da: we're busy people, please be patient. :)
<SpamapS> malac0da: after changing configs, did you reload the server configs? (sudo service apache2 reload) ?
<malac0da> yeah
<genii-around> malac0da: For webserver specific help there is also##httpd
<genii-around> Er #httpd   rather
<raubvogel> Is nscd being started by upstart or what? 11.04
<malac0da> should the DocumentRoot be in apache2.conf?
<raubvogel> Or insserv
<raubvogel> malac0da: https://help.ubuntu.com/community/ApacheMySQLPHP https://help.ubuntu.com/10.04/serverguide/C/httpd.html
<filo1234> hi
<SpamapS> raubvogel: insserv is not run in Ubuntu
<SpamapS> raubvogel: most likely nscd is started by upstart's sysv compat mode calling its start script in /etc/init.d
<raubvogel> SpamapS: and it seems to be calling it in the wrong order if I want to have kerberos, ldap, and autofs (for NFS)
<SpamapS> raubvogel: nscd is just an enhancement is it not?
<SpamapS> raubvogel: so what you probably want is for it to start very very late
<raubvogel> SpamapS: That is exactly what I had in mind.
<raubvogel> I would want to do, say update-rc.d nscd defaults 10 10
<raubvogel> but it seems that is not the proper way
<raubvogel> i.e I am supposed use upstart
<SpamapS> raubvogel: looks like the init.d script just has it starting at the normal "20" position.
<SpamapS> raubvogel: 10 10 ? no you'd want like, 90
<raubvogel> SpamapS: I threw that out there because when I check rcN.d, everything is either 01, 02, or 03
<raubvogel> Nobody in the later positions
<SpamapS> raubvogel: are you running insserv then?
<SpamapS> raubvogel: its not supposed to run, but it will cause exactly that to happen
<SpamapS> lrwxrwxrwx 1 root root  14 Nov 17 11:00 S20nscd -> ../init.d/nscd
<raubvogel> SpamapS: I hope not. But then again I am not the only one who can rooy there
<SpamapS> Thats what it normally looks like.
<SpamapS> raubvogel: what version of Ubuntu ?
<raubvogel> 11.04
<SpamapS> raubvogel: yeah something's wrong if you have 01 02 03 ...
<raubvogel> I agree; i checked my own desktop and it has sane values like yours
<adam_g> zul:  in case you were going to do it, please hold on that squid3 merge request
<SpamapS> raubvogel: do you have /etc/init.d/.legacy-bootordering ?
<SpamapS> raubvogel: thats the file that controls whether or not insserv is used
<zul> adam_g: ack
<SpamapS> raubvogel: to be fair, insserv *can* sort of work w/ upstart. Its just that it usually doesn't ;)
<raubvogel> Yep. That file is there
<raubvogel> What is the best way to deal with upstart then?
<EMKO> if php-fpm runs as user www-data what does that mean
<SpamapS> raubvogel: in your case, I think you probably just need to manually make it 90 so it starts late
<matrix3000> im getting excited for 12.04 :)
<SpamapS> EMKO: need more context.. ??
<EMKO> what can user www-data do? im just so confused with this user permissions stuff
<EMKO> coming from windows to linux :(
<raubvogel> SpamapS: update-rc.d  is a valid tool?
<SpamapS> EMKO: www-data just isolates the web server from all the other users on the system. So you can grant read access to the web server for files you want the webserver to be able to show, for instance.
<SpamapS> raubvogel: definitely!
<raubvogel> EMKO: It is wise to seperate services and have non root users running said services
<EMKO> so when i upload site files like say index.php  i have to make this file belong to www-data ?
<raubvogel> EMKO: it depends on what the file does. As a hard and fast rule yes.
<SpamapS> EMKO: no, you just have to make it readable by www-data .. so you can make its group www-data and do 'chmod g+r index.php'
<raubvogel> If the file/directory does not need to be changed by web, read-only will do
<SpamapS> EMKO: sites I've run in the past had all the code owned by a 'publisher' user, group owned by 'www-data', that way the publisher was the only one who could write to the code
<EMKO> oh
<malac0da> i got it move the folder where its looking but still doesnt let it download anything
<SpamapS> malac0da: make sure that www-data can access /home/foo/whatever
<SpamapS> malac0da: note that /home/user may not be world-accessible, even if /home/user/www is
<SpamapS> malac0da: ls -ld /home/user .. is it world executable ?
<malac0da> it shows the list of files in the directory and will display the index.html but wont let its download from there to my computer
<malac0da> are you looking for the drwxr-xr-x ?
<SpamapS> malac0da: ahh
<SpamapS> malac0da: the files themselves, are they readable by the webserver?
<SpamapS> malac0da: note that there may be some logs in /var/log/apache2 that will help
<malac0da> yes i just cant copy them from where they are to here
<SpamapS> malac0da: are you *sure* they are readable by the webserver? being able to list the dir doesn't count as being readable
<malac0da> well it opened html file and displayed it if i added index.html
<EMKO> so i should make the www folder where i keep my site under home username? and add this user to www-data and when i make files give group +r so www-data user can read these files?
<SpamapS> malac0da: it opened index.html , but I assume you want to download some other file.
<malac0da> yeha
<SpamapS> malac0da: those other files might not be readable by www-data.. please make *sure* they are. Can you ls -l the dir and paste bin it? (hint: apt-get install pastebinit ; ls -l | pastebinit) ;)
<malac0da> so inside the www i should do the ls -l correct
<malac0da> cuz it only gave me -rw-------- 1 root root ...
<SpamapS> heh
<malac0da> cant find pastebinit either
<malac0da> probably dont have the repository
<SpamapS> malac0da: its in universe, been around forever
<Zanzacar> Hi I would like to track my childs web usage, I was thinking about using wireshark but does anyone have any recommendations?\
<SpamapS> malac0da: anyway, -rw--------- root root means *not* accessible by www-data
<SpamapS> Zanzacar: dansguardian
<EMKO> so when i do chmod g+r this gives all the groups that his user is in the ability to read the file?
<malac0da> ah so how can I change that
<patdk-wk> wouldn't enforcing the usage of a proxy bebetter?
<SpamapS> EMKO: yes
<SpamapS> EMKO: wait, no
<patdk-wk> I personally don't believe in tracking, think it's more of a pain than it's worth, if you can't trust them on the internet, you shouldn't let them on
<SpamapS> EMKO: chmod g+r gives the group that owns the file, access to read the file
<patdk-wk> same goes for life for that matter
<patdk-wk> if they can't access it at home, they will access it elsewhere
<SpamapS> Its a touchy issue and there are people on all sides of the argument
<EMKO> how do i make a file thats owned by a group then?
<SpamapS> having an 8 year old.. I just make sure I'm around when he is browsing the web at home.
<SpamapS> EMKO: chgrp groupname filename
<malac0da> so thats how I solve my problem?
<JanC> I agree about the "being around" stance, plus make sure they understand they can ask questions about whatever weird things they might find...  ;)
<Daviey> hallyn: here
<Daviey> zul: here
<SpamapS> malac0da: chown -R user.www-data /home/user/www
<SpamapS> malac0da: followed by
<SpamapS> malac0da: chgrp -R g+r /home/user/www
<SpamapS> malac0da: that should do it
<zul> Daviey: essex has a couple of bugs but at least it runs now :(
<patdk-wk> guess I'm the evil one?
<patdk-wk> my son browses the web for hours on end using his ipad
<Daviey> zul: That could be worse :)
<patdk-wk> he is 4years old
<patdk-wk> but normally sticks to youtube
<zul> Daviey: api-paste.ini was out of date as well
<malac0da> second one i got an invalid group
<Daviey> zul: ah, we had that last cycle. :/
<Daviey> zul: We probably need a test case to check that
<zul> Daviey: well now its pulling the one from the source rather than in debian
<Daviey> zul: uh?
<EMKO> SpamapS: so i have to do this everytime i put a file on the server?
<zul> Daviey: there was a debian/api-paste.ini nova ships its own etc/nova/api-paste.ini which is better tracked so we are going to ship that one instead
<hallyn> Daviey, were you going to retry the syslog-ng upload, or was there a complication?  (since rmadison shows the 3.3.1 source pkg :( )
<SpamapS> EMKO: pretty much. :)
<SpamapS> EMKO: note that you can always add www-data to the group that you want to give file ownership to.
<malac0da> SpamapS: the second command didnt work...says invalid group: 'g+r'
<SpamapS> malac0da: oops, I meant chmod, not chgrp
<EMKO> so what did i do by adding the user im creating the files with to the www-data group?
<malac0da> alright that worked
<malac0da> no anything i put there shoudl be able to be downloade
<malac0da> d
<matrix3000> any documentation i should read to cache ldap authentication information on the local machine so that if the ldap server becomes offline that the user can still login to their machine
<SpamapS> EMKO: nothing really
<SpamapS> EMKO: you want the other way around, you want www-data to be added to the user's group.
<SpamapS> EMKO: you want to enable www-data to access your files.
<EMKO> ohh
<SpamapS> malac0da: not if you put root owned files there again
<Daviey> hallyn: ah, yes - you repacked it right?
<hallyn> Daviey, well I let bzr bd do it for me
<EMKO> ok things makes a lot more sence thanks SpamapS
<hallyn> http://people.canonical.com/~serge/syslog-ng-merge-3.3.1.tar.gz
<malac0da> when I move stuff into there or upload via ftp how can i avoid that?
<malac0da> or is it just easier to remember those two commands everytime i add something?
<SpamapS> EMKO: note that you have to stop/start apache to get it to pick up any new group ownership.
<SpamapS> malac0da: you should *not* be transferring files as root. ;)
<SpamapS> malac0da: I'd suggest that you follow EMKO's lead.. create a user that will own the web content, and add the www-data user to that group.
<geolr> Hi all, I intend to use my old eee 4g netbook as a homeserver for a while, and I a not very experienced. Now, I want to serve files from an external USB harddisk. From way back when I started using linux I recall editing fstab. Is that a good idea in order to make the usb-disk using always the very same mountpoint? Thx a lot!
<malac0da> I cant even login as root at this point so i dont know how i am doing it
<malac0da> i am logging into it via the same user the the folder is under
<malac0da> nvm i can still access root was just doing it wrong
<malac0da> but im not logged in as root when transferring it
<malac0da> or is it because the user i was using has admin rights?
<EMKO> im using nginx so i would just make nginx run as user www-data and i should be fine
<SpamapS> EMKO: it runs as www-data by default in the packaged version
<EMKO> mine ran as nginx
<EMKO> php-fpm ran as www-data
<EMKO> or i can just add nginx to the group and it should work with both right?
<Daviey> roaksoax: How does your new fence agent work?
<roaksoax> Daviey: same as all fence-agents :)
<SpamapS> EMKO: well with fpm .. you don't need nginx to be able to access the files
<roaksoax> Daviey: bzr branch lp:~andreserl/+junk/random
<SpamapS> EMKO: since its talking to php-fpm over a socket
<Daviey> roaksoax: what out of band power method is it using?
<ErtanERBEK> Hi Everyone
<EMKO> oh
<roaksoax> Daviey: the fence-agent is for a sentry switch CDU
<ErtanERBEK> can I use CPU limit with Ubuntu Virtualization ?
<roaksoax> Daviey: fence_cdu -a <IP or host> -n <id on power device> -l <user> -p <pass> -o <action: on|off|status>
<Daviey> roaksoax: ahhh
<Daviey> thanks
<roaksoax> Daviey: so basically, a template has to be added into cobbler to do that, and that's it
<roaksoax> Daviey: I'm gonna add that later on as I wanna submit the fence-agent to upstream
<malac0da> well i give up for now
<malac0da> thanks for the help
<RoyK> ErtanERBEK: you can only limit the number of cores available to the guesst
<ErtanERBEK> RoyK, I know. But I need Core based MHZ limit
<ErtanERBEK> can I use
<ErtanERBEK> some time  any Virtual Quest have some software problem and use CPU Full speed
<loxs> is there some (easy) way to have MTA (postfix) users in a text file or sqlite database? I don't really like the idea to manage mysql only for 2 users
<raubvogel> loxs: I have setup many postfix thingies without ever touching mysql
<raubvogel> kerberos and ldap yes but no mysql
<RoyK> ErtanERBEK: then go get an IBM POWER7 machine - those support partial cpu allocation (down to 1/10 cpu iirc)
<raubvogel> loxs: virtual domain or system users?
<RoyK> ErtanERBEK: but you probably won't be able to use anything like intel or amd to do that
<loxs> raubvogel, well, I don't really like having the same password/username for both things
<loxs> (security reasons)
<raubvogel> loxs: then do virtual host approach and be done with it
<ErtanERBEK> RoyK, I am use ome server both AMD or Intell
<raubvogel> postfix+dovecot should do the trick together
<ErtanERBEK> sorry
<raubvogel> at least that is what we do ;)
<RoyK> ErtanERBEK: then you won't be able to allocate anything less  than 1 CPU
<ErtanERBEK> I am use oem server both AMD and INTEL
<loxs> raubvogel, but most (all?) guides I see involve mysql/postgres for doing virtual users
<loxs> raubvogel, and yes, I installed dovecot-postfix (the package) but now can't see where to go for this thing
<ErtanERBEK> RoyK, yes, you are true
<raubvogel> loxs: did you tell postfix to use dovecot for auth?
<raubvogel> (sasl, tls that thingie)
<ErtanERBEK> RoyK, I can only separate Core based
<RoyK> ErtanERBEK: that's a processor issue (or lack of functionality) - IIRC IBM is the only one supporting that
<loxs> raubvogel, not yet, but I have a guide that gives like 10 commands to do that.
<ErtanERBEK> I know that
<ErtanERBEK> but if I use brand based Server then I can use VmWare or Windows HyperV
<ErtanERBEK> yes I know Ubuntu Server Power Full system and  have many unic feature
<ErtanERBEK> but I thik some development for Virtualization system
<raubvogel> loxs: this is kinda how they play together: http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
<geolr> Hi all, where to start: How to mount a usbdisk such that I can use it to serve files with samba? Thx!
<ErtanERBEK> RoyK, Thank you for your help..
<loxs> raubvogel, thanks, I'll go read that
<luciano_> geolr: you can moun it and then add it to smb.conf
<RoyK> ErtanERBEK: you can't do sub-cpu virtualisation in software without a rather bad penalty - essensially, you don't want that...
<luciano_> as a normal share
<raubvogel> loxs: this is the first thing I read when I setup postfix and virtual hosting : http://www.howtoforge.com/linux_postfix_virtual_hosting
<raubvogel> It is a bit dated but should give you an idea of how to setup virtual hosting/domains
<loxs> thanks
<raubvogel> If you are going to have a file holding passwords, a la /etc/shadow, dovecot can read it
<raubvogel> postfix could not care less; it only wants to know where to put mail, which domains it should answer for, and who are the valid users
<ErtanERBEK> RoyK, maybe Ubuntu Server team add VirtualBox system to Ubuntu Server
<raubvogel> For authentication, you let dovecot do it for you
<ErtanERBEK> then we can use CPU based limit
<raubvogel> since ti can authenticate against local file, pam, ldap, kerberos, and even dilled pickles
<RoyK> ErtanERBEK: you can use virtualbox on ubuntu
<ErtanERBEK> But I can't with server system
<RoyK> why not?
<ErtanERBEK> do you know , how to install ubuntu server gNome GUI
<RoyK> no need for that - all you need is are the x libs
<ErtanERBEK> realy
<RoyK> really...
<ErtanERBEK> this is good news
<RoyK> it's like that for all X software
<RoyK> and you can batch-start virtualbox VMs with VBoxManage
<loxs> raubvogel, thank you. That really helped me.
<ErtanERBEK> but I can't use Virtual Machine Manager with Virtualbox, right ?
<RoyK> but then - I didn't know you could do cpu limitations with vbox...
<RoyK> ErtanERBEK: yes, you can
<RoyK> ErtanERBEK: just use remote X
<raubvogel> loxs: cool. If you have questions, ask them away
<RoyK> ErtanERBEK: is your client linux or windows?
<ErtanERBEK> Linux
<ErtanERBEK> I am alrady use Ubuntu 11024 with Unity
<uvirtbot> Launchpad bug 11024 in rhythmbox "Files are not selectable, hence not playable" [Medium,Fix released] https://launchpad.net/bugs/11024
<RoyK> then just ssh into the machine and try to launch xeyes or something
<RoyK> it should forward X11 over ssh automatically
<ErtanERBEK> so, what we need
<ErtanERBEK> Intall Ubuntu Server
<ErtanERBEK> Install X
<RoyK> ErtanERBEK: ssh into the box, start xeyes, if it's not installed, install x11apps (IIRC)
<RoyK> not X
<RoyK> just the x libs
<ErtanERBEK> Install openssh
<RoyK> not X itself
<ErtanERBEK> only libs right
<RoyK> X itself is an X server made for showing stuff on a local display
<RoyK> ErtanERBEK: just do what I just said - ssh into the box, start xeyes
<RoyK> if it's not installed, install what it told you to install
<ErtanERBEK> ok, I understand it
<RoyK> then log out and in again and try once more
<ErtanERBEK> you mean remote login right
<ErtanERBEK> I understand you
<ErtanERBEK> this is realy good think
<RoyK> I mean 'ssh user@ip-or-hostname-of-your-server
<adam_g> zul: do we care if squid3's default out-of-the-box config doesn't match the functionality of the original squid(2) pkg?
<adam_g> roaksoax: ^
<matrix3000> ssh -x user@hostname ?
<matrix3000> doesn't that get you x
<zul> adam_g: i guess we can test it properly next week when we have the orchestra stuff up
<adam_g> zul: well, orchestra ships with its own squid configuration (which needs to be updated for squid3, btw).. so that wont tell us much
<roaksoax> adam_g: not really, afaik it should be compatible already, isn't it?
<ErtanERBEK> matrix3000, and RoyK I understand thank you Dear Friend
<Daviey> adam_g: do you know what config changes need to happen for squid -> squid3 transition?
<adam_g> the main difference that ive noticed so far between the two, is squid3 doesn't populate /var/spool/squid with its directory structure out-of-the-box
<roaksoax> adam_g: and squid3's one thing, while orchestra's squid config is other thing
<Daviey> mvo might also like to know for squid-deb-proxy.
<RoyK> matrix3000: from the manual      -x      Disables X11 forwarding.
<adam_g> Daviey: started working on some bugs on squid3, gonna check orchestra after thats done
<RoyK> matrix3000: -X will forcibly enable it - normally it should be enabled by default
<geolr> luciano_: you think the mount will be the same upon next reboot
<zul> bbl
<ErtanERBEK> -X      Enables X11 forwarding.  This can also be specified on a per-host basis in a configuration file.
<luciano_> geolr: no.. only if you define in fstab
<ErtanERBEK> upper case
<luciano_> define it *
<adam_g> roaksoax: no, orchestra now depends on squid3 and its squid conf is not compatable, and orchestra's postinst needs fixing (was gonna get to these later today)
<matrix3000> sorry ment X
<matrix3000> wasn't maying attention to caps
<RoyK> ErtanERBEK: in /etc/ssh/ssh_config or in $HOME/.ssh/config, set ForwardX11 yes
<KHendrik> ok this might be the single most stupid question of the day but what could cause a server installation to take 10 hours and make it in general react very slow? (acer h341 intel atom D410 raid 10 (4x1TB) 2 GB RAM)
<ErtanERBEK> RoyK, I konow It
<RoyK> KHendrik: faulty hardware? :)
<RoyK> KHendrik: btw, I'd strongly suggest using dedicated data drives instead of mixing root and data - REALLY!
<RoyK> KHendrik: if you only have room for 4 drives, use an USB pen for the root
<KHendrik> why?
<roaksoax> adam_g: ok, let me know how it goes
<RoyK> KHendrik: it REALLY helps whenever the shit hits the fan or the day you want to extend the raid set to have it on whole drives and not partitions, beleive me on this...
<KHendrik> if the root pendrive fails everything would fail that#s kind of what i don#t want
<RoyK> KHendrik: also, with 4 drives, you can choose RAID-6 if you're paranoid, so that _any_ two drives can die, and not just one on each side of the mirror
<RoyK> or you can use raid-5 if you want the extra space...
<RoyK> KHendrik: with the raid on whole drives, you can replace each drives with a bigger one, one by one, and once all are replaced, poing, and you have more room to resize2fs the filesystem on md0
<RoyK> KHendrik: to do that with partitons, you'll have to struggle through a few of Dante's hells unless you're a partition table expert :P
<sixstring> How do I change runlevels on an /etc/init.d/ script? I'm used to chkconfig, but it's not on my system. (Ubuntu oneiric) Googly isn't understanding me today.
<KHendrik> i only have 2 partition per hdd 2GB of Swap the rest is ext 4 and i map all the 2gb to a raid 10 and the rest also as a separate raid 10 with ext4
<RoyK> yes
<RoyK> meaning the md device resides on partitions
<RoyK> which is exactly what I would recommend against
<sixstring> Freaky. I can "apt-get install chkconfig", but it's way different from Centos5. I think I can grok the docs now, anyway.
<RoyK> KHendrik: get a couple of usb plugs for the root, you probably won't read much from them anyway, and the only writes that go there are logs and perhaps swap (if you've designed the system badly or are abusing it for things it shouldn't do)
<sixstring> Or...maybe using chkconfig on Ubuntu doesn't make any sense. Because "chkconfig -l jenkins" is returning "0:off  1:off  2:off  3:off  4:off  5:off  6:off". How the heck is it starting automatically, then? I am totally confused.
<RoyK> sixstring: I guess chkconfig may not be compatible with upstart
<RoyK> nope - doesn't seem so
<RoyK> meaning - if the service is started by a SysV script, chkconfig will tell you, if it's started by upstart, it won't
<sixstring> RoyK: I'm just now finding hints about that on Google. Thanks.
<sixstring> http://slashzeroconf.wordpress.com/2008/02/16/chkconfig-for-ubuntu-sysv-rc-conf/ seems to be pointing the right direction.
<sixstring> RoyK: If you know off the top of your head, you'll probably save me a quarter hour on Google: Which tool can I use on ubuntu to set runlevels?
<RoyK> sixstring: generally, you don't change runlevel, but if you need to, frankly, I don't remember how...
<sixstring> OK, thanks, RoyK.
<guntbert> sixstring: runlevel have almost no meaning on ubuntu
 * sixstring tosses a virtual donut to RoyK.
<guntbert> !runlevel
<ubottu> In Ubuntu all runlevels except 0,1 and 6 are by default equal. Also keep in mind that Ubuntu now uses !Upstart instead of System V init so there is normally no /etc/inittab.
<guntbert> sixstring: use telinit
 * sixstring scratches his head.
<RoyK> default runlevel is set in /etc/init/rc-sysinit.conf
<sixstring> I dunno. This is going to take me a bit to understand. I'll dig into /etc/init/rc* to see if that makes sense. The only drawback to linux is that various flavors do things differently.
<sixstring> But I guess multiple flavors is a good thing, right?
 * sixstring tosses guntbert a virtual donut of a different flavor.
<RoyK> sixstring: solaris 9 and solaris 10 are quite different in this aspect as well :P
<RoyK> and good old sysv scripts don't take dependencies into account, which is somewhat non-optimal
<sixstring> Thanks for the education, fellas. I'll have to punt for today. Maybe I'll figure it out tomorrow. :)
<Skaag> is there a key I can press during boot time to load into single user mode?
<guntbert> Skaag: from the grub menu, yes
<Skaag> I just see the ubuntu logo, no grub menu
<Skaag> how do I invoke the grub menu?
<Skaag> if I press ESC, the logo vanishes and I see the normal boot text (services being started, etc)
<guntbert> Skaag: press <shift> durin boot until the menu appears
<Skaag> awesome. thanks :)
<guntbert> Skaag: you're welcome :-)
<Skaag> I have another problem with a certain type of older SuperMicro servers I have, where the ubuntu prompt is showing up garbled
<Skaag> the detected resolution is 648x483 or so
<Skaag> those numbers seem suspicious to me. I would imagine it should be 640x480, but it's not. Is it possible Ubuntu is trying to set a strange video mode that the remote KVM chip can not deal with?
<Skaag> And if that is the case, how do I tell ubuntu not to mess with the graphics card?
<args[0]> how can I check the temperature of my CPU?
<RoyK> args[0]: lmsensors?
<args[0]> thanks RoyK I'll look into that
<hallyn> zul, how did the qa regression testing go?
<zul> hallyn: havent gotten to it yet battling essex ill look at it tonight
<hallyn> ok, thx
<ErtanERBEK> RoyK,
<ErtanERBEK> I am try now
<ErtanERBEK> system download 260 MB lib :D
<ErtanERBEK> with Virtualbox-4.1 ( Oracle Version )
<RoyK> ErtanERBEK: you'll need some libs, yes
<ErtanERBEK> this is not important if change my system stability
<RoyK> ErtanERBEK: it won't effect stability
<loxs> hmm, in what package is the   dovecotpw command?
<ErtanERBEK> RoyK, Thank you for your good information
<ErtanERBEK> I installed VirtualBox
<ErtanERBEK> and now
<ErtanERBEK> working properly
<ErtanERBEK> I can use CPU MHZ limit
<ErtanERBEK> Thank you
<adam_g> zul: i just pushed some more changes to the branch linked on Bug #891445
<uvirtbot> Launchpad bug 891445 in squid3 "package squid3 3.1.15-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Confirmed] https://launchpad.net/bugs/891445
<adam_g> zul: should be good to upload if you want to review
<jdstrand> zul: feedparser review completed
<jdstrand> zul: it looks good, but you'll want to enable the test suite in the build. see my comment in the bug
<jdstrand> zul: bug #879520
<uvirtbot> Launchpad bug 879520 in feedparser "[MIR] python-feedparser" [Undecided,Incomplete] https://launchpad.net/bugs/879520
<zul> jdstrand: cool i will do so
<zul> adam_g: ill take a look
<jdstrand> zul: squid3 promoted, squid demoted, seeds adjusted and bugs marked Fix Released
<jdstrand> zul: fyi, squid3 has a bunch of these in the build log:
<jdstrand> g++: warning: switch '-fhuge-objects' is no longer supported
<jdstrand> seems innocuous, but I thought you might want to know
#ubuntu-server 2011-11-18
<Daviey> zul: So we need to add, log_host=,log_port= to the kernel command line for the default preseed.
<zul> hallyn: running it now
<zul> Daviey: why?
<Daviey> zul: To add logging of the instal back to rsyslog.
<zul> Daviey: okies
<adam_g> roaksoax: ping
<Daviey> zul / roaksoax: Does cobbler in precise work?
<zul> i dont see why not....whats wrong?
<adam_g> Daviey: ive just finished fixing packaging bugs enough to get all of orchestra installed, im about to test an all-precise setup
<Daviey> adam_g: in the lab?
<adam_g> zul: the last cobbler upload was broke
<zul> adam_g: well crap..
<adam_g> Daviey: no
<Daviey> adam_g: Would it be a PITA for you to do that?
<adam_g> zul: but it got fixed today bug #891527
<uvirtbot> Launchpad bug 891527 in cobbler "cobblerd fails to start: NoSectionError" [High,Fix released] https://launchpad.net/bugs/891527
<Daviey> I'd quite like to develop on that tomorrow, based on your setup :)
<adam_g> Daviey: none of the fixes are uploaded yet
<zul> adam_g: ah yeah
<adam_g> roaksoax: i just pushed changes to lp:orchestra with fixes to get it going with squid3
<Daviey> adam_g: \o/
<adam_g> Daviey: squid3 is blocked until fix for bug #891445 is merged + uploaded
<uvirtbot> Launchpad bug 891445 in squid3 "package squid3 3.1.15-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Confirmed] https://launchpad.net/bugs/891445
<adam_g> Daviey: but yeah, i'd like to get it going in the lab asap
<Daviey> adam_g: Are you likely going to be able to get it online before you finish for the day?
<Daviey> I'd like to crack on tomorrow where you leave off, you see.
<adam_g> Daviey: on which? the new lab ?
<Daviey> adam_g: legacy
<adam_g> Daviey: hmm thats all still on oneiric, i'd need to try to get the current orchestra setup dist-upgrade'd and all
<Daviey> adam_g: If it's not viable, don't worry.
<adam_g> Daviey: ill see what i can get going
<Daviey> adam_g: Great, thanks
<roaksoax> adam_g: i fixed the last cobbler ... at least the upload I did in the morning should have
<roaksoax> adam_g: and ok, i'll review your changes and release new orchestra
<roaksoax> jamespage: still around?
<adam_g> roaksoax: yeah, cobbler fixed
<roaksoax> adam_g: cool
<roaksoax> rbasak: ping
<roaksoax> adam_g: btw.. have you tried to pxe boot a pandaboard lately?
<adam_g> roaksoax: me? no
<bkerensa> so much talk of pandaboards.... I need to get one
<Daviey> roaksoax: have concerns?
<roaksoax> Daviey: yeah can't pxe boot oneiric
<Daviey> !
<Daviey> roaksoax: Is that a last minute regression?
<roaksoax> Daviey: idk, I haven't tried to pxe boot, just did a clean cobbler install
<roaksoax> don't really think its cobbler/tftp
<roaksoax> but gonna have to check that first
<roaksoax> rebooting
<Daviey> roaksoax: Great!
<Daviey> roaksoax: Okay, regarding our conversation yesterday.. I was going to make the default preseed include http://pb.daviey.com/NIao/ , which is default (ie, machines that cobbler doesn't yet know about)
<Daviey> it seemed you disagreed that the default preseed was the correct location?
<zul> hallyn: fails at "test_CVE_2010_2237_2238 (__main__.LibvirtTestCVEs)"
<roaksoax> Daviey: false alarm, seemed to be something with the tftp server
<Daviey> Oh good. :)
 * roaksoax looks
<roaksoax> Daviey: right
<roaksoax> Daviey: so, if you set a default preseed, every distro you import, which creates a profile, wwill default to that preseed
<roaksoax> Daviey: so whwat I was saying is that instead of using a defualt preseed we should use a default profile
<zul> unless you change the source :)
<Daviey> roaksoax: Hmm, currently the default one is a Ubuntu preseed anyway, right?
<Daviey> to do an /install/
<zul> Daviey: really that preseed should be in orchestra
<Daviey> zul: cobbler-enlist isn't directly part of orchestra, but part of the default iso.
<roaksoax> Daviey: so for example. 1. machine pxe boots. 2. doesn't find 01-<mac-address> cause there's no cobbler system added. 3. launches PXE Menu 4. runs default profile (which points to default preseed) 5. add's itself to cobbler system ....
<Daviey> roaksoax: Okay, do you know where that needs to be added as a patch, or do i need to investigate?
<roaksoax> Daviey: let me check
<twb> Grr, why does slapd build-conflicts against icu
<Daviey> build-conflicts?
<Daviey> roaksoax / zul / smoser: Would one of you mind reviewing and uploading bug 874981.. i made a mistake in my last comment, the descriptions are correct.  I am too tired to do so now.
<uvirtbot> Launchpad bug 874981 in mcollective "Please merge/sync mcollective from debian wheezy" [High,Fix committed] https://launchpad.net/bugs/874981
<roaksoax> Daviey: so we need to set the pxe_default_profile somewhere dont remember where exactly
<Daviey> adam_g: have you touched cobbler-enlsit?  If so, can you push to bzr.. tomorrow i plan to add auto hostname default of hostname based on mac address.. and would rather not rebase.
<Daviey> roaksoax: I know where that is..
<Daviey> one moment
<roaksoax> Daviey: yeah it is in a pxe template
<roaksoax> Daviey: but I think we need to add a system named "default"
<Daviey> roaksoax: currently we are doing:
<Daviey>  # if no kickstart is specified to profile add, use this template
<Daviey> -default_kickstart: /var/lib/cobbler/kickstarts/default.ks
<Daviey> +default_kickstart: /var/lib/cobbler/kickstarts/ubuntu-server.preseed
<roaksoax> Daviey: right and I think it should stay like that
<roaksoax> Daviey: that's just a sample preseed that every imported distros (that creates a profile) should be pointing to
<Daviey> roaksoax: Hmm, that isn't tftp:default file, is it?
<adam_g> Daviey: the last change i made is still pending in MP
<adam_g> https://code.launchpad.net/~gandelman-a/ubuntu/precise/cobbler-enlist/868492/+merge/80642
<adam_g> before doing much else, i'd prefer to get that merged and come to consensus as to how the tools going to be used
<Daviey> adam_g: I suck, will merge that tomorrow.
<roaksoax> Daviey: but, when a machine tries to PXE boot, and there's no system added for that machine's MAC address. a PXE menu is provided. So we can default to a default profile
<Daviey> roaksoax: Yeah, i don't think we want a menu, do we?
<adam_g> Daviey: creating a hostname based of mac address perhaps shouldn't even be handled in cobbler-enlist, especially if we're going to be quering mac addr's outside cobbler-enlist, anyway. i think ti'd be better to generate the hostname elsewhere and pass it in as a parameter, perhaps via '-n / --name'  which already exists
<roaksoax> Daviey: that's why I'm saying it should default to a default profiule that points to your preseed file
<Daviey> adam_g: http://pad.daviey.com/orchestra-boot , is what i captured from last night.. but that could ALLLLLL change.. (input welcome)
<roaksoax> Daviey: ok
<roaksoax> Daviey: so I did this:
<roaksoax> Daviey: 1. created a profile that points to *your* preseed file for orchestra-boot
<Daviey> adam_g: Where do you think the hostname should be generated?  In Cobbler or on the node?
<Daviey> using the first mac address seemed to make sense as a unique key, do you have another idea?
<roaksoax> Daviey: 2. added a *default* system that uses the orchestra-boot-profile
<Daviey> adam_g: Why does it make sense to move the mac address generation logic outside cobbler-enlist tool?
<roaksoax> Daviey: 3. every time a system tries to PXE boot and does not find its 01-<NAC> in the tftp server, then it will use the *default* profile
<roaksoax> Daviey: sudo cobbler system edit --name default --profile=orchestra-boot-profile && sudo cobbler sync
<roaksoax> Daviey: is the hostname gonna be generated based on the MAC?
<Daviey> roaksoax: What do we need to do to make that as part of the default install?
<Daviey> roaksoax: That seemed to make sense, do you have other ideas?
<adam_g> Daviey: because if we're going to be using another tool to gather details about the system, gathering the mac address will surely move outside of cobbler-enlist as well?
<roaksoax> Daviey: no the mac usage for hostname generation is good, though, we cannot use it until *after* we already know the system within cobbler, which means *after* enlisting it
<roaksoax> Daviey: and about the profile adding, we can just do that in postinst
<Daviey> roaksoax: I was thinking BA:DD:CO:FF:EE -> "badcoffee" as the hostname
<Daviey> adam_g: makes sense.
<roaksoax> Daviey: yeah sounds reasonable
<Daviey> roaksoax: Hmm, cobbler would not be generating the hostname - the node will do it and post home, as part of the enlistment
<adam_g> Daviey: i think the more we can keep *out* of cobbler-enlist and passed in as input the better
<roaksoax> Daviey: and I can make cobbler create the default profile that points to the orchestra-boot preseed, or I can make orchestra do that instead of cobbler
<Daviey> adam_g: works for me
<roaksoax> Daviey: better yet then, but I was thinking it in the way as it is with ec2 where it is the provider that assigns the hostname
<roaksoax> Daviey: not the vm itself
<Daviey> roaksoax: Where do you think it sits best?
<roaksoax> Daviey: so I was thinking that maybe orchestra should assign a hostname
<roaksoax> Daviey: presonally, I like it on the orchestra side cause we can do whatever we want there and just preseed it
<roaksoax> Daviey: and we can easily modify
<Daviey> roaksoax: Well the node knows the data, and cobbler/orchestra does not.. So it seems logical to generate it there and post it home.
<roaksoax> Daviey: sure we can do it in either way
<roaksoax> Daviey: as long as a system gets registered with hostname, mac, etc, etc and works with juju out of the box
<roaksoax> it shouldn't really matter
<Daviey> roaksoax: My thought was it's a preseed option "cobbler-enlist/auto-hostname true"
<roaksoax> Daviey: sounds good
<roaksoax> Daviey: though, in reality, administrators will wnat to name their systems
<Daviey> (but you could also preseed cobbler-enlist/hostname string foobar)
<Daviey> roaksoax: I'm not sure they'll care TBH.. I know most networks tend to have a naming scheme, but do people /really/ care?
<roaksoax> Daviey: right, that's fine, but if you preseed, then how do we find out the hostnem for that particular system?>
<Daviey> if it does the right thing out of the box, with cloud mentality and juju abstraction, it seems to be something we should worry about
<Daviey> (note, people don't seem to care for setting hostnames in ec2)
<twb> Daviey: because they forgot to set up /etc/hosts properly?
<roaksoax> Daviey: right, but from the physical node point of view I believe it does care
<roaksoax> Daviey: err they do care, because a naming system just come from the basic idea of inventory
<roaksoax> Daviey: data center certification
<roaksoax> Daviey: etc etc
<roaksoax> Daviey: so I believe administrators tend to identify servers by their statically assigned hostname rather than a randomly generated one
<dork> absolutely
<roaksoax> i.e. all machines are named, tagged, under the inventory, etc etc
<Daviey> roaksoax: Well yes, but what is the difference between calling servers after different types of plants and a random set of strings which is a mac address.
<Daviey> We *could* default to dhcp assinged hostnames, but if unset - use the mac address?
<roaksoax> Daviey: right, but the assignment of naming scheme comes way *before* the deployment
<Daviey> This allows people to set the hostnames following a naming scheme if they want to, but fall back to mac address.
<roaksoax> Daviey: you first design the data center, assign naming scheme, do the cable tagging, do the graphs, then you deploy the systems using the defined naming schemes
<roaksoax> Daviey: that';s for both, machines and network devices
<twb> Daviey: using something based on IP or mac is common, if you're an ISP
<adam_g> hmph. cobbler on precise apparently cannot import oneiric or precise isos.
<twb> like 4-3-2-1.stupid-domestic-customer.isp.net
<roaksoax> twb: right, but that's for costumers, not for servers
<dork> Daviey: as far as ISP like networks go the naming conventiion is super critical in resolving issues expeditiously
<roaksoax> twb: servers have their own naming scheme
<roaksoax> as well as routers/switches/etc
<twb> roaksoax: but aren't they basically instances of an SOE
<twb> roaksoax: they don't really have individual identity
<Daviey> twb: heh
<roaksoax> twb: in my experience, both servers and network devices are identified by a name in their design documents and that name is used as hostname
<roaksoax> that's what I have seen
<Daviey> So.. does defaulting to hostnames from dhcp, then falling back to macaddress based auto address make sense?
<twb> I think in our prisons (where we force the SOE desktops to have names), the prison staff usually name them after their asset tracking number
<twb> roaksoax: I thought we were talking EC2
<Daviey> If people want to use their naming scheme, they can - by dhcpd'ing it
<Daviey> twb: no, bare metal
<twb> roaksoax: obviously for conventional servers, I agree with you
<roaksoax> Daviey: right, dhcping it means that a cobbler system needs to know the hostname
<roaksoax> twb: ;)
<Daviey> roaksoax: depends if they are using the orchestra provided dhcpd or a legacy seperate one, right?
<roaksoax> Daviey: right
<Daviey> If they care that much about hostnames, they'd probably have a seperate dhcpd - right?
<roaksoax> Daviey: but, IIRC we still need to know some information in cobbler (regardless of whether we are managing dhcp or not), since the hostname is passed to the kernel parameters
<roaksoax> Daviey: we saw issues by not doing so
<roaksoax> Daviey: so we fixed that, as it was a default behaviour
<roaksoax> Daviey: and we also have to consider that juju addresses to the machines based on the hostname that is also the defined name of a system
<twb> Just name each host in the /24 after the element number of the last octet
<twb> e.g. unununium -> 1.2.3.111
<Daviey> roaksoax: Erm. the minimal cobbler-enlist boot sends the hostname back to cobbler, this is either one THAT boot got back from dhcp or one generated from mac address
<Daviey> if required, (which it should not be!), we can provide a null kernel param which is ignored on the enlistment boot
<Daviey> twb: are you being serious? :)
<twb> I tried that at work (as CNAMEs, not the canonical names)
<adam_g> roaksoax: have you got a few min?
<twb> But <boss> said it was not allowed because it was too hard to remember elements
<roaksoax> Daviey: so if no hostname is obtained by dhcp, then one should be generated and sent back to cobbler
<roaksoax> Daviey: then we should also provide a tool for adminsitrators to easily change the hostnames
<twb> We only own a /24 so it would've fit neatly
<roaksoax> Daviey: so they can provide a list of ip(or mac) with its matching hostname, and that should edit all the systems
<roaksoax> adam_g: shoot
<roaksoax> Daviey: but I thi nk is best if we discuss it further tomorrow as my brain doesn't wanna work anymore
<roaksoax> :)
<Daviey> roaksoax: it's 1:28 AM for me here.. my brain fell out of my ear some hours ago.
<adam_g> roaksoax: im giving orchestra + cobbler a shot on precise, and importing oneiric and precise as distros seems to succeed, but nothing ends up in cobblers database. wondering if you knew of any recent changes that might affect that?
<roaksoax> adam_g: what do you mean that nothing ends in cobbler databasE?
<roaksoax> Daviey: he
<roaksoax> heh
 * Daviey EOF's the day.. Speak tomorrow chaps, have fun.
<roaksoax> Daviey: have a good one
<roaksoax> adam_g: as in no profile is availabel?
<adam_g> roaksoax: as in, import returns 0 with no errors but 'cobbler distro list' shows nothing
<adam_g> http://paste.ubuntu.com/741823/
<roaksoax> adam_g: uuhmm interesting.. and yes... the change might be because we have a new cobbler in ubuntu that might be broken?
<adam_g> lol
<roaksoax> adam_g: cobbler import --name="oneiric-i386" --path=/mnt/oneiric --breed=ubuntu --os-version=oneiric<SPACE SHOULD GO HERE>--arch=i386
<roaksoax> adam_g: TRy that again :)
<roaksoax> adam_g: the log doesn't really import anything apparently
<adam_g> roaksoax: bad paste, but same thing
<roaksoax> adam_g: well I guess that new upstream release doesn't import :)
<adam_g> orchestra-import-isos imports everything up until natty
<adam_g> it does import, just not oneiric or precise
<roaksoax> adam_g: ahhh then I know what the problem is
<adam_g> roaksoax: see! thats why i asked you :)
<roaksoax> adam_g: show /var/log/cobbler/cobbler.log
<roaksoax> adam_g: or at least I presume what might be going wrong
<adam_g> roaksoax: dah, ya.. oneiric and precise are missing from the list valid breeds
<roaksoax> adam_g: yeah
<roaksoax> adam_g: trying to fix that now
<adam_g> roaksoax: cool thankya
<adam_g> roaksoax: modules/manage_import_debian_ubuntu.py contains the two. im doing this on santol if you'd like to poke at it too
<roaksoax> adam_g: modify /usr/share/pyshared/cobbler/codes.py and look for the line "ubuntu" and add the missing codes
<roaksoax> adam_g: and stop/start cobbler
<roaksoax> and should work
 * Daviey raises his head.. adam_g / roaksoax: if you edit anything in-place on santol, can you document it please?  (as in, editing files directly)
<roaksoax> adam_g: fix uploaded
<roaksoax> Daviey: go sleep geeez
<roaksoax> Daviey: hehe no worries the fix is coming :)
<Daviey> \o/
 * roaksoax yay!! pandaboard operational!!!
<adam_g> Daviey: im importing a bunch of debs manually to install while bug fixes are pending upload. id like to tear down and rebuild from scratch with everythig from the archive once its sorted
<roaksoax> alright
<roaksoax> im off
<roaksoax> have a good one
<roaksoax> adam_g: if you find any more bugs just pm me or file them and assign them to me
<adam_g> roaksoax: thanks
<adam_g> roaksoax: did orchestra get uploaded with those changes?
<roaksoax> adam_g: not yet
<roaksoax> will do early morning tomorrow
<adam_g> thanks andres
<hallyn> zul: is that the only fail you get?  with a fresh precise install?
<zul> not fresh install but yes thats the only fail i get...oh nm
<zul> gimme a sec
<hallyn> ok
<zul> http://paste.ubuntu.com/741833/
<hallyn> that looks more like mine
<hallyn> feh i'll look again in the morning.  i'm fed up :)
<hallyn> zul: lemme know if you have any ideas
<adam_g> Daviey: looks like the log_host, log_port already get set for all profiles imported via orchestra-import-isos, pointing to the orchestra server
<roaksoax> adam_g yes they do
<adam_g> roaksoax: any reasons off the top of your head why clients get a 404 when trying to grab their preseed?
<adam_g> roaksoax: the default kickstart (ubuntu.preseed) gets assigned for all profiles and nodes and the file is there
<roaksoax> adam_g uhmmm i eill.have.to check is tjat in the lab?
<adam_g> roaksoax: that is, 404 from http://$orchestra_host/cblr/svc/op/ks/system/$client_host
<adam_g> roaksoax: its in the lab, yeah but just confirmed the same here on VMs
<roaksoax> adam_g: let me check
<roaksoax> adam_g: what lab machine?
<adam_g> roaksoax: santol is the orchestra server
<adam_g> roaksoax: sapodilla is the last box booted with a 404 (its still sitting in the installer)
<roaksoax> adam_g: there seems to be an error in the template
<roaksoax> adam_g: is the logging server installed?
<adam_g> roaksoax: i haven't installed it, only the prov. server
<roaksoax> adam_g: good catch then
<adam_g> roaksoax: which template?
<roaksoax> adam_g: trying to figure it out
<roaksoax> adam_g: the preseed that is using is orchestra.preseed
<roaksoax> adam_g: and since the logging server the module is failing to open the orchestra-ca key
<roaksoax> adam_g: I will fix that tomorrow
<roaksoax> adam_g: but you should be able to deploy now
<adam_g> roaksoax: what did you do? i'm doing the same here in VMs
<roaksoax> adam_g: orchestra.preseed coment with ##$SNIPPET('orchestra_rsyslog_obtain_keys')
<roaksoax> adam_g: use two ## to comment
<adam_g> roaksoax: great, thanks
<roaksoax> adam_g: i will fix that in orchestra tomorrow
<RoAkSoAx> wtg
<RoAkSoAx> wtf
<roaksoax> adam_g: btw we will have to check that the changes you made to orchestra's squid conf won't break package installation
<adam_g> roaksoax: installing right now with those changes in place
<roaksoax> adam_g: cool
<roaksoax> adam_g: anyways im off
<roaksoax> just let me know if you find any other issue
<roaksoax> ttl
<adam_g> roaksoax: most of them are now handled internally automatically by squid3, and no longre needed, so it should be okay
<adam_g> cya
<twb> Ugh, anybody remember how to get a shell in an openvz guest
<twb> I thought "vzctl enter" but can't see that
<twb> vzctl exec 101 /bin/bash works but only as a dumb term
<twb> UGH, "vzctl enter" is valid, it just isn't mentioned in --help
<koolhead17> hi all
<Zanzacar> I am trying to follow this tutorial http://ve3emb.wordpress.com/2010/10/03/d-link-dwa-125-on-linux-ubuntu-10-04/ but I can uncompress the .bz2 file does anyone have any recommendations?
<Zanzacar> I tried using tar xvjf but that was making everything into one large file and not a directory of files which I thought was odd
<twb> Zanzacar: are you on lucid?
<Zanzacar> twb: No I am on 11.10
<twb> Maybe follow a guide for that, then
<twb> The driver's probably pre-installed in current releases
<ipl31> anyone have any experience with Orchestra and multi NIC servers?
<_ruben> !feisty
<ubottu> Ubuntu 7.04 (Feisty Fawn) was the sixth release of Ubuntu. End Of Life: October 19th, 2008. See !eol and !upgrade for more details.
<koolhead17> _ruben, wa00
<koolhead17> lynxman, hola
<_ruben> koolhead17: was looking for the eol date, not running it myself or anything ;)
<koolhead17> _ruben,  I was kind of surprised :)
<lynxman> koolhead17: hello :)
<koolhead17> lynxman, i can just laugh at my foolishness!! Am yet to  go home, slept in office last nyt. :D
<koolhead17> but am happy to report few bugs and ask few questions as well :D
<tero> how can I change eth2 to eth0 ?
<patdk-lap> edit udev
<patdk-lap> /etc/udev/rules.d/70-persistent-net.rules
<tero> uuu thanx! :)
<KHendrik> Good morning
<tero> ok my home server is finnaly done :)
<KHendrik> RoyK, I have one question for you I think I now understand why you prefer setting up an array on the whole drive instead of just a partition but why do you want to seperate Data and System and where do you draw the line for that
<KHendrik> tero, nice what's your setup?
<tero> KHendrik it is actualy funny
<tero> I used and old laptop :D
<tero> my friend give me an hp dv6000 laptop with broken screen
<tero> and i mod it to be used as a server
<tero> i even have 2 network cards (one pc-card) so it is used as a softare router
<KHendrik> tero yeah thats kindof funny
<Daviey> rbasak: Do you know what happend with bug 858878?  It seemed zul uploaded one of your patches, but it's not clear to me if the other was also included/
<uvirtbot> Launchpad bug 858878 in cobbler "lack of csrf protection in cobbler-web" [High,Triaged] https://launchpad.net/bugs/858878
<Daviey> https://launchpad.net/ubuntu/precise/+source/cobbler/2.2.2-0ubuntu1
<zul> it got applied upstream
<Daviey> zul: fancy updating the bug then? :)
<zul> sure lemme have breakfast first
<zul> just woke up
<Daviey> ah, cool :)
<zul> jdstrand: dont want to be a pain in the ass but can you review python-keystoneclient please
<jdstrand> zul: this is going to require a security team audit, and I can assign it to myself, but it won't be completed today
<zul> jdstrand: ok....why is it going to need a security team audit
<hallyn> jdstrand, zul, qa_regression_testing is in fact bugged by some recent change in precise
<hallyn> I redo the steps to create a testuser by hand, and then I can't connect to qemu:///session though I can to qemu:///system
<jdstrand> zul: it is a deamon running on the network used for authentication
<zul> jdstrand: afaik its just a client
<hallyn> (I'll keep looking, just mentioning it in case it rings a bell)
<jdstrand> that is a security sensitive piece of software
<zul> jdstrand: ok
<jdstrand> http://docs.openstack.org/diablo/openstack-identity/admin/content/what-is.html - there is a lot going on there
<hallyn> hm, nm.  i did that wrong.
<zul> jdstrand: blah ok ;)
<tero> em... I have an philosophical question :) what is the "corret" first username when you install ubuntu server since ubuntu does not have root?
<tero> or what do you guys have?
<jdstrand> hallyn: I recommend you use 'sudo ./test-libvirt.py setup-all'. you might logout and back in, but that shouldn't be necessary
<ersi> tero: there is no 'correct' first username
<ersi> Or well, it's the username of the admin
<hallyn> AHA
<hallyn> qemu without kvm is not working
<pmatulis> tero: on a server i typically create user 'ubuntu' during the install, he will have superuser rights via the sudo command (by automatically being made a member of the 'admin' group)
<raubvogel> Which user does subversion expects to be?
<raubvogel> s/expects/expect/ I am getting coffee
<zul> jdstrand: er...we might be getting keystone and python-keystoneclient mixed up, kestone is the one getting the MIR, python-keystoneclient is a new binary for universe (although it will be getting a MIR eventually)
<hallyn> zul, jdstrand, Daviey: question on qemu-kvm.  The new behavior (as of precise) is that if you want un-accelerated qemu, you have to add 'accel=tcg' to the machine specification.  It has its advantages...   do we want t oleave it like that, or patch around that?
<hallyn> (it is the reason why qa-regression-testing of libvirt has been failing)
<hallyn> if we patch around it, we'll be doing that forever
<zul> what is the disadvantages/advantages of it
<jamespage> roaksoax: around? I have a powernap question
<hallyn> zul, advantage is that the people who ignore warnings about kvm not being configured right and then complain that kvm is slow, now get a harder (clearer) failure
<hallyn> zul, second advantage is simply that we don't have to patch in perpetuity :)
<kirkland> jamespage: perhaps i can help, if roaksoax is not around yet
<zul> i like that advantage :)
<hallyn> disadvantage, I don't know how many tools are going to be breaking as a result
<jamespage> kirkland: pm
<jdstrand> hallyn: it should be easy enough to update qrt-- detect in setup if we have accel capabilities, then add the necessary arguments. I can't speak to libvirt's handling of it though, but I'm guessing the package you're merging can handle it
<hallyn> jdstrand, so you're ok with sticking with the new qemu-kvm behavior?
<hallyn> I'll do an update for qa-regression-testing then
<jdstrand> hallyn: I am, yes. in general people should be using libvirt with qemu-kvm in Ubuntu. that said, things like testdrive could break
<hallyn> jdstrand, ok, thanks
<jdstrand> hallyn: you may want your tech lead to weigh in though (I am but one opinion :)
<hallyn> jdstrand, Daviey is mia :)
<jdstrand> well, I guess he can weigh after the fact :P
<jdstrand> kirkland: see backscroll. could testdrive break there?
<jdstrand> kirkland: and hello! :)
<jdstrand> kirkland: and anything other than testdrive that might break
<hallyn> jdstrand, testdrive would only break for ppl using it without kvm - which would be painfully slow so i have doubts ppl do it :)
<kirkland> jdstrand: hmm, what's changing in kvm?
<g0bl1n> AWS with Ubuntu Server. I created a new user (in a secure shell), and created a new key in the AWS console. Can't login with that user. Any hint ?
<kirkland> hallyn: testdrive support virtualbox, for people without kvm
<hallyn> kirkland, have you tried out testdrive on uptodate precise?
<jdstrand> kirkland: 08:29 < hallyn> zul, jdstrand, Daviey: question on qemu-kvm.  The new behavior (as of precise) is that if you want un-accelerated qemu, you have to add 'accel=tcg' to the machine specification.  It has its advantages...   do we want t oleave it like that, or patch around that?
<kirkland> hallyn: i have not
<jcook_5xdata> How can I tell if may server has been hack and sending email? i received this http://pastebin.com/SRX7fumt look at the header info. I am running failtoban
<hallyn> kirkland, ok, tbh i have and it worked fine :)
<kirkland> jdstrand: i think I'm okay okay with that change in behavior
<smoser> jdstrand, so if you do not have kvm support in hardware and do not add that flag, what happens ?
<kirkland> jdstrand: very, very few people, if anyone, uses unaccelerated qemu for i386/amd64 ubuntu
<jdstrand> heh, people keep asking me-- I don't know :P
<hallyn> qemu refuses to run
<jdstrand> hallyn: ^
<hallyn> smoser, ^
<smoser> i think thats a bug.
<smoser> you will break people.
<jdstrand> well, upstream chose to do this
<hallyn> smoser, the argument from qemu-kvm ppl is that most of the ppl that will break is the ones who are complaining that they ahve kvm support but it's slow
<smoser> so is there a way to say "just do it" that does not lose hardware acceleration if possible ?
<smoser> ie, does 'accel=tcg' turn it off if it could have used it?
<hallyn> turn what off?
<smoser> hardware acceleration
<hallyn> -machine pc,accel=tcg will let it work
<hallyn> -machine pc,accel=kvm,tcg
<smoser> well at least it is possible.
<smoser> it will break things.
<hallyn> except that doesn't work for me, hm
<smoser> and really, the number of people who are comlaining about "it is slow" surely is becomming less and less.
<hallyn> ah,
<hallyn> -machine pc,accel=kvm:tcg
<hallyn> anyway, a patch to default to tcg if kvm is not available shouldn't be too bad, but it's an unwelcome delta
<hallyn> comment on bug 892050 if you are so inclined :)
<uvirtbot> Launchpad bug 892050 in qemu-kvm "qemu refused to run without acceleration" [Medium,In progress] https://launchpad.net/bugs/892050
<smoser> i just know that i have explicitly used 'kvm' knowing there was no hardware acceleration
<smoser> they also do this in devstack
<roaksoax> jamespage: i'm here now
<jamespage> roaksoax: kirkland got me sorted - I needed to quickly disabled CPU power management with powernap for the test lab installs
<roaksoax> jamespage: ok cool
<kirkland> roaksoax: yeah, the cpu offlining thing seems to be causing more trouble
<roaksoax> kirkland: yeah
<roaksoax> kirkland: i think i will just ship it disabled by default
<roaksoax> and SRU that
<kirkland> roaksoax: not a bad idea
<roaksoax> kirkland: but I wanna figure out why
<kirkland> roaksoax: yeah, we ran into the same problem with the 64-way system we used for the openstack demo
<kirkland> roaksoax: you'll need to work with the kernel team on that
<roaksoax> kirkland: maybe offlining to 1 single CPU is the cause, and rather we should offline to ~4 if its a 16 CPU core?
<roaksoax> kirkland: cause we offline CPU's and reduce the frequency
<roaksoax> kirkland: and I'm changing back the default values to 300 for absent seconds and 30 for grace period
<kirkland> roaksoax: okay
<kirkland> roaksoax: i liked 30/6
<kirkland> roaksoax: but whatever :-)
<roaksoax> kirkland: yeah but doing so means that powernap is likely to send the server to powersave mode when important things are happening
<roaksoax> kirkland: i.e. jamespage problem on which cloud init was running and 30 secs after it entered to powersave
<kirkland> roaksoax: if so, then you're not monitoring the right things
<roaksoax> kirkland: and boom it exploded :)
<kirkland> roaksoax: then you need to monitor that
<kirkland> roaksoax: and make sure that things don't explode
<kirkland> roaksoax: personally, i like the agressive timings, especially on my laptop
<roaksoax> kirkland: yeah I guess we should handle that in profiles
<roaksoax> kirkland: so a juju powernap profile to deal with that
<matrix3000> damn, i would love to figure out how to do cloud processing
<matrix3000> one of these days
<hallyn> jdstrand, smoser, well feh, i'll have to either patch libvirt or qemu, at any rate.  patching libvirt is more useful in that that fix will be needed upstream eventually.  But patching qemu will mean i don't halso have to fix 100 other tools built on qemu.
<jdstrand> hallyn: another thing to think about-- for the lts, it might make sense to have this delta, and then remove it in 12.10. it will allow smoothe upgrades for lucid to precise and let any bugs in libvirt/qemu chake out
<jdstrand> shake
<zul> heads up...im going to be starting to switch the init scripts for swift to upstart
<hallyn> jdstrand, that sounds reasonable
<hallyn> Daviey, ^ i think i will go with jdstrand's suggestion.  patch qemu-kvm to keep tcg as a default until 12.10
<Daviey> hallyn: sounds good
<hallyn> kewl
<hallyn> thanks
<Daviey> hallyn: I don't think the inverse gives us much gain, does it?
<hallyn> what do you mean?
<Daviey> hallyn: if qemu is patched, we don't get an extra benefit.. do we?
<hallyn> well, "benefit" of tools not breaking during LTS
<mtaylor> Daviey: what's the tool you wrote to inject machine info into orchestra/cobbler?
<mtaylor> Daviey: the discovery thing?
<Daviey> mtaylor: cobbler-enlist
<RoyK> KHendrik|afk: for a number of reasons, you can't boot from a RAID-5, nor can you install grub on a disk without a partition table, you don't want to touch your data in case of a reinstall, you generally want the data Somewhere Else
<Daviey> mtaylor: I've lost the seed information to do it hands free, but it's based on:
<Daviey> mtaylor: http://pb.daviey.com/NIao/
<Daviey> it can be used standalone aswell.
<mtaylor> Daviey: awesome. thanks. I'm going to pimp it a little bit at LinuxCon Brazil today
<ikonia> mtaylor: where is linuxcon brazil
<ikonia> I'm in Brazail now and would be interested in seeing it
<hallyn> all right, dirty deed is done.   qemu-kvm pushed
<mtaylor> ikonia: Sao Paulo - expo center norte - I'm speaking in an hour, so I doubt you'd be able to make it here in time with traffic
<Daviey> mtaylor: interesting, is it being filmed?
<mtaylor> Daviey: not that I know of
<hallyn> ahs3, answer came in - xml files are under same copyright as the rest of netcf.  so i think the package i posted yesterday is ...  dare i say ... done :)
<ahs3> hallyn: okey dokey.  could you please add a copy of the emails somewhere to the docs part of the package, just so we've got it written down somewhere?
<hallyn> docs part?
<hallyn> as in debian/README?
<ahs3> right.  that, or somewhere in the copyright info, or in /usr/share/docs/netcf somewhere...just don't want to lose the discussion
<hallyn> ahs3, so http://paste.ubuntu.com/742378/  as debian/README.debian is ok?
<ahs3> hallyn: yup, that'll do
<hallyn> awesome, thx
<hallyn> ahs3, http://people.canonical.com/~serge/netcf-0.1.9-package-v3.tar.gz
<RoyK> http://blog.laptopmag.com/usb-stick-contains-dual-core-computer-turns-any-screen-into-an-android-station
<ahs3> hallyn: thx.  i'll take a look
<kpettit> What's a good simple monitoring tool?  Nagios was the last one I've used but I hated dealing with all the config files for only a dozen or so sites/services.  Any recommendations?
<RoyK> kpettit: imho nagios/icinga (a fork) is still good for that, and with templated configs, it doesn't take too long to set it up
 * RoyK uses icinga for that
<kpettit> ok, cool  I'll take a look.  Some templates would help
<kpettit> is zabbix any good?
<RoyK> kpettit: never tried it...
 * RoyK tests
<kpettit> me neither.  Better the devil you know I guess
<jcastro> SpamapS: when are you planning to attend scale, should I plan for being there thursday night?
<RoyK> damn - oneiric VMs won't shutdown properly - that is - they shut down ok, but never turn themselves off
<SpamapS> jcastro: All 3 days, since its in my backyard. :)
<patdk-wk> royk, apci issues?
<patdk-wk> I have that issue randomly with windows vm's on qemu/kvm
<patdk-wk> seems like the longer uptime, the more often it won't shutdown
<SpamapS> jcastro: I think it will be easier for you if you come out Thursday night.
<RoyK> patdk-wk: acpi, perhaps...
<RoyK> patdk-wk: I've seen the same on physical hardware as well
<patdk-wk> hardly see it on physical hardware, most of the time it's my fault there :)
<matrix3000> RoyK?
<matrix3000> RoyK: I never had that issue, and I am running about 4 of them 11.10 servers and 11.10 desktop installs
<matrix3000> RoyK: on ESXi and Vmware Workstation
<Guest16563> hello, how to set which map can user access at ftp?
<Guest16563> with vsftpd
<Guest16563> any1?
<Guest16563> hello
<irv> no luck :(
<Guest16563> lol :D
<Guest16563> geeks don't have time for newbies, right? :D
<irv> whoops
<tero> hi guys. Any suggetions on a cheap vps that runs ubuntu server?
<WeissWaschbaer> my cron is not working "1 16 * * * /root/backup.sh &>> /var/log/backup.log"
<jMCg> WeissWaschbaer: what'd you mean it's not working?
<WeissWaschbaer> jMCg: the log file is still empty after 2 days, work when i use the same command manually
<jMCg> WeissWaschbaer: you are aware of the fact that cron executes things in a very restricted environment?
<Skaag> anyone remembers what the sshd package was called back in 9.10?
<Myrtti> Skaag: openssh-server? it is pulled by dependencies if you just install ssh IIRC
<Skaag> cool, trying
<Myrtti> but then of course 9.10 has been EOL for quite some time
<zul> lynxman: swift upstart got in thanks..
<lynxman> zul: \o/
<WeissWaschbaer> jMCg: no im not
<aljosa> i've upgraded to 11.10 and postgres is now 9.1, 8.4 data seems still available. is there a safe (or maybe documented) way to use pg_upgradecluster
<aljosa> to upgrade 8.4 data for 9.1?
<jMCg> WeissWaschbaer: read up on that in cron's man pages. Also read up on stream redirection, I think you're doing that wrong.
<adam_g> roaksoax: ping
 * negronjl out to lunch
<boxybrown> hey guys, do any services update /etc/hosts at startup?
<boxybrown> I have some machines running ubuntu-desktop, and they aren't returning hostname -f correctly
<boxybrown> i'm starting to suspect its the Avahi crap causing this, because my headless ubuntu servers dont have this problem
<roaksoax> adam_g: pong
<adam_g> roaksoax: thoughts on bug #891950? theres some options in there that are likely going to be need to be tweaked after import-isos is run. should we point people to the web interface? or come up with some way for people to easily update cobbler profiles/systems based on a config?
<uvirtbot> Launchpad bug 891950 in orchestra "Configuration in /etc/orchestra/import_isos unused" [Undecided,New] https://launchpad.net/bugs/891950
<boxybrown> anybody?
<roaksoax> adam_g: I don't think that it should be tweaked after import-isos is run that's why we provide defaults
<roaksoax> adam_g: in case an administrator wants to change the behaviour, then it should edit the file
<roaksoax> adam_g: and put the options they want
<roaksoax> adam_g: setting the defaults in orchestra-import-isos is just a failsafe in case the config file hasn't been tweaked
<roaksoax> manually
<adam_g> roaksoax: the defaults we use dont' come from that config file, they are hard-coded in the script, which is run immeditely after the pkg is installed. unless someone drops a custom config file there before installing, theres no way to edit and update the settings after-the-fact
<roaksoax> adam_g: right but that's the thing the intention of that config file is to make awareness that new options can be placed
<roaksoax> adam_g: it is not to set the defaults
<roaksoax> adam_g: if someone wnat's to change from default behaviour then they should edit the file
<roaksoax> adam_g: though, even though no option is set in the file, then the orchestra-import-isos should still provide defaults as failsafe
<roaksoax> and that's what we are doing
<adam_g> roaksoax: its broken workflow
<roaksoax> adam_g: i don't see it as a broken workflow
<adam_g> if i edit the config file, there is no way of getting those changes reflected in cobblers profiles unless i remove all current profiles and re-import with the new settings in the config file
<adam_g> theres no wa of updating profiles based on the config file
<roaksoax> adam_g: well, then the config file is not broken, the update process is the one broken
<adam_g> roaksoax: yes, its a broken workflow
<adam_g> of course the config files not broken, its never being used
<roaksoax> adam_g: right, but not caused by the config file
<adam_g> so my question
<adam_g> if i've installed orchestra nd the import script has run for the first time
<adam_g> and all of my distros are imported and profiles configured, but i want to change the default kernel parameters for a given profile.. do i go to the web interface/cobbler CLI to do that, or do i eidt the config and re-run the import script with an '--update' flag..
<adam_g> currently i either need to edit cobbler manually, or remove all the initially imported distros, edit config, and re-run import
<roaksoax> adam_g: well that's up to the administrator, either modify manually all the profiles or edit the config and update the profiules
<roaksoax> adam_g: which doesn't mean re-running the import
<roaksoax> adam_g: cause it would make no sense to import everything again
<adam_g> exactly
<roaksoax> so what might be broken there is that there's no update process
<roaksoax> so either provide a new binary
<adam_g> my point, exactly
<roaksoax> that only updates profile options
<roaksoax> or make orchestra-import-isos update the profiles *without*
<roaksoax> importing anything
<adam_g> ya
<roaksoax> adam_g: so I think it would be best to use a orchestra-import-isos --update
<adam_g> roaksoax: +1, i'd favor an --update-profiles flag or something, but i'd rather being doing that in python directly via cobbler api rather than wrapping the cobbler CLI in shell
<adam_g> Daviey: ^
<roaksoax> adam_g: or orchestra-import-isos --update-profiles
<roaksoax> yeah
<roaksoax> exaclty
<roaksoax> adam_g: the problem using the API is that we would need authentication
<roaksoax> adam_g: the idea of orchestra-import-isos is to run on the orchestra system itself
<roaksoax> adam_g: with simple sudo access
<adam_g> roaksoax: well, i meant using the same local API that the cobbler cli uses
<roaksoax> adam_g: I personally don't see the point of doing so because you would be "re-writting" this that the cobbler command already does
<zul> adam_g: +1 from me
<adam_g> roaksoax: i could be wrong but i thought the CLI basically does local xmlrpc to the API server on 127.0.0.1, which is authenticated
<roaksoax> adam_g: right, so you sudo sudo cobbler system add etc etc
<roaksoax> adam_g: if you do that using the local API, you haven to create the methods to add
<roaksoax> delete
<roaksoax> edit
<roaksoax> etc etc
<roaksoax> which means rewriting cobbler commands
<roaksoax> on a simple script
<roaksoax> that doesn't need it
 * Daviey catchs up
<adam_g> roaksoax: those methods are all implemented on the other end, hence xmlrpc
<roaksoax> adam_g: right, but if you want to rewrite it in python
<roaksoax> adam_g: instead of doing sudo cobbler profile edit --etc etc etc
<roaksoax> adam_g: then you would do:
<roaksoax> self.url_cobbler_api = utils.local_get_cobbler_api_url() self.url_cobbler_xmlrpc = utils.local_get_cobbler_xmlrpc_url()
<Daviey> adam_g: Do you just want to check viability.  It sounds seem cleaner to do it via the api, and it's something we could push upstream aswell.
<roaksoax> and etc etc
<Daviey> There doesn't seem to be a need for it to be orchestra centric, with my understanding?
<roaksoax> Daviey: it is a method that imports orchestra iso and makes some configurations for juju
<Daviey> ah
<Daviey> roaksoax: Do you think it makes sense for adam_g to sniff viability of doing it via the API?
<Daviey> If it starts to smell more complicated than it needs to be, we revert to the shell wrapper?
<adam_g> Daviey: there's going to be instances where i want to modify the orchestra-specific configuration bits of cobbler system/profile configuration. most of it is stored in a config file at /etc/orchestra/import-isos but there is no way to update cobbler based on the config file (after the initial import has run)  my question is basically how do we enable that? push people to cobbler's webui/cli, or create/expand our tooling to do it orchestra-specific
<Daviey> adam_g: Is it something which needs addressing early in the cycle?
<adam_g> it sounds like we need an upgrade path, so yeah.. shell or python? looking at dump of 'cobbler profile dumpvars --name=oneiric-x86_64', i'd much rather acccess that via python than awk/sed/grep
<boxybrown> guys, making hostname -f work properly?
<boxybrown> any tips?
<boxybrown> it works fine out of the box on my ubuntu-server installs that don't have any desktop
<Daviey> Yeha, I think we should try to avoid hacky awk/sed/grep scripts.
<roaksoax> adam_g: the intention of orchetra-import-isos is not to handle specific profiles
<roaksoax> adam_g: so if you wanna do something with a specific profile/distro/system, then its best to use cobbler cli itself
<roaksoax> adam_g: my point being is
<adam_g> roaksoax: i know, thats why im wondering if we 1, create new tooling for this or 2, just push people to cobbler webui/cli
<roaksoax> adam_g: 2
<adam_g> roaksoax: since you assigned the bug to youself, i was wondering what you're thoughts were
<roaksoax> adam_g: the import_isos config file is for whenever we import the isos and we assign some values we want into *all* the profiles
<Daviey> what is the bug #?
<roaksoax> adam_g: so as agreed the idea is to use --update-profiles which will update the profile options in case the config file is updated
<hallyn> zul, with the new fixed qemu-kvm, precise with current libvirt just gives me two failures:
<hallyn> Test virt-install --location ... FAIL
<hallyn> Test CVE-2010-2237 and CVE-2010-2238 ... FAIL
<uvirtbot> hallyn: Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237)
<uvirtbot> hallyn: Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2238)
<hallyn> zul, when you get a chance can you re-test on your precise image?
<roaksoax> adam_g: i.e. changed the management classes for juju from ubuntu-juju-available and ubuntu-juju-acquired
<adam_g> Daviey: last night, after installing orhcestra and registering a number of systems, i realized serial port needed to be redirected via kopts. theres a config file that has the defaults, i would have liked to modify that and run an update script rather than sifting through cobbler dumpvars myself
<Daviey> ahh, i understand the requirement a bit better now.
<roaksoax> adam_g: so that should update only the profiles
<roaksoax> adam_g: if you wanna update *spepcific* profiles, then you need to do it manually
<Daviey> roaksoax: for this to be acheieved in an automagic way, what would you propose?
<roaksoax> adam_g:and for that you use cobbler web/cli
<adam_g> Daviey: bug #891950
<uvirtbot> Launchpad bug 891950 in orchestra "Configuration in /etc/orchestra/import_isos unused" [Undecided,New] https://launchpad.net/bugs/891950
<zul> hallyn: yeah
<Daviey> ta
<roaksoax> Daviey: again there's no automatic way to do things, if you want to add a kopts to a specific profile, then you do it manually, if you want to add it to *all* profiles, then you edit the config and we do orchestra-import-isos --update-profiles
<hallyn> zul, awesome
<adam_g> roaksoax: so, just a quick loop over all profiles and resets the various config parameters based on whats in the file
<adam_g> ?
<roaksoax> adam_g: yeah
<roaksoax> adam_g: there's no need to create new tools when we do have the tools for data
<roaksoax> for that*
<roaksoax> adam_g: and maybe extend it in a way on which you can specify a list of profiles you want updated, rather than all of them
<roaksoax> adam_g: but if it's just for 1 or 2 it makes no sense to have new toolset
<roaksoax> when cobbler has its own tool set
<adam_g> roaksoax: what we have now does a decent job of installing and bootstrapping the initial environment, but i predict we'll need more
<roaksoax> adam_g: right, but that's administrator specific
<roaksoax> adam_g: we only need to care about installation and providing an initial environment
<roaksoax> adam_g: if administrators have their own hw requirenments and need to modify specific stuff for each profile/system, they have cobbler for that
<adam_g> we'll see about that :)
<roaksoax> adam_g: I think that orchestra-import-isos + config file, should be used *only* for initial configuration
<roaksoax> adam_g: if you want to provide further configuration or costumization, it makes no sense to provide our own orchestra toolset
<roaksoax> when there's already a cobbler toolset
<adam_g> zul: thanks for the squid3 upload, you're the man-bomb
<roaksoax> adam_g: so you want to update a specific profile with new settings in import_isos, we can do that with orchestra-import-isos --update-profiles profile1,profile2
<roaksoax> adam_g: but if you want to make changes to profile1 and then make different changes in profile2
<roaksoax> then makes no sense to use import_isos, does it?
<roaksoax> because there wont be a import_isos config file for each of the profiles
<roaksoax> but it will be just 1
<roaksoax> that will and should work for all
<roaksoax> if you wanna change behaviour of all, then modify import_isos and update the changes
<roaksoax> if you want to mkae change A to profile1, then use cobbler cli/web
<adam_g> i'd argue it doesn't make sense to use import_isos to modify existing profiles, but im just being difficult. it just occured to me, that if we disable automatically running import-isos during package installation (which we agreed at UDS), it would give people a chacne to customize the config before the initial import
<roaksoax> if oyu want to make change B to profile2, use cobbler cli/web
<roaksoax> adam_g: we agreed at UDS to set a debconf question to decided whether to import isos automatically or not
<roaksoax> adam_g: but in any case, if you wanna provide debconf questions for each option and setup the environment on installation we can do that aswell
<adam_g> roaksoax: a simple run now: yes or no? should suffice, i'd think
<roaksoax> adam_g: yeah
<roaksoax> adam_g: that simple question is all that we need
<roaksoax> adam_g: but even so, i think we would still need to provide the --update-profiles
<adam_g> ya
<roaksoax> adam_g: to handle the case that administrator selected Yes, but later, they wanna change something in all profiles and "reconfigure"
<roaksoax> adam_g: alright then, I guess we are in agreement
<arrrghhh> hey all.  can anyone help me setup guest access to my ubuntu server?
<arrrghhh> i just want the user to be able to ssh in, and run make.
<arrrghhh> i guess a chroot jail?  i'm a noob to this, and don't want this guy to be able to blow up the server.  he's trustworthy, but i want to cover my bases if possible.
<roaksoax> adam_g: bug #892328
<uvirtbot> Launchpad bug 892328 in orchestra "debconf question to run orchestra-import-isos or not during installation" [Medium,Confirmed] https://launchpad.net/bugs/892328
<adam_g> roaksoax: sweet
<roaksoax> awesome then
<arrrghhh> ok, chroot might be a little overkill
<arrrghhh> it appears if i create a new user, by default they only have write access to their home and /tmp
<arrrghhh> everything else is just read
<greppy> arrrghhh: yes, that is normal behavior for most linux/unix boxes.
<jodlajodla> hello
<jodlajodla> can anyone help me with some settings for vftpd?
<jodlajodla> hello, i have some questions for vftpd -> how to limit users to only one directory and give them permissions for uploading file in this directory?
<virusuy> jodlajodla: you should use vftpd + chroot
<virusuy> take a look at this how-to http://www.cyberciti.biz/tips/vsftp-chroot-users-limit-to-only-their-home-directory.html
<arrrghhh> can anyone help me troubleshoot this additional user access?
<arrrghhh> trying to setup ssh for him
<arrrghhh> where do i look?
<arrrghhh> he ran -vvv, it doesn't seem like the negotiation is happening
<arrrghhh> i have nothing in auth.log, syslog or messages
<boxybrown> guys
<boxybrown> is there any way to set the fqdn
<boxybrown> when network-manager is installed
<uvirtbot> New bug: #891867 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/891867
<uvirtbot> New bug: #890272 in nova (main) "FTBFS nova when in /usr/src" [Undecided,New] https://launchpad.net/bugs/890272
<uvirtbot> New bug: #891709 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/891709
<uvirtbot> New bug: #892296 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/892296
<uvirtbot> New bug: #891445 in squid3 (main) "package squid3 3.1.15-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Fix released] https://launchpad.net/bugs/891445
<uvirtbot> New bug: #892332 in ntp (main) "ntp apparmor profile insufficient ipv6 rights" [Undecided,New] https://launchpad.net/bugs/892332
<virusuy> arrrghhh: but he can reach the server ?
<virusuy> or not even ask for password ?
<arrrghhh> virusuy, i got him in
<arrrghhh> i enabled password auth
<arrrghhh> but i'd like to fix it
<arrrghhh> so he uses keys
<virusuy> arrrghhh: allright then,
<virusuy> did you copy his pub key ?
<arrrghhh> do you know where i can look to see why his key was failing?
<arrrghhh> yes
<arrrghhh> to .ssh/authorized_keys2
<arrrghhh> i don't know why there's 2...
<arrrghhh> but whatever.
<arrrghhh> i also removed his username@box on the end of the key
<arrrghhh> so it's just ssh-rsa and the key - is that OK?
<arrrghhh> (that's how my other key was)
<virusuy> uhmmm
<virusuy> what about if he use ssh-copy-id command ?
<virusuy> that command helps you to install her publig key in your server
<arrrghhh> ah right
<arrrghhh> i'll have him try
<virusuy> first, take a look at ssh-copy-id's manpage
<virusuy> its quite simple
<arrrghhh> er
<arrrghhh> should i do it, or should he?
<virusuy> he
<arrrghhh> i'm assuming he should
<virusuy> indeed
<arrrghhh> does he have access to do that tho?
<virusuy> he'll install her public key in your server, right ?
<arrrghhh> i guess i can chmod the authorized_keys2 file
<arrrghhh> i assume so.
 * arrrghhh is a ssh-keys noob
<virusuy> if he can log in with user and password
<arrrghhh> i feel like every time i do this i have to relearn it lol
<virusuy> then, he can execute ssh-copy-id
<arrrghhh> ok
<virusuy> arrrghhh: isn't easy at first , but then it's really easy
<arrrghhh> lol
<arrrghhh> i've... nvm
<uvirtbot> New bug: #892050 in qemu-kvm (main) "qemu refused to run without acceleration" [Medium,Fix released] https://launchpad.net/bugs/892050
<uvirtbot> New bug: #891933 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/891933
<uvirtbot> New bug: #892001 in cobbler (universe) "debian/copyright not lintian clean" [Undecided,New] https://launchpad.net/bugs/892001
<virusuy> arrrghhh: did it work ?
<arrrghhh> sorry haven't tried it yet
<virusuy> arrrghhh: aahh ok :-)
<arrrghhh> virusuy, this seems too simple
<arrrghhh> ssh-copy-id <username>@<host>
<arrrghhh> that's it?
<arrrghhh> lol
<virusuy> yes, you also can use -i to indicate wich key will copy
<arrrghhh> right
<arrrghhh> virusuy, he's in
<virusuy> arrrghhh: :-)
<arrrghhh> i have re-disabled password auth, and still good
<arrrghhh> thanks!
<virusuy> arrrghhh: you're welcome !
<uvirtbot> New bug: #891977 in cobbler (universe) "cobbler-web package still contain traces of Ubuntu branding" [Undecided,New] https://launchpad.net/bugs/891977
<matrix3000> anyone here using 11.10 and orchestra that could give me some tips
<matrix3000> http://cloud.ubuntu.com/2011/10/getting-started-with-ubuntu-orchestra-servers-in-concert/
<matrix3000> i was reading that but had questions on how exactly to setup my own cloud
<matrix3000> and how it works
<uvirtbot> New bug: #891334 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.1 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/891334
<adam_g> matrix3000: this might be of more help: http://cloud.ubuntu.com/2011/10/ubuntu-cloud-deployment-with-orchestra-and-juju/
<uvirtbot> New bug: #891938 in openldap (main) "package slapd 2.4.25-1.1ubuntu4.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/891938
<irvee> what would be a good VM server to install on my ubuntu server that would allow me to control/view the vms from a win 7 machine?
<irvee> 10.04
<Daviey> zul: Can you update status of bug 858878, please - thanks.
<uvirtbot> Launchpad bug 858878 in cobbler "lack of csrf protection in cobbler-web" [High,Triaged] https://launchpad.net/bugs/858878
#ubuntu-server 2011-11-19
<swharper> im doing a fresh 11.10 install and configuring RAID 6.  Ive partition each drive with 2 partitions per the advanced install instructions in the admin guide
<swharper> when choosing the drives for the md, do i choose the smaller swap size or the other larger partition?
<swharper> or do i need to have at least 2 mds?
<swharper> one for the swaps and one for the rest?
<Daviey> kirkland: around?  If so, can you add a PPA for ~orchestra called "cobbler testing" please?
<kirkland> Daviey: howdy!
<kirkland> Daviey: sure!
<kirkland> Daviey: i'll add you as an admin, too
<irvee> what would be a good VM server to install on my ubuntu server that would allow me to control/view the vms from a win 7 machine? 10.04
<Daviey> kirkland: Great, thanks!
<kirkland> Daviey: honestly, though...
<kirkland> Daviey: it would be more discoverable if you used ppa:cobbler/ppa
<Daviey> kirkland: there isn't a ~cobbler team.. not sure it's worth creating it, just seems more admin.
<kirkland> Daviey: oh?  https://launchpad.net/~cobbler
<kirkland> :-)
<Daviey> hah, Created On: 2011-11-19
<kirkland> Daviey: :-P
<Daviey> Which funilly enough, is tomorrow for you - right?
<Martyn^> *lol*
<Martyn^> Yep
<Martyn^> It's in the future!
<kirkland> Daviey: yeah, i just got back from the future
 * Martyn^ is amazed by Daviey's amazing Doctor-like time travel powers
<kirkland> Daviey: itz awzome
<kirkland> Daviey: anyway, i really like the pattern of ppa:FOO/ppa
<Martyn^> kirkland : Are there 80's themed Ronald Reagan cafes?
<kirkland> Martyn^: yeah, funny enough, though, I found the W cafe more entertaining
<Daviey> right!  Time for bed, 2 hours ago.  /me whips back in time to get some sleep.
<kirkland> good steaks
<kirkland> Daviey: adios
<Daviey> o/
<swharper> doing a fresh RAID install - do I install GRUB on the swap partition or the ext4 partition?
<swharper> the ext4 partition has the mount point set at / if that makes a difference
<qman__> you install grub to the mbr of the boot disk
<qman__> you never install grub to a swap partition
<swharper> thanks
<swharper> blah
<swharper> i tried both md0 and md1 and both are giving me errors
<swharper> the OS is being installed on the RAID so there is no boot disk, exactly
<swharper> from the help docs
<swharper> After a successful install, you should also manually fix 2 shortcomings in the default configuration:
<swharper> Install GRUB boot-loader on second drive (this step is not necessary if you use Ubuntu 9.10 or a newer one, which uses Grub2)
<swharper> Update the startup script to detect a failed drive
<swharper> but i dont think i can complete the install without installing grub?
<qman__> you need to choose an actual hard disk, not the raid array
<swharper> scratch that - figured out that i can install w/o grub...
<qman__> sda is probably the one you want but it could be sdb, sdc, etc
<swharper> the first disc is sdb
<swharper> well i will revisit that...
<qman__> see, the array doesn't exist until after the kernel is booted
<qman__> so grub must be somewhere it can be read before that happens
<qman__> usually, the mbr of the first hard disk
<swharper> now, my question:  the activity lights are blinking like its building the array but the installer is finished
<swharper> is it still safe to reboot?
<qman__> building the array can take a very long time
<swharper> right
<qman__> yes, it is safe, it will autmoatically pick up when it starts back up
<swharper> ok cool
<qman__> cat /proc/mdstat for status
<swharper> thanks
<swharper> hah..looks like its stuck at "verifying VMI pool dataâ¦"â¦.fml
<qman__> while strictly speaking you can boot from a raid, I always make a /boot partition on one of the disks just because
<qman__> ~512MB
<qman__> avoids problems like this that aren't supposed to happen but do
<swharper> ack
<swharper> so on sdb create a 3rd partition
<swharper> ext4
<swharper> mount / with bootable flag on
<qman__> the way I do it
<swharper> at this point ill try anything ;)
<qman__> on the first disk, create first /boot ~512MB, then a second for swap (512MB less than the other disks will have), then raid partition
<swharper> ok
<qman__> and on all the others, create just swap (full size) and raid partition
<qman__> so everything lines up
<swharper> i was making my swaps 5gb
<qman__> that is, if I use swap at all
<qman__> that's way too much
<swharper> ok
<qman__> how much RAM do you have?
<swharper> 2gb
<qman__> I'd aim for ~2GB total swap then
<swharper> ok
<qman__> unless you know you will be running lots of memory hungry programs
<swharper> naw
<qman__> but even then, you should just buy more memory
<swharper> this is just a media server
<qman__> how many disks in the raid?
<swharper> 7
<qman__> in taht case
<swharper> x1.5tb
<qman__> make disk 1 not have a swap
<qman__> and make 512MB swaps on all the others
<swharper> ok
<qman__> some people raid-1 the /boot, but it's entirely unnecessary
<qman__> all /boot contains is grub and the kernels, initramfs, and such
<qman__> all can be recreated easily in a live environment should that disk fail
<mturilli> question about cobbler: is there a way to configure a macvlan + pre-up and post-down instructions in the kickstart (Ubuntu 11.10 with Orchestra)?
<qman__> only reason to do it would be a zero-downtime application
<qman__> recreating /boot from scratch is about a ten minute process if you know what you're doing, and restoring from a backup is even quicker
<swharper> wont let me delete md0 for some reason - saying it may be in use
<swharper> but it shouldnt be given im booting from the usb stick
<qman__> well, you first have to delete the partitions on md0
<qman__> well, the filesystem, ext4, /
<qman__> then delete md0, then delete the raid partitions used to create md0
<qman__> if you used lvm, you have to delete that too in the correct order
<swharper> didnt use lvm
<swharper> it was giving me a bazillion errors
<swharper> i rebooted and now it is gone
<swharper> i have the /boot partition setup
<swharper> is there anything special i need to do with that
<swharper> i have it set to bootable i believe
<swharper> i assume i would install grub on that?
<swharper> actually it appears to have resorted back to "do not use"  :-\
<swharper> well i formatted it a bootable ext4 mounting /boot
<swharper> here goes...
<ruben23> hi guys where do i find file .ssh on a ubuntu server..? i tried find command cant see it
<ruben23> any idea guys..?
<nebajoth> .ssh is usually a directory, not a file, ruben23
<nebajoth> it is in your home directory
<nebajoth> /home/ruben/.ssh/
<nebajoth> or whatever
<nebajoth> what are you trying to do?
<ruben23> nebajoth: i already tried ls -a and no .ssh there so what i did is i created it
<virusuy> do you have openssh-client installed ?
<virusuy> should be by default, but, who knows
<qman__> IIRC the directory is not created until you SSH in somewhere and accept a key
<qman__> or generate a key for yourself
<ruben23> guys i tried to used putty to ssh without entering password on my ubuntu server fro the user side only
<ruben23> thast why i used ssh key gen and put it on .ssh directory and put authorizede_keys
<ruben23> it seems are all set but still the Server refused our key
<qman__> ~/.ssh must be chmod 700
<qman__> and authorized_keys should be chmod 600
<ruben23> qman__: already set but still same error ----> Server refused our key
<delerium_> d
<qman__> ensure that authorized_keys is formatted correctly and contains the whole key, and all the other information
<qman__> one key per line, in the format "ssh-rsa AAAAB3Nz...1238= keycomment"
<qman__> also ensure the server is configured to accept key authentication in /etc/ssh/sshd_config
<qman__> it's enabled by default but you could have changed it at some point
<nebajoth> you're using putty... on windows?
<nebajoth> what did you run ssh-keygen on?
<Zanzacar> Hi everyone, I use weechat for my IRC needs. That being said I tried to install the latest version 0.3.6 and I messed everything up ( or so I think )
<Zanzacar> I downloaded the files from http://www.weechat.org/files/ubuntu/oneiric/0.3.6/i386/ specifically the weechat-curses files. After that I did sudo dpkg -i file.deb
<Zanzacar> i got an error saying the old weechat couldnt be installed as well. So I did sudo apt-get remove weechat-curses
<Zanzacar> after that I tried sudo dpkg -i file.deb and I got more errors, at this point I dont know what to do so here is the errors I am getting just trying to reinstall weechat-curses
<Zanzacar> http://paste.pocoo.org/show/510070/
<Zanzacar> weechat
<virusuy> :-)
<Zanzacar> Does anyone have any recommendations for terminal emulators other then putty?
<Zanzacar> for a windows enviroment?
<tero> what is wrong with putty?
<Zanzacar> I have started using screen so I can come back to my session, and someone mentioned there being a problem with the buffer so I htought I would just ask
<Zanzacar> for example if I go into vim and the exit the vim screen is still there
<Zanzacar> I figured out what it was I just needed ot use scrollback
<smw> Zanzacar, perhaps cygwin?
<smw> I used it a long time ago back when I had windows on my computer :-P
<smw> it was very useful...
<Zanzacar> smw: I believe no mater what emulator I am in it would still be the same problem I would still need to use scrollback in some form
<Zanzacar> because I am using screen as well
<smw> ah
<smw> screen has scrollback
<smw> Zanzacar, http://www.samsarin.com/blog/2007/03/11/gnu-screen-working-with-the-scrollback-buffer/
<Zanzacar> smw: Thats the exact site I was using to figure it all out
 * smw sees he is useless and knows he probably does not understand the problem
<smw> Zanzacar, I just use screen when I need a program to stay open after I logout and want to come back to it
<Zanzacar> smw: I guess that is probably the best use really, I just learned about it and think it pretty neat
<Zanzacar> smw: little combersome but kind of neat at the same time
<smw> yep
<smw> I mostly use it for rtorrent
<Zanzacar> I mainly use it with weechat, and programing things like that right now
<smw> ok
<tero> heh yes screen.... when i was compiling something for 5 hours
<tero> and i forgot to use screen...
<tero> and my laptop battery died
<tero> :(
<Zanzacar> :(
<Zanzacar> most my program are short python ones
<Zanzacar> I learned python because I was so frustrated with bash
<Zanzacar> can you give me an example of a program that would compile for 5 hours?
<tero> well i am not a programmer
<tero> sometimes i want something compiled from source
<tero> some linux software
<Zanzacar> oic, I am new to linux in general why compile it from source?
<Zanzacar> I often see the option to do that but just dont understand why
<tero> hmm that is a more philosophical question :)
<tero> for me personally i just wanted a small correction ..
<Zanzacar> a correction that you made or a correction that was released in source but not yet in a packaged form?
<tero> that i made :)
<tero> oh and btw
<tero> i am also a linux noob :)
<Zanzacar> I have only been on linux for about 3 months now, how about yourself?
<tero> a few years more or less
<tero> but my primary pc is windows 7 :)
<Zanzacar> I have a work laptop ( I need AutoCAD ) and then my home computer is ubuntu, and I have a server at home too ubunutu-server 11.10
<Adonai> Satan, El diablo, Shaytan, Sofia Rosengren 32 years, World Class city GÃ¶teborg, she lives in protekted adress,
<Adonai> her father name is Johansson, adress WestmarksgrÃ¤nd 21, 44435 NÃ¶dinge. blond hair, Satan, El diablo, Shaytan,
<Adonai> Jesus is Lord, Tsidkenu the lord of rightoutness
<jMCg> I don't think anybody really cares..
<Dogwater> Howdy, I am trying to install Ubuntu 11.11 on a server and right after it says "writing dhcp stanza" it just hangs forever
<Dogwater> anyone know what the dealio is?
<qman__> I don't, but try installing without the network plugged in
<Dogwater> I'm installing from the network =D
<Dogwater> box doesn't have any physical media
<Dogwater> except for the hard drives
<qman__> well, sounds related
<Dogwater> is there a log hidden somewhere during installation that would tell me what it's waiting for?
<qman__> unfortuantely I don't know anything about installing from the network, sorry
<qman__> if you're only doing one or two machines, I can suggest using a flash drive to install as an alternative
<Dogwater> i hit ctrl-c like 5 times and it continued the install
<Dogwater> wtf
<qman__> if you stick around long enough someone else can probably help with your specific problem though
<Dogwater> ah, moot anyway 11.11 doesn't support my adaptec raid controller
<Dogwater> crikey
<Dogwater> nothing supports my adaptec raid controller =D
<RoyK> Dogwater: which controller is that?
<Dogwater> 6405
<Dogwater> not that new
<Dogwater> really
<Dogwater> I wish they'd just have an option in the BIOS on these cards for making them appear to be the older model
<Dogwater> so you can still buy the good hardware
<RoyK> Dogwater: pastebin "lspci -vvv;lspci -vvvn"
<Dogwater> I can't because I can't get past the installer =)
<Dogwater> can you ssh into the install shell?
<Dogwater> or ftp out of it?
<RoyK> Dogwater: you can boot up on a live cd
<Dogwater> I think I can ftp out from there i'll try it real quick
<RoyK> k
<Dogwater> ah the server has fedora16 on it since thats the only distro that will install on it atm =D so I'll just do the lspci, etc from there
<RoyK> k
<Dogwater> http://pastebin.com/HGPyHq9h
<RoyK> Dogwater: sec
<RoyK> Dogwater: is this the one? 00:1f.2 IDE interface: Intel Corporation 6 Series/C200 Series Chipset Family 4 port SATA IDE Controller (rev 05) (prog-if 8f [Master SecP SecO PriP PriO])
<Dogwater> Nope it's an adaptec card
<Dogwater> let me find it
<Dogwater> 352.02:00.0 RAID bus controller: Adaptec Device 028b (rev 01)
<Dogwater> ?
<Dogwater> That is most likely the one.
<RoyK> Dogwater: could you pastebin -vvvn as well?
<RoyK> -n => do not resolv, aka show PCI IDs
<Dogwater> I think I posted both
<Dogwater> it's 02:00.0 0104: 9005:028b (rev 01) on both lists
<Dogwater> 803.02:00.0 0104: 9005:028b (rev 01)
<Dogwater> You can tell because at the very bottom it's loading aacraid
<RoyK> Dogwater: seems installing ubuntu on that thing won't work too well :(
<RoyK> Dogwater: file a bug...
<RoyK> Dogwater: or if you're in a hurry, try Precise :Ã¾
<Dogwater> Is it just because Ubuntu doesn't have the driver? or what?
<RoyK> Dogwater: I guess there's no driver in upstream kernels
<RoyK> Dogwater: or if there is, it was added recently
<RoyK> doesn't seem to be in 3.2.0rc1 either
<RoyK> Dogwater: just file a  bug, please, then it may be fixed soon - the driver source is available from adaptec, and for what I know it may possibly be an easy job to add that card - sometimes it's just the PCI ID that needs adding
<Dogwater> ah, weird it's in Fed16 and fed16 is only kernel 3.1
<Dogwater> where do I file a bug?
<RoyK> !bug
<ubottu> If you find a bug in Ubuntu or any of its derivatives, please file a bug using the command Â« ubuntu-bug <package> Â» - See https://help.ubuntu.com/community/ReportingBugs for other ways to report bugs.
<RoyK> Dogwater: see above
<mcbaine> hi there
<mcbaine> hi there ??
<RoyK> hi
<uvirtbot> New bug: #892554 in cloud-init (main) "SSH keys summary does not report ECDSA key" [Undecided,New] https://launchpad.net/bugs/892554
<RoyK> what would be the 'preferred' disk format for kvm-based VMs? vmdk? qcow? qcow2? raw? fried? boiled?
<pangolin> lol @ fried, boiled
<Daviey> RoyK: raw takes up as much space as the virtual disk, this is often a genative.  qcow2 does use only the amount of actual disk space as is required, not what is decalred.
<Daviey> qcow2 has some overhead compared to raw, but i'd still go for qcow2.
<RoyK> Daviey: I went with raw - it's like 30GB on a 6TB system, so it's not much...
<kklimonda> tjaalton: hey, we need an updated sssd in precise (abi for ldb modules has changed). Are you working on it, or maybe can I do it? If so is there anything I should take a look at (for example why are we providing a working sssd conf file? Does it break the hell all break loose if we don't?)
<storrgie> Has anyone updated the bios of a supermicro board over IPMI?
<jasonmsp> hey all..  Anyone know of something that will maintain a graph of top data?  ie something that will monitor the server and then display the information in a graph format?
<andol> jasonmsp: munin?
<jasonmsp> andol: thanks
<Monotoko> I'm trying to set up a web server with FTP access for a few private projects of mine, and a couple of friends, I give each user a local account so they can log into FTP, SSH etc but I'm having an issue with apache because it can't write to the users directory
<Monotoko> I know big hosting panels do it... but I just want something small that I'm not paying $30+ per month for, how would I configure it so the apache user (33) can access the users htdocs folder and the user can access it as well
<julian_c> Set the permissions on the user's folder to group read/write/execute, and make sure that the apache user is a member of the group that owns the user's folder (usually, same group name as user name).
<Monotoko> julian_c, I've tried that... but then how about when the user uploads?
<Monotoko> the big panels all have it set as 755...
<Monotoko> and I really don't see how
<julian_c> I think it would have to be 775 rather than 755.
<julian_c> That should not be too much of a security problem, as long as only the user and apache have write access to the user' directory.
<Monotoko> julian_c, cPanel uses 755.. probably some black magic in there somewhere... but if I do it your way, how would I get pure-ftpd to upload with 775 permissions?
<Monotoko> by default..
<julian_c> I think it would be in the pure-ftpd.conf file where permissions would be set. Looking it up to be sure...
<Monotoko> julian_c, thank you!
<julian_c> Found something that worked?
<Monotoko> no... I'm looking though
#ubuntu-server 2011-11-20
<Monotoko> julian_c, what would 775 be in umask form?
<julian_c> 002
<Monotoko> thanks!
<julian_c> That would make directories 775, and files 664.
<Monotoko> hmm... '-U <umask for files>:<umask for dirs>'
<julian_c> Just saw that pure-ftpd does different masks for files and directories.
<Monotoko> aye just seen :P
<julian_c> So it would be '-U 133:022'
<julian_c> Oops... 113:002
<Monotoko> excellent! That will mean both my apache user and the virtual user can create and modify files and directries, yes?
<julian_c> Correct.
<Monotoko> thank you julian_c, you've been an amazing help :)
<julian_c> You're welcome.
<julian_c> You're setting up both virtual users and regular system users?
<Monotoko> I think I'm going to go with just virtual unless a user requests a system user account... I'm going to shut off access to regular users
<Monotoko> just feels a bit more secure that way
<Monotoko> and means I don't need to keep adding apache to groups
<julian_c> Hopefully, all of this will work just fine with virtual users.
<Monotoko> well, my virtual users use UID & GID 2010... they are all under the "ftpuser" system account
<Monotoko> so it should be fine
<Monotoko> julian_c, sorry to bother you again... but any ideas how to run it with command-line options if I start it using "/etc/init.d/pure-ftp-mysql start"
<ermo> How do I interpret the Ubuntu kernel versions? And what do I do if I'd like to get the latest patches to the 3.0 kernel (i.e. 3.0.9) but with the ubuntu patchset/configuration?
<julian_c> I'd look in the /etc/default directory for a config file that deals with pure-ftpd.
<Monotoko> there's an option for standalone or initd.... I've changed it to standalone, how do I start it?
<ermo> nevermind, asking in #ubuntu-kernel instead :)
<julian_c> init.d or xinet.d?
<julian_c> Ah... found it. Yes... definitely go standalone. The init script will start up on its own upon (re)boot.
<Monotoko> julian_c, hmmm... standalone is making it do this: root@dragon:/etc/default# /etc/init.d/pure-ftpd-mysql start
<Monotoko> Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -u 1000 -O clf:/var/log/pure-ftpd/transfer.log -E -A -j -8 UTF-8 -B
<Monotoko> how do I change what it's running?
<Monotoko> so I can add my umask?
<Monotoko> there doesn't seem to be anything in /etc/default apart from one file to do with it, pure-ftpd-common with a few options in it
<julian_c> You should also have a '/etc/pure-ftpd/conf' directory.
<Monotoko> I do... but there's loads of files in here that just have "yes" or "no" in them
<julian_c> If it's not already in that directory, create the file '/etc/pre-ftpd/conf/Umask' with the contents "133 022".
<julian_c> Then, restart the service. The init script should source the new file, along with the other files in that directory.
<Monotoko> julian_c, it worked! :D
<julian_c> Glad to see that.
<Monotoko> thank you ^^ for future ref... where did you find that info?
<julian_c> I went to packages.ubuntu.com to figure out where all the config files were. Other than that, a bit of Googling.
<julian_c> I recommend the following search term in Google: "/etc/pure-ftpd/conf" umask
<julian_c> One of the results at the top is a good HOWTO for Debian/Ubuntu that shows more config examples.
<Monotoko> julian_c, thank you.. I'm surprised there isn't one place with them all on o.o
<Monotoko> good night all!
<julian_c> Bye.
<kklimonda> hmm, should chsh and chfn work with ldap?
<julian_c> kklimonda: I'd look for LDAP-aware versions of those applications.
<julian_c> (if they exist)
<kklimonda> heh, at least I'm not going to waste another hour wondering what's wrong with my setup that it doesn't work ;)
<julian_c> Perhaps look at the "libuser" package...
<ceej> hey, can anyone help me with https://gist.github.com/1a816ceba7b040e3549c
<CarlFK> how do I set good ol 80x25 mode?
<CarlFK> and see the grub menu
<kklimonda> ceej: the message is rather self explanatory. You have probably had mysql 5.5+ installed and now trying to do a de facto downgrade to 5.1 - if that's really what you want to do you have to remove mentioned files and try again.
<ceej> kklimonda: I tried removing /var/lib/mysql/debian-*.flag with no luck
<kklimonda> ceej: what does ls /var/lib/mysql/debian-*.flag say?
<kklimonda> CarlFK: you can get grub menu by editing /etc/default/grub
<CarlFK> kklimonda: i have lost track of how many times I have edited it, and then sudo grub-mkconfig && sudo reboot
<CarlFK> and yet no menu.
<CarlFK> GRUB_TERMINAL=console lies.
<kklimonda> it should be enough to comment out GRUB_HIDDEN_TIMEOUT and leave GRUB_TIMEOUT=0
<kklimonda> as for getting old console - maybe some module loads and sets up a framebuffer? but really, if it's not slow then why bother getting back in time ;)
<CarlFK> once it boots, I get a blank screen. hit alt-f1 to get tty1.  but it is in some small font that is hard to read
<kklimonda> try booting with nomodeset
<CarlFK> GRUB_CMDLINE_LINUX="nomodeset" ?
<kklimonda> I'd just edit entry directly in grub and boot it
<kklimonda> and if it works add it to GRUB_CMDLINE_LINUX_DEFAULT
<kklimonda> on the other hand adding it to GRUB_CMDLINE_LINUX would also change recovery entry so it may be a better place
<CarlFK> well, getting it to work is a good first step
<CarlFK> I have been doing: sudo grub-mkconfig && sudo reboot
<CarlFK> but looking at /etc/default/grub I am wondering if my edits are having any effect
<kklimonda> I always use update-grub
<kklimonda> but grub-mkconfig seems to source /etc/default/grub so it should also work
<CarlFK> someting doesn't
<kklimonda> (which makes sense given that update-grub is just a thin wrapper over grub-mkconfig)
<Dulcin> Is anyone familiar with the sender id framework? I keep getting temperror results from hotmail, while it does pass in other checks. I've registered my spf record with microsoft over a week ago as well and still the same error.
<CarlFK> update-grub got me my 80x25 linux console back
<Dulcin> i've googled my ass off, but can only find people with similar problems and no solutions
<CarlFK> and now I have a grub menu
<CarlFK> and it beeped too.
<Zanzacar> I want to allow a user to read the apache logs and the only way I know how is to log in as root which isnt right
<qman__> two options
<qman__> one, set apache to log to a file the user can read for the sites desired
<qman__> two, set up sudoers to allow that user to sudo for just that command
<Zanzacar> thats what I have been doing is sudo ./scritp etc etc etc but that give read write access which isnt good since its I am not a great programmer and could mess things up
<Zanzacar> There is a group called apache how can I tell what it has access it?
<qman__> apache runs as www-data, however that's a bad plan as www-data has access to all the files apache does
<qman__> you don't grant general sudo permission for everything, you narrow it to the specific command
<qman__> i.e., create a script which does exactly what you want the user to do, then grant the user sudo permission only to run that script
<Zanzacar> I guess that works, I just thought that it wouldnt be good to all the script to read and write instead of ust read.
