#ubuntu-server 2006-05-15
<splif> is anyone using apache on ubuntu server 6.06?
<theCore> splif: me
<splif> I can't get my machine to send the content-length of a file and instead it sends it chunked, which screws up some software running on xp, do you know why it wouldn't send it with content-length information?
<theCore> splif: this channel isn't for support, btw
<Runix> hi
<Runix> c' un italiano?
<Runix>  i must to delete from menu item "recent document"
#ubuntu-server 2006-05-16
* #ubuntu-server  [freenode-info]  channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp
<infinity> IRCsloth: Still around?
<infinity> IRCsloth: Can you try a dapper liveCD on that machine to see if it creates the device correctly?
<IRCsloth> yeah, I'm here, just not looking at the screen
<IRCsloth> I'll try a dapper live cd to see. Fedora core4 wasn't creating the devices for me either so I have a feeling it's a generic udev problem
<IRCsloth> RedHat 9 however works like a charm, heh.
<infinity> IRCsloth: I just talked to our udev guy who showed me the code in question.  We dfinitelty SHOULD be creating tape devices.
<neuralis> infinity: did you ever find anything out about the certification exams?
<infinity> Nothing meaninful or interesting, no.
<nictuku> considering your experience, what would be an acceptable maximum usage for a network wide updates server, written in python, in mb?
<nictuku> nwu, in this case
<nictuku> maximum memory usage, I mean
<nictuku> like, 10M, 15, 30, 100?
<neuralis> what memory-intensive operation(s) are you performing?
<neuralis> are you caching something? package lists?
<nictuku> neuralis, getting relatively big list of packages and storing in a database. only temporary sqlobjects cache (should end after the thread is closed)
<neuralis> so how would you eat up a hundred megs of memory?
<nictuku> I mean, not in a developers POV, but in a sysadmin pov.
<neuralis> i understand what you're asking, but i'm not sure why you're asking it. why do you think something like nwu will end up chewing up a lot of ram?
<nictuku> what would a an admin expect for that? I'm an admin and I don't like how much memory it's using currently, like 24mb
<nictuku> neuralis, because it's currently buggy
<neuralis> 24mb isn't problematic at all, but it would be nice to cut it down eventually if there's no need for it.
<nictuku> I'm fixing that, but although it won't ever use less than 10mb (python VM and all classes loaded), I wonder what would a sane target value for that.
<neuralis> remove obvious leaks and memory holes, and then simply don't worry about it.
<nictuku> neuralis, last week the memory usage was growing with no limit, until linux oom killer kills the process hehe
<neuralis> yeah, leaks are bad, m'kay.
<nictuku> ok, I think I'm getting paranoic about that
<neuralis> no need.
<infinity> As neuralis said, just make sure it doesn't leak.
<infinity> Maybe try to make certain bits more efficient, if they're obviously not.
<infinity> No one expects a python application to be "slim", however.
<ajmitch> I'd never call apt-proxy lightweight, for example
<nictuku> that could be a good base of comparision, btw
<nictuku> it's using 50mb of memory in a server at work, and it's just sitting there.
<nictuku> nwu is fine then :-)
<neuralis> nictuku: hoare had something to say about premature optimization... kill leaks and focus on more worthwhile things like security and stability; memory use can be optimized later.
<nictuku> it took me a month to spot and stop the leak. i'm hoping that won't happen often after this painful learning
<nictuku> but it was fun :-)
<ajmitch> hi fabbione
<fabbione> morning
<nictuku> nwu big inserts: mysql=0m12.316s, sqlite=0m49.179s. some of these in a row (although really unlikely to happen) would kill a small server IO sub-system
<neuralis> er. what are these inserts doing?
<nictuku> iostat shows a big write queue and usage
<nictuku> neuralis, initial machine setup. basically packages versions and repository data
<nictuku> oh. transactions off
<neuralis> ok, well, it's more than likely that you're using a suboptimal schema.
<nictuku> I wouldn't expect a good result now that I remember it's not using transactions.
<\sh> moins
<\sh> fabbione: actual ubunt--server amd64 daily is broken, right?
<fabbione> \sh: dunno.. i am not on server for this release
<\sh> well...looks like it...no di kernel modules nothing...trying flight 6 now...debian amd64 port is far from being usable...so I need a running amd64 debian distro...
<fabbione> \sh: check the new daily. there was a kernel abi bump
<\sh> fabbione: well...using flight6 with updates...should work
<fabbione> yes it should
<infinity> \sh: The seeds were out of sync, so kernels on all dailies are messed up.
<infinity> \sh: We just fixed that, so the next round of dailies will be fine.
<\sh> infinity: ok :) but anyhow I need to deliver some ubuntu servers for amd64 just now...so working around is better right now then to wait for the next cd build run :)
<infinity> Yeah, just take the daily that built at the same time as Ubuntu Flight 7.
<infinity> That one's fine.
<infinity> Or start at Flight-6 and upgrade, if you prefer.  Whatever.
<\sh> hmm..nice issue right now...trying to install it via ILO and after the graphic boot selection...black screen
<\sh> infinity: just for your info: setting vga mode to 640x480x16 and then booting works...the standard setting does't work when you try to install via ILO remote console
<\sh> will file a bug after the installation :)
<infinity> I'd need access to an ILO-enabled machine to debug it, unless you have more info for me than "doesn't work".
<\sh> infinity: no display but running the installer...looks like the switch from graphics mode to text mode works only in 640x480x16 mode...
<infinity> Yeah, that's still not enough info to be useful without a machine to look at.
<infinity> I don't suppose you know anyone who could give me access to an ILOable box for a bit?
<\sh> infinity: sorry no...all the ILOs here are in mgmt networks which are not accessible from the outside:(
<infinity> \sh: If you can get me access to just one at any point, I can diagnose and fix the bug, but otherwise, there's probably little point in even filing it.
<\sh> infinity: let me try something...
<dyn> hi
<dyn> problem: at install time I had no network available. later on I edited /etc/network/interfaces but still '/etc/init.d/networking restart' does not pull up eth0. how can I fix this? (the box was installed in server mode so no X11/gui clients are available)
<dyn> how can I fix that to work correctly?
<lionelp> idimmu ?
<idimmu> hi
<lionelp> hi
<lionelp> I just fill the page on the wiki: https://wiki.ubuntu.com/BinaryDriverHowto/EiconDiva
<lionelp> You can have a look, and comment / make changes :)
#ubuntu-server 2006-05-17
* nictuku almost giving up on sqlobject 0.6
<BlackHand> uhm... exist a port of fedora/redhat directory server ?
<neuralis> BlackHand: it's not packaged for ubuntu, but you should have no trouble installing it manually.
* ajmitch will probably look at packaging it for edgy
<ajmitch> depends on how evil it is
<ajmitch> most problematic is the java requirement for building
<BlackHand> yep, i know, is a real knightmare trying to rebuild in a centos box 4.x here
<nicola> Hallo, I'm triing to install vmware-server on ubuntu dapper flight7 with kernel amd64-server running the installer there is a problem related with openssl, did somebody got to install vmware on ubuntu 64 bit (32 is ok, yet tested), and if so how? thank you, Nicola
* ajmitch is running vmware server with no problems
<ajmitch> you probably want libc6-i386 if it's not already installed
<nicola> which is the correct compiler to export CC=/usr/bin/gcc-3.4 ?
<nicola> Thank you, one step ahead, now I get an error loading library libX11.so.6 is it going to make mess between /lib -> /lib64 and /lib32 ?
<infinity> You want ia32-libs too, probably.
<nicola> OK, OK OK, very very glad, I had read hundreds of forum and none had the solution! thank you very much. :)
<nicola> does somebody know why mondo and mindi (backup) are not available in dapper? they are listed in packages.ubuntu.com but apt-get find only mondo-doc
<trs80> nicola: did you add universe to your sources.list?
<lionelp> trs80: <-- nicola a quitt ("Sto andando via")
<lionelp> :)
#ubuntu-server 2006-05-18
<nictuku> neuralis, so, I'm not going to the dev summit
<ajmitch> nictuku: missed out on sponsorship?
<nictuku> if you mean I was not selected for a sponsorhip, then yes. :-)
<ajmitch> a shame
<neuralis> ajmitch: same here, it turns out :)
<ajmitch> sounds like they're sponsoring very few
<ajmitch> I've not heard of anyone who's been sponsored
<neuralis> well, i'm a little uneasy about the server situation
<ajmitch> how so?
<ajmitch> no clear direction that things are going in?
<neuralis> without fabio and myself, there's going to be one server team admin there
<ajmitch> fabio won't be there?
<neuralis> nope
<ajmitch> we'll need to spec & discuss online then
<ajmitch> what ideas do you have for edgy at the moment?
<neuralis> in a meeting now, can't talk at the moment
<ajmitch> ok
<infinity> neuralis: Did you ask for sponsorship and get turned down, or not ask at all?
<neuralis> infinity: i was turned down
<jsgotangco> that sucks
<infinity> neuralis: Feh.
<infinity> neuralis: Did you get a reason, or just a "sorry, try again next time"?
<neuralis> infinity: the latter.
* infinity pokes around.
<ajmitch> hi infinity
<infinity> Hey dude.
<FunnyLookinHat> so on my fresh LAMP install... why is the server trying to make me download a .php rather than display it....
<BlackHand> after restart apache ?
<FunnyLookinHat> umm.. fresh install... with a few reboots
<FunnyLookinHat> the LAMP installation installs apache, mysql, and php to my knowledge, right??
<_r_a_b_> can someone help me set up my server with php
<monkee13> what version?
<monkee13> just sudo apt-get install php5  then install thr recomended that you want.
<_r_a_b_> apache 2.2.2 php4 and ubuntu 510
<_r_a_b_> i did
<_r_a_b_> actually i got php4, but I'm having troubles with my server
<monkee13> what's happening?
<_r_a_b_> hackthps.no-ip.org:8008
<_r_a_b_> It wont display php files correctly
<monkee13> have you configed apache to use php?
<_r_a_b_> no, i couldn't find the php lib to include
<_r_a_b_> and the directoy listing looks different
<monkee13> let me check mine,  I use apache2, php5, mysql
<monkee13> what do yo umean it looks different?
<_r_a_b_> doesnt look the the normal one
<_r_a_b_> idk how to explian it,
<infinity> _r_a_b_: You're using apache2?
<_r_a_b_> yes
<infinity> _r_a_b_: If so, you want "libapache2-mod-php4" (or libapache2-mod-php5 for php5) installed.  That will magically set stuff up to work with apache2.
<monkee13> do you have the sites-enabled configed?
<infinity> Then just /etc/init.d/apache2 restart
<infinity> monkee13: Nothing should need to be configured out of the box.  Just needs the right packages installed.
<monkee13> true
<_r_a_b_> k
<_r_a_b_> now look at it
<monkee13> I usaully have multiple sites running so I heavily modify my config
<_r_a_b_> php works and everything
<infinity> Yup, definitely seems to work.
<infinity> Now you just need to configure yourself some vhosts for all those virtuals, and you're set.
<infinity> monkee13: As do I.  But I suspect you could guess that anyway. ;)
<_r_a_b_> yea, thats where the confusion comes in
<infinity> (If not, compare /wii infinity with the changelog.Debian.gz for apache2, php4, php5, and mysql...)
<_r_a_b_> I have my vhosts set up but they arent working
<infinity> _r_a_b_: Okay, this is where you get to add more vhosts to /etc/apache2/sites-available, then "a2ensite mynewsite"
<_r_a_b_> http://hackthps.no-ip.org:8008/rabrab.no-ip.org/www/zomghttpd.txt
<_r_a_b_> theres my configuration, but the vhosts just wontwork
<_r_a_b_> wontwork*
<_r_a_b_> wont   work****
<infinity> Ick.
<infinity> You removed our configs?
<infinity> Completely?
<_r_a_b_> no
<_r_a_b_> i never got the ubuntu version
<infinity> Well, this is a default config from apache.org
<_r_a_b_> i compiled apache 2 from source
<infinity> Oh!
<infinity> If you're compiling from source, this is where my effort to help you ends. :)
<infinity> I package this stuff for a reason.
<_r_a_b_> lol
<infinity> Mostly so I don't have to answer support requests from people who compile from source. ;)
<_r_a_b_> k well, one last question
<monkee13> use the packages it works great that way
<_r_a_b_> i have php4 from the repos and mysql from the repos. How can I get rid of apaceh 2 that I compiled and get the one from the repos?
<infinity> If you installed it to /usr/local (which is looks like from the config), you should be able to just "rm -rf /usr/local/apache2"
<monkee13> rm the directories and config files then apt-get install apache2
<mart> hmm - that's the other good reason to use packages :)
<infinity> Maybe pick up some other random crap that got sprinkles around.
<infinity> And "apt-get install apache2-mpm-prefork" to make sure you're getting the MPM that will work with PHP.
<infinity> (Yes, the packaging system enforces this anyway, but can be a bit unfriendly to people who don't understand what it's saying)
<_r_a_b_> what about /etc/init.d/apache2
<_r_a_b_> I did what you said, but my server is still up
<_r_a_b_> wait
<_r_a_b_> nvm
<_r_a_b_> :)
<FunnyLookinHat> Why won't my LAMP ubuntu server install render php pages out of the box??
<FunnyLookinHat> It tries to make me download phtml files when I go to index.php
<infinity> FunnyLookinHat: Because the LAMP setup on the install CD is broken and didn't install PHP.  Known bug.
<infinity> FunnyLookinHat: "apt-get install libapache2-mod-php5 php5-mysql"
<_r_a_b_> infinity, should i delete ect/init.d/apache2 ?
<FunnyLookinHat> infinity, oooh, hahaha..
<infinity> FunnyLookinHat: I'll fix it before release, honest. :)
<FunnyLookinHat> thanks!
<infinity> _r_a_b_: Have you installed the Ubuntu packages yet?
<ivoks> infinity: like that smbspool bug? :)
<_r_a_b_> no
<infinity> _r_a_b_: If not, then yes, delete the init script first.
<infinity> (You'll get a new one with the package)
<FunnyLookinHat> infinity, do I have to dpkg-reconfigure apache2 after i install those?
<infinity> FunnyLookinHat: No, just restart it.
<FunnyLookinHat> kk
<infinity> ivoks: Yeah, yeah.
<infinity> ivoks: TODO list this -->    <-- big, time allotment this --><-- big.
<infinity> ivoks: Getting there, though.
<ivoks> infinity: i know :/
<infinity> Oh well.  Edgy release cycle should be much better.
<infinity> I'm dropping pretty much anything and everything I do that's even vaguely desktop-related (bubye Thunderbird!) and concentrating entirely on ubuntu-server and archive maintenance (buildd stuff, etc)
<infinity> So, y'know.  I might actually be able to work 8 hour days instead of 16 hour days.
* infinity crosses his fingers.
<monkee13> infinity: I just realized who you are, I will definitly come back here with my questions.   I just moved over to ubuntu from fedora aout two weeks ago and I LOVE it.
<_r_a_b_> whats up with this package
<ivoks> infinity: i thing you have new admirer :)
<ivoks> k
<ivoks> grr...
<monkee13> I have also converted over about four coworkers that prefer ubuntu over fedora
<infinity> ivoks: I could use one, I mostly just get abuse from you guys. *grin*
<ivoks> infinity: sorry for that :(
<infinity> Ah well... At least neuralis loves me.
<ivoks> lol
<ivoks> well, i would love to help you
<infinity> He will be coming to the summit afterall, BTW, so if you have server-related spec ideas, please bounce them off him so he and I can discuss them in Paris.
<_r_a_b_> infinity, isn't there supposed to be a SeverName in the conf?
<infinity> _r_a_b_: The conf is split.  And no, the default conf doesn't need a ServerName, only the vhosts do.
<infinity> _r_a_b_: Set up vhosts in /etc/apache2/sites-available/
<ivoks> infinity: that means I'm not invited? :)
<infinity> ivoks: It's a small summit.  neuralis and I will be the only server guys there, from the looks of things.
<infinity> Which is fine, cause we're aiming for a very small number of achievable specs this time around, nothing pie-in-the-sky.
<ivoks> ok
<infinity> I would like to see something come of the s390 port, but I haven't heard from that crowd in a while.
<infinity> They kinda went dead after much talk a few months ago.
<_r_a_b_> infinity, so i just make copies of default and put them in the sites-avalible folder?
<infinity> _r_a_b_: Well, default's probably a lot more wordy than what you want.
<_r_a_b_> yea
<infinity> _r_a_b_: The smaller chunks that you had in your old config would be fine.
<_r_a_b_> do i just add onto default?
<infinity> Doing one site per file works well, IMO, hence the way it's split.
<_r_a_b_> name them anything?
<infinity> default will just end up being a catch-all for anything that doesn't match the ServerName/ServerAlias in your other sites.
<infinity> Name them whatever.  I usually name them the same as ServerName.
<infinity> So I can then "a2ensite www.foo.com" to enable a site.
<_r_a_b_> a3ensite?
<_r_a_b_> a2ensite**?
<ivoks> Apache2ENableSITE
<FunnyLookinHat> infinity, dude apparently the LAMP install didn't install mysql either!
<infinity> FunnyLookinHat: No?  Awesome.  "apt-get install mysql-server" :)
<infinity> FunnyLookinHat: I need to mangle that thing and make sure it's right for Flight-8.  Sorry about the breakage.
<infinity> (Yay, beta releases)
<ivoks> _r_a_b_: a2ensite links site from sites-available to sites-enabled
<_r_a_b_> Ohhh
<_r_a_b_> k, im movingmy sites into site-avalible
<ivoks> _r_a_b_: ubuntu/debian way of handling sites is much nicer than upstream or redhat
<ivoks> (/me works with redhat and can't wait dapper to get out)
<infinity> ivoks: We get a lot of people whining about it, but they seem to be people with very few sites who love a giant httpd.conf.  Anyone who runs massive sites already used a similar setup anyway, so finds it intuitive.
<_r_a_b_> This site does not exist!
<infinity> (This config setup was basically based on the way thom and I both did our apache1.3 setups on our own machines)
<ivoks> infinity: ignore them... this way is muuuch nicer
<ivoks> _r_a_b_: typo?
<FunnyLookinHat> infinity, yea i just ran mysql-server mysql-client
<infinity> _r_a_b_: Spelling counts. :)
<FunnyLookinHat> : P
<_r_a_b_> wtf
<ivoks> _r_a_b_: what's the problem?
<_r_a_b_> uhm
<_r_a_b_> apache2 not found
<ivoks> _r_a_b_: talk to me, infinity has much more things to do now
<infinity> _r_a_b_: Try being a bit more verbose. :)
<infinity> _r_a_b_: What complains about that?
<_r_a_b_> infinity told me to delete apache2 in ect/init.d/ in my old install
<ivoks> ok, i would say "put more words in it..." :)
<ivoks> _r_a_b_: right
<_r_a_b_> then i installed the package from the repos
<ivoks> ok
<_r_a_b_> and it never came back
<ivoks> sure it did
<infinity> _r_a_b_: Oh, you already had apache2-common installed, didn't you?  (that's where the init script comes from)
<_r_a_b_> maybe
<_r_a_b_> i dont think i did
<ivoks> apt-get --reinstall install apache2-common
<infinity> _r_a_b_: dpkg -i --force-confmiss /var/cache/apt/archives/apache2-common*deb
<ivoks> ....or that :)
<infinity> ivoks: reinstall won't replace deleted conffiles.
<infinity> ivoks: Since deleting a conffile is a valid change, so we won't "undo" it.
<ivoks> ah, ok
<ivoks> my bad
<_r_a_b_> :)
<_r_a_b_> omg
<_r_a_b_> <3
<_r_a_b_> i love you
<ivoks> someone correctly noted that with so many hugs and "i love you" we are getting more gay every day :)
<infinity> (Not that there's anything wrong with that)
<ivoks> of course
<infinity> Okay, it should be a crime against humanity for a build to fail after 91 hours...
<ivoks> lol
<ivoks> that remindes me on my gentoo days :)
<ivoks> short and bitter period
<infinity> Also, people using [ -f /proc/kcore ]  to determine if you have /proc mounted should be shot.
<infinity> That is all.
* maswan hands control of the lunar railgun to infinity 
<infinity> maswan: Many thanks.
* ivoks add nuke to the queue
<maswan> ivoks: a sufficiently large rock dropped from orbit doesn't need fancy nuke inside. :)
<ivoks> maswan: it does, to make sure radiation eliminates all offspring :)
<maswan> ivoks: see "sufficiently". ;)
<ivoks> hehe
<ivoks> well, that's all from me for today (couple of bad jokes and another 500 translation messages)
<ivoks> bye
#ubuntu-server 2006-05-19
* ..[topic/#ubuntu-server:People-is-me] : Friend: Channel:  #People !'
<ajmitch> sigh, idiots
* ..[topic/#ubuntu-server:ajmitch] : to: ubuntu-server development discussions | for general support see #ubuntu | U. S. (stable) at http://tinyurl.com/b3jek | U. S. (Devel) at http://tinyurl.
* ..[topic/#ubuntu-server:ajmitch] : ubuntu-server development discussions | for general support see #ubuntu | U. S. (stable) at http://tinyurl.com/b3jek | U. S. (Devel) at http://tinyurl.com/cllfu | U. S. dapper specs: http://tinyurl.com/aen9b | U. S. forums at http://tinyurl.com/b77qg | ubuntu-server@lists.u.c is up and running | searchable packages list: http://packages.ubuntu.com
* await neuralis ping 
#ubuntu-server 2007-05-14
<juantao> Hello, is there anyone here who could help me with a virtual hosting problem?
<juantao> I've either missed a step or misconfigured something: [warn]  NameVirtualHost jondowd.com:0 has no VirtualHosts
<juantao> The sites are visable world wide, but get that error when I restart apache (although the sites function ok)
<juantao> i've gotta go for now, if you have an answer, please mailto jondowd@jondowd.com - thanks
<Stonekeeper> Hi. Is this the place to ask about an issue I just had with my ubuntu 6.06.1 server? thanks
<\sh> Stonekeeper, what's your problem
<Stonekeeper> hi \sh. I had to reinstall the server in the end. It was a weird problem where the system thought it was out of space, when it wasn't. df kept producing errors because mtab was blank... all fun and games really.
<\sh> Stonekeeper, I don't think it has something to do with the server itself..which FS type did you use? 
<hansin321> The that I immediately like about Ubuntu Server was it's bloat-free base installation.  You can add whatever services you need after the fact, but it doesn't install and deploy them as the default.
<hansin321> I found this quote on the pidgin.im site; I think it fits Ubuntu Server well: Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away. --Antoine de Saint-Exupery
<hansin321> Anyway, I have enjoyed using running the server edition on an old PC at home and see that it has lots of potential.
<firecrotch> I'm trying to figure out how I would install Ubuntu Server edition on a headless machine.  I have a working laptop running Kubuntu and would like to install Ubuntu Server on an old desktop machine that I have (no mouse, no keyboard, no monitor)
#ubuntu-server 2007-05-15
<ph1zzle> hey all
<ph1zzle> I hope this is a quick question, I need to install php4 on server 7.04 but I am getting a error from apt-get saying that php4 is unavailable but refered to by another source, is there a way to install php4 on ubuntu server 7.04?
<ph1zzle> so...
<ph1zzle> no one knows how I can install php4 on server 7.04 aside from source?
<fujin> Does Feisty have Webmin in apt? I can't seem to find it
<ph1zzle> fujin, no, I don't think it does, I just did a search on packages.ubuntu.com and could not find it
<mralphabet> it's not a recommended package
<blmartin777> is ubuntu server any different from a debian server?
* Starting logfile irclogs/ubuntu-server.log
<blmartin777> Is anyone here?
<slackwarelife> Hi, I want to know if you are be able to change the ldap password and local passwrd using the gnome-about-me tool. If yes you can post your /etc/pmd/passowrd-common
<slackwarelife> /etc/pam.d/common-passowrd file, this is the file I need. Thanks
<slackwarelife> The problem is that my enterprise want to change the security policy. For this moment only the local password was changed, but now it had decided to implement a same windows structure (end of passwrd every 30 days, the password must be secure using pam_cracklib and all password must be change - LDAP + Local and othe application).
<slackwarelife> For me the problem is the last request, the ldap + local sincro change, I'm not be able to this at the moment. Any Idea ??? Thanks
<Burgundavia> hmm, never been able to get it working myself
<slackwarelife> I search a lot on net, I found some information. But... When I try only one of the two passwds where change
<slackwarelife> where --> were
<slackwarelife> My enterprise ask to me to not use the shell, only a gui. The users have not the possibility to use the command
<Burgundavia> hmm
<slackwarelife> I know, I must insert "pam_password exop" option in the /etc/pam_ldap.conf file. This will be able to syncro the request of passowrd change. It does not seem to happen null 
<slackwarelife> Hi, I have now another problem. Why the remember option in password pam_unix.so modules does not work ??? 
<slackwarelife> the file /etc/security/opasswd does not change.
<slackwarelife> any idea ???
<slackwarelife> I think ubuntu has some problem about setting a good clients, what do you think ??? Thanks
<hansin321> My ubuntu server is escaping spaces "\ ".  Is there a way to set it so it does not do this?  I may not have been paying attention, but in the past on some distros I think it may not have done this.
<hansin321> Or if it always does this, is there a theory as to why it is necessary?  Just curious.  I know Windows does the same thing.  BTW, it only does this from the command prompt when you tab complete, not if you do an ls listing.
<mralphabet> it has always escaped spaces for me
<hansin321> mralphabet: I might not have been paying attention in the past...  Oh well, I'm paying more attention now so I guess that is good.
<foo> Hm, it'd be cool if ubuntu 6.06 could offer newer php packages, like, 5.2.1 or something (instead of 5.1.2)
<lionel> foo: ask for a backport ?
<foo> lionel: Hmm, aha, ok. I need to play around with that - thanks
<lionel> foo: I have no idea if it is feasable or not. It have to be tested (but by opening a task, some people who are involved in backport will test it)
<foo> I see
<lucasvo> I am wrong or is it impossible to install apache2 & php5 only with supported packages?
<lucasvo> there's libapache2-php4 but I can't find php5
<lucasvo> oh my bad. there is php5
<lucasvo> sorry for the trouble
#ubuntu-server 2007-05-16
<Jonex> Why can't i connect to the server from another computer, fresh install. :)
<Jonex> Do I need to open it up on another interface?
<Jonex> nm
<Rescue9> anyone home?
<Rescue9> figures... :-P As usual, a freenode channel that's full, but no one is talking.
<UnNaturalHigh> I was wondering if anyone here knows if there is a .tar.gz of ubuntu-server, instead of the livecd?
<foo> Anyone used heartbeat? hm
<Pumpernickel> UnNaturalHigh: Why do you want a .tar.gz?
<UnNaturalHigh> Pumpernickel, I find the live cd annoying and cumbersome
<Pumpernickel> How would a .tar.gz help with that?
<UnNaturalHigh> Pumpernickel, listen, I don't want to describe my reasons to you and I don't want to argue this with you either
<UnNaturalHigh> I am assuming you have no idea
<Pumpernickel> I'm just getting type mismatch here, is all.  Archival format versus installation medium.
<djay-il> hello
<djay-il> I'd like to intall an ubuntu server on x3850 but it crashes on start. Anyone can help?
<\sh> djay-il, what crashes? 
<djay-il> \sh: kernel crashes with APIC messages and then tries SMP and crashes as well. I've tried to use noapic and nolapic, but to no avail. Maybe I'm using it wrong?
<\sh> djay-il, the install kernel or the production system kernel? 
<djay-il> install
<\sh> djay-il, x3850 == sun machine?
<djay-il> \sh: install kernel. I've tried to start with "server" but I get "no such kenel image" message
<\sh> ah ibm server ;)
<djay-il> IBM :-)
<djay-il> yea, quad-cpu
<\sh> djay-il, did you install 64bit or 32bit? if 64bit, try to install the 32bit version please, just to be sure, that's something with the 64bit kernel
<djay-il> \sh: 32bit; and I haven't installed it yet. Thats what I'm trying to do
<djay-il> \sh: so, anything?
<\sh> djay-il, try the 64bit flavour :) 
<djay-il> can't
<djay-il> I need specific environment
<djay-il> can I boot the uniproc kernel, not smp?
<djay-il> and, btw, why doesn't "noapic" work?
<mralphabet> djay-il: he suggested that you try 64 bit as a comparison, not as your answer.
<Patizivs> Hi, does anyone has working squidguard on feisty?
<waa> hi, i need use atheros restrict module but it is only available in linux-restricted-modules-2.6.20-15-generic and i'm using linux-image-2.6.20-15-server. What should I do? use 2.6.20-15-generic instead 2.6.20-15-server?
<Burgundavia> waa: you need atheros on a server?
<waa> Burgundavia, yes
<Burgundavia> aside from the slightly crackish idea of using wireless on a server, generic will work just fine
<waa> Burgundavia, it's going to be an access point
<Burgundavia> ahh
<ekidd> I tried applying the smbclient update on my workstation, and it said, "You are about to install software that can't be authenticated!"
<ekidd> I don't want to try to upgrade our servers until I figure out what's going on.
<ekidd> Were the packages signed incorrectly?
<slackwarelife> ekidd: try to use the shell with sudo apt-get update and apt-get upgrade
<ekidd> slackwarelife: Using sudo aptitude upgrade I get equivalent errors.
<ekidd> These packages aren't signed.
<ekidd> I could install them anyway, but not until I figure out what's going on.
<ivoks> do you have ubuntu-keyring installed?
<ekidd> WARNING: The following packages cannot be authenticated! smbclient samba-common libsmbclient
<ekidd> ivoks: Yup. And I can install other, non-security packages without problems.
<ivoks> hm
<ekidd> Have any of you applied these fixes?
<ivoks> which version is that?
<slackwarelife> ekidd: yes
<ekidd> ubuntu-keyring/feisty uptodate 2005.01.12.1
<ivoks> feisty...
<slackwarelife> ekidd: but i did sudo apt-get update and this fixes the problem, after I was able to upgrade
<ivoks> no problems here
<ekidd> Hmm.
<ekidd> Yup, apt-get update did it.
<ivoks> well, you have to do update first
<ivoks> always
<ekidd> Well, I'd already run an update earlier, or I wouldn't have seen anything to upgrade.
<ekidd> Maybe I caught a stale or incomplete version of something?
<ekidd> Anyway, it works. Thanks for the advice!
<slackwarelife> ekidd: I think is a problem about the server update (there is not the first time I had this message)
<ekidd> (I'm a little bleary-eyed this morning. One of our Debian servers at itself last night while upgrading to 4.0, and we wound up doing a full rebuild with Ubuntu 7.04 server edition. It's good to be on Ubuntu, but I was here to 11pm and a coworker to 6am.)
<ekidd> s/at/ate/
<ekidd> slackwarelife: Thanks, I'll keep that in mind! I'm a recent convert to Ubuntu on the server, and still need to learn all the quirks.
<slackwarelife> ekidd: which kind pf server are you doing with Ubuntu if I can ask ???
<ivoks> pf?
<slackwarelife> of
* ivoks all :)
<ekidd> slackwarelife: It's a Samba server with a couple terabytes of external RAID arrays, and it serves as a domain controller.
<slackwarelife> ekidd: PDC + Ldap :)
<ekidd> Yeah, not the sort of thing you want to die at 7pm. It was not fun--first the upgrade ate itself, then we had really bad IDE hardware problems while rebuilding it.
<ekidd> Sometimes Murphy just wants to make it clear who's really in charge, you know?
<ekidd> But Ubuntu is extremely shiny, so that's one piece of good news. My congrats to everyone involved in the project.
<slackwarelife> ekidd: Yes, now I don't sleep because I'm not able to connect my Ubuntu clients with Ldap + Samba PDC (my enterprise wants some security things)
<Rescue9> /msgchanservlist*ubuntu*
<Rescue9> /msgchanservlist
<gregbuntu> greetings all. anyone load ubuntu on IBM x86 server? (netfinity 5500 in my case)
<gregbuntu> trying to load ubuntu server on netfinity 5500. installer works until type of keyboard is specified, then seems hung on blank blue installer screen. tried several ubuntu versions (7.04, 6.10, 6.06.1) and same result for each. any ideas?
<gregbuntu> from installer console i get kernel messages "hda: DMA interrupt recovery" and "hda: lost interrupt", i have a raid 5 setup.
<gregbuntu> also get kernel message: "ide-cd: cmd 0x28 timed out"
<gregbuntu> these tree kernel message keep repeating every few seconds
<gregbuntu> ideas?
<slackwarelife> try to pass ide=nodma on the start
<gregbuntu> slackwarelife: bingo. installer proceeds now. thanks!
<slackwarelife> gregbuntu: nothing
<ph1zzle> hey all
<ph1zzle> I installed my system and gave it a the wrong domain name, it's up and running but the ssl certs in /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key have the wrong domain name listed and tell people that when they try to use them (dovecot imap-s), is there a way to recreate them?
<slackwarelife> sudo openssl req -nodes -config openssl.cnf -new -x509 -keyout CA/private/cakey.pem -out CA/cacert.pem -days 3650
<slackwarelife> sudo openssl req -config openssl.cnf -nodes -new -keyout /etc/ldap/slapd-key.pem -out slapd.csr
<slackwarelife> sudo openssl ca -config openssl.cnf -out /etc/ldap/slapd-cert.pem -in slapd.csr
<slackwarelife> these are the 3 commands I use
<slackwarelife> but you have done to configure yor openssl.conf
<slackwarelife> Change the name of cert with your ;)
<ph1zzle> thank you
<slackwarelife> My dir /etc/ldap/sapd are example, change it too, ok ;)
<ph1zzle> where is CA located?
<ph1zzle> or is that...
<ph1zzle> nm
<defaultro> hi folks, I need to build a server. FreeBSD/OpenBSD failed to detect my 8gig. I would like to try ubuntu but don't know where to download so I can try first if it will detect it. Maybe a livecd?
<ph1zzle> slackwarelife, I have a file called /etc/ssl/private/ssl-cert-snakeoil.key which seems to be a RSA private key, where does that come out in the description you gave, or does it
<ph1zzle> ok, the first command I did gave me two rsa keys
<ph1zzle> different sizes
<slackwarelife> ph1zzle: you have done all 3 command using ssl-cert-snakeoil like name, right
<ph1zzle> so far I have only done the first one, and I took out the dirs so I could see what I get and figure out where it goes
<gregbuntu> i've got an ubuntu install on my netfinity 5500 now. it has raid 5 setup. i get grub error 18 on boot now. i read that it is best to make the OS partition smaller to solve this. does this make sense?
<ph1zzle> openssl req -nodes -config openssl.cnf -new -x509 -keyout cakey.pem -out cacert.pem -days 3650
<ph1zzle> gregbuntu, does linux support your raid card, is the boot partition on raid, are the modules for your raid card being loaded, is the initramfs on raid etc
<slackwarelife> ph1zzle: ok this command create cacert.pem file
<ph1zzle> ok, I just ran the second one as well, lol, I was about to see what that creates 
<gregbuntu> ubuntu does support this raid interface (formatted and copied just fine), my raid array shows up as one logical drive (sda or 0,0,0) and that is where i told installer to create partitions. is there a way to get more verbose output from grub?
<slackwarelife> ph1zzle: the second create the *key.pem
<ph1zzle> good question, I would hit the man page / docs on that one but what you just told me sounds reasonable enough to assume it's grub
<ph1zzle> slackwarelife, I re did it from scratch with the correct names and I got this error on the final one
<ph1zzle> root@tolemedia:/etc/ssl# openssl ca -config openssl.cnf -out /etc/ldap/slapd-cert.pem -in slapd.csr
<ph1zzle> Using configuration from openssl.cnf
<ph1zzle> I am unable to access the ./CA/newcerts directory
<ph1zzle> ./CA/newcerts: No such file or directory
<slackwarelife> ph1zzle: Ok this problem is because you must change some to your openssl.conf file
<slackwarelife> ph1zzle: but I have some problem to post the line you must change here :(
<ph1zzle> um
<ph1zzle> ok
<ph1zzle> lol
<ph1zzle> oh, I see what your saying
<ph1zzle> fair enough, I will post it on the web next time, in fact that was my mistake in focusing on the other problem
<shawarma> defaultro: Did you find the livecd iso yet?
<ph1zzle> slackwarelife, I am now being told it is having a problem with index.txt and according to my openssl.cnf it's a database index file it is looking for
<slackwarelife> ph1zzle: If you want I'm in the launchpad tomorrow
<ph1zzle> I honestly don't know what the launchpad is
<slackwarelife> ph1zzle: ok, try this
<ph1zzle> gladly, and I appreciate your help
<slackwarelife> ph1zzle: cd /etc/ssl
<ph1zzle> right
<ph1zzle> I have been here the whole time
<ph1zzle> in /etc/ssl
<slackwarelife> ph1zzle: sudo mkdir -p CA/certs CA/crl CA/newcerts  CA/private
<slackwarelife> ph1zzle: chmod 700 CA/private
<slackwarelife> pz1zzle: if you don't want repeat sudo all time do sudo -s
<ph1zzle> right, I am already as root, and I just did all you mentioned
<slackwarelife> pz1zzle: all command we do with root privileges ok ;)
<ph1zzle> thats new to me though, lol, I always do sude su -
<ph1zzle> right, I am not so much a newbie, just never touched ssl before now too much
<slackwarelife> pz1zzle: sorry :-[
<slackwarelife> pz1zzle: let's go.    touch CA/index.txt
<slackwarelife> pz1zzle: echo 01 > CA/serial
<ph1zzle> ok
<slackwarelife> pz1zzle: now we can edit the openssl.cnf file
<slackwarelife> pz1zzle: 1 --> [ CA_default ] 
<ph1zzle> right, I am looking at it, I tried that command first before you mentioned it and it mentioned commonName needed to be supplied I am looking at that atm
<slackwarelife> pz1zzle: line to change --> dir		= ./CA   		# Where everything is kept
<ph1zzle> ok, I am using that dir atm
<slackwarelife> and these
<slackwarelife> certs		= $dir/certs		# Where the issued certs are kept
<slackwarelife> crl_dir		= $dir/crl		# Where the issued crl are kept
<slackwarelife> database	= $dir/index.txt	# database index file.
* ph1zzle looks
<slackwarelife> after these
<slackwarelife> default_days	= 3650			# how long to certify for
<slackwarelife> default_crl_days= 30			# how long before next CRL
<slackwarelife> default_md	= sha1			# which md to use.
<slackwarelife> preserve	= no			# keep passed DN ordering
<ph1zzle> ok
<slackwarelife> after these:
<slackwarelife> [ req ] 
<slackwarelife> default_bits		= 1024
<slackwarelife> default_keyfile 	= privkey.pem
<slackwarelife> distinguished_name	= req_distinguished_name
<slackwarelife> attributes		= req_attributes
<gregbuntu> in my raid config i have adapter cache 'on'. bad idea?
<gregbuntu> also int13 extention is 'no'
<ph1zzle> ok, so far everything you are mentioning is proper in the file, just so you know I have not changed it since I installed 7.04 but I will keep following
<ph1zzle> gregbuntu, you have me on that one
<gregbuntu> i'll try reinstall of grub...
<ph1zzle> int13 I beleive was a... no I am in thinking of int21, 
<slackwarelife> ph1zzle: and after you can compile this part [ req_distinguished_name ]  with your data
<ph1zzle> I would turn int13 on since it's an interupt used in mbr and boot code
<gregbuntu> reinstall grub has no effect. i will try int13 on now...
<ph1zzle> gregbuntu, I would also disable adapter cache... although it may be irrelevent but I am not sure 
<gregbuntu> ok
<ph1zzle> slackwarelife, openssl.cnf has localityName but no localityName.default, can I add this column?
<ph1zzle> er, row?
<gregbuntu> hmmm... still get grub error 18 with int13 on and adapter cache off
<ph1zzle> now that it's off do a re install of grub
<gregbuntu> maybe i'll try reinstall using small partition size
<gregbuntu> oh, good idea
<ph1zzle> what is the raid card?
<slackwarelife> mine:
<gregbuntu> it is 'ips' module
<slackwarelife> localityName			= Locality Name (eg, city)
<slackwarelife> localityName_default		= Casalpusterlengo
<gregbuntu> IBM ServeRaid interface
<ph1zzle> I did apply a commonName_default though and I am still getting an error that it was not specified, I was never asked for it... shoot
<ph1zzle> I am gonna start over
<ph1zzle> ok, it worked, lol
<ph1zzle> slackwarelife, I really do appreciate your help
<ph1zzle> should I buy you a hooker for the evening or something to say thanks? ;)
<slackwarelife> ph1zzle: nothing
<ph1zzle> lol, well thanks anyways, I do appreciate it a lot
<gregbuntu> grub install raid error 18
<gregbuntu> typed google search criteria in wrong window..DOH
<gregbuntu> ok i re-install grub to /dev/sda (the logical drive that represents my raid)...
<gregbuntu> still get error 18
<gregbuntu> during install, i have option for grub or LVM (or something like that). should I choose LVM for a raid situation?
<slackwarelife> gregbuntu:  Error 18: Selected cylinder exceeds max supported by BIOS
<slackwarelife> gregubuntu: it seems your Bios does not support your cylinder partition start
<gregbuntu> slackwarelife: this is scsi raid so that should not matter, right?
<gregbuntu> scsi bios can see everything
<gregbuntu> slackwarelife: there is a minor bios update however changelog reveals one small change related to win2k, so essentially bios is current
<gregbuntu> i notice there is --force-lba parameter for grub-install, but this only applies to IDE right?
<slackwarelife> gregbuntu: ok, I confess I know only the grub error. I post it because I think you can use it to solve your problem. Thanks
<gregbuntu> slackwarelife: i appreciate your help
<ph1zzle> gregbuntu, the 18 error is right afaik, there is no such thing as scsi only bios as far as I know, the fact is your getting the error because what grub is talking to as bios is having problems, now you may have an aditional bios on your card but it does not have access to the reserved functions that a computer bios has, now grub is making a int call which is getting picked up probably by your initial bios which then queries the raid card, it d
<ph1zzle> oes not know it's raid as far as I know and probably assumes it to be a pci style disk controller but the fact is the information it gets back is incompatible with your own bios
<ph1zzle> and no, you do not want lvm
<gregbuntu> ph1zzle: thanks. i wonder if grub in confused by ide bios (the cdrom is only ide device). i can try to disable ide in bios i guess...
<ph1zzle> gregbuntu, there is no such thing as ide/scsi bios
<ph1zzle> bios is the software that starts your computer before linux is loaded
<ph1zzle> grub isn't confused in this case, that bios which is programed into a chip that sits on your motherboard has an address space that is reserved for this bios
<ph1zzle> when any application does a bios interupt call, it gets a response from the bios on your motherboard 
<gregbuntu> ph1zzle: i gather that my system bios just passes off disk i/o functions to the scsi firmware (bios) that controls the scsi bus. is that correct?
<ph1zzle> gregbuntu, from what I understand, some functions it does and some it doesn't
<ph1zzle> now it's been a few years since I have learned assembly and wrote programs that make raw interupt calls so I am not a pro on this but I think for disk requirements it will still depend on your mother boards bios which it always should and the manufacturers should know this as well as using standards to configure it
<gregbuntu> ph1zzle, that makes sense. the strange thing is that this system was fully operational with win2k prior. so any bios limitation should have prevented that also. another thing that puzzles me is that with scsi drives, there is no place in the system bios for drive geometry, so i don't see how the system bios can be a problem here.
<ph1zzle> I am not saying the bios itself is the problem, It may just be part of whats detecting it or something the OS is doing to call a bios interrupt that is detecting it, honestly I don't know a 100% what the problem is yet but let me re read something, also what kind of card do you have
<ph1zzle> gregbuntu, read this http://www.gentoo.org/doc/en/grub-error-guide.xml#doc_chap6_sect1
<ph1zzle> what is the size of your hard disk anyways?
<gregbuntu> ah, i see. there are 6 scsi 18GB each, adapter is IBM ServeRAID 2.80.03
<ph1zzle> where is your boot partition on the disk?
<ph1zzle> or on the raid?
<ph1zzle> gregbuntu, type df -h /boot and paste the results into rafb.net/paste
<ph1zzle> df -h /boot
<gregbuntu> boot partition is on the raid: all disks are part of a raid 5 array that looks like one logical drive /dev/sda
<ph1zzle> btw, thats only a 108 GB @ 6 x 18, lol
<ph1zzle> one logical drive?
<ph1zzle> no partitions for perticular sections?
<gregbuntu> to clarify, it appears as one big disk (/dev/sda) however there are 3 partitions (sda1, sda2, sda5) and sda1 is first and boot partition
<ph1zzle> ok, fair enough then
<ph1zzle> thats what I was wondering
<gregbuntu>  ph1zzle, thanks so much for your help so far. i have an appointment now... i'll try this again tomorrow.
<ph1zzle> in that case I would suggest throwing an old ide in there as your first disk, copying /boot to it and making it the boot drive to bios, honestly I don't even know where on the raid the /boot is physically but neither does bios
<ph1zzle> and yeah, no prob, I was about to tell you I am going home ;)
<ph1zzle> cheers
<gregbuntu> good idea
#ubuntu-server 2007-05-17
<JoeyJoeJoe70> Hi there
<JoeyJoeJoe70> I have a newbie question re: telnet and ubuntu server
<JoeyJoeJoe70> I'm getting 'connection refused' when trying to telnet to my server. Is it that telnet is not installed? How can I find out (real newbie, here)
<ajmitch> no, telnet isn't installed, nor should it be
<ajmitch> ssh is a much better secure replacement
<JoeyJoeJoe70> I know but I'm just using it at home behind a firewall
<JoeyJoeJoe70> how do I install sshd then? I am using webmin to access/configure my server and I'm being told ....
<JoeyJoeJoe70> "he SSH server config file /etc/ssh/sshd_config was not found on your system. Maybe SSHD is not installed, or your module configuration is incorrect.:
<ajmitch> apt-get install openssh-server
<ajmitch> ah, webmin
<ajmitch> so you have no commandline access right now?
<JoeyJoeJoe70> precisely. I will have commandline access if I get up off the couch though. :)
<JoeyJoeJoe70> I will go run apt-get install openssh-server and follow my nose from there.
<JoeyJoeJoe70> How do you remote in from outside the network? I've used no-ip client before. Would that work?
* ajmitch is not sure how well webmin will work with ubuntu
<ajmitch> depends on how your routing is setup
<JoeyJoeJoe70> using dd-wrt on my Linksys router
<JoeyJoeJoe70> Thanks ajmitch. I'm in now with openssh-server
<NemesisD> hi im trying to walk my boss through getting some data off of a tape drive but unfortunately i don't know what im doing
<NemesisD> its plugged in via an adaptec pci adapter and he can't see it in lspci and can't see the drive in lshw -C disk nor device manager, whatn ext?
<Fezzler> could someone help me complete smb.conf?
<Fezzler> newbie first samba install
<Fezzler> no takers?
<Fezzler> help configuring samba for Vista box?
<Fezzler> samba question
<jimcooncat> I'd like to make a shared folder for all users on one computer (not a SAMBA shared folder) like /home/company. Where do I go for help on this?
<jimcooncat> is umask the key?
<qiyong> shipit ships desktop or server CDs?
<svschwartz> qiyong: shipit ships only desktop cds
<qiyong> svschwartz, it it documented somewhere? they should
<svschwartz> qiyong: I think it's because of small demand for server edition :) 
* svschwartz requested cds only for ubuntu logo stikers :) I can download it at any moment :)
<qiyong> svschwartz, server edition seems not quite popular
<qiyong> svschwartz, the stikers are bad
<qiyong> svschwartz, they pollute your fingers
<qiyong> svschwartz, does it work with pxeboot?
<svschwartz> qiyong: I don't think so. Admins demand server edition, and it's faster and easier to download it rather to request on shipit
<svschwartz> qiyong: you want to boot ubuntu server by means of pxe ? :)
<qiyong> svschwartz, install by pxe
<svschwartz> let's see
<svschwartz> I've installed debian 
<svschwartz> they've got netinst image, where you can take linux kernel and initrd image for network installation
<svschwartz> aha
<svschwartz> there you go :)
<svschwartz> https://help.ubuntu.com/community/Installation/Netboot
<gubluntu> how do i tell grep not to be sensitive to case
<gubluntu> and how do i tell curl not to output html tags
<gubluntu> you have 30 seconds
<gubluntu> jk
<gubluntu> any help is appreciated
<gubluntu> rtfm solved this
<gubluntu> thanks!
<robert-b> Hello
<robert-b> Can anyone tell me if the server 7.04 documentation is available in PDF yet? The doc page on lulu.com says go back to the ubuntu.com doc page to download it but I've looked for more than an hour and can't find it.
<robert-b> I fsomeone knows where to find the latest server PDF I'd appreciate hearing from you.
<robert-b> hi Greg
<gregbuntu> howdy
<ivoks> hi
<robert-b> hi ivoks
<shawarma> robert-b: https://help.ubuntu.com/pdf/ubuntu/C/serverguide.pdf   looks like the most recent pdf version.
<robert-b> Thanks, Shawarma. A quick check finds it's for version 6.06 :(
<ivoks> right
<ivoks> all server should be LTS
<ivoks> except if you really need virtualisation
<gregbuntu> if anyone is interested, here is solution for making grub work for my ubuntu install on ibm netfinity 5500 with hardware raid 5: update the scsi controller firmware
<gregbuntu> solved my grub error 18 issue
<robert-b> I was just looknig for something specific to 7.04. If there is no difference between it and 6.06 then I can just use the latter.
<ivoks> use it
<ivoks> depends on hardware
<ivoks> it's possible to have hardware that will work with 7.04, but not with 6.06
<FlyingSquirrel32> how can I search for a package by either part of a name or even a description with apt-get without a gui?
<mralphabet> google for ubuntu package, should get you to the package manager web interface
<mralphabet> I don't remember the url off the top of my head
<FlyingSquirrel32> thanks
<mralphabet> it's packages.ubuntu.com isn't it
* mralphabet rolls his eyes
<mralphabet> I doubt I'll forget that one again
<FlyingSquirrel32> mralphabet: sorry, didn't see your other response. yes it is. I didn't realize i could search it that way. Thanks.
<mralphabet> heh
<tideline> is 0415 the latest build of the server iso?
<mralphabet> tideline: sounds right
<mralphabet> tideline: http://releases.ubuntu.com/7.04/ agrees
<tideline> mralphabet: is that the released version of feisty server ?
<mralphabet> yes
<tideline> I ask because I had a little trouble with it after the install and wanted to know if I could attribute it to a nightly build problem
<tideline> ok cool - thanks - will troubleshoot 
<tideline> is there somewhere I can get or start working with gusty?
<mralphabet> not sure, I usually only run release
<mralphabet> not even sure they have really started working on it since the conference . .. last week?
<shawarma> mralphabet: We started almost a month ago. :-)
<tideline> ah ok, I wanted to get involved with the server team, I currently work in a all RH shop and want to cut costs, but we have a lot of sparc here too, so it's a good place to test
<tideline> well RH and solaris 
<shawarma> mralphabet: Development of each release starts on the day we release the previous one.
<shawarma> tideline: Cool.
<mralphabet> shawarma: ahh heh
<tideline> shawarma: where can I get started?
<shawarma> tideline: What do you want to do?
<tideline> anything ;-)
<shawarma> tideline: Well, #ubuntu-motu is a good place to start.
<shawarma> tideline: The MOTU's handles everything in universe (package things, fix bugs, etc.)
<shawarma> tideline: If that's a bit over the top for you, you can help out by triaging bugs on launchpad.
<tideline> shawarma: ok, will check there, like I said, I think I have a good background in what a "server" offering needs to have/be in an enterprise setting
<shawarma> tideline: Ah, so you're looking for more of a highlevel approach?
<shawarma> tideline: planning features and that sort of thing?
<tideline> kinda - but I'm not above triage duty too 
<shawarma> tideline: heh
<tideline> oh man gonne be late for the baseball game... gotta run shawarma thanks for the info will check back in again later tonight
<shawarma> tideline: We track feature requests on launchpad (in the blueprint section https://blueprints.launchpad.net/ubuntu/ )
<tideline> ok weill make a note
<shawarma> tideline: That would be a good place to suggest new features or feature sets.
<ajmitch> hello shawarma 
<shawarma> ajmitch: Good evening.
<shawarma> Or morning or whatever.
<shawarma> You've made it back to NZ?
<ajmitch> apparantly so
<ajmitch> after a long swim
<shawarma> Well, you had wifi access in Singapore, no?
<shawarma> Heh..
<ajmitch> hong kong
<shawarma> Ah, right.
<ajmitch> enough to check that nothing had blown up
<ajmitch> how's it going, anyway?
<shawarma> Just finishing off the last few things at uni. Last day is the 25th.
<shawarma> quite a few loose ends to tie up, it seems.
<shawarma> You?
<ajmitch> excellent
<ajmitch> just the usual work
<ajmitch> started planning/working on the server stuff?
<shawarma> Well... Sort of. I'm not sure how it's going to work now that it's not "my" project anymore.
<ajmitch> true
<shawarma> The next thing to do is basically to grab all of the existing solutions and see how much we can use and how much we have to write ourselves.
<ajmitch> no doubt there'll be a fair bit
<ajmitch> good luck with it :)
<shawarma> It seems eBox does a lot of it already, so that would be an excellent starting point if it wasn't written in perl. Now it's just a so-so starting point. :-)
<shawarma> I'm just curious why noone picked it up yet..
<ajmitch> getting a consistent interface for all this isn't simple
<ajmitch> so people end up using something like webmin
<shawarma> No, it's not. eBox does look shiny and consistent, though.
<ajmitch> and perlish :)
<shawarma> Yeah. 
<shawarma> With eBox I find myself looking for defects large enough to justify not using it since perl gives me the creeps. :-)
<shawarma> I haven't found them yet (on the surface that is), but that may change when I start digging through the code.
<ajmitch> you want something maintainable
#ubuntu-server 2007-05-18
<shawarma> Indeed. I've only looked at screenshots and feature lists yet, so I'm keeping my expectations low.
<SpaceBass> hey folks
<SpaceBass> is there a recommendation for something like novel's e-directory or an AD replacement that works will with feisty server?
<Fezzler> Space: you familiar with samba
<SpaceBass> Fezzler, fairly
<SpaceBass> but I didnt think clients newer than NT could really (truly) join to v3
<Fezzler> I'm lost.  Samba to Vista HP
<Fezzler> Square one, how do I tell if samba is installed right
<Fezzler> Interesting that v3 may be the issue
<SpaceBass> Fezzler, sorry...thought you were addressing my question :)
<SpaceBass> Fezzler, are you just trying to mount a share from a samba box to Vista?
<Fezzler> Space: Trying to get samba running on Ubuntu box and make it available to other computers in home network, beginning with Vista HP
<SpaceBass> Fezzler, glad to try and help, with the caveat that I only played with vista in beta
<Fezzler> sure
<Fezzler> My instinct is issue is on Ubuntu - ie - I don't have it set up quiet right
<SpaceBass> Fezzler, can you start with copying your smb.conf to pastebin.ca
<Fezzler> sure
<Fezzler> what folder is smb.conf in?
<Fezzler> perhaps I am too new to waste your time
<Fezzler> Space: told you I was lost
<Fezzler> Space: Can we start from scratch?  remove samba and reinstall?
<SpaceBass> sorry...I'm b/t dinner and a few other tings
<SpaceBass> but want to help
* SpaceBass will be around tomorrow
<SpaceBass> know thats not a lot for right now
<shawarma> He left.. :-)
<shawarma> 02:24 -!- Fezzler [n=christop@cpe-071-075-168-219.carolina.res.rr.com]  has left #ubuntu-server [] 
<cheeseboy> hi
<cheeseboy>  wat are all the pakages i need to run fluxbox and x on ubuntu server?
<cheeseboy> i tried fluxbox xinit gdm xserver-xorg
<cheeseboy> but x still wouldnt start
<foo> What were the errors? 
<cheeseboy> i dont have exact but couldnt find some fonts
<foo> hmm
<foo> Yeah, /me tries to remember the package with the fonts
<cheeseboy> kk
<foo> Try apt-get install xfonts-base
<cheeseboy> ok foo ill try tmmrw
<foo> hm, ok
<genii> Anyone try installing on a dual socket opteron 8222  system yet?
<svschwartz> nope
<svschwartz> genii: and u?
<genii> Not yet, but I'm considering a specific motherboard from Asus, and curious if anyone tried this yet
<genii> That is has a Broadcom nic in it is not encouraging
<genii> motherboard is KFN4-D16/SAS, the cpus would be likely 8222
<genii> I had issues with a Sunfire X2100 before due to the dual-core stuff. Had to use kernel option "notsc" for instance
<genii> (thiose were opteron 165)
<genii> Would like to know if anyone has installed to an Asus motherboard mode KFN4-D16/SAS with 2 Opteron 8222 SE yet. Considering this for purchase as a server but would like to know about any issues first (other than the Broadcom nic onboard)
<genii> Sorry, meant for another channel, summarising the question LOL :)
#ubuntu-server 2007-05-20
<foo> Ok, we swapped the RAID10 configuration (4 drives) from one board to another board... and Ubuntu hangs at: "Uncompressing Linux... Ok, booting the kernel." (hang) ... any ideas? The next few messages that *should* appear, are, "sda: assuming drive cache: write through" Startnig basic networking ... (I believe)... I'm thinking if I can get into a ubuntu live cd, I can edit grub with the new location since change motherboards with ...
<foo> ... the drives might have changed something. Thoughts?
<Kamping_Kaiser> another board=new raid controller?
<foo> Hm, nope, same raid controller
<Kamping_Kaiser> so what is changed?
<foo> Everything except the LSI logic RAID controller, drive order, drive configuration
<foo> :)
<Kamping_Kaiser> oh *grin*.
<ajmitch> boot without 'quiet' 
<foo> The box is remote, I'm thinking of having them get into Ubuntu live cd and setting up ssh for me. I just am not too sure what to change in grub. I suppose I can check the old grub against the grub the live cd used, right?
<foo> ajmitch: hmm, good idea. 
<foo> ajmitch: Hm, should I have them do that first... or should I have them just get the live cd up and set up ssh for me? I'm kind of crunched for time
<ajmitch> it should only take a couple of minutes to boot without quiet & see what's causing the problem
<foo> Ok, so do that, then get me into live cd
<foo> They can get into live recovery console probably and edit the /boot/grub/menu.lst without quiet, right?
<foo> If not that, then we try live cd
<foo> Sound good?
<ajmitch> or they can just edit the grub line directly without touching the file
<ajmitch> which is far quicker & is done from the grub menu
<foo> Hm, how would you do that? I'd have to walk them through this on the phone
<foo> Definitely
* foo loads up ubuntu VM to check the option
<ajmitch> press 'e' when the entry in the grub menu is highlighted
<ajmitch> and 'e' again on the kernel line, iirc, then b to boot
<foo> Actually... yeah
<foo> I just did in the VM
<foo> Ok, I can do this, thanks
<ajmitch> great
<foo> Kamping_Kaiser: Thank you too
<Kamping_Kaiser> no worries, glad ajmitch could help
<foo> Assume root bridge \_sp.pci0 + 0 ...
<foo> Something like this
* foo is just going to get in the livecd
<foo> Hm, booting with noapic and apic=off didn't help
<foo> Swapping the slot the controller was in didn't help either
* foo waits for ssh access from the livecd
<foo> Hm, on the ubuntu server 6.06 LTS support CD... is "rescue a broken disk" option the option for the live cd? Or no?
<foo> ACPI: Assume Root bridge [\_SB_.PCI] 
<foo> gah
<foo> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.17/+bug/66546
<foo> Hm, if I build a custom ubuntu kernel... performance gain will be very little, right?
<ivoks> depends on what you will do
<ivoks> performance could be even worse
<foo> Ah, I see. But, even if done right, performance gain is only very minimal, right?
<foo> ivoks: I'm trying to reaffirm my beliefs that optimizing a ubuntu kernel isn't even worth it. Reassure me. :)
<ivoks> it's not; makes life harder when it comes to security patches
<foo> Gotcha, ok, that's what I was looking for, thanks.
<foo> ivoks: bah, hit this bug today: https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.17/+bug/66546
<ivoks> pci=nommconf
<ivoks> that's common thing
<foo> Wait, that's the solution?
<foo> I did see that on there, but I didn't try it
<foo> I didn't know if it would work
<ivoks> it will
<foo> geez, ok
<foo> thanks
<foo> What does that command do?
<ivoks> disables MMC
<foo> Or, it's not a command
<ivoks> it's enabled by default in dapper
<foo> ah, I see
<foo> Thanks, we might give that a shot
<foo> What's MMC? Sounds processor related, I think. /me googles
<ivoks> but doesn't work with some PCI cards, iirc
<foo> ah, ok
<foo> Yeah, I didn't do it because I think someone said it didn't work for them on that bug post
<foo> We might give that a shot, though, waiting to hear back
<foo> ivoks: Hm, what does MMC stand for? It looks like it could stand for a few things
<ivoks> i'm not sure :/
<foo> oh, ok
<foo> Thanks anywho
<foo> Hm, no PCI cards in the motherboard they said
<ivoks> try it anyway
<ivoks> might be related to MB, not cards
<foo> ah, I see
<ivoks> it's MB thing
<ivoks> some kind of table for ACPI
<ivoks> http://lkml.org/lkml/2007/4/29/418
<foo> oh, thanks!
* foo checks
<foo> ivoks: Are you a dell fan?
<ivoks> fan?
<ivoks> i'm not fan of anything, trying to be reasonable all the time :)
<foo> ah, ok
<foo> hehe
<foo> ivoks: Would you happen to know if that issue is ubuntu specific?
<ivoks> it's not
<foo> aha, ok
<foo> ivoks: thank yo
<foo> u
<foo> ubuntu dapper request_module: runaway loop modprobe binfmt
<foo> Gah... another error
<foo> ajmitch: if you're still around, hm
<mistone> hey if I upgrade 6.06 to 7.04 I have to upgrade to 6.10 then to 7.04.... do I have to reboot twice after I upgrade to 6.10 can I continue to upgrade to 7.04 without rebooting ?
<mistone> or should I upgrade at all?
* Starting logfile irclogs/ubuntu-server.log
* Starting logfile irclogs/ubuntu-server.log
<gubluntu> i have installed ubuntu fresh on a machine with a 15 inch elo touchscreen (serial interface).. appreantly ubuntu has recogized it because i see it has installed the input elo xorg driver automagically.. i just have no idea how to get it working now.....
#ubuntu-server 2008-05-12
<yell0w> hey guys does anyone know how to reduce ntop's resource consumption ?
<yell0w> or know of a tool similar to it but better resourcewise ?
<pavlizz> hello there
<pavlizz> Can anyone help me I have some problems with software RAID and installation of ubuntu server
<nohelphere> i installed ubuntu server in birtualbox and it said the kernel requires the folloing feature snot present oin the cpu
<nohelphere> 0:6
<nohelphere> pleas echoose a kernel appropriate to your system
<nohelphere> what do I do?
<Deeps> how about a game of chess?
<nohelphere> that won't fix the problem
<nohelphere> virtualbox*
<Deeps> i'm out of ideas then
<pavlizz> I have create 3 raid arrays 1 raid 1 for my /boot dir  2 raid 5 for me / dir and anoher raid 5 for my swap the system is not booting after the installation
<Ashfire908> What's the "correct" place to put stuff like password files for apache authing for the default site of /var/www?
<Ashfire908> (Besides outside the web root)
<jimcooncat> static ip not working on my Gutsy. OK on my Feisty at work. Should I uninstall network-manager?
<Kamping_Kaiser> Ashfire908, depends what auth method you use. or are is my guess
<Kamping_Kaiser> jimcooncat, whats 'not working' mean?
<Ashfire908> a file based?
<jimcooncat> Kamping_Kaiser: keeps reverting back to dhcp
<Ashfire908> dbm, standard file, whatever.
<Kamping_Kaiser> Ashfire908, my memory indicates /var/lib/ somewhere
<Kamping_Kaiser> jimcooncat, do you have a static ip configured in /etc/network/interfaces ?
<Ashfire908> Is there a page or something on the interent describing all the different locations in the file system and what they are for?
<jimcooncat> not right now. I'll try again
<Kamping_Kaiser> Ashfire908, yes, halfa  tic
 * Ashfire908 can never seem to find stuff like this
<Kamping_Kaiser> ffs. neither can i , even though i know exactly what i want. slightly-longer-then-one-tick
<jimcooncat> Kamping_Kaiser: I tried again, and when under static ip I could not reach anywhere, including my router.
<Kamping_Kaiser> jimcooncat, is that when configuring the static ip to be the one that was assigned dynamically?
<jimcooncat> Kamping_Kaiser: the /etc/network/interfaces was set as http://paste.ubuntu.com/11588/
<jimcooncat> Kamping_Kaiser: when in Roaming mode it's fine.
<jimcooncat> I also tried stopping dhcp client too.
<Kamping_Kaiser> sigh. i cant find the blasted lhfs structure
<Kamping_Kaiser> jimcooncat, whats the gateways ip?
<jimcooncat> 192.168.2.1
<Kamping_Kaiser> is that what its configured to have, or what you think its configured to have? :) (just checking)
<jimcooncat> That's the IP of my router. That's what I thought the gateway address should be.
<Kamping_Kaiser> jimcooncat, can pastebin the output of `ifconfig` now, then reset the networking so it works again ("roaming mode" perhaps?), the pastebin the output of `ifconfig` from that
<Kamping_Kaiser> yes it should
<jimcooncat> Kamping_Kaiser: this is roaming mode: http://paste.ubuntu.com/11588/
<Kamping_Kaiser> jimcooncat, `ifconfig` not interfaces
<jimcooncat> Kamping_Kaiser: I have to drop out of irc to try static again
<Kamping_Kaiser> jimcooncat, i see
<jimcooncat> Kamping_Kaiser: http://paste.ubuntu.com/11589/ sorry, bad paste
<Kamping_Kaiser> jimcooncat, and this paste is the one that is working?
<jimcooncat> Kamping_Kaiser: yes. no gateway shown in it
<jimcooncat> weird
<Kamping_Kaiser> jimcooncat, gateway isnt shown in ifconfig. its shown by `route -n`
<Kamping_Kaiser> so perhaps pastebin `route -n` too
<jimcooncat> Kamping_Kaiser: route -n http://paste.ubuntu.com/11591/
<Kamping_Kaiser> jimcooncat, can you set the static ip (so it doesnt work) and run those two commands again?
<jimcooncat> sure -- going dark now
<jimcooncat> Kamping_Kaiser: http://paste.ubuntu.com/11592/
<jimcooncat> Kamping_Kaiser: route -n shows no data
<jimcooncat> Kamping_Kaiser: I just checked my interfaces file at work, and it's almost identical to what I wanted here. Only difference is that's running feisty.
<Kamping_Kaiser> jimcooncat, route had no data? that wont be helping
<Kamping_Kaiser> jimcooncat, you have no IP in that pastebin, so you wont be able to use the network
<jimcooncat> Kamping_Kaiser: not helping at all. thanks for yours though
<Kamping_Kaiser> jimcooncat, half a tic
<Kamping_Kaiser> jimcooncat, try `sudo ifconfig eth0 192.168.2.2`when running on the static configuration, then try and ping the gateway
<jimcooncat> k
<wo0f> asa
<jimcooncat> Kamping_Kaiser: ping worked after setting to static, even before your command
<Kamping_Kaiser> jimcooncat, did you try to ping the net/connect somewhere?
<jimcooncat> Kamping_Kaiser: shoot, I was pinging myself, not the gateway
<jimcooncat> Kamping_Kaiser: thanks anyway, guess I'll get some sleep and try tomorrow.
<Kamping_Kaiser> jimcooncat, hehehehe. i think your almost there, save your log and re-read it in the morning, i'm sure yuou'll get it
<jimcooncat> Kamping_Kaiser: keep cool. later.
<Kamping_Kaiser> later mate
<Navop> can someone help me out, can't seem to connect to ubuntu using putty (ssh), installed ssh server, changed network interface to static, I can ping the address np but can't use putty says network error:Connection refused
<Kamping_Kaiser> Navop, is ssh running? do you have a firewall?
<Kamping_Kaiser> are you using tcp wrappers?
<Navop> Kamping_Kaiser: installed ssh-server, not sure how to start shh-server
<Navop> usually it does start on its own
<RoAkSoAx> Navop, install openssh-server
<Navop> did that already
<Kamping_Kaiser> Navop, yes, usually it does. assuming <your ubuntu release> still uses sysv compatability, `sudo /etc/init.d/ssh restart` should make sure its running
<Navop> just tried restarting it like you said and still get error, was working fine before i change it to static
<Kamping_Kaiser> what does "get error" mean?
<Navop> Network error:Connection refused
<kraut> lol
<kraut> it's dead, jim!
<kraut> Navop: what do you get, when you do this:
<kraut>  /etc/init.d/ssh restart
<Kamping_Kaiser> heh
<kraut> Navop: what do you get, when you do this:
<kraut>  /etc/init.d/ssh restart
<Navop> I get Restarting OpenBSD Secure Shell server sshd    [ok]
<kraut> Navop: netstat -tulpen | grep 22
<kraut> what do you get?
<Navop> tcp6  0  0 :::22  ::*  LISTEN 0 12798 4761/sshd
<ScottK> Do you have IPv6 connection?
<kraut> Navop: that's localhost or where you want to connect to?
<kraut> ScottK: tcp6 shouldn't be a problem anyhow
<Navop> using my vista computer for putty, disable ipv6
<kraut> so you get connection resued when you connect to the ipv4 address?
<Navop> thats is on the ubuntu machine, tcp6 0 0 ...
<ScottK> kraut: But it should also be listening on IPv4 if he wants to connect that way.
<kraut> ScottK: tcp6 also listen to tcp4
<ScottK> Right.  Nevermind.
<Navop> i can ping my gatway from ubuntu computer
<kraut> so you get connection resued when you connect to the ipv4 address?
<kraut> uwwww, tool rocks da hell
<Navop> yes
<kraut> Navop: show me please iptables -L on that machine
<Navop> tried connecting to ubuntu using a Vista computer and a xp computer
<kraut> when it are to many lines, please pastebin them!
<Navop> kinda hard, using console, not sure how to use pastbin from console cmd line
<kraut> copy and waste
<kraut> you use putty atm?
<Navop> yes on vista to connect to ubuntu machine that is being setup, but the prioblem i can't connect to ubuntu computer, so i can't copy and paste
<kraut> ah, fuck
<kraut> do you know iptables?
<Navop> k did iptables -L
<kraut> what do you see?
<kraut> root@dreamland:/etc/samba# iptables -L
<kraut> Chain INPUT (policy ACCEPT)
<kraut> target     prot opt source               destination
<kraut> Chain FORWARD (policy ACCEPT)
<kraut> target     prot opt source               destination
<kraut> Chain OUTPUT (policy ACCEPT)
<kraut> target     prot opt source               destination
<kraut> like this?
<kraut> or more?
<Navop> all iget is Chain INPUT(policy ACCEPT), next line is target  prot opt source    destination, this i get 3 times
<kraut> ok, like this
<kraut> hmm
<Navop> yeah like that
<kraut> that's really strange
<kraut> cat /etc/host.allow please
<Navop> like is said i can ping address from vista, np
<kraut> and cat /etc/host.dissallow
<kraut> erm
<kraut> fuck
<kraut> cat /etc/hosts.deny
<kraut> cat /etc/hosts.allow
 * kraut is to drunken, sorry :P
<Navop> and if i go on the ubuntu machine and oing vista, np
<Navop> in xp you can type ip[config to see the ip, what command can do the same in ubuntu?
<Navop> ipconfig
<RoAkSoAx> Navop, ifconfig
<dougie_> ifconfig
<dougie_> lol
<Navop> ty
<kraut> rofl
<Navop> funny changed it back to dhcp, and i can login
<Navop> puttyu works with dhcp
<kraut> hhrhr
<kraut> that dude is craty ;)
<kraut> AOL
<Navop> kraut: got it working, changed the ip address from 170 to 200, also i think it might be the certificate from putty
<kraut> perhaps
 * kraut is to drunken
<Navop> where can i delete that certificate in xp
<kraut> ummm
<kraut> i have no idea about putty
<dougie_> don't ask me I don't even know what putty is :)
<Kamping_Kaiser> Navop, its stored in the registry
<kraut> some windows crap
<Kamping_Kaiser> iirc
<hotmonkeyluv> I have a laptop connected wirelessly to my network (a+b+g, I think, none of this N-draft nonsense), and I have a server with dual gigabit nics, and i'm only transferring at about 1.6 mb/s I'm no network pro, but isn't it supposed to go a bit faster?
<Kamping_Kaiser> how is the network connected? a b or g?
<Kamping_Kaiser> s/network/laptop
<hotmonkeyluv> I think it is all g connected
<hads> Wireless is never particually fast.
<hotmonkeyluv> it's a newer one, but not brand new
<Kamping_Kaiser> then it wont be much faster then it is.
<hotmonkeyluv> I just remember xferring at about 45 mbps
<hotmonkeyluv> is that not right?
<hotmonkeyluv> it was a while ago, so i might be mistook
<hotmonkeyluv> grrrr, I was hoping to transfer 13gb of crap in 13 seconds, not 2.3 hours
<hads> You need to be careful with your b's B's m's and M's setc.
<Kamping_Kaiser> *grin* not over wireless
<hotmonkeyluv> I know
<hotmonkeyluv> i just thought it'd go at about 4-6mbps
<Navop> Found where putty stores certificate.
<hotmonkeyluv> how do i add permissions to write to a filesystem?
<hotmonkeyluv> is it chmod?
<Kamping_Kaiser> what are you trying to do?
<hotmonkeyluv> let myself access my music
<hotmonkeyluv> that i'm going to put on a certain partition
<hotmonkeyluv> that I can't write to yet
<hotmonkeyluv> will <chmod -R rwxrwx--- /sda2> do it
<Kamping_Kaiser> as root probably yes, but thats not really a fix
<hotmonkeyluv> oh
<hotmonkeyluv> well, i can access it as root
<hotmonkeyluv> i wanted to do it as a user
<Kamping_Kaiser> i'd suggest remounting in /srv , and you'll want to change your fstab (probably set uid=1000 in the options)
<dougie_> you have to make the user an owner or what not
<dougie_> or do what he said
<dougie_> Do Raid 5 drives all have to be the same size?
<hads> The array will be limited to the size of the smallest drive.
<dougie_> so whats a Raid setup that will allow different sized drives?
<dougie_> there is a USB drive solution that uses raid and allows you to swap out any drive with any bigger size hard drive..... it also uses one as backup and what not like Raid 5
<dougie_> see if I can find it
<dougie_> http://www.drobo.com/
<dougie_> it has 4 drive bays and you can configure it with any size drives in any configuration and it uses all the space on all of them.
<dougie_> Or is that some sort of software thing it does and there is no Raid setup that will allow that?
<hads> drobo is some proprietry system, not normal RAID
<dougie_> so no form of raid can do that then...sucks
<dougie_> being as I have 3 500gig drives as is I suppose I'll just have to keep getting those. Luckily the Raid controller I'm getting has 16 ports
<dougie_> trying to find a rack mount hard drive chassis that will hold like 16 hard drives
<dougie_> because my server has SCSI hotswap bays and not much room internally for extra drives
<dougie_> thinking about getting a chassis from par-metal that is exactly 3.5" high and turn the drives on their side and drill holes in the top and bottom for each drive....would probablk be cheapest and easiest as well
<dougie_> then just figure out how to wire in LED's for each HD and what not...I think it could work well
<infinity> nxvl: Am now...
<dougie_> anyone know what an ldap server is?
<dougie_> I'm installing ebox and its doing the config....it doesn't really explain what it is though. Wondering if this is where I put what IP I want to use to access the config page or what not
<RoAkSoAx> dougie_, http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html
<dougie_> ok.... I'm going to install a CLI browser so I can tell you what its asking for cause I still don't really understand what to put in
<dougie_> CLI IRC client I mean
<dougie_> it's saying "Please enter the URI of the LDAP server to use" I don't have an LDAP server so does that mean I don't need to worry about it?
<MacMatt> Hello, can anyone tell me if ubuntu server allows LAN Booting?
<dougie_> I'm going to take a guess and say that the LDAP settings do not matter for me
<MacMatt> how do I setup a server to LAN boot?
<MacMatt> ..anybody?...
 * Kamping_Kaiser slaps macmatt for being a twit
<MacMatt> ...anybody here?...
<Kamping_Kaiser> ...
<Kamping_Kaiser> afk for 30
<nxvl> infinity: can you take a look at Bug #229374
<uvirtbot> Launchpad bug 229374 in sbuild "Please merge sbuild 0.57.2-1 from debian (sid)" [Undecided,Confirmed] https://launchpad.net/bugs/229374
<nxvl> infinity: i have left a message for you inthere
<RoAkSoAx> o/ nxvl
<nxvl> RoAkSoAx: go sleep
<RoAkSoAx> nxvl, don't feel like... u go :P
<dougie_> hmm.... well server seems to be running rather well with ebox :) Now I need to figure out how to make public folders that any computer can use. Like music, video, picture folders
<dougie_> although somethign a bit strange says there is 62.98gb's available but I only have 3 18gb SCSI drives in the server at the moment and they are running raid 5
<dougie_> it's osx so maybe thats the space on this computer and the space on the server together that I can use?
<infinity> nxvl: config.sub and config.guess are updated when the package is built, it's just cruft.  Don't worry about it.
 * delcoyote hi
<dfad> join #ubuntu
<dfad> Hi, does anybody know the easiest way to install DNS in my ubun.server???
<\sh> apt-get install bind9 ??
<\sh> if you mean dns server...
 * faulkes- yawns
<ichat> greetings yall - i have 2 quistions... to get started...  1> are there any gui-based utils for ubuntu-server   2> does ubuntu-server by default support setting it up with  software-raid?
<ichat> some people sugested stuf like installing gnome or sutch, but thats absotuletly not what im looking for...
<faulkes-> but "gui-based utils" do you mean something like webmin (which is not supported by ubuntu)
<faulkes-> the webmin equivalent in ubuntu would be ebox
<faulkes-> and yes, by default software-raid is supported
<faulkes-> well, actually, I'm not sure on the last point, I know it supports LVM out of the box
<faulkes-> but if you're looking to configure raid10 or some such, that may require additional config work after the base install
<ichat> im looking to instal ubuntu on a mobo that connects 6 pata and 4 sata disks..  in raid 5 or multiple raid 5 arays...
<faulkes-> you would be best to do the base system install and then create the arrays as you see fit
<ichat> and would wish to managage and install my server somewhat like the desktop altern image (so i dont care for the fancy stuf but  i do need some sort of help getting it all on track... (i hope that epox - not seen that yet?? ).. will help
<faulkes-> ebox will generally help you but it is by no means a replacement for underlying knowledge of the packages themselves
<faulkes-> if in doubt, always refer to official documentation at help.ubuntu.com (iirc that is the site)
<faulkes-> and of course, always feel free to come here and ask specific questions
<\sh> ichat: you can install by default on sw-raid...but it only makes sense, if you have less disks to use raid on...when you have a lot of sata crap, you should think about a good sata raid controller
<\sh> ichat: it will safe cpu power ;)
<uvirtbot> New bug: #229529 in samba (main) "Nautilus hangs with smb" [Undecided,New] https://launchpad.net/bugs/229529
<ichat> \sh - prob is that i want to combine the  4 sata drives with 6 pata drives (all ar 200gb in size)
<\sh> ichat: ugh
<ichat> ugh - why?
<\sh> ichat: you can try with sw-raid depends on what you want to do.. just for space, it's ok...when you want speed, I wouldn't go with it
<ichat> well i tried to looking a 0channel-raid adapter - but it seems there aren't many of those
<ichat> - m m
<\sh> ichat: well, i have several machines with areca here...works very well...sata drives, but sas backplane ... works ;) don't ask me how ;)
<ichat> lol there is no dif in sas v/s sata  - only the way the ar handled
<ichat> on big dif is the life-span / solidness  / stability of the certain drives
<ichat> but the areca are supposed to be for scsi right?
<\sh> ichat: no...sata
<\sh> ichat: the fastest raid6 sata controller we know
<\sh> or s/we/I/
<ichat> doss it support the onbord conects as well?
<\sh> ichat: well, it has special cables for connections..our areca support 4 drives per backplane...so it has 4 backplane adaptors
<ichat> ah i see
<ichat> that ebox thingy - it looks quite nice
<stickystyle> how suitable is the kvm implementation in 8.04 for hosting servers?  I'm fairly well versed in VMware but I am always trying to learn new things, but from all the how-to's on kvm/virt-manager they seemed to be focused on virtualizing desktops.
<mathiaz> stickystyle: not really - kvm/libvirt works well on servers.
<mathiaz> stickystyle: virt-manager is the only piece of software that requires an X server.
<mathiaz> stickystyle: and it can be used from one workstation to manage multiple kvm servers.
<stickystyle> mathiaz: so I'm not going to be wasting my time making test virtual servers (and maybe real servers) with kvm/libvirt?  I was just concerned that it was a product similar to VMware player / desktop, which would be foolish to run servers under.
 * stickystyle has only just started reading about kvm
<mathiaz> stickystyle: not at all. kvm/libvirt-bin doesn't require any X environment.
<stickystyle> mathiaz: Nice.  thanks, looks like I have a new project at work now :-D
<mathiaz> stickystyle: if you're running out of projects, I'm sure I can find some Ubuntu related one ;)
 * \sh could need a paid ubuntu related project too ,-)
<stickystyle> I've been wanting to dedicate more time to ubuntu as a whole, but so far have just been able to donate forum time and little tweaks to the wiki.  I've been looking for a package to help maintain that excites me and I can stay behind, but all the ones I use day to day are pretty well spoken for, and I'm not sure what more I can contribute.
<stickystyle> As the folks that do maintain them are light years beyond my knowledge.
<mathiaz> stickystyle: Have you looked at the GettingInvolved page from the Server Team ? https://wiki.ubuntu.com/ServerTeam/GettingInvolved
<Koon> stickystyle: don't believe that, they all started like you :-)
<stickystyle> Hum, hadn't really looked at the SeverTeam (browsing it now) page...I'm going to have to spend some time digging through as there are are a few things there I think I can do, thanks for the link.
<nealmcb> stickystyle: thanks - hope you find something interesting :-)
<ichat>  \sh really -
<ScottK> stickystyle: You don't happen to use clamav do you?
<stickystyle> yes, I do have it installed on my mail gateway.
<ScottK> stickystyle: If you are looking for a way to contribute we need help with testing new versions of clamav.  Let me get you a couple of links ...
<stickystyle> don't really 'use' it much since we are a linux/OS X office so its more there to catch 'virus spam'
<stickystyle> but sure, I can look.
<ScottK> https://wiki.ubuntu.com/MOTU/Clamav and https://launchpad.net/~ubuntu-clamav
<ScottK> stickystyle: How do you integrate clamav into your mail gateway?
<stickystyle> amavis-new
<tritonx> Hi, can anyone help me with RAID1 ?
<nijaba> !ask tritonx
<ubottu> Factoid ask tritonx not found
<nijaba> tritonx: don't ask to ask
<tritonx> ok, http://www.howtoforge.com/set-up-raid1-on-a-running-lvm-system-debian-etch-p2, I used that tutorial, and I'm stuck at step 5
<tritonx> Moving Our Data To The RAID Arrays, the command pvmove gives that  sudo pvmove /dev/sda5 /dev/md1
<tritonx>  No physical volume label read from /dev/sda5
<tritonx> Physical volume /dev/sda5 not found
<tritonx> any ideas ?
<tritonx> should I try it from a LiveCD ?
<ScottK> tritonx: Does /dev/sda5 exist
<tritonx> yes
<tritonx> what do you mean, in what form whould it exist ?
<tritonx> from fdisk: /dev/sda5           18706       19457     6040408+  fd  Linux raid autodetect
<zul> kirkland: might as well open a bug in apache as well at issues.apache.org
<kirkland> zul: perhaps, but I don't think the problem is in the apache source, i think it's in the openssl library that mod_ssl is built against
<kirkland> yum
<ScottK> dpkg?
<kirkland> nah, literally "yum, this is good coffee"  :-)
<ScottK> OK.  I thought it way a package management thread.
<kraut> moin
<Kamaze> hi
<Kamaze> To be straight forward, we freshly installed our new Rootserver with Ubuntu 8.04 minimal (64bit) with 2 HDD's in a Soft Raid1. Ubuntu is installed on /dev/md1 and LVM with PV on /dev/md1 with the volume group XEN
<Kamaze> The base system runs without Problems, but when we try to Boot the Xen Kernel from the metapackage server-ubuntu-xen, there is some trouble
<Kamaze> The machines is pingable, but SSH login fails imediatly, with Connection Refused
<Kamaze> When booting the default kernel, everything works fine
<Kamaze> In Dmsg.log is nothing useable....
<ivoks> boot xen kernel and check if ssh service is running
<ivoks> then try ssh localhost
<Mastacheata> Server is only remote accessable via ssh
<Kamaze> Mastacheata can tell you more
<Mastacheata> Connecting from remote to running/or not running xen kernel provides me with connection refused
<Mastacheata> Only way to diagnose what's happening is possible from remote or via mounting the disk in rescue system
<ivoks> Kamaze: are you sure ssh service/daemon is running?
<Kamaze> ivoks, Mastacheata is the guy you should talk with, i didn't notice that he was here
<Kamaze> We're talking from the same server :)
<Mastacheata> When booting other parallel installed kernels (ubuntu-minimal) ssh and everything works fine
<ivoks> ok
<Mastacheata> so i can't see any reason why sshd shouldn't be running whithin xen kernel
<ivoks> Mastacheata: you have one ubuntu-server installation with two kernels or you are talking about two different installations?
<Mastacheata> One single install
<ivoks> ok, could you boot xen kernel now?
<ivoks> and check if ssh is running (ps ax | grep ssh)
<Mastacheata> I've got no local access to the server so if i reboot server with xen kernel i can't do anything with it
<ivoks> ok
<JanC> try putting that line into rc.local or someting   ;)
<ivoks> but you have /var/log/syslog, right?
<JanC> and save the output to a file
<Mastacheata> syslog is existent
<ivoks> you said you could ping IP, right?
<Mastacheata> correct
<ivoks> it's hard to find out what happend if you can't boot xen kernel :/
<ivoks> you could try a risky thing...
<ivoks> put '/usr/sbin/sshd -p 1111' in /etc/rc.local, before 'exit 0'
<ivoks> that would open ssh on port 1111
<Mastacheata> Thanks in advance, i've got to make a break, will try your tips and come back later (say an hour or so)
<ivoks> i'll probably be here
<ivoks> feel free to ping me
<uvirtbot> New bug: #229654 in samba (main) "muliples crashes after 6.06 to 8.04 x64 upgrade" [Undecided,New] https://launchpad.net/bugs/229654
<cyris|> anyone know off the top of their head where openldap logs failed login attempts to?
<nat2610> Hi, I m trying to setup sshd_config to accept the authentification through my rsa pub key
<nat2610> for now, I copied it into authorized_keys but when I ssh it asks me a ssh password
<nat2610> what should I change
<nat2610> ?
<Deeps> you need to enable public key authentication in sshd_config
<Deeps> and restart sshd
<Deeps> and ensure the user that you're trying to ssh in as using the key has perms 700 (rwx------) on .ssh and authorized_keys
<Deeps> then you need to make sure that whatever you're using to ssh with knows about the key and knows to try authenticating with it
<JanC> cyris|: maybe to de auth logs?
<JanC> (if they don't go to the LDAP logs)
<cyris|> JanC I just checked there and nothing
<cyris|> where are the LDAP logs located tho? I don't see anything in slapd.conf that tells me :S
<JanC> somewhere under /var/log/ I suspects  ;)
<JanC> -s
<JanC> maybe it also depends on the authentication method where exactly it goes
<cyris|> Oh right I guess it would
<JanC> (I've never used OpenLDAP, so just guessing from other daemons ;) )
<nat2610> Deeps: the pub key authentification is enabled (by default) and the perms are good... I m using ssh on a ubuntu to ssh to my server
<JanC> nat2610: does it ask for the server password or for your key passphrase?
<Mastacheata> Hey there I'm back again. Problems still the same (Xen Kernel won't boot [at least i think so since rc/init scripts aren't executed] while the normal ubuntu kernel [parallel on the same system] boots perfectly diagnostics only via logfiles as there is no local access to the server)
<JanC> also, make sure to mention the correct user on the ssh commandline (unless it's exactly the same as your local user)
<Mastacheata> I've got no idea where the problem is and how to find any more detailed info on the reason for not booting
<nat2610> JanC:  the pswd ...
<nat2610> JanC: the users are the same
<nat2610> and i double by explicitly chosse user@ip
<nat2610> double checked
<JanC> nat2610: and you're sure you're connecting to the right server (no test IP & domain in /etc/hosts or something)?
<JanC> Mastacheata: I guess you could try to configure things to log more...
<nat2610> yeah I m checking the log of sshd
<nat2610> so it really see me coming and reject me for the password
<Mastacheata> Any hints on what to log specifically? (e.g. what should write more detailed logs)
<nat2610> does it help this log ?
<nat2610> debug1: Trying private key: /home/nat/.ssh/identity
<nat2610> debug1: Offering public key: /home/nat/.ssh/id_rsa
<nat2610> debug2: we sent a publickey packet, wait for reply
<nat2610> debug1: Authentications that can continue: publickey,password
<nat2610> debug1: Trying private key: /home/nat/.ssh/id_dsa
<nat2610> debug2: we did not send a packet, disable method
<nat2610> debug1: Next authentication method: password
<nat2610> are u able to identify where is it wrong if it's a conf problem ?
<JanC> sounds like the key doesn't work
<JanC> maybe rsa vs. dsa issue?
<nat2610> JanC: where do I check that ?
<JanC> check what you can use in both systems
<yell0w_> hey guys is there  a way to test the best repos mirror in CLI ?
<yell0w_> nat2610: try ssh-keygen ssh-add and ssh-copy-id
<nat2610> yell0w_: what do you mean ? I already regenerated my ssh keys to be sure that it wasn't that
<yell0w_> ok, then ssh-add to add the key to ssh-agent, then ssh-copy-id to send the public key to the remote host and set things up there
<nat2610> how can I use ssh-copy-id, I can't authenticate on my server with that specific user
<nat2610> should I scp that via another user ?
<yell0w_> nat2610: can you do that with password now ?
<yell0w_> nat2610: no, not with another user
<nat2610> no, there is no password setup for that user
<nat2610> I guess I can create one temporary
<yell0w_> well unless you want to log ito that user's shell
<nat2610> yell0w_: I did what you said but I still have the smae error : debug1: Trying private key: /home/nat/.ssh/id_dsa
<nat2610> debug2: we did not send a packet, disable method
<nat2610> debug1: Next authentication method: password
<yell0w_> nat2610: can you log in with password ?
<nat2610> yes
<nat2610> but the idea is to not use password
<yell0w_> ssh-keygen -vv -t rsa -b 4098 -C "danang-ssh-key-rsa-user20080503-2008-0504" -f danang-ssh-key-rsa-user20080503
<yell0w_> something like that
<yell0w_> to generate a key
<yell0w_> then ssh-add /path/to/privatekey
<yell0w_> then ssh-copy-id  user@remoteserver
<yell0w_> login using password
<nat2610> what will be the difference with doing a simple ssh-keygen ?
<yell0w_> done
<yell0w_> nat2610: specific bits, type,name
<yell0w_> nat2610: do a man on ssh-add ssh-agent and ssh-copy-id
<yell0w_> does anyone know of an equivalent to netselect-apt ?
<yell0w_> :/
<yell0w_> pointless thing to include in ubuntu when it search for debian repos
<ScottK> yell0w_: Patches to make it search Ubuntu repos welcome.
<ksclarke> What do I have to do to get ubuntu server to boot immediately rather than hang at the 'boot:' prompt waiting for a keystroke?
<ScottK> ksclarke: It's actually booting, just it gets ahead of itself and ends up on a different TTY.
<ScottK> At least that's the usual situation.
<yell0w_> ScottK: http://www.ubuntu.com/getubuntu/downloadmirrors  https://wiki.ubuntu.com/Mirrors
<yell0w_> should i use the first one ?
<ScottK> yell0w_: I'm gonna go with https://launchpad.net/ubuntu/+archivemirrors - but I'm not certain.
<ScottK> That at least looks like it's dynamically updated.
<ksclarke> thanks ScottK, so I should be able to put this somewhere else, reboot remotely, and still login via ssh?
<ScottK> ksclarke: Should.  As long as you've installed openssh-server.
 * ScottK suggests verifying for yourself.
<ksclarke> thanks
<c00l2sv> hi, did somebody succeed in configuring postfix with dkim-filter ? can that one help me too?
<tonyyarusso> Okay, bit of a weird upgrade issue.
<tonyyarusso> I'm using apt-mirror to make a local mirror of the repositories.  I upgraded all of the other machines that rely on it for their packages from 7.10 to 8.04 just fine.  However, now that I'm trying to upgrade the mirroring machine, it tells me "No new release found".  Tried switching it to using the real mirror instead of itself, and it did the same thing.  Any ideas?
<arooni> how do i run:  sudo locale-gen en_GB.UTF-8 ... i'm getting:  'locale-gen command not found' .... what should i do (ubuntu hardy)
#ubuntu-server 2008-05-13
<arooni> when trying to set locales in ubuntu i fail hard:  http://pastie.caboo.se/195796  ... ideas?
<Mastacheata> tonyyarusso - your server might have all of the new packages but none installed so you won't need to download the new ones but only install them. There was a dpkg parameter doing that. I forgot which, but you can find that yourself
<nealmcb> I'm on my way to Prague - see you there!!
<sommer> nealmcb: party!
<tonyyarusso> Mastacheata: That sounds like it makes sense, since they would have all been downloaded into the apt cache for the mirror.  I suppose if I can't find the paramater, I could clear /var/cache/apt/ and that might short-circuit it eh?
<Mastacheata> Makes sense to me too
<Mastacheata> But I'm just guessing, no real knowledge behind...
<tonyyarusso> Mastacheata: as far as this parameter you speak of, if it's a dpkg thing, how would I pass it to do-release-upgrade, or should I be using something else entirely?
<Mastacheata> I guess the problem is that dpkg has all of the packages but not installed so there must be a parameter for dpkg which makes it install the packages. I haven't thought to the point at which you select the packages to install, yet.
<sparky01> anyone running Nexuiz server on Ubuntu server 8.04
<sparky01> doesn't seem to work with the file from the repos or the binary from sourceforge
<sparky01> video game servers are a mission critical app
<sparky01> critical for slaking off
<sparky01> =P
<sparky01> ok
<sparky01> i
<sparky01> guess
<hads> arooni: locale-gen is in the package belocs-locales-bin
<xenocampanoli> I hope someone is here.  I'm having trouble configuring ruby.  Apparently the "Action" directive is not available in Ubuntu's version of Apache2?
<xenocampanoli> I hope someone is here.  I'm having trouble configuring eruby.  Apparently the "Action" directive is not available in Ubuntu's version of Apache2?
<xenocampanoli> Sorry, I meant "ERUBY".lc
<nxvl> 2 more days!!
<nxvl> wohooo!!!
<emgent> heya nxvl :)
<nxvl> emgent: :D
<sparky01> Anyone get Nexuiz server working/
<MacMatt> Hello?
<MacMatt> ...anybody?
<RoAkSoAx> !hello | MacMatt
<ubottu> MacMatt: Hi! Welcome to #ubuntu-server!
<MacMatt> Can anyone here help setting up a LAN boot server?
<MacMatt> no...?
<MacMatt> a LAN Boot server?
<MacMatt> so, ... no one knows?
<MacMatt> ...no one can help?
<ScottK> MacMatt: This is kind of a quiet time of day here.  You'll find more people active during the US/European business day.
<MacMatt> oh
<MacMatt> ok
<MacMatt> thanks
<RoAkSoAx> has anyone installed csync2 in Ubuntu?
<Navop> Question in the perfect server setup they install ProFTPD, do you really need a ftp
<ScottK> Navop: Only if you're a fan of tranmitting unencrypted passwords on the internet.
<Navop> ty
<Navop> how can i d/l ispconfig2.2.23 in console mode?
<ScottK> Just download it or install it?
<Navop> I need to d/l first the install it to server
<Navop> can u use apt-get install ispconfig2.2.23?
<ScottK> With sudo in front of it yes.  That'll download and install it.
<ScottK> It should just be sudo apt-get install ispconfig
<ScottK> Except that package doesn't seem to be in the Ubuntu repository.
<Navop> yeah, wonder where i can get it from
<ScottK> They don't seem to host .deb's either.   Not sure what to tell you.
<Navop> ty for the help, will go and ask in ubuntu room
<pschulz01> Greetings.. how do I install 'mono' under hardy? There doesn't seem to be any 'mono' package available.
<pschulz01> mono-gmcs ?
<pschulz01> Anyone here..?
<Navop> ScottK: got my answer :)
<Navop> ls
<arooni> hey folks!  when i do sudo crontab -e ... i'm not editing with vim.  how can i fix this?
<Jeeves_> update-alternatives, afaik
<Jeeves_> But I always forget how that works :)
<arooni> Jeeves_, is that for me?
<hads> or just export VISUAL=vim
<Jeeves_> arooni: Yes
<Jeeves_> hads: You could do that, but that only works once
<hads> Well yes, unless you put it in your .bashrc
<Jeeves_> hads: That's true
<arooni> how do i make sure that mysql server, apache server comes back up automatically upon hardy server restart?
<hads> They will by default
<arooni> how come 'reboot' doesn't cause mys erver to reboot
<arooni> awesome!
<Jeeves_> arooni: If you did an 'apt-get install', that automatically
<hads> you'll need to sudo reboot
<arooni> how can i test to make sure mysql server and apache server came back up
<arooni> i just did a reboot
<hads> Um... use them?
<arooni> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<arooni> ubuntu /var/www: ps -lA | ack apache ... yields nothing
<arooni> and yes i did install with sudo apt-get install
<arooni> anyone know how to get the mysql server to load on ubuntu hardy server?  i run it:  but it gives me the error of  [ERROR] Can't start server: Bind on TCP/IP port: Cannot assign requested address; 080513  2:08:54 [ERROR] Do you already have another mysqld server running on port: 3306 ;   tried stopping it & running netstat -plon | grep 3306 with no results.   ... ideaz?
<AtomicSpark> arooni, did you try installing it with tasksel? the LAMP option?
<arooni> AtomicSpark, i dont recall;  i used linode.com;  who had their default ubuntu hardy install
<AtomicSpark> oh. how did you install mysql then? or did they?
<arooni> AtomicSpark, no i did;  i believe i ran sudo apt-get install mysql
<arooni> ro mysql-server; not sure which
<AtomicSpark> hmm
<AtomicSpark> are those dedicated servers? not bad for 20/mo
<arooni> no they are vps
<AtomicSpark> oh virtual.. hmm.
<AtomicSpark> are you sure you didn't have mysql installed already? it's usually installed with LAMP
<arooni> not sure;  i thought i needed to run sudo apt-get install
<arooni> errors:  http://pastie.caboo.se/195925
<AtomicSpark> that is very interesting
<AtomicSpark> is this a production machine? hosts a website? don't want to tell you to try things :P
<arooni> hosting a web app
<arooni> its cool
<arooni> we can blow it up
<AtomicSpark> well first do this. run "sudo tasksel" you should get a blue screen. same as during install.
<AtomicSpark> tell me if LAMP option is checked
<AtomicSpark> oh wait
<AtomicSpark> those errors are coming from mysqladmin. that's not mysql.
<AtomicSpark> are those client or server errors?
<arooni> i'm having problems with my locale that i can see:  perl: warning: Please check that your locale settings:
<arooni>   	LANGUAGE = (unset),
<arooni>   	LC_ALL = (unset),
<arooni> 	LANG = "en_CA.UTF-8"
<arooni>  
<arooni> oops sorry for apstie
<arooni> AtomicSpark, i'm trying to login to the the admin... but i really want the server to be up more than anything
<arooni> it doesnt seem to be up
<AtomicSpark> well admin is pretty pointless unless you can run it from the server. which requires gui.
<AtomicSpark> its for configuring the server part. you probably want the query browser to interact with databases
<arooni> AtomicSpark, thats what i mean yes
<AtomicSpark> hm.. not sure what to tell you. i'm sure the mysqld was installed when they installed the LAMP stack (not sure if proper term)
<AtomicSpark> you could always check if there is a mysqld or equivalent in /etc/init.d/
<arooni> i think its a iptables thing
<AtomicSpark> could be. ubuntu does block everything by default. it should open up the ports as the programs are installed though.
<AtomicSpark> you could always re install. it wont remove config files unless you purge it.
<hads> AtomicSpark: mysqladmin is a CLI program provided to administer mysqld, also the default policy for iptables is allow.
<arooni> ok fixed it!
<arooni> looks like my locale isn't being set properly:  http://pastie.caboo.se/195926 ... on ubuntu hardy... any ideas on how to fix?
<AtomicSpark> hads, i thought he was referring to the gui tools. :P and i thought i read that ubuntu blocks all unused ports? maybe they were just referring to the service isn't there, its not a security hole. lol.
<AtomicSpark> arooni, i'm not familiar with perl. as far as system wide local setting. i'm not sure either. i've only chosen it during install.
<AtomicSpark> http://blog.andrewbeacock.com/2007/01/how-to-change-your-default-locale-on.html ?
<kraut> moin
 * delcoyote hi
<vagoth|friend> Quelles diffÃ©rences y at-il dans ubuntu et debian serveur?
<vagoth|friend> MitÃ¤ erot ovat siellÃ¤ ubuntu-palvelimeen ja Debian on?
<Jeeves_> English might work better
<vagoth|friend> 	
<vagoth|friend> MitÃ¤?
<Jeeves_> English
<Jeeves_> You know, that other language :)
<vagoth|friend> En ymmÃ¤rrÃ¤.
<Jeeves_> vagoth|friend: Stop talking your own language, and try to talk english.
<c00l2sv> hi, did somebody succeed in configuring postfix with dkim-filter ? can that one help me too?
<AtomicSpark> !english
<ubottu> The #ubuntu, #kubuntu and #xubuntu channels are English only. For a complete list of channels in other languages, please visit http://help.ubuntu.com/community/InternetRelayChat
<vagoth|friend> ?
<Kamping_Kaiser> vagoth|friend, where is vagoth?
<vagoth|friend> u want spek with vagoth?
<Kamping_Kaiser> yes
<vagoth|friend> he no here
<Kamping_Kaiser> vagoth|friend, what is your language?
<vagoth|friend> Portuguese
<vagoth|friend> man more too
<Kamping_Kaiser> vagoth|friend, try #ubuntu-pt
<AtomicSpark> !portuguese
<ubottu> Por favor use #ubuntu-br ou #ubuntu-pt para ajuda em portuguÃªs. Obrigado.
<AtomicSpark> yes one of those :)
<vagoth|friend> Obrigado
<Kamping_Kaiser> :)
<vagothcpp> oh god...
<vagothcpp> I need to refine my portuguese, I told him NOT to talk in irc...
<Kamping_Kaiser> hehehe
 * vagothcpp apologizes for any agony my portuguese friend may have caused you.
<Kamping_Kaiser> its ok. i'm more worried about him :)
 * Kamping_Kaiser noticed an australian hostmask, hence asking for you above :)
<vagothcpp> Hehe, our university is doing an exchange program.
 * vagothcpp is the host family.
<Kamping_Kaiser> oh, nice.
<Kamping_Kaiser> hope he gets himself fixed up
<Kamping_Kaiser> (irc wise)
<vagothcpp> I need to fix up my language skills first, I probably told him to try talk instead of don't talk.
<vagothcpp> his been to all my channels.. alot of explaining to do.
<Kamping_Kaiser> his whois only shos 5... unless thats your usual amount
<vagothcpp> On another server.
<vagothcpp> I gotta go help him with our "aussie" study's
<Kamping_Kaiser> *grin*
<vagothcpp> Yay. Involuntry work.
<vagothcpp> It was that or go help homeless people in china *shudder*
 * Kamping_Kaiser wonders where he lives
<mathiaz> nijaba: what is the proper way to file bug against the ubuntu-server guide ?
<mathiaz> nijaba: is it against ubuntu-doc or is there another package ?
<nijaba> mathiaz: I think it is to file it against ubuntu-doc
<mathiaz> nijaba: thks.
<nijaba> mathiaz: subscribe sommer to it won't hurt as well
<Kamping_Kaiser> any idea when we would expect the .1 update? are we thinking 6 months? 12 months?
<hads> "These will start three months after the LTS, and be repeated every six months until the next LTS is out."
<Kamping_Kaiser> hm.
<hads> Speaking of point releases, from;  http://www.markshuttleworth.com/archives/146
<Kamping_Kaiser> hmm... hope desktop gets point updates with 8.04 :/
<hads> That's exactly what that quote is discussing.
<Kamping_Kaiser> then its not clear :)
 * Kamping_Kaiser laughs at the thought of debian delivering to within a month of an eta
<Deeps> it suggests that the desktop will get point releases too
<hads> Seems pretty clear; "We also committed, for the first time, to a regular set of point releases for 8.04 LTS. These will start three months after the LTS, and be repeated every six months until the next LTS is out."
<Deeps> point releases being for LTS desktop + server, not just LTS server, based on the colouring
<Deeps> hads: yes, but the last LTS had a point release /only/ on the server
<Kamping_Kaiser> Deeps, thanks... beat me to it
<Deeps> it doesn't explicitly say that the desktop edition will get the same point release too
<Deeps> however, the graph suggests that it will
<Kamping_Kaiser> i had assumed 6.06 lts would as well, and i was wrong :)
 * Kamping_Kaiser thinks its a pity the point updates are only for the first half, but i do understand the work involved problem
<Deeps> yeah well, one would hope that given that ubuntu's strength lies in it's desktop offering, that the desktop would get the attention it needs
<Kamping_Kaiser> yeah
<Kamping_Kaiser> has anyone else found building/updating ubuntu mirrors to be *very* painful recently? all the mirrors i'm trying are missing bits (mostly in the debian-installer section)
<tritonx> Anyone has setup a Raid1 with 8.04, I'd like to know how you did it
<emja> What is the commonly used tool for automating the build process of servers? My company has previously been selling RH-based servers, built with kixtart (mindnumbingly ugly). The RH solution has not been sustainable or maintainable, so we want to move to Ubuntu. The only concern is our custom configs (smb.conf parameters, etc).
<\sh> emja: you can still go with kickstart, or much nicer but more time to setup: FAI (Fully Automatic Installation)
<\sh> emja: FAI is a debian project and follows some principals of Jumpstart (Solaris)
<emja> righto
 * \sh would run now, when MrFAI would be here ;)
<emja> can you tell me how it handles incorporating config options in, say, smb.conf? do I need to overwrite the whole darn thing (trashing what is already there) or can I inject my changes?
<emja> ie; WORKGROUP=office
<ogra> there is as well a kickstart wrapper for preseeding if you want to use a more commercially supported method
<emja> the problem with our current system is that kickstart takes a modified config file from our directory tree, and plonks it on top of the base build - thereby overwriting the equivalent config file from the package
<ogra> (preseeding is the officially supported method to set custom configs on debian based systems)
<emja> I have been told by a couple of my engineers that puppet is the preferred strategy, although it will take a reasonable amount of development to setup
<ogra> thats essentially what FAI does as well (using cfengine) but that leads to lots of questions from the package management on upgrades/updates
<emja> ahh, cfengine
<emja> I may have not made myself clear; I'm not supporting a bunch of different server configs, but rather trying to create a consistent build process for entry-level servers (ala MS-SBS) being sold to SMB businesses.
 * ogra would go with preseeding, but then i'm not a big FAI fan anyway and prefer the supported distro solutions, FAI is great for mass installs though, but he use of cfengine has its own probs 
<Kamping_Kaiser> pre seeding sounds like it. esp. as you can probably keep your kickstarts
<ogra> s/he/the/
<emja> Am I able to end up with an unattended install process? I want to ensure that the servers are pretty close to consistent
<mathiaz> emja: if you want to modify the configuration of packages, you should opt for preseeding.
<emja> ok
<zul> mathiaz: is there a reason why apache is not following the ubuntu version numbering schee?
<emja> many thanks for the advice guys/gals/etc
<mathiaz> emja: you can preseed answer to any question asked by debconf during an install
<emja> mathiaz: err, what if the option I want to change is not actually asked by debconf?
<mathiaz> emja: ex there is a debconf question for the samba workgroup - so you can put the workgroup in your preseed file.
<emja> ie; who can login via ssh (configued in sshd_conf)
<mathiaz> emja: then you'd have to use a late_command
<emja> that's a preseed thing?
<mathiaz> emja: which goes back to your kickstart way of doing things to customize your install
<emja> overwriting the entire config file?
<emja> the inconsistency of the various config files' formats is what is biting me in the ass here. ;-)
<\sh> ogra: fai doesn't use cfengine
<\sh> ogra: it can, for sure, but it's not relying on it
<\sh> fai comes with its own set of configuration management for rollout processes...no need for cfengine
<ogra> \sh, well, it doesnt use debconf i guess which is the main problem here
<\sh> ogra: nope...
<\sh> ogra: you generate the configs beforehand, and push them during the installation to the target...
<\sh> it's role based
<ogra> (no matter how you overwrite configs, if they are not done in debconf upgrades wil ask questions)
<\sh> ogra: debconf is being used in force mode, with the simplest config rollout...
<\sh> ogra: really...people are deploying hundreds of thousands of servers with it...
<\sh> ogra: and when you need debconf prefilled...you deploy the necessary files during the first deployment :)
<ogra> \sh, what for do i need fai then if i already have preseed files that set all confgs ?
<\sh> ogra: it's for unattended deployment...you can have several roles of machine, where you tweak e.g. only a bit of the config, but you need to rollout 1k Servers with the very same config...
<\sh> ogra: you can, not only deploy with FAI debian/ubuntu machines, but also RHEL, SLES, whatever linux you want
<ogra> right
<\sh> ogra: a standard debian install with FAI <= 6Mins on a simple hp pizza box or blade
<ogra> but if i only have one ubuntu server setup to deploy (or even two) i wont need fai
<ogra> but just two different preseed files
<\sh> deploying SLES without autoyast, means: get the sles machine ready in less then 10 mins, while you need for the same setup with autoyast 30 mins
<\sh> ogra: yes...but with FAI it's just a simple role...on the very same server, no need for different preseeding files :)
<\sh> it's centralized, it's fast...and it complies with other deployment tools....e.g. jumpstart....but yes, preseeding is easier...but doesn't work out in bigger environments where you do more with FAI then only deployment (think of 1&1 and rescuesystems...)
<ogra> yes, and you blindly overwrite files that are marked as conffiles which will bite you on upgrades
<\sh> ogra: no
<ogra> how do you make sure the md5sums match then ?
<ogra> ucf wll kick in if it doesnt have the packaging backing debconf gives you
<ogra> which means lots of questions
<\sh> how do you do upgrades today? when you tell debconf not to touch conffiles, it never touch them...
<\sh> ogra: I'll show you at linuxtag :)
<ogra> \sh, i know how fai works but i cant imagine a sane way to quiten down ucf without using debconf preseeding
<ogra> the ackages know the md5sume and rewrite them on debconf changes which doesnt happen with any other mechanism i know, which in turn means you break the conffile watching mechanism of dpkg
<\sh> ogra: for FAI you can do two ways for upgrades: the standard way, where debconf is asking you every time, or tell debconf by default not to touch anything and shut up debconf...or you use an update tool of fai, which follows FAIs way to deal with upgrades...actually, when people in DCs are dealing with mass configuration, they don't want debconf to touch anything of the stuff they do...at least for the more bigger DCs...
<ogra> well, the first one sounds just plainly broken ... teling a security mechanism to "just shut up" seems not the fine english way
<ogra> and the second one indeed binds you to FAI eternally
<ogra> (which is fine if you want that indeed)
<\sh> ogra: yes...as I said, it's possible..if it's ok for the admin team, and yes, if you use FAI, you sold your soul ;)
<\sh> kickstart, preseeding and fai or jumpstart or whatever deploy system you use, everything has a special usecase and flaws...for your DC you need to find the right one, and stick to it...
<\sh> there is no "right way"...as always :)
<ogra> surely depends on the usecase
<\sh> fun part, about FAI is, it sticks to ITIL ... and the combination of FAI as deployment tool/automation tool and ITIL with automatic collection of CMDB data is rocking...
<\sh> but don't tell that now to your manager...because you will get an increase of your salary, a contract for staying with your company until you die, and you will hopefully have a nice dinner with the assistance of your boss ... you will be famous ;)
<\sh> (that was a joke !:)
<ogra> *my* manager wouldnt give me a salary raise for promoting FAI ;) be sure :)
 * ogra is in cjwatsons team :)
<\sh> ogra: hmmm.....that's really a problem ;)
<ogra> nah, not for me ;)
<faulkes-> dunno, I'm all about the dinner with my bosses assistant, she's 25 and hot and loves bikini's
<zul> ogra: sure sure
<\sh> ogra: well, but you are already famous because of edubuntu...so no need for more glamour ;)
<ogra> faulkes-, if you cant do it, i'm sure \sh would step in :)
<\sh> ogra: nope....I'm occupied :)
<ogra> pfft
<ogra> you dont know the bikini yet
<faulkes-> sorry, nobody gets her but me
<faulkes-> I'll cut you
 * faulkes- whistles innocently
<\sh> ogra: na..25 is too young for me ;)
<faulkes-> dunno, I'm still dating 18yr old's so
<faulkes-> but I'm a dirty old man
<\sh> but we are getting offtopic now ;)
<faulkes-> aye
<\sh> we will get problems with our ubuntu police squad...they will shut down #ubuntu-server ;)
<zul> oooookay...
<Deeps> http://lists.debian.org/debian-security-announce/2008/msg00152.html this affect ubuntu as well?
<faulkes-> yep, black helicopters swooping in, all that
<faulkes-> morning zul
<zul> hi faulkes-
<\sh> back to topic. I'm really seeing into installing hardy on my new dual quad core amd machine
<faulkes-> Deeps: it says debian related systems, so I would hazard a guess that yes, it does affect ubuntu
<\sh> and imho is kees or jd already on it
<Deeps> faulkes-: Ta, I'm good at guessing too though ;) nm
<ScottK> Deeps: Our openssl packages are very similar to Debian's.  Based on the versions in the Debian announcement it would be very suprising if Feisty through Intrepid weren't affected.  As \sh says though, I'm confident that kees or jdstrand are working on it.  They collaborate closely with the Debian security team.
<ogra> its in progress
<ScottK> Actually not intrepid.  That's got the fixed version.
<ogra> but who in the world would actually use intrepid anyway
<Deeps> I'm struggling to find anything online that suggests that, which is annoying
<ScottK> Agreed.  Just trying to be complete/correct.
<ScottK> Note that the DTLS issue that Debian also fixed in that upload is already fixed in all Ubuntu releases.
<ScottK> Deeps: Suggests what?
<Deeps> Suggests that anyone at Ubuntu is aware and/or working on resolving this if Ubuntu is actually affected
<ScottK> Deeps: It's being discussed on #ubuntu-devel and the people who are saying it's being worked on are ones who would know.
<ScottK> Deeps: If you know the package, it'd be stunning if Ubuntu wasn't affected.
<Deeps> ScottK: I'm sure they are, but I'm not in #ubuntu-XYZ and was searching the web for information ;-)
<Deeps> ScottK: True, I try to think of ubuntu as stunning though :)
<ScottK> Deeps: Right.  That's why I'm telling you.  Generally Ubuntu security people don't keep a web site listing the stuff they're working on.
<ogra> there the upload hits the buildds :)
<ogra> gutsy-, feisty- and hary security should have it RSN
<ogra> *hardy
<Deeps> ScottK: Security through obscurity? :)
<ogra> if it has built there will be an USN note
<ScottK> Deeps: No.  Just they don't mark it up.
<Deeps> Fair enough
<ScottK> The policy is that public security vulnerabilities have public bugs.  Given that Debian just announced this, I'm guessing no one has bothered to take the private flag off the bug yet.
<zul> or it was private and someone screwed up :)
<ScottK> Interestingly the fixed openssl package shows up in hardy-changes, but LP appears not to know about it yet.
<ScottK> OK.  That or I had the url wrong ....
 * CrummyGummy holds thumbs and updates to Heron.
<CrummyGummy> Hiya, that was pretty successful. Just one issue.
<CrummyGummy>  /sbin/apparmor_parser: Unable to replace "/usr/sbin/mysqld".  Profile doesn't conform to protocol
<CrummyGummy> Is that something to worry about?
<CrummyGummy> Never mind. it doesn't seem to be an issue.
 * CrummyGummy modified his search criteris.
<zul> mathiaz: ping im curious how is apache2 handle at the begining of the release cycle
<ScottK> New openssl package for Hardy has hit the security repository.
<Deeps> nice
 * ScottK is going to have to regenerate all the dkim keys too.  Ugh.
 * CrummyGummy gets that sinking feeling that his server isn't coming back up.
<ScottK> Gutsy too (openssl).
<ogra> http://www.ubuntu.com/usn/usn-612-1
<Navop> Can someone tell me what went wrong on this installation of ISPCONFIG--->   http://pastebin.com/db8f0350
<\sh> Navop: commercial tool?
<Navop> \sh: not as i know of
<\sh> Navop: I would say it's a ispconfig problem regarding the last line of the paste...
<\sh> not ubuntus
<Navop> k thanks
<\sh> and seeing that it ships its own openssl lib ... I don't think it's a good tool...similar to confixx I think
<\sh> which was broken by default
<Navop> what is a good tool to use?
<Navop> newbie, on server side
<\sh> a good tool? leatherman and a good admin :)
<Navop> What is leatherman
<Navop> nm
<\sh> Navop: a good tool...serious...don't use those tools when you don't know anything about server administration....learn to admin a server from scratch read some books about apache+php+mysql etc. but don't trust those tools in the first place...
<\sh> those "isp apps" are doing things on your system, you don't see or know...(like shipping selfmade and insecure openssl libs, see security announcement from today for openssl)...