<Zanzacar> the script is in python and I open the files as read only so I guess it isnt that harmful
<qman__> you make it so the user does not have the ability to write to the script
<qman__> then, the user can run the script as root, and it will always do what you expect
<qman__> there are other ways to do it, but this is the simplest as it does not require modifying any of the existing things
<qman__> it just adds a new script, and adds a new permission
<Zanzacar> so how do I do that? change chmod of the script? or just run it with sudo?
<qman__> just change the permissions on the script so the user in question only has read and execute, not write
<qman__> and then give that user permission to run that script as root in sudoers
<Zanzacar> gotcha that makes since
<Zanzacar> cool that is the way I have it setup already :)
<qman__> from there, the only real vector of attack would be exploiting your script into running arbitrary code
<qman__> but as long as you keep it fairly simple that should not be an issue
<Zanzacar> well I am the only one how has a login, and all it does is data mine information for the access logs
<Zanzacar> its for www.engineeringmaps.com and if you search for something I can see what your IP is, the date, and the search value
<tjaalton> kklimonda: hey, I can do it on monday. is it only a rebuild that's needed or a new upstream version?
<jehoshua02> I'm creating my first self-signed cert. How is the passphrase associated with the key pair used for?
<jehoshua02> Does it have to be provided for every https connection?
<jehoshua02> No, once when starting the service.
<CppIsWeird> i just plugged in an SSD drive into my server box. i see the drive displayed during boot, however, fdisk -l does not list the disk.
<EMKO> does ubuntu have mysql 5.5?
<RoyK> EMKO: no, but there might be packages out there somewhere
<RoyK> EMKO: dunno if 5.5 is scheduled for precise - file a bug...
<RoyK> !bug
<ubottu> If you find a bug in Ubuntu or any of its derivatives, please file a bug using the command Â« ubuntu-bug <package> Â» - See https://help.ubuntu.com/community/ReportingBugs for other ways to report bugs.
<RoyK> EMKO: seems there's  talk about it already in bug #690925
<uvirtbot> Launchpad bug 690925 in mysql-5.1 "Package MySQL 5.5.x for Ubuntu" [Wishlist,In progress] https://launchpad.net/bugs/690925
<EMKO> oh
<EMKO> so when it comes out it will be for 12.04 ?
<RoyK> looks like it
<RoyK> what's so new and shiny in 5.5, btw?
<EMKO> i dont know but im using it for some time on windows
 * RoyK tends to stick to postgresql unless he really has to use toys like mysql for production
<EMKO> i think 5.5 has been out since 2010
<RoyK> yeah, saw that, but what's new in it?
<RoyK> scales better, it seems
<RoyK> I'd still use psql over mysql any day if I could choose...
<RoyK> but then, systems like wordpress that are tied head and tail to mysql are ugly and can't be easily supported with anything else...
<RoyK> whoever hardcodes anything to a particular DBMS these days must be either very lazy, must like that particular DBMS very much, or be outright stupid.....
<EMKO> i think im just gona use 5.1 untill ubuntu gets 5.5 hopefully it will be easy to upgrade
<EMKO> so if its for 12.04 only will i have to reinstall ubuntu or can i upgrade 11.10 to 12.04 from 11.10
<RoyK> just do-release-upgrade
<RoyK> EMKO: also, if it's a server you're installing, I'd recommend using the latest LTS release, 10.04
<RoyK> things are far better tested there than in 11.10
<EMKO> oh
<RoyK> and 10.04 will upgrade to 12.04 directly when the latter is released (since that'll be an LTS as well)
<RoyK> I only use LTS releases for servers - for good reason
<EMKO> so 11.10 will update to 12.04 with that command when its out? i realy dont want to reinstall it took me a lot of time to figure out how to install and configure stuff
<RoyK> you won't have to reinstall
<EMKO> hows that? i can go from 11.10 to 10.04
<RoyK> and if you're already on 11.10 and have spent some time tuning the system, just use it on that release
<RoyK> you can't downgrade
<EMKO> oh ok then i will wait for 12.04 upgrade to that and stick with it untill next LTS
<RoyK> EMKO: by default, upgrading to an LTS will set Prompt=lts in /etc/update-manager/release-upgrades, so after upgrading to 12.04LTS a do-release-upgrade won't do much unless you change prompt to 'normal'
<EMKO> promt=lts make it only upgrade to lts?
<RoyK> yes
<RoyK> so once on 12.04, and prompt=lts, it won't do a release upgrade until 14.04 comes around
<EMKO> well then i will stay with that so i only upgrade to lts
<RoyK> yes
<RoyK> lts is fairly safe
<dassouki> upgrading my distro from 10.4 to 11.4 is a bit of a challenge, after I did the apt-get update, do-release-upgrade, most packages were downloaded and installed. The install claims it was successful except for a few packages that it couldn't install
<dassouki> when I do cat /etc/release it still says i'm on 10.4 and i can't apt-get anything although i tried autoremove -f install and autoclean but it seems to be stuck on two othree packages
<dassouki> slapd, libgdal (gis library), and python-apt
<RoyK> dassouki: remove the packages and reinstall them
<RoyK> dassouki: your distro will be on 10.10 after the initial do-release-upgrade, and you'll need to re-run it to get to 11.04 and then again to get to 11.10
<dassouki> ok
<dassouki> RoyK: everytime I try to uninstall any of the packages it lists 20 or so packages to be removed and some of htem are core
<RoyK> ouch
<RoyK> dassouki: can you pastebin the output from "apt-get dist-upgrade"?
<RoyK> or "apt-get update && apt-get dist-upgrade"
<dassouki> RoyK: http://pastebin.com/Da1NUpdT
<RoyK> and apt-get install -f ?
<dassouki> the same excpet it has failed for correcting dependencies and this E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
<RoyK> what about dpkg --configure -a ?
 * RoyK bbl
<dassouki> RoyK: ok ping me when you're back
<uvirtbot> New bug: #892747 in openldap (main) "package slapd 2.4.21-0ubuntu5.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/892747
<jehoshua02> I have two domain names pointing at my public ip address, but my server is serving the same thing for both of them.
<jehoshua02> I'd like only the specific domain names configured to be served and the rest given a 404 or something, but I am lost as to how to do it.
<dassouki> jehoshua02: have you looked at LAMP tutorials or apache or nginx tutorials?
<jehoshua02> I've must have been googling the wrong stuff.
<kklimonda> dassouki: you either have a mess in your sources.list, or overzealous pinning rules
<kklimonda> dassouki: for example you somehow ended up with part of openldap from precise (2.4.25-3ubuntu3 is a precise version)
<kklimonda> but the rest is still from lucid
<jehoshua02> Every where I look, I don't find anything about this particular issue.
<jehoshua02> I'd like the default vhost to just 404 error or something but I can't find what I'm looking for.
<RoyK> dassouki: I realy don't know - sorry...
<dassouki> RoyK: thanks!
<dassouki> kklimonda: I see that. I'll probably look at this on Tuesday then.
<virusuy> howdy
<RoyK> ehlo
<patdk-lap> heh
<CarlFK> carl@g2a:~$ sudo mcelog ; mcelog: warning: 16 bytes ignored in each record ;mcelog: consider an update
<CarlFK> what's that mean?  (me goes to the google now...
<CarlFK> swell, the only relevant hit is just someone else getting the same message:  http://pastebin.com/kSNgvc6c
<CarlFK> everyone else gets  mcelog: warning: 18446744073709551600 bytes ignored in each record
<RoyK> lol
<jMCg> That's quite a lot of bytes.
<jMCg> 15 peta bytes?
<RoyK> jMCg: or 16 exabytes...
<RoyK> (16*1024^6)-16 to be precise :Ã¾
<dassouki> 9is there a tool to automatically clean my sources.list ?
<CarlFK> undocumented feature: mcelog --version; mcelog 1.0pre
<CarlFK> dassouki: how clean? :)
<dassouki> Javex clean
<CarlFK> # slcomp.py - sources.list compactor; # reads in /etc/apt/sources.list and sources.d/* files; # consolidates redundancies,
<CarlFK> like that?
<CarlFK> http://dpaste.de/ACEc0/  slcomp.py - sources.list compactor
<dassouki> CarlFK: thanks it was more that to remove old repos from old distros and drop the ones thta don't exist no more
<CarlFK> echo "# clean!" > /etc/apt/sources.list :)
<CarlFK> huh, looks like I get errors at 299.988026 after boot  http://dpaste.de/EJuE4/
<CarlFK> +/- something probably based on .. quoting from man mcelog:
<CarlFK>  Possible  causes can be cosmic radiation, instable power supplies, cooling        problems, broken hardware, or bad luck.
<CarlFK> should add "CERN experiments"  to the list
<aaronbieber> Can someone help me outâ¦ Evidently karmic koala's sources are no longer on the archive site, and I'd like to upgrade, but since I can't download any packages I'm not sure how to get the update packageâ¦?
<aaronbieber> I'm on 9.10 and totally missed the news that supported ended in April, suddenly all of my automatic updates are throwing 404s because the karmic directory is gone from archive.ubuntu.com.
<aaronbieber> I popped in here because most of the online docs are for the desktop version and use the X11 programs, but this is a server, I have SSH access only.
<jMCg> O_o
<jMCg> aaronbieber: update.. what, exactly?
<aaronbieber> I mean I could go ahead and upgrade to the latest distribution if karmic packages will no longer be released.
<CarlFK> aaronbieber: there is no supported path from there..
<aaronbieber> So I'm screwed :(
<CarlFK> aaronbieber: make a 2nd backup, wipe the drive, install OS, restore data, muck with configs.
<Myrtti> of course could try to get old-releases, upgrade to lucid
<Myrtti> with caveats
<aaronbieber> Ugghhh. It's mostly a straightforward LAMP stack and I would expect that stuff to be OK but I have some wacky stuff floating around in there. Probably best to start from scratch.
<CarlFK> yep
<aaronbieber> Thanks!
<tarvid> want to load 11.10-server-i386 by usb stick
<tarvid> usb-creator-gtk created an empty file system
<tarvid> trying to run again but I can't get rid of the 2.0GB parition
<CarlFK> tarvid: I think you can just dd the .iso onto the stick
<tarvid> that is not what http://www.ubuntu.com/download/ubuntu/download says
<tarvid> But I like it
<tarvid> Even though it lacks safeguards
<CarlFK> "You will need to create a CD or USB stick to install Ubuntu"
<CarlFK> what's a CD made out of...
<tarvid> maxell 2GB stick now seems hosed - reports 2mb
<CarlFK> tarvid: don't worry abuot that, see if it boots
<CarlFK> ddns fun...  20 12:02:02 g2a dhcpd: Unable to add forward map from pc8.private to 192.168.1.13: timed out
<CarlFK> timed out?
<tarvid> doesn't boot, gparted does not see the volume
<CarlFK> paste the dd command
<tarvid> tarvid@geewiz:~/Desktop$ sudo dd if=ubuntu-11.10-server-i386.iso of=/dev/sfc
<tarvid> ah that's not righjt
<CarlFK> sf?
<tarvid> tarvid@geewiz:~/Desktop$ sudo dd if=ubuntu-11.10-server-i386.iso of=/dev/sdc
<tarvid> dd: writing to `/dev/sdc': No space left on device
<tarvid> 4097+0 records in
<tarvid> 4096+0 records out
<tarvid> 2097152 bytes (2.1 MB) copied, 1.53778 s, 1.4 MB/s
<tarvid> the usb stick is not looking good
<CarlFK> weird.
<tarvid> yes
<CarlFK> just a sec.. google time...
<dsirijus> how come 'sudo dpkg-reconfigure locales' doesn't ask me which locales do i want to add/remove? the fancy cli dialogs?
<uvirtbot> New bug: #392077 in squid3 (main) "Squid crashes with "assertion failed" mem->swapout.sio" [High,New] https://launchpad.net/bugs/392077
<uvirtbot> New bug: #496886 in squid3 "Squid crashes with "assertion failed" authenticateUserAuthenticated" [High,New] https://launchpad.net/bugs/496886
<uvirtbot> New bug: #591365 in squid3 (main) "Squid3.0 provides no option for re-enabling a cache peer" [Low,New] https://launchpad.net/bugs/591365
<uvirtbot> New bug: #633876 in squid3 (main) "Squid closes connection without sending a reply when requesting nonexistent file over FTP" [Low,Incomplete] https://launchpad.net/bugs/633876
<CarlFK> tarvid: try cat instead of dd - http://kitenet.net/~joey/blog/entry/Debian_USB_install_from_hybrid_iso/
<CarlFK> tarvid: http://news.softpedia.com/news/Ubuntu-11-10-Will-Be-Distributed-As-Hybrid-CD-USB-images-206765.shtml
<CarlFK> so it should work
<uvirtbot> New bug: #727897 in squid3 (main) "package squid3 3.0.STABLE19-1ubuntu0.1 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Medium,Incomplete] https://launchpad.net/bugs/727897
<uvirtbot> New bug: #730501 in squid3 (main) "eCAP support" [Wishlist,New] https://launchpad.net/bugs/730501
<uvirtbot> New bug: #745082 in squid3 (main) "DNS queries go to the wrong DNS server when moving between networks" [Medium,New] https://launchpad.net/bugs/745082
<uvirtbot> New bug: #801893 in squid3 (main) "Provide an newer version for LTS" [Wishlist,Invalid] https://launchpad.net/bugs/801893
<uvirtbot> New bug: #805660 in squid3 (main) "squid_session causing segmentation fault" [High,New] https://launchpad.net/bugs/805660
<uvirtbot> New bug: #805931 in squid3 (main) "assertion failed: comm.cc:572: "fdc_table[fd].active == 1" " [High,New] https://launchpad.net/bugs/805931
<uvirtbot> New bug: #891433 in squid3 (main) "squid3 miss_access bug, fix not included in LTS" [Medium,Confirmed] https://launchpad.net/bugs/891433
<tarvid> root@geewiz:/home/tarvid/Desktop# cat ubuntu-11.10-server-i386.iso >/dev/sdc
<tarvid> cat: write error: No space left on device
<Daviey> eek, sorry for the spam
<tarvid> I think the USB stick is now hosed
<CarlFK> tarvid: sudo -s
<CarlFK> tarvid: or figure out how to use sudo and redirection.. which makes me edgy. so I just become root.  don't tell anyone
<tarvid> tarvid@geewiz:~/Desktop$ sudo -s cat ubuntu-11.10-server-i386.iso > /dev/sdc
<tarvid> bash: /dev/sdc: Permission denied
<CarlFK> tarvid: you can write whatever bytes you want to memory, it won't break the memory.
<CarlFK> no...  just suto -s
<uvirtbot> New bug: #743504 in squid3 (main) "squid3 responds to its own multicast ICP queries" [Medium,Incomplete] https://launchpad.net/bugs/743504
<CarlFK> er, sudo -s
<CarlFK> and you shoun't be doing anything sudo that you get from IRC without looking into what it dose :)
<tarvid> cat: write error: No space left on device
<uvirtbot> New bug: #772810 in squid3 (main) "Squid3 Natty: Squid3 has to be restarted so it starts using the newly established internet connection" [Medium,New] https://launchpad.net/bugs/772810
<dsirijus> hey, where is console-data?
<dsirijus> no package found, reports apt-get
<CarlFK> apt-cache policy console-data; 2:1.10-9 0         500 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe i386 Packages
<dsirijus> CarlFK: ?
<CarlFK> that's where it is?
<qman__> CarlFK, tarvid: cat ubuntu-11.10-server-i386.iso | sudo tee /dev/sdc
<tarvid> won't that dump 712MB of gibberish to the screen
<qman__> no, that is functionally the same as using >
<qman__> that's just how you do it with sudo, instead of using a root terminal
<lifeless> no its not
<lifeless>        tee - read from standard input and write to standard output and files
<lifeless> ...
<lifeless>        Copy standard input to each FILE, and also to standard output.
<CarlFK> fight fight!
<lifeless> cat ubuntu-11.10-server-i386.iso | sudo dd of=/dev/sdc bs=65536
<dsirijus> CarlFK: i found it here https://launchpad.net/ubuntu/natty/+source/console-data
<dsirijus> and i use 64 bit system
<dsirijus> and i don't have a clue how to get it if it doesn't come up with apt-get install
<tarvid> the problem is the geometry is now hosed
<qman__> fdisk
<tarvid> fdisk -i /dev/sdc never returns
<dsirijus> i'm basically having problem with putty on win 7 not displaying some characters properly on remote ubuntu 11.04 server
<qman__> if it's being difficult, zero then fdisk
<qman__> if that doesn't work, the hardware's probably bad
<dsirijus> so, i just presume console-data will help me
<CarlFK> I don't think there is a need for fdisk
<tarvid> -i no longer works in fdisk
<qman__> I don't know what -i does
<CarlFK> much like not needing to fdisk a blank cd
<tarvid> how do I get/set the geometry?
<qman__> sdc is a CD device?
<tarvid> maxell USB stick
<qman__> flash drives (can) have partitions just like hard drives
<qman__> and fdisk should work normally, but according to the manual, -i is not an fdisk option
<tarvid> fdisk will let me set the geometry, now I have to guess what a 2GB stick should look like
<CarlFK> qman__: and you can clone 2 drives without using fdisk on the target
<qman__> so I don't know what you are trying to use it to do
<tarvid> trying to recover from usb-creator-gtk destroying the geometry in my usb memory stick
<CarlFK> the goal is to get the first byte of ubuntu-11.10-server-i386.iso written to the first byte of the usb stick.. repeat...
<CarlFK> have you given up trying to boot from the usb stick?
<tarvid> the usb stick is basically unwriteable beyond 2MB
<qman__> Disk /dev/sdc: 2003 MB, 2003795968 bytes
<qman__> 255 heads, 63 sectors/track, 243 cylinders
<qman__> that's a 2GB flash drive I have
<tarvid> I'll try it
<qman__> since geometry is largely for compatibility reasons anymore, setting yours the same should work
<CarlFK> qman__: why bother setting it?
<qman__> if the geometry is wrong, weird things can happen
<qman__> my point is, almost all new drives have the same geometry settings
<qman__> because they're not actually relevant on a hardware level
<qman__> but when set wrong, you can get miscommunication and some strange results
<CarlFK> huh
<CarlFK> im still skeptical it is relevant to this problem
<qman__> odds are the flash drive is toasted
<qman__> but it's worth a try
<tarvid> I'm going to exchange it
<tarvid> This is silly
<qman__> I recently ran into geometry issues when I set up my file server, some of the drives had wrong geometry and so the available space was wrong
<tarvid> q
<EMKO> what does failed length mean in ab
<tarvid> back with a fresh sticdk showing Public and mac and xp directories
<tarvid> how should I try writing ubuntu to this stick
<dsirijus> ok, i've isolated my problem to following - i cannot input foreign characters in putty but i can paste them in...
<tarvid> or do I just run the Ubuntu Startup Disk Creator program again
<dsirijus> anyone here actually using putty to administer server from windows?
<tarvid> only when I absolutely have to
<EMKO> whats wrong with putty
<tarvid> when I have to run windows I do it in a VM with Virtualbox
<tarvid> Putty is just as wonderful as Windows
<tarvid> But I have to admit Unity makes XP look good
<tarvid> in which package do I report the Startup Disk Creator Bug?
<tarvid> Ah, I'll bet I lost the Authenticate window the first time
<tarvid> And I'll let the Upgrade volume detected window hang
<qman__> I've used the startup disk creator several times with success
<jelly-home> dsirijus: I'd suggest using UTF-8 translation on putty, and using some utf8 locale on the remote machine.  "locale -a" will give a list of currently enabled locales.
<dsirijus> jelly-home: i'm using en-US.UTF-8 locale on server, and UTF-8 translation on putty
<jelly-home> dsirijus: ok, and does locale -a show something like "en_US.utf8" ?
<dsirijus> jelly-home: yes
<jelly-home> dsirijus: then en_US.UTF-8 (note the third character is an underscore) ought to work
<dsirijus> jelly-home: i guess it doesn't :(
<jelly-home> dsirijus: how exactly does it fail?
<dsirijus> i cannot input ÄÄÄ, and can Å¾Å¡
<dsirijus> and i can paste in any
<jelly-home> dsirijus: interesting choice of characters.  There is a #ubuntu-hr channel as well.
<EMKO> what else is there for windows other then putty?
<tarvid> it is downhill from putty
<EMKO> oh
<dsirijus> should i jump to #ubuntu-hr then?
<tarvid> I like jelly-home's suggestion on URF-8
<tarvid> UTF
<jelly-home> dsirijus: if it's easier for you to explain the issue in your native language, sure ;-)
<dsirijus> jelly-home: how come you know for croatian chars?
<jelly-home> dsirijus: /whois jelly-home
<EMKO> im croatian
<dsirijus> great then :)
<dsirijus> i had DÅ¾elalija as my high-school physics teacher
<dsirijus> she was awesome
<jelly-home> EMKO: well you could join the local channel then, too, if you wished
<dsirijus> ok, i'm moving to -hr then
<EMKO> naa more people here
<jelly-home> dsirijus: is there usage of screen involved as well?
<dsirijus> no, but is planned
<jelly-home> EMKO: you can be in more than one channel at the same time.  A novel approach!
<three18ti> how do I reset an orchestra login?  I reset the cobbler login, but when I try to login through http://example.com/cobbler_web with my newly reset username/password it returns me to the login screen.
<three18ti> this is a fresh install, so if I have to reinstall the meta-package I can...  but it seems like there should be a way to add/remove/modify user logins...
<tarvid> Thanks CarlFK and everybody, the install is complete, have a hunch the grub install authorization message got lost in the desktop and the erase in startup disk creator hammeded the USB stick
<RidDrib> Hello
<RoyK> .... . .-.. .-.. ---
 * jelly-home pipes RoyK to morse -d
<three18ti> anyone using orchestra?
<DanaG> Say, what happened to the "ASPEED" video driver in oneiric?
<DanaG> It seems to be missing, or at least isn't a package.
<lifeless> hallyn: hiya... another lxc glitch - https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/892892
<uvirtbot> Launchpad bug 892892 in lxc "mountall upgrade fails to install within lucid lxc container" [Undecided,New]
<uvirtbot> New bug: #892892 in lxc (main) "mountall upgrade fails to install within lucid lxc container" [Undecided,New] https://launchpad.net/bugs/892892
<DanaG> hmm, installed lightdm, but no gnome or anything...
<DanaG> !find xsessions
<ubottu> File xsessions found in aewm++, afterstep, amiwm, awesome, blackbox, bluetile, cairo-dock-data, dwm, e17-data, fluxbox (and 42 others) http://packages.ubuntu.com/search?searchon=contents&keywords=xsessions&mode=&suite=oneiric&arch=any
<DanaG> hmm, that link doesn't work.
<DanaG> !find /xsessions/
<ubottu> File /xsessions/ found in aewm++, afterstep, amiwm, awesome, blackbox, bluetile, cairo-dock-data, dwm, e17-data, fluxbox (and 42 others) http://packages.ubuntu.com/search?searchon=contents&keywords=/xsessions/&mode=&suite=oneiric&arch=any
<DanaG> !find /usr/share/xsessions
<ubottu> File /usr/share/xsessions found in aewm++, afterstep, amiwm, awesome, blackbox, bluetile, cairo-dock-data, dwm, e17-data, fluxbox (and 42 others) http://packages.ubuntu.com/search?searchon=contents&keywords=/usr/share/xsessions&mode=&suite=oneiric&arch=any
#ubuntu-server 2012-11-12
<unclezipper> Hey, could anyone here help me out? I'm having a bit of a problem with OpenSSH.
<_KaszpiR_> just state your problem, we're not reading in minds...yet
<_KaszpiR_> sigh, split view ftw
<lifeless> hallyn: you might enjoy https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/1077838
<uvirtbot`> Launchpad bug 1077838 in qemu-kvm "qemu-nbd -r -c taints device for subsequent usage, even after -d" [Undecided,New]
<soren> lifeless: Yeah, the nbd driver doesn't seem to clear the flags of the nbd_device struct on disconnect.
<lifeless> soren: or alternatively set them to the desired state on connect
<lifeless> soren: which I suspet is more robust; doing a narrow fix now
<soren> lifeless: Hm. The NBD_SET_FLAGS ioctl doesn't seem to be handled by the kernel at all.
<soren> lifeless: ...because qemu does try to reset the flags on init, but AFAICT, the ioctl is ignored.
<lifeless> soren: I can't see any code to reset BLKROSET on init at the moment, except when RO is requested.
<lifeless> soren: I'll have a test package in a second to see if this works
<soren> lifeless: Oh, you're right.
<soren> blockdev --getro /dev/nbd2
<soren> 1
<lifeless> :)
<soren> I maintain, though, that the flags local to the nbd driver also don't seem to get reset. :)
<lifeless> I don't disagree
<lifeless> there may be security implications in there though
<lifeless> which is why I think resetting on connect is better than resetting on disconnect
<lifeless> I bet LP just corrupted the mime type...
<lifeless> no, whew.
<lifeless> soren: patch attached
<lifeless> soren: are you testing the patch ?
<lifeless> soren: I'm just fighting with my vm .. qemu makes gcc go large:
<lifeless>   CC    x86_64-linux-user/target-i386/translate.o
<lifeless> cc1: out of memory allocating 11522544 bytes after a total of 101806080 bytes
<Daviey> mikal: Hey, you can approve an openstack CLA membership, right?
<Daviey> lifeless: nice, you attached a patch.  As you identified, hallyn would be the best person to revew it.. but he probably won't be around today.
<lifeless> Daviey: patch is bust, fixing :)
<Daviey> (also, a dsc and changes doesn't really help.)
<Daviey> (debdiff is plenty)
<lifeless> Daviey: they were advance defense against the crazy triagers
<Daviey> lifeless: the server team are indeed crazy.
<lifeless> I had my senses reversed.
<lifeless> soren: ^ switch the = 0 and = 1 lines, and it should work
<lifeless> Daviey: :P
<mikal> Daviey: oh hi
<lifeless> Daviey: would love to see this backported to quantal & precise; should be pretty low risk
<mikal> Yeah, that's one of the things I normally do
<mikal> I'll take a look at the queue now
<mikal> Daviey: who was asking for approval? I'll do the three in the queue now...
<Daviey> mikal: yolanda has been wanting it since Friday
<Daviey> lifeless: yeah, looks reasonable.. I'm sure hallyn will help it along.  Out of itnerest, what were you trying to achieve when you hit this?
<lifeless> Daviey: I use qemu-nbd to extract the kernel and ramdisk from a qcow2 ami in openstack, so they can be passed to the NTT baremetal code, which PXE boots every time
<lifeless> Daviey: avoids folk needing to manually configure it
<mikal> I just approved Yolanda
<mikal> Its super manual at the moment
<lifeless> Daviey: but, I didn't want the image getting futzed with by ext4 journal replay or anything, so I passed -r
<mikal> It takes one of two or three people to notice
<mikal> They're working on automating it
<lifeless> Daviey: separately, we use qemu-nbd when putting ami's together... and I noticed this when the put-it-together code depramed its toys without warning
<lifeless> Daviey: or - https://plus.google.com/105660309458564946897/posts/Qpwi9LUDcAN :)
<Daviey> lifeless: erm, isn't this what libsomethingsomething was invented for?
<Daviey> libguestfs?
<lifeless> Daviey: if I could find said thing, sure.
<lifeless> Daviey: well, presumably it will run smack bang into the same thing, or would need fixing to use readonly block devices, and then run into the same thing
<lifeless> Daviey: (thanks for the pointer, may simplify our code)
<lifeless> Daviey: I knew something was out there but had 0 luck remembering the name at the relevant time
<jotterbot1234> Hello everyone, does anyone have any experience with Hardware RAID here?
<lifeless> jotterbot1234: assume the answer is yes
<lifeless> Daviey: so - guestmount -r, should in principle hit the same bug.
<jotterbot1234> indeed I do assume so
<jotterbot1234> Am I able to post a link to serverfault with a problem I am having ?
<jotterbot1234> does that violate any channel rules?
<lifeless> not that I'm aware of
<soren> lifeless: Why would it hit the same bug?
<soren> lifeless: It doesn't use nbd at all.
<soren> lifeless: It fires up a VM, attaches your disk image, and marshalls requests from your application through to a deamon running in the VM.
<jotterbot1234> http://serverfault.com/questions/447682/raid-50-24port-fast-writes-slow-reads-ubuntu
<jotterbot1234> Any help with this would be greatly appreciated!
<lifeless> soren: *blink*
<lifeless> soren: that is not at all how I imagined it would work
<lifeless> soren: that said, what code does kvm use for dealing with qcow2? - I guess it manages it without a kernel block device?
<soren> lifeless: I can relate.
<soren> lifeless: Yeah, it's all userspace. qcow2 originated in qemu.
<lifeless> yah, I knew that :>
<soren> lifeless: I can appreciate the fact that it keeps everything neatly in userspace. I can also appreciate the fact that it probably protects your from a bunch of security problems as a result.
<soren> ...but it still just feels... wrong.
<lifeless> the guestfs-faq is very ... opinionated
<lifeless> if I wasn't so keen on nuking openstack disk param injection, I'd consider porting it to use libguestfs if it doesn't already.
<lifeless> 'Ubuntu .. Canonical decided to change the permissions on the kernel so that it's not readable except by root.  This is completely stupid, but they won't change it... So
<lifeless>            every user should do this:
<lifeless>             sudo chmod 0644 /boot/vmlinuz*
<lifeless> '
<lifeless> soren: *very* opinionated :)
<lifeless> unless I'm missing something though, richard jones is assuming root access in the first place
<lifeless> which kindof misses the point, doesn't it ?
<soren> lifeless: Where is he assuming that?
<taalas1> Hi, I am currently trying to provide an Ubuntu 12.04.1 Server network install image. I do ave a working PXE environment using tftp and nfs exports. This works very well for Ubuntu Desktop, but following the same configuration for server the installation stops and says that it cannot find the installation medium (CDROM). Is there anything I should be doing differently when netbooting server install?
<rbasak> Using NFS sounds a bit odd to me. What are you using NFS for, and is there a particular reason you went down that route?
<taalas1> I am using an NFS export to provide client access to the installation files. Is there a better way I should be doing this?
<rbasak> The usual way is to PXE/TFTP for the d-i netboot kernel and initrd images, supply a preseed URL on the kernel command line, serve the preseed over HTTP and then the installer will fetch everything else directly from an archive mirror over http. You can run your own mirror or proxy cache there if you want, using the preseed to point to it.
<rbasak> Also look into MAAS, though I'd recommend running 12.10 MAAS as there were major improvements over the 12.04 version
<rbasak> (you can still deploy 12.04 servers)
<taalas1> fetching the packages from an official mirror would be fine. the main reason I am doing this is, that I need a diskless install
<taalas1> Is there any article you know of that would explain the needed steps in detail (where to get the netboot kernel, etc)
<rbasak> I'm not sure
<rbasak> (of an authoritative place where this is documented)
<rbasak> To see it in action install maas from 12.10
<rbasak> If that does what you need then great
<rbasak> If not, http://archive.ubuntu.com/ubuntu/dists/precise/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/ for the netboot installer kernel/initrd
<rbasak> Also https://help.ubuntu.com/12.04/installation-guide/amd64/appendix-preseed.html
<taalas1> great, thank you. I will look into both options
<taalas1> Do I have to use preseeding, or can I simply boot the netboot and then supply the source manually? which source would that be for 12.04.1 server?
<rbasak> Without preseeding it'll work fine, but you'll have to answer all the questions manually. Preseeding just pre-answers all the questions for a fully automated install
<rbasak> When netbooting, the 12.04/12.04.1 distinction doesn't really matter. You'll always get the latest from precise-updates
<rbasak> It'll default to the correct source
<taalas1> thank you very much
<rbasak> When you netboot you basically just get what you'd get if you had booted the CD manually. The installer will just do the right thing
<rbasak> (there are some minor differences but I don't think they'll matter to you)(
<taalas1> rbasak: Just wanted to let you know that the netboot option worked flawlessy, thanks again. Will look into MAAS, too, but for now this did exactly what I wanted to achieve
<taalas1> rbasak: I did get the initrd for this netboot from the server install iso. At later stages of the installation it is possible to also choose desktop components. Can I use this netboot to install any flavor of Ubuntu? Also, is there any difference between server and desktop except for these package options?
<rbasak> taalas1: the only differences between server and desktop are install method and package selection
<rbasak> (AFAIK. I hope I'm not missing something)_
<taalas1> rbasak: I see. So I could use this PXE Netboot for Desktop clients as well...that's very neat :)
<janet> I wonder how long it would take to run an internet-wide port scan
<TheLordOfTime> infinitely long/.
<zul> alrighty libvirt 1.0.0. uploaded
<Pooper> Hi all, I created a software based array of disks (4x3TB) using mdadm RAID 5. I then used mkfs.ext4 to partition with the following parameters:  -b 4096 -E stride=128,stripe-width=384... Now that the array is mounted, when I transfer files to it the md5sum of the files changes with respect to the original.... Any ideas as to why this is happening?
<xnox> anything interesting in the /var/log/syslog?
<xnox> or dmesg?
<Pooper> xnox, here is a snippet of dmesg http://paste.ubuntu.com/1353328/
<Pooper> xnox, /var/log/syslog looks fine
<Pooper> xnox, any ideas?
<xnox> Pooper: there is not enough details, but there have been reports of checksum mismatches on files on linux-raid mailing lists. I have not seen / reproduced them.
<xnox> but it sounds like the best place for you to seek expert advice.
<Pooper> xnox, but is this an issue with GPT partitions?
<xnox> that. should not matter at all.
<smoser> adam_g, jamespage gwd is interested in trying to get openstack xen/xcp path installable as juju charms
<smoser> (whoohoo!)
<smoser> i pointed him at http://bazaar.launchpad.net/~gandelman-a/+junk/juju-deployer/files
<smoser> but i'm sure there is omething better.
<smoser> he's hoping to basically go from maas to xen/xcp based openstack
<gwd> adam_g, jamespage: So glancing through the "deployments.cfg", it looks like I might want to take the "nova-compute" charm and add some new "virt-type" options to it...?
<jamespage> smoser, gwd: no adam_g this week :-)
<jamespage> gwd: thats a good place to start
<jamespage> nova-compute is the nux of the openstack charms in terms of hypervisor
<jamespage> so its where xen should be integrated...
<jamespage> gwd: I actually see ""xen") compute_pkg="nova-compute-xen";;" already in the compute charm
<jamespage> gwd: but I know its never been tested....
<gwd> jamespage: Ah, right -- hmm, I can check it out, but there's no way I can actually get a test setup to test a whole open-stack rig top to bottom.  How hard would it be for someone to give that a quick smoke-test?
<ninjix> why am I getting "user does not match any options" with Quantal when I try 'sudo nova-manage user admin user1' ?
<ninjix> I'm following 12.10 serverguide docs on Folsom install
 * RoyK wonders why on earth 32bit desktop is the default for downloads...
<ninjix> RoyK: agreed
<RoyK> ubuntu+unity is rather on the heavy side, so using a 32bit machine is likely to be dead slow for that anyway
<ninjix> ahh... looks like the official 12.10 server pages for ubuntucloud need to be updated
<ninjix> current pages are referencing essex commands instead of openstack folsom
<ninjix> see: https://answers.launchpad.net/nova/+question/204905
<lifeless> soren: walking the kernel memory to determine its symbol table
<lifeless> soren: kmem isn't readable w/out root, right ?
<RoyK> lifeless: don't think so, no
<RoyK> imho that'd be a jolly bad idea
<lifeless> RoyK: exactly ;)
<Daviey> smoser: do you have capacity to look into bug 1064835?  Looks like the upstream commit doesn't really fix the issue?
<uvirtbot`> Launchpad bug 1064835 in python-keystoneclient "[SRU] keystoneclient fails on SSL certificates that work for other services" [Critical,Fix committed] https://launchpad.net/bugs/1064835
<Daviey> (verification failed of quantal sru)
<smoser> suck.
<Daviey> smoser: if you don't, that is also ok
<smoser> dai'd like to defer on it. i was chasing other fires at the moment. raring cloud images are not booting. :-(
<smoser> and i keep wanting to get a raring cluod-inti upload
<PineappleCLock> Would setting up pptpd on my server mess with DNS? I can't seem to get ubuntu to use my DNS servers, but querying them manually works fine via nslookup
<patdk-wk> PineappleCLock, are you using 12.*?
<PineappleCLock> yes 12.04 LTS
<patdk-wk> you aren't editing resolv.conf are you?
<PineappleCLock> nope, I added "dns-nameservers" to the end of /etc/network/interfaces and restarted networking
<PineappleCLock> I can see that resolvconf has the correct lines in resolv.conf
<PineappleCLock> the only networking change was to allow pptpd to work and that was adding a iptables masquerading command to rc.local per a howto
<PineappleCLock> I can ping IP addresses just fine like google.com, but DNS is kaput :\
<PineappleCLock> I know it's not that because even if I flush iptables, I can't resolve hostnames... very weird
<smoser> SpamapS, around ?
<smoser> looking for feedback on bug 1057195
<uvirtbot`> Launchpad bug 1057195 in cloud-init "cloud_config apt_proxy has no option to specify HTTPS or not" [Medium,Incomplete] https://launchpad.net/bugs/1057195
<PineappleCLock> Any thoughts on why DNS client would not work at all, even though the nameservers are properly configured
<smoser> utlemming, did you make any progress on raring images boot issues ?
<utlemming> smoser: not yet....hopefully soon
<Fatguy> anyone know why I'm only able to modify properties for one of my network cards?
<Fatguy> why would my secondary NIC be locked up so that I can't modify the properties in the network manager (GUI)?
<patdk-wk> heh? you do know this is ubuntu-server?
<patdk-wk> there is no gui
<Fatguy> im using 12.10 server with desktop GUI installed
<Fatguy> i would use the commands if i knew what they were but im just getting into the development for personal and business cloud vpn's and use the GUI for ease of use
<patdk-wk> well, network-manager is a total unknown in here
<Fatguy> ok, do you know what I would have to do in terminal to change the properties of my secondary NIC?
<Fatguy> my primary is eth1 and i have it set where i need it but the secondary eth0 wont let me modify anything, at first it wouldn't work at all but I finally got it enabled
<Fatguy> all i need to do is modify the ipv4 address to static and change the gateway and dns info. what would I have to edit to do that?
<Fatguy> looks like linux is getting just about as useless as windows, #ubuntu sent me here for some help but noone here knows how to modify network settings...guess ill have to find help elsewhere
<patdk-wk> heh
<philipballew> Whats the best web server if I only have 128 mb's of ram?
<Erik_D> philipballew: is nginx too much?
<philipballew> Erik_D, I have not tried nginx,
<RoyK> philipballew: apache will probably be heavy, but nginx should work
<philipballew> I was considering that or lighttpd
<RoyK> lighty isn't that good
<philipballew> Its just my wp blog that feeds to the planet
<philipballew> so unless I put a blog title up like "Ubuntu sucks" noones ever gonna visit
<RoyK> lighttpd is rahter old, nginx is better
<philipballew> alright, and the repos version id good enough?
<RoyK> should do
<philipballew> alright. Thanks for the confirmation.
<philipballew> peace
<milestone> hi folks i have a problem with a precise server, which hangs after printing Running /scripts/init-bottom
<milestone> there does not seem to be an error
<milestone> i have let the machine run for a day and still no luck
<milestone> what is happening after /scripts/init-bottom ?
<pseudonymous> A good reference for upstart ? Specifically I'm looking to understand how I disable services from starting on boot
<FroMaster> Running Ubuntu 12.04.1 on ESX 5.1 and wondering if i should install open-vm-tools (via apt-get) or vmware-tools (via cdrom/compile). Thoughts/suggestions?
<jjcm> FroMaster: doesnt hurt to compile
<jjcm> but the vmware proprietary tools will offer more features
<episteme> morning everyone. I'm experiencing an issue with vsftpd where if i connect using a local user account i get the message that the login is incorrect. I have overly checked that i was entering the username and password correctly. and i do have local user enabled. Anyone else having this issue or knows how i can fix it? TIA
<pseudonymous> Question #2: Do people run Ubuntu LTS for their servers or Ubuntu ? Is there any distinction, security-wise ?
<genii-around> pseudonymous: http://upstart.ubuntu.com/cookbook/
<ScottK> pseudonymous: There's no distinction security wise.
<pseudonymous> damned be all the fragmentation. Sometimes it seems to me that FreeBSD's biggest boon is that there's no distribution hell to consider. Why can't base things such as service management be agreed upon ? Why are most proposals unnecessarily complex ? Grrr.
 * ScottK thought FreeBSD's biggest boon was the lack of kernel features.
<lifeless> Daviey: so when is hallyn around :>
<Daviey> lifeless: when it's not a US Holiday :)
<Daviey> (he did check in earlier, but he's out right now.)
<lifeless> Daviey: ah :)
<lifeless> hallyn: thanks ;)
#ubuntu-server 2012-11-13
<lifeless> cloud-init doesn't put hostname in /etc/hosts for me; is that expected ?
<lifeless> SpamapS: ^ you may have an idea
<lifeless> ah, manage_etc_hosts not set.
<lifeless> *how* to set it ?
<hallyn> lifeless: sadly i'm out for yet another day!  i'll be 100% here on wed.  but yeah interesting bug, due to state kept on the dev i guess.
<lifeless> hallyn: yeaj
<lifeless> hallyn: patch seems to work fine, I worry that there are other lurking bugs though
<hallyn> that bit of code was pretty recent (sep 2012)
<lifeless> hallyn: the bug exists in precise too though :)
<hallyn> or did i misread and it was 2011?
<lifeless> so I would say 2011
<hallyn> must be 2011 or precise wouldn't have it :)
<lifeless> precise might have had a different codepath
<lifeless> Ng backported it to precise and said it needed refactoring
<hallyn> what you listed looked identical to what i's in upstream git
<hallyn> oh ok
<lifeless> so I'd assume last touched sep 2012, but older
<hallyn> tbh i worry as much about the nbd kernel code
<lifeless> that hasn't broken on me yet :>
<hallyn> phew
<lifeless> I know a couple of folk on precise hitting kernel panics
<lifeless> I'm on quantal
<lifeless> so could be fixed kernel stuff
<hallyn> guess i'll have to push this fix into the old r package before pushing new debian-based replacements for qemu-linaro and qemu-kvm :)
<hallyn> anyway, off to read more headline gossips about intelligence agencies - gnight
<lifeless> gnight!
<A[D]minS> Good morning Guys, I'm learning the openstack technology and i started with deploying MAAS
<A[D]minS> may i know how to import local iso using instead of downloading it from Internet ?
<sh_t> hi everyone. i'm trying to mirror installed packages between two 64bit precise servers using dpkg --get/set-selections and i'm finding that my second server wants to install the i386 version of many of the packages. why is it doing this?
<SpamapS> A[D]minS: probably best to ask in #maas for that one. IIRC, thats not possible
<bigjools> not currently *easy*
<A[D]minS> ok i've another stupid question , regarding maas , it only serve ubuntu boot images?
<bigjools> yes
<SpamapS> sh_t: you may want to look at apt-clone
<A[D]minS> bigjools thx :)
<sh_t> SpamapS: thanks thats seems to work. not sure what the problem with the get/set method though.. oh well
<A[D]minS> what is the best tool to integrate with Openstack to make the managing is very smooth?
<ak5> hi, I am trying to setup spice via qemu
<ak5> it seems like there are no packages for spice server in 12.04 LTS?
<ak5> is there a ppa for spice?
<koolhead17> Daviey, around
<xorred> I'm following http://www.howtoforge.com/high-availability-storage-with-glusterfs-3.2.x-on-ubuntu-12.04-automatic-file-replication-across-two-storage-servers to create a high-availability storage cluster, but the guide misses the part where both machines are accessed by the same name by, let's say, vmware
<xorred> anyone have an idea how the 2 server storage cluster nodes can be referenced by a third party by the same name?
<dforthman> Hello, I was trying to install a .deb package on my 12.04 server. Now I am getting unmet dependency errors for several i386 packages. I attempted to force the installation with `sudo apt-get -f install` but it errors out as well. How do I get rid of it?
<dforthman> nevermind, fixed it.
<fhd> Hi. Is there any preferred location for nginx sites on Ubuntu? Apache uses /var/www, is it safe to use the same location for nginx?
<balboah> fhd: yes
<dforthman> fhd: you should be able to point it to whatever directory you wish.
<fhd> dforthman: Yes, but I'm wondering where it "belongs" (i.e. where others would expect it). For Apache, that's mostly /var/www or /srv/www, depending on the system. nginx uses /sites in the official documentation.
<dforthman> I see a lot of "/var/www/nginx-default" on Google. That's probably it.
<dforthman> But I also see some "/usr/local/nginx/html"
<fhd> dforthman: Hm, I guess I'll go with /var/www/example.com if there's no clear place where people expect it.
<fhd> dforthman: (Since I have multiple sites)
<dforthman> Sounds like a plan to me :D
<docmur> What is a good graphical light weight browswer which supports Javascript, Links2 didn't have javascript support and Arora was a steaming pile
<uvirtbot`> New bug: #1020238 in python-novaclient "nova client keeps asking for a keyring password " [Low,Confirmed] https://launchpad.net/bugs/1020238
<uvirtbot`> New bug: #1035878 in swift (main) "man page useless" [Undecided,Fix released] https://launchpad.net/bugs/1035878
<uvirtbot`> New bug: #1065255 in glance (main) "Installing glance client after keystone results in error" [Medium,Fix released] https://launchpad.net/bugs/1065255
<uvirtbot`> New bug: #1070630 in glance "glance-manage does not read configuration correctly" [Undecided,Won't fix] https://launchpad.net/bugs/1070630
<uvirtbot`> New bug: #1075189 in python-glanceclient (main) "python-glance client breaks on package upgrade" [Undecided,Won't fix] https://launchpad.net/bugs/1075189
<uvirtbot`> New bug: #1078177 in nagios3 (main) "typo in /etc/default/nagios3" [Low,Triaged] https://launchpad.net/bugs/1078177
<uvirtbot`> New bug: #1077838 in qemu "qemu-nbd -r -c taints device for subsequent usage, even after -d" [Undecided,In progress] https://launchpad.net/bugs/1077838
<uvirtbot`> New bug: #1078102 in openldap (main) "libpam-ldap should share openldap's configuration mechanism" [Medium,Triaged] https://launchpad.net/bugs/1078102
<uvirtbot`> New bug: #1078214 in juju (universe) "/var/lib/juju/units/*/charm.log is not logrotated" [Undecided,New] https://launchpad.net/bugs/1078214
<uvirtbot`> New bug: #1078216 in juju (universe) "exceptions.AttributeError: 'UnitAgent' object has no attribute 'lifecycle' " [Undecided,New] https://launchpad.net/bugs/1078216
<uvirtbot`> New bug: #1078217 in juju (universe) "zookeeper connection is not using exponential backoff" [Undecided,New] https://launchpad.net/bugs/1078217
<uvirtbot`> New bug: #1078242 in juju (universe) "juju cannot connect to zookeeper - too many connections (max 10)" [Undecided,New] https://launchpad.net/bugs/1078242
<uvirtbot`> New bug: #1037567 in cloud-init "need config-drive-v2 support" [Medium,Fix released] https://launchpad.net/bugs/1037567
<uvirtbot`> New bug: #1068786 in lxc (universe) "man lxc-create doesn't expand  ${localstatedir}" [Medium,Triaged] https://launchpad.net/bugs/1068786
<uvirtbot`> New bug: #1077700 in cloud-init "Issue with ConfigDriveV2 and ssh authorized_keys" [High,Fix committed] https://launchpad.net/bugs/1077700
<uvirtbot`> New bug: #1077874 in ipvsadm (main) "installation of ipvsadm is broken : unknown template field, can't dpkg-reconfigure" [Undecided,New] https://launchpad.net/bugs/1077874
<uvirtbot`> New bug: #1078213 in juju (universe) "juju-machine-agent.log is not logrotated" [Undecided,New] https://launchpad.net/bugs/1078213
<uvirtbot`> New bug: #1077897 in quota (main) "Cron quota script not working for groups" [Undecided,New] https://launchpad.net/bugs/1077897
<uvirtbot`> New bug: #1071909 in mysql-5.5 (main) "package mysql-server-5.5 5.5.28-0ubuntu0.12.04.2 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Medium,Invalid] https://launchpad.net/bugs/1071909
<uvirtbot`> New bug: #1077594 in postfix (main) "package postfix 2.7.0-1ubuntu0.2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/1077594
<patdk-wk> uvirtbot`, haven't been getting enough love lately?
<uvirtbot`> patdk-wk: Error: "haven't" is not a valid command.
<koolhead17> zul, around
<koolhead17> https://bugs.launchpad.net/quantum/+bug/1069966
<uvirtbot`> Launchpad bug 1069966 in quantum "rootwrap error with L3 agent" [Undecided,Confirmed]
<koolhead17> when is it coming to our cloud repo
<koolhead17> i see it fixed upstream
<zul> koolhead17: when it gets into precise-proposed
<zul> koolhead17: so this week hopefully
<koolhead17> zul, so we will have it fixed by this week.
<koolhead17> thanks
<uvirtbot`> New bug: #1078364 in lxc (universe) "package lxc-templates (not installed) failed to install/upgrade: trying to overwrite '/usr/share/lxc/templates/lxc-opensuse', which is also in package lxc 0.8.0~rc1-4ubuntu42" [Undecided,New] https://launchpad.net/bugs/1078364
<Daviey> smoser: do you think bug 1078219 is fallout from exposing nested virt?
<uvirtbot`> Launchpad bug 1078219 in nova "nova live-migration failure" [Undecided,New] https://launchpad.net/bugs/1078219
<Daviey> (ignore the log issue)
<smoser> smb, ^
<smoser> Daviey, why would you think taht?
<Daviey> smoser:  "CPU doesn't have compatibility" .. it is my understanding that is the only thing not abstracted?
<Daviey> ie, qemu cpu == qemu cpu
<smoser> Daviey, no.
<smoser> i think it depends.
<smoser> but clearly that woudl be a valid issue if he was trying to migrate amd64 system to i386 system
<smoser> right?
<smoser> other flags can do the same.
<Daviey> smoser: VMX vs SVM?
<cloudman> whats the EOL of 12.04?
<Pici> cloudman: 2017
<Pici> cloudman: see https://wiki.ubuntu.com/Releases
<cloudman> Pici: nice, just found the info
<cloudman> just installed on my box, was using centos
<MoleMan> how can I lock an SFTP user to his home directory? setting 'ChrootDirectory %h' as I keep seeing suggested on the internet just causes "19:13:10	Error:	Network error: Software caused connection abort 19:13:10	Error:	Could not connect to server
<RoyK> metasansana: read up about using rssh
<MoleMan> I had it working in FTP ages ago, but removed FTP in favour of SFTP on the advice of people in hear...
<MoleMan> here #
<sarnold> MoleMan: apparmor can do that, though it won't be a one-liner as you've hoped for. :)
<MoleMan> I can handle that...
 * MoleMan is somewhere in the middle of writing a currently ~300 line bash script
<RoyK> ftp is insecure by design, using rssh and sftp/sshfs/whatever is better
<MoleMan> RoyK: I am doing, but I now can't get my users locked to their home dir thus reducing security...
<metasansana> RoyK you meant MoleMan, not me right?
<RoyK> ops, yes
<metasansana> k, for a second I thought you breached my server :)
<MoleMan> sarnold: could you point me to the documentation then please? or suggest why using the setting all the articles I've found is preventing the connection at all?
<RoyK> MoleMan: are you using rssh?
<MoleMan> sftp
<RoyK> MoleMan: no, rssh as the shell for the users
<sarnold> MoleMan: no idea off-hand on the aborted connection; _maybe_ there will be details in the logs, and if not, try turning up the verbosity...
<MoleMan> RoyK: oh, no I set the shell to /usr/lib/sftp-server which works unless you set the chrootDir
<RoyK> MoleMan: lookup rssh - it's supposed to make things easier
<MoleMan> I tried just /bin/false and /sbin/nologin but they just broke connections completely
<RoyK> try rssh
<MoleMan> okay, will do in ~30 mins, going for dinner... YAY not eaten all day :p
<cloudman> for just a web mail server do I need to add any repos other than default?
<RoyK> cloudman: depends what you want to use :P
<cloudman> what am I likely to need, I think?
<RoyK> just a webmail frontend?
<RoyK> or a full mail server?
<cloudman> just need it for hosting sites and mail basically
 * RoyK uses zimbra
<cloudman> both
<RoyK> but then, you can't run zimbra on a host that easily, it must be dedicated, usually with a vm
<cloudman> got root here
<RoyK> doesn't matter - if you want to use zimbra, it must be separate. but then
<RoyK> !mailserver
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/12.04/serverguide/C/email-services.html
<cloudman> heads up, some nicely priced dedis here....https://www.worldstream.nl/serverdeals.php
<RoyK> hm... good :)
<cloudman> there was a 2.8 dual with 8gb ram earlier its gone lol, 32 euro
<RoyK> cloudman: it's not popular in here to talk about zimbra, since zimbra isn't too open, but I find it very nice to manage
<RoyK> it'll need 2GB or more RAM and some disk space
<cloudman> was it a yahoo thing years ago?
<RoyK> depending on the load
<RoyK> yahoo bought it
<cloudman> yeah, had an account I think
<RoyK> and then vmware bought it
<cloudman> my dedi is fine when its fine lol
<cloudman> pay 19 a month for it :p
<RoyK> USD?
<cloudman> euro
<RoyK> not a whole lot
<cloudman> not hi spec 1.6 dual pent, 2gb ram 160gb hd
<RoyK> well, good enough
<cloudman> yep
<RoyK> that is
<RoyK> how many users?
<RoyK> zimbra is rather on the heavy side, lots of java stuff
<cloudman> me mostly, have a social network tho thats growing, down at the moment tho
<RoyK> if you want a lightwight mailserver, zimbra is not your choice
<cloudman> just got my server backup
<cloudman> will restore the sites later
<cloudman> all mail is up though
<sh^t> hi everyone. i'm having trouble with my 12.04 64bit install hanging on reboot/shutdown at "unmounting local filesystems...". I have a bunch of 1TB disks mounted with uuid in fstab and if i umount them prior to running reboot there is no problem with the reboot process. how can i debug whats happening here?
<uvirtbot`> New bug: #1078444 in python-boto (main) "python-boto should verify SSL certificates and should use the systems certificate repository" [Undecided,Confirmed] https://launchpad.net/bugs/1078444
<X-Sleepy-X> hi
<X-Sleepy-X> i have a couple of things i wonder about
<X-Sleepy-X> i have installed postfix and i can send emails on port 25 from the local network both to accounts on the server and to gmail
<X-Sleepy-X> if i want to send from an external network to and from my local account it works if i enable smtpsubmission
<X-Sleepy-X> but then it doesnt seem to require auth
<X-Sleepy-X> what would be the smart aproach on this?
<X-Sleepy-X> what i want to achieve is:
<X-Sleepy-X> being able to send from my local network and from my cellphone to both external addresses and internal addresses but i don't want spammers to be able to use my smtp as a relay.
<X-Sleepy-X> how would one go about enabling smtp auth and which kind is to prefer?
<keithzg> I just tried creating a VM on a new VM host machine (both guest and host running 64-bit Precise), and the guest never finishes booting, just locks at "Booting from Hard Disk..." while consuming an entire CPU core perpetually.
<keithzg> Anyone know what might be causing this?
<keithzg> ...guess not!
<LifeIsGood169> Is it ok to ask for ubuntu server lvm2 help here?
#ubuntu-server 2012-11-14
<delinquentme> hey all ... what tool do I use to write into a file?  .. just a plain text file
<LifeIsGood169> nano
<LifeIsGood169> vi
<delinquentme> LifeIsGood169, I mean to run a command to write it .. and not open it to examine it
<LifeIsGood169> example:    sudo nano (file name here)
<LifeIsGood169> oh
<sarnold> echo? sed? awk? perl?
<LifeIsGood169> lol I know nothing
<sarnold> depends how you want to modify the file, really.
<delinquentme> I want to add a source to  /etc/apt/sources.list  with a single command
<sarnold> you should probably be using /etc/apt/sources.list.d/ _instead_, but you could do that with echo "deb http://blah/ blort foobar" >> /etc/apt/sources.list
<delinquentme> echo "something" > file
<sarnold> delinquentme: > overwrites. >> appends.
<delinquentme> sarnold, nice!
<sarnold> delinquentme: but _please_ do look at /etc/apt/sources.list.d/, it's there to help make these things easier. :)
<sarnold> .. echo "foo" > /etc/apt/sources.list.d/deliquent.list    :)
<delinquentme> sarnold, and those will be available just the same?
<LifeIsGood169> Where can I go for lvm support? the channel #lvm is unresponsive.
<delinquentme> and sarnold do I want a .list or a .list.save?
<xnox> LifeIsGood169: here is ok, but the linux-lvm is the holy grail.
<sarnold> LifeIsGood169: just try asking? it might work.. :)
<xnox> LifeIsGood169: what's up?
<sarnold> delinquentme: .list. apt will only use files that end with .list.
<sarnold> delinquentme: (that's .list -- ignore my periods that end the sentences...)
<delinquentme> echo "deb http://http://lib.stat.cmu.edu/R/CRAN/bin/linux/ubuntu lucid/" > /etc/apt/sources.list.d/R-lang.list
<delinquentme> its a new file so dont need to append and I think i look good
<sarnold> delinquentme: you've got two "http://" in there -- otherwise looks good.
<delinquentme> its telling me permissions denied even with sudo??
<delinquentme> sudo echo "deb http://lib.stat.cmu.edu/R/CRAN/bin/linux/ubuntu lucid/" > /etc/apt/sources.list.d/R-lang.list
<LifeIsGood169> @xnox test
<LifeIsGood169> how do you reply?
<sarnold> delinquentme: that runs the 'echo' as root, but not the > file redirect. hehe.
<sarnold> LifeIsGood169: type the name, type :, keep typing :)
<sarnold> LifeIsGood169: some clients let you type the first few characters and then hit 'tab', but not all.
<LifeIsGood169> xnox: hello?
<delinquentme> so a sudo after >
<LifeIsGood169> It doesn't seem to go bold?
 * xnox is confused..... LifeIsGood169 just type your question and all of us can ponder about it.
<delinquentme> > sudo /etc/apt/sources.list.d/R-lang.list     sarnold
<LifeIsGood169> ok
<LifeIsGood169> I'd like to setup a single volume group across multiple pv's. My first hd: sda{1,2,5} = linux, extended, linux lvm. My second hd: sdb{1,2,5} = linux, extended, linux swap. How do I set aside the system files & swap space on 1 hdd? & partition everything else as a volume group? I need help understanding the current default partitions. I have no idea why my second hard drive: sdb{1,2,5} = linux, extended, linux swap.
<LifeIsGood169> I have a picture of 'fdisk -l' if it helps: http://i216.photobucket.com/albums/cc217/lalabby/hdds.png
<sarnold> delinquentme: I'd just start a new root shell as "sudo -s", then run the 'echo foo > bar' command as you did before -- then control+D to exit the root shell
<shanemeyers> you can't use the sudo after the > in the redirect, you can do the following though:
<shanemeyers> echo "deb http://lib.stat.cmu.edu/R/CRAN/bin/linux/ubuntu lucid/" | sudo tee /etc/apt/sources.list.d/R-lang.list
<sarnold> LifeIsGood169: presumably xnox sees it bold if he has bothered to configure -- or not unconfigure -- his highlighting. :)
<sarnold> shanemeyers: oh, neat.
<LifeIsGood169> sarnold: ah
<xnox> LifeIsGood169: eh.... you actually have only two partitions.
<xnox> LifeIsGood169: the 1st one has the / and most of the install.
<LifeIsGood169> xnox: ah in the picture?
<xnox> LifeIsGood169: the 2nd one indicates end of "primary" partitions and start of "logical" partitions.
<xnox> LifeIsGood169: the 5th one is actually just your _other_ partition with swap on it.
<xnox> LifeIsGood169: see "Disks" app to help visualise this.
<xnox> LifeIsGood169: and read about partition tables on wikipedia.
<xnox> note that formating & creating pv's will delete all your data on that space.
<LifeIsGood169> xnox: so is sdb important? or can I erase it? Only sda1 matters?
<xnox> LifeIsGood169: huh. wait. sdb means it's a second HDD, sda is the first HDD.
<xnox> LifeIsGood169: I don't know what data you have on them.
<LifeIsGood169> xeon: idk either. Can you look at this picture of 'fdisk' ? http://i216.photobucket.com/albums/cc217/lalabby/hdds.png
<xnox> LifeIsGood169: but what _you_ think is first/second HDD, is not necessarely what your computer (which order) they are in.
<LifeIsGood169> xnox: that is ok... everything should be 'erased' except the current ubuntu opperating system
<xnox> LifeIsGood169: can you show output of $ sudo mount?
<xnox> LifeIsGood169: also to paste text from console it's easier to pipe the output to `pastebinit`
<LifeIsGood169> xnox: no important information was present when I first installed.... I'm just trying to figure out if Ubuntu's default space usage - grabbed some of the second HDD for swap
<LifeIsGood169> ok
<xnox> also $ sudo lvs and $ sudo pvs
<xnox> and $ sudo vgs
<xnox> will help you.
<xnox> but first disk has a primary partition (probably boot partition) a logical partition with lvm pvs.
<LifeIsGood169> xnox: http://paste.kde.org/606200/
<xnox> second disk has a primary partition (probably with a linux installation) and a logical partition for swap.
<xnox> LifeIsGood169: what I said above is right.
<LifeIsGood169> xnox: ahhhh... that might be an old ubuntu 9.04 install.... now I understand... I didn't get it
<xnox> LifeIsGood169: note that currently you are booted of /dev/sda, which is in LVM.
<LifeIsGood169> xnox: so it is useless just an old hdd with some data I missed... thought they were all blank
<xnox> LifeIsGood169: mount the /dev/sdb1 and see what's that. $ sudo mount /dev/sdb1 /mnt
<xnox> I think my job is done here ;-) read lvm2 howto from tldp
 * xnox off to sleep
<LifeIsGood169> xnox: thank you so much
<smoser> erichammond, fyi, http://cloud.ubuntu.com/ami works now
<uvirtbot`> New bug: #1078530 in qemu-kvm (main) "upstart job fails to start under lxc" [Undecided,New] https://launchpad.net/bugs/1078530
<smoser> and its under code that ben and I can change.
<smoser> (where as before, as you probanbly noticed, i basically said "yeah, that sucks")
<erichammond> smoser: yay
<erichammond> smoser: How are these rows sorted?  http://cloud-images.ubuntu.com/locator/ec2/  It looks alphabetical by region except for ap-southeast-2
<erichammond> smoser: This is still missing ap-southeast-2: http://cloud-images.ubuntu.com/precise/current/
<cr3> is there something that enables me to easily provision different virtual environments (lxc, kvm, virtualbox, etc.) using a common interface?
<sarnold> cr3: have you seen juju yet?
<sarnold> cr3: https://juju.ubuntu.com/
<sarnold> cr3: it provides a nice layer over aws or openstack or lxc or maas and makes deploying services on them straightforward
<sarnold> I don't know if they have a kvm+qemu provider interface yet, but it feels like one would make sense
<cr3> sarnold: I'll have another look at it and consider what it might take to have a kvm+qemu provider interface if it doesn't have one yet, thanks!
<_BuBU> Hi
<_BuBU> probably better place to post my problem :)
<_BuBU> I've an issue with openssh after upgrading from 11.10 to 12.04
<_BuBU> 2012 Nov 14 09:27:03 srv01 fatal: Read from socket failed: Connection reset by peer [preauth]
<balboah> can I mark the root filesystem dirty manually somehow? I want to force a fsck upon boot since I don't have a boot CD and need to fsck the root mount
<balboah> found it, tune2fs -C 38
<balboah> but that was a cheating fsck with journaling
<maxb> Another option is 'touch /forcefsck' IIRC
<uvirtbot> New bug: #1078620 in quagga (main) "package quagga 0.99.20.1-0ubuntu0.12.04.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1078620
<uvirtbot> New bug: #1078633 in keystone (main) "Unable to remove all keystone related files after purging/removing the package" [Undecided,New] https://launchpad.net/bugs/1078633
<nopz> Hi there. i'm running ubuntu server 10.04 and I want to know the io usage by process per day, i know I can use Iotop for that but is there any tool that can sort after a day of monitoring the top io usage process?
<nopz> Actually I use iostat -oaP
<RoyK> nopz: I don't know any such tool - google led me to http://www.xaprb.com/blog/2009/08/23/how-to-find-per-process-io-statistics-on-linux/
<nopz> RoyK, thank you, will see
<uvirtbot> New bug: #1078666 in libunwind (main) "test-async-sig test fails on Ubuntu raring" [Undecided,New] https://launchpad.net/bugs/1078666
<samba35> my ubutnu server is installed on vmware vsphere 5.1 ,how do i get sound install on this server
<cloudman> any experts here on white screen of death
<obelus> Hi, my pptpd service is saying "GRE: Bad checksum from pppd." when I try to connect, this isn't a router issue, as I've tried local it from within the same network too.
<obelus> Anyone able to help?
<jamespage> hallyn, zul: you guys OK with me uploading a new ipxe snapshot? I'd like to drop our cherry picks
<zul> jamespage: i dont have a problem with it
<jamespage> zul: OK - I'll give it a poke locally first and then upload to raring
<obelus> ;['BG
<bananapie> I want to buy stickers, stuffed tuxes and other linux clothing. Other than shop.canonical.com, is there a website where I can buy this and the profits go to ubuntu ?
<obelus> Sorry guys. My cat jumped on the keyboard.
<uvirtbot> New bug: #1078699 in samba (main) "winbind won't start at boot" [Undecided,New] https://launchpad.net/bugs/1078699
<obelus> [;p\o0p9
<hallyn> jamespage: this is snapshot from upstream right?
<hallyn> jamespage: actually, i'm gonna be slicing and dicing that quite a bit in raring (per ppa:serge-hallyn/crossc) to match the new qemu layout
<hallyn> but for now it's ok of course
<hallyn> jamespage: is your upload going to also by chance fix bug 1025239 ?
<uvirtbot> Launchpad bug 1025239 in ipxe "kvm-ipxe does not support https" [Medium,Confirmed] https://launchpad.net/bugs/1025239
<jamespage> hallyn, yep
<jamespage> upstream snapshot and will close that bug
<hallyn> jamespage: \o/
<cloudman> anyone had problems with mcrypt causing wsod?
<zul> wsod?
<cloudman> white screen of death
<cloudman> restoring my sites, all seems fine but just get wsod
<cloudman> bloody annoying
<cloudman> sure mcrypt is responsible
<cloudman> getting an error message is already loaded
<cloudman> tried commenting out a few but no joy, its all over system
<dforthman> Howdy. I'm trying to find an opensource monitoring solution for my small business. Is GroundWork the best solution? Or does anyone know of another one that will do a better job? We are running mainly linux (15) and Mac OS X (6) servers, with 4 Windows servers as well.
<hallyn> jdstrand: do you have any objection to libvirt/apparmor always adding rw to "/var/lib/libvirt/**/*.vnc ? (per bug 1069534 )
<uvirtbot> Launchpad bug 1069534 in libvirt "libvirt doesn't include *.vnc files with apparmor profiles" [Medium,Triaged] https://launchpad.net/bugs/1069534
<jdstrand> hallyn: what are the contents of that file? all guests would be able to read each other's .vnc files if we allow that (typically we would add something to virt-aa-helper)
<hallyn> jdstrand: my guess is it contains the vnc password
<jdstrand> consider me objecting :)
<hallyn> jdstrand: so it should be done in virt-aa-helper with the precise filename?
<jdstrand> best thing would be a domain specific rule added via virt-aa-helper
<jdstrand> yeah
<hallyn> ok, thanks.  i'll put a comment there.
<zul> jamespage:  something funky is happening https://jenkins.qa.ubuntu.com/job/precise_grizzly_keystone_trunk/21/console
<jamespage> zul, odd
<jamespage> may have been on a restart
<jamespage> its has alot of jobs now
<jamespage> hallyn, zul: just uploaded ipxe fyi - looked to work OK (and I could see HTTPS support being advertised on boot in KVM)
<hallyn> jamespage: cool, thx
<hallyn> btw at some point i'm going to have to send out a call for testing on the new qemu packageset, give it a week, and then push it all into raring
<hallyn> maybe i'll do that next week.  best not to wait too long
<jamespage> hallyn, good idea
<wmp> hello
<wmp> ii have problem, i havent new logs in /var/log/auth.log
<wmp> this can by cause chmod 700 -R /var/log ?
<ScottK> Yes.
<wmp> ScottK: i give 660 for test and without changes
<wmp> nginx and lastlog is update, but auth, kern.log or dmesg not
<ninjix> I'm having a problem with openstack Horizon package install on 12.10. It keeps throwing an Authorization Failed "AttributeError: 'module' object has no attribute 'EmptyCatalog'" exception
<zul> SpamapS: ping
<SpamapS> zul: meetings now, then pong later
<zul> SpamapS: k
<ninjix> solved my problem with openstack-dashboard (Horizon), the strange error turned out to actually be a problem with my cinder-api configuration
<ninjix> love those python exception call stack dumps :)
<zul> jamespage: ping ill need an cloud-archive review tomorrow for swift
<roaksoax> SpamapS: when you get the change, could you please process sru bug #1078828
<uvirtbot> Launchpad bug 1078828 in openstack-resource-agents "[SRU] openstack-resource-agents uninstallable due to non-existant dependency" [High,Fix committed] https://launchpad.net/bugs/1078828
<roaksoax> jamespage: re, by BP spec you mean whiteboard right?
<jamespage> roaksoax, yep
<SpamapS> zul: pong now, wassup?
<zul> SpamapS: there is q python-keystoneclient/nova/quantum SRU that is pending im not sure whats going on with it can you have a peek?
<X-Sleepy-X> hi
<X-Sleepy-X> when connected to an ubuntu 12.04 server and type mysql shouldnt it be asking for a password?
<hallyn> stgraber: allrighty i've got a userns kernel that builds (only with one config option set :) - will take a break then see how badly it breaks boot
<hallyn> uh, not userns,
<hallyn> syslogns
<X-Sleepy-X> i mean when i type mysql -p it wont log me in
<X-Sleepy-X> but when i just type mysql it works
<X-Sleepy-X> without a password
<X-Sleepy-X> !!
<X-Sleepy-X> doesn't seem too safe
<SpamapS> zul: sure, its probably just backed up in the queue. But, lucky you, I"m starting a run through said queue in about 30 minutes.
<SpamapS> roaksoax: I'll push it to the top of my queue.
<zul> sweet...yay lucky me!
<SpamapS> X-Sleepy-X: you can connect, but can you do anything?
<SpamapS> X-Sleepy-X: type 'show grants'
<roaksoax> SpamapS: awesome, thanks!
<SpamapS> X-Sleepy-X: I believe by default, you will just have 'usage'
<stgraber> hallyn: nice!
<SpamapS> X-Sleepy-X: which means you can just connect
<X-Sleepy-X> Grants for @localhost     GRANT USAGE ON *.* TO ''@'localhost'
<X-Sleepy-X> thats what i get
<X-Sleepy-X> SpamapS: you were right
<X-Sleepy-X> thx
<X-Sleepy-X> :)
<Delemas> I'm using apt-cacher with Ubuntu 12.10. It keeps downloading the same package to 99% and restarting i.e. openjdk-6-jre-headless amd64 6b24-1.11.5-0ubuntu1~12.10.1. Any ideas why? Are others seeing this?
<Lavvy> Please latest ubuntu ships with openstack, dont understand what it mean?
<lifeless> I don't understand your question.
<Lavvy> Lifeless,  How do i access horizon after installing ubuntu server iso
<lifeless> Lavvy: you need to install python-django-horizon
<Lavvy> Lifeless; that is what confuses me, dont really understand what shipping with openstack means.
<lifeless> it means openstack is available in the Ubuntu archive
<Lavvy> So i have to still install it on my server, with command line?
<sarnold> or configure your bootstrapping to install it for you.
<sarnold> or see if the maas project's got some easy way to avoid having to type much.
<odiv> 'lo
<Lavvy> This one is quite tasking unlike the live usb demo we tested, it has good gui and horizon is on http://127.0.0.1, very nice for we windows users. Are they now different ?
<SpamapS> [A5
<SpamapS> doh
<SpamapS> zul: looking at the nova SRU right now. All the bugs attached nearly crashed my browser... :p
<zul> SpamapS: sorry about that
<SpamapS> zul: where's the centralized tracking bug?
<SpamapS> zul: this is way too big to evaluate as a series of patches
<zul> SpamapS:  for nova?
<SpamapS> zul: yes
<zul> SpamapS: there should be one adam_g did the upload
<SpamapS> adam_g: ^^
<zul> he aint here
<zul> crap...there isnt a tracking bug
<uvirtbot> New bug: #1078926 in ubuntu "raring instance failed to find EC2 datasource" [High,Confirmed] https://launchpad.net/bugs/1078926
<Phibs> When using NFS or SMBD, I get kernel panics with 12.10, any help would be appreciated. http://pastie.org/private/ngsvrewvgmebzx5xj2pq
#ubuntu-server 2012-11-15
<lvmer> I could use some help with an lvm setup. I keep doing it wrong. I just did a fresh install of 12.04. So setup should be straight forward, but I could use some help.
<xnox> lvmer: what's up. talk it out =)
<lvmer> I'm trying to make a large stripped lv for a smb share
<lvmer> no important / backup data will be on it
<lvmer> xnox: I've got 3hd's  sda, sdb, sdc
<lvmer> xnox: and right now sda seems to have a sub lv? for the OS [7gb] & swap [2gb]
<lvmer> xnox: & 100gb free, how do I get the extra free space into a new vg = vg0 with sdb & sdc
<lvmer> xnox: that's pretty much my question.
<xnox> lvmer: checkout out output of $ sudo pvs; $ sudo vgs; $ sudo lvs
<xnox> you probably want to make physical volumes out of your physical drives, then add those physical volumes into the volume group and then you can create big logical volumes
<xnox> lvmer: read http://tldp.org/HOWTO/LVM-HOWTO/
<lvmer> xnox: yah
<xnox> it's very short and sweet =)
<lvmer> lol
<xnox> and tells you how to do all of this.
<lvmer> yah I got all that... & it's easy on sdb & sdc, but I can't get sda to join
<lvmer> the vg spans the whole sda, while it should only be for lv = root & lv = swap_1
<lvmer> so I've got to like vg reduce, but it's weird xD
<lvmer> xnox: want me to paste the cut out from pvs, vgs, lvs?
<xnox> lvmer: right, it's usually to migrate one volume to a larger one. but if you really really want to resize it.
<xnox> lvmer: resize the file-system first, then reduce the logical volume.
<xnox> then migrate to stripped one......
<xnox> but.
<lvmer> xnox: I think the file system is already resized, I think I installed it that way with a 7GB partition.
<xnox> if it's a new install, the easier way is to.
<xnox> 1) connect all drives to a system & use command line from the installer to create a big vg across all of them & create your volumes
<xnox> 2) do the install from d-i and select the pre-created logical volumes as targets
<xnox> as a bonus you can use ubuntu 12.10 desktop cd to do the step 1, as it has all the lvm utilities =)
<lvmer> yah I think I have 12.04 server
<xnox> lvmer: sure, then you can create a big stripped partition. move your install from the 7GB logical volume to a big one. Then delete the small 7GB volume, enlarge the striped one.
<lvmer> xnox: I see what you mean
<lvmer> xnox: but I'd rather keep the system files separate from my eventual giant shared folder
<lvmer> xnox: incase I have to purge data & can do it without messing up the shorewall configs etc.
<xnox> lvmer: so what's the problem then?
<lvmer> I'm scared to vgsplit xD
<xnox> lvmer: why do you need vgsplit? the stippiness is the property of the logical volume, not the volume group (let me check that)
<xnox> yeah. that's correct.
<lvmer> http://paste.kde.org/607022/
<xnox> and the way I did vgsplit, is to calculate it a few times & then add a 300 MB margin on top for safety.
<lvmer> xnox: don't I need to get /dev/sda5 into it's own vg (ie: vg0)?
<lvmer> xnox: instead of vg = US2
<xnox> lvmer: $ sudo vgextend US2 /dev/sdb1
<xnox> lvmer: $ sudo vgextend US2 /dev/sdc1
<xnox> lvmer: $ sudo vgs
<lvmer> xnox: but I think another vg would be better?
<xnox> lvmer: no.
<lvmer> xnox: can't I divide the hdd into 2x vg's?
<lvmer> o
<xnox> lvmer: a vg group is more or less the devices you expect to travel / be always attached together.
<lvmer> xnox: OOOOOOOOOOOOOOOOOO
<xnox> lvmer: typically you want it as large as possible.
<lvmer> xnox: lmao... xD wow
<lvmer> xnox: this whole time I'm trying to split vg's
<xnox> lvmer: the strippiness/mirroring/snapshoting is all property of logical volumes that sit within the volume group and really have no clue what is backing the vg.
<lvmer> can I rename it?
<xnox> lvmer: yes.
<lvmer> sudo vgrename US2 vg0
<xnox> lvmer: don't forget to run $ update-grub & update-initramfs and check the boot menu after you do =))))
<lvmer> xnox: ooooo boi
<lvmer> xnox: ah this makes more sense now as vg0
<lvmer> updating grub
<lvmer> xnox: so update-initramfs -u
<lvmer> xnox: how should I check the boot menu?
<lvmer> fstab?
<xnox> lvmer: less /boot/grub/grub.cfg
<xnox> lvmer: fstab is a good one as well =)))))
<lvmer> lol
<lvmer> was it a bad idea to do this?
<lvmer> am I just going to have to re-install again lol. changing the vg of the boot lvm xD
 * xnox had a typo in my vg at install. I did have a facepalm over "intarnelhdd" vg name
<xnox> and renamed it =)))))
<lvmer> xnox: and you were ok? ok xD
<xnox> lvmer: no, you don't have to reinstall.
<xnox> lvmer: yeah, it feels like black magic and pixie dust, but it's really stable device-mapper stuff =)))))
<lvmer> ok
<lvmer> should I do a test reboot? xD
<lvmer> xnox: well hopefully it works
<lvmer> xnox: if not... it's down to the basement
<lvmer> xnox: k it worked xD
<xnox> lvmer: born again ;-)
<lvmer> xnox: yeeehawww. :)  So now I just need to create a massive lv
<xnox> lvmer: well, create it ~50% capacity. Once you fill it up you can increase/decrease it, snapshot it, etc
<lvmer> xnox: so $ lvcreate -i3 -L 300G -n lv1 vg0
<lvmer> xnox: ?
<xnox> lvmer: looks good =)
<lvmer> what is a good stripe size? 4kb? 8kb?
<lvmer> I think it's -I4
<sarnold> lvmer: with no data to back me up, I'd assume _much_ larger sizes, something like 128kb
<bananapie> Hi, I have three https servers running on the same IP. ports 443, 543 and 544. 443 has a private key and signed certificate. 543 and 544 both have the same private key, but each port has a different signed certificate. This is confusing apache, and apache is announce the certificate from 544 on 543. any ideas?
<qman__> you specify which certificate file to use in your virtualhost configuration; there's nothing to confuse
<qman__> ensure your virtualhosts specify which port they're on, and which certificate file to use
<bananapie> Yes, that's all setup
<bananapie> <VirtualHost *:544>
<bananapie> I have SSLCertificateFile and SSLCertificateKeyFile in each of the 3 hosts.
<bananapie> I think apache is confused because it has two different certificates for the same private key.
<sarnold> bananapie: can you re-create that bug on a VM or something?
<sarnold> two new keys, three new certs, and a bare-bones apache config?
<xnox> lvmer: 4MB ?
<bananapie> I'll try
<qman__> yeah, there shouldn't be a problem with that setup, so it's either an apache bug or an error in the config
<bananapie> ok
<bananapie> I'll check if there are any apache2 updates
<qman__> one possible workaround attempt in case of an apache bug would be to make a copy or hard link of the key by a different name, so there's three files according to the config but it's really the same key
<lvmer> xnox: I keep getting not enough allocatable extents
<lvmer> xnox: my command was: $ sudo lvcreate -i3 -I512K -L 350G -n lv1 vg0 /dev/sdb1 /dev/sdc1 /dev/sda5
<xnox> lvmer: $ sudo vgs ?
<lvmer> xnox: shows 400GiB free
<lvmer> xnox: 400.34g
<lvmer> xnox: vsize = 409.64g  vfree = 400.34g  #pv = 3  #lv = 2 #sn = 0
<lvmer> xnox: perhaps: -I512K   is throwing it off.
<xnox> lvmer: for some reason in cannot allocate enough space for that volume. try lower size.
<lvmer> xnox:  Rounding size (98560 extents) up to stripe boundary size (98562 extents)
<lvmer>   Insufficient suitable allocatable extents for logical volume lv1: 20043 more required
<lvmer> does that seem weird?
<xnox> lvmer: can you try $ sudo lvcreate i3 -I4 -L350G -n lv1 vg0
<lvmer> xnox: each extents is 512kb?
<xnox> and see if that uses less extents.
<xnox> lvmer: hah =)))
<xnox> lvmer: the maximum cap you can have is the maximum free space on a single physical volume
<lvmer> xnox: NO!
<xnox> lvmer: otherwise it will not be real stripes =)
<lvmer> xnox: idc if it's not real stripes
<lvmer> xnox: dang..... so it won't do it cause 1 HD is 100gb? while the others are 200gb?
<qman__> the stripes have to go somewhere
<xnox> lvmer: then got for two stripes, they will be spread across 3 drives and then you can have >200GB volume
<lvmer> xnox: so I just change i3 to i2?
<xnox> lvmer: maybe you don't want stripes at all.....
<lvmer> xD
<xnox> lvmer: yeah. and it's better to use 4MB stripe.
<lvmer> xnox: it's looking like I don't want stripes at all
<lvmer> xnox: how does 2 stripes work across 3hdds?
<xnox> lvmer: just create a volume with name and max size and then the full free space will be "a single filesystem"
<lvmer> xnox: I guess I'm going to unfortunately give up on stripes.... one day though.. one day I shall stripe lots of 2TB HD's. xD
<xnox> lvmer: because it needs two places to store each extend in the vg, and the vg has three physical buckets with free space.
<xnox> lvmer: hence there will be spread across them, since they are all "available".
<lvmer> lv's can definitely be resized right?
<lvmer> xnox: smaller / larger right? xD
<lvmer> xnox: nvm stupid question
<qman__> lvmer, it will keep two copies of each chunk of data, and put them on any two of the available disks
<xnox> lvmer: yes. but with reducing you resize the filesystem inside it first, with enlarging you resize the fs after.
<qman__> I don't know what it does to decide that but I assume it just picks wherever the most space is available
<qman__> or otherwise does it as evenly as it can
<lvmer> xnox: oh so is i2 = raid 1 ? cause I was looking for a raid 0 (similar) file system.
<lvmer> xnox: I thought all the extends would be in 1 place
<lvmer> xnox: well I got a 400gb lv1 now... so this is awesome. Thank you very much
<xnox> lvmer: https://docs.google.com/a/surgut.co.uk/document/preview?id=1bZ4yQIVgGaUGSYu3qiUHnQt3ieBZoqunP_DcleHCr3I#heading=h.8acu9ne05kh9
<xnox> lvmer: is a table comparing raid levels and performance gains
<xnox> lvmer: raid0 theoretically gives you N write speed, but the read speed is still x1
<xnox> lvmer: while raid1 gives you xN read speed, with ~x1 write speed, at the cost of 1/n space.
<lvmer> xnox: yah I know about raid's xD
<xnox> lvmer: and lvm implements RAID1, 0 & 1-0 raid levels ;-)
<xnox> with 0 level by default.
<lvmer> xnox: and stripping would be a RAID 0 example? right? the disks just apparently have to be the same size like a regular raid
<lvmer> xnox: ohhhhh 0 is default?
<xnox> lvmer: kind-of..... each physical volume is treated equivalent, so if you have /dev/sda1 /dev/sda2 /dev/sda3 and /dev/sdb
<xnox> it will not realise that actually there will be little performance gain spreading across /dev/sda*
<xnox> lvmer:  but checkout the --type option
<xnox> lvmer: for segment type.
<lvmer> how do you search a 'man' file?
<lvmer> man lvcreate
<xnox>  /
<lvmer> xnox: trying to search for type
<xnox> man man
<xnox> also helps
<xnox> or 'h'
<xnox> for help while viewing a man page
<lvmer> xnox: $ mkfs -t ext3 /dev/vg0/lv1     or -t ext4?
<sarnold> lvmer: I sometimes do MANPAGER=cat man foo | grep   or that sort of thing; 'less' is a very nice pager, but some tasks are easier done with other tools, and MANPAGER is a great way to get there
<lvmer> Ok I'm trying to auto mount this new lv in $ /etc/fstab   but I have some questions
<lvmer> the old files are still /dev/mapper/US2-root   instead of vg0?
<lvmer> should the new one be /dev/mapper/vg0-lv1   ?
<bfortified> I installed owncloud if i forward port 80 from the wan will i be vulnerable to attack can I change the port to somthing uncommon like i do with ssh?
<SpamapS> bfortified: some apps are stupid and redirect base on Host: without the port.. but owncloud is probably not that stupid.
<bfortified> SpamapS: i dont think I understand what you meen I have tried a dif port on apache and that appears to have worked, I navigate to that port and get the congrats your server is running but i caint seem to acces own cloud
<bfortified> figured it out <ip>:port/owncloud
<qman__> changing what port you use won't render you invulnerable
<qman__> it just means you're a little harder to find
<qman__> and by a little, I mean very little
<qman__> the average chinese bot won
<qman__> 't find you, and that's about it
<qman__> smarter bots and any human will
<patdk-lap> hell, google/bing/... will all find you very fast
<patdk-lap> cause the first time you use a browser with their toolbar installed, it reports back to them, and you will get scanned in a few min, if not faster
<patdk-lap> my friend tried that :)
<patdk-lap> put up a new website, on a non-standard port, and noticed google search had already indexed it and it was searchable within 2min, and he realized he had google toolbar installed
<uvirtbot> New bug: #1079022 in python-novaclient (main) "nova --version does not function as intended" [Undecided,New] https://launchpad.net/bugs/1079022
<uvirtbot> New bug: #1079032 in socat (universe) "execs children with SIGCHLD ignored" [Undecided,New] https://launchpad.net/bugs/1079032
<Daviey> Mornin' people! How is everyone is glorious day?
<koolhead17> hello Daviey !! Its bright & sunny as usual with humidity
<koolhead17> :p
<Daviey> koolhead17: I uspect your bright & sunny is in a different league to mine :)
<Daviey> suspect*
<koolhead17> Daviey: yes its added with humidity and topical climate :D
<Daviey> topical you say? :)
<koolhead17> or equatorial where sun god literally vomits his heat with ultraviolet radiation :D
 * smb thinks koolhead17 is missing Daviey pulling his leg...
<koolhead17> *tropical
<koolhead17> smb: :D
<smb> :)
 * Daviey must now be very careful he doesn't ever make a typo aguin.
<smb> Daviey, We don't do typos, that is artistic freedom. :-P
<koolhead17> smb: heh
<Daviey> :)
<uvirtbot> New bug: #1060632 in glance (main) "precise glance-client --insecure option doesn't work" [Medium,Confirmed] https://launchpad.net/bugs/1060632
<Arne__> hello, I have a litte problem with my ubuntu server, I assigned a static IP to eth0, but ubuntu changes this ip sporadic to another .. someone who can tell me how I can change this and where?
<xranby> Projektarybte: edit /etc/network/interfaces  http://www.fogproject.org/wiki/index.php/Ubuntu_12.04_static_ip_configuration
<Projektarybte> xranby: this is exactly what I have in my config
<xranby> is dhcpd still running?
<xranby> dhclinet
<xranby> dhclient
<Projektarybte> oh, yes itÂ´s running
<Projektarybte> but I declared the network config as static
<uvirtbot> New bug: #1069083 in libaio (main) "package libaio-dev 0.3.109-2ubuntu1 failed to install/upgrade: trying to overwrite '/usr/include/libaio.h', which is also in package libaio:i386 0.3.104-1" [Undecided,Invalid] https://launchpad.net/bugs/1069083
<darthanubis> drush installs fine, but I can't use "You are running the provision script as the root user. Exiting" It does not like sudo
<patdk-lap> darthanubis, hmm? isn't that ovious? don't run it as root, so you run it as root with sudo?
<dsop> SpamapS: ping
<uvirtbot> New bug: #1079212 in qemu-kvm (main) "network slow when 2 VMs using virtio net bridged to same pyhs. network device on kvm host " [Undecided,New] https://launchpad.net/bugs/1079212
<GhostFre_> How often does Ubuntu release security updates? Do you have like a patch thursday
<TheLordOfTime> GhostFre_, security updates are controlled by the security team, if i remember things right, they're in #ubuntu-hardened.  They get released as they're processed, I think, though...
<LauraA> Hi.  I just installed a new Ubuntu 12LTS Server (switching from Centos).  Everything's humming along except on boot, it just sits at the grub2 selection menu -- it doesn't auto-select the 1st entry.  If I hit 'Enter', everything continues on as normal.
<LauraA>  This is changed behavior.  A week or so ago, it *did* autoboot OK.  Where do I look for the cause/fix of this?
<uvirtbot> New bug: #1078922 in lm-sensors (main) "Fan runs unnecessary" [Undecided,Incomplete] https://launchpad.net/bugs/1078922
<smb> LauraA, One reason for not autobooting could be a failed previous boot, but then it should resume autobooting after one successful boot.
<uvirtbot> New bug: #1079229 in euca2ools (main) "Error reported to stdout instead of stderr" [Undecided,New] https://launchpad.net/bugs/1079229
<LauraA> smb: Hi.  I didn't know a prior failed boot 'gets in the way'.  I don't remember there being any failed boot, though.  Is there some way to verify/validate that that happened?  In the logs I guess .. but what to look for?
<smb> LauraA, It would be some file that grub looks at (though I don't know from the top of my head which one). And that actually should be removed when the server boots to the prompt once, so the next boot would be normal again. Otherwise all the timeout values are normally set in /etc/default/grub and then configured when you run update-grub
<smb> So the grub env is changed here in /etc/init/grub-common.conf
<smb> grub-editenv /boot/grub/grubenv unset recordfail
<smb> "grub-editenv /boot/grub/grubenv list" should show if recordfail is currently set
<samba35> my ubuntu server (12.04.1 ) is on vmware  and ubuntu is a dmz  (192.168.3.100/24)in my network (using utm on vmware also ) i have wireless tv (192.168.200.117 )  how do connect wireless tv to ubuntu to use minidlna
<LauraA> smb: Ok thanks.  I've got some sleuthing to do.  May be back later.  Cheers!
<SpamapS> dsop: pong?
<uvirtbot> New bug: #1077576 in mysql-5.5 (main) "/usr/bin/mysqladmin: connect to server at 'localhost' failed" [Undecided,Invalid] https://launchpad.net/bugs/1077576
<zul> hallyn: ping does this mean what i think it means http://libvirt.org/git/?p=libvirt.git;a=commit;h=2e03b08ead603c38c244aa9a1ecef6d73bb306be
<hallyn> zul: <blink>  pretty sure it does
<hallyn> zul: they have selinux, it has its own mknod denials...  why not use that?  huh
<zul> hallyn: awesome
<hallyn> zul: yeah, especially at the end of this cycle when we have stacking apparmor policies and user namesapces,
<hallyn> libvirt-lxc is gonna be a mess to try and keep up with lxc
<zul> *sigh*
<zul> Daviey: ^^^
<Daviey> ugh
<roaksoax> jamespage: ok so i will get this up and running and test the ha stuff works
<roaksoax> then will start modifying the hacluster charm
<jamespage> roaksoax, OK - I'm really interested in seeing how the sync's happen between quantum and the hacluster sub
<jamespage> for example when I 'add-unit quantum'
<jamespage> quantum will get installed first, and then the hacluster stuff
<jamespage> ...
<jamespage> roaksoax, if you just want to test quantum you can run a much more minimal charm set
<jamespage> keystone, mysql, rabbitmq-server and quantum should be enough
<roaksoax> jamespage: yes yet you need to stuff works at least I have tried it with HAproxy
<jamespage> roaksoax, I'm still seriously considering a refactor to push the quantum-server into the cloud-controller
<roaksoax> errr the cluster stuff works with add unit
<roaksoax> I agree but the server should probably be with the cloud controller
<roaksoax> s/but/with
<hallyn> note to self: make defconfig != make oldconfig !
<jamespage> roaksoax, gonna talk with adam next week about that - it feels awkward
<roaksoax> jamespage: the other option would be to have enough to separate charm then
<roaksoax> so that it got me the flood in the cloud controller independently
<roaksoax> err so it can be deployes
<roaksoax> freakibg voice recognition
<roaksoax> jamespage: there is going to be a problem if we remove unit and add unit again to reuse the mode though
<lvmer> Hi, I have some netbios, wins, or name resolution issues. Can someone help me troubleshoot them?
<lvmer> My samba share folders will not show up on the network, even without a firewall. & pinging from a different server yields closed ports.
<lvmer> 139,445
<jamespage> roaksoax, I think we should ignore the node reuse issue for the time being
 * jamespage burys his head in the sand
<jamespage> until the stop hook works or units are automatically terminated on remove-unit its never going to be pretty
<roaksoax> jamespage: indeed. i think its worth pushing for any of those features
<MontyMoose> Hello - quick bit of help if anyone's free. Running LTS 12.4. I have a rogue PHP script which runs from time to time and bogs the php-fpm process until I kill it. Problem is I have about 1000 php scripts running on the server and about 40,000 hits a day. I can find the PID from TOP, but can I find out which script is running on that PID? Which php process or which file etc?
<MontyMoose> Ideally I want to know   PID 5475 = /var/www/thisfile.php
<blkperl> MontyMoose: lsof
<sarnold> MontyMoose: probably lsof or fuser can get you there
<MontyMoose> thanks - I'll take a look
<sarnold> MontyMoose: you do run the risk that the php interpreter you're using may have byte-code compiled it all once at first use, and might not be able to blame the right script, but it's a good starting point.
<MontyMoose> pointing me in the right direction is a good start
<sarnold> MontyMoose: if that doesn't work, ask about strace when you return. it's complicated and ugly :) but it's a good tool. hehe.
<MontyMoose> I'm complicated and ugly - I'm sure we'll get on like a house on fire...
<MontyMoose> hmm - lsof seems only to log that php-fpm is running, doesn't show me which script it's running.
<MontyMoose> I think there might be a solution in PHP itself - there's a getpid() function which I could potentially log to mysql each time a script runs, but I'd rather not
<MontyMoose> the other thing that's odd is that I tell PHP to timeout after 20 seconds, and this process will go on for ever until I kill -9 it
<sarnold> MontyMoose: oh man :/ I was afraid of that.
<MontyMoose> because?
<sarnold> MontyMoose: you can attach strace to a process with strace -p pid
<MontyMoose> rigiht
<sarnold> MontyMoose: .. because debugging it by strace is ugly. :)
<MontyMoose> hm
<sarnold> MontyMoose: the horrible part comes from watching what it does and trying to figure out which of your scripts does those things. if you can catch sql being sent to mysql, you can grep for those, maybe narrow it down to a handful to instrument
<MontyMoose> I see
<SpamapS> MontyMoose: I've had this problem as well.
<MontyMoose> of course as it's now working perfectly - I can't find a PID which stays long enough to trace!
<SpamapS> MontyMoose: Logging the pid is the only way I solved it
<MontyMoose> in php?
<SpamapS> MontyMoose: yeah, the problem is that php opens the scripts, reads them all, parses them, and closes them, so lsof won't help you
<MontyMoose> I thought that might be the case
<SpamapS> MontyMoose: What you need to log is the URL
<SpamapS> MontyMoose: and potentially the arguments
<MontyMoose> yeah
<MontyMoose> well I suppose once you've put a function together you can pretty much log anything you want/
<MontyMoose> is it quicker to text or mysql?
<SpamapS> MontyMoose: logging in mysql seems... overkill. Just log to a file on disk.
<MontyMoose> ok
<SpamapS> file_put_contents('/tmp/pid.log', $_GLOBALS['REQUEST_FILENAME'], FILE_APPEND);
<MontyMoose> if I include other PHP files will they run in the side PID?
<SpamapS> MontyMoose: yes
<MontyMoose> *same
<SpamapS> MontyMoose: include just inserts the code in the spot where the include is
<MontyMoose> ok - so I need this in my global header really
<SpamapS> MontyMoose: my example forgot to include getpid(), but you get the point :)
<MontyMoose> yup
<SpamapS> MontyMoose: you can enforce a global include in php.ini
<MontyMoose> that's a good idea
<MontyMoose> then every file has to run it
<MontyMoose> I could wipe the file every night with a cron job, as I only need it if I notice a problem
<SpamapS> MontyMoose: auto_prepend_file
<SpamapS> MontyMoose: another option is actually to do an auto_prepend which creates a file per-pid, and then an auto_append that removes it
<SpamapS> MontyMoose: this would be fairly awful on disk, so make sure its only in /tmp, but that would let you see it for the pid that goes haywire without filling up disk w/ log
<MontyMoose> oh I see, so any processes which are running at that precise moment will have a PID open
<SpamapS> MontyMoose: and when I say only in /tmp, I mean only in a tmpfs partition
<MontyMoose> yeah
<MontyMoose> could I store it to a session_variable?
<MontyMoose> oh no - that would only work on the users machine
<MontyMoose> daft idea = forget that :-)
<MontyMoose> and we're not worried that file_put_contents will put a big strain on things?
<MontyMoose> server gets about 50,000 hits a day
<MontyMoose> thanks for all that - think I've got a plan now
<SpamapS> hah, 50,000 / day == 0.58 requests per second
<SpamapS> I think a rasbperry pi could handle that
<sarnold> SpamapS: static, yes, running php and doing mysql, maybe it's pushing it a bit..
<SpamapS> sarnold: not even
<SpamapS> sarnold: you have 1.7 seconds to finish every request...
<sarnold> SpamapS: somehow I read that as .58 seconds per request...
<sarnold> SpamapS: that does make more sense, even with the limited ram on board :)
<hallyn> utlemming: around?
<utlemming> hallyn: yup
<hallyn> utlemming: is there a bug in cloud-init in oneiric re handlnig of ssh public keys?
<hallyn> (put another way - i think ther eis :)
<utlemming> hallyn: not that I am aware of...what are you seeing?
<hallyn> if i lxc-create -t ubuntu -n o1 -- -S ~/.ssh/id_rsa.pub -r oneiric, the resulting container does not have my ssh key in ~/ubuntu/.ssh
<hallyn> utlemming: but with -r precise, it does
<hallyn> uh, -t ubuntu-cloud, sorry
<utlemming> hallyn: interesting...okay, that is likely a bug with the lxc-create template
<hallyn> utlemming: the key info IS in /var/lib/cloud/seed/nocloud-net/meta-data in the guest
<hallyn> which is why i figured it was a cloud-init bug, not template
<subman> I don't seem to be able to get my sendmail to work.  I keep getting the following error in my returned email: http://pastebin.com/daEnLx4B
<uvirtbot> New bug: #1079320 in lxc (universe) "ssh key not correctly used in ubuntu-cloud oneiric containers" [Medium,Triaged] https://launchpad.net/bugs/1079320
<subman> Here is my sendmail.mc: http://pastebin.com/VrN1qDcv
<roaksoax> jamespage: or better yet, still around?
<ScottK> subman: Most people in Ubuntu use postfix.
<roaksoax> hggdh: ping
<roaksoax> hggdh: do you need sponsorship of cobbler to -proposed?
<roaksoax> or has it been uploaded already?
<hggdh> roaksoax: I certainly do. Can you please check if it is now kosher?
<roaksoax> hggdh: is this were the SRU lieS? https://launchpad.net/~hggdh2/+archive/ppa
<hggdh> roaksoax: no, it is in https://code.launchpad.net/~hggdh2/ubuntu/precise/cobbler/lp-967815/+merge/132172
<hggdh> and bug 967815
<uvirtbot> Launchpad bug 967815 in cobbler "/var/lib/tftpboot directory permissions destroyed" [Undecided,In progress] https://launchpad.net/bugs/967815
<roaksoax> hggdh: cool, I'll upload it to precise-proposed for the SRU to be procesed then
<hggdh> roaksoax: IOU, thanks
<hggdh> roaksoax: I am still to prepare a merge for Quantal
<roaksoax> hggdh: has this been fixed in raring though?
<hggdh> ugh
<hggdh> roaksoax: IDK, let me check
<roaksoax> hggdh: alright, we need to fix it in raring... :)
<hggdh> if the cobbler version is the same... then we need it there also
<hggdh> on it
<roaksoax> hggdh: yeah, ok, I'll strip the patch from your branch, test it and upload it
<hggdh> roaksoax: thank you
 * hggdh cancels the Raring cobbler branch creation
<hggdh> yes, we need it on raring
<lvmer> I've got a samba problem. I can't see 1 of my servers on the network. It should be identical to my 2nd one. I think there is a name resolution or netbios or wins conflict?
<roaksoax> hggdh: does this look sane to you then? http://paste.ubuntu.com/1360923/
<jamespage> roaksoax, yep
<roaksoax> jamespage: ok so i was thinking this:
<roaksoax> jamespage: the hacluster charm, sets in the config what resource to configure in terms of HA. it tells the name and type/resource to use
<roaksoax> jamespage: currently, this is limited to only 1 resource per associated charm
<sarnold> lvmer: does smbclient -L -I<IP> show you information from both  servers alright?
<roaksoax> jamespage: so, to make things better, i was thinking on removing the definition of the resource to HA in the config for the charm (say HAProxy), and simply do that in the relation
<sarnold> lvmer: (forgive me, it's been a decade since I've had to debug smbd, my commands are liable to be wrong, but I hope the ideas are there...)
<roaksoax> jamespage: so, each charm to integrate HA, can simply send a list of resource to HA, with parameters, that will be set (an unchangeable) for the relation, rather than declaring them in the config
<roaksoax> jamespage: this way, if a charm needs various resources in HA, then it can simply send the list with its options, that the hacluster will interpret and execute
<roaksoax> acoordingly
<roaksoax> jamespage: now, this could also allow me to define resources_active_passive and resources_active_active
<roaksoax> so there would be a list for each type of resource
<roaksoax> jamespage: does that make better sense?
<lvmer> sarnold: not enough '\' characters in service... I ran \\192.168.0.18\share\    it leaves me with a  blank line
<hggdh> roaksoax: it does sound correct
<sarnold> lvmer: how about \\\\192.168.0.18\\share\\ ?
<sarnold> .. double all the \ to get them through the shell..
<JoeVLcek> Can someone please help me with a cloud-init issue regarding the default user?
<JoeVLcek> cloud.cfg now has: users: -default
<JoeVLcek> how does one specify the user name? for example how do I specify ec2-user ?
<JoeVLcek> is the new user functionality documented some place that someone can point me to?
<JoeVLcek> smoser: ping
<lvmer> sarnold: it asks for root password xD  that should be disabled. So I can't get past it xD
<sarnold> lvmer: there's command line options to tell it which user accout to try to use..
<lvmer> sarnold: doh
<lvmer> sarnold: ok it ran
<lvmer> sarnold: command seems to execute, but no list back on either 17 or 18.  ip 17 still shows up in windows explore on LAN computers though.
<roaksoax> hggdh: alright, I uploaded to raring, quantal-proposed, precise-propoesd
<roaksoax> hggdh: so it is just matter for someone on the SRU team to review, and make it available for verification
<hggdh> roaksoax: one day I will be as fast as you...
<sarnold> lvmer: but both think they're alive? did eithe rknow about the other?
<lvmer> they shouldn't know about eachother
<lvmer> sarnold: they shouldn't know about eachother
<sarnold> lvmer: no? I thought the whole point of magic nmbd things was that everyone knew about each other so they could elect leaders and the like?
<lvmer> sarnold: I think it's a name resolution or net bios problem, because both samba configs are idential & all shorewall ports are accept
<lvmer> sarnold: idk if I have magic nmdb
<sarnold> lvmer: ps auxw | grep nm, I bet it's there... :)
<hggdh> roaksoax: so I can delete the merge request I did for Precise, correct?
<roaksoax> hggdh: yes :)
<hggdh> done :-)
<lvmer> sarnold: aaahhhh.. it is on the working server nmbd -D,   but on 18..... it just says --color=auto nm
<roaksoax> /win/win 8
<roaksoax> err
<sarnold> lvmer: hrm. :) I wonder what kept nmbd from running on 18?
<lvmer> sarnold: no idea... I understand it is part of the samba package.... but how do I install it again?
<jamespage> roaksoax, I think that makes alot of sense - so the principle charm says to the hacluster subordinate - ha this stuff
<sarnold> lvmer: try running 'service nmbd status'
<lvmer> sarnold: you think this is an easy fix? or should I just reinstall and then restore the configs? Because I started nmbd but samba still doesn't show and nmap on another computer shows 18's 139 & 445 ports still closed
<sarnold> lvmer: and 'service nmbd restart' is probably a reasonable idea too; check /var/log/ to see if you can find the nmbd logs, they may be stuffed in a samba directory or something.
<jamespage> roaksoax, if you do that through the container relation then it can also use that relation presence to determine what todo with restarts of services etc... and coor with the hacluster charm
<lvmer> sarnold: stop/waiting
<roaksoax> jamespage: yeah! I'll have the charm modified and test it out
<lvmer> sarnold: /var/log/samba/log.nmbd
<lvmer> sarnold: no network interfaces found
<lvmer> sarnold: lib/interface.c:543(load_interfaces)
<sarnold> lvmer: ooh very curious :) I wonder why -- misconfigured?
<sarnold> does it have .17 address in its listen line or something?
<lvmer> sarnold: I bet so!  http://paste.kde.org/607436/
<lvmer> sarnold: where is the network interface file I should be looking at? xD
<uvirtbot> New bug: #1074876 in mysql-5.5 (main) "package mysql-server-5.5 5.5.28-0ubuntu0.12.04.2 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Medium,Invalid] https://launchpad.net/bugs/1074876
<sarnold> lvmer: it might get it out of smbd.conf or whatever..
<lvmer> sarnold: does this seem bad to you? http://paste.kde.org/607442/
<sarnold> lvmer: does 'ip addr show' show you the 'em1' interface?
<lvmer> sarnold: no... should it be 'eth0'
<sarnold> lvmer: probably; whichever interface the machine should use. :)
<lvmer> sarnold: how come .17 also has that command and no em1 interface?
<sarnold> lvmer: no idea :)
<lvmer> sarnold: well the ports on .18 are open now
<lvmer> sarnold: but still no windows explore access
<sarnold> lvmer: mmhm, that may take a while, i found sometimes the easiest way to force windows clients to see new systems was reboot them or maybe reboot the old master, force a new election
<lvmer> sarnold: can you have 2 masters? I think that might be a problem for me.
<sarnold> lvmer: only one master.
<lvmer> in the smb config right?
<lvmer> what if you have none?
<sarnold> lvmer: they elect themselves
<sarnold> lvmer: the 'master = yes' just says that that machine will participate in elections
<lvmer> ok rebooting all
<lvmer> sarnold: I put perfered master = no for one of them just incase. But domain master = yes for both
<sarnold> lvmer: sounds good.
<lvmer> sarnold: lol .17 doesn't work now lol
<sarnold> lvmer: o_O
<lvmer> sarnold: I set both to interfaces = eth0 em1
<lvmer> sarnold: rebooting
<lvmer> sarnold: no network interfaces found lol
<lvmer> sarnold: nmbd did not start on either
<sarnold> lvmer: ooof. :)
<lvmer> sarnold: well the both have the same open ports from nmap. It's got to be an interface problem or something. .17 & .18 not accessible... but from the logs .17 thinks it is the master & has no errors.
<lvmer> if my network interface is eth0 ? can't I use that for samba? why did it work when it was set to em1?
<sarnold> lvmer: no idea there. :/
<uvirtbot> New bug: #1062902 in mysql-5.5 (main) "package mysql-server-5.5 (not installed) failed to install/upgrade: el subproceso instalado el script post-installation return the error  code 1" [Medium,Invalid] https://launchpad.net/bugs/1062902
<lvmer> sarnold: I got it! I redid the entire smb.conf & both servers work now. Thanks a ton for the trouble shooting help. There were definitely some network name & bind errors.
<ZLoy> Hello one little question - i have server with ubuntu and want translate stream from my laptop with Traktor to that server. What software for streaming is better?
<ZLoy> somthing like translate sound stream to internet from my dj rig..
<subman> Any idea why my server would suddenly just stop serving web pages?  It was working just awhile ago.
<SpamapS> subman: stop serving web pages how?
<sarnold> subman: anything in the logs?
<SpamapS> subman: like, 500 errors, or never responds?
<subman> SpamapS, 507 and 508 codes found
<SpamapS> never seen 50x's before
<genii-around> Maybe /var/log/apache2/error.log   might hold some clues.
<SpamapS> you're all assuming apache. ;)
<SpamapS> probably a good assumption, but still. :p
<subman> Yes, apache, sorry
<subman> Here is that last line in the access log:
<subman> 173.206.102.89 - - [15/Nov/2012:16:37:36 -0500] "GET / HTTP/1.1" 404 508 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
<genii-around> 507 is Insufficient Storage
<subman> df
<subman> oops
<subman> Last line of error log:
<subman> [Thu Nov 15 16:37:36 2012] [error] [client 173.206.102.89] script '/var/www/index.php' not found or unable to stat
<subman> The index.php file is there
<genii-around> Then likely "unable to stat"  might be due to these WebDAV errors.
<subman> How to check?
<subman> It was working literally an hour ago
<subman> Could a bad .htaccess be causing this?
<genii-around> subman: I would more suspect that you're just running out of room on your server.
<subman> genii-around, On the hard drive?
<genii-around> Yes.
<subman> On / I have 36 G of which 22 G is free
<genii-around> subman: What about /var ?
<subman> genii-around, /var is on /
<genii-around> subman: Does df -h show any partitions which are getting filled up?
<sarnold> subman: how about ls -ld / /var /var/www /var/www/index.php   ?
<subman> sarnold, http://pastebin.com/RQbTFqEb
<sarnold> subman: ls says that file doesn't exist...
<subman> The file is there
<sarnold> at least permissions above it look sane enough.
<sarnold> don't argue with me, argue with ls -l :)
<subman> :)
<subman> sarnold, oops
<sarnold> subman: the + does mean that there are extended access controls on the directory; perhaps your user account and the apache user account have been forbidden to read or execute that directory?
<subman> sarnold, http://pastebin.com/xZyfJqS4
<sarnold> subman: okay; how about the directory access control lists? I _think_ that's something like getfacl /var/www -- but it's been ages since I've done that.
<subman> sarnold, why in the world would any of this have changed?
<sarnold> subman: half the time people notice unexpected changes, it's because a buddy was doing things and forgot to tell people / forgot to finish. a large part of what's left is folks noticing they've been in-elegantly hacked... the remainder are harder to explain. :)
<subman> I'm wondering if hacked
<subman> I guess del and reinstall?
<ScottK> It's unlikely you're hacked.
<ScottK> Figuring it out could be a good learning experience.
<urthmover> When I add a ppa for postgres....how do I know that running apt-get install postgesql-9.1  is actually coming from the newly added ppa?
<sarnold> urthmover: 'apt-cache showpkg postgresql-9.1' or 'apt-cache showsrc postgresql-9.1' will probably output reassuring information.
<urthmover> well said sir.   I just man apt-cache  and found the apt-cache showsrc one   thanks for the quick answer
<sarnold> urthmover: there may be another mechanism, via 'pinning', to ensure you always get from the ppa version, but apt was more designed for distributions than for ppas.. check out the apt_preferences(5) manpage's section on "APT's Default Priority Assignments" and see if that looks amenable.
<sarnold> urthmover: "Pin: origin" may be useful.
<subman> Well I'm stumped here and have no idea where to turn.  Any ideas for me to look?
<urthmover> way cool sarnold
<sarnold> subman: when all else fails you can attach strace to your apache and try to catch it in the act of failing; but that's a miserable way to spend an afternoon. You're sure there's nothing else instructive in the logs?
<subman> Nothing that I can find
<lvmer> I could use some minor help with samba. When I set one of my folders to $ security = user  && valid users = @group1 greg john     ..... I can't log into the file... with either greg john or anyone in group1.
<subman> ok, now I am getting closer here!
<subman> In my browser I type http://site/index.html but firefox returns /index.php was not found.
<subman> It is looking for .php
<sarnold> subman: do you have any horrible rewrite games going on to re-write .html requests into .php requests?
<subman> sarnold, I'm looking into that right now
<subman> It seems it is my .htaccess is destroyed.
<subman> Can I just delete .htaccess?
<sarnold> subman: depends what it is supposed to do. :) most sites don't use .htaccess files since they're read and re-read on every incoming request, compared with the standard apache config which is read once at startup
<subman> sarnold, thanks, just reading up now.  Thanks for your help.
<phillw> hi guys, a very quick one for you. Based on the quote "I love standards, anyone can create one", which standard for Cloud servers is becoming more prevalent? I ask not for your 'favourite', but what you good people see in the fight between "BetaMax & VHS", etc. ?
<SpamapS> phillw: there's no "standard" for that.. just "providers" like EC2, Rackspace, HP, etc.
<phillw> SpamapS: is OpenStack making any inroads or should I base my complete newness on a different standard?
<SpamapS> phillw: There are currently 3 public openstack clouds you can get access to right now (HP, Rackspace, and Dreamhost, though that one is still limited I think)
<SpamapS> phillw: there are also millions of dollars flowing into the OpenStack foundation, so yeah, I'd say its making inroads ;)
<phillw> so, just like I had to make a leap over to gain 'Red Hat' certification for to be considered 'approved' in the commercial market, is using OpenStack similarly accepted?
#ubuntu-server 2012-11-16
<uvirtbot> New bug: #1079466 in cinder (main) "cinder-volume depends on tgt" [Undecided,New] https://launchpad.net/bugs/1079466
<brendon> hello room, got a dhcp question if anyone is interested....  I used this guide, "http://angrytechnician.wordpress.com/2010/07/23/how-to-stream-every-channel-from-freeview-onto-your-network/", but it overheats my router.  Could I turn my ubuntu-server into a dhcp server to stream RTP streams from tv tuners on that same server to save the router a bit?
<sarnold> brendon: dhcp is nearly zero load on a system -- it might save a few megabytes of memory from your router to free your router of the job, but your router would have to be just on the edge of available memory -- and in swap hell ....
<esuave> does anyone know how i can boot into single user mode without networking in 8.04?
<sarnold> esuave: sometimes just adding 'single' to the kernel command line will do it.
<sarnold> esuave: adding init=/bin/sh to the kernel command line gives you nearly nothing :) no networking, no X, no automatically started services. You're playing the role of init, so be sure to sync and remount root read-only if you can before rebooting. :)
<esuave> well it tries to start networking when i do that
<esuave> so if i add init=/bin/sh to the end of the kernel command it should drop me to a shell?
<sarnold> brendon: neat guide. maybe ont directly useful to me now, but neat to know none the less.
<sarnold> esuave: yes.
<esuave> ty ill give it a shot
<brendon> hey thanx sarnold for reply.  i wasn't plugging the guide, just assumed it must be able to be done so i went googling one day.  hmm.... so i'm guessing the router has some type of internal memory that is quite small and it uses that to switch between all the routes to keep a constant stream going?  I don't know much about this stuff, only enough to get the server up and running and doing a few things.  the router coo
<brendon> ks itself after 24 hours, even if no-one is connected to the streams.  the sap-server doesn't seem to load it up without dblast going.... anyway, do you know what I might have to learn/a good direction to go to educate myself about doing such a thing on dhcp server?  does it recognise the 239.255.blah.blah numbers automatically like a router does?  thanx heaps for your help hey.
<sarnold> brendon: hrm; are you sending the data from all the streams through your router all the time?
<sarnold> brendon: is there no way to drop a switch on the network and remove the router from the streaming?
<sarnold> (and yes, routers are typically very ram limited, though forwarding streams of data will probably not tax RAM too much -- just keep the kernel, CPU, and NICs awake and drawing too much power)
<brendon> yeah, i live in a share house and want anyone to connect to any channel at once.  I have three computers in my room, on a switch,  plugged into the router of the fellas upstairs who own the internet connection.  i believe some of the other people have some switches too.
<brendon> i mean "yeah" they were all streaming at once
<sarnold> brendon: cool sounding setup. :D I'd try to add a switch between the router and _all_ the other machines -- have two wires going to the router, one to the internet, and one to a new switch.
<brendon> yep thats done upstairs already.... im just wondering though if i could utilize this dhcp thingy already installed on my ubuntu-server box?
<sarnold> ahhhh
<sarnold> you could; but then your machine would have to be on all the time, and the router would have to be configured to _not_ do dhcp. I'm not sure it's worth the trouble, but it's certainly possible.
<brendon> we got two servers on all the time mine is one of them - its handy to have access to your media on the phone while on the train thinking "ive got that song somewhere, i know i do".  hmm.... configure router to not do dhcp - does this mean then, say, that two routers cannot connect to the same connection?  And I'm guessing too that one router (or dhcp server) can't be used as a "child" of the other somehow?
<sarnold> brendon: dhcp just hands out addresses and dns configuration and similar tasks; I don't really see here there is a "connect to the same connection" or "child" relationships..
<brendon> ok, well, what i was hoping was to somehow leave the "other people's" router alone while being able to dish out rtp streams via the dhcp, but i guess not possible.  thanx heaps hey, this was hard to find an answer to on the www
<sarnold> brendon: I'm still confused though :) when you say "dish out rtp streams  via the dhcp" .. what do you mean by that?
<sarnold> dhcp is pretty simple and feels a bit unrelated; when a machine turns on, it sends a DHCP REQUEST, and a DHCP server replies with an address and maybe DNS servers to use, and a lifetime for how long that address is valid. Then the two machines don't talk for a few hours until the client wants to renew its address (often before the expiration, to give a down server a chance to come back...)
<brendon> um, say use the already running server to "take care" of the rtp streams independant of the router.   i don't know much about this stuff hey, i'm walking through thick fog and muddy waters here about ipconfig alltogether.  to put things in perspective, i don't even understand what the netmask is as ive not needed to use it yet
<sarnold> ah, okay. :)
<brendon> aah ok.  see, i had this idea, after getting this working, of sstreamlining and  selling these "tv streamer" boxes as tv tuners are pretty cheap these days, and it is not much load on the cpu.  but ppl aren't gonna want anything that cooks their router, so i was hoping for a more "encapsulated" sollution.  Dang.
<sarnold> brendon: hrm, one possibility... are the rtp streams being sent over ethernet broadcast or via the network-local broadcast address?
<sarnold> maybe the little router's ethernet is forced to inspect the packets if they are broadcast packets, it may not have much choice. :/
<sarnold> brendon: look into _multicast_ streaming; that ought to use ethernet multicast addresses instead, and that will probably let your poor little router cool down
<esuave> it shoots me to a prompt if i use init=/bin/bash but it won't let me type or do anything
<esuave> is there a way to disable the nic in the kernel params?
<sarnold> esuave: yikes, that's pretty bad.
<esuave> i can boot the dang thing just fine into the OS, the only thing I'm trying to do is stop it from pulling the darn static IP i gave it cause there is another duplicate IP on the network
<sarnold> I think a lot of drivers do let you use something like e100.disable=1  to disable the driver... check modinfo <foo> output for your card
<esuave> i would shut off the interface on the switch but i don't have access to it :/
<esuave> yeah and when it boots it pulls that IP and screws up another server cause it has the same IP
<esuave> so I'm just trying to get it to boot so i can change the IP in /network/interfaces
<sarnold> esuave: hrm, but 'single' wasn't good enough to fix the address and reboot?
<esuave> no cause it trys to start the interface and gives it an IP
<esuave> its retarded why single user mode starts networking
<brendon> low cpu usage meaning i could use junk/cheap low spec machines.  current server is a 4 year old low spec laptop and streams 9 channels at once on one client no worries.  client has a bit of trouble though...  um, well, i dunno.... they are all addressed as 239.255.x.x, which that dude in the guide reckons are special addresses that routers know are rtp streams.  the only way i know to connect remotely is with the ext
<brendon> ernal ip or using my crappy 3rd level domain name, which of course just fowards port 80.  so yeah, I'd say its local streaming only.  got all ports open to the server - got a few things running haha.  oh yeah, the rtp thing is multicast hey, well, at least on here as many ppl as they want can connect to the one stream - and aparently it doesn't use extra bandwidth - according to that dude.  but the router was burning
<brendon>  out even with no connections to the streams but with them "ready" to connect - or being served by dvblast
<sarnold> brendon: ah, good. then you're already doing everything right, I think.
<brendon> oh... ok what a letdown.  Thanks for your help but, now I have a further understanding of what I am dealing with.
 * brendon abandons his get-rich quick scheme
<brendon> haha, it still works.  ah, irc, takes me back...
<sarnold> :)
<Daviey> Good morning... dank and miserable weather today, but the party in #ubuntu-server is the place to be!
<jamespage> morning all; morning Daviey
<Daviey> jamespage: what is your take on bug 1066845 ?
<uvirtbot> Launchpad bug 1066845 in nova "nova-novncproxy is not running; missing deps on websockify and novnc" [High,Triaged] https://launchpad.net/bugs/1066845
<jamespage> Daviey, hmm - not sure; I see a Suggests on novnc from nova-novncproxy which in turn has a dep on websockify
<Daviey> jamespage: yeah, but Suggests is essentially noise
<jamespage> Daviey, it should be a Depends - the service won't start without it
<jamespage> I suspect the reporter installed novnc and its fixed the issue
<Daviey> oh
<jamespage> Daviey, we should fix it in the next set of SRU's - its a minimal change
<jamespage> I suspect its suggests because novnc is in universe and nova-novncproxy might have been in main at some point in time
<jamespage> but its also in universe...
<Daviey> jamespage: We might need to re-work who is doing the next round of SRU's.
<jamespage> Daviey, yes
<marun> hi i need help in configuring forward lookup zone in  bind9. where can i get dummies documentation? I used ubuntu server guide. But it isn't enough helpful
<marun> any ideas?
<vezq> search for "bind tutorial"
<Cuacrzz> hello
<disposable> i have computer1 which is my gateway to ipv6 (using tunnelbroker.net). i also have computer2 which has computer1 as its default ipv6 route. i've enabled "net.ipv6.conf.all.forwarding = 1" on computer1 but computer2 still can't get any further than computer1. computer1 has no problem accessing ipv6 internet. what am i missing? more detailes here http://pastebin.com/EfdAU6e3
<xnox> "WARNING: Failed to create krb5 context for user with uid 0 for server" upon mounting nfs4 export
<zul> jamespage: yeh so we probably need a MIR for websockify
<jamespage> zul, its all in universe so I don't think so
<zul> novncproxy?
<uvirtbot> New bug: #1071591 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Invalid] https://launchpad.net/bugs/1071591
<uvirtbot> New bug: #1079611 in horizon (main) "Download Juju Environment Config gives wrong credentials" [Undecided,New] https://launchpad.net/bugs/1079611
<MoleMan> I have a samba share that is renaming a file to some garbage on the two devices I've checked on (one Android, one windows), the file is named correctly in the local folder, is there anyway to browse the share locally from the CLI, or anyone have any ideas what the issue is?
<MoleMan> aah, samba doesn't like colons: fixed, nvm thanks anyway :p
<MoleMan> took me that long to think of it after asking XD
<roaksoax> jamespage: howdy!!
<jamespage> roaksoax, hey!
<roaksoax> jamespage: ok so i refactored the hacluster charm, now im integrating it with the quantum charm
<jamespage> roaksoax, sweet!
<roaksoax> jamespage: so for now I'll do this: 1. make l3/dhcp agent run in the same machine, 2. make quantum-server run in all machines
<jamespage> I pushed a few changes to the charm today - mainly for a helper script to create private tenant helpers
<jamespage> roaksoax, that sounds good to me
<jamespage> the only other bit I can think of the the ip address assignment to the external bridge
<jamespage> technically I don't think that is required; so can probably just be disabled.
<jamespage> quantum will deal with creating IP addresses in ip namespaces on the active gateway machine.
<roaksoax> jamespage: right, so if it is still required, and the IP is known previously, we can handle that within the cluster as well
<iliv> hi, I was wondering why I get different numbers for total security updates when using apt-check and apt-get in this fashion: http://pastie.org/5387885 ?
<iliv> whoa, this is becoming mental, ran another apt-get update and now sudo apt-get -s upgrade |grep "^Inst" |grep -i securi |wc -l returns 0 while apt-check still shows there are > 0 security updates
<iliv> wth?
<iliv> I swear apt-get now ignores changes to my /etc/apt/sources.list where I move lines for security updates repositories to either beginning or the end of the file and after that when I run sudo apt-get update it just connects to security updates repos in either case.
<iliv> looks like some sort of caching or something
<iliv> let me try to remove those lines for security update altogether...
<BrixSat> Hello
<BrixSat> i need to make my server save all networt trafic for later analysis
<BrixSat> whats the best option?
<iliv> ALRIGHT, never mind what I said about apt-get ignoring my edits, those were lines starting with Ign for Translation-en_US that I glanced over...
<ropetin> BrixSat: lots of variables to that question.  How much data, what kind of bandwidth?  Storing on the local server, storing somewhere else?
<iliv> BrixSat, configure port mirroring if your switch is capable of that
<BrixSat> ropetin:  humm, data arround 150gb per month, storing localy , no switch access just the server it self
<ropetin> As long as you have the storage for it then, dumpcap to a ring buffer on local storage?
<ropetin> They you can at least analyze it with tshark or whatever
<BrixSat> :/ that is not bad, aint there any other solution more "easy" my boss aint that expert :p
<ropetin> OpenFPC
<BrixSat> =)
<ropetin> Or you could spend money on a NetWitness NextGen infrastructure
<ropetin> Although that is a lot of money
<hack> i am confused between using debain or ubuntu as my commercial server.
<hack> which should i prefer ?
<hack> benefits of ubuntu over debian ?
<iliv> ubuntu is hip :P
<hack> hip ?
<iliv> never mind, that is just a tongue-in-cheek statement :)
<highvoltage> hack: ubuntu has long-term support releases, which could be useful depending on your needs. you also need ubuntu server as apposed to debian if you want to use Canonical's services (like Landscape)
<hack> highvoltage: ok, but ubuntu is also as stable as debian ?
<hack> and i have checked the packges they are too almost same version.
<highvoltage> hack: that's not really a simple answer, but in terms of general purpose server stuff, the LTS release is synced from debian testing and already put through its paces, so it's very stable
<iliv> a question, why would apt-get -s update show those packages that are security updates as lucid-updates (I'm playin with the lucid here so...)?
<highvoltage> hack: (sorry for my broken english today, I meant, "there's not really a simple answer")
<hack> highvoltage: no need to be sorry :) language is not a prob at all :)
<iliv> UNLESS SOMEONE IS A GRAMMAR NAZI that is
<Tm_T> iliv: please...
<iliv> hack, http://askubuntu.com/questions/15314/debian-stable-vs-ubuntu-lts-for-server
<iliv> hack, http://askubuntu.com/questions/52066/what-is-the-difference-between-ubuntu-and-debian-server
<iliv> hack, http://serverfault.com/questions/389199/is-it-debian-really-more-stable-for-servers-than-ubuntu-lts
<iliv> also Google :)
<hack> iliv: thanks mate lot's of imp info :)
<iliv> yw!
<hack> there are not many landscape videos on the net.
<iliv> a question, why would apt-get -s update show those packages that are security updates as lucid-updates (I'm playin with the lucid here so...)?
<iliv> here's what I mean: http://pastie.org/pastes/5388180/text
<iliv> I'd really love to see what packages are going to be installed as security updates, but how?
<roaksoax> jamespage: in utils.relation_get("XYZ"), what happens if XYZ key=value has not been set?
<uvirtbot> New bug: #1079747 in cyrus-sasl2 (main) "package sasl2-bin 2.1.25.dfsg1-5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1079747
<jamespage> roaksoax, 'None'
<jamespage> empty string in actual fact
<jamespage> but the helper in the quantum charm converts that to None
<roaksoax> jamespage: to None or 'None'
<jamespage> roaksoax, None
<roaksoax> jamespage: so this should work then, right?: orders = {} if utils.relation_get("orders") is None else ast.literal_eval(utils.relation_get("orders"))
<jamespage> so you can do if utils.relation_get("xyz"): for example
<jamespage> yep
<roaksoax> jamespage: yeah I thought so... weird then... it fails :)
<jamespage> roaksoax, I checked on the ip address assignment thing in quantum; its not required
<uvirtbot> New bug: #1079751 in samba (main) "package samba-common-bin 2:3.4.7~dfsg-1ubuntu3.11 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/1079751
<jamespage> so I dropped it by default on the charm
<jamespage> users can still specify it but it comes with a health warning
<jamespage> roaksoax, lemme check again
<roaksoax> jamespage: ok I got it, i wasw using an outdated version of utils
<roaksoax> jamespage: do you have your utils.py in a location independently from the charm?
<jamespage> roaksoax, right - the one from ceph returns ""
<roaksoax> jamespage: i think you should make a stanndard one
<roaksoax> to make it reusable
<roaksoax> for every chamr :)
<jamespage> roaksoax, no but we need to - some of its already in python-charmhelper - buts thats not avaliable everywhere
<roaksoax> i see
 * jamespage berates himself for doing 'manual reuse' C-c C-v
<jamespage> lol
<roaksoax> :)
<BrixSat> the openfpc is great :)
<uvirtbot> New bug: #1077692 in mysql-5.5 (main) "package mysql-client-core-5.5 5.5.28-0ubuntu0.12.04.2 failed to install/upgrade: trying to overwrite '/usr/share/man/man1/mysql.1.gz', which is also in package mysql-client-5.5 5.5.27-1~ppa1~precise" [Undecided,Invalid] https://launchpad.net/bugs/1077692
<jamespage> zul, smoser, roaksoax, adam_g: ooo - I just saw the solution the metadata service access with quantum get proposed to grizzly
<jamespage> roaksoax, I just added a README to the quantum charm which is better than my wiki topic
<Daviey> jamespage: nice!
<roaksoax> jamespage: cool!
<jamespage> lp:~james-page/charms/quantal/quantum/trunk if anyone wants to know
<roaksoax> jamespage: some basic, initial support: lp:~andreserl/+junk/quantum lp:~andreserl/+junk/hacluster
<roaksoax> jamespage: so using your deployer cinder gets install error
<jamespage> roaksoax, does it?
<jamespage> do you need to amend the device its using?
<roaksoax> jamespage: maybe is it becuase i'm using canonistack?
<iliv> seriously, guys, this isn't even funny now that I logged to the production Precise server and I can't distinguish between generic and security updates
<jamespage> roaksoax, yes - you need to update the config to use the ephemeral disk instead
<jamespage> same with ceph
<roaksoax> jamespage: can't I just simply avoid it for now?
<jamespage> roaksoax, well I'm assuming you want to be able to test a instance running right?
<jamespage> actually yes - just ignore it - just don't try to present volumes to instances and you will be alright.
<roaksoax> yeah that should be enough
<iliv> see it for yourself: http://pastie.org/pastes/5388623/text apt-check says there are 6 security updates but which are those?
<roaksoax> jamespage: btw.. does the cinder charm create /dev/sdb, or does it expect to have a partition already?
<jamespage> it should create it all for you
<roaksoax> jamespage: so, if the disk only has /dev/sda... does it resize the disk to create sdb or what?
<jamespage> roaksoax, no - it uses a second device
<jamespage> the ephemeral disk in a instance for example
<jamespage> or in the CI lab the second disk in each server
<roaksoax> jamespage: ah I see
<roaksoax> jamespage: right so we expect the server to have 2 disks for example
<jamespage> yep
<jamespage> OS + Data
<jamespage> same for ceph
<jamespage> infact for ceph you want more disks - maybe ~8 ideally
<sarnold> iliv: this may help: http://www.ubuntu.com/usn/
<jamespage> but this is testing after all
<sarnold> iliv: note especially apache in that list, there's at least five apache packages...
<roaksoax> jamespage: right, so for cinder how do I specify a ephemeral disk ?
<jamespage> block-device: vdb
<jamespage> overwrite: true
<jamespage> roaksoax, ^^ try that
<roaksoax> jamespage: right, but do I have to amnually assign that to the instance, or the deployer does it or is it just"virtual"
<jamespage> roaksoax, ah - right - use a constraint to pick an instance type which has ephemeral storage
<jamespage> m1.tiny or whatever does not have this
<jamespage> instance-type=m1.small should do it
<roaksoax> jamespage: ok cool, thanks
<jamespage> roaksoax, the charm will unmount the /mnt filesystem it gets presented on automagically
<roaksoax> jamespage: ok cool!
<iliv> sarnold, it's just that it seems that sometimes these security updates appear with $release-security and sometimes $release-updates... why?
<iliv> I mean that happens within 0.5hr time frame
<iliv> it's not like I'm talking about a situation when new security updates became available and those appear to be coming not from $release-security repository
<sarnold> iliv: security updates are pushed into -updates after being published so that they can be distributed on the mirror network, rather than just live on security.ubuntu.com
<iliv> does that mean that apt-get gets confused sometimes or something?
<iliv> I mean
<iliv> clearly, if it shows $release-updates this repository was used first.. but what determines the order?
<iliv> the reason I'm worried about this is because I want to review manually what packages are exactly security updates
<iliv> to carefully plan upgrade process
<rbasak> "apt-cache policy <package>" can help you distinguish
<sarnold> iliv: that's a good question. I know we go through the trouble of pushing to -updates because it saves vastly on download time for users -- yay for the mirror network -- but I'm not sure how apt knows to prefer -updates over -security when the version number is going to be identical between them...
<rbasak> Security updates will appear in both -security and -updates
<rbasak> Non-security updates will appear in -updates only
<iliv> sarnold, I might be wrong, but essentially what I've experienced is that sometimes those security updates appear as -updates when I run apt-get -s upgrade |grep ^Inst
<iliv> like I've seen this with my own two eye on my terminal lol
<iliv> so far, the only way to see security updates would be to have security updates repositories ONLY in a separate apt source list file and pass it as an option to apt-get
<iliv> that works, but is a little heavy on typing :P
<rbasak> Or you could use apt pinning I think. Not sure of the details there though
<iliv> apt pinning is like a nightmare for me
<sarnold> iliv: indeed, it takes a little bit of time for the updates to make it to the mirror network
<sarnold> you may wish to just use your own apt mirror and monitor which packages enter the mirror that way
<iliv> still creating a bash alias for 'apt-get -s upgrade -o -o Dir::Etc::SourceList=/path/to/a/file.list |grep ^Inst' would be easier and faster :)
<iliv> single -o, of course
<uvirtbot> New bug: #1079794 in lxc (universe) "sudo: unable to resolve host.. when creating ubuntu-cloud container" [Undecided,New] https://launchpad.net/bugs/1079794
<roaksoax> jamespage: ok so I removed cinder/ceph from openstack.cfg and services deployed fine, machines started, but the script stays in "Waiting for all service units to reach 'started' state"
<roaksoax> jamespage: hook.output@INFO: Cannot find device "em2"
<roaksoax> jamespage: i guess it is an issue of using canonistack?
<jamespage> roaksoax, no - you need a second nic
<jamespage> just unset that option
<jamespage> gah - you will need to reboot the nova-compute host as well
<jamespage> I see a weird bug when not running on hardware that the juju agents lose connectivity to zookeeper
<jamespage> a reboot sorts its out
<roaksoax> jamespage: ok, so for quantum on canonistack i need to obviate (comment out) the ext-port relation setting in the hook?
<lvmer> Hey where do you guys go to learn ubuntu? Like is there a local club listing somewhere? I've 95% setup a home server by myself through online tutorials, but I'm just having a 2nd set of eyes on the configs / etc. would be helpful. It would be cool to interact or shadow someone better than me too.
<lvmer> but I think having a 2nd set*
<jamespage> roaksoax, spot-on
<roaksoax> jamespage: ok so I got it work in, cluster not fully configured dunno why though :)
<daniel_->  u
<matthewh3> can anyone help me install elgg - following this guide - http://docs.elgg.org/wiki/Install_Ubuntu - I tried "$ nano /etc/apache2/sites_available/default" but it doesn't exsist???
<sarnold> what doesn't exist? nano? or /etc/apache2/sites_available/default ?
<roaksoax> matthewh3: /etc/apache2/sites-available/default
<roaksoax> s/_/-
<webmonkey> Any advice using Chrootdir with Apache 2.2.14 on Ubuntu 10.04?
<sarnold> roaksoax: :D
<roaksoax> :)
<matthewh3> ty
<webmonkey> I added the ChrootDir Directive to the config file and restarted Apache but it doesn't seem to have any effect.
<webmonkey> as www-data I am still able to navigate to root.
<sarnold> webmonkey: how did you test that?
<webmonkey> 'su www-data' followed by 'cd /'
<webmonkey> Is there a better way?
<sarnold> webmonkey: was that shell started via a script from apache or something?
<patdk-wk> that is going be a LOT of stuff, you need to put into the chroot for apache and everything to work
<webmonkey> No, I was root when I ran that command
<sarnold> webmonkey: a configuration option in an apache file will only influence apache and its children
<webmonkey> patdk-wk I've heard that, just seeing how much of a pain it is lol
<patdk-wk> a royal nightmare, it's possible, and once you know EVERYTHING you need, make a script to update them all
<webmonkey> sarnold okay that makes sense, thanks
<sarnold> webmonkey: a better way to test would be to write a php script or a perl script and try to access resources like /etc/passwd that way....
<webmonkey> So bascially I should tell my client it's not worth the trouble? I intend to implement mod_security
<webmonkey> sarnold Gotcha, that's what I'm getting ready to try.
<matthewh3> do I need to download and unzip Elgg in a Apache folder as I've just done it in the default home folder - http://docs.elgg.org/wiki/Installation
<sarnold> webmonkey: you may wish to investigate apparmor instead; it doesn't require setting up a chroot environment just for apache
<sarnold> webmonkey: (apparmor is an alternative to ChrootDir, not an alternative to mod_security)
<webmonkey> sarnold will do, I've been intending to check it out anyway. Thanks!
<matthewh3> going to follow this guide - http://www.upubuntu.com/2012/03/how-to-install-elgg-social-networking.html - will get back if I need any help ty
<patdk-wk> webmonkey, mod security and chroot are two totally different kinds of protection
<webmonkey> patdk-wk I know. Just trying to have a more secure setup.
<patdk-wk> secure against what?
<webmonkey> The server hosts a publicly accessible website, and the client is rather paranoid because their server got hacked once.
<patdk-wk> this day in age though, I just throw up vm's dedicated to webserving
<patdk-wk> instead of attempting multiserver stuff with chroots
<patdk-wk> that so doesn't sound like chroot will protect them
<patdk-wk> it normally takes 2 hacks to root a server, 1 hack if you don't care about rooting it
<webmonkey> yeah I don't really feel that chrooting is necessary, but this is a client that thinks they know more than they actually do lol
<patdk-wk> and normally those hacks are easily found in php/perl/whatever cgi your running
<webmonkey> Im hoping mod_security will help with those potential issues
<patdk-wk> as long as it's updated, it should
<patdk-wk> and as far as rooting the server, normally that is the same thing, as long as you update ubuntu, it should be ok
<webmonkey> Cool, well I will start working on mod_security then, and will check out apparmor after that
<patdk-wk> doesn't mean you can't do some extra things, like remove suid/sgid from everything you don't need
<lvmer> ||  I've just got a quick syntax / terminal question  ||  if I want to redo the following: $ ls -l  command but change it to: $ ls -ld  .... what is the fastest way? http://paste.kde.org/608318/
<lvmer> ^^ like redo a previous command but add the '-d'   ^^
<uvirtbot> lvmer: Error: "^" is not a valid command.
<sarnold> lvmer: ^-l^-ld ought to do it; also, up-arrow, ^A, arrow a bit..
<lvmer> ah ^-l ^-ld worked well. Thank you. Yah I was just wondering if there was a faster way than pressing up arrow and scrolling through the characters. :)  much like: sudo !!      :)
<sarnold> lvmer: you can also refer to the last argument on the previous command line with !$ -- ! for history, $ for last -- so ls /long/and/anonying/path   followed by cat !$ or rm !$ or whatever...
<sarnold> so the next command could be ls -ld !$
<lvmer> sarnold: aaaaaahhhhhh I like that too. :)
<sarnold> lvmer: I probably didn't learn !$ until I'd been using linux for 15 years. I'm not sure when it was introduced, but I've liked knowing it. :)
<lvmer> sarnold: yes... it is making a world of difference already... wow. & if you didn't know it already: $ sudo !1    = sudo apt-get update && sudo apt-get upgrade
<lvmer> sarnold: at least for me on 'ubuntu-server'
<sarnold> lvmer: hahaha
<sarnold> lvmer: I can't trust my !1 to be the same thing every time... a bit dangerous with a 'sudo', too. :D
<lvmer> sarnold: yah crazy huh? I found it through a complete mistype
<lvmer> sarnold: my new home server has really been kicking butt lately. :)
<lvmer> sarnold: & I setup my pidgin account to auto login here.... so I'll probably be around a lot. xD
<sarnold> lvmer: woo :)
<zastern> When I'm doing something like this inside an environment, do I need to specify the environment in this "url"? puppet:///modules/unattended_upgrades/50unattended-upgrades-12
<zastern> like puppert:///staging/modules/foo/bar/etc
<[conrad]> Hello everyone. Is it possible to configure automount, so that it mounts /home/$user via NFS if we authenticated via LDAP, but uses the local drive if it matches a local user? We have a localhost guest account on all of our Ubuntu machines, and we have no problem doing NFS entirely, or local disk entirely, but having some issues doing one primarily with a fallback of the other.
<thafreak> Is there a recomended/prefered iscsi target implementation in precise?
<thafreak> it looks like iscsitarget is in universe but tgt is in main...is that correct?
<thafreak> and if so, does that mean tgt is prefered, since it's in main?
<thafreak> or lio also seems to be in the repos...
<matthewh3> can anyone help me install a elgg plugin - http://paste.ubuntu.com/1363554/
<roaksoax> clear
<uvirtbot> New bug: #990102 in cloud-init (main) "/var/log/upstart is missing" [Undecided,Confirmed] https://launchpad.net/bugs/990102
<episteme> hello everybody! Quick question...nothing big just bugging the hell out of me. When i log in i get a message that there are updates to be installed. I run apt-get and of course there is nothing....how can i reset these messages?
<[conrad]> episteme: Which apt-get command are you executing exactly?
<[conrad]> Also, can you pastebin the exact message that indicates "there are updates to be installed"?
<episteme> [conrad]: well when i get the message i run the basic apt-get update then apt-get upgrade like ive alwasy done :)
<episteme> the message is not from apt-get its when i log on in the motd
<episteme> i guess i should have phrased the question to ask how to reset them in the motd
<[conrad]> episteme: I've not personally experienced the issue ( presuming we're talking about packages, and not the actual release ). Though I do remember a bug in 10.x ( https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/659738 ).
<uvirtbot> Launchpad bug 659738 in sysvinit "Duplicate welcome message in motd (caused by postinst script creating motd.tail file)" [Medium,Fix released]
<[conrad]> episteme: http://askubuntu.com/a/44163 better explains a solution if in fact this is the issue: http://askubuntu.com/a/44163
<episteme> [conrad]: yeah i found that thread and that is exactly what im experiencing. i attempted the solved solution but to no avail :(
<episteme> [conrad]: its such a small thing too...but its one of those things i want to know what cause it and fix it...just for the knowledge, but im lost lol
<matthewh3> can anyone tell me why I can't unzip on ubuntu server but I can on Xubuntu?  The folders contain multiple files and I am just using the unzip command.
<sarnold> matthewh3: pastebin what you've done and what results?
<matthewh3> thanks - http://paste.ubuntu.com/1363687/
<sarnold> matthewh3: what does 'file' show for that file?
<matthewh3> what do you mean :/
<sarnold> matthewh3: can you unzip that file just fine on your other machine? have you compared sha1sums to make sure they are identical?
<sarnold> matthewh3: type 'file social-connect' -- it'll tell you what type of file it is
<matthewh3> I can download it on Xubuntu and use archive manager to unzip it but on my Ubuntu VPS when I use the unzip command I get that error?
<sarnold> file(1) uses magic numbers and magic offsets to identify thousands of different file types -- and it is usually good
<matthewh3> root@coinconnect:/var/www/elgg/mod# file social-connect
<matthewh3> social-connect: HTML document text
<matthewh3> root@coinconnect:/var/www/elgg/mod#
<sarnold> matthewh3: there you go :) you downloaded some html.
<sarnold> nothing to unzip.
<matthewh3> kk
<matthewh3> ty
<sarnold> quite frequently a web site will use a cookie or something to determine whether they should give you a form to fill out or a file to download :( sometimes it's just easier to download things using browsers rather than wget or curl...
<imanc> does ubuntu come packages with postfix?  Postfix appears to be installed, on an ubuntu server I'm administering, but I can't seem to uninstall it via apt-get
<imanc> yet it's listed in dpkg --list
<sarnold> imanc: how did you try to remove it via apt-get? what error did you get back?
<imanc> sudo apt-get remove postfix
<imanc> and the error is:
<imanc> Package postfix is not installed, so not removed
<sarnold> but dpkg -l postfix shows you that it _is_ installed? very curious.
<imanc> yep
<sarnold> imanc: you can remove it via dpkg --remove postfix
<imanc> dpkg -l | grep postfix
<imanc> rc  postfix                           2.7.0-1ubuntu0.2                                High-performance mail transport agent
<jkyle> howdy
<sarnold> or dpkg --purge postfix
<imanc> okay, i'll try that
<sarnold> but be sure you want it gone :) hehe
<imanc> sarnold: that appears to have worked. Thanks
<jkyle> looks like my postfix chroot is screwey somehow. I'm getting errors like failure to resolv domains, failure to find service maps (like smtp). even though the chroot contains valid resolv.conf, hosts, and services files
<sarnold> jkyle: nsswitch, too?
<jkyle> identical to system, world readable
<jkyle> I also verified the libnss, libresolv libraries are there and I'm fully updated/upgraded (precise 12.04)
<jkyle> drop it out of chroot, all is well
<koolhead17> melmoth, around?
<melmoth> yep koolhead17
<koolhead17> melmoth, were you able to find/document getting keystone over SSL
<melmoth> hmm
<melmoth> in folsom there is a new thingy
<melmoth> but i m not sure i undersand what i read
<melmoth> if i understand correclty, now, you can have the token signed by keystone
<koolhead17> melmoth, https://bugs.launchpad.net/openstack-manuals/+bug/1032788
<uvirtbot> Launchpad bug 1032788 in openstack-manuals "Task: Document how to configure Keystone with SSL" [High,Confirmed]
<koolhead17> i was wondering if you could help me with this
<melmoth> last stuff i read was https://www.ibm.com/developerworks/mydeveloperworks/blogs/e93514d3-c4f0-4aa0-8844-497f370090f5/entry/openstack_keystone_workflow_token_scoping?lang=en
<melmoth> see the pki bits
<melmoth> but if i understand correclty, the token is still readable by other people
<melmoth> it s just signed
<melmoth> so you know it comes fro keystone , but anyone can read it.
<jkyle> well....
<jkyle> as far as fixes go, this was stupidly simple considering the time I wasted figuring it out lol
<melmoth> (it s encrypted all right, but with the private key of keystone, so any one with its public key can decrupt it, and be sure it comes from keystone)
<koolhead17> melmoth, i will think about it. thanks
<melmoth> i m still not sure its what "i want".
<melmoth> my main problem was not "not being sure my token comes from keystone"
<melmoth> but "i m not sure somebody else than whoever i think it is is using a token from someone else"
<melmoth> anyway, too complicated for me, too many stuff to learn
<melmoth> but my feeling is, it s still a bit on the hippie side of things.
<hallyn> woohoo!  stgraber: had some locking snafus, but finally got a owrking syslogns patch.
<hallyn> now to prepare for ridicule on lkml
<stgraber> hallyn: yay!
<stgraber> hallyn: btw, http://www.stgraber.org/2012/11/16/running-steam-in-a-lxc-container/
<hallyn> cool :)  guess i have no excuse not to try it
<sarnold> stgraber: nice :)
#ubuntu-server 2012-11-17
<uvirtbot> New bug: #1079941 in ceph (main) "-v version output is broken" [Undecided,New] https://launchpad.net/bugs/1079941
<LauraA> Hi.  I'm on Ubu12LTS.  apt-get update; apt-get upgrade offers a "linux-server" upgrade that's "held back".  To accept that upgrade, but STAY ON 12LTS, is "apt-get dist-upgrade" the right command?  I'm a little confused by a comment Online: ""apt-get dist-upgrade" does not perform distribution upgrade".
<sarnold> LauraA: for 'apt-get dist-upgrade' to actually perform a distribution upgrade, you would need to manually edit your apt sources.lists to _ask_ for the different distribution.
<sarnold> LauraA: apt-get upgrade will not remove packages; dist-upgrade will remove packages if it thinks that is the shortest path to upgrading as many packages as possible.
<ScottK> upgrade also won't add packages
<ScottK> Which is the specific issue in this case.
<LauraA> sarnold: I *just* found that.  So if I did NOT changes those source, I'm always "safe" running apt-get dist-upgrade?  Or should I stick with just 'upgrade'?  I have a ZImbra server which runs on 12LTS.  I *must* stay on that distro version IIUC.  Trying NOT to mess up here.
<sarnold> LauraA: there are reasons why Ubuntu prefers the do-upgrade-manager (I think that's the name) over apt-get dist-upgrade when upgrading distributions, but when moving from e.g. quantal to raring in early stages of the raring distribution, dist-upgrade should work fine.
<sarnold> ScottK: oh? cool.
<sarnold> ScottK: I've got 'apt-get -u dist-upgrade' on my finger macros for a decade now, I tend to forget the other exists. :) thanks.
<ScottK> LauraA: There is no risk dist-upgrade will move you to a later release.
<LauraA> ScottK: Ok.  So dist-upgrade, in effect, is just better at cleaning out trash ... at least in my current case?
<ScottK> In your current case.
<LauraA> ScottK: THanks a bunch!
<ScottK> Personally I prefer to just us upgrade unless something gets held back, then I dist-upgrade and pay close attention because packages are being added/removed.
<ScottK> For kernel packages with an ABI bump, this is normal.
 * ScottK has to go.
<sarnold> see ya ScottK
<lvmer> I recently copied over a bunch of pictures to my server & there were a bunch of 'thumbs.db' files from windows -_-     How do I search / delete all of these annoying files without hurting anything
<lvmer> $ ls -al /mnt/lv1/public/pictures\ \&\ videos/* | grep thumbs.db
<lvmer> returns well over 250 files
<lvmer> they are embedded in many folders/directories after /public/
<qman__> find /mnt/lv1/public//pictures\ \&\ videos/*
<qman__> find /mnt/lv1/public/pictures\ \&\ videos/* -name thumbs.db -delete
<qman__> make sure you try once omitting the -delete to ensure they're the right files
<qman__> see also: http://mywiki.wooledge.org/UsingFind
<lvmer> yup I tested the find command first. Thanks I haven't used it yet. xD 9 days in :p
<lvmer> qman_: thank you it worked beautifully.
<lvmer> what do thumbs.db folders even do?
<lvmer> no idea why these pictures I got from my mom's win7 had so many freaking thumbs lolz
<zeroblu3> hello
<zeroblu3> can someone please help me?
<zeroblu3> i'm on ubuntu 12.10 and it won't detect my hardware raid
<zeroblu3> heloo
<vezq> what is your hardware raid brand/model?
<eagles0513875_> hey guys I'm considering setting up some file shares is it possible to setup nfs to where it will require a username and password to access the share?
<melmoth> eagles0513875_, not that i am aware of.
<andol> eagles0513875_: kerberos
<eagles0513875_> :-/ what exactly are kerberos andol
<melmoth> kerberos is .... a (very) complicated authentication mechanism .
<andol> eagles0513875_: Well, you can setup kerberos to require the username and password, and have nfs require a kerberos "ticket."
<eagles0513875_> ok any good how to's as to kerberos is something entirely new to me
<andol> https://help.ubuntu.com/community/Kerberos
<andol> Yepp, there is definetly a threshold to get over if you want to use Kerberos.
<eagles0513875_> andol: I am more then willing to learn :)
<eagles0513875_> andol: would kerberos be a better alternative to using samba as a domain controller and radius authentication?
<andol> eagles0513875_: Those options does not neccesarily exclude each other.
<eagles0513875_> ok
<andol> And since you mention Samba, Kerberos is one of the major componenent in the Windows AD.
<eagles0513875_> ok
<eagles0513875_> well reason I'm asking about authentication si that I'm setting up this dedicated server as a file sharing server for me my gf and her brother for music movies etc between us
<andol> eagles0513875_: In that case Kerberos+NFS is overkill, especially if you have no previous experience with it. Also, if you will only be sharing media files you really don't need to precicely keep unix filesystem info that tightly.
<eagles0513875_> andol: i prefer to just for a layer of security
<eagles0513875_> is there no way to have ifs check username and password against the username provided and the password in the shadow file
<eagles0513875_> i know that can be done with samba
<andol> eagles0513875_: Well, assuming there will be both unix and windows computers connecting to it I would use Samba plain and simple.
<eagles0513875_> linux windows and mac
<andol> Yepp, stick to Samba, especially since as I mentioned there really not being that much NFS advantage in the case of media files.
<eagles0513875_> will do
<eagles0513875_> hopefully the documentation i found on how to forge works
<eagles0513875_> at least if it doesn't i have full control on reformatting
<eagles0513875_> andol: I am guessing i should keep the users home directories separate from the rest of the system in case i need to reformat?
<andol> eagles0513875_: Keeping /home on a separata partition is often a good idea.
<andol> Of course, you will want to have the home direcotires backuped up no matter what :)
<eagles0513875_> that is my next issue :-/ dunno to what
<eagles0513875_> andol: mind if i poke you if i need help as I'm doing this
<andol> eagles0513875_: Might as well ask the channel in general. Don't think I have touched Samba for three or four years so.
<eagles0513875_> ok
<eagles0513875_> andol: would something written for 12.10 be backwards compatible in terms of setup in 12.04
<eagles0513875_> http://www.youtube.com/watch?v=9n-vDVeyDCY <-- that is what i found not sure if its going to work but I'm going to give it a shot
<andol> eagles0513875_: In nine times out of ten, or so.
<eagles0513875_> ok I have nothing to loose at this point
<eagles0513875_> here is my first oddity i have found in this how to is libcups2 necessary with samba??
<andol> eagles0513875_: Samba also providers printer sharing capabilitlies, hence libcups.
<eagles0513875_> i thought so but i don't find it useful to be honest
<andol> Most programs contain feauture not everyone find useful.
<eagles0513875_> won't i need the printer connected to the server anyway unless I'm using ipv6 ?
<eagles0513875_> hey guys I am having trouble connecting to my file server via windows machine or mac machine i am using samba
<uvirtbot> New bug: #1078649 in ntp (main) "tzdata shows wrong date and no possibility to change it" [Undecided,Confirmed] https://launchpad.net/bugs/1078649
#ubuntu-server 2012-11-18
<uvirtbot> New bug: #1067560 in asterisk (universe) "package asterisk 1:1.8.13.1~dfsg-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Medium,Incomplete] https://launchpad.net/bugs/1067560
<uvirtbot> New bug: #1069190 in samba (main) "samba panic or segfault" [Undecided,Incomplete] https://launchpad.net/bugs/1069190
<briggz> 12.10 have a lot of issues or is it seemingly stable?
<Iceman_B> hi all, I;ve got something funky going on with my eth0
<Iceman_B> it seems that during the booting process, the ethernet card...turns off...or something
<Iceman_B> this didnt use to be the case :/
<Iceman_B> my router has a connection led lit when I turn the server on, but when Ubuntu starts....it turns off
<Iceman_B> and then proceeds to sit there without a connection
<Iceman_B> any ideas on how to fix this?
<ablyss> Iceman_B, try static ?
<Iceman_B> ablyss: it's a bit different
<Iceman_B> its like the NIC powers off or something
<Iceman_B> so I cant get it to have an IP in the first place
<Iceman_B> and after a few reboots it seems up again
<Iceman_B> this is erratic o_O
<Iceman_B> I did ran a "lshw -class network" earlier, and it showed eth0(the NIC in question) to be 'disabled'
<Iceman_B> so that would explain why it had no signal, even thoug ha cable was connected, but what could cause that>
<Iceman_B> ?
<ablyss> bad cable
<Iceman_B> its a CAT6 cable, and it;s been left alone for quite a while, do cables go bad like that?
<Iceman_B> it feels quite sturdy
<ablyss> would be worth the effort to grab a spare
<Iceman_B> that is true...
<Iceman_B> I'll see if I can swipe one from work
<Iceman_B> in the mean time, is there anything else that could cause a NIC to show up as 'disabled' ?
<ablyss> dunno, never heard of such before
<Iceman_B> mkay
<Iceman_B> well thanks anyways
<uvirtbot> New bug: #1080267 in samba (main) "package samba-common 2:3.6.3-2ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script was killed by signal (Terminated)" [Undecided,New] https://launchpad.net/bugs/1080267
<Handy> Hey my browser wont work
<Handy> can someone tell me if this account works
<Handy> on facebook and hotmail pls dont change my password
<Handy> passwords:ilovemyself1
<Handy> darrenjames666@hotmail.com
<Handy> darrenjames829@hotmail.co.za
<Handy> darrenjames111@hotmail.com
<Handy> jamesdarren923@hotmail.com
<Handy> darrenjameson121@hotmail.com
<Handy> darrenjameson122@hotmail.com
<Handy> darrenjameson1211@hotmail.com
<jwstolk> Hi, I'm trying to install 12.04 server (32-bit) from a SATA cd-rom to a SATA western-digital drive, on a Jetway NF9C-2600 motherboard (Intel atom).
<jwstolk> After the keyboard detect, the cd-rom detect fails. at that point I can't see the CD-rom, nor the hard-disk in /dev/
<jwstolk> booting with acpi=off and noapic did not help.
<jwstolk> The only similar reports I could find where about installing from an ISO image on a virtial-machine, or from an USB-drive, while I'm using a real SATA cd-rom drive.
<qman__> have you tried toggling your BIOS settings regarding what mode the drive is in? (AHCI vs Native IDE)
<jwstolk> In the BIOS setup, the hard-disk and cd-rom drive is visable, and the cd-rom drive is obviously used during the first part of the ubuntu installation.
<jwstolk> it's on IDE. I have not tryed AHCI.
<jwstolk> I set both the (not used) 3 Gbit/s and the 6Gbit/s ports to AHCI, and it looks like it is working now.
<jwstolk> thank you.
<jwstolk> In the installer, when setting up partitions, it looks like 1 MB = 1000 KB = 2000 sectors  (not 1024) ?
<qman__> yes
<qman__> in linux and the associated software, MB refers to metric, while MiB refers to binary
<jwstolk> ok. (I'm trying to match the partitions sizes on my external backup drive, which I configured using gparted, which used MiB)
<jwstolk> hmm, even when entering the partition sizes in KB's, I still end up with a 46GB difference at the end of the drive (based on the sector count in the drive specifications).
<jwstolk> I also can't enter the partition size in bytes, only KB's.
<jwstolk> a 1 KB (1000 bytes) would be rounded down to 1 (512 bytes) sector. interesting.
 * jwstolk started an libreOffice sheet for sector -> KB conversions...
<uvirtbot> New bug: #1080363 in nmap (main) "module 'citrixxml' not found" [Undecided,New] https://launchpad.net/bugs/1080363
<uvirtbot> New bug: #1080369 in qemu-kvm (main) "FreeDOS fails to boot in Qemu/kvm" [Undecided,New] https://launchpad.net/bugs/1080369
<spindritf> Hey, I have nginx from their repo deb http://nginx.org/packages/ubuntu/ precise nginx and would like to automatically update nginx, will that Unattended-Upgrade::Allowed-Origins {"${distro_id}:nginx";} in /etc/apt/apt.conf.d/50unattended-upgrades suffice?
<spindritf> is that line correct? I'm fuzzy on what origin and archive mean in origin:archive, never run a deb repo
<spindritf> was my question particularly ignorant or is no one around on Sunday?
<TheLordOfTime> have patience
<TheLordOfTime> :p
<TheLordOfTime> its one of the off days
<spindritf> yeah, I know, hence the follow-up, because sometimes your question can be so jaw-droppingly wrong that no one even bothers to answer, and sometimes there's just no one around
<d3ngar> Hi there
<d3ngar> I have a problem with my VPN server (pptpd)
<d3ngar> Somehow it is running, but not listening to any port
<d3ngar> Further to this, I thought I should have a virtual device in my network adapters (ppp0) that handles the connections to the VPN server
<d3ngar> I am somewhat confused, as I just followed a guide to set it up and it was working prior to me reinstalling the system
<Patrickdk> d3ngar, doesn't pptp use a protocol? not a port?
<vs177015> yo
#ubuntu-server 2013-11-11
<bananapie> Hello, my server monitor just went off, power saving or something. How can I force the monitor back on without touching the keyboard on the server? I am connected using ssh and the server does not have X installed.
<pneftali> tailing auth.log
<pneftali> lots of failed attempts on going... what to do ?
<xnox> pneftali: fail2ban denyhosts
<xnox> pneftali: i have those two installed to keep out people who constantly try to bruteforce my machine.
<pneftali> xnox: Thanks. I will try fail2ban. I have also read about using auth keys for ssh. But that does not seem to stop attempts, right ?
<xnox> pneftali: if you disable password login in sshd, it will.
<xnox> pneftali: e.g. i have an http server and I get constant requests to non-existant php pages attempting known php webforums et.al. rootkit attacks.
<xnox> pneftali: fail2ban is good like that to block all sorts of attempts to get in. They just waste my bandwidth I have to pay for =(
<pneftali> xnox: yeah. these guys sux big time -_-
<pneftali> i noticed last night my /dev/vda is using 92% of disk space... is this normal for a server machine ?
<pmatulis> pneftali: 92% of what?
<pneftali> pmatulis: how to check what sort of files are in /dev/vda ?
<pmatulis> pneftali: you want to know the nature of every file on your system?
<pneftali> pmatulis: just curious what's in /dev/vda that's taking too much disk space ...
<pmatulis> pneftali: how much space do you have?
<pneftali> 20gig
<pneftali> pmatulis: 20G
<pmatulis> pneftali: you can use the 'find' command
<pneftali>  /dev/vda is not a directory...
<pmatulis> pneftali: apply it to it's mountpoints.  i just found the 'ncdu' tool (apt-get install ncdu).  then do 'ncdu /'
<pmatulis> s/it's/its
<pneftali> pmatulis: it's weird. i installed ncdu. and ran ncdu command in /dev folder. it's listing vda folder has 0 Bytes
<pmatulis> pneftali: why are you doing /dev folder?
<pneftali> pmatulis: just a sec, i'll upload a screenshot...
<pneftali> pmatulis: got it. this is ncdu in root folder -> http://i42.tinypic.com/15fiw6d.png
<pneftali> pmatulis: while this is what df -h is listing -> http://i40.tinypic.com/2m62tjl.png
<pmatulis> pneftali: so most of your data resides under /var .  take a look there
<pneftali> pmatulis: why is it df -h is showing /dev/vda has 16G of disk space used ?
<pmatulis> pneftali: the 2nd url is broken btw
<pneftali> pmatulis: i'm sorry, try this one instead -> http://oi40.tinypic.com/2m62tjl.jpg
<pmatulis> pneftali: it all looks good to me
<pneftali> pmatulis: i'm confused. df is showing /dev/vda taking 16G disk space. ncdu is showing /var taking up 14.8G
<pmatulis> pneftali: yes, /var is taking up 15G, and the rest adds up to about 1G
<jamespage> morning folks
<eagles0513875> ok guys I have a samba share, and for some reason after following the official 12.04 documentation on how to setup samba and secure it I am having issues getting a system user to connect with the username and password on the server
<eagles0513875> I am trying to add the users i created to the samba share group
<eagles0513875> and for some reason they are saying they have already been added
<eagles0513875> any ideas would be greatly appreciated
<freakynl> Hi, anyone know if there are regressions, yet again, on e1000 with 13.10 server? My server has 2 NICs, em1 has about 12% packetloss pinging locally. If it's in rest first 6 pings are always gone, switch doesn't see the mac address in it's table unless I'm actually pinging (and get response). em2 has no issues with 13.10. Both work fine with win 8.1
<freakynl> em1 also seems to drop link for up to 27secs at a time, visible on switch end, nothing is logged in dmesg whatsoever
<strikov> Hi guys. I'm trying to install mediawiki inside LXC container on 13.10. Mediawiki package installs its content to /var/lib/mediawiki and creates Alias from /mediawiki/ to /var/lib/mediawiki. But apache can't access this folder (forbidden). I had to create a symlink from /var/www/ to /var/lib/mediawiki to make it work. Who prevent apache from accessing /var/lib/mediawiki directly? Is it apparmor (I didn't find any related config though)?
<ikonia> strikov: it may well be the container, rather than the local machine
<strikov> ikonia: it looks like I figured out what happened, saucy has apache 2.4 which uses another method of access control (e.g. Require all granted). It provides mod_access_compat to accept old access control rules but it seems to be broken.
<ikonia> bravo
<zul> jamespage:  https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/1250098
<jamespage> zul, ouch - you know that samba source package is at 4.0.x in debian right?
<zul> jamespage:  yeah i think
<jamespage> so we should drop the samba4 source package, merge samba from debian and deal with the delta in terms of deps
<zul> ah right
<zul> im not awake yet
<zul> jamespage:  poop..yeah i merged samba  from debian  at least we still need a MIR for faketime though
<jamespage> zul, that's the one
<zul> hallyn_:  is there a reason why we still have d/p/9002-better_default_uri_virsh.patch ?
<hallyn_> zul: not sure
<hallyn_> zul: without that, 'virsh list' woudl default to qemu:///session instead of qemu:///system right?
<hallyn_> i'd say build a test without it and check for that.
<hallyn_> or are you saying we should be able to set the default in /etc/libvirt/libvirtd.conf now?
<zul> hallyn_:  i think...im not sure
<zul> maybe i should go have a nap
<mdeslaur> zul: I can haz newer libvirt in trusty?
<zul> mdeslaur:  yes
<mdeslaur> zul: any idea of when? just curious...
 * mdeslaur wants the open CVE to die
<zul> mdeslaur:  fighting jetlag but working on it
<mdeslaur> zul: cool, thanks
<mdeslaur> zul: you need some of those special jetlag pills
<zul> mdeslaur:  yeah yeah
<mdeslaur> zul: side effects may include heart attack
<zul> hah
<zul> mdeslaur/hallyn_: it will be building here https://launchpad.net/~zulcss/+archive/libvirt-testing
<hallyn_> zul: ok, thanks, will test this afternoon
<hallyn_> in between giddilly dancing in the snow
<zul> with loincloth?
<hallyn_> i was thinking a kilt, but good idea
<hallyn_> rbasak: safe to assume you are not in the process of verifying bug 1190387?  (to clear the path for your SRU).  i'll start right now long as you're not.
<hallyn_> (well, starting until you shout stop)
<rbasak> hallyn_: I wasn't. Thanks!
<roasted> hello friends
<roasted> has anybody ever used ajenti? I was trying to look for a simple web UI to put on an ubuntu server 12.04 headless box for my parents/younger brothers who live at home. That way they could manage their own shares and such without having to be super fluent in SSH and terminal commands.
<roasted> I'm running it in a VM and it looks really nice. I'm concerned about dumping it on an existing server though... like if it would automatically recognize mdadm software RAID, samba shares/users, etc., or if it would require a fresh wipe on a new box with 0 things configured.
<rbasak> roasted: I'm not aware of any decent NAS-like software for Ubuntu Server. There are custom distros for that though - freenas seems to be the most popular one. It's BSD-based. Perhaps you could run it in a VM?
<roasted> FreeNAS? No thanks. That web UI is pretty confusing, and their volumes vs datasets vs this vs that isn't something I'd want to just put on a system and let the rest of the not-insanely-tech-savy family figure out.
<roasted> I've decided on Ubuntu, I mean, I already have an Ubuntu Server there running with Samba. It works.
<roasted> Thing is I want to get a web GUI on top so they can manage their own shares and whatnot.
<TJ-> roasted: webmin/usermin might help you
<roasted> something like zentyal, webmin, etc., but they have their drawbacks. So far Ajenti looks the best, and based on what I'm seeing in this VM I'm testing it with, it feels solid. I just wanted to ask around and see what others thought.
<roasted> TJ-: I considered webmin, but I hear webmin+ubuntu is kind of 'lol' in this day and age.
<TJ-> roasted: it works very well and has for a long time, even for complex set-ups
<roasted> TJ-: I understand there are a lot of things webmin can do under the hood that break functionality due to incompatibilities.
<roasted> Based on that alone I felt :/ abou tit.
<roasted> about it*
<TJ-> roasted: Yeah, I've been hearing that for years, but so far no-one has demonstrated any issue to me, and I've used it day-in/day-out for several years now with no niccups, in fact, it integrates with an existing server very well
<roasted> TJ-: sounds good. Well if you ever get curious perhaps Ajenti is worth looking at for sake of being aware of an alternative.
<roasted> I'm going to set up mdadm later along with samba on a spare box, dump ajenti on it, and see how it reacts.
<roasted> As long as it doesn't blow away any configs this will be a slam dunk win for what I'm after.
<TJ-> roasted: ajenti can't handle virtual hosting so its not suitable for my requirements
<roasted> maybe in time.
<roasted> its a young project with lots if gumption it seems.
<rostam> HI which channel I should ask about preseeding questions? thx
<roasted> I would think here...
<rostam> I have created automated installeder using ubuntu preseeding  which works fine accept it is still ask for language preference. Anyone can help me to make that quite also please? thx
<trevorj> Hi guys, I compile a custom flavor of the Ubuntu kernel for our boxen here based on Ubuntu's kernel git
<trevorj> I've been trying to figure out the proper way to create a source package that I can upload to an apt repo
<trevorj> Anyone have any experience with this?
<ausjke1> under 13.10, apt-cache search lsb_release has no output?
<ausjke1> also, https://launchpad.net/ubuntu/saucy/+package/libapache2-mod-fastcgi has powerpc version, but apt can not find it
<ogra_> ausjke1, why would that have any output ?
<ogra_> would be a pretty new feature that apt-cache can search binaries inside packages
<ausjke1> sorry, dpkg -S lsb_release
<ausjke1> dpkg-query: no path found matching pattern *lsb_release*
<ausjke1> on powerpc only
<ogra_> you want: dpkg -S $(which lsb_release)
<ogra_> unless you are currently in /usr/bin/
<ogra_> (or wherever that binary lives)
<ausjke1> ogra_: actually i think lsb_release is a package too
<ogra_> no
<ogra_> the package for the lsb_release binary is called lsb-release
<ogra_> (no underscores in package names allowed)
<ausjke1> ogra_: youre right, it's lsb-release, which is a package
<ausjke1> sorry
<ausjke1> the reason i could not find libapache2-mod-fastcgi is that, i built my rootfs from the minimal core tarball
<ausjke1> which does not have multiverse in its sources.list, where the fastcgi resides
<ausjke1> now it's all set
<zul> jamespage:  heads up https://review.openstack.org/#/c/52725/
<ausjke1> just realize that to install lsb-release I need pull in 18MB, mostly python3 stuff, what the
<ausjke1> who wrote that? that should really be a 1K program
<ausjke1> and...varnish is not working on 13.10, worked well with 12.04
<jamespage> zul, networkx concerns me
<jamespage> (transient dep)
<zul> its in universe
<jamespage> yeah - I know - and it will pull in a load of other things
<jamespage> igraph might be lighter
<zul> igraph?
<infused> hello
<infused> is there a way to get apache2 not to use the root path /var/www/?
<galaris> change rootdir in conf?
<galaris> in /etc assuming you are on linux
<Cactusbiter> Ok, question
<Cactusbiter> I can't get my burned image to be accepted to boot from
<Cactusbiter> Precise Parogin
<bekks> Cactusbiter: How did you burn it then?
<Cactusbiter> I just burned the ISO onto a CD-R
<hallyn_> zul: all right, setting up libvirt test on trusty.  i'll have 3 things i'll want to add to the packge source if all goes well.
<zul> coolio
<hallyn_> presumbly, though, you're njoying a well-earned jetlag nap and won't
<hallyn_> huh
<hallyn_> so much for that theory
<zul> ill be collapsing in a bout an hour
<hallyn_> try to be around soft objects before that happens
<hallyn_> let it snow, let it snow, let it snow ...
<zul> lemme know if i effed up
<hallyn_> zul: so unfortunately yes, virsh net-list now shows empty while virsh -c qemu:///system net-list shows default.
<hallyn_> and worse, setting it in /etc/libvirt/libvirt.conf does not work!
<hallyn_> setting VIRSH_DEFAULT_CONNECT_URI does work...
<hallyn_> all right, well running the qa testsuite and running out for pizza.  bbl.
#ubuntu-server 2013-11-12
<ricepuddin> so I've got install issues with ubuntu server. My keyboard works fine in the grub menu and the system boots into the console-based installer... but from then on in the keyboard doesn't work (looks like it's off, as the numlock light goes out immediately as it starts to boot). Does anyone have any ideas on this? The exact same system works fine with a desktop ubuntu install. Keyboard is a standard wired usb.
<ricepuddin> ubuntu 13.10, for reference
<ricepuddin> any thoughts on how I can get around this? I've found a lot of threads online with similar issue but no joy in terms of a workaround
<pmatulis> ricepuddin: bug #?
<ricepuddin> no launchpad bug that I found... just some forums threads all around the same theme
<pmatulis> ricepuddin: https://bugs.launchpad.net/ubuntu/+source/debian-installer/+filebug
<ricepuddin> pmatulis: https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1250280
<pmatulis> ricepuddin: nicely done
<ricepuddin> and now I wait? :/
<pmatulis> ricepuddin: check yo 'box
<ricepuddin> I see :P
<ricepuddin> will try 13.04...
<babinlonston> HI  all , I'm Using Ubuntu 12.04 Server and now there is many updates installed , and there is many kernel updates too , how can i find the Currently using kernel and , how can i safely remove the old kernels ?
<pmatulis> babinlonston: 'uname -r' gives what's running now.  not necessarily the latest installed kernel (you need to reboot to use it)
<pmatulis> babinlonston: dpkg -l | grep linux-image-3 | grep '^ii' should give you all kernels installed on precise.  you can remove some of the earlier ones but always keep the latest few around
<bradm> babinlonston: an apt-get autoremove should show you what it thinks is removable
<bradm> babinlonston: but check to make sure you're running the latest before doing that, and its not going to remove what you're running
<babinlonston> k
<babinlonston> wow there are , 5 4 kernels and 3 removed and 2 not including Generic ... Successfully Working after a restart ...
<Demosthenex> so i'm running ubuntu 12.04 and just noticed that between kernel versions linux-image-3.2.0-24-generic-pae and linux-image-3.2.0-31-generic-pae the system reverted to 32 bit mode instead of using a 64 bit kernel. i can't find anything about this, can anyone confirm?
<Demosthenex> http://pastebin.com/HgXX7cbj
<babinlonston> Cool Created a Document too for removing the kernel.. thanks mates
<babinlonston> http://www.linuxmental.com/
<neil02> I am having lots of trouble getting the tftpd-hpa to work ... it installed find ... but it doesn't seem to start... netstat shows nothing, and there is nothing in syslog as to why... can anyone help?
<eagles0513875> im having issues with samba. I removed apparmor as I had a feeling it was causing issues and now I cannot even connect to the samba share at all is apparmor a must ?
<jjohansen> eagles0513875: no. how did you remove it?
<eagles0513875> sudo apt-get purge apparmor
<eagles0513875> jjohansen: should i rreinstall it?
<jjohansen> eagles0513875: okay what is the out put of
<jjohansen>   cat /sys/module/apparmor/parameters/enabled
<jjohansen>   cat /sys/kernel/security/apparmor/profiles
<eagles0513875> output of first is Y
<eagles0513875> and the 2nd the security folder doesnt exist
<eagles0513875> so basically it seems like i only got rid of the profiles
<jjohansen> eagles0513875: well I would recommend it for the added security but it is not required, and at this point adding it back in might make debugging the problem harder
<eagles0513875> ok reason being is i had some users which are added on the system and with username and password i setup for them they still were not able to connect it wasnt accepting the password
<jjohansen> eagles0513875: what is the output of
<jjohansen>   mount | grep securityfs
<eagles0513875> none on /sys/kernel/security type securityfs (rw)
<jjohansen> eagles0513875: and did you reboot after removing apparmor
<eagles0513875> yes and this is up after a cold boot this morning as I didnt leave it online as its not accessible
<jjohansen> what is the output of
<jjohansen>   ls /sys/kernel/security/
<eagles0513875> apparmor  evm
<eagles0513875> apparmor is a directory
<jjohansen> eagles0513875: and the output of
<jjohansen>   sudo cat /sys/kernels/security/apparmor/profiles
<eagles0513875> http://paste.ubuntu.com/6404235/ jjohansen
<jjohansen> eagles0513875: uh, apparmor is enabled and enforcing some policy
<jjohansen> eagles0513875: what is the output of
<jjohansen>   sudo aa-status
<eagles0513875> i did notice a page in the official docs about needing to load a profile
<eagles0513875> jjohansen: aa-status command not found
<eagles0513875> jjohansen: therre is a section here on apparmor https://help.ubuntu.com/12.04/serverguide/samba-fileprint-security.html
<eagles0513875> jjohansen: i was actually going to use standard ACL's
<jjohansen> eagles0513875: what is the output of
<jjohansen>   dpkg -l '*apparmor*'
<eagles0513875> http://paste.ubuntu.com/6404254/
<eagles0513875> if i do apt-cache policy apparmor its showing not installed
<eagles0513875> i can reinstall it no problem
<mardraum> i guess the question is what did you change in samba to break apparmor?
<eagles0513875> mardraum: nothing i just got rid of apparmor
<eagles0513875> jjohansen: http://paste.ubuntu.com/6404262/
<jjohansen> eagles0513875: so, removing apparmor packages doesn't actually remove it from the system, but it can stop it from enforcing policy. If the apparmor package is missing and you did a clean reboot I don't see how it loaded policy.
<eagles0513875> i dunno either im an apparmor noob
<eagles0513875> i can reinstall it no problem
<eagles0513875> should i do that?
<jjohansen> eagles0513875: hah got it, the apparmor_parser is in a separate package
<eagles0513875> ya fragmentation is nice but in some aspects its annoying
<jjohansen> eagles0513875: hrmm no it isn't never mind
<eagles0513875> should i just go ahead and reinstall apparmor
<mardraum> if apparmor isn't the problem, I would use it
<eagles0513875> thing is i think its a bit overkill for this file server for an office of 3
<jjohansen> eagles0513875: does the file /sbin/apparmor_parser exist?
<eagles0513875> jjohansen: nope nothing app armor in that directory
<eagles0513875> im going to reinstall it
<eagles0513875> this is causing more problems then its worth
<jjohansen> eagles0513875: I'll let you decided whether you want it. apparmor in Ubuntu is enforcing a targeted policy, that is it only confines applications with profiles defined for them. If you don't want the samba profile you can simply disable that profile by
<jjohansen>   removing the profile file from /etc/apparmor.d/
<jjohansen> or
<jjohansen>   placing a symlink from /etc/apparmor.d/disable/ to the profile in /etc/apparmor.d/
<jjohansen> the second option is more package manager friendly
<eagles0513875> jjohansen: it seems like its rather easy to get samba working with apparmor but i have one question though about it
<jjohansen> to completely disable apparmor, you can remove its packages (I can't explain why policy is loaded), unless are you doing this in a lxc container?
<eagles0513875> no on physical hardware
<eagles0513875> bare metal nothing virtual no containers
<jjohansen> eagles0513875: or you can add
<jjohansen>   apparmor=0
<jjohansen> to the kernel boot parameters list in /etc/default/grub, and then run update-grub
<jjohansen> eagles0513875: okay, I can't explain why you are seeing policy, it should not have loaded
<jjohansen> eagles0513875: the apparmor module will still be loaded and functioning even when you remove the packages. So /sys/module/apparmor/parameters/enabled will still report Y. But everything is in an unconfined mode which is just stard unix DAC capabilities
<eagles0513875> ok
<jjohansen> eagles0513875: what is your question about it?
<eagles0513875> https://help.ubuntu.com/12.04/serverguide/samba-fileprint-security.html the section on app armor the 2nd step where do i have to put the path to the share?
<jjohansen> eagles0513875: okay, so apparmor policy syntax is declarative. The share line can be placed anywhere within the profile.  The profile will a pattern like
<jjohansen>   /usr/bin/samba {
<jjohansen>       # rules ...
<jjohansen>   }
<jjohansen> eagles0513875: you can add new lines any where in there
<eagles0513875> jjohansen: what rules would i need to place in there as the documentation doesnt explain much
<eagles0513875> do you have any reference or site  that i could take a look at
<jjohansen> eagles0513875: if you added a share at
<jjohansen>   /srv/samba/share/
<jjohansen> you would add the lines
<jjohansen>   /srv/samba/share/ r,
<jjohansen>   /srv/samba/share/** rwkix,
<LeMike> Hello. I want to create a zone that fetches all .dev TLD and forward it "IN A 127.0.0.1". is that possible?
<eagles0513875> can i add that in the smbd profile
<eagles0513875> as it says to edit that particular file
<eagles0513875> jjohansen: ^
<jjohansen> ah yes the instructions aren't very good.
<jjohansen> edit the file
<jjohansen>    /etc/apparmor.d/usr.sbin.smbd
<jjohansen> add the new policy lines somewhere in the profile block for
<jjohansen>   /usr/sbin/smbd {
<jjohansen>   }
<eagles0513875> ok i did that and just at the end like you did above add rwx
<eagles0513875> and does it need a , after the permissions
<jjohansen> so you need
<jjohansen>   /your/share/location/ r,
<jjohansen>   /your/share/location/** rwkix,
<jjohansen> 'a' is not needed when 'w' is specified as a permission
<eagles0513875> what does the 2nd line do?
<eagles0513875> jjohansen: ^
<jjohansen> the first line gives read access to the directory, the second line gives broad permission for data under the directory
<jjohansen> ** is a recursive glob meaning all files and directories under here
<jjohansen> r - read permission
<jjohansen> w - write permission
<jjohansen> k - lock permission
<jjohansen> ix - allow execution from here but, anything run inherits the smbd profile
<jjohansen> unless you are planning on executing things from the dir, you should be able to leave ix off
<eagles0513875> jjohansen: how would that work then if i want to execute a file on my pc do i need to leave ix off?
<jjohansen> eagles0513875: ah no. Let me explain a little more
<jjohansen> The profile only applies to the smbd daemon, the ix is being applied to it. So if the daemon tries to execute something from the share that program will run with the same confinement the daemon has.
<jjohansen> However since a targeted policy is being used, the user (you) is running unconfined, and applications run from the share by you will also be unconfined
<eagles0513875> ahh ok i got it
<eagles0513875> ok what about other users on the system
<eagles0513875> as i have it setup in terms of usernames and passwords to use system users
<jjohansen> eagles0513875: unless you have done something special to setup policy for them, they run unconfined as well
<eagles0513875> ok one other odd issue im seeing is i cannot connect to the work group but i need to specify the ip address
<eagles0513875> im guessing that would be the router or something blocking samba
<jjohansen> probably
<jjohansen> eagles0513875: grep DENIED /var/log/syslog
<jjohansen> will show up any apparmor based denials
<eagles0513875> nothing
<jjohansen> eg.
<jjohansen>   Nov 11 14:21:17 ortho2 kernel: [84584.313258] type=1400 audit(1384208477.153:123450): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd" pid=1322 comm="libvirtd" pid=1322 comm="libvirtd" capability=29  capname="audit_write"
<eagles0513875> the odd thing is it doesnt seem to resolve by name which the shares fall under workgroup
<eagles0513875> if i use the ip address it works just fine
<jjohansen> eagles0513875: hrmm its failing the dns lookup for some reason
<eagles0513875> probably router is blocking
<eagles0513875> what port does samba use?
<eagles0513875> the way the setup is is an adsl modem router then that i connected to a switch as I needed more ports
<jjohansen> hrmm I don't know
<jjohansen> I've never setup a samba share :)
<eagles0513875> ok now i need to figure out why when i use another user besides me it doesnt accept the users credentials
<mardraum> SMB uses quite a few ports
<jjohansen> eagles0513875: what is your smb.conf file name resolve order?
<eagles0513875> jjohansen: mardraum http://paste.ubuntu.com/6404393/
<jjohansen> hrmmm that looks right, so that knocks that bug out of the running
<eagles0513875> jjohansen: would i need to use apparmor in conjunction with the ACL
<eagles0513875> standard access control list?
<eagles0513875> https://help.ubuntu.com/community/FilePermissionsACLs jjohansen
<jjohansen> eagles0513875: need no, you can yes. apparmor is hardening the server in case it has a vulnerability and gets attacked, its not setup from what I can see to control the permission of what is being handed to users, that is entirely regular access control list
<eagles0513875> ok :)
<eagles0513875> cuz i even added them to the sambashare group thinking that would solve the problem
<eagles0513875> so basically
<eagles0513875> if i add the sambashare group with rwx permissions that would be enough
<jjohansen> yes it should be
<eagles0513875> ok :)
<eagles0513875> damn dolphin i wish it woudl ask me on this laptop every time for the username and password
<eagles0513875> btw jjohansen and mardraum ty for your help
<eagles0513875> jjohansen: im still getting access denied for these other users and they are part of the sambashare group
<eagles0513875> bah
<eagles0513875> hey pleia2
<jamespage> jdstrand, hey - I've subscribed you to a number of blueprints for UDS next week where I think we need some security enagagement
<jamespage> please feel free to delegate that out to whoever is most appropriate from your team
<eagles0513875> hi jamespage
<jamespage> hey eagles0513875
<eagles0513875> jamespage: have you done any samba share setups?
<jamespage> eagles0513875, not for an extremely long time
<eagles0513875> ok nm then ill head back to google
<sacarde> hi
<eagles0513875> !hi | sacarde
<sacarde> I nedd to reconfigure upgrades mode
<sacarde> http://digilander.libero.it/sacarde/np/tasksel-ubu.jpg
<sacarde> how can I reconfigure this?
<sacarde> dpkg-reconfigure ???
<eagles0513875> any samba experts here :(
<eagles0513875> hey guys im having an issue with name resolution for the samba server
<eagles0513875> and for some reason it is not resolving the name workgroup
<eagles0513875> any ideas
<eagles0513875> jjohansen: figured out why users couldnt login
<jamespage> zul, hmm - rtslib switch to apache-2.0
<jamespage> guess we can enable that cinder stuff now
<Teduardo> does anyone know how to figure out why the RX dropped packets counter keeps incrementing like 1 or 2 per second on Ubuntu 12.04.3?
<Teduardo> this is with the interface being in the KB/s range
<mardraum> Teduardo: bad cable? switch duplex?
<Teduardo> that should actually show up in errors/collisions i would think, not the queue in the nic
<gnuoy> jamespage, you mentioned setting the  mtu to 1546 on the interfaces in an openstack deployment, that would just be for the neutron gateway and compute nodes wouldn't it ?
<jamespage> gnuoy, yup
<gnuoy> thanks
<jamespage> gnuoy, read this - explains why - http://techbackground.blogspot.co.uk/2013/06/path-mtu-discovery-and-gre.html
<gnuoy> jamespage, thanks
<Teduardo> oh.. 3.0 > increments rx_dropped everytime it sees a network protocol it doesnt understand. yay
<arosales> jamespage, on https://wiki.ubuntu.com/BlueprintSpec
<arosales> jamespage, what do you think on updating "Goal" to "Deliverable"
<arosales> jamespage, or should we just make the description of what a goal is a something than can be delivered, and measurable?
<joossee> is anyone here familair with virtualization and VM's on ubuntu server?
<pmatulis> yep
<nguyendh> hi
<hallyn_> zul: http://people.canonical.com/~serge/libvirt-t/ has the additions i need, but i've not yet set up the new round of tests
<hallyn_> (lunch first)
<nguyendh> i have Ubuntu 12.04 server running Apache2 , PHP and MYsql. On a monthly basic, the server crashes 3 times (kernel panic on exhausted memory). Linode is not so helpful in debugging the issue. Where should i start debugging the kernel panic issue ?
<sarnold> nguyendh: you've got to collect some information just before the badness hits; ps -aux output can be really nice to have, if you can get dmesg output or serial-console dmesg output, or perhaps /proc/slabinfo and /proc/meminfo you might be able to spot a trend that leads to trouble
<pmatulis> nguyendh: a few things.  â  grep your syslogs for 'OOM' â¡ install sysstat and learn how to use it â¢ install sosreport (info-gathering tool; precise-backports) and invoke it immediately after problem occurs
<sarnold> pmatulis: cool, I've not seen sosreport, looks useful :)
<pmatulis> sarnold: it's cross-platform.  originally from suse i believe.  now championed by canonical support
<rostam> HI I am using ubuntu 12.04 server, how could I enable serial console? thx
<genii> rostam: In which type of context would you like to use the serial console? To communicate with an external device directly connected like UPS/switch/modem/etc?  Or to access from another computer with perhaps a nullmodem cable, etc?
<rostam> genii: I like to use it as console such that I can see output of the boot process, and be able to debug some of the issuees
<genii> rostam: So in this instance, you are connecting it to another machine which will then view the output?
<rostam> genii, Yes that is what I need to do.
<genii> rostam: https://help.ubuntu.com/community/SerialConsoleHowto ... older but still relevant. The pertinent parts are where it shows to config for Karmic and editing the /etc/default/grub file (grub2) instead of the menu.lst file (grub1)
<hallyn_> zul:  one bug i'm hitting
<hallyn_> https://bugzilla.redhat.com/show_bug.cgi?id=1015636
<zul> gah
<zul> hallyn: qemu 1.6.1 ?
<hallyn_> 1.6.0
<zul> hallyn_:  got an idea?
<hallyn_> well i guess we can just explicitly allow that state until upstream patches.  for now i see no fix in libvirt git
<zul> neither do i
<nguyendh> thanks for all suggestions.
<hallyn_> zul: but let me know if you object to any of the changes I posted
<hallyn_> going to build a test fix for the migration setup bug
<zul> hallyn_:  url?
<hallyn_> http://people.canonical.com/~serge/libvirt-t/libvirt_1.1.4-0ubuntu1.dsc
<zul> hallyn_:  im gonig to add esx support in there as well
<hallyn_> k
<rostam> genii, thanks
<jarco> Hello all. What could be reasons for apache2 going back to /var/www If i have made a vhost to another folder in that folder and have used a2ensite with that domain?
<jarco> other vhosts work on this server
<jarco> and this is my file that i made for apache http://pastebin.com/HmHM6hFT
<genii> rostam: You're welcome. Did you manage to get it working yet?
<jarco> Ok I now found that disabling default will make apache go to the correct folder
<jarco> but I dont want to disable default
<jarco> Ok I now discovered that having a domain name point to your hostname is not a great idea
<jarco> :)
<funny_ha_ha> i have an ubuntu 10.04 server which usually uses nsswitch.conf ldap for users to login ("compat ldap"). the server is has currently no network connection at all. i am not able to log in locally using the root account or another account i created. i am able to log into the recovery console and i tried a bunch of different pam.d, ldap.conf, nsswitch.conf, security/access.conf things but to no avail. i just can't log in locally. any ideas? i
<hallyn_> zul: great, now virsh-uriprecedence testcase is unhappy with me
<zul> hallyn_:  its because of the 9002 patch i bet
<pmatulis> funny_ha_ha: a lot of things can be wrong
<funny_ha_ha> nudge me into a direction i didn't mention :)
<hallyn_> zul: yes...  just trying to figure out the best way to fix the test, and trying to make sure the 9002 patch is doing it right...
<zul> hallyn_:  i think thats why i asked we needed it in the first place
<pmatulis> funny_ha_ha: client nsswitch.conf, client PAM, client NSS, client ldap config, server ldap config
<pmatulis> funny_ha_ha: if just one of those is bad, the whole thing collapses
<hallyn_> zul: but here we go, it looks like /etc/libvirt/libvirt.conf is obsolete in favor of $XDG_CONFIG_DIR/libvirt/libvirt.conf - i.e. per-user config file
<zul> hallyn_: ack
<hallyn_> zul: cause setting uri_default in /etc/libvirt/libvirt.con does nto work - too bad as that would let us drop 9002 patch
<funny_ha_ha> pmatulis: well as i said, the ldap server is not available at the moment. and that's fine. i just want to be able to login when the server is not there. all the client confs you mentioned, i already went over at least 4 times :/ i must be missing something
<pmatulis> funny_ha_ha: it can get fairly complicated.  and, yes, you can set it up to log in if the server is not around (either have some kind of credential caching or have local accounts, at least for some important users)
<hallyn_> zul: so those tests have never passed for us (don't in saucy either).  "VIRSH_DEFAULT_CONNECT_URI=test:///default virsh uri" works, while "LIBVIRT_DEFAULT_URI=test:///default virsh uri" does not
<zul> hallyn_:  skip it then
<hallyn_> zul: do you still have an install of your original 1.1.4?
<zul> hallyn_:  i dont
<hallyn_> i'd be curious to see what you get there for LIBVIRT_DEFAULT_URI=test:///default virsh uri
<hallyn_> ok
<hallyn_> i mean, you must get test:///default, or else your build wouldve failed...
<hallyn_> allr ight then ,proceeding.  <sigh>
<joossee> guys is there a good primer on running a ubutnu virtualization server?
<pmatulis> joossee: try the ubuntu server guide
<joossee> am i understanding this correctly? I can bridge 3 wireless netwrk connections into one superfast connection?
<joossee> guys can I mount a bootable USB stick as an image or use with libvirt?
<unit3> Hey, quick Q. I've got a VM I updated to 13.10, and after the upgrade it's got a new new grey, purple and orange prompt which looks like this: unit3@ds9:~â«
<unit3> however, other systems I've upgraded or freshly installed don't have that prompt.
<unit3> anyone know what package it came from how I can enable it elsewhere?
<ersi> sounds kind of like byobu?
<ersi> Hm, maybe not.
<unit3> oh, it could be byobu.
<unit3> I do use it on a bunch of my boxes. just weird that my desktop, which was upgraded, doesn't show the same prompt when I launch byobu.
<unit3> but I do see byobu code for setting what looks like a similar prompt.
<kirkland> unit3: yes, that's byobu
<kirkland> unit3: it only installs that by default, if byobu can determine if you haven't modified some things in your environment
<unit3> Yeah. it must think I've modified things on the other hosts where it's not showing up. time to dig through the code
<kirkland> unit3: that said, you can easily enable it by ensuring that you have Byobu >= 5.60 installed, and run byobu-enable-prompt
<unit3> oh, handy!
<kirkland> unit3: yep ;-)
<unit3> yep, that worked! Thanks! :)
<unit3> Now to steal the prompt code for my non-byobu systems. ;)
<ersi> ^_^
<hallyn_> zul: so http://people.canonical.com/~serge/fix-uri-precedence-test needs to be added to debian/patches in the package i posted before.  i'll keep working tomorrow, but if you wanted to push it as is i think that'd be sensible
<hallyn_> zul: (updated http://people.canonical.com/~serge/libvirt-t
 * hallyn_ out
<HaltingState> what is best way to spin up a VPN, install stuff, nuke it, do it again; etc like self hosted EC2?
<HaltingState> is there a tutorial for open stack for that?
<zul> hallyn_:  will do
<pmatulis> HaltingState: yes, look into openstack
#ubuntu-server 2013-11-13
<nv_> index.php pages are not loading by default. instead i am getting a directory listing
<nv_> what can i do to fix this?
<nv_> everything was working fine in my lampp stack, untill dpkg configure mythtv-common
<sacarde> hi
<sacarde> is possible to "reconfigure" automatic-updates in ubu12.04server ?
<rbasak> sacarde: try "sudo dpkg-reconfigure unattended-upgrades"
<sacarde> rbasak, I try, but I view only 2 choises  [y] [n]
<rbasak> sacarde: what do you expect?
<sacarde> during installation I view:
<sacarde> 1 no upgrade
<sacarde> 2 automatic upgrade
<sacarde> 3 using landscape
<rbasak> sacarde: and which of those are you trying to do now?
<sacarde> 1 no upd
<rbasak> sacarde: "sudo dpkg -P unattended-upgrades" - you don't want the package at all in that case.
<sacarde> ah
<sacarde> and if I will wont: landscape ?
<rbasak> sacarde: for Landscape I think you just run "landscape-config"
<rbasak> With sudo I presume
<jdimatteo> ps aux shows "/sbin/mdadm --monitorâ¦" running â this emails root if a raid drive is malfunctioning, right? but I never log in as root, so how would I know that root was emailed?
<geser> jdimatteo: because you let root mail forward to a user who reads such mails
<jdimatteo> geser: how do I do that?  does ubuntu automatically forward such emails to the admin user set up during install?
<neil02> I am having lots of trouble getting the tftpd-hpa to work ... it installed find ... but it doesn't seem to start... netstat shows nothing, and there is nothing in syslog as to why... can anyone help?
<jdimatteo> ok, I think I can set up email forwarding with /etc/aliases â thanks for the help geser!
<hxm> hi
<hxm> i receive many of these [Wed Nov 13 14:29:03 2013] [notice] child pid 29367 exit signal Segmentation fault (11), possible coredump in /etc/apache2
<hxm> i just enabled ssl module
<hxm> how can I debug this?
<zul> mdeslaur:  libvirt 1.1.4 uploading(ed)
<mdeslaur> zul: \o/ thanks
<zul> mdeslaur:  you can stop nagging me now ;)(
<mdeslaur> zul: I'll find something else to nag you about, don't worry :)
<zul> mdeslaur:  huzzah
<bananapie> at some point last week I set a proxy for wget, but now I can't figure out where the proxy is set and how to turn it off. I typed 'set | grep -i proxy' in bash and I get nothing.
<bananapie> nevermind, it was in .wgetrc
<slava_dp> hiya. how do people rsync stuff between ubuntu servers with disabled root access? in centos, I could rsync /usr/local, for example. here -- I can't.
<mjeanson> slava_dp: this should help: http://crashingdaily.wordpress.com/2007/06/29/rsync-and-sudo-over-ssh/
<Pici> You can still use key auth with the root account.
<andol> Not sure if sudo rsync is so much better than root rsync, aside from leaving a slightly more distinct entry in the auth log.
<smeagolll> when start vm windows (XEN)
<smeagolll> Xenctrl.Error [ memory 6796760 KiB free; to be scrubbed 0 KiB; total 7893 MiB]: 1: Operation not permitted
<smeagolll> ubuntu server 13.10
<smeagolll> http://www.linuxquestions.org/questions/linux-server-73/xen-start-vm-windows-%3D-problem-help-please-4175484442/
<smeagolll> help please
<abradley> I'm running a webserver on ubu 12.04 server and I'm running into an error when testing imap configuration: http://i.imgur.com/zxullwr.png I understand that no firewall is enabled by default in ubu 12.04 server. Any suggestions why it is timing out? I can ping imap.gmail.com from the machine, avg 30ms
<smeagolll> http://www.linuxquestions.org/questions/linux-server-73/xen-start-vm-windows-%3D-problem-help-please-4175484442/
<slava_dp> mjeanson: thank you. --rsync-path='sudo rsync' works.
<Nox_404> hi, i got a problem on a 12.4.3 server install, how can i fix this : apt setup udeb succeeded but requested  to be left unconfigured (is there a better place for my question ?)
<Nox_404>  hi, i got a problem on a 12.4.3 server install, how can i fix this : apt setup udeb succeeded but requested
<Nox_404>                  to be left unconfigured (is there a better place for my question ?)
<smeagolll> how to install module blktap (Kernel) ?
<esde> I received an email from my vps provider about weird smtp traffic coming out of my container. Something like 100 attempts to send per 10min. I'd like to find out where those emails or attempts to email are coming from. I checked /var/log/mail.log and the most recent event was Oct 2. :/
<kpettit> Can anybody recommend some good server/client backup software that's cross-platform?  Was hoping to find a simple client where all the config stuff comes from the server.
<sarnold> kpettit: investigate bacula, amanda, rsnapshot, rdiff-backup
<kpettit> I don't even care if it's commercial or not. Just want something easy to use.
<kpettit> Have you use bacula or amanda before?
<baggar11> I just noticed the saucy kernel/headers are in the repo. anyone install them on a 12.04 server yet? any issues?
<sarnold> kpettit: I've never had enough systems to see the benefits of the more complicated systems compared to rsnapshot
<kpettit> I'm with ya.  I'm getting enough customers that don't have backup's and I have to figure a linux/windows solution that will work on desktop and servers.  Normally I just do rsync/tar/etc, but I need something I can configure on a server rather than each individual client.  I'm reading into amanda/bacual but I remember trying them before and had problems.  Hopefully I'll have better luck or find something better
<patdk-wk> I don't like bacula setup
<patdk-wk> I want to try amanda though
<kpettit> I'm looking at it now.
<kpettit> It's sad how complex they are to setup
<patdk-wk> yep
<patdk-wk> personally, I just want to offload my backups onto tape
<patdk-wk> have a huge 48tape lib to use
<kpettit> nice!
<kpettit> I've got a Drobo I'll be using i think.
<smeagolll> http://www.linuxquestions.org/questions/linux-server-73/xen-start-vm-windows-%3D-problem-help-please-4175484442/
<hallyn_> sarnold: how does rsnapshot relate to rdiff-backup?  (I've used the latter - though these days I just forget about incremental and do rsync)
<sarnold> hallyn_: funny enough, I've only used rsnapshot and not rdiff-backup, and I can't recall the reasons I had when deciding..
<hallyn_> sarnold: ok :)
<sarnold> hallyn_: I learned to love incremental when I accidentally screwed up something when releasing an update...
<sarnold> hallyn_: I needed to know some details of how the USN database management worked with multiple CVEs, and I got lucky, an older temporary shell script with multiple CVEs was still in my incrementals..
<sarnold> it saved probably an hour of reading source code or worse yet, waiting until the next day for others to come online to help me fix my mistake ;) hehe
<hallyn_> sarnold: if i keep local backups i'll go back to incremental, but right now my backups are only for disaster recovery (fire, flood, earthquake, war...)
<hallyn_> i actually started my newest script using rdiff-backup, but for some reason - forget what - changed my mind
<sarnold> hallyn_: ah, see, I need to start doing some off-sites. I'm contemplating amazon glacier for large and low-priority, and tarsnap for small and important..
<kpettit> Damn, I just looked at a few commercial solutions.  They are freaking expensive
<JanC> "glacier" sounds liek it will take a thousand years to reach its destination  :P
<JanC> like*
<smeagolll> http://www.linuxquestions.org/questions/linux-server-73/xen-start-vm-windows-%3D-problem-help-please-4175484442/
<sarnold> JanC: yes; restores can take three to five hours before your data can be downloaded :)
<JanC> sarnold: hm, they use a tape robot, or what?
<esde> Got an email from vps provider saying vps was attempting to send smtp mail at ~100+ times per ten minutes. However I'm not aware of any services that would be sending /that much/ mail in /that little/ timeframe. I've checked my mail log and the most recent entry is Oct 2. How can i find out what is trying to send smtp mail?
<andol> sarnold: Asisde from slow restores I'm really really happy with tarsnap.
<sarnold> JanC: I _hope_ it's a robot.. :D
<JanC> or sjust dudes runnign aroun with hard disks?  :)
<hallyn_> sarnold: I'm using rsync.net for all offsites, for two reasons - one they have georedundancy built-in (if you pay for it :), and two - if I do something that I'm likely to have to change (i.e. when s3 changes somehow) i'm 100% certain to lose something during the transition :)
<sarnold> esde: check netstat -antp for connections that look like outgoing mail
<hallyn_> so i put everything in one place (separately encrypted) and won't hopefully ever move it.
<sarnold> andol: cool, thanks :) I wouldn't mind kicking cperciva a few bucks every now and then.. hehe
<kpettit> hallyn_: I'm checking them out.  Never looked at them before
<hallyn_> stgraber: lxc-info -p is broken, spits out name and well as pid.
<esde> thanks sarnold im seeing localhost listening on smtp ports 587 and 25, going to try and find the processes listening now
<JanC> you need to be root for the 'p' in 'netstat -antp' to work, I think
<esde> ahh
<esde> ty
<JanC> esde: 'p' should show you the processes
<sarnold> esde: note that the processes listening on ports may not be the ones sending mail..
<hallyn_> sarnold: thanks for the prod, fixed my backup script (which hadn't worked since oct 28 due to lxc-info -p break :)
<sarnold> hallyn_: \o/ yay! :)
<hallyn_> another cool thing about rsync.net which i haven't blogged about yet - they have subaccounts,
<hallyn_> so i have less-trusted ssh keys on remote machines which can only push to subaccounts
<sarnold> hallyn_: hey, error27 pointed out earlier that having network admin capabilities allows setting up iscsi, since it apparently just requires netlink ...
<hallyn_> stgraber: oh, sorry, i thought lxc-info was a python script
<sarnold> hallyn_: oh very cool
<JanC> and of course in case somebody broke in, they can also "fix" netstat or the kernel so that it doesn't show their malware...
<hallyn_> sarnold: not in a container.  netlink to kernel doesn't work from child netns
<bitbyte> Hey guys I'm having issues with pled media server indexing any you guys had any experience in pled media server ?
<stgraber> hallyn_: sounds like a regression from Dwight's recent change
<sarnold> hallyn_: Oh? Nice. He thought for sure network-admin-rights in a namespace would be sufficient..
<stgraber> hallyn_: are you working on a fix already or should I do that?
<kpettit> hallyn_: how do you like rsync.net?  It looks like they charge per GB rather than by how many clients you use, is that right?
<Nox_404> Hi, where can i find hd media for ubuntu server 12.04.03 install ?
<hallyn_> stgraber: i'm not right now.  if you have a chance that'd be great, else i'll get to it
<Nox_404> i can't find it on the website
<sarnold> esde: if you're having trouble spotting it try using tcpdump -- it might be a flood of data, and you might want to make sure you don't dump your ssh connection packets, since that'll just be viewing tcpdump output... :)
<hallyn_> kpettit: i love it.  yes, by Gb
<hallyn_> kpettit: that's why i had to sit and rationalize whether/why to stick with them.  i've decided it's worth it to me.
<hallyn_> of course, keep in mind, when i talk about fire/floods, i'm not talking hypotehticals, both have destroyed some hardware for me and made me move :)  so it *is* worth it to me.
<esde> thank you sarnold trying that now
<hallyn_> ok i need to change locales - biab
<kpettit> hallyn_: thanks. I've been checking on various ones out there.  I hate the ones that charge by client.  Some of my customers only have 10-100MB of data so it sucks to pay for that
<smeagolll> http://www.linuxquestions.org/questions/linux-server-73/xen-start-vm-windows-%3D-problem-help-please-4175484442/
<hallyn_> kpettit: they also have great customer support, and are great for diy unix users.  rsync and ssh.  you can ask them to disable your password once you set up a ssh key.
<hallyn_> ok, out
<kpettit> hallyn_: Can you centrall manage it, or do you have to configure each install on the client individually?
<kpettit> oh cool.  I use nothing but keys on all my linux servers and have cygwin/ssh/keys on 1/2 of my windows ones as well
<stgraber> hallyn_: hmm, so I think this is a voluntary change by Dwight as -n is now optional and accepts regexps
<sarnold> hallyn_: hrm, re: netlink and namespaces.. df008c91f835
<hallyn_> kpettit: there's no client configuration
<hallyn_> kpettit: I keep a .ssh/config file entry called 'rsync', i guess
<hallyn_> so i can just 'rsync -va $dir rsync:'
<sarnold> cool
<hallyn_> stgraber: hm.  well it messes up scripts
<hallyn_> trivially fixed of course...  on a case by case basis though
<stgraber> hallyn_: yeah, I know... I think I'm going to send an e-mail to lxc-devel suggesting we revert that particular feature
<kpettit> hallyn_: Ah ok.  thanks
<stgraber> hallyn_: I don't see a good reason for that specific command to support regexps when we already have lxc-list that does a similar job
<hallyn_> stgraber: well, still, long as it's changing, can we have lxc-info -n -p not print out "Pid:' either? :)
<hallyn_> stgraber: or, we should just have it output "name: pid" for each entry
<hallyn_> that'd make the most sense
<hallyn_> the previous behaviro was redundant
<stgraber> hallyn_: yeah, I was kind of hoping that the new -H would do that, but apparently dwight only used it to change the notation for network traffic...
<hallyn_> sarnold: ah, yes.  i'd forgotten that, and that's good - though it won't affect iscsi netlink msgs,
<hallyn_> note that all the msgs allowed are relating to your own private copy of the l2 net stack
<sarnold> hallyn_: that is so hard for me to wrap my head around. I think my brain stops at 4.4 BSD :)
<hallyn_> sarnold: just think, anything you create in your namespace, is yours.
<hallyn_> when you create a netns, it creates a new network stack, and you own it.
<hallyn_> you can create devices in there, but you can't pass them back to the host one, bc you dont' own that one.  the parent one does own your stack, bc it is the creator of the ns which created the stack, and so it can pass devices to you.
<hallyn_> sarnold: i'm elaborating since it relates to the lxc_user_nic.c i asked you to review :)
<sarnold> hallyn_: :)  I'm roughly half-way through the lxc_user_nic.c from friday... I'm hoping to finish it off today after I finish the day's cve triage :D
<hallyn_> sarnold: awesome, thanks
<stgraber> hallyn_: sent an e-mail to lxc-devel about lxc-info and what I think we should change
<hallyn_> stgraber: thanks.  about to test my workaround for libvirt+qemu bug in trusty that's been playing with my head
<hallyn_> if i can lick that, then i can finish up qemu and then finish up lxc-destroy for unprivileged users
<hallyn_> what are the odds of this working though
<hallyn_> where's my magic eightball
<hallyn_> woohoo, outlook good it says
<highvoltage> magic eithballs are always accurate if they give good news
<hallyn_> i used http://8ball.tridelphia.net/ :)
<smeagolll> http://www.linuxquestions.org/questions/linux-server-73/xen-start-vm-windows-%3D-problem-help-please-4175484442/
<jnor> hi, any way to determine if my server was under a ddos ? mysql crashed, I think because apache took out all the memory so kernel shutdown mysql.. I tried looking at apache access log but its not helping me
<renebarbosa> jnor, did you already tried the mysql error log?
<renebarbosa> to see the reason of the crash
<jnor> yes, I think it crash because lack of memory
<renebarbosa> hm what your free -m output says?
<jnor> sorry network got cut off
<jnor> Im thinking mysql crashed duo lack of memory, but I would like to determine if someone was using ddos on http or if my server just got overloaded
<patdk-wk> you think it crashed due to lack of memory?
<patdk-wk> it will be in the logs
<Siebjee> Hi Guys, i just rebooted my ubuntu12.04 LTS server for a firmware upgrade, and now apt-get is slow as hell while reading the package list. Any clues of how to solve this ?
<hallyn_> zul: http://people.canonical.com/~serge/0001-accomodate-new-qemu-migration-status-setup.patch that seems to work, leaving me with only 5 unrelated qrt failures
<hallyn_> may send it upstream, if i get over my shyness
<zul> hallyn_:  should we sit on it until you look at the other onces?