<\sh> it's dangerous to use them without any clue what those apps are doing in the first place...
<Navop> k thanks for info
<Kl4m> this install a whole lot of software out of package management as I see
<ogra> yeah, looks pretty messed up
<Kl4m> I don't want to judge too quickly, but it's very automatix-like from what I see
<Deeps> Navop: a leatherman is like a swiss army knife (if you know what those are)
 * Deeps pats his
 * ogra prefers the swiss variant :)
 * ogra pats his pocket
<Navop> thanks, good army knife
<Jeeves_> Will rsync 3.0 be included in 8.04.1 ?
<Jeeves_> Or does someone know who I should poke for that to happen? :)
<Wicky656> Could someone point me in the right direction for what my options are for monitoring hardware for failures with server? SNMP gets me stats but i need to be alerted is something outright breaks.
<mathiaz> Jeeves_: rsync 3.0 probably not - it's a new upstream revision. It won't go into 8.04.1.
<Jeeves_> mathiaz: Ubuntu distributes a beta firefox for the whole world in a LTS version, but no rsync 3.0 ?
<Jeeves_> Strange world, we live in...
<ogra> Jeeves_, ff 2.0 isnt supportable for 3 years
<Jeeves_> ogra: A beta isn't supportable at all
<ogra> upstream wont support it that long
<ogra> it will be final for 8.04.1
<Jeeves_> ogra: Sure it will.
<Jeeves_> I don't doubt that
<ogra> and since we dont change upstream versions in a release it had to be 3.0beta
<ogra> ;)
<ScottK> We will this time.  There are exceptions.
<ogra> well, but not just for new shoeshine :)
<Jeeves_> I just don't get why it is not ok to include rsync 3.0 ( or why it hasn't been done allready)
<ogra> i'm sure the backport guys wont complain to provide a package
<Jeeves_> ogra: I can provide my own
<Jeeves_> That's not the problem :)
<Jeeves_> It would be nice if the canonical mirrors would use rsync 3.0 as well
<Jeeves_> for syncing the archives
<uvirtbot> New bug: #230003 in openssh (main) "openssh-server: regression: won't install due to debconf error" [Undecided,New] https://launchpad.net/bugs/230003
<zul> mathiaz: ping https://bugzilla.samba.org/show_bug.cgi?id=5436
<uvirtbot> bugzilla.samba.org bug 5436 in Client tools "Reports "Server packet had invalid SMB signature" with some Win2K servers" [Blocker,Resolved: fixed]
<zul> I think there are a couple of bug reports in hardy about that
<mathiaz> zul: right - some bug reports mention this - however it's not always with Win2K
<zul> true doesnt hurt for them to try though
<mok0> Hmm, I uploaded torque_2.1.8+dfsg-0ubuntu2 to intrepid ~2hrs ago, but I can find no trace of it. Neither in the queue, builds or any reject mails. What can have happened?
<giovani> I'm getting an error: "Template #4 in /tmp/openssh-server.template.152690 has a duplicate field "template" with new value "ssh/vulnerable_host_keys". Probably two templates are not properly separated by a lone newline." when I try and install the updates for openssh-server
<giovani> on gutsy server
<mathiaz> giovani: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/230003
<uvirtbot> Launchpad bug 230003 in openssh "gutsy: openssh-server won't install or upgrade: debconf error - /var/lib/dpkg/tmp.ci/templates has a duplicate field "template"" [Undecided,New]
<mathiaz> giovani: known, worked on - fix should be ready
<mathiaz> giovani: soon
<giovani> mathiaz: alright, thank you very much
<SuperLag> Are there any packages that you can use to document any/all changes made to server configuration, and installed packages?
<bipolar> Does anyone know how to setup ldap authentication on the client side so that it only shows users inside a specific DN? Everything has changed so much with hardy that I can't get it to work.
<bipolar> I tried adding "nss_base_passwd         ou=users,dc=example,dc=com?one" to /etc/ldap.conf but no dice
<bipolar> here's another one... how the hell can I log into this box with an LDAP user when NOTHING in pam is configured for ldap?
<bipolar> over ssh even!
 * bipolar sacrifices a chicken
<Lyaa> hya
<Lyaa> has anyone installed a system using a rescue-Image via PXE and using debootstrap?
<Wicky656> fdisk -l shows nothing with sda devices. how can I view my partition table? fdisk -l sda and fdisk -l sda1 respond with can't open device
<blue-frog> Wicky656: cat /proc/diskstats gives you something about your HDD?
<Wicky656> blue-frog: first it pukes on /dev/sda and then midway down gives some numbers
<blue-frog> pukes? says what exactly?  sdaxx or hdaxx?
<Wicky656> blue-frog: it's an IBM raid array
<blue-frog> ah
<Wicky656> blue-frog:  Cannot open /dev/sda
<blue-frog> sry can't help you don't have raid. but if it's something similar to lvm, you might have it somewhere in /dev/mapper maybe?
<Wicky656> nope Iturned off lvm to try get out monitoing system to read disk stats correctly
<Wicky656> My real issue is "is it work the effort to rebuild with xfs for hadoop machines?"
<xenocampanoli> Still looking to figure out eruby on Ubuntu.  I've seen a lot of stuff on the net complaining about no answer, and no answer.  A key to my problem may be getting the 'Action' directive to work.
<xenocampanoli> I wonder if there is a specific ubuntu/apache forum...?
<MattJ> Hi, is ssh-vulnkey Ubuntu specific, does anyone know? or is it (or will it be) in Debian too?
<ogra> ubuntu8
<ogra> specific
<ogra> (sorry for the wrap)
<MattJ> Heh, np
<MattJ> Thanks
<giovani> MattJ yeah, debian released their own tool
<giovani> dowkd.pl
<MattJ> Ah yes, I used that this morning before the Ubuntu updates
<MattJ> ssh-vulnkey is more user-friendly :)
<bipolar> no matter what I do, I can't get my ldap nss client (getent passwd) to only show users in a specific ldap dn. I used to be able to use the nss_base_passwd option in libnss-ldap.conf to do this, but now nothing works to solve this issue. I get every user in the entire ldap server when I run 'getent passwd'
<giovani> indeed
<bipolar> does anyone know what voodo is required to get this working right?
<giovani> MattJ: but it doesn't check remote keys
<MattJ> giovani: Which?
<giovani> ssh-vulnkey
<MattJ> ssh-vulnkey checks authorized_keys
<giovani> that's not remote keys
<MattJ> Which remote keys?
<giovani> dowkd.pl checks remote servers and their fingerprints
<giovani> for any given server
<xenocampanoli> I wonder if there is a specific ubuntu/apache forum...?
<MattJ> giovani: Oh, I see what you mean
<cyris|> How can I go about starting slapd on port 389 and port 636?
<cyris|> slapd -h ldap://localhost -h ldaps:/// seems to only starts listening on 389, or if I flip the order it only starts listening on 626
<xenocampanoli> Here is my answer:  http://ubuntuforums.org/archive/index.php/t-356350.html
<xenocampanoli> In case anyone was already looking.
<bipolar> kirkland: are you at the keyboard?
<kirkland> bipolar: yes
 * ScottK was waiting for you to answer no.
<bipolar> kirkland: I'm in a bit of a bind here with my hardy ldap client config. I'm hoping you have a min to perhaps help me out
<bipolar> the new config has really gotten me confused
<bipolar> I've been at this one problem all day
<kirkland> bipolar: okay, i'll do what i can
<bipolar> the short story is that I can't figure out how to narrow the list of users visable on the client to a specific dn.
<bipolar> I used to be able to set nss_base_* in /etc/libnss-ldap.conf to do it
<bipolar> but those options seem to have no effect no matter what file I put them in.
<bipolar> I've tried /etc/ldap.con /etc/ldap/ldap.conf /etc/libnss-ldap.conf
<kirkland> bipolar: please define "visible on the client"
<bipolar> I see my samba workstation 'users' when i run 'getent passwd'
<bipolar> they are in ou=workstaions,dc=domain,dc=com
<bipolar> my real users are in ou=users,dc=domain,dc=com
<bipolar> and my groups are ou=groups,dc=domain,dc=com
<kirkland> bipolar: okay, so /etc/ldap/ldap.conf is what's used if you're running command line ldap queries
<bipolar> so i set nss_base_(passwd|shadow) to ou=users,... and nss_base_groups to ou=groups,....
<kirkland> bipolar: and /etc/libnss-ldap.conf is for nss/pam logins
<bipolar> the only thing in /etc/ldap/ldap.conf is TLS key config. thats all. 3 lines.
<bipolar> libnss-ldap.conf does not exist... I only created it to test out if thats where it would look for the nss_base_* lines. everything is in /etc/ldap.conf
<bipolar> which is where debconf put them
<bipolar> but 'getent passwd' shows all the users under my basedn
<kirkland> bipolar: right, so a /etc/libnss-ldap.conf is owned by package libnss-ldap
<kirkland> bipolar: what owns /etc/ldap.conf ?  that doesn't seem right for hardy....
<bipolar> um... I don't think so... I had to create that file by hand
<bipolar>  /etc/libnss-ldap.conf that is
 * kirkland goes play with a virtual machine....
<bipolar> btw... loggin in, pam, X, ssh, everything works.
<bipolar> with the ldap users
<bipolar> when I run 'apt-get install libpam-ldap libnss-ldap nss-updatedb' I answer the questions debconf asks me, and it creates /etc/ldap.conf and everything worked.
<kirkland> bipolar: and the problem is that you want to narrow the list of users who can legally login to this computer?
<bipolar> to those in a dm, yes. actualy, they are all samba workstation accounts, so they couldn't log in anyway (no set password), but the result is the same.
<kirkland> bipolar: when installing libnss-ldap, debconf asks for the ldap search dn
<kirkland> bipolar: and I stand corrected....
<kirkland> bipolar: that writes to /etc/ldap.conf
<kirkland> my bad
<bipolar> kirkland: confusing, isn't it.... :)
<kirkland> bipolar: yeah
<kirkland> bipolar: in /etc/ldap.conf, i'd think you'd want to customize the "base ...." line
<bipolar> kirkland: ok. the problem is that groups and users are on the same level in the ldap database. ou=groups,dc=domain,dc=com and ou=users,dc=domain,dc=com
<bipolar> so currently my basedn is dc=domain,dc=com
<bipolar> but then it picks up ou=workstations,dc=domain,dc=com
<bipolar> in feisty and debian I used the nss_base_passwd/shadow options to restrict users to that user dn
<bipolar> and nss_base_group to the group dn. it worked wonderfuly.
<bipolar> now that option, even though it's listed, explained, and commented out in /etc/ldap.conf, does not work.
 * kirkland sees it there
<bipolar> I keep hoping that it mearly needs to be moved into a diffrent config file. :(
 * bipolar sacrifices a small goat
<kirkland> bipolar: to be honest, i'm not intimately familiar with these options.  if they're not working for you, i'd file a bug, if i were you.  if this is a regression since feisty, please note that, as it'll help us track down the root cause.
<kirkland> bipolar: you're welcome to subscribe me to the bug
<bipolar> ok
<ogra> bipolar, hey, nobody has cleaned up the chicken yet. please only one animal a day per channel
<bipolar> I left it there for the voodo god who handles these things
<ogra> :)
<bipolar> kirkland: ok. I'll post it.
<kirkland> bipolar: any idea if it worked in Gutsy?
<giovani> is he different from the voodoo god?
<bipolar> not really...
<kirkland> bipolar: file it against libnss-ldap
<bipolar> ok
<bipolar> giovani: I don't care who he is... I just need this to work.
<bipolar> :)
<bipolar> kirkland: thank you very much for your time. I really apreciate it ;)
<kirkland> bipolar: no problem, i'm sorry i'm not of more use at the moment
<kirkland> bipolar: but i will look into it
<kirkland> it's a bit of a busy day ;-)
<bipolar> kirkland: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/230065
<uvirtbot> Launchpad bug 230065 in libnss-ldap "nss_base_XXX options being ignored in /etc/ldap.conf" [Undecided,New]
<bipolar> haha
<bipolar> good bot
<ericvw> what is the keyboard cmd or shortcut to scroll back through a terminal buffer?
<Jeeves_> shift-page up
<uvirtbot> New bug: #230029 in openssh (main) "ssh-vulnkey overlooks keys which have options in authorized_keys" [High,Triaged] https://launchpad.net/bugs/230029
<Lyaa> should there be still an /etc/inittab on Hardy? or is that nit required with upstart?
<Lyaa> s/nit/not/
<melter> when i do an upgrade, why are openssh-client and openssh-server "kept back"?
<giovani> melter: probably because they force a regen of your server keys, and that may want to be a planned upgrade/change
<Nafallo> melter: wasn't on any of my systems. was that upgrade or dist-upgrade?
<giovani> Nafallo: it was on my feisty box just an hour or so ago -- on a regular upgrade
<Nafallo> melter: in case of upgrade they are held because they want to install an additional package.
<melter> Nafallo, "upgrade"
<Nafallo> there we go then
<melter> so what do i do? i had to regenerate new keys on my desktop system
<giovani> you need to regenerate all keys you generated with the bad copy of openssl
<melter> openssh-server generates its own keys, so can i just delete the old ones?
<infinity> melter: You need to dist-upgrade, not upgrade, since openssh-server grew a new dependency.
<giovani> it should overwrite the old ones when you do an upgrade
<infinity> melter: "upgrade" will never add/remove packages, only upgrade existing ones.
<giovani> but if you've generated keys and placed copies on other remote systems ... you'll want to revoke/regenerate those
<melter> isn't dist-upgrade the same command for upgrading, say, 7.10 to 8.04?
<infinity> melter: "dist-upgrade" isn't for "upgrading between dists" (though you can use it for that), it's just for doing any "complex upgrade" (anything that adds or removes packages).
<infinity> melter: dist-upgrade won't switch you to another release or anything, you'd need to manually edit sources.list for that. :)
<melter> infinity, thanks, that addresses my concern :)
<bipolar> kirkland: OMG... I'm so damned embarresed. I had the option for the workstation accounts REPEATED at the end of the file. I didn't even notice it.
<Nafallo> hmm
 * Nafallo gives infinity do-release-upgrade ;-)
<LiENUS> is ubuntu 6.06 LTS affected by the debian openssl bug?
<ScottK> LiENUS: No.
<lucasv3> Hi, I have just tried to upgrade my server. apt-get upgrade, then apt-get dist-upgrade. (from dapper to hardy). apache is not starting anymore and dpkg is segfaulting
<Deeps> you're not supposed to dist-upgrade, as it can cause stuff to break (like this)
<lucasv3> Deeps: so what's the normal procedure?
<Deeps> upgrade instructions point to upgrade manager / do-release-upgrade
<Deeps> not sure how to go about fixing it now mind, ubuntuforums might have someone else who tried this and encountered similar problems
<JanC> dpkg segfaulting is weird anyway?
<lucasv3> JanC: Setting up mime-support (3.39-1ubuntu1) ...
<lucasv3> Segmentation fault
<lucasv3> JanC: it might be the package that's causing it
<JanC> yeah
<JanC> I didn't test dapper â hardy upgrades myself  :-/
<lucasv3> JanC: http://pastebin.com/m392e5b20
<lucasv3> not really
<lucasv3> :(
<lucasv3> /usr/sbin/apache2ctl: 124: /usr/sbin/apache2: Permission denied
<JanC> Looking for keymap to install:
<JanC> NONE
<Deeps> not to be one to shy away from a challenge, but i'd reckon it'd be easier for you at this stage to install from scratch
<lucasv3> Deeps: well, it's a dedicated server
<JanC> &dpkg: error processing console-common (--configure):
<JanC>  subprocess post-installation script returned error exit status 139
<JanC> Setting up mime-support (3.39-1ubuntu1) ...
<JanC> Segmentation fault
<Deeps> no terminal server / ip kvm?
<lucasv3> no
<Deeps> JanC: nice, defeating the point of a pastebin? ;)
<Konam> can you define more than one subnet with just one router (or device to which several computers are connected)?
<JanC> sounds like an issue with the console/terminal ?
<JanC> Deeps: who cares about 2-4 lines  ;)
<lucasv3> JanC: after that, it just lists the packages which weren't configured because of dependency problems caused by the first few errors.
<JanC> Konam: of course
<lucasv3> Deeps: I wouldn't mind reinstalling
<Konam> JanC but how will the client identify that he is on a different subnet?
<JanC> Konam: the same way it does in all other cases?
<JanC> (things like the subnet mask & the routing table are relevant)
<Deeps> Konam: can I ask why you're wanting to have different subnets for different devices all connected to a single interface?
<Konam> Deeps I'm just reading the dhcpd.conf man page and was curious about that, but I still don't get how the client will realize that it is on a different subnet :/
<Deeps> it wont unles you have it running off different physical wires, or have vlans
<Deeps> well, i say different wires, i mean different interfaces on your router
<Konam> that's more understandable
<Deeps> if you have a vlan aware switch, then you can 'cheat'
<Konam> but JanC suggested that it will like it does in any other case, I didn't get that.
<Deeps> it will in the sense that you can have statically assigned addresses + subnets all running over the same physical network without any vlans
<Deeps> but that'll be subnets in name only, as you loose most of the point of having subnets doing it that way
<Konam> oh, maybe I left the DHCP part then
<Konam> all the clients are getting their configuration through dhcp
<Deeps> through dhcp you cant, unless you have different physical interfaces from your dhcp server, or virtual interfaces + vlan aware network
<Konam> that's what I thought
#ubuntu-server 2008-05-14
<Deeps> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Konam> Deeps following the DHCP conversation we had, there's no way of define different subnets behind the same router using DHCP right? Is just that I keep reading examples of people that define a subnet by just changing one part of the IP address, which lead me to think that the machines in the example are behind the same router. for example here: http://en.wikipedia.org/wiki/Subnetwork#Subnets_and_host_count or here http://searchnetworking.techta
<Konam> rget.com/sDefinition/0,,sid7_gci213065,00.html
<Konam> sorry: http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213065,00.html
<Deeps> in my house i have 1 router and 3 subnets
<Deeps> the router has 3 network interfaces though
<Deeps> if you're attempting to use a single router with a single network interface, you need vlan aware switches between your router and your clients
<Konam> Deeps that's supported by any router? multiple interfaces? because I can't find it in mine
<Deeps> i have 3 network cards in my router
<Deeps> with 3 wires coming out
<Konam> ok
<Deeps> eth0 runs to the gbit switch for wired connections, eth1 to the wireless access point, eth2 to the neighbours flat
<Deeps> (we'll skip past the atm, sit, tap and tun interfaces, heh)
<Konam> ok, that explain it to me, thanks
<Konam> I just wanted to know which are the posibilities
<Deeps> how come you need multiple subnets?
<Konam> I don't need it. I just didn't knew how could I set differents subnets behind one router
<Konam> since the definitions and examples I found lead me to think that, was pretty confusing
<Konam> very*
<uvirtbot> New bug: #230147 in openssh (main) "package openssh-server 1:4.7p1-8ubuntu1.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/230147
<Ashfire908> I'm going to install xubuntu on my server as a sort of backup/mantaince mode, should i install ubuntu-server then the xubuntu metapackage, or install from the xubuntu (from the alt cd if it matters) and then switch to the server kernel?
<mralphabet> up to you
<Ashfire908> So it doesn't make a difference?
<giovani> Ashfire908: I'd highly recommend not installing a gui on your server ... but if you must ... install ubuntu-server first, and then xfce on top of it
<Ashfire908> Well this is not going to be the primary system
<giovani> there's nothing useful about a gui for "backup/maintenance" -- in fact, it's likely to break far more often than the rest of the OS
<Ashfire908> I will/have use/used it to do full backups of the drives and to do stuuf like manual fsck.....
<giovani> that's not related to xfce though, nor can it be done with xfce
<Ashfire908> what does it matter if when i'm using that system if it has a gui?
<Ashfire908> I'm not going to run services while in it.
<giovani> alright ... I have no idea what you're talking about now
<giovani> but go ahead
<Ashfire908> i'm installing a second os onto the server, and it's only going to be used to do stuff that i mentioned.
<giovani> wait, a second OS?
<Ashfire908> second install of ubuntu
<giovani> you mean, you're planning to dual-boot different installs of ubuntu?
<Ashfire908> one is a gui-less ubuntu server hardy, for when running it normally, then a second for only mantinece stuff of ubutnu server/xubuntu
<giovani> there's really no need to do that
<giovani> it's excessive, and will add to management time, security update efforts, and a whole host of things
<giovani> a) you don't need a separate OS to do anything you've described ... b) for the things you've described, separating partitions would be the best way to handle fsck and backup/permissions issues on partitions
<giovani> c) if you really did need a separate os ... a live cd would be much better for those instances than an entire install
<Ashfire908> ubuntu livecds fail at boot
<slicslak> what command should i be occasionly running to do security updates?
<Ashfire908> they drop into busybox, and fail to fully create the file system
<giovani> it doesn't need to be an ubuntu cd -- but you don't need a separate OS to do anything you've described
<giovani> slicslak: apt-get update && apt-get upgrade (as root)
<Ashfire908> fine, whatever.
<giovani> but ... I wouldn't really advise putting that in cron, if that's what you're planning
<Ashfire908> put what in cron?
<giovani> that was directed at slicslak
<Ashfire908> oh
<Ashfire908> lol
<Ashfire908> sorry
<slicslak> giovani, thanks.  just read https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html  it seems after upgrading i just need to restart ssh server and it iwll generate new keys correct?
<giovani> slicslak: you'll need to do an -- apt-get update && apt-get dist-upgrade for that particular security update (because it installs a new package, rather than just updated ones)
<gregbrady> Ok everyone, I don't know where else to turn here.  I have a mySQL database on a server that does not allow remote access to it.  I need to be able to access it via OpenOffice Base but I have no idea how to go about that!  Is there a way to import/address the .sql backup file?
<giovani> yes, it will restart the ssh server, and regenerate for you ... it'll notify you ... so you can't do it in an automated fashion
<Ashfire908> When i boot i get an error about an address not initialized, and to update the bios or force the addr.
<giovani> Ashfire908: I wouldn't know anything about the ubuntu live cd ... it's hardly the best option for server mainenance -- something with a lot of disk-fixing tools oriented at server-rescue would be better
<slicslak> wow!  ya, it really get's your attention on
<Ashfire908> no, this is at normal hard drive install.
<Ashfire908> *at a
<giovani> Ashfire908: you should be using the alternate install cd
<Ashfire908> I do.
<giovani> so the install cd isn't functioning at all?
<Ashfire908> no
<Ashfire908> this is with the already installed system
<giovani> did you check the md5 of the iso? and verify the burn?
<giovani> wait, are you trying to boot from the install cd?
<Ashfire908> no
<Ashfire908> i've already installed
<Ashfire908> the atl and server cds work fine.
<giovani> then what are you trying to do?
<Ashfire908> It's a notice on boot.
<Ashfire908> in the section where it loads the drives
<Ashfire908> *drivers
<giovani> does it fail to boot?
<giovani> or does it just issue a warning, and continue?
<Ashfire908> issues a warning
<giovani> then I suggest you get a word-for-word copy of the error, and bring it here
<Ashfire908> the server also temp. hangs at one of two places at boot.
<Ashfire908> one sec...
<Ashfire908> er about 3 min
<Ashfire908> I took a picture, one sec
<Ashfire908> piix4_smbus 0000:00:f.0: SMB base address uninitialized - upgrade BIOS or use force_addr=0xaddr
<Ashfire908> (I removed the kernel timestamp from the front of it)
<Ashfire908> During boot it either hangs for a bit after displaying that message, or after "Loading, please wait..."
<giovani> well I'd take out the situation-specific parts of the errors ... and google it
<Ashfire908> i am
<giovani> -- piix4_smbus SMB base address uninitialized upgrade BIOS -- should suffice as a search term
<Ashfire908> Do you know is force_addr is a kernel/boot option?
<Ashfire908> nvm
<leonel> with the  openssl  bug fixed today   there's nothing to do to the  apache certificates ??
<ScottK> These are SSL/TLS certificates?
<leonel> ScottK: are  the https  certs
<ScottK> Yes.  It does affect those.
<leonel> ScottK: so we need to regenerate those certs ?
<leonel> ScottK: or just reload with the new openssl?
<ScottK> Both.
<leonel> ScottK: I know that when using public key auth  the attacker can log on the system  but  for  https ??  what can be done ?
<dendrobates-> leonel: you can check your private key with openssl-vulnkey.  If it is ok, than you do not need to regenerate
<ScottK> leonel: Ask yourself why you have https and would you care if you didn't all of a sudden.
<ScottK> If the key is vulnerable ...
<dendrobates-> leonel: it is part of the openssl-blacklist package
<leonel> dendrobates-: thanks
<leonel> ScottK: so for the attack on https  the attacker needs to be in the middle and  can  decrypt the data ??
<dendrobates-> leonel: that or a tcpdump of the session. and then they would have to brute force it.
<ScottK> leonel: Yes.  But for the attacks https is meant to defend against, that's always the case.
<leonel> dendrobates-: openssl-blacklist  ?? or is openssh-blacklist ?
<ScottK> One sarcastic comment from another forum today, "I wouldn't worry too much about SSH key cracking. It's not like the bad-guys have access to millions of compromised CPUs......"
<ScottK> dendrobates-: Is that going to work for X.509 certs (openssl-vulnkey)?
<dendrobates-> leonel: openssl-vulnkey for ssl keys and ssh-vulnkey for ssh keys
<ScottK> Ah.
<dendrobates-> ScottK: it should work on the private key that encrypts the cert, so yes.
<ScottK> OK.
<ScottK> Maybe in my copious free time I'll go into my backups and check.  By the time those were out today, I'd already regenerated everything.
<ScottK> dendrobates-: I'm guessing you've had a 'fun' day.
<leonel> dendrobates-: openssl-blacklist is in gutsy ??
<ScottK> leonel: After you install the security updates.
<leonel> I've installed the updates  and there wasn't a openssl-blacklist  did apt-get update  and there it is
<ScottK> You need so apt-get dist-upgrade to get the new package.
<leonel> ScottK: did that for openssh  and installed  openssh-blacklist
<leonel> didn't installed openssl-blacklist
<leonel> installed now
<ScottK> Ah.  I don't think I've seen  the openssl-blacklist either now that you mention it.
<ScottK> dendrobates-: ??
<ajmitch> I don't think it's depended on like openssh-blacklist is
<ajmitch> hm, openvpn depends on it
<ajmitch> (at least on hardy)
<dendrobates-> ScottK ajmitch: it will be a dependancy of the ssl-cert package
<dendrobates-> which will be updated soon.
<dendrobates-> leonel: yes it is in gutsy
<ScottK> I just say "Caedite eos. Novit enim Dominus qui sunt eius."
<ajmitch> sounds fair for some
<ajmitch> though getting new SSL certificates signed isn't necessarily simple
<ScottK> Yeah.  I don't have to deal with anything that's not self-signed.
<ajmitch> I do, but it's only a couple of ssh host keys that I really need to replace
<ScottK> Two hours of bug hunting...  Slap of the forehead....  Add one line of code... It works ... Head desk.
<ajmitch> that sounds like a usual day for me
 * ajmitch is glad to not get paid by lines of code :)
<ScottK> Unfortunately in this instance I'm providing a service, so the less time I have to spend on it, the more profitable it is for me.
<ajmitch> and people don't really see much of a service in 1-line fixes, usually
<ScottK> This was service working and customer happy versus service not working and customer annoyed.
<ScottK> My code for my service.  No hourly rates at all.
<Bambi_BOFH> hi all
<Bambi_BOFH> when i use keybased ssh and change the keys on my client, the server should refuse entry. is that correct?
<ScottK> Unless you give it the new cert.  Yes.
<Bambi_BOFH> sigh. bad start
<Bambi_BOFH> thanks ScottK
<Bambi_BOFH> odd. i changed my user+laptop keys, but the server kept allowing me in until i removed the .authorized_hosts file
<Bambi_BOFH> hope that was pebkac on me
<nealmcb> Bambi_BOFH: was an ssh-agent (or seahorse-agent?) caching the key for you
<Bambi_BOFH> nealmcb: good though - i do have seahorse running. that might be what caused that... anomaly
 * Bambi_BOFH cleans his cache
<leonel> ScottK: dendrobates-   Thank YOU !
<spiekey> hello!
<spiekey> could someone please check what mx address bortal.de has?
<soren> spiekey: /msg'ed.
<spiekey> thanks!
<spiekey> that looks good, but i still get mil on the old server *grrr*
<\sh> spiekey, dns cache is awesome...and sometimes doesn't honour ttls
<Bambi_BOFH> want a 2nd report? :) (dont know if the dns will look different this side of the world)
<InsomniaCity> Hi! Am I safe to do the openssh-server updates over an ssh connection?
<Bambi_BOFH> assuming your link is stable yes
<InsomniaCity> so it does depend on keeping that ssh connection open?
<Bambi_BOFH> if it drops out you cant/will have trouble settin up a new one.
<Bambi_BOFH> also make sure you can log in using passwords before doing the sshd restart
<Bambi_BOFH> s/restart/upgrade
<InsomniaCity> ok, thanks.
<Bambi_BOFH> no worries.
<falstaff_> Hello
<falstaff_> Guys I really need help: I have regenerated my openvpn certificates and keys, but still ERROR: 'xxxxx.key' is a known vulnerable key. See 'man openssl-vulnkey' for details.
<falstaff_> Im not alone: http://forum.ubuntuusers.de/topic/174817/?p=1405337
<falstaff_> Anyone an idea? OpenVPN seems to be unusable since this security update...
<Bambi_BOFH> i dont know, but i'm about to try setting up ovpn again too
<pschulz01> falstaff_: Same here!!!
<falstaff_> As far as I see the things, the log message is generated by the openvpn binary
<falstaff_> So my guess is that the openvpn binary does _NOT_ use the /usr/sbin/openvpnssl-vulnkey to verify if it is an vulnerable key or not
<falstaff_>  /usr/sbin/openvpnssl-vulnkey says to me that the key is not blacklistet...
<pschulz01> falstaff_: yup.. same here.
<pschulz01> openvpn client is not restarting after upgrade.
<falstaff_> Which ubuntu version are you using? Im still on 7.10....
<Bambi_BOFH> us too
<falstaff_> pschulz01: And you?
<Bambi_BOFH> falstaff_: us is me and pschulz01 :)
<_ruben> hrm .. bug in init script of openipmi .. lets see if there's a lp entry yet for it
<_ruben> (cant touch lockfile due lack of /var/lock/subsys/)
<falstaff_> ok :-)
<falstaff_> http://security.ubuntu.com/ubuntu/pool/universe/o/openvpn/openvpn_2.0.9-8ubuntu0.1.diff.gz is interessting
<falstaff_> openvpn is using "/usr/sbin/openssl-vulnkey -q %s"
<falstaff_> to check the keyfile... do you use shared keyfile or private keyfiles?
<pschulz01> falstaff_: Bambi_BOFH recreating new keys..
<Bambi_BOFH> generated new keys and the client starts
<Bambi_BOFH> so its a case of 'ignore helper tool'
<kraut> moin
<_ruben> ah crap .. /var/lock is a tmpfs mount .. so even if a pkg would create /var/lock/subsys/ it'd be destroyed
<NineTeen67Comet> Hello all, I'm having an irritating issue with a couple packages on my server. aptitude full-upgrade works, except for:  update-manager-core depends on python-apt (>= 0.6.16.2); however:
<NineTeen67Comet>   Package python-apt is not configured yet.
<NineTeen67Comet> I've ran dpkg --configure -a .. and it kicks back the same'ish error .. help?
<_ruben> i wonder what would be the best way of making sure /var/lock/subsys/ is created at boot time (after its mounted with tmpfs)
<NineTeen67Comet> I've tried to re-install both packages, and they both tell me they can't be configured ..
<Bambi_BOFH> our vpn is working again \o/ i'im heading off for dinner ;)
<falstaff_> Bambi_BOFH: Just regenerating keys? i regenertad the keys too, but doesn't work for me...
<lupinsky> hello i have problem configuring cupd server
<lupinsky> i can't access from the web interface
<lupinsky> i have added Listen 631
<lupinsky> DefaultEncryption Never
<lupinsky> and in the <location />
<lupinsky> allow from 192.168.1.0/24
<falstaff_> Okey fixing a vulnerable and build a new one is not what ubuntu should do, isnt it?
<_ruben> bah .. my hardy machine hangs on shutdown, reboot works fine tho
<ScottK> Are the cert changes the SSL tool makes logged anywhere?
<nealmcb> ScottK: good question.  The place to start looking seems to be ï»¿/var/lib/dpkg/info/openssh-server.postinst and I guess the ssh-vulnkey code
<ScottK> Well I wish the process were transparent.
<ScottK> I went through (I thought) and regenerated everything that needed doing yesterday.
<ScottK> My laptop told me it was fixing something, but I have on idea what (I'm guessing snakeoil).
<ScottK> This would have been the ssl one, not the ssh one anyway.
<nealmcb> you can look for *.broken files
<ScottK> I'm certainly not going to run that tool on a server with production SSL/TLS certs without some clue.
<ScottK> OK.  Thanks.
<nealmcb> oops - right - ssl...
<ScottK> Nothing .broken.
<nijaba> ScottK: afaik ssh-vulnkey by itself does not change anything
<nealmcb> yeah - the consequences of vulnerable .ssh keys used for login are very different from the consequences of bad ssh host keys or ssl certs....
<ScottK> nijaba: The ssl tool does regenerate something.
<johnnybravo> I am trying to ssh into my server at home but I get the following :@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<johnnybravo> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
<johnnybravo> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<johnnybravo> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
<johnnybravo> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
<johnnybravo> It is also possible that the RSA host key has just been changed.
<johnnybravo> The fingerprint for the RSA key sent by the remote host is
<johnnybravo> How to solve?
<pablasso> i have the $PS1 vas setup un /etc/bash.bashrc aswell as each user ~/.bashrc, and it works fine while anyone logins via ssh, but when someone is already logged and changes users with 'su someone' the $PS1 is lost, where is that default located?
<pablasso> johnnybravo: just delete that key in ~/.ssh/known_hosts
<emgent> johnnybravo: see usn-2
<emgent> wait for link
<emgent> johnnybravo: http://www.ubuntu.com/usn/usn-612-2
<johnnybravo> pablasso, that did it thanks.
<johnnybravo> emgent I'm looking into the link now....
<nealmcb> johnnybravo: note also the -R option to ssh-keygen - may be easier than editing the file
<johnnybravo> I assume that this warning is just that, a warning.  I've check my logs and nobody has logged in by brute force
<nealmcb> johnnybravo: given the recent USN, that is most likely.  but for the paranoid, of course, an attacker could often fix the logs to cover traces
<johnnybravo> nealmcb, true enough, and if that would be the case they are sharper than I, so let them go nuts
<mok0> johnnybravo: delete the machines entry in ~/.ssh/known_hosts
<cyris|> Morning everyone
<pteague> if i have several physical drives... would it be better to put swap across multiple drives or just dump it on the 1?
<Mastacheata> pteague,  I think splitting it up will give you better write performance of the swap but less read performance, so this might just be a personal decision
<_ruben> pteague: add more ram so swap becomes a (nearly) non-issue
<dennda> Hi. I just upgraded a freshly installed dapper system to hardy using update-manager-core and now the kernel log daemon, klogd, needs ages to restart itself. Is that a known issue?
<_ruben> and i dont think there's much performance difference, there's no raid logic applied afaik
<pteague> old hardware i'm repurposing as a mythbuntu box - amd 2.6ghz with 1gb ram i think
<dennda> \sh: didn't you manage to do that? :)
<dennda> gnarf. I restarted and can't login now because it (most likely) hangs loading the klogd
 * dennda restores and tries again... annoying
<cyris|> Hey everyone. Installing the openssh-blacklist package will prevent users with weak ssl keys from connecting to my server correct?
<\sh> dennda, nope :)
<\sh> dennda, I need to do it still on my old rooty ;)
<ScottK> cyris|: ssh/ssh, but yes.
<cyris|> ScottK, ah yes that what i ment :D
<dennda> \sh: I was under the impression that I read a posting of yours where you happily claimed you updated your ubuntu boxes to hardy RC
<dennda> if this fails again I'll need to annoy somebody :)
<ScottK> He did, but from Gutsy, not Dapper.  I've done a bunch of Gutsy -> Hardy upgrades with no trouble I didn't bring on myself.
<dennda> ScottK: this is a completely basic dapper install. I did not do anything to it other than adding dapper-updates, installing update-manager-core and executing the upgrade dapper -> hardy. and that failed. I'll give it another shot
<\sh> dennda, nope...I installed the RCs on a virgin box...
<dennda> ah ok
<dennda> I don't have physical access
<ScottK> dennda: Reporting bugs is useful.  It's 8.04.1 that's aimed at supported Dapper -> Hardy upgrades.
<emgent> someone know who is DaD sysadmin ?
<ScottK> emgent: Lutin or Adri2000
<dennda> ScottK: oh. that's the first time I read that
<emgent> ScottK: thanks
<cyris|> I'm not findnig the openssh-blacklist package in the repo's, anyone else having this problem?
<dennda> http://www.ubuntu.com/getubuntu/upgrading#head-e059d5452a24b50d09c64df48058ef2d834eb197-2 <-- doesn't say anything about it
<ScottK> dennda: It's in the Hardy release notes.
<immesys> I'm setting up a high load samba server. What is the best filesystem to use?
<dennda> gnah, 3rd of july
<dennda> definitely can't wait that long
<ScottK> Actually I looked and it's not in the release notes.  I swear it was there at one point.
<ScottK> In any case developers are still working on making upgrades go better, so reporting bugs in Dapper -> Hardy upgrades is useful.
<dennda> any way I'll need a punching ball in case it fails again :)
<dennda> yeah I'll do that
<dennda> .oO(though I am a bit surprised how recent the django version of dapper is...)
<dennda> again... starting klogd lasts forever
<ogra> sounds like a missing loopback device or broken localhost entry in /etc/hosts
<cyris|> after installing the openssh-blacklist, is a restart of the openssh-server required? or another futher configuration?
<dennda> ogra: are you talking to me, oliver?
<ScottK> cyris|: When you install the update it gets restarted.
<ogra> dennda, well, was just a comment generally spoken o the room ... :) but yes, referring to your klogd
<ogra> s/o/to/
<dennda> ogra: I can tell you what the contents of the files are if you like
<dennda> maybe you have an idea what is wrong
<ogra> ifconfig -a .... check if loopback is up
<ogra> and look into /etc/hosts
<dennda> UP LOOPBACK RUNNING
<dennda> aaand:
<cyris|> ScottK, ok I think I have a problem then. I know that a particular user account has a weak ssl key, and yet after installing the blacklist package they can still shell in.
<dennda> ogra: http://paste.pocoo.org/show/50164/
<ogra> cyris|, sudo ssh-vulnkey -a
<ogra> cyris|, what does that give you ?
<cyris|> ogra, hello :D um I don't have ssh-vulnkey, I was using the dowkd.pl script to test for weak keys
<ogra> dennda, hm, looks fine
<dennda> after 10 minutes or so it is now reported that restarting of klogd FAILed
<ogra> cyris|, dont do that and finish your upgrae first :)
<ogra> (dont use dowkd.pl i mean, its known to not catch all keys)
<ScottK> cyris|: Do what ogra says.
<dennda> at least I let it finish now
<dennda> let's see what happens
<cyris|> Wow, ok I ran apt-get upgrade yesterday and I'm sure it updated openssl, but now there is new upgrades?
<ogra> they were held because you didnt install the blacklist package yet
<cyris|> OH! makes sense I guess
<cyris|> Ok so with this update, will it regenerate all keys detected as weak? or am I going to have to do this?
<ogra> (and thats why i asked you to check with the vulnkey proggy, that comes only with the upgrade, so i know you are outdated still ;))
<pteague> GRUB loading, please wait... \ Error 17
<ogra> it will regenerate what it can ... i.e. ssh server/host keys but not the user keys
<pteague> woohoo!
<dennda> gnarfgnarfgnarf
 * dennda files a bugreport and curses
<cyris|> Ok. so now I'm up to date. So it regenerates the host keys for this server correct?
<ogra> dennda, thats a real machine or one of the hosteurope vhosts ?
<ogra> cyris|, sudo ssh-vulnkey -a  will now tell you
<ogra> it checks all keys it can find
<dennda> ogra: vps
<ogra> you know that doesnt allow to upgrade the kernel right ?
<dennda> yes
<ogra> it uses the host kernel
<dennda> I know
<ogra> which definately leads to probs
<dennda> what do you suggest? disabling klogd?
<cyris|> ogra, Some compromised keys were detected
<ogra> dennda, talk to hosteurope support
<ogra> dennda, well, and as short term solution yes, disable what breaks
<ogra> cyris|, fix these then
<ogra> the output should tell you the filenames
<dennda> ogra: they will tell me that hardy is not supported
<ogra> well, they know why
<dennda> ogra: just put exit 0; before anything else in the startscript?
<ogra> mv the S file in /etc/rc2.d to be a K file
<ogra> else upgrades will overwrite your changes
<ogra> or rcS.d wherever klogd sits
<cyris|> ogra, the only problem i'm having now is the entries in my /root/.ssh/authorized_keys2 . should I just remove this file or clear it?
<ogra> or the lines in doubt
<ogra> as you like
<dennda> ogra: mv S11klogd K11klogd ?
<ogra> dennda, right
<ogra> that way update-rc.d in the package wont touch the setup (just removing it or changing the content would bring it back on updates)
 * dennda just left repair mode. let's see if it works
<ogra> dennda, the question is really what else is broken
<ogra> i bet udev might run into probs with an old kernel as well for example
<dennda> so you suggest using dapper until the problems are sorted out?
<dennda> (if they are ever being sorted out)
<cyris|> alright, so if ssh-vulkey -a doesn't detect any compromised keys, am I good to go get a coffee? :D
<ogra> well, the problem is on hosteurope side nothing ubuntu could do about that
<ogra> cyris|, enjoy as long as its hot :)
<dennda> didn't work anyway
<dennda> well, let's hope that dappers packages are recent enough for me then
<dennda> django seems to be
<cyris|> ogra, one more question tho if you don't mind. Do each of my users have a ssl key since they use ssh ? I have about 20 users who shell in.
<ogra> well, you should check their keys as well indeed
<ogra> ssh-vulnkey takes filenames as option
<cyris|> ogra, ssh-vulkey won't detect these keys?
<cyris|> ogra, hrm no fast way to do this?
<dennda> ogra: I shall not report a bug then?
<cyris|> ogra, as you can see, i have some reading to do, but im just wanting to get this machine all patched up :D
<dennda> whilst we are at it: dapper is not affected by those ssl bugs, is it?
<ogra> dapper isnt
<ogra> dennda, well, ymmv no idea where you get with such a bug, mention in any case the setup and the vhost
<cyris|> ogra, do users use the host keys on the system ?
<ogra> users use their keys in ~/.ssh usualy
<cyris|> ogra, hrm ok. so can a user shell in if they dont have a .ssh directory?
<uvirtbot> New bug: #230174 in openssh (main) "[Gutsy] ssh installation results in COMPROMISED keys" [Undecided,New] https://launchpad.net/bugs/230174
<cyris|> ogra, or are those directories used to store know_hosts ?
<ogra> that as well
<zul> mathiaz: for the dovecot SRU im just writing up the testcase now so they setup dovecot with SSL, Run the create user script and then they run the test script correct?
<mathiaz> zul: yeah - you could also add to set the login_max_process_count option to 4
<mathiaz> zul: hardy should timeout quickly
<zul> coolio thanks
<cyris|> ogra, thanks for your help today, going to have a coffee and I'm going to start fixing up this other machine now :S
<ogra> good luck :)
<zul> mathiaz: dovecot uploaded
<zul> to hardy-proposed
<pteague> whee! grub error 17 again... guessing i need to fix an mbr
<troja> Hi all
<troja> Anyone with info about held back packages, OpenSSH server and client for Hardy.  Launchpad nada
<troja> Sorry kept back packages
<Deeps> install openssh-blacklist
<ScottK> troja: sudo apt-get dist-upgrade
<ScottK> That will install the new package.
<troja> Yup... installing  :)
<troja> We have a mess in Sweden with archive servers 1 week behind and all the notes about this issue.  USN 614-1 to 4
<ScottK> Security updates should come from security.ubuntu.com, not from a mirror.
 * delcoyote hi
<troja> ScottK... nope nada but after changing sources.list it was OK except the blacklist package and kept back packages....
<_Nicke_> ScottK: My upgrade from Gutsy to Hardy changed my sources.list to use se.archive for hardy-security too, fwiw
<_Nicke_> not sure if that's caused by me or something...
<_Nicke_> uhm, never mind.. gutsy-security was handeled by se. for me too it seems (now I wonder when that happened)
<ScottK> Dunno.  Mine all say http://security.ubuntu.com/ubuntu.
<_Nicke_> yeah.. I have security. commented out for feisty-security.. but that's it.. oh well, probably my fault somewhere
<Koon> Hmm. in my case it also downloads from fr.archive.ubuntu.com
<Koon> for security
<Koon> I suppose when you select a specific source server in the GUI it changes them all
<giovani> another reason not to use that gui
<giovani> mine is security.ubuntu.com for gutsy
<mathiaz> Koon: I don't think that the -security are changed.
<troja> Mine was totally default, installed 1 week ago.
<troja> Bug  ?
<Koon> mathiaz: testing right now
<SuperLag> Okay. The LVM configuration during the install doesn't make sense to me.
<mathiaz> better to always point to security.ubuntu.com for -security.
<mathiaz> security updates are copied to -updates and thus hit the mirrors in a matter of days.
<Koon> mathiaz: it changes them all
<Koon> all uncommented deb abd deb-src lines
<SuperLag> I thought you'd create the PV, then you'd partition
<SuperLag> but you separate the PV into partitions, then add them to LVM??
<troja> SSH restarded but
<troja> "Read from socket failed: Connection reset by peer"
<troja> Client keys removed within the  host_known file ...
<troja> The client also got a bunch of packages....installed
<troja> Time for the keyboard and screen again for the server....???
<giovani> did you regenerate the keys on the server-side like the ubuntu package forces you to do during installation?
<Koon> mathiaz: that's strange... I fixed the file and changed again from the GUI : it didn't touch the security deb lines
<Koon> mathiaz: so that would mean it only replaces last servername by the new (which is good)
<Koon> mathiaz: but I clearly didn't modify the deb security lines myself... and it's a very recent 8.04 new install
<troja> giovani...I got the Debconf screen on the client but not the server.
<troja> Probably time for the keyboard and screen...  :)
<Koon> I suspect some installer thing. for localized installs it replaces all lines with the local server
<Koon> I'll recheck with a fresh install next time I do one
<giovani> troja: ... that's not good -- what release?
<troja> giovani ... Hardy  well it was a package mess within the SSH server, dpkg --reconfigure -a solved it.
<troja> I can talk to my magic box again...:)
<troja> Thanks all !
<Deeps> trying to write a shell script, got a line abcd.12.34.efgh, trying to match using ([a-z]+).([0-9]+) and pull out abcd and 12 into separate variables. any tips?
<Deeps> the regex itself works, i just cant work out how to make it return match values based on the parenthesis
<uvirtbot> New bug: #230344 in openssh-blacklist (main) "bug in ssh-vulnkey - ref USN-612-2 (dup-of: 230029)" [Undecided,New] https://launchpad.net/bugs/230344
<good_dana> where can i find out if i'm affected by the ssh vulnerability? i just updated 2 of my servers and neither of them had any ssh updates
<giovani> good_dana: what ubuntu release are you running?
<good_dana> 6.06 LTS
<good_dana> server
<giovani> good_dana: any keys *generated* by that machine are not affected
<giovani> however, you may have vulnerable keys for users sitting on that server generated elsewhere -- there's a utility from debian that can check keys (although it's far from perfect -- lots of false positives and negatives) http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
<good_dana> giovani: thanks for your help
<giovani> good_dana: no problem
<giovani> the debian wiki has more comprehensive documentation on checking all sorts of keys on your system: http://wiki.debian.org/SSLkeys
<giovani> worth reading
<Fenix|work> Greetings
<Fenix|work> how do I find a fast mirror?
<Fenix|work> Is there a tool?
<sergevn> people going to NLUUG in Ede tomorrow?
<giovani> Fenix|work: pick a mirror close to you ... and test the speed -- mirrors have varying bandwidth, and it depends on the time of day, and changes over time ... there aren't THAT many to test nearby
<Fenix|work> giovani, I have no problem with testing mirrors myself... I was curious if there was a utility that picked a regional set of mirrors and did a test on which was most efficient
<giovani> never heard of such a utility, nope
<giovani> although googling quickly returned this: http://ubuntuforums.org/showthread.php?t=251398
<giovani> definitely not official
<Fenix|work> k... coming from gentoo, I guess I was spoiled :)
<giovani> not really ... there's little point
<giovani> I max out 50Mbps lines with my local mirror
<Deeps> i get better speeds from distant mirrors than i do from my local mirror
<Fenix|work> I have a 10Mbps line and I'm only downloading at about 80KB/s from my locals
<giovani> Fenix|work: if you're testing during a big use time ... like during a new ubuntu release, most mirrors are packed
<giovani> Fenix|work: where are you located?
<Fenix|work> Toronto Canada
<giovani> try MIT
<giovani> I'm pulling over 30Mbps from them right now
<Fenix|work> k
<Fenix|work> so I just add the mirror to /etc/apt/sources.list?
<giovani> http://ubuntu.media.mit.edu/ubuntu/
<giovani> yup -- and do a 'sudo apt-get update'
<giovani> (you'll want to replace your other mirror with that one)
<giovani> not just add it
<Fenix|work> deb http://ubuntu.media.mit.edu/ubuntu/ gutsy main restricted
<giovani> that'll do it for the main gutsy set ...
<giovani> I have gutsy, gutsy-updates, gutsy-backports -- with main, restricted, universe, multiverse for all of them
<Fenix|work> I have a huge long list in my sources.list
<giovani> right ...
<giovani> that's normal
<Fenix|work> can I safely remove all the deb entries and replace with what you suggest?
<giovani> ... not ALL of them
<Fenix|work> (or comment out)
<giovani> just the ones that are currently set to your mirror
<giovani> i.e. deb http://us.archive.ubuntu.com/ubuntu/ gutsy main restricted universe multiverse becomes deb http://ubuntu.media.mit.edu/ubuntu/ gutsy main restricted universe multiverse
<Fenix|work> ok, so I can comment out the 4 multiverse the 4 universe and 2 gutsy-updates?
<giovani> I'm confused
<giovani> pastebin your sources.list
<giovani> that'll be easier
<Fenix|work> http://rafb.net/p/DpGDGx33.html
<giovani> yeah, let me clean that up for ya
<Fenix|work> sweet.  thanks
<giovani> backup that file
<giovani> and start fresh with this: http://rafb.net/p/Wo1ELu40.html
<Fenix|work> weee ... aptitude update right now
<giovani> apt-get > aptitude :)
<Fenix|work> yeah... aptitude remove ubuntu-desktop will at least remove all packages in the metapackage if used with aptitude install ubuntu-desktop :)
<Fenix|work> can't say the same with apt-get remove ubuntu-deskop
<uvirtbot> New bug: #230393 in mysql-dfsg-5.0 (main) "Mysql socket file breaks PHP/Perl/etc..." [Undecided,New] https://launchpad.net/bugs/230393
<giovani> Fenix|work: that's just because you don't know how to use it :)
<giovani> apt-get autoremove
<Fenix|work> doesn't work
<Fenix|work> I tried it :)
<giovani> it does work ...
<Fenix|work> just removed the meta package, nothing else
<Fenix|work> but I ended up removing all the packages from within the meta package manually so I'm clean
<giovani> why did you want to do that in the first place?
<giovani> if you don't want the desktop metapackage ... that's what the alternate/server install is for
<Fenix|work> yeah... someone else thought using XDMCP and a windows X-server would be nice
<Fenix|work> out of curiousity ... any particular reason why aptitude is holding back openssh-client, openssh-server and ssl-cert ?
<reya276> my company is currently running a fiesty fawn (7.04) with Postfix installed and apache2, can I upgrade to hardy 8.04 without any problems, Fiesty install was was excellent with no issues at all. So can I upgrade this particular sever/distribution?
<lamont> reya276: the supported path is "via gutsy (7.10)"
<giovani> reya276: upgrades are often messy, I would never do them on a live business-critical server unless you're quite experienced and confident in fixing problems
<\sh> bah....#230393 is not mysql..it's the app fault to not look in the right location
<reya276> ok so I can't upgrade the server to hardy unless 7.10 is installed
<giovani> you CAN, but that's not the supported method, according to lamont
<reya276> oh crap, this mean I will loose my postfix config complete with all the users on the server, oh man this is not good
<giovani> ... who said that?
<reya276> no just me panicking that's all :-D
<giovani> reya276: I think you're misinterpreting what's been said
<giovani> nobody said you'd lose your configuration
<reya276> right
<giovani> so then why did you just say that?
<reya276> ok so how should I go about this?
<lamont> reya276: do-release-upgrade is your friend
<reya276> huh?
<reya276> what do you mean?
<giovani> reya276: http://www.ubuntu.com/getubuntu/upgrading
<\sh> reya276: the fun part about sysadmin ship is: knowing the path is not going the path..you need to test your upgrade with a similar install first...then you can plan your downtimes and know about the pitfalls
<Fenix|work> reya276, I think he's referring to this
<Fenix|work> https://help.ubuntu.com/community/HardyUpgrades
<lamont> reya276: one of those urls...
<Fenix|work> I'm now ready to do-releasy-upgrade
<giovani> well first he needs to do this: https://help.ubuntu.com/community/GutsyUpgrades
<reya276> oh that's not good, I have no other servers with the same hardware specs to test this on, hell no other server period
<lamont> apt-get install update-manager-core; do-release-upgrade  (note that do-release-upgrade from gutsy->hardy still wants the -d (development) flag, which I understand will go away in 8.04.1 time
<ScottK> reya276: Then bulid a similar software configuration on a desktop box.
<\sh> reya276: the hardware is not that important...use a vmware instanz with feisty and upgrade via gutsy to hardy...you need the same software layout
<giovani> reya276: business-critical servers always need upgrade testing ... you can't ever do upgrades on live systems and hope everything to come up 100% perfect
<\sh> s/instanz/instance/
 * \sh hates speaking denglish
<lamont> if it's real live scary "can't afford any downtime and no way to pre-test" production, then you have a real problem, regardless of what you're running...
<lamont> giovani: depends on how you define "business criticial"
<giovani> lamont: well "business critical" is self-defining
 * lamont just did a reasonably blindish (remote) dapper->hardy upgrade on a machine after confirming that 2-4 hours down time was "no problem".
<giovani> if it's critical to your business ... you cannot afford hours of downtime ... in any business I've seen
<\sh> "if you fcking bloody spam sending software is not working again, I'm jobless"...is this business critical ? ,->
<lamont> and it's the primary mail server for that organization
<\sh> giovani: you can afford hours of downtime, when you announce it correctly to your customers and clients...
<giovani> lamont: a botched upgrade with a novice admin could mean a hell of a lot more than 2-4 hours of downtime
<\sh> giovani: regarding a mailserver, you should have backup
<giovani> \sh: why are you directing this at me? it's not my server we're talking about
<reya276> well this server just host our email that is all nothing else really
<\sh> giovani: it was a general remark
<giovani> I run redundant mx servers ...
<lamont> giovani: "2-4 hours of downtime" == me rebuilding the machine from scratch
<reya276> so I can take an entire saturday and sunday to do it
<giovani> lamont: and recovering email and users? congrats ... that's a lot of work
<lamont> after driving the 10 minutes to the site
<\sh> lamont: don't compare your experience with starting admins
<Fenix|work> giovani, that's what backups are for :)
<ScottK> For a mail server I've done it in 2 hours including assembling the hardware for a new box.
<Deeps> \sh: if your customers and clients are the members of staff working within the organisation, and the server in question is where they collect their mail from, i think you'll find it doesn't matter how many hours days or months notice you give ;)
<lamont> they're all on a separate disk
<lamont> which happens to have spare partitions, waiting for me to migrate off of the current root partition to the new drive(s)
<\sh> Deeps: as I said...backup is needed for essential parts of your infrastructure...but people do learn only with pain ;)
<reya276> well we are not a huge company we have only 15 people
<\sh> reya276: excuses...excuses ;)
<Deeps> \sh: difference between backups and high availability
<giovani> we don't do strict "backups" on our mail servers
<lamont> reya276: if the machine is business critical, management needs to provide at least a cold spare, if not a hot one.  or one blown powersupply can ruin your whole week.
<\sh> Deeps: backups here == I have 4 servers doing my smtp/imap stuff
<reya276> the critical apps that can't have any downtime at all are on windows server(hah hah hah, what a joke)
<giovani> we have redundant mx ... and they both feed into separate redundant SANs
<Deeps> \sh: last org i worked for had a total of 4 servers for the office, wasn't an option
<lamont> reya276: and yeah, don't compare me to any expectation.... if you're not _really_ comfortable, I'd probably leave it where it is until 8.04.1 comes out
<lamont> reya276: I've maintained postfix for over a decade, you see....
<reya276> I have had to reboot those things so many times I'm surprise no one has complaint
<\sh> giovani: now it's getting more professional...;)
<giovani> \sh: ?
<Fenix|work> reya276, that's not particularly true.  I use Exchange for mail ... and it's been rock solid.  I only reboot when patching, and even then on the hardware, a reboot only takes 2 minutes from pillar to post
<reya276> oh so just leave it until 8.04.1? when is that coming out
<\sh> giovani: sans are nothing for low profile companies...here we are talking about more money then they spend in their desktops ;)
<Deeps> reya276: 3 months after 8.04 did
<giovani> \sh: I didn't say we used big iron commercial sans
<Deeps> reya276: with each subsequent point release 6 months later
<reya276> huh?
<giovani> they're home-brew
<\sh> giovani: you mean low coast storage servers and iscsi technique?
<reya276> 3 months so August
<\sh> s/coast/cost/
<\sh> damn I'm overworked
<Fenix|work> iSCSI has been quite effective for my place
<giovani> \sh: we use SAS drives and hardware iSCSI
<Fenix|work> as it is, I have 28TB of iSCSI storage, and another 30TB with SAS
<reya276> oh crap, I just check the version of the server and is the actul desktop version of feisty, oh boy this is not good
<\sh> giovani: I'm using areca raid6 + 16 sata drives on a special sas backplane...makes 7TB brutto
<\sh> per machine
<giovani> \sh: yeah, I use areca's stuff at home ... on my 14TB media server
<giovani> it's pretty nice
<\sh> giovani: which release? somehow we got bad arecas these days (= areca host adaptor raid6 first release *crap*)
<Fenix|work> we've been using iSCSI products from Promise
<Fenix|work> their vTrak product line
<giovani> \sh: release?
<giovani> release of what?
<Fenix|work> giovani, he's using a desktop version of feisty
<Fenix|work> not alt/svr
<\sh> giovani: of the adaptor...they send out different hw layout releases with the same model no.
<giovani> Fenix|work: I just saw that :) -- I'm putting my head in the sand, I don't want anyone to see me cry ;)
<Fenix|work> haha
<giovani> \sh: I don't know ... I'd have to look it up
<reya276> on postfix is it possible to backup the existing config and then restore it
<Fenix|work> \sh, what do you use for the iSCSI HBA?  Software or hardware?
<giovani> \sh: I've considered moving to Solaris and ZFS for my next media server installation
<reya276> because if I can do that then I should be able to just wipe out the system and do a fresh install
<giovani> and doing software raid
<\sh> Fenix|work: I'm now using openiscsi software...or if hardware -> netapp
<Fenix|work> would you consider qlogic?
 * Fenix|work sighs
<Fenix|work> netapp = qlogic
<Fenix|work> tough day
<giovani> Fenix|work: yeah, qlogic has looked good to us
<giovani> netapp is not equal to qlogic
<giovani> Fenix|work: ever consider moving from iSCSI to FCoE?
<giovani> we've been looking into it
<Fenix|work> same here
<Fenix|work> but from a price/performance point it was too expensive
<giovani> yeah
<Fenix|work> we don't need high-availablity
<Fenix|work> we need lower speed storage
<giovani> are you guys virtualized at all?
<Fenix|work> partially
<giovani> vmware? xen?
<Fenix|work> vmware
<Fenix|work> using 6 ace
<giovani> ohh, desktops
<Fenix|work> integrating with the intel virtualization
<\sh> development == yes...but product runs on real hw...
<giovani> why not VDI?
<Fenix|work> well I'm using ACE
<Fenix|work> haven't reached that level yet :)
<giovani> ah :)
<Fenix|work> we started looking at virtualization quite recently actually
<giovani> what industry are you in?
<Fenix|work> we've been buying up HP DL380 G5's a lot lately and when they come with a quad core standard... it made sense to look at virtualization
<Fenix|work> that is a very good question.  I don't quite know how to describe it
<Fenix|work> I guess we're in the Remote Sensing / Positioning / Orientation market
<Fenix|work> lots of data aquisition, engineering, manufacturing, etc
<giovani> ESP? ;)
<giovani> alright
<Fenix|work> ESP?  Extrasensory perception?
<giovani> well you said "remote sensing"
<giovani> (it was a joke)
<Fenix|work> you hear of the DARPA Urban Challenge?
<giovani> yea
<Fenix|work> our product was on 20 of the competitor vehicals
<Fenix|work> vehicles
<giovani> ah, nice
<giovani> we're a bit more industrial than that
<Fenix|work> and was onboard the 1st place, 2nd place and 4th place vehicle
<giovani> but in manufacturing
<\sh> Fenix|work: use the DL385 with dual quad core...or if intel finally scales with the memory channels...hmm...
<Fenix|work> giovani, and we were bought out a couple of years ago by Trimble
<Fenix|work> \sh, we have no real need for dual quads yet
<Fenix|work> our servers are more for storage than processing
<\sh> Fenix|work: for esx it just nice..just setup one of the new dl365 with dual quad...
<Fenix|work> although I've got my eye on 2 dual quad proliants for a SQL server cluster
<Fenix|work> run 64bit, 32GB RAM each...
<Fenix|work> but that's on next years budget wishlist
<Fenix|work> anyone have some better docs on setting up a cvs server on ubuntu?
<\sh> cvs?
<Fenix|work> the info I've been able to find is a little on the sparse side
<Fenix|work> some use cvsd, others no.
<Fenix|work> yeah... you heard me... no typo
<Fenix|work> cvs
<giovani> :)
<\sh> cvsd is the hell...why not cvs + ssh and a nice little ldap setup? ,-)
<Fenix|work> that may work
<Fenix|work> have no frakin' clue how to implement it
<giovani> SVN > CVS ;)
<Fenix|work> giovani, you have to know the situation here
<\sh> Fenix|work: apt-get install openssh-server cvs
<\sh> and think about a good group structure first
<giovani> Fenix|work: no, my opinion is the gospel truth ;)
<\sh> then you implement ldap and add it to ldap and nsswitch.conf ... don't ever use sudo-ldap
<Fenix|work> Engineering Dept asked me to set up a cvs server as a pilot project... which then turned out to go live right under my nose
<Fenix|work> it's on a clone, using Gentoo ...
<Fenix|work> so we're moving the exisiting repository to new hardware and Ubuntu... then they'll look at SVN
<giovani> ok
<\sh> I had it running on around 2000 servers....sudo-ldap is crap...and I didn't want to pay the dev the implementation of the "!" and "host" sudo stuff
<Fenix|work> \sh, I'm presently in the middle of do-release-upgrade
<Fenix|work> I initially set up the box with gutsy
<Fenix|work> so hardy here I come :)
<giovani> heh
<\sh> Fenix|work: fun :)
<Fenix|work> oh... is this putting me on LTS?
<cyris|> it will
<Fenix|work> yay
<giovani> of course it is
<giovani> LTS is the good-ness
<cyris|> these openssl updates seemed to have screwed up my slapd.conf :S
<\sh> cyris|: yeah...this was fun this morning..
<Fenix|work> brb
<cyris|> \sh, yeah, mind you I only have 2 ubuntu servers to fix up and man I don't know a heck of a lot about openssl and openssh, only that I should use them :D ogra helped out alot.
<cyris|> err HAD 2 servers to fix
<\sh> cyris|: yeah ogra fixed me, too, in 2005 ;)
<cyris|> \sh, any idea why I can't specify TLSCipherSuite in my slapd.conf ?
<cyris|> if I comment it out, slapd runs fine, but im having problems with pgina (windows clients) authenticating
<\sh> cyris|: no...:( at least not now anymore...I'm too tired
<\sh> I'm happy if I'm able to update my ubuntu mirrors still...
<cyris|> \sh, I hear ya
 * \sh needs to talk to my ISP to upgrade from 32mbit/s to more then that for less money
<\sh> and /me needs to talk to doko
<cyris|> \sh, crap, what you doing with all that bw :D ?
<cyris|> \sh, I'm loving my 7mbit down 1mbit up at home
<\sh> cyris|: that's my private line :) cable tv internet connection
<\sh> cyris|: problem is the more down the more up I have...which I need
<\sh> and sdsl is no option where I'm living
<cyris|> \sh, i believe only adsl is available in my area
<giovani> \sh: where do you live?
<Fenix|work> ah maaaaaan... it installed x and gnome
<\sh> giovani: in germany, in the south, near to the rhine and round about 6KM from france...a 600 soul village, where you can get 6Mbit/s adsl of our beloved german telekom, or 32Mbit/s down/2Mbit/s up of our local cable tv provider :)
<cyris|> UGH another openssh update ?
<giovani> \sh: ah, I have a bit of family in germany
<\sh> giovani: everyone has  as I learned from people living in NC ;)
<giovani> cyris|: fixing bugs in the tools
<giovani> \sh: haha
<cyris|> giovani, yeah
<giovani> \sh: well, family I visit frequently :)
<\sh> giovani: where are you living?
<giovani> New York City
<\sh> giovani: ah...that was next on my list of "need to visit locations" since they changed the law
<giovani> which law would that be?
<\sh> giovani: actually there are many laws they changed since 9/11
<giovani> ah, I'm sure
<giovani> all crazy
<\sh> yes...
<Fenix|work> what's the difference between server install cd and alt install cd?
<giovani> I haven't been to South Germany in many years ... probably 12 or so
<infinity> Fenix|work: Which packages are installed by default, and which are shipped on the ISO.
<infinity> Fenix|work: The installer is the same, though.
<giovani> Fenix|work: the alt install cd is oriented at desktop users, the server install is oriented at servers
<\sh> I was visiting dubai in october 2001...that was fun going through heathrow
<Fenix|work> so aside from the 5 points they make for the alt install... nothing
<infinity> Fenix|work: Server gives you a different default kernel, and offers some server-specific tasks.
<\sh> giovani: if you are around and you want to meet some fellow ubuntu guys, just ping...a bed is always free here at my place :)
<Fenix|work> the upgrade from gutsy to hardy has reinstalled ubuntu-desktop it appears
<giovani> \sh: hah, thanks for the offer, my german is god-awful
<giovani> I always forget most of what I learn as soon as I leave
<giovani> most of my family is near Offenbach
<giovani> some a bit more north near Kassel
<\sh> giovani: my future wife comes from cameroon, I was living 8 years with a ZA born indian..so a) I know english (well not enough to write and speak and can b) communicate and c) there is still the piece of paper ;) you could also try some french .. but don't expect an answer..:)
<Fenix|work> \sh, does the server install automatically detect cciss!c0d0?
<\sh> Fenix|work: yes
<Fenix|work> weeee
<Fenix|work> nice
<Fenix|work> I may just reinstall
<giovani> \sh: that is an incredibly varied history your family has :)
<jimcooncat> opinion please: courier-imap or dovecot or ?
<\sh> Fenix|work: smart arrays are known to work since anges for debian...the problem we had during dapper?feisty?gutsy? was lilo not to know anything about cciss devices...so colin fixed it in lilo maintainer script and I tested it on HP hw so..yes, it knows anything about smartarrays..it does even know something about 64bit lba stuff on smartarrays regarding dl320s machines of hp
<\sh> giovani: at least, when you visit offenbach, just give a ring and come around :)
<giovani> \sh: haha, will do
<\sh> s/anges/ages/
<Fenix|work> nice, I think I'm just going to reinstall
<giovani> jimcooncat: personal preference -- dovecot
<\sh> jimcooncat: cyrus imapd ;)
<Fenix|work> nice... downloading at 1.0MB/s on torrent
<\sh> jimcooncat: it depends on what you want and expect for your imap server ;)
<jimcooncat> not much, just to have it work with imapsync, and provide occasional access with Tbird. I'm going to be using it as a backup to our hosted Zimbra.
<maek> anyone happen to know how to get apache to serve up the contents of a mounted iso? I keep getting 403's perm denied but all the permissions are fine.
 * \sh tends always to cyrus, because it's stable and not using maildir
<\sh> but it really depends on the usecase
<jimcooncat> thanks giovani \sh
<giovani> maek: the permissions are probably not fine ... #apache is more relevant though
<JanC> \sh: I never used Cyrus, what does it use instead of maildir?
<\sh> if nothing helps...mount -t iso9660 -U www-data /dev/cdrom /foobarmnt
<JanC> mbox ?
<\sh> JanC: it uses single files for the mails (just like maildir) but /var/spool/mail/user/<imap userid> and libdb* index
<JanC> hm, and the advantage over maildir?
<\sh> JanC: so you don't need to add user homes for the accounts...(and yes I know it's not needed for maildir, but since I got rid of qmail I'm tired of <whatever>/Maildir/{new,cur,tmp}/
<JanC> hehe
<\sh> JanC: for me? I have a (only for my user) an imap spool of round about 5G...it's just speed...and it fits perfectly with my postfix+mysql+imap setup since my gentoo times, means since 2002
<maek> giovani: ok, just wondering if someone knew a trick. thanks
<JanC> my maildirs only take Â± 2 GiB for now  ;)
<\sh> fun part...apache2 stopped working, but postfix+mysql+cyrus was just working as expected when I had a load of 100
<JanC> (using dovecot)
<JanC> nice
<\sh> JanC: as I said, it depends on the usecase...cyrus is something for really big setup..the cluster configuration for cyrus is great
<JanC> I don't think I need a cluster yet  ;)
<\sh> I have a customer who needs it now....and something for lawful interception...
<JanC> I'm running all of my stuff on a VPS with 300 MiB RAM ATM  ;)
<\sh> Mem:   1545424k total,  1462468k used,    82956k free,        4k buffers
<\sh> Swap:  3903752k total,    50968k used,  3852784k free,   537632k cached
<\sh> that's an old athlon XP ...
<\sh> and it's running also some webservers + the whole xmpp stuff named ejabberd
 * \sh needs to find the time to move most of the services to the new rooty
<cyris|> man this tlsciphersuite option in slapd.conf is still killing me, slowly, i feel myself melting... hah
<JanC> Mem:        307200     290940      16260          0      56556      77604
<JanC> -/+ buffers/cache:     156780     150420
<JanC> Swap:       262136       9280     252856
<\sh> cyris|: the pragmatic part of my soul says: sleep over it, and run without it until you find the solution ;)
<JanC> that's running the GParted forum and my mailserver, mostly
<cyris|> \sh, that is generally good advice. I understand what the option does, I just don't get why after installing all these updates that the option just doesn't seem to work anymore :D
<cyris|> \sh but its 12:57pm here so I got another 3hrs of work left :D
<\sh> -8 hours...west coast?
<giovani> \sh: he's in Alberta, it looks like (from the hostname)
<\sh> giovani: so it's more west ... yeah fits ;)
<Fenix|work> for ssh daemon... I need to install openssh-server?
<\sh> Fenix|work: yes
<Fenix|work> why does openssh-server want to install X libs?
<\sh> hmm?
<\sh> since when?
<Fenix|work> fresh 8.04 install and it's wanting to install x11-common
<Fenix|work> and libxdmcp
<\sh> Fenix|work: not the server install, no
<Fenix|work> yes, the server install
<\sh> never
<\sh> no way
<Fenix|work> I just downloaded ubuntu-8.04-server-amd64.iso
<infinity> Certainly not on my hardy/amd64 server...
<infinity> adconrad@loki:~$ dpkg -l openssh-server x11-common libxdmcp
<\sh> bah
<infinity> ii  openssh-server      1:4.7p1-8ubuntu1.2  secure shell server, an rshd replacement
<infinity> No packages found matching x11-common.
<infinity> No packages found matching libxdmcp.
<\sh> shermann@newzealand:~$ dpkg -l openssh-server x11-common libxdmcp
<\sh> ii  openssh-server                          1:4.7p1-8ubuntu1.1                      secure shell server, an rshd replacement
<\sh> ii  x11-common                              1:7.3+10ubuntu10                        X Window System (X.Org) infrastructure
<\sh> WTF?
<infinity> Now, if you're installing with recommends, you'd get "xauth", which installs some X libs.
<infinity> But apt-get won't do that by default....
<Fenix|work> using apt-get install openssh-server, installs 3 packages...
<Fenix|work> using aptitude install openssh-server wants to install 11
<infinity> Right, aptitude installs recommends by default.
<infinity> And openssh-server recommends xauth.
<\sh> infinity: it does by default now... /etc/apt/apt.conf.d/01ubuntu says something about Install-Recommends-Section
<\sh> infinity: and yes...my rootserver provider did something really wrong
<infinity> \sh: That's only for metapackages.
<infinity> \sh: (specifically, for stuff like ubuntu-desktop, ubuntu-standard, etc)
<infinity> \sh: Definitely not for openssh-server. :)
<\sh> infinity: ubuntu-minimal ?
<infinity> root@loki:~# apt-cache show ubuntu-minimal | grep ^Section
<infinity> Section: metapackages
<infinity> (Yes)
<\sh> infinity: and yes...not for the normal server install
<\sh> infinity: it's da bloody bug of rootserver provider...<mail...>
<\sh> mv 01ubuntu out of the way
<uvirtbot> New bug: #230466 in likewise-open (main) "Likewise uninstall, Lock login to system" [Undecided,New] https://launchpad.net/bugs/230466
<\sh> apt-get remove --purge x11-common <Y>
<\sh> infinity: btw...what do you think about bug #230393 ?
<uvirtbot> Launchpad bug 230393 in mysql-dfsg-5.0 "Mysql socket file breaks PHP/Perl/etc..." [Undecided,New] https://launchpad.net/bugs/230393
 * Fenix|work is going through brain cramps... how the hell do I set a static IP again... 
<Fenix|work> through /etc/network/interfaces right?
<\sh> vi /etc/network/interface
<\sh> auto eth0
<\sh> iface eth0 inet static
<\sh> the rest is man
<Fenix|work> address / netmask / gateway
<\sh> yes
<\sh> broadcast you forgot
<Fenix|work> don't need to specify broadcast with an ip and netmask do I?
<Fenix|work> it should be smart enough
<Fenix|work> :)
<Fenix|work> and how do I get ssh to start on boot?
<\sh> Fenix|work: regarding cisco ios...there is always 'no ip-classless' so I'm not convinced ;)
<Fenix|work> hehe
<\sh> Fenix|work: it should work out of the box after reboot
<\sh> if not it's a bug, but really this time, it does start after the installation
<Fenix|work> so I was right about x11-common?
<\sh> Fenix|work: only if you do something which is not coming from ubuntu-server ;)
<\sh> Fenix|work: move /etc/apt/apt.conf.d/01ubuntu out of the way, deinstall x11-common  (apt-get remove --purge x11-common) and everything is ok
<\sh> Fenix|work: a plain standard ubuntu-server iso cd installation IS NOT DOING THAT
<Fenix|work> I have no clue
<Fenix|work> I wasn't making up stuff
<Fenix|work> :)
<\sh> Fenix|work: telling you...ubuntu is not so "stupid" ;)
<Fenix|work> hey... for http://rafb.net/p/Wo1ELu40.html
<Fenix|work> replace gutsy with hardy?
<\sh> Fenix|work: remove the deb-src lines, you don't need them (or you are compiling your own stuff from src deb ubuntu packages) and do you really need the -partner repos? vmware running?
<Fenix|work> no and no
<Fenix|work> this was compliments of giovani
<\sh> Fenix|work: so get rid of the deb-src and partner lÃ¶ine
<\sh> line
<Fenix|work> other than that... /gutsy/hardy
<giovani> \sh: I just gave him a copy of my config -- there's nothing wrong with having deb-src in there
<\sh> giovani: it wastes bandwidth for meta stuff ;) but no...
<giovani> :)
<J_P> hi all
<J_P> I install aosftware (plone 3.1) and would like put it one rcs scripts.. There are one app the put that automatically right ? what is the name ? something liek as updaterc ?
<Fenix|work> giovani, question... I forgot to enter the FQDN of the box on setup... do I just modify /etc/hostname and /etc/hosts to use the FQDN?
<giovani> Fenix|work: that should do it
<Fenix|work> yeah, then to make it happen /etc/init.d/hostname.sh
<LeChacal> hey everyone i want to add a user account to my mail/web server and the account is only there for mail what groups should i put it in
<giovani> Fenix|work: or reboot -- that scripts gets run every boot-time
<giovani> LeChacal: you might look into virtual users if you don't want the user to be a system user
<giovani> common setup
<LeChacal> giovani: ok ill look at that, thank you
<giovani> LeChacal: what mail server are you running?
<LeChacal> giovani: what do you mean what programs or what mailbox type?
<giovani> LeChacal: you're MTA/MDA
<giovani> your*
<LeChacal> giovani: Postfix and Dovecot it will be a small server at most 5 accounts
<giovani> alright, well dovecot has a very simple flat-file config for virtual users
<giovani> that you can hook postfix into
<giovani> http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
<giovani> it's quite easy
<giovani> don't follow that word-for-word ... as ubuntu's setup is slightly different, but you'll get the general idea to play with
<LeChacal> yea i had the Dovecot ubuntu documentation page up also and i see what i need to do
<specialK> I was wondering if anybody ran into problems of not being able to ssh into a server after fixing the ssl vuln
<giovani> specialK: we had one person in here earlier who must've had a botched package install -- he dpkg reconfigured it -- and it was fine ... what problem are you having?
<specialK> http://pastebin.ca/1018327
<specialK> I get that error when I try to ssh in
<giovani> wait, you just upgraded the server or your client?
<specialK> the server
<specialK> and no clients can ssh in
<giovani> and did you personally do the apt-get dist-upgrade?
<giovani> also, what release of ubuntu is the server?
<specialK> yea
<specialK> its hardy
<specialK> sorry that one is gutsy
<giovani> and did you regen the keys then when it asked you to?
<specialK> but its also happening on my hardy one
<specialK> I have just been working on fixing my gutsy one right now
<specialK> giovani: yea
<giovani> and there were no complaints from dpkg?
<giovani> no, that one is hardy
<specialK> nope
<giovani> you're running 4.7p1
<specialK> giovani: yea sorry that was my hardy server
<specialK> but I get the same error on my gutsy server
<giovani> can you log into the server another way and do a "dpkg --reconfigure -a"?
<giovani> well
<giovani> not -a I suppose
<giovani> try dpkg-reconfigure openssh-server
<specialK> I will try that
<specialK> I was just gonna ask about why -a
<specialK> brb
<giovani> it was a bad paste, best not to run it
<specialK> ok so now it just appears to hang with I try to ssh in
<specialK> nevermind I still get the same error
<specialK> my network connection just dropped
<giovani> specialK: you reconfigured openssh-server?
<giovani> did you check to see if there's an updated package?
<giovani> sudo apt-get update && sudo apt-get dist-upgrade
<specialK> giovani: I just updated
<giovani> there have been new packages fixing others all day ... you just updated today, or just an hour ago?
<specialK> giovani: when I ran dpkg-reconfigure it just told me the keys were blacklisted and then restarted ssh and told me the keys were blacklisted again
<specialK> it didn't appear to regen any keys this time
<specialK> giovani: I updated less than an hour ago
<giovani> did you just do an upgrade minutes ago? or earlier today?
<giovani> ok
<giovani> there are known false-positives with the blacklists ... but obviously something is wonky with your setup
<giovani> I'd submit a bug report
<specialK> what data should I all submit
<specialK> and also this is happening on 2 of my machines at work and then my personal dedicated server
<giovani> ... hmm
<specialK> which is gutsy
<giovani> I've updated 5 servers, no problems
<giovani> the fact that ALL of your servers have had problems ... implies you have some special setup perhaps?
<specialK> yea everybody else I talked to hasn't had any problems
<specialK> well there isn't anything out of the ordinary setup in my ssh configs
<ogra> and sudo ssh-vulnkey -a still sees them compromised ?
<specialK> ogra: its doesn't show any keys as compromised
<ogra> (dd you regenerate all your user keys =
<ogra> )
<specialK> ogra: do you mean on the clients
<giovani> ogra: you'd have to see the error he's getting though
<ogra> well, you usually store the pub part of a key on the server in the authrized_keys file to log in via keys
<ogra> (in the users ~/.ssh dir)
<specialK> ogra: I moved .ssh to ~/ssh
<ogra> hmm
<specialK> ogra: http://pastebin.ca/1018394
<ogra> and ssh-vulnkeys only reports proper keys on your system ?
<specialK> that is the error I am getting
<specialK> ogra: I don't get any output from ssh-vulnkeys, I will go run it again and verify
<ogra> you should get output if you run it as: sudo ssh-vulnkeys -a
<specialK> yep no output
<ogra> then you dont have any keys
<ogra> it should tell you about proper keys as well as broken ones
<cyris|> specialK are you using the -q switch ?
<specialK> cyris|: for what
<ogra> err. sorry its ssh-vulnkey
<ogra> no s in the end
<cyris|> specialK: for ssh-vulnkey
<specialK> ogra: when I run dpkg-reconfigure it just says my host keys are blacklisted restarts ssh and then says that again
<cyris|> specialK: cause using -q would cause no output
<specialK> cyris|: no I was using the -a switch
<ogra> it should list all keys as "Not blacklisted: " or "Unknown (no blacklist information): "  if they are not compromised
<cyris|> specialK: ok
<specialK> anybody have any ideas/suggestions
<ogra> specialK, ls /etc/ssh/ssh_host_key
<ogra> or /etc/ssh/ssh_host_rsa_key
<ogra> or /etc/ssh/ssh_host_dsa_key
<ogra> specialK, do you have these ?
<specialK> so both rsa_key and dsa_key are there
<ogra> and the host key ?
<ogra> hmm, and why doesnt ssh-vulnkey list them ?
<specialK> ok so I got it fixed
<specialK> for some reason it wouldn't wipe my old ssh keys on reconfigure
<specialK> and this is the case on all the machines
<ogra> it only wipes them if it can
<ogra> i.e. it wont wipe protected keys
<owh> Here's a moral dilemma for me. A client who abruptly severed our relationship by refusing to pay his last invoice in full, is running a server that I installed which is likely to be affected by the latest security notice. Am I obliged to inform him of the security notice or not?
<InsomniaCity> nice one
<InsomniaCity> did you follow legal action for the last invoice?
<owh> It was not financially responsible to do so.
<InsomniaCity> hmm, fair enough.
<Nafallo> owh: depends on the contract I would say.
<InsomniaCity> well, the contract is over.
<owh> Nafallo: There is no contract.
<Nafallo> owh: then you're not :-)
<InsomniaCity> owh: I'd say you should tell him
<InsomniaCity> owh: goodwill is hard to come by
<InsomniaCity> and thats a dead easy way for you to generate some
<owh> InsomniaCity: It's not my goodwill that is at issue, it's his.
<InsomniaCity> he could end up referring you to someone, or making up part of his bill.
<InsomniaCity> well yes
<InsomniaCity> I still think you should do it, but then i'm a Nice Guy (tm).
<owh> InsomniaCity: The issue then becomes, what happens after I tell him?
<InsomniaCity> nothing that involves you, you're not obliged to.
<InsomniaCity> also, you may be over analysing - for all you know he hired someone else to look after the server, and its already patched.
<owh> InsomniaCity: While possible, I think that it is unlikely.
<InsomniaCity> I think you should tell him, with a postscript that you'll fix it for the last invoice owed, plus an appropriate hourly consulting fee.
<owh> So, you're basically saying that it would be morally responsible to notify him, but not legally required.
<InsomniaCity> Then once he coughs up, you do the work, then say goodbye.
<InsomniaCity> IANAL, especially not an ozzie one.
<owh> Heh
<InsomniaCity> Morally, yes, I think you should tell him.
<InsomniaCity> I'd even say you should business-wise.
<InsomniaCity> make it clear its not a threat, but offer to fix it if he brings your relationship up to date, so to speak.
<InsomniaCity> could be win/win.
<owh> Thank you for your guidance sensai InsomniaCity :)
<InsomniaCity> lol
<InsomniaCity> np
 * owh wanders off to compose an email.
<arooni-mobile> is ubuntu-server affected by that guessability in the sshd-rsa keys generated?
<soren> yes
<arooni-mobile> ok what do i need to do to fix?
#ubuntu-server 2008-05-15
<soren> a) install the security update b) replace all your ssh keys (both dsa and rsa)
<soren> b) does not include the host keys as those will be handled by the security update itself.
<owh> InsomniaCity: An added benefit of your advice is that in composing the message I made a generic version which made me think of other past clients who may be affected and who may not have a current sysadmin.
<arooni-mobile> how do i regenerate my keys on my dev boxes (keys i will copy over to the server's ~/.ssh/authorized_keys file)?
<hads> ssh-keygen
<arooni-mobile> do i need to restart my computer before doing that agian
<arooni-mobile> my dev boxes which are running ubuntu
<hads> Nope, reboots are only needed for kernel upgrades.
<arooni-mobile> ok great
<arooni-mobile> Enter passphrase (empty for no passphrase):   necessary or not?
<hads> Yes! passphrase-less keys are A Bad Thing
<hads> Without a passphrase anyone who gets your private key will be able to access any server which has your public key.
<LeChacal> what is a .phtml file and why all of a sudden is my web server severing this file and not my normal index.php file
<arooni-mobile> i was ssh'd into a gutsy box and was running:  sudo apptitue update; sudo apptitude dist-upgrade; then accidentally closed the ssh window.  now i see:     E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable);  E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?  (what should i do?  is update still running)?
<hads> ps ax | grep aptitude
<hads> LeChacal: .phtml is usually a PHP file.
<hads> LeChacal: Assuming you are using apache it will serve index files in the order specified with the DirectoryIndex directive.
<macd> arooni-mobile, just rm the lock file, and kill all apt process, and restart the dist-upgrade, if it gives you more errors, clean out the cached packages in /var/cache/apt/archives/* and /var/cache/apt/archives/partial/*
<hads> And run in screen :)
<macd> yes, that too
<macd> Has anyone had troubles with sshd after upgrade, newly generated keys from updated ssh/ssl gives errors when trying to auth via key on ssh, http://pastie.caboo.se/197206
<arooni-mobile> what does run in screen mean
<macd> screen is your best friend
<hads> http://www.kuro5hin.org/story/2004/3/9/16838/14935
<macd> when using ssh, as soon as you login type "screen", then do your stuff, to disconnect from ssh, and not loose your terminal type crtl a+d or accidental disconnects leave your terminal running
<macd> then ssh back in, and screen -r to resume, if you have more thanone screen running it'll give you pid's
<arooni-mobile> sweet action
<macd> yah
<macd> arooni-mobile, you tried mod_rails yet?
<arooni-mobile> macd, nope still running mongrel clusters
<arooni-mobile> have you?
<macd> no, I use that upload_progress plugin for mongrel, and can't figure out any other way to handle that
<macd> If I could find a way to route uploads themselves to mongrel and have mod_rails handle everything else I'd be in good luck
<ajmitch> hads: got all your boxes in order now? :)
<hads> ajmitch: Yeah, finally :) Except one SSL cert that's getting re-signed. You?
<ajmitch> yeah, it's pretty much just been ssh host keys
<hads> Most of the host keys were OK here as they were upgrades from Sarge or something, a few user keys. The main thing was checking everything.
 * macd is still having problems
 * owh loves spam filters, especially those that block incoming emails from a system administrator to the end user :-|
<owh> How do I coerce module-assistant to use my source packages, rather than the ones it thinks it knows about?
 * owh is thinking of madwifi specifically.
<LeChacal> ok i am my web server isn't severing my page anymore if you go to the site it just makes you download the page but it is the page with a .phtml file and it does it if i point to any php page so i think i some how broke php i have tried rebooting but that didnt do anything how can i restart php or something
<owh> LeChacal: PHP is run from within the server, there is no need to "restart" it. Most likely you have one of two problems, either PHP isn't actually activated as a module, or the mime-type mapping does not include a mapping for PHP.
<LeChacal> owh: well how would it get turned off is my first question then how do i fix this, all i have done is install postfix, dovecot, and squirrelmail and before i did that everything was working i have now removed all three of these
<owh> LeChacal: Well, installing squirrelmail is the only thing I can think that may have done anything as the other two don't use PHP at all. I'd start with checking the logs in the /var/log/apache* tree.
<endeavormac> i insert my ubuntu server disk, start up the machine, and then without hitting anything it immediately goes to language select and stalls
<endeavormac> usb legacy support in bios, right?
<endeavormac> i'll try it out
<LeChacal> owh: i dont see anything in logs just me restarting apache a few times nothing else in errors
<LeChacal> owh: well back to fixing for a minute if i just make a link from the php5 files in mods-available to mods-enabled and restart apache should that put php back
<owh> LeChacal: What does this return: grep -ri php /var/log/apache* - specifically look for notices in the error.log
<owh> LeChacal: Fixing a problem is not just a case of jumping in, first you find out what is broken, then you figure out how to fix it.
<LeChacal> owh: well that just dumbed all of my access.log file and error.log file which i had looked at before and didnt see anything
<LeChacal> i can pastbin if you think you would see something
<owh> LeChacal: My error log has this kind of notice: [Sun May 11 16:03:45 2008] [notice] Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.3 configured -- resuming normal operations
<owh> LeChacal: That indicates that PHP is actually active.
<owh> LeChacal: If you do not see any PHP results at all, then the module is not enabled.
<LeChacal> owh: i have one of thoughts also but it was a few hours ago before i started installing mail stuff everyone after that is just apache
<owh> LeChacal: What does this tell you: sudo a2enmod php5
<LeChacal> owh: Module php5 installed; run /etc/init.d/apache2 force-reload to enable.
<owh> LeChacal: Do that.
<LeChacal> owh: doing that didnt seem to affect php i dont see it restarting in the log i only see apache restarting and going to the site shows now difference
<owh> LeChacal: Does the error.log show PHP?
<LeChacal> owh: nothing about php
<owh> LeChacal: What does dpkg -l 'php*' tell you that is installed?
<owh> LeChacal: Better still, what does dpkg -l '*php*' tell you - specifically, is libapache2-mod-php5 installed?
<LeChacal> owh: it says that ibapache2-mod-php5 is installed and is version 5.2.4-2ubuntu5
<owh> LeChacal: What does sudo dpkg-reconfigure libapache2-mod-php5 give you?
<endeavormac> well now i have a new problem. i'm using my motherboard's raid to put two 640gb hdds together in raid 0. when i start to install ubuntu server, it tells me ata1.00: exeception Emask 0x0 SAct 0x0 SErr.... etc
<endeavormac> does anyone know if there's something special i need to do?
<owh> endeavormac: Is that hardware RAID or software RAID?
<endeavormac> hardware over the mobo
<LeChacal> owh: that restarted apache and in the log i see php restarting but it didnt change the site
<owh> endeavormac: Just because your motherboard comes with on-board RAID does *not* mean that it's hardware RAID!
<owh> LeChacal: So, now you can see PHP in error.log?
<endeavormac> well as far as i know the RAID has already been set up through the bios. i already created the raid0 with 32kb stripe.
<owh> endeavormac: That is no guarantee at all.
<endeavormac> does ubuntu server have a wiki or something where i can find more information on this?
<owh> endeavormac: If it was in fact hardware RAID, then the installer would only see one drive. By adding kernel modules it might then be able to monitor the RAID device. If you see other things, then it is likely to be software RAID. I'm looking for a nice URL for you.
<LeChacal> owh: i see this in the log ' Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5 with Suhosin-Patch configured -- resuming normal operations' and if you go to www.muncc.marmoinacademy.org see what you get but i found if you go to www.muncc.marmionacademy.org/index.php the page comes up which it didnt before\
<owh> LeChacal: So, now you need to find out why you get an error on the first link. Check error.log
<endeavormac> i just don't understand the point of setting up raid through the motherboard, and then again through the OS
<owh> endeavormac: The problem is that manufacturers are saving a few cents by not including actual hardware RAID.
<endeavormac> god damn manufacturers
<_ZeuZ_> Guys, I've developed an easy to use HTB script for traffic shaping, directed to ISPs... And I would like your thoughts on it to make it part of Ubuntu server...
<owh> _ZeuZ_: Come to the next ubuntu-server meeting and raise it.
<_ZeuZ_> owh, I'm on the mailing list, but, I don't remember when is it going to be...
<LeChacal> owh: i see this in error.log near when i tried to visit [client **.**.**.**] Negotiation: discovered file(s) matching request: /var/www/index.php (None could be negotiated).
<_ZeuZ_> I know the script needs refinement, still it would be a hit to make ubuntu-servers to go higher on the sky..
<owh> endeavormac: I cannot currently locate the link I was looking for. The best start is to google for your motherboard and raid and see what comes up.
<owh> LeChacal: Well, start by googling with that error and see what you find.
<owh> !meeting
<ubottu> Team meetings are held in #ubuntu-meeting - See Â« /msg ubottu logs Â» for transcripts.
<owh> Hmm
<owh> !nex-meeting
<ubottu> Factoid nex-meeting not found
<owh> !next-meeting
<ubottu> Factoid next-meeting not found
<owh> Crap
<endeavormac> i'm reading now and it seems that you can just hook up two hard drives, no raid through the mobo, and then when you install ubuntu server and are partioning drives you can do some voodoo magic and *raid0*
<owh> endeavormac: Yes, that is Linux Software RAID, that is different again.
<macd> endeavormac, above all value hardware raid first ;)
<owh> endeavormac: To make it "simple" there are three types of RAID.
<endeavormac> what's the performance like on linux software raid
<endeavormac> if i can get 120megabytes/sec red/write from two hdds, i'm good
<macd> endeavormac, maybe on a FC/U320 set, but nothing ata
<owh> endeavormac: Hardware RAID, an actual card that has an on-board CPU that talks to drives and does magic. It shows the drives to the OS as one drive. Fake RAID, which tries to do the same, but requires that the main CPU take care of things - needs a driver. Linux Software RAID, using the Kernel to talk to multiple disks.
<owh> _ZeuZ_: https://wiki.ubuntu.com/ServerTeam/Meeting
<hads> Hardware is good, software is good, I don't see the point in fake.
<owh> Ditto :)
<endeavormac> yeah screw fake
<endeavormac> booze + linux = success
<endeavormac> i mean raid through linux kernel = success
<endeavormac> thanks
<owh> LeChacal: It appears that your issues come from a rewrite condition.
<_ZeuZ_> so Wednesday right? gosh... one week more until I can release it? I'm not only seeking to include it in ubuntu-server but to improve it... currently it's a pretty basic ToS and QoS clasifiying with bandwidth shaping for different terminals on the lan, or on the outside...
<owh> _ZeuZ_: Not next Wednesday, the one after.
<owh> _ZeuZ_: Everyone is in Prague :)
<owh> _ZeuZ_: I'm not at all suggesting that it will be included. What you'll get is a bunch of ubuntu-server people listening to what you have to say and making suggestions.
<_ZeuZ_> Hmm.. perhaps I can send it to the mailing list...
<macd> yes do , b/c I want to see
<owh> _ZeuZ_: Well, you can start the conversation there, yes.
<LeChacal> owh: rewrite condition? doesn't mean anything to me. can you link me to the site you have found and/or tell me some more about this
<owh> LeChacal: Is there a .htaccess file in the server root?
<owh> +webserver document root that is
<owh> LeChacal: This describes the issue in another way: http://www.webmasterworld.com/apache/3161107.htm
<LeChacal> owh: well i am not sure what you call server root but the only place that i have a .htaccess file is in a squirrelmail folder not anywhere near what i would call root
<owh> LeChacal: What does this return: sudo grep -ri multiview /etc/apache*
<LeChacal> owh: i get this http://paste.ubuntu.com/12176/
<owh> LeChacal: Well, that looks pretty normal - though you should not make a habit of leaving backup files with ~ lying around.
<macd> LeChacal, owh have you tried 'sudo a2enmod php5'
<owh> macd: It's running, just doing weird stuff as well :)
<owh> LeChacal: Which files do you have in /var/www
<owh> macd:  www.muncc.marmoinacademy.org - borked    www.muncc.marmionacademy.org/index.php - woring
<owh> +k
<macd> what about the DirectoryIndex portion of the apache2.conf file?
<LeChacal> owh: i was changing that right now after reading that link that you sent me because i have several files that start with index and they have different endings
<owh> macd: Well, the site was working before squirrelmail got installed. Now it doesn't work anymore.
 * owh just *loves* PHP installers that break running web-sites.
<macd> LeChacal, what does "grep -i index.php /etc/apache2/apache2.conf"
<macd> LeChacal, return when you issue it (damn cr)
<LeChacal> macd: that returns nothing
 * owh has to go back to work and wanders off.
<macd> LeChacal, then we know your problem, add index.php to the DirectoryIndex directive in /etc/apache2/apache2.conf
 * _ZeuZ_ Notified it's intentions to add it's Routing, QoS, MAC+IP control and Traffic Shaping/managing and limiting to the ubuntu-server distro
<LeChacal> macd: i will do that for the future but moving all any file that started with index out of the root of /var/www fixed my problem also
<macd> LeChacal, yeah, this just lets it serve index.php even if index.html is present
<macd> LeChacal, FYI also thats apache admin101 ;)
<LeChacal> macd: yes and i think both you and owh for the help i just got thrown in to running this server so i have a bigger learning curve to over then i thought i see
<macd> LeChacal, if your doing alot of apache stuff, its a good bookmark http://wiki.apache.org/httpd/ also has user contributed things for some simplified tasks
<owh> LeChacal: Pleasure.
<LeChacal> macd & owh: i meant i thank both of you
<macd> LeChacal, anytime
<endeavormac> by software raid through the kernel, we're talking about LVM, right?
<hads> software RAID is software RAID, LVM is LVM :)
<endeavormac> ok
<hads> Two completely separate but often used together.. bah, they left.
<owh> hads: You get that :)
<hads> :)
<ajmitch> yay, got my debian password back
<hads> :)
<LeChacal> owh & macd: now that i have solved my problem do ether of you have suggestions on squirrelmail or another webmail program before i go back to reading on it and apache
<owh> LeChacal: Sorry, don't do webmail, I let google handle that :)
<_ZeuZ_> So do I xD
<hads> I put roundcube on one server where people wanted webmail. Seems not too bad.
<giovani> roundcube is pretty experimental imo
<giovani> I've had issues with it
<giovani> very limited on featureset -- but it's AJAX so everyone thinks it's the greatest thing since sliced bread
 * macd seconds roundcube for how nice it looks
<hads> I don't use it myself, users seem to think it's OK though.
<LeChacal> looking at roundcube makes me think i should have just stayed with gentoo server
<owh> LeChacal: Well, personally I cannot think of a better way to self-inflict pain, but if that's what you like, go for it.
<macd> LeChacal, he you could spend time emerging, or drinking beers with friends, but thats your choice ;)
<macd> Like I say, why compile when you can apt.
<LeChacal> owh: i the reason i say is because a lot of what i was reading on it was on gentoo, and the server was once gentoo before i took over and i hated gentoo
<hads> It's a PHP application, nothing to do with package management really.
<giovani> LeChacal: how does roundcube relate to gentoo?
<LeChacal> nothing really it was just reminding me of my gentoo nightmares
<giovani> and your nightmares make you think you should stay with gentoo? huh?
<LeChacal> no away from it very far away
<giovani> <LeChacal> looking at roundcube makes me think i should have just stayed with gentoo server
<LeChacal> giovani: ok bad wording there, looking back now
<owh> On a completely different note, how do I make module-assistant use my source packages, rather than the ones it knows about? I need to deploy madwifi source drivers on an end-user machine which will need to be able to deal with kernel updates without needing me to recompile and install stuff. Last time I looked, m-a + included madwifi was borked.
<macd> owh, the command line arg is -h
<owh> Whoa, not all at once ;-)
<macd> err -k
<owh> macd: Excellent, just what I needed. Tah.
<macd> man module-assistant FTW ;)
<macd> I couldnt remember myself, and I just built for 2.6.25
<owh> macd: Funny, that's what I was reading - now I'm trying to find out how to put it in the automatic configuration / conf file :)
<macd> yeah, that could be fun
<owh> I've just found the environment variable, that's a start.
<owh> KERNELDIRS
 * owh cannot recall if m-a does an automatic rebuild when the kernel changes.
<luckyone> hello everyone. can anyone help me get svn setup? I am seeing svn: PROPFIND of '/trunk//': 405 Method Not Allowed
<firecrotch> luckyone:  this error is when you try to browse to the svn repository in a web browser?
<firecrotch> luckyone: http://readlist.com/lists/subversion.tigris.org/users/4/21441.html  this may help you
<luckyone> firecrotch: not when I use a browser, via browser it works fine
<luckyone> firecrotch: it is when I try to use the subclicpse svn plugin
<macd> luckyone, are you using javaHL with subclipse?
<luckyone> macd: YES
<luckyone> macd: sorry for the caps!
<luckyone> macd: at least I think so
<macd> Let me pop open eclipse and see what the other one is, b/c I had that problem a while back myself
<luckyone> org.tigris.subversion.javahl.ClientException
<macd> yeah, theres another layer of abstraction that subversion can use, and its not JavaHL
<macd> I just can't recall where it is, or how to change it
<macd> Im poking around eclipse, but I dont see it
<macd> well, on the good side, looks like the ruby plugin got some updates ;)
<luckyone> hah
<luckyone> I just installed subclipse
<rhineheart_m>  I can't mtr yahoo.com nor do sudo apt-get update... But I can access webpages from the outside.. and I can even ssh to the box.. any idea?
<kraut> moin
<mohamed_> is there h ow setup openswan vpn client ?
<sgrover> Q: I have openvpn installed and can connect to my vpn with network manager.  Any easy way to automagically run a script (to mount directories) once the vpn connection is made?
<sgrover> I want to set up automatic mounting of the Samba shares when the VPN connection is established.
<sgrover> Grey area between desktop/server, so my appologies if this is not quite on topic..  But don't think it's that far off topic.. :)
<yann2> hello :)
<yann2> I wanted to know: Do canonical plans to provide training for particular parts of Ubuntu? Like KVM, samba/ldap/win integration etc?
<nealmcb> sgrover: perhaps you can use dbus to talk to network manager?  it might have a callback for that.  there may be easier ways also - just a thought
<nealmcb> yann2: you might also ask in #ubuntu-training (?) or ask canonical directly
<yann2> thanks :)
<sgrover> nealmcb: thanks for the lead.  Was hoping there would be an existing tool.    Probably easiest to just script it directly and put an icon on the desktop to the script...
<sgrover> bypass network manager for the VPN connection...
 * nealmcb nods
<nealmcb> but playing with dbus is fun also :-)
<sgrover> (that and I'm not very familiar with dbus at this time)
<sgrover> off to google I go then.. :)
<nealmcb> but yeah - not so much a server thing....
<sgrover> but not fully a desktop thing either.. :)
<sgrover> and you were able to give me more of a tip than I got in #ubuntu (no response there)
 * nealmcb heads towards the UDS hotel.....
<bip> hello anybody has experience using tape units with ubuntu-server ?
<bip> i have a fresh installed 7.10 server but mt commands get non answer
<bip> any hint will be gladly received thanx
<vcorreia> hello everyone
<vcorreia> has anyone been using ebox with hardy?
<vcorreia> if so, what do you make of the integration?
<elliotjhug> hi all, got a user called 'manageen' who logs in repeatedly every 3/4mins - I never added this user. Is there a check I can do over either their activities - or can I set the account to expire? (Or is there any other action you would suggest?)
<soren> elliotjhug: I'd recommend, you unplug the machine, shut it down, remove the disk, and carefully check every single bit on it.
<soren> elliotjhug: If someone's logging onto it and you didn't create the user, you've most likely been compromised somehow.
<elliotjhug> is it likely to be a virus or what?
<elliotjhug> I only checked because I noticed unusual network activity
<Deeps> it's likely that you've been rooted
<Deeps> in that, someone has gained root privledges on your machine, and created  that account
<elliotjhug> Deeps: Thanks - well I've just changed my root password (and an account with sudo)
<Deeps> recommended course of action would be, as soren said, to shut down the machine immediately
<hads> elliotjhug: That's not enough, you should remove the box from the network immediately.
<elliotjhug> hads: OK - I'd best go with that then. Thanks for the advice
<hads> And then reinstall it basically.
<Deeps> indeed, reinstall from 0
<uvirtbot> New bug: #230632 in openssh (main) "ssh-vulnkey doesnt check all keys. Also, it would be nice to extend the warning message." [Undecided,New] https://launchpad.net/bugs/230632
<dennda> aaaarg is there no django in dapper? I was under the impression that I saw it the other day
<dennda> How would you install django on an ubuntu dapper drake (6.06.2) system so that you can easily update the machine or the packages later on?
<Terrasque> hello, having a problem with my file server after upgrading from 6.06 to 8.04. Its x64, have an XFS raid5 (3tb, 7 hdd's), and after the update, if a large amount of data is written in short time to it, it stops writing data, load goes up (slowly rising, went to 36 before i killed server last time), but dmesg/messages are silent, and ps / top does not show anything unusual. Any idea?
<fromport> what kernel ?
<fromport> the standard 2.6.16 ?
<Terrasque> 2.6.24-16-server
<fromport> i've witnessed similar stuff
<fromport> i upgraded to 2.6.24-17-server which is available in the deb http://archive.ubuntu.com/ubuntu/ hardy-proposed main restricted universe multiverse repository
<fromport> 2.6.24-17-server #1 SMP Thu May 1 14:28:06 UTC 2008 x86_64 GNU/Linux
<Terrasque> and that fixed it?
<fromport> i haven't seen it since, but no warranties ;-)
<Terrasque> of course :)
<fromport> as usual: ymmv ;-)
<fromport> what disk controller do you have ? have you updated the mobo bios to the latest ?
<Terrasque> 2x Mass storage controller: Promise Technology, Inc. PDC40718 (SATA 300 TX4) (rev 02)
<Terrasque> el cheapo sata cards, basically :)
<Terrasque> and no, haven't updated bios
<Terrasque> fancy. The IO died on the system disc too, which is not in raid, and not on the same controllers. Hard reboot ftl
<fromport> hardy is using 2.6.24 which really pushes harder on acpi (is my opinion) i had a lot of problems with machines with old bios'es
<Terrasque> btw, hardy-propsed packages.. Will all those be automatically downloaded in an apt-get upgrade? or do you pick packages manually?
<ScottK> Terrasque: After testing, hardy-proposed packages get copied to hardy-updates (if there are no problems) and then you get them automatically with apt.
<Terrasque> new kernel in, rebooting. And crossing fingers and toes
<Terrasque> fromport: no crashing yet.. :) But I'm not 100% sure until ive done some more testing
<Terrasque> fromport: same happened again. New kernel did not solve it
<fromport> terrasque: :-( ..... pitty
<dennda> hm
<dennda> I removed klogd and sysklogd from all runlevels, but I still have that issue
<Terrasque> fromport: made a forum post, maybe I'll get lucky there. if not.. going back to 6.06 probably
<fromport> try to update the bios, or even better: compile a 2.6.25(or 26-rc2) kernel yourself.
<fromport> see if it is kernel related.
<dennda> what's the preferred way of upgrading ubuntu on a server? (just one release to the next))
<dennda> update-manager -d? :)
<cjsstables> hello all.  I have a quick question.  Getting ready to set up an ubuntu ltsp server. I have 900 GB of space on 3 drives.  In the partition schem where should I allocate most of the HD space?  /home?  /root?
<gouki> Has anyone configured fail2ban? I'm having problems. The regexep don't seem to work.
<gouki> the log reports the IP is banned, but for some reason I can continue to access the server.
<soren> gouki: It only blocks new connections.
<soren> gouki: Could that explain what you're seeing?
<gouki> soren: no
<gouki> Does it require the default port, or the regexp doesn't care about that?
<soren> It blocks port 22.
<nxvl> soren: when are you comming?
<gouki> soren: that's the problem right there.
<soren> nxvl: I'm here.
<nxvl> soren: i'm still in madrid
<soren> nxvl: Ah, ok.
<nxvl> soren: my flight leaves in 2 hours
<nxvl> so, se you in 5
<nxvl> :D
<radone> greetings, I have problem with cron
<radone> command: ps -ef | grep -i cron
<radone> gives: root      4112     1  0  2007 ?        00:00:02 /usr/sbin/cron
<radone> command: crontab -l:
<radone> * * * * * root echo "Runs each second." > /home/johny/smazat/cron.txt
<radone> however, the file /home/johny/smazat/cron.txt remains empty :-(
<radone> any idea?
<radone> http://pastebin.com/m59c6f729
<\sh> is * * * * * not "run every minute" ?
<dennda> lol?
<\sh> radone, that cron line will run every minute...
<\sh> there is no "second"
<dennda> do-release-upgrade did not work for dapper -> hardy, but dapper -> edgy -> feisty -> gutsy -> hardy seems to work
<radone> \sh: well, unfortunately not even minute ...
<\sh> radone, and I wonder if you can delete the "root" user as well, because crontab -e -u root is that what you have by default when you use the crontab tool...all cron scripts who are in need of the "user to run"..are in /etc/cron.*
<\sh> radone, because your line is terribly wrong
<\sh> crontab -e
<\sh> (thinking about user root now)
<\sh> * * * * * echo "foo is bar" > /tmp/palimpaloem
<radone> \sh:ok, thank you, I will give it a try and I will wait one minute
<\sh> radone, man 5 crontab :)
<radone> changed to: * * * * * echo "Runs each minute." > /home/johny/smazat/cron.txt
<radone> and got not any  result :-/
<TrioTorus> how can I find out why a certain package is kept back?
<TrioTorus> is there an apt command for that?
<ScottK> Is the certain package related to ssh/ssl/vpn?
<mok0> TrioTorus: try apt-get install the package, and you will see what will happen. You will be given a chance to abort
<dennda> Am I the only one thinking that should not be the case? Something seems to be wrong somewhere
<TrioTorus> among others: there is openssh-client and openssh-server being kept back yes
<TrioTorus> dennda: you're obviously not the only one
<dennda> TrioTorus: I am talking about dapper -> hardy upgrade failing and dapper -> edgy -> feisty -> gutsy -> hardy upgrade working
<ScottK> TrioTorus: sudo apt-get dist-upgrade will solve it in this case.  sudo apt-get -s dist-upgrade if you want to see it first (to more generally understand what's going on).
<mok0> TrioTorus: that's because they pull in a new package, -blacklist
<TrioTorus> mok0: I can see that with one of my servers. What's going on with that -blacklist package?
<mok0> TrioTorus: it contains a list of weak ssh keys
<TrioTorus> mok0: so better not upgrade yet then?
<mok0> TrioTorus: by all means, upgrade
<mok0> TrioTorus: and run ssh-vulnkey
<mok0> TrioTorus: http://www.ubuntu.com/usn/usn-612-1
<cyris||> morning everyone
<W8TAH> hi folks -- are the patches for the ssh vunerability in the repos / updates now?
<\sh> radone, /etc/init.d/cron restart .... could be that cron ran mad
<mok0> W8TAH: yes
<cyris||> people still patching up eh ?
<W8TAH> good
<W8TAH> how do i then re-gen my keys
<mok0> And folks, don't forget to remove your comprimised ssh keys from EVERY remote system that has in in ~/.ssh/authorized_keys
<cyris||> ssh-keygen
<W8TAH> cool -- thanks
<mok0> s/in in/it in
<mok0> ssh-vulnkey is your friend
<cyris||> Can anyone recommend a USER FRIENDLY web application that will allow users to change their passwords stored in openldap?
<giovani> mok0: HD More's SSL "rainbow tables" are your friend :)
<TrioTorus> cyris||: if your app only needs to do this single operation: write your own script. I have looked out for what you are asking for a long time.
<mok0> giovani: ydrk, where do you find those
<giovani> mok0: ... oh cmon ... you should know already: http://metasploit.com/users/hdm/tools/debian-openssl/
<giovani> appreciate the dilbert :)
<mok0> giovani: no seriously , I have better things to do than hang out with script kiddies... I exterminate them when they show up...
<giovani> ... if you think HD More is a script kiddie ... you're revealing your ignorance of the industry
<mok0> giovani: hereby revealed :-)
<cyris||> TrioTorus, far enough, just wanted to see if there was anything out there. I did find one project, called chpassldapweb http://sourceforge.net/projects/chpassldapweb/
<W8TAH> is there a how-to someplace on using ssh-keygen to make new keys?
<cyris||> TrioTorus, but its in Brazilian Portuguese :S
<giovani> W8TAH: http://metasploit.com/users/hdm/tools/debian-openssl/
<giovani> err
<giovani> bad paste
<giovani> http://wiki.debian.org/SSLkeys
<mok0> W8TAH: man ssh-keygen?
<giovani> W8TAH: welcome to #ubuntu-server ... we have some overlap :)
<W8TAH> mok0, its not giving me what im hoping for  -i just want it to rerun the same thing that happens at install time for keys -- i dont customise
<W8TAH> thanks
<W8TAH> giovani, thanks
<mok0> W8TAH: dpkg --reconfigure openss-server
<giovani> #dshield untie!
<W8TAH> even better
<ScottK> mok0: With an 'h' in there.
<mok0> ScottK: you're right of course... it's not the open version of Waffen SS ;-)
<W8TAH> LOL
<ScottK> Doesn't the blacklist tool regenerate bad keys on install (I don't know - I'd done all mine before it was released)?
<giovani> mok0: feel free to read up: http://en.wikipedia.org/wiki/H._D._Moore
<cyris||> ScottK, I don't think it does.
<mok0> ScottK: I think it contains a long list of fingerprints
<giovani> ScottK: I believe the new release of openssh-server did that
<cyris||> ScottK, I wasn't sure so I just regenerated
<mok0> giovani: thanks!
<giovani> it regenerated automagically
<W8TAH> dpkg --reconfigure is not working
<ScottK> The one of the openssl updates will redo snakeoil.
<giovani> W8TAH: run "sudo ssh-vulnkey" to test your keys
<W8TAH> says unknown option reconfigure
<W8TAH> ok
<mok0> giovani: Ah, I don't bother with anyone born after 1980
<mok0> :-)
<giovani> mok0: yeah, who cares how influential they are, right? :)
<W8TAH> giovani, im on ubuntu -- and ssh-vulnkey does not work, nor is it in repos to install
<giovani> W8TAH: which ubuntu release are you on?
<W8TAH> 604-lts
<mok0> giovani: ok, /me reads...
<W8TAH> fully updated
<giovani> W8TAH: you're not vulnerable
<giovani> the bug was introduced AFTER 6.04 LTS
<W8TAH> ok - that makes that easy
<giovani> only 7.04, 7.10 and 8.04 were vulnerable before updates
<ScottK> I think Edgy was OK too, but it's out of support.
<W8TAH> i need to upgrade this guy to hardy LTS but im not doing that till summer - when i can take the internet down for an exteded period
<W8TAH> ok
<mok0> giovanni: ok, I'll bump that to 1982 :-)
<giovani> mok0: who needs OSVDB, right?
<giovani> or metasploit?
<giovani> heh
 * giovani throws out half of the linux kernel developers
<Terrasque> 18:21:54 up  3:19,  1 user,  load average: 33.00, 33.07, 33.41   -- fun..
<cyris||> W8TAH, what version of ubuntu are you running ?
<W8TAH> 6.04 LTS on the firewall
<cyris||> W8TAH, oh ok
<giovani> W8TAH: we already went over this
<giovani> err
<W8TAH> which is the one im most concerned
<W8TAH> ya
<giovani> cyris||*
<W8TAH> :D
<W8TAH> ive gotta do the upgrade -- but i dont wanna take the school offline right now -- i'll wait till summer
<cyris||> giovani, sorry didn't see
<W8TAH> thanks for the help guys - this day didnt need a crisis in the middle of it
<W8TAH> :D
<giovani> :)
<mok0> most of the attacks I see are stupid brute force ssh attacks that immediately gets blocked in iptables
<giovani> mok0: you mean brute forced password attacks? not key attacks
<mok0> giovani: right
<giovani> however ... in the years to come
<mok0> I am surprised that ssh is vulnerable to key attacks.
<giovani> this will be a big vuln
<mok0> I agree
<giovani> mok0: ... it's not ... debian's ssh is
<giovani> this isn't an openssh bug
<mok0> giovani: well, you can by chance have a compromised key
<giovani> no
<mok0> giovani: the compromised keys are a legal subset of the total number of keys
<giovani> no, they're not
<giovani> normal openssl uses a different PRNG system
<mok0> it doesn't matter
<giovani> it wouldn't come up with the same seed values as the debian vulnerable ssl
<giovani> it does matter ... there are different seeds used ...
<mok0> giovani: of course it could
<mok0> those seeds could arise by chance... I admit it's small
<ScottK> giovani: Yes.  You could (although the odds are low) have a key that's in the small set generated by the bad openssl generated from a non-broken openssl.
<giovani> I stand corrected
<giovani> you're correct
<giovani> however the keys do not become "comrpomised"
<giovani> they just happen to become the target of a specific attack, they were still generated in good-faith pseudo-random
<mok0> giovani: right, but they are part of the "rainbow dictionary" set
<giovani> right
<ScottK> They are neither more nor less compromised.  Just via bad luck rather than a bug.
<giovani> right
<mok0> giovani: so, in fact openssh should be patched to make those keys illegal
<giovani> mok0: ... that may be a principle difference
<giovani> up to the openssl guys
<ScottK> openssh
<giovani> nah, the bug is in openssl
<ScottK> Different bunch.
<giovani> it just affects openssh as well
<giovani> http://www.debian.org/security/2008/dsa-1571
<mok0> giovani: yes, in fact I wish they'd go to a key size of 2048
<ScottK> Right, but if the keys are to be blacklisted, it'd have to be done in SSH.