<hallyn_> zul: maybe.  i'mjust donig a fresh build to make sure i didn't drop a change trhough blatent quilt mis-use
<zul> ack
<hallyn_> looks like they're all attach/detach_device errors, plus test_CVE_2010_2237_2238
 * hallyn_ rolls up his sleeves
<smeagolll> http://www.linuxquestions.org/questions/linux-server-73/xen-start-vm-windows-%3D-problem-help-please-4175484442/
<hallyn_> zul: oh!  well 4 of the faiulres i think are still due to the apparmor bug since saucy...  lemme ping jjohansen
<hallyn_> hey jjohansen :)
<hallyn_> jjohansen: the fix for apparmor policy updates not applying to running tasks, do you expect that to hit trusty's kernel soon?
<hallyn_> zul: so i have one fix to push to qrt itself, other than that, i think that with http://people.canonical.com/~serge/0001-accomodate-new-qemu-migration-status-setup.patch pushed, libvirt 1.1.4 is ready.  do you want to push?
<hallyn_> (jjohansen: that's bug 1236455 fwiw)
<jjohansen> hallyn_: yeah, I did an audit after my first pass of the fix and found a couple more spots that needed updating. I've done that and am submitting the patch today
<hallyn_> jjohansen: cool, thanks.  How long after that before it hits trusty archive?  (I've got no clue how often kernel gets published now)
<hallyn_> i'm just wondering when to schedule my next qrt run :)
<jjohansen> saucy: will be 2-4 weeks just depending on where things are in the kernel update cadence (which is 3 weeks)
<jjohansen> trusty: should only be a day or two from when the patch rolls in, there is no fixed schedule but they try to keep it fairly frequent
<jjohansen> hallyn_: ^
<hallyn_> jjohansen: thanks
<phillw> Hi good people, with a clean install of 12.04 autocomplete is not working for the users, any ideas? I've looked into a couple of things via forum links (e.g. http://ubuntuforums.org/showthread.php?t=1949279&p=11804219#post11804219 etc.)
<smeagolll> i create vm windows (XEN)
<smeagolll> Internal error: Xenctrl.Error [ memory 7225148 KiB free; to be scrubbed 0 KiB; total 8175 MiB]: 1: Operation not permitted
<smeagolll> ubuntu server
<smeagolll> 13.10
<ddsss> do you guys alway set your web-server to UTC by default?
<joossee> hey guys trying to run "sudo virt-install -n taylor -r 4096 --disk path=/home/administrator/Images/win2003.img,bus=virtio,size=80 -c /home/administrator/Images/winsrv200364R2-1.iso --accelerate --network network=default,model=virtio --connect=qemu:///system -v" and I get a permissions error after the file is created?
<joossee> the error i get is here: http://paste.ubuntu.com/6413130/
<TheLordOfTime> anyone know what the adduser default settings are for the new user?
<TheLordOfTime> because apparently in 12.04.3 it doesn't set the login shell to bash, just uses dash or whatever sh is symlinked to...
<sarnold> TheLordOfTime: grep DSHELL /etc/adduser.conf
<TheLordOfTime> sarnold: i think then that adduser is broken
<TheLordOfTime> sarnold: because when using adduser it failed to set bash as the login shell
<TheLordOfTime> in 12.04.3
<TheLordOfTime> although the adduser config *is* set to use /bin/bash
<TheLordOfTime> it's not setting that
<TheLordOfTime> (double checking on my testing VM)
<sarnold> TheLordOfTime: worked fine for me with adduser 3.113ubuntu2
<TheLordOfTime> sarnold: huh, works fine here on my testing VM I use for triaging stuff on...
 * TheLordOfTime shrugs
<TheLordOfTime> cosmic rays, then?
<sarnold> TheLordOfTime: ltrace or latrace or strace the adduser?
<TheLordOfTime> sarnold: tested with the same adduser on the system (with permission from the system owner)
<TheLordOfTime> and it correctly sets /bin/bash
<TheLordOfTime> so i'm gonna blame cosmic rays messing up the command or something
<sarnold> TheLordOfTime: those rays get up to some crazy things when we're not looking.
<TheLordOfTime> indeed
<TheLordOfTime> sarnold: a week ago, the mailing lists bounced a message from my subscribed email
<TheLordOfTime> with not modqueue tick on the email or anything
<TheLordOfTime> so the cosmic rays broke that too for a moment xD
<TheLordOfTime> and it was on a list which the email was a subscribed member of, so... heh
<sarnold> TheLordOfTime: sheesh. You attract the strangest cosmic rays :)
<TheLordOfTime> sarnold: i know, right?
<TheLordOfTime> sarnold: actually, the system that got the rays interfering with adduser isn't my system
<TheLordOfTime> I was just poked as a server guy to see whether it was a bug in bash tabcompletion but noticed it was actually the users not being given bash as their set login shell
<TheLordOfTime> so it ended up dropping them to sh / dash
<TheLordOfTime> (with permission from the owner of course :) )
<sarnold> sheesh, that'd be a frustrating one to debug. :)
<TheLordOfTime> sarnold: heheheheheheheheh...
<TheLordOfTime> sarnold: 'cept I have run into that all the time
<sarnold> ha!
<TheLordOfTime> sarnold: i never use adduser, I use `useradd --create-home --user-group --shell /bin/bash USERNAME` which creates the user and gives them Bash shell...
<TheLordOfTime> sarnold: but... i occasionally forget to add the --shell argument...
<TheLordOfTime> so... it drops them to dash instead :/
<TheLordOfTime> (`usermod --shell /bin/bash USERNAME` fixes that quickly)
<TheLordOfTime> so... (1) Not A Bug, its the fault of cosmic rays, and (2) issue resolved for the server
 * TheLordOfTime smiles
<sarnold> TheLordOfTime: and once you fix the tab completion do they then ask you why it takes longer to do things? :)
<sarnold> "I used to get my shell prompt so quickly... it's not prompt anymore, it's a slompt!"
<TheLordOfTime> sarnold: lol
<TheLordOfTime> sarnold: actually the users of the system I was diagnosing are all "OMG THANK YOU SO MUCH <3 <3 <3"
<sarnold> :)
<TheLordOfTime> and i'm like "IT'S NOTHING!  LEAVE ME ALONE! D:"
<TheLordOfTime> xD
<TheLordOfTime> sarnold: the server guide is more correct saying to use adduser though
<TheLordOfTime> useradd is for power users like myself... not for the standard sysadmin
<TheLordOfTime> sarnold: but yeah, cosmic rays love to interfere with things :/
#ubuntu-server 2013-11-14
<tarvid> somehow I managed to enable ipv6
<tarvid> Failed to fetch http://mirror.anl.gov/pub/ubuntu/dists/saucy-backports/Release.gpg  Cannot initiate the connection to mirror.anl.gov:80 (2620:0:dc0:1800:214:4fff:fe7d:1b9). - connect (101: Network is unreachable) [IP: 2620:0:dc0:1800:214:4fff:fe7d:1b9 80]
<tarvid> Is that easy to turn off?
<sarnold> tarvid: I'm getting similar errors to mirror.anl.gov on ipv4 at the moment
<tarvid> ah just surprised at the ipv6 address
<tarvid> have had odd dns lookup issues for a couple of days
<sarnold> tarvid: here we go! some instructions on disabling ipv6: https://help.ubuntu.com/community/WebBrowsingSlowIPv6IPv4
<tarvid> thanks
<tarvid> just pulled a server from behind a router because life was not good
<RealKillaz> Hi gents
<RealKillaz> I would like to know how to change the default @mydomain.com when postfix is sending email to a new one @mydomainnew.com
<RealKillaz> where can I find this @mydomain.com that postfix or the OS is using?
<AlecTaylor> hi
 * AlecTaylor installed ubuntu-desktop on Ubuntu 13.10 server; and was wondering how to prevent X from automatically starting
<AlecTaylor> How do I prevent X from automatically starting on Ubuntu 13.10 server?
<tsimpson> AlecTaylor: you can stop the display manager (lightdm) from automatically starting by doing: echo manual | sudo tee /etc/init/lightdm.override
<tsimpson> you can still start it manually with "sudo service lightdm start", but it won't run automatically after that
<AlecTaylor> Thanks tsimpson
<babinlonston> While Mounting a NFS share how can i Mount it Specifying as read and Write in fstab entry
<makara> hi. I'm running 12.04 LTS Server. I read long time ago multiple users are a security risk. I've got 27. Any information about this?
<_ruben> 95% of those 27 are probably system accounts, which are actually a good thing to have
<rbasak> makara: system users created by official packages are fine. Creating users yourself is also fine provided that those accounts do not get compromised.
<rbasak> makara: just be aware that every thing you do on a server may be a potential extra channel in.
<makara> rbasak, well no probs yet touch wood
<eagles0513875> hey guys I have an adsl connection and the setup is as follows the modem is a wireless modem router then i have a switch connected to it and i need to setup vpn and eventually email. My question becomes, do i need an adsl modem router which supports vpn tunnels
<rbasak> eagles0513875: no just run openvpn and set up a port forward on your router for the correct udp port.
<eagles0513875> rbasak: perfect :)
<toabctl> is there a tool to collect all installed packages on different servers and store the info centralized? something like landscape but for free
<toabctl> and not spacewalk. I just need the information. I don't want to install updates with that.
<geser> toabctl: with "dpkg --get-selections" you can get the list of installed packages
<makara> i want to uninstall the bluetooth service from my 12.04 LTS installation
<makara> but I can't even stop it
<makara> sudo service bluetooth stop
<makara> it doesn't show up in "ps ax"
<makara> or pstree
<Rodge_> Hi! I'm looking for httpd on my Ubuntu Server 12.04.3 LTS, but can't find it.. has it been renamed (getting help from a guy at #httpd who thinks this is renamed)?
<mardraum> did you install apache?
<mardraum> it used to install that as a target up until v 2.4
<bgardner> Rodge_: If you mean apache, you want /var/www for the default docroot or /etc/apache2 for the default config file location.
<Rodge_> ok, so, on Ubuntu httpd is referred to as apache2?
<mardraum> not sure where you have come from, but the apache project used to also install a "httpd" target
<Rodge_> ok.. well, I have an empty httpd.conf file, yes...
<mardraum> most people would use the OS scripts for controlling the daemon or apachectl and friends
<Rodge_> (imported by apache2.conf)
<Rodge_> ok
<rbasak> Rodge_: there are many "httpd"s. Apache provides one, I suppose, but neither the process name nor the binary is called httpd, AFAIK. I don't think this is Ubuntu-specific. It's distro-wide.
<Rodge_> hehe ok :) ..thought Ubuntu was a distro, lol
<rbasak> It is.
<rbasak> I mean that I believe Ubuntu isn't special here. Other distros do it too.
<zul> rbasak:  i thought fedora called it httpd ?
<Rodge_> aaah, ok :)
<rbasak> zul: oh, it does?
<zul> rbasak:  yeah now you got me wondering
<rbasak> That would almost be presumptuous if it weren't for Apache's history.
<zul> rbasak:  http://wiki.apache.org/httpd/DistrosDefaultLayout
<zul> rbasak:  yeah im not going crazy
<rbasak> I think I probably last used Apache on RedHat in around 1998. Must have forgotten. Thanks :)
<zul> rbasak:  blocked it out dont you mean? :)
<rbasak> :)
<hallyn_> zul: so i'l ljust push the migration-state fix to the trusy libvirt package?  you had nothing else you wanted to add?
<zul> hallyn_:  nope its all yours
<hallyn_> ok
<hallyn_> "thanks"  :)
<railsraider> Hi, I have 14 upstart jobs, each is very intensive CPU load, i need to find a way to restart all of them in batch one by one cause if i try to run all of them the server is dead until it finish
<makara> railsraider, when do you need to restart them?
<railsraider> when i deploy code
<railsraider> i just need to find a way to chain and sleep between each
<makara> railsraider, you're looking at a bash solution
<railsraider> makara: what doe s this do under the hood? http://pastebin.com/pksWkacW becasue when i do start resque_all it stops and starts all resque_N.conf
<railsraider> no idea how this works
<makara> railsraider, how do you deploy code. Do you have a git service hook?
<railsraider> with capistrano
<railsraider> no
<makara> or do you poll with a cron job
<makara> railsraider, need to know more about capristrano
<railsraider> capistrano is just away to run commands over ssh
<railsraider> and do git pull
<railsraider> im saying even with out it i want a way to restart all resque workers upstart files
<railsraider> serially with a delay
<makara> railsraider, my bash script for pulling repos looks like this: for repo in *; do [[ -d $repo ]] && (cd "$repo"; printf "$repo : "; git pull); done
<makara> it does them serially
<makara> i would just need to change "git pull" to "git pull; sleep 60"
<makara> just put your restart command in there
<makara> railsraider, you could just get capistrano to execute your own script
<railsraider> makara: the issue is not that, is that i dont know how many resque_#.conf files i have
<railsraider> im looking in a diff direction now
<makara> scrape the directory for .conf files
<makara> try the bash channel
<railsraider> k thanks
<rtg> jamespage, can you get any finer granularity on where in the teardown process you're getting this kernel crash ? re: bug #1251035
<hallyn_> stgraber: did you have anything you wanted to stage for trusty lxc?  else i'll just push the single fix for lxc-start -f right quick
<stgraber> hallyn_: nope, nothing staged here
<hallyn_> cool
<octocodercat> Hello!
<octocodercat> Does anyone have any advice on how to resist the urge to throw a server out the window because it takes three hours to download the APT package lists at installation time?
 * octocodercat rages
<_afu_> lol.  Try different mirror?
<mickie> Hi All, with ufw enabled a samba server can only be accessed with its IP address, not its name. I have blocked an IP range on the LAN, but allowed all the rest. What could cause this?
<_afu_> If you disable the firewall does it work ok?
<mickie> thanks _afu_, with ufw disabled it works as expected
<mickie> I have blocked an IP range that is served by the dhcp router to wireless clients. The rest (office PCs) are allowed access for the samba app
<_afu_> mickie, Not blocking anything but IP ranges? Not blocking ports or protocols?
<mickie> Correct.
<mickie> Well ... no, sorry
<_afu_> Wonder if broadcast is involved here?
<mickie> I am blocking UDP 137,138 and TCP 139,445 for the wireless clients
<_afu_> Or DNS?
<mickie> and I have allowed 192.168.0.0/24 for the Samba app
<mickie> The server is not acting as a DNS resolver, so I would think that ufw would block any requests
<mickie> I did allow UDP 53 for all machines on the LAN and it still fails
<_afu_> Hmmm...
<_afu_> Review firewall rules via cmd line?
<mickie> Yep. I did and all looks as I specified it.
<_afu_> iptables -L I think
<mickie> /sbin/iptables -L -v -n
<_afu_> ya   dats it
<_afu_> Hmmm...
<mickie> I don't really understand smb/cifs
<mickie> or how MSWindows machines recognise each other
<_afu_> I'm learning that now,  MS that is.  You using MS DNS or BIND?
<_afu_> Guess it dosent matter if turning the server firewall off fixes the problem
<mickie> The router acts as the DNS resolver (I think) and the MSWindows speak among themselves
<mickie> Just got a thought ... perhaps I shouldn't have blocked the edge router ...
<_afu_> Off the top of my head, onlything I can think of is it requires a br0adcast but mot sure about that
<mickie> Hmm ... I'm off to try it. Thanks for the help!  :-)
<_afu_> Good luck
<_afu_> Not sure if I helped but...
<mickie> I switched the broadcast on in the smb.conf, but still didn't work
<mickie> Yes you did!  Gave me an idea to try something
<mickie> thanks
<_afu_> OK. Cool
<mickie> bye now
<_afu_> Bue
<_afu_> or Bye
<jrwren> any tcpdump filter expression knowledgable people can help me? http://paste.mitechie.com/show/1077/
<sarnold> jrwren: how about ether[0:3] ? how about != instead of "not .. == .."  ?
<jrwren> i'll try it, but I alreayd have not stp and not arp and not ether[20:2] == 0x2000
<jrwren> working fine
<jrwren> trying to add another ignore to the list
#ubuntu-server 2013-11-15
<tboat> hey all, could use help with something on my ubuntu 13.04 server: recently set up iptables, however samba no longer broadcasts, can connect directly, but it does not list in Network Shares.
<tboat> and yes i have rules for the samba ports in iptables
<sarnold> tboat: how about the 'nmbd' ports?
<tboat> they should be in there
<tboat> 137, 138, 139, 445, 389, 445, 901
<bradm> tboat: I find it useful to add an explicit log and then deny when I'm trying to get firewalls working
<Arrick> Hey all, if I have run a cmd such as "aptitude install mysql-server libapache2-mod-auth-mysql php5-mysql" on a server, how to I remove that?
<Arrick> this is on 12.04 LTS
<Arrick> !openldap
<Arrick> !ldap
<ubottu> LDAP is the Lightweight Directory Access Protocol. For more information, installation instructions and getting clients to authenticate via LDAP see https://help.ubuntu.com/community/OpenLDAPServer
<Arrick> Guys, I am wanting to be able to have my windows users be able to utlize single sign-on with a moodle website, am I looking at the right thing with ldap?
<Arrick> !single sign on
<ubottu> Arrick: I am only a bot, please don't think I'm intelligent :)
<Arrick> !SSO
<pmatulis> Arrick: you're thrashing
<Arrick> ok, please point me in the right direction
<pmatulis> Arrick: is this website on the internet or on your private network?
<Arrick> private network
<Arrick> I have been able to install sites so that SSO works in the past, but not on Linux
<Arrick> I dont want the users to have to logon to the server every time they are doing training, just logon to thier windows PC, and have it authenticate for them when they hit the site.
<pmatulis> SSO on a LAN typically involves Kerberos
<Arrick> and NTLM
<Arrick> LDAP was what our last 2 sites have utilized..
<Arrick> but then, they were both windows servers running IIS.
<pmatulis> LDAP is a protocol, what was the implementation?  Windows or Linux?
<Arrick> the implementation was windows for the other sites, this one I need on Linux
<pmatulis> so you were probably using AD then
<Arrick> Oh, yes, Active Directory is the authentication, sorry.
<pmatulis> ok, AD incorporates Kerberos and LDAP, in its own strange way
<Arrick> yeah
<Arrick> its what I need, and you are definately on the right track, is there a single site that can help me get to where I need to be at?
<pmatulis> if Windows clients adhere to the standards then they should be able to deal with a Linux-based Kerberos setup, but you never can tell with Windows
<pmatulis> LDAP just stores information.  you can therefore put your Kerberos info inside of LDAP if you want but you will still require a Kerberos server
<pmatulis> if you use LDAP, i recommend OpenLDAP as its implementation
<pmatulis> but LDAP & Kerberos can be fairly complex
<pmatulis> and, no, i don't have a site for you.  you'll need to do a fair amount of homework
<pmatulis> how do i get rid of 'quiet splash $vt_handoff' on a new saucy install?  there is no quiet or splash in /etc/default/grub
<pmatulis> yet the first 3 options are in my grub.cfg
<pmatulis> weird, a 'sudo update-grub' got rid of them, no changes made by me
<Joel_re> hey, I've been trying to get nagios3 installed
<Joel_re> but it just fails
<Joel_re> http://hastebin.com/qutafitaki.vhdl
<Joel_re> any clues on what I can do to get around this ?
<AdminInNeed> Hi, why do automatic updates download flash plugin on headless ubuntu server?
<AdminInNeed> It seems like a waste since only lynx is installed; no ff, chrome, or etc.
<rbasak> AdminInNeed: it isn't installed by default. Seems you or something on your system installed it since installation, and thus it's being upgraded.
<HumpyDumpy> does anyone here have a cloud?
<HumpyDumpy> i tried to make a cloud :( it didn't go so well
<remix_tj> AdminInNeed: i suggest you to install with the option --no-install-recommends or the relative option on apt config to avoid the installation of useless software
 * LinuxGold is running Ubuntu 13.10 server in Virtualbox on iMac machine.  have been running console for a while and decided to install xubuntu-desktop, couldn't run.
<LinuxGold> already apt-get install xubuntu-desktop
<LinuxGold> successfully installed, but couldn't start.
<LinuxGold> rebooted the vm
<AdminInNeed> Raboo: remix_tj thanks you for the direction and advice.
<ivoks> hey
<ivoks> how does one terminate a subordinate charm that's in the state of dying :)
<LinuxGold> http://paste.ubuntu.com/6421788/
<LinuxGold> this might help?
<josh__> Hello I have installed BIND manually but I am a little bit confused about whether I am using named.conf or named.conf.local? Both need creating either way. Any help appreciated!
<rbasak> josh__: I suggest you use named.conf.local unless you have to change something in named.conf.
<rbasak> josh__: it allows the packaging to change the default named.conf on upgrades without interfering with you.
<rbasak> josh__: however, you may change named.conf if you wish, eg. to replace the default structure that packaging provides. In this case, you'll just be prompted to deal with it yourself on upgrade.
<josh__> Thanks so much for the help. I am new to this admittedly but it's for an experiment I am setting up. A lot of the resources refer to named.conf.local but I thought that may be just for apt-get installs.
<josh__> It seems strange that you have to create these files manually as well, is this normal when manually installing?
<rbasak> What do you mean by "manually installing"?
<josh__> Well unpackaging the tarball that I downloaded on BIND's website and compiling it etc. This is how I installed as I wanted to ensure I was getting a particular version.
<jrwren> i want to untar an ubuntu cloudimg and chroot to it. possible? thoughts?
<sarnold> jrwren: if I recall the cloudimages correctly, that's one of the intended uses :)
<jrwren> well look at that, its even a tarball https://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-root.tar.gz
<jrwren> thanks for not calling me crazy sarnold
<sarnold> jrwren: woo :)
<daveops> I could use some help demystifying the Cloud archive release cycle...
<daveops> https://launchpad.net/ubuntu/+source/nova/ I can see that 2013.1.4 has been released in the updates channel, but it's not available to me in precise-updates
#ubuntu-server 2013-11-16
<basil_> Hi guys, any chance of advice on getting vnc server working (x11vnc actually) working on Ubuntu 12.04 running on XenServer 6.2? I want access to a graphical mode, rather than be stuck in CLI
<TimR> can anybody tell me why I cant edit SSH port anymore I did have it on port 26 but it dont work anymore so when I switched it back to port 22 it works
<pmatulis> TimR: did you restart the daemon after changing?
<TimR> yes many times
<pmatulis> TimR: check the listening ports with netstat or lsof
<TimR> I stopped the service and started it back up again and still will not work or change
<TimR> I dont see ssh even started
<pmatulis> TimR: there should be an error in the logs.  or try to start it on the command line manually
<TimR> see when I try to edit sshd_config the what ports,ips protocols we listen for is commented out but when I try to add the ports and save it would just go back to commented out
<pmatulis> TimR: you're having editor problems.  what editor are you using?
<TimR> well I was using webmin file to edit it out
<pmatulis> TimR: that's your problem
<pmatulis> reason #523 on why you should not use webmin on ubuntu
<TimR> well I did the vi
<TimR> edit
<TimR> then when I try to restart ssh it gives me since the script you are attempting to invoke has been converted to an upstart job
<pmatulis> should have still worked but it is nagging you to use upstart directly next time
<TimR> well its not
<pmatulis> 'sudo restart ssh' should do it i think, it's been a while since i needed to restart sshd
<TimR> when I do that I get restart unknown instance:
<TimR> I am starting to think my server got hacked or something
<pmatulis> 'sudo start ssh' then
<TimR> i tried to uninstall and reinstall noting happens
<TimR> that is openssh-server
<TimR> could iptables cause this issue?
<msi> hey guys, my server got hacked about an hour ago
<msi> they bruteforced the ssh
<msi> and did an rm f
<msi> so I lost everything
<msi> what should I do to prevent this from happening next time?
<msi> The ssh password was long, not in the dictionary or anything
<msi> must of been alot of bruteforce power
<bekks> msi: Dont use password, but use password protected ssh keys.
<bekks> Thats what you should have learned from that.
<msi> bekks what is thath?
<bekks> msi: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<bekks> msi: And hopefully you did use a strong password for the user for sudo purposes, and hopefully you did not enable the root account for ssh on your server.
<mardraum> I bet you use the same password somewhere else.
<msi> Nop it's a random generated
<msi> The attack came from germany
<mardraum> then I find it very unlikely and perhaps you are running old www apps and haven't kept the kernel updated?
<msi> I run a script that does sudo apt-get update, upgrade, dist upgrade every day so
<mardraum> do you reboot into the new kernel?
<msi> yeah the server reboots automatic every day
<mardraum> if they removed everything, how did you come to this conclusion?
<msi> saw it inside my  snort logs
<msi> from pfsense
<mardraum> you saw a shitload of bruteforce attempts, and then an eventual success logging in as root@ ?
<mardraum> or your user could sudo su?
<msi> they used the couchpotato user and then resetted the root password and used root acces to wipe all
<mardraum> how did they reset the root password?
<msi> I have no clue
<msi> I also see there were files transfered over ftp
<msi> weird :s
<bekks> msi: You did not reinstall that box?
<msi> the box is currently doing a dban 35 pass wipe
<msi> and the os ssd is already secure erased
<bekks> 35pass wipe - you have too much time to spend, do you? :)
<msi> Well the backup server is up and running so no problems, only 3 days left on the wipe
<msi> just going to reinstall the os and add the disk back in later
<bekks> I dont see why that takes longer than an hour, actually.
<msi> 1 tb drives :p
<msi> and verifying every pass
<bekks> Why not just "mkfs" and start over?
<msi> They transferd files to my server and I want them gone for ever
<msi> who knows what it was
<msi> could of been anything
<msi> just paranoia I guess
<bekks> Thats just paranoid, yes. I guess, there are meds against that :P
<bekks> I'd just used mkfs, reinstalled, and secure the server.
<msi> ^^
<msi> Securing the server you mean using ssh keys instead of password?
<bekks> That just one small step.
<msi> Can you enlighten me about what other steps i should do?
<bekks> msi: https://help.ubuntu.com/12.04/serverguide/security.html and http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
<msi> thanks il read it in a secondÂµ
<msi> I see, What would be the difference between recject and block in the firewall?
<msi> Hmm seems like the root login came from inside the network
<msi> I can see a local ip
<bekks> You enabled root login?!
<msi> yup
<bekks> msi: That was the first mistake.
<msi> how so
<bekks> msi: It is disabled by default - for securit reason. You ignored that and payed your bill.
<msi> lol
<msi> you always need root to do stuff don't i?
<msi> or do you mean always use sudo
<bekks> !sudo
<ubottu> sudo is a command to run command-line programs with superuser privileges ("root") (also see !cli). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (GNOME, Xfce), or !kdesudo (KDE). If you're unable to execute commands with sudo see: http://www.psychocats.net/ubuntu/fixsudo
<msi> instead of root account
<bekks> sudo is not a replacement for root.
<bekks> root has no password by default, so you cannot login as root directly.
<bekks> Thats done for security reasons.
<msi> i see
<msi> so for every service I run i should make another account?
<bekks> you should read the linked documents before setting up your server again.
<msi> an not all of them on the root acc
<bekks> Why do you want to create an account for every service?
<bekks> You are mixing things up.
<msi> restricted acces to folders etc
<msi> like my deluge only has acces to 3 folders
<bekks> you should not set a root password. You should use sudo when needing root privs. Thats all.
<msi> oh k
<msi> ty dude
<makara> hi. I'm running 12.04. On desktop version I can add a PPA with add-apt-repository, but not on server. How to get it?
<jacobw> makara: `sudo apt-get install python-software-properties`
<makara> yeah
<jrwren> what is the command to install build deps?
<jrwren> dpkg-checkbuilddeps complains, i swear there was a command to install build deps
<jacobw> is it possible to mirror main/installer-amd64 with apt-mirror?
<Beatstreet> can anyone tell me what this stuff means? box keeps locking up and going offline http://tinypic.com/r/2qtuvwo/5
<mdeslaur> Beatstreet: looks like xfs is crashing
<Beatstreet> how do I fix that - this is a fresh OS install
<mdeslaur> don't use xfs, or perhaps try the 12.04 release iso instead of the 12.04.3 one
<mdeslaur> ther 12.04.3 has the 3.8.0 kernel backported from raring, perhaps the 3.2.0 one that was in 12.04 originally doesn't contain that particular issue
<Beatstreet> I have 12.04.3 running on a few servers but this is the only one crashing
<mdeslaur> that's about all I can suggest, perhaps someone else has another idea
<mdeslaur> you can also try installing the linux-lts-saucy kernel, it's more recent and is available for precise now
<qman__> xfs is pretty stable these days, you more than likely have a hardware problem
<Beatstreet> how can I ID the hardware issue?
<qman__> run memtest and check your disks, those are the most likely culprits
<qman__> when it locks up, if you have physical access, check to see if one of the disks is hanging and has a light stuck on
<Beatstreet> hdd are good but i will test mem ory- thanks
<Beatstreet> I dont have physical access
<qman__> how much RAM do you have?
<Beatstreet> I've bene checking drives with smartmontools
<Beatstreet> *been
<Beatstreet> 4GB
<qman__> ok, that should be enough
<qman__> drives don't always throw SMART errors, and especially if you're using desktop-class drives, they can just lock up and hang without producing an error
<qman__> and that's normal and accepted behavior according to the manufacturer
<qman__> if you had a controller problem you'd normally see an ATA DRDY error, and I don't see any of those, so that's probably not it
<Beatstreet> it's pretty consistantly locks up so not sure where to look
<qman__> well, you could eliminate xfs as the culprit by using a different filesystem and seeing if problems remain
<qman__> but it sounds like hardware to me
<Beatstreet> thanks qman__, mdeslaur
<basil> Hi any chance of some help in troubleshooting my attempt to connect to my Ubuntu 12.04 server (sitting on XenServer 6.2) via VNC (and GUI). I've installed X11VNC but get an error when I try to connect with my Viewer (on WinXP)
<jkitchen> ganglia-monitor's init doesn't have a 'status' and the pid file is wrong.
<jkitchen> :(
<jkitchen> at least in 12.04, I'll try out 13.10 in a bit
<Beatstreet> is there another tool for testing HDD for failure other then smartmontools? Something for someone with no physical access to the box
<Beatstreet> is there another tool for testing HDD for failure other then smartmontools? Something for someone with no physical access to the box
#ubuntu-server 2013-11-17
<Pupeno> Anybody knows how to redirect requests to phpmyadmin to ssl? I'm trying to write the rewrite rules and it's driving me crazy.
<basil> Any chance of some advice to assist with troubleshooting a connection to Ubuntu 12.04 from Win Xp via x11vnc? I want access to GUI from XenServer - and not have to use the CLI
<basil> thanks guys....try again later
 * Spudster_away is set as away
 * Spudster is no longer away : Gone for 25 secs
<carbon_monoxide> Hi! I have download Ubuntu Server LTS 12.04.3 image. I use dd command to make bootable thumb drive. However, every time I try to use it to perform basic install, it freezes at the locale selection page. I was just choosing to use 'English'. I didn't try choose 'C'. I tried to download the image and use other thumb drive, but got the same outcome. I have tried to use the 'disk check', but it always freezes at some point. Not onl
<carbon_monoxide> y installation. I have did the same thing to install Debian on the same machine. Not problem at all.
<genii> Did you do the md5 check on the image you downloaded?
<carbon_monoxide> Yes. The checksum matched
<oste> hello, what is the proper way to write to the /var/www folder?
<oste> guessing - create a group and add a user somehow
<oste> any tuts out there?
<oste> something like this? http://pastebin.com/vrq8PJ1U
<LeMike> hello. i think we're under ddos. where do I see which IP tries to access the apache currently?
<patdk-lap> netstat
<LeMike> thanks patdk-lap. already did `tcpdump port 80` and know what domain is attacked. how do I find out which ip to block?
<basil_> Hi any chance of some help troubleshooting x11vnc coonections to Ubuntu 12.04 to get access to the GUI
<basil_> rather than CLI
<Lightsword> anyone know the proper way to set up nfsv3 on ubuntu server 13.10 with static ports and listening on all interfaces?
<Lightsword> I'm not sure of the the /etc/exports syntax and some of the other requirements, seems the documentation is all mixed with the nfsv4 documentation and thats very different
<Lightsword> This is what I've been trying as my config files https://gist.github.com/Lightsword1942/7512773 hasn't been working though
<bekks> Lightsword: "hasnt been working" is too generic to help you.
<Lightsword> bekks, any idea how to get a better error log, it just say "...fail!" more or less
<bekks> Lightsword: dmesg, start nfsd manually, etc.
<Lightsword> bekks, well I completely rebuilt the VM with only the /etc/exports config customized and its sharing it as nfsv4 from the looks of it, does the nfs-kernel-server do both nfsv3 and nfsv4?
<bekks> If you define a nfsv3 share, it will be shared as nfsv3.
<bekks> The syntax for v4 is different from v3.
<Lightsword> https://gist.github.com/Lightsword1942/7513002 is what I have changed /etc/exports to, is nfsv3 supposed to be set from there?
<bekks> Yes,
<Lightsword> bekks, is it just a config flag?
<bekks> Ist is a different syntax.
<Lightsword> bekks, do I need to just change the directory to /export/home
<bekks> For doing what?
<Lightsword> bekks, changing it from a nfsv4 server to a nfsv3 only server
<bekks> The path does not indicate that.
<Lightsword> bekks, I can't see any option to set nfsv3 from there, at least in the docs, I see an option to flag it in /etc/default/nfs-kernel-server , would that be where I would do that?
<bekks> I dont know what you want, actually.
<Lightsword> bekks, full anonymous access over nfsv3
<bekks> Then finally start stating _what_ isnt working, etc.
<Lightsword> bekks, well I rebuilt disabling all the extra config files that were probably breaking it, right now its in nfsv4 mode and I can't seem to connect
<Lightsword> bekks, so the server is running at least now, just the settings are wrong
<bekks> Then why did you edit config files that are unrelated?
<Lightsword> bekks, aren't there other config files that have nfs related options?
<bekks> The only file necessary is the /etc/exports.
<Lightsword> bekks, Is there any documentation for changing to nfsv3 anonymous mode? I can't seem to find what I would need to change
<bekks> nfsv3 has nothing else but anonymous access.
<bekks> v3 doesnt know anything about the authentication of users.
<Lightsword> bekks, well, it doesn't authenticate in a traditional way but it still does mapping, I'm trying to force remap all gid/uid sets to a single version
<bekks> It doesnt authenticate at all.
<bekks> Or you hacked some authentication into the nfsv3 code.
<bekks> User mapping has absolutely nothing to do with authentication.
<Lightsword> bekks, I think the uid/gid mapping can be used as authentication
<bekks> Your assumption is entirely wrong.
<bekks> It is an user mapping. Nothing more, nothing less.
<Lightsword> bekks, well looks like microsoft implemented it as some sort of authentication layer http://technet.microsoft.com/en-us/library/bb463218.aspx
<bekks> NFSv3 on Linux has no authentication. I am not going to say that again. If you want Windows 7 NFS auth, please seek support in ##windows
<Lightsword> bekks, linux by itself didn't really have the capability, the mapping itself was handled by domain servers, that was just the method used to bind clients to linux/unix NFS servers, I'm just trying to set the VM's nfs server to accept any client no matter what uid/gid is set
<bekks> I told you how to do it already, at least two times. You still insist doing something impossible like implementing auth with nfsv3. Everything is said, I am resting your case. Good luck whatever you are going to do.
<Lightsword> bekks, I'm not trying to implement it, I'm trying to disable it, the problem is that the windows clinet comes in with a funky uid/gid that needs to be remapped
<bekks> You cant disable something that isnt even implemented.
<bekks> I told you that you need to set up the mapping, you got the article. I am not interested in your issue anymore, please do not hilight me anymore. Thank you.
<liquid-silence> hi all
<liquid-silence> how can I give a user upstart permissions currently I get unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
<liquid-silence> but as root I can upstart fine
<liquid-silence> or give a user to execute start someapp
<liquid-silence> without having to type the sudo password
<liquid-silence> hmmm somerthin is fscked here
<bekks> You cant, without sudo.
<liquid-silence> I am using sudo with ....
<liquid-silence> app     ALL=(ALL) NOPASSWD: /sbin/start my-script
<liquid-silence> and then sudo start my-script
<liquid-silence> and it still prompts for a password
<liquid-silence> weird
<liquid-silence> bekks any idea?
<liquid-silence> maybe my user is not in the correct grouop?
<bekks> Then you wouldnt be able to use sudo.
<bekks> And parameters arent recognized for application in the /etc/sudoers. "/sbin/start" instead "/sbin/start my-script"
<bekks> Think twice if you want your user to start/stop all services.
<liquid-silence> hmm
<liquid-silence> bekks all I need to do is all the user "app" to start a process
<liquid-silence> and stop a process
<liquid-silence> as I am ssh'ing (blindly) and restarting it
<liquid-silence> any ideas RE that?
<liquid-silence> bekks there must be a way?
<liquid-silence> looking at this
<liquid-silence> http://upstart.ubuntu.com/cookbook/#user-job
<liquid-silence> so in theory I can have the script in $USER/.init
<liquid-silence> ok I think I am going to go with Archlinux
<liquid-silence> seems more docs
<liquid-silence> bekks when doing it in .init
<liquid-silence> I get start: Name "com.ubuntu.Upstart" does not exist
<liquid-silence> bekks any advice?
<liquid-silence> ubuntu is really breaking a hell of a lot
<liquid-silence> doing a dist-upgrade now
<liquid-silence> if it does not work , I will move to debian / arch
<liquid-silence> does anyone here know upstart?
<liquid-silence> app@ubuntu-server:~$ start my-script
<liquid-silence> start: Name "com.ubuntu.Upstart" does not exist
<liquid-silence> sudo works though
<liquid-silence> well if the script is in /etc/init
<rbasak> liquid-silence: upstart user sessions are for when you want to run services as that specific user. You need to arrange to start a separate upstart process as that user first.
<liquid-silence> rbasak I figured that
<liquid-silence> so I have a script in ~/.init
<liquid-silence> now I do start my-script
<liquid-silence> and it says its not found
<rbasak> liquid-silence: if you want a user to be able to control a system service, I suggest you arrange for sudo to do it. The general mechanism for that is the same across all distributions.
<liquid-silence> I cant type in a password
<liquid-silence> as it via a block of code that ssh
<liquid-silence> this is real annoying
<rbasak> liquid-silence: look at sudo's NOPASSWD option in sudoers
<liquid-silence> tried that
<rbasak> liquid-silence: I wouldn't advise using upstart user sessions for your task right now. They are documented but are available for 13.10 only, and the headless (server) case is documented as "not fully supported right now".
<rbasak> liquid-silence: see http://upstart.ubuntu.com/cookbook/#non-graphical-sessions-ubuntu-specific
<rbasak> liquid-silence: do it with sudo, as you would with every other distribution.
<liquid-silence> yea
<Terabyte> hey
<Terabyte> should services in ubuntu server be installed using /etc/init.d or using upstart?
<Terabyte> i find it strange that the recommended way is upstart yet typing initctl at the commandline does nothing....
<rbasak> Terabyte: both are supported. In packaging, upstart jobs are also provided with a symlink from /etc/init.d/<service> to /lib/init/upstart-job for compatibility.
<jml> archlinux wiki indicates there are ufw rules for Deluge but I can't find evidence of these rules in Ubuntu
<jml> jdstrand: ^
<Terabyte> hey, I wrote an upstart script to start a service, so far so good, it worked. but now i want to stop it, and typing service wanted stop says "Stop: Unknown instance:"
<Terabyte> when I run service wanted start, I get "wanted start/running, process 22312", thing is though that the script I ran fires off it's own RUNNING_PID which seen in top is 21945 (it's a java process, the way to shutdown should be to kill -15 21945, is there anyway to instruct upstart in this way?
<rbasak> Terabyte: you may need "expect fork" or "expect daemon". See: http://upstart.ubuntu.com/cookbook/#expect
<Terabyte> oo let me try daemon
<rbasak> Terabyte: when messing with "expect daemon" and "expect fork", it may be worth knowing about bug 406397 - if you get it wrong, a job can get stuck and upstart needs a reboot (or horrible workaround) to fix it before you can fix the job.
<rbasak> It's not an issue in production, though.
<Terabyte> hmmm
<Terabyte> I don't think even daemon is quite right
<Beatstreet> I keep trying to run a xfs_check but all I get is Killed. is there a way to run xfs_check and it not get Killed?
<rbasak> Beatstreet: check /var/log/kern.log. If the kernel killed it, the reason should be in there. Or "dmesg|tail".
<Beatstreet> ok, thanks
<Beatstreet> Out of memory: Kill process 3543 (xfs_db)
<Terabyte> k I've been stuck trying to get upstart to run a playframework app runscript. If anybody has any ideas as to why this script doesn't work let me know: http://codepad.org/hwMNsTfx http://codepad.org/KLn9PKNg In short if I went to a console, I could type ..../bin/wanted -D...bunch of java args, and end up with a fg script showing me logs (stdout?) press ctrl C to exit and kill the process.
<Terabyte> however separately a process (RUNNING_PID) has been spawned that is a java process and this is my "app". I have no idea what the upstart settings should be, i've tried as a damon, as not a daemon, --background --start, without those 2 params, nothign just seems to work.
<shadeslayer_> okay
<shadeslayer_> -.-
#ubuntu-server 2014-11-10
<bremden> I'm trying to set up a personal web server with ubuntu server 14.04, system powers up, but after selecting the boot disk, it goes to a blank screen with a flashing cursor, and becomes unresponsive to input. Anyone know if this is a hardware issue?
<eagles0513875_> hey guys im taking over a server that right now is a mess in terms of permissions in /var/www all sites at the moment are set to 777
<eagles0513875_> how can i switch all said directories and files back to their original permissions
<YamakasY> does any know how I can run dirsrv on a public IP instead of localhost ?
<SlIva> test message
<lordievader> Good morning.
<eagles0513875_> hey lordievader
<eagles0513875_> got a question im working on a work vps at the moment to try and fix permissions question for you
<eagles0513875_> how can i restore a directory and its files permissions back to the defaults
<Kartagis> eagles0513875_: permissions default vary by your requirements, there are no set defaults
<lordievader> ^
<eagles0513875_> Kartagis: there are defaults
<eagles0513875_> i thought there were
<Kartagis> no
<eagles0513875_> 775 for directories and 664 for files
<Kartagis> 755 for d, 644 for f
<lordievader> eagles0513875_: Err no.
<lordievader> That is for some dirs a really bad ide.
<eagles0513875_> Kartagis: right that is what i meant sorry
<lordievader> idea*
<eagles0513875_> right now what they are set to which is 777 is worse
<Kartagis> eagles0513875_: but like I said, permissions default vary by your requirements, there are no set defaults
<lordievader> What folder are we taking here?
<eagles0513875_> lordievader: websites directories in /var/www
<eagles0513875_> which are set to 777 at the moment
<eagles0513875_> and they were not set by me but by the previous admin
<Kartagis> 777 is evil dude
<lordievader> Hmm, there 755 is fine and 644.
<ikonia> it really depends though
<ikonia> eg: some wordpress permissions can require 777 or 775
<ikonia> eg the temporary directory
<ikonia> it's not a black and white answer
<ikonia> you need to evaluate your web site needs and set them correctly
<eagles0513875_> ok
<Kartagis> listen to the man
<lordievader> +1
<eagles0513875_> i am listening to him :)
<Kartagis> speaking of which, never ever use wordpress
<Kartagis> it's more evil than the satan
<eagles0513875_> lol Kartagis my job is using it and i need to upgrade it badly lol
<eagles0513875_> so i did a bit of digging and in the forums it seems like default 755 and 644 permissions are sufficient for wordpress
<ikonia> Kartagis: grow up
<ikonia> Kartagis: it's one of the most widely used and respectted web platforms
<ikonia> eagles0513875_: no they are not
<Kartagis> ikonia: most widely used, and most widely hacked
<eagles0513875_> ikonia: would you mind if we take this to the wordpress channel as its not really ubuntu server on topic
<ikonia> Kartagis: because of incorrectly setup sites
<ikonia> eagles0513875_: you can take it to the wordpress channel, there are experienced guys in thtere
<eagles0513875_> ok no problem
<Azaril> hey
<Azaril> im using 12.04
<Azaril> does this use /etc/anacrontab by default?
<Azaril> i cant find it
<lordievader> Azaril: Is anacron installed?
<rbasak> Azaril: it's not installed by default on server.
<Azaril> ahah
<Azaril> that would explain it
<Azaril> if i install anacrontab, the entries for cron.daily, cron.weekly etc are still there
<Azaril> (in /etc/crontab)
<Azaril> will the jobs get run twice?
<rbasak> Yeah they stay there.
<rbasak> My jobs in /etc/crontab test for anacron
<rbasak> Not sure about Precise.
<Azaril> ah i see
<Azaril> so the or wont run the crontab bit
<pmatulis> morning
<Azaril> 25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
<rbasak> Right
<rbasak> pmatulis: o/
<alreece45> Hm... what's some good configuration management systems to use, now-a-days?
<sudormrf> !ping
<ubottu> pong!
<jgornick> Hey guys, is it possible to reset the udev persistent net rules with the available adapters on my server?
<zul> jamespage: vivid is slowly building...fixing things as i see them
<jamespage> zul, awesome
<jamespage> zul, oh eventlet asap
<jamespage> I mean't to look today
<zul> jamespage,  what about eventlet?
<zul> jamespage: synched python-eventlet from experimental
<grendal_prime> has anyone seen a linux smb/cifs server  other than samba?
<grendal_prime> cause ive about had it with samba4
<grendal_prime> i cant get anything to work right on it.
<grendal_prime> also if anyone knows of a way to get samba3 running on 14.04 please speak up.
<fridaynext> grendal_prime: I have samba running on my ubuntu 14.04 server box, but i don't know which version it is
<grendal_prime> and it works?
<fridaynext> works great - transfers blaze along at 110MB/s over CAT5e
<grendal_prime> dude..ive got 4 production file servers that run on samba3 with 20 users on each..never had any trouble with it.  I upgraded one of them to samba4..nothing works.
<fridaynext> very strange... missing dependency?
<grendal_prime> no..
<fridaynext> ah, looks like I'm running samva 4.1.6
<grendal_prime> ya me to
<grendal_prime> im building a new one from scratch on vm
<fridaynext> you try creating new shares?
<fridaynext> my shares are really basic - only allows my user to access the shares.
<fridaynext> write access for all of them (i store my time machine backups, iphoto, imovie, and itunes libraries on the shares)
<grendal_prime> so i need to have several shares.  and make them group owned
<grendal_prime> generic clone is done..setting up ip and system name
<grendal_prime> do you manage that with cli or do you use some tool of some sort?
<grendal_prime> fridaynext, ?
<fridaynext> grendal_prime: I initially set it up with cli - I might have added one of them with webmin, but I'm pretty sure in the end I did them with cli.
<grendal_prime> ya i use to use webmin to do all the management of that, the webmin module is now broke.
<grendal_prime> well doesnt work for samba4 anyway.
<fridaynext> try restarting the service?
<grendal_prime> dude..for like 2 days ive been working on this..im pretty aware of the need for that..
<grendal_prime> but thanks for asing.
<fridaynext> grendal_prime: juuuust checking.
<grendal_prime> asking that is..
<grendal_prime> i know..i know.. i would do the same thing
<fridaynext> are you on webmin 1.710?
<grendal_prime> ya
<fridaynext> let me check my samba settings to see if anything looks finnicky in it.
<fridaynext> man, my settings are SUPER basic.
<fridaynext> are you visiting webmin over https?
<fridaynext> like when you say it's 'broke', do you mean not loading anything at all, or something else?
<grendal_prime> webmin is fine..
<grendal_prime> the problem is, have you ever set up shares that were group owned?  if not then samba4 probably works just fine with very basic settings. Ive got that to work ok. but
<grendal_prime> i would use the users and groups management on webmin for the samba box, add users to a group, then they have access to those shares.  all of that no longer works the way it use to.
<grendal_prime> i think it just doesnt work at all.  I saw one bug report that basically stated that, if you force ownership on a share, nobody can log into it then.
<fridaynext> is it a huge group? might work better to just put in each username.
<grendal_prime> cant get that to work either
<grendal_prime> if its wide open its fine..problem comes in when you start forcing ownership of created files and dirs.
<grendal_prime> if you are going to have several people accessing the files you have to make them group owned.
<fridaynext> yeah
<Vladimir_> is there any ubuntu alternatives for Citrix?
<sarnold> Vladimir_: qemu/kvm, either managed as standalone tools or via libvirt or maybe via proxmox (I haven't looked into proxmox much, it might not actually require a distribution like ubuntu or not..)
<Vladimir_> sarnold: thanks , I've looked into proxmox a bit
<sarnold> Vladimir_: of course if you have enough machines you can go full openstack
<FilthyMacNasty> guys I want a web interface music server, help?
#ubuntu-server 2014-11-11
<soahccc> Hey guys, I currently try to find auditing tools and generally I'm struggling  to find anything "recent". There is tiger (which last release was in 2008 iirc) and ossec (which is more what I was looking for) but it seems that the community around ossec is dead. Which tools provide similar functionality (centralized logging, processing and action taking) but not require 3 years of learning to get them running?
<ZorroT> i did the 14.04 upgrade and lost www userdirs. i've followed the instructions on google top hits for ubuntu 14.04 apache2 errors of this sort, and i am still getting 403s on userdir.
<fridaynext> anyone have a suggestion for a music server to run on Ubuntu 14.04 headless, that will have smart playlists and update playcounts?
<ZorroT> i did the 14.04 upgrade and lost www userdirs. i've followed the instructions on google top hits for ubuntu 14.04 apache2 errors of this sort, and i am still getting 403s on userdir.
<cryptodan> is userdirs enabled?
<ZorroT> ja
<ZorroT> cryptodan: yes
<cryptodan> any special .htaccess files?
<ZorroT> this is all such, no userdir content is working
<ZorroT> cryptodan: [Mon Nov 10 19:19:08.955340 2014] [authz_core:error] [pid 10645] [client XXXX:42030] AH01630: client denied by server configuration: /home/XXXX/public_html
<cryptodan> looks like you have .htaccess files
<ZorroT> but that is where none exists
<cryptodan> do an ls -la on public_html
<ZorroT> ha
<ZorroT> i think i just figured it out :-)
<cryptodan> .htaccess is a hidden file
<mardraum> ZorroT: http://httpd.apache.org/docs/current/upgrading.html
<mardraum> if you went from 2.2 to 2.4, read that.
<ZorroT> i had done the various upgrade procedures, grant, etc.
<ZorroT> what i had forgotten was that this server has a non-standard user web directory
<ZorroT> so of course all of the directives referring to public_html won't help :-)
<ZorroT> ID-10-T error.
<cryptodan> non-standard?
<ZorroT> "other than public_html"
<ZorroT> for i changed public_html references in userdir.conf, php5.conf and now everything is humming along happily.
<cryptodan> id recommend keeping the standard way
<ZorroT> cryptodan: i didn't ask, but thanks.
<ZorroT> there are perfectly good reasons that it is the way it is, and apache is amenable to allowing other than default options.
<ZorroT> i thought i remembered explicitly telling the upgrade process to leave the configs alone
<ZorroT> in which case, the normal documentation for the upgrade process would have applied correctly
<ZorroT> this was the upgrade problem plus me overlooking the difference between the defaults and the existing installation's expectations.
<ZorroT> i apologize for bringing that to channel :-)
<cryptodan> It was just a recommendation nothing to insult you
<ZorroT> typically, one doesn't change server defaults for purposes of whimsy. tone doesn't carry well on irc :-)
<ZorroT> also, thank you for your help, cryptodan and mardraum !
<cryptodan> you are welcome
<lordievader> Good morning.
<michele> hi there, what can I use to select the fastest apt mirror? netselect-apt is not in the repos anymore. any ideas?
<Amir2> What`s the most lightweight GUI for ubuntu server?
<michele> Amir2: xfce/lubuntu
<delinquentme> about to head in for a devops interview.  ask me thangs I should know !
<malinux> somebody who knows why autocomplete og apt-get install <package> only works when I am not doing so by sudo?
<delinquentme> malinux, i believe its a setting in your profiles .
<delinquentme> ~/.bashrc or ~/.bash_profile
<delinquentme> so if root has the same setting it should work
<delinquentme> root profiles will be in /root/*
<malinux> delinquentme: hm, det root user don't have a .bashrc
<malinux> it has, I sudo -i to root and it has
<malinux> so I will check ito ut
<malinux> delinquentme: autocomplete works when in root shell, but not when I do the same as sudo
<malinux> I enabled autcomplete in the .bashrc for root
<malinux> by uncommenting the lines
<Kartagis> malinux: enable the bash-completion in /etc/bash.bashrc
<malinux> Kartagis: already done so
<Kartagis> did you source it afterwards?
<malinux> by running: . /etc/bash.bashrc   ?
<malinux> yes
<malinux> or shoud I run source /etc/bash.bashrc ?
<malinux> dosen't work either
<malinux> if I try to autocompelte firefox, I get:
<malinux> malin@malin-M15a:~$ sudo apt-get install firefox
<malinux> firefox                                             firefox_29.0+build1-0ubuntu0.14.04.2.dsc
<malinux> firefox_29.0+build1-0ubuntu0.14.04.2.debian.tar.gz  firefox_29.0+build1.orig.tar.bz2
<zoraj> hi all
<LinStatSDR> Hellop
<zoraj> I'm actually installing ubuntu server
<zoraj> and after I finish installing it, I will install Xen as hypervisor
<zoraj> my question is, should I install Ubuntu Gnome Desktop or whatever WM ?
<zoraj> I wouldn't do that though
<LinStatSDR> whats wrong with the terminal
<lordievader> zoraj: No WM at all?
<zoraj> well, as I said, I will install Xen, so how Xen will show up Win 7 guest if it's totally in terminal
<zoraj> maybe a silly question ^^
<LinStatSDR> I was being silly heh
<lordievader> zoraj: Servers rarely have a display attached. The display to VM is usually supplied through VNC or something.
<zoraj> I'd prefer full terminal, but I will gonna install Xen, will it be necessary that at least I install gnome or something like that
<zoraj> lordievader, I know, I am just wondering since it will be a hypervisor dom 0
<zoraj> it's not a standard server, as it will host fully graphical OS
<zoraj> (Win7, Win 8)
<zoraj> so, my question is, will I have to install gnome or whatever WM, (atm, I am on the package choice screen)
<zoraj> this is my first step with Xen,
<mardraum> have to? no
<malinux> any suggestions? :)
<LinStatSDR> Wait waht
<zoraj> ok, I'm continuing the installation,
<LinStatSDR> You got it.
<malinux> should I consider an reinstall of my entire Ubuntu-install, to get sudo apt-get install to autocomplete correct?
<lordievader> malinux: What?
<lordievader> malinux: Do you mean to say that you have broken packages?
<malinux> lordievader: no, I say that apt-get install won't autcomplete when I do it as sudo. example: sudo apt-get install <package> it dosen not autcomplete pacakges, but things in /usr/bin and equal
<malinux> not the package-things
<malinux> lordievader: it works if I go to a root-shell or do it as user
<malinux> apt-get install is useless as user
<malinux> and if I have to enter the rootshell to get it work, that's a workaround and not a solution :)
<lordievader> malinux: That is likely due to your shell.
<malinux> lordievader: okey, so what is wrong with it? :)
<malinux> echo $SHELL returns /bin/bash
<lordievader> malinux: Probable the config.
<malinux> lordievader: ok, I can pastebin the .bashrc ?
<malinux> this is my .bashrc: 16:23 < dr0> apt-get install sudo
<malinux> 16:23 < selx> apt-get install dr0
<malinux> 16:23 < dr0> malinux: neida
<malinux> 16:23 < dr0> :-P
<malinux> 16:25 < selx> malinux: jeg aner ikke. Har ikke hatt sÃ¥ mye problemer med det du driver med...
<malinux> 16:25 < malinux> selx: nei, har debian server og ubuntu desktop
<malinux> 16:25 < malinux> har samme problemet begge steder by the way
<malinux> 16:25 < malinux> dr0: sudo er installert pÃ¥ bÃ¥de debian-serveren og pÃ¥ Ubuntu-desktopen min
<malinux> 16:26 < selx> aha :P
<malinux> 16:26 < RoyK> tror godeste Carlsen sliter litt :P
<malinux> 16:27 < malinux> hÃ¸rer rykter
<malinux> 16:27 < malinux> selx: ja. sÃ¥ vet ikke hva jeg skal gjÃ¸re jeg :S [16:27] [malinux(+Zi)] [3:FreeNode/#ubuntu-no-offtopic(+cnt)] [Act: 1,2,4,5,6,8,9,11,14,16,17,18,20,21,22,23,24,28,29,31,35]
<malinux> [#ubuntu-no-offt] har installert autoco
<malinux> oops sorry
<malinux> oh,. sorry
<malinux> http://paste.ubuntu.com/8942743/
<malinux> here it is
<zoraj> tack :)
<zoraj> the goddamn grub wont install on mbr
<zoraj> :\
<zoraj> and a blazing red screen appears as it says, fatal error
<fridaynext> does anyone here use subsonic for music streaming?
<lordievader> malinux: I rarely use bash, so I won't be any help there ;)
<malinux> lordievader: ah
<malinux> what do you use?
<lordievader> ZSH.
<malinux> lordievader: hm, I could try to change to zsh :)
<malinux> lordievader: autcomplete as sudo works there, and the colors of that shell is awesome, Think I just change :)
<RoyK> malinux: works well for me with bash, though
<malinux> RoyK: okey, it dosen't help me a lot :p hm, I am such of a noob that can't even change default shell to zsh
<malinux> and by changing the shell I don't fix the original issue
<malinux> RoyK: it works when you in user prompt, type sudo apt-get install <package> ?
<RoyK> yep
<RoyK> malinux: chsh -s /bin/zsh username
<malinux> did that
<malinux> but when I open a terminal, it opens to bash
<malinux> hm, maybe I forgot to add username
<RoyK> malinux: if you did, then you probably changed root's shell
<malinux> RoyK: why do you think I changed the root's shell?
<malinux> now I did again as user an added my username to user
<malinux> exited the terminal
<malinux> reopenend with ctrl + alt + t
<malinux> it starts a bash-shell
<malinux> bah
<RoyK> malinux: if you were root and ran chsh -s /bin/zfs, that changes the shell for thecurrent user
<malinux> RoyK: ok
<RoyK> malinux: no idea - I'll be back here in an hour or so
<malinux> okey :)
<malinux> RoyK: tried with sudo now, to change, nothing.
<RoyK> malinux: bbl
<malinux> I hate computers, but I can't live without them
<malinux> after a reboot, the shell is now zsh as default. Is the syntax the same as for bash? I have to readd aliases
<mdeslaur> hallyn: any idea why libvirt ftbfs on vivid?
<hallyn> mdeslaur: libxml2 security update
<hallyn> mdeslaur: if you dpkg -i the previous version it builds
<hallyn> i filed a bug.  the response was basically 'you figure out why'.  which isn't unreasonable - it may be a mis-use by libvirt
<fandi> hi all,
<fandi> how to start service corosync on ubuntu 14.04
<fandi> root@db3:/home/fandi# service corosync start
<fandi> there is no answer. thanks
<lordievader> fandi: What does "sudo service corosync status" return?
<fandi> same no return :)
<fandi> how to be manage by upstart
<mdeslaur> hallyn: oh, hrm, where's the bug?
<hallyn> mdeslaur: bug 1390637
<uvirtbot> Launchpad bug 1390637 in libxml2 "newest libxml2 update in vivid breaks libvirt build" [Undecided,New] https://launchpad.net/bugs/1390637
<hallyn> mdeslaur: i'm about to just ask on oftc#virt just to see if anyone knows offhand.
<mdeslaur> hallyn: hrm, haven't look at all, but perhaps this: https://git.gnome.org/browse/libxml2/commit/?id=72a46a519ce7326d9a00f0b6a7f2a8e958cd1675
<mdeslaur> hallyn: I'll poke at it this afternoon
<hallyn> mdeslaur: oh, good, that one does look promising.  excellent, thanks for looking, ping me if you need anything
<mdeslaur> hallyn: although, libxml2 in the stable releases should cause the ftbfs also, so maybe that's not it
<mdeslaur> anyway, I'll poke at it
<mdeslaur> hallyn: bingo: http://libvirt.org/git/?p=libvirt.git;a=commit;h=8f17d0eaae7ee2fa3e214b79b188fc14ed5aa1eb
<mdeslaur> hallyn: want to give that a try?
<hallyn> mdeslaur: will do, thx
<hallyn> mdeslaur: test-building, but danpb agrees that'll be the fix
<mdeslaur> hallyn: cool
<mdeslaur> hallyn: if it builds, don't upload, I've got security patches to add, so just tell me
<mdeslaur> hallyn: rather, give me your debdiff
<fandi> lordievader, ok done, i thinks i miss ntp
<fandi> lordievader, now it's working
<hallyn> mdeslaur: ok, will do
<lordievader> fandi: Hmm, okay. Good to hear :)
<hallyn> mdeslaur: http://people.canonical.com/~serge/libvirt.debdiff , gonna do one more test build
<mdeslaur> hallyn: built fine for me too, so uploading with security fixes
<mdeslaur> hallyn: thanks!
<hallyn> mdeslaur: great, thank you!
<pmatulis> hallyn: just read the "containers are better" thread, ha ha
<hallyn> pmatulis: I'm waiting to see how he blows his fuse when he reads my last reply
<pmatulis> hallyn: tbh, it's funny that i always read that sentence the way it was intended but i can easily see others getting confused if â  you do not keep the whole paragraph in mind and â¡ you're not a native speaker
<hallyn> all right, the color for names of ppl calling out my nick (yellow) is not working for me on white bg :)
<hallyn> neat how you did that _1_ and _2_
<pmatulis> ;)
<hallyn> but yeah, i agree.  the funny thing is,
<hallyn> 1. he won't accep tthat maybe he's missing a subtlety of hte language, and 2. he won't accept that maybe he committed a similar faux pas in several of his emails
<hallyn> but maybe i'm giving him too much credit an dhe really is just an angry troll
 * med_ wonders where the mythical "containers are better" thread lives....
<pmatulis> med_: ubuntu-doc m/l
<hallyn> med_: in the end I am in fact not a native english speaker, so i do accept that i make mistakes
<hallyn> but basically i only defer to my wife :)  and she agrees with me.  so <boom>
<med_> badabing badaboom
<hallyn> speaking of this, time to check for a response
<med_> serge, what's your birth language?
<hallyn> English :)
<hallyn> and she's a bit of a stickler with it
<pmatulis> hallyn: how does that make you not a native speaker?
<Valduare> hi guys
<hallyn> med_: oh, *mine*.  haha.  french, then dutch.  whic his funny bc i've forgotten all my french
<Valduare> anyone here know much about vpn
<hallyn> Valduare: go ahead and ask your q.  someone her eor in #ubuntu-devel will be able to help, most likely
<Valduare> I have some mk808 devices android sticks i want to have on same network as my ubuntu server
<Valduare> but they are in separate physical locations
<Valduare> so vpn is the way to do that.
<Valduare> looks like there are a lot of different options ie  openVPN and tinc
<Valduare> need someone knowledgable to help walk me through this new world of vpn :P
 * hallyn checks the server guide
<Valduare> wondering what the dif between ipsec and things like openvpn does ssh tuneling?
<hallyn> Valduare: I guess https://help.ubuntu.com/14.04/serverguide/openvpn.html is the place to look
<lordievader> Valduare: The layer at which it happens. Openvpn is application layer.
<patdk-wk> more that just that :)
<patdk-wk> ipsec is strictly a transport thing, it is limited, and that limitation causes people problems (mtu)
<patdk-wk> openvpn works around the mtu issue, so it's normally *easier* to setup and use, but it has it's own built in routing and is not a *standard* thing, so compatability issues can exist
<Valduare> with openVPN i need their app for android or ios or mac or windows to connect to it though
<Valduare> but these devices have built in vpn connectors for other types of vpn servers?
<Valduare> or do I just not worry about going with the built in route and use openVPN
<patdk-wk> how do you expect us to answer that?
<patdk-wk> we are not you
<patdk-wk> going the builtin support is normally better
<patdk-wk> but if you know nothing about ipsec
<patdk-wk> I really would not recommend going down that path
<patdk-wk> unless you REALLY want to learn it
<lordievader> IPsec is good for headaches...
<lordievader> Especially if you are new to it ;)
<teward> ^ that
<Valduare> so then tinc vs openVPN?
<soren> Valduare: openvpn is a point to point sort of thing. tinc is more of a mesh sort of thing.
<Valduare> ah
<Valduare> so openVPN might be whaat im looking for then
<Valduare> i have a webserver app that I want it to see these mk808 android devices as local
<qman__> If you're trying to connect android devices, ipsec is going to be the most practical way; it is a pain, but openvpn requires hacking your rom to install last I checked
<Valduare> hmm ok
<njalk> qman__: openVPN runs fine on my android, stock fw
<qman__> None of my android devices have openvpn support, and the app requires installing libraries manually to add it
<qman__> Not just root
<njalk> hmmm worked out of the box with the openvpn app here
<Valduare> so is openvpn something iâd install on my web server that i want the android devices to connect to
<Valduare> or would i setup a second virtual machien thats dedicated openvpn appliance
<qman__> Generally you'd want a separate server
<njalk> i've got a pi set up as my openvpn server
<qman__> Another vm is fine
<qman__> It doesn't hurt to try it, but in my experience, openvpn on android is generally a no-go
<Valduare> I use a separate vm with smoothwall express 3 as a virtual router to hold my public ip address and then an internal nic for the vmâs under it
<qman__> That was my main motivation to set up ipsec over l2tp
<Valduare> so then one of the vmâs under it is the web server app
<keithzg> qman__: Huh, I've never had issues with OpenVPN on Android.
 * keithzg literally uses it daily, on a variety of (Nexus or Motorola) Android devices.
<qman__> I have a variety of samsung and htc devices, and it has never worked with stock fw or cyanogenmod
<njalk> works fine with my galaxy note 3 and macbook air
<njalk> never had any issues
<qman__> I actually haven't tried on cm11 yet though
<keithzg> qman__: which Android client have you been trying to use? The older one that's still out there definitely was flaky for me.
<Aison> is there a ppa with samba 4.1.13?
<keithzg> https://play.google.com/store/apps/details?id=net.openvpn.openvpn is the one that's worked fine for me.
<qman__> The point, though, is that ipsec / l2tp has native support on all androids, ipads, and windows
<keithzg> Well . . . fair enough I guess. OpenVPN has been super-easy for me for setup (hell, at home my router even has it built in) and if your version of Android is from the last 2 years or so you definitely don't need root.
<qman__> Never used that one
<keithzg> It's just an app you install, you copy over your certs and .ovpn config file and you're done.
<qman__> Ah, no tap support, wouldn't work on my setup anyway, but good to know it exists and has some level of support
<zoraj> only one tiny step from succefull new installation
<zoraj> :\
<zoraj> it wont install grub
<zoraj> wth !
<zoraj> Lilo isn't an option since it seems Xen doesnt work with Lilo
<lordievader> zoraj: It won't install grub... Could you be more descriptive?
<zoraj> it says "Unable to install GRUB in /dev/sda"
<lordievader> zoraj: Gui installer or manually?
<zoraj> I have a hd RAID 0
<zoraj> no gui
<zoraj> terminal ftw
<zoraj> I think I messed up with partition, what I chosed is Use entire hd and LVM
<lordievader> zoraj: Perhaps it is usefull to have a /boot.
<zoraj> what else should I have ?
<zoraj> what are the mandatory ?
<bekks> zoraj: / is mandatory, everything else can be omitted.
<zoraj> so you are saying, better to manually create the partition
<zoraj> coz as I said, I chosed "Use entire disk"
<zoraj> I got / partition
<bekks> zoraj: No one said that manually createing partitions is "better".
<lordievader> It has been my experience that grub + lvm directy to be a drag.
<qman__> Sounds like you might be using fakeraid; if you are, don't
<zoraj> fakeraid ??
<zoraj> I'm installing it on a Dell PowerEdge with 4 HD in RAID 0
<qman__> "Hardware" raid controllers that aren't actually hardware raid controllers, such as onboard ones
<qman__> Linux software raid is in all ways superior to fakeraid, so there's no reason to use it
<zoraj> I am convinced that it's all about how I partionned the whole HD, but I dunno where
<zoraj> second time I install it this evening, and always stucked on grub
<qman__> Linux software raid and a decent HBA is superior to most low and mid range real hardware raid too, you have to spend good money to do better and even then you trade a lot of versatility for a performance edge
<zoraj> well, sound like too advanced for me for now, all I need is setting up my ubuntu server up and running
<hallyn> mdeslaur: now are you pushing any libvirt updates for t or u?
<mdeslaur> hallyn: I did this afternoon
<mdeslaur> hallyn: http://www.ubuntu.com/usn/usn-2404-1/
<hallyn> cool, thanks
<hallyn> shoulda looke dmore closely at the changelog date
<Bilge> How do you stop a service from running at boot if all you can access is the file system?
<cryptodan> what do you mean?
<Bilge> Exactly what I said
<cryptodan> its rather confusing "when you can only access the file system" what does that mean?
#ubuntu-server 2014-11-12
<hggdh> can somebody please fix http://tinyurl.com/p848ya2 (Vagrantcloud, Ubuntu precise states it is 14.04)
<cryptodan> hggdh: whats there to fix?
<hggdh> cryptodan: as far as I can remember, Precise is 12.04, not 14.04.
<cryptodan> may want to contact them for support who ever is hosting that
<hggdh> the actual page: https://vagrantcloud.com/ubuntu/boxes/precise64
<hggdh> cryptodan: yes. They say the text is not theirs
<cryptodan> then whose is it?
<hggdh> Ubuntu...
<cryptodan> doubt it
<teward> cryptodan: this was already discussed on the mailing lists
<teward> hggdh: looks like there's an I:NoFurtherAction statement on it from the ML
<teward> but it's still something we should fix
<teward> s/we should/that should be/
<hggdh> teward: yes indeed, this is why I came here (since most of the cloud folks from my time are usually around)
<teward> ah
<hggdh> (I am completely off cloud and Ubuntu nowadays, so I have no clue on who would deal with that)
<hggdh> anyway. I tried.
<Bilge> I can only access the file system because the disk is mounted under a rescue kernel
<Bilge> So I mean I cannot run any local system commands to recover the system
<Bilge> The point being I must modify files directly instead of running configuration commands
<cryptodan> What services wont start or what services would you like to disable?
<bananapie> Anyone know how big ubuntu's repository is ?
<teward> bananapie: in what context?  Do you mean how much space the entire repository of package(s) is for, say, the repository mirrors?
<bananapie> yes. How big is a repository mirror?
<teward> bananapie: a tiny bit outdated but... https://wiki.ubuntu.com/Mirrors#Releases_Statistics  I'm guessing maybe any individual mirror server that meets the criterion of a mirror (on that page)
<teward> and i'm guessing maybe around that - but I don't know the specifics...
<teward> (this assumes just the repositories, not, say, the cdimage mirrors)
<larzo> It says 642GB for package archives and 37GB for release CD images.
<teward> larzo: then I was wrong. Problem is they don't specify that anywhere.
<teward> but huge :)
<larzo> yup
<teward> bananapie: larzo's got it - 642GB for package archives (which are the repo mirrors)
<bananapie> So, definitely not worth running a local mirror, yes.
<bananapie> yet*
<bananapie> ok
<bananapie> thanks guys :)
<bananapie> I was sure it was less than 50gigabytes
<teward> bananapie: well, that's for a full mirror
<teward> bananapie: if you want to nitpick a specific ubuntu release you can probably do that in a private mirror
<teward> probably even less than that with specific architectures
<teward> but i haven't run a local mirror recently - my server for it asploded, and my priority has been security of my network, recently.
<larzo> https://help.ubuntu.com/community/Debmirror
<bananapie> actually, debmirror might work. I can specify the specific versions I want, I can stick to LTS versions. :)
<Wichali> hello
<LinStatSDR> hi
<lordievader> Good morning.
<jotterbot> For 14.04.1  Ubuntu Server, can someone point me to a reliable guide to install to a RAID1 for boot
<dasjoe> jotterbot: https://help.ubuntu.com/14.04/serverguide/advanced-installation.html
<jotterbot> dasjoe: I saw that, but was following along and I believe instructions do not apply for 14.04.1
<jotterbot> there is mention of options that don't exist
<jotterbot> (thank you though for linking me) :)
<dasjoe> jotterbot: I'm pretty sure they do exist, maybe your debconf priority threshold is set too high. Which install cd are you using? If you're already in the text installer go "back", in the main menu is an option to set your debconf question threshold to "low".
<jotterbot> i'm using 14.04.1 x64 iso
<jotterbot> ubuntu server
<dasjoe> Does your installer look like this? http://i.stack.imgur.com/G5bh1.png
<jotterbot> yep
<jotterbot> I have installed ubuntu server many times with no issues
<jotterbot> I am just trying to configure a software raid 1 for booting
<jotterbot> ...after my supermicro mobo implemented fakeraid
<jotterbot> debconf "low" is indeed very....verbose
<dasjoe> It indeed is, but it should give you an option to manually partition your disks, where you can set up two partitions to be "used for software RAID", after setting this it should guide you to build a mdraid on top of them
<jotterbot> i think my problem is i need an UEFI partition at the start of the disk or soemthing
<jotterbot> when i use guided partitioning the partitions look like:
<jotterbot> http://imgur.com/hWSAD1i
<jotterbot> I'm not quite sure of correct paritions, eg. do i need swap/efi still?
<dasjoe> jotterbot: sorry, I'm not too sure. Haven't done much with EFI or raid1
<jotterbot> dasjoe: no worries mate, I appreciate you taking the effort regardless :)
<dasjoe> jotterbot: I assume you saw this? http://askubuntu.com/questions/355727/how-to-install-ubuntu-server-with-uefi-and-raid1-lvm
<jotterbot> i did, but didn't think it applied as I don't wish to use LVM.
<jotterbot> will reread though as I have just seen the step by step instructions....
<dasjoe> I'm not sure whether that bug is still present, so I'd just create a 512 MB EFIboot on each disk, then a raid1 member after that
<jotterbot> thanks will do
<dasjoe> Good luck, I'll be away for an hour or two
<jotterbot> i wish there was a site that had "the one and only *correct* way to format/partition/setup RAID1 on 14.04.1 for setup x y z"
<LinStatSDR> Does openvswitch-datapath-dkms work with kernel 3.13 now?
<LinStatSDR> having issue with http://fpaste.org/150015/79977614/
<akiva-thinkpad> http://summit.ubuntu.com/uos-1411/meeting/22327/intro-by-michael-hall-keynote-by-rick-spencer/
<akiva-thinkpad> The ubuntu online summit starts in 2 minutes; come join the foray if you are interested
<LinStatSDR> Something with multicast has no group id
<jamespage> zul, gnuoy, coreycb: ovs dkms dies at long last - https://launchpad.net/ubuntu/+source/openvswitch/2.3.0+git20140819-2ubuntu1
<jamespage> we should have probably dropped that last cycle
<zul> jamespage:  you are doing ovs in debian now?
<jamespage> zul, nah
<jamespage> zul, but that is our first merge for some time
<jamespage> zul, it was pretty dead in debian for a while
<jamespage> zul, ben appears to be picking things up again
<zul> jamespage:  ah...ok cool :)
<rene_> Hello
<m_anish> Hi I have an ubuntu-14.04 x64 server and facing a strange issue.
<m_anish> Uptime is going through the roof -- linearly increasing with time. However, I don't see anytihng consuming cpu in top
<m_anish> I also have iotop installed no issues there
<Pici> m_anish: Are you sure you meant uptime there?
<m_anish> Pici, sorry, i meand load averages
<m_anish> Pici, the strange part is.. the server is functional.. I don't see any performance issues
<m_anish> (atleast not consistent with the load averages - currently at 7 in a dual core server)
<zul> jamespage:  just a heads up openstack will be replacing suds with a fork of suds
<bananapie> hello, I am messing with the boot loader ( for the sake of learning more about boot loaders ). The kernel is loaded and the initrd is loaded. I have to manually mount the root file system ( which I have done ). What is the command to run to exit initrd and finish booting the machine ?
<bananapie> Even though I mounted my root filesystem, I still only see initrd stuff in / ...
<bananapie> I'm pretty sure it's the run-init command I need to use
<linocisco> who are using ubuntu server and asterisk for large deployment?
<bananapie> me
<jamespage> zul, \o/ awesome
<adam_g> jamespage, wonder if this addresses the neutron scaling issues you hit: http://lists.openstack.org/pipermail/openstack-dev/2014-November/050171.html
<jamespage> adam_g, yeah - I tried with those - they do help quite a bit
<jamespage> adam_g, I suspect that I should go +1 them with a suitable comment
<adam_g> jamespage, yeah, a case can probably be made for stable if it fixes a performance regression vs adds a performance improvement
<linocisco> bananapie, are u using asterisk on ubuntu server?
<bananapie> yes
<jamespage> adam_g, my comments are in the context of around 12,000 running instances and their associated ports
<jamespage> adam_g, I'll respond on list as well
<bananapie> linocisco, what do you want to know?
<linocisco> bananapie, let me talk somewhere else
<bananapie> pm ?
<linocisco> bananapie, yes
<bananapie> I am trying to boot by ubuntu server without the  'root=....' parameter passed to the kernel. I want to mount the root manually and let the server finish booting afterwards.
<bananapie> do I have to run pivot_root before run-init?
<bananapie> What is the command to start init in Ubuntu ? I tried /sbin/init 3, but it says 'connection refused /com/ubuntu/upstart'
<zul> jamespage:  ok most of the client have been updated + glance-store
<rberg_> Hello all, does anybody know why the cloud-init bug preventing NOPASSWD in sudoers was not fixed in Precise LTS? where the other releases are marked 'fix released' https://bugs.launchpad.net/cloud-init/+bug/1227432
<uvirtbot> Launchpad bug 1227432 in cloud-init "Does not create a NOPASSWD sudoers file" [Medium,Confirmed]
<trelane> is there any documentation or information on Ubuntu Server's market share as compared to say CentOS or RHEL?
<astbis> Hi. I've just installed ubuntu-server trusty and am trying to configure static IP, should be straight forward but it seems there is something i am missing. Ip is configured and ifconfig shows the right data, but can't connect or ping anything.
<sarnold> astbis: do your routing tables look right? check ip route show   output
<astbis> Default route is registered.
<DMRadford> Hello everybody. I'm trying to get a java program to start on boot of an Amazon ec2 instance. I've tried bash scripts in /etc/rc.local as well as /etc/init.d and can't seem to get it to start up. The java file is in /home/ubuntu/ and it references another program in /home/ubuntu/Blender. Any thoughts on how I could get it to auto-start when the instance is launched?
<astbis> So yes it looks right.
<sarnold> astbis: okay, how about the hosts you're trying to ping? do they have properly assigned IPs and correct looking routes?
<astbis> I'm just trying to ping 8.8.8.8 or my local router. But can't access either.
<bekks> DMRadford: Could you give us the pastebin with your shellscript again, please?
<sarnold> DMRadford: oftentimes incorrect PATH assumptions lead to these kinds of problems
<DMRadford> sarnold, I've checked the paths to be correct. If I SSH into the instance and run "java -jar /home/ubuntu/loki.jar /home/ubuntu/Blender/blender" it runs correctly.
<DMRadford> http://paste.debian.net/131486/
<sarnold> DMRadford: wow, that's far simpler than I expected. is this file mode 755?
<bekks> That script will not work.
<DMRadford> sarnold, I'm not positive, I ran 'sudo chmod +x startup.sh'
<DMRadford> bekks, what am I missing?
<bekks> rc.local has no environment, and no PATH variable content. Specify the full path to yout java binary in your script.
<sarnold> bekks: -no- PATH? heh
<sarnold> bekks: thanks :)
<bekks> No path in rc.local :)
<sarnold> damn. I figured it'd have at least /bin:/usr/bin if nothing else..
<DMRadford> Ok, so then what should my script read then? I'm still very very new to this stuff
<sarnold> DMRadford: /usr/bin/java ...
<DMRadford> so after #!/bin/bash, the second line should be: /usr/bin/java -jar /home/ubuntu/loki.jar /home/ubuntu/Blender/blender
<DMRadford> Is that correct?
<bekks> DMRadford: Yes.
<sarnold> right
<DMRadford> Ok. updated startup.sh, chmod 775, moved into /etc/rc.local and rebooting.
<DMRadford> Still isn't appearing to have worked :/
<bekks> DMRadford: Because java needs more environment vars to be set, like JAVA_HOME and stuff.
<DMRadford> I know nothing about this
<sarnold> blech, annoying java
<DMRadford> where do I put those variables and what are they?
<poseidon> Does anybody here know of a guide for installing hhvm on ubuntu 14.10?
<FilthyMacNasty> EHLO serveroids
<bekks> 250 OK
<FilthyMacNasty> SYN
<FilthyMacNasty> is there a way to recover a directory that was in the process of a mv * and the drive space ran out?
<FilthyMacNasty> it shows up red when I ls
<lordievader> FilthyMacNasty: Should still be in the source.
<FilthyMacNasty> the source is a ntfs partition, its My Documents and that space in the directory name is giving me fits
<FilthyMacNasty> and it says it doesnt exist
<cryptodan> you want to try testdisk
<FilthyMacNasty> I'll try anything instead of rekeying a vfw members list
<blistov> Hey all. Between NM and Plymouth, I'm losing my mind. How do I just set my networking up manually?
<blistov> I've manually edited plymouth.conf to skip the sleeps for network config, but I still can't get all my interfaces to come up with correct routing.
<FilthyMacNasty> I ask the same question
<blistov> http://pastebin.com/X1A5CvCs
<blistov> Dual wan emergency remote access box for one of my clients.
<blistov> They've got constant issues with connectivity due to their location, so on top of their primary firewall having redundant WAN connections, I also have this new machine in place to give me access if the firewall cacks out as well.
<blistov> Problem is that NONE of the up/post-up/post-down rules are being applied, and as I'm remote, I can't see why.
<blistov> After killing Plymouths idiotic 2.5minute timeout for networking config so I don't have to wait a goddamn year to just ssh in, p5p1 comes up at 10.0.0.27, and I ssh in via the vpn.
<blistov> From there, if I add those routes, both my WAN nics come up and work as expected. I can ssh to either of them, only one neends to be up to work, and if both are up, I get load balancing (which is just incidental).
<blistov> Why aren't the routes being applied at ifup?
<blistov> i'm starting to lose my mind at the fact that almost all distros are getting less and less stable, and all these little changes dont' seem to be well documented. I've configured network/interfaces THOUSANDS of times and it's not usually rocket surgery, but for whatever reason, since 12 or 13.x, nothign seems to work and i can't find any documentation on what's changed.
<DMRadford> having some trouble with bash scripts. I have startup.sh with some code in /home/ubuntu. From the terminal, if I type "/home/ubuntu/startup.sh" it runs fine. However when I try to run "sudo /home/ubuntu/startup.sh", it just hangs and won't run my script. Any ideas?
<bekks> DMRadford:Try gksudo
<jotterbot> Can someone help me setup raid1 from scratch on ubuntu server 14.04.1
<jotterbot> i have 2 new drives /dev/sda /dev/sdb
<jotterbot> i need help to setup the correct partitions and swap etc
#ubuntu-server 2014-11-13
<codemagician> When I use apt-get upgrade to run PHP with Ubuntu Server 12.04.5 LTS precise I get PHP Version 5.3.10-1ubuntu3.15  The PHP community show that PHP 5.4.34 is the next latest stable version up, followed by 5.5.18 and 5.6.2  Will there likely be an update that takes the PHP version upwards?  If not, what's the best practice for keeping on a stable PHP release with this OS?
<DenBeiren> anyone around to help troubleshoot a samba issue?
<lordievader> Good morning
<DenBeiren> good morning
<lordievader> Hey DenBeiren, how are you?
<DenBeiren> gd gd
<DenBeiren> struggeling with samba :-)
<lordievader> Ugh, samba ;)
<DenBeiren> http://pastie.org/9716044
<DenBeiren> does this seem correct to you?
<lordievader> Line wrap?
<DenBeiren> ?
<DenBeiren> i don't un-derstand
<lordievader> "ever$
<DenBeiren> ah
<lordievader> If it is actually like the paste it's broken ;)
<DenBeiren> http://pastie.org/9716156
<DenBeiren> better?
<DenBeiren> the problem is that users who make a file can save it and see it,.. other users can't open the file
<lordievader> That make sense. Check the file permissions, they are likely $USER:$USER.
<DenBeiren> should be user:group correct
<lordievader> I.e. the 770 is useless.
<lordievader> DenBeiren: Yes but I suppose you want it to be some shared group, but more likely it is just the user's group.
<DenBeiren> i got two groups
<DenBeiren> gebruikers and directie
<DenBeiren> gebruikers should only access the share gebruikers
<DenBeiren> directie should access directie and gebruikers
<lordievader> I understand what you are trying to do, I'm trying to explain what is happening.
<DenBeiren> uhu
 * DenBeiren puts his listeningcap on
<DenBeiren> so comment the four 770 lines?
<lordievader> DenBeiren: That's not what I am saying... Read the backlog.
<DenBeiren> uwnership is root:gebruikers and root:directie
<lordievader> Also for files created by users?
<DenBeiren> http://pastie.org/9716173
<DenBeiren> no files in there so it seems
<lordievader> So create them as some user...
<DenBeiren> i'm afraid i have never done that trough terminal :s
<lordievader> DenBeiren: I need to leave soon, but this will likely be usefull: https://wiki.archlinux.org/index.php/Access_Control_Lists
<lordievader> DenBeiren: That wasn't the objective. Open the smb share through some host, copy/create a file and check with what permissions it is created.
<lordievader> 13-09:54 < DenBeiren> the problem is that users who make a file can save it and see it,.. other users can't open the file
<DenBeiren> ok will do
<DenBeiren> so they "should" be user:group correct
<lordievader> Err, yes. The reason that I used $USER:$USER earliere is that $USER is also a group for just the user $USER.
<DenBeiren> lordievader: when files are created they are under username:username
<DenBeiren> not username:groupname
<neurotus> DenBeiren: not, UID:GID
<neurotus> DenBeiren: by default there is a group created with the same name as the UID has
<DenBeiren> hmm,.. not guite sure where to go from here i'm afraid
<DenBeiren> neurotus: any hints?
<neurotus> DenBeiren: man stat ?
<neurotus> DenBeiren: man umask ?
<neurotus> with sgid u can make the system BSD'ish so u have a "true-group" and not the default linux style uid:gid with the same "names"
<neurotus> info coreutils is also usefull
<neurotus> DenBeiren: http://en.wikipedia.org/wiki/File_system_permissions
<DenBeiren> lots to read :-)
<neurotus> DenBeiren: dont know what filesystem u are using if there is username:username created file :)
<neurotus> literally taken
<neurotus> UID:UID file
<DenBeiren> it's a std install of ubuntu server
<neurotus> DenBeiren: :D
<neurotus> http://en.wikipedia.org/wiki/Umask
<neurotus> DenBeiren: ^^ there is a policy in linux to create a group with the same name as the UID
<neurotus> the GID has the same name as the UID
<neurotus> so user:group is correct, not user:user
<neurotus> the GID is NOT UID
<DenBeiren> uhu
<DenBeiren> so what could be the problem that user a can't access a file that user b created?
<DenBeiren> i'm sorry,.. not that much of a linux expert :(
<neurotus> np
<neurotus> man umask is great place to start
<DenBeiren> still learning on a everydat base :-)
<neurotus> so there are permissions for user:group:others for every file
<neurotus> created...
<DenBeiren> that would be the 770 that i think i need
<neurotus> u want execute flag ?
<neurotus> 666 :)
<neurotus> everyone has then access to read and write that file but not execute
<DenBeiren> it's basically a fileserver
<neurotus> okay, so 444
<DenBeiren> to store pdf, word etc
<DenBeiren> open them, change them and save them
<DenBeiren> so 444 it is?
<neurotus> okay, then 660 so that not *everyone* can change the files but authorized users only, use a general $fileserverusers-group if u trust them
<DenBeiren> we have two groups,.. gebruikers and directie
<neurotus> add them to the group and set the sticky bit
<DenBeiren> would you like me to paste the smb.conf?
<neurotus> havent worked with samba-servers
<neurotus> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
<neurotus> lots to read
<neurotus> dont have the time
<DenBeiren> again,.. more & more to read :-)
<neurotus> https://help.ubuntu.com/12.04/serverguide/samba-fileserver.html
<neurotus> there's a quick one
<neurotus> DenBeiren: i'm going for a cig
<neurotus> DenBeiren: but u can paste the smb.conf in pastebin
<DenBeiren> same here,..
<DenBeiren> AND a coffee,.. seems like i'll need it
<neurotus> i like to study
<DenBeiren> neurotus: http://pastie.org/9716156
<neurotus> https://www.liberiangeek.net/2014/07/ubuntu-tips-create-samba-file-server-ubuntu-14-04/
<neurotus> in the end there is a quick guide to create a secure share
<neurotus> DenBeiren: maybe apparmor would do the task if not a generic group is not enough
<neurotus> https://help.ubuntu.com/12.04/serverguide/samba-fileprint-security.html
<neurotus> DenBeiren: dont know what have happened with win8 and win7 clients and samba thou
<neurotus> if u use a workgroup
<neurotus> if just a a share then the liberiantgeek.net guide is enough. not sure thou
<neurotus> DenBeiren: u have added the users with smbpasswd ?
<neurotus> and created that group ?
<neurotus> security = user: requires clients to supply a username and password to connect to shares. Samba user accounts are separate from system accounts, but the libpam-smbpass package will sync system users and passwords with the Samba user database.
<neurotus> Security = User
<neurotus> This section will reconfigure the Samba file and print server, from Samba File Server and Samba Print Server, to require authentication.
<neurotus> First, install the libpam-smbpass package which will sync the system users to the Samba user database:
<neurotus> sudo apt-get install libpam-smbpass
<DenBeiren> i think i did,.. but will run over it again to be sure
<neurotus> http://pastebin.com/k8bZEj5L
<neurotus> i would do it according to that guide
<neurotus> dont have any knowledge on this subject in practice
<neurotus> and remember to use the smb.conf syntax check
<neurotus> for any errors in config
<lordievader> DenBeiren: As I figured ;)
<mdeslaur> hallyn: ok, qemu pushed to vivid, I'm done with qemu and libvirt for now
<hallyn> ok, thanks.  probably won't have time to do srus today, but will do qemu srus next week
<tych0> hi rbasak, when i try to symlink /var/lib/uvtool to some other partition (my root partition isn't that big), when i start a vm i get: http://paste.ubuntu.com/8988707/
<rbasak> tych0: I've noticed some issues around symlinking like that. Definitely a bug, but I need to investigate in more detail
<tych0> rbasak: ok, cool
<tych0> as long as its on your radar :)
<rbasak> tych0: bug 1289784 is what I have. Yours sounds a little different.
<uvirtbot> Launchpad bug 1289784 in uvtool "uvt-simplestreams-libvirt crashes if /var/lib/uvtool is a symlink" [Medium,New] https://launchpad.net/bugs/1289784
<tych0> rbasak: yeah, i've found in past releases it was best to start with an empty pool as a symlink
<tych0> rbasak: i had stuff like that in the past
<tych0> rbasak: i was running with a symlink successfuly on trusty, though
<rbasak> tych0: I haven't really looked at uvtool in a cycle now :-/
<tych0> ah
<tych0> any ideas what this might be? i tried chmodding things to various perms and got nowhere
<tych0> i suspect it probably isn't a permissions error, but something else entirely
<rbasak> Check with virsh that it's not a libvirt issue.
<rbasak> The domain XML and volume definitions should be sane.
<tych0> yeah, they looked reasonable
<rbasak> There's a little bit of an issue with the "key" of a volume in libvirt and its interaction with uvtool.
<tych0> i don't have them now, i had to resize my / because i need to get work done :(
<rbasak> A workaround might be to change libvirt's volume pool definition to point to the destination of the symlink.
<tych0> rbasak: yeah, i tried that too, and got other errors
<tych0> rbasak: a bandaid woudl be a --pool argument to uvtool
<tych0> so that we could tell it to use alternate pools
<tych0> not sure if that's easier than debugging what's there or not
<rbasak> AFAIK, uvtool doesn't hardcode /var/lib/uvtool/libvirt/images anywhere. Only metadata/ which should be unaffected.
<rbasak> So if the volume pool as libvirt knows it is somewhere else, I think it should be fine.
<rbasak> (in theory - obviously it isn't)
<rbasak> There's also AppArmor to consider. Any denials logged?
<tych0> rbasak: IMAGE_DIR = '/var/lib/uvtool/libvirt/images/' # must end in '/'; see use
<rbasak> Oh.
<rbasak> Maybe not.
<tych0> in uvt.simplestreams.libvirt
<tych0> er
<tych0> uvt.libvirt.simplestreams
<tych0> but that should be ok, i think?
<tych0> all that does is sync the simplestreams stuff
<tych0> i haven't looked very close, though
<tych0> rbasak: my /var/log/apparmor is empty
<tych0> rbasak: is there somewhere better to look?
<rbasak> dmeseg maybe
<tych0> bingo,
<tych0> [1537128.652964] audit: type=1400 audit(1415891484.649:322): apparmor="DENIED" operation="open" profile="libvirt-bcd89ed7-59dd-4cef-8d83-a7742af50457" name="/dl/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTQuMTA6YW1kNjQgMjAxNDEwMjIuMw==" pid=30056 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=124 ouid=124
<rbasak> Ah. IMAGE_DIR happened because I couldn't find a suitable API function.
<rbasak> I think that needs to reflect how libvirt sees it and returns volume keys
<tych0> rbasak: any thoughts on what the right fix is? :)
<rbasak> tych0: edit /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
<tych0> ah ha
 * tych0 goes off to try
<rbasak> I can't remember how you reload an AppArmor profile, but you'll need to do that.
<rbasak> apparmor_parser <something>
<rbasak> apparmor_parser -r < /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper  # maybe
<tych0> rbasak: ok, cool thanks
<jpds> rbasak: Without the <.
<rbasak> jpds: my manpage says it takes stdin by default?
<tych0> rbasak: \
<tych0> o/
<tych0> it works
<tych0> thanks!
<tych0> (and it is without the <, or at least, that's what i did)
<The_Tick> what is dns-clean? is it really just to clean up dns entries for a dialup connection?
<pot8to> Hi i need some help with netatalk on my raspberry pi. I have a 3TB seagate USB drive connected but i cannot seem to get it mounted so i can access it remotely
<sarnold> where's the problem? getting the drive mounted? or getting netatalk to share something so huge? or getting netatalk to share something at all?
<pot8to> I guess all of the above
<pot8to> http://pastebin.com/JieuQp6b
<sarnold> pot8to: yikes, 3tb as vfat??
<sarnold> pot8to: (a) does that work (b) does that actually work? (c) I can't believe that works :) hehe
<sarnold> pot8to: can you actually manipulate files in /mnt and have some proof that they are on the drive you think they're on? that just seems so .. unlikely.
<shauno> it should work, with 32kb clusters fat32 maxes at ~8TB.  It doesn't sound like a particularly good idea though.  (especially on a machine like a pi, which is very prone to hard shutdowns, I'd prefer a journalled fs)
<sarnold> I haven't had any success with any FAT-based filesystem beyond two gigabytes.
<ogra_> yeah, 3TB isnt a prob technically ...
<ogra_> but fat cant manage files greater than 4G ... so forget about these HD movies you wanted to serve ;)
<pot8to> I forgot to mention that it is formatted as Mac OS Journaled
<pot8to> im trying to use it as a file server and time machine for my mac
<sarnold> are you sure about that? mount thinks it's vfat.
<pot8to> Yes because I was using it as a time machine backup disk and file storage about 1 hr ago
#ubuntu-server 2014-11-14
<xnc> hello, is there anybody here that know where i can get a description of every process that comees with ubuntu
<abhishek> data in nfs storage corrupt saveral times . Can u please tell why this happens over nfs
<lordievader> Good morning.
<abhishek> data in nfs storage corrupted saveral times . Can u please tell why this happened over nfs
<lordievader> abhishek: Without any details?
<abhishek> yes I am pasting my export  file
<lordievader> I'm more interested in the network setup you are running.
<abhishek> DATA   192.168.20.131(rw,sync,no_subtree_check,no_root_squash)
<abhishek> #lordievader
<abhishek> please tell what information u required
<abhishek> I have done simple installation of nfs
<lordievader> abhishek: I'd like to know your network setup.
<lordievader> From what to what do you see corruption, how are those machines interconnected, etc.
<abhishek> DATA is san volume which is multiparted into host server and via nfs it is mounted over our production servers
<abhishek> that's simple .
<lordievader> Does everything corrupt or only sometimes?
<abhishek> some data corrupts but not all
<abhishek> I don't know when it happens
<abhishek> I heard this problem first time . I have absolutely no clue ..
<abhishek> even logs are not giving any clues
<lordievader> Hmm, I'd be interested if sshfs or someother matter of sharing the files corrupts too.
<abhishek> what sshfs does
<lordievader> The same, but uses ssh instead of nfs.
<abhishek> is it internally called in nfs service /code
<abhishek> we didn't use sshfs
<ManOFIsland> list
<VSpike> If I've ended up with a package from a PPA ( libmysqlclient16 1:5.1.73-rel14.12-624.lucid from Percona repo ) how can i force it to be replaced with the one from the ubuntu repos? I've removed the PPA and done apt-get update
<lordievader> VSpike: ppapurge ;)
<VSpike> lordievader: I'm not sure that's available in Lucid, is it?
<lordievader> Hmm, that would be a bummer.
<VSpike> If I remove it, apt-get update, and install it, will that do it?
<lordievader> !info ppapurge lucid
<ubottu> Package ppapurge does not exist in lucid
<VSpike> Isn't it ppa-purge ?
<lordievader> !info ppa---purge lucid
<ubottu> Package ppa---purge does not exist in lucid
<lordievader> !info ppa-purge lucid
<ubottu> Package ppa-purge does not exist in lucid
<lordievader> VSpike: Looks like you are right... :(
<VSpike> I downloaded and dpkg -i the deb from ubuntu package search
<VSpike> that's fixed it :)
<VSpike> Thanks!
<lordievader> VSpike: What is the output of 'apt-cache policy libmysqlclient16'?
<HoloIRCUser4> hi
<lordievader> o/
<Ameurux> hi
<ElysiumNet> it appears I have come across this dreaded error: Server refused to allocate pty. stdin: is not a tty. I used to be able to SSH into my box with putty or the ssh command without problems beforehand. Anyone got any hints on how to fix this if the only method I can still access my server is through SFTP over SSH?
<Vladislav> I setup media wiki but when somebody else tries to login they have to write ip/mediawiki/index.php/Main_Page is it possible to change only to ip/mediawiki
<Vladimir_> get this error. /etc/bind/named.conf.default-zones:5: expected quoted string near 'âfile.mail.mydomain.comâ'
<Vladimir_> when trying to config bind9
<Vladimir_> it fails to start bind9 that is
<gbkersey> Vladimir_: paste the conf and I'll try to tell you where the syntax error is.
<Vladimir_> gbkersey:  this is the default-zones file: http://pastebin.com/ZxP1XaLd
<Vladimir_>  gbkersey this is the named.conf it just kinda redirects where the other named.conf. files are
<Vladimir_> http://pastebin.com/vcKt1uVc
<gbkersey> Vladimir_: the quotes around mail.mydomain.com are â not "  (they are not the normal quote character).
<Vladimir_> oh ok
<Vladimir_> so I have to use
<Vladimir_> '
<Vladimir_> not "
<Vladimir_> it works!
<Vladimir_> :D
<Vladimir_> thanks man!
<gbkersey> Vladimir_: no problem...
<Azaril> Does anyone know of a convention on when to use which system user?
<tero>  does ubuntu has anything similiar to "system restore"? I have 12.04 server installed and I have a lot of setting confs and a lot of stuff changed. How do I know that everything will work if I upgrade? and how can i get to previous version if something does not work? and should I even upgrade?
<sarkis> hey all -is there a good reference for checking 12.04 -> 14.04 via do-release
<sarkis> see if there are any issues?
<balloons> sarkis, upgrade tests are useful. lts to lts is a common path
<esde> How can I install OpenVPN >2.3.2 on ubuntu server 14.04? I've found some instructions to build from tar ball, but those steps don't include installing openvpn as a service. Are there any PPA's or other repos hosting debian packages for OpenVPN >2.3.2? Since OpenVPN has yet to step up to the plate and offer a proper repo like they've done with older ubuntu distros....
<esde> With the crusty old build in Trusty Tahr, SSL3.0 is compulsory
<nunizacu> https://launchpad.net/~pmjdebruijn/+archive/ubuntu/openvpn-testing
<nunizacu> esde - here you go
<esde> thank you sir
<keithzg> Hrmmm, on the new main fileserver at my work I can see the used space of the drives in the BTRFS pool with "btrfs filesystem show", but "btrfs filesystem df" gives me "btrfs ERROR: couldn't get space info - Inappropriate ioctl for device ERROR: get_df failed Inappropriate ioctl for device"
<sarnold> keithzg: is that a mismatched btrfs userspace tools vs kernel module?
<keithzg> sarnold: Hmm, perhaps, the server *has* been up for 205 days and I've updated in the meantime like a good sysadmin, but refused to reboot because it would erase my uptime and, as aforementioned, I am a sysadmin ;)
<sarnold> keithzg: haha :)
<sarnold> keithzg: it might be worth popping into a btrfs irc channel first, that's just a guess on my part. maybe check dmesg? they might warn about a mismatch there if they can detect it.
<keithzg> sarnold: nothing stands out to me in dmesg, I'll pop over to #btrfs and ask to make sure but I do suspect you're right. I'll reboot the server once everyone's gone home for the day :)
<sarnold> :)
<keithzg> sarnold: turns out I was just being silly and using a device path rather than the mountpoint, which silently interpreted what I *should* have used with "filesytem show" but not with "filesystem df", oops!
<esde> I've got openvpn 2.3.5 installed from source on 14.04, and i can run openvpn with "openvpn". but when i run sudo service openvpn status i get "openvpn: unrecognized service". How can i install openvpn as a service?
<lordievader> esde: I don't think it provides an upstart script, but I suppose one can write one simple enough.
<gbkersey> esde: take /etc/init.d/openvpn from the old package
<esde> thank you :D
<esde> it's not included in the tarball, copying from the old version now and appending my notes :)
<gbkersey> esde: you'll want to modify the filespec for the DAEMON
<sarnold> esde: check the sources for an upstart or sysvinit file; drop an upstart configuration file into /etc/init/ or the sysvinit file into /etc/init.d/ and make the appropriate symlinks into the rc*.d directories
<esde> I took /etc/init.d/openvpn from the old package, and created the same file on the new machine and edited the DAEMON to reflect the path to openvpn and placed it in /etc/init.d/. I'm having a hard time finding information about how to make the appropriate symlinks into the rc*.d directories. :/
<sarnold> esde: the update-rc.d script can help, though it's also a bit annoying. :)
<esde> sarnold, gbkersey just want to take a moment to thank you both for your help. I was almost completely lost when I asked my question, but by the help you both provided, I was able to figure out what steps I needed to take to achieve my goal. I truly appreciate your help.
<gbkersey> esde: you are very welcome...
<esde> Freenode needs a Random Act of Beer bot lol
<sarnold> esde: great! thanks for the report back :)
<sarnold> mmmm. beer.
#ubuntu-server 2014-11-15
<ubuntuaddicted> hello, i'm trying to get this minecraft launch script to work but i see can not make directory /var/run/screen while the server is booting. how can i fix this? the script is first starting a screen as a certain user and then launching minecraft as a certain user but i guess that user doesn't ahve permission to create a screen session?
<mardraum> I think your script is for a different OS/distro?
<ubuntuaddicted> mardraum, what do you mean? it's a init script.
<teward> ubuntuaddicted: the "script" you've specified is not known to us, and likely is for a different OS / distro... is the code publicly online somewhere?
<qman> this is the one you should be using, if you aren't already: https://github.com/sandain/MinecraftServerControlScript
<qman> that aside, does screen work normally when you attempt to use it?
<ubuntuaddicted> teward, one moment, getting it uploaded to pastebin
<ubuntuaddicted> yes, I can issue sudo service minecraft start and the service starts up just fine
<qman> that's not what I'm asking; can you run 'screen'?
<ubuntuaddicted> it creates a screen session using user minecraft and it then launches minecraft from that screen session
<ubuntuaddicted> qman, no, user minecraft can't run screen.
<qman> ubuntuaddicted: what's the error message?
<ubuntuaddicted> qman, it returns Cannot open your terminal '/dev/pts/4' - please check
<LinStatSDR> -_-
<ubuntuaddicted> i'm guessing because user minecraft can't write to the /dev/pts folder?
<mardraum> somebody else owns pts/4
<qman> no, you can't use screen after switching users
<teward> what qman said
<qman> you have to log in as a user, then run screen
<qman> the exception being root since root has all the permission needed
<ubuntuaddicted> hmmm, here's the script i'm attempting to use: http://paste.ubuntu.com/9016691/
<ubuntuaddicted> qman, how would a script like this work then?
<qman> ubuntuaddicted: to be clear, this limitation only applies to the client session portion
<qman> ubuntuaddicted: you can launch a detached screen after switching users
<qman> you just can't attach to one
<ubuntuaddicted> qman, not sure i follow but that's not important. :)  so is this minecraft script ok to use?  do i just need to add the minecraft user to the group root so he has write permissions on /dev/pts?
<teward> NEVER add a non-root user to the root group
<qman> no, absolutely do not do that
<teward> NEVER NEVER NEVER IN A BILLION YEARS
<teward> that opens you up to hell
<qman> what I need you to check is whether or not you can run screen properly, so log into your server as any user and run 'screen', without switching users via su or sudo
<qman> it's not important who, all users that can log in should be able to do it
<ubuntuaddicted> qman, i can run screen as my normal user yes.
<qman> ok
<qman> so the most likely cause of your error is that your init script is running before /var/run is available
<ubuntuaddicted> qman, it's only after I switch to the minecraft user and try to run screen that it gives that error from above
<ubuntuaddicted> qman, i'm not sure how to fix that
<LinStatSDR> Sounds like a frame issue
<qman> the 'right' way is to adjust the start event settings to something that happens later or the specific event needed
<qman> the hacky way is to make it sleep before starting
<LinStatSDR> I dislike that word, "hacky"
<qman> another solution would be to have the init script wait until /var/run is available in the start process
<LinStatSDR> You mean modification to the code
<Patrickdk>    no, fixing the code :)
<qman> no, I mean hacky
<qman> as in would work, but not well thought out or robust
<LinStatSDR> We don't refer to fixing code as hacking qman in here.
<qman> I'm not
<qman> you clearly misunderstand
<LinStatSDR> hacky?
 * LinStatSDR scratches head
<ubuntuaddicted> it's interesting that the script needs adjusting. i believe others use it with ubuntu so not sure why it doesn't work for me
<qman> to put it another way, it's a dirty hack
<qman> jury-rigged, etc
<LinStatSDR> That's better.
<qman> no, they're equally accurate
<LinStatSDR> I understand you're simply trying to fix the code you're having a problem with.
<LinStatSDR> qman, guidelines thats why
<LinStatSDR> Should poke at them
<qman> I could not care less; my statement was accurate and has nothing at all to do with "hacking"
<LinStatSDR> It's the wording.
<Patrickdk> what is wrong with the wording?
<qman> nothing
<Patrickdk> there is nothing wrong with hacking
<Patrickdk> it's perfectly legal
 * LinStatSDR pokes his own eye
<LinStatSDR> ouch brbn
<Patrickdk> or are you confusing hacking with cracking?
<LinStatSDR> Neither.
<LinStatSDR> Hacking is by nature malicious, where as penetration testing is not.
<qman> ubuntuaddicted: regardless of that, the script may work in some cases and not others due to a race condition; upstart is not linear and therefore sometimes things happen in a different order depending on your system and tons of other situational things
<LinStatSDR> Same thing with that.
<LinStatSDR> I agree qman
<Patrickdk> hacking is not malicious
<qman> hacking isn ot malicious
<LinStatSDR> It's called penetration testing if it isn't
<Patrickdk> no
<Patrickdk> you can hack on your car, projects
<qman> ubuntuaddicted: all that means is, the script's start requirements are not completely accurate to what the script actually needs in order to function
<Patrickdk> nothign to do with computers
<LinStatSDR> anyway
<qman> ubuntuaddicted: the fix is adjusting that properly, I'm not sure what specific upstart event is going to work best here
<ubuntuaddicted> qman, ok, what's the easiast solution? lol
<Patrickdk> and do tell me that hackathons are penetration tests, and are malicious
<LinStatSDR> That's under different conditions
<Patrickdk> heh? no it's not
<qman> ubuntuaddicted: I'm going to suggest adding $network to Required-Start and Required-Stop, and removing the Should-Start and Should-Stop lines, like this: http://paste.ubuntu.com/9016881/
<ubuntuaddicted> isn't there an off topic channel? :)
<LinStatSDR> can we change subjects
<LinStatSDR> I'm in that channel...
<LinStatSDR> already
<qman> ubuntuaddicted: $network is one of the slower to start events in most cases so it may fix it, if not, you'll have to find another event to base your start condition upon
<LinStatSDR> does this support java, could spin up a socket json rq
<LinStatSDR> may be quicker if it's sluggish starting
<ubuntuaddicted> qman, ok, i made those adjustments and will restart the server. hopefully minecraft starts this time
<LinStatSDR> I hope so :D
<ubuntuaddicted> qman, ok, i briefly saw soemthing about permission denied
<qman> ubuntuaddicted: less /var/log/syslog
<ubuntuaddicted> the screen session isn't there and minecraft isn't running
<qman> ubuntuaddicted: then press shift+G to go to the end, and scroll up until you see it
<ubuntuaddicted> qman, hmmm, looking at syslog i only see this: dbus[1084]: [system] Activated service 'org.freedesktop.login1' failed: Cannot launch daemon, file not found or permissions invalid
<qman> ok, that shouldn't have anything to do with this
<ubuntuaddicted> where else would it get logged to? in dmesg?
<qman> ubuntuaddicted: within less, type /minecraft
<qman> see if it finds anything
<qman> the forward slash is the search command
<ubuntuaddicted> nothing
<qman> when you installed this, did you update-rc.d?
<ubuntuaddicted> qman, yes
<qman> sudo update-rc.d minecraft defaults; sudo update-rc.d minecraft enable
<qman> if you did, it should have put something into syslog
<ubuntuaddicted> qman, ok defaults said it already existed but when I ran enable it returned a bunch of stuff. i just restarted again. we'll see
<qman> ok
<ubuntuaddicted> cannot make directory /var/run/screen permission denied
<ubuntuaddicted> qman, is this solution acceptable? https://github.com/superjamie/minecraft-init-script/issues/26
<qman> ubuntuaddicted: I found bug 574773
<uvirtbot> Launchpad bug 574773 in screen "Cannot make directory '/var/run/screen': Permission denied (convert init to upstart)" [Medium,Fix released] https://launchpad.net/bugs/574773
<ubuntuaddicted> qman, looks like we both found similar solutions/bugs
<qman> try this modification: http://paste.ubuntu.com/9017190/  note line 8
<ubuntuaddicted> qman, so the one link at github suggests one thing while the bug you linked to i am not sure what to do to get my script to work. can you help me understand
<ubuntuaddicted> qman, ok, thank you. will incorporate and try
<ubuntuaddicted> qman, wait, doesn't it say something about BEFORE the cd \"$MCPATH\
<qman> ubuntuaddicted: before or after should not matter in this case
<ubuntuaddicted> qman, looks like you added something to the script after that line instead of before it
<ubuntuaddicted> qman, oh ok
<qman> ubuntuaddicted: the key here is that before it tries to run screen, it runs the screen-cleanup
<ubuntuaddicted> qman, so line 8 is the only addition?
<qman> yes
<ubuntuaddicted> qman, THANK YOU! that did it
<ubuntuaddicted> qman, i can't believe it's been a bug since back in 2010
<qman> glad it worked
<ubuntuaddicted> qman, onto the next issue. :)
<qman> race conditions like this are the biggest problem with modern init systems
<ubuntuaddicted> qman, i have a custom compiled nginx server installed and the init script for that isn't working. so my ubuntu doesn't think it's installed since i compiled and installed it myself
<qman> stick to distribution packages whenever possible
<ubuntuaddicted> qman, the reason i compiled it myself is because it needed to be compiled with the rtmp module. so how to get it to auto-run when the server starts?
<nunizacu> isnt it easier to apt-get source and then repackage? just asking, i just screen -r
<ubuntuaddicted> here's the init script http://paste.ubuntu.com/9017449/
<ubuntuaddicted> nunizacu, sorry, are you talking to me?
<nunizacu> i just trying to get what what are you talking bout
<nunizacu> dont take it offensife
<nunizacu> i didnt sleep for 24h, im talking 7'th antibiotics in 2 months and barely think
<nunizacu> and yet for last 24h i'm fighting to fully ipv6ize openstack
<ubuntuaddicted> nunizacu, we were trying to get a script to start that was launching screen but it couldn't due to a bug in screen cleanup or something like that BUT qman fixed my script for me
<nunizacu> brb
<nunizacu> well, to get to the point i would need more data, and thou im couirours im happy you did it
<nunizacu> btw. you guys use ubuntu all the time, im forced becouse of raid+lvm
<nunizacu> is there a way to recompile whole packages with own flags?
<nunizacu> i need it for quite big project
<nunizacu> and i'm sick of kpartx on pdc to get unknown partitions and integrate it into ininitrd
<nunizacu> enough i made openstack gentoo and bsd 9 and 10 cloud img
<nunizacu> just brb ok
<LinStatSDR> oookay
<nunizacu> i need to change host
<ubuntuaddicted> so looking at the nginx script, i don't see where the definition of the command's location is?
<LinStatSDR> man -
<LinStatSDR> oh read that wrong
<LinStatSDR> my fault wow
<LinStatSDR> Forgive me ubuntuaddicted
<ubuntuaddicted> how do i get nginx to launch when the server starts IF i had to compile and install nginx myself? the guide I followed installed it to /usr/local/bin/nginx
<teward> ubuntuaddicted: using some third-party plugins not included in nginx-extras or something?
<ubuntuaddicted> teward, i believe so correct. i don't think the nginx-extras has the rtmp module does it?
<teward> right.
<teward> just checking :)
<nunizacu> man, changeing revs takes a while
<nunizacu> and add sasl auth
<nunizacu> i tought about ssl cert + rsa but i have 8192 rsa
<ubuntuaddicted> teward, does it include rtmp module or no?
<nunizacu> ubuntuaddicted: what troubles you?
<nunizacu> ubuntuaddicted: i did many wierd hacks on ubuntu
<cryptodan> ubuntuaddicted: https://packages.debian.org/sid/nginx-extras
<ubuntuaddicted> cryptodan, nope, rtmp is not there
<nunizacu> w8 few minutes ill cook something for you
<ubuntuaddicted> if anyone can help me get the nginx init script to start my nginx install properly i would appreciate it.  here's the init script http://paste.ubuntu.com/9017449/
<nunizacu> you want script, module or whole package ?
<cryptodan> https://github.com/arut/nginx-rtmp-module/wiki/Installing-on-Ubuntu-using-PPAs
<nunizacu> thats what im doing
<nunizacu> give a link when compiles
<cryptodan> I found this one https://launchpad.net/~mcfletch/+archive/ubuntu/nginx-rtmp
<ubuntuaddicted> cryptodan, that's only available for 12.04.
<ubuntuaddicted> cryptodan, thank you for trying though. i just want to know how to edit the init script so it looks in /usr/local/bin/nginx instead of the normal nginx location
<nunizacu> you want all modules or only thios?
<nunizacu> paste the script while i bake your new nginx
<nunizacu> and tell me what modules you want, all, rwhatever or everything
<ubuntuaddicted> nunizacu, i already have nginx compiled and installed, thanks though
<ubuntuaddicted> i've linked the init script several times
<nunizacu> but not with everyting
<nunizacu> and i have to recompile so you have what you want
<nunizacu> and i was away when you posted your iniit
<nunizacu> but hey, if you dont want help i got enoguth to do
<nunizacu> even being kind is wierd on irc
<cryptodan> id try the module from 12.04 but thats just me
<ubuntuaddicted> nunizacu, i don't want you to compile me nginx, i already haev it installed
<ubuntuaddicted> nunizacu, thanks anyway
<nunizacu> whatever i just finishing it with every module + one you wanted
<nunizacu> nginx in apt-get doesnt have every module enabled
<ubuntuaddicted> nunizacu, exactly why i'm not using that nginx
<nunizacu> that's why i was asking what modules except that missing you need
<nunizacu> you cant add that module without recomompile
<nunizacu> i dont understand you, you want some module, someone is making it for you then you dont need it, just wasting time
<nunizacu> but as i started i'll fininish
<nunizacu> omg, i didnt slept for 30 hours
<nunizacu> and if you have problem with init screen paste it or do it yourself, i wont ask you for helping you
<nunizacu> http://[2001:5c0:1508:c800::1]nginx_1.4.6-1ubuntu3.1_all.deb
<ubuntuaddicted> nunizacu, i didn't say i needed nginx with the rtmp module, you clearly didn't read what I asked for.
<ubuntuaddicted> nunizacu, the only person wasting their time is you because you failed to read what I wrote several time
<nunizacu> i said i didint slept 30h straight
<nunizacu> and i could get any kind of communication
<nunizacu> man, i kindly asked whats the problem
<nunizacu> now i know why came to irc one every few years
<ubuntuaddicted> nunizacu, for the 4th time, i would like nginx to start when the server starts. i have an init script that i linked which is not auto starting when the server starts. how do i get nginx to start when I launch the server
<nunizacu> so just drop it to /etc/init.d ?
<nunizacu> then set what runlevel should it start and stop
<nunizacu> init.d scripts are quite easy, you can just copy any and fit to your needs
<nunizacu> or maybe w8
<ubuntuaddicted> nunizacu, it's already in /etc/init.d/
<ubuntuaddicted> nunizacu, as i've stated already, it's an init script. how do i get it to find my nginx installation which is in /usr/local/bin/nginx
<nunizacu> edit the script?
<nunizacu> replace DAEMON=/usr/sbin/nginx with DAEMON=/usr/local/bin/nginx
<nunizacu> then sudo restart nginx
<nunizacu> should start at bootup
<ubuntuaddicted> nunizacu, i don't see that DAEMON line within my script. hmmm
<nunizacu> i just installed nginx on my ubu box and i had it in my script
<nunizacu> maybe paste me that script, i will change it so it works and paste it back
<ubuntuaddicted> nunizacu, http://paste.ubuntu.com/9017449/
<ubuntuaddicted> nunizacu, i guess i'm not sure why it's not starting by default. i used update-rc.d defaults OHHHHH but maybe I didn't enable it
<cryptodan> update-rc.d requires 2 things the service name and the action you want
<ubuntuaddicted> nunizacu, and I jsut realized that sudo service nginx stop says it's already stopped BUT it's still running. hmmmm. it's like the nginx scripts I have in /etc/init.d/  aren't linked to the nginx i have installed at /usr/local/bin  and /usr/local/nginx/
<nunizacu> replace DAEMON="${DAEMON##* }" with DAEMON=/usr/local/bin/nginx
<nunizacu> line 88
<ubuntuaddicted> nunizacu, will that fix it also for stopping the service?
<nunizacu> yes
<nunizacu> but messing with update-rc.d wasnt brightest idea
<nunizacu> for init.d user /etc/init.d/ngnix stop
<nunizacu> or sudo stop ngnix
<cryptodan> ubuntuaddicted: whats the result of ps auxww | grep ngnix
<nunizacu> pgrep ngnix is faster
<nunizacu> first pgrep ngnix, killall -9 every number , then start, then stop, then pgrep again
<nunizacu> you will see if stop is working
<nunizacu> it should
<nunizacu> maybe you just started more than one instance
<ubuntuaddicted> nunizacu, ok, sudo service nginx start seems to work. it starts up BUT sudo service nginx stop does not stop it.
<ubuntuaddicted> nunizacu, it returns * nginx already stopped  BUT ps aux | grep nginx still shows it running.  So the init script I linked which we edited is still not working correctly apparently
<cryptodan> ubuntuaddicted: whats the path?
<ubuntuaddicted> cryptodan, path to what?  if i type in which nginx it returns /usr/local/bin/nginx
<ubuntuaddicted> cryptodan, i need reboot the system i'm on. i'll be right back
<cryptodan> whats the path via ps command
<ubuntuaddicted> cryptodan, same thing
<nunizacu> it may not stop i said try sudo /etc/init.d/ngnix stop
<ubuntuaddicted> cryptodan, ps shows nginx: master process /usr/local/bin/nginx
<cryptodan> is that the correct spelling?
<ubuntuaddicted> cryptodan, that's by user root and there's another process running as user nobody which is just nginx: worker process
<nunizacu> it would be better to rewrite it to start-stop-daemon
<ubuntuaddicted> nunizacu, the script i linked is suppose to do that. ;)
<ubuntuaddicted> i'll be right back
<nunizacu> why i'm so unlucky today
<nunizacu> guy with nick ubu the tech guru who dont know bash
<linuxmint> Hello, I'm setting up RAID MDADM for the 1st time. I believe I need to add Terminal commands, so should I install a Linux OS, as my blank HDDs are not betting yet. Just the BIOS.
<nunizacu> run ubuntu install and do it during install
<ubuntuaddicted> nunizacu, cryptodan i'm back
<nunizacu> 14.04 even recognizes fakeraid
<cryptodan> linuxmint: are you running linuxmint?
<linuxmint> cryptodan, I haven't installed an OS yet. I'm going to run Proxmox, so I thought I'd try the best RAID, RAID10?
<nunizacu> promox is fakeraid
<nunizacu> configure in bios and install on it anything
<LinStatSDR> I prefer non-software raid but.
<nunizacu> like 14.04 if you dont want to mess with kpartx
<nunizacu> dunno if mint also has it already
<nunizacu> before that i had to manualy do scripts to recognize fakeraid and lvm on it
<linuxmint> nunizacu, I think the MOBO BIOS has a RAID option, so I'll try that then.
<LinStatSDR> yeah, bad script could hose the system
<nunizacu> well, its not that bad
<nunizacu> you can always boot from recovery cd and fix it
<nunizacu> most of the time
<nunizacu> if it is proxmox bios almost for sure has raid option
<nunizacu> but how you set it up is mobo dependend
<nunizacu> i have mobo where it takes 20 minutes to open fakeraid menu
<ubuntuaddicted> can someone help me get this script working with nginx that's installed within /usr/local/bin/nginx please? http://paste.ubuntu.com/9017449/
<nunizacu> you messed up update-rc.d
<nunizacu> it may not start automagicly
<nunizacu> tried sudo start ngnix ?
<cryptodan> look at the spelling
<ubuntuaddicted> nunizacu, not sure what you mean by messed update-rc.d. all I did was sudo update-rc.d nginx defaults and sudo update-rc.d nginx enable
<cryptodan> nginx
<nunizacu> i have 11 terminals open and more than 30 hours on foot, i can mess words
<ubuntuaddicted> cryptodan, that's what I have, earlier when I put ngnix that was the typo.
<cryptodan> no in the script
<ubuntuaddicted> cryptodan, here's the script http://paste.ubuntu.com/9019140/
<cryptodan> NAME="nginx"
<cryptodan> oh it is spelled right
<ubuntuaddicted> cryptodan, right
<cryptodan> wait its not unless you misspelled it?
<ubuntuaddicted> cryptodan, i dont' follow what you're saying
<cryptodan> nevermind
<nunizacu> maybe change name of original nginx and add your installed patho to PATH
<nunizacu> type should find it
<nunizacu> PATH in script, not systemwide
<ubuntuaddicted> nunizacu, i'm sorry, i don't know what any of that means
<cryptodan> where did you get this script in the first place?
<ubuntuaddicted> cryptodan, i'm not sure to be honest
<cryptodan> so you openly run a script from which you do not know where you got it from?
<ubuntuaddicted> cryptodan, if you have another nginx script that will work with my installed nginx that's in /usr/local/nginx than I would really appreciate that
<cryptodan> ubuntuaddicted: usually when you complie something like that it wouldcome with its own script
<cryptodan> I dont openly go out on the web looking for scripts to run my services if I compiled them
<ubuntuaddicted> cryptodan, apparently so.  looking at this one looks promising http://wiki.nginx.org/Nginx-init-ubuntu
<cryptodan> ubuntuaddicted: look in the source package from which you compiled it from
<cryptodan> otherwise I would highly recommend that you stop trying to mess around servers and services in general if you do not know what you are doing
<ubuntuaddicted> cryptodan, hmm, i followed this guide for compiling nginx here: https://obsproject.com/forum/resources/how-to-set-up-your-own-private-rtmp-server-using-nginx.50/
<ubuntuaddicted> cryptodan, i can only learn if i try
<cryptodan> there is no script there
<ubuntuaddicted> cryptodan, and i have not really learned init scripts or upstart. i normally just install packages using the default repo's BUT minecraft and nginx aren't in the default repo's (well you know why I had to compile nginx-because i needed the rtmp module)
<ubuntuaddicted> cryptodan, i realize that but it appears like it has a $PATH variable in it that I can set
<ubuntuaddicted> cryptodan, it appears as though I got my current script from https://wiki.debian.org/LSBInitScripts
<cryptodan> this is how you start and stop the script based upon the quide you sent $ sudo /usr/local/nginx/sbin/nginx -s stop $ sudo /usr/local/nginx/sbin/nginx
<ubuntuaddicted> cryptodan, i know how to stop and start nginx manually. i am trying to get it to auto-start when the server starts
<cryptodan> put /usr/local/nginx/sbin/nginx in rc.local
<ubuntuaddicted> cryptodan, that wouldn't be using upstart then right?
<ubuntuaddicted> cryptodan, because that new script I linked to even has the default conf directory correct being NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
<cryptodan> nope but it would allow you to do what you want
<cryptodan> ubuntuaddicted: here you go http://wiki.nginx.org/Upstart
<ubuntuaddicted> cryptodan, but i'm not familar with initctl. with that upstart job would I be able to manage the service with sudo service or no?
<ubuntuaddicted> cryptodan, so this script woudln't work? http://wiki.nginx.org/Nginx-init-ubuntu
<cryptodan> ubuntuaddicted: also this http://wiki.nginx.org/Nginx-init-ubuntu
<ubuntuaddicted> cryptodan, lol, that's what i linked like 15 minutes ago
<cryptodan> that wasnt your pastebin
<ubuntuaddicted> cryptodan, actually this script looks the most promising. https://raw.githubusercontent.com/JasonGiedymin/nginx-init-ubuntu/master/nginx
<cryptodan> the one posted from the nginx wiki is the one you should use
<ubuntuaddicted> cryptodan, linked from this guide here: https://www.vultr.com/docs/setup-nginx-rtmp-on-ubuntu-14-04
<ubuntuaddicted> cryptodan, do i need to do anything writh update-rc.d?
<cryptodan> update-rc.d nginx enable I believe
<ubuntuaddicted> cryptodan, i don't need to remove or disable the current one?
<cryptodan> yes and then renable the other one
<ubuntuaddicted> cryptodan, i did sudo update-rc.d nginx disable
<ubuntuaddicted> cryptodan, installed the new nginx file. now i just run sudo update-rc.d nginx defaults && sudo update-rc.d nginx enable?
<cryptodan> defaults should be all that is required
<ubuntuaddicted> cryptodan, sudo update-rc.d nginx defaults returned System start/stop links for /etc/init.d/nginx already exist
<ubuntuaddicted> cryptodan, so i did sudo update-rc.d nginx enable and it removed all them and then re-added them scripts in each of the /etc/rc0.d/K20nginx
<ubuntuaddicted> cryptodan, hmmm, so now sudo service nginx start doesn't work. it says nginx: unrecognized service
<ubuntuaddicted> cryptodan, ahhhh, it was because i didn't chmod +x the /etc/init.d/nginx file. it's working now.
<cryptodan> reboot and see if it starts
<ubuntuaddicted> cryptodan, i would if no one was on the server but there is so i have to wait until they get off. i run a minecraft server. :)
<cryptodan> internet issues
<ubuntuaddicted> cryptodan, but sudo service nginx start works. and sudo service nginx stop works.   so i believe we got it working. :)  I really appreciate your help and patience
<cryptodan> you are welcome, and to learn serving I would highly recommend using a VM till you get the hang of it
<ubuntuaddicted> cryptodan, thanks. i just need to do some learning of init i guess or upstart or whatever it's referred as in xubuntu 14.04.1
<cryptodan> so that way you dont open yourself up for exploit
<ubuntuaddicted> cryptodan, i have a hardware firewall protecting me but i see what you're saying
<cryptodan> if it is made by man it can be broken by man
<ubuntuaddicted> cryptodan, :)
<linuxmint> So, setting up RAID on new computer and BIOS says RAID can be setup with BIOS if using Windows. I'm using Linux (Proxmox on Centos), so do I need to build a different type of RAID like mdadm?
<ubuntuaddicted> ok, i'm back. apparently despite us fixing that minecraft startup script which is supposed to start a screen session that I can attach to, there's no screens running under user minecraft or under my user. can anyone help again?
<cryptodan> ubuntuaddicted: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-minecraft-server-on-linux
<dominic1134> www.openas.org - an open-source Anti-Spam appliance - We're still looking for contributers, volunteers and supporters. Check it out!
<ubuntuaddicted> cryptodan, thanks but i'm not using those instructions. according to ps aux | grep minecraft both screen and minecraft are running
<ubuntuaddicted> cryptodan, http://pastebin.com/yJacZVzY
<cryptodan> screen -R
<ubuntuaddicted> cryptodan, that just brings up a new screen session
<nunizacu> screen -r
<ubuntuaddicted> actually, it returns this Cannot open your terminal '/dev/pts/19' - please check.
<ubuntuaddicted> when i run screen -R with user minecraft
<ubuntuaddicted> if i chown /dev/pts/19 so it's owned by user and group minecraft screen -R results in a new screen session and screen -r results in There is no screen to be resumed
<nunizacu> do it as user who did screen
<ubuntuaddicted> not sure if what user juboobbleton did was an acceptable workaround  in this post https://github.com/superjamie/minecraft-init-script/issues/26
<nunizacu> login as user whitch you did screen and then screen -l
<nunizacu> or if you dont like login sudo -u USER screen -l
<ubuntuaddicted> nunizacu, if i ssh into the server as user minecraft and try screen -r it says there is no screen to be resumed
<ubuntuaddicted> and screen -ls returns this No Sockets found in /var/run/screen/S-minecraft.
<nunizacu> sudo ls /var/run/screen
<ubuntuaddicted> so i don't believe adding /etc/init.d/screen-cleanup start  to my minecraft start script was the correct workable solution.
<ubuntuaddicted> nunizacu, that returns this    S-minecraft  S-ubu
<nunizacu> sudo -u minecraft screen -l
<nunizacu> sudo -u ubu screen -l
<nunizacu> if you see some - sudo -u user screen -r
<ubuntuaddicted> typing in    sudo -u ubu screen -l    just takes me into a new screen session as user minecraft. what do i do once i'm in htere?
<ubuntuaddicted> nunizacu, i don't believe it's setup correctlly. that script is suppose to start a screen session, run as a daemon as user minecraft and then start the minecraft server. i should be able to reattach to screen which is named surivial-mc and see the minecraft server console but so far i can't find the running screen session
<ubuntuaddicted> nunizacu, according to screen -list  No Sockets found in /var/run/screen/S-minecraft.
<nunizacu> so you have no screen running
<nunizacu> but man you do web servver, minecraft server or what?
<Ben64> ubuntuaddicted: why must you use a script?
<Ben64> ssh in, run screen, run minecraft server
<ubuntuaddicted> nunizacu, apparently not under user minecraft. but what i'm confused about is ps aux | grep minecraft shows SCREEN running http://pastebin.com/yJacZVzY
<ubuntuaddicted> Ben64, so that if the power goes out it auto-restarts
<nunizacu> you can do it with start-stop-daemon
<nunizacu> assign pid, loop test
<nunizacu> and restart when needed
<Ben64> ubuntuaddicted: you're overcomplicating it
<nunizacu> learn something about linux, bash and anything man
<ubuntuaddicted> nunizacu, if there's some other way to have it autostart when the server boots up please let me know
<Ben64> your server shouldn't be dying often enough that you need to do that
<ubuntuaddicted> so what sucks right now is i can't safely stop the minecraft server
<nunizacu> man, if it wasnt your nick i would do it long time ago (i can survive overgrovn ego to this extent only)
<Ben64> my server == 02:51:45 up 78 days, 23:11,  4 users,  load average: 0.00, 0.01, 0.05
<Ben64> and that reboot was planned
<ubuntuaddicted> Ben64, you run a minecraft server?
<Ben64> i have
<ubuntuaddicted> if i can't reattach to the screeen it's running in, what's the safest way to stop it?
<Ben64> should be able to do that from within the server
<ubuntuaddicted> Ben64, i can't get to the server console.
<Ben64> i mean, in game
<ubuntuaddicted> Ben64, someone helped me earlier thinking they fixed it for me but it turns out it didn't fix the problem, it just made it so the minecraft server started when the server booted up BUT i can't get to the screen session to manage the minecraft from it's console
<Ben64> yeah, stop relying on scripts and stuff
<cryptodan> I would follow this guide https://www.digitalocean.com/community/tutorials/how-to-set-up-a-minecraft-server-on-linux
<ubuntuaddicted> Ben64, i need some automated way for the minecraft server to start and it's all over the web as far as guides showing people how to use the init script to start screen and then start minecraft
<Ben64> you really don't need an automated way
<Ben64> you start it, and it runs forever-ish
<ubuntuaddicted> Ben64, as I said, if for whatever reason the server is restarted i'd like it to auto-start but i see your point.  but solving my current dillema, i'm on the server thru my minecraft client. what's would i type in to stop it safely?
<cryptodan> ubuntuaddicted: or this one http://minecraft.gamepedia.com/Tutorials/Ubuntu_startup_script
<nunizacu> at last
<nunizacu> i was about to write one for him
<nunizacu> i man guru
<nunizacu> i have only 17 years of expirience
<Ben64> maybe you shouldn't be running a minecraft server
<Ben64> if you can't figure out how to start/stop it
<nunizacu> and dont have enought bandwidth
<cryptodan> or any type of server for that matter
<Ben64> or running java on startup by using random scripts you find online and root and all kinds of stuff
<Ben64> red flags everywhere
<ubuntuaddicted> cryptodan, that doesn't use screen so that wouldn't allow me to admin the server thru the minecraft server console
<nunizacu> you can run screen inside start-stop-daemon
<nunizacu> you can redirect fd's
<nunizacu> or do many fancy things
<ubuntuaddicted> nunizacu, i'm sure you can, i was merely stating what cryptodan linked to did not have screen incorporated.
<cryptodan> simple google https://www.google.com/?gws_rd=ssl#q=minecraft+server+admin+console
<nunizacu> man, screen is one of first thing irc guy learns
<nunizacu> and bash is first thing linux guy learns
<nunizacu> start with that
<ubuntuaddicted> Ben64, so it's safe to just type in stop from my minecraft client? i've never used server commands in the client before
<cryptodan> http://minecraft.gamepedia.com/Commands
<Ben64> really, maybe you shouldn't be running a server
<cryptodan> I told him to practice in a VM first
<Ben64> good idea
<nunizacu> well i offer vm's but for guys who do some cool stuff
<ubuntuaddicted> cryptodan, i was already looking at that. it doesn't state it's safe to do from the client
<ubuntuaddicted> Ben64, i can't learn if i don't do. i'm attempting to do. asking for help, if you're unwilling to help and can only belittle me than i was mistaken that this was a support irc channel for ubuntu-server
<cryptodan> there is a proper way to learn server hosting, and being inexperienced and hosting public facing servers is not the way
<Ben64> ubuntuaddicted: you're doing less doing and more copying scripts you find online
<nunizacu> man learn basics first
<Ben64> i'm suggesting you actually DO and run screen yourself
<cryptodan> Its all we need is another exploited server out there hosting malware such as cryptolocker
<nunizacu> when i was starting i had to manualy hunt for sources to build anything couse slack had not apt-get or so
<cryptodan> I was handed a Debian 2.0 Disk and was told have fun and good luck
<nunizacu> it was just hunting for some program and then hunting for dependencies, and dependecies of depenencies
<nunizacu> so you remember how cool it was when mandrake came out
<Ben64> i compiled 2.6 kernel when it came out, had to update pretty much everything in order for that to work
<Ben64> i didn't follow any guide or anything, just tried stuff till it worked
<nunizacu> man, kernel compiling become daily stuff
<cryptodan> I removed /etc once
<Ben64> the upgrade from 2.4 to 2.6 was huge though :)
<nunizacu> man, worst nightmares was gcc updates
<nunizacu> or glibc
<cryptodan> tried removing postfix manually and well lets just say I typed in rm -rf /etc and thought I hit tab but then hit * and well hit enter
<nunizacu> rm -rf / is oldest joke ever
<Ben64> and thats how you learn to quintuple check before hitting enter
<ubuntuaddicted> i had the server working just fine previously but had to manually start the server. screen was launched and minecraft launched within that. it was working. i came here to get help to automate it during a bootup. someone in here gave me a command to add to my minecraft init script which i had thought made the minecraft server start at system boot BUT it didn't make a reattachabel screen so the solutiuon given to me was incorrec
<ubuntuaddicted> t.
<nunizacu> man LEARN HOW INIT SCRIPTS WORK FIRST
<nunizacu> sorry for caps
<nunizacu> im sick for 2 months
<ubuntuaddicted> i've never entered commands for the server in a client before.
<nunizacu> and after 6 or 7 antibiotics
<nunizacu> well, its good we have sudo
<ubuntuaddicted> it's a bug in screen, in ubuntu's provided screen package since 4 years ago
<nunizacu> yeah, im using screen right now
<nunizacu> on ubuntu
<ubuntuaddicted> at least i got my server back to running the way it was before I came here.
<ubuntuaddicted> screen is running for user minecraft, and I can reattach to it just fine.
<nunizacu> screen somprogram, control-a-d, screen -r
<nunizacu> whole philosophy
<ubuntuaddicted> and see the minecraft server console so all is well
<nunizacu> man, you are just toxic
<nunizacu> learn basics
<ubuntuaddicted> now to figure out how to autostart it when the server boots up. that's for another day cause i'm exhausted. worked 13 hours at my normal job and then messed with minecraft and nginx all night.
<Ben64> alternatively, don't autostart it
<nunizacu> and i work over 35 hours now
<ubuntuaddicted> thanks for everyones help. goodnight
<nunizacu> beat that
<nunizacu> if you are netadmin they dont ask if you can or can do it, or if you have time, you have to get it done
<ubuntuaddicted> easily, my longest shift was 31 hours without leaving :)
<nunizacu> if i have a problem i google and try thus learn
<nunizacu> well, my shift ends maybe tommorow
<ubuntuaddicted> excuse me, 39
<ubuntuaddicted> anyway...... night
<nunizacu> sleep looong
<nunizacu> where such guys come from
<nunizacu> he acts like fifteen years old egoovergrown kiddo
<nunizacu> 39 shift... i have 35 and i have more coffeine inozytol and taurine than blood
<nunizacu> and alive just becouse i slept last 30 hours
<nunizacu> i thought ubuntu-server would be channel for some guys who knows at least basics
<nunizacu> i know its not lfs but anyway
<nunizacu> i had to run from networking channel becouse they didnt know why fd80 adresses work and others dont
<nunizacu> it's good i have my ovn irc server
<nunizacu> ehh, #gentoo is no better
<nunizacu> 'how can i do this'? ansawer 'dont'
<lordievader> Good morning.
<Nafetsch> hi there
<Nafetsch> i have a short question
<Nafetsch> i have two php versions on my server
<Nafetsch> i try to install apc
<Nafetsch> but after install php5-dev i sill get sh: 1: phpize5514: not found
<Nafetsch> i think i have to link phpize to phpize5514... but how?
<ikonia> which repo did that come from ?
<Nafetsch> puh. donk know
<Nafetsch> sorry i am a noob
<Nafetsch> my other php is php5514
<Nafetsch> i just need to figure out why phpize dont like it
<Nafetsch> what i try is pecl install apc
<lordievader> Nafetsch: What is the output of 'apt-cache policy php5-dev'?
<Nafetsch> php5-dev:
<Nafetsch>   Installiert: 5.3.10-1ubuntu3.15
<Nafetsch>   Kandidat:    5.3.10-1ubuntu3.15
<Nafetsch>   Versionstabelle:
<Nafetsch>  *** 5.3.10-1ubuntu3.15 0
<Nafetsch>         500 http://ubuntu.mirror.serverloft.de/ubuntu/ precise-updates/main amd64 Packages
<Nafetsch>         500 http://ubuntu.mirror.serverloft.com/ubuntu/ precise-security/main amd64 Packages
<Nafetsch>         100 /var/lib/dpkg/status
<Nafetsch>      5.3.10-1ubuntu3 0
<Nafetsch>         500 http://ubuntu.mirror.serverloft.de/ubuntu/ precise/main amd64 Packages
<lordievader> !paste | Nafetsch
<ubottu> Nafetsch: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Nafetsch> SORRY
<Nafetsch> I will do that next time
<lordievader> !info apc
<ubottu> Package apc does not exist in utopic
<Nafetsch> I think php5-dev is installed for my 5.3.10
<Nafetsch> but i have also 5.5.14
<Nafetsch> I think my problem is that when I installed the php-dev it is not for the 5.5.14 ... is that possible?
<lordievader> Nafetsch: Is it the 'php5-apcu' what you are trying to install?
<Nafetsch> ACP YES
<Nafetsch> pecl install apc
<lordievader> Nafetsch: Why not take the package?
<Nafetsch> how?
<lordievader> Nafetsch: apt-get install php5-apcu
<lordievader> I actually hope to learn something...
<lordievader> Whoops..
<mardraum> you shouldn't be using apc anymore in recent php
<mardraum> use opcache.
<ikonia> this looks like a PPA
<Nafetsch> i want to use it for own cloud
<mardraum> apc is dead.
<Nafetsch> PHP module apc OR PHP module apcu OR PHP module xcache
<Nafetsch> the docu of owncloud says:
<mardraum> that's nice. use an older php then.
<Nafetsch> apt-get install php5-apcu SAYS: package not found !
<mardraum> apc is dead, jim
<mardraum> apc - it's dead. jim.
<lordievader> Nope.
<lordievader> Ugh, irssi history and high latenc don't mix...
<Nafetsch> when I try to install APCu I get the same error
<mardraum> who knew.
<Nafetsch> running: phpize5514           sh: 1: phpize5514: not found          ERROR: `phpize' failed
<lordievader> 15-13:15 < mardraum> you shouldn't be using apc anymore in recent php
<lordievader> 15-13:16 < mardraum> use opcache.
<lordievader> ^
<Nafetsch> OK GUYS general question about apt-get install
<Nafetsch> HOW can i tell apt get install which PHP I WANT TO USE
<Nafetsch> because it installs everything for the old one
<ikonia> I'd be more interested in why you have 2 versions
<ikonia> and where those 2 versions are coming from
<Nafetsch> i have plesk and i can choose
<Nafetsch> but that doesnt matter
<ikonia> it does matter
<ikonia> as it defines how your system is configured
<Nafetsch> when i write which PHP
<Nafetsch> i get the old one
<Nafetsch> "/usr/bin/php"
<ikonia> again - I'm more interested in where your different versions are coming from before suggesting any course of action
<Nafetsch> is that where apt get install does the stuff for ?
<Nafetsch> i compiled it
<ikonia> that seems unlikley
<ikonia> as apt-get would not show your compiled version
<Nafetsch> and It performs very well
 * mardraum giggle
<Nafetsch> but i dont know how to add modules to it or change it with apt get install
<ikonia> you don't
<ikonia> assuming you are correct i that you compiled it
<Nafetsch> ah ok
<ikonia> apt-get will not interact with your compiled version
<Nafetsch> is that possible?
<Nafetsch> the it will interact?
<Nafetsch> or do i have to recompile it?
<ikonia> no
<ikonia> apt knows nothing about your compiled version
<Nafetsch> how to tell it about
<lordievader> Unless you package your compiled code and install it through dpkg.
<Nafetsch> my compiled version
<Nafetsch> ah ok
<Nafetsch> is that complex?
<lordievader> But all of that is not supported here.
<Nafetsch> ok thank you
<Nafetsch> but if I need apcu now
<Nafetsch> i can just recompile my php and put that in
<Nafetsch> right?
<ikonia> thats up to you - it's your compile
<Nafetsch> :D
<Nafetsch> actually that is what I tried before but I have problems to add new stuff to my compile config
<Nafetsch> what i do is for example:   apt-get install php5-dev
<Nafetsch> but how add it to my compile: ./configure ----with-php5-dev
<Nafetsch> that dont work :(
<ikonia> Nafetsch: that won't work
<Nafetsch> mhhmhm
<ikonia> installing php5-dev won't do anything magic, your source tree is what needs to be aware of it
<Nafetsch> i know :D
<lordievader> Nafetsch: You said you had it compiled yourself, then why do you use the headers from the repo?
<ikonia> if you know why are you telling us pointless information
<Nafetsch> I dont know where to read more about it...
<ikonia> about what ?
<lordievader> Nafetsch: Why did you compile php in the first place?
<ikonia> I don't understand
<ikonia> you state you're doing it wrong (by showing us examples)
<ikonia> then when I explain how it's wrong you say "I know"
<Nafetsch> I did a tutorial for the compiling. because I need a new PHP version.
<ikonia> so whats the issue ?
<Nafetsch> where can i read something about Configuring my compile... how can I compile apcu into my new PHP
<Nafetsch> lordievader ... Sorry I dont know what you want to say with headers of repo
<lordievader> -dev packages usually contain headers for when you want to compile stuff that has those dependencies.
<lordievader> For example php5-dev would be installed if you want to compile a custom module against the install php version.
<lordievader> *the installed php versin  == the version from the repo.
<ikonia> Nafetsch: ##php is the php support channel, they have some very skilled people
<Nafetsch> ok. thank you lordievader and ikonia
<hikenboot> hi! I have a ubuntu server that is in a microsoft virtual hard drive that is 300GB 220GB is empty space (after shrinking) I tried using clonezilla to clone the vm to a smaller virtual drive but it fails unreacognized sda format...
<hikenboot> my question is this
<hikenboot> can I create a new vm that is 60GB (2GB for /boot) 58 for system using the ubuntu installer then boot from a live cd the original vm and the new one and rsync the install to new drive
<hikenboot> after removing the fresh install from the new drive (just leaving the partitions)?
<qman__> yes
<qman__> you can simply rsync the files, then install grub on the new disk
<hikenboot> if so what rsync switches would i need I would have to preserve all the special files and symlinks
<qman__> you will have to update fstab for the UUID
<qman__> rsync -aH
<hikenboot> i would just copy the data to the new install but its a rather complicated install with lots of customized configs everywhere
#ubuntu-server 2014-11-16
<kingjere> Anyone have radicale working with PAM?
<pmatulis> nope
<xpistos> Hi all. Is there a way to create an NFS share from a USD Mounted Drive?
<xpistos> I have a USB drive with christmas movies that I have attached to a server  and I would like to share it to  my laptop that has Plex Medie server attached on it.
<xpistos> I have not been able to set it up like I normally do with my internal drives.
<xpistos> I had set it up with a sshfs but now for some reason it is telling me "read: Connection reset by peer"
<_1_kai> test
<metrix> I want to backup a server via LVM snapshots to a NAS.  What options do I have for bullet proof LVM backups?
<Patrickdk> make sure all your applications synced out their data
<nunizacu> i was almost burn down on debian chanel for a joke, barely escaped
<pmatulis> nunizacu: and you ran over here?
<tkeith_> What's the best way to stop all services except the minimum for networking & remote SSH?
<bekks> tkeith_: By stopping them 1 by 1, after ensuring you dont need them.
<tkeith_> bekks: what about rebooting into single user mode? I found some online discussions that suggested that.
<bekks> How would that help you?
<bekks> Single user mode does not start networking nor ssh.
<tkeith_> bekks: It looks like I could use an upstart override file to make networking & SSH start in single user mode
<bekks> Thats more like a dirty hack than a sane approach.
<bekks> Investigate all services being started, and stop them if you dont need them.
<tkeith_> bekks: It seems like never starting the services in the first place is cleaner than hoping they all stop successfully and don't leave anything running. I thought the purpose of single user mode was for things like this?
<bekks> No.
<bekks> The purpose of the single user mode was to start a system with the least number of required services for being able to carry out operations that require the lowest number of services, etc. being started.
<bekks> The intention of the single user mode never was "hack me because I dont want to configure my system properly"
<tkeith_> How can I be sure that after stopping all services using "service stop" they don't leave any running processes?
<bekks> BY looking at the process list.
<tkeith_> bekks: How can I programmatically tell if any of the running processes are left over from the services?
<bekks> BY looking at the process list.
<bekks> You dont need to do that programmatically, you need to configure the service once.
<tkeith_> bekks: I like the single user approach because, while it may be hacky, it does guarantee that it's in the state I want
<tkeith_> bekks: I need to be able to get servers into this state programmatically, not manually
<bekks> It does not guarantuee anything.
<bekks> If you need to programmatically change services, you should not hack the single user mode, but you should learn to configure services properly.
<tkeith_> bekks: How should I go about "learning to configure services properly"?
<bekks> tkeith_: You could start here: http://upstart.ubuntu.com/cookbook/
<tkeith_> bekks: Are you really suggesting that I do anything other than "stop the services and hope all is well"?
<bekks> tkeith_: Yes.
<tkeith_> bekks: What are you suggesting?
<bekks> I told you :)
<bekks> Start getting familiar with what you are doing there instead of hacking and hoping.
<tkeith_> bekks: No, you're just pointing me at the upstart guide, which tells me how to configure individual services, which is not part of what I'm trying to accomplish
<bekks> I take that as "learning on how to do things properly is not what I'm trying to accomplish".
<tkeith_> bekks: What are you suggesting I do after reading the upstart guide other than configuring individual services differently?
<bekks> I told you, the answer will not change.
<tkeith_> bekks: You didn't answer.
<bekks> I did. Read again.
<bekks> If you dont like the answer, I cant do a thing about it.
<oldaphlp> hello, i'm struggling aginst what it seemed an easy operation in openldap, i got it mostly working aparently, but i'm stucked now from quite a few hours
<oldaphlp> what i'm trying to do is to use the meta backend to show several remote containers (all from the same remote server) as one local container
<oldaphlp> iow, the childs of the remote containers should look as if they are all in one container in the local server DIT
<oldaphlp> with a single uri it works, even with auth forwarding. but when adding more uris, i get "operations error" and no amount of debugging has given me more about it
<igoryonya> when I try to CONNECT on squid, I get the following error: URL http://94.100.180.228:2042/; The administrator may not allow this cache to make direct connections to origin servers. This only happens, when trying to CONNECT to ip addresses, when using domains, it works fine.
<ReScO> what do i need to be able to send and recieve mail from my server?
<bekks> You need to setup a mail server daemon, like postfix.
<bekks> ReScO: Like this, e.g.: https://help.ubuntu.com/community/Postfix
<ReScO> so if i install the right software, people can send mail to me@domain.com?
<bekks> ReScO: you need to install and - very important - configure the "right" software.
<ReScO> i understand, but i'm more worried about the whole sending/recieving mail part
<ReScO> do i need to pay for extra services or?
<bekks> The whole sending/receiving mail part is done by configuring your mail server. Where is your server located?
<ReScO> it's a VPS somewhere in Amsterdam
<ReScO> no mail server software on it yet
<ReScO> i have a external IP
<bekks> Then you have to ask your hoster wether they charge by traffic, e.g.,
<ReScO> ok, so if i configure everything, how does mailing to me@domain.com end up at my server?
<ReScO> does it announce itself to other smtp servers?
<maswan> That's what DNS is for
<ReScO> so configure it properly and i can recieve mail for my domain, no extra services required?
<maswan> other smtp servers look up the domain's MX records and use those IPs
<lifeless> http://arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-mail-server-with-your-own-domain-part-1/
<lifeless> might be a useful read
<ReScO> thanks
<bekks> ReScO: You need to configure DNS as well.
#ubuntu-server 2015-11-09
<MACscr> for those that manage a lot of servers that do not normally have an email server on them. how are you typically handling sending emails from root? just installing postfix? seems a little heavy for the need, but i could easily be wrong
<wehde_> does anyone know how to sync apt-cache across servers?
<lordievader> Good morning.
<jamespage> caribou: hey - around? we're both looking at haproxy problems so might be work chatting on solutions - also been discussing with the debian maintainer as to approach to nbproc > 1
<Darkyyy> hello ppl
<impermanence> Is it difficult to configure postfix or mail to send email to remote clients?  I thought all I would have to do is the minimal install of both and I'd be good but mail seems to only like to be sent from a local user to a local user.  What am I missing?
<shauno> usually just 'dpkg-reconfigure postfix' and pick the right topology from those offered (bad advice for a proper mailsite, but works really well for a satellite site).  although there's things like ssmtp that cater more directly to such uses now
<impermanence> @shauno Okay, so I do need to manually configure a bunch of stuffâ¦
<impermanence> @shauno I don't care about sec.  It's all internal cloud.
<Walex> impermanence: that's a bit optimistic...
<impermanence> @Walex how so?
<impermanence> @Walex oh you mean my cloud comment?
<Walex> impermanence: "internal" sometimes is not that internal...
<impermanence> @Walex you're right.
<Walex> impermanence: anyhow for that 'postfix' stuff a satellite config or 'ssmtp' is good as <shauno> said. the config file will be identical on all hosts: just pointing to the "smart host"
<Walex> impermanence: note that sends email to a remote server, not a client, but I guess that was a mistype.
<impermanence> @Walex it was.  the client in this case is the server.  i never know anymore honestly.
<Walex> impermanence: something like this looks good: https://www.dnsexit.com/support/mailrelay/postfix.html
<Walex> impermanence: similar here: http://www.certdepot.net/smtp-configure-a-mta-with-a-smart-host/
<Walex> last time I did this I used 'esmtp' rather than 'ssmtp' can't remember why
<herrkin> hello community, I have been having trouble with permissions so badly that I think it has to be something I am not understanding of ubuntu.
<herrkin> first it was in apache, I decided to forget about it, I had a symlink to a folder in my home, if I was logged in in the shell it worked perfect, the second I logged out the os it broke saying nobody had permission to go to the page.
<herrkin> something oddly similar is happening to me with pm2
<TJ-> herrkin: Encrypted home directory maybe?
<herrkin> yes, but in the case of apache the apache user is the same as in my home directory
<herrkin> there should be no problem, still there is.
<herrkin> that was only to illustrat
<herrkin> pm2 is giving me a similar error
<herrkin> it only works if i am logged into the system
<herrkin> if I log out it kills itself
<herrkin> if I configure the startup script it never execute
<herrkin> I have been arround this for a week, its driving me crazy.
<TJ-> encrypted home will make a big difference, since when you log-out the encrypted user home directory is unmounted and the files disappear
<herrkin> is there a way to make it keep it mounted?
<herrkin> or make another user mount it so it can use it?
<TJ-> No. Don't use encrypted user home if you intend a service to access it
<TJ-> Or alternatively, move the served content to another directory outside the user's home
<teward> i was about to say that lol
<teward> :p
<jrwren> use byobu to fake always being logged in?
<herrkin> byobu?
<jrwren> tmux or screen?
<jrwren> it leaves a shell running in your homedir. might be enough to prevent the unmount.
<jrwren> i don't know how the system decides to unmount the encrypted home
<TJ-> In which case why bother encrypting it?
<TJ-> jrwren: when there's no user logged in
<herrkin> remember I told you I didnt want them to access the files mounting the disk in another machine?
<TJ-> the mount/umount is done by pam_ecryptfs
<herrkin> thats why :D
<jrwren> TJ-: bothering only for FBI raid protection.
<TJ-> herrkin: your design is broken then. You can't have it both ways.
<herrkin> then its just not possible to deny people accessing files?
<jrwren> herrkin: I understand your requirements and I think they are reasonably as long as you are OK with the drawbacks.
<herrkin> yeah but I am ignorant about the shell you are sugesting
<herrkin> how do I do it?
<herrkin> it might be it.
<jrwren> herrkin: apt-get install byobu, then when you ssh, run byobu
<herrkin> if the home unmounts when I log out then I need a way to keep it alive forever
<herrkin> I guess
<herrkin> ok just like that?
<herrkin> nothing else needed?
<jrwren> to logout, don't close byobu by exiting the window, instead, detach with ctrl-a, d, then exit the ssh.
<herrkin> oh.. its like a second layer
<jrwren> herrkin: byobu is a wrapper around gnu screen or tmux. if you aren't familiar with them, i highly recommend you become so. they are valuable tools.
<herrkin> I just keep it running in the background
<kirkland> fyi, there's a video demo at byobu.co
<jrwren> yes, keeps shells running in bg
<herrkin> I will go see it. thanks.
<jrwren> kirkland: does it keep an encrypted home fs mounted?
<kirkland> jrwren: yes, until you logout all sessions
<jrwren> there ya go herrkin. exactly what you want
<herrkin> wow that term is amazing.
<herrkin> I can have multiple windows, pretty good
<impermanence> @Walex Oh hey thanks man.  I'm actually kind of surprised at how complicated this is.
<jrwren> herrkin: valuable tools? :)
<herrkin> ok I will try it, I will be reporting the results
<acmehandel> I set up psad on my server and got flooded with messages within minutes.
<acmehandel> how do I set it up to where I get 1 summarized message per day?
<herrkin> still there is a problem
<herrkin> how do I make it start up?
<herrkin> jrwren, I think I might have broke something up
<herrkin> because I could go in and out before
<herrkin> pm2 list and it keept on working
<herrkin> no matter if I was logged in or not
<herrkin> when I tried to make it start on boot up it screwed that functionality
<herrkin> I tried to do ctrl-a,d as suggested, didnt work, it still kill pm2 at logout
<herrkin>  maybe it also kills byobu
<herrkin> it may kill everyting that the user is executing
<herrkin> I don't really know
<herrkin> TJ-, so you think I should definitely have it without encryption.
<herrkin> I would lose the protection of the files :(
<herrkin> wow, everybody is gone.
<teward> herrkin: or busy or patience, it's lunch at some places
<teward> herrkin: TJ- has indicated that you have two goals:  protect files, but let services access them.
<teward> herrkin: Either move those specific files out of the encrypted home directory and into unencrypted space where it can be accessed by services
<teward> or leave a login session running, and your entire home is 'decrypted' per se
<herrkin> I tried what you told me
<teward> If you're exposing the files to a service anyways, securing the files from being accessed is already out the window
<herrkin> no luck
<herrkin> it seems the time l
<herrkin> I log out it kills byobu too
<herrkin> when I log back in its like I have never logged in before
<patdk-wk> well, if your using encrypted home folders, ANYTHING that runs as you, should die
<patdk-wk> as your home folder will become encrypted when you logout
<herrkin> yes, is there a way I can have a session running forever? like a service session?
<patdk-wk> servers and encrypted home folders, genrally don't mix
<teward> your only option in this case is: (1) don't use encryption, or (2) put the web doc root into unencrypted space
<herrkin> I thoght that was what happened with apache and others
<teward> agreed with patdk-wk
<patdk-wk> FDE and servers mix, but is normally a pain to manage
<patdk-wk> what do you mean apache and others?
<herrkin> then how could i protect some folders that can only be accessed by services?
<teward> herrkin: define 'protect'
<herrkin> nobody can grab the code
<patdk-wk> encrypted? impossible
<teward> herrkin: too late - it's already exposed to the *net if you're using Apache to access it
<teward> (theoretically)
<herrkin> yes but apache delivers its version of the code, not everything
<teward> point missed
<herrkin> I mean it serves results, not code
<herrkin> yes
<teward> herrkin: in theory? set up ACLs for the folders and files
<teward> but that can be painful to maintain over time
<herrkin> ok lets just resume.
<patdk-wk> hmm?
<patdk-wk> lets say, your running a php site on your server
<herrkin> ok
<patdk-wk> and you want to protect the php files from exposure
<patdk-wk> it's not possible
<patdk-wk> all it takes is ANY vaunerability in anything that runs under that user, and your exposed
<teward> gbah lag
<patdk-wk> so any flaw in your php code
<patdk-wk> and your exposed
<teward> (the last part I was going to say is "That doesn't actually 'hide' the code to the world, really)
<teward> patdk-wk: thanks for adding that on, lag / network weirdness disconnected me for a second
<herrkin> ok
<teward> herrkin: if you want the code to NOT be visible to the world, you don't have it served by a web server or service
<patdk-wk> acl's, apparmor, ..., nothing is going protect against that
<teward> ^ that
<herrkin> so thats a crap lol.
<teward> herrkin: you can protect it from other local users, possibly, accessing it, but NOT if it's being served to the web
<teward> (I was imprecise earlier)
<patdk-wk> generally this is why people go with multible levels
<teward> mhm
<herrkin> the thing is that I deliver a black box to the client, in theory they should not be allowed to grab anything from the machine
<patdk-wk> backend api, frontend webserice
<patdk-wk> and nothing you care about on the frontend
<patdk-wk> it will limit that attack pretty well, not perfect, but make it damned hard
<herrkin> but nothing is stopping them from taking the hdd and mounting it in another maching
<teward> herrkin: FDE
<herrkin> getting the files and selling my software
<teward> full disk encryption would 'prevent' that, per se
<teward> but, it's painful to manage
<teward> to quote patdk-wk...
<teward> [2015-11-09 13:00:47] <patdk-wk> FDE and servers mix, but is normally a pain to manage
<herrkin> yes but I would still need to give them the key if they need to reboot the machine
<herrkin> thats silly
<patdk-wk> no
<patdk-wk> why is it silly?
<patdk-wk> I do it
<patdk-wk> and I do it automated, most reboots are automatic
<herrkin> give the encryption key to them?
<patdk-wk> yes
<herrkin> why would you do that?
<patdk-wk> heh?
<herrkin> if thats what you are avoiding in the first place?
<patdk-wk> hmm?
<patdk-wk> how do you unencrypt a system that is encrypted without a key?
<herrkin> I mean if they have the encryption key they can get everything from the system, cant they?
<teward> herrkin: it sounds like you are giving a client a black box, but then not wanting them to be able to use it / install it / reboot it without calling you to come in and reboot everything
<herrkin> its like its not encrypted
<patdk-wk> herrkin, heh? I have to give it the key on each boot
<patdk-wk> no exceptions or work arounds
<teward> patdk-wk: i think herrkin wants to give the client the box and NOT give the client the key, so they can't access the files on the devices
<teward> which makes zero sense
<patdk-wk> yes, I do the same
<patdk-wk> but then you have to give it the key on each reboot
<herrkin> all I want is they can reboot the system but not access the files
<teward> herrkin: mutually exclusive options
<patdk-wk> won't happen
<herrkin> it seems impossible as you say
<teward> herrkin: you get one, or the other
<patdk-wk> herrkin, even if you used FDE that won't happen
<teward> either they can reboot the box and put in the key, or, you give the machine the key each boot.
<herrkin> if I enctypt the disk and give them the key its like I wasnt enctypting anything
<herrkin> so why bother?
<patdk-wk> forget all that, your protecting against the wrong thing
<teward> ^
<patdk-wk> when using FDE, if the server is on, it's as good as vaunerable
<patdk-wk> only when it's powered off is it safe
<patdk-wk> so yes, they can't remove the drive and reboot
<patdk-wk> but they can attack it while it's turned on plunty
<herrkin> wow thats frustrating
<patdk-wk> if it was simple
<patdk-wk> everyone owuld have perfect security
<patdk-wk> and there would be no market
<herrkin> it seems any system is vulnerable then?
<patdk-wk> anything that can be turned on, is
<teward> yep
<patdk-wk> it's how you want to protect it, and what you want to protect against, that drives up how hard/costly it is to do
<patdk-wk> using a tpm module will let you autoreboot
<patdk-wk> and will protect against drive removal
<patdk-wk> but it won't protect against attacks against that same machine
<patdk-wk> or bios issues
<herrkin> what is tpm?
<teward> https://en.wikipedia.org/wiki/Trusted_Platform_Module I think
<herrkin> sorry there are some things I have never used so I get confused
<patdk-wk> I use tpm's on many things
<herrkin> how would it protect against drive removal?
<patdk-wk> some with passwords, others without
<patdk-wk> the drive is encrypted
<patdk-wk> cannot be decrypted without the tpm
<patdk-wk> the tpm cannot be removed from that computer
<herrkin> patdk-wk, please tell me the way you protect your work
<patdk-wk> I don't attempt to protect against the impossible :)
<patdk-wk> I am only required to protect against powered-off states
<patdk-wk> not powered-on
<patdk-wk> fde works great for that
<herrkin> exactly
<herrkin> all I want is that they cant remove the drive and access it from another machine thus grabbing the files
<patdk-wk> use a tpm then
<teward> FDE (Full Disk Encryption), + TPM module
<patdk-wk> the FDE passcode will be generated and stored in the tpm only
<herrkin> and also prevent the grub from changing pass
<herrkin> thats another thing I havent been able to do
<patdk-wk> heh?
<patdk-wk> what does grub have to do with FDE?
<herrkin> there was a time when I lost my pass
<herrkin> I remember I read on a page that I just go on grub and type some commands
<herrkin> I override the root pass
<herrkin> I could log to the system
<herrkin> that is something I want to prevent too.
<patdk-wk> yes, all that requires having the disk
<patdk-wk> and we just told you to use fde
<herrkin> ok
<patdk-wk> if yo uwant to protect against that
<herrkin> I will look for that.
<patdk-wk> if you want to protect against something when it's *powered-on* and working, that is totally different
<teward> i feel like we're going in circles, so I'm going to go get lunch.
<teward> <gone>
<patdk-wk> but to protect against powered off, fde+tpm will do the job for you
<herrkin> lol.
<herrkin> sorry teward
<herrkin> good
<herrkin> another thing the key sharing.
<patdk-wk> key sharing? no idea what that is
<herrkin> how you prevent them to grab the files if they have the key?
<herrkin> the encryption key
<patdk-wk> how would they get the encryption key?
<herrkin> you said you would give it to them so they can reboot
<patdk-wk> on my systems yes
<herrkin> hm..
<patdk-wk> but we aren't discussing my system
<patdk-wk> but what you need
<patdk-wk> for you, a tpm would be perfect
<patdk-wk> for me, sometimes tpm
<patdk-wk> but I also want to protect against someone stealing my server
<herrkin> ok, that way you are telling me it allows to reboot without asking for an encryption key?
<patdk-wk> and so my tpm would need a password
<patdk-wk> the encryption key is stored in the tpm
<herrkin> oh.. great
<patdk-wk> if you password the tpm is optional
<patdk-wk> if you don't put a password on the tpm
<patdk-wk> that drive is now locked to that computer
<herrkin> ok, so much to learn
<patdk-wk> without that *computer* the drive must be wiped
<patdk-wk> tpm's are bound to the system they are put into
<patdk-wk> even doing a bios update on it, will cause the tpm to break
<herrkin> and changing its hardware does it too?
<patdk-wk> motherboard, yes
<patdk-wk> other stuff, likely not
<herrkin> for example more ram, another nic, whatever
<TJ-> Guys, I think the background to this says everything, since it's a continuation of a long-running saga. If I recall correct, the server is owned by, and on the premises of, a customer of herrkin, who installs his proprietary code on said server. herrkin is trying to prevent the customer having any access to the source-code of his application.
<herrkin> ok then I will research about tpm fde
<TJ-> Last time I recall they wanted log-on/root access to 'change the IP' and we ended up recommending simply putting a cheal router 'in front' of the server so the customer changed the router config, not the server.
<herrkin> yes :D
<herrkin> that was just an idea, I like that.
<TJ-> And before that, when this situation of protecting the code came up, I said it was a pointless endeavour
<TJ-> If you don't have trust in a customer don't do business with them
<herrkin> yeah its just inevitable. I want to protect from anything. sorry if I am bothering you, I am learning a lot from you.
<TJ-> herrkin: the only solution is to host the service off-site where you have full physical control
<TJ-> herrkin: you could always do that, and then set up a VPN from your server to the customer's premises, or to the customer server, which simply acts as a proxy - therefore it would not store your code on it
<herrkin> that wouldn't be efficient because the internet in my country is a crap. instead some of my clients have several servers to handle local data and then replicate
<herrkin> the thing is a matter of availability, internet is either not so good or not available
<patdk-wk> ya, I dunno the whole story, just what I ran into the middle of :)
<herrkin> so they need to have the server in premises
<patdk-wk> but yes, it all come down to what you are protecting against
<patdk-wk> but pulling a harddrive out of the box, fde is required, and tpm to do the fde is likely needed in this case
<patdk-wk> since you don't want to manage keys
<patdk-wk> but to do other kids, it's different
<herrkin> yes its seems like the solution.
<patdk-wk> kinds
<herrkin> oh its a hardware ? lol.
<patdk-wk> yes
<herrkin> no way, I think I just leave that unprotected, I can't do much about it
<herrkin> thanks for clearing it out. sorry for the time wasted. I appreciate it.
<patdk-wk> most motherboards support tpm modules
<patdk-wk> it's just a chip you plug into the motherboard
<patdk-wk> :)
<TJ-> herrkin: clearly display your copyright messages in every file, and in the log-on MOTD; that's about the best you can do
<herrkin> yes. thanks.
<herrkin> honestly I wanted to marry them to our support, if they can gain access the code they can edit it and do what they need.
<herrkin> off course we could detect if the code has been changed, and one thing to do is not leave the ssh key of our repository, it could be brutal.
<herrkin> its not that I dont trust them, I am just being paranoic lol. anything can hapen.
<TJ-> herrkin: you could embed methods that check known cryptographic hashes of the file(s) with live-generated hashes, and cause your service to stop/warn/error if changes are detected
<herrkin> hm.. like md5 hash of the files? check sums?
<bindi> ubuntu server 14.04, will it run irssi in a screen with 3GB disk space? :P
<bindi> i mean sure the wiki page says minimum is 1
<bearface_> bindi: it should be able to
<herrkin> TJ-, the thing that worries me the most now that its like that is that they could easily see the db password and screw or edit the data at will living us in a horrible possition. I mean some black hat technisian with a will to distroy it, literally could do it.
<TJ-> herrkin: if it is their data why worry? if they change it that's their issue, totally outside your responsibility.
<herrkin> they could think its a malfunction of the system. (lack of security) they could blame us for that. TJ-
<TJ-> herrkin: negoitate sensible terms, in writing, so both parties understand what is an isn't your responsibilty, and what is theres (like not interfering with the code or database, keeping a written log of all access they make to the server, etc.)
<herrkin> ok thanks
<TJ-> herrkin: ensure the server keeps good logs of everything, and have it forward them to you on a schedule using cron, maybe
<herrkin> good what type of logs, access logs?
<TJ-> Yes, and database access, any kind of program-controlled access to your running code
<herrkin> got it, thanks
#ubuntu-server 2015-11-10
<acmehandel> anyone here familiar with postfix?
<dork_> acmehandel: yep
<acmehandel> dork_ well on one of my servers I am not getting an 'cannog assign requests address' from alt.gmail-smtp.l.google.com
<acmehandel> I was having a problem earlier today where this server in question started sending out many many many messages to my email account.
<acmehandel> I have this sinking feeling that google has blocked this servers IP address now.
<acmehandel> before I was able to figure out how to fix this.
<dork_> what do you mean you get that from alt.gmail-smtp.l.google.com
<acmehandel> when I tail -100f /var/log/mail.lgo
<acmehandel> when I tail -100f /var/log/mail.log
<acmehandel> that is the message I get.
<dork_> can you pastebin all the relevant lines of the specific message
<dork_> or
<dork_> you can check your ip's reputation on mxtoolbox
<acmehandel> is that a .com?
<dork_> sounds like someone used you as a reloy or something?
<dork_> s/reloy/relay
<dork_> http://mxtoolbox.com/
<acmehandel> its more likely that I was careless in using postfix.
<acmehandel> as I mentioned earlier.  The server started sending out many many many messages for nearly an hour before I noticed it arriving in my spam box
<acmehandel> which is was not.
<dork_> yeah but where did the messages come from
<dork_> you're saying it looped the same legit piece of mail
<dork_> ?
<acmehandel> no.  not the same legit.  But new ones.  They were fail2ban, psad and logwatch messages
<dork_> ohhhh
<acmehandel> which unforunately I had set up incorrectly
<dork_> how many were in the queue
<acmehandel> ..apparently
<acmehandel> thousands
<dork_> there's a specific limit especially for free gmail accounts
<acmehandel> just checked mxtoolbox says no ptr records exist
<dork_> so if you fixed a problem and then bounced postfix while the queue was full then chances are yeah you could be rate limited
<acmehandel> so I guess I'm clear for now.
<dork_> is this just a mta that accepts mail to localhost only?
<acmehandel> rate limited does not scare me...at least I dont think it should.   right?  I just dont want to be black flagged
<acmehandel> or banned or whatever
<dork_> no ptr means you have no reverse dns, but the reputation part you have to click the drop down menu at mxtoolbox
<dork_> yeah it just means you won't be able to send to them for a little bit
<acmehandel> I'm actually on two black lists now.   SORBS DUHL and Spamhuas Zen
<acmehandel> wait no sorry....something doesnt seem right
<dork_> what kind of postfix config is it
<dork_> local only? is it an open relay?
<dork_> satellite/relay?
<acmehandel> er.....um....dunno
<acmehandel> how can I check
<acmehandel> one installled automatically with psad
<acmehandel> but not this server
<dork_> if it's self inflicted it should be fine, but you should make sure it isn't a misconfigured server that is being abused and getting you blacklisted
<dork_> if you want you can message me the IP and i'll check
<acmehandel> what is the smartest way to disable a service and prevent it from restarting automatically?  i'm going through a variety of google searches and they dont seem to have any specific answer
<TJ-> acmehandel: it depends on the init system
<acmehandel> its 14.04   I check services using service --status-all  if that helps
<TJ-> systemctl disable <service>; echo manual >> /etc/init/<service>.overrride; update-rc.d disable <service>
<TJ-> that's Systemd, Upstart, and SysV-init respectively
<acmehandel> the echo manual >> override one doesnt work.  I just tried it.  rebooted and the service came back
<acmehandel> update-rc.d throws a 'api not stable and may change error' which is not very reassuring
<TJ-> acmehandel: it depends on which init system script the service uses
<patdk-lap> rm the service file always works :)
<acmehandel> what if I just change the permissions to 000 on the service file?
<patdk-lap> likely wont matter
<patdk-lap> as it is normally run as root
<acmehandel> wont matter in what sense?
<acmehandel> that it wont have any affect?
<patdk-lap> yep
<patdk-lap> it would for sysv though
<patdk-lap> due to lack of execut
<patdk-lap> but not systemd or upstart
<acmehandel> just tried the update-rc.d disable method and that did the trick.  but still not feeling assured that it wont cause a problem later....whenever that later may be
<grendal_prime> I have two nics on conection to atnt_t1 line second to local wireless uplink privider. On rare ocations the wireless provider will go down (usually for an hour) but we need the t1 to act as a backup internet connection. what is the best way to do this . I have an ubuntu 14.04 doing all the routing.
<grendal_prime> ive looked at iproute2 but i dont see a fall_back connection config for that..only a secondary gateway .
<grendal_prime> i think i found something to work it out
<jamespage> bug 1512908
<ubottu> bug 1512908 in nova-compute (Juju Charms Collection) "Inability to add nova-compute host to os-aggregate" [High,New] https://launchpad.net/bugs/1512908
<pmatulis> morning
<Darkyyy> im getting "unable to resolve host" whenever i use SUDO
<Darkyyy> im getting "unable to resolve host" whenever i use SUDO
<teward> Darkyyy: edit /etc/hosts and make sure your hostname is defined somewhere in there, assigned an IP in the localhost range (127.0.0.1-127.0.3.255 preferably being one of the IPs you use)
<teward> Darkyyy: assuming the 'unable to resolve host' hostname referenced is the local box's hostname
<Darkyyy> teward:thanks
<impermanence> I'm getting a relay access denied message from postfix.  I'm new to postfix.  What's the deal?  I can send internally, but as soon as I try to hit gmail I get rejected.  Can somebody tell me how to change my main.cf to allow me hit gmail?
<teward> impermanence: do you mean to send to GMail addresses from your postfix (i.e. your server sends a mail message to GMail)
<impermanence> @teward yep.
<qman__> Anonymous relay is disabled by default, because otherwise it would enable a bunch of spam by default
<qman__> You need to configure who is allowed to relay, either by using g user authentication or configuring allowed relay networks
<impermanence> @qman_ are you speaking to me?
<qman__> That said, your messages will still be rejected by gmail unless you have SPF at a minimum
<qman__> impermanence: yes
<impermanence> @qman_ when I run the same config on a box not in the cloud they reach domains more weird than gmail.
<impermanence> @qman_ I'm pretty sure it has something to do with poor configs in my main.cf
<dork> impermanence: are you the guy that was here yesterday
<qman__> impermanence: as I said, you either need user authentication, or to configure allowed relay networks, and gmail's anti-spam will block you unless you take considerable steps to legitimize your mail
<impermanence> @dork unfortunately.
<dork> hehe
<dork> you're still not able to send to google servers?
<impermanence> @dork not from my cloud box.  But my local box that works and the cloud box both point to the same mail server.
<impermanence> @dork and locally I can send to gmail, whatever, just fine.
<impermanence> @dork it isn't a firewall thing.
<teward> qman__: since you know more about this, I have multiple domains that relay through a postfix system, set up to take mail for something@tld1, something@tld2, somethingelse@tld3, ... and send to my Google Apps email address.  All those forwards there get put into Spam by default, any way to make Google recognize it as 'legitimate'?
<qman__> impermanence: if you're using a hosted server, your host may not allow you to send mail directly; go daddy is set up like this and you must use their mail relay
<dork> impermanence: can you pastebin the relay errors being generated in /var/log/mail.log
<dork> yeah he's on some off-name vps provider
<impermanence> @qman_ aws...
<qman__> teward: need to make sure you're not on any RBLs, set up SPF, and I recommend setting up DKIM
<dork> he had a built up queue from psad/fail2ban/etc that probably all got flushed out but he also has a bad reputation on the known DNSBLs and also has no uniform forward and PTR records
<qman__> teward: you also need valid PTR records
<dork> and he also didn't give me the ip to check to see if ufw was set up properly, because his main.cf was set to listen on all interfaces
<dork> so there's also that
<qman__> Ah
<teward> qman__: got a guide for setting up RBLs, SPF, DKIM, and valid PTR records given that the mail server's domain is mail.someotherdomain.xyz and all MX records point to that for my domains/
<impermanence> give me a sec to pastebin my main.cf  I just need to obfuscate company stuff
<teward> not RBLs
<teward> qman__: the server's not on any RBLs, that's the first one i checked
<qman__> good
<dork> i'm guessing his domain doesn't have proper SPF records either
<qman__> SPF is set up on your domain's DNS server, PTR is set up on your ISP's DNS server
<qman__> DKIM is a bit more complex
<qman__> and not strictly required, but helpful
<dork> it all adds up
<dork> basically
<dork> but basically all the dinosaur RFCs need to be observed first
<qman__> https://en.wikipedia.org/wiki/Sender_Policy_Framework  https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
<impermanence> @dork relay error on pastebin: pastebin.com/zaiyks63
<impermanence> @dork main.cf coming up  (it's probably horrible forewarning)
<dork> did you change it since yesterday
<dork> lol
<dork> i'm not debugging your python hello world
<dork> your code is not forging the required data for the parcel
<dork> insanity
 * dork walks away
<teward> qman__: that doesn't answer my question with regards to the domains being served - does the PTR have to point to *each* domain's mail.domain.tld, or if the MX record for my domain is mail.somethingelse.xyz, do I just need to make sure the PTR is mail.somethingelse.xyz ?
<teward> qman__: a guide for setting up SPF in this case would be nice, though
<dork> teward: there is a galaxy of examples of spf records and what they do
<dork> teward: you should read the RFCs
<teward> dork: none that I've gotten to work - the pointbeing the mail server has a different domain, and I'm not sure how to add/include that data in the SPF in a way it works/operates correctly
<qman__> teward: the PTR has to resolve to what your mail sever tells people it is, when they connect
<qman__> not required for every domain it hosts
<teward> ok
<qman__> and that has to be a valid, real domain
<teward> right
<dork> all it does it uses a dns record to identify what servers are qualified to send legitimate e-mail on behalf of a domain
<teward> qman__: that applies to both the v4 and v6?
<qman__> yes
<teward> OK
<teward> i'll take those steps.  any way to verify I set up SPF right though, easily?  (It helps I control the DNS servers for my sites, instantupdates for the win)
<impermanence> @dork the py code is fine.  works beautifully with internal addresses.  I wouldn't do you like that pal!
<dork> teward: use dig in a terminal and look at various examples by querying domains
<dork> like dig txt yahoo.com
<impermanence> @dork anyway forget that.  look at my main.cf which I'm sure is terrible.
<dork> impermanence: the parcel you're creating isn't respecting RFC standards
<impermanence> @dork pastebin.com/8m9zhKdN
<dork> and partly because your main.cf isn't configured properly
<impermanence> @dork I'm sure not.
<dork> but if your script were creating a MIME compliant parcel it wouldn't even matter
<dork> and if your postfix config were properly configured it would be rewriting the headers properly
<dork> unfortunately i need to leave to go back to work
<impermanence> @dork np, pal.  I'll work it out.  I always do.  Just wanted to consult the experts first.  have a goodin'
<Darkyyy> hello
<Darkyyy> how i edit my hostname
<Pici> !hostname
<ubottu> Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hosts to include BOTH the old and new hostname and then change /etc/hostname to the new one. WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly.
<Darkyyy> yeah i got that part
<Darkyyy> what do i exactly fill in
<Darkyyy> i can see my local ip and some temporary hostname my hoster put in
<Pici> Darkyyy: copy that line, but replace the temp name with your new hostname
<Darkyyy> which is ?
<Darkyyy> external ip maybe ?
<Pici> Darkyyy: I don't know, what do you want your new hostname to me?
<Pici> er, be?
<Darkyyy> pici
<Darkyyy> ;)
<Pici> it can be your fqdn if you want., so for example my /etc/hosts has:  66.228.45.177   nullcortex.com  nullcortex  and /etc/hostname has just nullcortex.com
<keithzg> What RBLs would one recommend for email spam blocking currently? Right now I'm just using zen.spamhaus.org
#ubuntu-server 2015-11-11
<mark0> hey guys
<jak2000> i want clone a hard disk to other how to do? i try download ubuntu64.iso and with unebotin install on a usb, start from the usb, but not give me the option of try or start ubuntu from usb. any advice?
<MACscr> Any ideas my bond isnt working correctly? host is ubuntu 14.04 lts. http://pastie.org/10549923. Traffic on the bond stops working if mlx2 has no physical connection
<MACscr> bond should be a bit more resilient than that i would hope
<lordievader> Good morning.
<jgjl> Hi, the "isolcpus" boot parameter does not seem to have any effect in Ubuntu 15.04 server.
<jgjl> I set isolcpus=4-23,28-47 in the kernel, but cat "/proc/$$/status|tail -6" still gives me "Cpus_allowed_list: 0-47"
<jgjl> Any ideas?
<jgjl> Found the cause of the issue, "/proc/$$/status|tail -6" is not the right approach to check if "isolcpus" works, "sysctl -a | grep sched" does the trick
<jgjl> however, isolcpus still does not work
<mark0> morning all
<mark0> do you guys do burn-in for new file server drives? I'm looking at running SMART long test then badblocks but it sounds like badblocks could take two full days or longer to run on 4tb drives
<ikonia> burn in ?
<ikonia> just plug them in and use them
<mark0> I had read a few different guides that advised running burn-in tests to make sure the HDDs don't fail right off the bat
<ikonia> just plug them in and use them
<The_Shade>   hi
<jimmy51v_> hello, i'm trying to install ubuntu server 14.04 under qemu.  installer errors with ""failed to load installer component" loading apt-cdrom-setup failed for unknown reasons" after a while.  is there some log i can look at to figure out why?
<jimmy51v_> nothing in /var/log
<jimmy51v_> other than syslog
<arcsky> question guys, ist possible that sudo apt-get install gnome. reboots after its finished? if not can ubuntu reboot its self like windows updates do sometimes?
<bekks> arcsky: No. No.
<jimmy51v_> you can make it reboot if you want, i guess
<bekks> No.
<jimmy51v_> something like sudo apt-get install gnome && sudo reboot or whatever
<dave4925> set a timer to reboot after 5 hours ;)
<jimmy51v_> bekks: why not?
<dave4925> I think you can cron it
<arcsky> possible to check why machine got rebooted?
<bekks> jimmy51v_: && is onvoking a second command after finishing apt-get. so no, there is no way to tell apt-get to reboot after installing updates. sudo reboot is a second command. :)
<dave4925> it's just not developed to do that but it sounds like a good idea for the desktop environment
<bekks> arcsky: Take a look at the logs.
<bekks> dave4925: It sounds like a pretty pointless idea. No reboot is necessary except for kernel updates.
<dave4925> bekks some apps really need a reboot but don't tell you.  If I'm on desktop I just reboot and I see the difference
<bekks> dave4925: There is not a single app that requires a reboot in linux.
<bekks> Not one.
<dave4925> yeah that's what they say
<bekks> Thats a fact.
<dave4925> but guess what there are many devs and they don't all document each interaction
<bekks> Which app does require a reboot for you, besides the kernel?
<dave4925> it's just what I've noticed on desktop
<bekks> NAme the particular app please :)
<dave4925> I don't remember the particular ones there are thousands and I just told you my general experience.  It's been on desktop and not server
<bekks> There is not a single app which requires a reboot. Only the kernel cannot be updated while it is loaded.
<tarpman> some libraries i.e. openssl trigger update-notifier to recommend a reboot, to be 100% sure no running process still has the old image
<tarpman> that's different from "requiring" a reboot, of course
<dave4925> sometimes you just have to reload the UI to get things working proper
<bekks> dave4925: Reloading the UI does not require a reboot.
<jimmy51v_> RAM
<bekks> RAM what? :)
<jimmy51v_> my issue was RAM.  i needed to specify 512MB of RAM for my VM.
<jimmy51v_> the installer crapped out with whatever the qemu/kvm default was
<dave4925> I know rebooting is a major thing on a server but on a single user desktop whats the deal
<bekks> Nothing's the deal. There is just nothing besides the kernel requiring an update.
<bekks> s/update/reboot/.
<teward> rbasak: still around/alive?
<teward> rbasak: regarding the dpkg-divert and the nginx package, Appendix G is restated in Debian Package Policy 10.7.4 - diversions are not appropriate.  So, I've "Won't Fix"'d it on that point, and because the bug poster agrees it should be handled in Debian first.  Though, what they're trying to do appears to be policy violation.
<teward> (no more actions from me on this)
<teward> rbasak: you also can't isolate nginx-full, etc. from nginx-common - that would break everything.  They'd have to spin their own packages at that point to really make it work the way they need.
<arcsky> my Vnc is just grey when i try to connect to it.  i did started it with sudo tightvncserver :1 -geometry 800x600 -depth 24
<bekks> arcsky: what did you expect?
<arcsky> gnome
<arcsky> i got it to work. http://broderick-tech.com/vncxstartup-files-ubuntu-14-04/
#ubuntu-server 2015-11-12
<teward> is there an easy way to let my user run `sudo service bind9 restart` or `sudo service bind9 *` without having to enter my password?
<teward> (where the * indicates any directive that would be passed to the init scripts)
<teward> init.d scripts*
<RoyK> teward: visudo - add NOPASSWD for those commands you don't want to enter a password
<teward> RoyK: including the arguments?
<teward> (such as the arguments given to 'service')
<RoyK> teward: see the manual
<repozitor> i have successfully setup mail server, by this tutorial
<repozitor> https://help.ubuntu.com/lts/serverguide/postfix.html
<repozitor> now i don't know how to login to mail account, using thunderbird!!!!
<repozitor> any idea?
<AvatarA> if you want to also send mail from that server your difficulties have only just begun
<repozitor> AvatarA, so is there exist any tutorial?
<AvatarA> very few good ones but you need to understand what is happening if you want to be able to tweak and fix things
<repozitor> AvatarA, just show me a proper url, please.
<AvatarA> https://scaron.info/blog/debian-mail-postfix-dovecot.html
<AvatarA> also see the follow up on SPF and DKIM if you want to send mail without it ending up filtered in spam or just refused
<AvatarA> also search google for PTR records
<repozitor> i know how to setup ptr
<patdk-lap> do you have a /24?
<patdk-lap> if not, ask your isp
<caliculk> Hello, I seem to be having issues with a Ubuntu Server 14.04 LTS instance. It seems to randomly shut off, there is no reason being as to why in syslog. I have ran memtest, fsck, and spinrite on the primary drives.
<caliculk> I would really appreciate any help in trying to narrow down the problem. The most recent thing I did before it seemed to crash was to delete an ipset rule and then run a script to update it with the latest IPs, but I have done that before and it doesn't crash, so I don't think that was the contributing factor to the machine crashing.
<rbasak> teward: sounds perfectly reasonable.
<Raj009> Hi! How can I check the encryption method used for a partition? Basically I want to know if a passphrase is used or random key is used for encryption.
<TJ-> Raj009: if a random key is used that implies the encrypted partition won't be accessible after a reboot
<Raj009> I intended to use random key for my swap. But not sure which partition I chose - whether root or swap.
<Raj009> So can I assume that if I had used random key on root, I wouldn't be able to boot at all?
<TJ-> Raj009: did you do the encrpytion config manaully or via the installer? if it was automated the config will be in /etc/crypttab
<Raj009> it was done via the installer, but I did not use the guided paritioning - instead I chose the manual parititioning
<TJ-> cryptswap usually uses /dev/random to generate a one-time key, and that would be in the 'key-file' column of /etc/crypttab
<Raj009> thanks @TJ.. I will check this file.
<jamespage> coreycb, https://bugs.launchpad.net/ubuntu/+source/ceilometer/+bug/1515409
<ubottu> Launchpad bug 1515409 in ceilometer (Ubuntu Vivid) "swift proxy with ceilometer pipeline fails to start version conflict" [Critical,Triaged]
<jamespage> coreycb, we probably need to consider how we deal with that - both ceilometerclient and neutronclient have minor version bumped on stable/kilo branches; the problem is that all of our stock testing passes just fine - until someone touches an edge case like that we don't see this type of problem.
<coreycb> jamespage, great
<coreycb> jamespage, I'm not sure what we can do other than picking up new releases
<coreycb> jamespage, I suppose we might be able to get away with patching requirements.txt
<pmatulis> morning
<ayr-ton> If I use bind9 geo dns features, placing different IPs for each region, users around the globe will ask records from my DNS servers everytime? Or the DNS servers around the globe would cache this information according to my lease time?
<patdk-wk> cache
<patdk-wk> why would dns servers not process dns traffic correctly?
<patdk-wk> though, you should perfer the infomation to be cached, unless your attempt to do some kind of failover usage
<patdk-wk> and the geo dns feature does not work very well
<patdk-wk> it only works if the user and the dns server they are using, are closely located
<ayr-ton> patdk-wk: Do you have some documentation for this? About this behaviour?
<ayr-ton> showing that doesn't work well if the dns server are not close?
<ayr-ton> Or why the feature doesn't work very well?
<patdk-wk> heh? documentation?
<patdk-wk> what more documentation about this behavure do you need than the dns rfc from like 30 years ago
<patdk-wk> your dns server ONLY sees the location of the requesting dns server
<patdk-wk> you have no idea where the client is
<patdk-wk> how can you possibly geoip a client correctly, assuming your geoip tables are accurate if you have no idea where it is?
<patdk-wk> you can assume the client and the dns server it is using is close, but there is no way to know
<patdk-wk> if this worked, and worked well, no one would bother attempting to do anycasted services
<patdk-wk> anycasted dns will work better then geoip dns, but still have some of the issues
<patdk-wk> if you attempting to route traffic
<hallyn> smb`: bug 1465935, there isn't a testcase (no sru justification at all) in description?
<ubottu> bug 1465935 in QEMU "kvm_irqchip_commit_routes: Assertion `ret == 0' failed" [Undecided,New] https://launchpad.net/bugs/1465935
<hallyn> arges: d'oh!  i am so far behind.  I didn't realize you had already merged libvirt from unstable in wily!
<hallyn> i assume zul wasn't as ignorant as i..
<hallyn> so i will not do a upstream merge, that would be a step backwrad.
<hallyn> thanks for that!
<arges> hallyn: yea did it for wily not x
<hallyn> arges: ?  it says wily in changelog
<hallyn> 1.2.16-2ubuntu2) wily;
<arges> hallyn: sorry just agreeing with your earlier statement
<hallyn> doh, misread
<kgirthofer_> can I grep by color?
<kgirthofer_> i.e. grep things that are shown in red
<sarnold> kgirthofer_: it'll be a little difficult, there's multiple ways to express 'red' in ansi color escapes
<kgirthofer_> ah ok
<kgirthofer_> makes sense
<sarnold> kgirthofer_: try this: grep "\e[31"
<sarnold> (I stole the thing from http://misc.flogisoft.com/bash/tip_colors_and_formatting )
<sarnold> if that doesn't work, it might be because of the <esc> encoding.. ^V<esc> should insert a raw escape into a command line, so something like grep ^V<esc>[31   ought to do it too, but that probably can't be copy-pasted, is hard to work into scripts, etc.
<bryn__>  I keep getting permission denied everywhere on my server. From opening text files to creating a directory. How do I change to permissions so that I can access the whole project file on the server?
<keithzg> bryn__: If it's just a specific folder, you can always go "sudo chmod -R go+rw foldername". That will change it so that all members of the owning group (hence "g") and also *all other users anyways* (that's the "o") gain ("+") read and write ("rw") permission to that folder, and all its contents recursively ("-R").
<keithzg> Be *very careful* with this though because you're making it so that any user can write to any file in that hierarchy.
<bryn__> Hey, thanks for the reply, can you check this: http://pastebin.com/uij4YWGa
<keithzg> bryn__: Looks like your sudoers file is messed up. Did you try and change it at some point?
<ikonia> I suspect it's more than the sudoers file
<ikonia> based on what he's saying in #ubuntu
<bryn__> Over 100 people working on this server, most likely.
<ikonia> bryn__: talk to your systems administrator
<keithzg> ikonia: Fair enough, not on #ubuntu right now; I'll bow out then :)
<bryn__> I am the sysadmin
<ikonia> there is a lot of information not being shared
<ikonia> bryn__: impossible
<ikonia> bryn__: hire a professional system to recover this server properly
<bryn__> I prefer Google
<ikonia> and thats why your server is broke
<ikonia> and why you don't know how to change file system permissions
<bryn__> I'm learning
<ikonia> clearly not
<bryn__> learning through failure
<keithzg> Yeah frankly if you're the sysadmin of a server with over 100 users and you don't know something as basic as that, you need to hand the keys to the kingdom over to someone else until you learn a LOT more.
<ikonia> I suspect your server will have problems that will start to grow with time as more files in /etc are parsed
<keithzg> Play around with a VM first, with snapshots you can revert to when you screw up, if you're determined to learn by breaking things
<bryn__> I'm trying this: http://ubuntuforums.org/showthread.php?t=1772599
<ikonia> do not try anything else
<ikonia> you will make things a lot worse and potentially stop 100 people
<ikonia> contact/hire a professional sysadmin for a recovery / re-install with data transfer job
<bryn__> I call you
<ikonia> no
<bryn__> it worked now, using that link
<ikonia> as I said, based on what you've said, I suspect a lot more has been changed in /etc
<ikonia> and your server will have more problems
<bryn__> Perhaps
 * keithzg figures bryn__ is just trolling at this point
<ikonia> I also don't think you're being honest
<bryn__> about?
<ikonia> as gksu woudn't be on your distro or present on a server install
<bryn__> I installed it. The permissions like good for now.
<keithzg> ikonia: Eh, now *that* I wouldn't be so sure of. Anyone who'd hire this guy as a sysadmin---if we believe that part---may well install a desktop version of Ubuntu!
<ikonia> he couldn't use sudo - but he managed to install gksu
<keithzg> Yeah, I'll definitely agree things weren't adding up.
<ikonia> the whole thing in #ubuntu was miss-direction
<bryn__> Someone remove admin rights from Ikonia he is trolling and banning me for no reason.
<bryn__> This is completely unfair
<bekks> bryn__: *plonk*
<bryn__> Im having technical issues and because im learning and new to this stuff he kicks me.
<ikonia> I'll remove the ban on you
<bryn__> Everyone starts somewhere buddy. What is wrong with you?
<ikonia> I don't believe you are being honest
<ikonia> win 7
<ikonia> I don't have a problem with everyone starting somewhere
<bryn__> I am being as honest as possible and you were right. I just tested sudo and it did not work, i was under the assumption i was using sudo but I did not check again.
<ikonia> and it did not work
<ikonia> you said a minute ago it did work
<ikonia> funny that
<ikonia> and you said you installed gksu using sudo
<bryn__> I thought I had because i was able to access some files, but they were outside the "etc"
<ikonia> how did you install gksu without sudo
<bryn__> I thought I had, sorry.
<ikonia> no you didn't think you had
<ikonia> as if you type gksu and it's not there it will tell you it's not there
<ikonia> you said you tried that ubuntu thread, install gksu - ran the command and it worked
<ikonia> what's really going on here ?
<bryn__> I just told you I thought i had, but you are right now that I try it it says that UI error.
<ikonia> how did you think you had installed it
<ikonia> what command did you use to install it ?
<keithzg> bryn__: If you really are the sysadmin of this, to even start to fix things you'll be best off rebooting the system into recovery mode. If you aren't able to do that, then frankly you clearly don't have valid access to the machine in question...
<bryn__> I'm in a rush and trying to solve this ASAP, i clearly missed it, and proceeded with the other stuff.
<bryn__> I tried this: sudo apt-get install gksu
<ikonia> bryn__: so that command would have errored
<ikonia> so thats problem one
<ikonia> the second command you run to launch gksu
<ikonia> "gksu" would have complained that the command wasn't there
<ikonia> so how did you tell me you had installed gksu, ran the command in the forum post and it had worked
<ikonia> when a.) it's clear gksu did not install b.) it's clear gksu did not work as it wasn't installed
<ikonia> I strongly suggest you hire someone to get your system in a production state, then take some lessons on the basics of learning linux,
<bryn__> The only option is a server reset, yeah?
<ikonia> I'll leave you to your own work as I'm not comfortable that you are telling the truth
<bryn__> Could you unban me from the Ubuntu please
<ikonia> you are
<ikonia> although I'd suggest you keep it in this channel
<ikonia> as this is the channel for server discussion
<bryn__> Thanks, yeah - I will. Thanks for your feedback also, but a little harsh on that previous ban.
<ikonia> possibly
<ikonia> but as I said, I don't believe you are being honest
<bekks> I guess the /etc/sudoers not being owned by UID 0 is a clear sign of a totally broken system.
<bryn__> I believe it is
<bryn__> I will my a** kicked tomorrow
<sarnold> hint: _always_ use visudo when you're modifying the /etc/sudoers file. infact forget the name entirely, pretend the only way to work with the file is via visudo.
<bekks> bryn__: Soyou messed up the server like that?
<bryn__> I tried changing permissions for a directory and ended up getting UID 0 error.
<bekks> So what was the command you issued?
<bryn__> sudo chown -R jesus: /var/www
<bekks> That command will not touch /etc/sudoers
<bryn__> Yeah that, and other that touched the whole server directory
<bekks> Which other command?
<bryn__> Don't remember exactly, but sudo chown -R jesus: /jesus
<bekks> That command will not touch /etc/sudoers either.
<bryn__> etc is within "jesus"
<bekks> No.
<bekks>  /etc/sudoers is clearly outside of /jesus
<sarnold> did you symlink /etc to someplace within /jesus???
<ikonia> you can't symlink etc
<ikonia> the machine won't boot
<sarnold> or .. mistype the command sudo chown -R jesus: / jesus   perhaps?
<sarnold> sure, but it'll keep running "fine"
<bekks> ikonia: you could create a symlink TO /etc/sudoers in /jesus
<ikonia> bekks: that is fair
<bryn__> "jesus" is the root. Its the "/" where everything exists within
<Jordan_U> bryn__: Please pastebin the output of "history | grep chown", which should tell us all of the commands you have run (at least within this particular shell session) that include "chown" in them.
<bekks> bryn__: / is the root.
<ikonia> jesus is not the root
<bekks> bryn__: /jesus is a directory under /
<bryn__> Yeah I didn't remember exact, I thought jesus was root
<bryn__> Now I recall I did do sudo ... /
<ikonia> your a sysadmin on a server with 100+ users and you don't know where the root file system is
<ikonia> this is a huge concern
<bryn__> I feel the same
<bekks> Its quite unresponsible of his boss.
<ikonia> I don't believe it to be honest
<bekks> me neither.
<bekks> And we stell got no pastebin of "history | grep chown".
<bryn__> It isn't a "business" so its nothing to seriously worry about.
<sarnold> ikonia: I dunno, seems about average experience level of the usual "I want to set up a minecraft server" admin :)
<patdk-lap> I want to setup a wordpress server
<bryn__> bekks I did history | grep chow
<bekks> bryn__: Pastebin it.
<bekks> bryn__: Do not pm that to me. Pastebin it and provide the URL to your pastebin.
<bryn__> Honestly, I did the command, but can't see any list of commands used.
<bekks> Pastebin the output.
<bryn__> sure
<patdk-lap> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<bryn__> http://pastebin.com/W2D8wueW
<bekks> Why do we have to ask you 5 times for getting a pastebin.
<ikonia> why is the sudo command for the install of gksu not there
<ikonia> or the running of gksu ?
<bekks> Because he is not honest.
<bryn__> idk
<bekks> I am out of this issue.
<ikonia> you'd see the history command too
<bryn__> It doesn't matter though, since sudo isnt installed. It wouldn't work
<ikonia> the fact tha tthe lines jump from 109 to 121 shows it's being edited
<ikonia> bryn__: it does matter
<ikonia> as it's something you said you did
<ikonia> and yet for some reason it's not logging commands
<ikonia> just 2 commands with random numbers
<sarnold> bryn__: sudo _is_ installed, you just broke it with something you did.
<ikonia> bryn__: did you edit the pastebin to not show all commands ?
<bryn__> I am very new to this. I am not sure what I am looking at in terms of commands and such with terminals.
<bryn__> That's the exact copy paste
<ikonia> bryn__: did you edit the pastebin ?
<bryn__> No
<bryn__> Why?
<Jordan_U> ikonia: It's expected that the number as part of the history would jump. I asked them to use grep, which will filter out other commands with other numbers.
<ikonia> so your history starts at 109, rahter than 0, misses out 110-120 and shows 121
<ikonia> Jordan_U: idiot - I missed the grep, thank you
<sarnold> because the two spaces in front of '121' got there _somehow_, and the easiest explanation is that you fiddled with the output..
<bryn__> I didn't fiddle with the output nor do I have ambitions to do so
<Jordan_U> ikonia: You're welcome.
<ikonia> Jordan_U: my fault toally, good spot
<bryn__> What grep?
<bekks> the one you typed.
<ikonia> it filters results
<bryn__> Yeah
<Jordan_U> Unfortunately without histappend (which I think should be the default in bash, or at least some better solution) we can't be sure that all commands (even recent ones) are reflected in the history.
<ikonia> certainly default on an ubuntu install
<patdk-lap> not on any of my installs using ubuntu defaults
<bryn__> I'm just going to reset the server tomorrow. But I have a question, I shoudn't get permission errors on a fresh install right?
<ikonia> patdk-lap: got it on a 14.04 install here
<patdk-lap> none of mine, but then I only do jeos installs
<sarnold> bryn__: it depends what operations you're trying to perform.
<bryn__> creating new directories in the var/www and editing etc/couchdb
<Jordan_U> bryn__: By "reset" do you mean re-install, restore from backup, or something else?
<bryn__> I have a snapshot
<ikonia> how did you snapshot ?
<bekks> Snapshot? Isnt that a physical server?
<bryn__> Yes
<bekks> So it is a virtual machine?
<bryn__> I don't know
<bekks> Then how did you snapshot?
<thebwt> lvm snapshot?
<bryn__> A colleague is taking care of that part
<bryn__> So I have no clue
<Jordan_U> bryn__: Is that colleague also taking care of restoring based on that snapshot?
<bryn__> Yes
<Jordan_U> Great.
<bekks> So get your hands off that machine and leave the rest to him :)
<bryn__> He's like me :)
<bekks> Then hire someone who isnt.
<bryn__> Yeah
<bryn__> But we don't want any help from hiring people,
<bryn__> Since its a fiddle n' diddle thing
<bekks> So he broke the production server, and knows he'll have to tell his boss, very soon.
<bekks> </2c>
<sarnold> definitely the kinds of learning mistakes best made on a personal system :)
<ikonia> sorry but I don't believe almost any of it
<bekks> I'm just sure he broke something :)
#ubuntu-server 2015-11-13
<cynixx3> How bad of an idea is it to install php 5.3.10 on ubuntu server 15.10? With mcrypt, curl, and mysql support.
<OerHeks> cynixx3, precise 12.04 lts comes with 5.3.10
<OerHeks> if it is a bad idea, don't know, you sure have a reason
<cynixx3> could I use the 12.04 repository of those packages to install on 15.10?
<MrBy> hi, i sucessfully installed landscape and openstack. Now i want to extend openstack with other units like ceilometer, etc... is there any documentation howto do it?
<pmatulis> morning
<zul> jamespage: is that pylxd with py3 or py27?
<jamespage> zul, py27 - I was trying to backport the pylxd package for the UCA
<zul> jamespage: ack
<jamespage> so its a package build failure rather than just in git
<jamespage> zul, I think that the constants in the ssl module have changed - might need to tweak based on version in use
<jamespage> the pull request for websockets had something in it to that effect I think
<zul> jamespage: yea
<zul> jamespage: looking at it now
<zul> jamespage: this works http://paste.ubuntu.com/13247939/
<jamespage> zul, looks ok - you might what to push the hasattr in the runtime code out of the method call, so its called once rather than one every socket creation?
<zul> jamespage: yeah
<jcastro> utlemming: or rcj: can one of you guys submit fixes to this answer? http://askubuntu.com/a/125252/235
<jcastro> there are questions people are asking about how the mirrors are set up that I can't answer
<jcastro> also I totally forgot we moved away from s3 for those things
<paule32> hello
<paule32> i have problems with squid3
<paule32> http://pastebin.com/kE3kbVGT
<paule32> this is my config
<paule32> http://pastebin.com/p1zAkhDQ
<paule32> and this is the php script
<paule32> but squid seems to be not filter website's
<paule32> i have use iceweasel with proxy enabled
<paule32> port is ok
<paule32> how can i make it work
<sarnold> paule32: hmm, be careful with that php script, you've written an sql injection bug into it on line 15; perhaps squid mangles inputs enough that users can't actually exploit it, but I wouldn't want to rely on that.
<sarnold> paule32: what happens if the query returns nothing? will the $row[2] reference blow up?
<paule32> sarnold: i run the in the console, it waits for input and iff i type in "foo" press return/enter key it print outs "ERR"
<sarnold> paule32: ah, good; that just leaves the sql injection :)
<paule32> but squid don't realize it
<paule32> any ideas?
<sarnold> paule32: I don't see %DST described here, http://www.squid-cache.org/Doc/config/logformat/ -- are you sure that part is correct? do you get any errors or warnings in any of the log files at squid startup or when querying the squid proxy?
<paule32> http://pastebin.com/t88d0pf3
<Deliant> i need to be able to connect to sftp to save my backups (only used rsync before), how do i generate a cert and connect? (yes i tried connecting normally with just user@host)
<jelly> Deliant: sftp is just a subsystem of ssh.  Look up key-based authentication for ssh.
<Deliant> so i should just be able to ssh-copyid it as if it was rsync?
<Deliant> naa.. uha
<Deliant> normally ftp up the .pub file as .ssh/authorized keys then?
<sarnold> Deliant: I like to -append- the public portion to ~/.ssh/authorized_keys -- you may have one or two there already for other systems or other programs..
<paule32> sarnold: ?
<sarnold> paule32: how about other logs?
<paule32> in the log:
<paule32> helperHandleRead: unexpected read from blockscript #Hlpr0, 4 bytes 'ERR
<Deliant> sarnold: sorry, i think thats what i meant. rename the .pub to authorized_keys and normally ftp it to the server
<sarnold> paule32: interesting, that may be an error from connecting to the mysql daemon. add more debugging around the connect failure
<Deliant> hm ok, so i ftp'd over the .pub key from the cert i generated to my sftp backup server and put it in ".ssh/authorized_keys", but it still won't allow me to connect through sftp
<sarnold> Deliant: check ls -ld ~/.ssh ~/.ssh/authorized_keys -- the ssh daemon is very picky about those having correct permissions
<Deliant> its 600
<sarnold> Deliant: and ~/.ssh/ ?
<Deliant> when i try adding a key to my desktop filezilla client it says the key format is not supported for sftp and asks if i want to convert it to .ppk?
<Deliant> ah right, not 600
<sarnold> Deliant: are you sure with filezilla that you're not confusing sftp and ftps? ftps is every bit as terrible as ftp and should be avoided.
<Deliant> im very familiar with filezille (i usually use rsync), but when i try to add keyfile under "SFTP" tab it wont accept the rsa key i just generated
<Deliant> its just saying its not a supported format by filezille though, so maybe not applicable
<Deliant> and its on my server i'm trying to do this anyways
<Deliant> damnit, why couldnt they just have used rsync :|
<Pwnna> for mdadm, do i need to create a partition table for my drives before creating an array via mdadm?
<paule32> i dont can't filter url's/domains with helper mysql
<paule32> anyone experinces with it?
<OEP> Is there anyone here with experience with the Apache 2 MPM ITK module on Ubuntu 14.04? I am trying to use it but get the "No MPM loaded" error when I start Apache.
<yeats> OEP: do you have a LoadModule directive in /etc/apache2/apache2.conf (as described on this page: http://mpm-itk.sesse.net/)?
<capricorn_1> Pwnna> you need to create a partition table
<OEP> yeats: We do have "LoadModule mpm_itk_module ..." in a modules.conf, we are using a custom /etc tree though
<yeats> OEP: anything in /var/log/apache2/error.log (or similar)?
<Pwnna> capricorn_1: i just tested in virtualbox and it seem like i just did mdadm --create /dev/md0 --num-devices... /dev/sda /dev/sdb ... i didn't actually explicitly create a partiton table?
<OEP> yeats: It doesn't seem to be producing any log output.
<capricorn_1> I have this in my notes:
<capricorn_1> mdadm --create --verbose /dev/md0 --level=0
<capricorn_1>         --raid-devices=2  /dev/sdb1 /dev/sdc1
<capricorn_1> mdadm -Cv /dev/md0 -l5 -n5 -c128 /dev/sd{a,b,c,d,e}1
<capricorn_1> mdadm -S /dev/md0   stop array
<capricorn_1> mdadm --detail --scan
<capricorn_1> you may output the above command into mdadm.conf file which might look like
<capricorn_1> this:
<capricorn_1> DEVICE          /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1
<capricorn_1> ARRAY           /dev/md0 devices=/dev/sda1,/dev/sdb1
<capricorn_1> ARRAY           /dev/md1 devices=/dev/sdc1,/dev/sdd1
<capricorn_1> mdadm -As /dev/md0      start an array
<Pwnna> right
<Pwnna> but if you jsut want to use the entire disk do you even need partition tables?
<capricorn_1> I would think so. How do you know what kind of formatting is going to be there? I've always partitioned drives for linux ext[3,4] types
<capricorn_1> that makes it easier to recover in case of problems. Since you are playing in virtual environment you may try both and see what happens.