<giovani> ScottK: and every other system that uses openssl
<ScottK> mok0: Just don't use DSA keys.
<ScottK> giovani: Yes.
<giovani> why would it have to be blacklisted at the openssh level?
<giovani> couldn't that set of seeds be discarded in the openssl generation code?
 * mok0 thought the DSA keys were the most secure ... *blush*
<giovani> when it generates the random number, it would check against a list of known PIDs
<giovani> and reject it, and generate again
<mok0> giovani: ... and the max pid number is 32767
<giovani> mok0: right ... so, all of that set
<giovani> but why would this not be able to be done within the ssl code?
<ScottK> mok0: My understanding (and I'm not an expert) is that the reason Debian used to recommend DSA over RSA was to do with RSA patents.  Now that they've expired there's no reason not to use RSA keys of whatever length you are comfortable with.
<mok0> Hmm. Well, perhaps I should regenerate my key, then. But I think I'll do it on my Mac :-)
<mok0> But perhaps Ubuntu should consider packaging security sensitive software directly from upstream source
<ScottK> Dunno.  There was a time (~20 years ago) when I knew something about cryptography.
<giovani> mok0: modifications have to be made to get everything to work together ... can't do a strict upstream tarball
<ScottK> mok0: I don't think that would help significantly.
<mok0> ScottK: I've just read Simon Singh's book
<mok0> ScottK: It would give us  a double check
<ScottK> mok0: Since install scripts have root, all packages are significant from a security perspective.
<mok0> ScottK: ... I was in fact kinda chocked to see that Debian patches the code
<ScottK> We either trust Debian and work as a derivative or not.
<giovani> ScottK: some packages affect the security of other applications, openssl being the chief one
<mok0> Exactly
<ScottK> mok0: Honestly I think most of the blame with this one lies with the openssl developers.
<giovani> mok0: still .. modifications are always made in distributions ... otherwise, nothing would fit together cleanly
<mok0> It would just be a few packages, that would get an independent audit in Ubuntu and Debian
<giovani> ScottK: .... why is that?
<mok0> giovani: but unless there's a bug,  you don't go around removing function calls
<ScottK> 1.  The Debian maintainer went to what was the advertised right list for such questions and asked and was told it seemed reasonable.
<giovani> mok0: they considered "purify complaining" as a bug
<ScottK> 2.  If you are going to do something completely outside the C standard as rely on something being undefined, I think it would deserve a comment in the code.
<mok0> ScottK: THAT is true. It is a dirty algorithm to start with
<ScottK> So upstream had two quite reasonable chances to have avoided this entire mess and didn't do it.
<giovani> ScottK: it seems the opposite from the correspondence, no?
<ScottK> I agree the the Debian maintainer has blame too, but it's hard to see what he should have done different.
<mok0> But the fact of the matter is that it was modified by someone who did not fully understand what the code does
<ScottK> giovani: Not sure what you mean?
<giovani> "No, it's fine - the problem is Purify and Valgrind assume all use of uninitialised data is inherently bad, whereas a PRNG implementation has nothing but positive (or more correctly, non-negative) things to say about the idea."
 * mok0 thinks that this is a harsh reminder of the kind of responsibility we all have working on a distribution...
<giovani> -Geoff Thorpe
<giovani> seems to be saying that this is a Purify/Valgrind problem ... not a code problem ... and is suggesting that such warnings should be ignored?
<giovani> or am I misreading?
<mok0> giovani: this piece of code relies on random bits being present in an uninitialized buffer... which is very far fetched at best
<ScottK> According to the C standard (as I understand it, and it's limited) use of uninitialized data is inherently bad.
<giovani> if it was a "bug" in openssl ... they would've "patched" it upstream, and then all openssl would be "infected"
<mok0> Yeah, there's enough blame to go around
<ScottK> giovani: It's a very obscure (at best) design in openssl and they should have made it clear what was going on.
<giovani> http://rt.openssl.org/Ticket/Display.html?id=521&user=guest&pass=guest
<mok0> ScottK: exactly!
<InsomniaCity> all I can say is thank god gnupg links against gnutls
<giovani> that's the correspondence on the issue that I'm aware of
<mok0> giovani: ... and a new compiler optimization might have had the same effect
<mok0> ... and no-one would know
<mok0> giovani: interesting reading...
<ScottK> giovani: There's more. Give me a moment to find it.
<mok0> Lemme get this clear: the bug was in the openssl libraries, that are used by openssh??
<ScottK> The bug was in openssl and it generated keys that were cryptographically worthless.  openssh uses said keys.
<mok0> k
<ScottK> Here's the Debian maintainer asking about the change in question.  Follow the thread and see if any openssl devs tell him it's a bad idea: http://marc.info/?l=openssl-dev&m=114651085826293&w=2
<mok0> Well why not just have a function that fills the said buffer with random bits? Instead of relying on un-initalized memory?
<ScottK> I have no idea.
<ScottK> Here's one openssl developer being an a$$ and getting pounded in the comments: http://www.links.org/?p=327
<mok0> I think this was just "one of those unfortunate things" that happen in software
<ScottK> My favorite response: http://advogato.org/person/branden/diary/5.html
<mok0> ... a chain of events leading to disaster
<ScottK> Unfortunately I think the the first blog entry there has raised the stakes considerably in terms of how people feel about it.
<ScottK> mok0: I agree.  I wish that guy hadn't decided to through gasoline on the fire.
<mok0> For some reason, the software world is full of socially incapable people who jump at anyone else at the first chance they get
<InsomniaCity> it goes with being good at writing software
<mok0> ... yeah so they say
<mok0> They are good at claiming how good their own stuff is and how unjustly they are b eing treated
<Deeps> lol
<ScottK> He'd have been well advised to have his facts straight before going on the attack.
<Deeps> the links to the patch that broke stuff, as well as the patch to fix it, is amusing
<Deeps> patch that breaks: comments out 2 bits, patch that fixes: uncomment one bit that was commented originally (what about the other?)
<ScottK> That's been heavily discussed.  Even upstream agrees that part is OK.
<Deeps> ok
<mok0> Instead of pushing around the blame, it would be better getting some infrastructure in place to avoid these things from happening in the future. Without distributions, openssl would hardly be used
<Phil___> hi
<Phil___> would anyone be able to help me with a problem installing grub?
<mok0> ... or rather, would be compiled by users themselves, which would give a huge amount of extra support work to the developers
<mok0> Well thanks for the chat, interesting, I have to leave now
<ScottK> See you later.
<mok0> see you
<Deeps> ScottK: can you point me to where the openssl team suggested that commenting out those bits seemed reasonable?
<ScottK> Deeps: It's later on in this thread http://marc.info/?l=openssl-dev&m=114651085826293&w=2
<Deeps> ok ta
 * Deeps reads
<Deeps> i liked the links.org blog pots, made me lol
<Jeeves_> http://www.kuro5hin.org/story/2003/8/8/83254/78171
<ScottK> Unfortunately the original post on links.org seems to be a largely fictional account of events.
<Deeps> based on your email thread you linked me, i'm inclined to agree
<Deeps> http://marc.info/?l=openssl-dev&m=114652287210110&w=2 being the firts reply to the idea about commenting it out
<Deeps> (and it's from someone at openssl)
<ScottK> Yes.
<ScottK> He aimed to fire a shot and Debian and all distro developers and IMO accidentally shot himself in the head due to carelessness.
<Deeps> however
<ivoks> anyone in prague?
<Deeps> not entirely: "if you are going to fix bugs, then you should install this maxim of mine firmly in your head: never fix a bug you don.t understand"
<Deeps> nobody on that thread seems to understand what's going on in this bit of code
<ivoks> openssl again? :)
<ScottK> Still
<Deeps> i just joined in :)
<Deeps> from the debian side and the openssl side, the respondants dont appear to have a clue about what's going on
<ScottK> Deeps: And if he'd just said that, I think it'd have been fine.  But he went further.
<Deeps> ok, so pull the good and ignore the bad
<Deeps> dont forget it all because some of the good is shrouded in BS
<ScottK> True, but I'm probably a bit biased because as an Ubuntu developer and a Debian Maintainer, I was who he was aiming at.
<ScottK> He's correct, but it's not always practical advice.
<ScottK> There is a balance between spending a huge amount of time on one fix to totally understand it and how much fixing can get done overall.
<ScottK> For openssl, it is probably reasonable.
<Deeps> what is probably reasonable? the amount of time that was spent, or the amount of time that they think should have been spent?
<ScottK> Probably reasonable to spend more time understanding stuff.
<Deeps> yea
<ScottK> I'm working on an update for Spamassassin right now to make it work with pg 8.1 and later for it's bayesian database.  I got the patch from upstream.  If I really thought I needed to competely understand the code and what it's changing, I'd move on and leave it broken.
<Deeps> re-reading that thread, makes it look like "hai! autotool says this is a problem, can i remove it?" "duhhh, i dunno, i guess so"
<ScottK> In this case it's more trusting upstream to have got it basically right and testing to see if it fixed the problem.
<Deeps> ah well, nm
<Deeps> done and fixed
<ivoks> ScottK: you are familiar with pgsql?
<Deeps> need to redo all my openvpn certs
<ScottK> Only in a very limited sense.
<Deeps> hassle
<ivoks> ScottK: well, if you understand roles in pgsql, you are my man :D
<ScottK> ivoks: It's used on some project I work on and I can interact with it directly or through I can't remember which python module I'm using.
<ScottK> ivoks: No.  I think I'm not.
<ivoks> ok then
<ivoks> Deeps: more than 50 openvpn certificates, installed all over the country, are also waiting for me :)
<Deeps> thankfully i only need to do.... 7
<Deeps> still a hassle
<Terrasque> 20:08:21 up  5:05,  1 user,  load average: 137.42, 133.51, 122.98   --   Do I win a prize? :p
<ivoks> nope
<ivoks> come back when your load goes over 300
<Terrasque> that shouldn't take too long. crossed 140, and heading to 150
<Terrasque> but have a feeling something will happen to the servers power supply soon
<Jeeves_> Come back when you've reached 1600 :)
<Terrasque> got a link from a friend :p http://pr0n.sesse.net/tg06/1280x960/dsc_0999.jpg   |  accidental fork bomb
<Deeps> keep it at 600+ for 6 months
<Deeps> then let me know :P
<Terrasque> think I'd prefer a machine that works the way it should :p
<ryoohki> i notice that apache2 is installed without creating an apache user?  is that intentional? should httpd run as user:group apache:apache or as root:root?
<Terrasque> usually its run under www
<Terrasque> www-data actually
<ryoohki> so why was a www user not created?
<ryoohki> oh - there is a www-data
<Terrasque> goodie :)
<ryoohki> i thought that was from some other package
<Terrasque> thats what apache2 runs as on my systems at least :)
<ryoohki> Terrasque: ok thanks!
<J_P> hi all
<gamercod4> hi all :)
<gamercod4> i've a question of routing virtual nic
<gamercod4> hi
<gamercod4> somebody is here?
<soren> !justask
<ubottu> Please don't ask to ask a question, ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely answer. :-)
<soren> !ask
<soren> Ah, there it goes.
<gamercod4> ok
<gamercod4> i would like to do a NAT routing on virtual NIC but iptables do not  support this :(
<nxvl> soren: where are you?
<nxvl> soren: i'm already here
<soren> nxvl: I'm in my room right now.
<nxvl> soren: number?
<nxvl> dendrobates: are you also here?
<nxvl> dendrobates: i have a present for you
<dendrobates> nxvl:  yes
<nxvl> dendrobates: where?
<nxvl> btw, are we going for some beer today, didn't we?
<nxvl> i have 2 bottles of pisco here
<dendrobates> nxvl: it is too late for me today, but tomorrow.  I am in room 812.
<nxvl> :(
<nxvl> did you know in wich room is pedro_?
<dendrobates> nxvl: no, I have seen him though.
<JanC> you guys at the UDS place?  ã
<nxvl> yup
<JanC> I wish I could be there  ã
<ajmitch> yes, just the entertainment value alone would be worth it...
<infinity> Maybe I'm jaded, but I don't tend to find UDS entertaining.
<ajmitch> infinity: usually just the various people in the evenings
<nxvl> dendrobates: i'm going to say hi and give you your present, it's that ok, or are you at bed already?
<dendrobates> nxvl: I am not in bed, just not up for more beer.
<nxvl> ok
<nxvl> i will be there in a minuto
<nxvl> minute
<infinity> soren: How's the connectivity there?
<soren> infinity: Quite good, actually.
<infinity> soren: All ports, not just http proxy?
<soren> infinity: Yup.
<infinity> \o/
<infinity> Good, good.
<JanC> if HTTP works, you can use anything you want anyway  ;-)
<infinity> Yes, but setting up random tunnels just to use the interwebs annoys me.
<soren> Compared to the PoS excuses for internet connections they have in hotels in the US, this is actually extremely good.
<soren> Heck, if DNS works, you can use anything anyway.
<infinity> Again, "if you're willing to jump some hoops"... I'm getting too old to care about said hoops.
<infinity> I just want to plug in my laptop and do stuff, y'know?
<soren> infinity: pft... Talk to #ubuntu-desktop
<infinity> *smirk*
<infinity> You'll understand some day. :)
<infinity> I used to get a thrill out of circumventing people's ideas of what I should be "allowed" to do, now I just want to be able to do it all by default.
<infinity> Cause, well, the circumvention is less exciting and more time-wasting, these days.
<Deeps> lemme guess, you also like having a desktop system that /juts works/ and doesn't need years of hacking to actually get working properly?
<Deeps> and that IT is just a means to an end, and not an end in itself?
<infinity> Shocking, I know. :)
<Deeps> phew, finally
<Deeps> someone else like me
<infinity> Of course, I still like hacking like no tomorrow to make these sorts of things possible to other people, which means getting my hands dirty -- a lot.
<infinity> I just don't feel the urge to "hack" in a hotel room.
<infinity> Especially not as cranky and tired as I usually am after an intercontinental flight or three.
<infinity> soren: I hope you brought enough money to make good on some of those alcohol promises you made over the last year.
<infinity> soren: ... and that you don't spend it all before I get there.
<JanC> infinity: I agree, IP-over-DNS etc. should "just work" under Ubuntu  ;-)
<infinity> JanC: Hahaha.  Not *quite* the point I was making, but okay. :)
<JanC> I can tell some stories about IP-over-DNS...  ;)
<soren> infinity: Did I promise you beer? Hm.. Ok. It's dirt cheap here, so I'll probably manage :)
<infinity> soren: Not sure if it was beer, or "the local equivalent of a massive destruction weapon"..
<soren> infinity: Ah, yes. It will not be at the hotel, though. The prices here are insane.
<JanC> soren: you're Danish IIRC?
<infinity> soren: Are they ever not?  Hotels are terrible.
<soren> infinity: A litre of water is $20.
<infinity> JanC: He is.
<soren> infinity: !
<soren> JanC: I am.
<infinity> soren: Sweet Jesus.  20 USD?
<soren> infinity: I've never seen prices this steep.
<soren> infinity: Yup.
<JanC> then beer @ uds should be very cheap for you  ;)
<soren> infinity: 290 of the local currency unit.
<JanC> unless something changed since my sister was there  ;)
<soren> JanC: Outside the hotel, yes. very much so.
<soren> infinity: 290 CZK is 17.90 USD, apparantly.
<ajmitch> soren: $20 is nuts
<infinity> soren: That's beyond insane.  I don't even know if English has a word to express just what that is.
<soren> infinity: Luckily, there's a cafe almost just across from here.
<infinity> Jeg hader UDS hotels.
<infinity> soren: Phew.
<soren> :)
<infinity> soren: Anywhere in walking distance with a pool table?  *hopeful look*
<soren> infinity: I haven't had a chance to go looking. We found that cafe, had a few beers, left for food, ate, came back to the hotel, and here we are now.
<infinity> soren: Slacker.  What was the point of sending a scouting party if you can't tell us all about the area by the time we get there? :)
<soren> infinity: When do you show up?
<infinity> soren: 1745 on Sunday.
<infinity> soren: Well, 1745 + (however long it takes to clear customs and get to the hotel)
<soren> infinity: Plenty of time to find good places.
<infinity> soren: I'm counting on you. :)
<infinity> soren: Bonus points if you can find a nice Lebanese place with good shawarmas...
 * soren accepts the assignment and acknowledges that #ubuntu-server will selfdestruct in 5 seconds
<soren> or something.
<soren> infinity: Well... Non-Czech food here seems to have been subject to a very strong Czech influence.
<infinity> soren: So, we'll get a shawarma smothered in cheap beer, served on a modestly-priced hooker?
<soren> infinity: I'm sure something can be arranged. I've not dared walk down dark alleyways yet.
<soren> At least that's where I'd expect to find such things. Maybe I'm just not into the whole Czech vibe yet.
<uvirtbot> New bug: #230878 in apache2 (main) "Apache 2 produces an OOM after 4 hours using" [Undecided,New] https://launchpad.net/bugs/230878
<gouki> Any recommendations for a NAS (no freenas, openfiler or lightnas)? I want something installable on Ubuntu.
<giovani> gouki: use the tools that openfiler/etc use ... they're all available for ubuntu
<giovani> it's just a matter of auto-configuration with those specialized distros versus manually configuring
<giovani> decide on what protocol you want to use for your NAS/SAN
<giovani> and then an appropriate tool can be used
<giovani> for example, for an NFS-based server ... this HOWTO appears to be relevant: https://help.ubuntu.com/community/SettingUpNFSHowTo
<Deeps> also check out http://ubuntuguide.org/wiki/
<giovani> Deeps: it's virtually the same set of commands ... except it goes into less detail, and is only found in the 7.10 and earlier manuals ...
<Deeps> hmm?
<Deeps> i was thinking for other protocols that he may want to use
<Deeps> eg samba
<Deeps> it's a generally nice overall guide too thats worth browsing through, if only to get ideas
<giovani> the documentation is still ebtter on the wiki
<giovani> on the official wiki, that is
<Deeps> the joys of free speech
#ubuntu-server 2008-05-16
<_ZeuZ_> Hello guys, hope you received my email from the mailing list... what do you think about my little script?
 * _ZeuZ_ Feels ignorated...
<owh> _ZeuZ_: You have to remember that not every body is doing Ubuntu full-time. For example I'm self-employed and I'm volunteering my time to the project because in the long term both I and my clients benefit. Others have different motivations.
<_ZeuZ_> I know, I'm also at university, while working for TodoSoft and trying to start my own security team at savajesoft.net my style is pretty secure until now... savajesoft.net/site/index.php
<gouki> giovani: thank you
<pteague> yay, i finally got rid of my grub error 17, but now i'm just getting a grub prompt
<_ZeuZ_> pteague, why not just doing update-grub after installing it?
<_ZeuZ_> pteague, first remove it (apt-get purge grub) then reinstall it (apt-get install grub) and then make it update and configure itself with update-grub
<pteague> first time i've been able to even get to anything from grub other than the Error 17... i can't even get to a linux terminal to run apt
<pteague> if you can tell me what i need to do in order to get grub to actually load the kernel i'll be happy to do whatever's needed with apt :)
<flotishtu> how to auto configure    dpkg-reconfigure ipmasq       .(no need to press enter or yes/no again and again) just one command. ?
<_ZeuZ_> pteague, well, you have any working OS there that you can access?
<_ZeuZ_> flotishtu, I really don;t trust that server, I rather do masquerading myself through iptables
<_ZeuZ_> Though, you'll have to pass the parameters, or you can do something like assume yes, letme review what;s the glitch to make it do that
<flotishtu> _ZeuZ_ how
<flotishtu> ok
<_ZeuZ_> flotishu: check the mailing list, you'll see a script I made for that...
<pteague> nope, new install of ubuntu-server
<flotishtu> _ZeuZ_ what list?
<_ZeuZ_> pteague: boot from a live-cd
<_ZeuZ_> flotishtu, read the topic and you'll find what you need to know
<flotishtu> _ZeuZ_ ^_-
<_ZeuZ_> You might also find this: http://bulma.net/body.phtml?nIdNoticia=1794&nIdPage=6 intresting
<pteague> i installed fedora 9 which actually booted & seemed to fix the detection error i was having before... reinstalled ubuntu-server again & now i'm stuck at grub... think i'll have to burn a cd for *buntu desktop
<_ZeuZ_> pteague, come again? you are now on fedora, right?
<Centaur5> Does apt-cacher need inetutils-inetd or can you use xinetd now?
<_ZeuZ_> ONe does not have any relationship (exept perhas some dependencie) with the other, Centaur5
<Centaur5> _ZeuZ_: well I didn't have any inetd package installed before but apt-cacher was the only thing that broke upgrading from Gutsy to Hardy and /var/log/apt-cacher/error.log says no running inetd server so I was wondering if it mattered which one I chose.
<_ZeuZ_> I don;t see any realtion and theoretically it shouldn;t be there any
<pteague> no, i was initially having problems getting anything... "GRUB loading... \ Error 17" & that was it...  guy from local lug is a fedora chump & suggested i install fedora... so i installed fedora & it started right up with no problems... but i'm trying to set up a debian based server so that doesn't get me anywhere in the long term so i deleted the partitions & reinstalled ubuntu-server & got the grub prompt
<Centaur5> _ZeuZ_: Okay, I'll keep trying to fix it then.  Do you think it would be wise to use apt-cacher-ng now that it's in repositories?
<pteague> this box used to dual-boot win/linux as it's my old desktop... only difference is it now has an extra drive in it attached to a new sata pci card
<pteague> ok, i installed kubuntu 8.04, rebooted & ended up at a grub prompt again ;)
<ScottK> For Kubuntu help, try #kubuntu
<cyris|> hows it going everyone?
<nealmcb> hmm - it seems I'd want a version of ssh-vulnkey that runs on dapper so I can see if folks have uploaded bad keys to it - but the USN only provides post-dapper updates - anyone have a dapper version?
<hotmonkeyluv> when installing ubuntu server, where is the option to install the bootloader to a different partition (or does it automatically install it to /boot no matter where that partition is?)?
<nealmcb> ï»¿ï»¿Looks like dowkd.pl is the easy option most anywhere:  http://wiki.debian.org/SSLkeys#head-45e521140d6b8f2a0f96a115a5fc616c4f1baf0b
<randomwalker> i upgraded openssh after the recent vulnerability report, and now my authorized_keys stopped working
<randomwalker> i freshly copied the id_rsa.pub from the client, but still no go
<randomwalker> any ideas?
<kraut> moin
<kraut> moin
<RockHound> hi everyone ... is there a way that I can force an openldap 2.3.x to be installed on hardy instead of 2.4.x?
<nxvl> RockHound: we are just on an openldap talk at FOSS Camp
<nxvl> but yes
<nxvl> i think you can
<nxvl> just you need to install it by hand
<nxvl> downloading the .deb
<RockHound> okay ... thank .. ran into real troubles with syncprov and syncrepl ...
<RockHound> so the deb of feisty should work?
<nxvl> i think
<RockHound> will try my best
<nxvl> search the gusty ones if there are some
<nxvl> or just package it by yourself
<nxvl> :D
<RockHound> gutsy is what i meant
<uvirtbot> New bug: #231006 in nagios2 (universe) "Recommend mailx or other package providing /usr/bin/mail" [Undecided,New] https://launchpad.net/bugs/231006
<uvirtbot> New bug: #231007 in nagios-plugins (main) "check_radius command uses wrong syntax" [Undecided,New] https://launchpad.net/bugs/231007
<AnRkey> does anyone here know why M$ outlook 2k3 hangs when it opens and tries to connect to a postfix server?
<AnRkey> i am using dovecot
<ivoks> so, postfix or dovecot? :)
<ivoks> one is for sending mail, and the other for recieving
<AnRkey> ivoks, soz for not answering, i was cruising through the forums
<AnRkey> this is my problem >> http://ubuntuforums.org/showthread.php?p=4971185#post4971185
<AnRkey> Outlook 2k3 hangs when it tries to connect to dovecot-imapd
<ivoks> so, your users are in mysql?
<ivoks> (today is not my day; not sure why...)
<AnRkey> mysql?
<ivoks> yes
<AnRkey> no
<AnRkey> i am using unix accounts
<ivoks> ok
<AnRkey> default install
<ivoks> you've setup mail_location in dovecot.conf?
<\sh> plain or login mech?
<soren> AnRkey: Which version of Ubuntu?
<AnRkey> 7.10
<AnRkey> i see now that the thread is about mysql too
<AnRkey> i don't think that is the prob as my install has the same issue
<ivoks> well, i can't tell you that this combination works on at least 10 my mail servers :)
<AnRkey> can't or can
<ivoks> i'm sure it's configuration problem
<ivoks> can
<ivoks> sorry
<AnRkey> :P
<AnRkey> i am soooo close to being finished too :D
<ivoks> are you using maildir or mbox format?
<AnRkey> maildir
<ivoks> ok, so did you set up mail_location in dovecot?
<AnRkey> do you know how to increase the verbosity of the logging?
<AnRkey> checking
<ivoks> #mail_debug = no
<ivoks> and even
<ivoks> #auth_debug = no
<ivoks> #auth_verbose = no
<AnRkey> ahh ok
<AnRkey> thanks
<AnRkey> mail_location is not set no
<ivoks> heh
<AnRkey> but TB and OE both work fine
<ivoks> maildir:~/Maildir
<ivoks> i guess you've setup postfix to use maildir?
<AnRkey> yes
<AnRkey> i followed this guide without all the SSL stuff https://help.ubuntu.com/community/Postfix
<ivoks> then fix dovecot to user maildir
<AnRkey> so set the mail_location to mail_location = maildir:~/Maildir
<ivoks> oe ant thunderbird probably work, but don't show you your mails :)
<AnRkey> they both show and send emails
<ivoks> oe ant? omg... time for food :D
<AnRkey> oe ant? << ?
<Myrtti> I've got a question. I've got a virtual server, dapper 6.06.2 which I plan to update to hardy. the person hosting the virtual server says I've got to update to libc6-xen and remove libc6. I'd love to do the update with sudo do-release update, though. Will I run into trouble if I do the upgrade with do-release update and not the way he says it should be done, namely fiddling with the sources.list, installing the libc6-xen and removing the libc6?
<Myrtti> and then doing aptitude safe-upgrade?
<AnRkey> ivoks,
<AnRkey> Task 'Checking for new mail in subscribed folders on 192.9.201.6.' reported error (0x800CCC0F) : 'Outlook is unable to download folder (null) from the IMAP e-mail server for account 192.9.201.6. Error: The TCP/IP connection was unexpectedly terminated by the server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'
<AnRkey> thats what i get now
<ivoks> Myrtti: i think that would work fine... libc6-xen provides libc6
<Myrtti> I know, but I still cringe at the idea of upgrading that way
<ivoks> AnRkey: try subscribing to some folders trough oe
<Myrtti> makes my skin crawl
<ivoks> Myrtti: do do-release-upgrade, and when it is over, install libc6-xen
<AnRkey> ivoks, ok
<Myrtti> I managed to break several installations of Debian back in the days of pre-ubuntu-existance that way
<Myrtti> ivoks: you think that could do it too?
<ivoks> Myrtti: just do it
<Myrtti> here it goes then.
<Myrtti> *sigh*
<reya276> morning
<reya276> If users that are on a windows client connecting to ubuntu using "winscp" software for sftp/ssh will that connection be compromised due to this ssh vulnerability issue? Keep in mind I have already applied the updates to openssh and ssl
<normanm> reya276, if the pubkeys they use are affected yes.. if not no
<reya276> ï»¿normanm: ok is there a way for me to reset those keys mainly for the windows users connecting to the server
<reya276> because other ubuntu PC automatically let's the users know they can't connect
<Terrasque> reya276: do they use key based auth? or password based?
<normanm> reya276, find /home -name authorized_keys -exec ssh-vulnkey {} \;
<normanm> if they use not key based out it is not affected anyway
<Terrasque> normanm: "ssh-vulnkey -a" will check all users
<normanm> Terrasque, oh ok ;-)
<normanm> so no need for find ;-)
<Terrasque> correct :)
<normanm> Terrasque, but find is such a nifty tool =P
<Terrasque> true, true. But no need to overuse :p
<Terrasque> I'm sure you could have chained in grep and xargs too if you really wanted, but .. simple is good :D
<reya276> ï»¿Terrasque: well they have to put in their passwords to be able to logon to their home directories, but their is some sort of key authentication
<Terrasque> reya276: well, "sudo ssh-vulnkey -a" will tell you all weak keys on the system
<Terrasque> if they're used or not, it will show them
<reya276> thank you guys, let me try this
<reya276> oh I got this message
<reya276> sudo: ssh-vulnkey: command not found
<reya276> ï»¿Terrasque: that command is not working for me
<Terrasque> then upgrade :)
<Terrasque> its included in the latest upgrade
<reya276> I though I did, I'm running fiesty 7.04
<Terrasque> did you do upgrade, or dist-upgrade?
<Terrasque> the new openssh packages pulls a new package too, so you need to use dist-upgrade
<reya276> I did sudo apt-get update then sudo apt-get upgrade
<reya276> yes but if I do dist-upgrade means that my OS will be update right?
<Terrasque> no
<Terrasque> its called "dist-upgrade" for historical reasons :) but basically, upgrade only updates existing packages, and will not for example download a new package. dist-upgrade will do that. Historically (and most of the times now) it was used to upgrade to a newer version with new packages (and removed old packages).
<Terrasque> it will show what it will do and ask for confirmation first, so you can doublecheck that nothing weird happens
<reya276> yes I was able to
<rysiek> hi all
<rysiek> I am trying to set-up syslog to log remote messages (i.e. set-up a syslogd *server*)
<rysiek> the thing I cannot find anything on is: is there a way of telling syslog "log messages from SOME_IP to /var/log/SOME_IP.log"
<rysiek> man syslog.conf tells me only about how to send my log messages to a remote syslogd server
<rysiek> so does google
<rysiek> any ideas?
<Myrtti> ivoks: busted, segfaulted
<ivoks> do-release-upgrade is python script
<ivoks> it doesn't segfault :)
<TrioTorus> installing ebox on 8.04: http://pastebin.com/m73a88b0a what password is being asked for here? root? ebox user?
<mok0> TrioTorus: spooky
<Myrtti> LALALALALALALA
<TrioTorus> mok0: when I tried first time around, the ebox users was being added to the system and to the adm group
<Terrasque> ivoks: I've seen python runtime segfault :D
<Myrtti> ivoks: dpkg segfaults
<Myrtti> dpkg --configure -a does a cowardly exit and runs to a nearby forest
<stickystyle> TrioTorus: Never touched ebox, but if i had to guess by looking at the install log you posted, its asking for a pass for the SSL key file probably.
<stickystyle> TrioTorus: since it looks like one already exists.
<mok0> TrioTorus: try looking in the postinst script
<ivoks> Myrtti: you should at least paste output to pastebin or something
<Myrtti> I'm trying the magic tricks first
<Jeeves_> http://www.prevented.net/~mark/bit/openssl-remote-vulncert
<MatBoy> huh ? my systems doesn't recognize updatedb anymore
<uvirtbot> New bug: #231003 in openssh (main) "Host key regeneration leaves ltsp out in the cold (dup-of: 230565)" [Undecided,New] https://launchpad.net/bugs/231003
<glycoknob> hi
<glycoknob> is it possible to disable openvpn-vulnkeys? i'm aware of the problems and new keys are on the way but i'd like to have running deamon
<ScottK> jdstrand_: ^^^
<jdstrand_> glycoknob: there is not currently an option to disable it no. if you were really determined, you could move openvpn-vulnkey out of the way and put a script in it's place
<jdstrand_> s/it's/its/
<glycoknob> works thanks
<jdstrand_> glycoknob: I am not recommending doing that though :)
<cyris||> If I take a password, hash it with ssha, and then take the same password and hash it again with ssha, will i get the same hash?
<dennda> What's the easiest way to set up a fully functional mailing server on ubuntu hardy? (Which programs, for example?) On Debian Etch I use postfix and dovecot
<dennda> cyris||: yes, that's the theory. but you won't be able to reproduce the passwort from the hash
<cyris||> dennda, right, i understand that, then hrm why are we getting a different hash value for the same password entered :S
<ivoks> dennda: exactly the same; postfix + dovecot + postfix/dovecot for sasl
<ivoks> there are even docs for doing that
<m1r> hello
<ivoks> dennda: https://help.ubuntu.com/community/PostfixDovecotSASL
<cyris||> dennda, lots of guides on howtoforge as well
<c1|freaky> is there any possibility to have a directory ona linux server mounted or whatever on a windows vista machine? so i can make changes directly there (save/read) etc.?
<cyris||> c1|freaky, check out samba
<c1|freaky> it's a server somewhere on the internet
<c1|freaky> no LAN
<cyris||> c1|freaky, you may need to run a vpn then,or get some software to map a drive over ssh
<cyris||> c1|freaky, thats assuming you have ssh access to this machine
<c1|freaky> yes i have
<cyris||> c1|freaky, novel also has netdrive, maps ftp sites, but thats insecure :S
<c1|freaky> ok thank you
<cyris||> pretty dead in here today, i smell a long weekend :D
<Deeps> samba works over the internet
<cyris||> well, its a long weekend in canada anyways
<Deeps> you probably dont want to do samba over an unsecured link though, heh
<InsomniaCity> yeah, its dead easy to do over an ssh tunnel
<Deeps> wtf are you doing in here noob?
<InsomniaCity> watching you ofc
<Deeps> saucy
<specialK> so if ssh-vulnkey says a key is unknown should I just assume that key is weak/comprimised
<cyris||> specialK, good question, id regenerate
<cyris||> my co-worker is about finished writing a php script that updates a users userPassword attribute in ldap, and he is interested in making this available for anyone who wants it. Is sourceforge the best place for this?
<ScottK> There are lots of good places to host open source software projects.  That's one.  Google Code it another.  Some people speak highly of Launchpad for the purpose.
<cyris||> ScottK, oh right Launchpad! :D
<giovani> specialK: unless you have specific knowledge of where/when the key was generated, regenerate it
<Myrtti> cyris||: there are people who don't like launchpad because it's proprietary, and dislike google because it's $evil_global_corporate
<ScottK> Personally as an Ubuntu developer I find it highly confusing to deal with upstreams that are also on LP, but in theory it's supposed to be great.
<ScottK> All three of the ones I mentioned are proprietary.
<cyris||> Myrtti, haha yeah i hear ya
<ScottK> I don't like Launchpad also because it's hard to use.
<ScottK> There is also gforge.
<Myrtti> ScottK: sourceforge too?
<ScottK> And other FOSS based services.
<ScottK> Yes.  What they release and what they use are very different things.
<Myrtti> hm
<ScottK> Gotta run.
<cyris||> ScottK, thanks later
<Myrtti> never thought of that before
<macd> On gutsy sshd, when a user logs out, its leaving a stale session, is anyone else experiencing this, (only started a after the second sshd update)
<vcorreia> hello everyone
<vcorreia> has anyone tried ubuntu's ebox new integration
<vcorreia> ?
<cyris||> vcorreia, i played with in a few weeks ago for like 30mins thats it
<vcorreia> what do u make of it?
<cyris||> vcorreia, um its alright
<vcorreia> i've noticed that the ebox developers have already launched new  eBox 0.11.100  ubuntu specific packages
<vcorreia> cyris, i'm testing them as we speak
<vcorreia> cyris, thanks for your feedback
<cyris||> vcorreia, sorry i can't provide any more feedback, i didn't use it that long
<cyris||> vcorreia, what do you plan on using it for?
<vcorreia> cyris, no problem :) i've used the debian implementation, but as soon as i heard they'd be porting it to ubuntu.... ahhh it was bliss :)
<cyris||> vcorreia, so you use it on production machines?
<vcorreia> cyris, i have used it on a semi-devel/production environment
<vcorreia> cyris, i administer some production ubuntu servers and if i could use ebox with ubuntu, it would be perfect, harmony-wise
<cyris||> :D
<vcorreia> cyris, just the fact that it supports 802.1q is, on its own, excellent
<cyris||> vcorreia, sexy
<vcorreia> cyris, indeed
#ubuntu-server 2008-05-17
<AtomicSpark> oh hi
<jjesse> oh hi back
<AtomicSpark> did the ubuntu update server project ever get started?
<jjesse> dont' knwo
<AtomicSpark> hmm. well if one had many ubuntu clients, would be nice to have them point to your local server. like how microsoft does wsus or whatever.
<jjesse> agreed, but i wouldn't be the best person to help out
<AtomicSpark> well ubuntu is working on network policies "tool kit". so many it will get better in time.
<AtomicSpark> maybe the new policies plus openldap server, it could be a good replacement for AD.
<Kamping_Kaiser> AtomicSpark, past an httpd server + local mirror, what would you expect the update server to do?
<AtomicSpark> well i'm just seeing if i can cut down on bandwidth. other then that a server that could know what the clients need and update them (not just security fixes) would be nice.
<AtomicSpark> i could just write a cron script to update the computer, but that would tell me if/when/how it was updated.
<AtomicSpark> !troll
<ubottu> Factoid troll not found
<AtomicSpark> :|
<reya276> anyone in?
<Kamping_Kaiser> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<reya276> ï»¿Kamping_Kaiser: having an issue with postfix
<reya276> I upgraded to hardy and postfix is not working
<reya276> so I set out to reinstalling and reconfiguring following this guide https://help.ubuntu.com/community/PostfixBasicSetupHowto but things are not working like it did before
<Kamping_Kaiser> what does "Not working" mean?
<reya276> meaning that when I create a user by doing sudo useradd -m -s /bin/bash <username> it does not at the Maildir since I instructed postfix to do so
<Kamping_Kaiser> any errors?
 * Kamping_Kaiser didnt realise postfix made maildirs
 * Kamping_Kaiser afk.
<pteague> ok, i don't think this is good - "The ext3 file system creation in partition #2 of SCSI1 (0,0,0) (sda) failed."
<uvirtbot> New bug: #230750 in openssh (main) "package openssh-server 1:4.7p1-8ubuntu1.1 failed to install/upgrade: Unterprozess pre-installation script gab den Fehlerwert 255 zurÃ¼ck (dup-of: 230003)" [Undecided,New] https://launchpad.net/bugs/230750
<mathiaz> zul: re bug 176015 - have you looked into the debian package ?
<uvirtbot> Launchpad bug 176015 in quagga "BGP MD5 support regression" [Undecided,Confirmed] https://launchpad.net/bugs/176015
<mathiaz> zul: I've synced the package for intrepid, and there is an updated patch in Debian.
<mathiaz> zul: it may be worth looking into the debian package.
<zul> mathiaz: no I took the patch from the mailing list in the bug report but I can do that as well
<kraut> moin
<mathiaz> zul: It's probably the same patch.
 * delcoyote hi
<zul> mathiaz: basically it is
<zul> I just have to update the bug report with the new patch
<uvirtbot> New bug: #231212 in nut (main) "UPS services does not autostart during boot." [Undecided,Invalid] https://launchpad.net/bugs/231212
<chalcedony> HELP! I upgraded from Feisty to Gutsy with "do-release-upgrade", it finished Gutsy and restarted, I got the gui screen and tried to update aptitude, 0 % upgraded etc. I tried running "do-release-upgrade" but got an error: System Error: E: Unable to correct problems, you have held broken packages. I told someone that I could not open a file to paste the error into. He misunderstood me, he told me to do control+alt+f(1-9) and coltrol+alt+f
<Kamping_Kaiser> GUI? doesnt sound like a server question to me
<chalcedony> Kamping_Kaiser i'd ask the president if he were here.
 * Kamping_Kaiser doesnt get it
<royalshelter> hi, there, can anyone help me with my wireless settings? I have installed gnome-core, but how can I get to internet via wireless?
<royalshelter> hi
<soren> royalshelter: Ask in #ubuntu.
<Kamping_Kaiser> is my ubuntu mirror lacking Packages.gz because ubuntu no longer uses it?
<Kamping_Kaiser> or is my mirror bust?
<Kamping_Kaiser> looks like my mirror. wonder if its a debmirror option... hm.
<nyarla> any chance to see the debian openSSL update applied to dapper? seems critical as far as security is concerned (http://lists.debian.org/debian-security-announce/2008/msg00152.html)
<Deeps> dapper isn't affected
<nyarla> I know hardy was patched a few days ago
<Deeps> hardy was affected, dapper isn't
<Deeps> http://www.ubuntu.com/usn/usn-612-1
<nyarla> good, thanks
<Deeps> that said
<Deeps> if you're using any kind of key based authentication on your dapper system
<Kamping_Kaiser> not *directly* affected
<Deeps> if any of those keys were generated on an affected system
<Deeps> then those keys are to be considerred compromised and need to be regenerated
<nyarla> i use ssh, apache, postfix/docevot, vsftp, freenx all with SSL configured
<nyarla> i dont catch it. If the openssl in dapper doent need update, why would i have to recreate all the keys?
<Kamping_Kaiser> did you read what Deeps said ? :|
<Kamping_Kaiser> if you use keybaed auth and have a key from an affected system that key needs to be considred compromised
<nyarla> ok ok sorry, I read too fast.My own keys are clean then, i'll watch for foreign ones
<Kamping_Kaiser> interesting point.
<Kamping_Kaiser> wonder if/when a backport of ssh will hit dapper with the blacklist stuff
<Deeps> 07:22:25 < evad> Oh cool, the new Debian SSH rejects authentication from broken keys
<Deeps> dunno if that's relevant
<Kamping_Kaiser> the new ssh in ubuntu does to. the question is if dapper gets the new ssh :)
<Deeps> ah yes, i see new ssh update
 * Deeps upgrades
<nyarla> just curious : how easy would it be to break a weak key? is it just theoretical or are such tools in the wild already?
<Kamping_Kaiser> nyarla, theres only 65,536 posable keys. for everyone.
<Kamping_Kaiser> so 20 min~ to generate the keys, then 3x65,536 to brute the server (max)
<Deeps> 65k? where did you get that number from?
<Deeps> have a read through http://wiki.debian.org/SSLkeys
<Kamping_Kaiser> Deeps, the only entropy is a 16bit pid
<Kamping_Kaiser> i read it 2 days ago, i havent updated my reading yet
<Kamping_Kaiser> 3 days ago now actually :|
<Deeps> fair enough
<Deeps> nyarla: you'll want to have a read through http://wiki.debian.org/SSLkeys to see just how serious it is
<Deeps> although chances are you're in the clear anyway
<Kamping_Kaiser> wow. that page is *huge* now.
<Deeps> yeaah heh
<Kamping_Kaiser> no one added ntp. interesting. (wonder if no one uses ntp+ssl :))
<nyarla> readin it. What a mess :(
<Kamping_Kaiser> i have to crash blokes. (should have done it already :])
<Kamping_Kaiser> enjoy your reading. back in 12 hours ;)
<Deeps> nn
<foolano> mathiaz: http://public.warp.es/anste/
<yoandy> Hi, how can i make postfix do a copy of a mail based on sender and recipient ("and", both at same time),
<ivoks> copy to where?
<ivoks> always_bcc=somebackupaccount
<ivoks> and then do procmail rules :)
<ivoks> bye
<_ruben> odd .. when i install linux-xen meta package the -xen kernel isnt added to grub
<yoandy> ivoks, mmmm that could work, but if there is a "more direct" way, i would prefer it since this will be done on a heavy traffic postfix server
<yoandy> ivoks,
<yoandy> ivoks,  that could work, but if there is a "direct/better performance" way, i would prefer it since this will be done on a heavy traffic postfix server
<ivoks> you still didn't tell where do you want a copy
<yoandy> ivoks, to other mailbox
<ivoks> if both criterias (destination and source) are true?
<yoandy> ivoks, yes, for example: if sender=a@domain.net and recipient=b@domain.org then bccto=d@domain.com
<ivoks> you have to do that trough procmail
<ivoks> user procmail as delivery agent
<ivoks> and then create rule in /etc/procmailrc
<ivoks> or you can use whatever delivery agent you want...
<yoandy> ivoks, ok, let me read some doc... about delivery agents :), thanks!
<ivoks> np
<yoandy> ivoks, its possible using postfix builtin delivery agent?
<ivoks> i don't know... maybe
<yoandy> ok, lets keep reading :)
<JustineC> Hi.  I've installed a *minimal* ubuntu for server use.  I'm coming from SysVInit-land, and upstart's a bit new ...
<JustineC> How do I start/stop iptables?  according to apt-get, iptables is installed, but there's no entry in /etc/rc.d or /etc/init.d.
<Deeps> iptables doesn't "run" in that sense
<Deeps> if the module is loaded, it's running
<Deeps> simply using the command line tool 'iptables' will ensure any required modules are loaded
<JustineC> Deeps: so there's no ubuntu analogue of "service iptables stop"?
<Deeps> i think ufw might be what you're looking for
<Deeps> but to my knowledge, no, out of the box, there isnt any scripts to set/replace default firewall rules
<Deeps> iptables-restore and iptables-save are tools that perform that general functionality
<JustineC> Deeps I don't want to set/replace, I want to disable. E.g., as necessary to install shorewall ...
<JustineC> AND, your suggestion: "ufw disable" does the trick.
<JustineC> --> Firewall stopped and disabled on system startup
<JustineC> Now I just have to figure out the docs enough so I know that I should know that ! ;-)
<Deeps> rmmod iptables would entirely disable iptables
<JustineC> removing the mod from the kernel, sure.  How is rmmod's "disable iptables" different from "ufw disable"?
<Deeps> no idea, i've never uesd ufw
<JustineC> Deeps: Ok.  It's a "big explore" then :-)
<uvirtbot> New bug: #231428 in openssh (main) "package openssh-client 1:4.7p1-8ubuntu1.2 failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/231428
<reya276> Can anyone help me solve an smtp authentication issue
<reya276> how come I'm trying to connect to telnet localhost 25 and it does not work?
<InsomniaCity> have you configured it to only listen on certain IPs? is it running?
<reya276> I do not know
<reya276> how can I find out
<InsomniaCity> well, I've never done it - I'd suggest googling for a tutorial
<InsomniaCity> or hang around here... Deeps will know all about it :)
<giovani> reya276: which MTA are you running?
<reya276> postfix
<giovani> if you run "sudo netstat -ad | grep -i postfix" ... what do you get? (if it's more than 2 lines, use a pastebin service instead of pasting it to the channel
<giovani> err
<reya276> nothing
<reya276> nothing came back
<giovani> "sudo netstat -ad | grep -i 25"
<reya276> http://www.pastebin.org/36630
<giovani> is postfix even running ...?
<giovani> there should've been a LISTEN line there
<reya276> I belive so
<giovani> "ps aux | grep -i postfix"
<reya276> http://www.pastebin.org/36631
<giovani> oh, you know what, I bet netstat resolved the port
<giovani> "sudo netstat -ad | grep -i smtp"
<reya276> http://www.pastebin.org/36632
<giovani> yup ... there it is
<giovani> and two established connections
<giovani> well ... assuming you did "telnet localhost 25" ... and it's not responding, I'd assume the process is b0rked, I'd restart postfix
<cycom> hey guys, shouldn't there be something in the topic about the ssl keys?
<giovani> sudo /etc/init.d/postfix restart
<reya276> I have restarted postfix countless of times
<giovani> cycom: no ops here to do so ... I'd have a hard time believing someone didn't know about it by now ... and visits this irc channel
<reya276> krusty@krusty:~$ sudo /etc/init.d/postfix restart
<reya276>  * Stopping Postfix Mail Transport Agent postfix                         [ OK ]
<reya276>  * Starting Postfix Mail Transport Agent postfix                         [ OK ]
<giovani> reya276: so ... try telneting now
<cycom> giovani: *shrug* better safe than sorry, no?
<giovani> cycom: yeah, if there was an op here ... we could have em do it
<reya276> nope all I get is Trying 127.0.0.1...
<cycom> giovani: also, I was under the impression initially that it was JUST debian systems affected because every channel I was in had 'debian openssl vuln' and 'Debian users must read this!' etc.
<cycom> I read it anyhow, and SUPRISE!
<giovani> cycom: well ... there are very few bugs that affect debian and not ubuntu
<giovani> considering ubuntu still relies on debian for most patches
<cycom> giovani: newbies running ubuntu-server might not know that though ;)
<cycom> but that's exactly why I read it.
<giovani> cycom: well ... that's a general user education problem ... not specific to the ssl issue
<giovani> ubuntu released a security notification
<giovani> every admin should be subscribed
<cycom> yeah, but like I said, doesn't help newbies, or people messing around with home server boxes that aren't subscribed
<giovani> cycom: ... there's not a solution for that
<giovani> agreed -- adding it to the topic here would be not a bad idea -- but it hardly comes close to solving/addressing that problem in general
<giovani> oh ... it's on the topic in #ubuntu ... case closed
<giovani> no "newbie" is coming to #ubuntu-server, and not #ubuntu
<giovani> reya276: honestly, I have no idea what's going on there ... sounds like you may have some odd network config ... maybe restrictions on which ips can connect ... you could try discussing this in #postfix
<reya276> doing so now
<cycom> giovani: heh. you never know.  also, they might not read the whole topic
<reya276> but telnet should work, or atleast come back with some kind of error but it just stays there
<giovani> cycom: I think you're nit-picking now
<giovani> reya276: not always
<cycom> giovani: I'm in an 80x24 terminal using irssi.  I can't even SEE the end of the topic without typing /topic
<giovani> cycom: ... that's your issue, isn't it? it's in the topic ... what else do you want them to do?
<cycom> put it at the beginning in here, that's all
<giovani> people can't obsess over catering to every possible configuration
<mralphabet> cycom: I leared about it by reading xkcd.com . . . what sysadmin doesn't read xkcd.com?
<cycom> It's a massive security flaw.  I think it should be on the front page, so to speak
<mralphabet> call cnn?
<mralphabet> everybody panic?
<giovani> cycom: sent out to all security mailing lists ... period
<mralphabet> are we the nanny state?
<giovani> any sysadmin is going to be doing daily apt-get updates
<giovani> it'd be impossible to be separated from this issue for this long and give a shit about security
<cycom> *sigh* so we should just assume everyone knows, and if they don't, that's their problem?
<giovani> no ...
<giovani> it's been broadcasted to every mailing list, it's discussed on every tech news site, it's on slashdot, it's in the topic of #ubuntu and #debian
<giovani> that doesn't sound like "assuming everyone knows"
<cycom> where do you see it in the topic in #debian?
<Deeps> sounds like a good argument against making ubuntu server follow the same philosophy as the desktop
<giovani> Deeps: what?
<Deeps> administering servers requires a lot more clue than managing your own desktop
<Deeps> casual desktop users dont care about being on mailing lists, reading tech sites, being on irc and/or reading topics
<giovani> cycom: the first item: "openssl vulnerability: /msg dpkg dsa1571"
<cycom> giovani: EXACTLY.
<cycom> giovani: the first item.
<mralphabet> cycom: we could require everybody register a phone number when they download ubuntu so that canonical can call you with security warnings.
<cycom> I'm just saying, don't bury it at the end.  the more places where it's posted here, the less likely it is someone will miss it.
<Deeps> i dunno what all the fuss, given that
<Deeps> 18:46:01 < giovani> cycom: yeah, if there was an op here ... we could have em do it
<giovani> cycom: I'm not arguing against putting it as the first item ... so stop bitching ... first item or last ... it's in the topic ... I think you're trying to make an argument where there's no reason for it ... first item versus last (the last is more visible to me actually) doesn't have anything to do with this
<Deeps> no ops are around to do the relevant rask
<cycom> I'm just concerned by the argument that 'everyone must know by now.'
<giovani> that was not the argument
<giovani> that was the final straw after 5 examples of how it's been spread
<giovani> it was ... after all of this effort, it's likely that anyone who knows shit would know by now
<Deeps> tbh, i dont know any 'real' server admins that weren't aware of this within hours of it hitting the debian mailing list (Assuming suitable timezone)
<giovani> exactly ... and not many "newbie" admins are using key-based ssh authentication, which is going to be the main attack vector
<Deeps> if you're having fun in your bedroom playing with ubuntu server and dont care to keep up to date on what's going on, you'll get hit by apt-get upgrading your stuff for you
<giovani> AND ... everyone does apt-get updates ... and if you don't there are MAJOR problems with YOU, not with the information release
<cycom> *shrug*
<giovani> if we had an op here, I'd think it was a fine idea to put it in the topic ... nobody argued that point with you
<mralphabet> cycom: I charge you with sending a personal message to everybody that joins this channel
<cycom> I've worked with people who didn't update unless something was broken
<giovani> cycom: then you know what? this would be a perfect life lesson for them
<cycom> mralphabet: sure, pass the buck to someone else.  lazy bastard.
<giovani> sometimes people refuse to ever change their behavior until it causes massive problems
<Deeps> cycom: i've worked with crack whores too, doesn't make their way of doing things right (no really, she was a whore and she spent most of her money on blow)
<mralphabet> hah, I'm not the one having a problem with the current state of affairs ;)
<cycom> giovani: they got it in the form of a major outage when 20 different code revisions of cisco switch didn't talk so well with one another.
<Deeps> there's a reason sysadmins get paid more than desktop users
<giovani> cycom: obviously not ... because then they would be updating their system regularly, and your point would be moot
<Deeps> you're required a suitable amount of education and clue to do the job properly
<cycom> I didn't say they LEARNED from the lesson.
<Deeps> and thats the fault of giovani?
<Deeps> lol
<cycom> Deeps: but not to get the job :)
<cycom> Deeps: no, I didn't say it was.
<mralphabet> then it sounds like this mythical sysadmin that hasn't heard about the problem yet is due for another life lesson.
<Deeps> what is your point? cuz this discussion seems to have degenerated very quickly
<Deeps> you're citing examples of how not to administer a server
<mralphabet> Deeps: I think it degenerated long, long, long ago
<Deeps> it's sorta like the windows desktop user not running windows update, a stateful firewall nor an anti virus
<Deeps> and using IE5 to browse porn + crack sites
<reya276> ï»¿giovani: the folks at #postfix said I'm missing saslauthd
<Deeps> and blaming it on #microsoft for not having it in the topic "OMG USE WU+FW+AV!"
<giovani> reya276: and that's preventing you from opening a tcp connection?
<reya276> ï»¿giovani: so I'm trying to install it but I get an error stating package is not found
<cycom> I'm not BLAMING anyone, I'm just citing examples of why it's a good idea to put things like this in places where everyone is nearly certain to see them
<Deeps> and it was agreed, to a certain degree
<cycom> but again, I was told I was nit-picking for the idea that it should be at the beginning of the topic, rather than at the end.
<reya276> ï»¿giovani: oh they said is part of Cyrus-SSL
<Deeps> i personally dont think an irc topic is a suitable place to be learning about security vulnerabilities
<Deeps> but then i dont give a rats ass eitherway
<cycom> If there was a problem with your house's locks and your neighborhood was like the internet, don't you think you'd want that information first, rather than last?
<Deeps> i think i'd want to be on the locks newsletter
<Deeps> to ensure that i'm up to date on all manner of lock related issues
<Deeps> i wouldn't expect it to be on a big billboard outside my house
<Deeps> nor at the start nor the end of the billboard
<reya276> ï»¿giovani: how can I install that package "cyrus-ssl"
<Deeps> sorry, on the big billboard in the backallie of the neighbourhood where few people dare to roam due to the freaks that reside in there
<Deeps> backallies*
<AtomicSpark> so we discussed yesterday about an ubuntu update server and i was suggested to look into making my own local repo mirror or something. how do i go about doing that?
<mralphabet> reya276: how would you normally find / install a package?
<mralphabet> AtomicSpark: apt-mirror?
<AtomicSpark> sure something like that. so when my clients update, they all can connect to local server instead of going over the internet
<mralphabet> http://www.howtoforge.com/local_debian_ubuntu_mirror
<mralphabet> ^^ first link from google
<uvirtbot> mralphabet: Error: "^" is not a valid command.
<mralphabet> uvirtbot: go fly a kite ;)
<uvirtbot> mralphabet: Error: "go" is not a valid command.
<mralphabet> hah
<AtomicSpark> lol
<AtomicSpark> 25GB or space? mm ill pass.
<reya276> ok I think I will start from scratch here, how can I delete my entire postfix setup with config files and all
<AtomicSpark> reya276, sudo apt-get purge postfix
<AtomicSpark> it will warn you if it cannot remove a folder. this usually only happens if you create a file, such as a backup of the default settings.
<reya276> dpkg - warning: while removing postfix, directory `/var/lib/postfix' not empty so not removed.
<reya276> I want to start from scratch as if I did nothing
<reya276> because somewhere along the line I did something wrong
<reya276> I should be able to connect to telnet localhost 25 and I can't
<AtomicSpark> reya276, thats the error i was expecting
<AtomicSpark> oh wait. no it isn't.
<AtomicSpark> go to /var/lib/postfix and tell me what's in there
<stickystyle> AtomicSpark: if 25GB is a little much for a full mirror, look into apt-proxy also.  that way you cache packages once, rather than mirror everything.
<reya276> AtomicSpark: prng_exch  smtpd_scache.db  smtp_scache.db
<AtomicSpark> stickystyle, it would make more sense if i had 100+ clients, but 3? :P
<AtomicSpark> reya276, using smtp must of created those files. apt-get wont remove anything that's not from the original program. its a safety thing.
<reya276> ï»¿AtomicSpark: can I remove them
<AtomicSpark> reya276, well i'm not sure what they store. i assume email.
<reya276> ï»¿AtomicSpark: at this point I don't care I just want to start from scratch
<AtomicSpark> reya276, if i was you, i would copy them into a backup folder. just to be sure.
<AtomicSpark> that way you can move them out of that folder and start from scratch but still have them for when you do a fresh install.
<AtomicSpark> or something.
<AtomicSpark> so do like "sudo mv /var/lib/postfix /var/lib/postfix.backup
<reya276> ï»¿I'm using this guide https://help.ubuntu.com/community/Postfix
<reya276> ï»¿AtomicSpark: ok done
<reya276> ï»¿AtomicSpark: how do I remove those things
<AtomicSpark> you shouldn't have a folder called postfix in there now since you did a move.
<AtomicSpark> technically you renamed that folder.
<reya276> oh ok is gone
<AtomicSpark> so now you should reinstall postfix. i would use tasksel, so it goes right into the configuration. not sure if apt-get does that.
<reya276> ï»¿Is this a good guide to follow https://help.ubuntu.com/community/Postfix
<AtomicSpark> probably (still loading for me) there is also the official server guide https://help.ubuntu.com/8.04/serverguide/C/postfix.html
<AtomicSpark> need to be careful with community docs. they're sometimes outdated. they should specify what version the wrote it to.
<AtomicSpark> oh wait. it says at bottom :P
<JustineC> I installed Hardy today.  Want to install the right kernel sources.  Which to use? "linux-source-2.6.24" or "linux-source"?
<Centaur5> linux-source is just a dummy package that will install the newest source
<JustineC> Centaur5 Whereas linux-source-2.6.24 provides a specific version?
<JustineC> Which is newer (iiuc, 'linux-source)?
<JustineC> According to apt-cache, "linux-source-2.6.24" & "linux-source"  provide "2.6.24-16.30 - linux-source-2.6 linux-source" and "2.6.24.16.18 -" respectively.
<JustineC> (a little confused about numbering conventions)
<Centaur5> The package with the higher number is newer
<JustineC> Centaur5: Yes, that's obvious.  So which is "higher" ?  (2.6.24-16.30 ) or (2.6.24.16.18)?  The hyphen might make a difference.
<Centaur5> I guess I've never seen a linux-image or source file without a hyphen. According to my sources 2.6.24-17.31 is newest.
<JustineC> Centaur5: Assuming its a typo in the pkg info then, (linux-source-2.6.24) is the newest.  I.e., "linux-source-2.6.24" provides newer kernel source than "linux-source".
<JustineC> i mean ((2.6.24-16.30 )
<Centaur5> from what I understand is that linux-source will always grab the newest version which would be the linux-source-2.6.24 and then it will also update you to the newest source when a new one is released.
<Nafallo> linux-source depends on linux-source-2.6.24, which Provides: linux-source, linux-source-2.6
<Nafallo> linux-source will hence provide the newest kernel, as would linux-source-2.6.24
<JustineC> Nafallo: Ok.  Despite the different "Provides" info, then, right?
<Nafallo> linux-source depends on linux-source-2.6.24...
<Nafallo> basically, in hardy linux-source you can install either. if you dist-upgrade to intrepid though, linux-source needs to be installed to pull in the new linux-source-$whatever
<Nafallo> hope that helps
<JustineC> Nafallo: Ok. Go it. Thanks.
<reya276> Ubuntu wiki is extremely slow
<reya276> trying to load this page and is taking for ever https://help.ubuntu.com/community/UsingTheTerminal?action=show&redirect=BasicCommands
<reya276> every other site id working great
<reya276> I hope nothing happened to their servers
<Nafallo> reya276: I can replicate
<reya276> is there anyway to create a Maildir with sub directories cur,new,tmp when you do sudo adduser <username>
<reya276> meaming so that it creates it under the added user home dir
<giovani> reya276: you could script that up into your own add-user script
<giovani> do you really want to use system users as mail users? that's a less-common setup these days
<reya276> yes because we only have like 4 employess
<reya276> employees
<giovani> ok
<giovani> if it's only 4 ... then jsut do it manually
<giovani> it's taken youmore time asking than it would've to do it :)
<reya276> the issue is that when I create the user and then add the Maildir manually it says that the user does not own the dir
<giovani> you need to use the chown command
<giovani> read its manpage
<giovani> to understand how to use it
<giovani> in this case, "sudo chown -R user:group ./Maildir/" probably suffices
<reya276> ok thanks
<reya276> I was actually doing it one by one
<reya276> chown helpdesk /home/helpdesk/Maildir/cur etc...
<giovani> the manual has wonderful things to learn :) -- -R is your friend
<JanC> AFAIK some mail delivery agents will create proper Maildirs for you if they don't exist too
<reya276> E: Could not get lock /var/cache/apt/archives/lock - open (11 Resource temporarily unavailable)
<reya276> E: Unable to lock the download directory
<reya276> how can I fix this?
<reya276> through teminal
<giovani> you are running apt already
<giovani> quit/kill the process that's runnung -- only one can at a time
<reya276> I think so and the process did not finish
<reya276> I do not know what is the process
<reya276> how can I find out
<giovani> ps aux | grep -i apt
<reya276> root      9349  0.0  0.0   1772   480 ?        S    17:34   0:00 sh -c yes Yes | apt-get -y --force-yes -f install spamassassin 2>&1 2>/dev/null
<reya276> root      9351  0.0  0.7  17368 14780 ?        S    17:34   0:01 apt-get -y --force-yes -f install spamassassin
<reya276> ï»¿giovani:  how in the world can you tell what is what from there
<giovani> uh, you see that apt-get is running there
<giovani> you shouldn't have done that
<giovani> > /dev/null
<reya276> ok
<giovani> that's why you lost control
<giovani> sudo kill -9 9349
<reya276> ok
<reya276> done
<reya276> now if I try to install again I should be able to?
<giovani> should be ... if not ... sudo kill -9 9351
<giovani> just to make sure that got killed as well
<reya276> ok
<giovani> I don't know why you think you should've forced that, and sent the output to /dev/null ... who told you to run that?
<reya276> oh I found it on a webpage
<reya276> dude honestly I don't know jack about linux. or Ubuntu, just learning
<reya276> so every bit of info you can throw at me would be truly appreciated
<giovani> well ... lesson number one ... don't run random commands without first understanding what they do
<reya276> so I got my telnet and postfix to receive email, but now having issue with the relay
<reya276> sending out emails :-(
<reya276> got yah
<reya276> ï»¿giovani: thanks for all your help, but I'm calling it quits for today
<giovani> reya276: no problem ... mail servers aren't the easiest to set up -- take a break :)
#ubuntu-server 2008-05-18
<spiekey> hi
<spiekey> anyone awake? i thin ki found a bug but i am not sure if its a ubuntu issue?!
<stickystyle> spiekey: just say what you have.
<spiekey> stickystyle: smbldap-populate is running into an error on hardy
<spiekey> failed to modify entry: attribute 'sambaNextRid' not allowed at /usr/sbin/smbldap-populate line 492, <GEN1> line 241.
<spiekey> it works with the latest development realease of smbldap-tools
<stickystyle> spiekey: I'm not familiar with the package, and I don't see any listed bugs at https://bugs.launchpad.net/ubuntu/+source/smbldap-tools that sound like that...when you say latest dev release, are you talking about debian upstream, or from the developers of the package?
<spiekey> from the developer
<spiekey> i came across it here: https://mail.gna.org/public/smbldap-tools-tech/2008-02/msg00001.html
<stickystyle> spiekey: Hum, 0.9.5 that the post mentions isn't even in debian experimental yet.  You could file a bug report in launchpad, to get the ball rolling on the fix, but if you need it right now you may just want to go with development version you found that works.
<spiekey> i will try to file a bug then
<spiekey> i have never done that before :)
<stickystyle> Just go to the link i just sent and click the report bug button, you will need a launchpad account.  For the most part its just fill in the blanks
<spiekey> thx
<spiekey> n8n8
<cviniciusm> Hello, I configured with sucess Postfix with dovecot authentitcation and encryption by the Server Guide. What's the next steps, please?
<firecrotch> Alrighty, I'm a moron.... I can't find the md5 for the hardy server ISO.... can someone point me in the right direction?
<firecrotch> nevermind, found it
<osmosis> i finally finished my  munin libvirt plugin.
<osmosis> http://stuffexists.com/munin-libvirt.py
<hsn_> !opera
<ubottu> opera is an advanced and free (only as in price) web browser.  Install it via Applications->Add/Remove..., making sure that "Show commercial applications" (dapper only) is checked. For more info on opera please see: https://help.ubuntu.com/community/OperaBrowser
<ivoks> zul: i think i got this pgsql thing solved
<zul> ivoks: sweet
<uvirtbot> New bug: #231634 in openssh (main) "package ssh-askpass-gnome 1:4.7p1-8ubuntu1.2 failed to install/upgrade: problemi con le dipendenze - lasciato non configurato" [Undecided,New] https://launchpad.net/bugs/231634
<ivoks> sommer: !!!
<ivoks> what's up?
<ivoks> :)
<sommer> yo
 * delcoyote willdo
<reya276> anyone in?
<Kamping_Kaiser> !tell reya276 about anyone
<reya276> I keep getting this error on my mail.log
<reya276> ï»¿"May 18 11:12:40 krusty postfix/smtpd[17075]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory "
<reya276> how can I fix this issue
<Kamping_Kaiser> does the file exist?
<reya276> due to this I can send out any emails
<reya276> can't
<reya276> don't know
 * Kamping_Kaiser can hardly remember setting up sasl :(
<Kamping_Kaiser> reya276, `ls -lh /etc/sasldb2`
<reya276> ls: cannot access /etc/sasldb2: No such file or directory
<Kamping_Kaiser> it doesnt exist, thats why you cant find it ;)
<immesys> hey, how do I get my server to shut down nicely when I press the power button?
<Kamping_Kaiser> immesys, is it acpi complient/compatible?
<immesys> yup
<immesys> in gnome, my other ubuntu pc gives the shutdown window so that you can choose. but my server is headless. So I want it to just assume that I want to shut down and just go ahead with it
<mralphabet> reya276: did you use tasksel to install postfix?
<reya276> ï»¿mralphabet: tasksel?
<reya276> ï»¿mralphabet:  don't know what that is
<Kamping_Kaiser> immesys, i thought pressing the power button on a headless box would turn it off
<reya276> ï»¿mralphabet:  apparently SASL certificates are already setup but where?
<uvirtbot> New bug: #231672 in samba (main) "/etc/pam.d/common-auth call samba in all times" [Undecided,New] https://launchpad.net/bugs/231672
<immesys> Kamping_Kaiser: me too, but not working for me
<Kamping_Kaiser> immesys, "odd". which releaes?
<immesys> hardy
<reya276> ï»¿mralphabet: also how can I find out what the smtp_sasl_type is?
<immesys> if i hold it in, it dies.. but thats not the kind of shutdown i want
<Kamping_Kaiser> immesys, holding for 6 seconds is an acpi hard shutdown
<Kamping_Kaiser> immesys, have you checked the BTS for not-shutting-down bugs?
<immesys> BTS?
<immesys> oh launchpad?
<immesys> no... I thought it was an upstart config thing
<Kamping_Kaiser> i expect it is, but if its not enabled by default that would be a bug, which i expect to be filed
<immesys> ok.. I'll check.. thanks
<immesys> nothing I can see on laucnhpad. Do you know where the upstart event for power button is?\
<Kamping_Kaiser> no i dont , #upstart is all i can suggest
 * Kamping_Kaiser doesnt use upstart, so cant help per se
<reya276> so frustrating the damn thing won't let me authenticate
<kraut> moin
<uvirtbot> New bug: #231700 in dhcp3 (main) "dhclient: Cannot create /var/lib/dhcp3/dhclient.eth0.leases" [Undecided,New] https://launchpad.net/bugs/231700
<uvirtbot> New bug: #231706 in munin (main) "munin apache plugin no data" [Undecided,New] https://launchpad.net/bugs/231706
<unnutz> hi.. ow could i shape HTTP traffic from specified subnet *TO* server?
<unnutz> *how
<seq7297> hello, i'm trying to set up the network for kvm and a new network interfaced vnet0 appeared (perhaps because i installed and then removed dnsmasq package) How can I get rid of it? where does it comes from?
<seq7297> hello, i'm trying to set up the network for kvm and a new network interfaced vnet0 appeared (perhaps because i installed and then removed dnsmasq package) How can I get rid of it? where does it comes from?
<Ashfire908> What dhcp daemons are there that support IPv6?
<Deeps> dhcpv6, although you dont need to use dhcp, clients on ipv6 use stateless autoconfiguration
<Deeps> just need a route advertiser like radvd
<Deeps> to advertise the subnet prefix
#ubuntu-server 2009-05-11
<ssd7> hey all
<wizardslovak> heyy
<ssd7> wizardslovak: What's up?
<tonyyarusso> Has anyone here taken an LPI certification test recently?
<wizardslovak> ssd7: not much , sup with you?
<ssd7> nm
<wizardslovak> is  here anyone who can help me settup email server?
<FFForever> wizardslovak, gl, mail is EVIL!!!
<FFForever> andol, u still around?
<wizardslovak> i already heard it somewhere
<FFForever> heard what?
<FFForever> mail is a pita?
<zoopster> wizardslovak: what kind of help do you need
<FFForever> how do i change this?, mailed-by	chr1831.xen.....com i wanna make it just my domain name
<wizardslovak> zoopster: well someone who can guide me true installation
<foxbuntu> FFForever, it depends on which smtp mailer you are using, but its called a mail server banner, you can google the smtp dameon you are using along with smtp banner to figure out how to change it
<FFForever> thanks, i am using sendmail-bin
<wizardslovak> like what mx priority should i set in my domain name ?
<foxbuntu> FFForever, sorry, laptop battery going to die...gl with it
<FFForever> thanks
<twb> foxbuntu: do you just mean the foo in HELO foo?
<wizardslovak> zoopster: when i set up in my domain name register site , i have record type "mx"mx priority "10"host name "@" and my ip
<wizardslovak> zoopster: but  i am getting error"    *  Forward Address is not RFC compliant."
<FFForever> if i have a mta can anyone from the world wide web use my send mail to send messages?
<FFForever> (i should only have the sendmail-bin and sendmail-cf installed)
<twb> FFForever: that depends on how it is configured.
<FFForever> twb, default configuration?
<twb> I do not use sendmail, and I recommend you don't, either.
<FFForever> twb, when i telnet ip 25 i get connection refused so i should be fine right?
<twb> FFForever: that depends on how the connection is refused.
<FFForever> twb, php uses send mail for sending emails
<twb> No, PHP uses sendmail(8).  This is a CLI provided by all MTAs.
<FFForever> sendmail(8)?
<twb> The sendmail binary documented in section 8 of the manual.
<FFForever> ahhh well as long as i only have the binary's i should be fine no?
<twb> I cannot answer that question.
<FFForever> ahhh well sendmail is a service/mta =\
<BlackMinnow> Can anyone recommend a good Nobish Ubuntu spin off that will fly on an old AMD64?
<BlackMinnow> Noobish*
<twb> BlackMinnow: this channel is about Ubuntu Server, not about Ubuntu derivatives.
<twb> For some roles, a Pentium III would be more than adequate to run Ubuntu Server, let alone anything supporting the AMD64 architecture.
<wizardslovak> so i am folowinf this https://help.ubuntu.com/community/PostfixBasicSetupHowto
<wizardslovak> i settup everything like this
<wizardslovak> but still when i do test it doesnt work
<wizardslovak> hmmm
<storrgie1> anyone familiar with this "SCGIMount /RPC2 127.0.0.1:5000 " in regards to an apache config
<tonyyarusso> wizardslovak: What are you trying to get it to do?
<wizardslovak> well i want to make it work for my website
<wizardslovak> so my email will be xxx@web.us
<tonyyarusso> okay
<tonyyarusso> symptom & config?
<tonyyarusso> Where did the 'netselect' tool go?
<tonyyarusso> It seems to only exist in dapper and hardy
<twb> tonyyarusso: what does netselect do?
<tonyyarusso> twb: Chooses the fastest server from a list, eg for selecting apt mirrors or irc servers.
<twb> tonyyarusso: oh, like apt-spy
<twb> I've never seen one that works on Ubuntu, only Debian.
<tonyyarusso> never heard of apt-spy
<twb> It's not in Ubuntu
<twb> http://packages.debian.org/apt-spy
<tonyyarusso> yeah, similar to that
<jmarsden> tonyyarusso: See http://www.mail-archive.com/ubuntu-devel-discuss@lists.ubuntu.com/msg05990.html -- looks like it never really worked on Ubuntu.
<tonyyarusso> Huh, I wonder what sort of bugginess it had.
<jmarsden> https://answers.launchpad.net/ubuntu/+source/netselect/+question/65575  suggests others are interested too.  You cabn always grab the source package, build it in Jaunty and see what happens when you use it :)
<ssd7> twb: It's wierd that you mentioned that, I've actually been looking at the same thing
<ssd7> I think it would be pretty easy to write an even better tool than netselect-apt by reusing a lot of code that is in software-sources-gtk
<ssd7> I've actually spent the last few minutes writing something up and I have something built around netselect that isn't near finished yet
<ssd7> but once I figure out a good way to determine whether a sources.list entry is one of the official mirrors, it should be pretty easy to finish
<tonyyarusso> There's a list of mirrors on Launchpad that you could parse.
<twb> ssd7: what apt-spy does is use a list of official mirrors
<twb> That list includes the mirror's URL, and what architectures and categories are supported by that mirror.
<ssd7> yeah, I have a similar list that I stole from /usr/share/update-manager/
<twb> apt-spy then finds the fastest one (or few?) and writes them to /etc/apt/sources.list.d/apt-spy
<twb> You could probably just make apt-spy an Ubuntu package by changing where it looks for the list
<ssd7> well, right now I have a python script that will replace any entry in your sources.list that matches one of the mirrors in the file I have with either (a) a mirror you provide or (b) the fastest mirror from the list I have
<wizardslovak> is there way i can check what software is installed on server?
<tonyyarusso> dpkg -L, dpkg --get-selections
<twb> aptitude search '~i!~M'
<twb> The !~M part suppresses automatically installed package, which you don't normally care about when building additional boxes.
<tonyyarusso> find / piped to apt-file search!
<tonyyarusso> huh.  That seems to be an aptitude-only functionality.
<FFForever> any idea how much ram a hl engine uses?
<FFForever> hl server*
<tonyyarusso> What's HL?
<jmarsden> tonyyarusso: I'm guessing half life ?
<tonyyarusso> ah, that could be.
 * tonyyarusso is such a non-gamer he doesn't even think of such things
<tonyyarusso> with the exceptions of m-b, sol, and pp-r
<tonyyarusso> :P
<jmarsden> I'm a non-gamer too, but I recognize some of the abbreviations, mostly from seeing reviews of video cards that test with the various games :)
<cgkades_> to install or not to install... that is the question
<jmarsden> cgkades: To install what when on which machine for whom, and why ... that is the *real* question :)
<cgkades> lol
<cgkades> jmarsden: i just need a decient secure, robust server.
<cgkades> installed on a p4
<cgkades> i'm trying freeBSD right now, but i've been a fan and user of ubuntu desktop since 6
<cgkades> solaris completly failed
<jmarsden> What are you already comfortable with and knowledgeable about securing... if you are used to hardening Ubuntu, run Ubuntu server.  If you already know *BSD security, try OpenBSD which claims more security than most...
<cgkades> i'm used to ubuntu
<cgkades> not used to hardening anything yet
<cgkades> i have alot of books though :)
<cgkades> i have worked with mac os x, wich is bsd... but not as much
<cgkades> i kind of wanted a challenge, but i also want somethign that is secure
<jmarsden> Then it comes down to who you know... if you have security expert friends who know one but not the other, let that guide your choice, maybe.  Failing that... run Ubuntu Server and ask your questions about it here :)
<cgkades> yeah i dont know anyone, so i'm here in the channels learning what i can
<cgkades> the guys over in ##freebsd are too 31337 for me
<cgkades> i like the ubuntu comunity more, so perhaps i'll try that if i cant figure out bsd
<jmarsden> It's a gross oversimplification, but IMO Ubuntu people are often friendlier than *BSD people :)
 * cgkades agrees
<cgkades> just wondering how secure ubuntu-server is
<cgkades> i know there was a problem with openssh port for debian
<tonyyarusso> Which was fixed.
<tonyyarusso> (Ubuntu (all versions) has zero unpatched vulnerabilities, as reported by Secunia.)
<twb> *known* vulnerabilities
<twb> cgkades: assuming you're referring to the entropy of ssh-keygen, that issue was fixed prior to the last Debian stable release.  It also affected Ubuntu, and was fixed there, too.
<andol> tonyyarusso: What about CVE-2009-1337? Haven't seen any USN mentioning it yet?
<uvirtbot> andol: The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337)
<tonyyarusso> andol: link?
<andol> tonyyarusso: I belive uvirtbot just supplied it :)
<tonyyarusso> fine, I'll read...
<twb> 2.6.30 isn't in Ubuntu yet, is it?
<twb> Oh, "before"
<tonyyarusso> I wonder if it depends on configuration options or anything
<tonyyarusso> Otherwise why is the Secunia link just for Red Hat's RT kernel?
<andol> tonyyarusso: Yeah, could be. But I don't think it is Red hat specific, concidering there is also a new Debian kernel which fixes it, among other CVEs.
<ScottK> The development release doesn't have security support.
<ScottK> Jaunty has 2.6.29
<ScottK> err 8
<tonyyarusso> 2.6.28.11 no less, which isn't listed in the affected versions on the NVD site.
<tonyyarusso> (that list stops at .9)
<ScottK> So it's no suprise there's no USN.
<andol> ScottK: What about supported Ubuntu versions not being 9.04?
<andol> ScottK: By the way, I'm not really saying this is a critical problems, I simply jumped at the number zero mentioned earlier.
<ScottK> Supported is 6.06, 8.04, 8.10. and 9.04
<ScottK> So an issue that only affects 2.6.29 or 30 isn't one that gets a security fix.
<andol> ScottK: What makes you say that this CVE only effect .29 and .30?
<ScottK> I thought that's what was said earlier in this discussion.
<ScottK> The CVE itself only lists 2.6.30
<ScottK> Generally CVEs list all affected versions.
<andol> ScottK: Are we taling about the same CVE-2009-1337? From what I can see it goes up until .30-rc1.
<uvirtbot> andol: The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337)
<ScottK> andol: I misread.  Sorry.
<ScottK> I missed the word before when I read it.
<andol> Ohh well, I'm off for work...
<moparisthebest> i need any way to drop packets based on tcp window size, is this possible?
<ScottK> People sometimes do it by accident by adujusting MTU to be too large.
<moparisthebest> well, my server is being attacked by a large SYN flood
<moparisthebest> and from a sniff the packets have a tcp window size of 65535 (the max), and a tcp sequence number of 0
<moparisthebest> so i need a way to drop them based on that
<moparisthebest> because that is obviously a forged packet
<jmarsden> moparisthebest: Does turning on syncookies  (with   sysctl net.ipv4.tcp_syncookies=1 ) not deal with the problem?
<moparisthebest> no
<moparisthebest> i also set the syn timeouts as low as possible
<jmarsden> It might be easier to check for sequence number of zero rather than for window size... tcpdump filter syntax should be able to do that...
 * jmarsden reaches for "TCP/IP Illustrated Volume 1" ...
<fbc-mx> How do you make server search for the fastest mirror and use it?
<jmarsden> fbc-mx: The tools for doing that are Debian-specific and have not been ported successfully to Ubuntu yet.  Look at apt-spy and netselect if you are interested... but they do not work in Ubuntu at the moment, as far as I know.
<fbc-mx> jmarsden,  hehe... thanks. that's the best one I've heard yet.
<jmarsden> It was being discussed here (or was it on #ubuntu-motu) earlier today...
<jmarsden> It was here, about 3 hours ago...
<jmarsden> moparisthebest: I think a rcpdump filter of the form   tcp and tcp[4:4] = 0    might match all TCP packets with sequence number zero.
<jmarsden> s/rcpdump/tcpdump/
<moparisthebest> what about the window size though? it's the combo of the two that makes it a fake packet
<fbc-mx> I would like to turn my server into a torrent client that I can control remotely either with a web-gui or gtk-gui. Is there such an animal? Some have mentioned deluge, but I'm still looking for documention for such a function.
<moparisthebest> fbc-mx, torrentflux :)
<fbc-mx> moparisthebest, thanks.. by the way, I have fond memories of a 440 with a six pack carb.
<moparisthebest> torrentflux is awesome, but not as awesome as that setup :)
<jmarsden> moparisthebest: If the window size option is always at the same offset into the TCP header then you can check for it in a similar way.
<moparisthebest> hmm, alright
<moparisthebest> wait, actually i don't think that helps
<moparisthebest> since i can't actually drop them with tcpdump right?
<jmarsden> Well, you can use something that uses tcpdump filter syntax to drop them... snort maybe?
<jmarsden> Would the iptables tcpmss help??
<jmarsden> Hmmm, there is an iptables u32 thing that should get you the same kind of testing... but I've never used that...
<moparisthebest> i'll look into it
<owh> In a screen session, how do you scroll-back?
<_ruben> i usually do ctrl+a esc .. then use arrow keys/pgup/pgdn/etc
<_ruben> there are probably better/easier ways
<owh> And ctrl-a esc to get out again too?
<_ruben> just esc i think
<owh> Thanks!
<_ruben> its abusing the 'copy mode' .. you can copy/paste data in that mode, which i never used really ;) .. so there's likely to be a 'cleaner' way as well ;)
<owh> Cool, didn't know that. At least I got what I needed, a view of the scroll-back buffer. Next when I have some spare time I'll see if there is a "real" way :) Thanks again.
<owh> ngrep is a wonderful tool :)
<owh> Hmm, just realised, I could just pipe that to more :)
<_ruben> hehe
<owh> One of those doh! moments :)
<owh> Later all.
<Sangrial> how do I get gnome for Ubuntu server
<_ruben> you'd install the desktop edition ;)
<Sangrial> whats the difference in ubuntu server and desktop aside no GUI?
<_ruben> slightly different set of standard packages that are installed .. slightly different kernel
<Sangrial> because Im trying to set up a webserver and xp and vista are resource hogs so...linux is the best option
<uvirtbot> New bug: #374819 in krb5 (main) "Missing dependency on update-inetd and other issues" [Undecided,New] https://launchpad.net/bugs/374819
<Sangrial> wasnt sure if desktop wouldnt have the stuff I needed or not
<_ruben> the webserver packages are optional for both server and desktop
<Sangrial> sweet
<Sangrial> thanks for the info ruben
<_ruben> (they're actually the same packages as well, server and desktop share everything except the base install)
<Sangrial> ah ok
<Sangrial> only difference is server has more stuff compared to the desktop size wise
<Sangrial> rest you have to download on desktop right?
<_ruben> the server install is actually smaller than the desktop install (the gui takes up a fair bit of packages/space)
<leOn> hello
<leOn> i'm using virt-manager to deploy and manage kvm virtual machines. I'm using bridged networking and all seems fine, but i need to do a port forward. In kvm's documentation i saw the -redir parameter, but i can't seem to find a way to pass that parameter to virt-manager  .. is there any way to do that?
<_ruben> with bridged networking the vm is just like another machine on your network, so portforwarding would be done on your router, not the kvm host
<W8TAH> is there a tutorial/cookbook etc for some sort of a basic storage area network using ubuntu server (ive been trying so far without luck to find it)?
<Doonz> Hey guys is anyone around that can help me recover from a failed grow operation on a raid 5 array on ubuntu 8.04
<Doonz> Hey guys is anyone around that can help me recover from a failed grow operation on a raid 5 array on ubuntu 8.04
<Hecate> Doonz, what's the matter? i MIGHT be able to help.
<Doonz> Hehe
<Doonz> well where to start
<Doonz>  basically i was growing a raid 5 array when i lost power to my server
<Doonz> http://pastebin.com/m523cddcb
<Doonz> thats an output of my drives
<Doonz> im trying to figure out if is there a way to downgrade my mdadm whithout having to reboot the server
<Doonz> @Ubuntu-Server:~$ mdadm --version
<Doonz> mdadm - v2.6.7 - 6th June 2008
<Doonz> and apparently this problem isnt in 2.6.4
<Hecate> i just skimmed the output, but it looks alright. what's your issue? any reason for downgrading?
<Doonz> http://ubuntuforums.org/showthread.php?t=833191&highlight=failure+growing+raid+array&page=3
<Doonz> this forum
<Doonz> thie thread*
<Doonz> im just struggling really im still very new to linux
<Doonz> heres when i try assebling with a force
<Doonz> @Ubuntu-Server:~$ sudo mdadm --assemble --verbose /dev/md2 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
<Doonz> mdadm: looking for devices for /dev/md2
<Doonz> Segmentation fault
<Hecate> downgrading mdadm while running the system shouldn't be an issue. mdadm is just a program for administrating a sw-raid (afaik). the actual work is done by the sw-raid kernel modules, which are impossible to up-/downgrade while the system is running (all the sw-raids would have to be unmounted, which is impossible if your system partition is on the raid).
<Doonz> can you walk me through this process? my system partition is on a hardware raid controller this raid array is purely for data storage and can be unmounted and remount at will without any impact
<Hecate> honestly: i've never played with any in-depth operations of sw-raids/mdadm.
<Doonz> oh
<Doonz> ok
<Hecate> im just running a cheap sw raid1 on my dedicated box.
<Doonz> hehe
<Hecate> so i got a little experience.
<Doonz> well this is a home media server
<Hecate> are you sure the downgrading will help?
<Doonz> no
<Doonz> im just looking at that thread on the forum
<Doonz> if you look at post 3 in that thread it says he patched his version of mdadm
<Doonz> any ideas?
<Hecate> ok, it appears mdadm suxx
<Hecate> that's what you need to fix
<Hecate> high risk, if-it-fucks-up-everything-it's-your-fault solution: install the corresponding package from a newer ubuntu version. might work, might not. if you're unlucky, hardy wont fulfill some dependencies.
<Doonz> hmm
<Hecate> Doonz, got another idea: boot the server from a live medium (preferably with jaunty), fix the raid and reboot from your hardy install. might work, might not.
<Hecate> sorry, i'm hardly a help ...
<Doonz> no problem
<Doonz> i just noticed something
<Doonz> 09:35 <+Doonz> DEVICE /dev/sdc1 /dev/sdd1 /dev/sde1
<Doonz> 09:35 <+Doonz> ARRAY /dev/md2 level=raid5 devices=/dev/sdc1,/dev/sdd1,/dev/sde1,/dev/sdb1
<Doonz> notice how under devices it only list 3 hdd's
<Doonz> and the array has the 4 listed
<Doonz> could that be a a problem
<Hecate> might be what causes the segfault, but that's only a guess.
<psteyn> umm, i restarted a machine with fsck option set on reboot, so it booted up and is responding to pings now but no services are being started
<psteyn> could it be that it's brought up the network and is doing the fcsk now?  and will only start services later on?  (after an additional reboot)
<psteyn> seems weird for it to do that if thats the case
<Doonz> I was running a raid 5 grow operation when the power went out. It looks like my disk are fine but i cant reassemble the array. i get a segmentation fault. There is very little information on the site to help with this problem
<_ruben> Doonz: chances are big that you lost you're data .. during the grow operation, the array is in an incosistent state most of the time
<W8TAH> is there a tutorial/cookbook etc for some sort of a basic storage area network using ubuntu server (ive been trying so far without luck to find it)?
<_ruben> s/you're/your/
<Doonz> _ruben: http://pastebin.com/m523cddcb
<Doonz> thats the output of my examine
<simplexio> psteyn: fsck on root ? , you need to be able to write root to log in.. ( not 100% about it ) and normally its mounted read only during fsck
<simplexio> psteyn: not sure which partition needs to be rw, was it var home or /
<psteyn> root
<_ruben> Doonz: that does look rather sane
<_ruben> Doonz: segfault's strange though, could be a bug
<Doonz> yeah
<Doonz> the forums dont give a noobie like me an easy way of understanding howto fix
<simplexio> wbi havent seen one. but keywords: samba, nis , nfs, openafs, kerberos may help you to create big picture about options what you have
<simplexio> W8TAH: read above
<_ruben> i only resized a software raid5 once .. which went without a hitch, luckily
<Doonz> hehe
<W8TAH> simplexio: thank you -- im already using samba -- and have about an zillion lil servers scattered around -- id like to consolidate them into some sort of a centralized group so that i can access them all as one volume
<edge> Ok i have this script. its a bash script it checks some condictions and then execuses a bin in the same folder so the path ./binfile is vaild, but in this case it wont work? whats wrong with the system?
<edge> I run this script on all sorts of systems
<edge> Is this a path issue? that ./ doesn't means same folder? or is it making the other script run some where else so that it doesn't have access to that bin?
<edge> y
<edge> seems i can't even launch it without the path. Could there be something missing from the system that would cause it not to be able to execute bin?
<uvirtbot> New bug: #374447 in samba4 (universe) "Jaunty: Samba permission problems" [Undecided,New] https://launchpad.net/bugs/374447
<Doonz> can someone point me to a how-to to downgrade my version of mdadm
<simplexio> W8TAH: if you want to keep samba around, you should read stuff about openldpa, kerberos, AD
<uvirtbot> New bug: #374925 in php5 (main) "PHP5-MSSQL package needed (dup-of: 87063)" [Undecided,New] https://launchpad.net/bugs/374925
<Doonz> Soo nobody
<Hecate> Doonz, downgrading won't help you. it's rather upgrading you need to do.
<Hecate> as i said before: give the live cd a shot.
<Doonz> they said it still is in jaunty
<Hecate> well. then you still need to upgrade to a fixed version. did the guy who wrote the third post publish a patch?
<Hecate> well ... im off.
<ivoks> RoAkSoAx: hi there
 * mathiaz waves at ivoks 
<ivoks> mathiaz: hi
<W8TAH> simplexio: thanks
<ruben23> hi anyone have idea on this error installing zaptel 1.4 http://pastebin.com/m126b3216  my distro si ubuntu server...
<RoAkSoAx> ivoks, heya master, how's it going?
<ivoks> you are missing headers
<ivoks> install linux-headers-server package
<ivoks> RoAkSoAx: fine, and you?
<RoAkSoAx> ivoks, been better :) I'm still hang over since yesterday
<RoAkSoAx> haha
<ruben23> ivoks:how..?
<RoAkSoAx> ruben23, sudo apt-get install linux-headers-server
<ivoks> ruben23: how to install oackagte?
<ivoks> package
<ub_> What kind of fileformat should i format my harddrive into if i like to transfer huge files between Ubuntu and Mac OS X?
<ub_> files > 4 gb
<ivoks> ext2
<ruben23> RoAkSoAx: THANKS
<ub_> ivoks " mac deos`nt support it
<ivoks> ub_: it does
<ub_> ivoks: how?
<ivoks> mount_ext2 -o rdonly -x /dev/diskXsY /Volumes/Linux
<ruben23> RoAkSoAx:i already installed the packages get the same error..
<ivoks> ruben23: then Makefile doesn't look for headers in right place
<RoAkSoAx> ivoks, sensors-applet. In the last ubuntu version, hardy, theyprovided a patch that is now included upstream, that's why i put that changelog entry
<ivoks> RoAkSoAx: then put 'name/of/the/patch dropped; included upstream'
<ivoks> RoAkSoAx: or don't add anything
<ivoks> RoAkSoAx: since that's a change that isn't preserved in this version
<RoAkSoAx> ivoks, ok I'll erase it then
<ub_> does it matter what kind of torrentsoftware you use in? I thinking about the speed.
<RoAkSoAx> ivoks, and about gnome-doc-utils (>= 0.3.2), in the previous ubuntu version they seem to have added that dependency but there was no changelog entry for it. that's why i didn't put it...
<ivoks> RoAkSoAx: add it
<RoAkSoAx> ivoks, btw.. qemu has been successfully built so i'm removing it from the FTBFS list, i think it was a problem with libc-* package
<ivoks> could be
<ivoks> https://edge.launchpad.net/ubuntu/karmic/+source/qemu/0.10.3-1ubuntu1
<ivoks> yep, looks ok
<RoAkSoAx> ivoks, yep there was a bug about linux-libc-dev that didn't contain a file and that was why it wouldn't built
<ivoks> bbl
<ivoks> take care
<oruwork> hi, can someone recommend a ticket support system ?
<oruwork> or tech support system
<fbc-mx> How can I make a service startup automatically when the server boots? I have to keep logging in to start deluged everytime we lose power or somethign of the sort.
<fbc-mx> Can I put it into rc.local?
<sommer> oruwork: I like request-tracker
<RoAkSoAx> fbc-mx, is it a service provided there or have you made a custom script?
<sommer> fbc-mx: do sudo update-rc.d servicename default
<sommer> fbc-mx: that is if you have an init script in /etc/init.d
<fbc-mx> sommer, RoAkSoAx , what I tried was putting 'exec /usr/bin/deluged' before the 'exit 0' in the rc.local file
<fbc-mx> sommer, RoAkSoAx , you guys think that would work?
<sommer> fbc-mx: yep that should work as well
<fbc-mx> sommer,  great! no more grief of getting home expecting to watch something that isn't there. :-)
<fbc-mx> sommer, My computers bios allows me to power it back on in case of an outage, so I think I'm pretty much covered.
<fbc-mx> sommer, as long as I do not have to login for rc.local to execute, I'm ok.
<fbc-mx> sommer, but, I'm assuming I don't as a couple of the examples on line show it being used to detect the installed gdm and load it, and that usually happens before a user logs in, at least as far as I'm aware of.
<sommer> fbc-mx: ya basically rc.local is the last init script to be executed, so it should work as you expect
<oruwork> sommer-> url please ?
<sommer> oruwork: http://bestpractical.com/rt/
<sommer> oruwork: there's packages in universe as well
<oruwork> ok was just looking at that
<oruwork> sommer-> how do you spell the package ?
<sommer> oruwork: there's multiple ones depending on your backed db etc: apt-cache search request-tracker
<oruwork> sommer-> i get this in return http://pastebin.com/m1406b0cc
<sommer> oruwork: right so you'll need request-tracker3.6, probably rt3.6-apache2, and whichever database you'd like to use just install the appropriate package
<khaije1> jaunty's ocfs2 is older than sid :(
<RoAkSoAx> khaije1, yes, we'll  merge ocfs2-tools for karmic
<khaije1> im going to try to import sid's deb, any reports on this working so far?
<fevel> hi
<fevel> how do I enable ping... when I ing I get a message saying: ping: sendmsg: Operation not permitted
<maxb> Are you trying to do some special kind of ping?
<Pres-Gas> fevel, are you doing this as a regular user or have you tried "sudo ping"?
<fevel> im doing it as root
<fevel> maybe ufw is blocking
<fevel> ufw allow icmp isnt working
<fevel> does anyone know the ping port... cant remember
<fevel> maxb: nope... normall ping
<jdstrand> unless you changed /etc/ufw/before.rules, ufw allow outgoing ping requests and incoming ping responses
<maxb> There's no such thing as a ping port!
<jdstrand> if unsure, 'ufw disable' and try again
<fevel> jdstrand: yes I made it restrictive by default
<fevel> jdstrand: cant disable it because of the masquerade dependant users
<jdstrand> fevel: you can look in /usr/share/ufw/before.rules for what you deleted from /etc/ufw/before.rules
<fevel> where should I insert established related rules
<fevel> ok
<jdstrand> specifically:
<jdstrand> -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
<fevel> ok thanks
<fevel> was wondering where i could insert hand crafted rules
<jdstrand> that is what /etc/ufw/*rules is for
<fevel> ok
<jdstrand> see 'man ufw' and /usr/share/doc/ufw/README.gz for details
<jdstrand> (and I meant to say before, incoming and outgoing requests)
<fevel> thanks for the help
<fevel> got it working
<jdstrand> np
<hagedorn> hey, how do i mesure response time in my apache2 server ? not externaly, but internal without logfile things like %t %d , but in realtime ?#
<soren> Anyone feeling particularly bored? I'd really like apache's mod_status to maintain stats per vhost.
<soren> ...and it doesn't at the moment. I've been looking at the code a bit, and I can point out where to add it, "all you need to do" is implement a hash table mapping vhost to a stats structure of some sort.
<soren> ..and present it in the server-status page.
<mathiaz> soren: why not blog about it?
<mathiaz> soren: you'd reach a broader audience
<soren> mathiaz: Point.
<soren> I'll probably write a spec.
<soren> ...and then blog.
<uvirtbot> New bug: #312261 in samba (main) "unable to remove/delete .folder (hidden) from share" [Low,Invalid] https://launchpad.net/bugs/312261
<uvirtbot> New bug: #375092 in dovecot (main) "package dovecot-common 1:1.1.4-0ubuntu1.2 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/375092
<sommer> if I password protect the recovery entry in grub's menu.1st and I forget the password, is there a way to recover?
<sommer> err... I guess you could boot from cd and change the file :)
<Doctor_Nick> Hi, I'm running Ubuntu Hardy Server (64bit), and every time I try to do a "shutdown now", it starts to shut down, but then gives me a "recovery console", and whatever option i choose, it just boots back into linux. How do I fix this?
<Doctor_Nick> i've had this problem on multiple computers running ubuntu, also, not just servers
<Doctor_Nick> How long is a raid5 resize supposed to take
<Doctor_Nick> for 4 tb drives
<stickystyle> I've seen a resize take quite a while, hour+ on smaller drives
<Doctor_Nick> i'm worried because the md5_reshape process is in uninterruptible sleep and is not running at all
<Doctor_Nick> er
<Doctor_Nick> md1
<Doctor_Nick> and the md1_raid5 process is only taking up a few cpu, when it usually takes up around 40% when rebuilding the array
<Doctor_Nick> i ran: "sudo mdadm --grow --raid-devices=4 --backup-file=/root/grow_md1.bak /dev/md1"
<Doctor_Nick> it said it created the backup and passed the critical section, but the backup file does not exist
<Doctor_Nick> [>....................]  reshape =  0.1% (1786880/966992448) finish=13342.0min speed=1203K/sec
<Doctor_Nick> ok
<Doctor_Nick> its resizing, but its very slow
<stickystyle> Hum, sorry I should have been more specific in that I have seen a resize take a while on HW cards...I've never actually done it with mdadm.  However the ninterruptible sleep would kind of make sense, I wouldnt worry.
<Doctor_Nick> this says it would take NINE DAYS
<Doctor_Nick> Im pretty sure thats not normal
<stickystyle> Yeah, that's pretty bad
<stickystyle> How long has it been going?
<Doctor_Nick> only 10 minutes
<stickystyle> Oh, shoot.  I wouldn't trust the time estimate for at least another 20min
<Doctor_Nick> stickystyle: but the md1_raid5 process is hardly taking up any cpu time at all
<stickystyle> Well on a reasonably new box, recalculating the parity doesn't eat up that much cpu.  I believe its largely io bound
<stickystyle> do you have iostat installed?
<Doctor_Nick> no
<stickystyle> That tool would give you a much better indication as to if your array is really working, or just moving along very slowly.
<stickystyle> Has the finish time gone down?
<Doctor_Nick> no, its gone up
<stickystyle> Hummm....then you may need to wait for someone else in this # to speak up, as that is as I understand not the normal behavior.  I wouldn't want to steer you down the wrong path as my knowledge with mdadm is fairly limited.
<Doctor_Nick> ok
<Doctor_Nick> is it possible that its a bad drive?
<stickystyle> I could see that as a possibility.
<Doctor_Nick> :/
<lamont> if you're using the drive, it gets _very_ slow
<lamont> if you leave the machine alone, then it goes much faster
<lamont> and sometimes you can give it hints that make it go really really fast (as in "ok, done then") - though I haven't bothered to figure out what those conditions are
<Doctor_Nick> lamont: i've used that partition while it was rebuilding the array before, and it only took 3 hours
<lamont> 2.67TB, on a fresh (raid6) build took about 24 hours on my machine
<lamont> SATA, 6 drives
<Doctor_Nick> while using it?
<lamont> no.  I walked away
<lamont> it was threatening 6 days when I was using it
<Doctor_Nick> this is raid 5, 4 drives, 3 tb, by the way
<Doctor_Nick> so does reshaping take that much longer than rebuilding?
<lamont> it's basically a rebuild after a little bit, sorta
<lamont> but yeah, dunno
<lamont> I know that if you kill the box during a rebuild, it can be torturous
<lamont> and off with my daughter for her birthday
<Doctor_Nick> ok
<MkJackson> hey folks, I'm trying to connect to my ubuntu server remotely (both on same network though) via telnet on Win7 but I'm getting that the connection is refused, is there a way to see the port it's listening on?
<stickystyle> MkJackson: unless you installed telnet, ubuntu is not running a telnet daemon.
<stickystyle> SSH.  and even that you need to install openssh-server
<Doctor_Nick> i would also recommend ssh over telnet
<Doctor_Nick> ssh runs on port 22 by default, and a decent ssh client for windows is putty
<MkJackson> hmm... when I try to "sudo apt-get install openssh-server" on my box I get an error saying there's no candidate or something to that effect
<MkJackson> telnet is installed though
<MkJackson> (and I can ping the server)
<Doctor_Nick> what version are you running?
<stickystyle> try an 'apt-get update' prior to the install
<stickystyle> and you mean a telnet client is installed on your ubuntu box, not a server right?
<MkJackson> will update now (running 9.04 server 32-bit)
<MkJackson> errr... I just did an apt-get install telnet and it responded that it was already installed
<Doctor_Nick> that's just the client
<stickystyle> the telnet package is a virtual package that installs the client.
<stickystyle> telnet-server would be the server package
<MkJackson> update did the trick
<MkJackson> when I did the apt-get on telnet-server though I got a could of packages other than because there was no exact match for telnet-server (or something to that effect)
<stickystyle> Yeah, though don't install a telnet server unless you *really* have to
<stickystyle> as it is 100% unencrypted
<MkJackson> well, maybe I'm going about this totally wrong, basically I'm trying to get my feet wet with making a Linux server and since Ubuntu's been good to me I went with their solution... so I got this laptop running it and it's connected to my network and tucked away, I figured I could just remote connection via telnet, is there a better option?  I heard SSH via PuTTY so I'm downloading that now...
<stickystyle> Yes, SSH should be the only thing you consider.
<stickystyle> PuTTY works quite well
<MkJackson> a victory... :-)  thanks so much folks...
<stickystyle> No problem, come back anytime :)
<mattt> victory!
<uvirtbot> New bug: #261831 in gcc-4.2 (main) "gcc-4.2 cannot compile bind 9.5.0.P2 on i386" [Undecided,Incomplete] https://launchpad.net/bugs/261831
<slestak> cjwatson: hai.  i have been following putty gtk2 in ubuntu for a while.  do you have a sec for a question?  Does copy and paste work for you in your testing on karmic with 0.60+2009-04-05-1?
<slestak> i compiled putty's dev snapshot in 9.04 and everything seems to be ok, except copy and paste.  i have rolled my own on 8.10 for a while and do not remember this issue.  trying to determine if it is a regression upstream, an affliction of my shiny new jaunty desktop, or what.
<cjwatson> slestak: I'm using 0.60+2009-04-05-1 on jaunty, and I only really use pterm, but it seems to work for me
<cjwatson> (gah, and I see that it fails to build in karmic; must fix that ...)
<slestak> cjwatson: yes, pterm is what I am after.  is there a ppa for this?  id love to help test.
<slestak> must, have, gtk2...
<cjwatson> slestak: just the .deb from Debian installed with dpkg -i
<cjwatson> slestak: you can grab it from http://ftp.debian.org/debian/pool/main/p/putty/
<slestak> cjwatson: thx.  i see that now.  appreciate your work on bringing this to ubuntu
<cjwatson> slestak: I'm not sure how copy and paste could go wrong. We're talking about standard X copy/paste, aren't we? i.e. highlight to copy, middle-click to paste?
<slestak> cjwatson: yes, that is what i dont understand.  i could not get any test from my gtk2 putty to transfer to any other x app
<slestak> cjwatson: sth is up.  still doesnt work.
<cjwatson> I'm stumped, I'm afraid. Feel free to file a bug with as much detail as you can manage
<slestak> this is weird, i can paste into gvim, but not gedit.
<slestak> canoot paste into my wiki on firefox (ala fckeditor)
<slestak> how can gvin see the recent copy
<slestak> s/vin/vim
<cjwatson> are you attempting to use edit->paste in gedit?
<slestak> I tried edit-paste as well as shift-insert
<cjwatson> do you know that there are two entirely separate copy/paste systems in X?
<cjwatson> highlight/middle-click is one of them
<slestak> doh, crap
<cjwatson> edit->copy/edit->paste (or shift-insert or whatever) is the other
<cjwatson> try middle-click to paste instead
<slestak> that works
<slestak> sorry to waste your time
<cjwatson> np
#ubuntu-server 2009-05-12
<mobi-sheep> I figure #ubuntu-server would be appropriate for my problem.  I have an eth0 issue.  The wire is plugged in and it seems that I b0rked it because I endlessly was trying to bridge few days ago.
<mobi-sheep> If anybody could help me resolve my issue, that'd be truly great. ;<
<Doctor_Nick> what
<Doctor_Nick> why did you do that
<FFForever> how can i run /home/chris/bin/psig once an hour as the user chris
<FFForever> ?
<maxb> cron
<FFForever> how come i don't have a /etc/crontab?
<tsrk> FFForever, use crontab -e
<tsrk> or just have a look at the crontab vile
<tsrk> file*
<tsrk> it's stored in some obscure place in /var
<tsrk> it says where in the crontab man file, but for editing it's best to use crontab -e
<MkJackson> Hey folks, me again, I was wanting to change my configuration on my server to go from static ip to dhcp on eth0, I was pointed to /etc/sysconfig/network-scripts/ifcfg-eth0 but it doesn't seem to exist, any ideas?
<FFForever> tsrk, crontab is an unknown command
<tsrk> FFForever, it's a command on mine...
<FFForever> chris@chr1831:~$ crontab
<FFForever> -bash: crontab: command not found
<tsrk> FFForever, do you have cron installed?
<FFForever> i do now :D
<tsrk> ok, sounds good :)
<tsrk> how'd you get ubuntu installed without it though?
<tsrk> did you uninstall it?
<tsrk> also, i just noticed, there is /etc/crontab
<FFForever> tsrk, i am using the xen image provided by my vps =\
<tsrk> ah i see
<FFForever> it is missing a lot of normal stuff =\
<stickystyle> MkJackson: sysconfig you will find on RedHat boxes, /etc/network/interfaces for ubuntu/debian
<stickystyle> MkJackson: http://www.ubuntugeek.com/change-ubuntu-system-from-dhcp-to-a-static-ip-address.html
<stickystyle> Just reverse the directions
<FFForever> like this?, 0 * * * * /home/chris/bin/pisg
<FFForever> (for once an hour)
<MkJackson> stickystyle: thanks!
<owh> This is driving me nuts. postfix seems to be ignoring /etc/aliases and .forward and I'm stuffed if I can figure out what is going on. Any suggestions on narrowing down the issue?
<owh> Mail to external addresses is working fine. Mail to root gets sent to root@mydomain, and not to the aliases or .forward.
<owh> Anyone?
<genii> owh: Did you run newaliases  after changing them?
<owh> yup
<genii> owh: Anything useful in logs?
<genii> ( /var/log/mail.log)
<owh> genii: No, it just delivers the mail, no errors, nothing indicating that it's trying to use an alias or a .forward and failing, it's just sending it.
<owh> Just not to anything I've specified :(
<owh> genii: If I drop out, my workstation internet is doing something weird, no web-traffic at all :(
<genii> owh: After alias change/newaliases did you refresh/reload postfix?
<owh> genii: Yup
<owh> genii: It's like there's a switch that makes all deliveries remote, rather than try local first.
<genii> owh: Do other aliases in the system work?
<owh> genii: You mean postfix aliases?
<genii> owh: Yes
<owh> genii: There's only one alias.
<owh> genii: All it's supposed to do is map root to administrator
<owh> genii: Then in the .forward for administrator it's supposed to forward mail to external users.
<owh> genii: Just sent an email direct to administrator, hadn't done that yet. It sends it to administrator@mydomain, not to the address in .forward
<genii> owh: I havent had to debug postfix in a long time, apologies. My next guess would be perhaps it isn't using the aliases because maybe it hasn't been specified in it's mailrc or with postconf or such
<genii> (where the aliases file is)
<owh> This machine was running exim4 until a few hours ago. It had the same problem. I wasn't happy with exim for a number of reasons. I purged it and did a fresh postfix install.
<owh> postconf -n shows that it knows about /etc/aliases
<owh> Just found something strange:
<owh> mydestination = localhost.localdomain, localhost
<genii> Hmm. If same issue with two different mail systems, points to some other issue like routing paths or so
<owh> But /etc/mailname shows mydomain
<owh> I wonder if I should change /etc/mailname to localhost.localdomain
<owh> That then means that unqualified addresses are delivered to the endpoint for that. So, root becomes root@localhost.localdomain, which is then delivered locally.
<genii> owh: Past this is where I currently would have to consult manuals myself on the variables and what gets used in what order there. I recall something about mydomain or overrides, vaguely
<owh> Does that make sense?
<owh> genii: You understand that mydomain is not what it actually says right, it is my actual domain.
<genii> owh: Yes, if you have mydomain it will try fqdn
<owh> So, then if I change /etc/mailname to localhost.localdomain, all should be good I'm thinking.
<owh> Holy crap.
<owh> That looks like it might be working.
 * owh does more testing.
 * genii drinks a decaf and thinks about bed
<owh> Whoot!
<owh> genii: Thank you for prodding me along.
<genii> owh: Glad to have assisted, although you did all the actual diagnoses/work
<owh> genii: Perhaps, but your prodding made me look in other places, which then prompted me to think harder, so without your poking, this would have taken much longer than it already has. So thanks.
<genii> owh: Well, glad it's resolved :)
<owh> Yeah.
 * owh curses /etc/mailname. I suspect it was what caused exim to die also.
 * owh pats ngrep :)
<twb> Neat, I'll have to remember that next time I'm using tshark
<owh> twb: What, ngrep or mailname :)
<twb> ngrep
<owh> twb: I like this: ngrep -d any port 25
<twb> Oh, so you're just using it like tshark.
<owh> twb: Dunno, never used tshark :)
<twb> Did you also try "nc localhost smtp" and then manually "HELO fred"?
<twb> tshark = wireshark
<owh> twb: You mean like telnet localhost 25 :)
<twb> Yes, except that telnet is evil
<twb> nc/socat are cooler
<owh> Of course it is.
<owh> Now all I need to do is figure out which *&%$ DNS server has fallen over...
<owh> Wonderful, is OpenDNS working for anyone else?
<twb> for i in <dns servers; do host foo $i; done
<owh> It gets better. I can ping OpenDNS from a remote host, just not from here - carry on.
<genii> owh: It's working fine for me
<genii> (opendns)
<owh> genii: Yeah, works on a remote server here too, just not locally. No idea why though, time to reset my internet connection.
<owh1> Nothing like bodgy network device firmware.
<orudie> so in order to install xen, do i need an OS as a base, or i first install xen then guest operating systems on top ?
<owh1> No idea.
<tonyyarusso> orudie: Host OS first, then xen packages, then guest OS within xen.
<orudie> thanx
<orudie> trying to figure out why my computer resents on rundom...
<orudie> last thing i had installed on it was ubuntu server
<orudie> trying to think of a piece of hardware that could have caused it
<oh_noes1> Im trying to reduce the size of hardy/JeOS.  Can I delete /usr/src/linux-headers-* if I have no plans to ever run gcc or build anything on it
<twb> What is a JeOS?
<oh_noes1> That's still 350MB for me.
<oh_noes1> http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos
<twb> Oh, a kernel for VMs
<oh_noes1> Im just looking for a debian based (apt) OS that has a small (not busybox) footprint.  Hopefully around 100Mb.
<twb> You'd be better off removing the associated package.
<oh_noes1> Ubuntu server is defalt 700Mb, JeOS is nice at 350 but still not ideal for my needs
<pwnguin> ever heard of dpigs?
<twb> oh_noes1: do you have the install in front of you (i.e. ssh or whatever)?  If so, is aptitude installed?
<oh_noes1> Yep I have aptitude
<twb> OK, you can use that (or debfoster/deborphan) to work out which packages you don't need
<oh_noes1> Ubuntu JeOS is just the same as Ubuntu Server, except kernel optimized for VM's and missing all X and other unused libs
<oh_noes1> oh cool, ta let me look into that
<twb> You can also use grep-dctrl to list installed packages by package size, so you can remove the biggest ones first.
<twb> The grep-dctrl manpage contains that use case in its EXAMPLES section
<gaveen> oh_noes1, I think you should be ok removing linux-headers if you are sure that you won't be building anything
<twb> gaveen: I'm surprised its even installed by default
<gaveen> building some kernel modules require them
<gaveen> *kernel modules (not just some) :)
<oh_noes1> yeh thanks, i'll start by removing the headers and maybe even build-essentials
<oh_noes1> then delete /usr/share/doc
<oh_noes1> might be a quick win
<gaveen> but for a JeOS it's kinda odd to have it. true
<twb> gaveen: you mean it's there for bloody vmware-thingy-tools?
<twb> Grrpmnh
<oh_noes1> I think so lol
<twb> oh_noes1: you should NOT start out by deleting parts of the filesystem
<twb> oh_noes1: start out by removing unnecessary packages.
<oh_noes1> I'm 99% confident vmwaretools (lets ignore it's 100Mb) needs it to build an additional 150MB into the OS
<gaveen> twb, possibly. plus there are other modules,.. like device drivers requiring them
<twb> gaveen: it's a VM!
<oh_noes1> twb: there are no unnesscary packages, headers, build-essentials and thats it
<oh_noes1> it
<twb> oh_noes1: why do you need build-essential and kernel headers?
<oh_noes1> Its not a life server, it's for an ISV and obviously i can create as many of these VMs as I want to test
<oh_noes1> breaking anything isnt a problem
<oh_noes1> twb: i dont ... vmbuilder must be auto installing them
<twb> "du -mx / | sort -nr | head -$((LINES - 1))" will tell you which directories consume the most space.
<oh_noes1> *sigh
<oh_noes1> 126     /usr/lib/vmware-tools is the 8th on the list, closely behind /usr lol
<twb> oh_noes1: I suggest you install open-vmware-tools instead of the proprietary one.  The former are pre-compiled by Debian, so you don't need to build them and thus don't need the build tools.
<oh_noes1> thanks i'll look into that
<twb> Also, the vmware tools are really only useful for two things: hgfs (not available in vmware-server) and opengl tunnelling (not useful for a server VM).
<oh_noes1> ironically, we only use vmware tools for the shutdown of the guest OS from ESX.  That's it
<oh_noes1> Well, from the service console.
<twb> ssh $guest halt
<twb> Note also that open-vm-tools is split into GUI and CLI sections (unlike VMware's version), so you don't need to install all those X libs.
<twb> Oh, maybe you DO need to build open-vm-source using m-a...
<twb> But you could do that once, roll the .deb, then just install that deb into each VM
<oh_noes1> yeah, I'll investigate open-vm-tool more
<oh_noes1> even if it means building a cut down lean CLI only specific version for myself
<oh_noes1> that just halts the OS
<dhruba> help
<twb> dhruba: insufficient data
<skiquel> dhruba: C
<skiquel> try turning it on and off again
<skiquel> (it crowd, hehe)
<skiquel> dhruba: what's happening?
<quizme> what's an LTS Server is that the same as Desktop server?
<twb> quizme: LTS is a policy, not a thing.
<twb> quizme: an LTS release is a bit like having an extended warranty
 * ajmitch guesses there could have been confusion with LTSP
<twb> There is no connection between LTSP and LTS -- they just happen to have similar acronyms.
<ajmitch> very similar
<twb> Of course, LTSP runs on Ubuntu, including the LTS releases...
 * tonyyarusso thinks you're making it worse
<ajmitch> tonyyarusso: that's what I do
<quizme> oh
<tonyyarusso> ajmitch: hehe
<ajmitch> LTS = Long Term Support
<quizme> oh oh
<quizme> when i install postfix then TLS and SASL are compiled into postfix already?
<tonyyarusso> Compiled yes.  Configured no.
 * ajmitch prepares to break the world by uploading merges
<soren> ajmitch: Don't forget the alpha freeze.
<ajmitch> soren: I know, I hadn't seen any of the usual freeze announcement in #ubuntu-devel yet though
<ajmitch> so far it's just apache2 & squid, since they tend to be useful for me
<soren> ajmitch: It was announced on ubuntu-devel-announce.
<soren> Haven't seen anything in #ubuntu-devel either..
<ajmitch> yes, the tuesday-thursday thing
 * ajmitch was reading mail also :)
<soren> *nod*
<ajmitch> besides, I wasn't going to upload these straight away because of that
<ajmitch> I was even thinking of getting someone to quickly check them first, since it's been a little while since I uploaded to main
 * ajmitch wonders if apr-util just needs a giveback on i386
<tonyyarusso> ajmitch: You don't need no stinkin' check overs!  This is the devel version we're talking about - upload a new libc6 and live on the edge!