<TJ-> Pwnna: partitioning is optional for non-boot devices
<Pwnna> well don't you just create a lvm ontop of the md[0-9]+ devices and then do mkfs.[fav-fs] /dev/mapper/lv-vg1 or whatever
<TJ-> Pwnna: for example, LVM LVs rarely use partitioning, unless they're for VM guest images
<Pwnna> TJ-: is this documented somewhere? I can't seem to find it on search
<Pwnna> hmm
<TJ-> Pwnna: bootable requires some form of partitioning unless it's a floppy (emulated) boot, for example
<yeats> OEP: you'll want to make sure that logging is correctly configured - otherwise, you're flying blind
<Pwnna> hmm i guess that makes sense
<Pwnna> because only on boot does the partition table make a difference, or if you want multiple partitions. but it doesn't matter because we're creating logical structures on top of multiple disks with mdadm and lvm?
<TJ-> Pwnna: ISO 9660 El Torito is another exception, in there's no MBR/GPT required, but that's a different thing altogether
<Pwnna> but the question is is this documented somewhere?
<capricorn_1> you are dealing with software raid here so it's necessary to take care of "lower levels" first. No?
<TJ-> Pwnna: is 'what' documented, precisely? whether or not to use partitions? It's an administrator decision usually
<OEP> yeats: Well, if I start it with prefork, it will produce log output, but not with itk.
<Pwnna> TJ-: i suppose i'm looking for why something needs/don't need to have a partition table. everyone on the internet just say use gdisk to create a partition table without justifying this choice.
<yeats> OEP: from the glance I took of the page I shared above, it looks like itk is supposed to run alongside mpm-prefork
<yeats> (but I may be wrong)
<yeats> never having used it ;-)
<TJ-> Pwnna: if the array is on bootable disks, either those disks need to be partitioned, and the array built on partitions, or if whole-disk arrays, the MD device needs partitioning *and* it needs to use metadata version 1.0 (or 0.9) so the meta-data isn't at the start of the underlying devices
<OEP> yeats: Yeah, I can load the two modules together, but when it comes the time to setgid I get a failure in the logs. It makes me think apache doesn't see itk as a compatible mpm. :P
<Razzdoll> hey all- was wondering.. im not the greatest, and absolute beginner, is this 300MB storage limit? http://pastebin.com/TAk6urGf
<OEP> They have some pretty funny version requirements there on that page.
<Pwnna> TJ-: so if that means I can create a partition table ontop of /dev/md0? like using fdisk or gdisk?
<Pwnna> s/if/does
<TJ-> Pwnna: yes, of course, once the block device is available you can do whatever you want with it
<capricorn_1> I would go by this: https://raid.wiki.kernel.org/index.php/Linux_Raid
<Pwnna> but what would be the point of having a partition table on /dev/sdX when you have a raid + lvm on top?
<Pwnna> and just put your partition table up there
<TJ-> Pwnna: to make /dev/sdX bootable by the firmware. The RAID might be in a LUKS-dm_crypt container
<TJ-> Pwnna: On GPT there'll be an EFI-SP or BIOS Boot partition
<Pwnna> yeah so does that mean the data there cannot be raided?
<Pwnna> unless you have a hardware raid or something?
<Pwnna> because it has to live on one disk and one disk only
<TJ-> Pwnna: correct; unless the UEFI/BIOS 'knew' about the software RAID. With RAID-1 mirrors, as long as the metadata is at the end of the disks, then firmware can still boot from either drive
<TJ-> hardware RAID can be ignored since even the firmware only sees the 'logical' device, not the underlying devices
<Pwnna> right
<Pwnna> so that means my boot drive cannot be RAID0 or RAID5/6, right?
<Pwnna> because it's not a mirror and  things can be everywhere
<Pwnna> that's interesting.
<OEP> yeats: Oh, actually I think you are right. I just noticed the call to setgid() is actually coming from itk. Something else must be the matter, like the privilege drop happened too early.
<capricorn_1> Creating RAID in virtual machines is pointless. That needs to be taken care of in KVM or core OS in the first place.
<Pwnna> capricorn_1: i'm just testing the process of creation
<capricorn_1> I know, just mentioned ...
<Pwnna> i have to provision a handful of servers with the same RAID layout so i want to test..
<Pwnna> TJ-: i suppose it's possible to put /boot and /efi on one super tiny storage device (4GB flash module), and then have / be mounted from a different disk array backed with raid
<Pwnna> or even multiple storage in RAID1, as you were saying
<Pwnna> interesting.
<TJ-> Pwnna: yes
<Pwnna> that's pretty cool.
<Pwnna> so do you even need to create a parititon table on the lvm volumes, then?
<Pwnna> does it even matter?
<Pwnna> like MBR/GPT on top of /dev/mapper/lvvg0 or whatever
<TJ-> Pwnna: I provision servers with RAID-1 mdadm RAID, using meta-data 1.0, with the raw devices allocated to the MD device and the MD device partitioned. The partitions 'show up' on the underlying devices and therefore the system is bootable with or without RAID support in worst-case scenarios
<Pwnna> right
<Pwnna> right, but suppose if you want to mount.. a /data drive backed by RAID6
<TJ-> Pwnna: what that means is a single disk can read the boot-loader and boot part of the way even without MD RAID support
<Pwnna> right
<TJ-> Pwnna: then I'd probably not partition the raw devices, and I'd allocate the 'RAID' device to a VG
<TJ-> Then use LV for allocating space
<Pwnna> and just not bother with partitions in the sense of GPT/MBR at all
<Pwnna> is this the /correct/ way to do things?
<Pwnna> because i don't know enough about this. this is the first time i've done a none-raid1 setup.
<Pwnna> last time i had a single disk for boot + raid1 for /data
<TJ-> Pwnna: MBR/GPT is about hard partitioning... once set, its fixed
<TJ-> LVM takes all the 'hard' away and lets you be flexible and reassign things at will
<Pwnna> ahh that's good to know
<TJ-> LVM makes it trivial to do snapshotting, cloning, creating mirrors, etc etc
<Pwnna> do you have any experience with LVM2's builtin raid support?
<TJ-> assigning temporary LVs for testing and destroying them after
<Pwnna> i've tried to do some tests and can't seem to correct things correctly..
<Pwnna> create things*
<TJ-> Pwnna: I use LVM mirror RAID for both the data and mirror log on some systems
<capricorn_1> having "basic partitions" makes it possible to recover in case you have problems. For example, I have a KVM server with simple / partition with functional OS, i.e. all utils to manage other partitions etc. After that LVM kicks in and some VMs use it as "raw partitions"
<maswan> I've done a little bit of lvm raid:ing, and I'd by far trust md above that just for sheer usage base
<Pwnna> hmm
<Pwnna> i'll investigate that later
<Pwnna> thanks all!
<capricorn_1> based on what I see here: https://raid.wiki.kernel.org/index.php/RAID_setup I would create partitions, single at that to make it easier. Good luck
<maswan> I prefer whole disks
<maswan> I'm with Neil there
<Razzdoll> would anybody know please?
<herrkin> TJ-, are you arround?
<herrkin> I have problems with my swap again, it seems everytime I update ubuntu-base it screws the swap
#ubuntu-server 2015-11-14
<paule32> hello
<paule32> someone there with squid3 and mysql knowledge?
<lordievader> Good afternoon.
<paule32> hello
<paule32> some on there with take some time?
<paule32>  my custom external helper does not work
<paule32> <paule32> i want a custom helper, that search website in database
<paule32> <paule32> if it blocked, then return "ERR"
<paule32> <paule32> else "OK"
<paule32> <paule32> here the script:
<paule32> <paule32> http://pastebin.com/p1zAkhDQ
<paule32> <paule32> and here the config:
<paule32> <paule32> http://pastebin.com/kE3kbVGT
<paule32> <paule32> this is log output:
<paule32> <paule32> kid1| helperHandleRead: unexpected read from blockscript #Hlpr0, 3 bytes 'ERR'
<lordievader> paule32: It would probably help you to output the actual error instead of 'ERR'.
<paule32> read from blockscript #Hlpr0, 3 bytes
<lordievader> What I mean is if it errors you don't know if $row[2] was equal to one or if $rec was less than one. When trying to debug something you want as much (relevant) information as possible.
<paule32> $row[0] ::= id
<paule32> $row[1] ::= name (of url)
<paule32> $row[2] ::= blocked (0 || 1)
<lordievader> I guess this is very specific to Squid, perhaps it is a good idea to ask around in #squid.
<paule32> there sill noise
<paule32> in the docs stands - return ERR or OK
<paule32> the funny thing on this stroy is,  i can run the script under console without exceptions
<paule32> i can enter so long as i want
<paule32> cancel with ctrl+c
<lordievader> Likely due to a completely different environment.
<mrtAkdeniz> Hey there
<mrtAkdeniz> Guys I'm trying to create ftp server
<mrtAkdeniz> and I need to use a user who own /var/www/username
<mrtAkdeniz> i can do it with adduser command
<mrtAkdeniz> but my problem is that
<mrtAkdeniz> whenever this user upload a file to there, www-data will say "it is forbidden for me"
<mrtAkdeniz> how can I set default chown or chmod for that directory?
<Sling> mrtAkdeniz: you should make sure the files are owned by a group where both www-data and the user uploading files are member
<mrtAkdeniz> so I need to add that user to www-data?
<Sling> no
<mrtAkdeniz> and set chmod 775 ?
<Sling> no
<Sling> create a new group, add the www-data user and this ftp user to it
<Sling> then make the user the owner of all these files + folders, and make the shared group the group owner
<Sling> then set 750 for folders and 640 for files
<mrtAkdeniz> like chown ftpuser:createdgroup ?
<Sling> sure
<mrtAkdeniz> thanks Sling
<Sling> that way the httpd has only read rights to the content
<mrtAkdeniz> hmm
<Sling> and the user also doesn't have more permissions than he/she needs
<mrtAkdeniz> but sometimes httpd need to write?
<mrtAkdeniz> like logs, io based caching etc?
<Sling> those would be exceptions
<Sling> usually they would be in separate filesystem locations than the regular content
<mrtAkdeniz> actually nope, at least in my framework :\
<mrtAkdeniz> web content are in public folder
<mrtAkdeniz> but logs, sessions, caches etc are in the storage folder
<mrtAkdeniz> storage and public need to be at the same level
<mrtAkdeniz> i mean
<mrtAkdeniz> - storage, -public, --index.html, -var
<mrtAkdeniz> thank you Sling ^^
<mrtAkdeniz> Hey there again!
<mrtAkdeniz> I installed postfix and dovecot on my server, everything works well, I can read and sent mails from roundcube
<mrtAkdeniz> But I can not make smtp configuration for thunderbird or android app
<mrtAkdeniz> If I choose another SMTP and make IMAP conf. it works well
<mrtAkdeniz> but when I try to do smtp configuration, it fails
<mrtAkdeniz> postfix channel says, it is not releated to postfix
<TJ-> mrtAkdeniz: does the mail server have confirmed external access for *receiving* email?
<TJ-> mrtAkdeniz: are there firewall rules preventing connections.
<mrtAkdeniz> there is no firewall on the server
<mrtAkdeniz> and there is no problem about receiving :\
<mrtAkdeniz> If I choose another smtp, i can get my mails on thunderbird
<mrtAkdeniz> if I get your point correct..
<mrtAkdeniz> TJ-, yeah I checked the meaning of receiving -lack of English, sorry-; and has no problem with receiving
<mrtAkdeniz> but SMTP configuration
<TJ-> mrtAkdeniz: for a mail client to be able to send mail over SMTP, the SMTP server (postfix) probably needs to authenticate the client otherwise you'd have an open spam-relay.
<TJ-> mrtAkdeniz: if IMAP4 connections to dovecot also don't work that points to a common issue, which is why I mention the firewall. If firewall isn't the issue, look at the postfix (/var/log/mail.log) and dovecot (/var/log/dovecot.log) logs
<mrtAkdeniz> TJ-, there is no log for dovecot, and it is what I all have -> http://pastie.org/private/4vjpvxbbob4imgoljx29w
<mrtAkdeniz> I think my free ssl certificate forbidden by thunderbird
<mrtAkdeniz> but I search for it, and tell thunderbird to skip ssl cert check
<mrtAkdeniz> it is still failing..
<stochastix> I am going to scp a website over to ubuntu 14.04, do I want to use scp -pr  to preserve as much as i can for permissions?  I may have to reown the files anyway though
<stochastix> well, guess ill find out soon enough.
<_KaszpiR_> anyone knows what is retention time for AWS AMI with Ubuntu 14.04.3 LTS daily builds?
<mrtAkdeniz> Guys
<mrtAkdeniz> I'm buying SSL certificate
<mrtAkdeniz> and I'll use it for mail also
<mrtAkdeniz> and my mail server is on mail.mydomain.com
<mrtAkdeniz> do I need to buy it for mail.mydomain or mydomain.com
<paule32> hello
<paule32> have problem with squid3 for linux
<paule32> http://pastebin.com/HXB63yyh
<_KaszpiR_> looks like your /sap/squid/block.sh sucks in producting proper output
<paule32> yes, because ERR\n0
<paule32> \0OK
<paule32> any ideas?
<mahdi_ja> hi all
<mahdi_ja> i study about parallel programming in julia and get this statement.
<mahdi_ja> The base Julia installation has in-built support for two types of clusters:
<mahdi_ja>     A local cluster specified with the -p option as shown above.
<mahdi_ja>     A cluster spanning machines using the --machinefile option. This uses a passwordless ssh login to start julia worker processes (from the same path as the current host) on the specified machines.
<mahdi_ja> i want know what is cluster spanning and how i can create this in ubuntu
<mahdi_ja> thank 's for your help
<Sling> mahdi_ja: you should ask in #julia probably
<Sling> this is not something ubuntu-specific
<mahdi_ja> Sling, yes, but what is spanning cluster i do not find anythings about this
<lordievader> mahdi_ja: Probably multiple nodes running on different machines.
<lordievader> Wouldn't be surprised if it uses a mpich like technology underneath: https://www.mpich.org/
<mrtAkdeniz> Guys I need help
<mrtAkdeniz> I'm trying to open ports
<mrtAkdeniz> and I don't have ufw enable
<mrtAkdeniz> I'm using sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT
<paule32> flush the firewall
<mrtAkdeniz> but telnet localhost 587 still returning error
<RoyK> mrtAkdeniz: why not ufw?
<mrtAkdeniz> paule32, i have ufw disabled
<paule32> iptables -t nat -L
<paule32> ?
<mrtAkdeniz> RoyK, because I don't want
<RoyK> mrtAkdeniz: pastebin output of "iptables-save"
<mrtAkdeniz> RoyK, http://pastie.org/private/xptz3rt4jdxjxfxxzl5irq
<mrtAkdeniz> it is just pathetic, my localhost refusing my connection.
<lordievader> mrtAkdeniz: Is there anything listening to those ports?
<mrtAkdeniz> lordievader, I've postfix and dovecot installed
<mrtAkdeniz> and i think they are listening
<RoyK> mrtAkdeniz: all accepted there - nothing is blocking
<lordievader> mrtAkdeniz: netstat -tulpn|grep <those ports>
<mrtAkdeniz> lordievader, both returned empty
<lordievader> So nothing is listening.
<mrtAkdeniz> damn
<Sling> (try it with sudo if you're not root)
<mrtAkdeniz> I'm root :\
<RoyK> mrtAkdeniz: it's not a firewall issue
<RoyK> mrtAkdeniz: nothing is blocked in that iptables setup
<mrtAkdeniz> RoyK, yeah I got it :\
<mrtAkdeniz> it is postfix issue
<RoyK> mrtAkdeniz: the allow lines have no effect, since -P ACCEPT is on
<RoyK> mrtAkdeniz: I'd recommend using ufw until you get familiar with the iptables (or next, nftables) rules
<mrtAkdeniz> when I enable ufw, even my 80 port blocked
<mrtAkdeniz> and I had "ufw enable 80" and rebooted..
<RoyK> no
<RoyK> ufw allow http
<RoyK> ufw allow ssh
<RoyK> ufw enable
<mrtAkdeniz> not enable sorry
<mrtAkdeniz> allow 80
<RoyK> just use http
<mrtAkdeniz> but I need to open other ports
<RoyK> first iptables -F
<mrtAkdeniz> like 21, 25 etc
<RoyK> 21? are you (ab)using ftp?
<mrtAkdeniz> and I have 81 port which is another webserver
<mrtAkdeniz> yeah RoyK
<RoyK> just ufw allow 'whateverprotocol'
<RoyK> it's simple
<mrtAkdeniz> ufw allow 81?
<RoyK> ufw allow 81/tcp
<mrtAkdeniz> hmm
<mrtAkdeniz> let me try it
<RoyK> flush iptables first
<RoyK> *first*
<RoyK> because custom rules and ufw may interfere
<mrtAkdeniz> ok
<mrtAkdeniz> iptables -F right?
<RoyK> mhm
<RoyK> then this: ufw allow ssh; ufw allow http; ufw allow 81/tcp; ufw allow ftp # the latter if you're stupid enough to use FTP in production
<RoyK> the thing about FTP is, it uses different ports for control and data, which is a bad idea with NATed machines
<RoyK> it works, however, with protocol helpers
<RoyK> but then, if you try to do something smart, as in encrypting the data, the router can't see which ports to forward, and FTP just won't work
<RoyK> use SFTP instead
<MACscr> is there a channel for LXD?
<TJ->  there's #lxcontainers and #lxc-devel
<MACscr> yep, just noticed that its just the regular LXC channel. Wasnt sure if there was one specific to LXD.
<tonymke> I am struggling to get sshd's AuthorizedCommandKeys bit to work successfully
<tonymke> made a script that literally just curl my github keys to stdout
<tonymke> can't actually auth from results
<tonymke> Anyone see anything painfully wrong? http://i.imgur.com/cO2P7eq.png
<TJ-> What is this "AuthorizedCommandKeys"
<tonymke> TJ-: this - https://gist.github.com/sivel/c68f601137ef9063efd7
<tonymke> supposedly a command you can tell sshd to run to get an alternative authorized_keys set before checking each user's home directory
<tonymke> trying to use it as a simple way to not have to update authorized_keys files across vms
<TJ-> tonymke: it's  "AuthorizedKeysCommand"
<tonymke> that's what's in the sshd config
<tonymke> so that's not it
<tonymke> just a typo in here
<TJ-> OK :) ... try increasing logging verbosity of sshd
<TJ-> tonymke: you've also got "AuthorizedKeysCommandUser" configured and set to a valid user account?
<tonymke> "unsave permissions or modes for file"
<tonymke> alright, that's helpful
<TJ-> The man-page does say "The program must be owned by root, not writable by group or
<TJ->              others and specified by an absolute path
<tonymke> yeah, it's owned by root. trying 700 perms now
<Darkyyy> im running LAMP on ubuntu server 14.04
<tonymke> got it
<tonymke> wooo
<Darkyyy> can't run a proxy script
<Darkyyy> im getting error 500
<paule32> hello
<paule32> have problems with squid3.4
<paule32> http://pastebin.com/HXB63yyh
#ubuntu-server 2015-11-15
<tsimonq2> just curious, I have seen build servers for Ubuntu that build packages for the repos. Are those only Ubuntu servers that can do that, or can I contribute my free resources to do this on my server?
<PryMar56> tsimonq2, nothing is stopping you. apt-get source PackageOfInterest
<PryMar56> tsimonq2, run ^^ as user
<tsimonq2> PryMar56: but is there an automated way of doing this and reporting it back to the server like the automatic build machines?
<PryMar56> tsimonq2, I can barely rebuild a single dsc by hand.. I would never try that
<tsimonq2> PryMar56: but then how do the servers do it?
<PryMar56> tsimonq2, that is need to know basis.. when you need to know, all will be disclosed (my interpretation)
<tsimonq2> PryMar56: can you disclose?
<tsimonq2> PryMar56: I would like to know
<hungry_mosquito> Hi! how to I create a Limit rule for a user in Ubuntu Server 15 ?
<hungry_mosquito> erm...bandwidth limit rule.
<lordievader> Good morning
<stochastix> I take it ubuntu 14.04 does not use systemd?
<jelly> stochastix: correct
<jelly> 14.04 LTS is still on upstart
<stochastix> jelly: thanks.  Do you know off hand if you change the nginx website root dir in the nginx.conf file?
<jelly> no idea about nginx
<stochastix> k, thanks, let me google that for me  :)
<mrtAkdeniz> guys hey there
<mrtAkdeniz> how did I done i have no idea, but I stopped my server's ssh
<mrtAkdeniz> i checked what is listening port 22
<mrtAkdeniz> it returns nothing..
<lordievader> That makes sense, right?
<jaffray> Hello from Canada. I would like to setup a network of ubuntu machines across a few physical servers running ESXi 6 as the hypervisor and ubuntu server as the os for most machines.  I find that it's a pain setting up user accounts on each machine. My research leads me to believe that I want to setup an authentication server with all user information.  Would someone please kindly give me
<jaffray> some important terms and concepts which I should include in my research so I can address the important issues?  Right now I see LDAP as the user database, I know I need RSA keys for users, and I have yet to figure out how to have the other servers use the authentication server for their accounts.  Thank you and much appreciated!
<TJ-> !info libpam-ldap | jaffray
<ubottu> jaffray: libpam-ldap (source: libpam-ldap): Pluggable Authentication Module for LDAP. In component universe, is extra. Version 184-8.7ubuntu1 (wily), package size 40 kB, installed size 167 kB
<stochastix> how do i see what version of php is installed?
<stochastix> can i see that with aptitude?
<TJ-> stochastix: "apt-cache policy php5" ?
<stochastix> is php5 different than php5-fpm?
<bekks> yes.
<jaffray> TJ - Thanks.  I'll start with that.  Any other 'search-terms/concepts" or programs you can suggest?
<bindi> which usb creation tool should I use for 14.04 server?
<bekks> bindi: dd
<bindi> which usb creation tool should I use for 14.04 server on windows?
<bekks> rufus
<bindi> hi, i've tried to create my usb 3 times now, md5sum matches for the ubuntu-14.04.3-server-amd64.iso, tried with unetbootin twice and linux live usb creator. it always fails integrity check on the same package: ./pool/main/m/maas/python-maas-provisioningserver_1.7.6+bzr3376-0ubuntu2~14.04.1_all.deb
<bindi> posted that on #ubuntu - you sure it'll work? :P
<bindi> i checked the md5sum of that file myself just now and it matches what the md5s file has
<bekks> bindi: check the md5sum of the iso.
<bindi> i did that aswell
<bindi> i did mention that
<bindi> do i want to use "write in iso image mode (recommended)" or "write in dd image mode"?
<bindi> *cough*
<bindi> going with dd :)
<jvwjgames> How do I regenerate 80 persistent rules
<jvwjgames> That control the network
#ubuntu-server 2016-11-14
<sileht> zul, jamespage, coreycb, ddellav, hi I uncounter a qemu live-migration issue from trusty to xenial https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1641532
<ubottu> Launchpad bug 1641532 in qemu (Ubuntu) "Unknown ramblock "/rom@etc/acpi/rsdp", cannot accept migration" [Undecided,New]
<sileht> zul, jamespage, coreycb, ddellav, I thnk this should be fixed before openstack user try to upgrade from mitaka to newton
<cpaelzer> sileht: known issue, let me find and point you to the right one
<cpaelzer> STS working on it arm
<cpaelzer> atm
<cpaelzer> at least it seems that way
<cpaelzer> grr no meeting minutes uploaded last week
<jamespage> sileht, I was about to point you to cpaelzer but I see he's jumped in
<jamespage> :)
<jamespage> thanks cpaelzer
 * cpaelzer is still checking - envision a spinning wheel here - \ | / - ...
<sileht> :)
<cpaelzer> sileht: not a dup to the one I thought - now context switching into the bug more
<sileht> cpaelzer, I have tested the patch I have attached to the bug report on my cluster and it works well
<cpaelzer> sileht: yeah I'd even say ack after 2 minutes looking at it - but I'd like to look at it at least a bit more :-)
<cpaelzer> sileht: I recently cleaned up a lot of this machine type mess, but due to LTS cycles we could only drop old cruft after LTS
<cpaelzer> sileht: and atm I think you are right
<cpaelzer> sileht: give me a bit and I'll fully agree :-)
<sileht> cpaelzer, sure the patch as-is is enougth or do you want a proper debdiff ? or something else ?
<cpaelzer> this is a can of nice worms
<cpaelzer> sileht: I'm fine with the patch as-is
<sileht> cool
<cpaelzer> sileht: I have a testbed for just such migration issues where I'll test it
<cpaelzer> sileht: I just never happened to use that old guests as "utopic"
<sileht> cpaelzer, :)
<cpaelzer> sileht: migrating after Xenial you'd be supposed to update the machine type to go on
<cpaelzer> sileht: but for what you reported it is a valid issue
<cpaelzer> sileht: so I'm now going on to check and test on this
<sileht> cpaelzer, changing machine type means 'rebooting customer vm'
<cpaelzer> sileht: I'll let you know
<cpaelzer> sileht: yes it does
<sileht> cpaelzer, I can't do that
<cpaelzer> sileht: at some point old things have to go out of support - that is why we (after long discussion) decided to drop older types after an LTS and only those types that are "out of support" then
<sileht> cpaelzer, I have very old VM with just 'pc-i440fx' and it still work fine
<sileht> cpaelzer, yeah I understand but 2.0 machine type is still supported upstream
<cpaelzer> sileht: I fully understand your case and pain - but at some point it becomes a matter of maintainability
<sileht> cpaelzer, the custom ubuntu machine type just break think
<sileht> think/thing
<cpaelzer> sileht: yeah it is a shame - the early days of qemu machine types forced all dirstibutions to go the "custom machine type way"
<cpaelzer> sileht: these days it might mostly be fine
<cpaelzer> sileht: but everybody has to obey his history
<cpaelzer> sileht: and now time comes and makes things non maintainable :-/
<cpaelzer> sileht: all distributions are in the same mess here - but there is no golden solution (IMHO)
<cpaelzer> sileht: on one side you have the valid "the upstream type still works" - but that is only true in most but not all cases
<cpaelzer> sileht: and on the other you can't care about the old delta forever as it less and less applies to the new code
<cpaelzer> sileht: there was a lot of info (and less "discussion" than I'd liked) around it - let me know if you want some pointers
<cpaelzer> sileht: I'll now go for your fix
 * cpaelzer declares machine-types a never ending can of worms
<sileht> agreed !
<cpaelzer> and it did not help that the way to define them was changed three times in the last 2 years
<cpaelzer> sileht: I think this is all worse than we thought - may I ask what you did to do the check that lead you to "...I have seen that in 2.3, the utopic machine is a kvm-2.3 machine..." ?
<sileht> cpaelzer, I have looks at the code of qemu-system-x86 1:2.3+dfsg-5ubuntu9.4~cloud2
<cpaelzer> sileht: ah so just reading
<cpaelzer> sileht: I thought you'd have a live check better than mine
<sileht> cpaelzer, the code in the define-ubuntu-machine-types.patch
<cpaelzer> sileht: sure IMHO it is more broken than that
<cpaelzer> sileht: it inherits whatever the latest version is
<sileht> cpaelzer, it uses pc_init_pci
<sileht> cpaelzer, and at this times that was 2.3 marchine
<cpaelzer> sileht: so while your utopic type on a 2.3 host had 2.3 it would have had 2.1 in a real utopic for example
<sileht> cpaelzer, I just hope ubuntu never release a 2.4 with 'pc_init_pci' :p
<sileht> cpaelzer, oh I see
<cpaelzer> sileht: so that is super worse than I thought at first :-/
<cpaelzer> sileht: I could fix it to what it should have been, but that would not help you (=2.1)
<cpaelzer> sileht: in fact I'd have to choose on "when did the last geust restart happen"
<cpaelzer> where it picked up the latest type
<sileht> cpaelzer, utopic was shipped qemu 2.1 ?
<cpaelzer> yes
<sileht> cpaelzer, trusty was 2.1 and cloud-archive have backport the utopic 2.3 to trusty, no ?
<cpaelzer> https://launchpad.net/ubuntu/+source/qemu/+publishinghistory?batch=75&memo=75&start=75
<cpaelzer> sileht: trusty 2.0, utopic 2.1, vivid 2.2, wily 2.3, xenial 2.5, yakkety 2.6
<cpaelzer> sileht: depends on which cloud archive you have
<sileht> cpaelzer, so this a bug of the cloud archive backport
<cpaelzer> I don't really think so - is it?
<cpaelzer> it is a bug that was there a long time but now bites us in the worst possible way (for fixing one has to choose who to break)
<sileht> cpaelzer, yes this is what I would say
<sileht> cpaelzer, I would said the 'main' qemu should stick 2.1 and the cloud-archive one should use "2.3"
<sileht> cpaelzer, that should limit the breakage ?
<cpaelzer> only for one "sort of UCA" - you have qemu 2.3 because you have the liberty UCA I assume
<sileht> cpaelzer, exaclty
<cpaelzer> but what about one that comes from U/J/K ?
<cpaelzer> they will have the other versions
<sileht> cpaelzer, I was using debian before and the machine for those VM is 'pc-i440fx'
<sileht> cpaelzer, and I have no pb with them
<cpaelzer> I wish the past wouldn't have forced us onto the specific type route
<cpaelzer> but none of us can change that
<cpaelzer> sileht: hmm, the pc-i440fx is also only a pointer to latest
<sileht> cpaelzer, let's me check what I really have currently running
<sileht> cpaelzer, I have this currently on my cluster:
<sileht> pc-i440fx-2.1,accel=kvm,usb=off
<sileht> pc-i440fx-utopic,accel=kvm,usb=off
<sileht> pc-i440fx-vivid,accel=kvm,usb=off
<sileht> I'm guessing the debian VMs are 'pc-i440fx-2.1
<sileht> with number:
<sileht>       2 pc-i440fx-2.1,accel=kvm,usb=off
<sileht>      90 pc-i440fx-utopic,accel=kvm,usb=off
<sileht>      50 pc-i440fx-vivid,accel=kvm,usb=off
<sileht> cpaelzer, kilo UCA have the utopic machine patch and it's 2.2 :(
<sileht> this is an awful bug
<cpaelzer> sileht: I can only agree
<cpaelzer> sileht: I'll dump the state into the bug, but that needs more people involved given the potential magnitude
<cpaelzer> I wonder thou that this only affects special cases - as I can just nicely migrate trusty to xenial
<cpaelzer> which is 2.0 to 2.5
<cpaelzer> and while xenial currently mis-assumes that to be a 2.5 type it is just fine
<cpaelzer> so on a migration it seems to be important what both pairs think
<cpaelzer> umm "the pair"
<cpaelzer> trusty thinks it has a 2.0 guest (correct) and Xenial (while misinterpreting the type as 2.5 when starting new) can receive it correctly
<cpaelzer> yet it fails for you from 2.3 -> 2.5
<cpaelzer> some of the special quirks qmeu/libvirt do only apply to certain combinations - and this might be one
<cpaelzer> sileht: as guest type?
<cpaelzer> sorry
<cpaelzer> bad reference - ignore it
<sileht> cpaelzer, if you apply my fix but puting 2.0 instead of 2.3 you will fix the 'main' repo
<sileht> cpaelzer, but UCA users will still be broken
<cpaelzer> sileht: yes this is how far I am in my thoughts
<cpaelzer> sileht: but I'm spinning around why you are broken and a base T->X migration is not
<sileht> cpaelzer, because UCA have backported qemu without updating define-ubuntu-machine-types.patch correctly
<cpaelzer> sileht: almost - because utopic machine type update was done wrong, never fixed till now and all those releases in between got picked up by UCA
<sileht> yeah :(
<cpaelzer> sileht: do you need more than x86 for your tests if I prep a ppa?
<sileht> cpaelzer, no I only have amd64 server
<cpaelzer> jamespage: FYI - you might want to reread bug 1641532 content and triage accordingly for UCA now
<ubottu> bug 1641532 in qemu (Ubuntu) "machine-types trusty and utopic are not unique (depend on the qemu version)" [Critical,Confirmed] https://launchpad.net/bugs/1641532
<jamespage> cpaelzer, ack
<sileht> cpaelzer, I have tested your ppa and got the same issue so like I thought, in my case, the utopic type is a 2.3 type
<cpaelzer> sileht: I was afraid of that, but thanks for verifying
<sileht> cpaelzer, for my cluster I can live with the custom package for a while
<sileht> cpaelzer, don't hesitate to ping me for real testing
<cpaelzer> sileht: thanks - I highly appreciate your report and your fast feedback on this - yet as we agreed before it is an ugly issue and won't make me or anybody else ever really "happy"
<bananapie> I want to use debootstrap to create a new xenial image, my machine is running on precise. How do I add xenial to debootstrap on an old version of ubuntu?
<bananapie> i created a symlink in /usr/share/debootstrap/scripts   ( ln -s gutsy xenial )
<bananapie> oops
<bananapie> nevermind, it's ubuntu-vm-builder that I am using, not debootstrap.
<bananapie> i'll just install old-school using an iso
<KlausedSource> hey everyone, i edited the sudoers file with the command visudo and added the following line: "%rftadm ALL=(ALL) NOPASSWD:ALL"
<KlausedSource> it doesn't seem to be applied though
<KlausedSource> do i need to restart the system or any service? im running ubuntu 16.04 lts
<KlausedSource> i want every user in group rftadm to be able to use sudo without passwortprompt
<ddellav> zul can you review lp:~ddellav/ubuntu/+source/keystone master branch, I've implemented your config generator script and it seems to work but I want to make sure. I've installed the built package and it works.
<cpaelzer> KlausedSource: I think it has to have a space between ":" and ALL
<cpaelzer> KlausedSource: usually no restart/reload needed for that
<cpaelzer> KlausedSource: use "visudo" to edit the file that does all you need and locks properly
<cpaelzer> KlausedSource: IIRC for the groups you could also try "%rftadm ALL=NOPASSWD: ALL"
<KlausedSource> cpaelzer, i figured out the problem with space too. however that alone didn't fix it.
<KlausedSource> cpaelzer, the user was also in group sudo and for sudo there was a password-prompt (default) line in the sudoers file which lead to the setting being overwritten by it
<cpaelzer> KlausedSource: so it was an issue of first match then and is resolved for you now?
<ddellav> coreycb jamespage i need a review for the cinder sru: lp:~ddellav/ubuntu/+source/cinder newton branch, just a missing dependency added
<KlausedSource> cpaelzer, yes it is resolved now. however it wasn't first match but it got overwritten (first match was %rftadm, followed by %sudo)
<cpaelzer> KlausedSource: oh really - didn't remember it was that way around - thanks for sharing
<KlausedSource> cpaelzer, ye i thought it would be first match too that's why i posted here in the first place
<zul> jamespage: when you get a chance can you review this please? https://code.launchpad.net/~zulcss/charm-helpers/ocata-support/+merge/310678
<Pinkamena_D> I just accidentally ran $ sudo setfacl -d -m g::--- /  what is the correct group defaults that are supposed to be there??
<coreycb> ddellav, can you add some more details to that bug, including sru sections in the description?
<ddellav> coreycb what would you suggest I use as the impact? I didn't initiate this sru from noticed behavior, it was simply missing a dependency. It still builds and installs fine. Should I attempt to create a situation where keystoneauth1 is required?
<coreycb> ddellav, i think if you look at cinder code that imports keystoneauth1 that wouldn't work if python-keystoneauth1 was missing
<coreycb> it's possible that keystoneauth1 is getting pulled in by another dependency though
<ddellav> coreycb it is being pulled in by python-keystoneclient
<zul> ddellav: and your keystone branch builds ok?
<zul> ddellav: changelog should be ubuntu1 btw
<ddellav> zul yes, in zesty
<zul> ddellav: fix the changelog and ill merge it
<ddellav> zul ah yea, dch incremented it. I'll fix it
<ddellav> zul pushed
<zul> thanks
<powersj> cpaelzer: is it possible to increase disk space on the s390x lpar? :) we ran out
<xnox> powersj, there is very little disk space and it is epxensive
<xnox> powersj, =/
<powersj> xnox: ok thanks for the heads up. I'll let cpaelzer respond to my email as well to see if we can slim down the images
<zul> jamespage: https://code.launchpad.net/~zulcss/charm-helpers/fix-typo/+merge/310805
<momken> hello
<momken> I have recently bought a 512MB vps
<momken> the images available are 16.04 64bit and 14.04 32bit and 64bit.
<bekks> momken: So use 16.04
<teward> momken: I don't see a question here.  Use 16.04.
<momken> Is it better to have the more uptodate 16.04 64bit or less ram usage in 14.04 32bit^
<momken> ?
<momken> Hmmm. Isn't 512MB ram very small for 16.04 64bit?
<momken> I think the 64bit system would consume ~1.5x ram than 32bit
<bekks> You wont notice the difference in RAM usage.
<bekks> Yout thought about that is entirely wrong.
<bekks> *your
<momken> bekks, I don't think so. There is a little more usage because increased size of 64bit pointers
<bekks> 1.5x is totally nonsense.
<momken> It is more significant in low rams.
<bekks> "a bit more" means a few MB. Not 1.5x
<momken> bekks, But yeh I also think that should not be more than 100MB for increase
<bekks> Where did you got that rumout from, regarding 1.5x?
<momken> bekks, It was only a guess
<ThiagoCMC> Hey guys, the Ansible's service module is not working on Debian / Ubuntu LTS, basically, this: "- service: name=dpdk enabled=yes", does nothing, service does not become enabled! `systemctl status dpdk` show its disabled, any clue?
<bekks> momken: And that guess is horrible wrong. So just use 16.04
<momken> I read somewhere it may even take more than 1.7x
<momken> bekks, OK, thanks
<bekks> Wherever you read that - ignore that site from now on.
<teward> rbasak: ping, there was a bug you poked me on about a week ago, which one was it?
<ThiagoCMC> Hey guys! I have an Ubuntu 16.04 running OpenvSwithc and DPDK, it is really awesome! From Newton Cloud Archive...
<ThiagoCMC> However, my Newton, is not using the OVS with DPDK, it still uses the regular OVS bridges... My KVM only setup with with OVS+DPDK but, Newton is "not aware" that OVS+DPKD is available... Where are the instructions?
<ThiagoCMC> This doc: http://docs.openstack.org/newton/networking-guide/config-ovs-dpdk.html looks not enough...
<ThiagoCMC> Do I need the "sudo apt install python-networking-vs-dpdk" package installed?
<sarnold> ThiagoCMC: hah, once again I thought of you being the expert here before I noticed that it was you asking the question..
<ThiagoCMC> sarnold, lol
<ThiagoCMC> come on...   =P
<ThiagoCMC> If I don't know, I don't know...
<ThiagoCMC> have to ask...   =)
<sarnold> :)
#ubuntu-server 2016-11-15
<Pinkamena_D> I cant connect to vsftpd anymore. Trying just local network no firewall. SSH works fine. raw FTP I open ftp it asks for username and then password and then just hangs there. Only thing in the log on the server is a "client connected" message.
<DirtyCajun> Pinkamena_D, why dont you use sshd and grow from insecure vsftpd ?
<sarnold> Pinkamena_D: did it ever work?
<Pinkamena_D> I use sftp in many places, but for reasons outside the scope of this question, I need a standard ftp connection available in this case. I don't think this is an overly obscure or unreasonable request.
<Pinkamena_D> no, it is still 'Password:\n'
<sarnold> Pinkamena_D: are you setting this up from scratch and it's never worked?
<sarnold> Pinkamena_D: or are you trying to figureo ut why something that worked N days ago doesn't work today?
<Pinkamena_D> no, it has worked in the past, but it is not used extremely actively so I only noticed today
<Pinkamena_D> the latter case, yes
<sarnold> do you need to toggle the active/passive case?
<sarnold> do you have a firewall on the machine that you're testing from?
<Pinkamena_D> no - both machines are ubuntu 14.04 (one server one desktop)
<Pinkamena_D> I have never changed any settings related to active/passive. I have used both nautilus "connect to server" and filezilla for connections in the past - now both hang
<sarnold> is there anything in the logs on the server?
<Pinkamena_D> nothing useful in dmesg or /var/log/vsftpd.log - is there anywhere else to check?
<sarnold> _maybe_ /var/log/auth.log?
<Pinkamena_D> it seems to be only ssh-related entries
<Pinkamena_D> ok well i have no idea what actually the problem is, but it works after I disable LISTEN_IPV6
<Pinkamena_D> so yeah I will just keep chugging with ipv4...
<sarnold> well -that- is surprising
<SipriusPT> hello guys
<SipriusPT> i am trying to connect an outlook client to my unix mail server and i am unable to authenticate on it
<SipriusPT> till now i was only able to connect mail app clients
<SipriusPT> i am using postfix, dovecot, getmail, open directory and CRAM-MD5, Digest-MD5, GSSAPI
<SipriusPT> when i try to login i receive this message at outlook
<SipriusPT> Iniciating session in the reception server of mail (IMAP): Failure with general authentication. No one of those authentication methods are supported by the IMAP server (if exists) are supported by this computer.
<SipriusPT> In dovecot: auth_mechanisms = digest-md5 cram-md5 gssapi apop. (I didnt knew that i had apop enable, i will disable it in the future). Through telnet to port 143 i have AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=GSSAPI. I am using Outlook 2013. I was using the same settings as i was through Mail app, login username and password, and the DNS name of this mail server through IMAP.
<rbasak> teward: https://launchpad.net/bugs/1639814
<ubottu> Launchpad bug 1639814 in nginx (Ubuntu) "nginx package upgrade on ubuntu 14.04 rewrites ssl config" [Undecided,Incomplete]
<RoyK> rbasak: ouch - not very nice
<SipriusPT> hello guys
<SipriusPT> i am trying to connect an outlook client to my unix mail server and i am unable to authenticate on it
<SipriusPT> till now i was only able to connect mail app clients
<SipriusPT> i am using postfix, dovecot, getmail, open directory and CRAM-MD5, Digest-MD5, GSSAPI
<SipriusPT> when i try to login i receive this message at outlook
<SipriusPT> Iniciating session in the reception server of mail (IMAP): Failure with general authentication. No one of those authentication methods are supported by the IMAP server (if exists) are supported by this computer.
<SipriusPT> In dovecot: auth_mechanisms = digest-md5 cram-md5 gssapi apop. (I didnt knew that i had apop enable, i will disable it in the future). Through telnet to port 143 i have AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=GSSAPI. I am using Outlook 2013. I was using the same settings as i was through Mail app, login username and password, and the DNS name of this mail server through IMAP.
<patdk-lap> you shouldn't use cram-md5 or digest-md5
<patdk-lap> dunno if outlook supports gssapi
<SipriusPT> patdk-lap: i was avoiding textplain
<SipriusPT> outlook is not compatible with those types of encryptions?!
<patdk-lap> heh? those are not encryption
<patdk-lap> they are a type of hash
<patdk-lap> and why avoid plain text?
<patdk-lap> md5 is easily crackable, so those are not secure
<patdk-lap> your connection should be tls encrypted
<patdk-lap> so the password type doesn't matter
<SipriusPT> i see
<patdk-lap> if you use plain text passwords, you get to use strong password hashing in your user database, protecting people
<SipriusPT> i will do that
<patdk-lap> instead of using plain text passwords in your database
<patdk-lap> now, gssapi is good
<SipriusPT> i was not able to set it up
<SipriusPT> =/
<patdk-lap> the issue there is much the same, not much support, and requires plaintext passwords or some compromise normally
<SipriusPT> i had a problem renewing tickets
<SipriusPT> thanks patdk-lap i already check at my config file in postfix and it seems that tls is set by default
<SipriusPT> (this is a fresh postfix installation)
<SipriusPT> Hello guys
<SipriusPT>  0 down vote favorite I notice that i am unable to connect Outlook (2013) users with my Unix mail server. I have tried from a remote computer and localhost at my local network with Mail App and its working fine except with Outlook where i cannot find a way to connect it. I have also a web mail service at my mail server and this working fine too.
<SipriusPT> I am getting this error when i try to connect through outlook:
<SipriusPT> Iniciating session in the reception server of mail (IMAP): Failure with general authentication. No one of those authentication methods are supported by the IMAP server (if exists) are supported by this computer.
<SipriusPT> It seems that i am having a problem with user authentication with Outlook and i dont know well how to solve it, because all my users are set to just use Open Directory.
<SipriusPT> Is there a way to set up Outlook to login in an user password type of Open Directory?
<SipriusPT> Thanks in advance!
<caribou> I'm about to upload a newer qemu package for an SRU on Trusty, anyone has anything inflight ?
<caribou> mdeslaur: ^^^
<cpaelzer> caribou: I cleared out trusty queue 2 weeks ago - nowthing newer from me
<caribou> cpaelzer: good, thanks. There was a recent security release so I guess nothing on this side either
<cpaelzer> caribou: yeah I saw the pile of CVEs
<mdeslaur> caribou: nothing in flight from me
<caribou> mdeslaur: ok, thansk
<mdeslaur> caribou: thanks for asking
<cpaelzer> I often do that as well, but sometimes wonder who to ask - I wonder if there could/should be a defined way to "add what is in flight for a package" somewhere on LP or so
<cpaelzer> I'm pretty sure that was discussed somewhen in the last decade already
<caribou> cpaelzer: it used to be easier when there were bzr branches with the -proposed suffix
<cpaelzer> caribou: bzr branches like for everything?
<caribou> cpaelzer: a long time ago, yes and still it was not systematic
<jgrimm> rharper, smoser, nacc, rbasak, caribou, cpaelzer, beisner : server irc meeting
<caribou> \o
<jge> hey all good morning, I'm working on an ansible playbook for ubuntu 16.04 LTS but I noticed the network interfaces are labeled different now
<jge> I have enp0s3 instead of eth0
<jge> it's a VM running in virtualbox, is that the interface name for interfaces now or does it change according to the hypervisor used?
<jge> trying to keep my playbook consistent across all
<jge> I have that interface name hardcoded in the playbook so if it changes it'll break it
<OerHeks> jge, this is the new predictable interface naming, but you can reverse this, see http://serverfault.com/questions/741210/disabling-predictable-network-interface-names-in-xubuntu-15-10 and more info ><> https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
<OerHeks> GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" and update-grub
<jge> OerHeks: I see, would the first interface always be enp0s3?
<jge> I guess not since it now uses a combination of firmware/topology and location
<nacc> jge: 'predictable' (aiui) in that you can predict it ahead of time in case you  know your hardware; not 'predictable' as in the first interface found will always have the sam ename
<nacc> jge: the 'issue' was the 'eth*' naming is a kernel namespace; so tooling relying on it could break at anytime without warning
<OerHeks> I hope so, after reinstall/restore image it should pick up the same number
<OerHeks> this prediction is a breeze for openstack, iirc
<jge> nacc: so most of our servers are VMs with a single interface
<jge> so first interface will always end up being enp0s3?
<SipriusPT> hello guys
<SipriusPT> anyone here knows a good tutorial or doc on how to set pgina to able outlook in windows to connect to a open directory?
<SipriusPT> or if anyone here have already made this here
<cncr04s> I'm having an issue with the network/interfaces config
<cncr04s> setting up iface eth0 inet6 static
<cncr04s> address, netmask, and gateway
<cncr04s> but its not there in ifconfig after boot
<cncr04s> http://pastebin.com/LtLFuuWY
<sarnold> cncr04s: are you sure you're allowed to have two stanzas for one NIC like that?
<sypher> sarnold: Yes.
<sypher> cncr04s: However, you might try modifying how you specify the prefix length. Rather than a separate "netmask" entry, simply append "/64" to each address.
<sypher> cncr04s: Example, https://paste.ubuntu.com/23481889
<sypher> cncr04s: There may be some additional configuration required to add more addresses, come to think of it. I'll work up an expanded example.
<cncr04s> adding /64 didnt seem to work
<sypher> cncr04s: Yeah, I thought not as soon as I said it.
<sypher> cncr04s: https://paste.ubuntu.com/23481936/
<sypher> cncr04s: That method is known to work.
<sypher> cncr04s: What version of Ubuntu are you running?
<cncr04s> 14.04
<sypher> cncr04s: Yeah, that last example is a known-good method.
<sypher> cncr04s: Also note that ifconfig is long deprecated, and you should learn how to use the iproute2 tools, i.e. the "ip" command.
<cncr04s> oh, i use the ifconfig for the display, not any actual commands
<cncr04s> editing config now
<sypher> cncr04s: https://paste.ubuntu.com/23481957/
<sypher> cncr04s: I took your example and converted it.
<cncr04s> k, seems to work now, ip's are there when I reboot
<cncr04s> thanks
<tex> I have an Ubuntu NAT router. Works fine for everything except for UDP multicast. UDP packets make it to the router, but don't leave. Am I missing something?
<station1> i have a complicated server setup in a VM cloned it to a HDD Â  Â Ubuntu16.04 server starts perfectly only ethernet isent configured RTL8111GR i presume Â ââfirmware-realtek â â is the package. is there a comand to reconfigure/reinstall it without internet?
<genii> !info firmware-realtek
<ubottu> Package firmware-realtek does not exist in yakkety
<genii> Hm
<genii> !info firmware-realtek xenial
<ubottu> Package firmware-realtek does not exist in xenial
<station1> if i separately install a ubuntu session how can i check and recreate the configuration. whan i install from usbstick it recognises it without intervention RTL8111GR
#ubuntu-server 2016-11-16
<hopeshare> hi, how are you people?
<hopeshare> I'm trying to upload php files to the server of ubuntu, I have closed the ports of ftp, I think I have to use only git to upload the files to the server
<hopeshare> I have created ssh + key and I access the server using putty
<sarnold> git's a fine protocol but ssh also allows you to use e.g. rsync over ssh or sftp
<patdk-lap> hmm, generally you use git over ssh
<patdk-lap> or sftp, same diff
<patdk-lap> been so busy with stuff haven't been around
<sarnold> evening patdk-lap :)
<patdk-lap> got stuff at work going really well now :)
<patdk-lap> it's just the little things :)
<sarnold> nice :D
<patdk-lap> access control system, controls the front door
<patdk-lap> alarm system controls the front door
<patdk-lap> so business hours, and alarm is off, front doors unlock
<patdk-lap> now I just added the lights into the system
<patdk-lap> so the lights automatically turn on when that happens also
<patdk-lap> lights where on motion only, causing issues
<patdk-lap> the light switches are programmable to do anything, except stay on
<sarnold> hahaha
<patdk-lap> atleast no one can forget to turn on the lights now :)
<patdk-lap> they HAVE to turn the alarm off
<sarnold> maybe they like sending you nagios alerts? >:->
<patdk-lap> you mean, submitting trouble tickets
<sarnold> hehe
<Javezim> My root partition was filling up, noticed there are a tonne of files under /var/lib/maas/boot-resources. Anyone know if these are safe to clear?
<sarnold> patdk-lap: how'd you hook it all up?
<sarnold> Javezim: I'd suggest looking through the maas interface for mechanisms to manage it first
<patdk-lap> door control system handles the door maglocks, alarm system attached to door system
<patdk-lap> door system controls a timer to unlock the doors, alarm system overrides it, if enabled
<patdk-lap> added a 12v relay to the maglocks, and that bypasses the 24v light switch to turn the lights on
<patdk-lap> lights running off this acuitycontrols pp20 system
<patdk-lap> or we can just think of it as the, 10k usd system to turn the lights on :)
<sarnold> but think of the money you'll save turning off the lights when no one is around! pennies per day!
<patdk-lap> ya, 35w led lights :)
<patdk-lap> good thing we don't pay for power :)
<patdk-lap> it's included in the rent
<Sircle> squid? https://pastebin.mozilla.org/8928670
<cryptic_> hello everyone, would someone like to lend me assistance? I'm setting up a web server on my personal desktop and keep running into minor problems such as when i load my forums onto my web server it wont send out the activation emails for users when they register or recover password. If someone could help me set it up that would be awesome!
<cryptic_> anyone here?
<cryptic_> hello everyone, would someone like to lend me assistance? I'm setting up a web server on my personal desktop and keep running into minor problems such as when i load my forums onto my web server it wont send out the activation emails for users when they register or recover password. If someone could help me set it up that would be awesome!
<cryptic_> hello everyone, would someone like to lend me assistance? I'm setting up a web server on my personal desktop and keep running into minor problems such as when i load my forums onto my web server it wont send out the activation emails for users when they register or recover password. If someone could help me set it up that would be awesome!
<tarpman> !repeat | cryptic_
<ubottu> cryptic_: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<RoyK> heh - three repeats in 10 minutes and then an exit
<RoyK> I guess (s)he may follow up telling friends how horrible IRC was
<Sircle> which one to install via dpgk -i ? https://pastebin.mozilla.org/8928716
<_ruben> squid_3.5.12-1ubuntu7.2_amd64.deb and squid-common_3.5.12-1ubuntu7.2_all.deb most likely
<Sircle>  https://pastebin.mozilla.org/8928726 clueless with squid. I want to reject POST calls in https or filter/moniter with rules.
<Sircle> _ruben: ^?
<ddellav> coreycb zul im looking at heat in CI
<zul> ddellav; ok
<zul> ddellav: what about the configuration stuff for glance,ceilometer,heat etc is that complete yet?
<ddellav> zul I'm re-auditing the rest of the core packages. Now that I know better what I'm looking for i'll get an accurate list together for which packages need the update.
<zul> ddellav: ok
<zul> coreycb: ping does this look kosher for you? https://bugs.launchpad.net/cloud-archive/+bug/1642274
<ubottu> Launchpad bug 1642274 in nova-lxd (Ubuntu Yakkety) "[SRU] newton nova-lxd 14.0.1 point release " [Undecided,New]
<dlloyd> is it possible to force apt to use tls 1.2?
<coreycb> zul, that looks fine.  depending on your reviewer you may need a test plan.
<zul> coreycb:ill just add it then
<zul> coreycb: i presume we need to still preserve the requirements file for SRU
<coreycb> zul, not sure what you mean. have an example?
<zul> coreycb: http://paste.ubuntu.com/23485769/
<coreycb> zul, i'd consider that a bug on upstream nova-lxd
<coreycb> zul, if it's not in sync with g-r
<zul> coreycb: it is :)
<zul> coreycb: mitaka wasnt i dont think
<Bam_Bam> Where does the installer configure the http proxy settings?
<Bam_Bam> I would like to remove it
<Bam_Bam> it's not in /etc/environment
<zul> ddellav: since you are worknig on heat can you remove python-coverage as a build dep its not needed in our case
<ddellav> zul will do
<ddellav> zul I'm actually having issues building source packages in zesty since i upgraded so I'm fighting with that atm. I might have to rollback
<zul> ok
<ddellav> a reboot fixed it, yay
<hhee> guys, vim in ubuntu behavior quite strange when i edit conf files
<nacc> hhee: care to be more specific?
<hhee> for example, if i move cursor with arrow to end of line, it moved to right, except one character
<hhee> one character to end of line
<hhee> if i switched in insert mode i can move to end of line
<hhee> maybe it's locale set improperly?
<hhee> dunno how explaint it more clearly...
<hhee> strange issue
<nacc> hhee: i'm not sure i fully understand, but i don't have any similar issues here
<hhee> nacc, i cheched one more time, in my local ubuntu, there is same issue
<hhee> ....... i'll try to find out what's wrong
<rbasak> hhee: from your description it sounds like that's how vim is supposed to work. If you're not in insert mode, you can't move the cursor beyond the end of the line.
<hhee> rbasak, i can't move not for end of line, can move -1 character to end line. it's 1 character - strange. i know basic work in vim, and earlier didn't run into it :)
<hhee> maybe it's about locale
<hhee> how can isetup locale system-wide?
<hhee> got it, /etc/default/locale
<hhee> and when i for example type man man - man: can't set the locale; make sure $LC_* and $LANG are correct
<hhee> nacc, more clear explain. i have a file, LANG="en_US.UTF-8"  sting there
<hhee> when i press "end" button, or $ or use arrow key to move to end of string
<hhee> i stop on LANG="en_US.UTF-8<HERE>"
<hhee> not on LANG="en_US.UTF-8"<HERE>
<hhee> and when i switched in INSERT mode, my text has begun inserted - LANG="en_US.UTF-8<HERE>"
<hhee> guys. sorry for intricacies explanations :)
<Sleepman1984> Ð° ÑÑÑÐºÐ¾ÑÐ·ÑÑÐ½Ñ ÐºÑÐ´Ð° Ð¿Ð¸ÑÐ°ÑÑ?
<hhee> Sleepman1984, try rusnet maybe?
<station1> fergot the fix for: after i instaled phpVirtualBox with apache2 it starts localy but not after reboot how do i troubleshoot this cant find a tutorial
<yoink> maybe #vbox will know?
<Sircle> can anyone tell me how exactly to filter https traffice in squid?
<tarpman> hhee: regarding your vim question: if you want to append after the last char on the line, press a. if you press i, that means you want to insert before the highlighted char
<tarpman> hhee: not being able to move the cursor past the end of the line in normal mode is expected, AFAIK it's always been that way
<sarnold> nitpick, a appends at the cursor location, A appends at the end of the line, A is the same as $a
<zul> coreycb: well crap http://pastebin.ubuntu.com/23487014/
<coreycb> zul, is that nova?
<zul> coreycb: ya
<zul> coreycb: im having been having problems here
<coreycb> zul, on ocata?
<zul> coreycb: well qemu issues
<coreycb> zul, ok i was wondering if it was from config file changes
<coreycb> in nova
<zul> coreycb: i dont think so
<zul> lemme try something
<station1> is there something like a distro with preinstaled vbox and something like phpVirtualBox
<zul> coreycb: only amd64 is failing i386 is ok
<sarnold> station1: does it have to be virtualbox? proxmox looks neat but I strongly doubt it works with vbox..
<station1> i have some vmdk i whant to run on it
<sarnold> qemu-img can convert many formats, perhaps it can convert yours too
<coreycb> zul, i'd try to recreate it manually
<zul> coreycb: trying to
<theGoat> so i am trying to install ubuntu 14.04 server on a machine with multiple drives in it.  when i go to grub on /dev/sda, it errors out saying "fatal error", but it lets me install on sdb just fine.  but when i boot, it just hangs on "GRUB Loading"
<zul> coreycb: btw the release team has started to push out stuff
<coreycb> zul, what sort of stuff?
<zul> coreycb: sorry b1
<coreycb> zul, ah, that :)
<coreycb> ddellav, fyi ^
<ddellav> zul coreycb ack
<ddellav> zul coreycb please review and push heat ci lp:~ddellav/ubuntu/+source/heat
<ddellav> coreycb zul i guess i'll take cinder b1
<hhee> tarpman, got it. thx. i know about press a, and then append. but quite strange
<ddellav> zul are we pulling python-coverage from every package or just heat?
<zul> ddellav: every
<ddellav> zul ack
<ddellav> zul coreycb also taking neutron
<coreycb> ddellav, heat pushed
<ddellav> coreycb thanks
<coreycb> ddellav, i'd leave coverage there unless it needs to be removed for some reason
<coreycb> BDs can be in universe so it should be ok
<ddellav> coreycb look
<ddellav> err ook
<ddellav> coreycb what if coverage is in BDI?
<coreycb> ddellav, should be the same
<ddellav> coreycb ok, so i'll leave it no matter where it is.
<coreycb> ddellav, ok
<ddellav> coreycb zul cinder b1 ready for review and push lp:~ddellav/ubuntu/+source/cinder it has a depwait in xenial on python-pyparsing (>= 2.0.7)
<ddellav> coreycb zul neutron b1 ready for review and push lp:~ddellav/ubuntu/+source/neutron it has deposit in xenial on python-coverage 4.0
<ddellav> zul coreycb taking neutron-fwaas and neutron-lbaas
<jge> hey all, I wanted to install Tomcat8 on Ubuntu 16.04 (server) but I would like the installation to live under /etc/tomcat8
<jge> how could I do this?
<tarpman> jge: "the installation" ?
<tarpman> jge: or to put it differently, why exactly do you need something different than what "apt install tomcat8" does?
<genii> Would violate FHS
<genii> !fhs
<ubottu> An explanation of how files and directories are organized on Ubuntu, and how they can be manipulated, can be found at https://help.ubuntu.com/community/LinuxFilesystemTreeOverview  see also: man hier
<jge> because I've written a bunch of ansible playbooks recently but they use installation from source not from repos
<jge> tarpman: ^
<tarpman> jge: I would expect such an installation to live in /usr/local or in /opt. /etc still sounds totally wrong
<jge> they took a long time to write, wouldnt like to rewrite playbooks
<genii> jge: The usual is either in /opt/programname or /usr/local hierarchy ( like /usr/local/bin , /usr/local/sbin  and so on)
<jge> I guess my question is if it's possible to install to a single directory, instead of having it split between three
<tarpman> if you're installing tomcat from source, sounds like a question for #tomcat
<genii> Binaries are compartmentalized from config files for good reasons. As is explained in the !fhs link from the bot
<coreycb> ddellav, i'm about to upload your cinder.  just adjusted the changelog to 'New upstream milestone for OpenStack Ocata.'
<ddellav> coreycb ok i'll make that change in the future
<jge> we install from source currently but im looking to change that to install straight from ubuntu's repos, I was just wondering if there was a way to have the installation live in a single directory as opposed to three
<jge> so I don't have to rewrite my ansible playbooks
<nacc> jge: if you installed from source originally and put it in /etc/, that was incorrect, per FHS
<nacc> jge: you cannot, trivially, put the installed binaries from a package in a different location
<coreycb> ddellav, we can probably also get away with just updating all (build-)depends when we release a milestone, and just update individual deps as needed during CI rotations
<jge> nacc: I see lots of installation that use a single directory when installing from source, including this digital ocean write up https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-ubuntu-16-04
<jge> but like you said violates FHS
<nacc> jge: that guide seems ridiculous, given that tomcat8 is in ubuntu
<jge> there's a bunch of them online :(
<tarpman> ++
<nacc> jge: the internet is, well, full of garbage :)
<jge> agree
<nacc> jge: but seriously, do you depend on something from the upstream tomcat8?
<ddellav> coreycb I'm not sure what you mean. Do you mean updating the dependency packages themselves or updating the versions in the d/control?
<nacc> jge: also that guide is specifically rolling out the binary release from upstream, not building anything
<coreycb> ddellav, just the versions in d/control
<jge> nacc: not really just easier to manage and deploy with ansible
<jge> I'll just rewrite our tomcat playbook, which is a pita
<coreycb> ddellav, neutron pushed and uploaded
<engineer-pearl> Hello. I'm trying to get SSL up and running, and I think I'm close, but I am having trouble with what I think is the last step: enabling it
<engineer-pearl> http://askubuntu.com/questions/511149/how-to-setup-ssl-https-for-your-site-on-ubuntu-linux-two-way-ssl is the guide I am using at this point, and currently my LoadModule isn't working
#ubuntu-server 2016-11-17
<sarnold> engineer-pearl: the Digital Ocean guides are probably a better starting point, see e.g. https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04 or https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04
<sarnold> engineer-pearl: or https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04
<sarnold> etc
<sarnold> they've got a lot of useful things :)
<engineer-pearl> Ooop I thinnk that did it
<engineer-pearl> Thank you, and since I've got you here, may I ask you a question (since I'm on a time crunch unfortunatly, I thought I had til the third, I have til tomorrow)
<engineer-pearl> do I need to set the servername in the secure connection area or can I leave that be?
<engineer-pearl> I'd do a proper test and find out but I have to wait for the ports.
<sarnold> I don't know details of actual software, but I do know that SNI from clients means servers typically have to know their name, so they can hand out the proper certificate when clients request it
<RoyK> engineer-pearl: let's encrypt just makes the day :)
<engineer-pearl> ?
<RoyK> well, it just works
<RoyK> and configures apache for you during installation and all
<RoyK> usually quite worry-free
<engineer-pearl> I didn't realize that getting an ERROR MESSAGE (the ultimate goal, actually) would be this complicated
<engineer-pearl> okay so is this "let's encrypt" a command line thing or a gui thing?
<tarpman> engineer-pearl: https://letsencrypt.org/getting-started/
<engineer-pearl> oh, just certificates. :/
<engineer-pearl> not an accurate face.
<sarnold> their 'standard client' does a bunch of configuration stuff too, no?
<sarnold> hence the huge proliferation of other tools that do fewer things
<engineer-pearl> @tarpman I think you found a "getting lost" page then...
<engineer-pearl> I have the certificate ready. At this point I just need to get the port to listen, which will provide me with the information that my certificate is not signed by a trusted third party (my goal. I know that seems odd.)
<fyrril> any reason on a fresh install, I get a black screen on a connected display.. but I can SSH into the server just fine?
<ikonia> I'm struggling to see where this becomes an ubuntu problem ?
<engineer-pearl> @ikonia I had a problem and had to guess where to go.
<sarnold> fyrril: look around for something like a kernel comman dline parameter "nomodeset", I have a vague feeling that's helped (or hurt) other people...
<ikonia> again - how is this anything to do with ubuntu ?
<sarnold> ikonia: meh there's nothing wrong with asking how to configure apache to do tls..
<sarnold> if you follow any old guide out ther eyou'll wind up re-writing half your apache config for no reason
<ikonia> sarnold: I don't think there is any problem with asking how to conigured apache in ubuntu, but it seems to have gone beyond that now
<fyrril> sarnold, you're referring to google correct?
<sarnold> fyrril: or kernel Docuemtnation/ directory, I'm not sure where to suggest first, I've been lucky so far and not seen this :)
<fyrril> just making sure you meant the internet before I spent 20 minutes looking through files in the CLI :D
<sarnold> :)
<fyrril> cheers
<engineer-pearl> Okay, so here's something that's not unusual for me - I have a message saying something is already using 443, yet I can't identify anything that is using it, not with netstat, not with my browser, not at all
<engineer-pearl> Netstat also doesn't show anything on 80, but I can connect to 80 on my browser.
<ikonia> engineer-pearl: what netstat command are you using
<ikonia> (maybe pastebin the output)
<engineer-pearl> This is just "sudo netstat" http://paste.ubuntu.com/23488122/ cause "sudo netstat | grep 80" has no output
<ikonia> ughh
<ikonia> 80 won't show up anything
<sarnold> netstat without arugments doesn't show listening sockets, just connected sockets
<ikonia> try netstat -a | grep LIST for example
<sarnold> try netstat -an
<ikonia> I'd strongly suggest you read man pages on commands before blindly typing them, and before using them to evaluate situations
<ikonia> (unless you know the flags to use)
<tarpman> and keeping in mind that netstat on linux is different from netstat on e.g. windows or bsd
<engineer-pearl> well it being different from windows would explain why itdidn't work even though I tookI it right off the internet (
<ikonia> "took it right off the internet" ?
<engineer-pearl> ((to be fair I've tried to use it before but))
<tarpman> the internet is, as a rule, untrustworthy
<ikonia> man netstat
<tarpman> ^
<ikonia> shows you all the flags and what it does
<ikonia> rather than just typing in blind
<engineer-pearl> I've tried to use that but I find the helps more helpful
<ikonia> "the helps" ?
<sarnold> ?
<engineer-pearl> like help [command] or command --help
<ikonia> but that gives you incomplete info
<ikonia> as you can see with netstat
<ikonia> it's a useful tool if you know how to use the command
<engineer-pearl> "sudo netstat -pa | grep 80" and "sudo netstat -pal | grep 80" still don't show it???
<ikonia> engineer-pearl: why are you doing "pa"
<ikonia> you where given 2 examples
<engineer-pearl> I tried those too
<ikonia> and 80 won't show up if you're using service name mapping
<ikonia> engineer-pearl: pastebin netstat -a | grep LIST
<fyrril> sarnold, all squared thanks. GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" to ""
<sarnold> fyrril: -that- fixed it?? odd.
<sarnold> fyrril: thanks for reporting back :) it's always nice to know what works
<fyrril> first thing I found said to add nomodeset to the quiet splash, but same problem.. second thing I found said to remove it all /shrug
<fyrril> no sweat, it's a thankless job I'm sure.
<sarnold> 'quiet splash' is a funny setting on a s erver anyway, hehe
 * tarpman likes 'netstat -nltp'
<tarpman> sarnold: not sure if it's still the case, but wasn't 'splash' necessary in the past to get plymouth activated?
<engineer-pearl> http://paste.ubuntu.com/23488146/
<sarnold> tarpman: yeah but why bother with that either? heh
<tarpman> sarnold: message demultiplexing, of course :)
<ikonia> engineer-pearl: grep git /etc/services
<tarpman> sarnold: don't tell me you haven't read http://web.dodds.net/~vorlon/wiki/blog/Plymouth_is_not_a_bootsplash/ years ago ;)
<sarnold> tarpman: never seen that :)
<engineer-pearl> Here's just with "netstat -a | grep git" http://paste.ubuntu.com/23488154/
<ikonia> engineer-pearl: what is the point in that ?
<engineer-pearl> I can also grab ls /etc/services if that was what you were after
<engineer-pearl> I don't know you asked for something weird
<ikonia> I asked clearly for "grep git /etc/services"
<sarnold> engineer-pearl: the point of ikonia's question was to find out what _number_ "ssh" means :)
<ikonia> (what git actually meant if it was really the git service or if it was git omnibus installer updating /etc/services for git to have the web server running)
<sarnold> engineer-pearl: maybe it means 80, in which case you find out wh you can't bind a web server :) maybe it means 443 which would explain why your web server couldn't offer https....
<ikonia> there is a ton of docs about using the obnibus installer ONLY on a machine, nothing else
<engineer-pearl> http://paste.ubuntu.com/23488162/
<ikonia> so according to that, port 9418 should be open
<ikonia> I bet it's not
<engineer-pearl> Here's the thing though - I CAN access my server from my machine (ethernet only atm but that should get fixed tonight)
<ikonia> get that fixed ?
<engineer-pearl> oh wait I missed the second part sorry
<ikonia> what's the problem with that, that sounds like a good thing
<engineer-pearl> 9418?
<engineer-pearl> I thought I was supposed to be binding it to 443?
<ikonia> engineer-pearl: have you installed git via the omnibus installer
<engineer-pearl> uhhhhhhhh I installed git a long time ago if it wasn't installed by default
<sarnold> tarpman: thanks, that was fun reading
<ikonia> why would it be installed by default ?
<ikonia> no OS installs git by default
<engineer-pearl> I don't remember! I've had the machine for a while
<ikonia> define a while
<ikonia> months, years, 10 years,
<engineer-pearl> software? Somewhere between months and a couple of years
<ikonia> what is your machines local IP address
<engineer-pearl> .30
<tarpman> sarnold: great, this has been my https://xkcd.com/1053/ moment for today :)
<ikonia> engineer-pearl: .30 is not an IP address
<ikonia> what is your machines local ip address
<engineer-pearl> 192.168.1.30 I think is the one you are asking for
<ikonia> is there more than 1 ?
<ikonia> one even
<sarnold> tarpman: haha, that's great. I've also not seen -that- one before today either. heh.
<tarpman> !!
<sarnold> tarpman: twice in one day :) not bad
<engineer-pearl> There should only be one with that IP, but there are several devices on the network
<tarpman> I can basically just go to bed now
<ikonia> engineer-pearl: ??? do you understand basic networking ?
<sarnold> tarpman: hehehe :D I endorse this idea!
<ikonia> (please be honest)
<engineer-pearl> "is there more than 1" leaves me to guess what you are asking for
<ikonia> I'm asking if that devices has more than one IP address
<ikonia> I'm asking if you understand network as you seem to think it's possible for more than one machine to have the same IP
<ikonia> as you said "I think 192.168.1.30 is the one you want"
<ikonia> suggesting there is more than one on that machine
<engineer-pearl> more than one IP address maybe? whenever I type in IP addr I seem to get a lot more info than the tutorials suggest I should.
<ikonia> do you understand basic networking ?
<ikonia> again please be honest
<engineer-pearl> I don't understand your question so probably not too well?
<ikonia> what IP address is this host running git on the network with
<engineer-pearl> nothing should be running git. It should be there but not anything else?
<ikonia> what ???
<ikonia> you've just shown me a box running git
<ikonia> you said you installed it a long time ago
<sarnold> for what it's worth this "what port is :git" and "what IP address is the service bound to" are the reasons why I use netstat's -n flag -- names get in the way, but you know where you stand with IP addresses and port numbers.
<ikonia> I ask which box is running git and you say "nothing should be running git"
<ikonia> sarnold: agreed
<engineer-pearl> well here's the thing, I have only ever used git to connect out, never connect in
<engineer-pearl> github hosts some good minetest mods
<ikonia> engineer-pearl: ok - so you have not actually installed  agit service
<ikonia> you've just installed the git client
<ikonia> so what is the IP of the host you are having the problem with
<engineer-pearl> I may have installed all of git trying to get the parts that I want but I don't really rember, hold on I think I have something holding the record
<ikonia> it doesn't matter
<engineer-pearl> okay
<ikonia> just run "telnet $host_ip 80" from your work station
<ikonia> what do you get back
<engineer-pearl> does doing it from ssh provide expected behavior? I got an error
<ikonia> what do you mean, doing it from ssh
<engineer-pearl> Trying 0.0.0.80...
<engineer-pearl> telnet: Unable to connect to remote host: Invalid argument
<engineer-pearl> well that looks like an IP address
<ikonia> what is that IP ?
<ikonia> it's not even valid
<ikonia> and if you think that's a valid IP address, stop what you are doing now
<engineer-pearl> That's the output of the command you sent me!
<ikonia> no it's not
<engineer-pearl> I know it wasn't alid
<ikonia> you can't really think your hosts IP is 0.0.0
<engineer-pearl> *valid
<engineer-pearl> Just that it followed the form
<ikonia> followed the form ?
<ikonia> what are you talking about
<ikonia> what was the EXACT command you typed
<ikonia> and I do mean exact
<engineer-pearl> number.numbur.number.number
<engineer-pearl> yeah, I copied and pasted it.
<ikonia> what was the EXACT command you typed
<tarpman> engineer-pearl: you can't just make up random numbers and expect the result to be useful...
<sarnold> did you replace $host_ip with the host's IP? or .. include the variable as-is? :)
<tarpman> sarnold: great point -- 'telnet 80' does exactly that
<engineer-pearl> you know like 192.168.1.1,  192.168.1.30, 127.0.0.1, all of them follow the same format. So did 0.0.0.80, even if it was nothing.
<ikonia> what was the EXACT command you typed
<sarnold> $ telnet 80
<sarnold> Trying 0.0.0.80...
<sarnold> W.T.F.
<engineer-pearl> "telnet $host_ip 80"
<ikonia> ok
<tarpman> it's a standard - if obscure-  shorthand
<ikonia> so I'm sad to say I think you are running before walking
<sarnold> it's a -stupid- shorthand :)
<ikonia> what you are trying to do is outside of your skill level at this time
<tarpman> sarnold: telnet 127.1
<tarpman> :)
<ikonia> and I don't believe you are at a level where you can actually provide debugging
<engineer-pearl> well the alternative is to try to find a safe site with an invalid certificate
<sarnold> tarpman: #3
<engineer-pearl> which uh... I doubht I'm going to find
<sarnold> tarpman: seriously. I've been doing tcp/ip networking for >20 years and never seen this.
<ikonia> engineer-pearl: what are you actually trying to achieve
<engineer-pearl> You know the message you get when you go to a bad site and your browser alerts you that something is wrong?
<engineer-pearl> and it even gives more information if you tell it to?
<engineer-pearl> Well I have a presentation tomorrow on internet safety, and I figured that would be an EXELENT thing to use
<engineer-pearl> Thing is, you have to actually get one.
<engineer-pearl> Well I got a tip that if the certificate is self-signed, then you get that message. This means I could get it and explain it without attempting to navigate to a site that isn't okay
<engineer-pearl> I've got the certificate ready
<ikonia> engineer-pearl: do you understand the irony
<ikonia> you don't really understand how this works but you're giving a presentation
<engineer-pearl> well I don't need to explain the server side
<engineer-pearl> I was just trying to simulate the user side
<ikonia> https://badssl.com
<ikonia> first hit on google
<ikonia> shows all the examples of bad SSL configs
<sarnold> heck if all you wanted was a self-signed certificate you could grab any old consumer router, they all fire up a server on 192.168.0.1 or 192.168.1.1 with a self-signed certificate ....
<sarnold> ikonia: how come I can never remember this site when I want it?? I spent five minutes googling for it.
<ikonia> sarnold: I always forget it too
<sarnold> the closest I could find is https://revoked.grc.com/ which is .. half-way there. but not.
<engineer-pearl> nooo that's not the one noooooo ah poop.
<engineer-pearl> so that wasn't going to get me theone I'm after
<sarnold> it's got a self-signed cert right here: https://self-signed.badssl.com/
<ikonia> so you don't really even know what you're after
<ikonia> I think this is now well outside the scope of this channel
<engineer-pearl> yes but that wasn't the message I was after, I got a bad tip
<ikonia> I think you are looking for an untrusted site
<ikonia> that has been flagged in the common database as "untrusted"
<ikonia> not an untrusted SSL
<engineer-pearl> Oh. That would have been good info this morning, but that sounds exactly what I am looking for!
<sarnold> aha; try searching for "adobe photoshop" or "microsoft office" and click the first thing that looks like a malware installation page that pretends to be a download page. That'll either exploit your browser or show you the dialog you want. :D
<NOVAtechies> exit
<ws2k3> nice ubuntu 12.04 mini install is still broken
<ikonia> in what way broken ?
<jonah> hi is anyone any good with samba? I can't connect anymore to my samba share with a desktop client. It previously worked but now the client just gives timeout on server... any help appreciated. I've tried with firewall off and the IP is in my hosts allow list in the smb.cnf but still not working...
<ikonia> can you telnet to the port
<ikonia> test the port is actually open and responding for you
<DK2> ive a failed software raid1 with two disk where the first hdd is broken
<DK2> but the system cant boot via the second disk
<DK2> does a simple grub install on sdb solve the problem?
<ikonia> define cannot boot
<ikonia> has no grub - or has grub but won't boot
<ddellav> zul coreycb working on heat b1
<zul> pk
<ddellav> zul coreycb neutron-fwaas and heat done: lp:~ddellav/ubuntu/+source/neutron-fwaas lp:~ddellav/ubuntu/+source/heat
<ddellav> zul coreycb taking keystone b1
<zul> ack
<zul> ddellav: ill take nova when im done with this
<ddellav> zul ack
<jgrimm> caribou, is 1614052 still on your radar?
<caribou> LP: #1614052
<ubottu> Launchpad bug 1614052 in sosreport (Ubuntu Xenial) "SOSREPORT need to collect OPAL msglog" [High,Confirmed] https://launchpad.net/bugs/1614052
<caribou> jgrimm: this is fixed in the latest sosreport as far as I remember
<jgrimm> caribou, that's my read, justs needs SRUing
<ddellav> zul coreycb neutron-lbaas and keystone done lp:~ddellav/ubuntu/+source/keystone lp:~ddellav/ubuntu/+source/neutron-lbaas
<caribou> jgrimm: I'm working on pushing the latest sosreport as we speak but just found a last-minute bug while runningn autopkgtest
<caribou> jgrimm: so I just pushed a fix upstream & hopefully will be able to SRU soon
<caribou> jgrimm: I'll update the bug
<ddellav> zul coreycb i'll take neutron-dynamic-routing
<jgrimm> caribou, thanks! would be nice to get that one off the books
<ddellav> zul whats the best practice for updating debian packages now that the repo's aren't on alioth?
<zul> coreycb: ^^^
<zul> ddellav: but https://github.com/coreycb/pkg-scripts
<coreycb> ddellav, most of the openstack deps are now on ubuntu-server-dev.  if there's one missing let me know and I can create it.
<ddellav> coreycb zul ok thanks
<coreycb> ddellav, we still want to submit patches back to debian to minimize our delta though.  you can use submittodebian or you can submit patches using openstack gerritt.
<ddellav> coreycb ok
<jge> hey all good morning, anyone know why when I run something like 'find / -name file.name' i get a bunch of permission denied messages for a multitude of files when running as root in 16.04?
<jge> fresh install
<zul> coreycb: it doesnt help that there is no ocata branches yet
<coreycb> zul, ddellav, right, i agree.  so maybe just use submittodebian until zigo has branches set up for ocata.
<coreycb> ddellav, neutron-lbaas and neutron-fwaas pushed/uploaded
<ddellav> coreycb ack
<coreycb> ddellav, zul, i wonder if we can just drop keystone.conf.dist and setup-keystone-config.sh and just install the default generated keystone.conf
<ddellav> coreycb the keystone.conf in the debian directory is the apache config fyi. The sample that gets installed is in etc/keystone.sample.conf
<coreycb> ddellav, right, so debian/keystone.conf is different
<ddellav> right
<coreycb> ddellav, but the defaults that are generated by the above 2 files, are they neeed?
<coreycb> needed
<zul> coreycb: we should probbably rename it so we dont get confused
<ddellav> coreycb i don't know if they are needed. I just took the directives from the sample config and put them in the dist. I imagine it makes it easier to handle config file format changes from upstream to insert the directive values on build
<coreycb> ddellav, i think if the service starts with the default config then we don't need to modify it.
<coreycb> ddellav, we can probably also drop debian/logging.conf and install etc/logging.conf.sample instead
<coreycb> zul, yeah might make sense to rename that
<jge> hey all, anyone know where the tomcat8.service file is on ubuntu 16.04 ? nothing inside of /etc/systemd/system/
<Seveas> jge: there seems to be no such file (though I checked on 16.10 instead of 16.04)
<Seveas> it has an oldfashioned initscript :)
<andol> A more general answer: systemctl cat tomcat8.service
<jge> Oh ok, I see the init script
<jge> thanks guys
<jge> Seveas and andol: how could I make it so a variable say, JAVA_OPT  inside an init script points to a file instead of putting it there
<Seveas> jge: most initscripts source a file from /etc/default, where you can put such things
<Seveas> disclaimer: I didn't check the tomcat initscript if it supports this :)
<zul> coreycb: ping
<zul> coreycb: so we dont have senlin/watcher in ci, maybe we should?
<zul> coreycb: just to make sure this is buildable
<coreycb> zul, they are just synced from debian
<zul> coreycb: ok im just concerned that debian is behind again
<coreycb> zul, in that regard yes, let's just focus on the core packages for b1 and sync anything from debian once it's available
<zul> ok
<zul> coreycb: my ocd was kickiing in but meh
<zul> coreycb: i havent gotten to package installs yet ;)
<coreycb> ddellav, forgot about keystone for a bit there.. it's pushed/uploaded.  i dropped those couple of files I mentioned earlier and installed logging.conf.sample.
<docmur> I have a program I wrote, here is a sample: http://pastebin.com/rQYyCxVX which bootstraps 16.04.1 into a server and then runs an install script to get applications + kernel and then installs grub.  If I run the scripts myself, then chroot into the direct /mnt/destination and execute ./install.sh again, myself, and reboot, it works.  If I just run this program, when I reboot I get a kernel panaic
<docmur> that it can't find init=, why would this program fail, yet when I run it manually it works :S
<sarnold> docmur: yikes, does C# -really- let you pass multiple arguments to a program in one string like that?
<docmur> yep
<docmur> I'm assuming the problem has to be with chroot /mnt/destination bash install.sh
<rattking> docmur: I do things in a very similar way.. but I call it like "chroot /mnt/target /path/to/script.sh"
<rattking> script.sh is +x and has bash in the #!
<docmur> so does mine, I'm going to remove bash and try it again
<sarnold> is there a bash in your chroot?
<sarnold> does it have all the libraries it needs to function in the chroot? devices?
<rattking> or maybe you need more quoting like "/mnt/destination 'bash install.sh'"
<docmur> I can see install.sh execute, it does what I need it to do, so it's running it
<rattking> maybe you can make that #! bash -x and send the output to a log
<docmur> good idea :)
<rattking> I have to take off. good luck
<docmur> kk thanks!
#ubuntu-server 2016-11-18
<sarkis> hey all - does upstart send the kill signal to parent+child procs?
<sarnold> sarkis: it's a bit complicated; see step 8 at http://upstart.ubuntu.com/cookbook/#stopping-a-job
<sarkis> shit that sucks
<sarkis> can i override that behavior with any of the stanzas?
<sarkis> i don't think so :(
<sarnold> what are you trying to accomplish?
<sarkis> i'm managing a ruby script via upstart... the script forks off and runs other scripts, when i stop upstart i need it to only send a signal to the parent script and not the ones that it's forked
<sarkis> specifically it's managing resque (if you all know what that is)
<sarkis> somehow the child procs that get forked are part of the same proc group ... i've confirmed this as the child procs are dying with the killsignal i give upstart
<sarkis> this could all be by design - but that is what the end goal is for trying to modify the quit behavior ^
<sarnold> sarkis: you -could- make your script fiddle with the process groups of its children; something like pid = fork(); if pid == -1: FAIL ; if pid == 0: setpgrp(); ... sort of thing
<sarnold> sarkis: if ruby doesn't expose the setpgrp() syscall (and given how ugly it is I wouldn't be surprised) you might be able to achieve the same thing with a call to setsid() in a child process, too
<sarnold> sarkis: another possibility, maybe you could have the child processes block or ignore SIGTERM; some programs just leave signal dispositions alone when they start (e.g. that's how the nohup program works)
<rbasak> nacc: "usd merge tag" seems to fail with my current lint script, breaking it. I think we need to have a discussion about namespaces. Additionally remote names like "lpusd" created by "usd clone" are getting quite inconsistent.
<rbasak> smoser: ^
<rbasak> nacc, smoser: maybe time to update SPECIFICATION with our current understanding and additionally define all expected names used (namespaces, tags, branches, all of it), with rationale, and define what commands require what?
<sb_9> http://pastebin.com/QYHjgWfq
<sb_9> struggling with apache reverse proxy issue.
<Walex> sb_9: maybe #httpd but your query is a bit vague.
<sb_9> Walex: please check the http://pastebin.com/QYHjgWfq
<Walex> sb_9: I already looked at it.
<Walex> sb_9: have you looked at https://httpd.apache.org/docs/current/mod/mod_proxy.html#page-header
<Walex> https://httpd.apache.org/docs/current/mod/mod_proxy.html#examples
<coreycb> zul, ddellav: glance and trove b1 are pushed/uploaded
<zul> coreycb: ok
<coreycb> zul, ddellav: i think i have the ocata backports fixed up
<coreycb> zul, ddellav: we're hitting more and more packages that have debhelper >= 10.  so i've been patching it to >= 9 in ca-patches for the ocata uca.
<zul> coreycb: ok im trying to figure out this now https://launchpadlibrarian.net/293970474/buildlog_ubuntu-zesty-amd64.nova_2%3A15.0.0~b1-1ubuntu2_BUILDING.txt.gz
<coreycb> zul, hmm those deps should be ok.  os-brick is stuck in proposed though.
<zul> coreycb: yeah i think i figured it out
<coreycb> zul, what was the issue?
<zul> os-brick dep issues
<coreycb> zul, i just hit something similar with my glance upload - https://launchpadlibrarian.net/293975451/buildlog_ubuntu-zesty-amd64.glance_2%3A14.0.0~b1-0ubuntu1_BUILDING.txt.gz
<zul> coreycb: hmm...
<zul> coreycb: this is weird
 * zul scratches his head
<smoser> rbasak, sure, i agree we want consistency there.
<rbasak> smoser, nacc: I suppose the areas are: .gitconfig remote insteadOf aliases for documentation, remote names, local names for things for "usd clone", "usd merge tag" and similar and also documentation, and then separately the namespaces inside refs/ that the importer produces.
<zul> rbasak: hey me and coreycb are looking at some weirdness that has us stumped https://launchpadlibrarian.net/293975451/buildlog_ubuntu-zesty-amd64.glance_2%3A14.0.0~b1-0ubuntu1_BUILDING.txt.gz
<rbasak> zul: looks like a build-depends problem? Try using a local schroot and install all the build deps Launchpad installed manually, and apt should tell you why python-xattr >= 0.4 can't be installed.
<zul> coreycb/rbasak: it looks like python-cffi is not installable?
<ddellav> coreycb zul neutron-dynamic-routing done: lp:~ddellav/ubuntu/+source/neutron-dynamic-routing
<ddellav> coreycb zul I'm gonna take networking-ova
<coreycb> zul, rbasak I think this is the problem http://paste.ubuntu.com/23495526/
<ddellav> *ovn
<zul> coreycb: yeah i got there as well :)
<coreycb> zul, maybe we just need to sync those deps
<zul> coreycb: nah...ply was synced from debian like 2 hours ago so maybe we been caught in a transition or something
<zul> coreycb: https://launchpad.net/ubuntu/+source/ply
<coreycb> zul, ok
<coreycb> thanks rbasak
<coreycb> ddellav, n-d-routing pushed/uploaded.  i updated the version.
<ddellav> coreycb why did you add an ubuntu delta?
<zul> coreycb: did you upload neutron?
<coreycb> zul, yes
<coreycb> ddellav, because we uploaded a new version straight to ubuntu
<coreycb> ddellav, if we were uploading to debian and then syncing from debian then we could just use  -1 instead of -0ubuntu1
<zul> someone did neutron-fwaas and neutron-lbaas?
<sb_9> http://pastebin.com/QYHjgWfq
<coreycb> ddellav, did you figure out why neutron is failing on xenial by any chance?  having a hard time figuring it out.
<coreycb> ddellav, xenial-ocata that is
<rbasak> nacc, smoser: I'm not sure about "usd clone" pulling from both usd-import-team and ubuntu-server-dev either. That gets confusing quickly.
<rbasak> I was using ubuntu-server-dev to store trees from uploads before we had an importer.
<rbasak> Now that we have an importer and all usd-import-team members are core devs, can we just trust usd-import-team for now, and forget about ubuntu-server-dev?
<rbasak> Then when we're ready we just switch everything over.
<rbasak> Then we don't have to have logic in our tooling (eg. my lint) that deals with differences between the two, which we won't need in the end anyway.
<rbasak> I suggest that "usd clone" doesn't clone ubuntu-server-dev for now, and that if exceptionally you need it because something legacy is in there, you pull it manually.
<smoser> rbasak, well... i very much like a source that cannot be broken
<rbasak> smoser: that would be nice but we don't have that luxury right now. If we try, we just get split trees and no idea which to use.
<smoser> well, to me there are 3 things
<smoser> a.) import pristine stuff
<rbasak> smoser: unless you want an import-only tree (no pushing upload tags). We could maintain an effectively read-only set of package repos that could be rebuilt as necessary then.
<smoser> b.) group maintained split delta
<smoser> c.) users branches
<smoser> i dont think i really feel strongly on pushing upload tags or not.
<smoser> in the end i dont care, as long as said tags are never wrong
<smoser> increasing the number of people who push to 'a' increases likely stuff to get screwed up
<smoser> i do agree, though, that the 3 things is confusing.
<coreycb> beisner, hello, can you promote python-glance-store 0.18.0-0ubuntu1.1~cloud0 to newton-updates and neutron 2:8.3.0-0ubuntu1.1~cloud0 to mitaka-updates?
<coreycb> beisner, also newton-staging can be promoted to newton-proposed while you're in there.
<beisner> howdy coreycb
<coreycb> beisner, howdy
<huwjr> hi, can someone tell me how i can add kernel modules during a preseed?
<huwjr> problem is iâm trying to boot KVM machines with virtio modules, but i have to boot as IDE, then add the modules and edit the guests xml then reboot
<ddellav> coreycb you talking about b1 or ci?
<ddellav> re:neutron
<coreycb> ddellav, both i guess, it's basically the same
<ddellav> coreycb i asked because i built neutron in xenial-ocata before i pushed it up and it built fine
<ddellav> i haven't messed with CI today since we are doing b1 releases atm
<coreycb> ddellav, here's the xenial-ocata build that's failing for b1: http://10.245.168.2:8080/job/backport_package/1579/consoleFull
<coreycb> ddellav, i'm trying a build that runs tests serially
<ddellav> coreycb i built it locally with the sbuild-ocata helper
<smoser> huwjr, can you explain more whats the goal ?
<huwjr> currently KVM sets up host with preseed and virt-install script
<huwjr> if i want to deploy the hosts with VIRTIO devices (instead of IDE for disk and realtek for NIC) it will preseed, but the machine wonât boot because it doesnât recognise the virtio devices without kernel modules being loaded
<huwjr> so is my only option wget | bash a script to fix up initramfs and update?
<huwjr> or can i do it cleaner
<nacc> rbasak: yes, i can adjust that, similar to the default for `usd import` having been changed for now
<nacc> rbasak: and yes, re: consistency, let's talk about that
<smoser> huwjr, you did an ubuntu installation and you do not have virtio devices in the image that came out ? is that what i'm understanidng ?
<huwjr> fixed it :)
<rbasak> nacc, smoser: got time to chat about it in the next 90 minutes or so? Or do you want to leave it today? I'm not being particularly productive today. Everything I tried to do recently got sidetracked by some development bug or other :-/
<smoser> i can chat for some time, but not too long.
<coreycb> ddellav, running tests serially didn't help. i'm guessing there's a dependency difference.
<ddellav> coreycb i don't understand why it's failing for you but not on my local schroot. It's fully updated.
<nacc> rbasak: i don't particularly care about rbasak yes
<nacc> rbasak: bah! typed two lines :/
<nacc> rbasak: i have time! :)
<rbasak> smoser, nacc: https://hangouts.google.com/hangouts/_/canonical.com/git?hl=en-GB&authuser=0
<rbasak> :-)
<zul> coreycb: ply is still running atuopkgtest
<coreycb> zul, ok
<foo> Any idea why I'm seeing this? https://bpaste.net/show/fd925ff31e6d - I can't run apt-get update, it always dies with Killedg package lists... 87%
<tarpman> foo: check dmesg? wonder if you have enough memory
<foo> tarpman: actually, that's very likely what it is - good idea.
<foo> This time it said this: FATAL -> Failed to fork.
<foo> Yup. Nov 18 16:59:04 apertureps kernel: [2154877.507478] Out of memory: Kill process 18287 (apt-check) score 106 or sacrifice child
<foo> Nov 18 16:59:04 apertureps kernel: [2154877.511963] Killed process 18287 (apt-check) total-vm:114360kB, anon-rss:53392kB, file-rss:1204kB
<foo> tarpman: Here's free -m : Nov 18 16:59:04 apertureps kernel: [2154877.507478] Out of memory: Kill process 18287 (apt-check) score 106 or sacrifice child
<foo> Err, whoops.
<foo> tarpman: Here's memory: http://screencast.com/t/lRmz78Ya2 - I wonder what my options now. I only have postgres and nginx on this server
<tarpman> 66 MB free is not very much
<tarpman> your options are - tune postgres/nginx to use less memory, or get the VB more memory
<tarpman> I consider 66 MB free reasonable on my NAS that has 128MB memory total ;)
<foo> tarpman: Ha. This is a VPS at digital ocean, I think it has 512 total. It's still dev, I can shut down postgres and run this - ha
<foo> tarpman: Actually, I wonder if allocating more swap would solve this
<mybalzitch> more swap is never a good answer
<foo> mybalzitch: Why? Well, I suppose that doesn't solve the root of the problem.e g. if postgres is a memory hog and needs to be tuned
<foo> (which is possible)
<tarpman> foo: adding swap will trade your problem of processes getting killed, for a problem of processes taking minutes to accomplish anything because the disk is thrashing
<foo> tarpman: ah, ok - thank you, I'll see about tuning postgres. Thank you
<coreycb> ddellav, ok i'll try sbuild-ocata
<coreycb> i think that picks up from openstack-ubuntu-testing ppa so that could be the difference
<zul> coreycb: im seeing some weirdness with keystone as well
<beisner> coreycb, python-glance-store promoted to newton-updates re: https://bugs.launchpad.net/bugs/1604397
<ubottu> Launchpad bug 1604397 in Glance "[SRU] python-swiftclient is missing in requirements.txt (for glare)" [Undecided,New]
<beisner> coreycb, neutron promoted to mitaka-updates re: https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1635369 and
<ubottu> Launchpad bug 1635369 in Ubuntu Cloud Archive newton "[SRU] Syntax error 'type' in neutron-openvswitch-agent.neutron-ovs-cleanup.service.in" [Undecided,Fix committed]
<beisner> https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1606652
<ubottu> Launchpad bug 1606652 in neutron (Ubuntu Yakkety) "[SRU] Syntax error 'type' in neutron-linuxbridge-cleanup.service" [Undecided,Fix released]
<coreycb> beisner, thanks
<beisner> coreycb, yw.  and newton-staging is on its way to newton-proposed now.
<coreycb> beisner, just one more promotion if you can. neutron 2:7.2.0-0ubuntu1~cloud1 from liberty-staging to liberty-proposed.
<beisner> coreycb, done
<coreycb> beisner, appreciate it
<coreycb> zul, was there a python-vmware-nsxlib MIR
<coreycb> ?
<zul> coreycb: not yet...debian/copyright needs to be fixed
<coreycb> zul, ok
<Josh__> I'm having some problems with diffrent hosts acquiring locks with nfs.  The server keeps saying lockd: cannot monitor <hostname>  Any ideas?
<jge_> hey all, any of you here familiar with tomcat in ubuntu 16.04?
<jge_> tomcat complains it cant find a system.properties file
<sarnold> Josh__: are all hosts running the lockd or whatever the daemon is? the portmapper daemon? how about firewalls on the machines? or between them?
<jge_> the init script points to different paths for catalina_home and catalina_base
<jge_> which I think is the problem
<nacc> jge_: which tomcat?
<jge_> nacc: tomcat 8
<nacc> jge_: let me take a look
<Josh__> sarnold: Everything should be working on all the other machines.  Someone installed an extra hard drive and nfs stopped working because they messed up fstab.  I got that working agian, and we can all mount or nfs drives, but can't acquire locks..
<jge_> nacc: thanks
<nacc> jge_: symptomatically, to make sure i can reproduce, what do you run and what do you see? (pastebin is fine)
<jge_> nacc: our app looks for a system.properties file in any of the paths definied in common.loader=... inside catalina.properties, I've added a path for {catalina.base}/conf, place my file under /var/lib/tomcat8/conf/ but it fails to find it
<jge_> pasting trace now
<jge_> nacc: http://hastebin.com/xuhefasafi.lua
<nacc> jge_: hrm, the init-script, though, says catalina.base is /var/lib/tomcat8 ?
<nacc> jge_: meaning it should find it, i mean
<nacc> jge_: can you clarify where you think the bug is?
<Josh__> sarnold: any more ideas?
<sarnold> Josh__: not really :/ maybe the bringup order of daemons is important? I'd hope they'd have the necessary ordering built into their unit files but you never know..
<sarnold> Josh__: if it's fixed across a reboot that might be the case
<Josh__> sarnold: Maybe.. Thing is, a week ago, everything was working...  I'm not sure how that stuff would have got messed up.
<Josh__> sarnold: I'll check though.  Maybe I'll get lucky!
<jge_> nacc: yeah it should find it fine.. I just tested by creating a directory /etc/tomcat7 (our old stack) and it works fine now.. something within the app is hard coded to reference it at that location (my guess)
<nacc> jge_: ok :)
<jge_> that's lame
<jge_> thanks anyway
<Josh__> sarnold: it looks like statd and nfs-kernel-server are in the right order.  nfs starts first and then statd does, which i think makes sense.
<sarnold> Josh__: that feels right to me too. huh.
<Josh__> sarnold: it'll be painful, but maybe I'll just completely reinstall nfs..  Sucks that everyones home drives are mounted there :/
<jge_> nacc: devs are saying they dont hard code paths to it anywhere, :(
<nacc> jge_: i'm honestly not sure; i don't know too much about tomcat8, but afaict, it shouldn't have any such issues by default -- if you want to file a bug, i can try and debug it later
<jge_> nacc: ok, where would I file a bug?
<nacc> jge_: `ubuntu-bug tomcat8`
<nacc> jge_: launchpad, basically
<zul> coreycb: ping
<jge_> nacc: what's really confusing me is why would it work when I place it under /etc/tomcat7/conf and not /var/lib/tomcat8/conf .. sounds like it's hard coded somewhere and not a bug :(
<zul> coreycb: so keystone weirdness  the database creation fails and i think i know why though....there are some missing files from the database migration stuff, whoever its in the source but not in the egg
<nacc> jge_: yes, i'm not convinced it's a bug either :)
<nacc> jge_: i assume you menat /etc/tomcat8/conf ?
<jge_> nacc: no, tomcat 8 conf directory is just a symlink under /var/lib/tomcat8/conf which points to /etc/tomcat8/
<nacc> jge_: right, above you wrote /etc/tomcat7 ?
<nacc> jge_: could it possibly be permissions?
<coreycb> zul, hmm
<zul> coreycb: yeah so i dunno :)
<jge_> nacc: so the above is correct /etc/tomcat7 is what we use in production now
<coreycb> zul, what files?
<zul> coreycb: basically the migrate.cfg files
<jge_> nacc: maybe this will help clarify things, currently we deploy straight from a tar.gz to /etc/tomcat7 (catalina_home and catalina_base) end up being the same. Now we deploy tomcat 8 by whatever is on repos, but conf file now ends up being at /var/lib/tomcat8/conf
<jge_> so I put my system.properties file in there and it fails to find it..
<jge_> my head is dizzy now :\
<jge_> conf directory *
<zul> coreycb: im bugging the infra people
<coreycb> zul, that's interesting, it seems to be new since 2:10.0.0-0ubuntu1, those files were installed with that version
<zul> coreycb: yeah
<coreycb> zul, MANIFEST.in was dropped
<jge_> nacc: damnit, it was perms
<nacc> jge_: :)
<nacc> jge_: glad you figured it out, that was my best guess
<jge_> tomcat's stack trace could be more descriptive
<nacc> jge_: always true :)
<nacc> jge_: and not just of tomcat :/
<jge_> it's innacurate, not found != permission denied
<jge_> big difference
<jge_> waste of my entire day
<jge_> :*(
<nacc> jge_: no, but it's the same from unix's perspective (open failed, i'm guessing)
<nacc> jge_: it could do more verbose stuff, probably
<CarlFK> assuming this is u-s - minimal odroid image from  http://odroid.com/dokuwiki/doku.php?id=en:odroid-c2#software_release wget http://east.us.odroid.in/ubuntu_16.04lts/ubuntu-16.04-minimal-odroid-xu3-20160706.img.xz
<CarlFK> how do I set a static IP?
<zul> coreycb: hmm....i dunno its probably best for everyone if i go EoD
<zul> coreycb: but no migrate.cfg libconfig-model-dpkg-perl
<zul> coreycb: but no migrate.cfg http://paste.ubuntu.com/23497265/
<coreycb> zul, did you get ahold of anyone upstream?
<coreycb> zul, if those files are needed they should be part of the release tarball
<zul> coreycb: yeah they said i was on crack
<zul> and i agreed
<coreycb> zul, well yes, but
<zul> coreycb: :P
<zul> asshat
<CarlFK>  conf that works find if there is a dhcp server on the lan http://paste.ubuntu.com/23497416/
<CarlFK> otherwise it takes 5 min to time out.  where can I drop the dhcp client timeout to ... 10 seconds ?
<Epx998> Can someone please point me to a working ubuntu14 preseed (efi partitions) file?  having issues with getting one to work properly.
<CarlFK> Epx998: I would ask in #ubuntu-installer
<ikonia> CarlFK: I think there is a kernal param for it, but I'm not sure
<CarlFK> kernal param?!  thats surprising.   unless it maps to some /etc/foo.conf option too.  that's what I am expecting
<ikonia> certain things you can pass in
<ikonia> I think there is a timeout param thats passed into dhclient
<ikonia> the only way to do it is from a kernel boot arg,
<ikonia> (you could do it from the config file too if this is not an install)
<ikonia> I may have miss read that you where doing this as part of an install
<ikonia> if not - just change the dhcp.conf or the args that network manager/systemd unit file pass into dhclient
<CarlFK> dhcp.conf .. all I find is etc/samba/dhcp.conf
<CarlFK> this is post install.  I have 5 boxes I need to move between 2 lans.  one doen't have a dhcp server
<nacc> CarlFK: sorry, can you re-explain what your issue is?
<CarlFK> nacc  conf that works find if there is a dhcp server on the lan http://paste.ubuntu.com/23497416/
<CarlFK> if I plug that box into a lan (or no lan) with no dhcp server, it takes 5 min to time out
<sarnold> if you're moving computers back and forth between networks with dhcp and without dhcp .. this is going to be an interesting thing to solve.
<CarlFK> I want to drop that to like 10 seconds
<nacc> i would guess /etc/dhclient/dhclient.conf ?
<nacc> default is 'timeou3 00;'
<nacc> *timeout 300;
<nacc> CarlFK: drop that to 10?
<sarnold> man 5 interfaces  shows an example of moving between networks and using a script to figure out which network you're on
<CarlFK> dhclient.conf looks like what I was looking for
<CarlFK> yep.
<CarlFK> sarnold: I may look into that some day.  for now  having 2 interfaces is fine
<CarlFK> these are more like appliances (for recording conference talks) not my laptop that I take to coffee shops and such
<sarnold> at some point I started pining for just running the ip addr and ip route commands by hand again. :/
#ubuntu-server 2016-11-19
<JohnMcClain1> Need to pass file location as flag. The file is a file up in the directory. "..settings.txt" doesn't work. How should I do this?
<cncr04s>  ../settings.txt ?
<mybalzitch> uh
<mybalzitch> hm
<mybalzitch> \.\.settings.txt
<mybalzitch> maybe?
<mybalzitch> wait
<mybalzitch> totally misread, ignore me
<jurislav> hello
<jurislav> anyone willing to help with dial NIC issue, please?
<jurislav> vlans involved, perhaps
<ikonia> dial nic ?
<freakyy> hi all. i have a question. i have installed ubuntu server but in root account vim behaves strangely (over ssh dont know locally) ... if i press i to insert, it doesnt show it at the bottom and if i exit it it suddenly moves 1-2 lines down before closing it looks like its not using the whole screen?
<freakyy> or, more than the whole screen
<docmur> Is there a package or way I can have my network interfaces automatically show up as eth1 ... ethn instead of enp0s1 etc...?
<freakyy> where does duply set up backups? ive got an ssd and cant backup to there but instead on my hdds but i dont know where duply stores the backups?
<OerHeks> freakyy, depends what is in your ~/backup.sh >> https://help.ubuntu.com/community/DuplicityBackupHowto
<freakyy> hi all. what is the best backup tool besides duply/duplicity? .. for ubuntu server?
<ikonia> define best
<freakyy> something which is widely prefered over other solutions
<wolflarson> rsync
<robb_nl> why you want to exclude duplicity? because you know that one? I suggest to first define for yourself what you need. What protocol do you want to use? Do you need encrypted backup? Is it for a single server or multiple servers? what backup hardware do you intend to use?... with the info you give, it is impossible to give an answer what the "best" backup tool is.
<freakyy> Well .. I need sftp and encrypted backup. I backup to a backup server from my hosting business. only for one server.
<freakyy> sorry had to kill screen ;D
<jurislav> anyone willing to help with vlan + kvm?
<jurislav> basically, i just can't get it working :)
<JohnMcClain> http://i.imgur.com/9Yu6Lbx.png . On the right is what runs in php's exec(). On the left is the permissions of /var/www/html/images/. If I copy/paste the command into terminal, it successfully creates the image. What might I be missing?
<tarpman> JohnMcClain: which user are you when you copy-paste the command
<tarpman> JohnMcClain: looks to me like images needs g+w
<JohnMcClain> /usr/bin/convert -trim -density 200 /var/www/html/test.pdf -quality 600 /var/www/html/images/001a600386ea6a061e3f4eb68818660b.png I'm using putty.
<JohnMcClain> tarpman: that was it. g+w got it working.
<tarpman> JohnMcClain: you didn't answer the question "which user are you", but based on g+w fixing it, I'm guessing you were root and not www-data
<JohnMcClain> www-data
<JohnMcClain> I am root. PHP is www-data.
<tarpman> right. so the correct test case would have been "sudo -u ww-data /usr/bin/convert [...]"
<JohnMcClain> I suppose for the imagemagick command, the exec() function does not receive any output on what happens in Ubuntu.
<tarpman> I'd expect a permission denied message or something. I don't know offhand whether exec() captures stderr or only stdout
<tarpman> it might show up in your apache error log instead of the result from exec(), or something like that. I can't say offhand
<JohnMcClain> Let me see if that's the case.
<JohnMcClain> Yes. that is the case. Thanks for going above and beyond, tarpman.
<tarpman> cheers, glad it helped
#ubuntu-server 2016-11-20
<binia> morning
<binia> i just noticced a problem when doing upgrade on ubuntu server 16.04
<binia> with php7.0
<binia> tried then to reinstall or remove it even
<binia> http://i.imgur.com/LkcuMQ1.png
<binia> moved 7.0 folder from /etc/php/ and still no difference
<binia> help please :)
<law> hey all, I'm setting up a pre-seed file, but can't seem to figure out how to set answers to these two questions:
<law> "Partition disks - Amoutn of volume group to use for guided partitioning"
<law> and "Choose one or more pre-defined collections of software.  Choose software to install..."
<soahccc> Hey guys, I upgraded a somewhat "idle" server from 12.04 => 14.04 which not much going on in terms of services and had no problems. Do I have to expect problems with a machine with more services and self compiled stuff? In terms of linked libraries, etc. Just want to know what I'm getting into :)
<mauritslamers> hey all, I have a peculiar problem: I am trying to run sudo on a fs which has been mounted ro because of a problem, but it doesn't allow me anything, as it claims that / is mounted with no-suid, which it isn't... any light on why this might be the case?
<mauritslamers>   /usr/bin/sudo has its suid bit set, to that is not the issue
<ikonia> is the root file system read only ?
<mauritslamers> ikonia: yes
<ikonia> no sudo for you then
<mauritslamers> what I find strange is that there are other mount points which seem to be read write mounted with tmpfs, but they are too read only
<yoink> neither here nor there but does anyone have a suggestion for a straighforward-to-setup logfile agregator?
<lordcirth> yoink, to gather them, or to view?
<yoink> lordcirth: ideally it would handle both; thought I've setup rsyslog forwarding, I just find it a bit fidlly but then I'm not leveraging any number of other tools to help do so.
<yoink> thought = though
<lordcirth> yoink, for example, there is lnav to view logs.
<yoink> lordcirth: anything in the same vane as greylog?
<lordcirth> yoink, if you have many servers to manage, then you should use a configuration management tool such as Salt, which will make configuring them easy.
<lordcirth> *vein ? No, I'm not familiar with greylog, sorry
<yoink> thanks
<jasonbbb> hey anyone available?
<jasonbbb> need help configuring smtp on localhost where ISP blocks port 25. New to setting up server but everything else is configured for a website and is up and running yet cant send email verification emails out.
<sypher> jasonbbb: You can configure postfix to relay via TLS-secured SMTP using a remote relay service.
<jasonbbb> any links to tutorials for this as i am completely stumped where to begin
<teward> jasonbbb: you would need an external SMTP server, somewhere, with auth configured to be able to send emails out over that way
<teward> and even if that weren't the case, your ISP would probably be in the blacklist as a dynamic range.
<sypher> jasonbbb: Start here: https://blog.bravi.org/?p=1065
<sypher> jasonbbb: And consider a service like Mailgun as your relay.
<teward> yep
<jasonbbb> what are the summary of the desired steps to set up mailgun? does my server connect via smtp to that server to forward emails type of thing
<teward> pretty much
<teward> though i don't remember all the steps / full process
<jasonbbb> which would require me to set up my post fix with the auth file to send to mailgun basically correct me if im wrong.
#ubuntu-server 2017-11-13
<hallyn> cpaelzer: yeah i was going to use it to check whether upstreamahd fixed the broken qemu-img convert -O vmdk wrt esx5
<hallyn> cpaelzer: I do remember it was a pain to keep running at times, so I'm not complaining if it's not worth your time.
<hallyn> Although, it did also save time at merges
<hallyn> cpaelzer: how were you doing it?  were you keeping the packaging for the daily in its own git tree?
<cpaelzer> hallyn: yeah I started an own git tree (owned by the repos user) which was a stripped down debian/ dir
<cpaelzer> hallyn: and then set up a LP recipe which pulled together repositories as needed
<cpaelzer> hallyn: the recipes are also in the git of the LP user
<cpaelzer> hallyn: I didn't delete anything, just disabled the recipes and added the statement why I disabled it on the ppa description
<cpaelzer> btw - good morning everybody
<lordievader> Good morning
<ikonia> /w/win 10
<ikonia> oops, sorry
<Prototip> I have a question... what is the benefit of using netplan in newer ubuntu-server releases?
<Prototip> from what I've read it does not work with openvswitch yet.. even so..   is yaml config so appealing these days?
<cyphermox> Prototip: it's not a matter of whether it's YAML. The idea is to have a single common place to write networking configuration so users don't need to learn systemd syntax and NetworkManager syntax and something else, etc.
<cyphermox> Prototip: so you can configure your networking the same way you did for ifupdown (sure, the syntax and grammar are a bit different, but we hope intuitive enough), when ifupdown started to show issues with complex network setups with bridges, vlans, etc. involved
<Ussat> wait, what did I miss,  /etc/network/interfaces is not what it used to be ?
<Ussat> because editing that is how I did/do all my server interface config
<xnox> Ussat, in zesty and up, ifupdown is no longer installed by default. Instead installers write out netplan yaml configuration file, which then on server by default uses systemd-networkd to bring networking up.
<Ussat> ...
<xnox> Ussat, on upgrades, as usual, existing configuration and installed packages are preserved.
<Ussat> well, good thing mt 16.04 LTS isnt changing anytime soon
<xnox> Ussat, ifupdown is racy and broken with bonded vlans among many other things =/ it really is not reliable at all.
<xnox> Ussat, 16.04 LTS ships netplan as a supported, but not default, option.
<Ussat> right, reding now
<Ussat> I assume next LTS it will be the default
<Prototip> cyphermox: if networkmanager would know how to parse /etc/network/interfaces, the problem would be solved already.
<xnox> Ussat, it is default in zesty and bionic, yes.
<cyphermox> Prototip: no, because it did and that was a load of pain.
<xnox> Prototip, no. as /etc/network/interfaces allows arbitrary code execution / it is turing complete scripting language. network-manager xml / networkd units are not.
<Prototip> xnox: oh, you mean pre-up and post-up scripts.. yes, that can get ugly..
<Prototip> xnox, cyphermox: I hope that by 18.04 netplan supports openvswitch too.
<Ussat> 16.04 is still latest LTS right ?
<Prototip> I am all for switchover to better solutions as long as they do not downgrade functionalities
<xnox> Prototip, also arbitrary hooks, the accept arbitrary any-case additional keys, with silent substitution of _ and -
<xnox> Ussat, 16.04 LTS is the current LTS, we are currently developing bionic which will become 18.04 LTS in April - 2018-04
<xnox> 16.04 is supported for 5 years, plus to be announced paid-only Extended Security Maintainance (ESM).
<xnox> given how popular ESM is for trusty 14.04, I expect there will be 16.04 LTS ESM too
<Ussat> Well, guess better grab a 17.X server and play with it
<compdoc> I installed a 14.04 server for someone, and cant wait to upgrade it
<xnox> compdoc, well 16.04 has been out for a long time =) to upgrade 14.04 machines....
<xnox> compdoc, unless you are waiting for 18.04 to release to upgrade 14.04 -> 16.04 reboot -> 18.04 reboot in one go.
<compdoc> I cant justify the cost. I have to wait for it to expire
<Ussat> screw that, just clean install a8.04 at that point
<Ussat> 18
<Ussat> bah
<Ussat> need more coffee
<hanna> `apt upgrade` is stuck on the dpkg unpack gitlab-ce step. htop shows the status as D (uninterruptible sleep, usually disk I/O) and the disk usage of the process is minimak
<hanna> It writes a few hundred MB/s for some amount of time and then just goes defunct like this
<hanna> Nothing has changed since then
<hanna> No log, no dmesg output, nothing
<hanna> Any idea what could be going on and how to fix it? It's rather annoying having `apt upgrade` hang forever
<hanna> Heh. just completed
<hanna> Just spent forever doing literally fuckall
<hallyn> cpaelzer: ok, i *may* see about making that live again.  though i guess now that qemu can mainly merge from debian it's far less useful.
<cpaelzer> hallyn: yep
<cpaelzer> hallyn: I won't stop you maintaining the ppa if you want, it just lost its value for me
<cpaelzer> hallyn: it worked when I was merging libvirt/qemu anyway as I knew what changes were currently in flight
<cpaelzer> hallyn: but then the usability falls of and maintenance rises
<cpaelzer> hallyn: on the last cycle it didn't give me huge plus on the "easen the next merge" thing
<dpb1> hallyn: and it had just 1 download. :)
<hallyn> dpb1: but that one download may have been inordinately helpful :)
<hallyn> yeah it would probably make more sense if anything to collaborate with debian on a single bleeding edge package; and really that's not necessary
<hallyn> mjt does too good of a job :)
<dpb1> hallyn: hah
<jamespage> coreycb: I should have all of the oslo* in PPA before I eod (apart from messaging - see note)
<jonfatino> Do anyone have a good script to backup volume groups
<jonfatino> vgscan, foreach   create snapshot, for each snapshot dd if=snapshot of=/backup/snapshot.img  then remove snapshot?
<coreycb> jamespage: ok sounds good!
<Ussat> so looking at netplan, and the syntax is very easy to follow, makes sence, BUT, how do I down/up the interface ?
<ahasenack> Ussat: I think with ip
<ahasenack> i.e., no new tool for that
<ahasenack> but I could be wrong
<Ussat> looking now
<Ussat> ip link set <device> up/down
<cyphermox> correct
 * cyphermox adds that to the FAQ
<Ussat> its just ifup/ifdown was...simpler
<Ussat> I have a test vm to play with all this, just getting prepared
<Ussat> well, multiple test vm's
<dpb1> Ussat: continued feedback is welcome
<Ussat> glad to help
<Ussat> OH, BTW, if one decides to install the ifupdown package, it will still not work, because /etc/networ/interfaces is not populated....someone may (like I did) make that assumption
<Ussat> BTW I am testing on server 17.10
<Ussat>  /etc/network/interfaces
<Ussat> they syntax is VERY easy to fillow and is very intuitive though
<Ussat> first look at it was easy to tell what was what
<cyphermox> /etc/network/interfaces is never filled in automatically, that's always done as a "discovery" step as the installer runs (hence why it will try to do DHCP and then ask you for stuff). The installer now simply writes config to /etc/netplan instead
<hallyn> there's no ifupdown backend for netplan yet right?
<teward> is there a way to override netplan and force the use of the traditional /etc/network/interfaces at all?
<teward> or no?
<sarnold> I thought netplan just wrote the config files and then it's on you to use the existing tooling?
<Ussat> Honestly, I dont see a need for a ifup/down for it...it took me about...3mins to figure out what I needed
<dpb1> teward: that is one of the questions we will put in the FAQ as well.
<Ussat> nope, existing ifup./down doesnt work, use the ip command I posted earlier
<dpb1> cyphermox: ^ have a sneak preview answer for teward? :)
<teward> dpb1: i arrived late, but i'm asking this because it's fubaring a VPS installation :)
<Ussat> Honestly, it took me very little time to figure it out
<Ussat> and I kinda like it better
<Ussat> just my 2 cents
<teward> well when you are stuck using SolusVM for VPS management and it in turn hates everyone and wants the traditional method of configuring things...
<dpb1> sarnold: yes, that's correct.  That is the intent.  not to be a total abstraction, just to abstract the config generation.
<teward> you're stuck.
<cyphermox> sarnold: precisely, it's just a translator for $backend
<cyphermox> teward: if all you have is SolusVM, you probably can't preseed the install a special way either, so you're probably quite stuck indeed.
<teward> cyphermox: true statement, this is why I prefer mounting the ISO in KVM even though Solus manages that, so I just manually install :P
<teward> but the issue still remains.
<cyphermox> that VPS provider should update their magic to take into account that things may not just be ifupdown or ifcfg
<teward> tell it to Solus not the provider :P
<cyphermox> yeah, becoming a VPS is so cool we'll make so much money
<drab> vpsbasement.com
 * drab now wonders if that actually exists
<drab> it's not, quick, it's a great business opportunity
<cyphermox> drab: I claim 30% profits, it was my idea ;)
<teward> cyphermox: well i claim 60% profits because i own the domain now as a subsidiary of Dark-Net.IO, and therefore own the name unless you can prove otherwise.  :P
<teward> well i could rather :P
<teward> but i'm lazy and don't want to set up *another* business.
<cyphermox> powersj: hey, I think I'd really like to know more about how your preseed is being done for the smoketesting, because preseeding layoutcode works here, at least the way I've always learned how to do it (preseeding layoutcode, not layout)
<cyphermox> auto=true url=http://people.canonical.com/~mtrudel/preseed/full-bionic.cfg
<cyphermox> powersj: ^ so far, this is working with a mini.iso on ppc64el, I'm at installing the packages
<powersj> cyphermox: https://paste.ubuntu.com/25956524/ is what we use for the pressed itself
<cyphermox> my preseed isn't quite complete though, missing bits here and there to partition correctly, and to set the hostname
<cyphermox> yeah, your preseed is basically the same w.r.t layoutcode.
<powersj> cyphermox: thoughts on what to try next? have you used a full server iso?
<cyphermox> not yet, that goes next
<cyphermox> I'm adapting your preseed to remove anything unrelated, and I'll run one test with mini.iso and one with a full iso
<cyphermox> but hey, I don't see why that would really matter to picking a keyboard.
<powersj> ok thx
<cyphermox> initial test done, looks fine with my old preseed
<cyphermox> so now I'm running mini.iso with yours, but added a small change to recognize that it's different
<cyphermox> (preseeding us:intl, which is definitely not default)
<drab> if you're on the subject of preseeding
<drab> I can't stop the installer (of mini.iso) from asking which drive to partition and which to install grub to...
<Epx998> im always on the subject of preseeding
<drab> any clue about that?
<drab> hurray for that, I almost sorted out all the issues except that and the iface selection
<Epx998> dont get me started on iface selection
<drab> yeah, I remember your qs from days ago...
<drab> cyphermox: powersj ^^^ if you have any hint
<Epx998> i use for grub
<Epx998> d-i grub-installer/only_debian and d-i grub-installer/with_other_os  set to true
<Epx998> i never get asked for which drive
<powersj> ^ same
<powersj> https://raw.githubusercontent.com/powersj/ubuntu-server-preseed/master/preseed.cfg is what I've used in the past for 100% fully automated
<Epx998> for networking, i read an thread somewhere that ubuntu has a bug with offboard nics, even if you set the interface statically to say eth4, afterwards it will try eth0 and fall on its face
<Epx998> one thing I wish was more easy, adding modules to a kernel after an install
<dpb1> /etc/modules?
<nacc> Epx998: you mean out of tree modules?
<Epx998> nacc: yeah an ixgbe driver again :D
<nacc> Epx998: not sure why that should be 'easy'
<nacc> Epx998: use dkms, i guess
<Epx998> more easy :D
<nacc> Epx998: dkms is pretty easy
<nacc> Epx998: sounds like a vendor problem, tbh.
<Epx998> i built a new netboot initrd.gz with the 3.13.0-117 kernel i think, with the latest ixgbe driver - once a OS is deployed, need to get the installed kernel with the same module.
<Epx998> dkms havent used it before let me check
<nacc> Epx998: right, you want dkms, which lets you maintain a kernel module source that gets rebuilt against all installed kernels
<nacc> Epx998: that's the problem dkms tries to solve
<Epx998> nacc: I can do this during a netboot install?
<nacc> Epx998: you'd still have to build the isntaller module by hand, I think
<nacc> Epx998: you could, if the dkms package was available to install
<Epx998> hmm
<nacc> Epx998: that is, you need to install a binary package that contains the dkms module source
<nacc> Epx998: `reverse-depends dkms` to see example packages
<Epx998> means hacking at my network installer more
<Epx998> top
<Epx998> what i have now almost works, i have ixgbe available after a restart from an install, but my post scripts are not executing
<Epx998> d-i preseed/run string does not run as expected
<drab> Epx998: powersj sry had to go afk, I have both options set (debian_only and with_other_os) and I still get asked
<drab> recently tried to rpeseed a desktop with 3 disks, ssd which was supposed to be root/main and 2 other spindles
<drab> and got asked
<drab> can pastebin the preseed and boot line if it helps
<Epx998> is your device sda?
<drab> yeah
<drab> that's what I end up putting in anyway , same for the grub question, have to type out /dev/sda
<Epx998> https://gist.github.com/anonymous/14cfc3ad49d230a89c4803428a8a4882
<Epx998> that is one of my preseeds
<Epx998> better yet https://gist.github.com/anonymous/0973564df935ce9f60ade0cbc48269d1
<drab> http://dpaste.com/2G8TKTN
<drab> that's what I'm using
<Epx998> I do have -> d-i partman-partitioning/no_bootable_gpt_biosgrub boolean false as well
<drab> the only "wird" thing I do is the custom partitioning, because by default the swap is craeted as 2xram which makes no sense on newer systems
<Epx998> there is a way to get all the options, sec i just did this last friday to get passed a kernel module question
<drab> but that's after drive selection anyway
<drab> I've seen some ppl piping in scripts to select the drive
<Epx998> debconf-get-selections --installer > file
<Epx998> that gets you every d-i option, good reading
<drab> but there seems more complicated than should be needed to write to the "first connected drive"
<drab> umhk, will take a look, I thought that was including all the installed packages etc
<drab> on --installer
<drab> good one
<drab> Epx998: I get nothing out of it
<Epx998> # Install the GRUB boot loader to the master boot record?
<Epx998> grub-installer  grub-installer/with_other_os    boolean true
<Epx998> thats from get selections output
<drab> right, and I have it in my preseed, line 68 in the pastebin
<Epx998> # Install the GRUB boot loader to the master boot record?
<Epx998> grub-installer  grub-installer/only_debian      boolean true
<Epx998> same comments added to each heh
<drab> yeah and I have that before the other one :)
<drab> line 67
<Epx998> # Device for boot loader installation:
<Epx998> # Choices: Enter device manually, /dev/sda  (ata-MB1000EAMZE_9WK3CL1J), /dev/sdb  (usb-General_USB_Flash_Disk_0415100000014014-0:0)
<Epx998> grub-installer  grub-installer/choose_bootdev   select  /dev/sda
<drab> do you have that in urs?
<drab> without the systemd predictable naming... was it ensurad that the disk connected to sata0 port was gonna be sda?
<Epx998> i do not - but...
<drab> or was that also up for grabs?
<Epx998> i dont get asked what youre getting asked :D
<drab> right
<drab> that's what I thought you said
<drab> so I don't get why I am...
<drab> and I don't get asked if there's only one disk
<drab> so it's clearly something happenign with multiple devices
<Epx998> so you have 2 disks
<drab> 3
<Epx998> i only ever have 1
<drab> but yeah, 2 will do too
<drab> ah
<drab> yeah then I don't get asked either
<Epx998> if i had 2, i may need that line
<drab> ok, I'll try that line
<Epx998> we can only break it worse
<Epx998> could be worse in that, your farm is running ub12 with a provisioning setup that uses both a ubuntu preseed AND a kickstart cfg file :D
<drab> like I said, it was...
<drab> even ub11 and I found one ub9
<drab> so there, I win, I'm the king of cruft :P
<Epx998> did it work?
<drab> sort of, they couldn't do anything anymore, but ips were given out and traffic was making it to the internet
<Epx998> i meant the other fix
<Epx998> but i hear ya, my dev team wants an ub16 builder and said the ub12 packagesa were the same
<drab> oh, I don't know, I've added a task on my todo to try later, I just thought I'd ask since ppl were talking about preseed
<Epx998> if i change my netboot kernel to match whats installed by the installer, would the kernel modules i build into netboot be added automatically?
#ubuntu-server 2017-11-14
<Epx998> i think i finally beat this thing into submission
<cpaelzer> good morning
<rbasak> o/
<Jenshae> Greetings and salutations, denizens and ladies.
<Jenshae> joelio: I have set up the machine with the SSD to boot it and using " sudo zfs mountpoint=/home/user pool/user " I have linked it onto the SSD. How do I now confirm how much available space is in that folder? Disk Analyser for example only shows what is used but not what is left as free space.
<gunix> anybody used juju charms to deploy openstack?
<jamespage> gunix: yes
<jamespage> gunix: #openstack-charms is a good place to go ask questions on that topic, but here is ok as well
<jamespage> coreycb: I've been working on deps again today - mostly done - just working on the stestr/ostestr bits and pieces to allow the neutron/ovsdbapp uploads
<jamespage> coreycb: zunclient builds now - can you upload a backport-less version to the PPA please
<coreycb> jamespage: great, yep will do
<coreycb> jamespage: i recently added py2 support for python-daiquiri (it's py3 only in debian) but I think I can drop that in favor of moving gnocchi to py3 only.
<jamespage> coreycb: agreed
<coreycb> jamespage: i also need to fix dep8 tests for daiquiri so i'll work on that in the ci-train ppa. i'll look a gnocchi today too.
<joelio> Jenshae: with ZFS it's (kinda) sparsely allocated so you can add more mounts from the pool.. what does df say?
<jamespage> coreycb: I'm going to start working on some of the core projects now
<jamespage> will use the ss to track
<jamespage> coreycb: gnocchi might be a good place to start I guess
<coreycb> jamespage: great, will do the same!
<jamespage> coreycb: we're working on the same thing here
<coreycb> jamespage: are you doing gnocchi?
<jamespage> yes
<jamespage> 4.1.0
<coreycb> jamespage: ok go for it
<jamespage> coreycb: ta
<jamespage> sorry about that - did not make it super clear that I was going to start on gnocchi
<coreycb> jamespage: np, i had a start on it but wasn't working so i'll diff vs what you end up with and learn something
<joelio> Jenshae: zpool list
<jamespage> coreycb: synced https://launchpad.net/ubuntu/+source/python-tenacity/4.4.0-2 btw - no good reason to keep our diff
<coreycb> jamespage: yep works for me
<coreycb> jamespage: will that require breaks/replaces to replace python-gnocchi with python3-gnocchi?
<jamespage> coreycb: no - the pathing is different
<coreycb> jamespage: ok. shall we move all core projects to py3 only where possible for this milestone?
<cpaelzer> dosaboy: jamespage: on bug 1466926 I have a ppa and some expertements, but I fail to reproduce so I'm unsure if it is a fix
<ubottu> bug 1466926 in apache2 (Ubuntu Xenial) "reload apache2 with mpm_event cause scoreboard is full" [Undecided,Triaged] https://launchpad.net/bugs/1466926
<cpaelzer> dosaboy: jamespage: since you meant you had some context in this issue, if you know how to trigger it please help to get some steps to reproduce that work
<Ussat> so, played with netplan a lot lastnight....I can live with it
<drab> it's not gonna be pushed down to LTS, is it?
<drab> I mean xenial
<sdeziel> drab: netplan is available for Xenial (in universe though)
<Ussat> its actually very useable once ya get used to it
<drab> I'm sure, I just can't imagine to learn something new and update all the instances we have
<drab> I just have enoguh work for the next 2 yrs
<rbasak> It's office hours in #ubuntu-server. Highlight rbasak for attention. See https://community.ubuntu.com/t/irc-meeting-office-hours/1491 for details.
<slashd> rbasak, dpb1 I have one thing since there is no agenda anymore....
<rbasak> Sure  :)
<slashd> We are working on a MIR for pcp (LP: #1700827).... we got an ACK from security and few comment by MIR approval team... we need to find a owner for pcp/papi bug
<ubottu> Launchpad bug 1700827 in pcp (Ubuntu) "[MIR] pcp package" [Medium,In progress] https://launchpad.net/bugs/1700827
<slashd> could server team look if they can own them ?
<rbasak> That's really a question for the Canonical server team, rather than us wearing an Ubuntu hat.
<slashd> rbasak, sure make total sense
<rbasak> And for that, it's down to dpb1, who is travelling at hte moment.
<slashd> rbasak, I'll ping dpb later then thanks
<ahasenack> what's missing, sponsorship?
<rbasak> I assumed he needs a team subscription
<ahasenack> ah, finding an actual owner
<ahasenack> before sponsoring
<ahasenack> I see
<slashd> rbasak, yep team subscription
<rbasak> And this usually comes down to: is dpb1 willing to commit Canonical resources to maintaining the package in main.
<slashd> rbasak, ack I'll contact him
<slashd> rbasak, thanks
<rbasak> You're welcome :)
<cpaelzer> slashd: last time I tested that things it broke on about every place possible - so make sure I'm not asked if we want to own
<cpaelzer> slashd: was the new dependency I pointed out in th gdoc sorted out - I didn't see an update but must admit I didn't check explicitly
<slashd> cpaelzer: dgadomski tested it and he couldn't reproduce what you are experimenting
<slashd> dgadomski, you reviewed the pcp gdoc right ? and couldn't reproduce what cpaelzer had experimented ?
<dgadomski> slashd: I tried to crash any binary I could find in the package, was there a particular scenario to test in the gdoc?
<slashd> dgadomski, I don't think there was an exact reproducer AFAIK
<dgadomski> so I did my best when I was working on the autopkgtests
<dgadomski> without any segfaults
<slashd> and cpaelzer the code that has been ACK by security is the newest upstream one, not what is found in ubuntu atm
<slashd> after they made serious improvement
<cpaelzer> maybe the new version is better
<cpaelzer> I'll take a look if I find some time
<cpaelzer> slashd: and about the dependency?
<slashd> cpaelzer, the papi dep is under review by MIR approval team atm and security team
<cpaelzer> slashd: ok, and no depeer follow on dependencies there?
<slashd> dgadomski, ^
<dgadomski> no, I don't think there are any non-main dependencies involved
<slashd> cpaelzer, so papi is waiting on security team ACK for now, and pcp I'm working on a few stuff asked by MIR team (switch dpkg-source from 3.0 (native) to 3.0 (quilt), ...
<slashd> thanks dgadomski
<dgadomski> thanks
<slashd> cpaelzer, let us know if you need anything from us
<xnox> cpaelzer, somehow i was under the impression that we do have /dev/kvm inside our e.g. Openstack Virtual machines.
<xnox> cause e.g. we do launch nested kvm, as part of systemd autopkgtest
<xnox> smb, is ubuntu kernel patched to somehow speciality default to nested_kvm=1?
<smb> xnox, it does not change defaults, so intel no, amd yes. but that was changed by kvm-qemu install
<smb> something to add modules parm into /etc/modprobe.d iirc
<smb> xnox, on xenial.x86: cat /etc/modprobe.d/qemu-system-x86.conf
<smb> options kvm_intel nested=1
<xnox> cpaelzer, are you planning to keep that? ^
<xnox> cpaelzer, smb - i wonder if we need to sru qemu to specify nested=1 option on s390x too, exted qemu-system-init to load module on s390x; and then sru kernel that makes kvm a module, rather than a built in.
<xnox> cpaelzer, smb - or can we somehow change the built-in module option as a kernel config change? (if that at all makes sense, no idea if built-in module options are tweakable)
<smb> xnox, that option might be an early one, which would require it on kernel cmdline. generally option values can be changed via sysfs but if its something done at init time there would be no effect
<xnox> smb, code patch ? =)
<xnox> #ifdef __s390x__
<xnox> int nested=1;
<xnox> #else
<xnox> int nested=0;
<xnox> #endif
<xnox> lolz
<rbasak> (office hours are now over)
<Jenshae> joelio: Not familiar with df but need to go now. o7
<azerty> hi there
<azerty> is it possible to animate the color of shell ?
<dpb1> if he were here, I would tell him, kind of
<sarnold> dpb1: well now I'm kinda curious :)
<sarnold> I've seen those PS1 tricks .. but that's not really what I'd call _animated_
<dpb1> heheh
<dpb1> I think those are the closest I got!
<sarnold> I mean people are doing crazy things with terminals these days https://github.com/p-e-w/ternimal but .. that's not really the shell that's animated there, hehe
<dpb1> sarnold: I like the fallout themed one, like an old CRT.
<dpb1> "cool-retro-term"  great package name
<drab> is there a known nice ubuntu based rescue iso that ppl use?
<drab> something that will ship with dd_rescue, some data recovery stuff,and general debugging tools
<drab> systemrescuecd seems to not be working very well anymore
<drab> https://distrowatch.com/table.php?distribution=ubunturescue
<drab> but apparently it's now discontinued
<genii> Not ubuntu based, but UBCD is very useful
<genii> !ubcd
<genii> Hm
<genii> drab: http://www.ultimatebootcd.com/
<drab> sadly enough here people need GUIs and to an extent that's fair beacuse sometimes we need to debug audio or video peripherals on desktop machines and need GUI for real
<drab> I might just have to use an ubuntu livecd and have a script that pulls in the tools I need
<drab> to bite the bullet and figure how to customize an iso
<drab> I tried a few times and always ended up being a painful experience
<genii> I think remastersys might still be a thing for that
<genii> Alternately, just install to a USB stick, boot to that and install things, make copies
<drab> oh, that's not a bad idea. I wanna pxeboot tho. I'm wondering if I then dd the key to a file if I can boot that
<genii> If you go that way, might want to make modifications so GRUB only looks for the local hdd it booted from, and revert to old eth0 wlan0 interface naming scheme
<drab> good points
<genii> So if you use some scripts the naming can be the same on any machine, plus GRUB won't make entries for a computer that's it's not currently plugged into
<drab> maybe I'll give it a go if I get a minute one of thse days, not super urgent
<drab> fot now I'll just give ppl a live ubuntu desktop
<drab> it'll keep them busy for a while :)
<drab> pxe booting liveCD is really neat, wish I knew that years ago
<drab> actually tbf I found you can pxe boot squash files
<drab> cuztomizing that should be simple as well
<drab> in a chroot, but maybe not
<genii> And with dnsmasq pxe is way easier than the old days of setting up isc-dhcp-server
<drab> the only thing I wish dnsmasq had is a db backend so that I could script it more easily, especially from the inventory system and tied into new device registration
<drab> similar to dns with pdns
<drab> (if one wanted to use that for dns instead of dnsmasq, which can be useful)
<DammitJim> man, I am so confused
<DammitJim> I think I need to add more RAM to my ubuntu servers, but it's hard to tell
<DammitJim> I"m using free -m and it's showing I'm basically using all my RAM
<DammitJim> however, if I run: cat /proc/meminfo, it shows like more than half of the RAM as Inactive
<DammitJim> what does that mean?
<TJ-> DammitJim: 'free' RAM is used for caches and buffers
<TJ-> !ram | DammitJim
<ubottu> DammitJim: If you are wondering why some tools report your system has very little free memory, have a look at http://www.linuxatemyram.com/
<DammitJim> so, I am OK by just looking at "used memory" and subtracting that from the total memory
<DammitJim> that gives me a good number for utilization, right?
<DammitJim> versus looking at "free" memory
<sarnold> dammitjim has a knack of leaving just before I get here
<drab> didn't freenode allow you to record a msg for registered users?
<sarnold> yeah, it probably still does, but it's hard to spot when logging in
<drab> fair enough
<sarnold> drab: the last time I used it, the guy replied to me weeks later, it took a while to find it, hehe
 * drab just typoed one of his favorites
<drab> I realize it's lame, but, while telling, it lifts up my humor every time it happens: sudo shitdown -h now
<sarnold> heheh
#ubuntu-server 2017-11-15
<beatzz> I just installed Ubuntu Server 17.10 on a new system, with LAMP & OpenSSH selected for install.
<beatzz> I ran ufw default settings, and allowed ssh + http
<beatzz> modified /etc/netplan/01-netcfg.yaml for a static ip setup
<beatzz> and I am connected, I am able to apt-get update/upgrade
<beatzz> but I am getting no connection to my server via ssh/http
<beatzz> the router's port mapping is also correct, wide open to the servers ip address.
<beatzz> from my point of view, it looks like it should work. Anyone have any insight on this situation for me?
<sarnold> does netstat or ss show apache listening on the ports and adresses you expect?
<beatzz> yes, both
<beatzz> sudo netstat -anp | grep apache && ssh both return LISTEN
<sarnold> does netcat on localhost work to connect to those services? how about netcat on another host on the LAN?
<beatzz> although it dosent specify the address, just "tcp6    0    0 :::80    :::*    LISTEN    892/apache2"
<sarnold> does 'nc ::1 80' work?
<beatzz> I will check
<beatzz> no error, but it's not returning anything
<beatzz> and has not returned my command-prompt
<sarnold> try something like HEAD /<enter> and see if you get a nice error reply from your server
<sarnold> I can't recall enough http by hand..
<beatzz> "HEAD /" at the command-prompt?
<sarnold> in netcat, to your webserver
<beatzz> ahhhh
<beatzz> that returned some info
<sarnold> good good, okay, ssh next :) what address / port is openssh listening on?
<beatzz> "400 bad request"
<beatzz> 22
<sarnold> and the address?
<beatzz> local address is 192.168.11.2
<sarnold> does netstat or ss output show openssh listening on that address? or on 0.0.0.0?
<beatzz> 0.0.0.0
<sarnold> okay, so something like echo hi | nc localhost 22    ought to spit out the openssh banner
<beatzz> "SSH-2.0-OpenSSH_7.5p1 Ubuntu-10    Protocol mismatch."
<sarnold> okay, cool, so the services do seem to be up and working, one reachable via ipv4, one via ipv6... now try from another host on the LAN and make sure that they can be contacted
<beatzz> aye
<beatzz> Connection timed out on both
<beatzz> I will try ipv6 address in web-browser
<beatzz> that didn't work either.
<sarnold> connection timed out sounds like a firewall configured to DROP packets; can the testing host contact other hosts on the LAN? on the network?
<beatzz> yes
<beatzz> I have a slackware VM that I can connect to, both http & ssh
<sarnold> networking to VMs is funny..
<beatzz> I'm booting it up now
<beatzz> configuring it's eth0, and I will test it's connection via LAN
<beatzz> just to be sure
<beatzz> okay, roger. I am connected to my slackware server at 192.168.11.7, on both ports 80, and 22 (http/ssh)
<beatzz> from my laptop here
<beatzz> hey I appreciate your help sarnold, I think maybe I need to make an ubuntu forums post, displaying all these results.
<sarnold> beatzz: alright; once you get there be sure to inclde the iptables -L output .. I don't know how to drive iptables real well, so that might not be the exact command..
<sarnold> just whatever dumps all the rules.
<beatzz> for sure, hey thanks a lot though
<sarnold> good luck, have fun :)
<beatzz> for real, thanks for helpin out :)
<beatzz> this is my first run with ubuntu *
<drab> tcpdump is good too
<drab> to see if packets are getting there at all
<drab> even if they get dumped
<drab> also you can always add a LOG rule to iptables as last
<drab> to figure out if that's what's happening
<drab> beatzz: ^^
<beatzz> aye, I shall
<beatzz> gana go register at the ubuntu forums
<drab> what for, try the above first :)
<beatzz> tcpdump returned 109 packets captured
<drab> on port 22?
<beatzz> 136 packets recieved by filter
<beatzz> 27 dropped by kerenel
<drab> tcpdump -i $interface port 22
<beatzz> kernel*
<drab> run 'tcpdump -i $interface port 22' then go to you client and try to ssh in
<drab> see if anything shows
<beatzz> roger, client is attempted to connect.... and nothing
<beatzz> connection timed out on client, tcpdump returns nothing.
<drab> ok
<drab> sudo ufw logging on
<drab> then try again to ssh in
<drab> grep "DST=22" /var/log/syslog after trying to connect/timeout
<drab> if taht shows any output paste on dpaste.com, not here
<beatzz> it outputs a shit ton
<beatzz> but the server is on another system, I don't think I can dpaste it
<beatzz> unless, does ubuntu server have a gui I'm not using?
<beatzz> [UFW BLOCK] looks disturbing...
<drab> grep "DST=22" /var/log/syslog | head | netcat termbin.com 9999
<drab> run that on the server and paste the resulting output link
<beatzz> oh shit, cool trick
<beatzz> http://termbin.com/nhmj
<sarnold> all those DST packets look like multicast
<drab> oh, I'm an idiot, lol
<drab> I meant DPT
<beatzz> no worries, one sec
<drab> grep "DPT=22" /var/log/syslog | head | netcat termbin.com 9999
<drab> in fact, just in case
<drab> grep "DPT=22 " /var/log/syslog | head | netcat termbin.com 9999
<drab> note the space
<beatzz> roger
<beatzz> it returned with no link?
<drab> ok, so there's nothing, run it without the head/netcat, just the grep
<drab> it should show no output, which means there's no ssh pkts (destinated to port 22) ebing dropped
<beatzz> aye, again, nothing
<drab> are you running ssh on a weird port?
<sarnold> no link when there's nothing? that's very handy of them :)
<beatzz> nope, port 22
<beatzz> i have not edited /etc/ssh/ssh_config
<drab> ok, so ufw is not dropping your ssh connections
<drab> and tcpdump is not showing any ssh traffic
<beatzz> aye
<beatzz> i will show you ufw status
<drab> so your problem is network, nothing to do with ssh or firewall
<drab> pkts are simply not getting there, maybe swallowed by the VM Host's network interface
<sarnold> beatzz: do all hosts involved agree on netmask and network addresses? :)
<beatzz> http://termbin.com/uz65
<beatzz> this ubuntu server is not a VM
<drab> yeah like I said I don't think your issue is UFW
<beatzz> aye, I agree
<beatzz> so network-ish problem
<drab> so again, what's your network layout?
<drab> what ip/netmask are the client and server on and what's in between them
<beatzz> I have routers port mapping wide open for both TCP/UDP to 192.168.11.2
<beatzz> I have assigned a static IP of 192.168.11.2 to this ubuntu server
<beatzz> via editing /etc/netplan/01-netcfg.yaml
<drab> on the server, ip addr ls && ip route ls| netcat...
<beatzz> http://termbin.com/el91
<drab> paste the link
<beatzz> ;)
<drab> no, not useful, that's just a config, I want to see reality
<drab> I mean, good to knwo you have that config, but that doesn't necesasrily imply it's being applied/etc
<drab> so do the above pls
<beatzz> ahh you want ifconfig?
<drab> I want the above, ip addr ls...
<beatzz> sorry, roger
<drab> nothing to be sorry about
<beatzz> http://termbin.com/pi6j
<drab> uhm, I guess && doesn't work, that's only iproute
<drab> can you just do ip addr ls | netcat ... pls
<beatzz> http://termbin.com/3sxw
<beatzz> and just for reference, here is the full 01-netcfg.yaml : http://termbin.com/7mo4
<drab> ok, where are you trying to ssh from?
<drab> where's the client?
<drab> and please confirm the server is an ubuntu server 16.04 on baremetal, no VM
<drab> and is that connected with a cable to the router and the router to the internet?
<beatzz> Ubuntu Server 17.10, not a VM (192.168.11.2)
<beatzz> and I'm on irc on my laptop (192.168.11.20)
<drab> ok, so both server and client are on the lan, correct?
<beatzz> Ubuntu server is connected via ethernet cable to router, and laptop wifi, siting with both screens in front ofm e
<beatzz> yessir
<drab> ok
<drab> please paste ip addr ls and ip route ls from the laptop
<beatzz> windows :(
<drab> ipconfig /all from cmd, copy paste to dpaste.com
<beatzz> roger
<beatzz> ipconfig /all --> http://dpaste.com/0RZQH89
<drab> how are you running ssh?
<beatzz> PuTTY on my windows client
<beatzz> I have a successful ssh connection to my slackware-linux VM at 192.168.11.7
<beatzz> via PuTTY
<drab> ok, from cmd, ping 192.168.11.2
<beatzz> "request timed out"
<drab> ok
<drab> ping 192.168.11.1 works?
<drab> (it has to, but wth..)
<beatzz> aye, working
<drab> from the slackware VM, ping 192.168.11.1 , works?
<drab> and then ping .2
<drab> then from 11.2 ping 11.1 and 11.20
<beatzz> SlackVM > 192.168.11.1 working
<beatzz> SlackVM > Ubuntu Server, not
<beatzz> Ubuntu > 192.168.11.1, working
<drab> do you have a smartphone?
<beatzz> Ubuntu > others, not
<beatzz> yes
<drab> ios/android?
<beatzz> ios
<drab> https://itunes.apple.com/us/app/termius/id549039908?mt=8
<drab> install that
<drab> it's free
<beatzz> installing
<beatzz> ready to use
<beatzz> new host... ?
<drab> ok, ssh to ur ubuntu server :)
<drab> yeah
<drab> add 192.168.11.2
<drab> and connect
<drab> also while you're at it, will come handy: https://itunes.apple.com/us/app/ping-network-utility/id576773404?mt=8
<beatzz> attempting to connect
<drab> I'm assuming phone is on wifi on the same router?
<beatzz> aye
<drab> ok, timed out I assume, if it was working it'd worked by now
<drab> get that ping app, just to confirm
<beatzz> did
<drab> and try to ping it
<beatzz> Request time-out
<drab> yeah, fair enough
<drab> do yuo have access to the web interface of the router?
<beatzz> so strange O_O
<beatzz> yes
<drab> login, look for tools or something, there should be a diagnostic tab that let you run ping
<drab> find it, ping 192.168.1.2
<beatzz> works
<drab> does it have telnet too by any chance?
<beatzz> negative
<drab> k, np
<drab> can you find a "connected clients" tab on it?
<drab> that shows mac addresses
<drab> it should show your ubuntu server
<drab> mac address
<beatzz> that, it does not have.
<drab> that's weird
<beatzz> I've been lookin for that for a few days now.
<beatzz> i know, but trust me, I've scoured the routers setup, it just dosnt have one
<drab> k
<drab> have you ever used 192.168.11.2 with something else?
<beatzz> yes
<drab> ok, can you change the ip please to something you've not used before, say 222 ?
<beatzz> it was the static address of my SlackVM, prior to setting up the ubuntu server
<beatzz> it is also outside the dhcp block
<beatzz> I will, my wifes demanding I take the trash out though :/
<beatzz> brb
<drab> happy wife happy life, one thing I try hard not to forget
<beatzz> okay
<beatzz> so, change the IP address of the ubuntu server
<drab> yep
<drab> then try the ping dance again pls, one host is enough + the router
<beatzz> okay
<beatzz> Ubuntu Server is now on 192.168.11.8, dynamically assigned via DHCP
<beatzz> Laptop(20) ping> Unbuntu, request timed out
<beatzz> SlackVM(7) ping> Ubuntu, request timed out
<beatzz> Router(1) ping> Ubuntu, working
<drab> from the phone also no joy?
<drab> I'm kinda wary about the laptop as Vbox can mess up networking
<beatzz> iphone ping> ubuntu, request time out
<beatzz> shouldn't, it's configured properly
 * drab scratches head
<beatzz> Ubuntu server ping> other machines, not working
<beatzz> Ubuntu server ping> router, working
<beatzz> im just gana turn off ufw and see what happens
<drab> does phone to laptop work?
<drab> if ufw was a problem blocking pings it'd block the router too
<drab> but sure, try that
<beatzz> hmmm... Phone ping> laptop, not working
<drab> bingo
<drab> ok
<drab> should have thought of that earlier
<drab> so it has nothing to do with the ubuntu server
<drab> host to host communication on ur network is screwed up
<drab> nodes can talk to the router they are directly connected to, but not to each host
<drab> laptop to VM obviously work because they r on the same physical host
<beatzz> but I can view my webserver from phone?
<drab> u can? on the slack VM?
<beatzz> yup
<beatzz> you might be able to as well
<drab> ah, holy cow
<drab> ok
<beatzz> http://beatzz.co
<drab> yeah it's up
<beatzz> right, and from within LAN, I can http://192.168.11.7
<drab> from the ubuntu box
<drab> telnet 192.168.11.7 80
<beatzz> how so? with lynx?
<drab> telnet :)
<beatzz> "Trying 192.168.11.7..."
<drab> you can basically work through any protocol using telnet if you speak it
<drab> used to send emails with it :P
<drab> argh
<sarnold> I prefer netcat since it's easy to get out of
<drab> true
<sarnold> and telnet treats some chars as magic
<drab> but the phone can see http://192.168.11.7 , correct?
<beatzz> yup
<beatzz> ubuntu box is not doing anything with telnet
<drab> but cannot ping it?
<drab> ok
<drab> phone -> slack, no ping?
<beatzz> roger
<beatzz> phone > slack, no ping
<drab> you're positive yuo did telnet 192.168.11.7 80 yes? including the 80 at the end
<beatzz> yessir
 * drab scratches head
<beatzz> if finally returned something too
<beatzz> "telnet: Unable to connect to remote host: Connection timed out"
<drab> right, np
<beatzz> so basically, host > host, no ping
<beatzz> only thing that returns a ping, is host > router
<beatzz> and router > host
<drab> if the phone couldn't get to the webserver I'd thought the router somehow was isolating the nodes
<drab> but since it can, that can't be true
<drab> are you running a firewall of sort on slack or blocking ipngs on win?
<drab> can the phone ping the laptop?
<sarnold> < beatzz> hmmm... Phone ping> laptop, not working
<beatzz> nope
<beatzz> no host > host ping
<sarnold> did you double-check the netmask and IPs on all the hosts?
<drab> sarnold: but phone > slack http works
<drab> that's what is so damn weird
<drab> but windows can block pings
<beatzz> and ssh
<drab> so the ping not working may be ok
<sarnold> .. and VM networking software sometimes only ever works for TCP and UDP and drops everything else on the floor
<drab> on the phone you put "http://192.168.11.7" in your browser?
<beatzz> yeah, or just the IP works as well.
<drab> sarnold: true, but telnet 192.168.11.7 80 doesn't work, which is tcp
<drab> what's ip route ls and ip addr ls on the slack VM?
<drab> and how is virtual box network configured? bridge mode?
<beatzz> ip route ls --> 127.0.0.0/8 dev lo scope link      192.168.11.0/24 dev eth0 proto kernel scope link src 192.168.11.7 metric 202
<beatzz> bridged, yes
<drab> sudo tcpdump -i lxdbr0 icmp on the ubuntu server
<drab> ping it from the phone
<drab> and from the router
<sarnold> lxdbr0?
<drab> eer, sorry
<drab> that was my test
<drab> -i whatever your interface
<sarnold> that's what that smelled like :) hehe
<beatzz> phones ping utility shows request time-out
<beatzz> tcpdump shows nothing
<beatzz> which means the ping request is getting blocked at the router
<beatzz> aye?
<beatzz> which makes sense, why we cant ping host > host
<drab> if you ping from the router do you see the pings?
<beatzz> yes, router > host works
<beatzz> on all hosts
<drab> but yes, it feels like somehow traffic is dying at the router... no idea why
<drab> ufw is stopped?
<drab> sudo iptables -L -v , shows no rules all ACCEPT?
<drab> on the ubuntu server
<sarnold> sometimes routers have buttons to prevent wifi segments frmo communicating with wired segments
<drab> oh, good call sarnold
<drab> beatzz: check that, will ya?
<drab> or otherwise, plug the ethernet cable straight into ur laptop if you have a port
<drab> and try that, I was gonna suggest that anyway because I'm out of guesses...
<beatzz> aye, me too
<beatzz> i think we've beat this horse to death
<drab> poor horse
<beatzz> gana give it a rest
<beatzz> thanks for the support drab & sarnold
<drab> wait, last test!
<drab> check the router :P
<drab> what model is it?
<beatzz> ummm...
<beatzz> buffalo WZR-300HP
<drab> https://superuser.com/questions/856499/buffalo-wzr-1750dhp-cant-reach-the-lan-side-using-wireless
<drab> According to the manual that router supports SSID and Wireless Client isolation
<drab> :........(
<drab> sarnold wins
<drab> maybe
<beatzz> so wait, okay
<beatzz> if thats the case
<beatzz> I should be able to access the http server from another network
<beatzz> http/ssh on the Ubuntu server
<drab> altho that's not quet what it says, it says wireless client isolation, not to lan
<beatzz> from outside my network
<drab> yes
<drab> if you put it back on 2 / the port forwarding on the router matches
<beatzz> port forwarding goes to 8
<beatzz> its currently open
<drab> doesn't seem to be quite it actually
<drab> If enabled, the Wireless client isolation blocks communication between wireless devices
<drab> connected to the AirStation. Wireless devices will be able to connect to the Internet
<drab> but not with each other. Devices that are connected to the AirStation with wired
<drab> connections will still be able to connect to wireless devices normally
<sarnold> what about connections from wireless to wired? o_O
<drab> didn't work
<beatzz> omfg
<drab> no ping from laptop to ub or phone to ub
<beatzz> it works
<beatzz> you should be connecting to it as well
<drab> ok, so sarnold wins somehow still
<beatzz> from http://beatzz.co
<sarnold> hahaha
<sarnold> beatzz: apache default page! \o/
<beatzz> refresh ur browser, and it will show the ubuntu
<beatzz> holy nuts
<drab> ever watched office space?
<sarnold> printer scene
<beatzz> yeah
<beatzz> to the buffalo router
<drab> it's almost xmas, get urself another router... le sigh
<beatzz> damn
<beatzz> i was just starting to smell smoke coming out of my ears a minute ago
<beatzz> like, wth, everything is correct
<drab> ok, this is a good time to quit, I'm out
<sarnold> gnight drab :)
<beatzz> thanks so much man
<drab> like I said the other day, trust in sarnold, ignore everybody else
<drab> ttyl
<beatzz> just another shout out to drab and sarnold ! Server's up and running, nice and safe behind firewalls and stuff. http://www.beatzz.co
<oerheks> now get your free ssl certificate :-)
<cpaelzer> cpaelzer: xnox: yes we enable nested by default on e.g. intel as smb pointed out
<cpaelzer> cpaelzer: I wanted to drop that (an admin can still opt in at any time) but I see that this might be too much of a churn for all of the consumers of qemu
<cpaelzer> xnox: smb: on s390x yeah - I don't vote to make it nestes=1 by default (as it isn't atm), but users should be able to switch it on
<cpaelzer> smb: did I get you right that due to not being a module you can't set the value to 1 ?
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey chamar (IRC)
<lordievader> cpaelzer (IRC)*
<lordievader> How are you doing?
<cpaelzer> oh I got an asterisk :-)
<cpaelzer> doing good
<cpaelzer> skipped the disturbing mails for now :-)
<lordievader> Hahaha
<lordievader> Nice
<stoned> Hello
<stoned> Do you know of any bash scripts someone might have written to quicky deploy services, setup services, etc, on newly created ubuntu server instances or installs?
<lordievader> I use puppet for such things.
<rbasak> cloud-init?
<rbasak> Or yeah: puppet, ansible, chef, etc.
<stoned> Here's how I have things setup
<stoned> I have git repository in /etc/ where I backup my config files
<stoned> All my static sites live in git repositories
<stoned> my nginx vhosts live in git repositories
<stoned> Say I spin a new ubuntu 16 lts server on rackspace
<stoned> I want to clone the server I already have
<stoned> I dunno how
<stoned> :)
<rbasak> Cloning is a poor approach because you end up with an unreproducible machine carrying problems forward over time. Instead, look into codifying your deployments: having the minimal code that can be applied to a fresh server to make it how you want it. Then edit your code rather than the server.
<rbasak> Deploying multiple servers from that state is trivial.
<rbasak> And you can also write automated tests for your deployments.
<stoned> Well, I'm thinking, I could write a bash script intead of depending on config management things.
<rbasak> For basic deployments, supplying cloud-config via cloud-init is the easiest way to do this.
<stoned> a script that basically installs the packages I need, as well as cloning the git repositories I need, and then copying the configs over
<stoned> that sound like a sound approach?
<rbasak> For more complex ones, choose from chef, puppet, ansible, etc.
<rbasak> Sounds like you want ansible.
<stoned> Ok
<rbasak> You could write a bash script by hand, but you'll be reinventing much of what the existing tooling solves.
<rbasak> Though if you just want a learning experience, then sure.
<stoned> I
<stoned> I'll invest time into ansible.
<stoned> Write a playbook I can rely on.
<smb> cpaelzer, xnox, actually when following the git history further it seems that vsie was only added with 4.8 (could have sworn nested was there before but obviously I am wrong). So Xenial showing /dev/kvm seems to be the real bug. As for changing the nested: there are some kernel parameters which can be changed at any time but nested is not changable, so one has to put it on commandline kvm.nested=1. However that
<smb> does not help on its own if the host is not running a kernel that allows this too. So xenial host bad luck z/a/b maybe
<cpaelzer> smb: yeah
<cpaelzer> smb: and there is more
<cpaelzer> not only does the host need kvm.nested=1
<cpaelzer> it only works with -cpu host (libvirt host-passthrough) or host-model (remember to refresh libvirt capabilities after enabling vsie via the module)
<cpaelzer> it is really meant to be off and an explicit opt-in
<cpaelzer> so I agree, xenial having it on by default is the actual bug
<smb> Yeah, and given that this was never really working, I would no longer worry about more recent releases. MAybe need to "fix" xenial to avoid confusion
<cpaelzer> well the default (no cpu specified) works as well for me but "officially" the sie feature might be missing
<cpaelzer> or taken away for migratability or ...
<cpaelzer> smb: ack
<cpaelzer> smb: btw could I have a bug number on this
<cpaelzer> it didn't subscribe qemu yet
<cpaelzer> so I only work on gossip atm :-)
<smb> cpaelzer, maybe (not sure there was one opened already)
 * smb moves channels
<jamespage> coreycb: that setuptools issue in gnocchi was python_distutils debhelper not being very clever
<jamespage> coreycb: pybuild appears to deal with py3 only better, so switching buildsystem
<jamespage> coreycb: something in the BD's pulls in python2, which gets detected by debhelpers distutils integration...
<jamespage> and then things explode
<xnox> cpaelzer, smb - somehow i feel odd that in later releases i cannot override this with a module reload. Would it still make sense to make kvm a module; and adjust qemu-system-init to load kvm module, such that one can adjust modprobe settings without rebooting?
<cpaelzer> xnox: I'd try to suggest so in #zkvm - I'd tihnk that is less am ubunut than  general upstream change
<jamespage> coreycb: some progress on deps (avoiding os-testr 1.0.0 for now)
<jamespage> coreycb: did heat, keystone in progress but needs pysaml2 version bump (dealing with that ATM)
<jamespage> coreycb: also have patch for dh-python to auto-detect and execute ostestr, testrepository or stestr based unit tests...
<jamespage> coreycb: http://paste.ubuntu.com/25967169/
<ztane> hi, trying to understand the relation of rsyslog vs journald on 16.04 server default install
<ztane> what would go into rsyslog and what would go into journald and which order?
<ztane> ie do some syslog facilities, or all, get written to journal, or journal written to syslog or...
<BlackDex> win 29
<ztane> no such window
<coreycb> jamespage: very nice, taking a closer look at dh-python now
<ztane> my goal is to get all of the logs to the papertrail, but if I pipe all of journal from journalctl I find out that most will be duplicates with also those from rsyslog and now trying to find out whether or not I can get everything of importance from just journald
<ztane> ok... it seems that not everything gets into journald
<ztane> also not everything gets into syslog, hmhmh
<smb> cpaelzer, according to this older bug report xnox claims the kvm module (when it was still a module) could not be loaded (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1532886) hence it became built-in
<ubottu> Launchpad bug 1532886 in linux (Ubuntu Xenial) "s390x kernels are inconsistent for cloud stuff" [Medium,Fix released]
<xnox> smb, cpaelzer - that was true on xenial; on xenial all cloud/kvm instances have /dev/kvm.... despite that being "nested"
<xnox> smb, and by "all" i think it was comparison with amd64 and ppc64el.
<smb> which maybe was the reason for module loading failing (as 4.4 had no nested support on s390x at all) as we believe now.
<smb> there is time to try again module for bionic but then with more than just an irc discussion as background
<xnox> smb, well, there is some nesting support, i thoght. since launching kvm in z/vm on lpar works, launching kvm in a kvm on an lpar should work too.
<smb> xnox, I'd say launching it in zVM is different because there vVM handles the one stage of nesting which for the kvm case the Linux kernel would have to do
<xnox> smb, right.
<xnox> smb, kvm in z/vm is slow
<smb> as would be kvm in kvm if it were working (what was said yesterday iirc)
<cpaelzer> I discussed and speed wise 4 levels are the last sane thing
<cpaelzer> so 2x HW + 2* shadow virt
<cpaelzer> but that is already borderline
<coreycb> jamespage: i've been dropping the drop-openstackdoctheme.patch's and bumping sphinx to >= 1.6.2 as I go
<jamespage> coreycb: ack - I've mostly dropped that patch, but some earlier uploads have not
<coreycb> jamespage: great
<coreycb> jamespage: that was kind of a pain last cycle
<jamespage> coreycb: I can imagine
<jamespage> coreycb: I'm really liking pybuild btw - digging on the code has been revelaing
<jamespage> coreycb: basically it attempts to auto-configure testing based on what deps are in the BD's
<coreycb> jamespage: cool. yeah so basically we can drop our dh_auto_test sections if the simply call ostestr, etc?
<jamespage> so all you have todo is add python-nose/stestr etc...
<jamespage> coreycb: thats the idea
<coreycb> jamespage: that's really nice
<cpaelzer> nacc: wondering about http://paste.ubuntu.com/25968338/
<cpaelzer> nacc: why would it try to spawn a debian lxd for build-source
<nacc> cpaelzer: head debian/changelog please ?
<cpaelzer> this is identical to your merge last week except the d/rules change
<cpaelzer> nacc: nut (2.7.4-5.1ubuntu2) bionic; urgency=medium
<nacc> cpaelzer: annd edge snap?
<cpaelzer> I didn't even write binonic this time
<cpaelzer> r291 = stable
<cpaelzer> I always cycle edge/edge-fixes as needed
<nacc> cpaelzer: and it happens with edge too?
 * cpaelzer downloading snap
<nacc> cpaelzer: for right now, tnohting but the importer should use the stable snap
<cpaelzer> nacc: it now took ubuntu-daily:bionic, seems bette ron 333 from edge
<cpaelzer> many (many++) warnings from likely apt being parsed about non stable CLI
<cpaelzer> but that is something else
<cpaelzer> the petname of this is matching the test
<nacc> cpaelzer: ok
<cpaelzer> you better fly :-)
<cpaelzer>  /usr/bin/lxc launch -e ubuntu-daily:bionic better-fly
<jamespage> coreycb: neutron is being awkward - some sort of multiprocessing issue during test discovery
<coreycb> jamespage: hmm
<jamespage> coreycb: trying with a minor patch level on evetlnet
<jamespage> coreycb: https://launchpad.net/~james-page/+archive/ubuntu/bionic/+build/13733732
<coreycb> ok
<coreycb> jamespage: glance unit tests get a bunch of mismatched http status asserts. i'm thinking one of the http deps needs to be bumped, so trying that route now.
<jamespage> coreycb: ack
<jamespage> coreycb: I think kje
<jamespage> coreycb: I think keystone will be OK now
<jamespage> I'll upload that later
<coreycb> jamespage: ok
<jamespage> however might be stuck on neutron for now
<jamespage> coreycb: I think we should probably push what we have into archive tomorrow AM
<coreycb> jamespage: ok
<jamespage> thus avoiding any conflicts with anyone elses work
<jamespage> coreycb: see how far you get with things; I'll publish tomorrow am
<coreycb> jamespage: sounds good
<sarnold> drab: thanks for helping out beatzz yesterday :)
<drab> sarnold: hey man, you're the one that figured it out, I just stabbed at the dark for like an hr... :)
<sarnold> drab: hehe, I only got lucky after you did all the grunt work :)
<drab> some call that genius :P
<sarnold> not the first time I stuck my nameo n papers where I did much less of the work..
<R_P_S> Hi, was told to try this channel as well for juju support
<R_P_S> I created a juju controller from machine that is about to be decommissioned.  I'd like to register the controller as admin/superuser from another machine but I have no idea how to find the registration string
<grendal_pure> im loosing my mind here.  all of the sudden my kvm virtualhost will not bring up the second bridge
<grendal_pure> looks like some sort of kernel bug.
<grendal_pure> set forward delay failed: Numerical result out of range
<grendal_pure> i cant even add a virtual nic to the one working nic on this machine.  its werid.
<powersj> cyphermox: did we ever come to a conclusion on the preseed of bionic?
<powersj> I wasn't clear if it was something missing on my end or something else.
<grendal_pure> has anyone else run into this issue?
<grendal_pure> set forward delay failed: Numerical result out of range
<grendal_pure> I have two nics in this sever, one comes up and bridges eth1 -> br1  but eth0 ->br0 fails and when i manually kick it , it throws that error.
<grendal_pure> looks like i am able to connect a virtual network to the one device.  Im having to change the interface on a lot of machines though
<grendal_pure> setting up nat on that virtual device with same ip as the physical hardware that was bridged...what a mess
<cyphermox> powersj: I don't know what's wrong, it works here?
<cyphermox> maybe if you share more of the logs
<powersj> cyphermox: works with a bionic iso? because I could reproduce
<cyphermox> oh, that's right
<cyphermox> but yeah, it did here
<cyphermox> ppc64el
<cyphermox> no reason for architecture to matter to this
<powersj> correct
<powersj> http://cdimage.ubuntu.com/ubuntu-server/daily/pending/
<cyphermox> could it be because you preseed xkb-keymap?
<powersj> I could pull that out and re-kick them off
<powersj> is that not a valid option?
<cyphermox> I don't really think it would make a difference since I did my test with it too
<cyphermox> but technically we don't really support that
<cyphermox> anything might be different between the /proc/cmdline on bionic and artful?
<necrophcodr> It is possible to have an application that binds to a port, forcibly bind to a unix socket instead?
<necrophcodr> And if not, is it somehow possible to force it to only bind to that port in a specific namespace, and to communicate with that specific namespace on that port?
<cyphermox> powersj: I should already have been prompted for it (I just started a preseeded install again)
<powersj> cyphermox: can I see what pressed you are using?
<cyphermox> sure
<cyphermox> http://people.canonical.com/~mtrudel/preseed/utah-bionic.cfg
<cyphermox> I changed it to comment out xkb-keymap just before starting this install, but with it yesterday it was working well too
<cyphermox> I am getting prompted here and there for things (hostname, which drive to format, etc), but I didn't set priority=critical to give it more chance to prompt.
<powersj> cyphermox: interesting, that pressed locally works for me, which is further than I got before :)
<powersj> only change was commenting out the xkb-keymap?
<cyphermox> well, yeah, and commenting out unrelated things I just didn't want to add that are for utah
<cyphermox> xkb-keymap makes no difference here -- there's clearly a bug in what I'm trying to do, since I'm not getting the us:intl keymap I expect
<cyphermox> but that's different from prompting.
<cyphermox> it could just be that it's not called "intl"
<cyphermox> nah, it really is "intl"
<cyphermox> something looks not right, but it's not the same thing as prompting for something it already has in preseed, so I don't know what to tell you
<powersj> ok let me go play with the tests again then, as it does look like something changed
<cyphermox> ah?
<cyphermox> I'd really be on the lookout for auto=true and priority=critical not being in the command-line, if that's the case then the preseed would not be applied yet, which would explain getting prompted for keyboard
<powersj> cyphermox: I only see debconf/priority=critical
<powersj> auto=true required?
<cyphermox> powersj: not really
<cyphermox> powersj: can you remind me the url to utah? I believe I still have access
<powersj> cyphermox: the project itself or where we run the tests?
<cyphermox> just the url of the jenkins, I can't seem to find it anymore
<powersj> https://platform-qa-jenkins.ubuntu.com/view/server/
<cyphermox> ah, thanks!
<powersj> The daily xenial test shows keyboard-configuration/layout as "30 question skipped", yet bionic is reporting "0 question will be asked"
<powersj> They use the same preseed
<cyphermox> yeah, but xenial vs. bionic is not a very useful comparison
<cyphermox> would be better to compare very late cycle artful
<srgjames> I could use someone who is smart. So i just reset up an apache web server on Ubuntu and could use the ip address in a url to access the default page. I then went back and created the files in sites-available Im pretty sure correctly but now cant get to the site from url or ipaddress and no errors when i restart apache2.. Anyway I can check if i set up the wrong settings on DigitalOcean or Google Domains ?
<powersj> cyphermox: same with artful, last test was 27 days ago https://platform-qa-jenkins.ubuntu.com/view/smoke-default/job/ubuntu-artful-server-amd64-smoke-default/173/artifact/log/utah-56128-artful-server-amd64/installer/
<cyphermox> powersj: yeah
<cyphermox> the preseed isn't quite the same though
<powersj> other than adding the xkb-keymap they should be the same
<powersj> which I added because I thought it needed it :\
<cyphermox> nah
<cyphermox> it might actually be breaking things, as it resets some values
<powersj> ok let me revert that then
<powersj> but it was broken before I added it :\
<cyphermox> I don't understand though, because I tried with both options
<powersj> cyphermox: Here is what is appending to the cmdline: -append netcfg/get_hostname=utah-6554-bionic-server-ppc64el log_host=192.168.122.1 log_port=0 DEBCONF_DEBUG=developer debconf/priority=critical
<cyphermox> yeah, but that's not anything special, nothing wrong
<powersj> cyphermox: I got an install syslog from a bionic install by pressing enter
<powersj> Comparing it to artful and before it asks me for the keyboard layout I see "Nov 15 21:37:51 debconf: --> GET debconf/priority Nov 15 21:37:51 debconf: <-- 0 high"
<powersj> whereas in artful it says critical
<nacc> rbasak: my branch cuts ipsec-tools full reimport time from 68 to about 40 minutes. Still working on checking the correctness
<powersj> cyphermox: artful: http://paste.ubuntu.com/25970598/ bionic: http://paste.ubuntu.com/25970599/
<cyphermox> powersj: ack, I'll dig in to that
<powersj> thx
<nacc> rbasak: i'm thinking we should add a 'git repository comarison' function to the integration tests and have that help us assert hash abi breaks. We have the as-imported repository now, and we can see if the hashes change on a reimport at a given commit.
<nacc> powersj: is it possible to make a given pipeline stage a warning, but not a failure, or provide a flag to say "we know this breaks ABI, pass CI ayways"?
<powersj> nacc: I am not sure
<nacc> powersj: ok, np -- it's ok for it to be a failure anyways, in theory, we want that to trigger a manaul examinationn
<nacc> powersj: as developers, we knonw (currently) when to expect a chagne to break hashes and when not
<powersj> nacc: looks like https://issues.jenkins-ci.org/browse/JENKINS-45579 is what we want
<nacc> powersj: ok, thanks
<nacc> rbasak: heh, i'm finally looking at your branch (not final review) a lot of what my branch does as well is prefix -> ref_namespace (aka ref_prefix).
#ubuntu-server 2017-11-16
<teward> well... that's gonna be a problem...
<teward> *apparently* the software that nginx uses for the Lua module in universe isn't found in LD at all
<teward> so FTBFS majorly.
<teward> that's... concerning.
<teward> at least, for Bionic.
<rbasak> nacc: now that git has its own namespaces, I'd like to avoid using the term "namespace" if possible. I'm not sure a full rename/refactor across the code is warranted, but I figured that "ref_prefix" made sense in my case.
<rbasak> It's unambiguous as to what it means
<rbasak> (I felt namespace wasn't clear as to whether '/' separator was included or intended to be added)
<teward> rbasak: FYI, the above.
<teward> also see #u-release
<albech> been very happy in the past with Nagios/Icinga, but wondering if there are other players on the monitoring area worth looking into. We are planning to rebuild our monitoring setup over the next few months so now is the time to do a little research.
<lordievader> Good morning
<hateball> albech: well there's Zabbix (I dont like it)
<hateball> and there's zenoss, opennms, pandorafms
<hateball> personally I quite like pandorafms, what I've tried it
<hateball> we use icinga2 here tho
 * lordievader likes zabbix
<lordievader> hateball (IRC): How does pandorafms compare to zabbix?
<hateball> lordievader: I just like the interface better
<Slashman> hello, is there a way to deactivate the keeping of crash dump in the directory /var/crash? I had the nasty surprise of a full /var volume because of that :/
<albech> thanks hateball and lordievader. I think ill try Icinca2. Not sure about opennms. Dont really like the whole java idea.
<hateball> albech: suppose it depends what you need for your monitoring solution also
<hateball> I havent personally setup Director, but I think that makes icinga2 more user friendly
<hateball> pandorafms is configured through gui by default, and it has nice graphs and what not for managment types :p
<hateball> stuff you need to manually setup with graphite or whatever, for icinga
<albech> pretty much everything in a modern datacenter with a strong focus on linux. so network, storage, iron, security, gues os's etc.
<pankaj_> Hello, guys. Where can I get gtk3 manpages. I have tried to do 'apt-cache' for its doc but it is still not there.
<pankaj_> Hello, guys. Where can I get gtk3 manpages. I have tried to do 'apt-cache' for its doc but it is still not there.
<lordievader> pankaj_: I don't think this is the right channel for gtk related things.
<hateball> I'm not sure there are any man-pages for GTK either
<lordievader> pankaj_: What are you actually looking for? Gtk documentation or something?
<nacc> rbasak: +1
<coreycb> jamespage: seems i'm hitting this withhttps://bugs.launchpad.net/glance/+bug/1728368 glance -
<ubottu> Launchpad bug 1728368 in oslo.serialization "oslo.serialization 2.21.2 breaks glance" [Undecided,New]
<coreycb> jamespage: with glance unit tests
<jamespage> coreycb: \o/
<jamespage> coreycb: I figured out my neutron problem
<coreycb> jamespage: oh?
<jamespage> coreycb: yeah a new version of flake8 was causing the discovery process to fail, which stalled the test execution upfront
<coreycb> jamespage: ah geez
<jamespage> coreycb: tbh the state of flake8 usage upstream vs what we have in distro is poor
<jamespage> we have 3.x, upstream still uses 2.x
<coreycb> jamespage: interesting, i wonder why that is
<mecotri> I have two public IPv6 addresses on one interface and need to change which one is the default for outgoing traffic. How can I do that? I've tried all sorts of ip route commands with no success.
<nacc> rbasak: where did you get :param: from? are we switchig to sphinx docstring?
<rbasak> nacc: I've been trying to be consistent all along but never knew the actual syntax. Yesterday I looked it up :-)
<nacc> rbasak: that's the sphinx specific syntax
<nacc> rbasak: is that what we want to use?
<rbasak> nacc: if we were to settle on something concrete, any other candidates apart from sphinx?
<nacc> rbasak: no, just want to know what you want to use and ask that you put it in the style guide if you're changing it :)
<nacc> rbasak: do you want me to keep your commits separate for the devel branch stuff? or can i squash?
<axisys> how do I upgrade dig on trusty to allow caa type query? I get Warning, ignoring invalid type caa when doing dig -t caa example.com
<sdeziel> axisys: I don't think you can get a fresher version on Trusty. You can still lookup the CAA records with "dig -t type257" though
<axisys> sdeziel: right.. but seems like they are pushing new code and want to rely on dig query for caa.. it works on some systems but those are running centos 7.. we have quite a few ubuntu servers around that are still trusty .. works fine on xenial
<axisys> may be there is a ppa .. I have not found one
<TJ-> axisys: how about a shell wrapper and a diversion? e.g. http://pastebin.ubuntu.com/25975772/
<powersj> cyphermox: I have it narrowed down to the cmdline... tests are using debconf/priority=critical and that doesn't seem to work with bionic. Works with artful. Changing it to priority=critical makes it work.
<axisys> TJ-: genious!
<axisys> so whats the diff between that divert and symlink ?
<TJ-> axisys: the dpkg-divert ensure any package updates update /usr/bin/dig.real not your /usr/bin/dig script
<sdeziel> putting the dig wrapper in /usr/local/bin might be a viable option as well
<cyphermox> powersj: that's very bad
<cyphermox> priority is supposed to be an alias to debconf/priority, not the other way around
<TJ-> sdeziel: yes. I was trying to protect against anything using the exact path. been caught by that in the past
<TJ-> sdeziel: also makes it clear there's something been changed on the system
<sdeziel> TJ-: true
<powersj> cyphermox: where should I file a bug?
<powersj> or to be more clear, what should I file a bug against
<cyphermox> powersj: I'd say debconf for now, I'll look more into it
<cyphermox> powersj: actually, let's do a hangout and have a look at something?
<powersj> ok
<cyphermox> if you have the time
<powersj> I do
<powersj> cyphermox: LP: #1732776 with an example not using a preseed
<ubottu> Launchpad bug 1732776 in debconf (Ubuntu) "debconf/priority not respected" [Undecided,New] https://launchpad.net/bugs/1732776
<axisys> TJ-: gotcha
<rbasak> nacc: feel free to squash
<nacc> rbasak: i ended up just pushing up
<nacc> i reviewed the squashed version :)
<nacc> and then kept your changes
<rbasak> axisys, sdeziel: FWIW, an update to dig on Trusty may be acceptable under current SRU policy (change to the Internet environment).
<rbasak> It'd need someone to drive it, and for the change to be minimal etc though. Which may not be practical.
<rbasak> nacc: np
<sdeziel> rbasak: yeah, backporting just the CAA RR support I guess
<Epx998> https://www.top500.org/system/179068
<Epx998> probably running precise /smirk
#ubuntu-server 2017-11-17
<nacc> rbasak: with the importer-rework branch as of right nonw, the ipsec-tools reimport is down to 35 minutes pretty consistently
<lordievader> Good morning
<cpaelzer> rbasak: could it be that if something is only pushed in -security the importer misses it?
<cpaelzer> rbasak: take a look at iscsitarget in trusty
<cpaelzer> nacc: ^^
<rbasak> cpaelzer: could be. But we're in the middle of quite a bit change in logic around how the importer picks up on changes, and the importer is still running the old code currently. So let's see if the problem remains after we've landed our changes :)
<rbasak> We don't currently have tests for this area of code (not yet faking Launchpad publications for testing)
<cpaelzer> rbasak: is there abug on the rewrite that I could register a "please test this after the rewrite" on?
<cpaelzer> rbasak: I know we have a set of known to import with issues - I assume you'll look at those
<cpaelzer> just would want to add that there
<cpaelzer> so that we remember
<rbasak> cpaelzer: we don't have a bug for the rewrite. It's part of our "LP beta" milestone. We could create a bug, but would it be better to have a bug for this distinct issue?
<cpaelzer> I'm fine to open one
<cpaelzer> it is mostly a reminder to check
<rbasak> It's a good idea
<ali1234> right, who can tell me exactly why unattended-upgrades is not doing anything on my 16.04 server?
<ali1234> it runs twice every day but never installs anything
<ali1234> if i run it manually with --dry-run it outputs a list of packages to upgrade, in all other cases it outputs nothing
<ali1234> that is, when run automatically
<ali1234> actually, last thing it outputs is "allowed origins:..."
<jamespage> coreycb: btw I'm tending the addtional backports needed for Queens UCA...
<coreycb> jamespage: ok
<nacc> rbasak: it depends on timing
<nacc> cpaelzer: --^
<nacc> cpaelzer: rbasak: so ... i'm not 100% on this, but this is my theory: iscsitarget was published on 7/17. It's possible we missed that evet. We don't catch it up again, because it's no longer published. The linear script walker would catch this, but the version we ran didn't look in older releases (the new one does for all active series).
<nacc> so i thinnk it's fix released a la the new scripts
<nacc> cpaelzer: were you asking re: LP: #1732918 ?
<ubottu> Launchpad bug 1732918 in iscsitarget (Ubuntu) "iscsitarget-dkms 1.4.20.3+svn502-2ubuntu4.4 doesn't build for Xenial hwe (4.10) kernel" [Undecided,New] https://launchpad.net/bugs/1732918
<faekjarz> Hi! I'm anoyed, is it normal to take over 3 minutes to draw all the lines, at about 0.3 - 0.5 lines per second, of a "dmesg" on an ASPEED AST2400? Can i accellerate this? â¦modprobe â¦somethingsomething
<faekjarz> â¦i'm not even doing IPMI (iKVM) over a slow connection â¦i'm directly connected to the box (VGA & USB) â¦this is my 1st time using a mobo with an Aspeed AST2400 BMC / GPU â¦is this normal?
<nacc> faekjarz: not sure why that'd be an ubuntu issue?
<nacc> faekjarz: do you know the BMC can dispaly faster? BMCs are not often about speed (ime)
<faekjarz> nacc: because i'm not sure what distros include what drivers, and because i'm using Ubuntu â¦tadaah, here i am, asking whether i might have missed modprobing something
<nacc> faekjarz: i meant, do you know it's not a hardware limitation?
<faekjarz> i'm not sure, it's my 1st time using an A-"SPEED" thing (it's an Asus P10S-M) â¦seems like a misnomer, haha â¦i'm just double-checking
<faekjarz> maybe i sould specialise in Aspeed based boards and enjoy all the free waiting time while getting paid for tech support
<BlessJah> is AWS image naming convention ducumented anywhere?
<nacc> Odd_Bloke: rcj: --^ maybe you know?
<BlessJah> related: https://bugs.launchpad.net/cloud-images/+bug/1458825
<ubottu> Launchpad bug 1458825 in cloud-images "Please explain "root store" terms (hvm-io1, hvm, ...)" [Undecided,New]
<nacc> BlessJah: is that bug actually accurate. I do't see the term "root store" on that URL.
<BlessJah> nacc: there is "Instance type" field in image locator, it takes values listed in the bug
<BlessJah> And the AMI name has cryptic "ebs-ssd": ubuntu/images/ebs-ssd/ubuntu-xenial-16.04-amd64-server-20171026.1
<BlessJah> It's more or less obvious what it means, but there is lot of other images that do not follow the convention.
<nacc> BlessJah: i'd say the bug needs to mention that, imo. Right now it says the "cloud images" download pages ... and then gives a URL that is not about AMIs.
<nacc> BlessJah: if the issue is with the AMIs, that should be specified in the bug, right now it reads like the cloud-images page is wrong.
<BlessJah> I'll talk to Faux to get that clarified.
<nacc> BlessJah: not super urgent, i suppose :)
<BlessJah> And what about thr documentation regarding image name conventions?
<nacc> BlessJah: i mean your request might be orthogonal to that bug report
<nacc> BlessJah: i pinged who i thought might help, i'd just wait
<nacc> BlessJah: i'm not personally involved
<nacc> rbasak: fyi, running the gnome-shell import locally from beta/edge snap, it does what it should (braches are being updated) so i assume cpaelzer did a skip-applied import
<BlessJah> nice try, you're already knee-deep in this
<nacc> BlessJah: :)
<BlessJah> ;>
<nacc> smoser: --^ do you possibly know?
<nacc> smoser: how the AMIs get named and why they are named as they are
<smoser> BlessJah: well, if you want to convert the values we have on cloud-images.ubuntu.com to whatever amazon's official values are just use DescribeImages on the image
<BlessJah> I want to know how what different names (image/milestone/image-dev) mean and what filter to write to get image I want
<smoser> BlessJah: well, milestone ?
<smoser> i think you mean label
<smoser> what is image-dev ?
<BlessJah> prefixes for trusty: ubuntu/images/ubuntu-trusty-..., ubuntu/images/ebs/ubuntu-trusty-..., ubuntu/images/ebs-ssd/ubuntu-trusty-..., same for ebs-io1, ubuntu/images-testing/ubuntu-trusty-...,
<BlessJah> but yes, there is no -dev
<smoser> ah
<smoser> ignore taht
<nacc> lol
<nacc> smoser: did you see the bug referred to above?
<smoser> yeah.
<nacc> smoser: ok, just wanted to check
<BlessJah> ubuntu/images/ubuntu-xenial- ubuntu/images/hvm-ssd/ubuntu-xenial- ubuntu/images/hvm-instance/ubuntu-xenial- ubuntu/images/ebs-ssd/ubuntu-xenial- ubuntu/images-testing/ubuntu-xenial- ubuntu/images-testing-dev/ebs-ssd/ubuntu-xenial-
<BlessJah> xenial, that's where I've seen dev
<BlessJah> some documentation somewhere explaining why images have names that they have and a promise that convention won't suddenly change, would be nice to have that
<smoser> http://paste.ubuntu.com/25983212/
<smoser> dont use names.
<smoser> use the stream data.
<smoser> sstream-query  --keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg  --max=1  "--output-format=%(release)s  %(label)s  %(root_store)s  %(virt)s  %(id)s"  http://cloud-images.ubuntu.com/daily/streams/v1/com.ubuntu.cloud:daily:aws.sjson  region=us-east-1  release~(trusty|xenial|zesty|bionic)
<smoser> or i guess easier if you use https
<BlessJah> How do I glue that to terraform?
<smoser> i'm sorry i dont know.
<smoser> but that is how you "find the right ami".
<smoser> the only variables currently supported (xenial+) are
<BlessJah> What is that data stream thing?
<smoser> root_store=(instance|ssd) virt=(pv|hvm)
<smoser> it is "simplestreams" format. which is horribly documented.
<smoser> i'm the author, so its ok for both you and i to say that.
<nacc> https://help.ubuntu.com/lts/serverguide/cloud-images-and-uvtool.html ahs some mention
<smoser> but that is how we publish data bout clouds
<nacc> and there is a launchpad project
<smoser> and that is how juju finds image ids
<BlessJah> what was wrong with tags and naming conventions?
<smoser> a.) naming conventions and you parsing strings sucks (and as you can see over 10 years that kind of fell apart).
<smoser> b.) we publish data on all public clouds on ubuntu.com
<BlessJah> I get that it's very convenient for juju devs, but it breaks other tools like terraform
<smoser> we definitely could tag on amazon, an there might have developed conventions there over time
<smoser> so there is some convetion on tags ?
<smoser> and that only works on amazon
<smoser> not on azure
<smoser> or gce or bobs-cloud
<nacc> oooh bobs-cloud
<nacc> like bobs-burgers
<nacc> i'd cloud there
<smoser> there are definitely improvements (very much so for doc) that we could make and should  make.
<smoser> but we set out to provide information about getting ubuntu wherever you need it.
<smoser> the data is available over https or http with gpg signatures inline.
<nacc> the poitn being it's not contingent on the cloud provider to be consistent with ubuntu
<nacc> ubuntu is consistent with itself :)
<smoser> BlessJah: is there some convention for tagging images now ?
<smoser> that terraform can read ?
<BlessJah> smoser: terraform uses same API as other tools
<BlessJah> BTW, it's hilarious how AWS is inconsistent with itself, like when API filter for name accepts globs anchored at both beggining and end, while search in browser uses regexes instead
<smoser> You can parse our names on amazon, but really, doesn't it make more sense to *not* ?
<smoser> and have sane well formed data ?
<BlessJah> It's not about parsing to extract information, but knowing what string will give me latest, production grade image.
<smoser> BlessJah: well how is that done for other images?
<smoser> i updated that bug
<smoser>  ami-0309a879
<smoser> oops
<smoser> paste fail
<smoser> https://bugs.launchpad.net/cloud-images/+bug/1458825
<ubottu> Launchpad bug 1458825 in cloud-images "Please explain "root store" terms (hvm-io1, hvm, ...)" [Undecided,New]
<smoser> BlessJah: we *did* originally start out with a well formed naming convention on EC2.
<smoser> but bucket limitations , ebs, many different things ultimately made changes necessary and inconsistent. but we have tried to provide that data in a consistent format over http on cloud-images.ubuntu.com
<sveinse> I'm running 16.04 on a server, and I'm constantly bothered with that smbd requires a manual restart for samba to work
<sveinse> systemctl status smbd reports active (exited) with status=0, and the logs simply sais "* Starting SMB/CIFS daemon smbd", "...done" and then its out.
<sveinse> Restarting smbd fixes everything
<sveinse> Familiar to anyone?
<sarnold> does journalctl or /var/log/*samba* something have more details?
<sveinse> sarnold: ah, yes it does. "no network interfaces found", then "No sockets available to bind to." and a subsequent stacktrace and coredump
<sarnold> sveinse: eww :)
<sveinse> that kinda explains it thou
<sarnold> sveinse: but at least you've got something to work with.
<sarnold> jeeze, what an impenetrable page.. https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
<sarnold> sveinse: I think, try the systemctl to change the samba service, "to include After=network-online.target and Wants=network-online.target."
<sveinse> My turn to eww: samba is still started through /etc/init.d, so it does not help to change the systemd start prereqs :(
<sveinse> Anyone knows if the upcoming 18.04 LTS will have changes this?
<sveinse> I'm willing to live with this until the next LTS arrives
<sveinse> sarnold: thanks
<sarnold> sveinse: well, at least -a- debian samba package has some smb.service, nmbd.service, etc files, http://sources.debian.net/src/samba/2:4.6.7%2Bdfsg-1/debian/rules/#L176
<nacc> sveinse: i'm 99% sure the init.d script source lsb-functions, which then switches to systemd
<sarnold> sveinse: .. and if kind of looks like that version should be in the next LTS
<sveinse> Yeah, I'm looking at the package manifest for my samba. I'm having 2:4.3.11+dfsg-0ububut0.16.04.11, and it does not have any native systemd units it seems
<nacc> samba: /lib/systemd/system/samba.service
<nacc> sveinse: --^
<sveinse> nacc: yup, that is in the newer packages, right?
<nacc> that's in xenial.
<sveinse> wierd. what version is that?
<nacc> sveinse: i don't know what 'manifest' you were referring to?
<sveinse> nacc: heh, mine. That is list of the files installed the package, dpkg -L samba
<nacc> sveinse: i'm going off the apt-file output
 * nacc spins up a container
<nacc> can't trust anyone
<nacc> sveinse: samba.service is admittedly not the same as smbd.service
<sveinse> nacc: my /lib/systemd/system/samba.service is a symlink to /dev/null :O
<nacc> sveinse: which means it's been masked
<nacc> (iirc)
<nacc> hrm, and can't enable it because the inits cript has no runlevels
<nacc> sveinse: ok, nmbd.service and smbd.service are generated
<nacc> sveinse: which means they can be ordered
<nacc> *i thikn
<sveinse> /lib/systemd/system/samba.service is owned by the samba package. Reading samba.preinst and .postinst, shows that it is apparently is doing init.d manipulation and not any .service stuff
<sveinse> which is wierd, if you're getting other results
<nacc> sveinse: what other results?
<nacc> sveinse: i agree samba.service is masked
<nacc> sveinse: smbd.service and nmbd.service exist
<nacc> they are generated
<sveinse> nacc, you mentioned nmbd.service and smbd.service. On my system they don't exist, neither in /lib/systemd nor /etc/systemd
<nacc> sveinse: i just said, agai, they are generated
<sveinse> nacc: so, what version are you getting in your container?
<nacc> not on the filesystem
<nacc> they still exist and are systemd services
<sarnold> oh my
<nacc> see `man systemd-sysv-generator`
<sveinse> nacc: oh, yes, ah, yes yes. systemd makes services out of init.d items, true. That is the service I need to restart to get smbd working
<nacc> sveinse: right, and i think above you were just saying you need to order it? or sorry, missig context
<sarnold> I was suggesting it needed to be ordered
<nacc> sarnold: ah ok
<nacc> so the problem is smbd starting before network?
<sveinse> nacc: for some reason, systemd starts smbd too soon when network isn't available yet (so it coredumps), so I wonder how I can order it when it does not have a service file
<sarnold> after seeing https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=61eaeba2a7a2df61b681b4ea545811569de421d0 earlier I assumed we had systemd unit files for samba...
<nacc> i think we do now
<nacc> but not in xenial
<nacc> so it might need a bug
<sarnold> sveinse: it -coredumps- on interface-not-available?
<sarnold> that sounds like another bug report too, heh
<sveinse> sarnold: I get this in /var/log/samba/log.smbd, https://bpaste.net/show/7e92863d2661
<sveinse> but no core in the mentioned directory (perhaps ulimit is too low)
<sarnold> sveinse: hrm. I'm _guessing_ that they chose to dump core on a huge number of issues, just so they could have something to debug with :)
<sarnold> sveinse: apport might have eaten the core
<nacc> sveinse: pulling up the git repo so i can try help a bit better
<nacc> 2:4.4.4+dfsg-1 is when it was fixed in debian
<nacc> https://git.launchpad.net/~usd-import-team/ubuntu/+source/samba/commit/?id=28a135855171ad2b00821c23e5b4e6b589cd7e1b
<nacc> presumably exactly for this problem
<nacc> as those are all After=network.target
<sarnold> .. which might be before the network is online
<sarnold> did samba switch to IP_FREEBIND or whatever the option is?
<nacc> sarnold: above my pay grade
<nacc> ahasenack: --^
<nacc> (i thinkn he's out right now, though)
<sarnold> nacc: and with the weather as nice as it is right now, this might be the last we see the sun until july 5th
<nacc> sarnold: yeah
<nacc> https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
<nacc> so it seems like *maybe* that hsould be network-online.target
<sveinse> nacc: yes, seems it would
<nacc> sveinse: the "right" fix (least sensitive/invasive) for 16.04 is to put the right headers i the lsb file
<nacc> with a $network depedency
<nacc> which will translate to a Wants/After network-online.target
<sveinse> You guys think its safe to pick a backported samba in a production server?
<nacc> no
<nacc> :)
<sveinse> (horrible question)
<nacc> but i also don't think it's safe to run samba ;)
<sveinse> tell that to all the win guys who think they rule the world
<nacc> sveinse: intneresting
<nacc>  /etc/init.d/smb *does* have $network
<nacc> err, smbd and nmbd
<sveinse> Our router is handing out DHCP IPs, even to servers with "fixed" IP. Could it be that assumption? Because $network in that context is when ip is up, not when dhclient has done it's job, right?
<nacc> https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ syas $network gets intnerprted by systemd to mean wait on network-onlinne.target
<sveinse> horrible failure mode from smbd thou
<sarnold> that could sure explain why you see it and yet we're not over-run with this complait on irc every day...
<nacc> sveinse: ah but yeah, that could imply you are in network-online already
<nacc> before you actually are :)
<nacc> sveinse: check `systemd-analyze critical-chain smbd.service`
<nacc> see if it is ordered correctly
<sveinse> interestingly its after network-online.target
<sarnold> nacc: nice :)
<nacc> yeah
<nacc> so it did it "right"
<nacc> the issue is your system thought it was 'online' before it was, for some meaning of 'online' and 'think'
<nacc> well, 'thought', but conjugated
<sveinse> yes
<sveinse> well, then it's time to argue with the router infra guys about why I need to set a fixed ip and not run dhcp :D
<nacc> sveinse: i guess you could trawlt he log and see 'when' you got "Reached target Network is Online" and see if it is correct
<sveinse> hmm. the journal does not mention "online", but systemd-analyze said it happened at 24.227s. I wonder if I can get journal -b0 to dump with entries in seconds since startup rather than using wall clock
<nacc> sveinse: hrm, my journalctl does show the line
<nacc> sveinse: in a 16.04 lxd
<sveinse> nacc: It does. My bad. grep online does not find "Online"
<nacc> sveinse: ah :)
<nacc> sveinse: if you don't mind, before you EOD, can you check if there is a bug for the samba systemd units as they currently are (ref the commit i gave above) and that it's a behavior change to depend on network.target when 16.04 depended on network-online.target (implicitly via $network)
<sveinse> network online is 1 second after getting dhcp address.
<sveinse> now here is an interesting thing: I see that nmbd starts after network online. But smbd starts well before network online and "network"
<nacc> sveinse: even in the critical chain output?
<sveinse> https://bpaste.net/show/44fad5355fa9
<nacc> that's after nmbd.service
<sveinse> Do I read that smbd is depending on nmbd?
<nacc> so if nmbd.servic is after nnetwork-online, so is smbd :)
<nacc> sveinse: top-level is the one you asked for, then each little down is a dependency
<nacc> smbd.service depended on nmbd.service depended on network-online.target depended on ...
<nacc> and if you depend on something (in this parlance) we mean it started after
<sveinse> snipping parts of the journal logs: https://bpaste.net/show/722f3f847e68
<nacc> very strange
<nacc> i suppose it's possible for systemd to start a unit twice and only emit the second one
<nacc> but that would imply you've done some local config to force smbd to start
<sveinse> nacc: not deliberately...
<nacc> sveinse: hrm, i genuinely don't know
<nacc> sveinse: i would file a bug -- it feels like something is wrong, but i don't know what
<nacc> i would file against both samba and systemd, tbh
<nacc> sveinse: that log does imply a race, for some reason, between dhclient starting and finishing and smbd starting
<nacc> sveinse: which does read like ad ependnecy on network rather than network-online
<sveinse> I've got /etc/init.d/samba AND smbd and nmbd. Do you have this in your container?
<nacc> sveinse: yeah
<sveinse> ok, thanks
<nacc> samba is like the meta-service
<nacc> it makes sure smbd and nmbd are running
<nacc> oh and samba-ad-dc
<sveinse> yes, you'll see that in the journal paste as well. In proper relationship to "network online"
<nacc> yeah
<nacc> it's clearly a bit of a thundering herd there
<nacc> all that gets logged in the same secod :)
<nacc> and given logging, it's also possible we are seeing weird output that is not related to the actual order
<nacc> i mean it coudl be racy writing to the journal
<sveinse> nacc: isn't the journal race safe? I.e. it writes the entries "mutex"-wise in the order they're received?
<sveinse> but granted, the services might be out of orders over the cpu cores
<nacc> sveinse: i'm not sure, i meant simply that i'm not sure what guarantees the order things are written is the order in which they are received
<nacc> e.g., it might have receive 4 parallel service starts
<nacc> those all get shown as starting, in some order, because ... well, we can't read parallel
<nacc> but they really all started simultaneously
<nacc> i don't trust the timestamps of the journal to tell me that :)
<sveinse> nacc: no, agreed
<sveinse> the timebox for fixing this thing is up soon, but what exactly do you want me to do with this? I suppose report it, but with what data?
<nacc> sveinse: yeah, `ubuntu-bug samba`, with whatever you can summarize out of the above
<nacc> ahasenack: should see this in his backlog whenn he's back too
<nacc> sveinse: i'm out for a while, so he's likely to be the one to help
<sveinse> heh, ubuntu-bug samba asks "How would you best describe your setup?" 1) I am running a Windows File Server, 2) I am connecting to a Windows File Server, C) Cancel... Eeehh. None of the above. :P
<nacc> sveinse: it *might* just be easier to do a https://bugs.launchpad.net/ubuntu/+source/samba/+filebug
<nacc> sveinse: and maybe mentio that the above options are a bit limited :)
<sveinse> nacc: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1733011
<ubottu> Launchpad bug 1733011 in samba (Ubuntu) "smbd crash after reboot" [Undecided,New]
<nacc> sveinse: thakns
<sveinse> nacc: thanks yourself
<sveinse> Now I need to fix something else
<nacc> sveinse: yeah that's *really* weird, but you did a good job summarizing it ...
<drab> is there some kind of very small ubuntu based distro to be used for rescue?
<drab> (I know I asked about this already, bust still looking)
<drab> damn small linux seems discontinued, ubuntu is huge (1.5GB)
<drab> ideally I'd use mini.iso, but it doesn't provide a bootable system, only install (same for server)
<gun1x> is docker foss ?
<nacc> gun1x: a question for docker, presumably.
<gun1x> nacc: nevermind, found my answer
#ubuntu-server 2017-11-18
<drab> any idea why an iso that would boot just fine locally (in virtualbox) would not boot over the network? I get an error about root device not being found and get dropped into initramfs
<TJ-> drab: sharing it via NFS ?
<drab> TJ-: no, I'm loading the whole iso via memdisk, boot over http, and I think I figured out the problem
<drab> I removed quiet splash and I can see the error /init: line 7: can't open /dev/sr0: no medium found
<drab> which makes sense, when I test with virtualbox it's mounted as the cdrom
<drab> when it's pulled in via network it's not... and I've no idea where it is
<drab> I wonder why other isos work, like UBCD
<drab> but not ubuntu liveCD
<TJ-> right. I recall a similar issue about 10 years ago whereby on certain Dell PowerEdge servers with SCSI CD-ROM, the installer would boot and then fail trying to mount /dev/sr0 - in that case the initrd didn't contain the correct scsi drivers
<drab> not sure it's a driver issue, I think it's a path issue, like I said it works just fine with UBCD or even systemrescueCD
<drab> so the approach to use memdisk + iso raw works if the iso is setup in a certain way, just not sure what way that is
<TJ-> yeah, I was just pointing out another failure mode that might be related
<drab> fair enough, will keep that in mind, thanks
<TJ-> could it be the path on the kernel command-line?
<TJ-> if you're dropped to shell in the initrd, you can examine the state of the system
<drab> yeah I'm trying to, cant figure out how, initramfs has no fdisk
<drab> not sure how to list the available drives and stuff
<TJ-> "cat /proc/partitions"
<TJ-> also /dev/block/
<drab> oh, right, forgot about /proc, will try that, rebooting into it, was just testing UBCD again
<TJ-> I'm trying to figure out why your error report is /init line 7 ... that isn't from the standard initramfs-tools/init
<TJ-> which ISO image is it so I can check?
<drab> it's the ubuntu desktop 64bit, I then mounted the squash file and removed all bunch of porgram to slim it down, but didn't touch any of the init/kernel stuff so that should be intact
<drab> 16.04
<TJ-> OK, 16.04 (the original) or 16.04.1, .2, .3 ?
<drab> .3
<drab> I see running casper-premount script, then the flood begins
<drab> stdin: not a typewriter
<drab>  /init: line 7: can't open /dev/sr0: No medium found
<drab> repeats that about a hundred times and then drops me in initramfs saying "unable to find a medium cotaining a live file system"
<drab> which looking at /proc/partitions I guess makes sense, I don't see any place where the iso has been mounted in memory, but maybe I'm misunderstnding how memdisk works
<drab> http://www.syslinux.org/wiki/index.php?title=MEMDISK
<TJ-> drab: OK, it's not about the /init! just extracted it and it is the /usr/share/initramfs-tools/init file. Line 7 is "[ -d /dev ] || mkdir -m 0755 /dev" ... so it must be referring to some file being sourced or called
<drab> the thing tho, ubcd and systemrescuecd work, so somehow it's possible to boot the iso just fine over http
<TJ-> right, but need to know which bit of code is failing so as to know what to give as parameters to fix it
<TJ-> what's the actual kernel command line? (cat /proc/cmdline) ... does it include boot=caper
<drab> TJ-: I think I'm gonna try a diff route, with squashfs booting, because this way even if I get it to work I'm still ending up with a much larger image than I need and a two stages boot
<drab> TJ-: yeah it does
<drab> boot=cascpe initrd=/casper/initrd.lz --- priority=low
<drab> casper*
<drab> that's the whole cmdline
<TJ-> drab: ok, so we know ./scripts/casper should be executed
<TJ-> the only thing 'cd' related was line 7 of that file: "scripts/casper:7:mountpoint=/cdrom "
<TJ-> but that wouldn't cause the line 7 error you reported
<drab> yeah that's probably it, since it's trying to mount /dev/sr0, the cdroom, to access the install medium
<drab> why not?
<drab> it seems to make sense to me
<TJ-> because it's only a variable assignment, not a command
<drab> initrd has booted and is trying to mount the installation  medium on /cdrom
<drab> oh, I see
<TJ-> can't open /dev/sr0: no medium found suggests a "mount" command
<drab> right
<TJ-> one thing I just noticed in ./scripts/casper::mountroot() is it writes to "./casper.log" ... might be something useful in there
<TJ-> Got it!
<drab> TJ-: ?
<drab> in the meantime I failed badly at squashfs :(
<drab> I gues sI don't understand the boot process enough
<drab> and this seems mighty hard, much harder than I thought it'd be at least
<drab> in theory it seems pretty damn simple... fetch a file containing a root filesystem and mount it in ram, point init to that as the root device
<drab> but that seems asking for too much
<drab> at most I got an installer session going with a debootstrapped squashfs
<drab> but I can't get it to boot into it as if it was a normal root
<TJ-> ./scripts/casper::mountroot() calls ./scripts/casper::find_livefs() which iterates over /sys/block/ then calls ./scripts/casper-helpers::get_fstype() which calls ./bin/fstype (from the klibc-utils package (/usr/lib/klibc/bin/fstype on an installed system), which returns "No medium found" - try it locally with an empty CD/DVD drive and you get: "/usr/lib/klibc/bin/fstype /dev/sr0" >> "/dev/sr0: No
<TJ-> medium found"
<drab> wow that's cool that you figured it out
<TJ-> :)
<drab> I'm still stuck with an unbootable system tho :(
<TJ-> so, the upshot is, this is a warning as such not an error :)
<drab> heh
<TJ-> as in, it would be OK for CD-ROM drive to be empty (might be more than one in the system)
<drab> makes sense
<TJ-> however, if that fs_type binary returns non-zero as well as reporting it, the scripts may exit if they're running with "set -e" (means shell will exit on any error status returns) Not sure ./init is doing that but it's worth considering
<TJ-> so if you want to retry this method and it drops into the initrd shell again, the first thing I'd do would be to "cat ./casper.log" in case there's clues there
<drab> I tried that, didn't see anything interesting
<TJ-> were there messages in it? those can be valuable since tey indicate HOW FAR the execution got, and from which it is possible to figure out where the scripts died
<TJ-> there's a fingerprint like line numbers
<TJ-> s/there's/they're/
<drab> nope, just the repetition of the stuff I typed above, but will look again
<drab> the thing is, looking at /proc/partitions, I don't know there the root OS is
<drab> I thought the syslinux memdisk would have loaded the iso in ram
<drab> and the root be available at something like /dev/ram0
<drab> but I didn't see anything like that
<TJ-> it's in casper/filesystem.squashfs
<drab> I give up... don't get why it's so damn hard, all the tech is there, ramdisks, fetching squashfs, mounting, root pivot
<drab> but I've tried about 2 dozen combinations and scripts and always end up with some problem or another
<TJ-> what are you doing? local boot, or network?
<drab> network boot from iso or squashfs, not using nfsroot
<TJ-> PXE then?
<drab> so I can get a rescue system going to fix systems on the lan
<drab> yeah, PXE
<drab> I already pxe install stuff all the time, so the sever/dhcp and so on is in good shape
<drab> and like I said systemrescueCD or UBCD pxe boot from the iso work
<drab> but I want ubuntu/apt
<drab> for some reason there's no ubuntu based rescue CD, don't know why
<TJ-> that's because the LiveCd is used for such things
<drab> I found this in one of my last attempts, but it also fails: https://www.slax.org/en/
<drab> in a very similar way... can't mount the root fs and drops me into a initramfs shell
<drab> it's even got a slack ipxe fetching an iso from http/the internet, so you'd think that'd work, but fails in the same way
<TJ-> have you considered it's your network?
<drab> I have not, if it was why would: 1) pxe installs normally work 2) pxe boot of UBCD and systemrescueCD work ?
<drab> isn't that enough to rule out it's my network?
<drab> I can even pxe boot a squash filesystem I custom made
<drab> the only problem is that it boots into the installer
<drab> instead of booting a usable system
<TJ-> we had a very similar issue in #maas where the network seemed to be dropping packets
<TJ-> how is the rootfs being provided? what protocol?
<drab> http
<drab> from local server, same pxe is running on
<TJ-> you're using PXE > memdisk > ISO ?
<drab> that was the hope, yes
<TJ-> what's the PXE/TFTP config for the Ubuntu menu entry?
<drab> and if I use nfsroot that also works, booting the liveCD "Try without installing"
<drab> sec
<drab> http://dpaste.com/305NG8W
<drab> the iso is a straightdownload from ubuntu.com
<TJ-> Question: for the working ISO boots, are they all contained within their initrd.img files? no additional rootfs to be fetched?