<ajmitch> because who cares if the package compiles, right?
<tonyyarusso> EXACTLY
<tonyyarusso> And quite frankly, what business do they have worrying about whether things will compile if they can't even boot?  I mean honestly people, quit yer fretting.
<ajmitch> sad to say, but the apache & squid packages compiled, installed & even worked for me
<ajmitch> I can't upload them in a state like that
<tonyyarusso> ajmitch: Compile lighttpd and polipo and just name then apache2 and squid and upload those then.
<ajmitch> I may as well have djbdns Conflict/Replace bind
<tonyyarusso> and replace ssh with rsh!  Or better yet, telnet!  Yay!
<ajmitch> now you're going too far
<tonyyarusso> :(
<tonyyarusso> And this is why I'm not the one with main upload privs?
<ajmitch> for the good of mankind
<gtdaqua> is xen supported in current vm-serveR?
<soren> dom0, no. domU, yes.
<gtdaqua> thanks, soren
<Sangrial> Hello, anyone around ?
<oh_noes> Has open-vm-tools been backported to hardy?
<Sangrial> I was using windows as a webserver but switched to ubuntu and I dont have static ip, and I was using everydns but I dont think they have a program for linux
<Kamping_Kaiser> oh_noes, look in backports to find out ...
<Sangrial> huh?
<Kamping_Kaiser> Sangrial, are you goign to ask a question?
<Kamping_Kaiser> other then 'anyone around'
<Sangrial> i did ask =P
<Sangrial> I was using windows as a webserver but switched to ubuntu and I dont have static ip, and I was using everydns but I dont think they have a program for linux so I need a dynamic dns updater
<Kamping_Kaiser> no, you gave us a sob story :P
<Sangrial> any recommendations?
<Kamping_Kaiser> Sangrial, try something like `apt-cache search dynamic dns`
<Sangrial> ok thank you
<dhruba> Hello anyone around ?
<_ruben> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<dhruba> I have set up Ubuntu 9.04 Server in a PC and configured LDAP, Samba, DNS, DHCP and NTP on it. I am trying to configure a Ubuntu 9.04 Desktop. I received positive response from the desktop through ldapsearch. I am able to see the users I had created through phpldapadmin in the server. But when I am trying to switch over to any user, the logon is failing
<_ruben> never used ldap auth myself, so cant help you there .. i assume you read the server guide?
<dhruba> I have gone through the Server Guide thoroughly. But unfortunately, there is very little related to joining of a linux client to a linux server.
<blue-frog_> ldap-auth-client
<blue-frog_> auth-client-config -l     (to list the available profile in /etc/auth-client-config)
<blue-frog_> auth-config-client -a -p lac_ldap  for default ldap auth
<blue-frog_> dhruba: see above
<dhruba> ok i'll try
<blue-frog_> in the server guide chapter 6.1.7 ldap auth
<blue-frog_> not as easy as I wrote above but fairly the same
<dhruba> is this applicable to 9.04 also?
<blue-frog_> bo reason it shouldn't be
<blue-frog_> no
<dhruba> I saw this guide. But stuck-up as the client gz file was not available
<blue-frog_> gz?
<dhruba> yes. it refers to a file to download
<blue-frog_> you are building from source?
<dhruba> Yes I was trying to. But had to abort
<blue-frog_> using the deb wouldn't be easier?
<blue-frog_> sudo apt-get install ldap-auth-client
<dhruba> Yes. Later I did so
<dhruba> By the way, this server guide you referred is of 9.04?
<_ruben> you should always consult the server guide matching your install os version ;)
<_ruben> especially when it comes to stuff like ldap and ad integration, which are fast moving targets
<dhruba> Yes I always do so
<dhruba> But it is very difficult from the document to identify how to configure a ubunto client to join the ubuntu domain
<dhruba> Hello. Anyone around?
<Appiah> alot people around
<Appiah>  /names ... 182 users in here O_O
<dhruba> While configuring Squid, I am getting only http: sites. It is not opening gmail or gtalk. Also VPN is not passing through. How should it be configured?
<_ruben> transparent proxy or not?
<dhruba> Yes
<_ruben> transparent proxy only works for port 80
<dhruba> Ok
<_ruben> transparent proxy for https would be a man-in-the-middle "attack"
<dhruba> How should I configure it securely and for all above services?
<_ruben> not as a transparent one :)
<_ruben> as in: manually configured on each client
<dhruba> Is any document available on it?
<uvirtbot> New bug: #373999 in samba (main) "CIFS loops endlessly when remote host is down" [Undecided,Incomplete] https://launchpad.net/bugs/373999
<RockHound> hi everyone ... I have a general question but it stays unanswered in other chats so I will try it here ... I am trying to remove the package squirrelmail via aptitude purge ... this also wants to remove apache2 (as it is not needed according to aptitude) ... I want to block apache2 from being removed ... there must be a way; I have disabled autoremove via apt.conf.d
<RockHound> but it seems to be ignored
<oruwork> can i install phpbb as a package
<oruwork> ?
<sommer> oruwork: yep there's phpbb3 or phpbb2 packages
<oruwork> sommer-> so its apt-get install phpbb3 ?
<sommer> oruwork: yeppers
<oruwork> sommer-> cant seem to find korean language pack for phpbb3 any ideas ?
<sommer> oruwork: it may not be packaged I guess... should be able to download it from the phpbb site I'd think
<oruwork> sommer-> i just installed phpbb3 as a package on hardy, not sure how to access it in the browser i tried www.myurl.com/phpbb3 didnt work
<sommer> oruwork: not sure, I'm not familiar with the pacakge, but there's probably an apache.conf in /etc/phpbb, or somewhere similar, that needs to be enabled by apache
<sommer> oruwork: usually /etc/appname/apache.conf files are symlinked to /etc/apache2/conf.d/ then when you restart apache2 the new config is used
<sommer> oruwork: so you might try just restarting apache2 :)
<oruwork> sommer-> restarted and still nothing
<sommer> oruwork: not sure then, but you might take a look at the community wiki: https://help.ubuntu.com/community/PhpBB2
<oruwork> sommer-> very outdated article :(
<oruwork> sommer-> i have apache.conf  database.inc.php  styles inside /etc/phpbb3
<sommer> oruwork: /usr/share/doc/phpbb3/README.Debian.gz should have further instructions... or where ever the README.Debian file is located
<isaac> so is there any word about further movement towards upstart?
<oly> anyone know how to disable dhcp client with out removing it ?
<uvirtbot> New bug: #375493 in tomcat6 (main) "tomcat6 needs debug start mode with jpda" [Undecided,New] https://launchpad.net/bugs/375493
<aruetten> oly: which do you use? maybe this helps: ï»¿/etc/init.d/dhcdbd stop
<soren> oly: Um... What are you trying to do, exactly?
<oly> well basically i have ubuntu server installed
<oly> i modified /etc/network/interfaces with a static ip
<oly> which sticks for about 10 minutes
<oly> then it gets replaced vid dhcp with another ip
<\sh> oly: you need to kick your dhcp server to not use the static ip in your dhcp range
<oly> i would like to leave dhcp-client on  the system in case i need it in future as i can run it manually
<\sh> oly: or you configure your dhcp with the mac addr of your server nic and push it a static ip via dhcp
<oly> should i not be able to stop ubuntu from trying to retrieve one though ?
<\sh> oly: afaik ubuntu server only activates dhclient when it's set via /e/n/i
<\sh> oly: if it's still running after /etc/init.d/network restart and you set a static ip in /e/n/i then it's a bug...but it never happened here at my place with the server flavour
<oly> also the dhcp server is giving out ip addresses of 192.168.0.100 upwards and i have a static ip of 192.168.0.4 set on the server machine
<oly> i did restart /etc/init.d/networking but it was still replacing
<oly> perhaps a reboot will stop it
<oly> although i tend to try and avoid them :)
<oly> but its a fresh install i am setting up so no harm
<oly>  \sh i have setup servers before and not had this problem
<oly> it my first 9.04 server install though
<isaac> oly: pkill dhclient
<oly> is there a permenant way ?
<soren> oly: If you reboot, it'll pass.
<soren> oly: The problem is this:
<oly> okay thats good
<soren> ifupdown does not remember how an interface was configured when you take it down.
<soren> So...
<soren> You brought it up while it was configured to use dhcp. This started the dhcp client.
<oly> aha that makes sense now
<soren> Thenyou changed your config, ifdown'ed it, and ifup'ed it. When you ifdown'ed it, ifupdown had no clue it had a dhcp client associated with it.
<soren> ...so it didn't kill it.
<soren> ifup gave it the static address..
<oly> okay makes sense now
<soren> but dhclient lives on, and doesn't know to back off.
<oly> thanks for that explanation
<soren> Sure thing.
<soren> you can just kill the dhclient process and ifdown+ifup the interface, and you'll be fine.
<OKnewbi> hey I cannot find any documentation man pages or anything on how to provision the samba4 and openchange packages anyone know where to look?
<a_ok> i did a upgrade but it failed on configuring systraq. i moved the old dir and ran dpkg --configure -a
<a_ok> as suggested. how do i continue the upgrade?
<a_ok> or whas that it?
<a_ok> anyone please? the mailserver is down atm
<OKnewbi> I would assume that you would restart the upgrade process now that you dealt with that package manually
<OKnewbi> btw systraq seems to be a server monitoring and reporting tool
<OKnewbi> see http://packages.ubuntu.com/hardy/admin/systraq
<OKnewbi> hope that helps I seem to be getting no where on my problem
<ssd7> a_ok: I would had to give you wrong advice.  But if you downloaded all the packages and it failed when configuring them and then you ran a dpkg --configure -a I think you should be done
<a_ok> ssd7: yeah i noticed that it was the only thing that had to be done and rebooted just fine. thanks anyway
<a_ok> ssd7: do i need to report the failure somewhere?
<wizardslovak> where is apache2 config located?
<rfm> wizardslovak: /etc/apache2
<wizardslovak> thx
<wizardslovak> is there way i can backup apache2 config file?
<rfm> wizardslovak: read /usr/share/doc/apache2/README.Debian.gz for an explanation of the structure
<wizardslovak> i dont really have time to read i neet to know to back it up
<genii> wizardslovak: Pretty much all the stuff in /etc/apache2 and it's subdirs
<wizardslovak> so if ill copy it with scp to other computer ,i wont erase it in server right?
<rfm> wizardslovak: it's just files, back them up any way you would any other directory full of files.  Note the actual docs served up are not in that directory, so it tends to be small.  Yes, you can just scp -r the directory somewhere else, that won't change anything on the source host.
<wizardslovak> so just scp -r file host@ip:/locationd?
<rfm> yes, where "file" is spelled "/etc/apache2",   hmm, reading the scp man page, -r follows symlinks, so you might end up with some stuff duplicated.  Something that preserves symlinks might be better.  tar into a temp file ans scp that, or rdist -a,
<wizardslovak> thhx rfm
<wizardslovak> i gotta go
<wizardslovak> thx again
<cellofellow> I'm currently using Citadel as a groupware server. It supports SSL for the text client connections and the HTTP, but as far as I can tell the XMPP does not. So, I want to set up stunnel or similar to forward encrypted connections on 0.0.0.0:5223 to 127.0.0.1:5222 in the clear. Can I do that? Anyone know how?
<cellofellow> stunnel seems to be more at home with an inetd environment than one where there's just free daemons.
<SirStan> is ubuntu server based off debian-unstable?
<cellofellow> afaik, yes
<cellofellow> mostly
<SirStan> So how should one incorporate that information into an evaluation of ubuntu server as a server platform compared with centos/rhel, or debian stable?
<cellofellow> debian compares well with centos, both being community distros with a rock solid base.
<cellofellow> rhel is a bit on its own in this lineup as it is rock solid but commercial
<cellofellow> ubuntu is both community and commercial, the commercial part is something debian lacks, and is also rock solid stable, just not quite the granite of debian. You bet newer packages though.
<cellofellow> s/bet/get/
<SirStan> sure .. except tis based off unstable which denotes a lower testing and qa time doesnt it?
<cellofellow> unstable includes packages that are stable on their own, just the system itself is not tested for three years to make sure its *stable* stable.
<cellofellow> it's on a six-month release cycle, and is considered stable by Ubuntu's standards, which are somewhere between RedHat and Fedora standards.
<SirStan> fedora has standards?
<foxbuntu> heh
<SirStan> didnt they release with abroken version of mysql?
<foxbuntu> SirStan, I just made that comment in another dev channel
<cellofellow> ubuntu's done worse
<cellofellow> fedora kind of does a rolling release with no proper package freeze, so it's always on the bleeding edge
<foxbuntu> SirStan, I think that came from upstream mysql to be fair and actually, it *is* broken for debian/ubuntu right now
<cellofellow> myself, on Ubuntu Desktop I make heavy use of PPA repositories and GetDeb.net and even some source compiling, so I get bleeding edge too.
<cellofellow> poor old mysql, sucked up by SUN and now in the hands of Oracle.
<cellofellow> It's gonna either die or turn in to Oracle Lite. The King (MySQL) is dead! Long live the King (PostgreSQL)
<foxbuntu> cellofellow, doubtful that it will die anytime soon
<cellofellow> oh, sure, it'll take a while
<foxbuntu> cellofellow, it would be a bad idea for oracle to kill mysql actually
<cellofellow> and maybe postgres isn't the new king, but that fork of mysql run by the original developers.
<SirStan> i got the #centos kids all in a tiffy.
<cellofellow> of course, but it's still gonna be Oracle Lite.
<cellofellow> lol
<cellofellow> what'd you say?
<SirStan> Asked for a quantitive summary of the merits/quality of RHEL/centos over ubuntu/other platforms.
<SirStan> and got shit like "redhat supports more foss"
<SirStan> as metrics.
<cellofellow> lol, yeah right
<SirStan> im not pro-rhel or centos.
<SirStan> I was looking for an informed summary of the quality of the two.
<ivoks> hello
<cellofellow> sure, red hat commits more to the kernel than canonical, but what gives? Canonical cares more about gnome than the kernel, big deal.
<SirStan> not fud about releases per year, or number of foss advocates employed.
<ivoks> sorry for missing meeting, i had a business meeting :/
<hagedorn> hey, is there a posiblity to show realtime response time in apache2 in graphs per requested url ?
<SirStan> hagedorn: apache doesn't capture processing time
<cellofellow> firebug has a nice graph showing load times per url in a web page
<SirStan> hagedorn: it would have to be a function of your development platform
<SirStan> thats true.. i assumed you wanted a server side summar
<SirStan> yy
<hagedorn> SirStan: with %s and %T it does! over the logfiledefinition
<hagedorn> SirStan: mod-securtiy do it to
<SirStan> really
<hagedorn> bur we have to big logfils, lots of gigs per day couse of high traffic website
<SirStan> hagedorn: url? (I cant google %t)
<SirStan> ah .. nice
<SirStan> write a cricket graph generating perl script that tails the file
<uvirtbot> New bug: #375593 in samba (main) "cannot browse samba shares without editing smb.conf" [Undecided,New] https://launchpad.net/bugs/375593
<genii> Interesting. "TCP: Treason uncloaked! Peer X.X.X.X:37017/37125 shrinks window 1592966069:1592966319. Repaired."  (IP censored). Haven't seen this previously in dmesg
<fevel> how can I check the last 15 log in attempts?
<genii> fevel: Might be in /var/log/auth.log
<fevel> ok
<jumbers> My postfix server is bouncing back emails with the error "Relay access denied"
<jumbers> What would be causing this?
<lamont> jumbers: it thinks that the client is coming from an unapproved network
<jumbers> lamont: I'm sending the test mail from gmail to my domain email
<ScottK> jumbers: /var/log/mail.log will tell you.
<ivoks> then it doesn't accept mail for that domain
<ivoks> or it doesn't accept mail from outside, at all
<lamont> ScottK: you gonna be at UDS?
<lamont> ivoks: ?
<jumbers> ivoks: I'm using a default setup based on this: https://help.ubuntu.com/9.04/serverguide/C/postfix.html
<ScottK> lamont: Unless something happens in the next two weeks to convince me not to bother, yes (the chances of that are non-zero, BTW).
<lamont> ScottK: cool.  postfix bof sometime, eh?
<ScottK> Sure
 * lamont _will_ be there
<ivoks> yay! :)
<ivoks> lamont: yes?
<lamont> ivoks: shorthand for "same question"...
<ivoks> jumbers: so, i suspect you wrote 'mail.example.com, localhost.localdomain, localhost'?
<ivoks> lamont: will be there
<lamont> \o/
<jumbers> ivoks: Correct. Changing it to my domains obviously
<ivoks> jumbers: and steve? :)
<jumbers> ivoks: Changed that too
<ivoks> jumbers: there's a note 'Replace mail.example.com with your mail server hostname, 192.168.0/24 with the actual network and class range of your mail server, and steve with the appropriate username.' :)
<jumbers> ivoks: Yes. I changed those
<ivoks> then that's it
<jumbers> I've isolated the problem. It works if I send to mail.example.com, but it doesn't like example.com
<jumbers> Is it possible for it to accept @example.com?
<ivoks> then open main.cf, and add example.com
<ivoks> for mydestination
<ivoks> sommer: is it possible to change server guide now? :/
<ivoks> sommer: 'Replace mail.example.com with your mail server hostname' isn't quite correct...
<sommer> ivoks: ummm, ya we can make changes in an SRU
<sommer> ivoks: it's usually a somewhat slow process though
<ivoks> ok
<sommer> what should be changed exactly?
<ivoks> just a second
 * sommer standing by :)
<ivoks> phone :/
<sommer> heh, I had one of those once
<ivoks> doh...
<ivoks> where were we? :)
<ivoks> Instead of 'Replace mail.example.com with your mail server hostname' there should be something like
<ivoks> 'Instead of mail.example.com, put the domainname for which you'll accept email'
<ivoks> or something like that
<sommer> ah gotcha... I'll be sure to add that to the karmic docs
<ivoks> native english speeking postfix gurus, please help :)
<sommer> I'll file a bug for jaunty and when there's an SRU for the docs package I'll be sure to get it included
<lamont> ivoks: of course, virtual domains make that sentence not quite precise either
<lamont> for the pain
<ivoks> that's correct
<ivoks> but in this howto we don't setup up virutal domains
<lamont> yay
<sommer> should we cover virtual domains?
<lamont> I trust we also state that virtual domains are "beyond the scope of this howto"
<lamont> sommer: no..
<ivoks> sommer: not yet, hopefully, for karmic
<lamont> "you must be this tall to use virtual domains"
<RoAkSoAx> ivoks, and we'll have to work on howto regarding to heartbeat :P
<lamont> though, I admit, that sign is much lower than the "signals" sign of the same format
<ivoks> lamont: well, if we pull out DIT for ldap
<sommer> lamont: heh, okay... I don't think they're mentioned at all in the current content
<ivoks> RoAkSoAx: :)
<lamont> sommer: in the cases where  we hand out answers that we know full well are going to screw someone stepping beyond the scope of the doc, we should at least put some caveat in there somewhere to say "uh, ignoring that here, kthx"
<ivoks> RoAkSoAx: sorry, i'll answer your questions in mail right now
<sommer> lamont: sure, I'll add that to the list as well :)
<lamont> because it's painful to have some noob point at a simplistic howto and say "BUT IT SAID TO DO THAT HERE" when they've clearly strayed into deep-and-shark-infested waters
<RoAkSoAx> ivoks, np :) I didn't even realized you were online until few secs ago.. i thought you were already sleeping
<lamont> anyway, afk for a while
<sommer> lamont: thanks, later on
<RoAkSoAx> sommer, btw.. would you like me to include the howto's on heartbeat in the bzr branch or in a wiki?
<sommer> RoAkSoAx: I'm good with either... if you're not familiar with DocBook it'll probably be faster to create a wiki page
<sommer> RoAkSoAx: we can always translate the wiki to DocBook
<RoAkSoAx> sommer, ok cool :)
<oluu> what does the "basic ubuntu server" package contain thats avaliable during the minimal cd installation?
<uvirtbot> New bug: #375657 in mailman (main) "Please add "-q" to logrotate.d script" [Undecided,New] https://launchpad.net/bugs/375657
<tonyyarusso> oluu: I would imagine pretty much nothing in the way of pre-installed services - just a minimal system to build from.
<zoopster> are you looking for this oluu? http://packages.ubuntu.com/jaunty/ubuntu-minimal
<uvirtbot> New bug: #375669 in libnss-ldap (universe) "auth.log boot cron[5014]: nss_ldap: could not search LDAP server - Server is unavailable" [Undecided,New] https://launchpad.net/bugs/375669
<ajmitch> mathiaz: I'm guessing that those packages which have been merged should be removed from the roadmap?
<mathiaz> ajmitch: yes :)
 * ajmitch got a couple in before the freeze hit too hard
<ajmitch> mathiaz: you wouldn't happen to have a list of less-trivial merges that need done, would you?
<mathiaz> ajmitch: merges.ubuntu.com?
<mathiaz> ajmitch: or is that list too big?
<ajmitch> yeah, I was looking at that, hard to know if people are working on things unless I go through & contact people for interesting packages
<ajmitch> php5, there's one that should be fun
<NativeAngels> hello does anyone here use openvz
#ubuntu-server 2009-05-13
<storrgie> is there a way in bash to check to see if a specific process is started by name?
<storrgie> like an rsync job?
<pwnguin> ps aux?
<storrgie> aux
<storrgie> ?
<pwnguin> a command
<pwnguin> "ps aux"
<storrgie> thats going to give me a list of them right?
<storrgie> Im looking to schedule a cron job to see if a specific process is running, if not start it again
<pwnguin> a quick way would be to restart it
<pwnguin> if it's got init.d scripts
<storrgie> nope, like I said, its an rsync job
<storrgie> these jobs will change daily
<storrgie> i just want to make sure they run at night
<pwnguin> well, ps is your friend
<pwnguin> it can list out running processes by command line
<pwnguin> you can grep for rysnc
<pwnguin> or even the specific command line you're after
<storrgie> procs=`ps -ef | grep rsync | wc -l`
<storrgie> but if i am running multiple rsync's and one goes down...
<giovani> that's messy
<storrgie> giovani: I know :(
<giovani> try using pidof
<giovani> that's much cleaner
<storrgie> pidof?
<giovani> yep
<storrgie> can you give an example?
<giovani> #pidof apache2
<giovani> read the manpage :)
<giovani> it's a useful tool
<storrgie> sure but... lets say I start two processes like this
<storrgie> screen rsync --partial --progress --rsh=ssh dfh@dfhserv:/somefiles /somefiles
<storrgie> two different ones
<giovani> yes, and?
<pwnguin> presumably, you'd like to know which of the two fell down
<storrgie> yes
<storrgie> so any idears?
<giovani> you haven't fully explaing what you want
<pwnguin> im not entirely sure why you need to monitor rsync
<storrgie> alright
<storrgie> I have ATT DSL here
<storrgie> I have a remote server in france
<storrgie> hundreds of gigs worth of files
<storrgie> like 5GB generated daily
<storrgie> I want to get those files daily
<storrgie> but they are stored in multiple folders on the server
<storrgie> so lets say I have two different dirs
<storrgie> /files/a and /files/b
<storrgie> I want to rsync both of them
<pwnguin> is there a files/c?
<storrgie> if my internet drops
<storrgie> yes, however I dont want those
<storrgie> so i cant just do /files
<storrgie> if my net drops, rsync dies right?
<storrgie> screen rsync --partial --progress --rsh=ssh dfh@91.121.193.183:SOURCE DEST
<storrgie> thats why --partial is in there
<pwnguin> what you could do, is just script out all the rsyncs
<storrgie> heres what I am doing right now
<pwnguin> its not like this is going to be improved by parallelism
<storrgie> with 1 process
<giovani> why are you screening rsync?
<storrgie> http://pastebin.com/m462ff5e1
<storrgie> so i can see it
<storrgie> see if somethings up
<giovani> haha
<giovani> use a log file man
<giovani> that's very much an inproper use of screen
<pwnguin> kill -USR1 or something like that
<storrgie> regardless, I want to run multiple rsyncs because the server will dish at 200k per connection
<storrgie> I can do up to 3 connections with my DSL then
<giovani> pwnguin: log file
<pwnguin> giovani: does rsync log anything of note?
<giovani> pwnguin: absolutely, if you want it to
<storrgie> regardless
<storrgie> regaaaardless
<storrgie> would like to run two of them
<storrgie> cron a check
<storrgie> screen is not the issue here
<storrgie> its checking to see if they are indeed running
<giovani> well that's not the "right" way to do what you want, is the point
<storrgie> so if rsync dumps to a log
<storrgie> can I tail the log and check to see if it died recently?
<giovani> of course, but, that's not the issue that we're addressing right now
<storrgie> hahaha
<storrgie> alright im open to suggestions
<giovani> you wanted to move on from that
<giovani> so I'm moving on
<storrgie> we can come back to it
<giovani> I'd write a wrapper for rsync
<storrgie> i just figured that it might also be the answer
<giovani> to check its exit status
<giovani> if it exits non-zero, then we know it failed
<storrgie> so wait
<pwnguin> while [rsync]
<giovani> checking ps with cron is MESSY
<giovani> and not proper for this
<giovani> knowing if an app failed for some reason is the reason we have an exit status
<storrgie> ok im very new to linux and bash, can you give me an example of this?
<giovani> sure, I just found one on google, if you don't want to write one yourself
<giovani> http://dyn.yoderhome.com:8080/rsync_retry.pl
<storrgie> yea i understand exit status I have been programming for a while
<pwnguin> then write a loop
<giovani> that script does things properly
<pwnguin> that checks rsync for failures, and repeats until it exits cleanky
<giovani> no, a loop is going to be non-intelligent here -- that perl script is actually pretty decent
<pwnguin> cleanly
<giovani> it keeps track of the log
<giovani> and uses that to exclude transfers its already done
<storrgie> im investigating it
<storrgie> alright but wait....
<storrgie> this process just RUNS until complete right?
<storrgie> I dont need to cron this calll
<giovani> no ... no cron
<giovani> cron is not appropriate for this
<storrgie> so just run this sucker, in the way he said... lets say I loose internet for 15 minutes
<storrgie> its gonna call rsync like 100 times during that
<storrgie> or 100000
<giovani> so put a wait in there
<storrgie> doesnt matter, eventaully when internet comes back up
<storrgie> it will call
<giovani> I thought you were a programmer?
<storrgie> giovani: I am, however Im wondering if the overhead is even an issue
<giovani> overhead of what, exactly?
<storrgie> not a perl programmer
<giovani> if you're concerned about retry
<giovani> a wait/sleep function is not even close to perl-specific
<storrgie> calling rsync a hundred times a second for 15 minutes
<giovani> it's a general programming concept
<storrgie> completely understand man, however I just wanted to ask
<pwnguin> its unclear to me how you could have the question without knowing the answer
<giovani> ?
<storrgie> you guys have been a big help, thank you
<pwnguin> you're worried about it running too fast, sleep is the first, best and last option (unless it's called wait)
<giovani> storrgie: if you're concerned about extended outages like that (and not just connection drops) putting a wait/sleep function in there to wait a minute before restarting rsync will address that
<storrgie> yep, I added a parameter to the call
<storrgie> is wait for perl just 'wait(int)'
<giovani> google
<pwnguin> i worry
<storrgie> why not ask here and get a quick answer, if i wasnt on IRC i would be googling
<pwnguin> wait might be some process thing
<giovani> storrgie: you should google a simple question like that
<giovani> before asking
<storrgie> im sorry are we making the IRC logs too long?
<giovani> nope, it's about putting forth some effort on your own
<giovani> the perl function is sleep, not wait, as pwnguin brings up
<storrgie> yep i see that
<pwnguin> then wait is probably "wait for this process to finish"
<giovani> pwnguin: indeed
<pwnguin> i dont even need google to guess these things ;)
<pwnguin> anything networking related with a loop ought to sleep or face someone's wrath
<pwnguin> every once in a while someone doesn't get that memo and our CS department subnet gets banned from google
<lovegrows> anyone running on EC2?
<lovegrows> Hi Roak, these guys are quite in here
<owh> lovegrows: Only if we have nothing to say :)
<lovegrows> true, the other channels can get noisy
<PhotoJim> quite quiet, even :)
 * genii quietly makes another pot of coffee
<owh> genii: That's two in less than 24 hours. Are you running a temperature?
<lovegrows> any thoughts on amazons EC2?  running ubuntu server
<genii> owh: Nah. Just like my coffee :)
<owh> Yesterday I got asked about apache and the load balancer under 9.04. The only reason the person asking was leaving 8.04LTS on a production server was to get the load balancer. Is there any notion what would be involved to getting that under 8.04?
<celephais> Hi, i create a partition with cfdisk, it ask to reboot but after that the new partition disappear.why? ubuntu server 8.04
<acalvo> hi!
<acalvo> is there an easy way to migrate from desktop to server?
<blue-frog> acalvo: a server is a desktop with server programs
<blue-frog> and without gui.
<acalvo> yes
<acalvo> and that is what i need
<acalvo> but I hope there is some metapackages you can install that will uninstall everything that needs a desktop
<blue-frog> install the programs and disable gui
<acalvo> em, well, I'll try
<ttx> andol: do you still plan to handle the nagios3 merge ? I'm about to do it, but I can let it to you if you want to learn the process (and answer any question you may have)
<soren> I thought nagios3 was in main?
<ttx> soren: it is. Handle it doesn't mean upload it ;)
<soren> ah :)
<andol> ttx: Yes, I would still like to do the merge. It is just that I have been rather busy at work lately and haven't really felt up to digging into new tasks.
<ttx> andol: I'll leave it to you then.
<andol> ttx: Thanks. Actually, I have a day off tomorrow. I'll start looking into the merging process then.
<ttx> andol: ok :)
<andol> ttx: Expect questions :P
<ttx> andol: do you want to look at nagios-plugins as well ? I just looked at it, it's just slightly more complex.
<ttx> think of it as a level 2 exercise :)
<ttx> if you don't think you'll have the time, I'll just do it now
<andol> ttx: Well, then I put it second on my list :)
<ttx> ok.
<andol> ttx: Anyway, I'm off for work now. Thanks for the offer of help as well as the suggestions.
<ttx> andol: you're welcome
<uvirtbot> New bug: #375939 in samba (main) "don't delete share directory " [Undecided,New] https://launchpad.net/bugs/375939
<ehazlett> anyone get xen running with 9.04?
<g33k_g1rl>  I am running an ubuntu server, with a windows share -- on the office WinXP machines, the winShare works just fine, but on the new Win7 machine, I don't seem to have write or execute permissions
<coffeedude> g33k_g1rl, Probably a better question for #samba (if I understand you correctly, that the ubuntu host is the Samba server)
<Lakota> what is fglrx ?  is it open source for linux users to create a better driver or is it ati/amd try at a linux driver? and what is the future hold for this driver......?  I have a integrated ati 200m in my hp laptop with 64 bit amd possessor
<g33k_g1rl> coffeedude: thanks, will do
<fevel> hello
<fevel> I foound an entry on syslog:
<fevel> May 13 09:20:43 spyman syslogd 1.5.0#2ubuntu6: restart.
<MkJackson> Hey Folks, I have a wireless network card on my server which doesn't seem to have been detected on install.  I was curious of how to get it upand running.  It's as simple as plug and play on windows but I'm a total n00b with this elegant beast... :-)
<fevel> how can I find out the reason for this strange reboot?
<MkJackson> Figure it would be good to know even for when I add another NIC in there for routing purposes
<MkJackson> Strangeness on this end, please excuse if this is a double post but I'm not sure if the previous two went through at all...
<MkJackson>  Hey Folks, I have a wireless network card on my server which doesn't seem to have been detected on install.  I was curious of how to get it upand running.  It's as simple as plug and play on windows but I'm a total n00b with this elegant beast... :-)
<MkJackson> Figure it would be good to know even for when I add another NIC in there for routing purposes
<MkJackson> Again, my apologies if this had already gone through... :-(
<ball> Will Ubuntu Server live happily within a Xen domU?
<soren> ball: Yes.
<ball> hello soren!
<ball> brb, rebooting
<wo0f> is freenx joining the repo anytime soon does anyone know?
<orudie> question. Can someone recommend a web based tech support system to keep records of tech support calls to my organization ?
<soren> orudie: I only know of rt.
<soren> request-tracker3.6 - Extensible trouble-ticket tracking system
<summ1else1985> Hey all
<summ1else1985> I have some questions if anyone has time to answer them. I'm sure they're quick responses.
<ball> !ask summ1else1985
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<ball> summ1else1985: what are your questions?
<summ1else1985> well, I'm trying to set up a server at my workplace
<summ1else1985> it's ltsp machine, but for the most part, that software all works fine
<summ1else1985> the issue i'm having is whether or not I can create my network in the way I want
<summ1else1985> Is there a better channel for such questions?
<summ1else1985> Basically the server is statically assigned an address on eth1
<summ1else1985> and then passes out IPs as a DHCP server on eth0
<ball> That makes sense.
<ball> Are your terminals attached to eth0?
<summ1else1985> yep
<summ1else1985> the default subnet of the first network (the main one for our branch) is 192.168.252.0
<summ1else1985> errr
<summ1else1985> subnet ID
<summ1else1985> and for the DHCP server it would be 192.168.0.0
<ball> That's a subnet mask.
<summ1else1985> i would think the subnet mask was 255.255.255.0
<summ1else1985> for both networks
<ball> why would you do that?!
<summ1else1985> lol
<summ1else1985> it wasn't intentional i promise!
<summ1else1985> so where should I go from here
<summ1else1985> the clients NEED to see things on the main network
<summ1else1985> one thing to be quite precise
<summ1else1985> I only care about them seeing one IP address (192.168.252.111)
<ball> summ1else1985: what do they need to see?
<ball> (and why?)
<summ1else1985> err 192.168.252.250 is the right one, it's a remote desktop server
<ball> They should get everything they need from the server.
<summ1else1985> once they connect to that they will have normal access to the network
<ball> summ1else1985: why though?
<ball> Your terminals shouldn't *need* access to the network
<ball> (the non-terminal Ethernet that is)
<summ1else1985> Well, the idea here is that anyone who plugs into the client side of this server (eth0) will PXE boot into an rdesktop session and connect to the Windows 2k Remote Desktop Server
<summ1else1985> because the application they need to run must be in DOS (it will not run in an emulator for whatever reason)
<ball> eww.
<summ1else1985> yeah
<summ1else1985> it's a nasty beast of a project
<summ1else1985> if i can get it working... hey awesome and I'll tell everyone how
<ball> I suppose you could configure your Ubuntu Server box as a router
<summ1else1985> using iptables?
<ball> (to just that one IP address)
<ball> Using whatever Ubuntu Server uses as a router.
<summ1else1985> this particular machine is running Ubuntu 8.10 alternate
<summ1else1985> I could have sworn this was supposed to be fun when I undertook it
<ball> I probably would be if you were doing something sane with it.
<summ1else1985> yep
<summ1else1985> that much is too true
<summ1else1985> so you're thinking if I foward everything to that IP address
<summ1else1985> that I can see that machine and connect to it
<ball> Not everything.
<ball> Just permit the terminals to open a connection to that host if they request it.
<ball> (for that protocol only)
<summ1else1985> cool
<summ1else1985> so it's definitely possible
<summ1else1985> albeit complicated and ridiculous
<ball> Sounds possible, the tricky part is setting up routing on your Ubuntu Server, which in an ordinary ltsp environment you probably wouldn't need to do.
<summ1else1985> I just wanted to know for sure before I spent any more hours reading up on how to configure the routing for such a thing
<summ1else1985> yep\
<summ1else1985> that's what I'm finding
<ball> There are alternative approaches, but that's what I would probably try first.
<summ1else1985> ok
<summ1else1985> i'll be back if I decide that I need to destroy everything and start over
<summ1else1985> As I understand it I could have probably just made it so the LTSP server handed IP addresses down from our main DHCP server too?
<ball> Wait, you said that your Ubuntu Server box had a static IP address on the (non-terminal) LAN
<ball> ...but that LAN has a DHCP server?
<summ1else1985> well technically it could be DHCP if i wanted
<summ1else1985> yep
<summ1else1985> I sound stupid for not just using that don't i?
<ball> No, I would still hand them out IP addresses from the Ubuntu Server box
<summ1else1985> That server is beginning to come into Lease problems, we recently expanded the pool
<ball> ...since they're on their own Ethernet
<summ1else1985> ok
<ball> ...and you probably want to do that anyway to help with the boot.
<summ1else1985> yeah
<SFauconnier> I've set up a DHCP server with eth0 distributing IP adresses into the network.. everything works fine, but how do I forward a port to my laptop? (with intern IP 192.168.1.2)
<SFauconnier> I've opened the port with ufw, but how do I forward it?
<SFauconnier> (yes, I'm a novice)
<ball> SFauconnier: why would you?
<SFauconnier> my bittorrent client on my laptop will go faster if I open up a port on my server and forward it to my laptop
<ball> That makes no sense to me.
<SFauconnier> ball: sorry, I'm really new to all this :) I'll try and explain it again
<keltor> Should be an easy question ... I have a colocateed server that I wish to wipe back to stock & standard 9.04 server + openssh-server.  Is there any easy way of doing this?
<ball> If your laptop needs access to the Internet, why have it behind your Ubuntu server?
<SFauconnier> ball: the server has dhcp installed and acts as a router
<ball> Ah okay.  An odd choice, but okay.
<SFauconnier> now I need to forward port xxx to my laptop, so it can use bittorrent and battle.net, etc
<Keltor|Work> SFauconnier: why not use upnp?
<SFauconnier> ball: why is that an odd choice?
<SFauconnier> Keltor|Work: what's upnp?
<Keltor|Work> SFauconnier: most windows software will try to have a port opened up via upnp from the router. that way it's automagical
<ball> SFauconnier: most people (I'm assuming this is at home) would run an inexpensive (if hideous) off-the-shelf router that draws about 5 Watts.
<jdstrand> the ufw cli command does not support port redirections. you must edit /etc/ufw/before.rules. See /usr/share/doc/ufw/README.gz for details
<Keltor|Work> ufw works fine with linux-igd now i believe
<Keltor|Work> no ... that's debian that it's fully integrated with
<Keltor|Work> ubuntu removed it entirely
<SFauconnier> ball: the server also acts as a local apache and svn server for my 'bussines', for learning purposes I made a router out of it, so I can drop the off-the-shelf one
<SFauconnier> and well, learn
<SFauconnier> Keltor|Work: thanks, I'll look into that
<ball> Ah okay.
<ball> I have a server here too, but it's behind the router.
<SFauconnier> also, I only have a switch and a wireless router, if I were to put the server and the router both behind the switch, my computers and the server wouldn't be connected in a local network anymore (server doesnt have wifi)
<SFauconnier> hence I installed dhcp and put the wireless router behind the server (but acting as a bridge, not a router)
<ball> the wireless router takes care of that for you.
<ball> brb, phone
<Keltor|Work> usually best to get something like a wrt54g, have it do wireless, dhcp, dns, and those basics.  then it can port redir to your server
<SFauconnier> but there's no fun in that :o)
<SFauconnier> I've learned a lot the past 2 days
<SFauconnier> just by messing around
<Keltor|Work> understood
<SFauconnier> but thank you for the advice, didnt want to sound cocky
<SFauconnier> I appreciate it
<Keltor|Work> i've gone through a lot of effort lately to reduce my power usage
<Keltor|Work> i started figuring out my power utilization and realized .... I am wasting $100USD/month on nothing
<Keltor|Work> my server was aging so I bought a qnap
<Keltor|Work> the qnap is awesome actually
<Keltor|Work> 81W in full operation with 1.5TB drives
<chris_> how can i launch my znc as my user (chris)
<Keltor|Work> znc &
<SFauconnier> anyone know how I can start/stop/restart upnpd in ubuntu server 9.04? can't find it in /etc/init.d
<chris_> Whoops i mean how can i launch znc during boot :D
<gorgonzola> hello. i have a tricky question: i have an old gutsy box (dont ask) and i want to upgrade it to hardy over the network. is it possible to a) reinstall the os over the network via ssh or b) upgrade to hardy using the install cd, as with alternate desktop releases of (k)(x)(ed)ubuntu, and how should t be done? thanks!
<MatBoy> someone using fuzzyocr here on Ubuntu ?
<chris_> anyone know how i can launch znc as my user on boot?, rc.local is only for launching as root right?
<_ruben> could try putting: su - youruser -c /path/to/znc in it
<chris_> =\
<ClaytonG> Hi, I'm running 9.0.4 with mysql-server-5.1, snort-mysql installed.  They are working just fine.  I also want to install acidbase but acidbase package has a depency of mysql-client which is the 5.0 client.  Any suggestions?
<mathiaz> ClaytonG: you'd have to rebuild the acidbase package
<mathiaz> ClaytonG: and modify the Dependency to list mysql-client-5.1 instead of mysql-client
<big_ham> hey guys ... have a ubuntu server issue with both network adapters showing down
<big_ham> the server has ubuntu base running multiple Windows VMWare guests
<big_ham> all I did was to change the IP address and put the server behind a router and now both interfaces show down no matter what I do ... changing it back to the prior config does no good
<chris_> can i run a speedtest from the command line?
<LHC> heyy
<LyonJT> LHC hey
<LHC> :D
<LyonJT> How are you?
<LHC> gd gd, tryin to keep busy haha
<LyonJT> Sound's good! What you trying to keep busy with?
<LHC> ahh Im settin up a dedicated server seller site
<LHC> going to learn how to make lots of webhosts from one server
<LyonJT> Sweeet!
<LHC> amm "podcast" host like libsyn xD
<LyonJT> Sound's good!
<LHC> yeah hopefully itll bring in some money
<LyonJT> Best of luck!
<LHC> im sure if I do it good people will be willing to pay haha
<LHC> thanks
<LHC> what about u
<LyonJT> Indeed they will! Just the usual! Trying to learn PHP at the moment
<LyonJT> And ASP.Net
<LHC> D: I heard of asp before, is it for corporate things? im not sure
<LyonJT> It's like PHP but microsoft implementation of it
<LHC> does it suck? xD
<LyonJT> Haha lol
<LyonJT> Na i kinda like it!
<LyonJT> Taking a course in it at the moment
<LHC> online or irl haha
<LyonJT> irl?
<LHC> in real life
<LyonJT> Ohh
<LyonJT> Yes lol
<LyonJT> It's part of my university course
<LHC> ahh what is your course?
<LyonJT> Business Information Systems
<LHC> I do multimedia but may switch to finance or something. I can what the 4th year guys can do except they have a degree haha
<LyonJT> Fair play
<LyonJT> You enjoy it?
 * ball sighs
<LHC> not really its quite boring. I like the whole web startup company work place thing and conferences "vibe" but I would rather run the place and do design or dev work rather than be at the bottom haha hope that didnt sound bad
<LyonJT> Haha lool i know what you mean!
<LyonJT> very true!
<LHC> ill just have to wait and see haha
<LyonJT> Exactly!
<ball> I need a job.
<LyonJT> ball what job you looking for?
<ball> LyonJT: I don't know.  Something.
<LyonJT> Lol no idea at all?
<LHC> aha
<ball> Well, if I could take my pick I'd probably work for an ISP
<ball> "beggars can't be choosers" though..
<LHC> BETTER NOT LIMIT MY TORRENTS
<ball> LHC: Torrents are a legitimate and sensible way to distribute medium sized files.
<LHC> what sorta things do you need to work for one?
<ball> medium to large.
<LyonJT> I love torrents
<ball> LHC: a local ISP.
<ball> ...with an agreeable boss.
<LHC> what sorta work can u do?
 * ball shrugs
<ball> I've done hardware, software and liveware over the years.
<ball> ...so I'm fairly open-minded.
<LHC> tell them lol say u are a jack of all traders and an essential tool for this economic hell
<LHC> trades*
<ball> I suppose I should set up my own ISP.
<ball> Hate to think how much AT&T would charge me for a T-1 line though
<ball> ...and PRI for the inbound callers.
<LHC> haha cool
<LHC> setup one for data center
<LyonJT> Lool
<LHC> seems like a good customer? xD
<ball> LHC: who me?  I suppose I could.
<ball> ...albeit a small setup
<LHC> they all start small man :P
<LHC> plus everyone is talking about isps blocking certain things etc
<LHC> and how they would switch to someone else if they could
<LHC> BE THAT person xD
<LyonJT> Â£Â£Â£Â£ money to be made!
<ball> Suppose I need to sit down with a calculator and a telephone.
<LHC> haha better than nothing?
<LyonJT> Have fun!
<LyonJT> Bugger doing  that
<ball> LHC: only better than nothing if it doesn't cost me my house.
<LyonJT> Haha
<LHC> yeah I suppose haha
<LHC> do something, could be like a major project for you, possiby millionaire xD
<NativeAngels> how do i change it so a user can access the /home/user/pubilc_html folder
<genii> NativeAngels: They should already be able to put whatever they want in there. Or do you mean by http://domain/~theirname               way?
<NativeAngels> atm when they login they go to the /home/user folder
<NativeAngels> but theres a public_html folder inside that
<NativeAngels> so i want the user to also have access to the public_html folder
<genii> NativeAngels: if they: cd public_html                  they should now be in there
<NativeAngels> its so they can ftp pages to the folder
<genii> NativeAngels: By default a user has access to al the subfolders of their home directory
<NativeAngels> ok
<NativeAngels> ive setup proftpd
<NativeAngels> but not sure how to let the user upload to that folder
<LHC> I remember I spent 12 hours trying to set up a vhost, and all along it was one # keeping it from happening
<LHC>  xD
<LHC> aka stick in there
<genii> NativeAngels: If they are using some graphical ftp client normally it will show them the subdirs of their home dir, etc and allow navigation there. If they rae using CLI ftp they can still use the cd command to change dir as well.
<LyonJT> 12 hours?
<NativeAngels> i did but theres a permisions error when i use the public_html folder for webpages
<LHC> lol well maybe 6
<LHC> now I know to check everything xD
<big_ham> anyone able to answer my eth down issue?
<genii> NativeAngels: I've setup my .skel file to auto add public_html dir for new users. The ls -ld looks like:drwxr-xr-x 2 Username root 43 2009-04-21 18:16 public_html/
<NativeAngels> how do i change the .skel file genii
<genii> NativeAngels: Actually it's a directory   /etc/skel                   If you put stuff in there it will be auto-made in new user's home directories
<looseparts> Hello. I want to swap out a 10/100 nic for a newer 1G one, but the only way I know how to do that is to reinstall and let it be detected... (I know - I'm pathetic... ) What's the right way to do it? Thanks.
<genii> looseparts: There's a file to clean out the mac/ethX designation of the existing one, so the new will be again eth0. Give me a minute
<genii> looseparts: /etc/udev/rules.d/70-persistent-net.rules
<genii> looseparts: If the new card has a driver in *buntu it should auto load on boot and will be active immediately.
<looseparts> Thank you! the new card works great if it's in the board when I install, so should be fine. what modifications do I make to the rules file?
<racecar56> genii, guess what
<racecar56> genii, i got a monitor to work on my server
<genii> looseparts: Remove from the rules file the line which has the mac address of the adapter you are removing
<genii> racecar56: Good :)
<looseparts> perfect, I see that. Can't wait to get home and try it - Thanks a million : -)
<genii> looseparts: This will prevent the new adapter from being eth1 for instance, when eth0 no longer exists
<genii> looseparts: You're welcome
<racecar56> genii, i have a usb flash drive with ubuntu server 9.04 installer on it thanks to unetbootin
<racecar56> genii, but i can't seem to boot from it...
<racecar56> genii, i ran qemu -hda /dev/sdb and it works like it should, nothing wrong with the flash drive...
<racecar56> genii, dd might save the day >:D
<garchotron> hello ubuntu sysadmins out there
<garchotron> i have a little question that is buggin me out
<racecar56> ya
<racecar56> waht iz it
<racecar56> *what
<garchotron> i am mantaining a mirror in ubuntu server, i'm mirroring a couple of windows servers shares that comprise all mi office's data, we are in a stage of "pre migrating" all shares to samba authenticating against AD
<garchotron> what bugs me out is this
<garchotron> are there chances i'm loosing metadata (xattrs) by mirroring from smbmounted dirs? in ubuntu rsync is compiled w/o --xattr
<garchotron> will it cause trouble later?
<racecar56> any virtualization things that can emulate x64 processors AND attach a real hard disk to a vm?
<soren> racecar56: I think all of them will.
<soren> racecar56: kvm certainly does. Xen probably, too. VirtualBox allegedly too.
<racecar56> soren, just tried kvm and it reboots all the time... and idk how to use xen, and virtualbox idk how to make it use real hdd
<soren> What did you do with kvm?
<racecar56> boot off a usb stick i made with unetbootin
<racecar56> ubuntu server 9.04 64bit
<soren> *sigh*
<soren> I can't help you use it correctly if you're not telling me how you're using it now.
<racecar56> im trying to get ubuntu on my hp mediasmart
<racecar56> sudo kvm -hda /dev/sdb -hdb /dev/sdc -cpu qemu64 -m 512
<soren> And what is /dev/sdb?
<racecar56> sdb is my flash drive sdc is my sever's main hdd hooked up on usb
<racecar56> /dev/sdb1 is a fat32
<soren> And your flash drive is bootable?
<racecar56> ya
<soren> Ok. What exactly happens when you try?
<racecar56> reboots every time it loads one of the kernel files... finding out now
<racecar56> ubuninit
<racecar56> i think that is initrd.img in another name
<soren> How did you make this USB stick?
<racecar56> unetbootin
<soren> From what?
<racecar56> it was on a windows laptop
<soren> Based on what?
<racecar56> ubuntu 9.04 64bit server
<soren> An ISO?
<racecar56> yea
<soren> Why not just use the ISO?
<racecar56> ummm... its a different computer
<racecar56> im not on windows now
<racecar56> im on ubuntu 9.04 desktop now... on my old laptop
<soren> I don't know, to be honest. I don't know what unetbootin does to make stuff bootable. I'm not sure it'll necessarily work as a hard drive (which is what it becomes when you specify it like that)
<racecar56> basically all i want to do is get ubuntu 9.04 on my mss
<racecar56> mss = mediasmart server
<soren> I have no idea what that is.
<racecar56> hp mediasmart ex475
<racecar56> i got it last december
<soren> I have no idea what that is.
<racecar56> k
<soren> Does it matter?
<racecar56> i guess not a lot...
<soren> Ok.
<soren> I think you're better off with the ISO.
<soren> Otherwise, I need more info.
<racecar56> how would i boot an iso on a real server?
<soren> "ubuninit" is not something I've heard of before.
<racecar56> it's a rename of initrd.img/gz or something like that
<soren> racecar56: That mediasmart thing is a real server?
<racecar56> soren, real as in physical
<soren> Does it have a CD drive?
<racecar56> no, but i have a usb one
<soren> Well, that's one way.
<soren> Does it have a USB port?
<racecar56> 4 of em'
<soren> Put the USB stick in that, then?
<racecar56> i tried...
<racecar56> it won't boot it for some reason
<soren> How did you verify that it's bootable?
<racecar56> if kvm can at least load the bootloader on there.........
<racecar56> then it has to.
<soren> Err... No.
<racecar56> and it has boot flag according to gparted..
<racecar56> take 2.... imma try booting usb on my sever
<racecar56> uhh.. it still dosent see it
<racecar56> when i first start it there isn't a boot logo thing
<racecar56> then a phoenix award workstationbios screen comes, i hit DEL t get into setup
<racecar56> there isn't a thing to let me boot off of something, no boot menu
<racecar56> i set first boot device to be USB-ZIP...
<racecar56> hey... i saw 'USB Flash Memory1.00' in the boot thing...
<racecar56> but it didn't boot off of it :(
<blizzkid> lo all. Seen the fact it's generally less crowded in this channel than in #ubuntu... Does anyone know/remember if shipit cd's were available at the time of 4.10 and 5.04?
<yann2> yes
<ScottK> blizzkid: It being less crowded here doesn't magically change what's on topic.
<yann2> I did get a 4.10 cd
<yann2> and I've been deaing 5.04 cds at university by pack of tens :)
<blizzkid> ScottK: it's partially on topic, isn't it? ;)
<yann2> aaaactually there wasnt a server versoin at that time
<yann2> so it isnt :P
<blizzkid> yann2: true, true
<blizzkid> but asking the same question in #ubuntu has the same effect as asking my cat :p
<blizzkid> anyways, I'm looking for someone who has a spare cd (and cover ofcourse) of 4.10, 5.04, 7.10 and 8.10 left to complete my historical set of ubuntu cd's :)
<owh> I was asked about Apache 2.2.10 which adds the "bybusyness" loadbalancer. It's available in 9.04, but not in 8.04. It is the only reason that they were going to upgrade their production servers from LTS to 9.04. Is this a big-never gonna happen kind of thing, or is this a possibility?
<owh> I was provided with links to bug reports and even check-ins, haven't had the time to check yet, but I wondered if this might be added to the next revision of 8.04
<racecar56> there was a serverr version.... in a way
<racecar56> *server
<racecar56> it was on the same cd
 * owh has at this time no idea what the difference in code is. I was assured that the loadbalancer itself was a separate kind of module, but it's not an apache .so as such.
#ubuntu-server 2009-05-14
<owh> It just occurs to me that it might look like I'm asking someone else to do the work. I'm prepared to do the leg-work, but I thought I'd ask about the size of the effort before I volunteered :-)
 * racecar56 is sick of trying too get ubuntu working on a hp mediasmart ex475
<ajmitch> owh: adding new stuff to an LTS release is generally a not-going-to-happen
<ajmitch> unless you could make a really really good case for it
<racecar56> blizzkid, i didnt know ubuntu at the time :(
<racecar56> blizzkid, i found ubuntu in june/july 2008
<blizzkid> racecar56: I've been using ubuntu ever since 4.10
<racecar56> blizzkid, cool
<racecar56> blizzkid, if i would have known of it i would have used it :(
<owh> ajmitch: At this stage I'm coming up ZIP with "a really really good case for it", other than "this should not be the only reason for a user to have to upgrade to 9.04", and that doesn't really cut it does it :)
<ajmitch> I'd say 'good luck' if you were trying to convince those in control of stable release updates :)
<owh> As-in "Hell will freeze over, but if you manage to succeed I'll applaud"?
<ajmitch> pretty much
 * ajmitch must go to meeting
<owh> Tah
<owh> Later
<lwizardl> hi
<lwizardl> would it be wise to have your store web site and retail store database server on the same machine?
<yann2> depends on load I guess
<yann2> what point are you worried about?
<lwizardl> well I'm working on opening a local game store and the we site will be hosted inhouse using my local isp
<lwizardl> but I wasn't sure if I would bottleneck for sales and site on the same machine
<blizzkid> lwizardl: I'd never install web and db on one machine myself
<blizzkid> unless for testing/developing
<lolololo> i need a little advice from someone using command restrictions in .ssh/authorized_keys2
<owh> lwizardl: Are you concerned about load, or security?
<lwizardl> both
 * owh would be concerned about the latter :)
<owh> As in, retail store database implies suppliers, credit limits, prices, stock levels, etc. I'd not want that on the same device as the web server.
<blizzkid> +1 owh
<owh> Unless you're going to do lots of traffic, load is nearly always solvable with money.
<blizzkid> owh: crossed cable between frontend and backend on seperate nicks...
<lwizardl> ok because I don't think i will be doing sales anywhere near levels of like bestbuy, walmart, etc
 * owh observes that that is an extreme simplification, but that's what it boils down :)
<owh> money that is.
<owh> blizzkid: That is one option. Another is to publish data onto the web server with no live connectivity between them. Another is to virtualize the lot and separate them that way, another is to host the web server with a hosting provider and host the retail database locally. Another is to put them both remote. It's impossible to make recommendations without information.
 * owh needs food.
<owh> And sleep :)
<blizzkid> owh: obviously there's diff approaches ;)
<lwizardl> well see my only problem is that my webhost doesn't allow direct access to the mysql db for security reasons
<lwizardl> so i figured if it was locally here i could easy access it for the POS terminals
<blizzkid> lwizardl: can't you install xen?
<blizzkid> and then install 2 virtual servers?
<lwizardl> xen?
<blizzkid> locally
<blizzkid> or kvm
<blizzkid> or virtualbox
<blizzkid> or vmware
<blizzkid> :p
<owh> FYI: virtualisation != security
<lwizardl> k
<blizzkid> lwizardl: owh is right, although it helps
<blizzkid> if one virtual machine is compromised, the other is not by default
<blizzkid> best option imho is 2 machines separated by a dedicated firewall plus a bunch of other configs
<owh> Virtualisation is a means to abstract your problem domain, that is, break the problem into smaller chunks as well as manage hardware resources in a different manner.
<owh> Ultimately, the virtual machines are still running on the same actual CPU, so there is scope for transgression, ie. privilege escalation, DOS, whatever.
<blizzkid> indeed
<owh> lwizardl: Ultimately the question needs to be answered by doing research. Things like: "What will it cost the company if this data is compromised?" "How much will it cost if the server goes down?" "What fall back solutions are they and can I implement them in a cost-effective fashion."
<lwizardl> I was thinking a single server for starting out would have been ok, and then add another one later after the business is starting to get stronger known
<owh> You need to think of it in terms of: "How much does it cost if this disaster happens?"
<lwizardl> k
<owh> Sometimes the answer is a $1500 PC, sometimes it isn't.
<blizzkid> lwizardl: I started a project for a customer of mine
<blizzkid> small business to start with
<blizzkid> but I opted for 2 2-node clusters
<blizzkid> one for the frontend, and one for the backend
<blizzkid> $ 7K in servers
<blizzkid> cost of not being online, or stolen data would be much higher
<blizzkid> so was it worth it? No doubt
<owh> A question in that scenario would be: "Does the business have a full-time IT person with a clue, or not."
<owh> The sexier the solution, the more skill is needed to fix stuff.
<owh> K.I.S.S.
<lwizardl> its just me in the business so i'm still new to this stuff
<blizzkid> owh: they don't, but I do the support for them, and am (frankly) being quite well paid to do so ;)
<lwizardl> my first webserver was a xbox console running gentoo
<owh> lwizardl: Well, it's a start :)
<owh> At least you've come to u-s :)
<lwizardl> to this day i still love that distro but ubuntu is on all my computers now
<owh> One day you'll understand that optimized compilation is not better than apt-get :)
<lwizardl> all 9 of them including the 3 that will be my POS
<blizzkid> lol owh
<lwizardl> i use apt-get all the tim from bash i've always hated GUI configs
<owh> The biggest thing that most small businesses do is over estimate their income and under estimate their expenses. Unless you've got a pot of gold, spend less.
<owh> That doesn't mean, "be a cheap skate" btw.
<lwizardl> yeah i've been buying used fixtures and such to save money for later use on bills etc
<owh> If today your web traffic is zilch, then spend $9.95 per month on a virtual server in the cloud. Get your systems working, make money, expand. Rinse and Repeat.
<blizzkid> I don't completely agree with you owh better safe than sorry, even if that comes at a higher cost
<owh> blizzkid: The road is littered with failed start-up companies. I'm still here after 10 years <grin>
<blizzkid> owh: true, but what I meant to say it's all a matter of roi/tco and all that "crap" ;)
<blizzkid> If you know your data getting compromised will cost you at least $ 100K
<blizzkid> what's an investment of $ 10K?
<owh> That's only true if you have $10K :)
<blizzkid> obviously :)
<blizzkid> and in my example (the 2 clusters) it wasn't a startup company, but a new project for a long-existing company, so that's slightly different
<owh> Yeah, different kettle of fish.
<lwizardl> and whats a good hardware firewall for server use?
<owh> lwizardl: That's the same question really :)
<lwizardl> I was looking for like brands. only kind of hardware firewalls i have used so far are Linksys routers and most have been flashed with OpenWRT or DD-WRT
<blizzkid> lwizardl: for startup I'd go with an old pc and install some software fw
<lwizardl> blizzkid, so basically IPcop
<blizzkid> lwizardl: I don't know IPcop as such, but I'm sure there's some good software fw's out there
<lwizardl> i just know of 3 software firewalls all i think are linux based, m0n0wall, shorewall, and ipcop
<blizzkid> I guess monowall is good
<owh> lwizardl: Have you read the u-s guide? http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
<lwizardl> I think so but I will look at it again
<owh> It all gets much more personal if you need to make it work for a business :)
<owh> Gotta run.
<lwizardl> well he left before I could thank him for his help
<blizzkid> lol
<lwizardl> but thanks owh
<lwizardl> and blizzkid thanks for you help also. this is the reason why i use ubuntu all the time now
<blizzkid> same here :)
<blizzkid> I've done lots of messing up in the past :)
<blizzkid> the key is experimenting
<blizzkid> One advice I give you though: for production servers stick to LTS versions
<lwizardl> so 8.10 over 9.04
<blizzkid> yeah
<lwizardl> k i always just go to the newest version
<blizzkid> for production servers that's not the best option imho
<ScottK> That's generally worked for me too.
<ScottK> I have a test server that I verify everything with first.
<lwizardl> but all my servers are desktops being used as servers
<blizzkid> ScottK: I've messed up a software raid on a production server upgrading to jaunty... Not something you want :) Took me about 6 hours to fix that
<ScottK> blizzkid: I did that once, but I'd taken a 4 hour maintenance window for the box, just in case.
<blizzkid> lwizardl: that's not servers imho :p
<lwizardl> yeah i know
<lwizardl> servers are rack mounted cases
<blizzkid> ScottK: in this case it was one node of a 2-node cluster, so no real damage was done, but still...
<blizzkid> lwizardl: not necesarily
<blizzkid> tower servers are perfectly fine too
<ScottK> It depends.  I've been in situation where newer functionality was actually useful.
<blizzkid> but desktop os != server os
<lwizardl> yeah but generally you see the 1U/2U type servers used
<blizzkid> ScottK: obviously if you need that newer functionality, it's reasonable to upgrade
<ScottK> Actually my oldest system is Dapper and it's a desktop (and used as such).
<yann2> enjoying firefox 1.5?
<blizzkid> nice, I didn't think those would still be in the wild :)
<ScottK> yann2: It works well enough when I use it.  It still gets security support.
<ScottK> I tend to use Konqueror more on and more on that particular machine though.
<yann2> firefox3 still significantly faster on heavier webaps :)
<ScottK> Yes.  FF3 is the first FF I've liked more than FF 1.0.
<yann2> Its still OpenOffice 1 isnt it?
<yann2> sounds painful not to be able to open ODF
<twb> I thought OO was up to 2.4 or 2.6 or something
<ScottK> No.  It's 2
<ScottK> 2.4 I think.
<yann2> right
<ScottK> Works fine with ODF.
<yann2> sounds surprising  I thought it was 1.x or 2.0
<Noah0504> Does anyone have any experience with LVM and or software RAIDs?
<benspaulding> I am trying to configure daemontools on Jaunty server and it needs to edit /etc/inittab in order to work.
<benspaulding> But my Jaunty install doesnât have an /etc/inittab.
<benspaulding> Has that been moved? Is there somewhere else I need to look? Or am I just doing my daemontools setup wrong?
<ScottK> I don't think Ubuntu has had that since Dapper.
<benspaulding> Oh. Alright.
<benspaulding> Any ideas how I can get daemontools set up then?
<ScottK> What was your editing /etc/inittab intended to accomplish?
<benspaulding> It adds a line ``SV:123456:respawn:/usr/local/bin/svscan-start`` that scans to be sure certain processes are running.
<twb> upstart replaces inittab with /etc/event.d.  upstart-sysv-init has partial compatibility with inittab.
<twb> Sorry, upstart-sysv-compat
<Mal3ko> hey folks, how do i disable users from making ssh tunnel?
<benspaulding> Cool. Thank you.
<Noah0504> Bleh.  I'm trying to figure out if I should use RAID5 or LVM and and back up to NAS.
<twb> Where "partial" basically means "bugger all"
<twb> Noah0504: as opposed to what?
<Noah0504> Well, basically I have a desktop system that is going to aslo act as a file server.  I plan on picking up two more TB drives this weekend to make a total of four.  That would make a 3TB RAID5 system... but it seems a little confusing to set up as a software RAID.  I was ust thinking about not doing RAID and using LVM to have different partition on different drives.  Maybe one or two drives for /srv and so on.
<Noah0504> Or maybe just / on multiple HDDs with LVM and backup as neccesary.
<twb> Noah0504: then a failure of any one disk will lose ALL the data on that disk
<twb> But using a server as a desktop also is a Dumb Thing.
<Noah0504> Ha.  I know.  It's a lightly used desktop.
<Noah0504> Not a main machine.
<Noah0504> But, it's the occasional file server, so I thought different partitions on different disks would speed things up a bit, and still add some protection.
<twb> You're hurting my brain with your pseudologic
<Noah0504> Well, thanks for not offering your logic then...
<twb> As I said, 12:37 <twb> Noah0504: then a failure of any one disk will lose ALL the data on that disk
<Noah0504> Would a BIOS RAID be any good?
<twb> Noah0504: only if it's real raid and not fakeraid.
<twb> Noah0504: did you pay at least $100 for your RAID card?
<twb> (Oh, and hardware raid is usually more of a hassle to set up and maintain.  I would just put up with the slower performance of md RAID for a non-critical system.)
<Noah0504> for md RAID, I would basically create idental partitions on n drives and go from there?
<twb> The ubuntu-server installer will help you set up md raid.
<twb> Broadly, you will create partitions of equal size on each disk, then create arrays of those partitions (one for /boot and one for LVM), then  create an LVM PV on the latter array, then create volumes and filesystems on the PV.
<Yingying_Zhao> Does Ubuntu 9.04 have IA64 build?
<ScottK> Yes.
<twb> ScottK: an official one, or an unofficial one?
<Yingying_Zhao> official one
<ScottK> twb: Community supported, not by Canonical
<twb> Yingying_Zhao: note that 64-bit Intel systems are usually AMD64 architecture -- IA64 is for Itanium.
<twb> ScottK: righto
<Yingying_Zhao> i know. so only community support for IA64 distro, right?
<ScottK> Yes.
<twb> ScottK: I suppose it doesn't matter much unless you were intending to buy a support contract from Canonical?
<ScottK> twb: It does matter somewhat in the focus during development.  Problems in community supported archs are by definition not show stoppers for release.
<twb> Do community supported architectures benefit from canonical infrastructure, such as buildds and launchpad?
<ScottK> Yes
<twb> ScottK: ah, good point
<twb> Like m68k on Debian
<ScottK> And it's not like Canonical people don't care/work on problems with them, it's just not their priority
<ScottK> twb: No m68k isn't in Debian at all anymore.
<twb> Hmm, really?
<ScottK> It was dropped right after Lenny released.
<twb> dnsmasq is available for m68k in sid...
<twb> Where "dnsmasq" is just the first package name I could think of
<twb> Oh well, it doesn't matter.
<ScottK> Some of the tools still report stuff.
<sbeattie> and indeed, I believe there may be installability issues around the kernel on ia64; Yingying_Zhao, you probably want ot ask around on #ubuntu-ports.
<ScottK> Jaunty was a good release for ports in general.
<ScottK> I don't recall specifically about IA64
<twb> Does Ubuntu have anything like emdebian (an embedded / arm SIG)?
<ajmitch> ubuntu-mobile?
 * twb reads
<twb> Apparently Ubuntu Mobile is for atoms (i386).
<ScottK> We have an armel architecture, but nothing as extreme as embeddian.
<ScottK> twb: Actually we have a separate lpia architecture for LPIA.
<Yingying_Zhao> sbeattie: Thanks for your suggestion~
<ScottK> LPIA/Atom
<twb> ScottK: I thought that was deprecated
<ajmitch> I'm fairly sure there's ongoing work on ARM
<ScottK> Not yet.
<ajmitch> wasn't jaunty officially released for ARM?
<ScottK> It was released, but as a developer preview.
<ajmitch> ok
 * ajmitch only read the subject line of that mail 
<Noah0504> twb: So, if I make three partitions on each drive (boot, /, and a swap... will those be combined and synced?
<twb> Noah0504: only if you make RAID arrays of the partitions.
<twb> Noah0504: normally you would either put swap inside LVM inside the RAID5 (slow, but you can allocate more/less swap space as needed), or a separate swap partition on each disk (much better performance).
<twb> I don't worry about swap too much because by the time my systems are swapping, they are already screwed.  Hooray for the 2.6 kernel....
<ajmitch> or stuff just sits in swap for months on end
<twb> IMO the main reason for a modern system to have swap is 1) suspend-to-disk; and 2) buffering of disk blocks.
<Noah0504> Eh, my Internet cut out.  twb, is there anyway to just create the RAID array and have Ubuntu take care of the partitions?
<twb> Noah0504: not really, no.
<twb> Noah0504: setting up RAID still sucks on d-i (Debian and Ubuntu)
<Noah0504> Well, it's no big deal, I'm just trying to get an idea of everything.  I still need to get the rest of the drives to complete a RAID 5 setup which will happen on Sat.
<twb> There really ought to be a guided partitioning choice like "Erase all my disks and use LVM and RAID", which would use RAID1 for a two-disk system and RAID5 for more disks.
 * twb goes to pester #debian-boot about it
<Noah0504> That's what I was hoping would have been done by now!
<Noah0504> :)
<ajmitch> twb: it's on the list of things to do, I believe
<Noah0504> It's not roo much trouble to make the partitions, I'm just working on the research right now.
<twb> ajmitch: yeah, I know
 * ajmitch knows how annoying it was to go through & setup this desktop with RAID & LVM
<ajmitch> even though I've done it several times before, it was just tedious
<Noah0504> So, if I make a 10GB swap on a each of the drives in a 5 disk RAID 5 setup, is my swap partition going to be 40GB?
<twb> Noah0504: if you make swap partitions outside the array, then you get size Ã number of disks.
<Noah0504> If they're inside the array?
<twb> Noah0504: if you make swap inside the array, then only size Ã 1
<twb> Noah0504: how big are your disks?  1TiB?
<Noah0504> Yes.
<twb> Yeah, so I would make (say) a 1GiB or 8GiB swap partition on each disk *outside* the array.
<twb> Then tell /etc/fstab to mount them all with the same priority, so they are striped
<twb> This stuff is much easier in d-i than it is on an already-running system, I think.
<Noah0504> The system will be reloaded.  So, it will all be done during install.
<Noah0504> So, I should make a /boot, LVM (basically /) and a swap partition on each drive?  Then make the array on the LVM or / partition?
<twb> Let me find the notes I wrote the other day for someone else
<Noah0504> Thanks a lot.
 * ajmitch would do LVM on top of RAID rather than RAID on LVM
<twb> ajmitch: yes
<philsf> isn't there a TUI that makes it all easy?
 * philsf thinks it's evms
<ajmitch> I only care about it at install time, usually
<philsf> sure
<philsf> except when something fails
<ajmitch> then I'd rather use mdadm & lvm tools myself than relying on evms
<philsf> pacakges.u.c tells evms was dropped after hardy
<ajmitch> evms had issues
<twb> I thought evms was the opposite of lvm
<ajmitch> evms was sort of all-encompassing
<twb> i.e. you picked one or the other
<ajmitch> I recall it & lvm disagreeing on the size of some logical volumes once
<ajmitch> which worried me a little
<ajmitch> I'm fairly sure you could have them both installed, it's been a little while since I had it installed though
<philsf> I recall discovering about it when accessing my volumes wasn't possible with lvm tools
<philsf> because the devices were moved to /dev/evms/*
<philsf> took me some hair to find that out
<philsf> because dapper installed and enabled it by default
<twb> Noah0504: http://paste.lisp.org/display/80184
<Noah0504> Thanks, twb.
<twb> Noah0504: note that there I advocate swap inside LVM, but you can easily have separate swap partitions outside of LVM, i.e. sd[abc]3 4GiB swap
<twb> With 1TiB disks, permanently allocating several GiB to swap doesn't matter too much
<Noah0504> So, sticking them outside of the array would be fine?
<ajmitch> yes
<Noah0504> Faster even?
<ajmitch> unsure if it'd be noticeable
<Noah0504> Ha.  Well, like twb mentioned, you shouldn't need to be too dependent on it.
<twb> It'll be faster because swap will strip across the disks -- RAID0 instead of RAID5
<ajmitch> yes, I just setup 2 swap partitions rather than using RAID 1 on here
<twb> (Note that you swap is RAID0 automatically -- do NOT actually create a RAID0 array.)
<Noah0504> So, the /boot is actually being mirrored to each other, while LVM will actually stripe?
<Noah0504> (With parity, of course.)
<twb> Noah0504: /boot is RAID1 (mirror) because it has to be, for GRUB
<twb> So it's a mirror of three disks
<Noah0504> Which will cause it to still boot upon fail...
<Noah0504> I get it.
<ajmitch> which is sort of important & all
<twb> The main LVM PV partition is a RAID5 array, which basically means it does the right thing, and you can lose up to one disk safely.
<twb> If you have *five* disks, you might want to consider using *two* parity disks, which will give you more safety in exchange for less storage space.
<Noah0504> Great.  I think I have it all figured out now.  Doesn't seem like it should be too hard to get figured out when I actually go to do it.  I just need to pick up the extra disks on Sat.
<twb> RAID5 with two parity disks is sometimes (incorrectly) referred to as RAID6.
<Noah0504> I'll be going with 4 or 5 disks.
<Noah0504> And then a couple eventually for drive failures.
<Noah0504> Which hopefully won't happen soon.
<Noah0504> :)
<twb> Oh, and just to be clear: RAID5 doesn't mean 5 disks.  RAID5 works with 3 or more disks.
<Noah0504> That I do know.  I'm not really a stranger to RAIDing... just software RAID with md.
<Noah0504> Ha.
<Noah0504> I screwed myself though.  I'm locked in on getting this Seagate drives when the WD Greens are $90 now!
<Noah0504> Oh well, these Seagates have 5 year warranties.  Which is why I ususally go with them.
<uvirtbot> New bug: #291987 in mysql-dfsg-5.0 "mysql-server-5.0 installation fails" [Undecided,Confirmed] https://launchpad.net/bugs/291987
<twb> Man, $90 for 1TiB
<twb> Remember MFM?
<Noah0504> I've been paying $99 for these Seagate drives... still not bad.
<Noah0504> RAM and HDD prices have plumeted.
<ajmitch> twb: if only it were 99 AUD
<Noah0504> I'm going to set up a test RAID of 0 on these drives.
<Noah0504> I just have two... take it for a spin and make sure I have a grasp of it.
<twb> ajmitch: Seagate 3.5" 1TB 1000GB 7200rpm SATA or SATA II Serial ATA100 HDD Hard  AU$144
<ajmitch> that's pretty decent
<twb> AU$139 for hitachi, meh
<Noah0504> Not worth it.
<Noah0504> Ha.
<twb> AU$197 for 1.5TiB seagate
 * ajmitch is still looking at over NZ$230 for 1TB drives on a local site
<Noah0504> Ouch.
<twb> ajmitch: yeah, well.  I'm looking at the listings for "warehouse with an asshole and a desk in front of it" retailers
<ajmitch> aha, I'm looking at a reliable site with free delivery in NZ
<ajmitch> so I'd expect a little more
<Noah0504> I'm just glad to have Newegg.com here.
<twb> Oh, of course warehouse-asshole does not do delivery at all.
<twb> I mainly use his listings to find out what the lowest possible price is, so that I know what the markup of other retailers is :-)
<twb> http://twb.ath.cx/Preferences/.bin/msy
<Noah0504> ext2 or 3 for boot?
<twb> Use ext3 unless you know better
<Noah0504> Gotcha.
<mib_a6s4uz3b> HI, I have a Ubuntu Server 9.04 consisting of DHCP, NTP, DNS, OpenLDAP and SAMBA. I want to join my Ubuntu 9.04 Desktop. How can I do so?
<mib_a6s4uz3b> I have configured this as per the server documentation.
<mib_a6s4uz3b> But instructions for joining a Ubuntu Client is not clear to me.
<mib_a6s4uz3b> Hey anyone around
<Rafael> how can i see/check the size of the boot area
<mib_a6s4uz3b> Hi, anybody around
<dhruba> Hi, anybody around?
<dhruba> I have configured a PC with NTP, DHCP, DNS, OpenLDAP and SAMBA as per the documentation of Ubuntu 9.04 Server. But I am unable to join my Ubuntu 9.04 Desktop with it.
<pteague> do i simply need to do a `/etc/init.d/networking restart` after changing an ip address or do i need to do something else?
<dhruba> No restarting the network through the command is sufficient
<uvirtbot> New bug: #376359 in samba (main) "Truncating NetBIOS name don't work" [Undecided,New] https://launchpad.net/bugs/376359
<Kamping_Kaiser> just over 100 5.04 cds. knew i had 'some' left, didnt know it was enough to start a company
<uvirtbot> New bug: #373736 in mysql-dfsg-5.0 (main) "Upgrade from Intrepid to Jaunty uninstalled mysql server" [Undecided,New] https://launchpad.net/bugs/373736
<[HU]gnanet> Hi, anyone got an idea how to downgrade rdiff-backup nicely if my backup server and the server i do my backups to are different versions of ubuntu?
<[HU]gnanet> and therefore rdiff-backup is also different?
<[HU]gnanet> ok i read on forums its a rdiff-backup problem not the version diff (8.10 ubuntu and 1.1.16 rdiff-backup)
<uvirtbot> New bug: #376377 in apache2 (main) "package apache2.2-common 2.2.11-2ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/376377
<andol> ttx: Believe I might have goten the hang of merging nagios3. Just have a few questions...
<ttx> andol: shoot
<andol> ttx: Seems like the only Ubuntu changes which I might want to keep is the Maintainer field. Is that something we still want to keep, even if the rest of the package just is a copy of the debian version?
<ttx> andol: no. You should keep it only if there are Ubuntu changes
<ttx> andol: so in this case it should be a sync request.
<ttx> and I can confirm it is.
 * andol starts reading about syncs...
<andol> ttx: So, what I do now is submit a sync request in LP, and subscribe ubuntu-main-sponsors?
<ttx> andol: yes. Manually or using requestsync -s
<Blackhold> hello
<Blackhold> could someone help me please?
<ttx> !ask | Blackhold
<ubottu> Blackhold: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Blackhold> ubottu: gutsy repos don't appear
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<Blackhold> I have the system not updated about a 9 months
<Bergcube> Ubuntu 9.04 with zabbix-server-mysql and zabbix-frontend-php installed. Upon first connect from the webbrowser I get the error "Timezone for PHP is not set. Please set "date.timezone" option in php.ini." I have set the timezone in /etc/php5/apache2/php.ini but that didn't help.  What should I do to fix this?
<twb> Would that be because Gutsy is not a LTS, and it is no longer supported?
<twb> Bergcube: maybe you also need to restart apache or php?
<Bergcube> twb~  Well, I've even rebooted.  Sorry for not including that....  :-S
<twb> Bergcube: dunno, then.  Be patient and hope someone else knows
<Bergcube> twb~  Thx.
<Blackhold> twb: yes
<twb> Blackhold: you should schedule an upgrade to 8.04 ASAP
<Bergcube> Hm, I guess there must be a PHP channel here too...
<Blackhold> wich is the codename?
<twb> Blackhold: hardy
<Blackhold> twb: then, where appears gutsy I should put hardy?
<twb> Blackhold: I think you can change the sources.list to point elsewhere and still get gutsy, but obviously it won't be supported after it is EOLd
<Blackhold> and then # apt-get safe-upgrade ?
<twb> Blackhold: you should read the release notes
<Blackhold> sorry apt-get update && apt-get safe-upgrade
<twb> !gutsy->hardy
<ubottu> Sorry, I don't know anything about gutsy-
<twb> Grr.
<twb> !dist-upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<uvirtbot> New bug: #376392 in openvpn (universe) "Enabling VPN connection in NetworkManager messes up routing table" [Undecided,New] https://launchpad.net/bugs/376392
<andol> ttx: Since you seem to be around, does bug #376397 do the trick?
<uvirtbot> Launchpad bug 376397 in nagios3 "please sync nagios3_3.0.6-4 (main) from debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/376397
<ttx> andol: looking...
<ttx> andol: adding the Debian changelog since latest Ubuntu helps in seeing the delta was merged
<ttx> andol: see bug 372699 for example
<uvirtbot> Launchpad bug 372699 in libcgi "Sync libcgi 1.0-7 (universe) from Debian unstable (main)." [Wishlist,Fix released] https://launchpad.net/bugs/372699
<uvirtbot> New bug: #376397 in nagios3 (main) "please sync nagios3_3.0.6-4 (main) from debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/376397
<ttx> andol: basically you have to say that the only Ubuntu delta was that prerm apacheconf purge and show in the Debian changelog that it was adopted in Debian
<ttx> It will help the sponsors job.
<andol> ttx: Got it, changing the description now...
<andol> ttx: better?
<ttx> andol: looks good
<andol> ttx: thanks
<ttx> now subscribe the relevant sponsor team so that they ACK your conclusion
<ttx> I can't do that myself for main (yet)
<andol> done
<ttx> andol: cool, now, on to nagios-plugins for level 2 :)
<andol> ttx: Will do, just have to start doing some laundry first...
<ttx> andol: bah, who needs clothes
<andol> ttx: Well, I'm going to ride the bus tomorrow. Not sure if that is kosher to do without any clothes on :-)
<sergevn> hi i want to install IBM DB2 client for php5, is there any package or tutorial ?
<safl> Hey people, I'm used to having the output of cron send to roots mailbox, this is disabled by design in ubuntu-server, how can i "get it back"? I've tried installing mailutils, but i guess theres more to it than that... the $MAILTO var is still empty...
<andol> ttx: Since I assume you already know the "correct answer" of nagios-plugins... I take it that there should be a merge preserving 99_check_ntp_segfaults.dpatch as well as the structure of nagios-plugins-extra?
<ttx> andol: I seem to remember we must also preserve usage of libradius1-dev as build-dep
<andol> ttx: You'r right, I missed that.
<andol> ttx: Anyway, seems like the merge-o-matic took care of all those things. So what I should do now is write up a merge request, explaining the deltas we keep and fix debdiffs to upload?
<ttx> you should also write a changelog entry
<ttx> regenerate the source package to include that changelog entry
<ttx> generate debdiffs from that
<ttx> + forward the relevant fixes to Debian
<ttx> (if any)
<ttx> andol: + also check the existing bugs list to see if any would get fixed by the new version
<andol> ttx: Don't see anything in the 1.4.12-5 changlog entry which matches current LP bug reports on nagios-plugins.
<ttx> andol: me neither
<reya276> How can I restrict users connecting through OpenSSH to only read,write and view to their home directories?
<andol> zul: See you did the last merge of nagios-plugins? How did you handle/note changes in the ./po/ folder?
<zul> andol: no i just woke up
<andol> zul: Well, the second last I guess now when I take a closer look, but ttx refers the question to you. good morning by the way.
<zul> ttx: ok thanks..
<reya276> How can I restrict users connecting through OpenSSH to only read,write and view to their home directories?
<ttx> zul: you're welcome ;)
<reya276> I tried changing the user shell to /bin/bash -s but that does not work
<zul> andol: keep them and note the changes in the changelog
<andol> zul: Specific po changes, or just refer to them as general changes to po/?
<zul> just general
<andol> zul: That was the answer I was hoping for, thanks :)
<\sh> moins guys...
<andol> zul, ttx: Any particular reason why the nagios-plugins package doesn't have any XSBC-Original-Maintainer in debian/control?
<zul> nope just add it
<andol> ttx: Before I subscribe sponsors to bug #376459, is there anything in particular wrong with it?
<uvirtbot> Launchpad bug 376459 in ubuntu "please merge nagios-plugins 1.4.12-5 (main) from debian unstable (main)" [Wishlist,In progress] https://launchpad.net/bugs/376459
<ttx> andol: looking
<ttx> andol: looks ok, <nitpicking>You don't need to add a changelog entry about the XSBC-Original-Maintainer change because it is an implied change</nitpicking>
<ttx> andol:  I'd say do not bother redoing the patches unless your sponsor objects to it
<andol> Ok, thanks
<henriquelm> Hello There
<henriquelm> Where are located the header files and libraries of the X window system un Ubuntu Server 8.04?
<W8TAH> ive a snort machien that i just moved to a new physical location -- stupid me forgot to mark the cables - -is there a way that i can have the box tell me which nick is which ?
<andol> ttx: Well, now it is time for me to enjoy some of that outdoors. Thanks for the help today. I've learned lots.
<ttx> andol: you're welcome
<henriquelm> Can someone help me out with the x11vnc installation? http://rafb.net/p/49hZC730.html
<soren> henriquelm: Try in #ubuntu.
<angelleye> I'm a PHP developer but my local test enviorment has always been Windows.  I'd like to get an actual linux dev enviornment up and running.  I just installed ubuntu 9 and lamp.  Now I'm sitting here with some questions.  Can anybody help me out real quick?
<ScottK> !ask | angelleye
<ubottu> angelleye: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Hamzifer> kirkland: here?
<gourgi> hey guys, i have a problem with vlans in 9.04. same configuration is just fine under 8.10
<Hamzifer> kirkland: oh, heh, i've just seen bug #375309, will post on there instead
<uvirtbot> Launchpad bug 375309 in byobu "attach to byobu crashes on hardy" [High,Confirmed] https://launchpad.net/bugs/375309
<gourgi> when i restart networking i get this http://pastebin.com/m17c7325b
<gourgi> here is my interfaces http://pastebin.com/f77236772
<gourgi> also i noticed that in 9.04 lsmod |grep 8021 give two modules:  8021q and garp, while in 8.10 only 8021q. is this relevant?
<kirkland> Hamzifer: yes, thanks.
<gourgi> anyone else seen this vlans problem with 9.04 ?
<gourgi> btw i have no nfs mounts in me fstab
<moonpup> hi, can someone tell me when setting up samba if adding the root user (smbpasswd -a root) is still a required step for functioning properly?
<moonpup> for some reason i can't get OS X to mount home directories although other shares mount ok
<reid_> hmm.. x was just working on my server..  now when I startx, it says "Saw signal 11. Server aborting"
<ScottK> If it involves X, this isn't the channel for it.
<reid_> fair enough
<big_ham> anyone around to help with NIC issue in Intrepid?
<ivoks> RoAk: there?
<RoAk> ivoks, heya master, how's it going
<ivoks> great
<ivoks> i've talked with fabbione
<RoAk> ivoks, what he said?
<ivoks> there's an intention to merge rhcs and pacemaker
<ivoks> basically, heartbeat is a dead project
<ivoks> http://www.gossamer-threads.com/lists/linuxha/pacemaker/51414
<RoAk> ivoks, so basically, they want to do: pacemaker + openais = rhcs
<ivoks> no, merge them
<ivoks> parts of rhcs + parts of pacemaker = new cluster stack
<RoAk> ivoks, I see then.. so what they wan't to do, is to create a new cluster stack and then rhcs and pacemaker will disappear as a single project?
<ivoks> correct
<ivoks> but this will not happen in next year
<ivoks> there's no date when they will achieve this
<ivoks> that's the goal and they started with first steps
<ivoks> so, what we should do is talk with debian-ha-maintainers
<RoAk> ivoks, yeah.. it will take time for them to create it, however in the link I can see that they'll keep the heartbeat subsystem
<ivoks> parts of it
<RoAk> ivoks, i've been on that, and debian-ha-maintainers are only contacts of drbd8 and csync2
<ivoks> ok
<RoAk> so it's a dead end, unless they start working on other package.. anyways.. we'll have to talk to them and see if they have something thought about HA
<RoAk> otherwise, what do you think we should do? at least for karmic?
<ivoks> i'll work on rhcs
<ivoks> i think we should have both rhcs and pacemaker in main
<RoAk> if we do so, we should also have heartbeat and openais
<ivoks> openais is in main already
<RoAk> because, what i've been seen lately is that many people is now trying to use pacemaker/heartbeat
<ivoks> rhcs depends on it
<ivoks> that's true
<RoAk> so, pacemaker won't do any good if it works by itself, since it is intended to work with heartbeat or openais
<ivoks> RoAk: i think we should stick with openais
<ivoks> we should also join linux-cluster and linux-ha channels
<RoAkSoAx> ivoks, an what should be do about heartbeat (in my experience, much more people use heartbeat rather than openais)
<ivoks> RoAkSoAx: make it usable and leave it in universe?
<RoAkSoAx> ivoks, ok then... so these new project is gonna have a little bit of everything, heartbeat, pacemaker, rhcs
<ivoks> it seems so
<ivoks> but we will know more once we join linux-ha and linux-cluster
<RoAkSoAx> ivoks, i do think it is a good idea to take the best of every stack and make one single stack, which should work better
<ivoks> that's their plan :)
<RoAkSoAx> k :)
<RoAkSoAx> ivoks, btw.. have you take a look to my latest merge?? I'm not sure if what I did is the right thing to do... I added quilt as patch system for the Ubuntu change...
<ivoks> i haven't yet
<RoAkSoAx> ivoks, k, when you have a little time please take a look and give me some feedback about it
<ivoks> i will today
<ivoks> in couple of minutes
<RoAkSoAx> ivoks, now.. how's the process to work with FTBFS
<ivoks> RoAkSoAx: bbl
<uvirtbot> New bug: #376250 in mysql-dfsg-5.0 (main) "mysql-server failed to install/upgrade" [Undecided,New] https://launchpad.net/bugs/376250
 * ScottK wonders if which mysql to use for Karmic needs a spec?
<ivoks> :)
<ivoks> let's move to MariaDB
<ivoks> that way we can still call it a LAMP stack
<ScottK> Heh
<mathiaz> ivoks: did you get a change to test drbd 8.3 with 2.6.30 in karmic?
<ivoks> chance? not yet
<ivoks> i could do it during UDS
<ivoks> mathiaz: why do you ask? any problems with it?
<mathiaz> ivoks: nope - just checking
<ivoks> ok
<mathiaz> ivoks: I know we run into problems in previous releases
<ivoks> 8.3.1 was the last drbd
<mathiaz> ivoks: with issues between userspace and kernel
<ivoks> it was tested with 2.6.29
<ivoks> i know...
<mathiaz> ivoks: yeah - since karmic is on 2.6.30 - thinks may be broken now
<ivoks> i doubt...
<ivoks> Wed, 29 Apr 2009 14:06:04 +0000
<ivoks> that's the last commit in drbd 8.3 :)
<mathiaz> ivoks: and there is the ubuntu specific patch about CN_IDX_DRBD
<mathiaz> ivoks: is this something that may have changed in 2.6.30?
<RoAkSoAx> ivoks, btw.. DRBD8 has not reached the archives yet, right?
<mathiaz> RoAkSoAx: the merge for karmic - no
<ivoks> mathiaz: ignore that patch
<mathiaz> RoAkSoAx: I'm looking at it now
<ivoks> mathiaz: it's just a number under which module is registred
<mathiaz> ivoks: ? it's still in the merge though
<RoAkSoAx> mathiaz, :)
<ivoks> mathiaz: so, if you merge it, it won't work in karmic (i need to send in a patch for kernel)
<mathiaz> ivoks: ok - so it's something specific to ubuntu and the integration of the kernel module into lum
<ivoks> correct
<ivoks> even the upstream knows that
<mathiaz> ivoks: hm - I didn't understand - is the CN_IDX_DRBD
<mathiaz> ivoks: hm - I didn't understand - is the CN_IDX_DRBD patch still needed in karmic?
<ivoks> it is, but that change doesn't influence the drbd it self
<mathiaz> ivoks: ok
<ivoks> CN_IDX_DRBD is a number for linux's connector
<big_ham> guys ... I had a VMServer running perfectly on Intrepid with a static WAN IP ... I went to put it behind a router and change to a static LAN IP and now both NIC's show down
<big_ham> I changed everything back to the way it was and still everything shows down
<big_ham> literally all I did was to change the network file
<big_ham> I am baffled
<ivoks> mathiaz: you can sign it with you own key, you know that? :)
<mathiaz> ivoks: I always sign with my own key - why do you ask?
<ivoks> never mind :)
<andol> If I want to merge packages related to the server team. Is there any reason why I might want to focus on packages in main or on packages in universe?
<mathiaz> andol: well - focusing on universe will help get you experience for becoming a MOTU
<andol> mathiaz: That's a good point, thanks.
<mathiaz> andol: bug 376459 - could you please send the ntp patch to Debian?
<uvirtbot> Launchpad bug 376459 in ubuntu "please merge nagios-plugins 1.4.12-5 (main) from debian unstable (main)" [Wishlist,In progress] https://launchpad.net/bugs/376459
<andol> mathiaz: Yes, but before I do that I want to make sure the error also applies to a Debian system. Or is it obvious enough just to assume it does?
<mathiaz> andol: I think it applies to debian too - I haven't checked - but the patch is taken from upstream svn
<mathiaz> andol: so there is a good change it applies in Debian too
<andol> Ok, then I'll submit it to the debian bts.
<dayo> anyone know how to manually config a connection to an ADSL modem?
 * gourgi is desperate , needs help with vlans in 9.04 !
<gourgi> anyone willing to help me with a vlan problem in 9.04 ?
<gourgi> here i describe the problem http://ubuntuforums.org/showthread.php?t=1159283
<wizardslovak> anyone has played with postfix here?
<ivoks> nope
<ivoks> what's that? :)
<Vog-work> wizardslovak: I do regularly but postfix questions are best made in #postfix
<Vog-work> nevermind see you there now
<uvirtbot> New bug: #376459 in nagios-plugins (universe) "please merge nagios-plugins 1.4.12-5 (main) from debian unstable (main)" [Wishlist,Fix committed] https://launchpad.net/bugs/376459
<wizardslovak> ok so when i type "telnet localhost 25" i am getting "connection refused"
<wizardslovak> what should i do?
<RoAkSoAx> mathiaz, I added a new debdiff for openvpn :)
<ivoks> good night
<wizardslovak> "apt-get remove "software"" will remove program , and if i want to remove file and config what should i erase?
<gourgi> wizardslovak apt-get purge
<wizardslovak> ""apt-get purge software"??
<gourgi> wizardslovak correct
<gourgi> wizardslovak apt-get --help
<wizardslovak> thx
<ScottK> Or man apt-get
<TimReichhart> I need some help on getting my network to come back up and when I did the lshw -C network  it came up with network card disabled
<TimReichhart> and I am using 3com 3c905b cyclone
<wizardslovak> ok when i type "netcat mail.domain.com 25"
<wizardslovak> it doesnt show anything
<n0ah> i kinda need the default php.ini that comes with ubuntu server 9.04
<n0ah> messed it up bad
<wizardslovak> how can i change server name?
<MTecknology> What do you guys think of this? http://pastebin.ca/1423111 - I'm going to build my own sexxy server. I don't think I'm missing any parts...
 * KaptenRodSkagg_ is away: Jag Ã¤r upptagen
<Wiseguy> hey guys, im lookin through my smb.conf file tryin to find where the default location for samba shares is located but cant seem to find it, does anyone know?
#ubuntu-server 2009-05-15
<huma> how about updating server guide url in the topic?
<wizardslovak> how to change hostname?
<jeiworth> wizardslovak: /etc/hostname and /etc/hosts
<wizardslovak> isnt there command for changing hostname?
<wizardslovak> i changed hostname in /etc/hostname and is still old when i type hostname -f
<huma> is php in 9.04 suhosin patched?
<jmedina> wizardslovak: use hostname command
<jmedina> hostname newhostname
<wizardslovak> can i change it to mail.domain.com?
<jmedina> wizardslovak: if you update /etc/hostname you need to run /etc/init.d/hostname.sh
<wizardslovak> ok i kinda dont get it
<wizardslovak> in my domain name register site i created MX record 0 on server1.domain.com and it worked
<wizardslovak> when i changed server1.domain.com to ip of my server i got error
<wizardslovak> "Forward Address is not RFC compliant."
<wizardslovak> do i need to run dns server ??
<wizardslovak> or i have to "register" my server  somewhere in order to  run mail server for my web site?
<Azodon> is there a way to change system host name after install?
<pmatulis> Azodon: yes
<Azodon> pmatulis : is there an easy menu? i also remember one time opening a menu and having the choice to install LAMP and other things
<Azodon> but can remeber
<Wiseguy> hey guys has anyone got a wireless card with a broadcom 4306 chip working before? im having some strange issues
<pmatulis> Azodon: don't know about a menu, just edit /etc/hostname (and maybe /etc/hosts) and reboot
<Azodon> hostname "newname"
<pmatulis> huh?
<Azodon> thats the command
<Azodon> hostname "new host name"
<Azodon> changed it instant
<pmatulis> you think that's going to help you?
<ssd7> Azodon: that will not be a permanent change though.
<Azodon> no? damn
<Azodon> ok i will edit files
<Azodon> thank you
<Azodon> pmatulis : tasksel was what i was thinking of
<Azodon> for the record i had to edit /etc/hostname then run script /etc/init.d/hostname.sh
<Azodon> thanks again for the right direction
<Wiseguy> hey guys if i need to run about 4 commands during startup, but i need it at the end of the startup process, where is the best place to add these commands?
<sommer> Wiseguy: /etc/rc.local
<slide> I installed ubuntu server about a week or 2 ago and i was able to SSH in fine before. I just tried to SSH in and its asking me for a password AND an authentication response which i have no idea what its supposed to be
<slide> never mind im an idiot
<omegamormegil> Greetings!  I'm thinking of trying my hand at setting up my first mailserver using the dovecot-postfix package in Jaunty.  I don't see any documentation on the new Jaunty stuff in the Ubuntu Community Documentation.  Is there a HowTo doc somewhere addressing the new mail server stuff in Jaunty?
<ball> Is there some way to ask Ubuntu Server what sound hardware is present?
<p_quarles> ball: lspci might show it; lshw (install it via apt-get) will be more likely to give you readable results
<wizardslovak> i think my logging system doesnt work
<wizardslovak> "nano mail.info" shows empty
<ball> It doesn't look as though Linux recognises the sound hardware.
<ball> hello Deevz
<ball> brb, kid's coughing
<Deevz> hello ball
<ball> hello pace_t_zulu
<pace_t_zulu> hell ball
<pace_t_zulu> hello
<pace_t_zulu> hello ball
<pace_t_zulu> 3rd time's a charm
<ScottK> wizardslovak: What packages do you have installed that you expect to write in that logfile?
<ball> Crap, that's two machines where I can't use sound.
<ball> I'm not batting too well.
<wizardslovak> ScottK: well postfix
<ScottK> wizardslovak: OK.  That writes in that file here, so that's a good start.
<ScottK> wizardslovak: How about mail.info.0 ?
<wizardslovak> ok i see some stuff
<ball> Okay, this thing supposedly has a Crystal Semiconductor CS4236
<ball> Can Ubuntu Server use that?
<ScottK> ball: I have a suggestion for you on how to do this ...
<ScottK> 1.  Install a desktop system on the machine and see if sound works.
<ScottK> 2.  Switch to the server kernel (leaving the desktop installed).
<ScottK> 3.  See if sound still works.
<ball> It's not practical for me to install a desktop on that machine
<ScottK> Not even for testing?
<ball> It only has 256 Mbytes RAM and 6.5 Gbytes disk space.
<ball> (all of which is dedicated to Ubuntu Server)
<ScottK> Xubuntu will run on that.
<ScottK> You could add xubuntu-desktop to your existing server and see if sound works in it
<ball> You think the server kernel just doesn't include sound support?
<ScottK> Sound in  server is not a common request so short of trying it, I think you're unlikely to get a good answer.
<ScottK> I suspect it does, but you lack some configuration magic.
<ball> I could try Xubuntu on that, but I'll have to wait until I'm in a position to move its contents elsewhere.
<ball> Oh well.
<ball> I have one machine where sound works and another where video works.
<ScottK> Xubuntu doesn't take a huge amount of space.  You could upgrade the existing install, not reinstall.
<ScottK> It'd just be sudo apt-get install xubuntu-desktop.
<ball> ScottK: that may interfere with the job it's already doing.  I'm not sure I can take that risk this month.
<ScottK> Ah.  I understand that.
<ScottK> Just offering a potential path forward since I doubt you'll get a lot of help here (due to it's an unusual request).
<ball> I suppose I should shut down the machine I'm sitting at and install a sound card in that.
<ScottK> wizardslovak: So how long ago is the last entry in mail.info.0?
<ScottK> Postfix may not have had anything to say since then.
<wizardslovak> may 13 7am
<ball> Oh well, back in about half an hour.
<ScottK> wizardslovak: I'd take a look at what's in there and see if it's looks likely anything is actually missing.
<angelleye> I've got Ubuntu 9 installed in a VM.  Last night I did a clean install of lamp and made some basic configuration changes.  Everything was running great and then I suddenly started getting an error when I tried to restart apache:
<angelleye> (13) Permission Denied: make_sock: Could not bind to address 0.0.0.0:80.
<wizardslovak> second week i am trying to get postfix running and cant
<angelleye> I rebooted a few times, I even restored the VM back to clean install and re-installed lamp.  I couldn't get it to stop happening.
<angelleye> Now today it's not happening.
<angelleye> no idea why
<angelleye> can anybody shed light on that for me?
<angelleye> When it was happening I could do apache2 stop and it would say OK, but the site would still load
<angelleye> restart would return that error
<angelleye> but again, the site would always load.  now today i sat down to try and trouble this some more...and it's not happening
<racecar56> how do i make a usb stick of ubuntu server correctly? it seems unetbootin dosent help
<racecar56> O_o
<ScottK> wizardslovak: What seems to be your problem with getting postfix running (what do you want it to do?)
<wizardslovak> well to receive outside mail
<twb> racecar56: just install to the USB key as if it were a disk
<racecar56> twb, sorry, i meant like i could install FROM it
<racecar56> twb, anyhow, i fixed the problem by using expert install
<ScottK> wizardslovak: OK.  I may be able to help you a bit (I'll be going to bed soon, I hope).  Where did you get stuck?
<wizardslovak> scott i gotta go
<wizardslovak> can you send me your email ?
<ScottK> wizardslovak: I'm generally around when it's work time in UTC -0400.
<wizardslovak> well i will be here tomorrow about same time
<ScottK> Feel free to ask when you have time.  If I have time then I'll be glad to help.
<wizardslovak> what do you see when you dig wizzy.us mx?
<wizardslovak> so problem is when i send mail from server to gmail i see message
<wizardslovak> when i reply to name@wizzy.us i dont get nothing back
<ScottK> server1.wizzy.us
<ScottK> wizardslovak: So you are at 24.184.56.146
<wizardslovak> yes
<ajmitch> it at least replies with a postfix banner on that address
<ScottK> Yep
<wizardslovak> i was trying to get postfix people to help me but they kind
<wizardslovak> why cant i receive mail?
<wizardslovak> should i install squirrelmail?
<ScottK> Since postfix is running and reachable, it's logs should tell the story
<wizardslovak> mail.info.0??
<ScottK> I just tried to connect to your server.  The attempt should be in your /var/log/mail.log
<wizardslovak> sudo nano /var/log/mail.log
<ScottK> You shouldn't need sudo to read logs
<wizardslovak> lol my fault
<wizardslovak> 7972 lines?????
<ScottK> Well that's where the story is
<wizardslovak> what am i looking for?
<ScottK> So try tail -f /var/log/mail.log then try to send yourself mail.
<ScottK> See what the log tells you.
<angelleye> I'm trying to edit network interfaces file for a static IP.  I'm following the guides I see but when I try and restart networking it says failed and can't read the interfaces file.  All of the samples I see seem to be tabbed over when they show address, netmask, etc.  Is there some special format I need?
<wizardslovak> i see "warning: valid_hostname: invalid character 47 (decimal):etc/mailname
<ScottK> wizardslovak: So now sudo nano /etc/mailname
<ScottK> What's in there?
<wizardslovak> server1.wizzy.us
<ScottK> Odd.
<wizardslovak> ??
<ScottK> ascii 47 is "/"
<jmarsden> ScottK: The char 47 is the / so the issue is that notehr config file has etc/mailname where it should have the actual server name itself.
<ScottK> jmarsden: Ah.  Good point.
<wizardslovak> so i am missing "/" somewhere
<ScottK> wizardslovak: Time to pastebin the output of postconf -n
<jmarsden> wizardslovak: Or you have a / where you should not have one...
<wizardslovak> http://pastebin.com/m59a91214
<jmarsden> Hmmm.  Does the /etc/mailname file have a trailing newline?  Maybe it needs one for postfix to recognize the contents???
<ScottK> Mine doesn't have it.
<wizardslovak> well mailname has only one line "server1.wizzy.us"
<wizardslovak> maybe i should erase it?
<ScottK> wizardslovak: I note in mydestination you have ,  , I doubt that's the problem, but please remove the extra comma, do postfix reload and try again.
<ScottK> wizardslovak: Don't start making random changes to your system.
<wizardslovak> ok
<wizardslovak> just asking
<ScottK> Fix mydestination first.
<wizardslovak> ok done
<wizardslovak> fixed and restarted
<wizardslovak> i got itt
<wizardslovak> heheh
<wizardslovak> i see message from my gmail account
<jmarsden> wizardslovak: So it is now working fine?  No more warnings in the log file?
<wizardslovak> let me check log
<wizardslovak> "tail -f /var/log/mail/log" may 14 22.33.00 ubuntuserver postfix master[32059]: terminating on signal 15
<wizardslovak> exit
<ScottK> That's from when you reloaded
<ScottK> Nothing unusual there
<wizardslovak> okk
<wizardslovak> thanks scott
<wizardslovak> one more think
<wizardslovak> can i access email in web?
<wizardslovak> something like google or yahoo has?
<jmarsden> You can add a webmail client to your web server.  squirrelmail or horde or roundcube or... plenty of choices...
<wizardslovak> ok
<wizardslovak> if i want to add second email to adress where should i add user?
<wizardslovak> i mean ok my email is wizardslovak@wizzy.us , what if i want luke@wizzy.us?
<ScottK> wizardslovak: If you want to learn about Postfix setup and running a well configured mail server, go get yourself a copy of "The Book of Postfix".
<wizardslovak> i am waiting for couple books
<wizardslovak> postfix,ubuntu server, apache and mysql
<angelleye> when running commands from the command line, sometimes samples show the use ' or " but when I try and type that into the command line it won't work
<angelleye> what am I supposed to use there?
<jmarsden> wizardslovak: If you want to alias luke@ to an existing account, edit /etc/aliases
<jmarsden> angelleye: What sample command are you referring to -- link please?
<angelleye> http://www.howtoforge.com/perfect-server-ubuntu-9.04-ispconfig-2-p5
<angelleye> the stuff about postconfi -e 'smtpd_sasl_localdomain...
<jmarsden> Those are single quotes and should work as such.  But double quotes (in that particular case) should also work.
<jmarsden> Just use the same kind of quote at both ends of the string :)
<angelleye> well, i can't type any type of quotes into the command line, though
<angelleye> it pauses for a moment and then gives me a bad "bleep" sound
<jmarsden> huh?  What language keyboard do you have???
<angelleye> it's just a regular us keyboard
<angelleye> in ubuntu terminal when I type a ' or " nothing comes up
<jmarsden> The the quite key shoul dwork fine to enter quote marks... the one to the left of the ; key, to the right of the Enter key...
<angelleye> uh...to the left of my ; is the L key
<angelleye> which is standard...that's the home row.  i'm confused.
<jmarsden> Sorry, I said that backwards :|  to the right of ; and to the left of Enter
<angelleye> ok, well yeah that's just ' or "
<angelleye> that's what i'm trying to use
<jmarsden> Yes.  OK.  Then something unusual is acting on those keys.  That is not how Ubuntu shells should work.
<angelleye> i'm running in a VM.  you think it could have something to do with it?
<jmarsden> Are you typing on a local shell terminal window -- Gnome Terminal or something?
<angelleye> yeah i'm in gnome terminal
<jmarsden> Ah.. maybe.  try in a Terminal window on the host OS instead and see if that works better?
<angelleye> the host OS is what i'm typing in here.  ' " work just fine
<angelleye> i've got ubuntu installed in vmware
<jmarsden> Then there seems to be some sort of VM keyboard driver/config issue.
<angelleye> and i've just got it open with gnome loaded and a terminal window open
<jmarsden> Maybe ask in #ubuntu-virt about that?  I use virtualbox-ose and do not have that issue... but I don't know enough about vmware to trubleshoto it.
<angelleye> ok i'll check it out.  thanks
<jmarsden> No problem.
<wizardslovak> ok now i am playing with squirrelmail
<wizardslovak> i installed it and configured http://flurdy.com/docs/postfix/#config-extra-webmail
<wizardslovak> but when i do mail.wizzy.us i am getting error "domain not found"
<jmarsden> do you have a machine in the DNS called mail.wizzy.us -- I do not see it...
<wizardslovak> you mean MX record?
<wizardslovak> or A record?
<jmarsden> I don't see either one, I checked with dig mail.wizzy.us a and with dig mail.wizzy.us mx   -- both return an NXDOMAIN error
<ScottK> jmarsden: The mx is server1.wizzy.us
<ScottK> And with that, I'm off to bed.
<jmarsden> Then why did you use mail.wizzy.us ?  Be consistent :)
<jmarsden> Goodnight ScottK
<wizardslovak> thank you scott and good night
<wizardslovak> jmarsden:  well i tried mail.wizzy.us
<wizardslovak> but error domain not found
<wizardslovak> although when i type server1.wizzy.us i see my site
<jmarsden> Right.  You do not have a machine named mail.wizzy.us on the INternet at present.
<wizardslovak> no
<wizardslovak> hostname is server1.wizzy.us
<wizardslovak> name of server
<jmarsden> so using the name mail.wizzy.us is not likely to work.
<jmarsden> It is not *supposed* to work :)
<wizardslovak> no
<wizardslovak> it doesnt
<jmarsden> OK.  When you said "but when i do mail.wizzy.us i am getting error "domain not found""  I took that as a request for help to get that to work, that you were surprised by the error... now I'm just confused about what you are trying to do!
<wizardslovak> ok
<wizardslovak> i installed squirrelmail , and in howto says i should login with mail.wizzy.us
<wizardslovak> i even tried wizzy.us/squirrelmail
<wizardslovak> "The requested URL /squirrelmail was not found on this server."
<jmarsden> You installed squirrelmail where?  And you your DocumentRoot set to what in your apache config...
<wizardslovak> i cant find document root
<jmarsden> Then you are in trouble... where are the files your web server serves? :)
<wizardslovak> i used this howdy http://flurdy.com/docs/postfix/#config-extra-webmail
<wizardslovak> in wizzy.us folder
<jmarsden> and did you install squirrelmail into that same place?
<wizardslovak> no
<jmarsden> Then why would you expect the web server to be able to find squirrelmail when you installed it somewhere you did not tell the webserver to serve? :)
<wizardslovak> upps
<wizardslovak> how can i fix it?
<jmarsden> I do not think your howto for webmail matches what you did to set up your apache.
<jmarsden> Make the two things consistent.  Either set the web server to serve the default DocumentRoot, or else move the squirrelmail stuff to the a folder called squirrelmail in your wizzy.us folder, and change the config to match that approach.
<wizardslovak> ok i know where squirrelmail is
<wizardslovak> just copy it into /var/www/wizzy.us?
<jmarsden> You can try that... it's not ideal, but... it may work.
<wizardslovak> or maybe i can show apache where to look for squirrelmail
<wizardslovak> without copying folder into web folder
<jmarsden> That is probably the better approach.
<wizardslovak> it should be in apache2.conf or in 000-defauult?
<ball> Bed time.
<jmarsden> Probably in the virtualhost stuff, so in 000-default if that is where you set that up.
<jmarsden> If both squirrelmail and the wizzy.us stuff are under /var/www you might be able to set up a symlink in /var/wwww/wizzy.us that points to wheresquirrelmai is, and the configure your virtualhost to follow symlinks.
<wizardslovak> i see
<wizardslovak> i am in 00-default
<wizardslovak> where should i put that /etc/squirrelmail?
<wizardslovak> i see /var/www/wizzy.us
<jmarsden> I think you need to read that Apache book so you better understand what is going on first?  No, /etc/squirrelmail is not where you want to symlink to, as far as I know at least...
<jmarsden> I should be going to bed too...
<wizardslovak> ok man thank you then
<wizardslovak> hihih
<wizardslovak> one more think
<wizardslovak> when i go wizzy.us/squirrelmail/index.php it works
<MeXTuX> I have an old PC (Pentium III 500 MHz with 96 MB RAM and 10 GB HD) and want to install a command line system in order to set up a proxy server. I have a classroom with 20 PC's and want to use the old PC as a proxy server. Is this hardware suitable to accomplish this??
<logist> yes but hd is small for proxy
<MeXTuX> somebody told me that it would be better if I try with a light distro. I think getting a bigger disk is not an option to me because I won't get the money :) So should I try with a light distro instead??
<Piet> MeXTuX: https://help.ubuntu.com/community/Installation/SystemRequirements#Absolute minimum installation
<angelleye> I've just installed proftpd and I'm trying to get logged into it.  I can connect and it asks for a username and password but apparently I don't know how to configure un/pw's.  I thought it would just use the user account that's created in my passwd file and use that home directory as well..??
<angelleye> Everything I'm readaing says that should work, but then you could also create virtual users as well
<khermans> angelleye, http://www.ubuntugeek.com/settingup-an-ftp-server-on-ubuntu-with-proftpd.html
<angelleye> khermans:  i've gone through that but it doesn't say much about user creation.  i've got it installed and working.  it's just not accepting my logins.
<angelleye> it picks up when I connect to the ftp server, though
<angelleye> it says by default users can ftp into their home directories
<angelleye> that's not working
<khermans> http://ubuntuforums.org/showthread.php?t=79588
<khermans> angelleye, are you sure the service listening is Proftpd ?
<angelleye> yup, i've had that one open too.  in fact that's the "old" one
<angelleye> there's a link at the top to a more udpated version
<khermans> angelleye, do you see a banner saying so?  and you sure it is the right ftp server that you ocnfigured that you are connecting to?
<angelleye> and that's the one I was going by.  everything i read says that by default you should get access to your home directory
<angelleye> then it breaks down how to create virtual users and virtual hosts, etc.  but i don't needd that
<angelleye> i just wnat to access to my home directory for the system user like it says i should have
<angelleye> whoops, you did send the newer one, sorry
<angelleye> but still...the default stuff doesn't seem to be working and that's all i need.
<angelleye> grrr...i just keep getting login incorrect
<angelleye> i've double checked the /etc/passwd file to see if the user is in there and it is, as it should be
<angelleye> and everything in all these guides says that's what it uses by default
<khermans> angelleye, try vsftpd instead
<twb> vsftpd is by far the nicest FTP server.
<macno> hi all , I need to modify apparmor.d/usr.sbin.slapd to permit to read my certs
<macno> or do I have to put certs in another directory?
<macno> ok, solved thanks
<khermans> macno, you would just allow the read() calls to the dir you want
<macno> khermans: yes I do that
<Hamzifer> hi, is there an easy way to build a deb from the trunk of a launchpad project (ie, to get the latest code rather than waiting for the next release)
<jmarsden> Hamzifer: define "easy".  If you are comfortable with using bzr builddeb ... use it :)
<Hamzifer> i didnt know about bzr builddeb, will look into that, thanks
 * Hamzifer has his first foray into the world of bzr
<Hamzifer> hmm, keeps complaining about wanting an upstream tarball
<Hamzifer> of a release version that hasn't been released
<Hamzifer> ah, think i've found a bug report and workaround
<Hamzifer> kirkland: dunno whether this is relevant to your trunk or bzr-builddeb in hardy, but i couldn't builddeb your latest byobu source, bug 309335 had a workaround for me though that worked
<uvirtbot> Launchpad bug 309335 in bzr-builddeb "Should either accept options with no section in config files, or warn about them" [Medium,Fix committed] https://launchpad.net/bugs/309335
<Hamzifer> kirkland: (yep, i'm now struggling to use screen without one of your profiles running, heh! only took 3-4 days of regular usage to become invaluable, good job!)
<Hamzifer> kirkland: and i saw you'd committed a fix to the hardy bug, and being impatient... :)
<Blinkiz> Hi. Am using kvm virtualization and have started to use centos as a couple of quests. As you may know, centos uses 1000Hz in kernel instead of 100Hz that Ubuntu does. Also, asterisk timing clock zaptel (ztdummy) wants 1000Hz from kernel. So am thinking about raising this in Ubuntu server kernel. What is the downside of this?
<Blinkiz> guest
<Blinkiz> With centos 5.2+ its possible to use the "divider=10" grub kernel line. It works great. But it does not solve my angry ztdummy that comes with asterisk. So because of this, am thinking about raising CONFIG_HZ parameter from 100 to 1000. Any downsides?
<uvirtbot> New bug: #329974 in system-config-printer (main) "SIGSEGV in _nss_dns_gethostbyname2_r() browsing Samba printers, i386 only" [Medium,Confirmed] https://launchpad.net/bugs/329974
<uvirtbot> New bug: #361629 in system-config-printer (main) "print configuration crashed while adding printer (dup-of: 329974)" [Medium,New] https://launchpad.net/bugs/361629
<uvirtbot> New bug: #359088 in system-config-printer (main) "system-config-printer.py crashed with SIGSEGV in _nss_mdns4_minimal_gethostbyname2_r()" [Medium,Triaged] https://launchpad.net/bugs/359088
<uvirtbot> New bug: #367042 in system-config-printer (main) "with trial cd, tried to browse for a windows xp printer (dup-of: 359088)" [Medium,Triaged] https://launchpad.net/bugs/367042
<al_paun> Hi everybody
<al_paun> Please, can anyone help me to configure a backup internet connection to activate automaticaly if the main internet connection is down?
<soren> can you provide a bit more context and perhaps say a bit about your expectations from this?
<al_paun> Sure
<a_ok> al_paun you want linux to do spanning tree for you?
<al_paun> spanning tree?
<al_paun> don't know the term
<al_paun> ok let me explain what is my problem
<al_paun> I have two internet connection on a ubuntu server. What i need is to configure the the two connections to switch automaticaly between if the one is down
<al_paun> there is one which is main (eth1)
<macno> al_paun: which type of "internet connection"?