<TJ-> The thing is memdisk uses x86 real-mode interrupts, and loads the image into RAM. But once Linux starts it switches to protected mode which no longer has access to the real-mode access. There are workarounds involving finding the ISO image in RAM and loading a kernel module that maps/mounts it as a memory block device
<drab> TJ-: http://dpaste.com/0C7EP8J it's all the same for all ISOs
<drab> that's a straight iso download from http://www.ultimatebootcd.com/
<drab> TJ-: I also found this, but could not get it to work either: https://github.com/medallia/ramroot
<drab> it sounded exactly like what I wanted (and motivated by the same reason - avoiding nfs)
<TJ-> the reason UBCD works is it has a self-contained squashfs inside the initrd.img
<drab> fair enough, I guess it makes not much of a diff to me, maybe I'll look how to back the squashfs into the initrd
<drab> rootram tho looks lik eit's doing the right thing, ie what would logically make sense to me
<drab> create a ramdisk and wget the root fs and untar it to it
<drab> however I'm stuck on "tar: applet not found"
<drab> https://github.com/medallia/ramroot/blob/master/initramfs-tools/scripts/ramdisk#L46
<drab> which seems to be happenig there
<drab> no clue why busybox tar would fail like that...
<TJ-> not sure why we can't just add a simple http client fetch inside initrd for these boots. it'd be relatively small and simple
<TJ-> I wonder... there's tricks with bash that could do that :)
<TJ-> drab: you've given me a challenge now. the ubuntu intrd has ./bin/wget provided by busybox so it's possible to fetch the ISO into a tmpfs, loop mount it, and mount the squashfs
<drab> TJ-: dude if you got that working it'd be the best early xmas present anybody ever game me :P
<TJ-> just trying to think if it could be done without needing special arguments on the command line :D
<TJ-> in *theory* it could be the last-ditch fallback if the other methods fail, before the final drop to shell
<drab> another random question as I'm trying to make ramroot work at the same time... if possible
<drab> I found out that for whatever fun reason the busybox shipped in ubuntu does not come with tar... hence the fail
<drab> I apt-get'ed the source for busybox-initramfs
<drab> but it's not obvious to me wwhere the applets are enabled (normally it seems you'd run make menuconfig and pick)
<TJ-> drab: did you try telling memdisk it's a "hardisk" image not "iso" - after all, the ISOs are hybrid
<drab> TJ-: yes, I saw that and tried that too, made no diff
<TJ-> OK.. it got into the initrd though?
<drab> because indeed fdisk -l showed it was a disk like in the example they gave
<drab> ?
<drab> lost you there, what got into the initrd?
<TJ-> I mean it booted as far as the initrd then failed the same way it does with 'iso' method - dropping to shell
<drab> yeah
<TJ-> right, that really does confirm the problem there is the switch from real-mode to protected 'loses' access to the im-memory image
<TJ-> That ramroot project is OK, but misses the point. It could easily work with the existing ISO/squashfs images rather than enforcing having to repack it as tar.xz
<drab> TJ-: I can't get that to work either... recompiling busybox now, seems a rather wacky choice to ship busybox without tar...
<drab> I don't even know why/how it worked for him to begin with
<drab> maybe it used to ship it in 14.04
<TJ-> we want it small as possible, and don't need tar in the initrd
<drab> yeah, I guessed as much, which makes sense
<drab> just been a long saturday... and thank you for helping, really appreciate it
<TJ-> I did all this stuff years ago; got scripts that automatically configure the PXE server for ISOs so it's simple to deploy, but I use NFS.
<TJ-> in case there's any nuggets in it, this is it from 10 years ago: http://tjworld.net/wiki/Linux/Ubuntu/NetbootPxeLiveCDMultipleReleases
<drab> TJ-: yeah, I have that working (with nfs), the whole problem started when trying to do this over http
<drab> nfs based stuff is no issue, works pretty well
<TJ-> yes, I understand
<TJ-> the end of the article deals with patching the ISO initrd
<drab> thanks, checking it out
<TJ-> back then the network modules weren't built-in to the kernel nor included in the initrd, so I had to modify it for getting netconsole
<drab> bah, got past the tar issue but now getting a whole new bunch of errors I can't even see because it scrolls too fast and then I can't page up, it's all locked up
<TJ-> failures during extraction maybe?
<TJ-> one per file in the image maybe?
<TJ-> you repacked the rootfs as a tar.xz I assume?
<drab> yeah
<drab> can't see where it's erroring first, scrolls real fast and dies, I see errors can't create /root/lib/firmware, can't mount /dev on /root/dev and eventually tar fs doesn't have /sbin/init
<drab> so it does sound like untarring an setting up failed somehow
<drab> I wonder why it all locks up, normally the initramfs prompt is usable and I can at least scroll up
<TJ-> did you increase the memtotal size to account for the size of your rootfs when uncompressed?
<drab> TJ-: for rootmem? no I didn't think of it, it wasn't in the instructions and I thoguht tmpfs was dynamic these days (and would have worst errored if no more space was not available)
<drab> but I have 4Gbs and the img is 100MB so I thought it wasn't a problem
<TJ-> look at the ramroot script, line 29. it defaults to 500MB which must take the uncompressed image. if not you have to set memtotal= on tha kernel command-line
<drab> TJ-: the unextracted/before tar ramroot is 400MB, but I will try
<drab> also I realized that earlier I tarred chroot, ie the tar would have chroot/{etc,var...} and maybe that's also no good
<drab> so retarring with the tar straight into the root
<TJ-> haha yes that'd be a problem
<TJ-> tar needs to start in the root of the rootfs :)
<drab> holy cow
<drab> there's good news and bad news
<drab> the good news, it booted \o/
<TJ-> lol
<drab> the bad news, I guess it's missing some usb module because the usb keyword plugged doesn't work
<TJ-> check for usb_hid I think it is (human interface device)
<drab> check where?
<drab> I'd thought everything like that was included in the stock kernel I installed in the chroot (and loaded), but maybe not
<TJ-> it should be in the kernel image itself
<TJ-> i've had that previously where it needed some specific USB chipset driver to bring up the USB side
<TJ-> check "find /sys/bus/usb/ " see what's there
<drab> cant' type so can't check :)
<drab> but I'm looking in the chroot
<drab> to see if the module is there, I used linux-virtual-image which installs a minimal kernel
<drab> and doing /lib/modules/4.4.0-21-generic/kernel# sudo find . -name "*usb*" returns nothing
<drab> so they may not be there after all
<drab> yeah on my desktop that returns a lot of stuff, including usbhid.ko
<drab> trying again adding a diff kernel in the chroot
<TJ-> right; virtual-image doesn't need USB
<drab> it's gonna make the img fat tho...
 * drab scratches his head
<drab> also seems I've recompiled busybox I'm thinking I could also make the root tar bz2 instead of xz
<drab> should make it much smaller
<TJ-> if you want to boot bare hardware it's better to have it builtin - in case the initrd fails :)
<TJ-> you could, but ramroot only supports xz as far as I noticed
<drab> yeah, well, in theory I guess I should just compile a static kernel
<drab> TJ-: I think it's just the code, to make it more portable as most busyboxes prolly aren't compiled with bzip2
<drab> but maybe have xz, so I can prolly just change that part of the code to uncompress the tar
<TJ-> it's using pixz for decompressing; you'll need to add code to ramroot script if you're going to use bz2
<drab> yeah
<drab> that's about 200MB more of modules... kinda whack, but let's see if it works
<drab> I guess if it does then I'll spend time compiling a kernel statically and adding a whole bunch of stuff, but avoiding modules I don't really need, like sound
<drab> comes to 180Mb vs 100MB it wa before
<drab> yep, bingo! got keyboard and even a nice framebuffer and it was up and running pretty quickly overall
<TJ-> :) well done
#ubuntu-server 2017-11-19
<drab> it only took two afternoons...
<drab> rebuilding a trimmed down version, I think I got rid of everything I could safely got rid of
<drab> hopefully I didn't break it
<drab> I'm now at 111MB with all the modules
<drab> \o/
<drab> memtotal seems to have no bearing, I think the problem I had was that I messed up the tar...
<drab> this desktop I'm testing on has 6Gb and I see tmps / 5.8Gb 531MB used
<drab> so it seems to just use whatever there's available
<TJ-> Yes, I think so too
<TJ-> yes, that's how tmpfs works
<drab> this is pretty damn cool, could even apt install xorg and get fluxbox going, in case people want to test something GUI
<drab> now if I could figure out how to change the motd to give some instructions...
<drab> can't find where all the ubuntu blah blah blah comes from... wiki says update-motd and mentions landscape, but none of those are debootstrapped
<drab> anything I put in /etc/motd gets appended to that, not replacing it
<TJ-> isnt't there an /etc/motd.d/ ?
<drab> nope, not in the debootstrap chroot
<TJ-> I'm pretty sure it uses runparts to call scripts to fill it
<drab>  /var/run/motd.dynamic has some bits of it, not sure how that's genarated tho and it's not the full motd
<drab> I have no /etc/update-motd.d of sort
<drab> and no /etc/init.d/motd either
<drab> don't see a systemd motd unit either
<TJ-> "dpkg -S motd "
<drab> I'm blind
<drab> sometimes I wonder how my brain works...
<drab> there is /etc/update-motd.d/ ...
<drab> it's from base-files
<TJ-> ahh sorry, I forgot the proper path name
<drab> I think I did check that, somehow failed to see it, good call on dpkg -S
<drab> bit burned out...
<TJ-> :D
<TJ-> it's my goto, followed by apt-file search
<drab> very opinionated, contriverd and overall messy, but in case anybody ends up needing it for now I've dumped the whole process in a gist
<drab> https://gist.github.com/spikedrba/057acad8b3bfb0266544347ced8b53d4
<drab> it's actually fairly convoluted, especially to save space
<drab> will turn it into a script or something tomorrow, but that's enough for a saturday, considering it a win
<drab> thanks TJ- for all the support
<TJ-> be great to be able to mount the rootfs using webdav :)
<TJ-> you're welcome
<drab> lol, you know what, I actually looked at it :P
<TJ-> it's the obvious alternative to NFS if we want to use HTTP
<drab> the main problem seems to be filesting not really being supported
<TJ-> shouldn't be too hard to do
<drab> but maybe I misunderstood and stuff
<drab> generally speaking this imho would be a pretty darn good thing to have in a usable/stock fashion
<TJ-> so the target only needs to fetch the files it needs from the untouched ISO/squashfs on the server, rather than transfer the entire thing over
<drab> especially in the world of containers
<drab> where running something like nfs-kernel-server is not quite an option
<TJ-> I think the MAAS stuff with image-streaming for clouds might be the best thing - use what's already available
<drab> I guess I should look at that again
<drab> I didn't see a clear path to get a rescue system out of that
<TJ-> no, I was more thinking about incorporating that image streaming into PXE  boot methods. currently it only supports TFTP and there is a PR to add HTTP support, so WEBDAV wouldn't be a long stretch
<drab> ok, I'm down to 90MB compressed, fully functional with all the drivers etc, custom motd with autologin and blazing fast to a ramdisk installing additional sw
<drab> polished into a script that does all the building and spit up 3 files, roofs.tar.xz, vmlinuz and initrd.img ready to go to the pxe server
<drab> \o/
<faekjarz> hi, is "dmesg | grep -i edac" the only method of verifying that ECC RAM is actually running in error correcting mode? greping for edac returned nothing, and greping for "error", "ecc" or "memory" returned nothing indicative of ECC mode.
<TJ-> faekjarz: see "man 1 edac-util"
<faekjarz> TJ-: No manual entry for edac-util â¦oops *install edac-utils* (it's edac-utilS, btw, with an s ;)
<TJ-> :D
<TJ-> indeed
<TJ-> the man-page is edac-util though
<faekjarz> k :)
 * faekjarz goes off and reboots the machine that runs the router
<faekjarz> edac-ctl --status returns "drivers not loaded." In /lib/modules/4.10.0-38-generic/kernel/drivers/edac are quite a lot of candidates, certainly edac_core, should i modprobe others on my Core i3-6100T? amd64_edac_mod, maybe? (I'm running 16.04 w/ the HW enablement kernel)
<TJ-> faekjarz: amd edac driver on an Intel CPU?
<faekjarz> well, i thought it refers to AMD64 64 bit instruction set. i already discarded edac_mce_amd.
<faekjarz> oh, right it depends on edac_mce_amd, i'll give skx_edac a shot
<TJ-> faekjarz: no; it'll be one of the i*.ko drivers, it depends on the chipset of course
<drab> .o/
<faekjarz> aye, the i3-6100T is a skylake
<drab> urm, something really strange is going on with busybox and initramfs
<drab> the fs where I generated the initramfs had /etc/resolv.conf configured
<drab> however when booted I get dropped into an initramfs shell because an address can't be resolved and indeed /etc/resolv.conf is missing
<drab> but pinging ips work as it works if I add /etc/resolv.conf and then ping hostnames
<drab> the dns was correctly passed with dhcp because the network script shows it
<drab> even stranger, and probably unrelated, after I started a ping to check I can't quit that anymore
<drab> Ctrl-c has no effect
<drab> so now I have to reboot and can't get back to the initramfs prompt
<drab> really strange
<faekjarz> Are those EDAC modules even required for ECC RAM to correct errors, or do they only provide an API for reporting and logging tools?
<trippeh> faekjarz: pretty sure bios/uefi handles that, but you may need the drivers to control policy on multi-bit errors?
<trippeh> ie kill process or panic/reboot
<trippeh> with multi-bit I mean uncorrectable
<trippeh> have to run.
<faekjarz> trippeh: ok. Do you hav an idea why i can't load skx_edac? I mean, ok, modinfo says "MC Driver for Intel Skylake server processors" and some might consider an i3-6100T not a server CPU. â¦but it sure is Skylake. i7core_edac loads without errors, but doesn't seem to expose a memory controller to edac-util / edac-ctl
<arunpyasi> Hi everyone, what respository setup does Ubuntu use in http://us.archive.ubuntu.com/ ?
<drab> arunpyasi: how do you mean?
<drab> arunpyasi: https://askubuntu.com/questions/28355/what-is-the-structure-of-an-ubuntu-repository
<arunpyasi> drab, I mean does Ubuntu use Dak or something else to maintain the repo.
<rbasak> arunpyasi: it uses Launchpad.
<rbasak> The "soyuz" component I think.
<rbasak> It's a fairly independent implementation.
#ubuntu-server 2018-11-12
<ahasenack> good morning
<lordievader> Good afternoon
<ahasenack> rbasak: hi, I don't think cpaelzer will do reviews this week, could you take a look at the two small mps I have up? backupd and openldap, just pushing to disco what I have standing by as srus already
<cpaelzer> I'm here :-)
<cpaelzer> once I got kstenerud busy I can look as well
<cpaelzer> after lunch maybe
<ahasenack> oh, ok
<frickler> jamespage: coreycb: this affects openstack testing, but I'm not sure which pkg this should be filed against, would be great if you could take a look: https://bugs.launchpad.net/keystone/+bug/1802901
<ubottu> Launchpad bug 1802901 in OpenStack Identity (keystone) "Federation functional job failing on Bionic" [Undecided,New]
<rbasak> cpaelzer, kstenerud: looks like I missed my triage last week. Do you want that, too? I'm happy to do it if not.
<jamespage> frickler: peeking now (been stacked with something else)
<TheHonorableKitt> can someone please help me figure out why startx keeps failing on my ubuntu server? (I don't plan to use this constantly, I just need a gui for a certain script to work): https://pastebin.com/B5RP07mk
<TheHonorableKitt> the pastebin is my Xorg.1.log file
<TheHonorableKitt> forgot to note, I'm on Ubuntu 18.04LTS server
<cpaelzer> rbasak: can we join tomorrows standup a bit earlier like 15 minutes?
<compdoc> what gui you trying to start?
<cpaelzer> kstenerud:  and I would like to check with you which of the git ubunut issues we ran into are known issues or not
<cpaelzer> and searching bugs sometiems is inefficient, you might jst know - so checking that being the three of us would work best
<TheHonorableKitt> I just ran 'startx' and it fails. I guess I'm trying to start XUbuntu-desktop?
<compdoc> if its Server, there is no desktop installed
<compdoc> unless you installed it
<ahasenack> TheHonorableKitt: maybe you ave no xorg driver package installed
<TheHonorableKitt> I know, I ran 'apt-get install xubuntu-desktop'
<ahasenack> it tried a few, but couldn't even use framebuffer
<TheHonorableKitt> this _is_ a linode server, so I'm not hosting it myself, but I see no reason for it not to work unless it's a local config issue
<compdoc> TheHonorableKitt, i used to install Mate on ubuntu server and had to do this:  https://pastebin.com/WVXvNuF2
<TheHonorableKitt> *sigh* apparently xubuntu screws up my system, it keeps causing putty to fatally crash and won't fix unless there's a reboot
<TheHonorableKitt> guess I'll have to go with a different option than that, I'll look at what you have compdoc
<compdoc> I installed Mate so i could use x2go remote desktop. with 18.04, I dont have to use Mate anymore. just use a minimal desktop install, and xrdp
<compdoc> TheHonorableKitt, just saying you might need a little more tweaking than just installing xubuntu
<TheHonorableKitt> that you gave me there, with mate-session, also failed
<rbasak> cpaelzer: sure
<rbasak> cpaelzer, ahasenack: looks like backuppc is orphaned in Debian. Have we talked about dropping it from main, or was that some other package?
<ahasenack> hm, I didn't know that
<ahasenack> rbasak: but they merged my dep8 branch
<ahasenack> rbasak: https://salsa.debian.org/debian/backuppc/merge_requests/1
<rbasak> Oh, I'm sorry
<rbasak> "ITA: someone intends to adopt this package"
<rbasak> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887490
<ubottu> Debian bug 887490 in wnpp "ITA: backuppc -- high-performance, enterprise-grade system for backing up PCs" [Normal,Open]
<ahasenack> what's ITA?
<rbasak> Intent To Adopt
<rbasak> https://www.debian.org/devel/wnpp/
<ahasenack> looks like many people are interested
<rbasak> cpaelzer: any action needed on bug 1764314? It's in my 180 day report.
<ubottu> bug 1764314 in netcf (Ubuntu Cosmic) "libvirt doesn't show all interfaces" [Medium,Triaged] https://launchpad.net/bugs/1764314
<rbasak> (the netcf task)
<ahasenack> rbasak: around?
<ahasenack> rbasak: did we stop retrying apt-get update in git-ubuntu build? https://pastebin.ubuntu.com/p/HZbZ7KGhr8/
<ahasenack> it looks like it gave up on the first try
<ahasenack> line 61
<ahasenack> smoser: that came from your build fixes branch perhaps? ^
<TheHonorableKitt> ran 'apt-get upgrade' and now my ssh sessions just time out and freeze, requires reboot to resolve, but just happens again
<TheHonorableKitt> ughhhhh
<rbasak> ahasenack: smoser IIRC added code to make sure the container really is ready instead of just retrying apt update
<rbasak> But "ready" meant cloud-init done
<rbasak> Perhaps unattended-upgrades is interfering with that?
<rbasak> Or else, anything else that calls apt?
<rbasak> TheHonorableKitt: if you can isolate an update that's causing it please, I'd be happy to look. Unfortunately we need more details than that though :(
<TheHonorableKitt> alright, here's a list of upgradable packages for my server: https://pastebin.com/9qdhZiPs
<TheHonorableKitt> so one of those packages when updated is causing my ssh to time out and freeze after a few minutes, requiring a reboot to reset
<TheHonorableKitt> Here's the only error I see during the upgrade: https://pastebin.com/Nu7AAbXi
<TheHonorableKitt> O.o looks like I don't even have /etc/fstab directory uhhhh....any idea how to fix this?
<openfire> It's not a directory.
<TheHonorableKitt> derp it's not a directory
<TheHonorableKitt> lol
<rbasak> penssl/bionic 1.1.1-3+ubuntu18.04.1+deb.sury.org+3
<rbasak> TheHonorableKitt: ^ what's that?
<rbasak> TheHonorableKitt: can you try using no third party packages?
<rbasak> Otherwise we can't tell if it's a problem with third party packages or with something published by Ubuntu.
<TheHonorableKitt> I'm not entirely sure what that is tbh?
#ubuntu-server 2018-11-13
<rbasak> Looks like you have third party apt sources enabled.
<rbasak> Look in /etc/apt/sources.list and /etc/apt/sources.list.d/
<rbasak> If you add third party sources, you allow problems in those third party sources to break your system.
<rbasak> I don't know for sure what's causing your breakage here, or if it's caused by a third party source.
<rbasak> But it's the first thing to eliminate, and the bump of openssl by that third party source makes it look more likely than not in this case, IMHO.
<rbasak> (given the symptom you're reporting)
<TheHonorableKitt> thanks man, I'm gonna take a look at that, thanks very much
<patz0r> hello, does anyone know how I can create a mirror of my OS drive to a second disk (OS already installed)
<patz0r> I experienced some kind of issue and could not do it during installation
<cpaelzer> patz0r: no guarantee for your data as that is just a page I found, nothing I own - but https://www.considerednormal.com/2016/10/configuring-software-raid1-after-installation-of-ubuntu-16/ looks good I'd think
<patz0r> thanks i'll check it out, worst case i can re-install but i'd have to do it over IPMI which i'd like to avoid
<patz0r> it wouldn't allow me to create a mirror during install though, i could select both disks but not proceed through the md creation
<cpaelzer> rbasak: no further action needed, I updated the bug
<patz0r> cpaelzer, i'm going through that article you linked now, do you know whether I need to manually copy my 'efi filesystem' partition or if I can just do my linux filesystem?
<cpaelzer> patz0r: sorry I don't know, I'd think you better keep the efi out of the raid to be sure
<cpaelzer> just raid the other partition
<cpaelzer> and keep the efi out of it
<patz0r> cpaelzer, thank you, I will try that
<ahasenack> good morning
<ahasenack> smoser: rbasak: retrying apt-get update for a few times is one of the first things that was added to charmhelpers a long time ago, to give you an idea of apt-get update's reliability :)
<ahasenack> rbasak: in this specific case, I think it was because the container was shutdown while some apt job was running, and that left a lock file in place
<ahasenack> to generate a disco base image, I had to deploy cosmic, release-upgrade, and generate an image from that, since we don't have disco images yet (or didn't, haven't checked today)
<kstenerud> Does anyone know why rmadison prints multiple unstable releases for a package? For example rmadison -u debian nspr
<kstenerud> or dovecot
<xnox> kstenerud, why not? it's not illegal to publish multiple versions of a thing in a suite.
<xnox> plus this is results from dak's postgres database
<xnox> kstenerud, this $ rmadison -u debian -S nspr -s unstable
<xnox> might explain it better
<xnox> 4.12-2 built on hurd-i386, 4.19 built on kfreebsd, 4.20 on linux-any
<ahasenack> kstenerud: could you please also upload a disco package to ppa:kstenerud/cosmic-fetchmail-gmailssl-1798786 ?
<ahasenack> kstenerud: in the future you can drop the ${distro} prefix from ppas, as they can hold multiple releases
<ahasenack> kstenerud: can you please squash the two changelog commits? https://code.launchpad.net/~kstenerud/ubuntu/+source/fetchmail/+git/fetchmail/+merge/358699
<ahasenack> kstenerud: then I'm ready to sponsor
<ahasenack> if you want
<smoser> ahasenack: yes. there is no reason to retry apt-get update
<ahasenack> remember hash-mismatch errors? I still get those every now and then
<xnox> ahasenack, on which repos and which releases?
<smoser> that is only possible on < xenial.
<ahasenack> so I was told
<xnox> i only get it against debugsysms repo
<ahasenack> but I get it even in bionic
<xnox> cause that repo doesn't have by-hash publication.
<ahasenack> the cause might be different: might be a mirror being updated in a bad way
<xnox> ahasenack, but which archieves of bionic?
<ahasenack> a mirror
<xnox> ahasenack, which mirror =)
<ahasenack> br.archive.ubuntu.com
<smoser> yeah... its 2 separate things.
<xnox> and how it's done, and does it publish by-hashes?
<ahasenack> I don't know, I don't maintain it. Just saying that retrying apt-get update still has its use cases
<ahasenack> granted, in the case of a bad mirror, retrying for just a few minutes will probably not help
<xnox> ahasenack, we need to see your apt-get update log when it happens
<smoser> on < xenial, its known problem. but in my experience retrying is unlikely to fix the issue. especially retrying within seconds... what change would you expect in that case to make it work?
<xnox> ahasenack, please pastebinit next time it happens.
<smoser> on xenial+, it really should not happen.
<ahasenack> will do
<smoser> and we should not just program in retries to ignore it.
<xnox> but to me it looks like it is updated badly.
<xnox> actually, no, looks fine
<rbasak> A by-hash mirror still needs to sync in the correct order
<rbasak> (new by-hash first, then InRelease update, then delete expired by-hash entries)
<xnox> country mirrors should be using 2stage sync, which does that.
<rbasak> I don't think you can check it's doing that correctly as an external observer.
<xnox> well, i'm trying to spot if their by-hashes are out of date ;-)
<rbasak> You're a human being trying to spot a subsecond race? OK :)
<xnox> rbasak, i believe ahasenack is a human too ;-) and is catching it
<smoser> xnox is not mere human
<rbasak> I said he gets them now and then.
<rbasak> Which is rather different from looking on just one moment :)
<xnox> smoser, i wonder if you gonna come to the curtin + s390x call =)
<xnox> unless it's an rharper only thing.....
<smoser> xnox: you can add me. i have a conflict at the first half hour there.
<smoser> but itmight end early
<zetheroo> I am having trouble trying to monitor the new time/date service on Ubuntu 18.04 with Zabbix. Prior to Ubuntu 18.04 we were able to monitor using the Zabbix key 'net.udp.service[ntp]' but now with timedatectl/timesyncd this is no longer working.
<xnox> smoser, you have mail
<ahasenack> zetheroo: via snmp?
<ahasenack> just curious
<zetheroo> The guys in the Zabbix channel don't seem sure what to do about this so I am asking here ..
<zetheroo>  ahasenack: no, using the Zabbix Agent
<zetheroo> the question is more how things changed in Ubuntu from 16.04 ?
<ahasenack> zetheroo: what exactly was that monitoring before, a process? An open port?
<teward> because in 16.04 it didn't use timesyncd, IIRC it used ntp/ntpd
<teward> with a local only listener
<zetheroo> https://help.ubuntu.com/lts/serverguide/NTP.html.en
<zetheroo> 'Since Ubuntu 16.04Â timedatectl / timesyncdÂ (which are part of systemd) replace most ofÂ ntpdate / ntp.'
<teward> as i said - that's what's changed.
<smoser> ahasenack: wrt retrying... i dropped the apt retry because what it was really doing was waiting fo the system to boot.
<teward> oop i'm tired disregard.
<zetheroo> But, yes, it didn't seem to be an issue with 16.04, only really noticed it in 18.04
<smoser> i replaced that with better logic to determine when the system was booted.
<ahasenack> smoser: ok, got it
<teward> zetheroo: if the key is net.udp.service[ntp] then it's likely it was testing ithe NTP UDP socket locally
<smoser> i'm not entirely opposed to retry-ing on apt-get update... but i'd  lke it to be more intentional
<smoser> ahasenack: does it ever actually fix the problem for you?
<zetheroo> teward: right
<zetheroo> and we were also using this key to look if the process was running: system.run[ntpstat > /dev/null 2>&1; echo $?]
<ahasenack> smoser: not really, it would have to retry for a long time, or I would have to be lucky and the situation (mirror, or flaky network) to resolve itself by coincidence
<smoser> in either xenial or <xenial, you're effecitvely just hoping that the mirror will fix itself during your wait.
<smoser> right.
<xnox> ahasenack, and you are not behind an apt-caching proxy or like a local squid-apt-proxy deployed, anything like that?
<ahasenack> smoser: given the failure, I just noted that the retry was removed, and decided t oask
<ahasenack> xnox: I am, but when that happened I removed the proxy to test, and it still failed
<smoser> so... i dont' see the point in retrying if its not going to do anything in the majority of cases.
<ahasenack> xnox: of course, after a while (30min?), it worked again
<xnox> ahasenack, but did you clear local apt state too?
<zetheroo> since 18.04 neither of these checks work anymore ... so I am wondering what would we be looking for / monitoring with the new time sync service?
<xnox> ahasenack, cause little does it know...... if it already saw inconsistent stuff.
<ahasenack> xnox: apt-get clean, I don't remember if I rm-f'ed the files
<ahasenack> the list files, that is
<ahasenack> whatever remains in /var
<ahasenack> zetheroo: you could be looking for the process, or for the actual clock/time
<zetheroo> ahasenack: I've been trying to find out what the process is that keep the system time sync'ed
<ahasenack> zetheroo:  2627 ?        Ssl    0:00 /lib/systemd/systemd-timesyncd
<teward> zetheroo: just for kicks, install chrony, and add a 'listen' directive to the end of it, then restart the service and see if Zabbix gets a reply?  It might just be querying the local TCP port directly.
<teward> if Zabbix gets a data set then it's probably querying the local ntp service directly with NTP requests
<ahasenack> zetheroo: you can also use timedatectl to query its status
<ahasenack> try "timedatectl status"
<ahasenack> maybe you can change your monitoring to call that and parse its output
<teward> ^ this also
<zetheroo> teward: According to the Zabbix docs the net.udp.service key 'Checks if service is running and responding to UDP requests.'
<teward> zetheroo: which means it's querying NTP over udp/123 by default
<zetheroo> there is a separate key for TCP 'net.tcp.service'
<teward> zetheroo: same difference except tcp/123
<teward> but as i stated, there's nothing responding to NTP requests locally on that port
<zetheroo> before 18.04 all we had to do was install ntpstat and the checks were working
<ahasenack> afaik you can still use ntp
<ahasenack> it's just not the default
<teward> ^ this
<zetheroo> I already tried that
<teward> ahasenack: though, ntpstat relies on ntpq it seems under the hood
<zetheroo> installed ntpstat and still nothing
<teward> ahasenack: so if NTPd isn't running ntpq might not reply.
<teward> therefore ntpstat may fail
<ahasenack> well, I mean, switch back to everything ntp-based
<zetheroo> apparently you have to actually switch
<ahasenack> apt install ntp
<ahasenack> that will remove chrony
<teward> yep
<ahasenack> and disable timesyncd iirc
<rbasak> Wait, what are you trying to achieve?
<zetheroo> I would really rather use the default services
<rbasak> timesyncd is just a client. Looks like you were checking that a server was working before
<rbasak> Do you actually want/need a server?
<ahasenack> it seems easer for him to get back to ntp rather than switch the monitoring tool to timesyncd
<ahasenack> rbasak: I think in the ntp days, even on a client, there was always an open udp port used by it
<rbasak> Yes
<rbasak> But what is the actual check for?
<rbasak> To check that the service is up?
<ahasenack> compliance? :)
<rbasak> Regular systemd service monitoring will check that.
<rbasak> To check that the time is believed to be in sync?
<zetheroo> I mean, I thought maybe others were monitoring the time/date info on their servers which were using timedatectl/timesyncd
<rbasak> That wasn't being checked before.
<zetheroo> It would be a start to be able to monitor that the time/date sync service is running
<rbasak> zetheroo: it doesn't make sense, now that we're running a more pure client, to expect what you were doing before to work exactly. You're going to have to define what you actually want checked.
<rbasak> OK, so use systemctl status systemd-timesyncd.service for that
<smoser> ahasenack: https://bazaar.launchpad.net/~smoser/+junk/check-archive/files
<zetheroo> ok
<rbasak> Hopefully your monitoring system has a way to integrate better with systemd to check service statuses though.
<smoser> that is 'check-archive'. run like:
<smoser>   check-archive -v http://br.archive.ubuntu.com/ubuntu trusty-updates
<smoser> it will checksum all files comparing against the indexes
<smoser> and stores headers and such.
<smoser> of responses.
<smoser> it reports happy right now on trusty-updates
<zetheroo>  rbasak: I was just thinking that ...
<smoser> http://paste.ubuntu.com/p/YKhQMqzvBN/
<tomreyn> I'm tracking some high / medium 'importance' bugs, where progress feels slow. Some of them are in 'triaged' state (and have been for a while), others confirmed. and there are yet others which have been 'new' for months.
<tomreyn> i'm sure everybody is working on more important things and i most likely just don't understand how priorities are internally set (i'm entirely serious here), but with my admittedly very limited insight, it feels the priorities may be wrong, and stable server-live installers which are more suitable for an LTS release should be provided soon.
<tomreyn> </polite-rant>
<rbasak> tomreyn: could you provide your best example of a mistriaged bug please?
<tomreyn> this is hard to tell, i'll post a couple.
<tomreyn> bug 1783413 has been handled, but only in curtin, so nothing has changed from a user perspectiver from what i understand.
<ubottu> bug 1783413 in subiquity "failed creating LVM on top of md devices" [Undecided,New] https://launchpad.net/bugs/1783413
<tomreyn> bug 1784124 remains 'new' since end of july
<ubottu> bug 1784124 in subiquity "subiquity raid+lvm installation failed" [Undecided,New] https://launchpad.net/bugs/1784124
<rbasak> Thanks
<tomreyn> bug 1785354 - if i understand it correctly, means that any system installed with the released server-live installer doesn't get regular file system checks. i would have assigned higher piro then.
<ubottu> bug 1785354 in curtin "/etc/fstab: fs_passno is 0 for all file systems" [Medium,Triaged] https://launchpad.net/bugs/1785354
<tomreyn> bug 1783129 is high prio, but continues to affect anyone using the released (not daily snapshot) installer
<ubottu> bug 1783129 in subiquity "Only "main" component enabled after install" [High,Confirmed] https://launchpad.net/bugs/1783129
<tomreyn> i'll stop here. thanks for having a look, rbasak
<tomreyn> to anyone seeking commercial consultance, in the current state, i can only recommend to not use the server-live LTS installer, and this is seven months post release.
<ahasenack> kstenerud: can I upload https://code.launchpad.net/~kstenerud/ubuntu/+source/fetchmail/+git/fetchmail/+merge/358699 ?
<tomreyn> (which is not what i want to do.)
<openfire> I still use the "alternate" installer, frankly.
<ahasenack> kstenerud: around?
<ahasenack> cpaelzer: will you finish this review, or should I grab a slot? https://code.launchpad.net/~kstenerud/ubuntu/+source/openssh/+git/openssh/+merge/358491
<rharper> tomreyn: thanks for the feedback; and thanks for filing those bugs and testing
<ikla> I'm trying to install 18.04 server on a machine and it boots up and the screen starts flickering and the installation menu does not come up.
<ikla> any ideas?
<ikla> standard onboard graphics
<xnox> ikla, is it serial console or graphical?
<xnox> ikla, can you change to a different tty?
<xnox> ikla, you can try the alternative server cd too (linked in a separate link from the download pages)
<xnox> smoser, do spill the beans =)
<mdeslaur> cpaelzer: hi! Mind if I release postgresql 10.6 as a security update?
<tomreyn> rharper: i didn't file all of them, just some. thanks to you and all dev's for your continuous work. IMO 18.04 server is really a great improvement over 16.04, netplan is nice (except for some edges where it doesn't work so well, yet), and subiquity / curtin will surely be nice (and much nicer) once they cover the features d-i provides. keep up the good work! :)
<sleepee> Has anybody tried to create an Ubuntu VM with virt-install?
<sleepee> and used the --extra-args option?
<sarnold> five or six years ago
<rbasak> virt-install is mostly deprecated by cloud images.
<rbasak> Try multipass - https://github.com/CanonicalLtd/multipass - it's much easier
<rbasak> And way quicker because there's no need to run an installer.
<sleepee> i'm just trying to create a vm on a local kvm host.
#ubuntu-server 2018-11-14
<sleepee> oh..  and the kvm host runs CentOS7
<sleepee> thing is, virt-install works just fine when creating a CentOS vm.  But with Ubuntu vm's, the --extra-args option seems to get ignored.
<sleepee> and from what i can tell, i'm not the only one in this boat.
<sleepee> https://unix.stackexchange.com/questions/428858/warning-did-not-find-console-ttys0-in-extra-args
<sleepee> ^that guy seems to have a suspiciously similar problem as me.
<rbasak> virt-install is not the preferred way to run Ubuntu VMs. It's long and convoluted to run an installer designed for bare metal in a VM. We left that method behind years ago.
<sleepee> not sure if it's an Ubuntu issue, but it works fine with CentOS, so i figured I'd ask
<rbasak> You should just be able to download and run an Ubuntu cloud image. On any distro.
<rbasak> To bootstrap it with a ssh key so you can get in is a little tedious without tooling, but it's still honestly easier than messing with driving an installer.
<rbasak> By all means use virt-install, and even fix it - it's a Free Software world after all :)
<sleepee> makes sense.  does multipass suport other os'es like CentOS or is it just for Ubuntu?
<rbasak> But you won't get much help from Ubuntu people with that method because it's not 2008 any more :)
<sleepee> sorry if it's a dumb question. i've never heard of multipass before
<rbasak> I'm not sure. multipass is distributed as a snap so I think that means it'll work anywhere snaps do.
<sleepee> i'm just starting out in this world
<rbasak> Looks like you should be able to build it from source without too much difficulty though.
<sleepee> sorry.  i meant are there other images i can install other than ubuntu
<sleepee> you know what.  im just going to go ahead and google multipass.  it seems like i need to do a bit of research on that.
<sleepee> thanks!
<rbasak> sleepee: nothing to apologise for. Sorry if my tone was a bit harsh.
<sleepee> nah. You're good.
<sleepee> thanks for the suggestion.
<rbasak> Cloud images are still a new thing for many people. It's just that we've been doing it for a long time in Ubuntu - longer than everyone else even I think, and it makes life sooo much easier that doing things the old fashioned way seems extra backwards to us.
<rbasak> sleepee: same with containers.
<rbasak> sleepee: if I want to reproduce a bug report in Ubuntu, for example on 14.04, I type "lxc launch ubuntu:14.04" and can have a shell prompt about three seconds later, on something that looks exactly like a fully operational fresh Ubuntu 14.04 sytsem.
<sleepee> Yeah.  It actually makes sense that Canonical put out a tool to make it easier/quicker to deploy Ubuntu vm's.  I know Ubuntu's huge in the cloud.
<rbasak> Using virt-install seems as backwards to me as perhaps ordering bare metal hardware to get an instance seems to you :)
 * sarnold quickly hides his CPU "product brief" tabs from rbasak
<genii> heh
 * teward hides sarnold's internet browser from everyone including sarnold.  :P
<cpaelzer> mdeslaur: I would not mind, ahasenack was working (or planngin to work) on it but these weeks are rather busy
<cpaelzer> mdeslaur: if you have pg-10.6 ready and it tests fine feel free to release it
<cpaelzer> ahasenack: ^^
<cpaelzer> ahasenack: for the ssh review - as discussed in standup I'll take a look at that
<patz0r> hey all, does anyone have an updated guide for creating a raid1 mdadm array during OS installation?
<patz0r> i'm trying to follow this but doesn't seem current
<patz0r> https://help.ubuntu.com/lts/serverguide/advanced-installation.html.en
<patz0r> i'm trying to create a raid1 mirror to install my OS on but i must be doing something wrong as it's not working
<patz0r> i'm using the 18.04.1 live installer
<patz0r> i'm going to try the alternate debian installer...
<Slashman> I dunno if it's been reported but there is an issue with "http://fr.archive.ubuntu.com/ubuntu", I have several hash mismatch, switching to "http://de.archive.ubuntu.com/ubuntu" solves the issue
<lotuspsychje> Slashman: report this in #ubuntu-mirrors please
<Slashman> lotuspsychje: sure, I didn't know where to report this exactly, thanks
<ahasenack> good morning
<tomreyn> good morning
<tomreyn> is it normal that proposed is enabled by default on daily server-live images?
<ahasenack> I would think not, and would also ask about it
<tomreyn> i don't think i did it manually, but i'll re-check just to be sure.
<lotuspsychje> tomreyn: the #ubuntu-release guys might know that1
<tomreyn> lotuspsychje: thanks. i think the server team (here) would know, but let me double-check first.
<ahasenack> it's a funny situation, because even though it's called the server installer, we don't code it
<tomreyn> so yes, proposed is enabled by default on the bionic server-live amd64 daily images. on both the Nov 12 (af59b87edf6ef02d230d94b87312c0255dead3bda399588cba44d83a0bda1180) and Nov 14 (403059a8fd19da81b1561970f859cf92aa74950ed91a809ae27d89cb4df3379e) one.
<tomreyn> do i report a bug against subiquity, curtin, the one in ubuntu or 'upstream'? something else?
<ahasenack> subiquity please
<ahasenack> they can sort it out if it's curtin/cloud-init or subiquity
<TJ-> tomreyn: sounds like that might be an artifact of the disco images
<ahasenack> like that other one where only main was enabled
<ahasenack> TJ-: is it the same for cloud images?
 * ahasenack checks lxd
<ahasenack> lxd image is fine, no proposed
<ahasenack> tomreyn: do you have a url to the iso at hand?
<ahasenack> ah, found it
<ahasenack> n/m
<tomreyn> ahasenack: http://cdimage.ubuntu.com/ubuntu-server/bionic/daily-live/current/bionic-live-server-amd64.iso - i downloaded from 2001:67c:1360:8001::1d
<tomreyn> bug 1803338
<ubottu> bug 1803338 in subiquity (Ubuntu) ""proposed" is enabled by default on bionic server-live amd64 daily images" [Undecided,New] https://launchpad.net/bugs/1803338
<ahasenack> tomreyn: I just installed in a vm from that iso (same hash), I don't see proposed in /etc/apt/sources.list
<ahasenack> ah, it's in a sources.list.d
<ahasenack> wtf
<tomreyn> correct, it's in a sources.list.d/
<mdeslaur> cpaelzer: thanks!
<lotuspsychje> ahasenack: can you also add yourself affected to the bug?
<ahasenack> lotuspsychje: the one from tomreyn?
<lotuspsychje> yeah
<lotuspsychje> the more, the better for attention/solving
<lotuspsychje> ahasenack: tnx mate
<samba35> i am using updated kernel of 18.04.1 do i require intel acs patch ? as i can't see patch for this version ?
<samba35> is any one using pci-passthrough ?
<ahasenack> what is that about? intel acs?
<samba35> yes
<tomreyn> https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF#Bypassing_the_IOMMU_groups_(ACS_override_patch)
<samba35> yes i check this page but i could not find patch here
<tomreyn> i just posted this url to explain what you're inquiring about
<samba35> ok
<tomreyn> the patch seems to be https://lkml.org/lkml/2013/5/30/513
<tomreyn> (it won't apply to current kernel versions without further modifications)
<tomreyn> updated patch https://aur.archlinux.org/cgit/aur.git/tree/add-acs-overrides.patch?h=linux-vfio
<samba35> let me check links
<samba35> is patching kernel os version specific and distro specific ?
<tomreyn> potentially both, most likely distro specific at least
<samba35> ok
<jamespage> coreycb: doing oslo bumps, poking at glance and keystone snapshots with a switch to py3 as the default
<coreycb> jamespage: alrighty! good bye py2!
<coreycb> jamespage: are we keeping the py2 packages around as an alternative?
<jamespage> dunno
<jamespage> coreycb: what do you think? maybe we should just drop them
<jamespage> thus avoiding any confusion
<coreycb> jamespage: i wouldn't mind maintaining just one version
<coreycb> jamespage: let's drop them
<jamespage> coreycb: agreed, it will cut down build times
<jamespage> and reduce complexity
<coreycb> jamespage: yes
<jamespage> coreycb: that said we may want to either update openstack-pkg-tools to be py3 only friendly or switch everything over to pybuild
<coreycb> jamespage: it should be py3-only friendly, no?
<coreycb> jamespage: but it doesn't default to py3-only. i think it probably could now if we were to make the switch.
<jamespage> coreycb: the pkgos-dh_* commands do have some --no-py2 type options
<jamespage> we may just need to review those
<coreycb> jamespage: ok
<coreycb> jamespage: i think we can drop the shebang dep8 tests if we drop the py2 packages
<coreycb> jamespage: or may be useful to keep around to test upgrades to py4 :)
<jamespage> coreycb: I'd be tempted to - we can drop all of the alterantives stuff as well
<coreycb> jamespage: ok great
<jamespage> coreycb: we need a tweak to pkg-tools to not do the python{vers}- prefixing for binaries if only py2 or py3 is being built - testing that now
<cpaelzer> ahasenack: chrony now completed its test
<cpaelzer> I'll tag and upload
<ahasenack> cpaelzer: +1
<ahasenack> rbasak: I gather you are not reviewing karl's branch about at?
<coreycb> jamespage: ok thanks
<rbasak> ahasenack: not right now.
<jamespage> coreycb: ok tweaked openstack-pkg-tools uploaded
<coreycb> jamespage: great, looks good. i'm wondering if we need to do anything for upgrades.
<coreycb> jamespage: i think we're good because postinst scripts should be removing alternatives
<coreycb> jamespage: postrm that is
<jamespage> coreycb: yeah
<jamespage> coreycb: lol - http://paste.ubuntu.com/p/C2MckBXMHK/
<jamespage> nice little quick fix
<jamespage> coreycb: OK going for an upload run on the oslo's
<jamespage> they install and test ok
<coreycb> jamespage: ok! :-)
<lucidguy> Ok, I have a static ubuntu mirror, been loading servers for days with no issues.  All of a sudden an identical server is failing to install mailutils, dependency issues.  How is that possible?
<coreycb> jamespage: shall i start on clients or is their stein uca opening i should focus on?
<jamespage> coreycb: please do - UCA is a bit blocked until we get quota increased sorted out
<coreycb> jamespage: ok clients it is then
<jamespage> coreycb: openstack-pkg-tools (>= 85ubuntu3~) gives you the right behaviour with regards to no alternatives if you pass --no-py2 to pkgos-dh_auto_install and pkgos-dh_auto_test
<coreycb> jamespage: ok great, thanks
<TheHonorable> Good afternoon everyone, I need some help with scripting. I'm not a coder, but I'm alright with linux commands. I have a task I'm constantly doing which is running this command: iptables -I INPUT -s -IPADDRESS- -j DROP
<TheHonorable> I would like to setup something where I just punch in something like: permaban -IPADDRESS- and done, can you help me do this?
<TJ-> TheHonorable: "  echo -e "#!/bin/sh\n[ -n \"$1\" ] && /sbin/iptables -I INPUT -s $1 -j DROP\n" | sudo dd of=/usr/local/bin/permaban ; sudo chmod +x /usr/local/bin/permaban  "
<TheHonorable> response: bash: !/bin/sh\n[: event not found
<TJ-> TheHonorable: ahhh, sorry, I was trying to make it easy. Let me pastebin it for you instead!
<TheHonorable> thanks TJ- :)
<TJ-> TheHonorable: try this https://paste.ubuntu.com/p/ZjZZySSjZh/
<TheHonorable> sweet, it works man :D
<TheHonorable> I added in a new line " iptables-save " so that I know for certain they're perm banned. but when I do this, it gives me a huge feedback of the entire iptables file. any way how to snuff that and make it quiet?
<TJ-> TheHonorable: that's what iptables-save does; it writes to standard output. If you want to save to a file you redirect the I/O to the file. The filename should be one that, at boot-time, iptables-restore is going to read.
<TJ-> TheHonorable: are you already using a package that saves/loads the rules using iptables-{save,restore} ?
<TJ-> TheHonorable: e.g. iptables-persistent ?
<TheHonorable> i just run iptables-save so that when I reboot I don't lose all my bans
<TJ-> TheHonorable: right, but to load those bans, at boot-time you also have to have iptables-restore /path/to/file run.
<lordcirth> TheHonorable, have you considered using a tool made for automatic bans, like fail2ban?
<TheHonorable> O.o didn't know that
<lordcirth> You can totally do it with iptables, but there are tools for this too
<TheHonorable> I do use fail2ban, but the command to utilize it is just as long and frustrating as the one I use straight wth iptables
<compdoc> I use fail2ban to ban people from trying to guess email passwords. I love that program
<TheHonorable> I'm literally just watching a wireshark feed of icmp requests and banning anyone who shows up as red at abuseipdb.com :D
<TJ-> TheHonorable: if you install "iptables-persistent" it installs a system service via "netfilters-persistent" that loads/saves rules automatically at boot/shutdown, and you can also do "netfilter-persistent save" to save rules at any time
<TheHonorable> that I'm going to do right now
<TheHonorable> so I don't have to do iptables-save anymore, just run netfilter-persistent save and I'm good?
<TJ-> TheHonorable: not even that if the PC always shutdowns cleanly because it runs that at shutdown
<TJ-> TheHonorable: but if you want to be sure, then it won't hurt to run the command
<TJ-> TheHonorable: once installed see "man netfilter-persistent" for more info
<TheHonorable> got it!! :D
<TheHonorableKitt> still here, just under my correct username ;)
<cpaelzer> ahasenack: and chrony migrated
<ahasenack> yay
<openfire> TheHonorableKitt: Why don't you just use ufw?
<openfire> TheHonorableKitt: That's my first question. My second question is "why are you doing that stuff at all?"
<TheHonorableKitt> why am I banning hackers?? :thinking:
<openfire> Every ICMP request that comes your way isn't a hacker, but nice try at sarcasm. Sadly, your attempt is woefully misdirected.
<openfire> You're acting like random internet scans are a threat to you, and expending energy to stop what quite literally will never stop.
<TheHonorableKitt> well, mr openfire, I always cross check icmp requests with https://www.abuseipdb.com, and if they show up red, they get banned, because they're obviously hackers. Let me do me, thanks :) :*
<openfire> Um, no, they're not. You could be banning random grandmothers who don't realize their routers have been exploited. You have no idea, because you think you know what you're doing, and won't listen to anyone who knows better. So, sure, you can do you, but you're doing 1. stupid things for 2. the wrong reasons. :*
<TheHonorableKitt> <--- systems admin with 15+ years as a security expert. Please don't tell me how to run my damn server. Thank you, bye
<sdeziel> exploited routed owned by a grandmother or not is a bad thing IMHO
<sdeziel> hackers really have no sense of ethic
<openfire> That's not the point.
<openfire> The point is to actually determine if something is a threat. A threat is an entity that has both the capability and intent to cause damage in some way. Random ping scans show neither capability nor intent, and thus are not evidence of a threat.
<TheHonorableKitt> if a known hacker is pinging my server, there's only one reason why: they're trying to find potential vulnerabilities to exploit. Period. Thereofre, banned. Period. If you don't like it, fine, enjoy your hacked server my friend
<openfire> Therefore, they don't warrant some newb script-kiddie excuse for a sysadmin to add iptables DROP rules every time one pops up, and then get snappy with people that try to educate him.
<TheHonorableKitt> no one wants unasked for advice ;)
<openfire> TheHonorableKitt: Pings aren't vulnerability scans, child. If you were being vuln scanned, or actually reconned by someone who knows what they're doing, you'd be hopelessly clueless.
<TheHonorableKitt> *sigh* you're a hopeless moron. please don't speak to me again.
<smoser> rbasak: https://jenkins.ubuntu.com/server/job/git-ubuntu-ci/80/console
<smoser> looks new
<cyberspectre> Hi. Could someone explain to me why the images at this page: http://nutrigold.info/flipbooks/turnjs4/samples/basic/ return a 403 forbidden when attempted to be fetched by jquery?
<cyberspectre> It is ubuntu server 16.04 lts
<sarnold> the system administrator either configured their webserver, a proxy in front of the server, filesystem permissions, or apparmor permissions on the server, in such a way to return that error code when those assets are requested
<lordcirth> cyberspectre, that link loads a blank white rectangle for me
<cyberspectre> lordcirth, check developer console
<lordcirth> cyberspectre, are you hosting this website and trying to fix it?
<lordcirth> <script src="../../lib/turn.js"></script> - ../.. seems likely to cause permission problems, depending on your directory layout
<lordcirth> No, I can request http://nutrigold.info/flipbooks/turnjs4/lib/turn.js
<lordcirth> Perhaps you should ask on a channel more dedicated to webservers
<cyberspectre> lordcirth, so it's not likely a conf file I need to edit that doesn't allow this out of the box?
<lordcirth> cyberspectre, webservers are complex, and while I have worked with them, I am not an expert.  Consider asking on #httpd or the equivalent for your webserver.
<cyberspectre> Understood, thank you lordcirth
<teward> what's the actual question?
 * teward knows a bit about webservers
<teward> usually 403s give you log data that can help to glean the problem, on the web server side
<teward> (I would not be using `../../` in your requests by the way, I'd use a root-relative full path such as `/flipbooks/turnjs4/lib/turn.js`)
<sdeziel> cyberspectre: looks like the web host doesn't want any Referer header
<teward> also ^ that could be the problem
<sdeziel> cyberspectre: I could fetch 11.jpg after dropping that header using the dev tools in Firefox
<sdeziel> yep, they all load fine when stripping the referer
<cyberspectre> sdeziel, I actually don't know what a referrer header is
<cyberspectre> is that in the html?
<teward> no...
<teward> it's a request header
<teward> you should probably read up on how web headers work
<sdeziel> cyberspectre: no, it's a request header set by browsers
<teward> ^ this
<cyberspectre> sdeziel, brief explanation of how you disabled it in devtools? That will put me on the right trac
<cyberspectre> k
<sarnold> what web server are you using? what configuration have you done to it? are you using something like mod_security? etc
<sdeziel> cyberspectre: this was just to confirm the weird behavior but I opened the devtools, clicked on a .jpg 403 and selected edit and resend
<sarnold> sdeziel: jpw
<sarnold> sdeziel: how did you think to remove a referer header? :)
<sdeziel> cyberspectre: then you get to edit the set of headers your browser would like to send so you need to drop the Referer: line
<sdeziel> sarnold: I tried fetching just an image without the JS code
<sdeziel> and got lucky
<sarnold> sdeziel: I'll say, removing a standard header wouldn't have been anywhere near my top list of things to try :) hehe
<sdeziel> some web host filter on the referer to avoid image download "abuse" by other sites
<sdeziel> this one apparently forgot to treat itself differently than other sites ;)
<sarnold> :D
<cyberspectre> Okay this is beyond me for the moment
<cyberspectre> But thank you
<sdeziel> cyberspectre: if you share your web host config, I'm sure someone will be able to assist
<coreycb> jamespage: all the clients except python-neutronclient (still working on) are at upper-constraints now for disco
#ubuntu-server 2018-11-15
<patz0r> hey guys, i've been trying to work around an issue i've been having installing some new servers lately, think i have found the issue but i'm not sure if it's a big in the live installer
<patz0r> i'm trying to do something really really simple, create an mdadm raid1 to install my OS on, but I can't get it to work at all with the live installer
<patz0r> seems to work ok with the old style alternative iso
<patz0r> but then i can't create bonds during the setup with that iso
<patz0r> i wouldn't think it would be this hard tbh...
<sarnold> are you using 18.04 or 18.04.1?
<patz0r> 18.04.1
<patz0r> i think the main issue is that it's booting in uefi
<mwhudson> you can't have /boot on your raiid
<mwhudson> which is something we need to fix
<patz0r> why does it work with the non live installer?
<patz0r> i would think it's a very common thing to do on bare metal machines
<sarnold> mwhudson: is that limitation still around? I thought that'd been fixed by the .1 release? :(
<patz0r> sorry if this is a common issue but i'm new to 18.04/18.04.1 and finding it doesn't work quite how i'd expect from past experience
<mwhudson> sarnold: i don't think 18.04(.0) supported raid at all did it?
<sarnold> mwhudson: yeah I thought .0 was pretty limited and .1 a lot better, but not yet perfect... I guess it's got a lot further to go than I realized
<patz0r> do you guys have any suggestions for the easiest way to work around this? i've got 5 bare metal machines to install and I only have HBAs so I can't do any hardware raid
<sarnold> patz0r: maybe try FAI?
<sarnold> patz0r: the server is fai-server
<patz0r> i have successfully installed my root partition to an md0 raid1 array using the alternative installer, and it did allow me to create 512mb efi partitions at the start of both disks
<patz0r> do you think that would have installed the /boot partition to both disks successfully?
<sarnold> patz0r: how terrible is it to try scripting the networking config after the fact?
<patz0r> not hard will only take me a few mins to do the networking, it's a simple setup
<mwhudson> the thing about /boot on raid is that it works (grub can read from raid just fine) but grub can't write to it so recordfail doesn't work
<patz0r> i don't use any of the cloud init features from the live installer, i turn all of that off
<mwhudson> so if you install a bad kernel, you need to interrupt the bootloader to unwedge yourself which isn't all that easy for servers in general
<sarnold> mwhudson: wait what?
<mwhudson> but that said d-i lets you shoot yourself in the foot this way
<sarnold> mwhudson: I thoguht we just failed to properly configure grub to boot from a degraded array
<mwhudson> (d-i will also let you try to put /boot/efi on raid5 which definitely doesn't work but well)
<mwhudson> sarnold: this was my understanding anyway, i am not an expert
<sarnold> me neither, my world starts with getty or sshd :D
<mwhudson> the issue of booting from a degraded array is sort of orthogonal to what i am talking about
<patz0r> i don't think there is anything in 18.04 that i actually need, do you guys think it's safer for me to use 16.04 at this stage?
<patz0r> this will just be a storage box
<mwhudson> patz0r: the 16.04 installer will work no better than the 18.04 alternate installer
<patz0r> same bug in both?
<mwhudson> what do you mean?
<mwhudson> you said the 18.04 alternate installer didn't work because you couldn't configure a bond
<mwhudson> if that's the case i don't expect the 16.04 d-i based installer would either
<patz0r> that was just a minor inconvenience, i can configure the bond after the fact, i thought you guys were saying that the alternative installer would let me do this but i might still have issues if a disk failed
<patz0r> i'd go pull a disk out and test it if i wasn't 4000km from my servers right now
<patz0r> hence my caution in how i set this up now
<sarnold> it'd be worth testing with a VM locally :)
<sarnold> I've been meaning to do that for .. uh .. a very long time.
<patz0r> that's probably a better idea sarnold
<patz0r> are you guys ubuntu dev's ?
<mwhudson> yes
<patz0r> cool, thank you for your help with this, been getting frustrated with it as i thought it should be easy
<mwhudson> this whole area seems to be spectacularly badly documented in genera;
<mwhudson> (bonds too!)
<sarnold> yeah... I apparently don't *know* what ought to be epxected to work and in which releases ..
<patz0r> i like the bonds networking feature in the live installer, but overall i still prefer the old installer/old style
<patz0r> i'm not the kind who's getting my hands dirty in linux daily though, i got too many other machines to worry about
<patz0r> i'm going to test the alternative installer raid1 on a vm now, will report back on that shortly if it would be beneficial
<patz0r> so i've tested it, doesn't work if the first disk in the raid suddenly disappears
<patz0r> that's a little concerning :(
<patz0r> anyone have any ideas on how to maybe leave /boot off my raid1 but periodically update it via crontab or something so it may not be too painful to fix if i have major issues down the track?
<plm> Hi all =D
<TheHonorableKit-> good morning
<smoser> rbasak: do you have ideas on https://jenkins.ubuntu.com/server/job/git-ubuntu-ci/80/console ?
<rbasak> smoser: looks like a regression in the nightlies too: https://jenkins.ubuntu.com/server/view/git-ubuntu/job/git-ubuntu-ci-nightly/
<rbasak> smoser: probably some change to a module in PyPI
<smoser> i didnt know we used pypi
<smoser> we should not
<smoser> where does pypi get used ?
<rbasak> To create the snap
<smoser> well, yes. but i thought we were installing ubuntu packages for python deps.
<rbasak> We aren't.
<rbasak> The problem is that we're stuck on Xenial, because snaps are stuck on Xenial.
<rbasak> And we needed newer stuff.
<smoser> well, then need to pin versions of stuff.
<rbasak> So initially we used a snap based on a newer Ubuntu, but that broke horribly and we were told that it snaps based on !Xenial aren't supported.
<rbasak> I believe Bionic based snaps are in testing right now, but I don't know to what extent that's useable right now.
<smoser> i'm looking at the snapcraft.yaml, its not obvious to me how pypi gets used.
<rbasak> To fulfil requirements of anything that says plugin: python
<rbasak> https://git.launchpad.net/usd-importer/tree/setup.py
<rbasak> But also for launchpadlib
<rbasak> Pinning versions also caused problems for us in the past
<smoser> how?
<rbasak> Because stuff we directly specify doesn't pin themselves
<TheHonorableKit-> any idea when Ubuntu Server will be updated to 18.10LTS?
<rbasak> eg. we say argcomplete==1.8.1 but argcomplete 1.8.1 might not pin its dependencies
<rbasak> And then they move and stuff explodes
<smoser> yeah. there are solutions to that.
<smoser> i thought
<smoser> but yeah.
<smoser> man. what a pain. :-(
<sdeziel> TheHonorableKit-: 18.10 is not an LTS version
<sdeziel> TheHonorableKit-: but 18.10 was released for the server edition already https://www.ubuntu.com/download/server
<TheHonorableKit-> yes, I saw it was released. I'm on LTS though. guess I'll have to wait??
<smoser> TheHonorableKit-: you can upgrade if you want
<smoser> but that comes with maintenance
<smoser> 18.04 is supported for 5 years.
<smoser> 18.10 is supported for 9 months.
<TheHonorableKit-> I did try, of course, but I'm somewhat new to linux administration. I had to revert to a backup because the upgrade failed miserably
<smoser> so essentially, if you go to 18.10, in 6 months (or < 9m) you need to go to 19.04
<TheHonorableKit-> if there's ever an LTS version of 18.10, I'll upgrade then
<smoser> there will not be
<smoser> the next lts will be 20.04
<TheHonorableKit-> O.o well ****
<smoser> if you just want to use some things from 18.10 or play with it to test things, i'd suggest looking at lxd
<smoser> or multipass
<smoser> lxd will provide you with containers to run whatever distro you want inside.
<TheHonorableKit-> meh, I'm good with 18.04 for now
<smoser> multipass will provide you with ubuntu in a kvm guest
<smoser> lxd is really a wonderful tool, i really do suggest you try it out.
<TheHonorableKit-> although I always did want to have a kali-linux distro run within an ubuntu distro, that would be fun
<nacc> cpaelzer: rbasak: did you want to schedule some time to go over php?
<rbasak> nacc: that'd be good, thanks. As a handover type thing? I'm not familiar with it at the moment so would need you to drive that meeting I think.
<wr> need to setup dhcp, dns, ntp on ubuntu server 16.04lts, what docs link should follow?
<cpaelzer> nacc: I was working with kstenerud for basic merge training and long term we hope he takes that over
<cpaelzer> I asked him to get in contact with you next week
<cpaelzer> having one experienced one like rbasak on it as well surely will be good this cycle
<nacc> rbasak: cpaelzer: kstenerud: sounds good. Mostly about the process needed since it's such a maze of interdependencies
<rbasak> nacc, kstenerud: so some time next week then? nacc: when works well for you?
<kstenerud> I'm on European time, so hopefully not too late for me
<sdeziel> wr: each of those services come with various implementations, have you picked the one you want already?
<wr> sdeziel, need all
<wr> sdeziel, isc dhcp
<sdeziel> wr: right but each one of those have different implementations, hence the need to pick the ones you'd like to use
<sdeziel> wr: https://help.ubuntu.com/community/isc-dhcp-server
<sdeziel> wr: for the DNS, there is bind9 doc here: https://help.ubuntu.com/lts/serverguide/dns.html.en-CA
<wr> sdeziel, yes bind9 thats the one gonna use
<sdeziel> wr: for the isc DHCP server, this one might be more current https://help.ubuntu.com/lts/serverguide/dhcp.html.en-CA
<sdeziel> wr: and finally for NTP: https://help.ubuntu.com/lts/serverguide/NTP.html.en-CA
<sdeziel> wr: I basically just skimmed https://help.ubuntu.com/lts/serverguide/index.html.en-CA for you ;)
<wr> sdeziel, awesome now i won't screw this up
<sdeziel> wr: well, I did screw up pointing you to doc for 18.04. Please look at https://help.ubuntu.com/16.04/serverguide/index.html instead ;)
<ghone> Hi all, our nginx on ubuntu (16.04) servers is being killed (restarted ?) randomly for a last couple of days. Any clue if any change has been applied recently to ubuntu ?
<lordcirth> ghone, any errors in nginx log?  syslog? dmesg?
<ghone> Nov 14 06:21:23 server systemd[1]: Reloading. Nov 14 06:21:23 server systemd[1]: Started ACPI event daemon. Nov 14 06:21:23 server systemd[1]: Starting A high performance web server and a reverse proxy server...
<ghone> why systemd restarts nginx ? because is is being reloaded ? if so why it is being reloaded ?
<rawco> so if my /boot is full and i canât autoremove kernels, i have to manually delete them, right?
<rawco> ok, ended up using dpkg to remove the old linux images
<lotuspsychje> rawco: wich ubuntu release is this
<rawco> 18
<rawco> it looks like its downloading them again
<rawco> i did apt-get autoremove -f
<rawco> should i expand /boot ?
<lotuspsychje> rawco: 18.04 should have unattended upgradesnow and auto cleanup kernels
<sdeziel> ghone: could you pastebin the journalctl output of nginx?
<joop_> hi people. I have a problem with ubuntu server 18.04.1 LTS on Dell Wyse thin clients (Z90DW).
<joop_> Whenever I issue `shutdown`, the OS shuts down but the system does not perform a poweroff.
<joop_> Radeon module is disabled in the kernel, nomodeset flag and acpi=on/off/etc flags have been tried.
<ghone> sdeziel: https://pastebin.com/FjsheCaz
<sdeziel> ghone: nginx[73195]: nginx: [emerg] open() "/etc/nginx/ssl/privkeypassword.txt" failed (2: No such file or directory) in /etc/nginx/sites-enabled/ji
<joop_> /etc/nginx/ssl/privkeypassword.txt
<joop_> yeah.
<ghone> Yes I know
<ghone> but why it is being restarted by systemd ?
<ghone> it happens at least once a day ...
<sdeziel> ghone: maybe it's the logrotate job that signals it?
<sdeziel> ghone: it usually runs around 6:20 in the morning
<sdeziel> joop_: have you tried "halt -p" ?
<joop_> sdeziel: Yes, that's been tried.
<ghone> sdeziel: logrotate sends USR1 which triggers nginx to start new log files but not restart
<joop_> I have tried every combination / permutation of the shutdown and halt commands and their parameters.
<joop_> I have tried some kernel flags in /etc/default/grub
<sdeziel> joop_: sorry, that's not an area I know well
<leftyfb> joop_: have you tried this using a live cd/usb?
<joop_> leftyfb: yep, I have.
<joop_> Lubuntu live - didn't work either.
<leftyfb> what type of hardware is this? Maybe it doesn't support acpi commands?
<joop_> Ubuntu server after installation - 'Remove intallation media and press enter' -> done that, doesn't power off either
<joop_> leftyfb: AMD G-T56N processor with Radeon HD6310 graphics on a Dell Wyse Z90DW thin client./
<leftyfb> joop_: tried a different linux distribution to see if it's actually an ubuntu problem as opposed to a linux kernel problem?
<joop_> leftyfb: https://paste.ubuntu.com/p/YXQXDBZr4W/
<leftyfb> or hardware
<sdeziel> ghone: "/sbin/start-stop-daemon: warning: failed to kill 20255: No such process" is suspicious, as if the PIDfile contained the wrong pid
<sdeziel> ghone: I'd recommend fixing the config error, stopping nginx, starting it and confirming the right pid ends up in the pidfile
<joop_> Well the weird thing is, a colleage of mine tried to install FreeBSD and had nothing but issues with the GPU but he reported that OpenBSD works fine - including system poweroff.
<leftyfb> OpenBSD != linux
<ghone> sdeziel: it happens on a few servers ... no just one ...
<ghone> sdeziel: it happens on a few servers ... not just one ...
<joop_> No, it's BSD, i know, but still, it is known to work.
<joop_> wondering...
<ghone> sdeziel: we restart it manually and it is running for about a day and then being shut down ...
<sdeziel> ghone: have you checked cron jobs and systemd timers looking for stuff touching nginx? automated configuration system?
<joop_> I love the Wyse thin client but this is bugging me.
<joop_> Now trying with acpi=strict.
<joop_> Didn't change.
<nacc> rbasak: yes, next week would be fine with me, i can try and work around kstenerud's schedule, i'm a bit further east now
<sdeziel> I'd appreciate if someone with systemd experience could comment on the proposed fix in LP: #1803601, please
<ubottu> Launchpad bug 1803601 in base-files (Ubuntu) "motd-news.service scheduled even when /etc/update-motd.d/50-motd-news is not executable" [Undecided,New] https://launchpad.net/bugs/1803601
#ubuntu-server 2018-11-16
<ahasenack> cpaelzer: rbasak kstenerud: hi, can one of you review https://code.launchpad.net/~ahasenack/ubuntu/+source/krb5/+git/krb5/+merge/358792 please?
<lordievader> Good afternoon
<joop_> lordievader: hello
<lordievader> Hey joop_ , how are you doing?
<coreycb> jamespage: i retriggered all the cinder dep8 failures and they're successful with the new version. probably should get the rest of the dep8 failures fixed before uploading many more packages.
<jamespage> coreycb: I'm clearing neutron and friends atm
<coreycb> jamespage: sounds good. should I add seconds to my git versioning? :)
<jamespage> coreycb: maybe - that was just for some randomness just in case I did two same day snapshots
<coreycb> jamespage: er maybe that's the day of the yr?
<coreycb> jamespage: ok randomness
<coreycb> hour of the day prob makes sense
<joop_> lordievader: not so good, got a concussion
<joop_> You?
<lordievader> That sucks. I'm doing fine.
<coreycb> jamespage: taking a look at the oslo.policy dep8 failure
<jamespage> coreycb: ack
<TheHonorableKit-> Good morning peeps
<rbasak> kstenerud, cpaelzer: https://code.launchpad.net/~kstenerud/ubuntu/+source/nspr/+git/nspr/+merge/358904 has an odd source branch name. Was that intentional?
<kstenerud> I'm not sure what that means...
<ahasenack> it's also marked as work-in-progress
<ahasenack> so it won't show up in https://code.launchpad.net/~canonical-server/+activereviews
<cpaelzer> rbasak: ahasenack: it was an accident but is fixed now
 * cpaelzer takes a reminder, if I want fast review leave it in WIP :-P
<rbasak> Oh, I didn't notice the status. I just get the emails :)
<samba35> i am try to compile a kernel ,i have source and header pack installed when i run make command i am getting this erro
<samba35> root@intelc:/usr/src/linux-headers-4.15.0-39# make
<samba35> make[1]: *** No rule to make target 'arch/x86/entry/syscalls/syscall_32.tbl', needed by 'arch/x86/include/generated/asm/syscalls_32.h'.  Stop.
<samba35> arch/x86/Makefile:256: recipe for target 'archheaders' failed
<samba35> make: *** [archheaders] Error 2
<TheHonorableKit-> that moment some douche attempts to hack your ssh: https://paste.ubuntu.com/p/q3wTfBfbHf/
<TheHonorableKit-> annnnd ban.
<samba35> sorry i thought limit of 5 lines
<samba35> i am trying to add intel acs patch to kernel
<Ussat> I am srsly debating dropping RHEL from my env and going all Ubuntu servers after this stupid shit
<Ussat> I have a mix now
<rbasak> samba35: try using "apt-file"
<rbasak> It'll find you which package ships particular files
<coreycb> jamespage: oslo.policy is fixed up. just re-running tests and will upload. looking at oslo.service.
<rbasak> smoser: https://bugs.launchpad.net/lazr.restfulclient/+bug/1803558
<ubottu> Launchpad bug 1803558 in lazr.restfulclient "launchpadlib not compatible with latest version of httplib2" [High,Fix released]
<rbasak> Looks like there's a new release.
<rbasak> Looks like we're pinning it though :-/
<smoser> rbasak: what were we pinning ?
<rbasak> smoser: lazr.restfulclient==0.14.0 in git-ubuntu setup.py, and 0.14.1 has been released (today?) with a fix following the httplib2 change.
<rbasak> I'm just checking to see if the build is now broken differently due to the pin or not.
<rbasak> I'm hoping that I can remove the pin if necessary.
<smoser> DOTIBMB: dude on the internet broke my build
<rbasak> smoser: the build now uses 0.14.1 despite the pin.
<rbasak> So I think it has resolved itself with no changes needed.
<rbasak> No idea why the pin doesn't break things.
<rbasak> Possibly because elsewhere in snapcraft.yaml we avoid installing it in favour of what th elaunchpadlib part wants
<smoser> rbasak: so rebase should make my MPs pass again ?
<smoser> oh. or even i dont need a rebase.
<rbasak> Right
<smoser> that his weird. just seems wrong.
<rbasak> I'm just retrying the nightly now
<smoser> cause it means one day something works, and tomorrow it doesnt.
<smoser> meaning you can never really git-bisect
<rbasak> I don't think it's wrong. httplib2 broke things, lazr.restfulclient released a point release to work around.
<rbasak> What we need is a global pin list that is generated by the unpinned build for reproduction purposes that can also be consumed by the build.
<rbasak> But that doesn't exist :(
<smoser> right.
<jamespage> coreycb: OK I've cleared through neutron + neutron-* and networking-* into proposed - its all a bit of a tangle of removal of py2 packages, but I think things should migrate now everything is there
<coreycb> jamespage: \o/ i'll take a look and pick up on others this afternoon
<jamespage> coreycb: I had to disable 3 tests un n-d-r - https://bugs.launchpad.net/neutron/+bug/1803745
<ubottu> Launchpad bug 1803745 in neutron-dynamic-routing (Ubuntu) "neutron-dynamic-routing: unit test failures with master branch of neutron" [Medium,Triaged]
<jamespage> its an upstream issue due to the fact that its using neutron from rocky still for testing :-)
<jamespage> hurrah!
<coreycb> jamespage: ah, ok
<coreycb> jamespage: oslo.service and oslo.policy are uploaded and their dep8 tests should pass now. for oslo.service i just skipped the offending test for py3 and opened a bug upstream as it takes about 500x longer to run on py3 (even py35).
<jamespage> coreycb: ack
<bipul> Hi.
<bipul> I'm unable to install as unattended mode ubuntu server in Virtualbox. Does anyone know how to do that?
#ubuntu-server 2018-11-17
<bipul> Hi
<bipul> The configuration written for /isolinux/isolinux.cfg  at https://help.ubuntu.com/community/InstallCDCustomization is tested and working for Ubuntu  server 18.04 ?
#ubuntu-server 2018-11-18
<Checkmate> hey i've problem with sed
<Checkmate> can run any command
<Checkmate> can't
<compdoc> what happens?
<genewitch> installed a usb wlan nic but nothing comes up in ifconfig, dmesg: http://projectftm.com/#v80Qq-PQ3z7cbxooxpGcvA
<genewitch> what am i missing?
<genewitch> ip link: http://projectftm.com/#EQ2snLcjOOQopP2HrQzZ5A   and lsmod shows the 8814au loaded but not in use
<genewitch> iwlist scan: http://projectftm.com/#ApT0lE_F-dFiIUhyk0i5LA  i'm not sure if there's something else i configured incorrectly prior to trying to set up wlan
<genewitch> anyone?
<genewitch> hm
<genewitch> i fixed it with a github repo, that made a dkms instead of a modprobe module, comes up on boot
<bipul> Hi.
<bipul> I'm facing an issue while installing Ubuntu server 18.04 with preseed method. I would be thankful if somebody points out where i'm doing mistake here https://paste.ubuntu.com/p/w338ZcGTVt/
<hackeron> hey, I have a question, ubuntu has both journald and rsyslogd - is there any way to get journald to pick up all logs currently going to syslog?
<joop_> /close
<JanC> hackeron: do you have logs that go to rsyslogd but not to journald?
<hackeron> JanC: yes, I can't find the log lines I see in /var/log/ken.log and /var/log/syslog when I run sudo journalctl
<hackeron> oh, I added ForwardToSyslog=no
<hackeron> to journald.conf and now I'm seeing them :D
<JanC> ForwardToSyslog should not influence what gets logged by journald itself?
<bipul> Hello how to install Ubuntu server 18.04 via preseed method?
<tomreyn> bipul: same as previous releases, but using the netboot / mini / alternative installer. i assume the server-live installer cant be used for preseed installations, yet (i may be wrong),
<compdoc> are errors that are written to the console logged somewhere?
<bipul> tomreyn, here is the step which i have performed sudo apt install qemu qemu-utils qemu-system ovmf
<bipul> https://paste.ubuntu.com/p/Y9dfzmZjgV/
<bipul> ignore qemu installation command
<compdoc> Im more of a virt-manager kinda guy
<raidghost> WHY is the ubuntu installer (ORANGE) shutting down when its time to type username and password and all that other stuff. ITS so Freaky Annoying!
<tomreyn> raidghost: i've never seen this. does it switch off instantly? is your hardware stable?
<raidghost> My hardware is stable. Ive tried to install ubuntu server 18.04 for like 10 times. the same crap is happening every time.
<tomreyn> compdoc: what do you mean by console exactly? what's printed to a tty? or a virtual terminal?
<tomreyn> raidghost: which hardware is it? is this 18.04.1 or .0?
<raidghost> tomreyn: latest LTS
<tomreyn> raidghost: .1 then. any special configurstions?
<raidghost> no.
<tomreyn> so which harware?
<raidghost> added raid and lvm settings in partition. Thats all.
<raidghost> Its a intel i7 8086K 32GB ram and asrock z370 pro4
<raidghost> got 2 twintuner cards from hauppauge, but would be WEIRD if that was the reason
<tomreyn> repeating my other qurestion: does it power down instantly, or does it do an rderly shutdown?
<raidghost> tomreyn: it shuts down services and then turn the computer off
<raidghost> not power down instantly, it shuts down like if i pressed CTRL ALT del,
<raidghost> but i dont touch that keys
<tomreyn> so it behaves as if it had been given a power down request via acpii (power button pressed9
<tomreyn> ctrl-alt-del would trigger a reboot, does it reboot afterwards?
<raidghost> it doesnt reboot
<tomreyn> okay, have you tried to verify the installation iso was properly downloaded and also properly written to the installation media?
<tomreyn> if not, i*d recommend doing this next
<tomreyn> also a bios update may be a good next step (but i'd hold this back until you've verified the download + installation media)
<raidghost> tomreyn: the iso was perfectly downloaded. perfectly written to the installation media. I been using ubuntu-server for some years. Never had any issues
<raidghost> bios is up to date.
<raidghost> The NONE orange installer, would be to prefered used
<tomreyn> "perfectly" as in you verified the checksums?
<raidghost> yes
<tomreyn> well if you prefer to use the alternative installer, then just do it ;)
<raidghost> Whats it named?
<tomreyn> "alternative installer"
<raidghost> so ubuntu-server something- alternative installer
<raidghost> ?
<raidghost> .iso
<tomreyn> no
<tomreyn> the file name scheme is the same it used to be in erarlier releases
<tomreyn> i.e. compared to the new subiquity based orange themed installer the alternative / classic / debian-installer based  / blue themed installer lacks the word 'live' in its ISO file name.
<raidghost> ubuntu-18.04.1-live-server-amd64.iso  ?
<raidghost> and the desktop version
<compdoc> tomreyn, messages printed on the server's console while not logged in.
<raidghost> tomreyn: I give it a shoot without the twintuners, just to be sure it aint the problem
<compdoc> I just built a system for a friend with the  i7 8086K and 32G ram. very fast
<raidghost> compdoc: no issue?
<compdoc> well, it runs win10pro
<compdoc> do you oc?
<raidghost> Neeh. no OC i like to keep the lifetime as long as possible
<compdoc> she got a rtx2080 card too
<raidghost> gamer?
<raidghost> LOL:P
<compdoc> nope, coder
<compdoc> waste of card
<raidghost> hehehe
<raidghost> you go tell here
<compdoc> ubuntu on its own wont crash at install. so possible bios setting, or other hardware
<compdoc> she has the asrock H370M Pro4
<compdoc> have you ever seen a bios setting for pci latency timer?
<raidghost> compdoc: the bios shows up as JAPANESE characters without a external graphical card
<compdoc> yikes
<raidghost> So i soon give a damn in trying to get the iptvserver up running.
<raidghost> Wasting time on something that aint wurth it, = Wasted time
<compdoc> does it boot to the live desktop ?
<compdoc> ah
<raidghost> compdoc: not sure, since its the ubuntu-server image on the thumbdrive
<compdoc> I was using mythtv running in a vm on mine server for a long time
<raidghost> its as hard as to learn my girlfriend how to change sources on my amplifier
<raidghost> did you get PCI passtrough ?
<raidghost> tried to run tvheadend in a vm, but the picture was frame by frame. Like OLD DAYS video
<compdoc> I dont like PCI passtrough so I dont use it
<raidghost> How do you get the card to work 100% perfect then ?
<compdoc> I used mythv to record some tv channels, and raspberry pis to stream he recordings to my tvs around the house
<compdoc> a video card, you mean?
<compdoc> I do everything remote, so no video cards involved
<raidghost> compdoc: Tvtuner dvb-c
<compdoc> oh. I use SiliconDust HDHomeRun. records 3 channels at once
<compdoc> needs a cable card tho
<compdoc> if you have cable
<tomreyn> compdoc: messgaes printed to console are also stored in the kernel ring buffer, which is usually logged to the journal (i.e. use journalctl -s)
<compdoc> ty
<tomreyn> or dmesg -s during runtmie
<tomreyn> and it's journalctl --system, not -s
<tomreyn> raidghost: https://www.ubuntu.com/download/alternative-downloads#alternate-ubuntu-server-installer
<tomreyn> how did you verify the hardwar is stable? did you run 2 full passes of memcheck86+ ? did you cpuburn?
<tomreyn> bios in all japanese sounds dodgy
<tomreyn> or was it chinese?
<raidghost> chinese
<raidghost> tomreyn: Any known bug about apt-get install ? it doesnt install package
<tomreyn> raidghost: this is way too unspecific.
<tomreyn> got any details such as the exact command you ran, the outputit generated, and the ubuntu version + architecture?
<tomreyn> gtg
#ubuntu-server 2019-11-11
<sdhd-sascha> hello, are the any repos for  "ubuntu-18.04.3-preinstalled-server" for raspberry pi ?
<sdhd-sascha> there ?
<RoyK> sdhd-sascha: try #raspberrypi
<sdhd-sascha> RoyK: well, i found this blog post from ubuntu. With 19.10 there should be a offical ubuntu support for raspberry pi 4. Now i wonder where the source for this project is ?  ... https://ubuntu.com/blog/roadmap-for-official-support-for-the-raspberry-pi-4
<RoyK> sdhd-sascha: I'd use 19.10 https://ubuntu.com/download/iot/raspberry-pi
<sdhd-sascha> RoyK: thank you. I will have a look. I hope this image is able to boot over network. Currently i have booted Debian-Buster over network with pi4
<RoyK> sdhd-sascha: probably better to flash an sd card
<sdhd-sascha> RoyK: oh, i already tried this image ... well, then i need to compile u-boot and/or the kernel myself. I also asked at @raspberrypi for the offical source repo... thank you
<RoyK> sdhd-sascha: it's in the sources repos
<sdhd-sascha> RoyK: awkward ;-) you are right ;-D
<RoyK> sdhd-sascha: good luck :)
<lopta> Does the installer help if I want to install onto a mirrored pair of SATA disks?
<lopta> (md, not ZFS)
<tomreyn> should. if you want it more customized, use the alternative installer. if you want it even more customized, use debootstrap.
<tomreyn> i'm referring to ubuntu server 18.04.3+
 * lopta checks his iso directory
<lopta> Is 19.10 out yet?
<tomreyn> which year and month is it?
<lopta> November 2019
<tomreyn> so the year 2019, month 11, hmm
 * lopta interprets that as a "yes"
<tomreyn> well done!
<lopta> Sounds as though you chaps stick fairly rigidly to your release schedule.
<lopta> Do I need a text installer to install onto a mirror or is the server installer always text?
<tomreyn> lopta: it's always text. and it can create the mirror for you (in fact i think it will want to)
<lopta> Thanks, that sounds great.
<RoyK> lopta: the "alternate" installer should do fine here - that's the old one. the new one sucks outright
<lopta> RoyK: That's handy to know!
<RoyK> no idea why they made it - it's flashy, looks good, blablabla, but it stops there
<lopta> Is that on a separate .iso?
<RoyK> lopta: if I were you, I'd use LVM on top of md as well, but then, people sometimes disagree there
<lopta> Ah, found it.
<RoyK> goodie
<mwhudson> RoyK: do you have specific complaints about the new installer?
<RoyK> I just realised it must be right about now it's 25 years since I installed Linux for the first time :D
<lopta> I'm an old fart, if that helps.
<lopta> ...first installed Linux for a friend from a stack of 5.25" 1200K floppies.
<RoyK> mwhudson: I had when I first tried it, and when I tried the v1.1, and then I didn't care, since either I used the alternate installer or just debian
<mwhudson> RoyK: ok, well it is hopefully better now
<RoyK> mwhudson: I hope so
<mwhudson> hmm 21 years since my first install i think
<mwhudson> rh5
<RoyK> lopta: are you sure?
<lopta> RoyK: I'm sure they weren't 1.2M ;-)
<RoyK> those 5.25 floppies went out of style in the eightees and the initial linux kernel came out in 1991
<lopta> RoyK: I didn't say we were fashionable.
<RoyK> mwhudson: so just old buggers hanging around here, then :D
<lopta> I haven't done a lot with Linux in the years since that first install.
<lopta> ...but I do have an Ubuntu Server box in the office running a utility thing
<lopta> ...and I'm about to try it on an actual server.
<RoyK> probably works
<RoyK> what are the plans for the server? storage or application?
<RoyK> or just "misc"? ;)
<lopta> RoyK: Short term storage and just to familiarise myself with Ubuntu Server, if possible.
<RoyK> ok
<RoyK> one advice - if you want to install things like a web server, perhaps nextcloud, something else, do it in a VM if you have sufficient memory
<lordcirth_> Or LXC container, they are lighter
<RoyK> if something goes wrong in that vm, well, it's just a vm, not a big issue
 * lopta nods
<RoyK> lordcirth_: same thing, really - but I stick to kvm still
<lopta> brb, plugging in a USB flash drive to write the image to.
<RoyK> kernel stuff is hard or impossible in lxc
<lordcirth_> Yeah, but nextcloud, etc don't need "kernel stuff"
<lordcirth_> I do have ip_vs loaded by the host so that HAProxy works in LXC.
<RoyK> lordcirth_: I know, perhaps I'm just lazy or that I like to sometimes have different distros or versions installed, and the isolation is still far better on kvm - but hell - both work
<lordcirth_> Ubuntu 18.04 containers do run on 16.04 hosts, btw.
<lordcirth_> Quite handy at $WORK
<RoyK> whatever you fancy :)
 * RoyK sticks to kvm
<lopta> I suppose I should learn containers too, at some point.
<lopta> Probably Ubuntu Server first though.
<lopta> ...should be back tomorrow, hopefully.
#ubuntu-server 2019-11-12
<lordievader> Good morning
<V7> Mornin o/
<mgedmin> anyone have problems with docker in 19.10?  I've a container with four uwsgi processes all blocked trying to write to stderr
<mgedmin> the containerd-shim that's supposed to be reading from the pipe isn't doing anything
<mgedmin> (well it has a lot of threads that do various things, but they're not reading from the right pipes)
<im0nde> Can someone help me install ubuntu server on a nvme drive? I get an error in the installation with the drive.  This is the full error https://imgur.com/a/ijNDCDM
<weedmic> im0nde: I have not done what you want to do, but... it appears that the machine does not see the drive.  did you setup the cmos to boot the nvme drive first?  this is not possible on many older machines.
<im0nde> weedmic: The thing is, I can partition it in the installer. So it seems to be there?
<im0nde> Also the machine is very new and came with a linux distro prenstalled
<im0nde> I deleted it though, because I wanted a server OS
<weedmic> yes, it is there - but if it is not a bootable drive, then you need to setup the install differently and put the bootloader on a disc that can be read, then access the nvme one.  but... u sh'd check the cmos, it might be an option to boot to that drive
<weedmic> just one click/boot away...
<badv991> Im0nde: I can't really see the text in the pic you posted, but you might want to try the "alternative installer"
<im0nde> weedmic: Sorry, I don't fully understand what to select in the bios. I have pressed f12 to boot from the drive, isn't that correct?
<im0nde> also there was a linux distro installed (which worked) in exactly that hardware configuratioooooooooooooooooo
<im0nde> *configuration
<im0nde> badv991: I have only the option of "safe graphics"
<mgedmin> weedmic: that looks like a bug in the installer to me
<badv991> Yeah then definitely try alternative installer since it's basically Debian
<im0nde> mgedmin: Yeah to me too
<mgedmin> weedmic: report it
<mgedmin> and try an alternative installer
<badv991> Yes it's a different ISO you need to download that uses Debian curses installer
<im0nde> mgedmin: badv991 Where do I select the alternate installer?
<im0nde> ah ok
<weedmic> i think u need to go into the cmos, setup the boot order so that the nvme drive is 1st likely, this might be a good way to tell, if your "boot order" setup does not contain the nvme drive/slot - then it is not an option.
<im0nde> sorry, thougth that was an option
<mgedmin> I think http://cdimages.ubuntu.com/releases/18.04/release/ is the debian-installer based image
<mgedmin> the subiquity one is called *-live-server-*.iso
<mgedmin> debian-installer is called *-server-*.iso
<mgedmin> they're split between cdimages.ubuntu.com and releases.ubuntu.com using some moon logic I don't follow
<mgedmin> (an neither links to the other one afaics)
<im0nde> :D
<im0nde> ok, I'll download an alternate server install then, brb
<tomreyn> im0nde: could you please report a bug on this, it doesn't seem like there is a bug report for it, yet (from what i can find)
<tomreyn> !bug
<ubottu> If you find a bug in Ubuntu or any of its official !flavors, please report it using the command Â« ubuntu-bug <package> Â» - See https://help.ubuntu.com/community/ReportingBugs for other ways to report bugs.
<tomreyn> you can do so from a different tty:
<im0nde> tomreyn: I will. Just updated the bios to see if that makes a difference
<tomreyn> ok
<im0nde> tomreyn: yes?
<tomreyn> !tty
<ubottu> To get to the TTY terminals 3-6, use the keystroke Ctrl + Alt + F3-F6 respectively. Ctrl-Alt-F2 or Ctrl-Alt-F1 will get you back to your graphical login (Ctrl-Alt-F7 on 16.04). To change TTY resolution, see https://help.ubuntu.com/community/ChangeTTYResolution
<tomreyn> i assume you know so much ;)
<tomreyn> and this is more targetted at desktops
<im0nde> tomreyn: yes, i know. Thing is, i can't copy paste
<tomreyn> you can pipe output into   | nc termbin.com 9999
<im0nde> I'll try my best. At least I have a photo and can provide the hardware
<im0nde> Oh nice
<im0nde> didn't know that one
<im0nde> I'm trying out the alternate installer too
<tomreyn> or you can just run    DISPLAY=:1 ubuntu-bug subiquity
<tomreyn> this should print a URL which you can access form a desktop computer to continue your bug report (aftzer it collected and posted the relevant logs)
<im0nde> tomreyn: mgedmin the alternate installer worked perfectly!
<mgedmin> im0nde: have you filed a subiquity bug?
<im0nde> Thanks for the help, I would have trying for ages
<im0nde> mgedmin: I'm doing that right now
<im0nde> mgedmin: here, right? https://bugs.launchpad.net/subiquity
<mgedmin> hm, ubuntu desktop doesn't have problems installing into nvme disks -- I've just checked and my laptop has the same kind of /dev/disk/by-id/nvme-eui.XXXXXX structure
<weedmic> how does one do "systemctl snapshot test" in ubuntu?  says "snapshot is unknown command"?
<weedmic> actual error was - Unknown operation snapshot.
<lordievader> (if your display hangs out there, /me might miss backlog but typically the first display hangs out at :0 )
<RoyK> weedmic: I guess you'll need a rather new version of systemd to support that
<weedmic> it was depricated between 2015 and now - unsure how to tell I seldom use github and was not about to make an account just to say, well I was that one bloke - there was a comment no one uses it :D
<RoyK> ah
<weedmic> no problems, if the files are similar each go (around), I'll have python do it for me and create some colour highlighted report with changes, then manually change them.
<weedmic> but, it was exactly the command I wanted (already done)
<weedmic> I mean it had a bow on it and everything
<albech> anyone have experience with fail2ban and RBLs? I am getting thousands of brute force attempts on my mail server and fail2ban is doing a great job banning offenders after 5 tries, but eventually someone will get in and I was wondering about tightening the security with a RBL. Suggestions/comments?
<lordcirth_> albech, If you are worried about your password being brute-forced, ban passwords and only allow keys
<lordcirth_> Oh wait, mail, not ssh. nvrm
<tomreyn> fail2ban usually does banning via iptables, which is not the right place to apply RBLs, those can be used by your mail server, though
<sdeziel> albech: RBL should be used on SMTP port (TCP/25) only where no auth should be permitted as that's normally on smtps/submission/submissions (TCP/465 or TCP/587)
<tomreyn> what you can use with iptables / at the network layer are drop lists / ipsets
<sdeziel> albech: that said, to protect your SMTP port, I would recommend postscreen (builtin with postfix) as it has a good DNSBL/DNSWL integration among other nice features to weed off spammers
<albech> thanks for the input guys.. highly appreciated.. ill have a look at postscreen as its already postfix im running
<albech> that doesnt strengthen security on dovecot however. switching to keys isnt really an option unfortunately.
<sdeziel> albech: SASL should NOT be offered on TCP/25. Removing this should already mitigate the problem to some extent
<albech> sdeziel: it already is disabled
<sdeziel> albech: I also noticed that requiring recent TLS versions (1.2+) on the TCP/465 and TCP/587 services prevent some dummy bots to be able to pass the StartTLS while being compatible with every legitimate users' MSA
<sdeziel> albech: you can also try those http://www.postfix.org/TUNING_README.html#conn_limit
<albech> sdeziel: cheers
<tomreyn> if you want something to firewall against (and thus keep traffic out of your mail server and tcp sessions already): https://www.spamhaus.org/drop/
<sdeziel> albech: I don't know if it applies in your case but here I'm adding IP ACLs (allow_nets) to some accounts in dovecot's password file
<albech> sdeziel: that is one option i have thought about. i will look at postscreen and some limit thresholds first and see how it works out
<albech> thanks again
<sdeziel> albech: postscreen is designed to protect TCP/25 only though
#ubuntu-server 2019-11-13
<lordievader> Good morning
<samba35>  we are planning to buy a hardware for  5-7 server  ,which convert 40 desktop (mostly windows) to virtual machine  as trail we test 1 server 3 desktop on old hardware
<samba35> can some one recommand which hardware cpu we should use ,we prefer to build server our own
<lopta> Hello samba35
<lopta> samba35: Why would you build your own servers rather than buying them from a vendor who provides warranty, support etc?
<samba35> warrenty for 3 years too much
<samba35> all most all  major componets come with 3 years warrenty
<lopta> Sounds like it's not a mission-critical application.
<lopta> Oh sorry, you did say it was a trial.
<lopta> Make sure you get ECC RAM, server-grade CPUs and perhaps redundant hot-swap power supplies.
<lopta> Are all the servers going into one rack?
<lopta> ...or split across two?
<samba35> school
<lopta> ?
<samba35> its school project
<samba35> 12 grade
<samba35> presntly try with pci-passthrought
<lopta> What are you passing into the VMs?
<lopta> Disks?  GPUs?
<samba35> gpu
<samba35> 1 host 3 guest work fine
<lopta> Interesting.
<lopta> Have you looked at ltsp?
<samba35> ltsp try very very long time back but that has some limitations
<samba35> is ltsp is still kicking ?
<lopta> I don't know.  It's years since I looked.
<samba35> ok
<lopta> The desktops that you plan to virtualise, are they Linux desktops?
#ubuntu-server 2019-11-14
<lordievader> Good morning
<azidhaka> hi
<azidhaka> I have two identical NAS devices, exposing their storage as iscsi target. What is the recommended way to use them simultaneously and synchronous for storage so both contain the same information? lsyncd? drbd? unionfs?
<g3poandlsl> I have successfully joined a Ubuntu 18.04 server to an active directory domain with realmd and sssd following this guide: https://www.smbadmin.com/2018/06/connecting-ubuntu-server-1804-to-active.htm
<g3poandlsl> I can get tickets with kinit just fine, and id (username) returns UID and GIDs from LDAP as expected.  However, when I try to log in with an active directory user account, the login fails.
<g3poandlsl> Logs show pam_unix(login:auth) authentication failure, followed by pam_sss(login:auth) authentication success
<g3poandlsl> The login prompt will just hang for about a minute after entering the credentials of an active directory account.  Local accounts work just fine
<arif-ali> g3poandlsl, have you increased you debugging levels, to see what else the problem may be. That's the first place to look. I have done realmd/sssd a few times in the past, and it does work well. It may also be useful to check 'getent passwd <userid>' for a user that you know exists
<g3poandlsl> arif-ali, Thanks. I'll try increasing log levels.  getent passwd <knownuser> returns no output.  I have a feeling this may have to do with PAM modules
<g3poandlsl> I take back what I said about getent passwd.  After reverting a snapshot and re-joining the domain 'getent passwd' returns appropriate output
<RoyK> what did you do before snapshotting?
<g3poandlsl> installed Ubuntu, installed updates, set hostname
<g3poandlsl> how would one go about increasing the log level of [login] events
<sarnold> normally the syslog levels of events are set in the source; you select which levels you want to log, and sometimes it's not perfect
<RoyK> g3poandlsl: usually the defaults are fine - but if you reinstalled the machine, you may want to look through the config
<axisys> how to generate snmp alerts for ubuntu system level check?
<axisys> there is a remote snmp trap servers
 * RoyK just uses snmp polling
<axisys> eng team wants to receive traps
<axisys> probably works better for firewall since we have 100s of servers to monitor?
<RoyK> well, google it - seems to be a lot of sources there
<axisys> RoyK: right, doing so.. but any suggestion is also appreciated.. did not see any #snmp channel
<g3poandlsl> RoyK, ok, because I have increased the SSSD and PAM log level and am not seeing anything extra in journalctl for login events
<RoyK> check /var/log/auth.log
<g3poandlsl>  /var/log/auth.log contains the same entries as journalctl (pertaining to login event)
<g3poandlsl> the line I have a problem with is login[1211]: Authentication service cannot retrieve authentication info
<g3poandlsl> I would like to troubleshoot at what point and for what reason auth info cannot be retrieved
<sarnold> can you reproduce it?
<g3poandlsl> yes
<sarnold> ah good :) I'd first try to attach strace to the daemon process that will try to perform the login, then try the login, and see what the strace returns
<g3poandlsl> sarnold, thanks for the tip. I ran strace on the login process and I'm a bit unsure how to interpret the output
<sarnold> g3poandlsl: the usual trick is to start near the end of the trace and read backwards until you find the error message being logged; the error will probably be nearby, a bit ahead of that
<g3poandlsl> I narrowed down the problem to an entry in /etc/pam.d/common-account. The offending line is 'account	[default=bad success=ok user_unknown=ignore]	pam_sss.so'
<axisys> I just install snmp, snmpd and snmp-mibs-downloader and I am getting no result from snmpwalk
<axisys> # snmpwalk  -v 2c -c public localhost system
<axisys> Timeout: No Response from localhost
<g3poandlsl> Logins still hang for a while but eventually succeed if I change default=bad to default=ignore
<ChmEarl> v libssh-4
#ubuntu-server 2019-11-15
<dutchie> hi, is this the right place to ask about the canonical-livepatch service? I'm having it failing with 403 errors, even after I've disabled and re-enabled it
<dutchie> during refresh: cannot check: cannot send status to server: bad server status 403 (URL: https://livepatch.canonical.com/api/machine/c13151cc85df441a84c14fa33a7ed6e3): {"error": "Not checking for new patches based on reported livepatch state. State: kernel-upgrade-required"}
<tomreyn> dutchie: i assume you'd need to contact your canonical sales rep directly about it. but before you do, check whether you can     curl https://livepatch.canonical.com/
<dutchie> I am just using the free tier, so I don't have a sales rep
<tomreyn> see also https://wiki.ubuntu.com/Kernel/Livepatch about requirements
<tomreyn> and verify that your api key is properly registered
<tomreyn> the contact provided at https://snapcraft.io/canonical-livepatch is mailto:snaps@canonical.com
<dutchie> ah, that's probably a reasonable starting point
<dutchie> it used to be working and I'm not sure what changed
<tomreyn> i'm just another boring user, could not tell.
<tomreyn> i assume that https://auth.livepatch.canonical.com/ enables you to manage your tokens.
<frickler> dutchie: this latest lsn says that the patches can't be livepatched, so you need to do a real kernel update https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-November/005193.html
<frickler> in particular I think you can't do a live microcode update
<dutchie> these are VPSs so microcode isn't an issue, and I feel like the 403 is orthogonal to that
<dutchie> I should reboot anyway though
<frickler> dutchie: well, that's what I read into your "State: kernel-upgrade-required"
<dutchie> hmm, true
<dutchie> ok, it seems to be good after a reboot
<frickler> there are also rumours that that new microcode can severely impact performance. well at least for those who consider 20% or so severe
<dutchie> great, all sorted now, thanks tomreyn and frickler
<tomreyn> dutchie: so it was just the reboot?
<tomreyn> frickler: do you happen to have a link ready to such reports?
<frickler> tomreyn: it's on the wiki page you cited: "Livepatch Security Notices (LSN) are only available by subscribing to the Ubuntu Security Announcements mailing list." you can then check the archives for LSNs from that mailman link
<tomreyn> frickler: thanks, but i'm asking about "rumours that that new microcode can severely impact performance", sorry if this was unclear. i did find https://www.phoronix.com/scan.php?page=article&item=intel-jcc-gaming about performance impact for gaming.
<frickler> tomreyn: ah, there were some things on twitter regarding it, let me check if I can still find them
<OerHeks> all Intel patches have impact, nothing new about that
<frickler> https://twitter.com/damageboy/status/1194751035136450560 is where I saw the 20% mark
<tomreyn> 20% seems unlikely for generic workloads. intel says 0-4%, with some spikes doing worse, which was apparently confirmed at https://www.phoronix.com/scan.php?page=article&item=intel-jcc-microcode
<tomreyn> so it's 20% for array.sort() before compiler patches.
#ubuntu-server 2019-11-16
<[diablo]> Good evening #ubuntu-server ..
<[diablo]> guys a friend of mine is about to clean install an old server he has. He's going to install 18.04 server...  Is ZFS fully supported please?
<[diablo]> for a mirror of two drives ... will hold data, pictures, movies, music etc
<[diablo]> not ZFS for the OS
<mason> [diablo]: Yeah, that's easy enough to do. Do your installation using up 30G or so of each drive, standard MD-RAID1/LUKS/LVM, and you can have a big partition at the end of each disk for LUKS->ZFS or straight ZFS, mirrored either way.
<mason> [diablo]: Something I like to do with LUKS is use two key slots, so I can have one key in the (encrypted) root, say, /etc/keys or something, and one keyslot dedicated to a passphrase I can type should I somehow lose access to the keys.
<[diablo]> hi mason sorry I did Google and found it's fully supported
<mason> Yep.
<[diablo]> :)
<[diablo]> for this no encryption will be required
<mason> [diablo]: The trick is that the installer doesn't help you with it, so you'll probably end up doing a dual-stage install.
<[diablo]> I use ZFS on FreebSD...
<[diablo]> so I wanted to embrace it for my mates box..
<mason> Good idea.
<[diablo]> cheers for replying tho
<mason> FreeBSD and Ubuntu are very similar in terms of how they support ZFS, with the caveat that GRUB can't easily deal with all of it without a ton of handholding.
<[diablo]> enjoy your weekend
<mason> Already on that.
<[diablo]> his install for OS is regular EXT4 and LVM...
<mason> On MD-RAID1?
<[diablo]> just the RAID mirror I wanna put on  ZFS
<[diablo]> OS is just 1 x SSD
<mason> You're not going to run ZFS on the MD-RAID are you?
<mason> ah
<[diablo]> no no... the old spinning rust drives will be vaped to ZFS and mirrored
<mason> kk
<[diablo]> :)
<mason> FWIW, I also like using GPT and specifying vdevs using GPT labels. Very, very easy, consistent, trouble-free.
<mason> Consistent between FreeBSD and Ubuntu even.
<mason> My last gushing recommendation will be thinking about using the Linux EFI stub loader, because then you can do away with GRUB entirely. I keep copies of my kernels and initrds in my ESP and boot Linux directly, no bootloader, with mirrored/native-encrypted (or LUKS for older Ubuntu) ZFS root. Good stuff.
<mason> Of course, if you do that you're moving away from what the shipped installer can handle, but, eh.
<mason> Anyway, on to the weekend-enjoyment phase. You have a good one too.
<[diablo]> mason cheers, I might do that
<[diablo]> all the best
<ChmEarl> trying to boot `eoan-live-server-amd64.iso` in qemu with kvm.. I get a frozen window and the language menu never appears, while the disco ISO instantly gives this
<ChmEarl> using qemu-4.1 on Debian buster
<compdoc> do you use virt-manager?
<ChmEarl> compdoc, no, I use cmdline
<ChmEarl> compdoc, it seems that qemu-4.2 has this fixed with a new kconfig for CONFIG_LZ4
<ChmEarl> https://src.fedoraproject.org/lookaside/pkgs/qemu/qemu-4.2.0-rc1.tar.xz/
<mybalzitch> stupid bugs
<ChmEarl> looked over the qemu-4.2* tree and there is nothing new for lz4 in ./configure
<ChmEarl> only the u-boot: roms/u-boot/lib/lz4.c
#ubuntu-server 2019-11-17
<ChmEarl> So, ub1910 kernel is using legacy lz4 compression, yet qemu, pvgrub2, and xen:xl fails to decompress it, then ubuntu kernel team needs to find out why
<compdoc> too bleeding edge for me
<mybalzitch> does anyone know how I tell dkms to use more than 4 cores? it's supposed to get data from nproc but on my 32 thread system it only compiles with 4 threads
<mybalzitch> sorry that was other load, it does it single threaded
<mybalzitch> arg, feels like ssh x11 forwarding broke in 19.10 server
<mybalzitch> yeah seems like it. my clients work just fine on ubuntu 18.04 hosts, and this 19.10 install worked fine for x11 forwarding when it ran 19.04
<mybalzitch> I get 2 error messages, first wrong auth, then connection refused