<a_ok> al_paun: http://en.wikipedia.org/wiki/Spanning_tree_protocol
<al_paun> two broadband connections. One is main and one backup
<macno> al_paun: ok, so you have the default route on eth1
<al_paun> yes
<al_paun> and eth2 is the backup one.
<al_paun> eth0 is internal network
<macno> al_paun: you can first try adding a second 0.0.0.0/0 route with higher metric on eth2
<al_paun> ok
<al_paun> can you please tell me what gateway to add for the route and how to set the metric?
<al_paun> i'm not realy a guru  in ubuntu :P
<macno> al_paun: eth1 and eth2 use dhcp?
<al_paun> no.
<al_paun> they are static ip
<tadeu_> guys, how can i install a bigmem kernel in ubuntu ?
<macno> al_paun: the gateway is your router ip address
<al_paun> ok, what about metric?
<macno> al_paun: please pastebin `route -n` output
<tonyyarusso> I thought the server kernel already had bigmem these days?
<macno> al_paun: btw you could add +100 to the current metric .
<al_paun> ok i have eth1 configured like this address 217.156.27.163 gateway 217.156.27.161 netmask 255.255.255.224
<al_paun> and eth2 is 10.0.0.1 gateway 10.0.0.138 netmask 255.255.255.0
<macno> al_paun: with route -n you can see the current metric
<al_paun> the two connections are not yet plug in the computer. I'm upgrading to ubuntu from a gentoo I can paste for you the information available in gentoo for route -n for the server that has plug in the connections. and also the route -n for the current server.
<al_paun> 217.156.27.160  0.0.0.0         255.255.255.224 U     0      0        0 eth1
<al_paun> 10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth2
<al_paun> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
<al_paun> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
<soren> You have this already working under Gentoo?
<al_paun> yes
<al_paun> but the server is old
<al_paun> and needs replacement
<soren> Well, how'd you do it? Just use the same mechanism under Ubuntu. No need to reinvent the wheel, if what you have works.
<al_paun> it wasn't made by me.
<al_paun> this server is in production and it's old and get overloaded all the time
<al_paun> currently the route on the new server is
<al_paun> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
<al_paun> 0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
<codeshepherd> what are the advantages of using ubuntu over debian on a server ?
<ScottK> It kind of depends on what you are using it for.
<ScottK> For our LTS releases there is a (probable) longer support window in Ubuntu.  Debian is aiming for releases every 18 months and oldstable gets a year of support, so nominally Debian releases are supported for 2 1/2 years.  Ubuntu LTS releases are supported for 5 years on the server.
<codeshepherd> nginx + php + memcache + mysql  ScottK
<macno> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<ScottK> I little out of my area of focus, so I don't know specifics.
<ScottK> If you need a release with mysql 5.1, then it is (community supported) in Ubuntu Jaunty.  Debian doesn't have such a release at all yet.
<codeshepherd> ScottK:  oh.. thats great
<VK7HSE> NOOB Qestion!   But is there any benefits to mysql 5.1 over 5.0 ???
<ScottK> Dunno.
<ScottK> I'm guessing the mysql developers wouldn't have released something new if they didn't think it was better.
<VK7HSE> other than it being newer, and in universe! true!...
<ScottK> codeshepherd: Also for Karmic we are planning on extending our apparmor work to make it relatively easy to contain PHP applications so it's easier to keep your system more secure internally.
<ScottK> That's future work though, so no promises.
<codeshepherd> ok ScottK
<ScottK> Debian uses selinux which means you either need to use exactly their supported use case, be an SE linux guru, or turn it off.
<VK7HSE> he, he... I finally got my head around UFW tonight!...  (previously was using shorewall!) :P
<ScottK> Apparmor is substantially less admin hostile.
<codeshepherd> ubuntu server edition has different release names ?
<macno> codeshepherd: no
<codeshepherd> ok macno
<VK7HSE> No! as the Ubuntu release name goes across all variants...
<ScottK> codeshepherd: Ubuntu server is in the same repositories as the desktop flavors.  There is a different kernel and a server specific ISO, but it all comes from the same archive.
<reenignEesreveR> I am having a weird problem. I have two servers on one of which my ssh keys are working perfect. I copied ~/.ssh/authorized_keys2 (it has two public keys) to the other server. Weirdly the other server doesn't worked well with the copied keys; it only authenticates with one of the keys in auth_keys2 files. Any idea how to diagnose the problem?
<W8TAH> good morning folks - -wee bit of a crisis here -- tried to log into a samba server this morning and couldnt get to the shared directory -- logged in via putty -- tried to CD to the directory -- was told input/output error -- rebooted the box and now its come up in a maint shell saying to fix the file system manually
<W8TAH> its running 8.10 and ext3
<W8TAH> need some help to work through this please
<W8TAH> kinda in a place ive never been before
<macno> reenignEesreveR: take a look at /var/log/auth.log
<W8TAH> the fsck log says that its unable to resolve one of the UUID's (big long number)
<Onbekend6> i need some help
<Onbekend6> can some one help me?:) plz
<maxb> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Onbekend6> im traying to edited the Makefile and changed x86_32 to x86
<Onbekend6> whats the cammondo
<W8TAH> good morning folks - -wee bit of a crisis here -- tried to log into a samba server this morning and couldnt get to the shared directory -- logged in via putty -- tried to CD to the directory -- was told input/output error -- rebooted the box and now its come up in a maint shell saying to fix the file system manually
<Onbekend6> edited the Makefile and changed x86_32 to x86
<Onbekend6> how to do that?
<Onbekend6>  agian im traying to edited the Makefile and changed x86_32 to x86
<W8TAH> Onbekend6: cant you open it in vim and change the value?
<Onbekend6> no
<Onbekend6> becouse its inside xen server
<W8TAH> then i have no idea -- i dont normally mess with makefiles
<W8TAH> im sorry
<Onbekend6> i use the 64bit
<Onbekend6> and the file is 32bit
<maxb> W8TAH: Sounds like a bad disk
<Onbekend6> hmmm i just need the command to change die file name
<reenignEesreveR> macd__, auth.log gives "Public key [blablabla] blacklisted (see ssh-vulnkey(1))" ... where do i get the details from?
<W8TAH> maxb: ok.... any chance to recover data off it?
<maxb> No idea... you're the one with the disk
<W8TAH> maxb: ya -- i know - -just not sure how to proceede here --
<W8TAH> never had this happen before
<reenignEesreveR> macno, auth.log gives "Public key [blablabla] blacklisted (see ssh-vulnkey(1))" ... where do i get the details from?
<maxb> reenignEesreveR: What details?
<ScottK> reenignEesreveR: Did you see man ssh-vulnkey?
<reenignEesreveR> maxb, ssh-vulnkey(1) <---
<ScottK> reenignEesreveR: The short answer is you need to remove that key from the other machine right away.
<maxb> Oh, word(digit) is a standard form of reference to a man page, so do as ScottK says
<reenignEesreveR> ScottK, any pointers to why this is so?
<ScottK> Did you read about the Debian/Ubuntu openssl vulnerability last year?
<ScottK> reenignEesreveR: Your key is one of the bad one unless I'm completely misreading that.
<reenignEesreveR> ScottK, yes. But I'm amazed that my other server hasn't given any panic situation :(
<ScottK> Does it have openssl-blacklist installed?
<ScottK> I think that's the package name.
<maxb> openssh-blacklist
<ScottK> Yeah.  That one.
<ScottK> Thanks.
<maxb> (But there's an openssl-blacklist as well. And an openvpn-blacklist IIRC)
 * ScottK loses track
<ScottK> I actually had all my vulnerable keys replaced before the detection tools were released.
<jdstrand> http://www.ubuntu.com/usn/usn-612-* has details
<macno> reenignEesreveR: your other server is ubuntu? if yes, when you last run apt-get update?
<W8TAH> my system is reporting that an Inode has some errors -- FSCK exited with an error code 4 (errors left uncorrected) it opened a maint shell and said to run fsck manually -- when i try to do so it yells about running it on a mounted disk
<W8TAH> need some help walking through this --
<W8TAH> the errors are occuring in my LVM group
<ScottK> W8TAH: Do you have physical access to the machine?
<W8TAH> sure do -- its just across the room from me
<ScottK> W8TAH: I'd suggest use a live CD, boot into the live CD and then fsck the drive from that session.
<W8TAH> ok - never done this before -- how do i specify the drive from the live cd session?
<W8TAH> im assuming im going to select the fix a broken system option
<ScottK> W8TAH: No, you're going to run a regular live CD session.
<macno> W8TAH: how many drive do you have?
<ScottK> Sorry, explaining the details would take more time than i have.
<W8TAH> there are 2
<W8TAH> ok - thanks scott
<W8TAH> macno: use a server CD or a regular ubuntu cd -- this is a server box with LVM2 configured
<macno> W8TAH: live CD  is in desktop cd (not alternate)
<W8TAH> macno - ok  -- the server is 8.10 and i currently have a 9.04 live cd -- will that matter or should i download an older live cd?
<W8TAH> (im probably asking too many questions -- but i want to be careful here)
<macno> W8TAH: you have only to run fsck, you can use the 9.04
<W8TAH> ok -- thank you - -let me get it going - im sure i'll be back with questions :D
<reenignEesreveR> macno, last apt-get update was around 4-5 months ago
<macno> reenignEesreveR: really strange openssh-blacklist rdepens on openssh-server . should be installed if you have openssh-server package
<ScottK> macno: It depends on the release.  In later releases it was dropped to suggests.
<henkjan> hmm, default serverinstall blanks the console after x minutes
<henkjan> so, when a server crashes i can't check out why it was failing
<macno> ScottK ah ok, I have on 6.06 and 8.04 and blacklist depends on server
<ScottK> Yeah.  It was dropped later for CD space on the theory that everyone would have cleaned things up already.
<yeason> I've installed and I'm working on configuring ircd-hybrid, is there somebody here who could help clarify a few things from the ircd.conf file. I want to make sure I get this setup right
<reenignEesreveR> macno, i now manually installed openssh-blacklist package ... how do i make sure that whenever i do apt-get update all the security patches get installed automatically?
<ScottK> !ask | yeason
<ubottu> yeason: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<yeason> sorry... lol, its early here. I guess I was asking if anyone was familiar with it... basically I'm to the operator portion of the conf file. for the line user = "user@127.0.0.1" I'm wondering if the correct context to allow the operator 'user' to login from anywhere would be "user@*"?
<yeason> also for the listen block, it comes default with a bogus IP entered for 'host'. looking around I've  noticed that others just comment this out. this basically will allow the server to listen on all interfaces right?
<W8TAH> yeason - -in honesty -- you will probably have more luck in their channel or e-mail support list
<LHC> hey
<LHC> anyone one a thing or two about hosting
<yeason> W8TAH: yea... unfortunately their forums aren't resolving and there's 3 unresponsive people in their irc channel ><
<yeason> thanks anyway =)
<al_paun> I don't have in /etc/init.d/ the file iptables
<LHC> i want to sell hosting from a dedicated server I have
<ScottK> al_paun: Is there a reason you expect it to be there?
<LHC> im trying to figure out how to include php, subdaomains etc for each user
<al_paun> i've installed a new server and the file iptables is not there. I wanted to restart the iptables service using /etc/init.d/iptables restart but couldn't
<SFauconnier> what would be good software to make a bittorrent box out of my server?
<W8TAH> yeason: ok - i understand
<SFauconnier> rtorrent?
<LHC> rtorrent yes
<LHC> i use that with wtorrent
<LHC> webui
<SFauconnier> ok, thanks LHC :)
<ScottK> al_paun: Ubuntu server doesn't by default use iptables directly.  We provide a front end called ufw.  I'd look into that.
<macno> I have a virtual ubuntu server 8.04 into an esx . I added a new 200gb disk from VC but ubuntu does not see it.. do I *really* need to reboot??
<jmedina> macno: what about fdisk -l?
<jmedina> is it listed there?
<jmedina> any info in dmesg output?
<macno> jmedina: no nothing..
<macno> reboot -_-'
<maw> general compile question... when I run ./configure and then I get a message like "configure: error: You MUST have the libxml2 (aka gnome-xml) library installed" and libxml2 is already installed. How can I check to see where ./configure is looking? I didn't see anything specific in the script
<maw> I have libxml2.so.2 in /usr/lib/
<macno> maw: I think you need -dev
<maw> ya
<maw> The following packages have unmet dependencies:
<maw>   libxml2-dev: Depends: zlib1g-dev but it is not installable or
<maw>                         libz-dev but it is not installable
<maw> heh
<maw> I had everything except security commented out for apt
<maw> will try again
<maw> yarrrr works
<macno> maw: fine
<SFauconnier> I have a newbie question:: I've configured fluxbox and opened up a range of ports with ufw.. "ufw allow xxxx:yyyy/tcp" should suffice, right?
<SFauconnier> because it seems really slow
<ssd7> I have a drive that won't seem to mount on boot; however will mount a few seconds after boot is finished via sudo mount -a.  It is listed in my /etc/fstab using it's UUID.  However for some reason it's uuid never come up when I run blkid is there when I run ls /dev/disk/by-uuid.  I can't seem to get any traction on this issue, any ideas?
<ScottK> ssd7: Could it be related to Bug 290153?
<uvirtbot> Launchpad bug 290153 in linux "Fails to find boot device in Intel D945Gnt" [High,In progress] https://launchpad.net/bugs/290153
<ssd7> ScottK: Not sure. I'll read that bug report and see.
<ScottK> Be prepared for a long read
<ssd7> This seems like it /could/ be it.  I'm thinking I will have to just go and get a monitor connected to it so I can see what /etc/init.d/mountall.sh is actually saying on boot.
<ssd7> Could it have something to do with this: iTCO_wdt: failed to reset NO_REBOOT flag, reboot disabled by hardware
<ssd7> Also, the drive mounts fine on reboot.
<ssd7> Just now when I poweroff and then boot it
<ssd7> s/now/not
<PrimusAvatar> Hello there, I'm having trouble installing ubuntu server edition 9.04 on my old computer (490MHz, 64MB-RAM, 10GB HDD) I't has a weird bug on the "Partition Disks" step. Instead of offering options its says "????"
<PrimusAvatar> is it version related or does it have something to do with NTFS system?
<W8TAH> ive got a server running 8,10 -- im having problems with lvm access -- and its got messages scrolling on the screen that start with ATA4.00
<W8TAH> im guessing some kind of drive problem
<W8TAH> anyone able to take a stab at the solution?
<ScottK> PrimusAvatar: It's not going to run on 64MB of ram.
<PrimusAvatar> it says 32mb is enouh :(
<PrimusAvatar> enough*
<ssd7> OK.  Well adding rootdelay=300 does nothing to help the situation.  But when fsck kick in for sda1 then the other drive mounts fine.  Otherwise it says ntfs-3g: Failed to access volume /dev/dist/by-uuid/<UUID>: No such file or directory
<ScottK> PrimusAvatar: Where does it say that?
<PrimusAvatar> on the "F1: Help" when i run the instalation
<PrimusAvatar> besides, i ran a memory check and its says that it's fine
<W8TAH> PrimusAvatar: memory check validates that your memory is functional
<PrimusAvatar> ofcourse im aware that the recommended memory specs are ~190MB RAM but I'm aiming for the minimum requierments
<W8TAH> PrimusAvatar: you are way under them
<PrimusAvatar> oh, i guess i've been using wrong guides then... thanks anyway.
<ssd7> well, adding sleep 5 to mountall.sh seems to be a temporary workaround
<ssd7> ScottK: Thanks for the help.
<ScottK> ssd7: You're welcome.  Please comment in the bug about your issue and how you worked around it.
<jjjren_irc> Hello everybody. I just deleted an user account by mistake, is there any way that I can reinstate the account?
<Hecate> jjjren_irc, man useradd.
<jjjren_irc> Hecate thanks for the tip..
<Hecate> youre welcome, if you need any further help, just let me know.
<yann2_> nijaba , soren , one of you around?
<yann2_> May 15 22:17:01 nancy kernel: Cannot read proc file system: 9 - Bad file descriptor.
<yann2_> May 15 22:17:32 nancy last message repeated 4762658 times
<yann2_> May 15 22:18:33 nancy last message repeated 9601836 times
<yann2_> syslog killing my server i am worried /o\
<yann2_> damn killing 6 months uptime :(
<Yann2> dd         5017   root    0r      REG                0,3          0 4026531849 /proc/kmsg
<Yann2> mmmh.
<matt1211> If I have an external harddrive plugged into a router, how can I mount it on my ubuntu 8.4 server? I have been having trouble with this.
<incorrect> mattt, fdisk -l should find you the drive
<incorrect> then mount -t <fs type> /mnt/some mount point
<ivoks> heh... ubuntu karmic desktop as it is now is way much better than jaunty was, at least for me
<ScottK> What got better?
<ivoks> xorg
<ivoks> sqlite
<incorrect> i want a wiki that encrypts its data on the hard drive, does anyone know of one?
<ScottK> ivoks: Ah.  Makes sense.
<ivoks> it's like a fresh air
<incorrect> so the new xorg is already much better than 9.04?
<ivoks> i have intel, so i don't know for others
<ivoks> but, intel in karmic is - wow
<ScottK> That's what I have too.
<ScottK> Does bryce have the same stuff in his X PPA?
<ScottK> I may have to try it.
<incorrect> my desktop is really fast, its got a 8800 nv, my laptop has a nv quatro2go, its not to hot
<ivoks> i used http://ppa.launchpad.net/ubuntu-x-swat/x-updates/ubuntu
<ivoks> but karmic is much better
<ScottK> Hmm.  Ok.
<incorrect> i wish 8.04 64bit worked with core i7
<incorrect> oh well i guess all i really need to do is sync openldap
<cellofellow> May 15 22:02:45 desertrats sshd[26492]: error writing /proc/self/oom_adj: Operation not permitted
<cellofellow> what does that mean?
<cellofellow> I get that when a friend tries to log in to ssh on my VPS.
<cellofellow> I can log in just fine.
<ivoks> someone had similar problem once
<ivoks> anyting in /etc/security/limits.conf?
<cellofellow> looking...
<cellofellow> nothing but comments
<ScottK> cellofellow: Password or public key?
<cellofellow> pubkey
<ScottK> What does your auth.log have to say about it?
<cellofellow> I pasted the line from the log file.
<ScottK> Which logfile?  /var/log/auth.log?
<cellofellow> Before it was saying account locked but I put a password on it and that went away, but he still can't login, getting the oom thing.
<cellofellow> yes
<ivoks> http://groups.google.se/group/linux.debian.bugs.dist/browse_thread/thread/9f2d1a4334368dc8
<ScottK> cellofellow: Might http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473573 be relevant
<uvirtbot> Debian bug 473573 in openssh-server "openssh-server: oom_adj tweak in init.d prevents upgrade inside vserver" [Normal,Fixed]
<ivoks> unset SSHD_OOM_ADJUST in /etc/default/ssh
<ivoks> just comment it out
<cellofellow> k
<ivoks> and restart ssh
<NativeAngels> hello ive setup proftpd but im gettin permisions error. the user can download files to a folder but when they want to upload them theyre getting a permisons error how do i fix this
<ivoks> fix the permissions
<NativeAngels> how do i set the right permisions
<ivoks> good night ;)
<NativeAngels> ok
<ivoks> NativeAngels: well, add write permissions to the directory
<ivoks> take care
<cellofellow> ivoks: did that but he still can't get in.
<cellofellow> same error
<cellofellow> May 15 22:28:00 desertrats sshd[13629]: error writing /proc/self/oom_adj: Operation not permitted
<phaidros> I try to make a quick backport using prevu (on hardy), but I cannot get 'prevu screen-profiles/jaunty' running ..
<phaidros> I have added the jaunty deb-src to the sources.list, but "dpkg-source: error: cannot open .dsc file ./*.dsc: No such file or directory"
<phaidros> shouldn't prevu go and fetch the .dsc by itself?
<nfrs> I've got a weird situation with sshfs and fstab. will be grateful for any help. I've configured the mounting via the fstab. all seems to be well, except that my regular user can't access anything below the mount point (permission denied). this is weird, because "sudo stat" shows my user/group as owner
<phaidros> -o allow_others .. not sure, but sounds like
<nfrs> there's sensitive stuff on that FS, I don't want other users to access it
<phaidros> or was this only an issue with fuse .. can'T remember ..
<nfrs> I'm talking about fuse (sshfs)
<phaidros> ah sure .. yes
<nfrs> but allow_others doesn't fit
<shipitkthx> i have Jaunty server running on a hosted VPS, and Jaunty desktop on my local system, is it possible to install Gnome on the VPS and remote desktop in?
<phaidros> imho, it was allow_others, because some weird sshd stuff
<phaidros> shipitkthx: I don't see why not :)
<nfrs> phaidros: I don't want "others" to read my private keys that are stored on that FS
<phaidros> nfrs: I understand that, but as far as I know (read from docs in the wiki/forums) a problem with fuse it is
<phaidros> nfrs: try to sshfs with the username who should access the data later on.
<phaidros> afaik it *must* be the same, if not even by uid
<nfrs> what do you mean?
<nfrs> set uid=xxx option?
<nfrs> if yes, it's already set
<shipitkthx> phaidros: i havent tried installing gnome on a system i dont have in front of me, should it be pretty straight forward over ssh?
<phaidros> uh, not sure. just having ftpfs in mind, cannot remember sshfs fstab line, but isn't there #sshfs:user@host something?
<nfrs> yes
<phaidros> shipitkthx: u juast install the packages, how to access that later on I don't know
<shipitkthx> ty
<phaidros> nfrs: so the user who is mounting the sshfs is the same (by name & uid) locally and remote?
<phaidros> thinking about it: setting uid might be an option as well ..
<nfrs> phaidros: ah, I got your point. no, they are different in both
<nfrs> hmm, I might really try it, who knows..
<nfrs> I did set the uid
<phaidros> nfrs: then I believe it is a fuse limitation which can only be circumvented by allow_others .. at least that was the result of my research these days :(
<phaidros> or uid .. that I didn't try
<nfrs> phaidros: I don't have admin rights on the remote server. but perhaps I can set up a stub user at my local machine with the same name and uid as remote
<phaidros> nfrs: yep, I'd try that
#ubuntu-server 2009-05-16
<joe-mac> i'm revisiting preseeding software raid, has anybody successfully done this? this guy http://blog.bitpusher.com/2009/04/27/preseeding-ubuntu-8042-lts-with-software-raid/ claims he has, but his preseed fails to parse because of one obvious error, and the other i can't quite figure out why it's failing. it actually fails in the same place mine does that looks like it should be right.
<Andre_Gondim-afk> hi everyone, I am trying to install ubuntu 8.04.2 at virtual box, but always I recive the message about a problem with the kernel..
<LHC> what would u pay for a dedi server, 100mbit unlimited traffic?
<slide> How do I get my network card to auto get an ip address? right now each time I boot i have to manually called dhclient eth0
<foxbuntu> slide, sudo nano /etc/network/interfaces
<slide> auto eth0 ?
<foxbuntu> slide, yup
<slide> thanks
<mixedrink> is there a console software package that will allow me to manage backup routines using a list, xml document, csv file, etc? i find plenty of gui apps, but none for console.
<twb> mixedrink: a list couldn't contain adequate information, unless it was a list of tuples.
<mixedrink> twb: define tuples please
<twb> rsnapshot is lightweight backup infrastructure; heavyweight stuff is amanda/bacula.
<mixedrink> twb: awesome, thank you
<tonyyarusso> bacula appears awesome, but I still can't configure it quite right.
<teapot> Hey guys. I'm using Unix Authentication on my pure-ftpd server and would like to chroot to a directory outside of the user's home directory. Do you guys know if that can be done?
<al_paun> Hello everybody
<al_paun> i have a question ...
<al_paun> i have two internet connections on broad band 1 is master and 2 is backup ... i've configured the ip route but when I unplug one of the modem the connection doesn't automaticaly switch to the second connection
<al_paun> Can anyone help?
<soren> al_paun: I still think you should figure out how your old system does it and replicate that.
<al_paun> I found out and i've added the rules from previous configuration but ... there is something missing and I don't know what
<al_paun> there are some differences ... for example the output of old server for routes -n doesn't have any line with flag GU
<soren> Can you paste the two route outputs?
<soren> On pastebin.
<al_paun> can you please tell me how to pastebin?
<al_paun> don't know how
<twb> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<al_paun> http://paste.ubuntu.com/173481/
<al_paun> ubottu: thanks
<ubottu> You're welcome! But keep in mind I'm just a bot ;-)
<al_paun> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<al_paun> twb: thanks :)
<evil_pyr0> hello.
<evil_pyr0> does ubuntu-server 9.0 install with a gui, or do we have to apply it manually?
<evil_pyr0> i mean 9.4
<uvirtbot> New bug: #377204 in samba (main) "The application Plasma Workspace (plasma) crashed and caused the signal 11 (SIGSEGV)." [Undecided,New] https://launchpad.net/bugs/377204
<al_paun> what do you recommend instead of webmin?
<Nafallo> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<al_paun> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<sluimers> Hi, can anyone help me set up my e-mail server? I'm clueless on how to set it all up. I succeeded sending and receiving mail with the mail program, but I would like to reach it with thunderbird. I use courier, postfix, procmail and sendmail.
<sluimers> recieving with mail and sending with mutt
<sluimers> correction, I now recieve it in Maildir :)
<uvirtbot> New bug: #377268 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10 failed to install/upgrade: el subproceso post-installation script devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/377268
<gourgi> vlan problem, anyone can help ?  http://ubuntuforums.org/showthread.php?t=1159283
<storrgie> vmware server bridged networking doesnt work in jaunty?
<storrgie> anyone running vmware server 2 in jaunty?
<NativeAngels> ive setup openvz a ubuntu server with vsftp but when i use wincp i get an error message Cannot initialize SFTP protocol. Is the host running a SFTP server? can anyone help
<Nafallo> sftp = ssh
<NativeAngels> but its running
<Nafallo> sorry. what is running?
<NativeAngels> ssh server
<Nafallo> are you connecting to the right port?
<NativeAngels> yes
<NativeAngels> i can ftp normally
<Nafallo> since you mentioned vsftpd, which is out of the equation.
<NativeAngels> but not sftp
<Nafallo> sftp isn't ftp.
<NativeAngels> i can put putty
<Nafallo> different daemons, different ports.
<NativeAngels> ssh servers set up for port 512
<Nafallo> so sftp should be on that port then
<NativeAngels> yeah
<NativeAngels> but all i get is Cannot initialize SFTP protocol. Is the host running a SFTP server?
<Nafallo> try with another client and see if you get the same thing?
<Nafallo> also, check your sshd_config ?
<NativeAngels> can i paste it to you
<NativeAngels> in pastbin
<Nafallo> sure
<NativeAngels> to see if ive configured it correctly
<Nafallo> nafallo@lumberjack:~$ grep sftp /etc/ssh/sshd_config
<Nafallo> Subsystem sftp /usr/lib/openssh/sftp-server
<Nafallo> that's what you want either way
<NativeAngels> thats my sshd_config Nafallo http://pastebin.com/m52bb856a
<Nafallo> NativeAngels: looks like it should work
<NativeAngels> ive this running on a openvz container
<NativeAngels> its strange
<storrgie1> I have vmware server 2 on ubuntu 8.04 and I cant get bridged networking to work!!!
<NativeAngels> hello can someone here help me with Cannot initialize SFTP protocol. Is the host running a SFTP server?
<NativeAngels> i have ssh server runing
<Hanche> hi!
<Hanche> in need of some kinde of EQ form mu ubuntu, any suggestions?
<phaidros> how to find out, which process is doing most IO ?
<phaidros> is there somthing like iotop ?
<phaidros> heh, there is :)
<gourgi> phaidros apt-cache show iotop ;)
<phaidros> thx
<bullish> hey
<bullish> i have a minimal install running here, and alsa is denying access to my user. while sudoing everything works. the user is on group audio and plugdev. the card uses the snd-hda-intel module. i'm running 8.10.
<bullish> any ideas?
<ScottK> It's a server?
<W8TAH> hi folks -- i have a 8.04 server running that has apparently got a corrupted disk as part of its Logical Volume Group.  Folks yesterday told me to boot to live CD (which i finally have done ) to run fsck - -how do i tell fsck to check the hdd's rather than the virtual systems from the live disk?
<phaidros> ok, iotop doesn't help .. how can I determine if and what is swapped?
<Lord_Devi> W8TAH: fsck automatically calls a program 'badblocks' it uses to test the HD for badblocks while fscking. Also there is a package smartmontools, in which is a tool smartctl or something like that. That lets you perform a SMART long-test on the drive.
<W8TAH> Lord_Devi: cool -  how do i use it (never had to use fsck before -- esp on a LVM GROUP)
<Lord_Devi> W8TAH: Also, if that isn't enough... the most thorough way to test in linux is to use badblocks itself, in a write/read capacity, but that can cause data loss and is generally best used on a hard drive that's not in use. However you CAN do a read/write non-destructive with it. It just takes forever..
<Lord_Devi> W8TAH: I'm sorry man, I have no experience with LVM groups. I haven't used them before =/
<Lord_Devi> I just had the 'how do I test hard drives in linux?!" fight a few times =)
<bullish> ScottK: it's a minimal install used as file server. i plan on using it to serve mpd as well.
<W8TAH> ok - -no sweat -- not real critical files on this box -- just would prefer not to loose them - -
<W8TAH> Lord_Devi: ya -- new one to me - compound problem too - had a unnoticed failure in the backup chain and dont have recent backups of the files (our students home directories)
<ScottK> bullish: Looking at my desktop (which has working alsa) I don't see any other groups that seem likely.  I'd look around and make sure permissions on the alsa related files haven't got messed up, but no great ideas.  Sorry.
<Lord_Devi> Blah sorry for revolving door. Client probs
<Lord_Devi> badblocks -b 4096 -c 98304 -p 0 -s /dev/hda
<W8TAH> i'll give it a whirl
<Lord_Devi> An example of badblocks with non-destructive params. Google first tho to be safe
<bullish> ScottK: yeah, i thought the same. just wanted to know if someone knew where to prod. thanks man.
<phaidros> argh .. how come since I ve put usb stick into the machine and started a 500mb file transfer it is just not respoding anwhere near useable ..
<phaidros> load = 20
<Lord_Devi> W8TAH: Also, smartctl: turn on smart first: smartctl -s on /dev/hda, then test, smartctl -c /dev/hda, and Longer test: smartctl -t long /dev/hda
<bullish> ScottK: any chance you know what alsa uses beyond the modules?
<ScottK> No, sorry.
<bullish> ScottK: that's ok. it's an odd setup here, really. thanks anyway.
<W8TAH> Lord_Devi: ok -- cool
<bullish> nevermind. i was being dumb. i forgot to newgrp after vigr and vigr -s
<NativeAngels> can someone here help me with sftp
<bullish> NativeAngels: setting up to serve or connecting to?
<NativeAngels> both
<NativeAngels> im getting this bullish Cannot initialize SFTP protocol. Is the host running a SFTP server?
<bullish> NativeAngels: i never set it up to serve. in what step are you and what's wrong?
<bullish> NativeAngels: to connect i recommend yafc
<NativeAngels> from a windows pc ?
<bullish> oh
<NativeAngels> im using winscp
<bullish> NativeAngels: not familiar with it.
<NativeAngels> normal ftp works as does putty
<ScottK> Is the remote end an Ubuntu server?
<NativeAngels> so i can use ssh
<NativeAngels> ubuntu 8.04
<NativeAngels> its on a openvz container
<ScottK> Did you install openssh-server?
<NativeAngels> yes
<NativeAngels> and changed the subnet
<NativeAngels> subversion
<bullish> NativeAngels: dumb question: are you accessing the right ports?
<NativeAngels> yes
<NativeAngels> i set ssh to 512
<bullish> NativeAngels: and is the port forwarded (if on a LAN)
<bullish> NativeAngels: wait. do you need it to be ftp instead of ssh when accessing from the windows box? if yes, why don't you set up a ftpd instead of ssh as server.
<bullish> also, just curious... how do you authenticate with a pass-phrase on ssh as ftp using a ftp client? (since youre not supposed to leave a ssh server with just a passkey as security)
<blueyed> Anybody using Karmic with RAID on root? (I have raid+cryptsetup+lvm) It seems like the raid setup does not get picked up anymore. I'm about to file a bug, would like to have some ACK/NACK/workaround.
<bullish> NativeAngels: maybe you want to look that up: vsftpd.beasts.org
<NativeAngels> i can login via scp
<NativeAngels> but cannot open the files
<NativeAngels> then it say makesure scp is installed
<NativeAngels> i have vsftpd installed
<ScottK> For SFTP all you need is openssh-server.
<NativeAngels> its installed
<bullish> can you login with sftp instead of scp
<ScottK> NativeAngels: So what is vsftpd for?
<NativeAngels> uploading web pages etc
<NativeAngels> that works fine
<bullish> You want to open the files ON the server using scp?
<bullish> i'm having a hard time understanding your problem
<NativeAngels> this is what i get if i use winscp Cannot initialize SFTP protocol. Is the host running a SFTP server?
<bullish> when you connect to the ssh or the vsftpd process?
<NativeAngels> when ive look up i keeps seeing about chroot
<NativeAngels> the ssh
<NativeAngels> putty works
<bullish> what do you want to do that you can't right now, since some things are working.
<bullish> we can't help if we don't understand what you want to achieve.
<NativeAngels> im just curios as to why im gettin the above message when i know the ssh sever is installed
<bullish> no clue
<OxDeadC0de> hey, i'm running ubuntu server 8.10 in a vmware session, I can ping google from it, and the sources.list for apt seem fine, but aptitude search php returns nothing, and I can't even "sudo apt-get install nmap"
<OxDeadC0de> anyone have any ideas why this might be the case?
<Hecate> OxDeadC0de, error message?
<Hecate> NativeAngels, is there any SubSystem directive for sftp set in your sshd_Config?
<OxDeadC0de> just "couldn't find package XX"
<Hecate> did you aptitude/apt-get update?
<OxDeadC0de> doh ! thanks Hecate
<Hecate> you're welcome
<Hecate> some things are just too frikking obvious to fix them, however hard you try.
<Hecate> shit like that happens even with 200 quadrilion years of experience.
<Hecate> ;)
<NativeAngels> yes Hecate
<Hecate> we have a saying in german: "man sieht den wald for lauter bÃ¤umen nicht". would be sth like "you don't see the forest, because of all the trees in your sight" in english.
<NativeAngels> this is what its set to Hanche Subsystem sftp /usr/libexec/openssh/sftp-server
<Hecate> NativeAngels, ls: cannot access /usr/libexec/openssh/sftp-server: No such file or directory
<Hecate> you got jaunty? cauz that file does not seem to exit on jaunty server.
<Hecate> *exist
<NativeAngels> im using 8.04 Hecate
<pmatulis> NativeAngels: and you can connect to the SSH server fine?
<NativeAngels> yes
<Hecate> sure the file does exist?
<NativeAngels> through putty
<pmatulis> NativeAngels: does it spit out any messages?
<pmatulis> NativeAngels: when you do so?
<NativeAngels> no it logs on fine
<pmatulis> NativeAngels: should spit out something
<Hecate> NativeAngels, even on intrepid, this file does not exist. just checked one of the servers i admin for so else.
<pmatulis> NativeAngels: winscp and putty tested from same host?
<Hecate> NativeAngels, this is what it's got to be: Subsystem sftp /usr/lib/openssh/sftp-server
<Hecate> (unless you have modified your server to some extent)
<NativeAngels> yes pmatulis
<NativeAngels> it works fine for root
<pmatulis> NativeAngels: you're using the root user?
<NativeAngels> but when a user signs on as another user which ive set an account for
<NativeAngels> is it anything to do with the chroot settings ?
<pmatulis> NativeAngels: SSH and SFTP are working for root but both are not working for a non-root user?
<Hecate> NativeAngels, hell yeah.
<NativeAngels> ssh and sftp for root but only ssh for user
<NativeAngels> its arranged as there folder /user/public_html/
<NativeAngels> or /home/user/public_html
<pmatulis> NativeAngels: so it's a permissions issue
<Hecate> NativeAngels, in case you got a chroot setup, you have to setup the directory structure of the system including some libs, a few block devices, etc. for that user.
<NativeAngels> ok
<NativeAngels> sorry to be a pain, but your time is appreciated
<Hecate> NativeAngels, do you have a chroot set up?
<NativeAngels> i enabled it in vsftpd
<NativeAngels> config
<NativeAngels> but other than that i dont know
<Hecate> ok, just gimme like 20 minutes and i'll help you.
<Hecate> got some stuff to take care of first.
<pmatulis> NativeAngels: try to connect again and then go check your logs
<pmatulis> NativeAngels: use this command to easily see which log files were changed last: '$ ls -ltr /var/log'
<pmatulis> NativeAngels: then tail a few files: '$ tail /var/log/messages' for instance
 * Hecate has returned.
<Hecate> made any progress, NativeAngels?
<NativeAngels> was aft for a few
<Hecate> well, then i'recommend checking your log, just as pmatulis suggested.
<NativeAngels> this is the result of the ls -ltr/var/log command http://pastebin.com/ma503c71
<GullyFoyle> heh my first problem with screen-profiles
<reid> what is the name of the kernel source package?  =/
<ScottK> IIRC linux-source
#ubuntu-server 2009-05-17
<reid> ah thanks
<reid> I was actually just missing a header file >.<
<benc1> where are python packages installed on ubuntu Jaunty?
<tonyyarusso> benc1: are you looking for a specific piece or package?
<benc1> tonyyarusso: yes. I've installed a package with pip and don't know how to remove it
<tonyyarusso> Because "packages" install all over the place.
<benc1> tonyyarusso: I've did pyp install
<benc1> sorry: pip install
<tonyyarusso> maybe 'pip remove' or 'pip uninstall'?
<tonyyarusso> I'm not familiar with pip at all - only dpkg.
<benc1> tonyyarusso: there is pip-uninstall separate package but it is expermintal and I don't want to do dmamage
<benc1> tonyyarusso: can I just delete the package folder to remove it manually?
<tonyyarusso> No idea.  What does this tool even do?
<tonyyarusso> What package provides 'pip'?
<benc1> it's included in some python package. looking for it
<uvirtbot> New bug: #306002 in mysql-dfsg-5.0 (main) "/etc/mysql/my.cnf cannot be read" [Undecided,Incomplete] https://launchpad.net/bugs/306002
<r00tintheb0x> Who wants to see something SUPER sexy?!
<r00tintheb0x> woooooot!!! http://pastebin.ca/raw/1425066
<r00tintheb0x> Thank GOD I got it working, its been out of sync since Ike.
<r00tintheb0x> And its customer Oracle database data.
 * r00tintheb0x wipes brow.
<r00tintheb0x> 1.81 terabytes of data.
<r00tintheb0x> And, im getting these messages too.
<r00tintheb0x> May 16 20:37:36 nas-node1 smartd[3687]: Device: /dev/hda, 2 Currently unreadable (pending) sectors
<r00tintheb0x> May 16 21:07:36 nas-node1 smartd[3687]: Device: /dev/hda, 2 Currently unreadable (pending) sectors
<r00tintheb0x> Anyone know what those are about... drive just going bad?
<twb> Ike?
<PhotoJim> Dwight D. Eisenhower, I assume.
<PhotoJim> Somewhat better known than if he'd said "Dief".
<r00tintheb0x> huh?
<r00tintheb0x> Yeah, Ike.
<r00tintheb0x> Hurricane Ike...
<r00tintheb0x> Im from Houston. I had to move 15 servers from one location to another.
<r00tintheb0x> Never got HA/DRBD reconfigured... until tolday.
<r00tintheb0x> our two NAS boxes are syncing again, nas-node1 to nas-node2 right now.
<r00tintheb0x>  /dev/drbd0            1.8T  972G  769G  56% /data
<r00tintheb0x> That would have been a lot of data to lose.
<PhotoJim> ahh.  see, we haven't had a hurricane since the dinosaur era.  so I thought of Eisenhower.
<twb> I only know about monsoons.
<twb> I thought Ike was a foreign abbreviation for a month or day name, like "Lun" for Monday.
<r00tintheb0x> Yeah...
<r00tintheb0x> But like I was saying, its nice to have DRBD syncing.
<r00tintheb0x> Next is an Oracle 10G DB HA.
<r00tintheb0x> Not too sure now im going to keep the databases in sync.
<r00tintheb0x> I guess with a dump and restore.
<TimReichhart> could anybody tell me what how passwords are encrypt in ubuntu/mysql
<tonyyarusso> TimReichhart: well, Ubuntu as an OS uses /etc/shadow, and I think they're either MD5 or SHA-1 hashes.  Not sure about MySQL.
<TimReichhart> well I know MD5 passwords is not working on mysql with roundcube
<TimReichhart> so im trying to figure out what type of MD5 its using
<TimReichhart> lets say this is regluar MD5 password of 7b9f9e7f9eb41cbea2d1 and that password doesnt work but if I use this: tJhggTSs3Dotw  it works just fine
<TimReichhart> so any ideas?
<jmarsden> TimReichhart: Why do you care exactly how MySQL encodes its passwords?  Are you hoping to crack them???  as long as whatever it encodes them into is in a form that fits in the mysql database field for that password hash, you shouldn't need to care exactly how it was encoded...
<TimReichhart> well is because I am trying to make a page so I can add users to my database
<jmarsden> Users do not care that md5 is being used...
<jmarsden> They type in a userbname and pw, you let the app encode it however it wants and store it...
<TimReichhart> listen I tried it with MD5 it doesnt work
<TimReichhart> trust me
<jmarsden> OK.  If you say so.  I run Roundcube on a server with about 1000 users, and it does work... :)
<TimReichhart> ok but are you using mysql to handle roundcube?
<TimReichhart> is your postfix on mysql? and is ur dovecot on mysql?
<TimReichhart> well jmarsden im asking u a question are you going to answer back?
<TimReichhart> jmarsden im still waiting on your answer
<jmarsden> TimReichhart: Yes and Yes.  I am marked as being away for a reason... I'm about to have to drive 140+ miles round trip... (supposed to leave 2 minutes ago) ... I can't really deal with this in detail now!
<TimReichhart> well then dont say its going to work with out giving your answer
<giovani3> TimReichhart: this is community support, no need to demand things
<TimReichhart> well I dont except somebody to tell me its going to work when I just said it doesnt
<giovani3> well you may have different situations
<giovani3> roundcube is opensource, so look at its code to see how its encoding the passwords
<giovani3> it might be using a salt
<giovani3> or a double-md5
<giovani3> this channel also isn't #roundcube so ...
<TimReichhart> see anytime I try to put anything to this script i get this Warning: hash() [function.hash]: Unknown hashing algorithm: double-md5 in /var/www/index.php on line 28
<giovani3> that channel does exist, you might want to ask about that there
<giovani3> TimReichhart: hahahaha
<TimReichhart> only thing that works is md5
<shyam> hi trying to do localnet boot reading help.ubuntu.com/community/Installation/LocalNet and as guided by CarlFK... am trying with dhcp3-server and tftp the package tftp failed as i got error that tftp-server can
<shyam> can't have tsize option..
<shyam> now so i changed to tftp-hpa. but it  isn't working:(
<shyam> have configued /etc/default/tftp-hpa as per that doc and added  "tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd /tftpboot" to /etc/inetd.conf .. no idea whats going wrong..
<shyam> and tried restarting /etc/init.d/xinetd and /etc/init.d/tftp-hda but all results in "tftp open time out"(on net boot client) "transfer timed out"(on doing "tftp localhost")
<shyam> anyone free?
 * shyam going for a restart..
<uvirtbot> New bug: #377518 in samba (main) "Samba exits when client connects" [Undecided,New] https://launchpad.net/bugs/377518
<shyam> now tftp problem is solved.. it boot to busybox ash shell with (initramfs) prompt
<shyam> what next?
<shyam> am trying it a bit twisted way.. i am trying to use a live cd with casper directory having filesystem.squashfs and things .. would that be a problem that its a live cd not an alternate cd?
<shyam> as i try to net boot its stuck at (initramfs) and as i type exit there, it says cp:unable to open /root/var/log/ no such file or dicretory and /root/dev but i donno how did that /root/ got in additionally..
<shyam> i.e it should be looking at /var/log instead of /root right?
<shyam> now it says "target filesystem doesn't have /sbin/init"
<shyam> as i exit from initramfs prompt
<uvirtbot> New bug: #377571 in postfix (main) "package postfix 2.5.5-1.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/377571
<w8tah-LT> can someone please point me to the instructions for setting up a software RAID on ubuntu?
<w8tah-LT> (technically a mirror)
<giovani3> w8tah-LT: during install, or post-install?
<W8TAH> during install
<giovani2> well the options are there in the installer
<giovani2> let me see if I can find a little guide or some screenshots
<giovani2> http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/
<giovani2> you just create the raid devices on the physical drive
<giovani2> and then create the partitions on the raid device
<w8tah-LT> thanks
<Tuxist> I have problem with libnss-ldap I have overide the default ccache location in ldap.conf but nothing is happen they search the ticket in /tmp/krb5cc_o I use ubuntu 9.04
<Tuxist> under debian 5.0 I have no problems
<VSpike> Hiya. Can i directly upgrade 8.04 LTS to 9.04?
<Nafallo> no
<W8TAH> ive got a server with a possibly corrupted disk as part of a LVM group -- i have been trying to check it - -and not having much success -- can someone please help me?
<giovani2> W8TAH: what specifically have you not been having success with?
<W8TAH> im currently booted from a live cd -- trying to use fsck but its complaing
<W8TAH> and not giving me any results
<W8TAH> says it cant find fsck.lvm2pv
<W8TAH> ive got e2fstools installed
<giovani2> e2fs is for ext partitions
<giovani2> lvm is defintiely not ext
<W8TAH> ok
<W8TAH> what should i be using to work on it then?
<giovani2> well it depends on what's corrupted
<giovani2> is it the LVM partition that's corrupted or the extX partition on top of LVM that's corrupted?
<giovani2> and what commands did you execute that failed?
<W8TAH> its a samba file server - we cant get get to the data on thats on the lvm
<W8TAH> but - the /partition boots with no problems
<W8TAH> so i know that disk (sda) is ok
<W8TAH> when its running the console has all kinds of disk errors scrolling across it
<giovani2> that sounds like the disk is not ok
<giovani2> just because some areas of the disk are fine, doesn't mean others are bad
<giovani2> err, doesn't mean others aren't bad*
<giovani2> are your drives SMART-compatible?
<W8TAH> yes
<giovani2> have you run SMART checks on them?
<W8TAH> i ran the long check -- it took 160 minutes and hasnt told me anything -- i let it run overnight - and no data was on the screen when i came back
<giovani2> long checks can take a while
<giovani2> how about the short tests?
<W8TAH> again -- i ran one - -took 2 minutes -- and no data output -- i think maybe i dont know how to make it tell me what it finds
<W8TAH> ok -- i found how to get the output --
<W8TAH> its says in both tests -- read failure
<giovani2> can you paste the command you ran, and the output to a pastebin?
<giovani2> that'd be clearer for me to understand
<W8TAH> unfortunatly no -- the machine is across the room running on a live cd, so i cannot ssh in etc
<giovani2> you can't ssh out from it?
<giovani2> or scp it out
<giovani2> a read error is not a good sign
<giovani2> but I'd need to see the context
<W8TAH> i tried to ssh in and it wants a password
<W8TAH> which doesnt exist
<W8TAH> because its live cd
<W8TAH> unless i shouldnt be using live cd
<giovani2> I just meant from the livecd box
<giovani2> output the smartctl command and output to a file
<W8TAH> oh - -let me see
<giovani2> and then scp that file to another box on the network
<W8TAH> ok -- one min
<giovani2> where you can then pastebin from
<giovani2> or access the internet directly from the livecd
<W8TAH> might be able to do that - -hang on a sec
<W8TAH> http://pastebin.ca/1425577
<W8TAH> the command is sudo smartctl -t short /dev/hdb
<giovani2> well read failures during self tests are signs that the drive has bad sectors and/or is failing
<giovani2> or that you stopped the test somehow
<W8TAH> i didnt stop the test
<giovani2> ok
<giovani2> then it sounds like the drive may be going bad
<W8TAH> ok - is there any way to grab whatever data off it that i can
<giovani2> is the filesystem unmountable?
<giovani2> if the data is critical, I'd recommend using dd to make a perfect bit-for-bit copy of the drive as it is -- which you can then work on repairing, etc for the data later
<W8TAH> its not critical
<W8TAH> its student projects for my 4-8th grade classes
<W8TAH> id LIKE to recover it if feasible
<W8TAH> i had a faliure in my backup chain
<W8TAH> so i dont have recent backups
<giovani2> ok
<giovani2> well if the filesystem is unmountable, you can continue to try to fsck it
<giovani2> but, if possible, it's best to use dd to make a bit-for-bit copy of the drive
<W8TAH> ok - how do i do that?
<giovani2> then if you do something bad to the filesystem, or the drive fails further, you have a copy of it
<giovani2> how big is the drive?
<W8TAH> 250 gb
<giovani2> how much of it has data on it?
<W8TAH> not much -- maybe 20gb at the very outside
<giovani2> ok
<giovani2> do you have another drive somewhere that you can plug into the system?
<W8TAH> yes
<giovani2> external, or internal -- or a fast network connection and a fileserver?
<W8TAH> ive got a 150gb drive in an enclosure
<W8TAH> that i can plug in via usb
<giovani2> ok, plug that in and mount it
<giovani2> I presume it has a good amount of free space on it?
<W8TAH> compltely empty
<giovani2> great
<W8TAH> boot into server or keep working from the live cd?
<giovani2> stay on the livecd
<W8TAH> ok -
<W8TAH> gimme a min -- i need to install the drive etc
<giovani2> ok
<giovani2> now you said you had LVM on this drive, are you using LVM to span filesystems across multiple drives?
<W8TAH> yes
<W8TAH> ok --  ive got the external drive mounted --
<W8TAH> never used dd before
<W8TAH> the manpage doesnt quite seem to indicate what to do
<giovani2> ok, well this is much more complex since you're using lvm, particularly with multiple drives
<giovani2> because the data is disparate, potentially
<W8TAH> i was kinda afraid of that
<W8TAH> when it gets rebuilt it will be raid
<giovani2> how many drives are in the LVM Volume Group?
<W8TAH> 2
<W8TAH> 2 physical
<giovani2> ok, well I'd image both of them to be safe, I suppose
<W8TAH> makes sense to me
<giovani2> dd if=/dev/sdX | gzip -9 > /your/usb/volume/here/drive1.dd
<giovani2> that'll copy every bit dd can off of the drive, and then compress it all
<W8TAH> ok - -cool
<W8TAH> do that to both?
<giovani2> yes, but hold on one sec while I look something up
<W8TAH> ok
<W8TAH> thanks
<giovani2> let's do a `dd if=/dev/sdX conv=noerror,sync | gzip -9 > /your/usb/volume/here/drive1.dd
<W8TAH> ok
<giovani2> there will be -some- data loss, obviously, where the drive has bad sectors
<giovani2> so we're trying to maximize what can be saved
<W8TAH> include the accent mark b4 dd?
<W8TAH> ok
<giovani2> no, no accent mark, sorry
<W8TAH> ok
<wizardslovak> anyone with email server?
<giovani2> wizardslovak: plenty of us, yes
<wizardslovak> ok is there way i can check if i got imap installed?
<giovani2> wizardslovak: imap being a protocol, and not a specific server/daemon/application, no
<wizardslovak> i am trying to figure out why i cant loggin on squirrelmail
<giovani2> did you install an imap server?
<W8TAH> giovani2: ok -- its running
<giovani2> W8TAH: ok
<wizardslovak> yes i installed it
<giovani2> wizardslovak: WHICH one?
<W8TAH> giovani2: its running -- its showing progress (200mb copied so far) but also showing a bunch of I/O errors
<giovani2> W8TAH: yep ... that'll happen
<W8TAH> ok
<W8TAH> cool
<giovani2> your drive is dying -- we're saving what we can
<W8TAH> kewl
<W8TAH> thanks
<thewrathjr> hey all
<thewrathjr> which one is better 8.04 or 9.04 server?
<giovani2> thewrathjr: "better" is all relative -- 9.04 is recently released
<thewrathjr> true
<thewrathjr> are most users still using hte lts release
<giovani2> honestly, I don't know what percentage of people use which
<giovani2> I run the latest, when possible
<thewrathjr> ok
<thewrathjr> what do you use giovani2
<giovani2> ^
<thewrathjr> oh ok
<thewrathjr> giovani2, sorry i didnt see that
<thewrathjr> lol
<giovani2> which means a few of my servers run 8.10
<giovani2> and a few run 9.04
<giovani2> depending on when I installed them
<W8TAH> thewrathjr: id go for the LTS
<W8TAH> i try to keep my servers on the LTS release
<wizardslovak> i upgraded from 8.10 to 9.04
<wizardslovak> i am newbie in it anyways
<giovani2> wizardslovak: ok, you still haven't told me what imap server you installed
<wizardslovak> i cant find it
<wizardslovak> i think courier
<giovani2> ok, is courier running?
<giovani2> ps aux | grep -i courier
<thewrathjr> k
<wizardslovak> ok
<thewrathjr> what do you guys runon ur servers?
<wizardslovak> http://pastebin.com/m632c1b1b
<wizardslovak> thewrathjr: os lol you?
<giovani2> thewrathjr: you'd have to be more specific than that
<thewrathjr> yes
<thewrathjr> like what services?
<giovani2> thewrathjr: too many to count
<thewrathjr> can you say some?
<wizardslovak> LAMP
<wizardslovak> giovani2: check pastebin
<giovani2> lighttpd, postfix, dovecot, opensshd, apache, openradius
<giovani2> wizardslovak: ok, so, some part of courier is running, not sure if that's just the auth setup
<thewrathjr> wahts the difference btween lighthttpd and apache
<thewrathjr> and what is openradious
<W8TAH> thewrathjr: LAMP and samba here
<wizardslovak> giovani2: what are you using for checking mail on postfix?
<giovani2> thewrathjr: too numerous to count -- lighttpd is tons smaller, and faster for certain jobs
<thewrathjr> ok
<giovani2> wizardslovak: what do you mean "checking mail"?
<giovani2> thewrathjr: openradius is a RADIUS server -- a large topic -- google it
<thewrathjr> wahts no numerous?
<thewrathjr> oh nvm
<thewrathjr> what is Openradius?
<giovani2> <giovani2> thewrathjr: openradius is a RADIUS server -- a large topic -- google it
<giovani2> wizardslovak: sudo /etc/init.d/courier-imap start
<wizardslovak> ok well something like squirrelmail ,so i can check email true web browser
<giovani2> wizardslovak: I don't use webmail, it's horrible
<giovani2> but when I did -- I used roundcube, and horde/imp
<wizardslovak> how to check email then?
<wizardslovak> shell
<giovani2> uh ... using a mail application
<giovani2> like kmail, or outlook, or thunderbird, or mutt, or pine
<wizardslovak> ooo
<wizardslovak> giovani
<wizardslovak> giovani2: "no such file or directory"
<giovani2> wizardslovak: sounds like you don't have courier installed then
<wizardslovak> ok so i need imap
<giovani2> sudo apt-get install courier-imap
<giovani2> imap is a protocol
<giovani2> you don't "have/get/need" it
<giovani2> you need an -imap server-
<wizardslovak> yes i need it for squirelmail
<giovani2> sigh
<wizardslovak> giovani2: i am newbie
<wizardslovak> so i might sometimes ask too many question
<wizardslovak> s
<giovani2> you're just not listening to me
<giovani2> imap is a protocol, you need an IMAP SERVER
<wizardslovak> ok i installed courier imap
<giovani2> courier-imap is an imap server
<thewrathjr> what is Openradius?
<wizardslovak> ok thank you
<giovani2> thewrathjr: I've answered that question TWICE now
<wizardslovak> i got it installed
<W8TAH> <giovani2> <giovani2> thewrathjr: openradius is a RADIUS server -- a large topic -- google it
<W8TAH> giovani2: is this data copy likely to be a lengthy process?
<giovani2> W8TAH: yes
<W8TAH> ok -- i'll come back later and start it on the other disk -- will you be around tomorrow during the workday (eastern time?)
<giovani2> W8TAH: not for extended periods of time -- when I'm at work I'm usually pretty busy for IRC
<giovani2> but I'll try and log in
<yann2> anyone knows what it means in htop when it displays "nan" for the usage of a core? can't be good
<W8TAH> ok -- not much sense in me sitting here at work watching things scroll up the screen
<RedDragons> hello
<giovani2> yann2: that typically stands for "not a number"
<giovani2> yann2: could be a programming bug, or a problem with your setup
<giovani2> does top display things properly?
<yann2> the server is behaving extremely weirdly
<W8TAH> but i'll let it run and come back and start the sda copy running
<yann2> I got "cpu stuck for 10 secs" in logs
<RedDragons> i'm trying to intall sinit but it can't find it
<giovani2> yann2: sounds like either a defective mb/cpu/powersupply, or a bad kernel/driver
<thewrathjr> what mail server do u guys urn?
<giovani2> thewrathjr: postfix and dovecot
<W8TAH> googlemail for small business
<thewrathjr> anyon ever used or tested horde
<giovani2> thewrathjr: yes
<thewrathjr> and...
<giovani2> and what?
<W8TAH> i'll try to hook up with u tomorrow giovani2
<thewrathjr> why didnt u like it
<thewrathjr> asumming u didnt since u dont run it
<giovani2> thewrathjr: it's written in PHP, it's ugly, and is just poorly designed
<giovani2> I hate webmail in general
<thewrathjr> you like using outlook'thunderbird?
<giovani2> I like using real mail clients
<giovani2> I prefer kmail
<giovani2> I hate thunderbird
<giovani2> but at work we support outlook/thunderbird/pine/mutt
<wizardslovak> i like to use them too , but sometimes i want to check mail from other PC
<wizardslovak> so its good to have webmail
<giovani2> yeah, I wouldn't check my mail from someone else's computer
<wizardslovak> well i dont think my friend is capable to use info in emails to harm me in any way  lol
<giovani2> that wasn't the reason
<giovani2> but ok
<wizardslovak> giovani2:  if you have time can you help me with setting kmail ?
<giovani2> wizardslovak: nope, that's completely out of the scope of #ubuntu-server
<giovani2> kmail is desktop software
<wizardslovak> lol ok
<wizardslovak> so just imap-sourier setttings
<giovani2> courier-imap
<giovani2> yeah, and not even those -- I don't know how to configure courier-imap
<wizardslovak> but dovecot you can?
<giovani2> yes
<wizardslovak> ok
<wizardslovak> so to install it how does package called?, tried dovecot  "package dovecot is not available"
<wizardslovak> dovecot-common?
<giovani2> heh, what mail server are you using?
<wizardslovak> postfix
<giovani2> what release of ubuntu?
<wizardslovak> 9.04
<giovani2> dovecot-postfix is supposed to be the all-in-one package
<giovani2> but I have no idea if it's functional
<giovani2> never used it
<giovani2> it's new in 9.04
<wizardslovak> well i know i didnt install dovecot
<wizardslovak> so i gotta get it first
<wizardslovak> ok i got dovecto installed
<wizardslovak> how to test it? how to configure it?
<RedDragons> l
<RedDragons> I'm trying to intall sinit but it can't find it
<RedDragons> hi
<RedDragons> I'm trying to intall sinit but it can't find it?
<RedDragons> hello?
<wizardslovak> how can i find in which group my user is in?
<RedDragons> I'm useing the server ver. I'm trying to intall sinit but it can't find it.
<wizardslovak> "telnet localhost imap2" unable to connect" what should i do ?
<wizardslovak> why it doexnt want to connect?
<wizardslovak> i cannot connect to myself
<phaidros> wizardslovak: please read here: http://ubuntuforums.org/showthread.php?p=1969726 and follow the links in there, after reading that we can try to help you
<wizardslovak> ok i got it work
<phaidros> ok
<wizardslovak> thank you
<RedDragons> i'm hing troble geting xinit to run
<wizardslovak> "telnet localhost imap2" unable to connect
<phaidros> wizardslovak: is that a question?
<wizardslovak> well kinda
<phaidros> hehe, u just said: < wizardslovak> ok i got it work
<wizardslovak> yes
<RedDragons> it say "something" is missing
<phaidros> please to be a litle more precise, what you are traing to approach and what the problem is ;)
<wizardslovak> ok sorry
<wizardslovak> well i installed dovecot and its running, when i want to test it with "telnet localhost imap2" it says that connection refused
<RedDragons> you talking to me?
<phaidros> RedDragons: I never used xinit, sry
<RedDragons> ok
<RedDragons> its just i'm new to udundu and i'm not uesd to commin lines
<phaidros> RedDragons: at least not directly, I believe gdm is handling that usually
<RedDragons> is there a graphical inerface?
<phaidros> wizardslovak: did you configure dovecot? if yes, to listen on which port(s)? did you enable ssl? ssl-only? see: sudo netstat -tupan and look for the docevot process on which port is listens ..
<RedDragons> well
<phaidros> wizardslovak: 'grep imap /etc/services' should give you a hint what usual imap ports are. I never tried using telnet with a protocol name, so I dunno why it's not working, I assume wrong port ..
<phaidros> RedDragons: hat did you install or have in front of you? ubuntu-server? and what do you wnat to approach? getting gui?
<phaidros> RedDragons: there is on any any ubuntu system a gui, but for servers, just no installed. if you need gui try: aptitude install gnome
<Baversjo> Hi! Im trying to setup simple traffic shaping on my server. The only thing I need is to reserve a bit bandwidth to Ssh (443). Anyone who could give me a hand? :)
<Baversjo> What tool should I use and what should I add in the config file? :)
<RedDragons> i had to install xinit and when i type startx it say /usr/bin/x11/x: not found xinit: server error
<phaidros> RedDragons: which version of ubuntu-server are you running?
<RedDragons> the newest
<RedDragons> 9.4 i think
<slide> Are there any torrent daemon clients becides transmission-daemon?
<phaidros> slide: torrent gui client? oder tracker?
<slide> no-gui client
<phaidros> slide: deluge-torrent, I like it pretty much
<phaidros> RedDragons: sry, was afk :/
<slide> phaidros, do you use it without the gui?
<phaidros> slide: oh, sry. I just misread .. rtorrent for cli :)
<rockee> Im non technical person but still have some knowledge to about web designing and all. Today only I installed Ubuntu 9.04 server in my machine (2 GB RAM, Intel centrino Duo, Sony Vaio Laptop) after deleting win-vista. I was trying to learn about Linux n Ubuntu since last week.. The purpose was to create a mail server After installation I stuck up with non-GUI interface of ubuntu server 9.04, while I was having only one computer system so I installed G
<slide> phaidros, actually daemon, something that runs constantly in the background
<phaidros> RedDragons: I just had a quicklook in my /usr/bin/startx script, and there is no path to /usr/bin/x11/x, either you are not on 9.04, or something strange is there
<phaidros> RedDragons: did you try do install gnome? this gnome display manager just should require all needed dependencies for a complete X
<phaidros> slide: hm, ever tried screen?
<phaidros> slide: I always use screen for things like irssi and rtorrent ..
<rockee> can anybody help me also
<phaidros> rockee: your question ended with "so I installed G"
<phaidros> rockee: actually this was no question ;)
<rockee> oh Iá¸¿ sorry... Now question is ... ubuntu server 9.04 is also in my HDD ... and and this GUI also... can I work on this OS for developing mail server? or I have to work on that non-GUI OS for setting up mail server? is there any tutorial for setting uo mail server on Ubuntu 9.04? any tutorial that can be useful for beginer ? I also downloaded and installed webmin, is this useful? or required?
<rockee> any help?
<rockee> bekar log... koi bhartiya hai yaha?
<phaidros> re
<uvirtbot> New bug: #377724 in libnss-ldap (universe) "cannot overide ccache location" [Undecided,New] https://launchpad.net/bugs/377724
<NativeAngels> hello can anyone tell me what this means http://pastebin.com/m6bc76bb2
<sommer> NativeAngels: it means that your ssh client deosn't have the servers key... if you're sure of the IP it's usually safe to confirm
<NativeAngels> ok
<NativeAngels> so why do i get this http://pastebin.com/m472715d2 sommer
<NativeAngels> any ideas sommer
<sommer> NativeAngels: not sure never seen that before.  What realease are you running?  and is that on your client or the server?
<NativeAngels> im using ubuntu 8.04
<sommer> NativeAngels: are there any other errors in /var/log/syslog or /var/log/auth.log that may be from ssh?
<NativeAngels> sommer i fixed it
<LMJ> Hi
<LMJ> Is there a way to find but for Hardy (LTS) http://packages.ubuntu.com/fr/intrepid/web/php-apc
<W8TAH> giovani2: im back -- its still going -- so i'll let it run over night -- when it finishes, and ive copied the other drive as well, replace the failed drive, reformat / reinstall server and then expand the files back onto the drives?
<thewrathjr> hi all
<frojnd> I've just installed the packages ampache and phpmyadmin. But when I go to mydomain.net/phpmyadmin nothing happens... why is that. During the installation of phpmyadmin it asked what web sertver to configure... I've set eapache2. Why I can't access mydomain.net/phpmyadmin ?
<W8TAH> frojnd: try going to 127.0.0.1 and see what you get
<W8TAH> frojnd: ????
<frojnd> W8TAH: erm but this is my local IP
<W8TAH> i know this
<W8TAH> usually if apache2 is working correctly
<W8TAH> and you browse to that ip
<W8TAH> you will get a screen telling you apache is working --
<frojnd> W8TAH: I Can see the web configuration of myip.net/ampache the startup page..
<W8TAH> ok --
<W8TAH> thats good
<W8TAH> that means apache is working
<frojnd> W8TAH: ok
<W8TAH> now try http://ipofserver/phpmyadmin
<frojnd> W8TAH: now that when I get: Not Found
<W8TAH> hummm - might try the phpmyadmin chan
<W8TAH> im not real sure
<frojnd> do I even need this package?
<W8TAH> depends on what you are trying to do
<frojnd> configure the ampache
<frojnd> and as I see here on the wiki, I need root of my mysql
<frojnd> the user name of mysql
<W8TAH> wait
<frojnd> than I need database user for new database
<W8TAH> phpmydamin is for mysql
<W8TAH> it has nothing to do with apache
<frojnd> yep
<frojnd> no
<frojnd> AMPACHE
<W8TAH> what is ampache?
<frojnd> is a web php tool that gatgeres all the music you have on the server and you can stream it or have flash for it or even in amarok..
<W8TAH> then i truly have NO clue --
<frojnd> the music gathered on one place accessable via nice web gui
<frojnd> hm
<frojnd> maybe it didn't install correctly
<frojnd> is there a command to reinstall
<frojnd> or I have to remove and than install
<frojnd> or --purge remove and than install?
<thewrathjr> W8TAH: did you do sudo apt-get install phpmyadmin
<frojnd> thewrathjr: yes
<thewrathjr> and u can not view the phpmyadmin page?
<frojnd> thewrathjr: trie
<frojnd> true
<W8TAH> thewrathjr: i didnt do any of the sort - -im not installing it
<W8TAH> i was trying to help frojnd
<frojnd> thewrathjr: this is really my problem
<thewrathjr> ok
<thewrathjr> i see
<frojnd> When I try to install phpmyadmin I get this menu: > ok
<frojnd> hpMyAdmin supports any web server that PHP does, but this automatic configuration process only supports Apache.
<frojnd> and I can select which server to reconfigure automatically: apache2, apache, apache-ssl, apache-perl, lighttpd
<thewrathjr> ok hold on
<thewrathjr> apache2
<frojnd> ok so I did this ok
<thewrathjr> k
<thewrathjr> im trying to catch up to you lol
<frojnd> :)
<thewrathjr> im on desktop atm so yea
<frojnd> erm this is the guide: http://ampache.org/wiki/install:ubuntu
<thewrathjr> u trying to install ampache or apache
<frojnd> thewrathjr: ampache
<thewrathjr> what is that
<frojnd> thewrathjr: ampache is installed
<thewrathjr> never heard of it
<frojnd> I just have to configure it
<frojnd> it's a nice web php tool that gatheres all the music on one place (server) and i can access to it and listen to it locally or via web... like in flash, playlist, or in amarok..
<thewrathjr> ok
<thewrathjr> let me catch up to u
<thewrathjr> well that will be a while
<thewrathjr> so u can not get to phpmyadmin right?
<frojnd> right
<frojnd> I can go to myip.net/ampache
<frojnd> but to configure it I need to set mysql
<frojnd> and phpmyadmin does that in a simple way
<thewrathjr> recondigure (sudo dpkg --reconfigure phpmyadmin)
<frojnd> and I can not go to mydoman.net/phpmyadmin
<thewrathjr> could just use sockso
<frojnd> it isn't the right command
<frojnd> reconfigure
<Rafael> Anybody can tell me what a segmentation fault is?
<thewrathjr> foxbuntu: Just in case you havenât installed phpMyAdmin yet, type the following line in the Terminal:
<thewrathjr> apt-get install phpmyadmin To set up under Apache all you need to do is include the following line in /etc/apache2/apache2.conf, first type the following command to open up this file:
<thewrathjr> gksudo gedit /etc/apache2/apache2.conf
<thewrathjr> Rafael: http://en.wikipedia.org/wiki/Segmentation_fault
<frojnd> thewrathjr: I use vim
<frojnd> I'm looking to what?
<ajmitch> no editing of apache2.conf should be necessary
<thewrathjr> frojnd: did not get all of it
<thewrathjr> go here: http://www.blog.highub.com/linux/install-and-configure-phpmyadmin-on-ubuntu-lamp/
<thewrathjr> ajmitch: yes i agree maybe phpmyadmin just did not install completely properly due to permission erros
<ajmitch> the phpmyadmin package should place a file in /etc/apache2/conf.d
<thewrathjr> key would is **should**
<thewrathjr> be back have to go and deliver something quick
<Rafael> thewranthjr: thanks i saw it, but what should i do if i got that after: sudo mdadm --assemble /dev/md0
<ajmitch> frojnd: check if that file is there, and check if you have any virtual host definitions that wouldn't be using that phpmyadmin alias
<frojnd> ajmitch: which file?
<ajmitch>  /etc/apache2/conf.d/phpmyadmin.conf
<thewrathjr> Rafael: that i am not sure
<ajmitch> and are you using a virtualhost?
<thewrathjr> ajmitch: might know do you ? never gotten one before
<frojnd> ajmitch: no
<thewrathjr> virutalhost is what it uses by default right ajmitch?
<frojnd> ajmitch: what am I looking at?
<frojnd> ajmitch: I mean what option is the one that is keeping apache2 from showing phpmyadmin=
<ajmitch> frojnd: have you reloaded apache2?
<ajmitch> by that, I mean sudo /etc/init.d/apache2 reload
<frojnd> ajmitch: no I didn't
<ajmitch> try it, the phpmyadmin package may not have triggered a reload of the configuration after it was installed
<frojnd> ajmitch: I did now and there is no difference
<ajmitch> what url are you trying?
<frojnd> I think it did reload at the end of phpmyadimin installation
<frojnd> frojnd.no-ip.org/phpmyadmin
<frojnd> go hack me
<frojnd> :)
<ajmitch> that is doing some funny things with port redirects & all
<frojnd> ajmitch: yep
<ajmitch> since it ends up on port 1080
<frojnd> it is the correct port :)
<ajmitch> where is that configured from?
<frojnd> isp blocks everything below 1000
<ajmitch> how irritating
<frojnd> ajmitch: slovenia
<frojnd> ajmitch: mhm
<ajmitch> I meant which package is it configured from
<ajmitch> sigh
<ajmitch> sorry, I just got called upstairs at work
<frojnd> so you must go now
<ajmitch> I have to go for a bit, sorry I can't help more
<frojnd> no biggy
<frojnd> I'm going to sleep anyway
<frojnd> thanx for you trying to helo me
<frojnd> help
<frojnd> night
<FFForever> i have a vps with 256mb of ram how do i upgrade to 9.04?
<FFForever> do-release-upgrade gives me OSError: [Errno 12] Cannot allocate memory
#ubuntu-server 2010-05-17
<osmosis> if I create a new  /etc/modprobe.d/file.conf   , what command to I run to have it installed ?
<Urda> Question: Anyway in *Ubuntu 10.04 SERVER* to change
<Urda>              the color of the terminal from white on black?
<storrgie> if i have two interfaces, how to i make it so there will be only one gateway in the route?
<storrgie> or i guess i mean
<storrgie> only 1 route
 * f1yback bbl, bathroom break
<dominicdinada> blah how do i purge everything on the firewall and start over ?
<dominicdinada> !samba
<ubottu> Samba is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT.
<dominicdinada> how can i keep these files installed it keeps trying to remove them after i removed a crappy piece of software http://pastebin.com/zcxHkNSh
<dominicdinada> !domain
 * f1yback goodnight all
<dominicdinada> !samba
<ubottu> Samba is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT.
<enav> hello.... im learning about UWF...   but i got a quick question... all ports are blocked by default???
<Urda> Hey I'm having some issues install x86 10.04 Server. It installs just fine, but after reboot I cannot get it to enter the system! GRUB 2 starts up just fine, but once it starts to load the OS everything comes to a halt
<Urda> I see a blinking cursor, then the monitor goes dead
<dominicdinada> god blessed
<enav> you guys know a reason of why USE 10.04 gets a Black screen after installation some times?
<uvirtbot> New bug: #581577 in mysql-dfsg-5.1 (main) "package mysql-common 5.1.41-3ubuntu12 failed to install/upgrade: ne peut pas accÃ©der Ã  l'archive: Aucun fichier ou dossier de ce type" [Undecided,New] https://launchpad.net/bugs/581577
<stoned> hi
<stoned> to install phpunit should I install aptitude install phpunit or should I use PEAR ?
<stoned> please advise
<lambrecht> hello anyone can help
<lambrecht> i have a problem on karmic some sevices dont start like apache zabbix ... they are configured to start
<MrPancake> lambrecht: Logs?
<lambrecht> yes
<lambrecht> what logs
<lambrecht> http://nopaste.info/bd62e0df50
<lambrecht> my syslog
<lambrecht> http://nopaste.info/bd62e0df50.html
<lambrecht> zabbix and apache2 is in rc2.d
<lambrecht> mrpancake are you there
<lambrecht> anyone awake ??
<RoyK> somehow
<lambrecht> hehe
<lambrecht> i have a problem some services dont start at startup
<RoyK> have you tried starting them manually and then checked the logs?
<lambrecht> yes i started them manualy
<RoyK> also, did they start earlier - if so, what did you change?
<RoyK> does it work when you start them manually?
<lambrecht> yes they started earlyer
<lambrecht> yes it works then
<lambrecht> http://nopaste.info/bd62e0df50.html for my syslog  but there is nothing weird i think
<lambrecht> the services are also in /etc/rc2.d
<lambrecht> apache2 dont start zabbix dont start webmin dont start
<lambrecht> mysql shh bin starts
<lambrecht> when i lokk in webmin all the services that meant to start are configured to start at statup
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<lambrecht> a ok
<lambrecht> maybe webmin is the problem then
<RoyK> doesn't seem very likely if they're in /etc/rc2.d
<lambrecht> yes its verry strange
<lambrecht> every time i have to start them manualy
<RoyK> webmin might have messed up something, though
<lambrecht> hmm damn
 * RoyK uses the command line
<lambrecht> i know hehe i dont realy use it to change things
<lambrecht> can i uninstall it so all my setting are fine again
<RoyK> ls -l /etc/rc2.d/*apache*
<RoyK> what does that show?
<lambrecht> lrwxrwxrwx root root /etc/rc2.d/s91apache2 -> ../init.d/apache2
<RoyK> should be right
<lambrecht> yes
<lambrecht> verry weird
<RoyK> try a fresh reboot and pastebin the logs again
<lambrecht> ok
<lambrecht> i changed that also http://ubuntuforums.org/showthread.php?t=1393573
<lambrecht> http://nopaste.info/774f6c6ffc.html
<lambrecht> brb nicotine time
<RoyK> hm. apache isn't in there at all
<lambrecht> ni isnt i dont understand
<lambrecht> no
<lambrecht> and zabbix
<lambrecht> maybe you can have a look log in to my server
<RoyK> could try
<RoyK> grub2 sucks hard
<maxagaz> does someone know of any fingerprint machine that I can use with ubuntu ?
<zoran119> hi people
<zoran119> we have a ubuntu server at work
<zoran119> running as a virtual machine on hyper-v
<zoran119> and every day (a couple times a day) the clock gets 'stuck'
<zoran119> it just loops within a 5 second period
<zoran119> any idea why this is any how to fix it?
<zoran119> we have other virtual machines (centos) on hyper-v and they have no time issues
<sh1ny> have you tried with virtual flavor kernel in the ubuntu server ?
<sh1ny> i have one such server on hyper-v ( as part of 2008 R2 ) and it works just fine
<zoran119> sh1ny: virtual flavor kernel?
<sh1ny> apt-get install linux-image-virtual
<zoran119> sh1ny: cool... i'll try that
<sh1ny> make sure you install it first, then boot with it, then remove the other kernel...also if you have an older kernel , keep it so you can failsafe to it
<zoran119> sh1ny: why do i have to remove the other kernel?
<sh1ny> what would you need it for ? except for taking space :P
<sh1ny> just try how it works with the virtual one
<sh1ny> if it works ok, remove the default one
<gmcdonald> direct download url for 10.4 server anybody?
<gmcdonald> ubottu: ?
<gmcdonald> 248 nicks and no-body knows
<cloakable> idiot
<halvors1> I get this error in the log: http://paste.ubuntu.com/434896/
<RoyK> heh - it's like two clicks away from the frontpage :)
<halvors1> Should i deactivate the chroot Postfix does?
<RoyK> does postfix chroot?
 * RoyK keeps email in a separate directory, not homedirs
<halvors1> but i want to have them there, it is not possible?
<RoyK> aner ikke :)
<halvors1> Du var norsk eller er det bare Google Transelate ?
 * RoyK er rimelig norsk
<halvors1> Det vil si?? ;)
<RoyK> tja, norsk
<RoyK> men ikke "norsk" nok til Ã¥ bruke dagen til Ã¥ veive med flagg pÃ¥ Karl Johan
<RoyK> selv med Ã¸rten generasjoner med norskhet bak seg, er ikke sÃ¥nt nÃ¸dvendig
<egsome> How can i monitor temperature of CPU and HDD of my ubuntu server ?
<sh1ny> aptitude install lm-sensors
<sh1ny> sensors-detect
<egsome> is it command line or GUI ?
<sh1ny> command line
<sh1ny> you said "server"
<egsome> sh1ny, yeah, so i'm asking
<RoyK> egsome: using a gui for your server? :)
<egsome> RoyK: NO :), i'm asking as i know that lm-sensors is a GUI only, but now i know that i can use it from command line
<sh1ny> egsome, you're wrong
<egsome> sh1ny, yeah, thanks
<RoyK> "sensors" is the command used on the command-line
<sh1ny> he needs to "sensors-detect" first :)
<RoyK> yeah
<RoyK> and loading some mods
<RoyK> and praying to some remote god that the drivers work correctly
<egsome> i'm loading them now
<RoyK> lmsensors has a few bugs
<sh1ny> few ? :P
<RoyK> that is, hardware sensors aren't really standardised
<sh1ny> well unless you have something like IPMI , your only chance is lmsensors ;)
<RoyK> even ipmi is quite buggy, last I checked
<RoyK> sh1ny: "a few" != "few"
<sh1ny> works fine here, except it does not display my cpu temps with numbers just "low" , "high" etc :P
<egsome> i got it working now, thanks guys
<sh1ny> you should also install hddtemp for hdd's temps ( obviously )
<sh1ny> well at least i do so
<egsome> sh1ny, thanks, going to do
<egsome> How should i use hddtemp ?
<sh1ny> hddtemp /dev/sda
<egsome> sh1ny, worked !, thanks
<sh1ny> yw :)
<egsome> sorry but another question, can i get these temperatures inside webmin ? is there any module that do that ?
<sh1ny> i have no idea ;( never used webmin
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<egsome> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<egsome> sh1ny, maybe change to eBox, anyway thanks
<Mkools> Hi, using tomcat6 my logs are showing deploying war file but when I type URI on firefox I don't get my index page of my webapp. Instead I get "IT WORKS" page of tomcat6,
<Mkools> any one can please help.
<Mkools> any body.
<ccheney> hi
<uvirtbot> New bug: #579661 in clamav (main) "clamav-daemon dosen't start with ERROR: initgroups() failed." [Undecided,New] https://launchpad.net/bugs/579661
<binBASH> Hi all, I reinstalled my servers with Ubuntu server 10.04lts. However I'm not able to get the Eucalyptus cloud running again.
<uvirtbot> New bug: #581718 in dovecot (main) "dovecot upgrade purposely breaks working configuration" [Undecided,New] https://launchpad.net/bugs/581718
<binBASH> it always shows 0 / 0 in free or max vms
<binBASH> any tipps how to debug what's wrong?
<sommer> morning
<binBASH> I had it running on 9.10 before without problems btw. :)
<zul> hey sommer
<sommer> o//
<sommer> zul: you're a triage master :-)
<zul> sommer: yeah yeah :)
<RoyK> sommer means summer in Norwegian :)
<sommer> heh, I figured it was something like that in a few languages... but what do ya do :)
 * RoyK celebrates this may 17 slowly
<binBASH> Someone knows when Ubuntu lucid will have varnish 2.1.2 package?
<binBASH> 2.1.0 is broken, like content overflows and esi not working correct.
<sh1ny> most likely in 10.10
<binBASH> damn :/
<sh1ny> i mean they rarely bump stuff up , especially in LTS
<TJ-> hi guys
<TJ-> there was a power failue and long story short the only that doesnt work since then is my pptpd server
<binBASH> sh1ny: So only I can do is build my own package I guess
<sh1ny> binBASH, yes, that's what i usually do
<sh1ny> binBASH, try using the debian/ from the existing package and compile the new one with that
<sh1ny> or use launchpad ( even better )
<TJ-> it used to work fine until the power failure, anyway ive been searching everywhere and it seems the server might have booted into a differnet kernel etc, does anyone know how to get pptpd and the kernel to play nice? I keep getting CTRL: PTY read or GRE write failed (pty,gre)=(5,6) and all the forums and googles dont seem to have a solution for me....
<binBASH> sh1ny: Ok, I have to find out how to do it then ;)
<sh1ny> well
<binBASH> just switched from CentOS
<sh1ny> just start with building a package on your pc
<sh1ny> aptitude install ubuntu-dev-tools
<sh1ny> apt-get build-dep varnish
<sh1ny> apt-get source varnish ( as a normal user )
<sh1ny> then get the folder "debian" in the source dir that appears and move it to the source dir of the new version of varnish
<RoyK> binBASH: you can just compile it yourself
<sh1ny> then
<sh1ny> debuild
<RoyK> not much of a hassle
<binBASH> RoyK: Well I don't want to put my system in an unclean state ;)
<binBASH> and I have to put that package on some more servers
<sh1ny> RoyK, i don't usually recommend to people to "just compile" because many often forget what have they compiled, where and how did they install it etc etc.
<sh1ny> so binBASH play around with building deb packages
<sh1ny> it's easy
<sh1ny> then try launchpad
<binBASH> sh1ny: thanks I'll try that
<sh1ny> i am using it for some packages for my servers
<sh1ny> and i have a little over 150 servers, of which 70 are ubuntu
<sh1ny> so "just compiling" won't cut it
<binBASH> what tool are you using to administrate these?
<binBASH> puppet?
<sh1ny> puppet and zenoss for monitoring, tho i think of switching to zabbix and bcfg2
<sh1ny> but changes like this take a lot of time :)
<binBASH> I will give Kokki a try http://samuelks.com/kokki/
<binBASH> because we'll get lots of servers as well
<sh1ny> hm python
<sh1ny> not bad
<sh1ny> i kinda dislike ruby, seems like spaghetti to me :F
<binBASH> same here
<binBASH> I code php normally, but last weeks I played around with python
<binBASH> ;)
<sh1ny> php ?
<sh1ny> i am playing with symfony as of late.....well last few years :P
<sh1ny> still have to make a first project, but i am getting there
<sh1ny> :D
<sh1ny> being a coder != being a sysadmin :F
<binBASH> hehe
<sh1ny> btw, why did you switch from centos ?
<binBASH> I started as sysadmin, then went to coding
<binBASH> the eucalyptus was a mess on CentOS
<binBASH> :)
<sh1ny> ah :D
<sh1ny> i am running lots of kvm virtual machines, but still no opportunity for eucalyptus
<sh1ny> tho just by looking at it i seem to like open nebula more
<binBASH> sh1ny: http://www.pastie.org/963751
<binBASH> btw.
<binBASH> :)
<sh1ny> binBASH, ya, nothing to worry about
<sh1ny> just the packet is not signed
<sh1ny> if you have your own gpg key
<sh1ny> hm
<sh1ny> no
<sh1ny> let's start from far
<sh1ny> if you did what i told you, you have compiled 2.1.5
<sh1ny> but the package gets build for 2.1.0
<sh1ny> so to change that
<sh1ny> go into the source dir and do
<sh1ny> dch -i
<sh1ny> it will open the debian/changelog file with the preferred editor
<sh1ny> where the asterisk is, add something like
<sh1ny>  * New Upstream Release
<sh1ny> and
<sh1ny> bump the version to 2.1.5
<sh1ny> and change the name + email
<sh1ny> then save+exit
<sh1ny> then rebuild
<sh1ny> if you have a gpg key that matches the email it will sign the package with it
<binBASH> don't have ;)
<binBASH> think I have to create one
<binBASH> because it fails still now because of no key
<sh1ny> if you're on a desktop use, Applications -> Accessories -> Password  and Encryption Keys
<sh1ny> it fails but it still builds it's
<sh1ny> it*
<binBASH> No I'm not
<sh1ny> just not signed
<sh1ny> ehm well
<binBASH> ahh ok
<binBASH> Np, if it's not signed
<binBASH> I have a .deb now
<sh1ny> the packages are in toplevel dir
<sh1ny> :)
<binBASH> with correct version
<sh1ny> man i do like when people understand what i'm saying, mostly they don't because of my crappy explanation skills
<sh1ny> :)
<binBASH> ok that was not too hard
<binBASH> ;)
<binBASH> thanks a lot sh1ny
<sh1ny> yea
<sh1ny> if you decide to use launchpad for a PPA, there's a step by step howto when you try to create a PPA on how to create a gpg key and all that
<binBASH> Now I just have to find out what's the problem with the eucalyptus cloud ;)
<sh1ny> ^_^
<uvirtbot> sh1ny: Error: "_^" is not a valid command.
<Pici> er.
<Pici> Silly bot.
<binBASH> hehe
<sh1ny> :)
<alienn> Hi,
<sh1ny> hey
<alienn> one of our server (with several usb disks attached) displays load of error regarding /dev/sr1 (the dvd rom drive) when attaching another usb drive.
<alienn> I suspect something automounter like going in. Does anyone have an idead what this could be?
<sh1ny> binBASH, well if you have any other issues/questions about something feel free to drop a line @ me, just not with eucalyptus, because i have never run it :(
<sh1ny> alienn, not sure why it is bothering you ? is it slowing things down ?
<binBASH> thx for the offer sh1ny :)
<alienn> sh1ny: It's bothering me because I don't like errors displayed when no errors are present.
<alienn> This makes looking for real errors quite hard... ;)
<sh1ny> well no idea :(
<slipperychicken> i've got some strange disk activity on a server.  is there a way to output all disk activity ?
<slipperychicken> to console ?
<guntbert> slipperychicken: look at iotop
<impi> hello, i had to compile php5 from source to get my GD lib working propperly. Since then I can apt-get install anything as it tells me: apt-get -f install - but if I do this it will upgrade all my php stuff to the latest (NOT WORKING) versions..how do i get my apt back on track >
<impi> sorry for the long question guys,
<impi> with gentoo i could add the packages to a mask file..but with ubuntu im not sure
<slipperychicken> guntbert, thank you so much. :)
<guntbert> slipperychicken: you're welcome :-) there is a more "friendly" program too, but I cannto remember it's name right now :-)
<sh1ny> you can try dstat or iostat for general statistics
<sh1ny> tho they don't show you what process is reading/writing
<ivoks> impi: explor pining
<JanC> impi: search the web for "apt pinning"
<lfaraone> impi: http://www.mail-archive.com/debian-user@lists.debian.org/msg356708.html
<ivoks> impi: explore... apt-get supports pining
<ivoks> pinning
<ivoks> bah
<lfaraone> internalkernel: in combination with pinning, that is.
<slipperychicken> bluetoothd writing to disk @ 23kb/s ?
<lfaraone> slipperychicken: what about it?
<lfaraone> In http://doc.ubuntu.com/ubuntu/serverguide/C/jeos-and-vmbuilder.html, the use of the --tmpfs is mentioned, but when using it with vmbuilder I get "vmbuilder: error: no such option: --tmpfs". Am I doing something wrong, or incorrectly following the instructions?
<impi> thanks guys,
<impi> let me read abit
<hyperlinx> anyone who can help me about ssh public key ??
<sh1ny> lfaraone, are you using this with kvm ?
<smoser> hyperlinx, don't ask to ask, just ask
<lfaraone> sh1ny: Yes. The command in question is "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --libvirt qemu:///system --mirror=http://192.168.122.1/ubuntu --tmpfs -"
<sh1ny> i'd recommend using virt-install instead of vmbuilder
<sh1ny> i found vmbuilder buggy and didn't quite grasp what it's trying to do
<lfaraone> sh1ny: from what I can tell, it debootstraps then creates a VM image.
<slipperychicken> lfaraone, why would it do that constantly ?
<linxeh> Hi there - I'm moving a legacy system from a Windows server to a newer linux host, but I need to have a directory that will contain between 250,000 and 1,000,000 subdirectories (at least until we can fix the way the files are stored). what filesystem should I be looking at using? reiserfs ?
<ScottK> Whatever your problem, it's unlikley reiserfs is the answer.
<lfaraone> slipperychicken: no idea.
<ScottK> Personally, I prefer my file systems maintained.
<sh1ny> lfaraone, well i might be unable to provide you with help about vmbuilder, but i'd really suggest you look at virt-install . If you decide to do so, let me know and i'll help as much as i can
<lfaraone> sh1ny: okay.
<linxeh> ScottK: well, as I said, I need to have a directory with that number of subdirectories; ext4 caps out at 64k, though there is talk about some nlink or something, but it appears to be new
<lfaraone> sh1ny: I'll take a look at in a bit, off to lunch.
<sh1ny> lfaraone, kk, have a nice lunch :)
<slipperychicken> lfaraone, was this one of the app's that are not being supported anymroe ?
<slipperychicken> anymore.
<zul> reiserfs has a tendency to kill things as the joke goes
<linxeh> arf
<sh1ny> reiserfs is cool
<sh1ny> until it gets ugly
<sh1ny> :D
<binBASH> Hi kirkland!
<sh1ny> there's your change for eucalyptus, binBASH  :)
<sh1ny> chance*
<binBASH> Yeah I know ;)
<binBASH> I read his docu.
<pmatulis> zul: that's a nasty but funny one
<zul> pmatulis: i have heard worse
<sh1ny> i've had one funny problem with reiserfs
<sh1ny> couldn't figure it for years
<sh1ny> was a server, than when shutdown from power failure would never boot
<sh1ny> unless you boot with a knoppix cd
<sh1ny> just boot with it first, then reboot from hdd and it worked
<sh1ny> was weird
<binBASH> kirkland: How to fix this issue? http://www.pastie.org/963837
<ivoks> zul: that dovecot relative paths
<ivoks> zul: it's not a bug
<zul> ivoks: ok
<ivoks> zul: he's probably using %h somewhere
<ivoks> zul: i'll keep an eye on that one
<sh1ny> or only %h :D
<zul> ivoks: i appreciate if you could add your 2 cents to it though
<ivoks> zul: i did
<ivoks> zul: copy pasted upstream's 'if you use relative paths you'll die'
<zul> ivoks: thanks...i havent gotten new email yet ;)
<arch0njw> Good day.  I have a problem with Ubuntu Server (8.10) running as an ESX guest.  I have setup the /etc/networking/interfaces to set a static IP, but the system is not getting the correct IP.
<ivoks> if it's static, it's not getting IP
<ivoks> it defines it
<ivoks> 8.10 isn't supported anyway :D
<tooangel> Hey all, is there any possibility to download the ubuntu "branded" kernel/ramdisk images? I want to use them on an eucalyptus/ubuntu cloud
<zul> tooangel: no but you can use the virtual kernel its basically the same
<tooangel> virtual kernel? Not sure, what you mean
<sh1ny> apt-get install linux-image-virtual
<sh1ny> that's what he means
<kirkland> binBASH: sorry, no, not off hand
<ivoks> arch0njw: put your /etc/network/interfaces on pastebin
<tooangel> ah, k - i will give it a try - thanks
<arch0njw> ivoks: http://paste.ubuntu.com/435016/
<ivoks> arch0njw: did you reboot after setting up network?
<ivoks> arch0njw: or, at least, kill dhclient? :)
<arch0njw> yes rebooted
<ivoks> er...
<ivoks> eth0 and eth1
<ivoks> which one do you want? :)
<ivoks> you defined eth0, but ifconfig shows eth1
<arch0njw> ivoks: ha!
<arch0njw> ivoks: I don't know how the device ID changed.... but that's odd
<ivoks> what's odd?
<ivoks> how many interfaces do you have?
<arch0njw> ivoks: This VM, for reasons beyond my understanding, changed the ID of the network interface from eth0 to eth1.
<arch0njw> ivoks: this VM has only one network interface
<arch0njw> ivoks: now... the VM was moved recently.  But that shouldn't have changed eth0 to eth1... but I am not an ESX guru
<ivoks> this has nothing to do with esx
<arch0njw> ivoks: thanks for being a second set of eyes on that!
<ivoks> ubuntu names devices by their mac address
<Tweeda> are there any guides for really minimal installs of 10.04 server?  My little test VMs are fairly hefty @ 1G used on the root fs
<ivoks> if for some reason you replace nic
<ivoks> on boot it will be eth0, but as soon as udev kicks in, it will rename it to eth1
<arch0njw> ivoks: so if during the move of the VM if the MAC of the device changed that would have updated the eth#, right?
<ivoks> look at /etc/udev/rules.d/70-persistent-net.rules
<ivoks> arch0njw: and you should update your VM to supported operating system
<ivoks> ubuntnu 8.10 is EOL
<arch0njw> I though LTS releases were supported for 5 years.
<binBASH> kirkland: I wonder where it takes those wrong certs
<pmatulis> arch0njw: 8.10 is not an LTS release, 8.04 and 10.04 are
<arch0njw> ivoks: doh.  my mistake.  it is 8.04
<arch0njw> ivoks: and I hope to upgrade this to 10.04 in the near future to get the latest and coolest.  :)
<arch0njw> ivoks: I am looking at that rules.d file.  (ignorant question): what am i looking for?
<ivoks> arch0njw: delete it's contents and reboot :)
<ivoks> that's the easiest way out
 * pmatulis has heard that this cannot be done anymore (in Lucid)
<arch0njw> ivoks: okay.  will try later -- like when folks aren't using the server :D  Thanks again!!!!!
<ivoks> if you need new address
<ivoks> just add it
<ivoks> ifconfig eth1:tmp 10.26.120.7 up
<ivoks> 36 :)
<arch0njw> ivoks: yes.  caught that oopsie.  :)
<LowValueTarget> Please forgive me if this has been asked before.... since lucid, I get tons of lsb-header does not support upstart... messages when I install things
<LowValueTarget> doesn't matter what it is
<LowValueTarget> Is that a known issue, or am I my own issue?
<ivoks> upstart doesn't support lsb-headers
<ivoks> ignore those warnnings
<LowValueTarget> ivoks: for instance, installing vmware tools http://pastebin.com/16zPAJFC
<LowValueTarget> ivoks: All that mess can be ignored?
<ivoks> except the build error :)
<LowValueTarget> well yes... but the lsb shizz
<ivoks> yes
<ivoks> ignore it
<LowValueTarget> cool thanks
<bondiblueos9> is there anything I can install that will let me hit some key combination and then interupt everything that is happening and drop me to a basic terminal?
<uvirtbot> New bug: #581802 in autofs (main) "transitional package CAN'T be removed safely" [Undecided,New] https://launchpad.net/bugs/581802
<ne7work> hello all i need help..
<ne7work> i go to install ubuntu server edition
<ne7work> and i can't select partition
<ne7work> how to choose partition
<ne7work> please someone help me
<ivoks> create it
<ne7work> i have from ubuntu desktop
<ne7work> one ext4 linux partition
<ne7work> and one ext4 swap
<ne7work> how to choose this ext4 linux partition
<ivoks> http://www.debianadmin.com/ubuntu-lamp-server-installation-with-screenshots.html
<ne7work> why lamp?
<ivoks> partitioning part is exactly the same, it's the same installer
<ne7work> A - apache?
<ne7work> M - mysql?
<ne7work> P - php?
<ne7work> L is?
<Pici> Linux
<Pici> !enter
<ubottu> Please try to keep your questions/responses on one line - don't use the "Enter" key as punctuation!
<ne7work> one by one or lamp setup?
<ne7work> this is xampp for linux
<ivoks> look at the partitioning part
<ivoks> bah...
<ne7work> or just installed one by one apache2, mysql-server etc..
<ne7work> now I ask for LAMP installation
<Pici> xampp is not supported here. You should use the packages in the repos.
<ne7work> this lamp install apache2, mysql-server, phpmyadmin, php5-mysql
<Pici> !lamp
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<ne7work> or xampp for linux?
<ne7work> xampp name for linux is lamp
<ne7work> this not lamp or?
<ne7work> Pici, okay i go to install ubuntu-server
<ne7work> i test on VMWare ubuntu server edition
<ne7work> and ubuntu server edition is very good between ubuntu desktop edition and ubuntu server edition
<ne7work> ubuntu desktop edition is sux
<ne7work> ubuntu desktop edition is sux
<ne7work> i install ubuntu-desktop on server edition
<Pici> ne7work: Please don't do that here.
<ne7work> and all is very good and performance
<ne7work> okay sorry
<ne7work> tnx again man
<ne7work> really tnx
<ne7work> gl & hf :)
<Pici> Okay then.
<sh1ny> wow, the anger
<ivoks> speachless :)
<ivoks> speech even
<sh1ny> i tried to help this guy yesterday, but he's beyond me
<ivoks> i gave up on lamp :)
<sh1ny> i gave up on proftpd
<sh1ny> after 10 repeats of "the proftpd uses system users to authenticate"
<sh1ny> i tried in 10 different ways
<ScottK> sh1ny: Generally if you're using FTP in 2010, you're doing it wrong.
<vraa> i couldn't get any ftpd working either, but i'm an idiot, so i settled instead for using Filezilla as the client (since it's cross platform) and using sftp (ssh file transfer)
<sh1ny> ScottK, depends if it's for personal use or if your clients demand it
<sh1ny> ScottK, i have been using sftp for more than 7-8 years already, but many can't do that for various reasons
<ScottK> Generally I try to lead clients in a better direction, but certainly it's sometimes not possible to avoid it.
<binBASH> here I'm running pure-ftpd
<binBASH> :)
<sh1ny> ScottK, i also provide ftp services for the hosting i offer, just for that
<sh1ny> binBASH, let's start a proftpd vs pure-ftpd flame war ? :P
<binBASH> sh1ny: Well I need pure-ftpd
<binBASH> Can't use proftpd
<binBASH> With pure-ftpd I can start a process right after uploading
<binBASH> so if our photographers upload images they will get immediately scheduled to gearman worker processes and those will make thumbnails of the images
<uvirtbot> New bug: #581808 in bacula (main) "No 2.4 compatibility package for bacula-client" [Undecided,New] https://launchpad.net/bugs/581808
<sh1ny> hm that's cool
<sh1ny> i just generally dislike the way pure-ftpd is configured :/
<uvirtbot> New bug: #581813 in samba (main) "nmbd not starting in lucid (after a migration)" [Undecided,New] https://launchpad.net/bugs/581813
<bondiblueos9> is there anything that would allow me to randomly access my tape drive?
<bondiblueos9> any snazzy file system hack?
<sh1ny> oh wow, KSM just saved me 3 gigs of ram !
<bondiblueos9> or can I really just use it to write and read files with tar
<binBASH> KSM?
<ivoks> yeah, ksm sounds nice
<sh1ny> Kernel Samepage Merging
<bondiblueos9> what is the command to know how much memory your system has?
<sh1ny> free -m
<ivoks> free
<bondiblueos9> thanks
<LowValueTarget> when using apt-mirror and setting defaultarch to amd64
<binBASH> sh1ny: How to use this?
<LowValueTarget> does it grab arch independent packages as well?
<sh1ny> binBASH, if you're on lucid, it should be on by default
<binBASH> ok
<sh1ny> it's for KVM virtual machnes
<binBASH> ahh :p
<binBASH> ok those don't work for me yet, remember? :P
<sh1ny> well if you're using eucalyptus with kvm, should work for you also :D
<sh1ny> haha
<sh1ny> yea
<binBASH> But I'll debug it later
<binBASH> first I'll go home now ;)
<sh1ny> i got a test server, 6GiB ram, 3 virt machines with 2048,1536,1024 RAM and usage went down to 1.5GiB
<sh1ny> binBASH, i just got home :D
<bondiblueos9> is there any way for me to tell if my RAM is ECC or not?
<sh1ny> what does lshw -short return ?
<smoser> ah... abstraction
<smoser> http://bazaar.launchpad.net/~smoser/+junk/uec-on-ec2/annotate/head:/commands.txt
<smoser> run a full UEC on top of an ec2 instance
<Italian_Plumber> is there a way to get ubuntu server to automatically mount USB drives when they're plugged in?
<ivoks> yes
<ivoks> usbmount
<ivoks> that's an easy way to accomplish that
<ivoks> iirc, it provides udev rules and scripts for automounting
<Italian_Plumber> thanks!
<slipperychicken> Italian_Plumber, cron ! :)
<ivoks> cron was never solution :)
<zul> smoser: hey
<bondiblueos9> Italian_Plumber: there is also ivman
<bondiblueos9> Italian_Plumber: which is also support to automount cd and dvd
<ivoks> ivman depends on hal, doesn't it?
<ivoks> i used it...hm... 5 years ago? :)
<ivoks> maybe even more :)
<zul> Daviey: ping the rest is yours
<Daviey> zul: huh?
<zul> Daviey: the bug count
<Daviey> eeek
<pmatulis> is there some ubuntu-specific instructions for implementing graphical PXE boot menus for network installs?
<zul> pmatulis: im pretty sure that the same generic instructions apply to ubuntu as well
<pmatulis> zul: pretty sure too, just surprised i couldn't find any
<netnull> hello there, someone can help me to set up postfix ? im getting crazy cause i dunno how to do it
<pmatulis> netnull: that's normal.  be patient
<netnull> pmatulis, im being patient from already 1 month :)
<netnull> pmatulis, can u help me to set up mailboxes?
<Pici> If you ask an actual question we may be able to help.
<netnull> Pici, i've installed postfix im my localhost cause i want to understend how to set up mailboxes to try to do same on a server
<netnull> Pici, i dunno how to set up mailboxes, what should i do?
<netnull> sorry for my awful english
<dtminsk> What is the easiest way to get a LAMP server in 10.04 LTS desktop?
<pmatulis> dtminsk: https://help.ubuntu.com/community/Tasksel
<LowValueTarget> I setup a local server as an Ubuntu Repository Mirror using apt-mirror..... in my mirror.list file I specified defaultarch as amd64. Will this mirror architecture independent packages as well?
<Pici> netnull: Have you looked at the Ubuntu Server Guide at all?
<netnull> Pici, i did, but i didnt find info im looking for. Do u have any link to give me?
<dtminsk> I want to setup a machine primairly as a LAMP/SMB/SSH server but also have GUI access sometimes through the local computer but mostly through X11 like NXserver
<dtminsk> would it be best to start from ubuntu 10.04 server or desktop
<dtminsk> I have a somewhat screwy desktop install now that has not been optimal for server use
<netnull> Pici, is this the only thing i should do? : sudo postconf -e 'home_mailbox = Maildir/'
<Pici> netnull: I don't know.  Sorry.
<Pici> Take a look at https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<ne7work> Hello all..
<ne7work> what's different between debian and ubuntu server?
<dtminsk> How do I mount a secondary disc before login from the GUI?
<SpamapS> ne7work: loads
<ne7work> what?
<SpamapS> ne7work: But mostly just the release and support process. ;)
<ne7work> ubuntu desktop edition is very sux
<SpamapS> yeah, I heard that they built it with anti-troll features. ;)
<LowValueTarget> Any ideas regarding my apt-mirror question?
<guntbert> LowValueTarget: I haven't seen it
<LowValueTarget> I setup a local server as an Ubuntu Repository Mirror using apt-mirror..... in my mirror.list file I specified defaultarch as amd64. Will this mirror architecture independent packages as well?
<guntbert> LowValueTarget: I don't *know* - but from pure logic: a repo contains "everything" needed on an architecture, so I'd assume yes -- I have been using apt-mirror without any issues for a while now
<LowValueTarget> cool thanks!
<LowValueTarget> I had some permission problems earlier too... i had been messing around in the apt-mirror directory as root
<LowValueTarget> i assume everything in apt-mirror needs to be owned by apt-mirror:apt-mirror
<LowValueTarget> correct?
<guntbert> LowValueTarget: yes, the first thing you mess up as root is the lock-file in var :)
<LowValueTarget> hahaha
<LowValueTarget> you know it. Cool thanks!
<guntbert> guess how I came to know it
<LowValueTarget> much nicer than those #debian folks.... sheesh. (i'm just sayin) http://grab.by/grabs/a28f8ef31970279d5a239376e1b1665f.png
<guntbert> LowValueTarget: sudo -i -u apt-mirror  is sometimes easy to mistype, I ended with sudo apt-mirror -- bang, ...
<LowValueTarget> that'll do it
<LowValueTarget> i just su apt-mirror to be safe
<guntbert> LowValueTarget: no need - use sudo -i -u apt-mirror instead -- then you issue apt-mirror (the command)
<LowValueTarget> makes sense
<LowValueTarget> thanks
<LowValueTarget> well wait.... doesnt su do the same thing?
<guntbert> LowValueTarget: and as aside: in #ubuntu questions about "derivatives" are not regarded well....  - so I can understand the debian people
<LowValueTarget> makes sense... seems like common sense would prevail though
<guntbert> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<guntbert> LowValueTarget: generally for su that account has to have a password, with sudo not
<LowValueTarget> i see
<LowValueTarget> as bad as it is... im sudoed to root most of the time
<LowValueTarget> everything i do generally requires sudo
<LowValueTarget> if not
<sh1ny> it's not bad as long as you know what you're doing
<guntbert> LowValueTarget: don't - you get accustomed to that rather quick and inadvertently kill your system
<LowValueTarget> i manage hundreds of linux systems.
<sh1ny> same here, around 170 in total
<sh1ny> never hurted me
<LowValueTarget> a few keystrokes here and there on all these systems saves days
<guntbert> sh1ny: and you *always* know what you are doing - I admire you :-))  - I make my mistakes but not as root
<sh1ny> but then again, a mistake in a script can get your / deleted :)
<LowValueTarget> if I didn't login as root I would sudo every command anyway
<LowValueTarget> same thing
<sh1ny> guntbert, i didnt say i make no mistakes
<LowValueTarget> yeah... we use r1soft on all our systems. Good backup plan, but we dont ever really need it
<LowValueTarget> i have rm'd a few dirs that i didnt want to before
<LowValueTarget> ;)
<sh1ny> i have rm'd / a few times
<sh1ny> like 5 years ago
<LowValueTarget> ouch
<sh1ny> learned a lot since then
<LowValueTarget> 5 years makes a lot of difference if you have yoru hands in it everyday
<sh1ny> mostly to hate regexp
<sh1ny> :P
<guntbert> LowValueTarget: I'm not in a position to question your abilities  - "needing root all the time" seems .... well ... strange
<LowValueTarget> but yes guntbert, I advocate to all our customers to sudo and not login as root
<guntbert> LowValueTarget: :)
<LowValueTarget> guntbert: depends on what youre doing... managing multiple users, permissions etc
<LowValueTarget> intalling, uninstalling
<LowValueTarget> update-rc.. you get the picture
<sh1ny> well i am pretty sure you have as much different scenarios as i do LowValueTarget
<LowValueTarget> we are a managed hosting provider
<guntbert> LowValueTarget: in that case I agree - pure server management - no "real work" :-))
<sh1ny> i have web hostings, samba file servers/PDC's, virtual machines, routers, proxies
<sh1ny> all for around 100 different clients
<LowValueTarget> nice
<sh1ny> i have to solve problems daily
<LowValueTarget> Now.... to subjects I DON'T know (which is alot ;)
<LowValueTarget> Can someone point me in the right direction on how to create a deb package to distribute scripts, not binaries
<LowValueTarget> super simple deb package. No make, configure, make install
<sh1ny> just check out some package that does that already
<sh1ny> let me think of something
<LowValueTarget> know of any
<ScottK> LowValueTarget: It's essentially the same just that the "compile" is copying the scripts where they should go.
<sh1ny> working on that, sec :)
<LowValueTarget> mplayer-skins seems to be no binaries
<LowValueTarget> ill grab source of that and check
<sh1ny> https://launchpad.net/~dnjl/+archive/ppa
<sh1ny> dnjl-repositories
<sh1ny> adds some .list and gpg keys and stuff
<LowValueTarget> cool ill check that one too
<ScottK> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<lamont> he really needs to learn a third word
<arch0njw> lamont: ouch.  I am still laughing.  pain!  funny!
<Airells> hi after install swat and login on default user ( created at installing system ) ther is only " home , status , view , password "  in menu
<Airells> any good tut about swat + samba ?
<guntbert> Airells: did you see the serverguide?
<guntbert> !serverguide | Airells
<ubottu> Airells: The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<Airells> k thx
<gregcoit> I've got a job in rc.local that I need mysql to wait for but am unclear how init.d and init interacts in lucid...
<gregcoit> any suggestons on how to tell mysql to wait for rc.local before starting?
<soren> gregcoit: Remove (or comment out) the "start on" bits in /etc/init/mysql.conf and call "start mysql" at the end of rc.local.
<gregcoit> soren: that seems like cheating but should work - thanks!
<smoser> hggdh, sometime this week i'd like to run the cloud images through a set of tests
<binBASH> re
<smoser> for lucid. i'd like to send a refresh of the image that contains a fix for bug 571271
<uvirtbot> Launchpad bug 571271 in cloud-init "uec images should wait longer for metadata service" [High,Fix released] https://launchpad.net/bugs/571271
<hggdh> smoser: yeeeee, more cloud tests ;-) what type?
<binBASH> Hey smoser!
<binBASH> :)
<smoser> hggdh, well, i suppose the topo2 would be the best to run
<smoser> generally i want to make sure that i've made the situation better with the longer timeout
<hggdh> smoser: with lucid up-to-date, or GA?
<smoser> image from "up to date"
<binBASH> smoser: I reinstalled my servers now with lucid ;)
<binBASH> now my cloud ain't working anymore
<smoser> whu oh
<binBASH> hehehe
<smoser> hggdh i dont think it makes much sense to test GA
<hggdh> smoser: I agree :-)
<smoser> as it has known problems. more sense in testing current -updates i think.
<smoser> binBASH, well, what all is going wrong ?
<binBASH> smoser:  http://www.pastie.org/963837
<smoser> i'm not sure what i'm looking at
<binBASH> cloud.log
<binBASH> :)
<binBASH> I dunno which certs are wrong
<binBASH> copied all to the nodes
<b01i> Hello, everyone.  I hope you are very good.  I need some help for a Ubuntu Server Installation in a HP ML150G6 Server.  The problem is simple...  When I put the Ubuntu Server CD on the server, this message appears: "no common cd-rom drive was detected"
<binBASH> smoser: I saved your patch for the script though so I can have vnc again ;)
<halvors> Someone know about some good webbased gui's like Webmin?
<b01i> Some idea about what can be happening?
<guntbert> !webmin | halvors
<ubottu> halvors: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<halvors> yes i know it is therfore i ask about some others ;)
<halvors> ebox cant have domain admin ;)
<halvors> or can it?
<guntbert> halvors: sorry, no idea - I and ebox don't seem to get along :-))
<enav> hi all
<b01i> help .....
<enav> what happen
<uvirtbot> New bug: #581930 in libvirt (main) "virsh manpage lacks information about pool- options." [Undecided,New] https://launchpad.net/bugs/581930
<slackste1> Hi, I'm having trouble with my monitor getting a signal to turn on.
<enav> slackste1 aster installation?
<enav> slackste1 after installation?
<slackste1> yes
<enav> slackste1 video card model?
<slackster> humm.. NVIDIA 6600
<slackster> anyway I can force the signal through a remote shell?
<enav> slackste1 check the disk for data corruption before install
<slackster> well, everything seems to be working fine enav, except for the monitor isn't getting the signal to go out of sleep mode
<slackster> I'm chatting using the server with irssi now, logged in..
<slackster> but monitor will not wake up
<slackster> thought it was a problem with USB keyboard, but I have adapter now
<enav> i saw some intel video card related bug at launchepad...
<slackster> humm, interesting
<enav> yep
<slackster> oh.. it's actually an older card in this machine
<enav> 3 guys came here with the same problem... i black screen after installation
<slackster> SysInfo: Linux 2.6.32-22-server |  Intel(R) Pentium(R) 4 CPU 2.66GHz 2666.420 MHz | Bogomips: 5332.84 | Mem: 1684/2009M [||||||||||] | Diskspace: 455.64G Free: 83.01G | Procs: 97 | Uptime: 5 days 1 hr 25 mins 34 secs | Load: 0.60 0.63 0.67  | Vpenis: 207.3 cm | Vboobies: 79G | Screen: nVidia Corporation NV18 [GeForce4 MX 440 AGP 8x] (rev a4) | eth0: In: 18.47G Out: 5.73G
<slackster> GeForce MX 440
<slackster> enav: ah, I see
<enav> try alt+f1    some times that bring video to life
<slackster> yes, tried that. :(
<enav> let me google something for you
<slackster> this is what I've found through google. ->http://ubuntuforums.org/showthread.php?t=561004
<enav> some times i loss my numkey pad functionality after sleep mode
<slackster> humm
<slackster> I had the problem with my KVM switch that once it switched to the server, it wouldn't switch back (scoll lk twice)
<bluethundr> I am using an apt sources list from a known good server of the same server OS (Hardy 8.04) but apt on this machine appears to be busted http://pastebin.com/KFSYbAkP
<bluethundr> update and upgrade just won't work
<bluethundr> I even launched a new aws instance with hardy 8.04 x64 on it, grabbed the sources.list file via scp onto the problem box and still no love.. apt wont' work
<ScottK> bluethundr: Err http://archive.ubuntu.com hardy Release.gpg means you have a networking problem, not a apt problem.
<bluethundr> ScottK: ok, thanks
<ScottK> No problem.
<webwurst> i just installed dovecot-postfix, but i can't start postfix. there is no error in /var/log/mail.log
<Datz> well I succeeded in accidentally restarting the mahcine by pressing keys when the screen was off in an attempt to wake it.
<webwurst> "sudo service postfix start" or ".. status" don't give any output
<Datz> Now that the screen has not gone to sleep, it is working fine
<Datz> monitor*
<slackster> wrong nick :P
<bluethundr> correct me if I'm wrong, but isn't service a centos / RH thing and not an ubuntu/debian thing? AFAIK it has to be /etc/init.d/postfix start
<webwurst> i guess it works on both http://manpages.ubuntu.com/manpages/lucid/en/man8/service.8.html
<webwurst> using /etc/init.d/postfix start doesn't change the behaviour..
<ScottK> webwurst: If you actually get postfix to try to start, it will log something.
<webwurst> ScottK: ok, thanks. i will try to purge and install again..
<webwurst> thanks a lot! "postfix/master[16662]: daemon started" in log-file
<slackster> enav: monitor working now, after restart.  How can I disable it from sleeping again?
<enav> im pretty sure the sleep unction is just crazing the xrog stuff
<enav> google how to disable the sleep function
<slackster> kk :)
<enav> i just disable screen saver on my ubuntu desktop  it crash my system every time it tries to run
<enav> be patient we are not perfect yet :)
<slackster> enav: np ;)
<slackster> in 8.04, almost looks as though there is no sleep funtion for the monitor.  I don't know if something was added
<xorl> say I discard an ini update, does it delete that discarded INI or does it store it something like ininame.dist.ini?
<uvirtbot> New bug: #581959 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/581959
<binBASH> kirkland: I fixed my cloud btw.
<kirkland> binBASH: good to hear
<binBASH> Just reinstalled the cluster/cloud controller again then it worked somehow
<slackster> enav: The monitor woke up after it went to sleep this time. :)
<enav> nice
<slackster> I never powered it off.. I'm now afraid to.
<slackster> lol
<enav> did you check the cd for data integrity ?
<slackster> cd, no
<slackster> I'm not sure where it is anymore
<enav> do it... reboot your PC and select  "check Cd for errors"
<slackster> ok, I'll do that once I find the cd
<enav> sorry.... put your CD in, reboot, and select "check Cd for errors"
<enav> if you got some errors just burn that cd again at 4X  speed
<RoAkSoAx> kirkland: is there any wikipage/blueprint that explains how the autoregistration works and stuff like that?
<kirkland> RoAkSoAx: not sure
<kirkland> RoAkSoAx: it's just avahi + a listener
<RoAkSoAx> kirkland: but for example, who connects to who via the autoregistration and once its discovered, how is it registered?
<slackster> enav: the cd is valid it says
<enav> good
<enav> well your problem sounds like a bug
<enav> try to submit a launchepad entry with your hardware specification and bug behavior
<slackster> ok, I'll see if it happens again
<enav> well this is allready created but submit your hardware specs
<slackster> will do, thanks
<enav> put this description "Black screen after Ubuntu server edition 10.04 installation process"
<bluethundr> does anyone know of any good _current_ hardy repos?
<Pici> bluethundr: Whats wrong with the official hardy repos?
<bluethundr> archive.ubuntu.com does not appear to be resolving on this server host
<Pici> !mirrorstatus
<ubottu> A list of official repository mirrors and their statuses can be found at https://launchpad.net/ubuntu/+archivemirrors
<bluethundr> thank u
<Pici> np
#ubuntu-server 2010-05-18
<RoAkSoAx> kirkland: this is what I wanna do: First, have a loadbalancer that is listening in the network. Then start a webserver that will tell the loadbalancer "This is my IP address, register me". 3. Loadbalancer will grab the IP and add the webserver to its config.
<RoAkSoAx> kirkland: so, as far as I understand, uec-component-listener, would be my listener in my first step, correct?
<kirkland> RoAkSoAx: right, that's the listening piece, that handles registering a new component
<kirkland> RoAkSoAx: see also the debian/*publication*
<kirkland> RoAkSoAx: that's what broadcasts to the network that "i'm a eucalyptus thing, up and ready to be registered"
<LowValueTarget> how do i run apt-get to only include security updates
<RoAkSoAx> kirkland: awesome. That would be my webserver announcing that they are up and running and ready for registration...
<RoAkSoAx> kirkland: now, how are the registration scripts in debian/registration/{cluster,common,node,etc} used or "called" whenever the listener obtains a broadcast
<RoAkSoAx> (and I do believe those are the ones that actually register the nodes into the cluster, correct?)
<coofbar> if I can choose between xen-hvm and xen-pvm for a linux guest - which one should I use?
<LowValueTarget> are there any other secure alternatives to puppet?
<bluethundr> I have added some of the repos that I saw on launchpad.net but every time I add one the result is the same : Could not resolve 'mirrors.ccs.neu.edu' or whatever.. what am I doing wrong here? http://pastebin.com/2HzVMnq7
<RoAkSoAx> kirkland: i got how it runs the scripts, with ACTIONS_DIR. Now, however, if i *just* compile uec-component-listener.c and run it, and then from another server, i just send a avahi broadcast, it should work right?
<thedonvaughn> hola, I have ubuntu 10.04 server installed as a KVM hypervisor.  I'm using vmbuilder, however i can't seem to use the options --firstboot and --tmpfs anymore
<thedonvaughn> were these taken away?
<thedonvaughn> vmbuilder: error: no such option: --firstboot
<lyrae> Hi. Ubuntu desktop detected my NIC and internet worked fine, but the server edition didn't. what can i do
<slackster> lyrae: 10.04 the both of them?
<lyrae> slackster, correct
<lyrae> the server gave error during DHCP configuration. so i clicked to skip and set it up later
<slackster> do you have more than one NIC?
<slackster> (just looking for something simple)
<lyrae> slackster, no
<lyrae> it's also a netbook, if that matters any
<slackster> are you trying to connect wirelessly?
<lyrae> slackster, yes
<slackster> have you installed a desktop environment?
<lyrae> slackster, gui? no
<lyrae> i don't think the server edition comes with one anyhow
<slackster> it doesn't
<lyrae> right
<slackster> but it would make connecting wirelessly easier
<slackster> you have to do it all manually
<slackster> the reason it didn't connect is it doesn't know what to connect to, and if there is authorization/password required
<slackster> let me see if I can find someting..
<lyrae> slackster, but i dont even think it detected a NIC
<slackster> this should get you started: http://www.wirelessdefence.org/Contents/LinuxWirelessCommands.htm
<lyrae> let me show you a screenshot first, and tell me if it looks right (will be able to make it work)
<lyrae> of iwconfig
<slackster> lyrae: what are the results of ifconfig? do you see somthing like "wlan0"
<lyrae> not for ifconfig, for iwconfig yes
<lyrae> showing you screenshot, one sec
<lyrae> slackster, http://img37.imageshack.us/img37/5117/photogp.jpg
<slackster> use wlan0
<slackster> see my previous link
<lyrae> slackster, i am. thank you
<slackster> np
<lyrae> slackster, the first part didnt work. tryijng out second one (manually)
<slackster> you need to do something like "iwconfig wlan0 essid [wirelessnetworkname]
<lyrae> i tried. still trying. one sec
<slackster> then iwconfig key [key]
<slackster> etc
<slackster> iwconfig wlan0 key [key]*
<slackster> not something you have to worry about with a netbook
<slackster> if I were you I would just install desktop edition, then kill gnome when you don't want it
<slackster> with something like sudo /etc/init.d/gdm stop
<lyrae> yea i might because this isn't working
<lyrae> i can't even iwlist scan. says netowrk is down
<lyrae> but installing regular ubuntu with a DE adds more stuff to it
<lyrae> wanted to keep the netbook ... 'light'
<slackster> just stop gdm when you don't want it
<lyrae> but it comes with a bunch of other packages too
<lyrae> maybe i could try plugging the netbook to an ethernet cable during installation
<lyrae> do an update and see if wireless work
<slackster> install gnome-lite (think that's available) on top of the server install then
<lyrae> slackster, or xfce?
<slackster> oh.. looks like gnome lite is a FreeBSD thing
<slackster> lyrae: you could.. I don't know if you're trying to avoid excess packages or what.
<slackster> but yes xfce is light
<slackster> there is a netbook edition of ubuntu also.. I haven't looked at it though
<lyrae> yes i was trying to avoid as much as possible. but its alright. ill try xfce
<lyrae> brb
<tommy_> is there a proper way to upgrade from 8.04 to 10.04 using internal mirror?
<enav> tommy_ sudo aptitude update
<enav> tommy_ sudo aptitude upgrade  -d
<enav> that it
<enav> ho man sorry
<enav> tommy_  do-release-upgrade
<enav> tommy_  https://help.ubuntu.com/10.04/serverguide/C/installing-upgrading.html
<KenjiPops> tried that, but keep getting no mirror found, i'm using internal repo.
<KenjiPops> seems to be related to meta-release
<KenjiPops> looked at meta-release-lts and lucid is not in there
<bc> I just came into posession of this cutting edge notebook. http://www.buysellcommunity.com/uploads/120906/ww1/onzxeldbggdk.jpg
<bc> Massive 1 GB of disk space and 16 MB of memory.
<bc> Darn, I jumped into the wrong year again.
<f1yback> bc
<f1yback> nice thin client
<f1yback> or serial terminal
<f1yback> for router gear etc
<f1yback> i'd could use a few more myself mine are all in pieces
<Nonpython> What do PTR records mean in DNS?
<twb> http://en.wikipedia.org/wiki/PTR_record ?
<Nonpython> Page not found.
<twb> "pointer record (RFC 1035) - Pointer to a canonical name. Unlike a CNAME, DNS processing does NOT proceed, just the name is returned. The most common use is for implementing reverse DNS lookups, but other uses include such things as DNS-SD."
<twb> Nonpython: works for me.
<twb> Maybe your country is blocking wikipedia?
<Nonpython> I am in the US of A.
<twb> My sympathies.
<Nonpython> Where are you?
<twb> .au
<Nonpython> Thanks, I use a cached version of wikipedia, I wrote it and it is supposed to check if there is a new version of a page, I tried in the program, when I actually looked it worked.
<Nonpython> We have a R18+ rating for games, so nyah!
<twb> Technically we have such a rating, it's just that games rated thusly cannot be distributed.
<Nonpython> Same thing.
<enav1> maybe this is a big stupid question but can i put a wallpaper to my ubuntuserver terminal?
<chrismsnz> enav1: i vaguely remember doing something along these lines back in my gentoo days
<Nonpython> enav1: framebuffer or GUI?
<chrismsnz> search around about "framebuffer"
<enav1> just ubuntu seever terminal background
<twb> enav1: what does "echo x$DISPLAY" print in your terminal?
<enav1> i mean terminal backgrounnd like this   http://is.gd/ce8CV
<chrismsnz> try and find an app called "fbdecor"
<enav1> thanks
<chrismsnz> if it's for the "console" framebuffer
<Nonpython> I use that, it rocks!
<chrismsnz> won't work if you're in X/Gnome
<chrismsnz> ugh, it's not an app - it's a kernel patch
<chrismsnz> no idea whether it's included with ubuntu or will apply
<twb> If you're trying to put a background picture on the fbcon, you obviously need more homework.
<Nonpython> If my server's IP is 69.175.115.18, what do put as my PTR record?
<twb> Nonpython: if you don't know what to put, you probably don't need a PTR record.
<Nonpython> I have seen two disagreeing setup guides.
<twb> You should be reading the Ubuntu Server Guide as at your release.
<twb> apt-get install ubuntu-serverguide && w3m /usr/share/doc/ubuntu-serverguide, or so
<Nonpython> I am.
<|eagles0513875|> hey guys how do i change the repos my server uses from the local mirror to another mirror
<Nonpython> what do I do in the reverse data file for 2 sites with the same first ocelet?
<Nonpython> I have the clusterfeck of switching to a ubuntu server running BIND from a windows server at the same time as I add a second website.
<uvirtbot> New bug: #582119 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/582119
<deslector> hi, what is the best way to install iFolder in ubuntu?
<lambrecht> mornin
<twb> Suppose I boot with "break", halting the in ramdisk before pivot_root'ing.
<twb> When I call "halt" there, the system shuts down, but doesn't cut power -- the screen stays on, showing the console.
<twb> If I let the system boot normally, "halt" will power down the machine.
<twb> What's the difference, and how can I fake it from within the ramdisk?
<twb> The application is for my automated disk flashing boot=install initramfs-tools script that basically just does "wget -O/dev/sda <URL>; halt".
<Zider> is there a neater way to add things like gallery2 or phpbb to your vhosts than just copying the dir? I used to use webapp-config in gentoo but it doesn't seem to exist in ubuntu
<stanman246> : hi in here i'm trying out ifolder on a 9.04 ubuntu server (openvz). Having troubles installing mono-complete, how can i install it?
<zul> ttx: there is a tomcat6 bug there screaming at you
<ttx> There are several... which one ?
 * ttx should spend some time on tomcat6 today
<zul> there is one new one
<zul> complaining about the directory structure
<ttx> ah right.
<soren> ttx: I have a problem with the python-cloud{servers,files} change you made.
<ttx> soren: ah
<soren> I could have sworn I kindly asked to keep the source package name, by the way..
<soren> Anyways, the package is still in Debian under the old name.
<ttx> hrm
<soren> "the package" == python-cloudservers. cloudfiles is a different kettle of fish.
<soren> ..and my sponsor is reluctant to change it.
<soren> Python packaging policy says that the module name should be used for the package name.
<soren> Since we didn't (thank goodness!) change the module name (i.e. you still do "import cloudservers" to use it), the correct package name is "python-cloudservers".
<ttx> the correct source package name or the correct binary package name ?
<soren> binary.
<stanman246> how do i install mono-complete on jaunty?
<soren> stanman246: You upgrade to karmic.
<stanman246> lol
<stanman246> touche
<soren> ttx: My sponsor in Debian would accept python-cloudservers-rackspace.
<soren> ttx: He does not want to rename the source package at all. I agree with that. The upstream name for the software is python-cloudservers. We can't really change that.
<ttx> soren: let me gather my thoughts
<soren> *nod*
<soren> It's going to be a hassle to maintain them in both Debian and Ubuntu this way, and I really do want to do that.
<soren> python-cloudfiles has the same concerns, except it's not in Debian ATM, so it doesn't have the troublesome sycning problem.
<diago> I have a karmic server I run by virts from. Is it possible to install suite lucid from the karmic vmbuilder?
<diago> s/by/my/
<bogeyd6> great, installed php5 and ubuntu screwed y virtual hosting
<Japje> then you should fix it
<bogeyd6> Japje, cool story bro
<soren> diago: I'm afraid not. It's not super difficult to do, but I'm not sufficiently motivated to do it myself, and noone has sent a patch.
<ttx> soren: I agree with you, you should open a bug about it on both packages
<diago> ok, but iso install with minimal will be fine?
<Japje> yeah i thought so myself. My glass ball and my thee leaves couldnt really determine the problem.. so this is the best anwser you can get
<Japje> bogeyd6: but perhaps you can enlighten us with the exact problem, then who knows.. maybe someone has an awsner
<ccheney> hi guys :)
<bogeyd6> Japje, installed php5, it installed forked apache2, forked apache didnt like my sloppy virtual host style so I had to create a vhost for each "subdomain".
<Japje> so your saying.. i had an ugly vhost configuration and now apache is whining about it
<Japje> after installing php5
<sommer> morning
<zul> ttx: do you want me to take nagios off your hands?
<ttx> zul: sure, please do
<uvirtbot> New bug: #582251 in openssh (main) "debug1: Remote: No xauth program; cannot forward with spoofing." [Undecided,New] https://launchpad.net/bugs/582251
<JanC> so, I found which package violates Ubuntu's "postfix is the default MTA" policy...
<JanC> bug #582255
<uvirtbot> Launchpad bug 582255 in drupal6 "Drupal package lists exim instead of postfix as preferred MTA" [Undecided,New] https://launchpad.net/bugs/582255
<zul> SpamapS: ping when you are around
<Japje> Any1 have some experience with preseeding postfix? My preseed skippes inet_protocols and i cant find a way to set it
<Daviey> looking at bug #572388, that is as designed for 10.04, isn't it?
<uvirtbot> Launchpad bug 572388 in eucalyptus "NC not available when auto registrating with second cloud present" [Undecided,New] https://launchpad.net/bugs/572388
<Daviey> One cluser per subnet.
<sbalneav> I just installed Lucid Server x64, setting up software raid.  Won't boot kicks me to a busybox prompt.  http://ubuntuforums.org/showthread.php?t=1474950 seems to indicate that the only solution is to install 8.04?  Any other pointers?
<Daviey> sbalneav: That certainly looks like a bug we should investigate, if it's pratical - can you try installing 8.04 - just to check it's a regression.. Then open a bug please.
<uvirtbot> New bug: #582312 in tomcat6 (main) "Please sync tomcat6 6.0.26-1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/582312
<ttx> zultriaged the Tomcat question
<ttx> s/lt/l:t/
<Spiralmatrix> hi does anyone know how to setup bind9 with dynamic dns on ubuntu server, or could point me in the right direction of how to do it please
<RoAkSoAx> ttx: just saw you changed the status of cloud-loadbalancing blueprint to discussion. Where's the discussion being held?
<ttx> it was held at UDS
<ttx> "approved" would require the spec to be drafted first
<ttx> the drafter should move it to "drafting" when he starts working on it
<RoAkSoAx> ttx: oh ok thought it was moved to discussion cause something changed and something else was to be discussed about it
<ttx> no -- was moved (back) to discussion because I think moving it to Approved was a mistake.
<RoAkSoAx> ttx: oh ok :)
<bogeyd6> oh lawdy
<uvirtbot> New bug: #302880 in vm-builder (universe) "Add serial console in xml configuration file generated by vm-builder" [Wishlist,Confirmed] https://launchpad.net/bugs/302880
<LowValueTarget> Does anyone know of an alternative to unison
<zul> rsync?
<LowValueTarget> Unison is currently eating up too much memory on my servers
<LowValueTarget> i need directory mirroring
<zul> rsync
<LowValueTarget> Is it feasible to use rsync for mirroring
<vraa> yeah why not, use --delete :)
<LowValueTarget> cool ill try that
<LowValueTarget> unison is slow and cumbersome
<BrixSat> hello :)
<BrixSat> how do i set up my ubuntu as a proxy server ?
<mcas> BrixSat: normal http/https proxy?
<BrixSat> mcas:  yes
<mcas> aptitude install squid :-)
<BrixSat> my hosting domain is blocked on my firewall and i want to use a proxy on another vps i have to make redirection of my browser to there
<mcas> do you need user authentication?
<RoyK> squid or varnish should be good for that
<BrixSat> mcas:  that would be prefereble
<BrixSat> squid is installed now what?
<RoyK> varnish is way faster for reverse proxying than squid
<RoyK> but it's somehow worse to configure
<BrixSat> squid is good :)
<RoyK> BrixSat: google for squid reverse proxy :)
<BrixSat> i just need for some tips
<joe-mac> upgraded one of my boxes to test from 8.04 to 10.04- rsyslogd is not logging anything except that it starts.
<mcas> the main config is /etc/squid/squid.conf which is well documented
<joe-mac> auth log, daemon log, all empty
<RoyK> squid.conf has 20x more docs than settings :)
<RoyK> or 100x
<BrixSat> RoyK:  yes it is quite big :p
<mcas> BrixSat: this should help you http://wiki.squid-cache.org/SquidFaq/ReverseProxy
<RoyK> "/etc/squid/squid.conf" 4963 lines --0%--                                                                                           1,0-1         Top
<joe-mac> anybody have any idea why rsyslogd just refuses to log anything now/
<zul> mathiaz: ping
<mcas> joe-mac: have you checked that rsyslogd is running?
<joe-mac> yes mcas
<joe-mac> this isn't amateur hour
<BrixSat> mcas:  :)
<mcas> ok sorry joe-mac
<BrixSat> is there any web config for squid :p
<RoyK> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<RoyK> BrixSat: that might have a plugin for squid
<mathiaz> zul: o/
<RoyK> otherwise, the config file should be quite trivial
<zul> mathiaz: nm...i just had a question about the mysql version but i answered my own question
<mathiaz> zul: I'm glad I could help you so fast ;)
<zul> mathiaz: you are awesome!
<joe-mac> https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/407862
<uvirtbot> Launchpad bug 407862 in rsyslog "[karmic] Messages not being sent to system logs" [Undecided,Confirmed]
<joe-mac> long thread about it there
<RoyK> joe-mac: could you update to lucid?
<BrixSat> f**** ebox installed a lot of things i did not need :S
<RoyK> BrixSat: heh - low on disk space? :)
<BrixSat> no low  on ram memory
<BrixSat> why do i need postgreesql for example :p
<mcas> RoyK: i think joe-mac is still on lucid
<BrixSat> jabberd :S
<joe-mac> RoyK i have something like 70 8.04 boxes, just upgraded one that was for testing to 10.04
<joe-mac> and having this syslog rpoblem
<RoyK> ah
<joe-mac> thereby making it impossible to know the results of these tests cause nothign is getting logged
 * RoyK kind of likes 8.04
<RoyK> it's bloody rock stable, for a start
<joe-mac> rofl, sure
<RoyK> we only have one 10.04 in production so far
<joe-mac> yea well, coming from a rhel world ubuntu is a joke
<RoyK> 16-core numbercruncher - the scientists wanted new lib versions
<mcas> joe-mac: why?
<RoyK> a joke??
<RoyK> we're moving from rhel to ubuntu these days
<RoyK> less hassle, just as stable
<joe-mac> there's so many reasons and hacks that i couldn't even articulate any right now. i've just become borg'd by canonical due to the infrastructure i inherited
<RoyK> joe-mac: I guess most of it boils down to taste and perhaps religion - use rhel if you like it - I don't :)
<joe-mac> no- it boils down to what the overlords say
<RoyK> one of the really nice things about ubuntu, is the amount of packages available - tried installing scipy with hdl libs on redhat?
<RoyK> it's a PITA
<therian> i would like to join in this ubuntu love in, by saying i love it
<therian> and 10.04 is ever so fine
 * RoyK doesn't like grub2
<joe-mac> yea, all the unmaintained, broken packages
<joe-mac> so nice
<BrixSat> f***k :@ ebox is good but install a lot of crappy things
<BrixSat> max memory usage
<Zider> it screwed over my config files too :P
<BrixSat> :@
<joe-mac> if anyone is interested in tghe rsyslog thing, apparently 8.04 was running a super old version so you just add -c 1 to your /etc/default/rsyslog file. case closed.
<BrixSat> thanls :) formating vps :S and then squid again
<BrixSat> bye :)
<JanC> joe-mac: not sure how you upgraded that system, but on all my lucid systems (both upgraded & newly installed) I have -c4
<JanC> I don't have any system upgraded from 8.04 -> 10.04 though
<joe-mac> JanC: yes... and 8.04 was running version 1
<joe-mac> therefore backwards compatibility with version 4, doesn't really work with the config files for version 1
<JanC> at least one of those systems was upgraded to every version since before 4.10
<pmatulis> joe-mac: i'm surprised you were allowed to go from 8.04.1 to 10.04
<JanC> pmatulis: there is nothing preventing you from doing that
<joe-mac> pmatulis: version 1 of rsyslog
<joe-mac> it was the latest rev of 8.04
<pmatulis> joe-mac: oh
<joe-mac> either way, if you want to stick to regular old syslog.conf syntax, you need compat with version 1 of rsyslog
<danlii> After I upgraded my server from karmic to lynx, I have no console login. It is as if the getty sessions won't start, after the init the console flips over to tty7 and some stupid framebuffer text with console messages, but if i try to change to another tty I just get a blinking cursor and nothing else. What could have gone wrong?
<pmatulis> danlii: can you log in remotely (SSH)?
<ryoohki> i overwrote /etc/apt/sources.list by using apt-cdrom( which blithly destroys your sources.list and sources.list~( when run twice).  does anyone have a pristine install u.s.a. version i can wget?
<JanC> heh, now he's gone
<danlii> pmatulis: I could at first yes, but now I seem to have broken that option as well. I can boot with init=/bin/bash if there is some file that needs to be altered.
<pmatulis> danlii: was the system specially configured re logins prior to the upgrade?
<sh1ny> ryoohki, can you try removing "quiet splash" from the boot line ?
<sh1ny> ryoohki, might give a better idea of what's going on
<ryoohki> anyone in the u.s.a. i can get a copy of /etc/apt/sources.list from a pristine 10.04 install?
<ryoohki> sh1ny: what?!
<sh1ny> ryoohki, when you get to grub, press e on the kernel line and remove "quiet splash" from that line ( it's at the end )
<ryoohki> sh1ny: this is an apt-get issue
<ryoohki> sh1ny: it has nothing to do with booting
<danlii> pmatulis: No. But actually, I just got it working. I just booted with the older kernel still left in grub... Thanks anyway. :)
<sh1ny> ryoohki, i thought you said you can't get a shell after boot ?
<ryoohki> sh1ny: wrong person
<sh1ny> ah sorry, ryoohki
<sh1ny> wtb reading comprehension and glasses :/
<therian> anyone know the ctrl alt del equivent in synergy?
<ryoohki> sh1ny: "wtb"?
<therian> want to buy
<pmatulis> danlii: make sure you open a bug
<sh1ny> therian, well at least you can tell whos'a n mmo player :D: )
<ryoohki> danlii: look for how the vts( virtual ttys( ctrl-alt-f1, ctrl-alt-f2, etc...)  are started up
<therian> haha
<therian> shhh
<therian> actually i think thats the first time i gave an answer in this channel
<sh1ny> therian, :D :)
<therian> dont think i could have started any lower tho...
<sh1ny> hey, at least you know stuff, that many don't ! :)
<therian> haha
<ryoohki> danlii: normally it's in /etc/inittab but ubuntu does it differntly
<ryoohki> danlii: try looking at /etc/default/rc-sysinit and /etc/init/*tty*
<ryoohki> can anyone share a pristine /etc/apt/sources.list from a u.s.a. system?
<jpds> ryoohki: For?
<sh1ny> ryoohki, http://paste.ubuntu.com/435657/
<sh1ny> it's from bulgarian just replace bg.archive with archive
<sh1ny> and it will work
<ryoohki> jpds: i used apt-cdrom which overwrites /etc/apt/sources( rather than make use of "#" commenting)
<billybigrigger> anyone familiar with tweaking nfs?
<ryoohki> billybigrigger: a little.  what's the problem?
<jpds> ryoohki: For which release, sorry?
<sh1ny> ryoohki, other than that it's stock sources.list
<ryoohki> jpds: 10.04
<JanC> the default archive points to servers in the UK, maybe there are faster servers in the US ?
<jpds> JanC: Yes; I'm getting at that. ;)
<jpds> ryoohki: http://paste.ubuntu.com/435662/ should be fine.
<billybigrigger> ryoohki, what is a good speed for an nfs transfer over gige network? transfers are from sata/sata disks
<axisys> i had to use ethtool to force the interface to full duplex because the old switch at work does not support autoneg.. how do I make sure this change survives the reboot ?
<billybigrigger> ryoohki, nautilus is reporting 62mb/s just wondering if i can squeeze anymore out of it
<ryoohki> billybigrigger: i don't know
<Citrate> Does anyone have experience with installing xen on 9.10?
<jpds> ryoohki: The ANL mirror is based near Chicago, if you want a geographically closer mirror I can make suggestions.
<ryoohki> so it's look like there is no u.s.a. pristine sources.list for 10.04 since i have a bulgarian one and an edited on
<ryoohki> sh1ny: thanks
<jpds> ryoohki: Well, you can use us.archive.u.c, but that's based in London.
<sh1ny> ryoohki, you're welcome
<ryoohki> jpds: i just want an unedited one from a u.s.a. install
<uvirtbot> New bug: #582387 in ec2-ami-tools (multiverse) "update to 1.3-49953 to support ap-southeast-1" [Undecided,Triaged] https://launchpad.net/bugs/582387
<zul> smoser: ^^^ hehehe
<smoser> i opened it
<zul> smoser: ah ok
<smoser> was trying to write a watch file for http://s3.amazonaws.com/ec2-downloads/
<smoser> but i dont think it can be done
<ryoohki> sh1ny: i ran "sed -i -e 's#/bg.#/us.#g' sources.list" but it's not really what i wanted
<JanC> ryoohki: us.archive.ubuntu.com is the default US config I suppose, but it's not necessarily the best  ;)
<sh1ny> ryoohki, ?
<ryoohki> sh1ny: yes?
<sh1ny> ryoohki, sed -i 's/bg/us/g' sources.list worked fine here
<ryoohki> sh1ny: but that's bad advice since you assume "bg" isn't anywhere in the file, which is probably right, but is not a safe assumption without going through file teddiously by eye.
<sh1ny> ryoohki, i know
<ryoohki> sh1ny: i almost did that but i like to be safe'
<sh1ny> ryoohki, it is a bad advice indeed, but in this particular case it's not
<ryoohki> sh1ny: since people do searchs for info and this channel's irc logs are available via google i prefer the advice be always good and safe bbut even i sometimes fail to do that
<sh1ny> ryoohki, yes you are right, i always assume people are smart enough to do backups, and to check before they use... :(
<axisys> should I just add this in in interfaces file ?
<axisys> up ethtool -s eth1 speed 100 duplex full autoneg off
<axisys> or there is a more elegent way to do it ?
<axisys> i am trying to keep the ethtool change permanent
<Theravadan> has anyone had success getting lsi's megacli working with ubuntu?
<mcas> Theravadan: yes
<mcas> there is a mirror with debs but i don't have the link here
<Theravadan> mcas, that would be absolutely amazing to find, thanks... alien is erroring out on me trying to convert it to a .deb package
<ryoohki> axisys: i agree but i haven't found it using google and don't know off the top of my head
<Theravadan> I think if I find this package: dpkg-shlibdeps: error: couldn't find library libpegclient.so.1 needed by debian/megacli/opt/MegaRAID/MegaCli/MegaCli (ELF format: 'elf32-i386'; RPATH: '/opt/lsi/Pegasus:/opt/lsi/openssl:./')   .. I could do it
<axisys> ryoohki: some mentioned using pre-up instead.. the redhat solution looks much nicer w/ configs
<queso> What's the best way to analyze log files?  Is there something that can easily graph them, etc.?  Particularly I'm looking at nginx access logs.
<mcas> Theravadan: ah yes ... i remember
<mcas> there was a trick
<Theravadan> mcas, what was the trick?
<mcas> i think i don't install it with dpkg
<ryoohki> axisys: true, i would bet bsd is even better than red hat
<mcas> i just unpack the deb and copy the binarys to the right place
<mcas> i use mc for that
<mcas> please try it
<axisys> ryoohki: with solaris i use the driver.conf
<Theravadan> mcas, ah mc, never heard of that, i will try it
<ryoohki> axisys: should be just one line right? /etc/network/eth0: if eth0 duplex=full auto=never provsion=dhcp,nick=myhost,prefer=192.168.1.112
<sh1ny> Theravadan, for crying out loud don't do that :/
<sh1ny> Theravadan, there's a repo with megacli for ubuntu
<binBASH> Hi sh1ny
<sh1ny> hey binBASH ! :)
<sh1ny> Theravadan, http://hwraid.le-vert.net/
<binBASH> I fixed the cloud yesterday btw.
<binBASH> :)
<sh1ny> great !
<binBASH> reinstalled the cloud master then it worked fine
<sh1ny> is it better than centos ?
<binBASH> much
<binBASH> ;)
<sh1ny> what i never get to wrap my brain around is
<sh1ny> what happens if one node goes down
<sh1ny> and can i run the nodes on top of let's say heartbeat or rhcs cluster
<sh1ny> so i get failover and stuff
<binBASH> node is just a normal server
<sh1ny> yes, but when it fails, then what ?
<binBASH> then the image is gone ;)
<sh1ny> exactly :/
<sh1ny> Theravadan, and also are you sure you're not trying to install a 32bit binary on a 64bit os ?
<Theravadan> mcas, heh "rpm2cpio package.rpm | cpio -dimv" worked but I'll follow sh1ny's advice preferably then use the files in the .rpm package as plan B
<sh1ny> Theravadan, i got it working on 2 servers with LSI raids just fine
<Theravadan> sh1ny, the .rpm file contains a 64 bit binary which worked
<binBASH> sh1ny: The hardest thing here is, my provider restricts usage of ip addresses.
<binBASH> they are bound to the mac address of the eth0
<Theravadan> sh1ny, what did you get working exactly? megacli?
<sh1ny> Theravadan, i even did configure the raid with it and it didnt make things blow up the sky
<sh1ny> Theravadan, yes :)
<binBASH> so I have a non standard Eucalyptus setup here
<mcas> Theravadan: i use some debs for my way but have some dependencies which won't work
<binBASH> one dhcpd per node
<binBASH> ;)
<Theravadan> sh1ny, that's a bonus.. how did you get megacli? download it from lsi?
<sh1ny> Theravadan, nope, from that site i gave you
<Theravadan> sh1ny, nice ok investigating
<sh1ny> Theravadan, i installed jaunty packages on karmic and they worked fine, not sure with lucid, but you could try the debian/squeeze ones
<sh1ny> Theravadan, still better than rpm's
<Theravadan> sh1ny, i have a brand new lsi card so we will see
<sh1ny> Theravadan, mine is new too
<Theravadan> sh1ny, ok good that is more reassuring
<sh1ny> Theravadan, /0/100/9/0            scsi0      storage    LSI MegaSAS 9260
<Owner_> hello people
<mcas> Theravadan: sh1ny mine comes with some fujitsu servers
<Owner_> is there way to connect to ubuntu server from other pc and have gui?
<Owner_> openssh is for command
<Zider> vnc
<Owner_> is there something so i can connect to server (installed kde)
<Owner_> ?
<Zider> yes, vnc
<sh1ny> binBASH, so do you think it's worth to investigate a eucalyptus node on a rhcs cluster ?
<Zider> :P
<Theravadan> # lspci -nn | grep -i lsi
<Theravadan> 05:00.0 RAID bus controller [0104]: LSI Logic / Symbios Logic LSI MegaSAS 9260 [1000:0079] (rev 03)
<sh1ny> Theravadan, :)))
<Theravadan> sweet, same cards
<Owner_> oh VNC is pay version
<Theravadan> this is why they have the internet
<Owner_> any free software>?
<sh1ny> Theravadan, yes works flawlessly here , even tho it's doing a raid6 :)
<Zider> there are free vnc implementations
<binBASH> sh1ny: Don't think so ;)
<Theravadan> sh1ny, ahh, i'm doing raid 10
<binBASH> rhcs cluster is quite nice I've heard
<mcas> sh1ny: do you try megacli-sas-status?
<binBASH> but you can try
<binBASH> Don't have experience with it ;9
<sh1ny> macs, i am using zabbix and did my own stuff for that :)
<Theravadan> sh1ny, <-- uses zabbix too, nice
<sh1ny> Theravadan, you dont have access to my servers, right ? :P
<Theravadan> sh1ny, I don't see the d/l link here: http://hwraid.le-vert.net/wiki/LSIMegaRAID
<Owner_> so with VNC i will be able to connect to ubuntu server with KDE?
<sh1ny> Theravadan, http://hwraid.le-vert.net/ubuntu/
<Theravadan> sh1ny, wait a minute, why are the tools already installed?
<binBASH> sh1ny: Here I'll run 2 varnish infront
<binBASH> not in the cloud
<binBASH> so if node goes down with eg. webserver it's np
<sh1ny> binBASH, ah, so you'll loadbalance with that ? :)
<sh1ny> hm good thinking
<sh1ny> Theravadan, and i'd recommend using gdebi to install stuff like that
<sh1ny> Theravadan, dpkg does less checking and more breaking :)
<Theravadan> sh1ny, ok thx
<RoAkSoAx> SpamapS: let's discuss it tomorrow or the day after tomorrow so I can draft what I was thinking a little bit better
<sh1ny> binBASH, unfortunately i can't get away like that :(
<binBASH> sh1ny: Sad ;)
<sh1ny> binBASH, and i think i'll go straight for a cluster and not a cloud
<SpamapS> RoAkSoAx: sounds good.. I'm still looking at HAproxy and how feasible it is to do with it, what I was originally thinking to do w/ IPVS (which may prove too complicated, given the IPTUN requirement)
<binBASH> sh1ny: Well we host some sites of gettyimages.com
<binBASH> and they want cloud structure.
<sh1ny> uhm no databases involved ?
<binBASH> sure
<RoAkSoAx> SpamapS: for what I know, HAProxy implementation is like IPVS DR implementation, so that means, in the same network
<sh1ny> but they're not on the cloud ?
<ryoohki> does anyone here have a pristine copy of a u.s.a. /etc/apt/sources.list from a fresh install of 10.04 i can get a copy of?
 * sh1ny hides
<binBASH> sh1ny: they'll be in the cloud
<binBASH> but replicated
<sh1ny> aha
<RoAkSoAx> SpamapS: now, we need to define if we want a layer 4 or layer 7 loadbalancing. If it is layer 4, it might be faster (IPVS), if we go for layer 7 (HAProxy), it would not only mean loadbalancing, but proxying
<SpamapS> RoAkSoAx: hm thats interesting.. the way I was reading it its more like a traditional proxy
<binBASH> their main demand is to have much cpu power, for video processing
<sh1ny> well i still think i'll try cloud over cluster, when i get my hands on enough hardware :P
<binBASH> :)
<binBASH> sh1ny: You run mysql?
<mathiaz> SpamapS: RoAkSoAx: IIRC the use case is layer 7 http loadbalancer
<sh1ny> i got a book on xenHA with heartbeat ( for free from the author ) and it doesnt seem so hard, so i should be able to apply it to eucalyptus nodes :P
<sh1ny> binBASH, not if it's up to me
<sh1ny> <- pgsql fan :/
<SpamapS> RoAkSoAx: The biggest difficulty with using IPVS in the cloud is that they will not necessarily share physical LAN or even the same subnet.. so we have to assume that a loadbalancer <-> server connection must be established. With HAproxy, that is natural.. with IPVS.. IPTUN has to happen first.
<binBASH> ok ;)
<RoAkSoAx> SpamapS: and for example, in case we want to add a second loadbalancer in HAProxy, (for failover) we need to use keepalived, which can be used aswell with IPVS
<sh1ny> but my company has a "homegrown" software
<RoAkSoAx> SpamapS: indeed
<sh1ny> something like ERP
<binBASH> ok
<sh1ny> that's just baddly written and uses mysql
<Theravadan> sh1ny, did you use anything other than megacli from that link?
<SpamapS> mathiaz: yeah, I think we got side-tracked w/ IPVS because of the persistence discussion, but HAproxy has excellent support for persistence.
<sh1ny> so i'm forced to :P
<binBASH> :))
<RoAkSoAx> mathiaz: if we want layer7 loadbalacing, HAproxy is our solution
<binBASH> How you achieve HA there sh1ny?
<binBASH> using mysql cluster?
<RoAkSoAx> SpamapS: indeed, I'd also think that if we need specialized HTTP loadbalacing, we should go for HAProxy
<sh1ny> uhm no HA for it atm
<mathiaz> SpamapS: RoAkSoAx: we're looking at providing an image that could do the same thing as AWS Elastic Load balancing
<sh1ny> they still havent optimized their db calls
<sh1ny> so they create a mess
<RoAkSoAx> mathiaz: the loadbalancing is not the issue. The issue is autoscaling features
<SpamapS> mathiaz: yes I think that was also lost in the discussion we had
<Theravadan> mathiaz, eucalyptus hq is just down the street from me
<SpamapS> mathiaz: looking into that tho, we have to create a tool to automatically edit haproxy's configs..
<Theravadan> i could knock on their door for you
<sh1ny> and i told them no HA until they fix the damn 99.9 loadavg every 3-4 hours :P
<RoAkSoAx> SpamapS: I was thinking on autoregistration of a webserver to a loadbalancing domain, and when that happens, loadbalancer (HAProxy) adds it automatically its config. I need to look into HA Proxy first though
<sh1ny> Theravadan, not really, tho megacli-status should work
<SpamapS> RoAkSoAx: seen this: http://code.google.com/p/scalr/ ?
<RoAkSoAx> SpamapS: since I don't really know how healthchecking works in HAProxy.
<mathiaz> RoAkSoAx: elastic load balancing doesn't provide auto scaling
<mathiaz> RoAkSoAx: auto scaling is another component
<SpamapS> http://aws.amazon.com/elasticloadbalancing/ ....
<RoAkSoAx> SpamapS: scalr insteresting will look at it.
<SpamapS> Elastic Load Balancing can detect the health of Amazon EC2 instances. When it detects unhealthy load-balanced Amazon EC2 instances, it no longer routes traffic to those Amazon EC2 instances instead spreading the load across the remaining healthy Amazon EC2 instances.
<sh1ny> SpamapS, which doesn't mean it launches new instances ? :)
<RoAkSoAx> mathiaz: I do understand that, but as nijaba mentioned, a feature that is really desired is autoscaling because customers are asking for it
<SpamapS> yeah not quite auto-scaling
<Theravadan> sh1ny, http://hwraid.le-vert.net/ubuntu/pool-jaunty/megaclisas-status_0.5_all.deb ? that seemd to work but it's megaclisas-status
<mathiaz> RoAkSoAx: right - auto scaling is much bigger and requires other components to be in place first
<sh1ny> Theravadan, yes yes, that one, sorry i am lazy on typing details :(
<mathiaz> RoAkSoAx: (ex all the monitoring infrastructure)
<RoAkSoAx> SpamapS: healthchecking in regular cluster solutions, such as ldirectord or ipvsadm can also be done in several ways and in several degrees, if the healthchecking fails, the webserver is removed from the loadbalancing cluster
<SpamapS> but later on that page..
<SpamapS> "Auto Scaling with Elastic Load Balancing
<SpamapS> Letâs say that you want to make sure that the number of healthy Amazon EC2 instances behind an Elastic Load Balancer is never fewer than two. You can use Auto Scaling to set these conditions, and when Auto Scaling detects that a condition has been met, it automatically adds the requisite amount of Amazon EC2 instances to your Auto Scaling Group."
<sh1ny> SpamapS, if you're ready to spend money on a cloud, i'd recommend using rightscale with amazon, the guys over there are really nice and they saved me a lot of headache :)
<RoAkSoAx> mathiaz: for example, if I wnated to implemented autoscaling in a regular cluster implementation (either keepavelid+ipvsadm or ipvsadm+ldirectord+pacemaker), the only thing I need to do is when webserver is started, it needs to tell the loadbalancer that it is up and running and ready to receive load, then loadbalancer would add that server to the loadbalancing domain
<sh1ny>  /comercials off
<sh1ny>  s/comercials/commercials/g
<Theravadan> sh1ny, do you have a BBU? I want to see if it's actually running and caching writes.  megacli -AdpAllInfo -a0 says it's there but not sure how to see if it's caching.. i can call the manufacturer
<SpamapS> sh1ny: you can do commercials, as long as they work like the commercials in The Invention of Lying .. "Coke.. its really just brown sugar water, but a lot of people drink it. Thats right, COKE, Its really famouse."
<sh1ny> i don't have a BBU :/ i did turn read cache on tho
<sh1ny> Theravadan, megacli -LDInfo -LAll -aAll
<sh1ny> Theravadan, i believe that's what you're looking for
<RoAkSoAx> mathiaz: in *regular* clsuter infrastructure, the monitoring (healthchecking) is already implemented... whjy implemente something else from scratch if it is already there... we can just adapt it for our needs or extend its functionality
<sh1ny> SpamapS, :D :)
<sh1ny> note taken :))
<sh1ny> Theravadan, ok i lied, seems i have turned on the write cache without a BBU
<uvirtbot> New bug: #582443 in openssh (main) "Syslog socket missing from chroot." [Undecided,New] https://launchpad.net/bugs/582443
<sh1ny> Theravadan, i'll go cry in the corner
<sh1ny> Theravadan, http://paste.ubuntu.com/435695/ :F
<RoAkSoAx> mathiaz: so for example, in ldirectord+ipvsadm+pacemaker, ldirectord is the one who determines if the webservers are ready to receive load or not, in case the healthcheck failed, it tells IPVS that the server is not to receive load, and is removed from the node list that will receive load.
<RoAkSoAx> mathiaz: that moniutoring is done in various ways, One way is just check if port 80 for example is open, another way is that it checks for a fail accessible through HTTP, other way is request specific data content in a file of the webserver
<cybrocop> Hi All. I wonder if someone has gotten Eucalyptus to work on 10.04?
<sh1ny> cybrocop, i believe binBASH had, unless he's been lying to me !
<cybrocop> It is driving me crazy for a week now.
<sh1ny> hm, sounds like my girlfriend
<SpamapS> RoAkSoAx: UP/DOWN checks are easy. I think what Mathias is discussing is more collective checks. "If total system load is at 80%, spawn X instances"
<cybrocop> :)
<cybrocop> I get it installed OK and all seems fine, but when I try to create Windows 2003 images and try to upload them, I get this weird error...
<Theravadan> sh1ny, you were faster than support, i see writeback cache is the current policy yay
<RoAkSoAx> SpamapS: That's actually something that ivoks said as a cool feature for loadbalancing
<cybrocop> "Image registration failed because the manifest referenced is invalid or unavailable."
<sh1ny> Theravadan, i am a support guy actually...well top level but non the less ;P
<cybrocop> Happens haphazardly, works one time then doesn't work another time.
<ryoohki> SpamapS: or coke is really delicious...
<ryoohki> SpamapS: and it has caffiene
<ryoohki> SpamapS: and sugar!!!!!
<Theravadan> sh1ny, here  is my output: http://dpaste.com/196213/
<Theravadan> sh1ny, nice! small world.. i'm a programmer+sysadmin
<sh1ny> ^_^
<uvirtbot> sh1ny: Error: "_^" is not a valid command.
<RoAkSoAx> SpamapS: and well that's totally something different from loadbalacing itself
<SpamapS> ryoohki: in the referenced movie, people aren't able to say things that aren't true.. they haven't evolved lying yet. So they couldn't say "is really delicious" without qualifying it. In that parallel universe, you can't even imply something that is untrue.. so ugly people all dress poorly, while attractive people dress well...
<sh1ny>  ^_^
<sh1ny> sorry uvirtbot :(
<SpamapS> RoAkSoAx: right, it is in essence a signal for an event engine that should drive actions, because you also want "Total system load is under 40%, reduce instances"
<sh1ny> Theravadan, actually after looking again my zabbix script is using megasasctl
<RoAkSoAx> SpamapS: yep. That I think is a work-item for the spec. Another work item is autoregistration
<sh1ny> Theravadan, i do a megasasctl -H -B and it returns ok if no ouput and "YOU'RE ABOUT TO LOOSE YOUR JOB" if anything gets printed
<Theravadan> sh1ny, how did you get "Disk Cache Policy: Enabled" and why did you say you would cry?
<Theravadan> sh1ny, lol nice
<RoAkSoAx> SpamapS: because given load 80%, signal can be sent to say "start webserver in domain A, mount point B" and then webserver will start and use autoregistration, and the same will happen if user would like to start another webserver instance manually
<sh1ny> Theravadan, well usually it's a bad thing to enable write cache with writeback when no BBU, or so i've been told
<sh1ny> Theravadan, power failure might cause data loss
<SpamapS> RoAkSoAx: would make sense to copy elastic LB's M.O. with an  elb-register-instances-with-lb compatible command..
<Owner_> does anyone uses tightvnc?
<Theravadan> sh1ny, oh yeah, that could be bad. so you explictly enabled writeback?
<ttx> SpamapS: questions about the spec writing ?
<sh1ny> Theravadan, but i'm relying on that dual power supply i got connected to two separate ups's
<ttx> SpamapS: for the sync/merging process, I'll let your mentor explain that to you
<sh1ny> Theravadan, raid6 aint't the fastest thing around :(
<RoAkSoAx> SpamapS: it will, but if there's a command no "autoregistration" would be needed from the webserver because you would be already passing the parameters to the webserver
<RoAkSoAx> SpamapS: and telling the loadbalancer to add that webserver you are instancing
<sh1ny> with that i can get 130Mb/s writes and around 200Mb/s reads
<SpamapS> ttx: I'll prepare any questions and email them to you directly, since I'm sure you are about ready to end your day. :)
<sh1ny> Theravadan, but unless you have *really* good backups and at least two power supplies i wouldn't recommend it without a BBU
<ttx> SpamapS: that's a wrong assumption. I surrendered my Tuesday nightlife to my job.
<ttx> SpamapS: so i'm looking for easy things to do for the next hour and a half, and explaining things is easy :)
<sh1ny> Theravadan, but i have and i only run virtual machines on that, so restoring takes less than 20 minutes so i don't really care...and for 1 year i had 0 troubles so i'll just go along with this till it works ;)
<SpamapS> ttx: very well then, let me just finish reading.
<ttx> SpamapS: sure
<Theravadan> sh1ny, my power is stable so I understand
<Theravadan> sh1ny, i have "Disk Cache Policy: Disabled" ... i assume this is referring to the read cache?
<sh1ny> Theravadan, yes
<sh1ny> Theravadan, you can enable it with megacli
<sh1ny> Theravadan, http://hwraid.le-vert.net/wiki/LSIMegaRAIDSAS it's here somewhere
<zul> SpamapS: ttx has no life
<sh1ny> zul, that was harsh :(
<Theravadan> sh1ny, thx
<sh1ny> btw Theravadan are you doing this on lucid ?
<Theravadan> sh1ny, yes
<sh1ny> hm good to know it works, my servers are still on karmic and will be till mid-summer ....lazy and careful on updating
<Theravadan> sh1ny, i understand, it has taken me a month and i still havent migrated over from the old centos server to this new ubuntu server, i'm cautious
<Theravadan> so glad not to use centos, yech
<sh1ny> i'm using centos on some virtual guests
<sh1ny> but i wouldnt install it on the host ....mostly because it will take time for me to get familiar with it
<Theravadan> sh1ny, my problem w/ it is the packages are really old
<SpamapS> ttx: ok so the spec explanation seems fairly straight forward. And from the discussion, as I understand it, the implementation should be stated as work items.. yes?
<sh1ny> Theravadan, sometimes in ubuntu newer packages might cause a pain
<Owner_> ok any good free VNC ?? can anyone help me set it up?
<sh1ny> Theravadan, for example i did a test upgrade on my puppet server
<sh1ny> Theravadan, so many things went wrong, i don't know even where to begin with
<Theravadan> sh1ny, yikes.. i did a test upgrade from 9.10 and 8.04 to 10.04 without problems
<Theravadan> sh1ny, what kinda problems? package problems, did you have 3rd party .deb's?
<sh1ny> Theravadan, yes ubuntu itself is fine, just puppet breaks stuff , aaand it has a nasty bug when used with ruby 1.8.7
<ttx> SpamapS: yes.
<sh1ny> Theravadan, and lucid happens to ship with ruby 1.8.7
<ttx> SpamapS: you should work on those where you are set as "Drafter"
<ttx> SpamapS: https://blueprints.launchpad.net/~clint-fewbar/+specs?role=drafter
<ttx> (quite empty now)
<sh1ny> Theravadan, other than that i don't foresee any problems going 9.10 -> 10.04
<ttx> SpamapS: I asked Jos to confirm some of those. I think you can safely start with   	 server-maverick-uds-web20-workloads
<sh1ny> Theravadan, but there are occasional packages that break backwards compatibility
<cybrocop> Owner_: try TightVNC
<ttx> SpamapS: and   	 server-maverick-uds-cloud-loadbalancing
<sh1ny> Theravadan, from release to release and depending on how important they are for you, it might cause major pain
<wizardslovak> cybrocop : i tried i couldnt connect to it
<RoyK> Theravadan: I have a couple of test systems upgraded from 9.10 to 10.04 - works well - I also have a production system on 10.04 - works well
<ttx> SpamapS: for the others I'll soon confirm who drafts them
<RoyK> Theravadan: I'd still wait a few months before upgrading critical servers from 8.04, though
<Theravadan> RoyK well I have no problems going from 8.04 and 9.10 so I'm migrating everything over to 10.04 right now
<sh1ny> RoyK, well my only 8.04's are the zimbra servers i have and i'm stuck with them until they release zimbra for 10.04
<Theravadan> I'm aggressive like that, usually it pays off
<cybrocop> wizardslovak/Owner_: If you installed tightvnc and it can't connect to the server that means there is something wrong with either the network or the server. Did you install a VNC server on the other end and is it configured properly?
<RoyK> sh1ny: indeed
<sh1ny> RoyK, we adopted ubuntu instead of debian right after 8.10, so we went the 6 months releases till 10.04
<RoyK> http://karlsbakk.net/top-16-2.png <-- nice box
<SpamapS> ttx: ok, and for the work items.. they don't have any assigned value per-se right? So each one in the burndown is considered equal to another?
<wizardslovak> well i installed it and opened ports in ufw and router
<wizardslovak> still i am getting "cannot conenct to server" error
<wizardslovak> althoutgh when i tried "/etc/init.d/vncserver restart it says it didnt find it
<sh1ny> but upgrading every 6 months is getting cumbersome
<RoyK> sh1ny: use LTS releases
<sh1ny> RoyK, that's the plan, starting with 10.04 ;)
<ttx> SpamapS: yes, they should be worth 0.5-2.5 days of work
<RoyK> 8.04 is LTS
<RoyK> sh1ny: 8.04 should probably work well for at least another three years
<sh1ny> yes, but we decided we will go for 8.10 and 9.04 for many reasons
<Theravadan> how do i convert a 10.04 system to LTS, edit a file and have the value be "lts" instead of prompt?
<cybrocop> RoyK: CPU1 is at 0.3% system utilization. Need to do something about that?
<RoyK> Theravadan: 10.04 _is_ LTS
<sh1ny> Theravadan, it's just lts, no need to do anything
<RoyK> cybrocop: hehe
<Theravadan> sh1ny, so when 10.09 comes out it won't upgrade?
<RoyK> cybrocop: load varies, but the box chews ash quite well
<Theravadan> what if I wanted a machine to upgrade to 10.09?
<RoyK> Theravadan: you can set the machine to lts or normal upgrades
<Theravadan> RoyK got it... that is what I was getting at
<SpamapS> Theravadan: 10.10 btw. ;)
<Theravadan> ah 10.10
<RoyK> Theravadan: see /etc/update-manager/release-upgrades
<Theravadan> RoyK: thx
<sh1ny> RoyK, when i got hired by my current employer, they had problems with updating debian servers, since we have more than 150 of those, and they wanted latest stuff with auto-updates of security
<sh1ny> RoyK, so i suggested sticking to 6 monthies till 10.04 then sticking with that for 2 years
<RoyK> sounds reasonalbe
<RoyK> reasonable, even
<sh1ny> aaand they wanted me to replace xen with something and kvm isnt that good in hardy
<RoyK> is it good in lucid?
<sh1ny> way better
<RoyK> we have a piece of crap xenserver running
<RoyK> would be nice to replace that with something proper
<Theravadan> sh1ny, that is what i'm doing, in order to get some new packages i need for bucardo. But I may need even newer packages in the future thus it's nice that I can go off of LTS if I really want to.
<sh1ny> tho i still have to see if it improves with guests that are acting as samba file servers
<sh1ny> Theravadan, from what i learned
<RoyK> imho stuff like file servers shouldn't be VMs
<sh1ny> RoyK, the client is always right :(
<RoyK> file servers are i/o intensive, not a VM thing
<sh1ny> Theravadan, don't go mixing distros too much , well depending on the number of machines you support
<RoyK> numbercrunchers are cpu and sometimes memory intensive, not a vm thing
<RoyK> general stuff like your little webserver or something, that's a vm thing
<sh1ny> RoyK, well we found out how to make it bearable so it "just works" for now
<Theravadan> sh1ny, yeah that's a headache, in a month or so all systems will be ubuntu 10.04 and i will be happy
<RoyK> Theravadan: already in a month?
<sh1ny> i got like 80 ubuntu 9.10's and ~100 debian unstable ( previous sysadmin's work >.> )
<RoyK> I'd wait a few more if I were you
<RoyK> sh1ny: Sid??
<sh1ny> RoyK, no, they were unstable 3 years ago
<sh1ny> RoyK, i guess now they're something after lenny , not very sure
<RoyK> Sid in production isn't good
<sh1ny> RoyK, i don't bother upgrading them, because they pop open like can of worms
<sh1ny> RoyK, i'm just slowly reinstalling them with ubuntu
<sh1ny> RoyK, it was the situation when i arrived, and to be honest i am having a hard time pushing new technologies + converting all the old crap that i inherited
<RoyK> Sid == unstable
<sh1ny> yes i know it's bad for production, but it was like this when i arrived
<sh1ny> so >.>
<RoyK> we have a bunch of old fedoras around
<RoyK> not good either
<sh1ny> yea well i should be done with all of those in a year or so
<SpamapS> ttx: could you provide me with some examples of some of the specs that were completed in the last cycle?
<RoyK> the old man that installed them has finally accepted, or getting close to, installing ubntu lts instaed
<sh1ny> i often get "If it's working don't touch it" from customers
<sh1ny> and it's kinda hard to explain what is "security" and why it matters
 * RoyK isn't a consultant anymore - just an employee
<sh1ny>  :)
<RoyK> easier that way, somehow
<sh1ny> you lucky guy
<sh1ny> ok, guys was nice having a chat, but i gotta be up in 6 hours
<RoyK> nite
<sh1ny> so good night and good luck with whatever you try to do tonight :)
<ttx> SpamapS: sure
 * ttx rummages
<ttx> SpamapS: https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-euca-remote-autoregister
<ttx> https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-aws-client-libraries
<ttx> SpamapS: see http://people.canonical.com/~pitti/workitems/lucid/canonical-server-lucid-alpha-3.html
<ttx> ^ and specs linked from there
<uvirtbot> ttx: Error: "and" is not a valid command.
<SpamapS> nice burndown. :)
<SpamapS> ttx: somebody really should create something for the ubuntu wiki that lets you say   [[lp:blueprint:xxx:whiteboard]]  so they stay in sync.
<ttx> SpamapS: you should not duplicate the work items list in the wiki
<ttx> SpamapS: just point to it
<MTecknology> how can i figure out what's causing a site offline message?
<SpamapS> ttx: roger that.
<guntbert> MTecknology: from what system?
<MTecknology> guntbert: ubuntu
<guntbert> MTecknology: sorry - I meant: from what system do you get that message?
<enav> apparmor is not easy to configure really?
<MTecknology> guntbert: ? when i go to the website
<MTecknology> The site is currently not available due to technical problems. Please try again later. Thank you for your understanding.
<MTecknology> enav: it's incredibly simple
<enav> good
<guntbert> MTecknology: if that is the exact message you should have gotten it from the target host -- but some messages your browser generates look very similar
<enav> but ubuntu guide is to short and only explain few things
<MTecknology> guntbert: wrong channel...
<MTecknology> guntbert: i meant to ask in #drupal :P
<guntbert> MTecknology: I was already wondering about the sparse info you gave  ... :-)
<MTecknology> guntbert: ya - in the right channe; it woulda made sense :P
<guntbert> MTecknology: definitely :-)
<Theravadan> what is the accepted way to get a custom script in /etc/init.d to start / stop?
<Theravadan> update-rc.d tomcat defaults worked
<EtienneG> smoser, I just noticed we have desktop AMI at http://uec-images.ubuntu.com.  How does that work?  Do they have ssh installed so we can connect?  NX, perhaps?
<smoser> neatx server installed
<smoser> ubuntu-desktop task installed
<smoser> in maverick this will hopefully be moved to x2go or a more stable solution
<EtienneG> smoser, sounds cool, will look into it
<smoser> the neatx server and non-commercial nx clients provide less than desireable results.
<smoser> EtienneG, http://groups.google.com/group/ec2ubuntu/browse_thread/thread/e57316d0a0af4b2/f963bac158169725?lnk=gst&q=lucid+nx+server#f963bac158169725
<soren> Wow, this sucks. I come back to my laptop, see that I have firefox open, pointing to the page for filing bugs against vm-builder. The bug summary just says: "Multiple ".. I have no recollection of this and no clue what the bug might have been about.
<smoser> http://www.stgraber.org/2009/12/12/ubuntu-desktop-cloud-now-working-lucid
<bogeyd6> i never give apache2 enough credit. you know it sits there and redirects traffic from a domain to the cluster all day long. never breaking or complaining.
<EtienneG> smoser, thanks, it's just for testing anyway, so I will not sweat it
<EtienneG> cool stuff nonetheless
<smoser> x2go should provide improvement
<soren> Gawd, I hate preparing SRU's.
<bogeyd6> oh lawd soren
<therianlunch> group question! whats your favorite game available in the ubuntu software center?
<smoser> http://www.vim.org/scripts/script.php?script_id=172
<osmosis> how do I change which kernel ubuntu is using. I want to switch to  linux-virtual
<celeborn999> the ur-quan masters and battle for wesnoth
<celeborn999> nethack
<binBASH> How to delete stored images in uec?
<binBASH> because I installed an image out of the store and node controller gets a 403 and cannot get a file
<erichammond> I've received a couple inquiries about an Ubuntu mirror in EC2 Asia Pacific.  Are there plans for ap-southeast-1.ec2.archive.ubuntu.com ?
<erichammond> Is elmo still running these mirrors?
<binBASH> smoser: Any idea how to fix this? http://www.pastie.org/966528
<osmosis> im not able to switch over to linux-virtual.  see  http://dpaste.com/196281/
<sbeattie> osmosis: the virtual kernel (on i386) is the same as the generic-pae kernel, just with a bunch of the modules removed.
<sbeattie> (on amd64, virtual is the same kernel as the -server kernel)
<ryoohki> i would like, from a fresh 10.04 server install, a copy of a u.s.a. /etc/apt/sources.list
<uvirtbot> New bug: #582539 in vsftpd (main) "mistake in upstart-script" [Undecided,New] https://launchpad.net/bugs/582539
<billybigrigger> anyone tried burning an .iso over nfs?
<billybigrigger> is it recommended?
<alvin> billybigrigger: I have done that many times. Never had troubles. (buffer underrun is a thing from the past anyway)
<billybigrigger> fair enough
<billybigrigger> thanks
<billybigrigger> alvin, using growisofs
<billybigrigger> sob
<billybigrigger> 279576576/7838695424 ( 3.6%) @3.7x, remaining 23:25 RBU  88.8% UBU  71.4%
<billybigrigger> ^C/dev/dvdrw: flushing cache
<uvirtbot> billybigrigger: Error: "C/dev/dvdrw:" is not a valid command.
<billybigrigger> lol
<billybigrigger> that was an expensive verb DL
<celeborn999> i've managed to bork my apache2 install, i'm trying to do a 100% complete wipe of the thing and reinstall but i guess i'm not getting rid of all of it. any way to completely undo the install and redo it, like i never had it before?
<celeborn999> in particular, after i install, it doesn't automatically start, and when i try to start it it complains about a missing /etc/apache2
<billybigrigger> apt-get purge apache2
<celeborn999> thanks but that doesn't help. i've tried apt-get purge apache2, apt-get --purge remove apache2, some trick with dpkg -i
<celeborn999> when i do a locate for apache2 after i "uninstall" it, it still finds all kinds of stuff
<celeborn999> i'm not sure about going through and manually deleting everything with apache2 in the name. that's what i did to /etc/apache2
<jamesgao> hi everyone, I've been trying to set up an LDAP/Kerberos environment for my lab
<celeborn999> figured out the apache thing: you have to get rid of apache2-utils, too
<jamesgao> unfortunately, the server docs are either out of date, or don't work... I have kerberos set up, but LDAP + ssl breaks
<jamesgao> I keep getting the "main: TLS init def ctx failed: -1" error, and I've triple-checked both the locations and commands that generated all the key files
<f1yback> <f1yback> put in the cf today
<f1yback> <f1yback> ubuntu 10.04lts server took 30 seconds to boot not including the bios time
<f1yback> <f1yback> so if I ran coreboot it would take even less time
<f1yback> <f1yback> mini-itxx 533
<f1yback> not bad
<f1yback> I can live with that startup time
 * slackster misread can for can not. :P
<Nonpython> When I try to start Bind I get "rndc: connect failed: 127.0.0.1#953: connection refused", what is wrong?
<SpamapS> kirkland: you there?
<JanC> f1yback: depending on what services you are starting during boot that's somewhere between pretty bad & pretty good  ;)
<f1yback> stock install
<f1yback> only function I selected during install was ssh
<f1yback> it's a 1st gen itx
<f1yback> c3-800 samual core
<f1yback> samual2 sorry
<JanC> well, my Celeron 900MHz-based netbook boots faster into a graphical UI...
<bc> Nonpython: probably a file permission problem. Are you running named in a chroot environment? That could give you some hints.
<f1yback> i'm not that worried about it
<f1yback> basically the box runs nut-ups then fires off 30 ssh logins and execs a shutdown script
<f1yback> that's it
<Nonpython> bc: I am new to bind, how do I know?
#ubuntu-server 2010-05-19
<bc> Nonpython: look for -t option in /etc/default/bind9. Is it there? e.g. /var/lib/named
<Nonpython> no, just "-u bind"
<Nonpython> if OPTIONS
<Nonpython> s/if/in/
<bc> Nonpython: see if user bind has permissions to read/write /var/run/named.pid, for example
<Nonpython> /var/run/named.pid does not exist.
<bc> Nonpython: see if running named-checkconf spits out any problems
<Nonpython> ok
<Nonpython> /etc/bind/named.conf.options:27: unknown option 'zone'
<Nonpython> /etc/bind/named.conf.options:32: unknown option 'zone'
<bc> Nonpython: can you pastebin /etc/bind/named.conf.options?
<Nonpython> http://pastebin.com/S02aqCMm
<bc> Nonpython: those errors may be in /var/log/daemon.log or /var/log/messages as well. See if any other hints are in there.
<bc> Nonpython: "Unknown paste ID, it may have expired or been deleted!"
<bc> Nonpython: FYI you might also like `apt-cache show pastebinit`
<Nonpython> http://www.pastie.org/966716
<bc> Nonpython: move zone blocks outside of options { };
<Nonpython> ok
<Theravadan> do-release-upgrade claims there are no new releases despite being on 8.04.1
<mathiaz> Theravadan: that's normal. LTS to LTS upgrade will only be enable when 10.04.1 is released
<Theravadan> mathiaz, darnit
<mathiaz> Theravadan: https://wiki.ubuntu.com/MaverickReleaseSchedule <- this is currently scheduled for end of july 2010
<bc> f1yback: Re: that 4" thick thinkpad, I have no idea what I'm going to do with it :P
<Theravadan> mathiaz, hmm if I change /etc/update-manager/release-upgrades such that Prompt=normal can I go to 8.04?
<mathiaz> Theravadan: I don't know
<mathiaz> SpamapS: o/
<Theravadan> mathiaz, hmm i'll try it with a non-essential machine
<f1yback> bc well don't toss it
<f1yback> first thing you should do with it though is run dban on it
<f1yback> a) to clear the preverious own's data
<f1yback> b) also gives the hd a chance to reallocate any sectors going bad
<f1yback> previous owner
<f1yback> sorry long day
<Theravadan> cross your fingers - upgrading
<bc> f1yback: first order of business is to pretend in a Starbucks I think.
<f1yback> hahah
<f1yback> only problem with that is if it has someone else's porn on it
<f1yback> that's why I always wipe boxes I am given or find on the street side on trash day
<f1yback> also just because it's none of my damn business what was on there
<bc> f1yback: that's actually pretty scary now that you brought it up.
<f1yback> yeah i'd wipe the hd
<f1yback> do make a backup of the recovery sw and/or partition first if you plan to reuse the os it came with
<f1yback> then just wipe it with dban or mhdd if you can inititalize the "ATA security erase unit" command
<f1yback> mhdd has the added bonus of surface testing and smart log checking
<enav> hi!!!!!!!
<f1yback> hi
<Nonpython> I have a ton of errors from Bind! http://www.pastie.org/966742
<Kutakizukari> Upgraded my Ubuntu 9.10 to Ubuntu 10 and it also upgraded my php 5.2 to php-5.3. How can I downgrade to php version 5.2 again?
<bc> Nonpython: part of that is permissions. make sure user bind can read those files that you're getting permission denied on.
<bc> Nonpython: if possible, pastein one of those zone files
<ryoohki> does anyone have a copy of /etc/apt/sources.list from a fresh U.S.A. install of unbuntu server 10.04
<ryoohki> ????
<JanC> ryoohki: I think people gave you that already...
<ryoohki> i didn't see it
<ryoohki> JanC: USA?
<Nonpython> http://www.pastie.org/966760
<Nonpython> is db.trueblogtales.com
<Theravadan> oh yeah just upgraded from 8.04.3 LTS to 10.04
<bc> Nonpython: your CNAMEs are a problem. try this, but update your serial first, and maybe clean up my fubar formatting. http://www.pastie.org/966770
<bc> Nonpython: I don't think that should give you any problems, but try loading just that zone, then clear up the error log, then load the other zones
<Nonpython> Two errors: 18-May-2010 23:44:53.537 couldn't add command channel 127.0.0.1#953: address in use
<Nonpython> 18-May-2010 23:44:53.537 couldn't add command channel ::1#953: address in use
<Nonpython> And a third: 18-May-2010 23:44:53.539 zone trueblogtales.com/IN: NS 'ns.trueblogtales.com' has no address records (A or AAAA)
<bc> Nonpython: for the NS, you need: IN    A 69.175.115.18
<Nonpython> ok.
<bc> Nonpython: sorry: ns  IN  A 69.175.115.18
<Nonpython> What do the first two mean?
<bc> Nonpython: try this (also update serial again, don't use the one in the paste) http://www.pastie.org/966770
<bc> Nonpython: only change is line 15
<Nonpython> I did exaCTLY that
<Nonpython> (sorry my kb is borked)
<smoser> binBASH, sorry, i don't.
<smoser> binBASH, if you're having issues, please do open a bug
<bc> Nonpython: are you saying your file looks exaclty like that, minus the serial, and you are still getting 'NS 'ns.trueblogtales.com' has no address records'?
<Nonpython> No, the ...couldn't add command channel... errors.
<bc> Nonpython: stop and start bind
<f1yback> question, is squash just really sensitive to cdrom read errors or does getting low on ram cause squashfs to shit
<Nonpython> the latter
<f1yback> I seen this way too much on a variety of machines and hardware
<f1yback> ah
<Nonpython> What do I do with the reverse zone if I have two domain names with the same first three octets but have different last octet?
<f1yback> and I was running a program designed to fill up the ram
<Nonpython> So Yeah.
<f1yback> thx
<Nonpython> I should know, I practically maintain it.
<f1yback> hahaha ;)
<f1yback> thx I wanted to make sure my hw was stable
<f1yback> so using memtest.sh
<f1yback> amazing though I can run months on a livecd on my main desktop
<f1yback> my laptop which is actually better hw shit but since I switched it to a usb flash drive works fine
<tsimpson> f1yback: please watch the language in here
<BrixSat> hello any one with squid experience?
<f1yback> ok
<f1yback> so squashfs gets *CANUCKED* easily
<f1yback> there
<BrixSat> i need to password protect my proxy but i dont know wich acl to use
<bc> Nonpython: if I understand you correctly, you use the same file. You want PTR records.
<Nonpython> Yay!
<bc> Nonpython: similar to the CNAME.. e.g. 1  $TTL IN PTR foo.
<f1yback> oh and you are one too
<f1yback> that explains it
 * f1yback bites Nonpython 
<f1yback> CANUCK!
<Nonpython> flyback: not true, I am from Blane, Washington, also known as Meth Lab Estates.
<Nonpython> Which is literally on the border.
<Nonpython> I moved there in case I had to move to Canadia.
<f1yback> oh wavecable
<f1yback> not wave.home.com
<Nonpython> Yeah.
<Nonpython> Same company.
<f1yback> no there's a canuck isp called wave
<Nonpython> Yeah, wavecable operates in canada as just "wave".
<Mkools> Hi, please help today is my external on major project. I am able to deploy my .war but not able to run servlet and jsp code on it, getting exception error.root cause
<Mkools> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failur
<Nonpython> How can I setup reverse DNS for a second domain on a IP address that is identical except for the least significant octet already has a domain with reverse DNS stuff?
<qman__> Nonpython, you can set multiple reverse DNS for one IP, but they get served round-robin style
<qman__> you don't get all of them, just whichever one is up next
<Nonpython> Not the same IP.
<Nonpython> Say you have a server with the IP 42.42.42.42
<Nonpython> and that has the domain example.com.
<Nonpython> but you also have 42.42.42.43 that hosts example.net.
<Kutakizukari> Found the solution to my problem, if anyone needs to revert back to php version 5.2 from php 5.3 after upgrading Ubuntu then here it is: http://ubuntuforums.org/showthread.php?p=9152778
<Nonpython> How do you set up reverse IP for the latter?
<qman__> same way as the first
<Nonpython> I am a tard. :(
<qman__> 42.42.42.42.in-addr.arpa  IN PTR  example.com
<Nonpython> YAY!
<qman__> 43.42.42.42.in-addr.arpa  IN PTR  example.net
<ScottK> Kutakizukari: Please don't encourage people to use unsupported PHP versions.  That last thing one should run is a PHP that doesn't have security support.
<ScottK> If you need 5.2, don't upgrade to Lucid until your're ready for 5.3.
<qman__> those should have trailing dots, but you get the idea
<Nonpython> I know, I am smrt!
<Kutakizukari> ScottK, drupal needs 5.2 not 5.3. I was not aware that it would do that.
<Kutakizukari> many have the same problem and the solution was difficult to find.
<ScottK> That solution isn't a solution.
<Kutakizukari> for me and many others it is
<ScottK> I understand you think it is.
<ScottK> Are there bugs about Lucid's drupal not working?
<Kutakizukari> just the version 5.3 will not run drupal it needs php version 5.2
<qman__> rather than downgrading PHP, this should have been reported as a bug in the drupal package for lucid
<qman__> so it could be fixed
<qman__> rather than having people run old, potentially insecure software
<Kutakizukari> no bugs just an option to not upgrade php version 5.2 to 5.3 would have been nice
<qman__> not working on 5.3 IS a bug
<Kutakizukari> ok
<ScottK> Supporting one version of PHP per release is more than enough.
<Kutakizukari> understand you point
<Kutakizukari> there is a bug http://drupal.org/node/360605
<jetole> Hey guys. Does anyone know of a FTP server that will allow me to use active directory to authenticate users?
<kirkland> SpamapS: howdy
<Mkools> hey man can anybody help.
<nealmcb> !ask | Mkools
<ubottu> Mkools: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<nealmcb> Mkools: ahh - I see your earlier question now.  Sorry I can't help....
<aruj> I'd like to install a pastebin server for my intranet. Any suggestion?
<pmatulis> jetole: i know pureftpd can authenticate against ldap so it should work
<uvirtbot> New bug: #582627 in openldap (main) "slapd sometimes doesn't start in lucid; can't log in if using nss_ldap" [Undecided,New] https://launchpad.net/bugs/582627
<celeborn999> has anyone had any luck getting wordpress to work with ssl and apache?
<maxagaz> hi
<maxagaz> I can't see autofs anymore in "ps aux" on lucid, why ?
<maxagaz> how else should I check running processes ?
<enav> apparmor can do that
<RoAkSoAx> kirkland: ping?
<Nonpython> I looked at my server and there was only 2MB of RAM free, and I looked and found that there were 12 Apache web server processes running! What could cause this?
<slackster> having apache2 installed, and it being used
<slackster> I have 10 spawned
<slackster> you can mess with apache settings to lower the number, but it should be fine as is.
<Nonpython> Should it be eating up ~300MB of ram on a server with 2 unheard of websites?
<slackster> Nonpython: no, I don't think so
<Nonpython> WTF is it wrong?
<Nonpython> (My english is not good)
<slackster> I think I get the picture, but I don't know what is wrong.. maybe #httpd can help\
 * slackster is inserted in what is wrong, however
<ajmitch> where are you getting the 300MB number from?
<slackster> interested
<ajmitch> merely adding up the memory used by each process won't give you an accurate number
<Nonpython> ajmitch: top and statistics skills.
<Nonpython> Combined the percentages and calculated based off of my meager 384MB
<ajmitch> taking into account memory used for buffers/cache?
<Nonpython> Huh?
<ajmitch> the point being that free memory is essentially wasted, and the kernel will use it
<ajmitch> see the output of 'free -m', specifically the line about buffers/cache
<Nonpython> It was a mod_php thread and memory leak.
<ajmitch> PHP would do it..
<Nonpython> It was filling up its memory and spawning a new thread to have more.
<deslector> hi, any idea how ubuntu installer treats a home partition which already has an encrypted home folder with the same name as the username you are creating on the installer?
<Nonpython> No
<deslector> hmm... I will have to test that on a VM first, then :-)
<deslector> Nonpython, thanks
<twb> deslector: encrypted how?
<deslector> twb, I have an installation of 9.10 with /home on a separate partition
<deslector> twb, on that partition, user foo has his encrypted home folder
<deslector> on that partition too, there is a .ecryptfs folder
<deslector> I want to do a fresh install with 10.04
<Nonpython> You will lose it.
<deslector> twb, when I get asked to create a user, i want to create the user foo
<twb> Huh.
<deslector> I am wondering if the installer will overwrite something as to make my old home unreadable or if it will recognize what is happening and simply use what is already there
<twb> I've never seen per-user file-level encryption like that.  It sounds insane.
<deslector> I plan to use the same password as before for user foo
<twb> I guess ubuntu is using a fuse crypto layer and a loopback mount or something
<deslector> twb, this is regular "encrypted home" ubuntu feature
<deslector> I didn't tweaked it or anything
<twb> It wasn't there in 8.04, so I don't know about it.
<apctr> hi all i installed ubuntu-desktop package on my ubuntu server edition..but gui doesn't come when i boot my system...plz tell me wht is the next step
<deslector> twb, ok, thanks...
<twb> deslector: is there a reason you're reinstalling Ubuntu rather than just upgrading?
<deslector> twb, just my OCD, I guess... :-)
<slackster> doesn't update installer ask whether to keep config files before replacing.. in this case passwd files?
<slackster> I would think it would be ok
<slackster> *think*
<deslector> slackster, I'm not updating, I'm doing a fresh install... that's the thing
<apctr> how to take gui option in server 9.10??
<slackster> fresh install should overtwrite everything?
<slackster> apctr: which GUI..
<deslector> slackster, that's what I would think... just wondering if the installer was "smart" enough to recognize this scenario...
<apctr> slackster: i installed ubuntu-desktop package but it will satrt only in terminal mode...
<slackster> apctr: try "startx"
<apctr> slackster: i tried but it fails
<slackster> deslector: sorry, I don't know it well enough
<slackster> apctr: what about "sudo /etc/init.d/gdm start"
<KenjiPops> apctr: you may need to configure X first
<deslector> slackster, don't worry... I'll just try it on a VM first :-)
<deslector> (plus, I always back up my data when doing dangerous stuff :-)
<Nonpython> What package is mpm_netware in?
<apctr> KenjiPops: how to configure it?
<KenjiPops> apctr: sudo dpkg-reconfigure xserver-xorg
<apctr> slackster: it is showing some error :upstat job
<deslector> ok, found the answer
<deslector> http://ubuntuforums.org/showthread.php?t=1463392
<deslector> last post
<deslector> :-)
<slackster> deslector: glad you figured it out. :)
<slackster> hopefully it works as planned
<twb> The installer is probably dumb, because you aren't expected to *re*install, you're expected to upgrade
<deslector> twb, yep, that's what I thought too... but the post I linked before says otherwise...
<twb> I trust forum users about as far as I can throw them
<deslector> twb, "throw them" ?
<twb> An idiom.
<twb> I mean: "I do not trust forum users"
<deslector> twb, oh, ok... well, I wouldn't trust my /home either... that's why god invented backups ;-)
<deslector> twb, anyway, thanks for your time :-)
<Nonpython> How do I install mpm_netware on ubuntu 8.04?
<twb> Nonpython: never heard of it.  What is it?
<Nonpython> apache module.
<twb> Ah, apt-file indicates it's part of the apache2 package.
<Nonpython> Except for the fact that I have that package and it is not there.
<twb> Perhaps it is not a DFSG-compliant component?
<Nonpython> DFSG?
<twb> Debian Free Software Guidelines; an early definition of "open source".
<Nonpython> Ahh, old baggage from epicfailbian.
<twb> Here's the apt-file results as a web page: http://packages.ubuntu.com/search?searchon=contents&keywords=mpm_netware&mode=filename&suite=lucid&arch=any
<f1yback> yeah
<f1yback> I think I know what I need to do
<Nonpython> Only the documentation is there!
<f1yback> you reach a point where you get defeated enough times you decide that you have had enough
<twb> The documentation seems to indicate that mpm-netware is only useful if you're running netware, which sounds like a separate OS (i.e. not ubuntu).
<Nonpython> yeah.
<Nonpython> I'm going CentOS.
<Nonpython> twb: it is.
<twb> So why do you want *Ubuntu's* apache2 to have mpm_netware?
<Nonpython> I need to limit apache's number of threads because it is raeping my memory in the butt,
<Nonpython> .
<twb> I don't think switching to netware is the right way to achieve that.
<slackster> Nonpython: I was going to recommend freebsd..
<slackster> seems very light to me
<twb> Nonpython: have you asked #httpd (the Apache channel) about it?
<Nonpython> 8 times, no responce.
<twb> Did you ask about limiting memory usage, or about installing mpm-netware on Ubuntu?
<twb> Did you wait several hours for a response?
<Nonpython> I found out about mpm-netware through them, then I asked about ubuntu installs 8 times.
<Nonpython> They won the useless award for uselessness.
<twb> You should be telling them the symptoms (i.e. "I'm running out of memory"), not trying to diagnose it yourself (i.e. "how do I install mpm-netware?").
<Nonpython> I have.
<twb> OK, then there's not much more I can do.
<SpamapS> Nonpython: is this a purely static server?
<Nonpython> No, it runs PHP scripts out the ass.
<SpamapS> PHP in threaded apache?
<Nonpython> Yes.
<SpamapS> or PHP in fastcgi mode w/ threaded apache?
<SpamapS> ok threaded PHP is *a waste of time*
<Nonpython> I do not know
<SpamapS> each thread must use its own pool of memory..
<Nonpython> What is this "fastcgi" thing?
<SpamapS> it gains *no benefit* by being thread safe.. but does cost because of the mutexes.
<Nonpython> I assume that it is faster CGI.
<SpamapS> fastcgi runs php on the backend independent of the webserver
<SpamapS> In cases where you want to serve static and php or mixed languages, its a good choice.
<SpamapS> In cases where you just have PHP, mod_php in prefork mode is by far the most stable and highest performing configuration
<slackster> Nonpython: where are you getting these memory readins from?
<SpamapS> Nonpython: but let me make this very clear. *threaded MPM + PHP is a waste of time*
<Nonpython> Ok.
<slackster> Nonpython: run "free -m" and subtract cached
<SpamapS> Have spent extensive time trying to make that work well. The issue is that Zend's memory allocator is not stable enough to share one pool of RAM.
<slackster> and buffers
<SpamapS> yeah its just a big damn joke
<SpamapS> that they even suppor threading.. totally stupid
<Nonpython> 212 used MB.
<slackster> Nonpython: so you have more than 2MB free now... ;)
<slackster> Nonpython: you should be ok
<Nonpython> No, this is without apache.
 * Nonpython is stupid
<slackster> you've stopped apache?
<Nonpython> Yes.
<twb> I didn't think you could even HAVE threaded PHP
<SpamapS> The only time where a pure PHP workload makes sense w/ fastcgi is when you are going to have a ridiculously high number of clients running PHP scripts ... but then you should be using lighttpd or nginx for your fastcgi frontend.
<twb> Doesn't apache-php5 force you to use apache2-mpm-stinky ?
<SpamapS> twb: look up "ZTS" aka "Zend Thread Safety"
<twb> SpamapS: heh, I don't care THAT much :-)
<Nonpython> 381 MB of 384 MB including cache.
<SpamapS> twb: ^5. :)
<twb> IMO anyone running PHP is already lost
<Nonpython> not including cache.
<SpamapS> PHP has its moments. :)
<Nonpython> twp: I need mah schweet wordpress.
<slackster> Nonpython: don't worry about the cache
<twb> Eh, it's moment was being perl for people who didn't already know perl.
<slackster> or not..
<Nonpython> I know perl.
<twb> Nonpython: yes, well, wordpress doesn't exactly have a hot security record.
<Nonpython> and I hate PHP.
<twb> Nonpython: this was back in the 90s when all web code ran on perl.
<Nonpython> It stole mah throne!
<SpamapS> twb: php was to perl as Windows 1.0 was to Mac OS
<SpamapS> dumb it down, make it cheap and people will buy it.
<Nonpython> Choosey programmers choose Perl.
<Nonpython> To referance weird peanut butter.
<Nonpython> How do I set up FastCGI?
<SpamapS> Nonpython: I run wordpress on a Xen instance w/ 384MB of RAM .. it works fine
<twb> SpamapS: yeah
<SpamapS> apache    2233  0.4  4.9  34120 18848 ?        S    22:02   0:10 /usr/sbin/httpd
<SpamapS> apache   18689  0.5  5.2  34884 20180 ?        S    21:41   0:17 /usr/sbin/httpd
<SpamapS> just use prefork. :)
<twb> *prefork*, that's what I was trying to remember (re. "stinky" above)
<SpamapS> twb: I was hoping somebody had called it stinky. :)
<twb> SpamapS: presumably that 384 MB is a xen instance that *just* runs wordpress?
<SpamapS> and courier-imapd
<SpamapS> and postfix
<SpamapS> and irssi :)
<SpamapS> oh and mysqld for wordpress
<twb> Ah, OK, so you're not taking a one-jail-per-service approach.
<SpamapS> no, you're pretty much pwning me on the next wordpress vuln
<twb> :-)
<Nonpython> My VPS runs Bind 9, Apache 2, Mod_PHP, MySQLd, Courier, and Postfix.
<SpamapS> oh I have BIND too
<SpamapS> another one with a great record
<twb> I wouldn't know; the systems I've set up (as opposed to adopting) run dnsmasq for DNS caching, and have their DNS records hosted elsewhere.
<twb> I don't think hosting your own DNS records is best practice anymore...
<SpamapS> yeah I have moved away from it more and more
<SpamapS> last few domains I registered I just let the registrar do it.
<SpamapS> included for free and works quite well
<twb> Not that I know much about dnsmasq's security record, but it's only internal-facing, so less of an issue.
<twb> And getting three services from a single easily-configured daemon is a pretty nice win :-)
<Nonpython> I tried fastcgi, it made things worse. I lost 1MB.
<Nonpython> Brave Brave Sir Nonpython, Bravely installed CentOS, Bravely thought Ubuntu kinda sucks for servers!
<Nonpython> btw, I love Ubuntu on the desktop and lappy, but if falls on its face as a server.
<twb> Please take your advocacy elsewhere.
<twb> (Unless you want to rant about something specific, in which case we can either try to fix it, or commiserate.)
<Nonpython> I do Kent...
 * ajmitch wonders if he'll come back when he finds that centos will probably suck just as hard at php
<twb> OK, NTP question time.
<twb> Which strata will ntpd (and/or ntpdate) accept as "good enough" to take time from?
<billybigrigger> can i setup a raid with 3 disks, 1x1TB and 2x500GB?
<twb> Some of my netboot farm is out-of-step by an offset matching the timezone, and I'm trying to isolate the fault.
<Callum__> billybigrigger: The 1TB will only use 500GB of its total space
<billybigrigger> Callum__, so im better off running the 2x500's in raid 5
<Callum__> billybigrigger: you need at least three drives for RAID 5
<Callum__> with just two drives you can use RAID 1 or RAID 0
<billybigrigger> 0 it is then :)
<Callum__> just remember that with RAID 0 you get no redundancy whatsoever =P
<billybigrigger> yup
<twb> RAID0 will HALVE your integrity
<twb> because if either drive fails, you have lost everything
<billybigrigger> will have to have the 1tb sit and do nightly backups for the raid0 then
<jpds> Well, RAID0 isn't even RAID.
<Callum__> yeah, technically
<Callum__> although a RAID 0 is probably faster than a single drive heh
<Callum__> can't remember
<Callum__> my server has three hardware RAID 1s working together using LVM2... its quite fast despite the performance penalties from the RAID setups
<Callum__> 2x 250GB SATA, 2x 80GB SATA and 2x 73GB SCSI, because I have no money
<owh> Salutations, going a little nuts. Getting /dev/null permission denied on boot which causes fetchmail to fail to start. I've updated rc.local to set the permissions correctly after the fact and if I manually start fetchmail after logging in it works. I've found some references to bugs regarding this, but no obvious fix.Running hardy. Suggestions?
<owh> grep -sr null /etc/udev/* returns:
<owh> /etc/udev/rules.d/40-basic-permissions.rules:KERNEL=="null",				MODE="0666"
<twb> That mode is correct.
<owh> Yeah, but something is setting it incorrectly during boot.
<twb> When I've seen "/dev/null not writable!" errors from bash in the past, it is usually because the root filesystem is corrupted and the kernel has remounted it read-only.
 * owh checks, but I doubt it.
<twb> Suggest forcefscking
<owh> It's a reiserfs filesystem on a VM.
<owh> And it's mounted rw.
<twb> Urk
<twb> For furture reference: don't use reiserfs without a damn good reason.
<owh> huh?
<owh> I had no choice in the matter.
 * owh likes ext*
<owh> None of this would be an issue if this container wasn't being rebooted irregularly by the host. Another thing I have no control over. 'nuf said about that :)
<twb> Stupid VPS vendors
 * owh nods
<twb> I still say forcefsck
<owh> If I wasn't in a place where I cannot move right this month or the next, I'd have tossed them aside. Right now I don't have that luxury. The force fsck might be fun, if I do that and it doesn't come back I'm fsckd.
<twb> If your filesystem is corrupt, you're already fucked -- you just don't know it yet
<owh> That's very true, but at least the users don't yet know it either. However if I forcefsck it and reboot and it doesn't come back I can't actually do anything about it either.
<twb> Fortunately you have diligently taken backups every day since you got this host.
<twb> Or: you have learnt the value of good backups :-)
<owh> I have, but this is live and losing live data right at this moment is a real PITA.
<twb> Well, you don't have to forcefsck RIGHT NOW, but doing it in the next day or so is definitely a good idea.
<owh> I have to say, I don't actually think the fs is corrupt. I don't see any other evidence of this. The permissions are reset every boot and have been doing that for at least 18 months, but the node has been up for most of that time without issues. The VPS provider has been "fixing" things which seems to necesitate rebooting my containers.
<owh> That's why this is an issue right atm.
<twb> I can't remember how badly reiserfs takes fsck of a corrupt fs, but I imagine that in the worst case you'll end up with data loss of the inodes that are already lost, and it'll continue to boot (unless the OS bootstrap files are themselves hosed).
 * owh still suspects an actual bug in hardy somewhere :)
<twb> owh: I'm not saying it's definitely corrupt, I'm saying that you should eliminate that possibility FIRST before investing your time (i.e. customers' money) investigating other possibilities.
<owh> That's fair comment.
<owh> crap
 * owh takes a deep breath, investigates load and does another backup.
<owh> Hold on, doesn't reiser allow an fsck on a running system?
<ajmitch> do you trust it enough to do that?
<owh> Hmm, fair point.
<twb> I don't trust *reiser* that much, even if I trusted t'so
<owh> I suppose I can get it to do an integrity check at least.
<twb> Meh.  shutdown -r -F 60
<owh> What's the -F 60
<twb> -F means forcefsck.  60 means to wait sixty minutes before rebooting, warning users beforehand.
<twb> (As rtfm will tell you, unless you're stuck with retarded shutdown(8upstart).)
<owh> I did rtfm, but intrepid had no idea what you were talking about and I don't have manpages installed on my server :)
<twb> Unfortunately upstart is not enthusiastic about preserving backwards-compaibility in APIs like inittab(5) and shutdown(8).
<owh> Hmm, not sure if the fsck will actually work. This is an OpenVZ container and I just got permission denied when running reiserfsck --check /dev/simfs
<twb> Oh, OpenVZ.
<twb> Then you don't have a filesystem in the first place, because you're in a jail, not a VM.
<owh> Don't ask :|
<twb> udev probably shouldn't even be installed in a VZ jail
<twb> IIRC ubuntu-minimal pulls it in, which pissed me off when I was building hardy VEs
<owh> What's the impact of purging udev?
<twb> I don't remember
<twb> I just remember the dependencies annoyingly assumed ubuntu-minimal was for physical hardware
<owh> Even if udev shouldn't be installed on this container, something is setting the permissions incorrectly at some stage during boot. When does rc.local run, can I make fetchmail run after that?
<owh> In fact, can I just add /etc/init.d/fetchmail start to rc.local?
<owh> I realise that this is pretty evil, and I'd like to avoid it if I can, but beggars cannot be ...
<twb> How do you know that it's not just set incorrectly in the os template?
<owh> I don't, but I also have no control over that.
<twb> For that matter, after attempting to access it, have any beancounters increased?
<owh> Huh?
<owh> WTF is a beancounter :)
<owh> I doubt that the VPS provider could tell me if their template was incorrect or that they'd change it just for me.
<owh> Hmm. rc.local runs last - lovely.
<twb> owh: /proc/user_beancounters
<twb> owh: I guess you aren't too familiar with OpenVZ
<owh> That would be correct.
<maxagaz> php code is not interpreted anymore since I upgraded to lucid, is there a bug in php on lucid ?
<twb> Normally I'd go check /vz/root/<VEID>/ as root on the hardware node, but I guess you don't have those privileges.
<owh> twb: That is true, no privs.
<ajmitch> maxagaz: are you trying to run php scripts from your home directory?
<maxagaz> ajmitch, no, it's in my /var/www
<ajmitch> then no, there's nothing changed in that regard
<owh> ajmitch: Sometimes I found that the module starts off as being commented out. Also restarting apache was required IIRC.
<owh> Uh, maxagaz that was for you.
<owh> twb: Which number should increase when?
<twb> owh: with nothing else running, try cat /proc/user_beancounters >/tmp/x; echo fuck >/dev/null; diff -u /tmp/x /proc/user_beancounters
<twb> Where the second command is whatever isn't working.
<owh> twb: What should that tell me?
<twb> That's just checking if the issue is exogenic (i.e. you're being futzed by VZ, not the posix DAC)
<twb> owh: from memory there's a "naughtiness attempts" column
<maxagaz> owh, restarting apache2 didn't help
<twb> "failcnt"
<owh> twb: Presumably with the permissions not set correctly right?
<twb> owh: shrug.
<owh> twb: Well, there's no failcnt at all.
<owh> The column is there, just all 0
<owh> maxagaz: What modules are enabled in /etc/apache2/mods-enabled/
<alkisg> Hi, I'm looking at a security problem, how can one take advantage of a suid root bash?
<alkisg> -rwsr-sr-x  1 root   root   800K 2010-05-19 10:47 bash
<maxagaz> owh, php5.load, php5.conf among others
<owh> maxagaz: And the apache php module is installed?
<owh> twb, I think the simplest is to change the run order for rc.local from 99 to 98, which makes fetchmail run afterwards. That won't actually fix it, but it will work around it.
<alvin> When will the upgrade to lucid become available for hardy users?
<owh> alkisg: AFIK it would mean that any code run in that shell could use root permissions.
<alvin> do-release-upgrade still says 'no release found'
<alkisg> owh, but I cannot reproduce this... e.g. if I run that bash as "alkisg" and then run `whoami`, I get "alkisg", not "root"...
<alkisg> Ah, got it in #bash, "(11:03:40 ÏÎ¼) koala_man: alkisg: bash drops suid if it detects it"
<alkisg> That's why I couldn't reproduce it
<maxagaz> owh: libapache2-mod-php5 is installed
<owh> maxagaz: Does the apache header show php5 installed?
<maxagaz> owh, how to check it ?
<maxagaz> http://localhost i guess...
<owh> maxagaz: wget -S url
<maxagaz> owh, The web server software is running but no content has been added, yet.
<owh> maxagaz: All we're doing is seeing if apache is reporting that php exists.
<owh> maxagaz: It should show PHP/5.x in the Server: header.
<maxagaz> owh, I tried "wget -S localhost" but how should it help ?
<owh> wget -S http://localhost
<maxagaz> owh, no PHP/5.x is shown
<maxagaz> owh, http://pastebin.com/MsUpd31X
<owh> Right, no PHP.
 * owh is trying to remember. Was this a fresh install?
<maxagaz> owh, no, it was an upgrade
<owh> cd /etc/apache2 ; find | grep php
<twb> owh: shrug
<twb> owh: I've lost interest in the issue
<owh> twb: Thanks for your help. I've updated the rc* directories to make rc.local run earlier.
<owh> If I have some spare cycles, I'll have a proper look.
<owh> maxagaz: What does that command output?
<twb> That always happens to me
<owh> twb: The spare cycles bit :)
<twb> I die a little inside every time I roll out a bodge instead of doing it properly on my own time
<owh> Yeah.
<twb> It's why our servers run fucking webmin and gnome
<owh> twb: And then you get to the situation I'm in with maxagaz where I know I've seen this before but I'm stuffed if I can remember how I fixed it.
<maxagaz> owh, ./mods-available/php5.load, ./mods-available/php5.conf, ./mods-enabled/php5.load, ./mods-enabled/php5.conf
<owh> twb: The funniest was when I knew I'd seen something before, did a search and found my own bug report on the matter :)
<twb> owh: I can beat that
<owh> maxagaz: What does ls -l ./mods-enabled/php5.load return.
<owh> twb: Bring it on.
<twb> owh: I needed the correct modeline timings for an LCD monitor, because it wasn't reporting EDID information correctly on its VGA port, and I didn't have an LCD GPU anymore.
<maxagaz> owh, ./mods-enabled/php5.load -> ../mods-available/php5.load
<twb> I found a pastebin of one of my old Xorg.0.logs from five years before, when I had a DVI port.
<maxagaz> owh, lrwxrwxrwx 1 root root 27 2009-12-03 19:50 ./mods-enabled/php5.load -> ../mods-available/php5.load
<owh> maxagaz: What does cat ./mods-enabled/php5.load say
<owh> twb: That's pretty good, since it implies that you even ticked the "keep this thingo" box on pastebin :)
<twb> Some pastebins default to that
<owh> ROTFL
<twb> I don't ever paste using a browser, man.
<maxagaz> owh, LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
<twb> I use lisppaste.el or hpaste.el or pastebinit(1)
<maxagaz> owh, -rw-r--r-- 1 root root 7618736 2010-05-04 15:11 /usr/lib/apache2/modules/libphp5.so
<owh> maxagaz: Have you got multiple vhosts on this apache server?
<maxagaz> owh, no, it's a very basic install
<owh> One mo, phone.
<owh> maxagaz: grep -r php *
<owh> maxagaz: You'll need to pastebin that.
<maxagaz> owh, http://pastebin.com/uTdjwKKb
<owh> maxagaz: Did you modify any of those files? I'm looking at a hardy server and it looks nothing like that.
<maxagaz> no, I didn't
<owh> grep -r mods-enabled *
<twb> owh: it wouldn't surprise me if your crack-whore VPS vendor had messed with apache
<maxagaz> owh, apache2.conf:Include /etc/apache2/mods-enabled/*.load
<maxagaz> apache2.conf:Include /etc/apache2/mods-enabled/*.conf
<twb> owh: do an "aptitude download apache2" or so, and examine the defaults
<alvin> omg! I've been waiting to upgrade to Lucid over semantics! (bug 223741). Does the papercut project for server still exists?
<uvirtbot> Launchpad bug 223741 in update-manager-core "'do-release-upgrade' requires the '-d' flag to upgrade from dapper to hardy, and from hardy to lucid" [Undecided,Confirmed] https://launchpad.net/bugs/223741
<alvin> -d = --devel-release. Never thought about Lucid as a devel-release since the official release
<owh> twb: I'm pretty familiar with what it's supposed to look like and what maxagaz showed us had wildcards in it, I suspect a later version of OS :)
<twb> owh: oh, sorry.  I assumed maxagaz had already mentioned he was on hardy.
<maxagaz> twb, no, I'm on 10.04
<owh> twb: Hmm, no I think maxagaz had said lucid.
<twb> owh: ignore me.
 * owh is on hardy atm :)
<owh> Hmm, I'd rather not / ignore :)
<owh> maxagaz: Just to humour me, did you stop apache and start it again?
<twb> alvin: to be honest, I trust do-release-upgrade less than a supervised aptitude safe-upgrade.
<alvin> twb: do you mean changing the sources then? Because safe-upgrade doesn't touch the kernel (of I'm not mistaken)
<twb> alvin: I do.  do-release-upgrade does that internally, AND if it dies for any reason, it doesn't roll them back :-/
<maxagaz> owh, yes I did
<alvin> I can do that manually.
<alvin> Doesn't it do more?
<twb> d-r-u also appears to download a tarball of... stuff.  I think it's rules about how to unbreak various things.
<owh> twb: Yeah, known issues are dealt with AFAIK.
<owh> maxagaz: Where there any warnings in the apache logs?
<twb> If/when I get enough money to upgrade to lucid, I'll probably read through that tarball by hand and then use my own judgement.
<twb> I'd rather just have a Debian-style release document that tells me in human terms how to handle those things, rather than trying to automate them.
<alvin> Well, i'd prefer do-release-upgrade then, but I haven't used it because of the --devel-release flag. Didn't expect that. --help doesn't mention a next LTS counts as devel-release
<alvin> twb: Well, if you put it that way: me too
<maxagaz> owh, [Wed May 19 16:33:20 2010] [notice] Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.1 with Suhosin-Patch configured -- resuming normal operations
<owh> Whoah.
<twb> alvin: either way, you should be doing normal paranoid things like backups, test runs on non-production or at least non-critical hosts, scheduling downtime to deal with breakages, etc.
<owh> That does show php maxagaz
<maxagaz> owh, but before it...
<maxagaz> owh, PHP Deprecated:  Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/mcrypt.ini on line 1 in Unknown on line 0
<alvin> twb: I did loads of those during the last 2 weeks of Lucid development. The result wasn't pretty. I have come to hate plymouth/mountall.
<owh> Create a file in /var/www/ called bob.php and put into it <?phpinfo();?>
<twb> alvin: righto, carry on.
<alvin> Testing time is over
<twb> (I thought your nick sounded familiar)
<alvin> Yeah, I subscribed to a lot of bugs. I have to say most servers aren't working worse than before. A lot of bugs are fixed. I only hate the lack of error messages for the exceptions
<maxagaz> owh, it works...
<owh> maxagaz: Magic.
<alvin> And kvm needs some 'best practices' documentation. Maybe I'll try to write that one day.
<maxagaz> owh, sorry for that
<owh> maxagaz: Don't worry about it.
<maxagaz> owh, thanks a lot
<owh> PEBCAK errors happen all the time :)
<owh> Pleasure.
<maxagaz> owh, PEBCAK ?
<owh> Problem Exists Between Chair And Keyboard
<owh> :)
<maxagaz> owh, :)
<owh> Or: "User error, replace user and press any key to continue..."
<owh> Anyone know of a dynamic way to block idiot guests who search for vulnerabilities on my apache server? Whole hordes of errors looking for /var/www/horde etc.
<twb> owh: that's like swapping in a freshly broken lightbulb
<owh> Which comment were you responding to twb?
<twb> Take the users away entirely; see how few problems are reportered thereafter
<owh> Riight.
<owh> Yes :)
<twb> *reported
<owh> Even, turn the server off, even less issues.
<owh> BOFH rules again :)
<twb> owh: that was gonna be my solution to your attack question
<owh> twb: Shame about the other guests who are legitimately using the site :)
<owh> twb: It's but a mere trifle, but those other guests are the paying ones :)
<twb> You could use netfilter's hashlimit module
<twb> That'd encourage everybody to adopt HTTP/1.1 pipelining, which is awesome ;-P
<owh> twb: All that will do is slow 'm down. I just want to block those fwits who ask for a select list of files.
<owh> twb: You ask for one of those files, you get blocked for the next 48 hours or so...
<twb> owh: you combine it with the recent module
<twb> and -j TARPIT or -j CHAOS
<owh> twb: So am I understanding that you are proposing to throttle those users, rather than block them?
<twb> owh: well, sure.
<owh> twb: So, is there an issue I'm not aware of if I block them?
<twb> One successful connection per host per day sounds pretty reasonable.
<alvin> owh: Just curious. Is this slowing down your server?
<owh> twb: I missed something there I think.
<twb> And if they stop attacking for a whole day, they're automatically allowed to try again.
<owh> alvin: Well, I really don't have a handle on that, but I do know that there are hordes of them. I also know that my real users should get all available cpu cycles, since they come to collect something they paid for.
<twb> owh: first you have a "trip" condition that detects an attacker and puts them in a "dunce list".  A second condition keeps them there until they stop attacking for some extended period.  And -j TARPIT means that instead of *dropping* those connections, you are tying up resources on the attacker's machine.
<alvin> Thos poor chinese companies that don't know their servers are compromised!
<alvin> (for unknown reason, most attacks on my network originate from Asia)
<owh> alvin: More computers per sqm perhaps?
<alvin> owh: Maybe. The attacks aren't bothering me much, but foor ssh, there is existing software for what you want to do. It does what twb describes, but I forgot the name. There's probably something like that for webservers too.
<alvin> I looked it up: http://www.fail2ban.org Apparently works for webservers too
 * owh was just reading that :)
<owh> alvin: vnice !
<owh> Later all, thanks for your assistance and insights.
<RoyK> alvin: fail2ban works for most stuff - it just parses logs after all
<uvirtbot> New bug: #582755 in bacula (main) "package bacula-director-pgsql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/582755
<uvirtbot> New bug: #582376 in samba "Samba (nmbd) fails to start at boot" [Undecided,New] https://launchpad.net/bugs/582376
<ryoohki> does anyone have a copy of /etc/apt/sources.list from a fresh U.S.A. install of unbuntu server 10.04 ?????
<twb> The install media is not nationalized.
<twb> You probably want to use us.archive.ubuntu.com or archive.ubuntu.com.
<twb> Unfortunately AFAIK Ubuntu doesn't maintain a machine-readable database of primary, secondary and tertiary mirrors, the way Debian does, so you can't just tell a script to go off and work out which mirror is fastest for you.
<ryoohki> twb: i just want the 25 - 30 line file /etc/apt/sources.list that's on a U.S.A. install of ubuntu server 10.04 which ought to be an easy request to fulfil.  i have the bulgarian one which i am nearly 100% certain, is the same file but with bg. instead of us., however, i am persnickety
<ryoohki> twb: it's the archive.ubuntu.com vs us.archive.ubuntu.com that i have in mind
<twb> ryoohki: just test both
<twb> dig and whois, if you really care
<ryoohki> twb: i don't want to run tests, i just the file
<ryoohki> twb: is it so hard to paste bin /etc/apt/sources.list?!
<twb> Well, there's no way in hell I'm going to go to .us.
<ryoohki> twb: what all this dig, whois, machine readable database...
<ryoohki> twb: ?????
<AmokPaule> Hello, i just upgraded my vserver to lucid, after the reboot it seems my server can't conceckt to the internet anymore.
<mwd> In Ubuntu Server 10.04, I can not get the resolution (console, no GUI) higher than 640x480. When I try to change GRUB_GFXPAYLOAD_LINUX, the system crashes when booting.
<twb> For grub, the fbcon, or both?
<mwd> Grub
<twb> I can't help
<twb> I don't believe that the bootloader should be reprogramming the GPU in the first place, so I disable that shit on mine
<mwd> In 8.04 I used the defoptions in menu.lst by adding vga=0x36c to get my resoltion (1440x900). In 10.04 this isn't working
<mwd> Sorry I ment fbcon, not grub
<mwd> But I can get grub up to 1440x900 when adding GRUB_GFXMODE=1440x900
<mwd> How can I see if fbcon is activated?
<kirkland> RoAkSoAx: pong
<mwd> What is the preferred method to get the resolution of the console higher then 640x480?
<mwd> I think the kernel uses vesafb
<mwd> when providinh no further information, 640x480 is used
<twb> mwd: you can't use a non-VESA mode like 1440x900 with the vesafb driver.
<twb> What GPU are you using?
<mwd> Ubuntu is running vmware
<twb> Oh, sigh.
<twb> Why don't you just use a serial line, then?
<twb> Then you can define an arbitrary size console
<mwd> In 8.04 1440x900 was no problem bei adding vga=0x36c
<twb> Uh, no, that is an obsolete shorthand for video=vesafb:1024x760-16
<RoAkSoAx> kirkland: morning :)
<kirkland> RoAkSoAx: howdy ;-)
<twb> I still think it's utterly UTTERLY stupid the way some of these VM solutions will turn a text console into a raster
 * SpamapS stretches and yawns
<twb> Hmm, http://communities.vmware.com/thread/28508
<SpamapS> mwd: for vmware vesa modes work fine
<twb> SpamapS: but he wants a non-VESA mode.
<mwd> Everything higher than 640x480 would be fine
<twb> mwd: then video=vesafb:1024x760-16, as you've been using, should be fine.
<RoAkSoAx> SpamapS: I was reading HAProxy architecture and for what I can see, if we don't implement a layer4 loadbalancer before HAProxy, loadbalancers wont scale
<twb> If that's not working, it might be that stupid vga16fb crap that I was in 10.04 and couldn't get rid of.
<uvirtbot> New bug: #582803 in samba (main) "samba doesn't work" [Undecided,New] https://launchpad.net/bugs/582803
<mwd> Where do I set video=vesafb:1024x760-16 ?
<twb> You pass it to the kernel from the bootloader
<mwd> ok, i try it
<twb> vga=876, as you were typing, should be identical
<SpamapS> RoAkSoAx: right, I think that may be something I put in the Unresolved Issues portion of the spec, with a suggestion to mention in the documentation that IPVS+Cluster will suffice in that case.
 * SpamapS is being paged by baby again.. doh
<mwd> I passed vga=876 to the kernel from Grub, resolution is 640x480
<twb> I blame vga16fb, lacking anything better to do
<twb> gunzip and cpio -t your ramdisk, and confirm that it contains vesafb.ko (or that it's compiled-in in /boot/config-*).
<twb> Then, yell at canonical for playing silly buggers with the ramdisk
<RoAkSoAx> SpamapS: Ok. Anyways I do think that at a certain point of time, might be necessary to be able to scale HAProxy itself. Anyways, will wait for your spec then :)
<ryoohki> i need a prisitine copy of /etc/apt/sources.list from a fresh U.S.A. install of 10.04
<RoAkSoAx> SpamapS: oh and btw... it seems that all webservers and loadbalancers have to be in the same subnet
<jpds> ryoohki: Again?
<ryoohki> jpds: not again, "still not"
<pmatulis> ryoohki: what's with this "pristine" stuff?  what jpds gave you yesterday was fine
<uvirtbot> New bug: #582812 in openldap (main) "ldapsearch -y option does not work" [Undecided,New] https://launchpad.net/bugs/582812
<ryoohki> pmatulis: no it was not
<pmatulis> ryoohki: why?
<jpds> ryoohki: http://pastebin.ubuntu.com/436127/
<ryoohki> pmatulis: it was edited - why do i need to explain this to you? why not provide the 25 or so line file?
<jpds> ryoohki: You should still be using a local mirror FWIW.
<pmatulis> ryoohki: i asked you why you insist on pristine
<ryoohki> pmatulis: do i answer to you?!   what business is it of yours anyway?!
<ryoohki> pmatulis: why are you even asking me this?????
<pmatulis> ryoohki: goodness me.  you are asking for help aren't you?
<ryoohki> pmatulis: if you can't help, then it doesn't concern you
<ryoohki> pmatulis: let me restate this: if you don't have the file, do ask me to explain why i want it
<ryoohki> pmatulis: i need a fubaz part n-22 ; why? ; huh?
<SpamapS> RoAkSoAx: when you say "all webservers and loadbalancers have to be in the same subnet" do you mean by haproxy's design or some other requirement?
<soren> ryoohki: Calm down, man.
<SpamapS> RoAkSoAx: because haproxy makes a full TCP/IP connection, so it can connect to a web server anywhere
<soren> ryoohki: It's a perfectly reasonable question. I too am curious why you need this pristine sources.list so badly.
<SpamapS> granted, it won't be very efficient to have LB's in Texas connecting to Servers in Taipei for clients in Sydney .. but it would work. ;)
<mwd> twb: vesafb is blacklisted in blacklist-frambuffer.conf
<ryoohki> soren: i need number 22; here's 21; no 22; 23 is close, no 22, why 22? ; what the hell?!
<ryoohki> soren: 21 != 22 && 23 != 22
<ryoohki> soren: i did not ask for anything hard to produce or all that uncommon but recieve may other things
<SpamapS> ryoohki: 10.04 US server install?
<ryoohki> soren: but not what i asked for
<twb> mwd: ugh!
<soren> ryoohki: You also haven't (a) calmed down nor (b) explained why what jpds gave you isn't good enough.
<twb> mwd: see what I mean about ubuntu being "clever"?
<ryoohki> SpamapS: 10.04 US server install /etc/apt/sources.list
<BrixSat> Hello :)
<SpamapS> ryoohki: amd64?
<BrixSat> any one with squid experience?
<twb> mwd: if you want to reverse that, you can edit the file in /etc and then run "update-initramfs -u -k all" to push the changes to the ramdisk.
<ryoohki> soren: why do you think i am not clam and why do you continue to think i should explain why i want something?????
<SpamapS> BrixSat: I've got a fair amount .. sup?
<twb> mwd: can you do me a favour and run "dpkg -S" on blacklist-framebuffer.conf, and tell me which package it's from?
<soren> ryoohki: You are asking for help. You are asking other people to spend time servicing you. You could at the least have the decency to address them courteously.
<SpamapS> ryoohki: more than 1 punctuation mark in a row == not calm
<ryoohki> soren: escpially, why do i need to tell you why i want that??????
<BrixSat> SpamapS:  I need to enable ssl on squid :)
<SpamapS> (... is, btw, one punctuation mark)
<mwd> twb: Removing vesafb from the blacklist and providing vga parameter to the kernel had no effect
<SpamapS> BrixSat: SSL sites, or SSL for clients?
<ryoohki> soren: i did ask for help courteously
<SpamapS> ryoohki: I have this file that you want, but yes, you need to chill out.
<twb> 22:51 <twb> mwd: can you do me a favour and run "dpkg -S" on blacklist-framebuffer.conf, and tell me which package it's from?
<BrixSat> SpamapS: when i type www.gmail.com it tryes to open https://gmail.com and gives an error on the browser
<_ruben> !info haproxy
<ubottu> haproxy (source: haproxy): fast and reliable load balancing reverse proxy. In component universe, is optional. Version 1.3.22-1 (lucid), package size 414 kB, installed size 956 kB
<SpamapS> BrixSat: you need to allow users access to the CONNECT method
<ryoohki> SpamapS: i have the file i believe but i'd take a second copy to compare to what i have
<ryoohki> SpamapS: thanks
<BrixSat> SpamapS:  how?
<SpamapS> clint@ubuntu:~$ md5sum /etc/apt/sources.list
<SpamapS> 47385d833ed5281a59c53d3337415785  /etc/apt/sources.list
<lenios> great, you have it
<RoAkSoAx> SpamapS: by HAProxy examples, it seems that all webserver are under the same subnet
<SpamapS> RoAkSoAx: thats just a best practice. :)
<SpamapS> RoAkSoAx: I will confirm that its not a requirement, but by its design, it should not be
<RoAkSoAx> SpamapS: but it's always better to have the same loadbalanced servers under the same subnet :)
<SpamapS> RoAkSoAx: not necessarily
<SpamapS> RoAkSoAx: for instance.. maybe you're balancing squid proxies and the end points rate limit based on source subet. ;)
<SpamapS> subnet even
<SpamapS> BrixSat: I don't have the exact acl line in my head...
<BrixSat> SpamapS:  another thing and how do i password protec it?
<RoAkSoAx> SpamapS: yeah but if they are gonna run as instances in the cloud, I'd rather have them under the same subnet (VLAN) because its on the same cloud.
<BrixSat> it is enabling exterior access and i want to password protect all access
<SpamapS> BrixSat: do you have the default squid.conf from the package? they have acl's setup for this already very nicely in there
<mwd> twb: "dpkg -S blacklist-framebuffer.conf" says: module-init-tools: /etc/modprobe.d/blacklist-framebuffer.conf
<SpamapS> RoAkSoAx: should produce a better response time that way anyway. :)
<BrixSat> SpamapS:  im using webmin to configure it
<SpamapS> RoAkSoAx: looking at ELB btw.. you know.. its ridiculously cheap... even if you're shoving 1TB/month through it.. probably cheaper than running an instance just for load balancing. ;)
<SpamapS> BrixSat: *ugh*
<RoAkSoAx> SpamapS: indeed, but not only that.. under terms of networking it would be better to have a separate vlan for each loadbalance domain
<twb> mwd: thank you.
<SpamapS> BrixSat: You need to add something like http_access allow CONNECT localnet
<BrixSat> SpamapS: i have that
<SpamapS> BrixSat: the order matters.. where do you have that? (and is your localnet one of the 10.x.x.x, 192.168.100.x or 172.16-31.x.x nets?)
<RoAkSoAx> SpamapS: i've actually never used it, but as I can read some of its features can be implemented with clusterstack+ipvsadm. The new features would be autoscaling of actual loadbalancers and launching of running instances given certain rules. scaling of loadbalancers can be resolvede in 2 ways, 1 layer4+layer7 loadbalancing, or using DNS for rr between loadbalancers. Then how many running instances given the rules, i.e always have two at least, ca
<BrixSat> my localnet is disabled i want to allow every body in and out the network
<SpamapS> BrixSat: needs to be before the 'http_access deny all'
<mwd> twb: lsmod says that vesafb is not loaded (vga16fb is loaded)
<twb> It boggles me that they blacklist vesafb for "being buggy", but insist that vga16fb be forcibly loaded *even when you don't want a framebuffer at all*
<SpamapS> RoAkSoAx: DNS+RR only works if you have very short ttl's, and DNS servers all over the world that do geo-location specific responding
<twb> "Blacklist viafb; the only framebuffer drivers we want loaded by default on x86 are the drm framebuffers and vga16fb.  LP: #558569."
<SpamapS> RoAkSoAx: and even that doesn't work great with some mobile clients who end up routing their forwarding DNS requests to somewhere very far from where they are
<SpamapS> RoAkSoAx: layer4 + layer7 is actually the simplest way to scale.
<RoAkSoAx> SpamapS: correct, but for scaling loadbalancers when load is too high... (and that might be only for a certain period of time) it might not be worth set up bopth layer4+layer7 loadbalancing
<twb> I could understand if they blacklisted vga16fb as well
<RoAkSoAx> SpamapS: Ok if we do layer4+layer7 at the same time, this means two things. Either launch both at the same time even though there's only 1 layer7 lb, and run a second/third/etc one when needed. Second choice, first have only layer7 lb, and then, when need to scale, launch another layer7lb, launach a layer4 lb, and reconfigure everything
<SpamapS> RoAkSoAx: I believe haproxy is touted as scaling to about 20,000 new connections / second on older hardware (HP DL145 dual opterons)... concurrency is unclear, but they seem to suggest 60,000 / 1GB of RAM
<ryoohki> SpamapS: may i have your copy of the file if you don't mind?
<SpamapS> RoAkSoAx: it may be worth firing up a bunch of EC2 nodes to test this.
<SpamapS> ryoohki: most certainly, I think I gave the md5sum while you were kicked..
<BrixSat> brb
<SpamapS> 47385d833ed5281a59c53d3337415785  /etc/apt/sources.list
<mwd> twb: viafb is already blacklisted
<twb> mwd: that wasn't the point
<soren> ryoohki: I don't understand why it's so hard to explain why you absolutely need this pristine file? You are asking people to spend time servicing you. If all they ask in return is getting their curiosity satisfied, that seems like a good deal to me.
<ryoohki> SpamapS: i have sources.list.bg: e52dbbc2b2cb9a63a940a428032d7853 ; sources.list.us 826281ebbf83343107d6a1cb19e40c71
<RoAkSoAx> SpamapS: testing is needed too see how much load a regular instance can hold off course. However, as I can read in Amaazon ELB they provide the feature to scale loadbalacing power
<SpamapS> RoAkSoAx: the trouble with the layer4 stuff is that it *must* take over the return traffic by layer 4 means.. DR might work *if* we can guarantee that the layer4 nodes share layer2 with the layer7 nodes (mmmm 8 layer burrito)
<ryoohki> SpamapS: .bg is a source.list from a bulgarian system i ran "sed -i -e 's#/bg.#/us.#g' sources.list"
<RoAkSoAx> SpamapS: and since ppl want something similar for UEC... that's just options that i can think of
<SpamapS> ryoohki: ok I'll pastebin the content
<RoAkSoAx> SpamapS: yep we'd have to use DR. And that's how HAProxy describes it too for their architecture
<soren> Also, if people understand the "why" they are likely to give much more useful answers. But apparantly that is uninteresting.
<SpamapS> ryoohki: please continue to be calm and nice and we'll be even more helpful. :)
<RoAkSoAx> SpamapS: i mean, launching l4 + l7 haproxy at the same time, they use the same subnet
<ryoohki> soren: i don't understand why you have the athority to ban people if you use to ban people who answer your questions in a form of their own dchoosing and thieir own choice punctuation... but i'll tellm you this, i no longer will chat with you
<SpamapS> ryoohki: http://pastebin.com/bJLKeHV4
<ryoohki> smoser: thanks
<soren> ryoohki: I think I can live with that.
<SpamapS> ryoohki: why is a perfectly valid question to ask. Often times people try to mask their true intentions because they are worried people will think them stupid or are doing something bad. We don't want people to do either of those things here.. :)
<soren> I happen to have this authority  because I've been giving useful answers in here for 4-5 years now.
<soren> This also happens to be the first time anyone has so violently refused to explain why they need a particular answer.
<SpamapS> RoAkSoAx: help me with something.. availability zone == layer 2 shared? I think not.. is there a lower level consideration that can force shared layer 2?
<ScottK> ryoohki: Also it's quite common for people to ask for information in the belief that it will help them solve a problem, but to experienced people here there is reason to believe they are solving the wrong problem.
<RoAkSoAx> SpamapS: Nope i dont think so. Layer 2 would mean addressing using MAC addresses... and to re-route traffic between them, we need layer 3
<RoAkSoAx> SpamapS: routing is done at layer 3
<SpamapS> ScottK: yes, and then you get this http://bit.ly/4BzLI2
 * soren facepalms
<SpamapS> RoAkSoAx: right, so DR (direct routing) is out
 * ScottK always has trouble remembering all the layers.  He mostly recalls layer 8 is the prime source of problems.
<SpamapS> RoAkSoAx: and NAT is definitely out, as we can't have nodes in another layer 2 as the default route
<SpamapS> RoAkSoAx: so we come back to IPTUN and all of its evil/glory ;)
<RoAkSoAx> SpamapS: layer 2 means addressing using MAC Addresses... I don't think you can achieve loadbalancing using only MAC addresses
<SpamapS> ScottK: sad part is, IP != OSI model
<RoAkSoAx> SpamapS: for this use case
<SpamapS> RoAkSoAx: yes.. for this use case.. reddit type scale should be fine:  http://stackoverflow.com/questions/260413/load-balancing-in-amazon-ec2
<SpamapS> RoAkSoAx: if you haven't read this yet, it should help you understand why I'm concerned with defaulting to using IPTUN : http://www.linuxvirtualserver.org/VS-IPTunneling.html
<ccheney> good morning guys, just finished reading email :)
<ryoohki> SpamapS: i'm glad i asked you as i think it is indeed the file i wanted
<RoAkSoAx> SpamapS: i do also think that IPTUn is out of the question
<RoAkSoAx> SpamapS: However, I've never used Amazon ELB, have you tried loadbalancing with for servers in different networks?
<soren> SpamapS: I don't see a "this is why you don't want to use it" section on that page?
<SpamapS> RoAkSoAx: no, I'm not sure how it works, but given its feature set and configuration, I wouldn't be surprised if it is just haproxy. :)
<binBASH> Hi
<SpamapS> soren: overly complicated and instructions from 1998 ... :-P
<binBASH> Does everyone know what the ec2 metaservice is in the uec images?
<mwd> twb: Added vesafb to /etc/modules, it's loaded now, but vga16fb ist still active
<binBASH> when I run the images in my cloud they always hang there during startup
<RoAkSoAx> SpamapS: Neither do I :). But as far as my networking knownledge goes... loadbalancing should be done in same subnet for obvios reasons (the same cloud is used, so instances in the same network should be used)
<binBASH> cloud-init running: Wed, 19 May 2010 13:14:13 +0000. up 11.31 seconds
<binBASH> waiting for metadata service at http://169.254.169.254/2009-04-04/meta-data/instance-id
<soren> SpamapS: Ah, that :)
<binBASH> dunno what ip this should be ;)
<soren> binBASH: It's part of UEC.
<SpamapS> soren: I admit, its a weak objection.. I can already feel it crumbling a bit in my mind as I understand it better.
<binBASH> soren: Hmm, strange it's no eucalyptus service I think?
<mathiaz> ccheney: o/
<binBASH> I didn't configure that ip somewhere
<soren> binBASH: It is.
<twb> mwd: no no, if it's going to go anywhere, it needs to go in /etc/initramfs-tools/modules
<SpamapS> ipchains -A input -j REDIRECT 23 -d 172.26.20.110 23 -p tcp
<soren> binBASH: It's not something you configure. It's a static ip.
<SpamapS> *old* school
<twb> mwd: vga16fb is loaded before your root filesystem is mounted :-/
<RoAkSoAx> SpamapS: loadbalance servers in different VLAN's (from my point of view) is out of the question. THat's why VLAN's where created in the first place. To keep *common* traffic separated from other trafficm, and in this case, loadbalancing traffic should go through the same vlan for each loadbalancing domain
<ryoohki> SpamapS: thanks, that was aactually the file i wanted.
<binBASH> soren: Ok, does this run on the cloud controller server?
<soren> binBASH: I'm not sure, to be honest. Probably.
 * SpamapS is once again being paged by the baby.. :-P
<binBASH> the problem here I have cloud with servers not on the same switch
<binBASH> :)
<coffeedude> password
<coffeedude> Ooops.
 * coffeedude blushes....
<soren> coffeedude: Hey, "password" is my password too!
<soren> Don't be ashamed.
<raphink> hi there
<raphink> has anyone seen processes freeze in D state in Lucid ?
<raphink> I've seen that with rsync and tar as xen domU domains
<mwd> twb: moved to /etc/initramfs-tools/modules, no effect
<raphink> at some point, the process freezes, stays in "D" state and won't leave
<RoyK> not recently, but they usually do that on all linuces if they lose their blockdevices
<twb> mwd: did you update-initramfs -u -k all?
<coffeedude> soren, :-D
<raphink> royK: was that for me?
<RoyK> raphink: yes
<raphink> thanks for your suggestion royK, however I can still access the hard drive
<raphink> and it happens in the middle of the copy
<raphink> lsof on the frozen process doesn't show any file other than special devices and libraries
<mwd> twb: yes
<twb> mwd: did you blacklist vga16fb and un-blacklist vesafb beforehand?
<mwd> twb: After Blacklisting vga16fb it works !
<mwd> Thank you :)
<uvirtbot> New bug: #582847 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/582847
<smoser> kirkland, ping
<smoser> or anyone.
<smoser> how would i hibernate a server ?
<jpds> smoser: pm-hibernate ?
<smoser> yeah, just found that and tried
<smoser> but no effect
<smoser> pm-is-supported --hibernate && echo yes || echo no
<smoser> yes
<kirkland> smoser: yeah, what jpds said
<smoser> so what is amuck then ?
<kirkland> smoser: can you try sudo pm-suspend
<smoser> i can, but thats not the goal. i need to yank power.
<binBASH> kirkland: do you know what this could be, I create volume for uec. It is created. If I try to attach it to the running instance it fails.
<binBASH> in logfiles I get a weird Java Exception
<binBASH> http://www.pastie.org/967740
<binBASH> this is log output with errors btw.
<binBASH> and another thing I have question about
<binBASH> what is this?
<binBASH> cloud-init running: Wed, 19 May 2010 13:14:13 +0000. up 11.31 seconds
<binBASH> waiting for metadata service at http://169.254.169.254/2009-04-04/meta-data/instance-id
<ttx> hggdh: around ?
<hggdh> ttx: yes
<ttx> hggdh: I propose that you draft what we should do as part of the QA workflow spec
<ttx> hggdh: do you agree with that ?
<hggdh> ttx: yes, no prob
<ttx> hggdh: ok, thx
<uvirtbot> New bug: #582887 in net-snmp (main) "package snmpd 5.4.2.1~dfsg0ubuntu1-0ubuntu2 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/582887
<ttx> zul, kirkland, mathiaz, smoser, SpamapS: just had a discussion with jib and reset the "drafters" for a few specs. That's what you should be working on... if you have any question, please let me know
<smoser> ttx, marching orders accepted
<ttx> he confirmed the deadlines
<smoser> can i eat lunch first ?
<ttx> smoser: I didn't change anything for you
<ttx> smoser: that video was very bad, btw
<smoser> yeah it was
<ttx> for some reason, the other Scott posted better audio
<smoser> didn't see that.
<ttx> it's on youtube somewhere.
<smoser> i can't locate the quote, but if you're complaining about the quality of the recording, thats understandable.
<smoser> but if you are complaining about the quality of the performance, i can't help
<smoser> :)
<ttx> heh
<smoser> i agree that in both cases it was bad
<smoser> can't find it on youtube
<smoser> my youtube skills are not practiced
 * SpamapS returns
<SpamapS> ttx: got the blueprint updates, thanks.
<kirkland> jdstrand: ping
<kirkland> jdstrand: what's your plans for libvirt merging?
<ttx> smoser: http://www.youtube.com/watch?v=ag7AlHy0lB4
<jdstrand> kirkland: either this week or next I plan to merge unstable
<kirkland> jdstrand: sounds good, thanks
<kirkland> jdstrand: 0.8.1 right now, looks like
 * jdstrand nods
<smoser> kirkland, for the record, it wouldn't suspend because kernel update had occurred, but it would have been nice to indicate that to me somewhere.
<kirkland> smoser: ah, right
<kirkland> smoser: if you were running byobu, it would have told you (R) that a reboot was required
<kirkland> smoser: your MOTD should have said so as well
<smoser> but the command would have still given me nothing
<binBASH> someone knows if it's possible to use a flatfile as iscsi target?
<kirkland> smoser: pm-is-supported, though should tell you that though, i agree
<mcas> binBASH: should possible
<kirkland> smoser: file a wishlist bug against pm-utils on that one;  should be trivial to do
<binBASH> mcas: Ok, sounds like an alternative. Because my UEC network is only 100 MBit.
<binBASH> So having an iscsi target for each vm local on the node is faster I think
<SpamapS> hrm.. I think I need some home servers
<SpamapS> RoAkSoAx: we were interrupted before and I was confused about something you were saying.
<cybrocop> Hi All
<ilaggoodly> Hi, I recently ugraded from 8.10 to 10.04, and might lighttpd webserver stopped working because "can't bind to port 80, already in use"... port 80 is however not in use...
<cybrocop> Does anyone know of a problem with creating a Raid0 (stripe) out of 6 disks? Is that not recommended for some reason?
<cybrocop> I've done 2 and 4 in the past, but I don't know if there is some overwhelming disadvantage with a higher number of disks.
<cybrocop> ilaggoodly: Have you verified with lsof?
<ilaggoodly> Yes "lsof -i | grep :80" and netstat
<ilaggoodly> no results
<ilaggoodly> I also installed an apache server quickly to test, and that seemed to work... apart from being apache
<cybrocop> ilaggoodly:  Lsof by default shows port names (see /etc/services) and not numbers
<ilaggoodly> ah
<cybrocop> ilaggoodly:  So you'd have to do "grep :www"
<ilaggoodly> right, still no luck :/
<cybrocop> ilaggoodly: Sorry, thats where my expertise ends on the topic. I've never used lighttpd. :(
<ilaggoodly> ah  well, learned something
<smoser> ttx, http://www.buy.com/prod/american-idol-singer-s-advantage-male-version/q/loc/20269/204714744.html?adid=18007
<ttx> "Literally erases cracking and straining"
<ttx> sounds good
<billybigrigger> any raid/mdadm gurus around?
<ccheney> smoser: so is EBS like a direct access disk and S3 nearline storage for putting things into EBS when you actually need to work with it?
<kirkland> Daviey: if you start looking at qemu-kvm bugs, perhaps start with the ones that are in the "New" state
<kirkland> Daviey: try to get as many of those pushed into the right state as possible
<smoser> ccheney, s3 has other uses, but yeah, that would be one. and yes, EBS is direct block level access.
<smoser> but to get to EBS you have to attach an instance. s3 provides http access
<ccheney> smoser: ok, great i think i understand how this works at a high level anyway :)
<smoser> (and https actually)
<ccheney> smoser: ok
 * ccheney doesn't have the hardware to play with yet so is reading through all the docs
<smoser> are you typing irc on your phone ?
<smoser> you should set up an amazon aws account if you dont have one
<smoser> and you can play there.
<smoser> you can expense $100 / month, which is quite enough unless you forget to turn off that m2.4xlarge system
<ccheney> smoser: oh, well kirkland is giving me a couple machines next tuesday to play with, but if i get done reading the docs early enough i might try playing on the amazon bit
<Daviey> kirkland: yeah, i there are a couple of New ones i started looking at
<Daviey> smoser: As a community member, I did some EC2 testing a few cycles ago that i could expense.. 1) i forgot to expense, 2) i left the damn instance running for a couple of months
<hggdh> Daviey: you should ask AWS for some shares, you invested nicely on them ;-)
<ccheney> anyone happen to know if it would be a problem to enable 'nobrl' by default for mount.cifs ?
<Daviey> hggdh: "whoops" :)
<ccheney> it mentions using this option if your applications don't support mandatory locking which cifs seems to require, it doesn't appear to work properly with advisory locking
<ccheney> and appears to cause problems with OOo not being able to save properly to cifs shares in some cases, haven't nailed down the exact cause other than apparently nobrl fixes it for the users having the problem
<cybrocop> smoser: Do you know if in Eucalyptus, when you create a Volume (analogous to EBS), if that volume is copied over to the node or shared via network?
<Daviey> ccheney: I'm not aware of any issues, but google seems to suggest it's a good thing to do.. Use NFS :)
<smoser> cybrocop, it uses aoe
<smoser> wait
<smoser> somethign over ethernet
<smoser> so  no, its not copied to the node
<smoser> the node is throwaway. ebs is supposed to be reliable
<ccheney> i've also let upstream OOo know that without nobrl their software falls over, maybe they can fix that issue themselves long term
<smoser> in maverick Eucalyptus should support using iscsi for ebs volumes
<cybrocop> thanks smoser
<smoser> it is AOE, i'm fairly sure
<smoser> i couldn't remember what the A was for so i thoguht i made it up
<cybrocop> :)
<cybrocop> ATA over Ethernet seems to be logical at least. :)
<binBASH> ok
<binBASH> then I will use the flatfiles iscsi
<binBASH> because ATA over Ethernet makes no sense with 100 MBit
<binBASH> ;)
<binBASH> will try this
<binBASH> http://www.aspdeveloper.net/tiki-index.php?page=LinuxiSCSITargetOnUbuntu
<bluethundr_> for some reason I can't SCP to one of my AWS servers: http://paste.ubuntu.com/436227/ yet I can scp to my other AWS server: http://paste.ubuntu.com/436232/
<bluethundr_> what gives?
<bluethundr_> it is a difference of literally scp foo bluethundr@$AWS1:~ vs scp foo bluethundr@$AWS2:~
<sh1ny> raid10 from flatfiles + iscsi from that raid = ownage, binBASH :D
<SpamapS> bluethundr_: your key is in an odd format
<bluethundr_> hmmm... yeah it seems to be trying to pull ~/.ssh/id_rsa. vs ~/.ssh/id_rsa.pub
<bluethundr_> but on the second (AWS2) it at least attempts a password authorization, but on AWS1 it just gives up entirely and prevents the transfer
<SpamapS> bluethundr_: no id_rsa is the private part
<bluethundr_> oh ok
<SpamapS> bluethundr_: but its in the SSH, not OpenSSH, format
<SpamapS> meaning old school commercial ssh
<bluethundr_> interesting. that key was generated with ssh-keygen
<SpamapS> bluethundr_: the one that works fails on the id_rsa, but succeeds on the id_dsa
<bluethundr_> oh ok.... think it's worth trying to regenerate the key?
<RoAkSoAx> SpamapS: what about?
<SpamapS> bluethundr_: actually no.. wait...
<SpamapS> bluethundr_: the one that worked used a password
<SpamapS> debug1: Authentication succeeded (password).
 * RoAkSoAx fall asleep :/
<SpamapS> RoAkSoAx: ahh ok
<bluethundr_> right
<SpamapS> RoAkSoAx: well I was just confused because in one discussion we said that they would not share layer 2, but then you were saying that they would share a VLAN, which is, in fact, a shared layer 2.
<SpamapS> and by they I mean servers and load balancer
<SpamapS> bluethundr_: ah, well your EC2 node doesn't have password auth
<SpamapS> bluethundr_: you have to have the key that you set it up with
<RoAkSoAx> SpamapS: no no I mean that for this use case, loadbalancing should be only done in one vlan per case. I mean, all instances under a loadbalancing domain should be in the same vlan
<SpamapS> RoAkSoAx: That makes perfect sense. :) Ok... sleep well. :)
<RoAkSoAx> SpamapS: So, that means DR (same network) loadbalancing
<bluethundr_> this is my /etc/ssh/ssh_config
<bluethundr_> http://pastebin.com/hPV2tqU5
<ccheney> i filed the cifs bug as bug 582925 for anyone who wants to weigh in on it in either direction, i'm not sure if it is likely to cause any problems by enabling it
<uvirtbot> Launchpad bug 582925 in samba "OOo needs mount.cifs to default to nobrl if possible" [High,New] https://launchpad.net/bugs/582925
<SpamapS> RoAkSoAx: right, makes it much, much simpler.
<uvirtbot> New bug: #582925 in samba (main) "OOo needs mount.cifs to default to nobrl if possible" [High,New] https://launchpad.net/bugs/582925
<RoAkSoAx> SpamapS: Now, in any case, either layer4 or layer7 (or both) loadbalancing can be used without worrying about network issues. Now, since UEC is a private cloud, each company can allocate an subnet that will match for their needs (current and future growth)
<RoAkSoAx> SpamapS: and we'll need to compare Amazon's ELB and actually determine what is best here. Both l4+l7 loadbalancing, only l7, or l4.
<RoAkSoAx> SpamapS: do you hhave the wiki page for the spec yet?
<SpamapS> RoAkSoAx: I'm setting up an ELB right now to load test against haproxy. :)
<SpamapS> RoAkSoAx: I started writing the spec yesterday but wanted to figure out a couple of things to put in the assumptions section rather than work items. :)
<SpamapS> Two things I want to answer before I put up the spec:  1) will puppet work to manage this (I think yes), 2) is haproxy as scalable as ELB
<RoAkSoAx> SpamapS: ok let me know if there's anything I can do to help
<RoAkSoAx> SpamapS: If puppet will manage it for deployment, no autoregistration will be needed since all is done through puppet. 2. HAProxy, AFAIK only scales in webservers not in loadbalancers. Either use a single LB, 2 LB in HA (master/slave) using keepalived, or 3. use layer4 loadbalancing on top of HAProxy, to provide scalability of HAProxy loadbalancers, and Layer4 can be set up for HA to reduce the single point of failure
<therian> how do i create a link that can be used over a remote file system? i mounted my server to this install with sshfs, but when i try to cd to the links i made with ln it tells me no such file or directory, i think its because its trying to cd to that directory on my box, anyway to fix this in ln?
<SpamapS> RoAkSoAx: there are 3 concerns to cover.. load balancing on backend (haproxy is exceptional at this because of its HTTP inspection capabilityes), high availability of IP's (heartbeat handles this nicely), and scalability of load balancers themselves (ipvs does this). My goal is that you can start with just load balancing, add HA if needed, and add scalability when needed, all relatively easily.
<bluethundr_> that's IT!!! :) password auth was off in my ssh_config on my AWS image.. guess it's a RightScale thing. ty!
<SpamapS> therian: symlinks are notoriously difficult on remote filesystems, whether nfs or sshfs
<therian> SpamapS: ah i figured it was my symlink, have anything for me to read?
<ccheney> grr stat can't properly identify a cifs mount :(
<therian> !g ln on remote file system
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<therian> !google ln on remote file system
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<RoyK> !kick ubottu
<smoser> hggdh,
<smoser> +                '-o-', 'Batchmode=yes',
<smoser> why the second -
<RoAkSoAx> SpamapS: First concern. agreed. 2nd either heartbeat/pacemaker, or keepavlied, or corosync/pacemaker. 3rd this is an issue because on top of loadbalancers, if you wante them to be "active/active", you need a mechanism to loadbalance load to the loadbalancers themselves
<RoAkSoAx> SpamapS: if you dont have that mechanism, you can only dop HA (master/slave)
<RoAkSoAx> SpamapS: now if you want to scale the loadbalancers to all loadbalance at the same time (active/active clusters). You need either on fo this 3 things
<smoser> hggdh, can i kill the instances that are running there
<RoAkSoAx> SpamapS: 1. DNS loadbalancing, 2. Hardware loadbalancers (Though for UEC it is not the case). or 3. On top of the HAProxy loadbalancers, put layer4 loadbalancers.
<hggdh> smoser: certainly, they are not mine :-)
<SpamapS> ugh.. 33 community AMI's with '10.04' in the name.. we need to get ourselves on that "Amazon AMI's" list
<hggdh> smoser: what gives with batchmode?
<SpamapS> therian: make your symlinks relative, and they might work. ;)
<smoser> that was from your last commit
<smoser> why did you put the second -
<smoser> in uec-testing-scripts
<therian> thanks SpamapS i'll look into that
<hggdh> smoser: typo
<cybrocop> I am not able to get a Win2K3 image to run in Eucalyptus. The image is in "running" state according to Eucalyptus, but it seems to be hung in the boot-up stage. I can run the image fine in KVM on my desktop computer. (Sorry for cross-posting. I posted this is #ubuntu-virt and #eucalyptus, but no response yet.)
<RoAkSoAx> SpamapS: if you use DNS loadbalancing, there's no healthchecking. HW loadbalancers are out of the question for UEC. And layer4 loadbalancing seems the only way possible
<hggdh> smoser: corrected, will check the branch
<SpamapS> RoAkSoAx: I guess my point is lets make sure concern 1, which is what 90% of people want, is done, and concern 2 is handled easily (99% of users will be served well enough by this). The 1% of people who have load that haproxy can't handle will be happy if we just have a prescribed method, it probably need not be automatic to setup IPVS, though it might be cool
<smoser> cybrocop, i have no idea how to debug windows boot.
<smoser> i would suggest hacking in vnc console
<SpamapS> RoAkSoAx: and yes, DNS and HW are out. ;)
<cybrocop> I've tried.
<cybrocop> Here is the KVM command I found running on the NC:
<hggdh> smoser: the last branch (34) had it already corrected
<smoser> hmm... i just pulled a couple minutes ago
<smoser> http://bazaar.launchpad.net/~uec-testing-scripts-dev/uec-testing-scripts/trunk/
<hggdh> weird
<RoAkSoAx> SpamapS: btw.. I've done something similar in my undergrad thesis using ipvsadm+heartbeat+ldirectord, I also saw keepavlied and HAProxy but I wanted layer4 loadbalancing with failover and in my case heartbeat was better: If you are interested, you can read it on: http://www.roaksoax.com/2008/07/ubuntu-in-my-thesis-part-2
<cybrocop> smoser: http://slexy.org/raw/s2kA3o47jR  This was the command running on NC.
<SpamapS> :) cool!
<cybrocop> smoser: So I copied the disk/ramdisk/kernel images to my local machine and tried to run this:
<cybrocop> sudo kvm -m 1024 -smp 1  -nographic -boot c -kernel ./kernel -initrd ./ramdisk  -append root=/dev/sda1  -drive file=./disk,if=scsi,index=0,boot=on -net nic,vlan=0,model=e1000,name=e1000.0  -parallel none -usb -vnc :1
<cybrocop> I'm hoping my "abridgement" of the KVM command didn't change the results in any way.
<hggdh> smoser: http://pastebin.com/FADaN53m
<cybrocop> I got a "Selected disk does not exist" on the Grub interface. Here is the screenshot: http://img541.imageshack.us/img541/8413/grub.png
<RoAkSoAx> SpamapS: which was called: "Design of a model to implement HA Web Servers", and the goal was use both IPVS+heartbeat to make it scalable and Hihghly available
<RoAkSoAx> SpamapS: oh and other conern is "Will UEC allow us to have a shared VIP between loadbalancers?"
<SpamapS> Right. I'm only avoiding IPVS because the layer 7 capabilities are limited, and the IPTUN requirement makes it a bit weird. In the past I've setup quite a few IPVS based load balancers.. but always in DR or NAT setup.
<SpamapS> But for balancing to haproxies..
<SpamapS> it seems perfect
<hggdh> smoser: indeed it was not there. I have no idea why. I justy pushed it
<cybrocop> smoster: Unfortunately, I don't know where to go from there. The original image which I uploaded to eucalyptus, boots fine with the following command:
<RoAkSoAx> SpamapS: yep, but as i mentioned before, since I do believe loadbalancing for this case should be done in same VLAN, that means using same network. WHich rules out IPVS TUN.... adn even for HAProxy we need a VIP in case we want to have more than 1 loadbalancer
<cybrocop> smoser: sudo kvm -m 1024 -boot a -fda ./win-grub.img -initrd ./memdisk -drive file=win2k3.img,if=scsi,boot=on -nographic -vnc :1
<RoAkSoAx> SpamapS: though it will be for failover purposes
<smoser> cybrocop, just fyi, when you upload an image, it is turned from an image into a partition before eucalyptus runs it
<smoser> ie, they shove a partition table at the front, put your data in first partition, then stuff swap and ephemeral data partitions
<cybrocop> that is why I created 2 partitions.. which I learned is a hack to disable this feature
<cybrocop> smoser: Here is my partition table before upload: http://img710.imageshack.us/img710/629/qtparted.png
<cybrocop> Anything else I can do to debug/troubleshoot this?
<cybrocop> for instance, can I make eucalyptus run my image with a vnc console temporarily, so that I can vnc to it?
<cybrocop> I suspect I'd get the same thing... but I don't know what else to do.
<uvirtbot> New bug: #582963 in apache2 (main) "SSL pass phrase dialog can't read input" [Undecided,New] https://launchpad.net/bugs/582963
<RoyK> this new swapping to compressed memory is a rather nice feature :)
<smoser> cybrocop, yes, you can hack that.
<smoser> on the node controller there is a file.. that generates the libvirt xml
<uvirtbot> New bug: #582970 in mysql-dfsg-5.1 (main) "mysql-server won't start after update" [Undecided,New] https://launchpad.net/bugs/582970
<cybrocop> smoser: ok, found it: /usr/share/eucalyptus/gen_kvm_libvirt_xml. Will try to hack but other than that (assuming it shows the same error as in GRUB), where else can I turn to for help?
<SpamapS> mathiaz: is puppet auto-registration already in lucid, or is that something we're doing for mavrick?
<mathiaz> SpamapS: hm - well - it depends what you refer to as auto-registration
<mathiaz> SpamapS: http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/
<mathiaz> SpamapS: I wrote a serie of blog post about using puppet with UEC/EC2
<mathiaz> SpamapS: and outlined how to automate the signing process with Lucid
<mathiaz> SpamapS: it requires some external scripts though
<SpamapS> mathiaz: Right, I am just remembering a session where you were talking about it, but don't remember if it was "this works now" or "this is what we're doing"
<mathiaz> SpamapS: so you probably refer to the puppet-bootstrap session
<mathiaz> on monday afternoon
<mathiaz> SpamapS: This is work to be done in maverick
<smoser> cybrocop, i really dont have a lot of suggestions.
<SpamapS> mathiaz: right ok. :)
<smoser> but i think it is going to be a problem with the partition tabble being busted
<mathiaz> SpamapS: for testing purposes you can just turn on autosigning on the puppetmaster
<SpamapS> mathiaz: btw I think we can do this very easily with puppet, and maybe even provide a way for people to override puppet with their own "run this to add node to load balancing"
<mathiaz> SpamapS: right
<mathiaz> SpamapS: we'd have to narrow down the use case
<mathiaz> SpamapS: I'd like to talk to nijaba as he is the one who initially brought up the BP
<mathiaz> SpamapS: one use case is to assume that there is a puppet infrastructure running
<mathiaz> SpamapS: and then we should outline how it can be leveraged to implement load balancing
<mathiaz> SpamapS: the other case is when you don't have a puppet infrastructure
<mathiaz> SpamapS: and we'd focus on providing an end user experience similar to the elasctic load balancing
<SpamapS> Use case (not sure if its specific enough): Users want to deploy web servers rapidly, especially in cloud environments.. specifically they want to deploy heavy web apps that require multiple servers to sustain rapid response time...
<mathiaz> SpamapS: with just a command to run to register to the LB
<RoAkSoAx> that's the idea
<RoAkSoAx> one command to register a webserver to the LB as well as considering adding more LB's
<SpamapS> Yeah the package name I was thinking was 'cloud-loadbalancer' and it would depend on puppet, and recommend cloud-loadbalancer-puppetconfig that would have a default set of modules setup to start haproxy on LB, and export configs from a class given in a debconf question
<SpamapS> then the single registration command just uses ralsh to add the node to the class
<SpamapS> unregister removes it from class
<RoAkSoAx> SpamapS: what if instance fails and never come backs again, but another does (wiuth different IP). The case of auto de-registering a webserver should be also considered
<SpamapS> if you already have puppet.. should make things easier.
<mathiaz> SpamapS: hm - I wouldn't depend cloud-loadbalancer on puppet
<SpamapS> mathiaz: then we have to write our own registration protocol/database.
<mathiaz> SpamapS: as setting up a complete puppet infrastructure seems a bit heavy-weighted
<SpamapS> Not 100% against that at all
<mathiaz> SpamapS: right - that's the downside
<SpamapS> but it seems like puppet already does this.
<SpamapS> which is what I'm testing right now on my little 5 node EC2 cluster I just fired up
<RoAkSoAx> from my point of view, autoregistration of webserver to a LB can be easily down without having to use puppet
<RoAkSoAx> s/down/done
<SpamapS> RoAkSoAx: agreed, but will it be compatible and scalable at the organizational level.. we don't want to build another puppet if people already use puppet...
<RoAkSoAx> SpamapS: we can use a similar implementation of autoregistration of UEC
<SpamapS> I'm more concerned actually with just the 'add node' 'remove node' semantics.. the auto-reg part would be doable in init scripts or health check at that point.
<RoAkSoAx> SpamapS: i.e. LB has a listener. Webserver is fired up and says "This is my IP, register me". Then LB registeres it and handles everything as it regularly does. This is what I've been thinking yesterday and investigating with UEC autoregistration features
<mathiaz> RoAkSoAx: how do you make sure that you don't register rogue machines?
<RoAkSoAx> mathiaz: define rogue?
<SpamapS> RoAkSoAx: yeah, I can do that. Is it a good idea to write that if puppet does that already though?
<cloakable> RoAkSoAx: machines the administrator does not control
<mathiaz> RoAkSoAx: the LB needs to be sure that it's going to include a legitimate webserver
<mathiaz> RoAkSoAx: and not a random server showing up and knocking on its door
<RoAkSoAx> mathiaz: can be done with certificates
<RoAkSoAx> mathiaz: Is that the way it's done in UEC?
<mathiaz> RoAkSoAx: yeah - that's starts to look like puppet
<mathiaz> RoAkSoAx: well - UEC uses certificates to handle images uploaded to the cloud
<mathiaz> RoAkSoAx: however running instances don't have any credentials
<RoAkSoAx> mathiaz: right. but I mean, in the UEC autoregistration feature that is implemented, that doesn't make use of any authentication mechanism?
<mathiaz> RoAkSoAx: nope
<mathiaz> RoAkSoAx: UEC auto-registration is used for *installing* a cloud
<mathiaz> RoAkSoAx: it uses avahi to detect the different components
<mathiaz> RoAkSoAx: auto-registration doesn't have anything to do with *running* instances
<RoAkSoAx> mathiaz: I know. :). But I thought that for *installing* loadbalancing clusters and though, this can be also done in running instances
<mathiaz> RoAkSoAx: UEC uses ssh keys to talk between its various components
<SpamapS> there's a lot of *asterisks* in here
<RoAkSoAx> mathiaz: I see... anyways that's just an Idea I had. To just start the webserver instance, broadcast itself to the loadbalancer for registration, and use something like a shared key for authentication
<RoAkSoAx> mathiaz: as in the way heartbeat used to authenticate other nodes of the cluster when there were in autojoin method
<SpamapS> RoAkSoAx: back in the day, thats how mod_backhand worked. ;)
<mathiaz> RoAkSoAx: that's an option
<mathiaz> RoAkSoAx: I wouldn't broadcast as instances may be in different availibity zones
<mathiaz> RoAkSoAx: *webserver* instances
<mathiaz> when a webserver instance is started pass in the IP/dns name of the load balancer plus the shared secret
<mathiaz> (that's actually step 2.)
<RoAkSoAx> mathiaz: indeed but instead of broadcast I'd say multicast :)
<mathiaz> 1. start a new LB instance (specifying a shared secret if needed)
<mathiaz> RoAkSoAx: not sure if multicast is working withing EC2
<SpamapS> you guys are all having the same ideas I had yesterday, which is encouraging....
<RoAkSoAx> mathiaz: enlight me in something, are availability zones view as VLANs?
<SpamapS> don't count on multicast even working on most private LAN's
<mathiaz> SpamapS: yeah - there aren't so many ways to solve the problem ;)
<mathiaz> smoser: ^^
<RoAkSoAx> SpamapS: I had similar ideas since I did my thesis with autoregistration and stuff but never tried to implement them :)
<RoAkSoAx> SpamapS: in fact, advisors wanted me to do that as part as my thesis. Anways waht matters now is that we can resolve the issue together :D
<smoser> i wouldn't think that multicast would work on ec2
<smoser> but thats not definitve
<RoAkSoAx> mathiaz: are availability zones viewed as different vlans? or broadcasts domains?
<mathiaz> smoser: ^^?
<smoser> availability zones are basically labs. generally i dont think they share any sort of "local" networking
<smoser> in ec2.
<RoAkSoAx> smoser: by local network you mean each availability zone has its own vlan for example?
<SpamapS> yeah I doubt you can guarantee shared vlan
<SpamapS> just forget broadcast
<SpamapS> single shared resource manager works better anyway
<RoAkSoAx> SpamapS: well 1 vlan is 1 broadcast domain, that means network traffic is isolated from other vlans, so If i broadcast something in that vlan, the broadcast message will stay in that vlan
<RoAkSoAx> not even with intervlan routing the broadcast message will be braodcasted to other vlans
<SpamapS> I see the attraction to braodcast..
<smoser> ok.  so i doubt that you can expect any broadcast to work.
<smoser> even inside a availability zone
<SpamapS> but its just as easy to say "do a DNS request for 'puppet', find it, tell it you're here"
<smoser> and almost certainliy not between them
<RoAkSoAx> smoser: is there any documentation on availability zones out there?
<smoser> availability zones are basically labs
<smoser> phisical buildings separate from another
<RoAkSoAx> smoser: right but you can have Building 1 with VLAN 1, VLAN2 and Building 2 with VLAN 1 and VLAN2. And there'd be communication between hosts in the same vlan even if they are not in the same building
<SpamapS> So puppet needs to store configs for exported configs to work..
<RoAkSoAx> smoser: in a switched network that is
<SpamapS> turning that on gets me Could not parse configuration file: StoreConfigs not supported without ActiveRecord 2.1 or higher
<SpamapS> not having much luck finding the package for that
<SpamapS> or is it a bad errmsg and instead I need to setup a dsn of some sorts
<smoser> ok. so i dont think so.  i would expect for different az to be different networks.
<SpamapS> ? (10.248.246.1) at fe:ff:ff:ff:ff:ff [ether] on eth0
<SpamapS> thats my default gateway
<RoAkSoAx> smoser: do you know of any whitepaper/website that explains that?
<SpamapS> something tells me..
<SpamapS> thats not any sort of VLAN, but internal to the box. ;)
<SpamapS> so I say again, broadcast has become useless unfortunately
<smoser> i think that SpamapS has to be considered correct here.
<SpamapS> But, a little centralized service in a predetermined location *is* useful. :)
<smoser> RoAkSoAx, i could only google
<RoAkSoAx> sommer: yeah I already found documentation but there's no in-depth specification that's why I was asking
<RoyK> RoAkSoAx: 802.1Q is your friend
<SpamapS> if puppet, for whatever reason, doesn't work out for this..
<RoAkSoAx> RoyK: I already know  802.1Q :)
<SpamapS> I was already thinking of just providing a simple REST service for adding/removing nodes, and using client ssl certs for auth
<RoAkSoAx> SpamapS: well now, in case broadcast wont work, we can just tell webserver to unicast "Hey I'm here, my IP is XX, add me" to the LB
<RoyK> RoAkSoAx: then I don't get it - won't just a tagged vlan do the job?
<RoyK> broadcasts should work well over 802.1q
<RoAkSoAx> RoyK: that's the same thing that i'm trying to say here :)
<RoyK> do you have a L3 switch or a router between the buildings?
<SpamapS> RoAkSoAx: precisely. And this will be repeated whenever httpd is started..
<SpamapS> RoAkSoAx: or whatever service is started.... meanwhile the LB will remove unreachable nodes after X number of minutes
<RoAkSoAx> SpamapS: for example we can say. "Start WebServer instance for LB1 (which has XX.YY.ZZ.WW)" and tell the IP to the WebServer. When ever it is up it can just say "hey I'm up and running. Im ready to receive load, add me!!"
<RoAkSoAx> RoyK: Well I don't have anything, we are discussing this on AmazonEC2
<RoyK> won't you be using SLP or something for that these days?
<RoAkSoAx> SpamapS: or whatever service we are starting. it'd be the same process
<SpamapS> This is, again, where puppet just rocks this space.. because puppet would be saying "on class web_backend, install the packages, start the services, and then load balance to them" .. the only piece then is to just have this puppet bootstrap tell the puppet master about the nodes
<RoyK> RoAkSoAx: I don't get it - what are you trying to figure out?
<zorzar> hey i just tried to upgrade a server from 8.04 to 10.04, now i can't connect to it via ssh, it hung on "Updating fontconfig cache for /usr/share/fonts/truetype/ttf-bitstream-vera" after removing unneeded packages and than the server reset the connection
<RoyK> RoAkSoAx: summarise, please
<RoAkSoAx> RoyK: I;m trying to figure out AmazonEC2 Availability zones. And if they share VLANs between them
<zul> i doubt that information is anywhere
<RoAkSoAx> SpamapS: Ok then :)
<zul> knowing amazon
<RoAkSoAx> zul: me too but at least they should give an idea if wether loadbalancing between availability zones consits on doing it in one single network (vlan) or not
<RoyK> RoAkSoAx: I thought you were talking about different buildings and a local network
<SpamapS> Heh.. they'll tell you to never rely on shared physical LAN
<RoAkSoAx> RoyK: nope I was just trying to explain how vlan works
<RoyK> k
<RoyK> I thought that was common knowledge :)
<RoyK> anyway - with today's hardware pricing, I wouldn't use a leased VM for anything, really
<RoyK> just my two cents
<erichammond> There is no broadcast in EC2.
<RoAkSoAx> RoyK: well from my point of view, Companies would rather pay X amount of money to have their services hsoted in the cloud than Y amount of money on having hardware, losing space, and so on
<erichammond> What other aspects of VLAN are you interested in for EC2?
<SpamapS> heh.. working with EC2 sure does crap all over your known_hosts file. :-P
<SpamapS> RoyK: we're also considering people who want to run a load balanced app in UEC easily
<SpamapS> RoyK: and for that matter, just people who might want to load balance in a regular server farm
<RoyK> RoAkSoAx: depends on the company - if you have hardware yourself and something goes wrong, fix it - if you have it all somewhere else and something goes wrong, pray to the nearest god that someone might fix it some day, AND that they have a nice backup. I'm not very religious, so I like keeping hardware
<smoser> SpamapS, http://paste.ubuntu.com/436321/
<SpamapS> smoser: god bless you
<SpamapS> I might have spent months doing it wrong without that. ;)
<RoAkSoAx> RoyK: depends on the company :). Even the goverment has hardware running in third party dattacenters
<RoyK> RoAkSoAx: we're just a small research institute (200 or so people, half of them researchers), and we still keep our own stuff
<SpamapS> http://www.doingitwrong.com/wrong/2924_IMG_0039.JPG
<RoAkSoAx> RoyK: well in that case you *have* to have your own hardware
<RoyK> we do
<RoyK> just got this nice 16 core thing with 64 gigs of ram just to chew volcanic ash
<RoyK> :Ã¾
 * SpamapS suggests Volcanic Ash as a new Jelly Belly flavor
<RoyK> EyjafjallajÃ¶kull Jelly Belly? :)
<RoAkSoAx> erichammond: Availability zones share VLANs?
<SpamapS> RoyK: maybe have the swedish chef promot it.. "nnn de fire going in to de mountain, yumy yumy BORK BORK BORK!"
<RoyK> hehe
<erichammond> RoAkSoAx: I don't think that is a valid question in EC2.  What aspect of a VLAN are you interested in?  I.e., what specific behavior or result are you looking for?
<RoyK> these eight-core amd processors perform rather well, btw :D
<erichammond> RoAkSoAx: In the security sense, you can build your own VLANS across availability zones where only instances of a particular account and security group are in it (i.e., no other instances can see your traffic).
<RoAkSoAx> erichammond: For i.e. AZ1 has VLAN 99 and AZ2 has VLAN 99. So, if host under vlan 99 in AZ1 would be able to community with host in VLAN 99 on AZ2 as if there were in the same network
<RoAkSoAx> erichammond: s/commuynity/communicate
<erichammond> RoAkSoAx: What do you mean by "community"?
<erichammond> ah
<erichammond> RoAkSoAx: Communication between EC2 instances is controlled by EC2's concept of "security groups".  Availability zones are transparent to security groups.
<RoAkSoAx> erichammond: Right but for example if I wanted to have 2 nodes in the same network, in different availability zones, would that be possible? I guess it would for what you explained above
<erichammond> RoAkSoAx: You might be better off if you start with the idea that EC2 has no VLANs and then just learn about security groups.
<erichammond> RoAkSoAx: There is no "same network" or "different network"
<erichammond> RoAkSoAx: Yes, instances in different availability zones of the same region can communicate privately.
<erichammond> Regions are groups of availability zones and nothing is shared between regions except for your basic AWS account authorization.
<RoAkSoAx> erichammond: yes I saw that. I was just wondering about availability zones :) Thanks :)
<RoyK> what would you guys recommend for virtualisation with automated failover between two hosts?
<RoyK> kvm and nfs? xen?
<npope> RoyK: kvm with NFS
<smoser> hggdh, ping
<pmatulis> for network installs (PXE), how do i point to installation media available by HTTP?  i'm looking at the pxelinux.cfg/default file
<erichammond> RoAkSoAx: EC2 availability zones place no restrictions on networking except that it costs more for traffic between them and it generally is higher in terms of router hops.
<RoyK> npope: got a url with a description of how to do that best?
<cybrocop> quick question on kvm syntax.  If I include -kernel or -initrd options, will -boot be ignored?
<npope> RoyK: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Virtualization_Guide/chap-Virtualization-KVM_live_migration.html its for RHEL based systems but the same basic steps apply
<RoyK> npope: thanks
<RoyK> was thinking of getting a couple of those 16-core (or 24-core) boxes and see how it works out
<npope> RoyK: we have had some luck with HP 380 G6 dual cpu quad core boxes.  pretty click if you ask me
<RoyK> I guess we'll be using supermicro
<binBASH> Did someone of you brake twitter btw.? http://www.picpaste.de/pics/Bildschirmfoto-Twitter_-_Over_capacity_-_Mozilla_Firefox.1274295427.png
<RoyK> works well with both linux and osol
<binBASH> I'm getting this
<RoyK> and doesn't cost a whole lot (16-core with 64gigs of ram for NOK 43k is not very expensive)
<hggdh> smoser, pong
<smoser> hm... what was i going to ask you
<hggdh> heh
<RoyK> "how many road must a man walk down" is classic
<ne7work> hello all
<ne7work> please someone help me with proftpd
<cybrocop> smoser: & all    In Eucalyptus, does the partition table get changed during the upload of bundle itself or when an instance is run?
<smoser> cybrocop, run
<cybrocop> thx smoser
<smoser> look at partition2image
<smoser> or some such on the node
<smoser> i think its the same place you found the kvm  libvirt script
<SpamapS> hrm I'm stuck w/ puppet
<SpamapS> my nodes sent their cert reqs to the server..
<SpamapS> I signed them..
<SpamapS> now nothing works
<SpamapS> :(
<SpamapS> getting some odd errors on the nodes
 * SpamapS decides to think it over at lunch
<RoyK> ne7work: ask a question about something you want to know - don't ask for a lecture
<ne7work> RoyK, I don't know how to select directory for ftp user
<ne7work> and how to set permissions on this directory
<RoyK> afaik it's run under its own user, ftp
<RoyK> like vsftpd does it
<RoyK> and probably all the rest
<hggdh> zul: do you remember the name of the gobby for the server-qa-workflow?
<sommer_> hggdh: I do it's: server-m-qa-workflow
<hggdh> zul, thank you
<hggdh> zul, do you have a copy? It seems it vanished from Gobby
<hggdh> or I bloody cannot find it
<uvirtbot> New bug: #583044 in bacula (main) "package bacula-director-mysql (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/583044
<zul> hggdh: sorry im busy with a sick kid here
<zul> hggdh: ill try to find it in a bit
<hggdh> zul: thank you
<Andre_francys> hello
<Andre_francys> need helpÂ´me
<Andre_francys> how to configure ldap in the ubuntu 9.10 with file slapd.conf
<cybrocop> smoser: after investigation it looks like there is a bug in partition2disk that makes it ignore my image completely. https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/494803
<uvirtbot> Launchpad bug 494803 in eucalyptus "NTFS partitions aren't properly detected in partition2disk" [High,In progress]
<cybrocop> but that doesn't seem to be the cause of my problem.
<cybrocop> since it ignores my image anyway
<sommer_> Andre_francys: slapd uses the cn=config backend in 9.10
<sommer_> Andre_francys: the serverguide for lucid has instructions that work for 9.10
<sommer_> https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<Andre_francys> ok i try
<lifeless> kirkland: hey
<lifeless> kirkland: you said something about being able to power off vms from virt-manager
<MTecknology> This runs every three days in cron, right?  0 6 * * */3 /usr/local/sbin/config-branch-email > /dev/null
<ScottK> MTecknology: man 5 crontab
<MTecknology> ScottK: thanks - looks liek I got it right :)
<ccheney> i think it would be 0 6 */3 * *  but i might be wrong
<MTecknology> wrong*
<MTecknology> ccheney: I suppose that would make more sense
<ccheney> MTecknology: what you did might work but i am not sure, it might only run on tue/fri
<ccheney> or something like that, maybe more like sun,wed,sat
<MTecknology> ccheney: I'm interested in finding out :P - I'll test it
<ccheney> looks like it would be 0,3,6 whatever that maps to
<MTecknology> So.. do you guys know of any way to manage passwords between groups of users?
<zul> hggdh: i dont have it...maybe mathiaz
<MTecknology> zul: hey.....
<zul> MTecknology: hi
<MTecknology> zul: how's it going?
<hggdh> zul, thanks anyway. mathiaz -- do you have a copy of the gobbydoc server-m-qa-workflow?
<zul> MTecknology: good dealing with a sick kid
 * SpamapS just ate a ridiculous amount at the indian buffet
<MTecknology> zul: tell 'em i said they better get better :) ... I was thinking.. since you're brilliant...
<MTecknology> zul: Any chance you could make a repo with php-fpm available for lucid?
<zul> MTecknology: maybe if i had time
<MTecknology> zul: I tried and failed miserably
<uvirtbot> New bug: #494803 in eucalyptus "NTFS partitions aren't properly detected in partition2disk" [High,In progress] https://launchpad.net/bugs/494803
<mathiaz> hggdh: http://people.canonical.com/~mathiaz/server-m-qa-workflow
<hggdh> mathiaz: thank you
<kirkland> lifeless: yeah, you should be able to
<kirkland> lifeless: if your guest is totally up to date
<kirkland> lifeless: there's an update for acpid you need in your guest
<kirkland> lifeless: (and you might have to install acpid in your guest, if you don't have it already
<lifeless> kirkland: ah, it wasn't installed
<lifeless> kirkland: thanks.
<kirkland> lifeless: sure
<kirkland> lifeless: i've toyed with the idea of adding that to the server seed
<kirkland> lifeless: file a bug, if you think it makes sense
<lifeless> \o/ success
<DrUnKnMuNkY> hey, i upgraded ubuntu server 8.04 to 10.04 and now i'm stuck in an initramfs prompt. anything i can do from there? it's a server i don't have physical access to :/
<lifeless> +1
<kirkland> lifeless: how bad were the dependencies?
<breakd0wn> hello, I am having trouble installing 10.4. Basically the cd boots, I partition, format, looks like it installs base, then get a prompt
<breakd0wn> Please insert the disk labeled 'Ubuntu Server 10.04 LTS amd64 20100427 in the drive /cdrom and press enter
<breakd0wn> I did a disk check and it checked out ok
<lifeless> kirkland: none grabbed
<lifeless> kirkland: but I have apache, postgresql and an lp dev environment in the vm already
<lifeless> kirkland: what would actually be awesome
<lifeless> kirkland: would be virt-manager adding acpid automatically when you make a new ubuntu vm
<lifeless> regardless of server/desktop/etc
<kirkland> lifeless: well, virt-manager tries to be ignorant of what's running the guest
<lifeless> kirkland: sure, but doing an install is different
<lifeless> I'm not saying 'do magic to existing vms'
<kirkland> lifeless: well, same applies, but i haven't thought too hard about it
<JanC> DrUnKnMuNkY: try to find out why it stops in initramfs?
<DrUnKnMuNkY> JanC: this is all I can see: http://pastebin.com/wZdpWpeT , it's a VPS and I don't have access to a real console and this is all I can see after it boots and I'm stuck in the initramfs prompt
<JanC> DrUnKnMuNkY: looks lik it doesn't find the disk with UUID da7aeb45-568f-4677-8f23-286d10a3d673 and judging from the errors above it, that's probably your /
<JanC> try to mount / manually
<DrUnKnMuNkY> there's nothing in /dev
<DrUnKnMuNkY> well not nothing but no disks, there's console, null, pts, and tty1-6
<uvirtbot> New bug: #582740 in openssh (main) "Forwarded ports not closed to remote ssh2 server in FIN_WAIT_2" [Undecided,New] https://launchpad.net/bugs/582740
<meglio> Hi guys. I'm feel like I got something wrong with my difficult scheme of ubuntu installation with raid & non-raid partitions. And now it does not boot at all, hovewer I have successfully finished installation in expert mode. Can anyone help  me to figure out what is the problem?
<meglio> is this is right place to ask a help like this?
<flyback> I don't see why it's not a good place to ask :)
<flyback> but I am too rusty to help
<flyback> with bootloaders
<meglio> thanks flyback. anyone else here can help?
<flyback> i'm sure if anyone is around so idle here
<meglio> flyback, are you familiar with GRUB at all?
<flyback> not really
<flyback> I never quite learned it vs lilo
<flyback> and was away from linux for many yrs
<flyback> due to various reasons
 * flyback bbl
<RoAk> ,/quit
<JanC> meglio: there are some tutorials around about fixing grub; e.g. maybe devices got enumerated differently while booting from the installer medium
<JanC> or maybe grub doesn't really support your raid setup
<meglio> JanC, I have reall all the devices but I cannot figure out the problem. I'm newbie with ubuntu at all, and I'm working latest 30 hours non-stop with hope to alive this server.
<meglio> If you can help, here is my situation....
<meglio> I have 4 HDD drives. On first drive I have bootable partition outside raid, with mountpoint=/boot
<meglio> everything else I have in RAID10, and then partioned by LVM. first logical partition has moutpoint= / (root).   This all I have done in server expert mode installation, in manual partitioning.
<meglio> one of installation steps was to select what bootloader to install. I selected GRUB and then /dev/sda1 as the destination path for installation. After this it just does not bootup at all...
<meglio> eg, /dev/sda1 is bootable partition (mountpoint = /boot and with *bootable flag).
<JanC> grub should go into /dev/sda, not /dev/sda1
<meglio> I tried both variants in last 2 hours, neither works.
<meglio> well, ubuntu tells itself that it can be installed on sda1 too - it even shows this as an example before INPUT.
<meglio> I have IPMI (KVM over lan) if you would like to try to look at what I have not remotely in console. just in the case you will want to try to help.
<meglio> typing eror, *not remotely - I wanted to say remotely, without NOT
<SpamapS> ok so I seem to have discovered a fairly heinous bug in libruby1.8's net/http.rb file in which real error messages are lost because of an undefined method exception..
<SpamapS> should I report it to ruby.. or against the ubuntu package and let it float up stream from the maintainer?
<meglio> JanC, any idea?
<JanC> SpamapS: both, and link the upstream bug to the LP/ubuntu bug if possible  ;)
<SpamapS> https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/561432
<uvirtbot> Launchpad bug 561432 in ruby "Improper undefined method error" [Undecided,Fix released]
<SpamapS> looks like it has been reported
<meglio> why do not I see sda, sdb etc when typing ls /dev  ?
<JanC> meglio: you're inside a rescue console?
<meglio> I'm loaded from Ubuntu Live CD
<meglio> .... still trying to fix my server bad installation problem.
<meglio> want to try to install GRUB manually
<JanC> is this hardware raid or fake raid or such?
<meglio> software raid. adjusted in manual mode in expert installation mode
<meglio> but /boot is outside raid
<JanC> eh, but not seeing anythin in /dev is really weird
<JanC> you sure there is no hardware problem?  :-/
<meglio> here is what I see http://i49.tinypic.com/169rf5t.png
<JanC> you might also want to look into /dev/mapper & /dev/disk (but it's really weird)
<meglio> but if I'll start installation process again it will show me all 4 drives and I'll be able to partion everything again - did it 2 times today already.
<meglio> JanC, here it is (mapper and disk) http://i46.tinypic.com/13zynq.png
<JanC> the stuff in /dev/mapper looks like fake raid
<JanC> dmraid stuff
<meglio> ??
<meglio> JanC, my motherboard supports only e rade (not true hardware rade), so I turned off my controller in bios at all. How can it be fake raid then? hm.....
<meglio> *only fake rade
<flyback> what chip is the raid
#ubuntu-server 2010-05-20
<JanC> well, the devices there are created by dmraid AFAIK (so they are what is known as "fake raid", really some sort of "hardware-assisted raid")
<meglio> X8DTL-iF - this is model of motherboard. I have read in manual that it only supports fake rade, so I decided to do not use it at all and to setup soft rade at all
<JanC> google indicates that this might be some "Intel Matrix Storage" thing?
<meglio> maybe it was activated by ubuntu live cd by default? hovewer when installing ubuntu in expert mode I selected to NOT activate onboard raid control , and then partioned and RAIDed everything manually in "manual partioning" installation setp
<meglio> step
<JanC> so it is disabled in the BIOS too?
<meglio> yes I think so. In IDE menu in bios. let me check in my motherboard instruction and show you this menu - it's little difficult to me.
<meglio> JanC, here it is: http://i49.tinypic.com/2j41sih.png
<meglio> JanC, currently IDE#1 configured to Enhanced, IDE - so no RAID selected at all.
<petester> Hey
<petester> I'm trying to install ubuntu desktop on a really old machine, it's frozen at 5%, how do I terminate the install application?
<meglio> JanC, I now reconfigured it in bios and here is what ls /dev shows, is it better now?   http://i50.tinypic.com/5obnrm.png
<flyback> <flyback> ubuntu server installer is FLYING on my mini-itx
<flyback> <flyback> and it's a first generation one
<flyback> <SpeedEvil> bcsllc:
<flyback> <flyback> which isn't know for speed
<SpamapS> flyback: 20s from "boot" to "login:" on vmware fusion running on my macbook pro 15"
<flyback> uh
<flyback> this is a low power mini-itx system
<flyback> cf card
<SpamapS> flyback: yeah its cool. :)
<SpamapS> flyback: just saying, 10.04 boots fast
<flyback> i'm happy with 30s up and 10s down
<flyback> it's just a box that monitors a ups then executes about 30 ssh logins
<flyback> and fires off a script to shutdown vm's then the hosts and nas's
<SpamapS> who knew.. let 4 small nodes hit 4 small nodes with 200 connections requesting phpsysinfo and the load shoots to 135.. :-P
<Nonpython> I get this error whenever I install a perl module. http://www.pastie.org/968649
<Rask> Hey all.  I've got a machine here that I'm trying to set up as a PXE server... it has two interfaces and I want it to be a DHCP client on eth0 and a DHCP server on eth1.  Not... real sure how to do this, my skill level is medium-low in the area. :)
<Rask> I've installed atftpd and the bsd inetd and that much works, I've installed dhcp3-server, but not sure what to do with the conf.
<Rask> Particularly as it doesn't mention the interface in the conf file anywhere that I can see.  A howto I found on linuxhomenetworking.org mentioned something to do with routes, but this is getting to be over my skill level.
<mathiaz> smoser: is /etc/hosts regenerated by cloud-config when an instance boots in UEC/EC2?
<mathiaz> smoser: yes - thanks :)
<uvirtbot> New bug: #241119 in qemu-kvm (main) "usb_add of a Creative ZEN unrecognized in guest" [Low,Confirmed] https://launchpad.net/bugs/241119
<Nonpython> I get this error whenever I install a perl module. http://www.pastie.org/968649
<SpamapS> Nonpython: hmmm.. did you maybe remove some packages or files on accident?
<Nonpython> No.
<SpamapS> Nonpython: when you stay install, do you mean via cpan?
<Nonpython> CPAN and apt.
<Rask> Nevermind, solved it m'self. :)  Thanks anyway!
<cybrocop> smoser: UT by any chance?
<ChmEarl> Nonpython, still working on the Perl module Locale issue?
<Nonpython> yes
<ChmEarl> Nonpython, what is the ubuntu release? and is it infact server?
<Nonpython> 8.04.
<qman__> I've seen that plenty of times
<Nonpython> I did not install it, how do I check?
<qman__> you need to install the language pack for your locale
<Nonpython> What is it for en_US?
<qman__> language-pack-en
<ChmEarl> dpkg -l language-pack-en-base
<qman__> it usually happens when someone botches a custom install
<qman__> no language pack gets selected
<qman__> installing that package should fix it
<Nonpython> Ok.
<ChmEarl> Nonpython, not sure is this works on 8.04: sudo tasksel --list-tasks
<ChmEarl> Nonpython, that will tell you what package groups are installed
<NightDragon> ello all
<NightDragon> looking for an issue i'm having with Postbox
<NightDragon> if anyone feels like helping me out
<NightDragon> my postbox is horking whenever i am trying to configure it, but works fine with the vanilla conf file
<NightDragon> tis weird... because i'm not really configuring anything exotic... and i'm using Webmin... so its strange that i'm having this problem
<enav> NightDragon neither  ebox or webmin works for me on ubuntu 10.04 lst
<Brando753> is there a way I can connect to a wifi router with ubuntu server?
<ScottK> Brando753: Yes.  You have to manually configure it in /etc/network/interfaces
<maddhat> anyone know how to control fan speed on an x345 running ubuntu server?
<maddhat> anyone know how to control fan speed on an x345 running ubuntu server?
<maddhat> whoops sorry double post
<Brando753> how would one do that?
<maddhat> i was copy-pasting to ubuntu channel as well and didnt switch the tab on my irc client :-/
<ScottK> Brando753: man interfaces will get you started.  Unfortunately I really don't have time to provide detailed assistance.
<ScottK> You'll probably need additional help from Google and maybe the Ubuntu Server Guide (I don't recall if it's covered)
<Ian__> Hello
<Ian__> Any 1 there ?
<qman__> !anyone | Ian__
<ubottu> Ian__: A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<Ian__> Has any 1 used Ubuntu 10.04 and setup IMAP ?
<Ian__> sorry havent used IRC before today
<Ian__> I installed 10.04, setup ssh, transfered mail, user names/ passwords, could access the mail from a thunderbird client, could received mail locally, but not externally (in other words no mail is coming in)
<Ian__> I have checked the routing etc. but no improvement
<Nonpython> Emails I send from Postfix don't get received.
<bilalakhtar> Hi people, I installed exim on my Karmic computer about 2 months ago, wen lucid arrived, i did a network upgrade, and from now on, exim starts very very slowly. How do I prevent exim4 from starting on boot? I want it to start when I invoke the init.d file manually.
<jturek> billybigrigger: update-rc.d can modifiy your rc (startup) scripts
<jturek> oops sorry wrong tab
<jturek> bilalakhtar: that was meant for you
<bilalakhtar> lol
<bilalakhtar> thanks
<jturek> bilalakhtar: update-rc.d -f remove exim
<bilalakhtar> let me check what -f does
<bilalakhtar> jturek: man page says its for System-V style scripts. Will it work with Upstart?
<lifeless> yes, exim is still a sysv script
<bilalakhtar> lifeless: so will it have problems with upstart?
<bilalakhtar> ok, sorry, misinterpreted that
<bilalakhtar> I had to delete the ureadahead pack files. restarting now
<jturek> robert, thanks for assisting i was away for a second when he asked about the sysv
<jturek> bilalakhtar: welcome back
<bilalakhtar> jturek: It didn;t work
<bilalakhtar> Exim still starts on boot
<bilalakhtar> let me google
<jturek> bilalakhtar: look for exim in your /etc/init/ directory
<jturek> if it truely is an upstart
<jturek> thats where each upstart conf file is,   youc an edit the conf file disabling that service for each runlevel
<bilalakhtar> jturek: its not in etc/init.d but in /etc/init.d/
<bilalakhtar> jturek: no exim4.conf or exim.conf is there
<bilalakhtar> Maybe some other part of the system is envoking it?
<jturek> i'll install it here on my box, one moment
<bilalakhtar> jturek: leave it, its not a mjor problem
<Nonpython> Emails I send from Postfix don't get received by outside accounts.
<bilalakhtar> For the various problems with sendmail and postfix. I used exim
<jturek> ls
<bilalakhtar> I removed links to sendmail, will restart
<Nonpython> Any help?
<jturek> odd, the update-rc.d worked for me on my lucid box...
<jturek> oh he's gone
<jturek> ;(
<jturek> goodnight all
<bilalakhtar> Didn't work, jturek
<bilalakhtar> When I run sudo /etc/init.d/exim4 status I get Running
<bilalakhtar> I think it worked. Even after stopping, status shows it as runnign
<kozmund> On account of the quietude, I'll venture to make a small ammount of noise, not exactly Ubuntu server related, though they are going to be used in Ubuntu servers...does anyone have any experiece with 2tb caviar blacks vs. greens?
<twb> ,anyone
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<Nonpython> Emails I send from Postfix don't get received by outside accounts, can I get help?
<twb> Did you configure postfix?
<Nonpython> Yes, by the USG.
<twb> As a satellite, or a hub?
<Nonpython> Spluh?
<Nonpython> Huh?
<twb> There are two kinds of MTAs
<kozmund> In all fairness, on account of the fairly off topic nature of the question, I wanted to make it easy to ignore. However, you inadvertly answered some subset of the question.
<twb> There are the ones that run on your laptop and workstation, which just send all mail to mail.example.net.
<twb> Then there are the ones that run on mail.example.net (the hubs/smarthosts).
<Nonpython> It is a hub.
<twb> I don't know enough about smarthosts to help you
<twb> Other than the usual of looking at the logs, checking postconf, asking #postfix, etc.
<kozmund> I've suddenly realized that the "does anyone" thing wasn't aimed at me. I'm going to go hide under a car.
<twb> kozmund: er, it was.
<twb> kozmund: "experience" is vague as all hell.  What do you ACTUALLY want to know?
<kozmund> What I was going for was whether anyone had had any experience with greens vs. black that violated the general narritive. As in, people with specific usage scenarios that had no performance hit from going blacks to greens, or horror stories about the 2tb blacks.
<bilalakhtar> jturek: thanks, IT WORKED! The init.d script has a bug, which shows the wrong status. But I can confirm through other ways that exim is NOT running.
<kozmund> Which is to say, I was looking to see if there was a person that would jump at the chance to disabuse me of the prevaling notion with their horror story. But yes. Since no one jumped up to tar the name of caviar blacks, I'll take that as the very, very, very last bit of my due diligence before buying a couple dozen.
<twb> kozmund: you could always buy just one to begin with, and throw bonnie++ at it
<Ian__> Hello .. I have a mail loops back to myself error - Does any 1 know anything about that ??
<MrPancake> Ian__: Yes.
<Ian__> I am running dovecot, IMAP on Ubuntu 10.04
<MrPancake> 'Mail loops back to myself' means that your Postfix wanted to send out the mail to the internet but then discovered that the DNS says your mail server should be responsible. Most likely you forgot to list your domain in mydestination or virtual_(alias|mailbox)_domains
<Ian__> In what file .. the postfix.conf
<MrPancake> main.cf
<twb> MrPancake: nice catch
<MrPancake> Yup. :-)
<Ian__> Do I alter this line ?? alias_maps = hash:/etc/aliases or something else
<Ian__> mydestination has my domain name ... eg domain.com.au
<Ian__> hello .. Im getting a mail loops back to myself error ... dont know Y .. everythign else works except cannot get mail from external to the server
<twb> Ian__: did you try #postfix?
<Ian__> not sure .. I checked the configuration file .. but I may have to download it .. dont really know what Im doing .. just been doing alot of reading
<Ian__> I just downloaded nmap to see what I had open
<_ruben> grmbl .. quagga advertizes my ipv6 prefix just fine, but somehow decided to stop advertizing my ipv4 prefix, yet nothing changed that i know of and i dont see any weird stuff
<AlexC_> morning
<AlexC_> one of our servers here crashed yesterday morning, after looking at the stats it appears an application used a vast amount of memory (all of it, forcing into swap) and resulted in a restart. Is there anyway to find out what application this may have been?
<uvirtbot> New bug: #583192 in dbconfig-common (main) "package dbconfig-common 1.8.44ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/583192
<folke> Hi, whats you thougts about LVM on VMware guests?
<twb> You mean using an LV as the block device for the VM?
<folke> twb: Yes, it would be nice to resize disks online.
<twb> I don't think vmware supports that.
<binBASH> hi sh1ny!
<folke> twb: Ah sorry.. Not a block device, I meant on the vm's filesystem
<twb> LVM doesn't allow you to resize *disks* online.
<sh1ny> hey binBASH ! :)
<narfnarfnarf> my virtual server provider tells me that there are problems with upstart and xen and they cannot offer 10.04 because of that. anyone can confirm that?
<twb> You probably want virtio, but I doubt vmware supports that, either.
<twb> narfnarfnarf: certainly they'll fight, but I expect someone has solved the problem already
<folke> twb: Humm, ok.. Perhaps I mixing apples and pears here :)
<folke> The disks is resized in vmware, and then it's possible to resize (extend) the vg and lv. And at the other end extend ext4?
<folke> Without lvm it's possible, but you need to force a resync of scsci devices.. (not the most fun way to go on a live system) :)
<_ruben> a scsi rescan would be needed in either case
<twb> folke: how would the guest know that vmware has resized the underlying block device?
<folke> twb: as _ruben said.. A scsi rescan..
<binBASH> Hi, I try to clone a virtual machine using virt-manager, however it doesn't let me create a new disk. It says it has no write access. However I connected to the server as root. Someone knows what could be wrong?
<folke> But, it was only an Idea :)
<twb> You can initiate one while the root filesystem is *on* that scsi bus?
<twb> I mean, if you can, great.  I had no idea you could.
<folke> I think you can force one.. We messed with it for some time ago, just for phun...
<folke> It was on 8.04, and then I decided to not use lvm beq I am no big fan of lilo anymore.. But I just started to install a 10.04 so I thougt about it again :)
<twb> Shrug.
<twb> Seems to me like a better solution would be to use jails instead of VMs
<twb> Unless you actually need a different kernel in the guests
<folke> twb: There is no actual need to do it online. But it would be pretty nifty to have the possible :)
<uvirtbot> New bug: #583216 in postfix (main) "inet_protocols can't be preseeded" [Undecided,New] https://launchpad.net/bugs/583216
<uvirtbot> New bug: #583217 in spamassassin (main) "/etc/init.d/spamassassin reload fails" [Undecided,New] https://launchpad.net/bugs/583217
<lambrecht> mornin
<uvirtbot> New bug: #551097 in mysql-dfsg-5.1 "start & stop hang on mysql-server (10.0.4 upgrade from 8.04)" [Undecided,New] https://launchpad.net/bugs/551097
<mwd> twb: Now, with blacklisting vga16fb 1440x900 is working fine :)
<twb> Excellent
<twb> mwd: did you also unblacklist vesafb?
<mwd> Yes
<mwd> Thanks :)
<twb> mwd: please cat /sys/class/graphics/fb0/virtual_size, and tell me what's there
<mwd> twb: 1440,900
<twb> I'm impressed.
<twb> And /sys/class/graphics/fb0/name says "vesafb"?
<mwd> twb: No, VESA VGA
<twb> OK
<kulinshah> Hi
<kulinshah> is there a set of rules I should follow before asking questions related to ubuntu server
<screen-x> !guidelines | kulinshah
<ubottu> kulinshah: The guidelines for using the Ubuntu channels can be found here: http://wiki.ubuntu.com/IRC/Guidelines
<kulinshah> I am setting up a mail server using ubuntu 9.10 karmic koala for the first time ever, what  I have done so far is I have installed the server, installed gnome desktop on it, installed webmin on it and installed postfix
<kulinshah> I am stuck now, I dont have a static IP address and dont want to purchase one till I can fully check the functionality of the server
<kulinshah> !guidelines
<ubottu> The guidelines for using the Ubuntu channels can be found here: http://wiki.ubuntu.com/IRC/Guidelines
<cloakable> o.o
<cloakable> gnome desktop on a server... D:
<screen-x> kulinshah: I'd go with postfixadmin rather than webmin
<kulinshah> it helps me because then I can browse and use commands at the same time instead of running between two pcs
<AlexC_> Morning
<kulinshah> screen-x.. I tried installig postfixadmin but I was not able to do so successfully
<AlexC_> if I edit /etc/bash.bashrc file, what happens when Bash package is upgraded? Will it overwrite my changes, merges in changes (if so, what if the merge conflicts), not touch it?
<cemc> AlexC_: it should ask you AFAIK
<screen-x> kulinshah: no-ip or dyndns may be able to help your testing without a static ip
<AlexC_> cemc: ok
<cemc> AlexC_: I'm keeping my changes at the bottom of the file, and when it asks I say install the package maintainers version then edit it and put my changes back
<kulinshah> screen-x: thanks, is no-ip or dyndns a website ?
<AlexC_> cemc: I shall do the same then :)
<screen-x> kulinshah: yes and a service. They allow a dns entry to point to a machine that doesn't have a satic ip
<kulinshah> thanks
<xperia> hello to all i have a nasyt problem. have a external usbdisk with a ext2 partition mounted on /dev/sdb2.. for some strange reason i get this error here "Stale NFS file handle" how can i fix it ? any solutions ?
<kulinshah> screen-x: I am a little confused, I went over and created an account with no-ip, now it wants me to setup a dns host, how will I use that host to setup my postfix / ubuntu mail server
<kulinshah> also should I use DNS Host, or DNS Host round robin or DNS Alias as an option
<screen-x> kulinshah: create a dns host with no-ip, then install the noip2 package
<JanC> mailserver on a dynamic IP?
<screen-x> JanC: just for testing :)
<kulinshah> screen-x: I did just that thanks, I was wondering about the next steps
<kulinshah> JanC: yes I am installing a mailserver for the first time
<screen-x> kulinshah: you need to follow a mail server guide/tutorial, maybe one of these links..
<screen-x> !mailserver > kulinshah
<ubottu> kulinshah, please see my private message
<kulinshah> screen-x: thanks, I will try them
<kulinshah> screen-x: I have postfix installed now, where should I use my no-ip address in the configuration part
<screen-x> off the top of my head, myhostname and mydestination
<screen-x> remember you'll need mx records
<kulinshah> screen-x: can i setup mx records using no-ip ?
<screen-x> kulinshah: yes, in the "add a host" form from no-ip, there is an option for mx-records
<screen-x> actually mx record, as the free version only lets you specify one
<kulinshah> so in that field should i use my no-ip address which I have created for e.g. iastron.sytes.net
<cloakable> You don't need an mx record for email if your mailserver is on the same ip as your domain.
<kulinshah> ok
<cloakable> mx is so you can say 'mail for domain.com should be sent to mail.domain.com'
<cloakable> if the domain.com mailserver is sat on the domain.com ip, no mx is needed.
<kulinshah> cloakable: you mean to say that since I am using a no-ip address which is pointing to myhostname I dont need mx records
<AlexC_> you should always have an MX record if you intend on having email
<kulinshah> hmm
<cloakable> AlexC_: Never needed one, and it's optional.
<cloakable> AlexC_: It's good practice for larger domains, where you have multiple mailservers sure. But this is a home email server. how many mailservers is he going to run? :P
<AlexC_> it's good practice for all domains, you're saving another DNS lookup and relying on software implementing RFC5321 correctly to fall back to A record if there is no MX
<cloakable> And most of it does. I don't get any spam though. Isn't that odd?
<kulinshah> cloakable: actually none, this is just a test mail server to clear my fundamentals, I am new to linux and am trying to learn things the practical way, however, if I consider AlexC_'s point of view I feel it would be best to know how to setup mx records as it would come in handy if I were to grow this to a full scale server
<cloakable> Perhaps spammers don't implement RFC5321 :D
<JanC> cloakable: do you actually use that domain for public mail?  ;)
<cloakable> JanC: Yup
<ScottK> cloakable: Relying on the A record fallback is not considered a best practice.  It may work, but it's not the best way to do it.
<cloakable> JanC: I reliably get mail from other mailservers including gmail, hotmail, and yahoo.
<ScottK> It actually came very close to being removed from 5321 and the IETF never like to deprecate anything.
<cloakable> Mmmm.
<JanC> let's say it's something you SHOULD but not MUST use (yet)
<cloakable> Mmmm.
<cloakable> Still, it works, and keeps my DNS simple :)
<cloakable> One A record and a CNAME
<JanC> as long as your mail domain isn't the CNAME...  ;)
<cloakable> Nope :)
<AlexC_> kulinshah: yes I would do it the correct way and an MX, learn how it works etc
<cloakable> cname is for *.domain.com :)
<cloakable> To domain.com :D
<AlexC_> why?
<cloakable> Apache2 virtualhosts.
<cloakable> I don't need to touch my domain, and can easily setup a new site at <site>.domain.com :)
<AlexC_> lazy admin is lazy
<cloakable> Hell yes :D
<RoyK^> http://xkcd.com/742/ lol
<cloakable> Why do you think I use Linux? :P
<jpds> cloakable: Sounds like that would be... slow.
<kulinshah> AlexC_: should I reconfigure postfix with the new no-ip subdomain, since it is not the actual domain I intend to use but to test this server I have to use the no-ip domain
<cloakable> AlexC_: If I wanted to babysit a server I'd install windows on it ;)
<jpds> cloakable: Considering you have to do two DNS queries instead of one.
<cloakable> jpds: I have 1.75Mbit/s up. You think DNS is the bottleneck? :P
<AlexC_> cloakable: then you're doing server admin wrong
<AlexC_> kulinshah: depends how you mean by reconfigure. I'm at work currently but I'd suggest #postfix
<cloakable> AlexC_: And yet, the server is not broken :P
<JanC> cloakable: learn the difference between latency & speed  ;)
<JanC> transmission speed
<cloakable> JanC: I'm hosting on a home broadband connection :P
<cloakable> And now I'm going for lunch :)
<JanC> DNS packets are so small it might be as fast (or sometimes faster) on a PSTN dial-up account as on your home broadband...
<smoser> cybrocop, here now
<ScottK> JanC: The performance impact of multiple DNS queries in this case is generally driven by latency, not bandwidth.
<JanC> ScottK: that's what I mean, and as dial-up often has lower latency than e.g. cable internet... (at least here in .be ;) )
<ScottK> Ah.
<smoser> ttx, ping
<tyska_> hi guys
<ttx> smoser: yo
<tyska_> someone can help me with ubuntu enterprise cloud???
<smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/566792
<uvirtbot> Launchpad bug 566792 in eucalyptus "metadata service returns empty data with 200 OK" [High,Confirmed]
<ttx> !ask | tyska_
<ubottu> tyska_: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<smoser> i'd like to have some Euca attention to that.
<smoser> (ie, the call today)
<ttx> smoser: planning to attend the call today ?
<smoser> i can
<tyska_> ok sorry
<ttx> smoser: wfm
<ttx> smoser: ask jpugh to add it to the agenda
<kulinshah> s!topic
<tyska_> my instances dont have Internet access, my cloud is configured in MANAGED-NOVLAN
<kulinshah> !topic
<ubottu> Please read the channel topic whenever you enter, as it contains important information. To view it at any time after joining, simply type /topic
<tyska_> what is wrong?
<ttx> tyska_: does the CC/CLC have access to Internet ?
<tyska_> yeah
<tyska_> in fact, i already saw what's the problem, if i change the order of some rules on the IPTABLE of cc, the instances reach the Internet
<tyska_> but i need to reorder the rules for each created instance, i think something is not right, but dont know what!
<ttx> tyska_: you should file a bug, there might be a general issue there
<ttx> is it using a 10.04 UEC/Eucalyptus ?
<tyska_> no, 9.10
<ttx> tyska_: Any chance you could try on 10.04 ? Lots of bugs have been fixed there
<tyska_> ttx: then, there is no another way =( I will do this. Thanks! ;)
<zul> SpamapS_: ping when you are awake
<smoser> http://ubuntu-smoser.blogspot.com/2010/05/easily-test-or-demo-ubuntu-enterprise.html
<iotashan> OMG, it took me days to find this darn page https://wiki.ubuntu.com/EC2Vmbuilder
<SpamapS_> zul: awake, wassup
<zul> SpamapS_: i reviewed th patch and got some nitpicking for you
<SpamapS_> zul: you don't like me fixing 2 bugs in 1 do you? ;)
<zul> SpamapS: nope its not that...gimme a sec
<SpamapS> oh, excellent.
<SpamapS> https://wiki.ubuntu.com/CloudLoadbalancingSpec  as my first ubuntu spec, I fully expect it will be ripped to shreds. Criticisms please. :)
<mwd> Hi, under ubuntu server 10.04, my USB-Stick does not show up under /media/Corsair
<mwd> Where can I find it?
<screen-x> mwd: mount will show  you where its mounted (if it is) blkid will tell you it's device name, so you can mount it if necessary.
<mwd> I found the problem; By default, disk drives do not automount in Ubuntu Server Edition
<mwd> screen-x: Thanks
<uvirtbot> New bug: #583372 in openldap (main) "Using default schemas included with slapd installation does not work." [Undecided,New] https://launchpad.net/bugs/583372
<zul> ttx: 3.5.3 should be up today
<celeborn999> i'm a little confused about the duplicity backup program...when you do a full backup rather than the default incremental, it deletes the existing backup in the target location, right? so what's the difference between a full backup every week and incrementals in between, and just incrementals forever?
<celeborn999> this helped: http://serverfault.com/questions/120520/duplicity-full-backup-lifetime-and-efficiency
<MrChris> hello all
<mwd> "ufw allow 69/upd" allows connection from "any" to UDP Port 69. I want to add "from 192.168.255.0/24" but ufw says "wrong numbers of arguments"
<RoyK^> mwd: from http://ubuntuforums.org/showthread.php?t=823741 sudo ufw deny from 10.0.0.1/24 to any port 22
<RoyK^> just add /udp after the port
<RoyK^> also, http://lmgtfy.com/?q=http%3A%2F%2Fubuntuforums.org%2Fshowthread.php%3Ft%3D823741 is nice
<RoyK^> erm - wrong lmgfy :Ã¾
<MrChris> I need some help
<MrChris> i need the C compiler.
<RoyK^> gcc?
<RoyK^> shouldn't be too hard  to install that
<MrChris> i try to install build-essential, which will give me C, but my server says: Couldn't find any package whose name or description matched "build-essential"
<RoyK> which distro version?
<mwd> RoyK: I want to allow Port 69/UDP on the ubuntu-server from the ip-range 192.168.255.0/24
<MrChris> 10.04 LTS
<mwd> ufw allow 69/udp does work, but it allows from "any" not a specific range
<mwd> So, I have tried: ufw allow from 192.168.255.0/24 to 69/upd
<MrChris> mwd: are you trying to use a ubuntu server as a firewall?
<mwd> Then: ufw allow proto udp from 192.168.255.0/24 to port 69
<mwd> And: ufw allow 69/upd from 192.168.255.0/24
<mwd> No success
<mwd> MrChris: No
<MrChris> mwd: are you trying to use a ubuntu server as a firewall?
<mwd> My default ri
<MrChris> well are you trying to forward ports?
<mwd> MrVhris: No
<MrChris> RoyK: what do you think about my issue?
<RoyK> mwd: ufw allow to 0.0.0.0 from 81.191.180.0/24 port 69 proto udp
<UnderSampled> Hello
<RoyK> MrChris: I have 'build-essential' installed on my 10.04 box
<MrChris> how do i change the repo addresses?
<RoyK> MrChris: see /etc/apt/sources.list
<UnderSampled> I am contemplating using Amazon EC2 with Ubuntu  machine images. before I do that, I was going to test a setup in a local virtual machine. the question is: do I install normal Ubuntu Server, or do I install Ubuntu Enterprise Cloud?
<JohnA> Can somebody explain to me where to put my ssl certs? I ask only because in the postfix setup its certs are kept in /etc/postfix/sasl. As I use the same certs for both apache I seem to constantly overwiting them.
<MrChris> UnderSampled: Ubuntu Server
<UnderSampled> MrChris: ok. Thanks
<mwd> RoyK: "from 81.191.180.0/24 port 69 proto udp" does not work
<RoyK> add 'to 0.0.0.0' as I said
<RoyK> before from
<RoyK> it should be there implicitly, but there might be some bugs around
<celeborn999> JohnA: in my postfix conf, my cert is stored where this variable points: smtpd_tls_cert_file
<RoyK> JohnA: /etc/ssl iirc
<mwd> One step further: "ufw allow from 192.168.255.0/24 to any port 69" allows connections from the correct ip-range to any port 69. But I only want to allow udp, not any
<celeborn999> mwd: ...allow proto udp from...
<RoyK> proto udp
<RoyK> mwd: it shouldn't matter much, though, unless you have some cheesy things running on 69/tcp
<celeborn999> mwd: not to be "that guy", but the syntax is laid out in the ufw manpage
<RoyK> step one in securing a server: stop unneeded services
<JohnA> That where I was expecting, but taking a look at the init script for postfix it copies certs from /etc/postfix/sasl to /etc/ssl I am not sure what will happen if the certs are not in sasl?
<RoyK> and anything <= 1024 will need to be started as root anyway, so don't worry
<celeborn999> JohnA: not sure what you're talking about but my /etc/postfix/sasl is empty and i have no trouble
<JohnA> celeborn999: Ok, thats a little reassuring.
<celeborn999> JohnA: on the other hand, i can't find "sasl" anywhere in /etc/init.d/postfix so maybe your postfix is old or weird or customized
<ScottK> If you want to reliable set up postfix with smtp auth, the Ubuntu Server Guide has good documentation.
<mwd> "ufw allow proto upd from 192.168.255.0/24 to port 69" does not work
<RoyK> add proto udp at the end
<RoyK> well, move it to the end
<celeborn999> mwd: are you actually typing "upd"
<celeborn999> it won't like that
<RoyK> root@door:~# ufw allow from 1.2.3.4 to any port 69 proto udp
<RoyK> Rule added
<mwd> RoyK: Thanks so much, the rule is added :)
<RoyK> mwd: as I said above, it doesn't matter much that you don't allow for 69/tcp - it's hardly in use
<JohnA> celeborn999: Sorry I was looking at the bit where it copies the TLS certs. the docs are little confusing as they say that Postfix is run chrooted, however I cannot find any evidence of chrooting. I think I am shying from mirages.
<celeborn999> JohnA: yeah i think chroot is an option but i didn't activate it and it's happily running as root
<celeborn999> JohnA: i went through a new postfix install the other day as a total newbie and it was definitely touch and go, i would only recommend using www.postfix.org as your source of info because the random tutorials online are really hit and miss
<ScottK> celeborn999: There are some Debian/Ubuntu specific changes, to the official Ubuntu Server Guide is even better.
 * SpamapS waits patiently for chroots to download and ponders going to buy a 1TB USB drive to mirror archive.us.ubuntu.com on ...
<UnderSampled> What is the "Virtual Machine host" option durring install?
<ScottK> JohnA: If the server guide is confusing, talk to sommer about it and he can get it fixed once he understands what the confusion is.
<smoser> UnderSampled, i'm not certain, but my guess is it gets you libvirt and kvm
<celeborn999> ScottK: the server guide is decent but it doesn't tell the whole story, for example at the top there is the line that to "To configure the mailbox format for Maildir:" use "sudo postconf -e 'home_mailbox = Maildir/'" but it doesn't mention that the trick is that postfix knows it's Maildir format because of the trailing /. so if you mistyped it in you could run around like crazy wondering why your box is in mbox format
<UnderSampled> smoser: what are those?
<smoser> packages that implement virtualization
<ScottK> celeborn999: That's the sort of thing that I think sommer would want to know about.
<smoser> if you want to use the host you're installing to do virtualization (ie, run other virtual hosts inside it) then you should instal lit.
<UnderSampled> ok
<UnderSampled> thanks
<UnderSampled> so It's not the other way around
<UnderSampled> (in a virtual machine)
<celeborn999> ScottK: i know you want to make the guide better but i don't think postfix/dovecot/email in general lends itself well to tutorials. there are so many different branches you can take that there's no way the guide can cover it all, whereas if you actually learn the basics at postfix.org you can figure it out yousrelf.
<ScottK> celeborn999: Certainly.  We try to document one reasonable way to do common tasks.
<ScottK> We can't and don't attempt to document all possible variations.
<ScottK> OTOH, if people use the approach in the server guide, when they have problems, it's a lot easier to help them here.
<celeborn999> in contrast though, the people at #postfix are most unhappy with tutorials and want you to use the postfix.org site
<JohnA> I have setup an email stack before, on fedora, It would be nice to know what has been changed in Ubuntu/Debian Postfix and why. i also find the SMTPD restrictions to be a bit sparse. Hos do i change the logging setup, I really don't need 5 log files some of which duplicate each other. No setup for virtual domains ... I could go on.
<ScottK> JohnA: The two biggest changes is that we chroot by default and that the binary packages are split so if you want postgresql support, you don't have to rebuild the package for it, you just install postfix-pgsql.
<ScottK> (as an example)
<ScottK> Fundamentally, the Debian/Ubuntu package archives are much more comprehensive than Fedora/RH/Centos so you can probably set up your entire system without needing any third party repositories.
<celeborn999> ScottK: can you clarify what chrooting looks like? on my system i see /usr/lib/postfix/master running as root
<ScottK> celeborn999: That's normal.
<ScottK> Look in /etc/postfix/master.cf and you'll see chroot turned on for many processes.
<celeborn999> ScottK: yeah i see that the comment says chroot is the default and almost nothing turns it off
<ScottK> The chrooted processes can only see what's inside /var/spool/postfix
<JohnA> ScottK: I agree that the ability to dynamicaly load modules is great. On the other hand I think chroot is no worth much these days, I suspect that either apparo=mor or selinux is a better answer.
<ScottK> Certainly (apparmor/selinux is better)
<ScottK> Doing an apparmor profile is on the TODO, but low priority since postfix has an excellent security history.
<ScottK> As a mail admin the ability to apt-get install anything I need is probably the most important.
<celeborn999> the repositories are reason #1 i like ubuntu
<JohnA> ScottK: i agree apt seems to be a better bet than yum, although I wonder if my problem was not yum but the fact that fedora is  too dynamic and centos to slow.
 * ScottK would guess both.
<JohnA> ScottK: agreed
<JohnA> ScottK: so now I have to translate my old email setup over to ubuntu, oh what fun.
<ScottK> On the desktop, I use KDE and I always refer to Fedora as the distro that did such a great job with KDE4 that they convince Linux to switch to Gnome.
<ScottK> Linux/Linux
<ScottK> Ah.
<ScottK> x/s
<JohnA> ScottK: I came from the windows world and started with mandrake/kde, i didn't quite know what had hit me talk about overblown. Switched to gnome, ah what a relief. Still not perfect but
<ScottK> Well we have choices.  That's one of the beauties of FOSS.  Every time I look at Gnome, it just hurts.
<JohnA> ScottK: i find its simplicity helpful. KDE I found to be just too busy. i am currently using fluxbox/mc on the server useful during setup, once that done i will remove. i might even try it for my working desktop.
<vilhelm> having trouble configuring my bind9 service
<vilhelm> http://pastebin.com/d5wMdx5t
<vilhelm> i've created a zone file which I think is the problem
<vilhelm> as you can see, I don't get an IP handed back to me when I try to query my DNS server
<SpamapS> vilhelm: hm
<vilhelm> first time I'm labbing with bind so I'm a total noob
<SpamapS> vilhelm: anything in daemon.log?
<SpamapS> Honestly, I despise bind having used tinydns for the last few years.. but usually stuff like this is pretty straight forward. :)
<vilhelm> May 20 19:41:44 anonymous named[8105]: reloading configuration succeeded
<vilhelm> May 20 19:41:44 anonymous named[8105]: zone example.com/IN: NS 'ns.example.com.example.com' has no address records (A or AAAA)
<vilhelm> May 20 19:41:44 anonymous named[8105]: zone example.com/IN: not loaded due to errors.
<vilhelm> aah that's a mess
<SpamapS> indeed
<SpamapS> Probably formatting of the file is off somewhere
<SpamapS> vilhelm: maybe add a line at the top   $ORIGIN .
<SpamapS> that makes things simpler
<SpamapS> and if I understand it correctly (likely not) its required to use short names
<vilhelm> hmm ok
<vilhelm> that is:  "$ORIGIN ."
<vilhelm> or just $ORIGIN
<apctr> hi all how to start ant service in 9.10 server edition
<SpamapS> apctr: as far as I know, ant isn't a service.. its a java build program. Are we thinking of two different things?
<SpamapS> vilhelm: well the way you have it formatted with the @ it shouldn't matter actually
<vilhelm> ok :/
<SpamapS> vilhelm: but *after* the SOA .. maybe like this: http://pastebin.com/btMZfwQJ
 * SpamapS really.. really things its time we ditched hand-editing of bind zone files
 * SpamapS also thinks thinks is better with k than g
<apctr> ok please tell me, how to set java _home variable in it beacause as far as i know it may cause the basic problem?..
<SpamapS> apctr: I don't know much about ant's inner workings. What makes you think you need to set JAVA_HOME?
<cloakable> SpamapS: :P
<cloakable> SpamapS: True. I don't hand edit, I use vim ;)
<SpamapS> cloakable: 6 years on tinydns has taught me that zone files are a ridiculous anachronism and need to be hidden, if not eliminated. :)
<vilhelm> gah still now working
<SpamapS> zone files: protocol on disk. tinydns: one line per actual thing you want to make an address for.
<apctr> SpamapS: because it is causing error showing that JAVA_HOME variable is not set
<SpamapS> unfortunately, tinydns also carries the djb seal of anger.
<SpamapS> vilhelm: still error about no A records? maybe cloakable can help. :)
<cloakable> heh
<vilhelm> I got it working when I copy pasted the zone file from the ubuntu help documentation
<vilhelm> just gotta figure out why now :(
<SpamapS> vilhelm: this one is more like my own personal zone files (the ones I haven't moved off bind): http://pastebin.com/qfXekLzg
<vilhelm> ok, well mine don't have the $ORIGIN at all anymore
<vilhelm> what does the @ entry mean?
<SpamapS> yeah, I don't even understand it fully. I think I might, but really, its one of those things I don't want to use any brain storage or processing time for anymore.
<SpamapS> @, I believe, is the zone from the named.conf
<vilhelm> hehe
 * vilhelm sighs
<vilhelm> i'm going to buy myself a book about this and read it through
 * SpamapS returns to spec writing
<SpamapS> ugh, why is wiki.ubuntu.com so damn slow
<RoyK> SpamapS: any particular page? seems quick enough from here.....
<SpamapS> RoyK: could be that I'm building chroots and saturating all of my 6 down 1 up connection
<RoyK> hehehe
<RoyK> sounds reasonable
<ccheney> is there a way to make vmbuilder use an alternate tmp dir, it seems --tmp is invalid for use with vmbuilder kvm ubuntu
<xperia> hello to all. i have with my external disk (ext2 partition) "/dev/sdb2" a strange problem. can not anymore delete any files ! it print allways this Error message here. "rm: cannot remove "test.txt" Stale NFS file handle". how can i fix this Problem ?
<pmatulis> ccheney: right there is a bug on that one.  don't know of a workaround
<pmatulis> https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/536940
<uvirtbot> Launchpad bug 536940 in vm-builder "-tmpfs=- option broken in 0.12.2-0ubuntu3" [Medium,Confirmed]
<ccheney> pmatulis: ok
<pmatulis> ccheney: actually, no, that's for tmpfs
<ccheney> luckily i have plenty of space on root
<ccheney> oh ok
<ccheney> brb, stupid xchat color is broken all black
<pmatulis> ccheney: use irssi?
<ccheney> i have irssi also but need xchat for alerts
<jbrouhard> Does anyone know if there's a Ubuntu-ized version of Fedora Directory server, or some kind of authentication system ?
<ccheney> is vmbuilder supposed to work? i'm hitting this issue now http://pastebin.com/HfXHyBi8
<SpamapS> jbrouhard: Ubuntu Server includes openldap.. not sure what Fedora Directory server is.. probably just a nice bow on OpenLDAP.
<SpamapS> ah no its 389.. have heard of this before..
<SpamapS> jbrouhard: I recall it being discussed on the mailing list that 389 or "fedora directory server" should be packaged. I don't think its done yet tho.
<jbrouhard> *nods*
<jbrouhard> Well found Apache Directory Server
<jbrouhard> which is nothing more than LDAP authentication wrapped with java
<SpamapS> Honestly, maybe I just don't get it, but I really dislike LDAP for auth.
<SpamapS> seems outdated and complicated where something simple would suffice
<jbrouhard> *chuckles*
<jbrouhard> no one's bothered to build a replacement
<SpamapS> Once MS threw their weight behind it.. all hope was lost ;)
<jbrouhard> LOL
<jbrouhard> MS made their own bastardized version of LDAP honestly
<jbrouhard> and TBQH, their Active Directory structure actually works, even tho their implementation of DNS is just retarded
<SpamapS> Their LDAP is interoperable fully..
<SpamapS> but thats the problem
<SpamapS> the schemas are so wide open
<ccheney> anyone know what the standard way to build a vm is for kvm? is it vmbuilder or something else?
<zul> mdeslaur: ping
<zul> ccheney: vmbuilder
<zul> ccheney: i think you might have to install it from soren's bzr tree
<ccheney> ccheney: ok
<ccheney> er
<ccheney> zul: ok, i was using the lucid version but it seems to not like me
<zul> ccheney: it doesnt like *anyone* so you arent alone
<mdeslaur> zul: what's up?
<ChmEarl> ccheney, easiest way to build a kvm guest is via cmdline
<zul> mdeslaur: remember that mysql home directory patch you had a very long time ago....umm...do you still have it?
<mdeslaur> ahhhhhhhhhhhh
<mdeslaur> ahhhh
<mdeslaur> hold on
<zul> mdeslaur: thanks
<ChmEarl> ccheney, write out your qemu params then switch over to kvm accel
<ccheney> ChmEarl: so vmbuilder qemu ubuntu ?
<ccheney> hmm nm thats not an option
<ChmEarl> ccheney, man qemu
<maruen> Hi all, I need some help......I have a server that starts mysql whenever the server reboots...I need now to create a script that after mysql is initiaded runs jboss.....it needs to be in this order
<ccheney> zul: is soren's tree under his user on LP?
<maruen> anyone can help me on that?
<zul> ccheney: lp
<[AWE]> Hi there
<[AWE]> How do grant write permissions to the /var/web directory I just created with sudo ?
<zul> [AWE]: man chown
<funkyHat> maruen: you could go about it 2 ways, either create an init script for jboss which depends on mysql, or write a script which runs the mysql init script and then once it's successfully started runs jboss
<funkyHat> maruen: making an init script for jboss is probably a better solution
<dominicdinada> where can someone set bandwidth limits in server again
<maruen> funkyHat, for example , this init script should check if mysql is up then executes jboss
<funkyHat> alternatively you could probably get away with starting jboss in /etc/rc.local - that runs after all the other init scripts are finished
<ne7work> how I can see which program used my internet speed?
<ne7work> please someone help me :(
<ccheney> i can't seem to find a version of vmbuilder newer than what is in lucid
<ccheney> newest i can find is jan 22 2010
<funkyHat> maruen: do you want this to happen every time your system starts up, or just when you want jboss to start? Your inital question about disabling mysql's automatic startup seems to have confused me
<maruen> funkyHat, I was thinking in disable the automaticall start of mysql and create a unique script to start both, but I think that not the better idea
<ccheney> hmm i see the current version, not sure how i overlooked it earlier
<ccheney> was released 3 days ago
<funkyHat> maruen: yes, I suggest just adding something which launches jboss to /etc/rc.local
<funkyHat> maruen: I've never used jboss so I don't know exactly how it works... how do you normally launch it?
<maruen> funkyHat, for example add the script in  /etc/init.d/   and after that execute update-rc.d?
<maruen> funkyHat, that way this script will be executed after mysql starts?
<maruen> funkyHat, this is my only doubt
<funkyHat> maruen: no, /etc/rc.local is a file, it's run at the end of multiuser runlevels. it's easier than writing a proper init script, but you can do that too if you want
<funkyHat> maruen: /etc/rc.local is run after all of the other init scripts are finished
<funkyHat> So yes, after mysql
<maruen> funkyHat, thanks!!!
<maruen> funkyHat, that solves my question
<funkyHat> maruen: also you need to chmod the script to make it executable, otherwise it's ignored
<funkyHat> And it runs as root so if you don't want to do that you'll have to use sudo -u
<funkyHat> Or something
<maruen> funkyHat, in the case I add a file and use update-rc.d
<funkyHat> maruen: actually if you want to do that you'd probably be better off writing an upstart job for it as upstart has replaced sysVinit in Ubuntu
<funkyHat> maruen: I've not written either type of script though so I don't think I'll be able to help much. upstart scripts are simpler though
<maruen> funkyHat, I will write in /etc/rc.local
<maruen> funkyHat, I think it's better
<funkyHat> Definitely less work â¢)
<maruen> funkyHat, yeap
<ccheney> anyone happen to know how to reach kirkland, i can't reach him on irc/phone/email :-\
<guntbert> ccheney: try to drop him a message on launchpad? he just fixed a bug in testdrive
<ccheney> guntbert: ok
<Nonpython> Does ubuntu's postfix support LDAP?
<SpamapS> Suggests: procmail, postfix-mysql, postfix-pgsql, postfix-ldap, postfix-pcre, sasl2-bin, libsasl2-modules, resolvconf, postfix-cdb, mail-reader, ufw
<SpamapS> Nonpython: looks like there's a postfix-ldap package for that.
 * SpamapS has an idea for a spoof commercial...
<Nonpython> There's a App for that.
<SpamapS> "Need an ldap server? There's an app for that.."
<SpamapS> :)
<Nonpython> I am a ninja.
<SpamapS> OUT OF MY MIND NINJA
<ccheney> hmm is there a way to force teardown a loopback device
<ccheney> vmbuilder seems to have eaten them all and losetup won't just delete them
<ccheney> guess i'll have to just reboot again :-\
<ccheney> soren: ping
<ccheney> i see what is eating my loops
<bogeyd6> what is the iscsi server package for ubuntu called?
<kirkland> ccheney: i'm here now
<kirkland> ccheney: late lunch
<ccheney> ok
<uvirtbot> New bug: #583542 in openssh (main) "ssh server doesn't start when irrelevant filesystems are not available" [Undecided,New] https://launchpad.net/bugs/583542
<storrgie> hey guys, i got a machine that wont get an ip from my dhcp... and my dhcp works
<MrSnakeOil> Hey guys... is there a draft of the 10.04 Server Guide anywhere? I'm looking for a 'whats new' in 10.04 server.
<hggdh> MrSnakeOil: you can install the ubuntu-serverguide, I guess
<Ian___> storrgie - 1. ifconfig   2. /etc/network/interfaces
<Ian___> and /etc/init.d/networking restart
<SpamapS> service networking restart is more appropriate
<SpamapS> :)
<_STF_> I have the configuration www<->router<->ubuntu-server<->Usb-Stick, now i want that friends of mine can use my internet connections, can chillispot help me?
<SpamapS> _STF_: "www" means the internet?
<_STF_> yes
<_STF_> have you an idea?
<JanC> _STF_: do you just want them to access the internet, or do you need to apply restrictions, etc.?
<_STF_> i also want to apply restrictions
<JanC> in that case some hotspot software like chillispot might be useful (I've never used it myself though)
<SpamapS> JanC: good news on that drupal6 bug. :)
 * SpamapS is Clint
<_STF_> hm, okay
<SpamapS> _STF_: I think your USB stick wifi adapter must be supported in AP mode
<JanC> SpamapS: as mentioned in the bug report, #debian-ubuntu has been very useful for this
<_STF_> how do i get out, if the installed device support it, (i think it do, i instaled it with the neede linux driver from ralink)
<_STF_> the stick them self should be able to be used in AP
<JanC> _STF_: I would never mention "ralink", "linux" and "support" in one sentence...  ;)
<SpamapS> JanC: well its good to know that it will be made "all better" in debian. :)
<_STF_> _D
<_STF_> :D
<JanC> well, IME it works on single-core & single-threaded CPUs, but how many of these are still for sale these days?  :-(
<JanC> maybe it has improved somewhat since I last tried to fix it on someone's PC though
<hggdh> zul: re. bug 445390 -- any updates?
<uvirtbot> Launchpad bug 445390 in ntp "ntp server and ntp client should be split" [Wishlist,Triaged] https://launchpad.net/bugs/445390
#ubuntu-server 2010-05-21
<hggdh> isn't it like ntpd and ntpdate?
<jeeves_Moss> how can I configure TLS with my postfix config if I have virtual users who's data is held in MySQL?
<SpamapS> jeeves_Moss: TLS shouldn't really matter at that point, unless you're trying to store their client-certificate in mysql somehow.
<jeeves_Moss> SpamapS, naaa, I've just been trying to set up TLS so I can send e-mail when I'm external to the local network
<JanC> so, a "submission" service on port 587 ?
<jeeves_Moss> ??
<jeeves_Moss> JanC, was that directed @ me?
<JanC> jeeves_Moss: yes  âº
<jeeves_Moss> oh, sorry.
<jeeves_Moss> JanC, basically, when I'm internal the the network (where the postfix server is), I can send all day long, but as soon as I'm external, I get "mail relay" issues
<JanC> the server can be reached from the outside network I assume?
<jeeves_Moss> yes
<SpamapS> jeeves_Moss: Ah, so you have no auth setup w/ Postfix.. you just want to create A) TLS, and B) SMTP Auth?
<jeeves_Moss> I can do it all (httpd, ftpd, IMAP, etc)
<jeeves_Moss> SpamapS, yep, that's all I want.  I want to be able to send e-mail from the outside (no real point of having a smart phone if I can't reply to e-mails on my own friggin' domain!)
<SpamapS> jeeves_Moss: yeah I did the same thing
<SpamapS> jeeves_Moss: I forget which howto I followed.. its actually quite simple
<jeeves_Moss> SpamapS, oh?  what phone do you have?
<jeeves_Moss> (and if you get a chance, can you see if you can find the "howto"?
<JanC> jeeves_Moss: do you have SASL authentication setup?
<jeeves_Moss> I'm thinking I do, but I should remove it and start fresh if you know of a good howto
<JanC> you probably need something like the following in master.cf: http://paste.ubuntu.com/436972/
<jeeves_Moss> JanC, Thanks.
<SpamapS> jeeves_Moss: Android 1.6 w/ K-9 email client
<jeeves_Moss> I'll have a look in a sec
<JanC> submission == port 587 (which is the default for such a service, as many ISPs block outgoing port 25 connections)
<jeeves_Moss> SpamapS, nice.  I personally love my WM5 phone
<SpamapS> to each his own
 * f1yback bites THEREisONLYzulNUCK
<f1yback> CANUCK
<jeeves_Moss> JanC, wiat a sec....  You say it's using TLS on port 587?
<SpamapS> JanC: why would you put that in master.cf? I don't think I had to do anything in there.. just added stuff to main.cf
<SpamapS> I take that back I did add stuff
<JanC> SpamapS: because I want port 25 (incoming mail from other servers etc.) & port 587 (submission of mail by me) handled differently
<SpamapS> http://paste.ubuntu.com/436985/
<SpamapS> JanC: yeah me too, which is why mine is similar. ;)
<celeborn999> anyone have any tips for configuring permissions for wordpress on ubuntu? seems like something doesn't have what it needs out-of-the-box. i don't want to just chmod 777 all of /usr/share/wordpress
 * SpamapS is embarassed that his production cert file is named 'test.pem' ...
<SpamapS> celeborn999: by default it shouldn't need any write perms unless you want to use the admin interface to do things.
<celeborn999> SpamapS: yeah that's what i'm trying to do, install a theme through the wordpress admin
<JanC> celeborn999: doesn't the wordpress documentation have something about that?
<celeborn999> JanC: i was just looking at that, what kinda sucks is the official docs are written for people who (i guess) are having their filesystems managed by their webhost. for example the doc says: "However, if you utilize mod_rewrite Permalinks  or other .htaccess  features you should make sure that WordPress can also write to your /.htaccess  file." i don't know who "WordPress" is. www-data, maybe?
<SpamapS> celeborn999: in that case, chgrp -R www-data wp-content/themes && chmod -R g+w wp-content/themes
<celeborn999> JanC: or this blurb: "All WordPress files should remain owned by your user account" -- the wordpress files are all owns by root:root or root:www-data
<SpamapS> Yeah the wordpress docs take the stance that if you are hosting your own wordpress, you know enough to figure this out.
<celeborn999> SpamapS: or which IRC channel to spam, at least
<JanC> SpamapS: even then, they should explain which directories need write access and which not IMNSHO  âº
<SpamapS> JanC: its not so much need.. its a choice. ;)
<celeborn999> SpamapS: it looks like www-data is already the group for the directories you mentioned and has group write permissions
<SpamapS> celeborn999: then should work fine
<celeborn999> SpamapS: that's a bummer
<SpamapS> celeborn999: its not just the dirs though.. the files must be writable
<JanC> I guess it's the usual PHP app stupidness?  :-(
<celeborn999> SpamapS: i checked every directory and file, they are all owned by root:www-data and have group write permissions. i wonder if there is some kind of "landing spot" where incoming downloads are stored before they are installed, and the landing spot needs permissions
<celeborn999> does wordpress write stuff as www-data?
<celeborn999> or is there some third account it likes to use sometimes?
<JanC> celeborn999: taht depends on your www-server config  ;)
<SpamapS> celeborn999: should if apache is running as www-data
<celeborn999> i use apache and it uses www-data
<SpamapS> celeborn999: I have to agree with JanC .. the WP docs and forums should help with this
<celeborn999> i agree with both of you, they really should
<JanC> personally I think the docs should be enough, this sounds liek basic stuff every sysadmin installing WP should know
<celeborn999> like with everything else i've installed recently, i'm sure once i figure it out, it will all make perfect sense
<celeborn999> i found the Debian-specific notes for Wordpress (/usr/share/doc stuff) to be unusually unhelpful at previous steps in this process, relative to other software i've installed
<JanC> celeborn999: in general the Debian-specific notes only document changes from upstream
<JanC> if upstream is weird and undocumented, good luck...  :-/
<celeborn999> JanC: Debian pretty heavily customizes Wordpress, they have a special mysql install script and a totally different way of handing wp-config.php
<celeborn999> JanC: to give two examples
<JanC> in that case, that should be documented in Debian-specific docs of course
<erichammond> smoser: Did you just publish a new copy of ec2-api-tools or was I dreaming? https://launchpad.net/~ubuntu-on-ec2/+archive/ec2-tools?field.series_filter=karmic
<smoser> ami tools
<smoser> erichammond,
<smoser> but only in lucid
<smoser> is there a new api tools ?
<smoser> er... i only put it in maverick at the moment.
<smoser> https://bugs.launchpad.net/ubuntu/+source/ec2-ami-tools/+bug/582387
<uvirtbot> Launchpad bug 582387 in ec2-ami-tools "update to 1.3-49953 to support ap-southeast-1" [Undecided,Fix released]
<erichammond> smoser: I see, thanks.  I was only partly dreaming.
<erichammond> and mostly just confused.
<smoser> well, there is a ec2-api-tools
<smoser> now that i go looking
<celeborn999> so for the record, for my wordpress problem, here is the answer: http://www.chrisabernethy.com/why-wordpress-asks-connection-info/ ....... wordpress has a silly method of checking for filesystem permissions, it writes a test file and checks to see if the owner of the test file matches the owner of the script being run. of course with ubuntu the file owner is root but the test file is written as www-data (for apache)
<celeborn999> so i can workaround the problem by chowning some files to www-data but this will get blown away during an apt-get upgrade (for example). sucks.
<celeborn999> how can i tell ubuntu/apt-get not to try to upgrade a particular package in the future? i want to disable updates for wordpress only and just do the upgrading through the wp admin console
<cloakable> Uninstall wordpress and download it from the website?
<celeborn999> there's got to be a generic way to do it
<cloakable> Yes.
<cloakable> Install wordpress from wordpress.org :P
<celeborn999> i mean generic for all packages
<celeborn999> i.e. i like the current version of FOO, please never try to upgrade it
<celeborn999> answer: use aptitude, find package, press "=" to "hold package"
<celeborn999> at least that's what i think will work, we'll see down the road i suppose
<JanC> celeborn999: basically you want "apt pinning"
<JanC> but that also means you'll soon be using a wordpress instance full of security bugs I assume...
<SpamapS> honestly if an app has to be chown/chmodded to work..
<SpamapS> it sux
<JanC> (well, full of known security bugs, they'd have been there before already)
<SpamapS> I use wordpress..
<SpamapS> and I hate that part
<celeborn999> based on the manpages it looks like pinning means you want apt to try to get the software from a different source or a different (past) version. instead the intention is ask apt to not do the update, and instead use the wordpress console's upgrade utility to do it instead. this should avoid the permissions problems
<celeborn999> i think the hold package idea from aptitude is what i'm looking for
<pwnguin> if celeborn comes back tell him that idea is stupid -- debian packaging of wordpress is worse than no packaging, and pinning an old version of wordpress is bound to be an attack vector
<SpamapS> pwnguin: I agree, this is why we have nightly build ppa's.. :)
<SpamapS> I kind of wish we had a 'volatile software' ppa where someone could just ask for the latest upstream to always be built and installed. Something tells me this already exists, I just can't find it in the amazon-rain-forest-sized documentation on debian packages. :-P
<ScottK> No, the general point of having a release is to have stuff stop changing.
<SpamapS> sadly, there are things like wordpress that are more stable when they change.
<SpamapS> It stems from the ability to produce software faster than users can break it. Yes I'm saying PHP makes it too easy to program. :)
<SpamapS> visual basic was the same. ;)
<ScottK> Certainly, there are exceptions.
<ScottK> PHP is one of those things that I understand is almost everywhere, but I prefer not to get any on me.
<ScottK> Also it does take some effort to make sure the new stuff is packaged properly and works.
<SpamapS> I think there's a certain class of things that shouldn't be packaged for release.. wordpress is probably the best example of it.
 * ScottK is doing that right now for clamav.
<SpamapS> yeah clamav changes *fast* and *must*
<SpamapS> I guess the real lesson to learn is that there may not be a single unifying theory of packaging..
<ScottK> clamav we treat as a special case and try to keep it current for all releases.
<ScottK> It's a lot of work though.
<SpamapS> Yeah, IIRC it will start squawking loudly in the logs if the engine falls behind the definitions
<SpamapS> seems like at that point the engine becomes data as much as software
<ScottK> Unfortunately it's production critical, security sensitive software....
<andre_francys> tutorial ldap offline file configuration anyone knows? please
<Brando753> is there a way I can connect to a wifi router with ubuntu server?
<SpamapS> Brando753: of course. Go find a cable long enough and plug into the LAN port of the router. ;-)
<twb> Brando753: yes.
<Brando753> as good an option that is can i do it without the large cable
<twb> Brando753: yes.
<twb> You will, obviously, need a wifi NIC.
<Brando753> Network Interface Card?
<twb> Brando753: yes.
<Brando753> got it.
<Weasel[DK]> are modeline in vim somehow disabled in *buntu ?
<screen-x> Weasel[DK]: set modeline >> vimrc
<Weasel[DK]> screen-x: Perfekt... Tak!
<Weasel[DK]> screen-x: oops wrong language.... perfect.. Thanks !  ;)
<uvirtbot> New bug: #583698 in apache2 (main) "hardy-proposed (2.2.8-1ubuntu0.16) uninstallable" [Undecided,New] https://launchpad.net/bugs/583698
<c13> I am connected via ppp0. I want to share the internet to the network via eth0. How can i set up the network-manager to share the internet?
<twb> Either bridge or masquerade
<twb> Oh, you're using network-manager.  I don't support that, sorry.
<sglinux> one of my 8.10 servers hosting a website has been by
<sglinux> one of my 8.10 servers hosting a website has been compromised by Storm7Shell
<sglinux> hosting oscommerce v2.2 rc2a
<jetole> Hey guys. I am looking for some sudo help if anyone minds. I am in the admin group and prompted for a password proper. That is unchanged from ther server install however I created a group alias in the sudo file and a application alias in the sudo file and said this group alias can execute this app alias without a password as root which has worked fine for non admin users however I am still being prompted for a password.
<jetole> Does anyone know how I can execute the application alias without a password even though I want everything else I sudo to, to be password protected?
<jetole> my line looks like: DNS_ADMINS ALL=(root) NOPASSWD: DNS_COMMANDS
<jetole> I am in the DNS_ADMINS alias and other people not in the admin group are not prompted for a password who are in the DNS_ADMINS alias
<c13> : I am connected via ppp0, using a script. I want to share the internet to the network. Typing /etc/network/interfaes shows "iface ppp0 inet ppp", but ppp0 does not appear in the network connections. How can i set up the network-manager to share the internet?
<jetole> the ifconfig command should show ppp0
<jetole> doesn't it?
<jetole> c13: that question was to you
<incorrect> i've just fdisk'd my drives however without mknod i don't see a /dev/sdxy appearing, i used to reload udev to see them appear, but 10.04 that doesn't happen
<c13> yes it does
<jetole> c13: then ppp0 is active. I don't know where you are looking where you say it doesn't appear but it is there regardless so now all you need to do is enable ip forwarding in the kernel (man sysctl) and setup nat via netfilter/iptables
<jetole> incorrect: not to sure about the udev in 10.04. I'm using it, haven't looked into it but do you see the disk in /dev i,e, not the partitions but do you see /dev/sda but not /dev/sda1 ?
<jetole> *not too
<incorrect> i am just missing the new ones i created
<incorrect> fdisk -l shows them
<jetole> incorrect: you didn't answer my question
<incorrect> i did, i am just missing the new partitions i created
<incorrect> the block device is there
<_ruben> jetole: perhaps the order in the sudoers file is relevant?
<jetole> do you see the whole disk in /dev
<jetole> _ruben: yeah I have noticed that in the man page. Still not sure. I am still reading
<incorrect> disk = block device
<jetole> incorrect: do you see, for example /dev/sda if sda is the disk
<jetole> I know what a block device is
<c13> thx
<incorrect> aha! its partprobe i need
<jetole> Oh I could have helped you a while ago if you didn't ignore my questions and then me but I guess it always feels good to find the answer yourself
<incorrect> well i answered but you didn't seem to understand
<selinuxium> Hi all, trying to install sun-jave-jre on ec2... Which repo do I need to point at or do i install direct.
<lifeless> the partner repo
<incorrect> will the partner repo track release from java.sun ?
<uvirtbot> New bug: #583753 in mysql-dfsg-5.1 (main) "package mysql-server 5.1.41-3ubuntu12.1 failed to install/upgrade: problemas de dependencias - se deja sin configurar error2002 to upgrade mysql server erro de pos instalacion dio erro 1" [Undecided,New] https://launchpad.net/bugs/583753
<jussi> o/ riktking
<riktking> jussi, i think im just gunna remove the lamp stack and start again
<jussi> fair enough
<riktking> its not a mission critical website lol
<riktking> fixed it!
<DelphiWorld> hi all
<DelphiWorld> i am using latest ubuntu 9.10 server
<DelphiWorld> my ssh server is very slow
<DelphiWorld> how do i fix this problem?
<Japje> slow with login
<Japje> slow when typing
<DelphiWorld> Japje: login and typing both
<selinuxium> lifeless, Thanks, sorry for the delay.. :)
<Japje> login could be that resolving is slow
<Japje> if both are slow.. perhaps high load, or much traffic on your side, or the server side
<DelphiWorld> Japje: any other ssh server package to try?
<Japje> DelphiWorld: thats probably not the right idea behind the problem
<Japje> its not the ssh server itself
<Japje> its something thats affecting it to be slow
<Pupeno> How do you clear the arp cache?
<Amarendra_> can somebody tell me how to install usb modem in ubuntu9.10??
<Amarendra_> its is not been detected
<SpamapS> Amarendra_: does it have drivers available? Some don't.
<Amarendra_> ya it was first detected as cd drive
<Amarendra_> i installed the driver
<Amarendra_> now it is not detecting
<SpamapS> if you run 'dmesg' do you see anything about it when you plug it in/remove it ?
<Amarendra_> i am not able to connect in ubuntu so i switched to windows and downloaded x-chat to connect this chat room.. Now i am in windows . So i cannot run any command
<SpamapS> ah
<SpamapS> EtienneG: eaten all your chocolate yet?
<Amarendra_> any more ideas???
<DelphiWorld> Japje: fixed just by restarting it
<DelphiWorld> Japje: and this is my majore problem in Deb based systems;)
<SpamapS> Amarendra_: you might want to try making sure acm is loaded.. (modprobe acm)
<Amarendra_> acm??
<SpamapS> Though hotplug, or whatever it is we have that has replaced that, should do it.
<SpamapS> http://www.linux-usb.org/USB-guide/x332.html
<SpamapS> Amarendra_: that explains what acm is
<Amarendra_> ok
<EtienneG> SpamapS, no, my kids are on it
<EtienneG> there was a *lot*  :)
<Amarendra_> Spamaps: Is there anyway to uninstall the driver and start again??
<SpamapS> Amarendra_: what driver did you install?
<Amarendra_> cm200 driver
<Amarendra_> shall i mail to u??
<SpamapS> Amarendra_: isn't that a webcam driver?
<Amarendra_> no
<Amarendra_> my usb modem is CM200
<Amarendra_> Provider= tata photon whiz
<Amarendra_> should i send u the drivers??
<SpamapS> Amarendra_: no thats ok
<Amarendra_> ok
<ttx> smoser: apparently lucid is still not available in the imagestore... I thought Gustavo had it covered ?
<SpamapS> Amarendra_: I've had very bad luck with those things on anything but Windows.. :-P
<Amarendra_> its .deb packages
<Amarendra_> for ubuntu
<SpamapS> Amarendra_: well then thats weird that it doesn't work. ;)
<ttx> SpamapS: re: "how a blueprint gets released", you mean, the lifecycle of a blueprint ?
<Amarendra_> i got some information from internet now i shall restart .. Thanx for yr cooperation
<ttx> SpamapS: gets accepted, scheduled against a development subcycle ("maverick-alpha-2"), then work items are burnt... spec goes to beta available, then Implemented.
<reisi> hi everyone! after doing a fresh install of ubuntu server 10.04 (over 9.10) one of our php apps went dead and while access.log shows 500 response nothing is logged into error.log; any ideas how to revive this functionality?
<SpamapS> ttx: ok that all makes sense.
<SpamapS> ttx: and who does the accepting?
<ttx> SpamapS: the approver. Usually that will be Jos.
<alvin> Hi, I have an urgent problem. No idea how difficult to solve. I upgraded a server from Karmic to Lucid. The server runs 3 virtual machines. Now, 1 of them doesn't want to start anymore. $ virsh start <nameofvirtualmachine> | error: Failed to start domain <nameofvirtualmachine> | error: monitor socket did not show up.: connection refused. (The server is on support, so I contacted Canonical, but I'm not sure if they will call back today.
<alvin>  It's probably nighttime at the location of the helpdesk. Hence, I'm looking for tips here)
<alvin> ok, got it. (Little bit of panic aside) I created a new virtual machine with the same properties, and compared the xml. There were a lot of differences. I guess the new xml is better. Now, it works fine. (There were differences in cdrom (type='raw' instead of ''), in <serial>, <graphics> and video)
<SpamapS> ttx: so the portion of cloud databases where Cassandra wants hadoop overlaps with the hadoop-pig spec, which you are listed as drafter on..
<ttx> yes.
<SpamapS> alvin: good to hear it works out
<riktking> having issues with apache2 cant seem to get website to apear under http://hotsname/username/
<SpamapS> ttx: ok, so should I make this one dependent on that one?
<ttx> SpamapS: not really. hadoop/hbase should already be in a shape that you can use for building cassandra
<ttx> SpamapS: they are already packaged and should be in ubuntu anytime now
<ttx> so just add a note that you are dependent, but do not mark the spec as fully dependent
<SpamapS> ttx: should I requestsync for hadoop? has someone already done that?
<ttx> SpamapS: it should get autoimported
<smoser> ttx, this is correct, it is not.
<smoser> i have acl to do it now, but its painful.
<smoser> i had not made huge interest in it because i was wanting to get a refreshed image
<smoser> with the incrased dleep
<smoser> increased sleep even
<ttx> smoser: ok, you might want to reply to the thread on c-cloud to avoid getting hurt by backslash
<Daviey> riktking: sudo a2enmod userdir , and use http://domain/~USERNAME
<AlexC_> morning
<AlexC_> I have 'AllowGroups adm' in my /etc/ssh/sshd_config file, however I also want to allow the user 'foobar' (who is not in 'adm' group) access to SSH. I added the line 'AllowUsers foobar' however this user can still not login
<kirkland> jbernard: neat trick :-)
<tlb> just tried enabling apparmor on apache in Lucid and setting complain mode, but i get nothing in kern.log, I'm I looking the right place?
<jbernard> kirkland: thanks man! turned out to be much easier than I thought
<kirkland> jbernard: yeah, really, really clean
<jdstrand> tlb: if you have auditd installed, then it will log to /var/log/audit/audit.log instead of kern.log
<tlb> jdstrand, i don't have that installed, but is that the recomended way?
<jdstrand> tlb: it will log to kern.log without it. while developing profiles without auditd you will probably want to use 'sudo sysctl -w kernel.printk_ratelimit=0' to cut down on kernel rate limiting
<jdstrand> tlb: note that sysctl will not survice a reboot
<jdstrand> survive
<tlb> jdstrand, installed auditd and still nothing, when i set aa-enforce /usr/lib/apache2/mpm-prefork/apache2 apache fails to start because i enabled mod_fcgi and i get nothing when in the log when i set aa-complain
<jdstrand> tlb: the failure to start would seem to be unrelated to appamor if it isn't logging anything
<uvirtbot> New bug: #583821 in dovecot (main) "hostname -f prevents dovecot installation" [Undecided,New] https://launchpad.net/bugs/583821
<tlb> jdstrand, apache works fine when i set the profile to complain, but i get nothing i the log
<tlb> jdstrand, in the apache log i can see it's problem with creating shared memory when apparmor is set to enforce, but i would really like apparmor to give me some debug information in complain mode
<jdstrand> tlb: it could be that the environment is being scrubbed because you are using Ux or Px...
<jdstrand> apparmor won't (can't?) log in that situation cause the confined application isn't handling the lack of environment due to the scrubbing
<tlb> jdstrand, it's the default apache profile that comes with Lucid and a clean install, so far I havent touched a config file
<jdstrand> you could try to use 'px' or 'ux' in enforce mode and see if that works
<jdstrand> well, that apache profile in lucid is only for phpsysinfo
<jdstrand> if phpsysinfo is not working with that profile, that is a bug
<jdstrand> (in which case please file it, with exact steps on how to reproduce)
<tlb> jdstrand, I'm sorry but i'm kind of new to apparmor, and I don't think I understand what scrubbing or ux and px mode does?
<tlb> jdstrand, it's only because i'm trying to run it in fastcgi mode
<jdstrand> tlb: are you trying to use the phpsysinfo profile?
<Italian_Plumber> hmm... my ubuntu server virtual machine just started up with 64 MB of ram
<jdstrand> tlb: or you just happened to enable the profile, and things broke cause you are using fastcgi?
<tlb> jdstrand, yes but so far apache is not even starting if you enable mod_fcgi
<jdstrand> tlb: sounds like a bug. can you one against apparmor along with how you enabled fastcgi?
<tlb> jdstrand, I'm trying to make a profile for mod_fcgi + suExec, but to start simple I just wanted to get the phpsysinfo profile working with fastcgi
<Italian_Plumber> let's see if it works with 32. :)
<tlb> jdstrand, if you give me some more hint, I'm sure I can come up with a patch and a bug report :)
<jdstrand> tlb: sure. I did not develop that profile. it sounds like more needs to be done with it, and filing a bug is one way to make that happen :)
<jdstrand> tlb: well, the hint was Ux/Px vs ux/px
<jdstrand> I don't know that is the case
<jdstrand> when you give a binary Ux, you are saying to transition to unconfined mode, but scrub the envoronment for things like LD_LIBRARY_PATH
<jdstrand> the same for Px, except rather than going unconfined, you transition to another profile
<jdstrand> ux/px means do the transition, but don't scrub the environment
<jdstrand> in general, that is a bad idea, but it would be worthwhile to know if that was the cause
<jdstrand> that may not have been as clear as it could be...
<jdstrand> the rule:
<jdstrand>   /usr/bin/foo Ux,
<jdstrand> means that if the application tries to exec /usr/bin/foo, go unconfined and scrub the env
<jdstrand> and by 'go unconfined' I mean, /usr/bin/foo executes unconfined, not the application that is executing it
 * jdstrand sorta wishes he could have worded all that more clearly from the start
<tlb> jdstrand, ok, so when mod_fcgi fails to make shared memory it might be because the fcgi daemon is running in a unconfined but scrubbed environment where it's missing some options
<mw88> hi
<mw88> Does anyone know if one can use the slapd.conf in Ubuntu 10.04? I read that it's not possible...
<jdstrand> tlb: that is the hypothesis, yes. cause apparmor won't log anything if the app craps out due to env scrubbing, so it sorta seems to fit
<tlb> jdstrand, is there a way to dump the complete profile with all includes included?
<jdstrand> tlb: not currently
<jdstrand> it used to be there, but went away
<jdstrand> it will be back in maverick
<tlb> jdstrand, so my job is looking at all the includes and see if this somehow triggers a Ux or Px
<ttx> SpamapS: you should follow strictly https://wiki.ubuntu.com/WorkItemsHowto for your work items
<jdstrand> tlb: in the profile or the includes, yes
<tlb> jdstrand, is there some good documentation that describes what the permission mean in a apparmor profile?
<ttx> SpamapS: also move the discussion notes from the whiteboard to the "BoF discussion" section on the wikispec
<jdstrand> tlb: yes. in apparmor-docs there is the techdoc.pdf (though it is a little outdated). also
<jdstrand> https://apparmor.wiki.kernel.org/index.php/Main_Page
<jdstrand> that is more up to date, but less organized (we are in the process of fixing that)
<tlb> jdstrand, ok thanks i will try to da a little debugging
<jdstrand> tlb: thanks :)
<SpamapS> ttx: oops I forgot the :'s didn't I? ;)
<uvirtbot> New bug: #583865 in dbconfig-common (main) "package dbconfig-common 1.8.41 failed to install/upgrade: package dbconfig-common is already installed and configured" [Undecided,New] https://launchpad.net/bugs/583865
<tlb> jdstrand, there is no Ux or Px anywhere in the profile and i guess this /** mrwlkix shold give access to do pretty much anything?
<ttx> SpamapS: yep
<jdstrand> tlb: well, I'm not sure what the problem would be
<jdstrand> tlb: /** mrwlkix will do a transition, but with 'i', which 'i'nherits the current profile. aiui, it will inherit the current env as well.
<jdstrand> jjohansen: is that accurate? ^
<jjohansen> jdstrand: yeah, at least from an AA persepective
<jjohansen> when ix is done apparmor does not request the environment be scrubbed
<jdstrand> cool, yeah
<jjohansen> however, other things like the loader may decide to scrub the environment anyways
<jdstrand> tlb: so I'm not sure why apparmor is preventing apache from working with fastcgi and not logging it
<jdstrand> jjohansen: he enabled the fastcgi module, and enabled the phpsysinfo profile for apache, but apache won't start (something with not being able to allocate shared memory)
<jdstrand> jjohansen: if he disables the profile, it works. there is no logging in enforce (or complain) mode
<jjohansen> tlb: is there any apparmor message in the log?
<jjohansen> tlb: can you open a bug and attach the profile so we can look at it?
<jdstrand> so, the only thing I could think of off-hand was scrubbing
<tlb> jjohansen, this but only first time: type=APPARMOR_DENIED msg=audit(1274455154.369:125):  operation="capable" pid=15801 parent=1 profile="/usr/lib/apache2/mpm-prefork/apache2" name="dac_override"
<jjohansen> tlb: as root can you do echo 1 > /sys/module/apparmor/parameters/debug
 * jdstrand always forgets about that one...
<tlb> jjohansen, did not give more information in the log
<jjohansen> tlb: what happens if you add capability dac_override, to the profile
<jjohansen> tlb: did you restart apache after doing that?
<tlb> jjohansen, after adding debug yes
<jjohansen> tlb: okay, that rules out AA scrubbing the environment
<tlb> what's the easies way to load my new profile, right now i'm doing apparmor_parser -R, apparmor_parser -r and then aa_enforce
<jjohansen> tlb: apparmor_parser -r will replace without needing to do the remove
<jdstrand> tlb: just apparmor_parser -r is enough
<tlb> add capability dac_override,
<tlb> makes it work?
<tlb> jjohansen, dac_override is'nt that a tad much to give in capability, DAC_OVERRIDE allows the reading or writing of any file on the system regardless of the ownership or permissions
<jjohansen> tlb: well, yes it normally does but AA file rules clamp it down to what is listed in the profile
<tlb> jjohansen, aah so even if dac_override is given, aa still has final say?
<jjohansen> tlb: yes
<jjohansen> in this case DAC is being applied first, and asking for capability dac_override,
<jjohansen> AA has the option of denying that or allowing it, if you allow it it gets to apply further mediation after
<tlb> jjohansen, dac_override seems to do the trick, do you want that in a bug report?
<jjohansen> tlb: you were getting the log message for that right?  If so its really more of an apache behavior, than an AA bug
<tlb> jjohansen, but I was only getting after the first time?
<jjohansen> tlb: okay file the bug and we will try to replicate
<tlb> jjohansen, if I want the error i need to reload the profile
<jjohansen> strange
<jjohansen> that is a bug then, make sure you attach the profile you are using
<jjohansen> file the bug against apparmor so me and jdstrand will see it
<Kbca> alguem aqui utiliza samba4 como PDC ?
<zul> morning
<guntbert> !br | Kbca
<ubottu> Kbca: Por favor, use #ubuntu-br para ajuda em portuguÃªs. Obrigado.
<tlb> jjohansen, https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/583896
<uvirtbot> Launchpad bug 583896 in apparmor "libapache2-mod-apparmor profile fails when mod-fcgid is enabled and gives little error information" [Undecided,New]
<jjohansen> tlb: thanks
<tlb> :9
<tlb> :)
<tlb> jjohansen, thanks for the help both of you
<jjohansen> np, any time
<bkingx> Greetings!  I can't seem to get ssh working using key authentication without asking for a password.  Can someone help?
<guntbert> bkingx: what did you do already?
<bkingx> guntbert: Created the keys without using a passphrase, copied the keys to the remote server and cat'd it into .ssh/authorized_keys.
<bkingx> guntbert: set permissions on authorized_keys to 600
<guntbert> bkingx: when you try to connect it still asks for a password? what does /var/log/auth..... tell?
<bkingx> guntbert: Correct. And I don't get anything in /var/log/auth.log until I actually enter the password.
<guntbert> bkingx: let me look some things up
<deslector> bkingx, it may be easier to use ssh-copy-id (it will copy the key to the remote server and take care of everything)
<bkingx> guntbert: When I do log in, I get one line: May 21 12:21:03 sftp sshd[2850]: pam_unix(sshd:session): session opened for user 20383 by (uid=0)
<bkingx> Hmm...this user is set up as scp-only, so it makes it difficult to run that command.
<deslector> bkingx, just make sure to manually check that it only put the one key you wanted on the other server (just in case)
<deslector> bkingx, oh, ok...
<deslector> bkingx, have you tried the -v flag to get more info from ssh/scp ?
<bkingx> deslector: Yes, I even went as far as -vvv  I'll post that to pastebin.
<deslector> bkingx, ok
<bkingx> deslector: http://pastebin.com/za4qyYKN
<guntbert> bkingx: I didn't find anything special in /etc/ssh/sshd_config -- sorry
<bkingx> guntbert: yeah, this has me baffled.
<bkingx> I've tried both rsa and dsa keys
<guntbert> bkingx: is id_dsa the key you want to use?
<guntbert> and told the server to expect?
<bkingx> either one is fine, id_dsa or id_rsa
<guntbert> bkingx: after "we sent a public key, waiting..." you should get "debug1: Server accepts key: pkalg ssh-rsa blen 277" or so
<bkingx> guntbert: can you think of a reason why I can't get that?
<guntbert> bkingx: yes but it will be of no help : the server is still not ready to accept pubKey auth  : did you restart the sshd ?
<zekoZeko> hello everyone. I'm setting up Postfix and having some trouble with local recipient verification. The verification probes (to Cyrus' LMTP port) are successful, but Postfix still rejects the client with "Recipient address rejected: User unknown in local recipient table"
<bkingx> guntbert: yes, after every change.  What else do I need to do to make the server accept?
<guntbert> bkingx: I really don't know - therefor I said it will not help you :-)
<bkingx> guntbert: lol!  Here is my sshd_config file:  http://pastebin.com/sFhfZsYu
<deslector> bkingx, which key did you copied to the remote server?
<bkingx> deslector: id_rsa.pub and id_dsa.pub
<deslector> bkingx, and you cat'ed both of them into authorized_keys ?
<bkingx> deslector: Correct.
<guntbert> bkingx: I think I found it: set UsePAM no
<bkingx> guntbert: Making that change now...standby
<SpamapS> zekoZeko: where, in your postfix config, are you telling postfix to check w/ Cyrus?
<bkingx> guntbert: Permission denied (publickey,keyboard-interactive).
<guntbert> bkingx: then I don't know - sorry
<bkingx> guntbert: No problem...I can't figure it out either.
<bkingx> It works fine WITH a password, just not with publicKey authentication.
<deslector> bkingx, did you tried using just one key type (dsa or rsa) first?
<bkingx> deslector: Yes.  Do you recommend one over the other?
<deslector> bkingx, not really... most tutorial I've read use dsa, but not sure why... so I could'nt recommend it over rsa
<bkingx> deslector: Ok, thanks!
<guntbert> bkingx: you could increase the logging level on your server...
<bkingx> guntbert: can you tell me how to do that?
<guntbert> bkingx: line 22 loglevel DEBUG (try it, I'm not sure)
<SpamapS> Anyone know why puppetmaster in Ubuntu installs with a cert signed with the FQDN instead of the default which is 'puppet' ? Means that if you're using DNS to route clients to the puppet master, puppet doesn't work.
<bkingx> guntbert: YOU ARE A GENIOUS!!
<zekoZeko> SpamapS:  my config and logs: http://paste.ubuntu.com/437422/
<guntbert> bkingx: by no means :-)
<bkingx> guntbert: By chroot'ing the user and dropping them into an "incoming" folder, the authentication is looking to "May 21 12:47:17 sftp sshd[2986]: debug1: trying public key file /home/20383//incoming/.ssh/authorized_keys
<bkingx> guntbert: so now it is a matter of figuring out how to fix that.
<bkingx> guntbert: should I just move the .ssh folder into that "incoming" folder?
<guntbert> bkingx: aah - you *could* have said that you are chrooting them -- that is known to be a tough problem
<bkingx> guntbert: SORRY SORRY SORRY!
<bkingx> Didn't even occur to me.
<guntbert> bkingx: np :-)  but I have no resolution -- please try without chroot for now so that you know you are not chasing the wrong rabbit
<bkingx> guntbert: K
<guntbert> bkingx: and then googling for ssh chroot might reveal some answers
<bkingx> guntbert: lol....doing that now
<guntbert> bkingx: Good luck :-)
<bkingx> guntbert: YES!  Thanks again!
<SpamapS> zekoZeko: sorry my knowledge on the subject isn't all that great.. I don't see anything glaringly wrong.
<zekoZeko> me neither :)
<zekoZeko> and i've set up quite a few of these before, just never with multiple instances :)
<SpamapS> zekoZeko: smtpd_recipient_restrictions = permit_mynetworks,  reject_unauth_destination,  reject_unverified_recipient
<SpamapS> zekoZeko: I presume one of those is linked to the lmtp check?
<zekoZeko> yeah, reject_unverified_recipient
<zekoZeko> there's also an implicit permit at the end (because of reject_unauth_destination)
<dae_> Hi all! I'm switching my home server from debian etch to ubuntu 10.04, so far a smooth process mostly due to excellent documentation efforts (thanks!). I'm trying to make a decision on what software to use to sort mail identified as spam into folders automatically to the server. Currently on the old server I'm using procmail with cyrus and postfix but I'm wondering whether I should go with procmail on ubuntu 10.04 or to use dovecot
<dae_> LDO deliver together with sieve instead?
<zekoZeko> erm
<zekoZeko> how do you use procmail and cyrus together?
<zekoZeko> cyrus does LMTP
<zekoZeko> err
<zekoZeko> cyrus does Sieve
<zekoZeko> and you can deliver to folders using + addressing. I use user+Spam to sort mail into their Spam folder.
<dae_> Yeah, I'm not using sieve on the old server with cyrus just procmail.
<zekoZeko> how do you do that? Call deliver through procmail or what?
<dae_> Ehh, it's been about 5 years since I've set that up... Frankly I can't remember, hold on I'll check...
<zekoZeko> i mean that's the only way i could fathom of using those two together, and i don't really think it's optimal :)
<zekoZeko> just use Sieve
<zekoZeko> and as I've said, you don't even need sieve if you can use the address extensions.
<dae_> Ok, seems like I have setup procmail to call cyrdeliver.
<zekoZeko> that's what i thought, yeah.
<zekoZeko> anyway, you can continue using Cyrus, except you use LMTP to deliver mail, which is way more efficient
<zekoZeko> and use Sieve for filtering
<zekoZeko> or you can go the Dovecot way and again use Sieve for filtering
<SpamapS> http://git.gluster.com/?p=glusterweb.git;a=tree
<SpamapS> wow
<SpamapS> autoconf..
<SpamapS> to build rpms
<SpamapS> full of .php files
<dae_> Fine, so I'm happy to skip procmail and just use dovecot deliver.
<dae_> Have you setup spamassasin to add the "+Spam" then instead of the extra headers?
<zekoZeko> asking me?
<dae_> Yeah... Sorry
<SpamapS> Honestly I gave up on running spamassassin myself about 3 years ago.. so many cheap services do it better than I can. :-P
<dae_> SpamapS, I see your point... Which solution have you chosen?
<SpamapS> dae_: lately the people who host my VPS offer filtering through a Barracuda for free as long as the volume is low.
<SpamapS> I remember when Barracuda came out..
<SpamapS> I was a consultant selling my own sort of anti-spam auto-firewall appliance solution and they just cut my legs right out from under me. :-P
<dae_> SpamapS, hopefully you had more services to offer :-)
<SpamapS> dae_: Not really... gave up, closed up shop, and got a real job for a while. ;)
<dae_> SpamapS, I have been thinking about looking into what my web hosting service can offer. But I need to convert my old server to ubuntu first and spamassasin does a decent job for me right now.
<SpamapS> dae_: yeah it does a decent job no doubt. I just think the time for running everything myself has passed _for me_. Its an amazing learning experience to try and keep ahead of the rat bastard spammers.
<dae_> So I'll go with converting my debian etch setup using postfix -> spamassasing -> procmail -> cyrus to  postfix -> spamassasin -> dovecot deliver -> mailbox under ubuntu then.
<Daviey> dae_: Personally, i do spamassassin @ arrival time with postfix
<Daviey> then pump it into procmail
<dae_> SpamapS, sometimes I'm thinking about dropping my own domain altogether and just use my gmail accounts instead...
<SpamapS> dae_: the nice thing is you can keep using your domain, but just pump the email through gmail
<dae_> Daviey, that was the other solution I was thinking about... What are the pros of going that way?
<SpamapS> dae_: but.. I still do appreciate the control I have with my own server for storage.
<SpamapS> Sometimes I do wish there I had as good server-side text searching as gmail though...
<dae_> SpamapS, how do I pump email through gmail ?
<Daviey> dae_: meh, wfm :)
<dae_> Daviey, fair enough :-)
<zekoZeko> dae_: sorry, was away for a while.
<dae_> SpamapS, forward all mail to gmail and setup a gmail forward back to my own server?
<zekoZeko> dae_: I'm using amavisd-new to add the address extension
<SpamapS> dae_: you just have to create an apps account.. standard edition is free. :)
<zekoZeko> dae_: actualy not yet, this is a new server, on the old one it just adds headers and users can filter on that.
<dae_> zekoZeko, ok, I'll look into that. Thanks!
<dae_> SpamapS, interesting... Will look into that.
<SpamapS> dae_: quite a few of my friends have done just that.
<SpamapS> dae_: but, I still find it interesting to run my own IMAP+SMTP :)
<SpamapS> just not my own spam filter
<zul> SpamapS: done...uploaded
<SpamapS> zul: woot
<SpamapS> zul: perhaps fixing the root bug in debian would be a good thing for one of us to do, since Debian has been kind enough to add their own default-mta. :)
<zul> SpamapS: maybe...well have to see
<SpamapS> zul: should we report it as a bug against exim4? Like.. "you're taking users unfairly!"
<zul> SpamapS: lemme think about it
<micahg> zul: ping re last php upload / size of php5-common
<zul> micahg: hmmm?
<micahg> zul: so, the test results are a meg larger in the latest upload
<micahg> usr/share/doc/php5-common/test-results.txt.gz
<zul> micahg: ah ok...please open a bug in launchpad
<micahg> zul: k
<olvs> hi
<olvs> whats your take on the i7 on a linux box?
<oru_work> how do i find out which version ubuntu server is ?
<oru_work> upgrade ??
<micahg> oru_work: lsb_release -a
<olvs> i was thinking of upgrading my server from a phenom to an i7
<olvs> but just wanted to get some reviews on if there is any large performance gain here running an i7
<uvirtbot> New bug: #583933 in php5 (main) "test results in php5-common are more than 1 MiB larger than last upload" [Undecided,New] https://launchpad.net/bugs/583933
<hersoy> hello
<hersoy> channel 8: open failed: administratively prohibited: open failed <- what is the mean?
 * ccheney at lunch, bbl
<hggdh> hersoy: this sounds like an ICMP response (communication administratively prohibited)
<hersoy> ssh -D 12345 huseyin@12.34.56.78, and system > perf > proxy sock - localhost 12345
<hersoy> and error, how can i do ?
<olvs> are there any large performance gain here running an i7
<olvs> compared to a phenom
<vraa> olvs, yeah duh, i7 is much newer and faster
<vraa> but lot more $$$ too
<vraa> you can start here http://techreport.com/articles.x/18799/5 for some syntheic benchmark results
<uvirtbot> New bug: #445390 in ntp (main) "ntp server and ntp client should be split" [Wishlist,Invalid] https://launchpad.net/bugs/445390
 * ccheney forgot to actually leave, heh
 * ccheney will just eat his desk
<zul> ccheney: yeah that usually helps
<ccheney> zul, heh, apparently i typo'd and meat eat at my desk, but eating it might help as you say :)
<ccheney> er meant
 * ccheney must be hungry considering the types of typos he is committing
<Datz> Hi, there are no audio drivers installed by default?
<Datz> If not, which are best to install?
<Datz> tried to play some music with mpg321, I think it looked for ALSA
<Datz> guess I'll try to install that
<Datz> humm, more than 40 packages contain ALSA in the description, but none matched the exact string ALSA
<Datz> let's try alsa instead of caps
<Datz> ok.. installed "alsa" still not playing
<Dev_> Sir, I am facing problems in Implementing a grid portal.. My Ubuntu server edition 9.10 apt-get update can not run after 20 percent saying connection error n that's why i m unable to install jre and can't congigure mycertificates and other globus also components wants JAVA_HOME path to work but my jre can't b configured?..
<maruen> Hi all, I'm getting some weird error why launching jboss:Protocol handler start failed: java.net.BindException: Permission denied /0.0.0.0:443
<maruen> Can anyone help me solve that?
<Zelest> I'm running 8 instances of qemu-kvm and I've noticed that ksmd is using loads of CPU.. I've read that you can change the interval which ksmd sleeps in /etc/default/qemu-kvm .. but (how)? can I restart ksmd without restarting the qemu-kvm instances?
<uvirtbot> New bug: #583994 in ntp (main) "Consider replacing ntpdate calls by 'ntpd -g'" [Undecided,New] https://launchpad.net/bugs/583994
<smoser> Zelest,
<smoser> sudo sh -c 'echo 200 > /sys/kernel/mm/ksm/sleep_millisecs'
<smoser> maruen, you have to be root to bind to that port.
<maruen> smoser, So, I need to run this script as root?
<maruen> write?
<smoser> what script ?
<maruen> I was launching jboss
<maruen> smoser, but I think you solved my problem
<Zelest> smoser, oh, thanks!
<maruen> smoser, no, I still having the problem
<uvirtbot> New bug: #583998 in dbconfig-common (main) "package dbconfig-common 1.8.44ubuntu1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/583998
<maruen> 17:50:49,581 ERROR [Http11Protocol] Error starting endpoint
<maruen> java.net.BindException: Permission denied /0.0.0.0:443
<maruen> smoser, I ran the script using root as user
<maruen> smoser, but still the same
<smoser> maruen, sorry. can't be of more help then.
<maruen> smoser, thanks anyway
<maruen> smoser,
<maruen> I run with root as user
<maruen> but when I hit ps -axu, the user that created the job was not root
<maruen> strange
<maruen> so, I still need to run it as root
<maruen> smoser, you are the one
<Zelest> smoser, Is it possible to set this value even higher? I mean, what is the drawbacks from increasing the times between each scan?
<maruen> smoser, it worked now
<maruen> thanks
<maruen> smoser, you are the one!!!!
<smoser> Zelest, i'm not terribly sure. but it can be disabled entirely (whihc was default prior to lucid), so its not like the end of the world.
<smoser> i would think that there is some medium where you're not wasting effort scanning for duplication , but you're saving some memory
<smoser> experiment i think
<Zelest> smoser, ah, fair enough.. as for ram, I'm not that fuzzed really.. but if this option is available to save ram, I gladly use it.. but not at the price of 30-35% cpu ;)
<Zelest> smoser, /etc/defaults/qemu-kvm's commented delay is 2000.. so I guess that's safe to use.
<Zelest> once every second that is.
<smoser> Zelest, yeah. i sohouldn't have said 200
<smoser> thats too low
<smoser> i rhink the default per the kernel is 20
<soren> This isn't between each full scan, IIRC, though.
<soren> The delay is between each iteration. How many pages it scans in each iteration is another configurable.
<Zelest> Oh
<Zelest> /sys/kernel/mm/ksm/pages_to_scan I presume?
<soren> /sys/kernel/mm/ksm has the stuff
<soren> Zelest: Right.
 * Zelest goes breaks his virtualization host :D
<soren> static unsigned int ksm_thread_pages_to_scan = 100;
<soren> Whoops.
<soren> /* Number of pages ksmd should scan in one batch */
<soren> static unsigned int ksm_thread_pages_to_scan = 100;
<soren> From the kernel.
<Zelest> Ah
<soren> /* Milliseconds ksmd should sleep between batches */
<soren> static unsigned int ksm_thread_sleep_millisecs = 20;
<Zelest> is there anyway to see how many pages are being used atm?
<soren> Those two variables map to /sys/kernel/mm/ksm/pages_to_scan and /sys/kernel/mm/ksm/sleep_millisecs, respectively.
<Zelest> /sys/kernel/mm/ksm/pages_shared ?
<soren> Hang on, let me find the docs for you.
<soren> http://tinyurl.com/3amepm8
<soren> Zelest: ^
<Zelest> thanks a ton! :D
<soren> Sure.
<corpse> Hi, i just got done installing ubuntu server. right after the restart i get "Missing operating system" (the drive i installed to is set to boot first)
<kirkland> hggdh: around?
<hggdh> kirkland: yeah
<StrangeCharm> when I run tasksel, I get a bunch or perl locale error messages. what do they mean, and how do I fix it? http://pastebin.com/7NmwitL6
<maruen> I need a good job....someone are offering this channel?
<JanC> maruen: Ubuntu-related jobs are at http://webapps.ubuntu.com/employment/
<JanC> if you are looking for a job as an Ubuntu server admin, I'm not sure there exists a site for that...
<maruen> JanC, Thank you
<maruen> I applied for some position there
<maruen> JanC, Know have to dream they will contact me
<corpse> is there a better way to edit a file then vi?
<corpse> its making me want to through my pc out the window
<cloakable> vim :P
<cloakable> nano
<cloakable> emacs
<cloakable> ed
<corpse> lol thanks <nub
<corpse> i only use gedit ><
<cloakable> install gedit onto the server and use X forwarding :)
<corpse> i wasnt sure if it would work i was thinking gedit was a gui utility
<jbrouhard> cloakable, I use mcedit *alot*
<jbrouhard> works great and has syntax highlighting in a terminal
<cloakable> heh
<cloakable> I use vim myself :)
<corpse> nano is working great. thanks alot man
<cloakable> syntax highlighting, spellcheck...
 * f1yback is impressed with 10.04LTS so far, it's not *CANUCKED* like 6.06 was
<jbrouhard> lol f1yback
<jbrouhard> I'd try out Ubuntu cloud
<jbrouhard> but I think my business will stay with XenServer for our virtualization
<corpse> im just settig up a fileserver for a home netowork
<f1yback> i'd use openfiler for a fileserver
<jbrouhard> speaking of servers.. *goes to check on the Ebox development...*
<jbrouhard> I'm using Openfiler for my NAS box
<f1yback> i'm using ubuntu server in my mini-itx for cross compiling, and jtag programming stuff
<f1yback> so far so good
<cloakable> heh
<jbrouhard> i've heard iffies about openfiler...
<jbrouhard> but that's mostly in terms of someone totally borking the install
<jbrouhard> or not doing it right
<corpse> yeah so far im pretty good at not doig it right
<corpse> new error dont seem to have all the variables for eth0/net failed to bring up eth0
<jbrouhard> corpse, sounds like you didn't give it all the IP info
<corpse> jbrouhard:  i have modified the interfaces file to make the server static. from what i can see i have it all set up correctly
<corpse> if i ifconfig eth0 up it comes on
<deslector> hi, does it makes sense to have software RAID1 on the same disk (different partitions)?
<corpse> any reason why sudo wont give me permission to etc/hostname?
<f1yback> deslector not really
<deslector> f1yback, because hard disk would probably die as a whole?
<f1yback> yeah
<deslector> f1yback, ok, thanks!
#ubuntu-server 2010-05-22
<hallyn> kirkland: do you have that liveusb image for the uec demo posted somewhere?
<hallyn> ah, i see it on the uds blueprint, thx
<corpse> hey, im trying to set up a file server using a guide. its telling me to run command echo server1.example.com > /etc/hostname /etc/init.d/hostname.sh start  even using sudo i get -bash /etc/hostname: permission denied
<Pici> corpse: echo "server1.example.com" | sudo tee /etc/hostname
<corpse> thanks man =]
<corpse> now when i run start hostname i get start: unable to connect to system bus: failed to connct to socket /var/run/dbus/system_bus_socket: no such file or directory
<corpse> never mind i think i got it. but when i run hostname i get fireserv   then when i run hostname -f i get fileserv.example.com. the guide says they should both return fileserv.example.com
<corpse> i cannot seem to get my interfaces files setup right inorder to run the server
<corpse> and i dont understand why, cuase its pretty stright forward
<kirkland> hallyn: yeah, it *mostly* works
<kirkland> hallyn: there's something non-deterministic about the behavior at this point
<kirkland> hallyn: ie, boot it in a vm, if it doesn't "just work", kill the vm, and try again
<kirkland> hallyn: right now, it takes 2-3 tries
<Izinucs> Is there a way to boot to the server installer from usb on a headless machine and then ssh into it to do the install?  I already have the installer prepared on a usb stick..
<DrDamnit> Installing 10.04 LTS x64 server on HP ML150 G6 from USB drive created with PenDriveLinux Universal Installer. "Load installer components from CD" fails. How do I get past this?
<ScottK> DrDamnit: Why didn't you use usb-creator to make the USB image?
<DrDamnit> usb-creator crashes with a segmentation fault on 10.04 desktop.
<corpse> hey, when i ifconfig it shows that my eth0 is up and runing but when i try to apt-get upgrade i get faliure resolving errors. is there any way to trouble shoot my network connection?
<corpse> DrDamnit: i just did this last night formate the drive to FAT32 and use UNetbootin. that ended up working for me
<corpse> DrDamnit: i was using a ISO d/led from ubuntu.com though not cd
<DrDamnit> corpse: I am using the ISO too. I'll try UBetbootin
<DrDamnit> corpse: 10.04_Live_x64?
<corpse> DrDamnit: yes i used both desktop and server ed
<corpse> are you formating the drive prior to runing UNetbootin?
<DrDamnit> I used the HP format tool to format the drive to FAT32, and then put server x64 on it. Just booted, and it says "Your installation CDROM couldn't be mounted. This probably means tha thte CDROM was no in the drive. I fso you can inserti it and try again."
<DrDamnit> I used Unetbootin to put server x64 on it.
<DrDamnit> still no joy.
<DrDamnit> any thoughts? I am using a 4GB stick...
<corpse> dumb question but did you set your bios to load the usb first?
<DrDamnit> Not a dumb question. Perfectly valid. And... let me check. I assumed that since it was booting from the USB stick that it was, indeed, doing that. But not setting it might confuse it during the install. Let's try it out....
<corpse> also after making the disk i had to run this command      sudo syslinux -sf /dev/your_device   (your device being the drive name eg sda sdb sdb1 etc)
<corpse> yeah you want to make sure that the first device it is booting from is the usb
<DrDamnit> I am making this USB on Windows. That's all I have available at the moment.
<corpse> ah
<DrDamnit> but it should still work.
<corpse> yeah
<DrDamnit> It is booting from the USB stick...
<corpse> im not exaclty sure, im sure you can google it, but that command i just gave was to make the drive bootable
<corpse> you might need to do that but im not sure how to in windows
<DrDamnit> In BIOS: USB Device Boot Pririty = High.
<DrDamnit> there's a syslinux.exe that does it.
<DrDamnit> syslinux just makes it bootable.
<corpse> ah
<DrDamnit> It appears to be that anaconda is failing to detect the setup files on the USB drive, and / or is defaulting ot the cdrom.
<DrDamnit> which it should be doing because we are no tinstalling from a cdrom.
<DrDamnit> ...methinks....
<corpse> when booting and your at the bios splash screen try hitting f8 to see if you have a bootlist selector
<corpse> yeah i had the same problem. i litterly spent 24 hours trying to get my usb to boot
<ntenis> hello quys
<ntenis> has anyone installed remote desktop to a server installation ?
<corpse> im about to try to once i get my networking working on my server =P
<DrDamnit> ntenis: remote desktop uses vnc or some other type of software that "broadcasts" the xserver. So, there's no point since X is not install on server.
<corpse> the network says its up but i cant connect to apt-get update
<ntenis> i tried to installed gnome and vnc but when i do that then i am no longer able to ssh to the server
<DrDamnit> corpse: the repos have been having issues lately.
<ntenis> does anyone know why?
<DrDamnit> try to manually connect from another machine to see if they are up.
<corpse> yeah i have it running on this machine right now
<corpse> yeah i have it running on this machine right now;1 droped:0 overruns:0 frame:1  is there anyway to see that error?
<corpse> oops
<corpse> when i run ifconfig i get RX packets:863 errors:1
<DrDamnit> on which machines?
<corpse> my server
<corpse> i have a box right next to me that im trying to set up a fileserver
<corpse> and its been fighting me every step of the way
<DrDamnit> the one with the network problem....
<corpse> yes
<DrDamnit> has it ever worked (i.e., on 9.10?)
<corpse> nope this is my first attempt
<corpse> using 10.04 server
<ScottK> DrDamnit: If you didn't get it working yet, I understand usb-creator-kde doesn't crash.
<DrDamnit> try 9.10 first. It's quite nice. I am starting to have my doubts about 10.04. It's shiney and new, but seems to be buggy.
<DrDamnit> ScottK: Haven't gotten it to work yet. Tried the Universal USB installer from PenDriveLinux, and now working with Unetbootin. I'll try that next. apt-get install usb-creator-kde?
<DrDamnit> ScottK: the issue doesn't seem to be the bootable USB key thing... it appears anaconda is upset with me using a USB key rather than a CDROM. What do you think?
<ScottK> Yes.
<ScottK> I've done installs from usb sticks before.  The error sounded like it was confused about the path to the device.  That's why I was thinking there may be some data point that usb-creator sets that other methods don't.
<ScottK> Although, in fairness, my usb installs were desktops/netbooks, not servers.
<DrDamnit> corpse: I am booting with 10.04 Desktop into live mode to see if the live mode will work, and then see if I can see the CDROM and HDs, etc...
<DrDamnit> Yes. I have done USB on netbooks and desktops. This is the first server.
<DrDamnit> I agree it is confused about the path.
<DrDamnit> I also have a smart array i400P RAID controller n this.
<DrDamnit> so that may be making a difference.
<DrDamnit> booting into live mode doesn't see the raid controller.
<DrDamnit> nope. nevermid. It shows up as cciss not hdx sdx or scsix.
<DrDamnit> kernel supports the controller...
<DrDamnit> so that's good.
<ScottK> You could just install using the desktop installer and remove the desktop when you're done.
<deslector> hi, is there any ubuntu-based asterisk distribution out there?
<DrDamnit> corpse: on your file server that cannot access the repos... how many NICs do you have?
<corpse> DrDamnit: one
<DrDamnit> deslector: I am a dCAP. Not that I know of. Digium uses #PoundKey, which is based on rPath, which is based on Redhat.
<corpse> DrDamnit: im just kinnda new to linux so im running out of commands to help troubleshoot
<DrDamnit> are you wanting something like Trixbox?
<deslector> dragondon, dCAP?
<deslector> DrDamnit,
<DrDamnit> corpse: no worries. That doesn't mean that you won't either 1) have the answer or 2) light a firecracker in my brain causing an 'ah-ha' moment ot fix it. :-)
<DrDamnit> dCAP = Digium Certified Asterisk Professional.
<deslector> DrDamnit, oh, I see
<deslector> DrDamnit, yeah, something like trixbox would be nice, but based on ubuntu
<deslector> I like ubuntu much better
<DrDamnit> Not that I know of. Trixbox should be named KludgeBox. It sucks.
<DrDamnit> It's easier to just build what you need and write scripts to assemble it.
<DrDamnit> http://www.idlebraintime.com/2009/06/how-to-install-asterisk-16-on-ubuntu-904-server/
<DrDamnit> from my blog.
<DrDamnit> after that, grab freepbx.
<DrDamnit> and you should be good to go.
<DrDamnit> that most of what trixbox offers anyway.
<DrDamnit> what features do you specifically need?
<corpse> DrDamnit: so far i have set my static ip adress and host info. i am able to run a network restart without error. but i still can not connect to anything
<ScottK> I haven't tried it, but I know some effort went into the last cycle to get asterisk working well on Ubuntu.
<deslector> DrDamnit, well... not sure, only the basic stuff... basically, freepbx + fax
<deslector> conferencing would be nice too
<DrDamnit> corpse: I have had that issue before. It acts like there is an IP address conflict. Set the nic back to DHCP, and delete the static info that you put in there. Then get an address from your DHCP server, then reset the static ip address. Does the trick for me.
<DrDamnit> ScottK: Asterisk has always worked well on Ubuntu. At least since v7.
<DrDamnit> deslector: follow the guide i gave you. That will get asterisk working in Ubuntu.
<DrDamnit> Then install FreePBX according to its docs.
<deslector> DrDamnit, is it apt-get upgrade safe?
<|corpse|> sorry kicked the powercord out of the wall
<deslector> DrDamnit, the main thing I have againts CentOS-based stuff is that I'm never sure whether I can upgrade or not
<deslector> s/againts/against/
<DrDamnit> fax is still a bit nebulous, but you can buy the fax license from Digium, and it works REALLY well. It's relatively cheap. If you do the free one, you might be in for some headaches. The cheapest thing to do for fax; however, is to get an ATA and plug it into a real fax machine.
<|corpse|> lol i guess im dumb. after the reboot on my server from that power fail i can now update the repos
<DrDamnit> apt-get upgrade is safe. I do it all the time.
<DrDamnit> corpse: that's fantastic.
<DrDamnit> thank your foot.
<deslector> DrDamnit, oh, ok! thank you very much... I'll give it a try
<|corpse|> the guide im using donst state to reboot the pc, just to reset the network
<DrDamnit> deslector: if you ever blow asterisk up.....
<DrDamnit> just recompile and reinstall.
<DrDamnit> ./configure && make && make install && service asterisk restart
<DrDamnit> from the source dir.
<|corpse|> DrDamnit: do you know if its possible/ok to run a server as both a file server and a proxy for the rest of the network?
<DrDamnit> corpse: I don't see why not from a functional standpoint. From a security standpoint...probably not a great idea.
<|corpse|> ok, trying to maximize security with anonnymity
<|corpse|> and i really dont want somthing like tor running on my server
<DrDamnit> corpse: maximize security means you need to have a dedicated proxy.
<deslector> DrDamnit, just out of curiosity, any idea why most asterisk-distros prefer CentOS & Co.?
<DrDamnit> CentOS is based on Redhat. Asterisk was originally developed on a Redhat based system.
<DrDamnit> Digium has standardized on redhat based technologies.
<DrDamnit> but...what's interesting... is that most of the tech people who are there all prefer debian / ubuntu.
<DrDamnit> I assume the reason is because CentOS is RHEL's free version.
<deslector> DrDamnit, yeah, I know about RH-CentOS
<DrDamnit> corpse: are you going to anonymize your IP using the proxy?
<deslector> DrDamnit, I just don't see any advantage to use RedHat either
<DrDamnit> deslector: it's really personal preference.
<deslector> DrDamnit, yep... you're right
<DrDamnit> there's no disadvantage either.
<deslector> it is still weird that all of them (at least the ones I've seen) run on RH-based stuff
<deslector> someone should start an Ubuntu-based one :-)
<DrDamnit> someone should :-)
<deslector> ubuntisk
<deslector> lol
<DrDamnit> corpse: have you considered: http://www.endian.com/en/community/
<|corpse|> thanks ill check that out
<|corpse|> do you know how to change a bootlist on a device from the server command prompt?
<|corpse|> i can only boot to server with the usb stick in. it did not install the grub to the disk i installed ubuntu into.
<|corpse|> i just did an fdisk -l and relized that the its not listed under device boot
<DrDamnit> not off the top of my head, but I am guessing you can google it pretty easy. You need to install grub.
<|corpse|> yeah, iv been looking, thanks for the help. that endian looks really nice
<DrDamnit> ScottK: You da man! usb-creator-kde worked.
<ScottK> DrDamnit: Thank rgreening_.  He's the primary developer of the KDE front end for usb-creator.
<ScottK> Glad I could help.
<rgreening_> :P
<DrDamnit> done and done.
<DrDamnit> PM'd him.
<rgreening_> ty DrDamnit
<rgreening_> nice to see it useful
<|corpse|> hey, is anyone good with samba? im triny to install a server and when i do sudo smbpassw -a sample_user i enter the new password twice then i get the return " failed to add entry for user sample_user
<DrDamnit> corpse: did you say that you were just gietting a blinking cursor?
<corpse> nope
<corpse> i almost have the server all set up but now i just cant get my computer to connect to it properly
<DrDamnit> yeah. I got 10.04 installed, and now after boot, the cursor just blinks.
<corpse> my server comes up in networks and i can open that and see the workgroup file but i get cannot retrive share list
<corpse> hmm, i havnt run into that problem yet
<ScottK> DrDamnit: Try a different VT.  IIRC there's a boot time VT switching bug.
<DrDamnit> rolling back to 9.10.
<DrDamnit> VT?
<DrDamnit> ScottK: What VT?
 * ScottK doesn't recall which.  
<ScottK> There aren't that many to check.
<DrDamnit> ScottK: What is VT?
<ScottK> Virtual Terminal
<ScottK> You switch with alt (or ctrl alt, I'm really tired and don't recall) and F1 - F7.
<DrDamnit> gotcha.
<DrDamnit> I'll try
<DrDamnit> ctrl+alt says my ubuntu laptop....
<DrDamnit> F1-F6 are terminals, F7 X.
<DrDamnit> It posts, and looks like it is at the grub loading stage, but I never see grub, and I never see a boot.
<DrDamnit> VT's are all a cursor (if they are even loaded).
<DrDamnit> 10.04 appears too buggy for a production box.
<jbrouhard> DrDamnit, I find 10.04 to be perfectly fine
<jbrouhard> it could easily be a variety of problems in your case, unless you seriously investigate it instead of writing it off as "buggy"
<DrDamnit> jbrouhard: Works well on three other boxes, but I have been banging against one issue after another with this particular box. Rolling back to 9.10 to see if it is the version or the hardware.
 * jbrouhard suspects hardware
<jbrouhard> Or possibly the drive
<DrDamnit> already tested the drives. THey are brand new, and came back clean.
<DrDamnit> show up as cciss, and parition and format just fine. Live CD sees them and can work with them.
<jbrouhard> hmm
<jbrouhard> is there any thing different between the known-working boxes and the problem child ?
<DrDamnit> Completely different sets of hardware. The problem child is an HP ML150 G6, and the others are various ASUS and Intel boards. All 64bit.
<jbrouhard> I'd search forums for these
<DrDamnit> The primary issue is usually the hardware controller, and I know that 9.10 works well with this hardware set because I have an ML370 with the same configs and it works like a charm in 9.10. Ergo, why I am testing with 9.10.
<DrDamnit> *hard drive controller
<DrDamnit> When I installed 9.10, it installed without a hitch, then made me a cup of coffee, and drew me a picture of a smiley face.
<DrDamnit> ...on the ML370 that has the same HD smart array controller.
<DrDamnit> also, the other boxes were all updated using do-release-upgrade not a fresh install.
<DrDamnit> In Anaconda on the software seelction screen, What does "Virtual Machine Host" install? VMWare?
<DrDamnit> jbrouhard: 9.10 insalled like a charm.
<jbrouhard> sounds like a driver issue.
<jbrouhard> Doesn't make it buggy
<jbrouhard> isn't the ML150 a bit old ?
<DrDamnit> It's a G6.
<DrDamnit> brand new version
<DrDamnit> thanks for everyone's help. I am going to bed. :-)
<ruben23> hi guys how do i install this atheros ethernet card on my ubuntu-server 8.04------> http://pastebin.com/6RwKtran
<ruben23> any idea how to make it be detected
<ruben23> and can be used
<ruben23> hi guys..?
<deslector> hi, do you guys have any suggestion about good squid reports generator?
<Ian___> There is one in smoothwall ... may B U could find out what that is
<deslector> Ian___, is smoothwall based on ubuntu?
<Ian___> not sure
<Ian___> I should check .. have machine downstairs dedicated to just that
<Ian___> Based on Redhat originally
<uvirtbot> New bug: #584168 in mysql-dfsg-5.1 (main) "package mysql-client-core-5.1 5.1.41-3ubuntu12.1 failed to install/upgrade: package mysql-client-core-5.1" [Undecided,New] https://launchpad.net/bugs/584168
<aliverius> what remote management tools are there for ubuntu server? how well do they integrate?
<Andrew-by> As I see there is no Server Guide for the 10.4 version yet, is it?
<guntbert> !serverguide | andol
<ubottu> andol: The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<guntbert> soory, wrong nick
<andol> guntbert: no problem
<guntbert> that other guy was away so quick....
<dragondon> @dselector Not sure what that meant but that would mean I'm not the DD you are looking for :)
<uvirtbot> New bug: #584229 in logwatch (main) "missing named filter/service patterns" [Undecided,New] https://launchpad.net/bugs/584229
<Maleko> i have a question about manually compiling binaries in ubuntu server
<Maleko> when you compile stuff locally (with --prefix) does the resulted binaries usually contain hard coded path of their dir
<guntbert> Maleko: that would completely depend on the author's choice
<guntbert> Maleko: but I don't expect that often
<Maleko> well i am curious if the app that i have locally compiled on my server would work another ubuntu server
<Maleko> both are running the same ubuntu version
<guntbert> Maleko: I'd say "yes" generally, but why don't you just try?
<elnur> http://pastebin.com/BWA3nv9J It works with this configuration and asks for auth. But if I uncomment LimitExcept, I get Forbidden by default. But it's supposed to allow me for GET PROPFIND OPTIONS REPORT
<elnur> Any ideas why?
<elnur> http://pastebin.com/BWA3nv9J It works with this configuration and asks for auth. But if I uncomment LimitExcept, I get Forbidden by default. But it's supposed to allow me for GET PROPFIND OPTIONS REPORT. Any ideas why?
<elnur> http://pastebin.com/BWA3nv9J It works with this configuration and asks for auth. But if I uncomment LimitExcept, I get Forbidden by default. But it's supposed to allow me for GET PROPFIND OPTIONS REPORT. Any ideas why?
<elnur> Solved my problem by removing 'AuthzSVNAccessFile /srv/authz' line from the config
<Oddfellows> What is the command for enabling a module?
<Oddfellows> in apache
<ScottK> Any clamav users here with 10.04 willing to help out with some testing?
<deslector> Oddfellows, a2enmod
<RoyK^> Oddfellows: don't remember - the manual way is to make a symlink to it in /etc/apache2/mods-enabled (from mods-available)
<RoyK^> then restart or reload apache
<RoyK^> Oddfellows: https://help.ubuntu.com/8.04/serverguide/C/index.html <-- read that friendly manual :Ã¾
<Scunizi> to manually set a static IP address are there any additional files to edit other than /etc/network/interfaces and etc/resolv.conf?
<guntbert> Scunizi: if you change the network too you will have to adapt the routes  -- please see https://help.ubuntu.com/10.04/serverguide/C/network-configuration.html
<Scunizi> guntbert: thanks for the link.. the addressing will be within the same subnet as the dhcp'd computers.. I just want to fix the ip address to a higher static IP like 192.168.0.222 or similar.. keeping dns etc the same as the rest of the network
<guntbert> Scunizi: then you should be fine - but I "always" check against the guide (doing it too seldom....)
<Scunizi> guntbert: I know what you mean.. I had a 'hidden' server in the house with 8.04 for a while but havent used it in a while.. when I tried to fire it up to install 10.04 it was 2 hours of hardware diagnostics and swapping power supplies & ram around from other door stops that I have.. finally got one working and am in the middle of install now..
<dae_> Hi, I'm working on setting up SMTP-AUTH with postfix, basically following https://help.ubuntu.com/10.04/serverguide/C/email-services.html. The server has two interfaces, one towards the outside and one towards my internal network. What I want to achieve is to disable the support to accept a plaintext password send on the external interface. I'm using Dovecot SASL with mechanisms plain and login that in turn uses PAM. Following the g
<dae_> uide it seems I can login with a plaintext password now, but I only want to support that when using TLS.
<Scunizi> guntbert: on a side note.. when I sudo tasksel and choose FTP server.. which server is installed? and how much additional configuration is needed to actually get it working?
<dae_> So, I was thinking about using port 587 and require TLS on that port and only setup SMTP AUTH on port 587, and never allow relays on mail coming in on port 25. Will this work? Better solutions?
<guntbert> Scunizi: man tasksel tells you how to get most of that info
<Scunizi> guntbert: thanks
<guntbert> Scunizi: have fun :-))
<Scunizi> guntbert: thanks.. :0
<Scunizi> :)  Wish I could hit the shift key propertly.. fat fingers today
<guntbert> Scunizi: lucky if they are only today :-))
<dae_> Sorry for the long questions, setting smtpd_tls_auth_only = yes is actually all is takes to accomplish what I wanted to achieve
<Oddfellows> I have bind configured and installed, but if I dig my domain name it does not show my A record, what is wrong?
<Oddfellows> (Is this just a slow moment, or just am I disconnected?)
<baccenfutter> hi, what's my searchterm, if I want my local bind9 to resolve my dyndns internally and point the clients directly to the internal IP?
<Scunizi> guntbert: when restarting the netowrk service the link you gave me before used init.d like the older systems.. on 9.10 to present isn't is sudo service networking restart?
<Oddfellows> I have bind configured and installed, but if I dig my domain name it does not show my A record, what is wrong?
<guntbert> Scunizi: the traditional command will give you a hint "you can do it with  .... as well"
<Scunizi> guntbert: ok.. I'm use to the old way but getting use to the new way... if you don't play you forget :/
<guntbert> Scunizi: I just tried: etc/init.d/networking does its job, then there is sudo service networking ..., and then there is sudo restart networking
<axisys> how do I auto update the non critical pkgs.. currently i get notified through screen/email/motd and then run aptitude manually
<yosi1234> hi all
<yosi1234> Question - If I need to install the driver for the LSI RAID Controller 9260-8i on Ubuntu , which driver would be compatible from tehir website
<yosi1234> http://www.lsi.com/storage_home/products_home/internal_raid/megaraid_sas/6gb_s_value_line/sas9260-8i/
<guntbert> axisys: on a server thats a sensible thing I'd say
<yosi1234> Adaptec and LSI don't seem to have Ubuntu drives, just every other Linux OS - whats with that?
<axisys> guntbert: manual update ?
<guntbert> axisys: changing running applications is not that easy - so you choose the time when you want to do the upgrades
<axisys> i like to do auto update non critical pkgs.. like for example bybou
<axisys> i see some hints in here
<axisys> https://help.ubuntu.com/community/AutoWeeklyUpdateHowTo
<Scunizi> guntbert: FYI.... sudo service networking restart wasn't recognized... sudo /etc/init.d/networking restart worked with no prompt for an alternate command
<guntbert> Scunizi: I didn't ask what version you are running
<Scunizi> 10.04
<axisys> what i want to do is find a way to give the autoupdate a list of pkgs then I like to autoupdate.. but not all
<guntbert> Scunizi: same here - but the "new" commands seem to have some issues
<Scunizi> when initially logging in on the main box or via ssh.. server presents some system information.. how do I manually call that up when I want?
<guntbert> axisys: look at the aptitude part - you could even try to put aptitude safe-upgrade into a cron-job -- that never broke anything for me
<axisys> guntbert: cool!
<axisys> guntbert: thank you
<guntbert> axisys: no problem and Good luck :-)
<axisys> guntbert: so it does not upgrade kernel right.. let me read the man
<axisys> guntbert: so it does not upgrade kernel right?
<baccenfutter> hi, what's my searchterm, if I want my local bind9 to resolve my dyndns to the internal IP of my www server instead of passing the request to the authority?
<guntbert> axisys: hmm - without command switches it asks me "do you want to do that" -- which is bad in a cron job -- please really read the man page - as my "server" is only a VM I just do it manually
<axisys> markauto looks a good option
<axisys> so i can just pick my pkgs that i want to install automatically
<axisys> or upgrade
<yosi1234> Question
<yosi1234> If the Kernel 2.6.32 has native support for a device (MEgaRAID), you don't need another driver in the OS?
<ScottK> That should be correct.
<yosi1234> i come form the windows worls
<yosi1234> so just trying to learn
<maddhat> I'm trying to create a user for backups (need to ssh to the system).  how can i create a user with read only access to ALL files on the filesystem?
<yosi1234> u normally need a driver for everything
<ScottK> yosi1234: It's no problem for asking.
<Scunizi> I'm now having scp over ssh issues... mostlikely just me or something I haven't configured yet.. I can ssh into my server and ... scp my_machine@<IP Address>:/etc/samba/smb.conf server@<ip address>:/etc/samba/  ... is this the wrong syntax?
<maddhat> Scunizi: it looks right to me
<maddhat> but are you sure you have permissions to write in the destination location?
<Scunizi> maddhat: can you use sudo in conjunction with the scp command?
<guntbert> Scunizi: asfaik scp works only when one side is local so scp /etc/samba/smb.conf user@server:/etc/samba/
<Scunizi> ah.. syntax.. I'll try again..
<guntbert> Scunizi: where user should be root in this case
<Scunizi> guntbert: maddhat .. ok it worked.. sudo scp <user@IP Address:/etc/samba/smb.conf /etc/samba   ...
<Scunizi> makes sense now... but going the other direction the system should ask for a password for the machine on the receiving end.. right?
<guntbert> Scunizi: no, always for the far end, as you are locally authenticated anyway
<Scunizi> guntbert: I think that's what I mean.. If I'm on machine A that is ssh'd into machine B via terminal then in that terminal if I want to copy a file from B to A the previously mentioned syntax would be reversed and machine A would ask for a password (if copying to a "root" location).. Am I correct in that?
<Scunizi> ls
<guntbert> Scunizi: sorry, thats getting a little complicated for the local time of day :-), disregard what happened before and where your body is. just look at "where do I initiate scp  - that is local" and "where is the other side - thats remote"
<Scunizi> :) ok..
<Scunizi> guntbert: I just tested scp /etc/testfile.txt <username>@192.168.x.x:/etc/ .. that would be copying from the remote machine to the machine I'm at... it prompts me for a password and then says Permission Denied.. what am I doing wrong?
<maddhat> change the destination folder to the home directory of the user you are logging in as. see if you get the same error
<guntbert> Scunizi: remember "local" is the machine where the scp executable is occupying the cpu, "remote" is elsewhere - you always need to give user and password for the remote side
<Scunizi> guntbert: so local would be the machine that I'm ssh'd into because it thinks I'm there locally.... so when copying to the remote machine (the one I'm sitting at) scp gets a reqeust for a password from the remote machine.. no user name is mentioned most likely because I put that in the syntax.. ie. user@IP address:.. still says permission denied when I enter the password
<ruben23> hi giys anyone setup a production web server using apache2
<guntbert> Scunizi: try it local-local (at the machine where your body is): scp somefile localhost:~/someothername, should ask you for *your* password, than you can try the same approach from the other machine
<guntbert> Scunizi: but you can always initiate the transfer from the other machine too
<guntbert> s/too/as well/
<Scunizi> guntbert: I get the systems to ask for a password but after it's entered it is denied.. the pass on both machines is the same.. will that make a difference?
<guntbert> Scunizi: no difference - try with ssh localhost  - does that work?
<Scunizi> guntbert: I'll do that again.. didn't use localhost just a directory reference..
<ruben23> i giys anyone setup a production web server using apache2
<Scunizi> guntbert: yes that worked.. using local host.. it asked to add the RSA key and then asked for the password
<guntbert> Scunizi: and now try scp (with localhost) again, maybe the missing key was the issue
<Scunizi> guntbert: it did do it the first time with localhost after accepting the key.  and now functions the same without asking for acceptance of the key so it is stored.. however trying it from the machine that I'm sitting at in my terminal (not the ssh'd terminal).. and going to the remote machine, I'm prompted for the password, it's entered, then denied
<guntbert> Scunizi: and users on both machines are the same? and ssh in the same direction works?
<Scunizi> guntbert: users are different..  in the ssh terminal I just did a test..  scp /etc/testfile.txt <user>@192.168.x.x:/home/mark/ and it worked machine to machine .. . then I tried ... scp /etc/testfile.txt <user>@192.168.x.x:/etc/  .. it asked for the password and then it denied the transfer.. ???
<Scunizi> the only difference between the two is the location of where the file is going on the same machine.
<guntbert> Scunizi: you have to give the correct username for the target (where the scp executable is NOT occupying the cpu) and the appropriate password
<Scunizi> guntbert: so if I'm copying to a root location the user would be "root"?
<guntbert> Scunizi: yes, I think I said that some time ago :-))  but maybe it was in another conversation
<Scunizi> guntbert: tried that but it also didn't work :(
<Scunizi> guntbert: I tried the user name (the only user on the system) and root .. both ask for a password and both are denied.
<guntbert> Scunizi: please pastebin two lines for me: the command you use to ssh from your body to the server, and the command you give to initiate scp in the same direction (and please don't obfuscate usernames and addresses if possible)
<Scunizi> guntbert: http://ubuntu.pastebin.com/hczB6KsD
<guntbert> Scunizi: that was the scp part, now please with ssh (and once mark, once root)
<Scunizi> guntbert: how do you mean with ssh? how I actually log into the server?
<guntbert> Scunizi: yes, as scp use the same protocol as ssh I expect to get some info from that
<guntbert> Scunizi: I expect something like ssh mark@192.168.0.50 ....., and then ssh root@192.168.0.50....
<Scunizi> guntbert: http://ubuntu.pastebin.com/Tjr3q5V0
<guntbert> Scunizi: thats the other direction - I need the same direction as with scp
<Scunizi> .50 is the machine I'm sitting at.. can I ssh into this same machine?  .200 is the headless server
<guntbert> Scunizi: of course you could try - starting from the .200
<Scunizi> guntbert: didn't know if that was going to work but it did.. http://ubuntu.pastebin.com/2Z85Jaxy
<Scunizi> confusing redundancy if I had to do that all the time :)
<Scunizi> That is.. I ssh'd into the 200 machine and once there ssh'd back to the machine that I was on.
<guntbert> Scunizi: no , on .200 you type ssh mark@192.168.0.50 ..... then exit and type ssh root@192.168.0.50 .... and exit
<Scunizi> guntbert: ah.. the 200 is a headless server.. it would take me a few minutes to setup the monitor, keyboard and mouse.
<guntbert> Scunizi: nononono! just do it from your existing ssh session!!
<Scunizi> guntbert: ok.. I'm on the .50 machine.. here's the paste of me sshing into myself... http://ubuntu.pastebin.com/D0ZzNYRz
<Scunizi> guntbert: server=200 machine.. while ssh'd into the 200 I can ssh into mark@192.168.0.50 (where I'm sittting) but I can't ssh into root@192.168.0.50.    From a normal terminal on the 50 machine (where I'm sitting) I can ssh into server@192.168.0.200 but not root@192.168.0.200.. does that help?
<guntbert> Scunizi: thats not exactly what I wanted but it should do - you will have to enable root login via ssh - SECURITY RISK - edit (with root permissions) /etc/ssh/sshd_config: look for # Authentication: ..PermitRootLogin yes
<Zelest> having root logins enabled is indeed _very_ bad.
<Scunizi> guntbert: ok.. so as an admin of a headless server how does the admin take care of file transfers in the real world without PermitRootLogin=yes ??
<Scunizi> to a root location that is
<guntbert> Zelest: indeed
<Zelest> Upload it as a user. :)
<Zelest> then login and use sudo/su to move it to wherever it's needed.
<Scunizi> Zelest: ah ok.. a dual step process
<Zelest> Well
<Zelest> What files does requre root access normally?
<guntbert> Scunizi: upload it as a user ^^ , then ssh into the machine and copy/move the files where they should go
<Zelest> Most services Linux has to offer normally runs as non-root users and offer the services to user-account.
<cloakable> Well, PermitRootLogin yes and PasswordAuthentication no
<cloakable> :)
<guntbert> cloakable: was going to be the next step ... but I'm calling it a day now
<guntbert> Scunizi: have fun
<Scunizi> guntbert: ok.. but being a headless server I would ssh into it and copy files as a user to /home then move it with sudo to the right location.. thanks for the help guntbert.. it's appriciated
<guntbert> Scunizi: no problem -- g'night
<Scunizi> Zelest: If you're trying to copy a file from machine A to a root location on machine B I think you're saying that you can't do that unless you PermitRootLogin=yes.. do I have that right?
<Zelest> Scunizi, Logon to machine B, su up to root, then run scp to copy files from machine A. ;-)
<Scunizi> Zelest: ah the proverbial "assign root a password" thingy huh?  or is it sudo -i type thing
<Zelest> Scunizi, I still don't see what files we're talking about really.
<Zelest> Scunizi, I have assigned root a password on my machines as I'm not a fan of sudo. :-)
<Scunizi> Zelest: a smb.conf file on one machine that I want to move to anther
<Zelest> o_O
<Scunizi> Zelest: or say.. an entire cms package that needs copying to /var/www ..
<Zelest> You dislike a "dual step process", yet takes time to discuss how to do this the fastest way possible.. when it's infact ONE file you want to move? o_O
<Zelest> mkdir /var/www/foobar.tld && chown user /var/www/foobar.tld
<Zelest> ;)
<Scunizi> Zelest: wasn't looking for the fastest method.. just how to do it.. I wasn't being successful with scp
<Zelest> Ah
<Scunizi> Zelest: yes unless the cms package is already downloaded on desktop machine A and you need to move it to headless server B
<Zelest> How does that affect things? Simple create the root for the website and change the ownership of it before you upload it?
<Scunizi> Zelest: that would be almost the same as moving it to /home then cp to /var/www..
<Zelest> Yep.
<Scunizi> Can you use sudo in a scp command?
<Zelest> Nope.
<Scunizi> ah well.. it's always a learning experience isn't it?
<Zelest> Personally I run FreeBSD (doesn't matter really) on my webserver and have configured each website to the owners home-dir.
<Zelest> E.g, /home/zelest/foobar.com/
<Zelest> Then map the website in Apache's configuration
<Scunizi> Zelest: is that because /home is a different partition/drive?  more room?
<Zelest> That too, but mostly to eliminate the issue you're describing about having to move stuff around after it's uploaded.
<Zelest> I can simply manage web content with scp/winscp.
<Scunizi> Zelest: so does apache take care of the security access to your /home?
<Zelest> I've chmodded each homedir so only the user and www group can access it.
<Scunizi> 744?
<Zelest> The www user has uid 80 in FreeBSD. :-P
<Scunizi> I was thinking of the permissions.. not the uid..
<Zelest> Oh
<Zelest> 750
<Scunizi> ah
<Scunizi> and do you make www-data a member of your group or do you chown the directories to www-data and become a member of that?
<Zelest> Normally a friend or relative wonders if I can host a site for them.. then I reconfigure apache, create the dirs, chmod them, etc.. then give them the username/password.
<Zelest> Then they can upload/edit/whatever their data themselfs.
<Scunizi> nice.. you must be using a bussiness class internet service with static ip's or possibly using something like dydns.com ?
<penguin42> Scunizi: some ISPs provide fixed IPs for only a little extra
<Scunizi> penguin42: unfortunately Cox Communications wants you to "upgrade" to business class (ie tiered bandwidth cost) before getting a static ip .. :(
<Scunizi> I get much better bandwidth on their home service...
<MTecknology> how secure is samba?
<Zelest> Scunizi, I use my home connection with dynamic IP. ;-)
<Scunizi> Zelest: I do to..
<Zelest> I run a Ubuntu server for KVM, where I run several FreeBSD instances, each with a dynamic IP from my ISP (I get 10 IP's) .. :-)
<Zelest> The Ubuntu server also acts as a firewall as well as gateway for my personal LAN.
<MTecknology> Zelest: I could get 10 ip's if i wanted - but instead i just stick wioth the extra $5/mo and get 5
<Zelest> As for the dynamic part, the IP's only change if one of the machines is offline for more than 30 minutes or so.. and if that happens, I got bigger problems. :-)
<Scunizi> I have yet to create a fstab line to mount a samba share successfully with mount.cifs .. any advice?
<Zelest> MTecknology, I can't choose less IP addresses.. also, got 100Mbit/s uncapped as well. :-P
<MTecknology> Zelest: nice, what's that cost?
<Zelest> ~$57/mo
<MTecknology> wow
<MTecknology> Zelest: how do you pull that off?
<Zelest> I live in Sweden. :P
<MTecknology> I'm paying $40/mo for my personal connection for 15/1
<MTecknology> my business connection is 10/10
<Zelest> What country do you live in?
<MTecknology> us
<Zelest> Mind downloading something from my site in order to test what speed you get?
<MTecknology> ok
<Zelest> My guess is that my ISP's international routing sucks. ;)
<MTecknology> probably
<MTecknology> I'm streaming music now too - so I think that eats up 1mb
<JanC> I pay 35 â¬ / month for 20/1 now
<Zelest> http://www.ifconfig.se/random.junk
<JanC> well 30 â¬ for internet + 5 â¬ for raw copper
<Zelest> (dd if=/dev/urandom bs=1024 count=100000 of=./random.junk)
<MTecknology> Zelest: i assume you're watching the speed?
<Zelest> now I am.. lol
<Zelest> ~350
<Zelest> oh, nvm
<MTecknology> jnettop :)
<Zelest> peaked 1.2MB/s :o
<Zelest> or someone else downloaded at the same time
<MTecknology> Zelest: ya, about 350k
<MTecknology> Zelest: started off ~200
<Zelest> someone's downloading in 500-700Kb/s atm :P
<jpds> iperf is your friend.
<MTecknology> probably closer to you
<Zelest> As stated above, I run FreeBSD.. so I use systat ;)
<Zelest> systat -ifstat 1
<Zelest> :D
<MTecknology> jpds: pretty
 * MTecknology goes off to take out trash and make eats
<Zelest> MTecknology, well, works for being across the ocean and both of us using private connections :)
<JanC> Zelest: I get about 870 KB/s from you  ;)
<JanC> well more actually
<Zelest> JanC, What country?
<JanC> Zelest: from Belgium
<Zelest> Ah, nice. :-)
<Zelest> I remember when I was using another ISP, I had 10/10 but anyone outside Sweden could only push 150kb/s at most from me.
<MTecknology> Zelest: ya
<Scunizi> Ok.. # /etc/init.d/samba restart & /etc/init.d/smb restart & sudo service samba restart & sudo service smb restart doesn't work to restart samba.. How is it done in the server?
<jpds> Scunizi: Wasn't it smbd?
<Scunizi> jpds: on the desktop version of (k)ubuntu it's just samba... I'll try the smbd and see on the server
<Scunizi> jpds: that did it.. is that a change from 9.10 to 10.04?
<jpds> Possibly, with the Upstart changes.
<bondiblueos9> is there a package I can install to take snapshots from my usb webcam?
<bondiblueos9> from the command line
<failover> mplayer
<failover> https://help.ubuntu.com/community/Webcam
<Scunizi> what file do I look for my "network" name in?
<Scunizi> sorry "workgroup" name
#ubuntu-server 2010-05-23
<Oddfellows> I have apache all set up happy, but one of my virtual hosts says that, no matter what existing file I put in, it just throws a 404.
<Oddfellows> please help1
<Oddfellows> !
<penguin42> just one of them? The others are fine?
<Oddfellows> Yeah
<penguin42> anything odd about it compared to the others?
<Oddfellows> No.
<penguin42> hmm, not typo'd the path for it?
<Oddfellows> off to check
<Oddfellows> nope
<penguin42> what does apache have to say in its logs?
<Oddfellows> [Sun May 23 03:13:31 2010] [error] [client 24.113.225.222] File does not exist: /htdocs
<penguin42> does the host have unusual letters/characters/etc in its name? or some reason that its idea of the path isn't right?
<Oddfellows> No, no
<penguin42> curious
<Oddfellows> Curious"
<Oddfellows> "Curious" is not a word you want to hear, like "unspecified infection".
<penguin42> well it's got to be something that's different about that one
<penguin42> most likely a typo in the config
<penguin42> it could be a permission screw up I guess, but les slikely I'd say
<Oddfellows> Quoth the perl one liner, there is no (non-expected) differences.
<penguin42> well temporarily change the path to point at one of the other ones - does it work then?
<Oddfellows> ok
<Oddfellows> It works perfectly with the other dir.
<penguin42> so it's the dir not the config - change it back making sure it really does point to that dir
<Oddfellows> It works now, I think there was a typo in the dir.
<yosi1234> Setting up my first Ubuntu LAMP Server - is it fairly secure from the default install, or ar there some recommended steps to secure the box, worried about DoS attacked and brute force attacks over SSH and others?
<penguin42> yosi1234: brute force over ssh happens
<yosi1234> is there anyway to limit that
<Pici> Install fail2ban.
<yosi1234> like after 5 attempts it blocks their IP
<penguin42> yosi1234: so move the ssh port to something that isn't the default, set up firewalls to ensure you block all ports you don't want exposed externally; if you always ssh from the same place then firewall it to just those ports
<Pici> yosi1234: It does exactly that
<penguin42> and yeh use something like that
<yosi1234> thanks guys
<yosi1234> is fail2ban better than ip tables, just getin use to that
<yosi1234> also has anyone used Ubuntu server on ESXi?   I like the simple snapshot backup options of esxi, but don't want a performance hit...
<penguin42> it should work on ESXi, but you always get some hit
<yosi1234> does ESXi support backing up with snapshots, do do u have to pay for that?
<dasunsrule32> I am having some trouble with likewise-open5 after a do-release-upgrade from 9.10 to 10.04, the services dcerp*, eventlogd, and lsassd do not start. I can start them after I log in with a local account, and then log in with AD accounts. Anyone have some ideas.
<yosi1234> also i guess ubuntu server doesn't have to understand the RAID card, lsi 9260 if its sitting on a virtual enviroment, vmwars just has to understand the storage device
<dasunsrule32> I have completely removed and purged likewise-open and completely reinstalled with the same results.
<cabrey> Does ubuntu server automatically mount usb devices or do I have to manually mount them?
<cabrey> nevermind, had to do it manually
 * bintut waves
<bintut> anyone here uses aws particularly the ec2?
<bintut> any idea if there if amazon provides a test instance for people to play with it to be familiarize how it works?
<linux_is_my_hero> alright how do install "hwinfo" on my ubuntu server just using another computer that has internet, or the ubuntu server 10.4 live cd?
<linux_is_my_hero> my server has a wifi card that needs drivers so i can get to the internet and actually make it a server for when im away from home.
<Franch>  ldapadd -D cn=admin,cn=config -w password -x -f /usr/share/kyapanel/ldap/ldifs/phpgwaccount.ldif
<Franch> ldap_bind: Invalid credentials (49)
<Franch> need help
<Franch>  ldapadd -D cn=admin,cn=config -w password -x -f /usr/ldifs/phpgwaccount.ldif helpme ldap_bind: Invalid credentials (49)
<linux_is_my_hero> my network interface doesnt support scanning...what does that mean?
<linux_is_my_hero> :-(
<tonyyarusso> So, I'm half-considering using eBox on something.  The problem is, it appears that very few of the modules are in the official repositories even for Lucid.  So the question is, how safe is the ebox PPA, for a production server?  (It makes we wince to think about, but it may be the best bet for the situation.)
<SpamapS> clear
<SpamapS> haha doh
<yosi1234> anyone know the performance hit running Apache (LAMP) on ESXi vs On a dedicated server?   I'm concerned about network latency and hard drive latency
<yosi1234> anyone know the performance hit running Apache (LAMP) on ESXi vs On a dedicated server?   I'm concerned about network latency and hard drive latency
<_ruben>  yosi1234: its not that easy .. a VM on a beefy ESXi will perform much better than on a low-end dedi server
<simplexio> didnt latest vanilla kernel got some imprvements on that network latency side
<uvirtbot> New bug: #584484 in chkrootkit (main) "chkrootkit incorrectly identifies bindshell if mailserver runs tls" [Undecided,New] https://launchpad.net/bugs/584484
<Tweeda> my concern w/ ESXi (like any virt implementation) is resource contention from other VMs.
<uvirtbot> New bug: #584497 in landscape "The EC2 endpoint should be HTTPS by default" [High,Confirmed] https://launchpad.net/bugs/584497
<ne7work> hello all please someone help me with IDJC
<freewillie> Hello, I was wondering how to start apps on boot as deamon
<freewillie> I hope someone can help me a litle
<freewillie> I want to start my own java app and call of duty 4 server
<penguin42> freewillie: Look up docs on 'upstart' - you can put scripts in /etc/init that it will call
<freewillie> penguin42 I was that far, but then my apache server wouldn't start anymore
 * penguin42 hasn't really got to grip with upstart yet, I'm still a bit old school
<freewillie> penguin42, Coul it have something to do with paths?
<freewillie> penguin42, Oh ok
<penguin42> well paths are always good at breaking things :-)   Can you pastebin your script somewhere?
<freewillie> penguin42, ok
<freewillie> #!/bin/bash
<freewillie> java Main
<freewillie> thats all
<penguin42> I think there needs to be some headers to say when to start it and what has to happen if it crashes etc
<penguin42> freewillie: http://upstart.ubuntu.com/getting-started.html
<freewillie> thanks
<freewillie> penguin42, I think i can solve my problem i think
<ne7work> hello all please someone help me i have a problem with IDJC
<ne7work> i need to start IDJC ;(
<freewillie> ne7work, sorry, I can't help you
<ne7work> why?
<freewillie> I have no idea what IDJC is
<freewillie> What is it?
<ne7work> freewillie, Internet DJ Console
<freewillie> ah, i had problems to to run it
<freewillie> what is the problem excactly then?
 * penguin42 has ubuntu-server in a KVM guest booting off another KVM guest via iscsi
<RoyK^> lol
<RoyK^> why do you do that to yourself?
<penguin42> masochism?
<RoyK^> add a win2008 guest than, and then a few guests running on that
 * RoyK^ is off
<penguin42> so what's the right way to report a bug from a text mode ubuntu-server? will ubuntu-bug do something sane?
<elnur> Can I give create a user and give him SSH access to my server so that he can't access anything that is not in her home dir?
<elnur> er
<penguin42> :-)
<elnur> Can I create a user and give her SSH access to my server so that she can't access anything that is not in her home dir?
<elnur> Fixed :)
<penguin42> do you really want ssh or just sftp ?
<elnur> What is the diff between ssh and sftp?
<penguin42> sftp can just do file transfer
<penguin42> (I'm not sure if it's actually the same underlying protocol as scp or not?)
<elnur> It'll be better to give her ssh.
<elnur> So that she can edit files in her home dir.
<penguin42> ok, so I think the best you can do there is probably give her a restricted shell
<elnur> penguin42, I heard something about chroot. Is that what you are talking about?
<penguin42> no, I don't think chroot would work for a full ssh login, it can be done for sftp
<elnur> penguin42, then what?
<freewillie> SpaceGhostC2C: I am logging out, I will try the rubby stuff tomorow
<penguin42> a restricted shell (e.g. rbash) will restrict where they can cd to, but it's not really that protective
 * freewillie is leaving...
<elnur> penguin42, so, will it be much easier to just give her (s)ftp access?
<penguin42> yes, there is a chroot setup (somewhere) for sftp that should be pretty secure
<xperia> hello to all. i need some start up help with setting up ubuntu on a hp proliant ml 530
<elnur> penguin42, ok. thanks. i'll investigate it further.
<xperia> is anybody here who can advice me a little what is needed. it is enoght just to put the ubuntu server cd in te cdrom
<xperia> and connect over ssh to the server ?
<xperia> maybe a netwrok setup is better ?
<yosi1234> anyone here using ubuntu server on ESXi?
<yosi1234> i'm trying to figure out how much latency it adds to network and storage
<yosi1234> i have a very busy lamp server i want to virtualize
<ikonia> you asked this the other day
<ikonia> I told you the answer
<yosi1234> ikonia: you said that there was a performance hit, but I need to quantify how much..  tried to find something online, but no luck
<yosi1234> trying to figure out how many ms/ns on the network lag
<yosi1234> and any IOPS performance
<yosi1234> for storage
<ikonia> yosi1234: it's nothing to do with ubuntu, it's how you setup and manage your esx host
<ikonia> as I told you
<ikonia> so ask the vmware support people, if you have an esx host, you have access to their support resources
<yosi1234> no i have free esxi
<yosi1234> but you are right
<yosi1234> it maybe more of a question for them
<ikonia> esx works different than the free version, so you need to quantify which version you want to use with the vmware support groups
<yosi1234> fair enough
<yosi1234> i will try to see if they have a support channel for that stuff.. what do do like about it is the ease of backing up virtual disks, but no at the expense of performance
<yosi1234> I searched all over for a good ubuntu/linux baremetal backup solution but can't find any, but acronis, but it doesn';t support ext4
<penguin42> yosi1234: You could run lucid with ext3 I think
<yosi1234> any ext4? support?
<yosi1234> oh, u mean the OS, there is also backup software called Lucid
<yosi1234> LOL
<yosi1234> prefer ext4, on the raid adpter the performance is much better on ext4
<RoyK^> just got a nagios message - data is running low, only 3,5TiB left
<RoyK^> ext3 is safe
<RoyK^> rock stable
<RoyK^> well-proven
<RoyK^> ext4 is newer
<yosi1234> true...
<yosi1234> good point..
<RoyK^> the latter is better for large volumes, BIG files etc
<RoyK^> but I'd stick with ext3 for now
<yosi1234> maybe acronis on ext3 is a good solution then
<RoyK^> for storage?
 * RoyK^ uses opensolaris + zfs for storage
<yosi1234> yes
<yosi1234> for a LAMP server
<RoyK^> zfs beats the whole gang
<yosi1234> hi volume, high traffic
<RoyK^> how much do you need?
<ikonia> ext3 will be fine
<yosi1234> need bare metal backup option
<RoyK^> a terabyte? 10? 100?
<yosi1234> fair enough
<ikonia> yosi1234: just take regular dd images of the disk
<yosi1234> 2 TB, but 15 concurrent users
<yosi1234> 15,000
<ikonia> yosi1234: or make a kickstart profile of the machine and just backup the application data
<RoyK^> that's access, not users
<yosi1234> its a realtime collaboration site
<RoyK^> yosi1234: 2TB will work fine with any FS, except perhaps UFS
<ikonia> RoyK^: you'd probably get away with it even on ufs, although at the upper end of the limit
<yosi1234> fair enough...  one sec, pgone call, shit...
<yosi1234> phone call
<yosi1234> brb
<RoyK^> ikonia: yes, it'll work with ufs as well, but I wouldn't recommend it
<RoyK^> zfs ftw!
<ikonia> god no
<RoyK^> god? which one? anyone seen him?
<RoyK^> or her?
<RoyK^> it
<Tonny_Bennet> Ã¯Ã°Ã¨Ã¢Ã¥Ã² Ã¢Ã±Ã¥Ã¬
<cloakable> o.o
<Theravadan> that worked Tonny_Bennet
<Theravadan> I've upgraded from 8.04.1 to 9.10 so far, now doing 10.04
<Tonny_Bennet> Ã Ã¬Ã¥Ã­Ã¿ Ã¥Ã±Ã²Ã¼ Ã¯Ã°Ã®Ã¡Ã«Ã¥Ã¬ÃªÃ  Ã± ssh Ã±Ã¥Ã°Ã¢Ã¥Ã°Ã®Ã¬ Ã¯Ã®Ã¬Ã®Ã¦Ã¥Ã²Ã¥?
<jpds> Theravadan: You know that you can do 8.04.* to 10.04 ?
<Theravadan> jpds, well from 8.04 you can but right now it's not possible from 8.04.1+ until a few months from now
<jpds> Theravadan: Try: do-release-upgrade -p
<Theravadan> jpds, what does the -p do?
<jpds> Upgrades to a proposed release.
<Theravadan> jpds, read that from the docs, how is that different from running w/o -p?
<jpds> It will actually upgrade a hardy box to lucid.
<Theravadan> jpds, whoa that would have saved me a lot of time.
<jpds> Time is money. o/
<Theravadan> jpds, got that right!
<uvirtbot> New bug: #578064 in php5 (main) "php5 crashed with SIGSEGV in start_thread()" [Undecided,New] https://launchpad.net/bugs/578064
 * RoyK^ encrypts all his data with rot-13 - TWICE
<guntbert> RoyK^: well done for double measure :-)
<RoyK^> security is my profession
<bondiblueos9> is there any way to know how much data has been written to a tape drive?
<RoyK^> not really
<bondiblueos9> thanks guntbert
<RoyK^> whatever process that writes it needs to keep track on it
<bondiblueos9> just realized it was more relevant here
<bondiblueos9> RoyK^, do you know if there is a way to make tar output the size of what it has written?
<RoyK^> I think -v says that
<RoyK^> testing.....
<bondiblueos9> RoyK^, -v says the file names when writing, and when viewing with -t it says the file sizes
<bondiblueos9> RoyK^, but when its done I need it to tell me the total size, taking compression into account
<RoyK^> question is, why are you using tar for backup?
<RoyK^> it's 2010, not 1980
<RoyK^> open backup solutions like bacaula are far better
<bondiblueos9> RoyK^, I'm using it to write to a tape drive; I looked into using dump, but the files are on an ntfs drive
<bondiblueos9> I happen to have a tape drive, and I figured I'd clear some old backups and files off a couple harddrives onto a few tapes I have
<bondiblueos9> and tar is very simple and straight forward
<ne7work> hello all
<RoyK^> bondiblueos9: it's very simple, yes, but that's it
<ne7work> i have problem with my creative audio driver
<ne7work> http://pastebin.com/sFt9iazc
<ne7work> please someone help me
<chrismsnz> Hey guys, do you know of a PPA that can provide a version of innodb plugin for mysql compiled against the lucid version? we're having no end of trouble here
<RoyK^> bondiblueos9: using a proper backup system will make life easier
<RoyK^> chrismsnz: mysql in lucid should support innodb quite well
<chrismsnz> RoyK^: well, we wish to use some of the new features like fast index creation on innodb
<chrismsnz> stuff that isn't supported until mysql 5.5, or whatever they decide to name the next release
<sherr> ne7work: Did you read through the Ubuntu Forums thread about Creative Labs XFI driver compilation on Linux? Whatever, I would say that compiling an audio driver in this channel is off-topic really.
<sherr> ne7work: http://ubuntuforums.org/showthread.php?t=870001
<RoyK^> chrismsnz: I'd say install mysql from source into another directory
<chrismsnz> RoyK^: I'm doing that now :( Was hoping to avoid it, oh well :|
<RoyK^> or pay someone to backport it
<RoyK^> seems to me it's an engine rewrite
<chrismsnz> that someone very well may be me
<RoyK^> not merely a module
<chrismsnz> it's a storage engine plugin
<ne7work> sherr, and again i have error
<ne7work> i make all of these thread step by step
<ne7work> and i have errors?
<RoyK^> isn't mysql 5.5 still in beta?
<chrismsnz> RoyK^: yes, thats why we're not running it
<chrismsnz> however, mysql 5.5 has merged in the new innodb changes from the innodb project
<chrismsnz> but they also release the new work as a plugin for earlier versions
<RoyK^> chrismsnz: what do these changes do to performance?
<chrismsnz> it's improved, but there's other good features in there too
<chrismsnz> fast index creation is killer - no longer requires a temp table when adding an index to a table
<RoyK^> anything you can't do better with postgresql?
<chrismsnz> RoyK^: been barking up that tree as well :P
<chrismsnz> mysql has a lot to answer for to us... we've got a lot of coupled code
<chrismsnz> i.e. working around its broken optimiser
<RoyK^> so rewriting it to psql will cost a little
<chrismsnz> yeah, we are using an abstraction layer, but some work will be required
<chrismsnz> considering waiting until drizzle is released, psql 9 and whatever mysql brings out by then and doing a shootout between them
<chrismsnz> seeing if it's worth a move
<RoyK^> imho psql beats the shit out of mysql at most work
<chrismsnz> ya, replication tho is a pita until 9 tho, right?
<RoyK^> I don't think it's really well integrated until 9
<RoyK^> some parts exist in 8, but not in the main tree
<RoyK^> seems postgres is in opensolaris still
<RoyK^> nice
<RoyK^> I guess Oracle will kick that out soon
<chrismsnz> heh
<chrismsnz> oracle are strange
<RoyK^> not strange
<RoyK^> jut money-eating parasites
<chrismsnz> they own innobase, which is the main/best storage engine for mysql
<chrismsnz> but they still seem to be chugging along
<chrismsnz> i notice all the drizzle guys who used to work at sun got out of dodge when oracle bought them
<chrismsnz> work for rackspace now
<RoyK^> I just work for an air research institute in norway
<RoyK^> we have tons of data and we need zfs to handle it
<chrismsnz> ah true
<RoyK^> EyjafjallajÃ¶kull has been filling up our drives with ash for some time
<JanC> soon you'll have btrfs  ;)
<RoyK^> in one, perhaps two years, yes
<RoyK^> currently btrfs is quite useless compared to zfs
<chrismsnz> zfs is awesome, that's for sure
<chrismsnz> you can FUSE it if you're really desperate
<chrismsnz> but opensolaris isn't bad
<chrismsnz> RoyK^: have you used nexenta?
<chrismsnz> http://www.nexenta.org/ a very interesting project
<RoyK^> only tried it
<RoyK^> went back to osol quite quickly
<chrismsnz> not so good?
<RoyK^> larger userbase on osol, thus better support
<RoyK^> from the community
<chrismsnz> ya
<chrismsnz> I work for an ecommerce company in NZ, so no massive storage requirements
<chrismsnz> but our database is becomming a problem
<RoyK^> what is "massive storage"?
<RoyK^> 10TB?
<chrismsnz> guess so
<chrismsnz> we use MogileFS to manage stuff like product images and other stuff
<RoyK^> we're extending our zpool to 50TB these days
<JanC> heh, I know people who have a multiple of that at home  ;-)
<JanC> (I don't want to ask them why they need that)
<chrismsnz> heh
<RoyK^> this is a nice box http://pastebin.com/hCHtteKt
<RoyK^> this is also a rahter nice box http://pastebin.com/9kDJw9Gw
<chrismsnz> nice :D
<RoyK^> the 16-core baby has been chewing ash for a week or so now
<RoyK^> did't really cost a lot - NOK 43k
<chrismsnz> doh
 * RoyK^ hands chrismsnz a doh-nut
<chrismsnz> :)
<RoyK^> what was that doh about?
<Theravadan> I added "postgres         hard    nofile          300000" to limits.conf but I can't raise the no files via ulimit, anyone know why?
<jeeves_Moss> can anyone reccomend a good brute force SSH password cracker?  I want to test how secure my router's SSH is
<bondiblueos9> lol of course you do
<bondiblueos9> but seriously, would that even work?
<jeeves_Moss> what do you mean?
<bondiblueos9> i mean, wouldn't the ssh server decide to stop responding and block after several failed attempts?
<jeeves_Moss> lol,  I want to test it!
<jeeves_Moss> that was the point of my request
<bondiblueos9> and even if it didn't, wouldn't brute forcing take forever, like more than a few seconds for each attempt?
<jeeves_Moss> 'meh, I've got time, and it's internal to the network
<bondiblueos9> I don't mean to shut you down; I'm curious like that too
<jeeves_Moss> ohhh
<jeeves_Moss> well, as I said, I want to test just how "hard" DD-WRT has their SSH attack blocking.  Personally, I don't belive that it's as strong as tehy claim
<bondiblueos9> but even if there is no ssh brute force cracker, you could just think of how many possibilities you'd have to brute force for a password of your length, average case (half of worst case I think, ie half of all of them)
<bondiblueos9> and then think about how long each attempt would take
<bondiblueos9> and then you shoudl know how long it would take on average to brute force your password
<jeeves_Moss> lol,  it's 12 car long, capitals, numbers, and specials.
<JanC> jeeves_Moss: you use passwords with ssh ?
<jeeves_Moss> JanC, ???
<JanC> please read the ssh manual about ssh keys and disable all password logins  ;)
<bondiblueos9> I use passwords with ssh because i'm too lazy to set up keys and everything I use isn't really a security concern to me; then again I could set up keys and claim I did it because I'm too lazy to remember passwords
<jeeves_Moss> lol
<jeeves_Moss> yea, well, I ~could~ do that, but....
<bondiblueos9> although, at least you can use passwords from anywhere
<jeeves_Moss> this is VERRY true!
<bondiblueos9> I mean, I guess you could use a key from anywhere too
<jeeves_Moss> anyways, scratch that.  Next project for this afternoon.  Getting TLS working.  <ugh>
<bondiblueos9> if you happen to have the keyfile on you
<jeeves_Moss> I hate e-mail servers.  it's offical!
<JanC> seriously, if you don't care about login into your router from some random other computer, why do you care about password strength  ;)
<JanC> and password login throtling etc.
<JanC> how do you know that random PC has no trojan or whatever?
<JanC> anyway, there are lots of brute force cracking programs that you could use with any tool you want (they generate a password and supply it to whatever program you want)
<killown> do anyone know the location of dialog scripts from Ubuntu-Server CD INSTALL who are responsible by manage system install?
<RoyK^> Jeeves_: install fail2ban
#ubuntu-server 2011-05-16
<greppy> Mean_Admin: it works for me.
<greppy> I have 3 systems using it currently, and have access from my android to it as well.
<greppy> haven't tried to set it up without x11, but they have a howto or faq or something for doing that.
<malev> hi there! In my server sometimes (more frequently than what I'd like) I start getting this:  [malev@~] free-bash: fork: Cannot allocate memory  what can I do to debug it?
<malev> where can I search for the error?
<missil> hi all i need server lessons - configuring and setting up virtualization in ubuntu server - struggled to get vms running now i cannot connect to the vms or launch virt-manager due to a gtk error
<RoyK> &
<qman__> malev, looks like you're out of memory
<qman__> check out what's using it with top or a number of other tools
<malev> qman__, I'm using it, but check this oout: Mem:    524800k total,   375728k used,   149072k free,        0k buffers
<malev> I still have some memory
<malev> or 512MB si too low?
<qman__> 512MB is low, but if you still have 149MB or so free, that's not the cause here
<qman__> have you set limits?
<qman__> also, if what you're trying to start needs more memory than what is available, that error would result
<malev> qman__, no that I remember, how can I check it?
<qman__>  /etc/security/limits.conf or /etc/security/limits.d/
<malev> qman__, it's all commented
<qman__> check the number of processes as well
<qman__> ps aux | wc -l
<qman__> should be a few hundred or less
<qman__> depending on what you have running
<malev> qman__, oks, I'll run ti, but riight now I'm low of memory and I have to restart :)
<malev> qman__, you think that with 1Gb of memory I wont have that kind of problems?
<qman__> not necessarily
<qman__> your memory isn't totally full, which indicates something else is wrong
<qman__> without limits set, normally the system won't stop you unless it's literally out of resources
<qman__> there may be default limits now, though, I don't know for sure
<malev> [malev@~] ps aux | wc -l     ->19
<qman__> take note of it when the server starts acting up
<qman__> maybe make a script that runs it every few seconds or so and logs it
<malev> that's a good idea
<qman__> cannot fork; could not allocate memory means that it literally could not acquire resources to fork
<qman__> so if you're hitting physical limits, or set limits on memory or processes, that would do it
<qman__> finding the culprit is a little more difficult, but not too much
<malev> don't know waht is the culprit
<malev> qman__, thanks! I really apreciate your help!
<qman__> a good way to determine if it's physical or software limits would be to log on with another user
<malev> qman__, what is ps aux | wc -l   ?
<qman__> as limits are set per user
<qman__> ps aux lists all processes, wc -l counts lines
<qman__> so it's not an exact number but close enough to figure out what the problem is
<malev> qman__, you think in some moment I start to have a lot of proccess working?
<qman__> yes, it's possible you're suffering what is effectively a fork bomb
<qman__> and that test would show if that's the case
<malev> oks! I'm gonna work on that!
<qman__> if that number gets huge, in the thousands, that's probably the case
<qman__> whether it's malicious or just a misconfiguration or bug though, it won't tell you
<qman__> that requires more investigation
<qman__> in the process of your investigation, it might be a good idea to leave a root terminal open
<qman__> since root is allotted a small reserve of resources for these types of occasions
<malev> qman__, oks! i'll
<ranger03> how do i upgrade the kernek on ubuntu-server?
<ranger03> how do i upgrade the kernel on ubuntu-server?
<twb> ranger03: with apt-get, like everything else.
<ranger03> apt-get upgrade kernel-imageXXXXX ?
<ranger03> apt-get upgrade linux-virtual    <--is that correct ?
<Brandon_> I have been looking online on how to setup samba with user home directories (already did this), but I want it so when you type in the username of that directory and the password it connects. I tried doing the valid users = %s but when i try to map it the drive it says its mapped to a different username.
<koolhead11> hi all
<koolhead11> zul, ping
<Macer> hm
<koolhead11> hi Macer
<ph8> hey all, i'm trying to set my samba permissions right (file level) - i can get read access and write access if I set 777 on the directory, but what group is samba trying to access it as? I see smbd processes running as root and nobody but i've tried chgrp -R'ing the whole share directory to those groups and setting 771 but no read or write!
<flowbee> my server got hacked and the vps provider shut it down because it was abusing dns providers or something.  is there a quick setup i can do to secure my box?
<flowbee> i.e. what steps do i need (disable root ssh, only allow for key based ssh; changing ssh ports etc)
<ebrown> aku
<greppy> flowbee: it depends on how they got in.
<flowbee> how do i add a user to sudoers file.... so that i have to enter prompt for password
<greppy> flowbee: %sudo ALL=(ALL) ALL
<greppy> change %sudo to a username
<greppy> %sudo means anyone in the sudo group.
<flowbee> got it
<twb> Or just "sudo adduser fred sudo"
<twb> i.e. add fred to %sudo
<twb> I'm not sure if, unspecified, you are always prompted for a password, or if caching is allowed
<flowbee> trying to follow this guide http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/
<flowbee> getting to: Restrict access to /bin/su to admin group members:;;; sudo dpkg-statoverride --update --add root admin 4750 /bin/su  => dpkg-statoverride: An override for '/bin/s' already exists, aborting.
<twb> flowbee: there's no point locking su, just ensure root doesn't have a password
<greppy> flowbee: how did they get in?
<flowbee> greppy, i have no idea.  but i did have ssh for root
<twb> Oh, he was compromised.  In that case, he should do a fresh install
<flowbee> even tho the password was pretty solid
<twb> Consider everything on the system compromised unless proven otherwise
<greppy> == twb
<flowbee> oh i did
<twb> flowbee: password-based access should be disabled
<flowbee> i wiped it
<flowbee> and i'm securing now
<flowbee> going to do key based auth only now
<flowbee> good luck getting it this time fuckers
<flowbee> excuse my french; just upset i got hacked
<w00> if you host a vulnerable application they will get back in..
<flowbee> and i was referring to hackers; not you guys :)
<twb> I also use kernel-based IPS instead of denyhosts/fail2ban
<greppy> flowbee: while a good idea to secure auth, it is very likely that they got in through something else.
<twb> http://cyber.com.au/~twb/doc/iptab
<flowbee> it amazes mee
<flowbee> how people can exploit stuff
<twb> greppy: yeah, it was probably because he's running fucking phpmyadmin or so
<flowbee> no i'm not
<flowbee> at least i dont think it is
<twb> flowbee: are you running any PHP at all?
<greppy> flowbee: I've had boxes compromised because someone had an out of date php calendar app
<flowbee> wow
<flowbee> i dont run php; unless their ubuntu stack has it installed
<greppy> what do you use the box for?
<flowbee> LANGUAGE = (unset),LC_ALL = (unset),LANG = "en_CA.utf8"
<twb> flowbee: well, good
<flowbee> this box will be used to break apart my backend tasks from my webserver
<flowbee> cuz my backend tasks are bringing down my web app/mysql instance
<twb> What's its IP?  I'll throw openvas at it
<flowbee> no php is running
<flowbee> twb, one moment let me finish attempting at 'securing it'
<flowbee> although given my record
<flowbee> not sure how awesome i'll be at it :)
 * greppy jumps into the van to go break a switch and a router.
<twb> flowbee: pfft, if it has an IP now, it doesn't matter if *I* know it as well
<flowbee> haha
<twb> greppy: bricked it, eh?
<greppy> twb: nah, ROMMON upgrade
<greppy> have to be on site.
<twb> Bleh
<twb> This is why my routers run either ubuntu or openwrt
<twb> Well, OK, my procurve is running some Lucky Dragon junk
<greppy> ubuntu and/or openwrt don't support the types of interfaces, much less the load
<twb> Fair enough
<ebrown> hardy heron
<ebrown> blankOn
<ebrown> Mint
<ebrown> Vinux
<ebrown> Wkeh wis
<flowbee> getting: perl: warning: Setting locale failed.
<flowbee> how do i get my locales working (for aptitude)
<jmarsden> sudo dpkg-reconfigure locales  # probably
<twb> jmarsden: actually for me on Ubuntu it's "locale-gen en_AU.UTF-8; update-locales LANG=en_AU.UTF-8"
<twb> Last time I looked Ubuntu did some silly thing where you either did that, or (by default) you got 200MB of English locales for tbird and oo.org on your headless server
<flowbee> damn
<flowbee> installed ufw and now i cant ssh anymore
<flowbee> i thought this guide was supposed to be good
<twb> flowbee: if you follow "some guide I found", you are on your own
<flowbee> heheh
<flowbee> do you folks have a simple firewall your recommend?
<twb> flowbee: netfilter
<flowbee> is there some weird ssh setup i have going on where i cant log into my box with multiple ssh sessiosn: ssh_exchange_identification: Connection closed by remote host
<Syria> Hello, I want to enable  mod_rewrite ubuntu server 10.4.2
<Syria> How can i do this?
<ph8> more of a question for ##apache
<ph8> but there is good documentation on the internet for this
<ph8> look for information about RewriteEngine On
<jmarsden> Syria: sudo a2enmod rewrite
<Syria> jmarsden Thank you.
<jmarsden> Syria: You're welcome
<Syria> ph8 thnx :)
<ebrown> hahahahahahahahahahahha
<ebrown> hahahahahahahahahahahahahahahaha
<twb> flowbee: no, what you've done is drop NEW ssh connections
<twb> flowbee: your existing connection is allowed because it was up before you started ufw
<flowbee> i'm still getting ssh_exchange_identification: Connection closed by remote host even though i'm set up to use key based auth (at least .ssh dir is)
<flowbee> and ufw isnt currently running
<ebrown> !seen twb
<ubottu> I have no seen command
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<ebrown> ?
<pedrocr>  I just booted a computer after a motherboard swap. It has two raid arrays running over the same 4 disks. The raid5 array apparently resynced and is now working. The raid1 array is working but degraded with only 2 of the 4 disks. all disks seem to have some smart errors on bootup but nothing else. any ideas on what this could be and how to repair the raid1 array?
<pedrocr> mdadm --re-add seems to be working
<pedrocr> I wonder why this happened at all
<pedrocr> I've configured smartmontools now
<elijahsh> Hi! I'm configured pppoe client on my 10.04 server. Everything work fine except when my provider lose my connection. Ppp tries reconnect several times and stop with no luck. Where I can change the number of tries and timeout between them?
<afeijo> hi guys, I'm trying to setup a dns server in a new server here, I installed bind9 and configured it, it appear to be ok. Do I need to config something in my dsl router and/or the workstations?
<afeijo> do I need dhcp at my server?
<afeijo> route cmd at my laptop show as default to 10.0.0.250, it should be 10.0.0.1 (this is the server ip)
<uvirtbot> New bug: #783480 in php5 (main) "Invalid multiarch patch" [Undecided,New] https://launchpad.net/bugs/783480
<zul> does anyone know why we dont have things like php-imap in main?
<lynxman> zul: I think it's because libc-client is in universe as well
<zul> lynxman: yeah it should probably change to make the merge easier
<lynxman> zul: think so as well, it makes sense
<uvirtbot> New bug: #783487 in apr (main) "Please sync apr 1.4.4-1 from Debian Unstable." [Undecided,New] https://launchpad.net/bugs/783487
<hallyn_> zul: gmornin'!  Were you planning on sending the libvirt patch to send 'container=libvirt' through ENV to the libvirt mailing list?  (If not, I"ll send it, but I don't want to take any of your credit :)
<zul> hallyn: i wasnt but go ahead
<hallyn_> zul: ok, will do.
<_ruben> afeijo: uhm, dns and default routes are pretty much unrelated
<lynxman> zul: oh btw is the LXC libvirt problem fixed in natty or still in progress?
<zul> lynxman: well uds was last week so...still in progress ;)
<lynxman> zul: fair point :D
<lynxman> zul: tbh I'm still suffering from UDS, hardly productive today
<hallyn_> zul: don't suppose you're bored and wnating to implement debian networking support for netcf?  :-)
<zul> lynxman: hah your flight wasnt as long as some people ;)
<hallyn_> It should've been on uds agenda, oh well.
<zul> hallyn_: netcf?
<lynxman> zul: it was, I had to do a 4 hours connection at heathrow ;)
<zul> lynxman: only? :)
<lynxman> zul: yeah, uphill through the snow between T5 and T3 :D
<zul> it snowed?
<lynxman> zul: nope, just wanted to add drama to my story
 * zul is not awake
<zul> oh
<afeijo> _ruben, I'm quite lost right now :(
<hallyn_> zul: netcf is what libvirt uses to automatically manipulte networking
<_ruben> afeijo: you might wanna describe more clear what your actual goal is here, what is the dns server to be used for for instance
<afeijo> _ruben, new ubuntu 11.04 x64 server installed a few days ago, now I need to configure a dns server at that server, the IPs are been distributed by the dsl wifi router, I installed and configured my local domain with bind9. Do I need to do any settings at the router now? or to each linux/mac/windows station?
<zul> hallyn_: ah ok
<SpamapS> hallyn_: was it you that was trying to have irssi not highlight a window whenever there are joins/parts/nicks/etc. ?
<hallyn_> SpamapS: nope
<hallyn_> SpamapS: mine (when i use irssi) doesn't do that
<hallyn_> zul: patch is away
<zul> hallyn_: cool
<a7ndrew> i'm none too sure about NFS: anyidea why the uid and gid on the client side would show as '4294967294' and nothing sensible? and why root wouldn't be able to see the subdirs?
<lynxman> a7ndrew: that sounds like your client is interpretating the -1:-1 of the nobody:nobody gid and uid to the maximum uid/gid available
<a7ndrew> lynxman: thanks, interesting hint. Just chowning the dir to root:root didn't work :P
<Daviey> Yeeeeeeeeeeehaaaaaaaaa!
<hallyn_> Daviey: gmornin :)
<Daviey> hallyn_, Hello sir!
<Daviey> You were missed last week..
<hallyn_> :(
<genii-around> a7ndrew: According to https://help.ubuntu.com/community/NFSv4Howto#Troubleshooting "all directories and files on the client are owned by uid/gid 4294967294:4294967294) then you need to set in /etc/default/nfs-common: NEED_IDMAPD=yes and restart nfs-common "
<Daviey> hallyn_, Having a beer over webcam didn't really fit, but the thought was there.
<robbiew> hallyn_:  FYI...I placed an order for some Toshiba AC100 netbooks (ARM based), planning on giving you one for LXC development/testing this cycle
<robbiew> and loan one to upstream (daniel?)
<hallyn_> robbiew: neat!  will be great to finally be able to test that
<hallyn_> yeah, daniel would be good.  I gather he was there in person last week?
<hallyn_> Daviey: i had a cold affligem in the fridge :)
<Daviey> heh
<robbiew> hallyn_: yeah, we briefly met...and I told him I'd get him hardware
<robbiew> order is already placed
<a7ndrew> genii-around: thanks, i've been reading that, I restarted nfs-common on the client, now the directory is owned by nobody:nogroup, still cant chown to root, still shows no subdirs. Feel i'm getting closer though.
<a7ndrew> funny directory, that one. Root doesn't have permission to remove it, and its too busy to be unmounted
<hallyn_> zul: drat, i don't think libvirt folks will take your patch.  But they point out we can use the LIBVIRT_LXC_UUID the same way.
<zul> hallyn_: doh!
<ScottK> NCommander: For your armel server spec...  The image you're talking about won't talk to the serial port by default like the current headless images will it?
<NCommander> ScottK: we were looking at implementing a way to switch that
<ScottK> Most non-dev server people don't use serial.
<ScottK> NCommander: I think it's worth mentioning in the spec then.
<NCommander> ScottK: I disagree, I used to use serial for server management primilary and I know several organizations that do so as well.
<ScottK> NCommander: OK.  Some do.  Some don't.
<ScottK> In any case, the server ISO default install targets small deployments (since any non-trivial deployment will preseed/roll their own), so serial by default isn't the right answer.
 * ScottK still thinks NCommander should put it in the spec.
<NCommander> ScottK: it will be in the spec
<ScottK> Great.
<ScottK> Thanks.
 * NCommander is writing the specs up now
<ScottK> Yep.  I'm getting mail from LP about it.
<NCommander> ScottK: well I broke the super-spec into a lot of smalelr ones, you can see the dependnency tree
<ScottK> NCommander: Would you please subscribe to them then so I can follow along?
<NCommander> ScottK: are you in the ubuntu-armel team?
 * NCommander was going to add the armel team to all the specs
<ScottK> No.
<zul> NCommander: how did you break down the spec?
<NCommander> zul: see dependency tre: https://blueprints.launchpad.net/ubuntu/+spec/server-o-arm-server
<zul> NCommander: cool can you put a note in the whiteboard
<NCommander> zul: k
<zul> thanks
<roasted> So I'm running 11.04 desktop edition and I have dhcp-server installed... but under service--status-all I have no listing of it. ?
<SpamapS> roasted: service--status-all .. not sure what you mean by that
<SpamapS> roasted: did you mean 'service  --status-all' ?
 * SpamapS suspects yes
<uvirtbot> New bug: #783541 in samba (main) "pam_smbpass should not check that it is running as root" [Undecided,New] https://launchpad.net/bugs/783541
<roasted> yes
<roasted> SpamapS, what is isc-dhcp-server?
<roasted> could that be it? It's currenty disabled.
<SpamapS> thats the dhcp server I'm sure
<SpamapS> that command needs some help btw
<roasted> that wasn't like that for 10.10
<roasted> sigh
<roasted> constant changes. I can't keep up with this!
<roasted> do you know how I would start dhcp on 11.04?
<SpamapS> because dhcp was moved to upstart for 11.04 IIRC
<SpamapS> roasted: did you try 'service isc-dhcp-server status' ?
<roasted> says dhcpd is not running
<SpamapS> roasted: would you expect the OS to never change? ;)
<SpamapS> roasted: you may want to stay on LTS's if thats the case.
<roasted> I do for mission critical stuff
<roasted> this is my laptop we're talking about
<roasted> but I do imaging from my laptop, hence the dhcp
<roasted> just kind of irritating when commands are changing so frequently, even for 6 mo releases
<roasted> anyway, how would I get the service going? All previous commands I remember are, of course, not working.
<SpamapS> roasted: ok well it may be that it failed to start because your network wasn't up when the system started
<SpamapS> roasted: does your laptop have statically configured networking then I presume?
<roasted> I would presume so, as I plugged in after we wereup and running
<roasted> yes
<SpamapS> the supported way to start any service is 'sudo service xxxx start'
<roasted> bingo
<roasted> failed
<roasted> lol
<SpamapS> roasted: dhcpd will fail if the exact interface it is configured for is not setup right
<roasted> it gets set up through FOG, which Im trying to install
<roasted> I never had to configure it prior
<SpamapS> what is FOG ?
<roasted> think of ghost
<roasted> except it doesn't suck
<roasted> and it's free/linux based
<SpamapS> cool
<roasted> FOG = Free Open(source) Ghost
<roasted> where are dhcp configs stored? I can just copy it from my 10 10 install
<SpamapS> Ok, well then it sounds like FOG must be started before isc-dhcp-server
<SpamapS> roasted: /etc/dhcp/dhcpd.conf
<SpamapS> roasted: I take it FOG is not in Ubuntu?
<roasted> It's a .tar.gz I have to install
<roasted> installs in terminal from a .sh file or something
<roasted> I've installed it hundreds of times. the installer does all of the work for you pending answering a few questions
<roasted> dear unity. stop freezing. thx.
<SpamapS> roasted: ah, ok, well if the installer configures the network.. does it just modify /etc/network/interfaces or try to do something else clever?
<roasted> I have to set up a static IP first.
<roasted> then I run the installer and it asks if the IP I have is the one I want the server configured for.
<roasted> I say yes and it does the rest for me.
<roasted> setting up a 192.168 scope, which is the pool that my laptop uses when I image
<roasted> rebooting. fn unity
<roasted> now that I rebooted maybe itll be running
<roasted> since Im plugged in
<roasted> ah, nope. definitely isn't running.
<roasted> hm
<roasted> my dhcpd file is fine on 11.04. it matches identically to my 10 10 install
<AlexMax> The last time I restarted my server, SSHD did not come up.  I'm not really familiar with upstart, how can I tell if openssh is actually attempting to start at boot?
<AlexMax> I have no idea if it's not being started at all, or if it's being started and not working
<AlexMax> My host was able to start ssh manually from the terminal
<shaggster> Ok anybody have an idea why apache would be running under limited permission, getting an error through php fopen() failed to create stream permission denied running a script that creates a file. Everywhere i search says to chmod it 777 but i  would like to not have it risk that, but it does work I verified it.. running 10.10 Enterprise cloud
<shaggster> futhermore something very interesting is the file acctually gets created, but can't see it unless i upload something else to the directory.. refreshing or changing dir doesnt show the file..
<flowbee> hi folks;  i'm getting: ssh_exchange_identification: Connection closed by remote host
<flowbee> ssh_exchange_identification: Connection closed by remote host .... when i try to initiate a second ssh session to my ubuntu 10.04 server.  i have allowed key based auth
<hallyn_> zul: do you care one iota if i go ahead and modify lxcguest to handle libvirt without your patch right now?
<hallyn_> (i assume not)
<zul> hallyn_: hella no
<hallyn_> :)
<hallyn_> all right i'll do that today and then drop the patch from libvirt after jdstrand reviews the rest of my proposed merge
<hallyn_> thanks
<hallyn_> jinkeys, debian's dvtm is old old old - still has the fd leak from a year ago
<Gunni> what command was it again to see what libraries a binary uses?
<genii-around> Gunni: ldd
<Gunni> ty
<kpettit> Any suggestions on a good blocklist program?  Trying to get a generic blocklist I can use to block IP address and such
<genii-around> !info dansguardian
<ubottu> dansguardian (source: dansguardian): Web content filtering. In component universe, is optional. Version 2.10.1.1-3 (natty), package size 484 kB, installed size 2396 kB
<kpettit> genii-around, I'll check it out.  It looks like it's web specific though.
<genii-around> Yep
<kpettit> I'm looking for something that's more generic.  Basically block all ports to known bad IP addresses.
<genii-around> Why not just add those IP to your hosts.deny file
<kpettit> genii-around, I do, as I find them.  But it's a pain to keep up with.
<kpettit> I'm using fail2ban for some stuff.  And I see other bad stuff in the logs.  But would feel better if I could use a community block list as added protection.
<Daviey> kpettit, Using others blacklists is generally discouraged TBH.
<Daviey> (other than for Bayesian)
<kpettit> I can see the reasoning on that.  This is for a couple of dev type servers that normal public users would be using.
<kpettit> Just trying to figure out the lowest effort way to have better security.  Looking at all the fail2ban logs scare me abit.  Tons and tons of bot attacks
<surjikal> Hey guys, I just imported a VM of ubuntu 10.04 server 32bit that I setup at home on vbox. Now I'm at work and obviously, the fqdn is wrong. Is there a way to reconfigure the network completely, like it was done during the install?
<Daviey> kpettit, well if you know exactly who is connecting to the servers, use whitelisting :)
<SpamapS> surjikal: the hostname is recorded in /etc/hostname , if you have a static hostname, thats the place it should be. Note that there are some other things that may need updating as well, like /etc/mailname
<kpettit> I would if it was the same IP addresses.  The guys I have going to it rove around alot.  Going in from a starbucks, home, library, etc.
<surjikal> SpamapS, in /etc/hostname, I only see my hostname. Is there something I can enter there to change the fqdn?
<SpamapS> surjikal: if you edit that file, you can run 'sudo hostname `cat /etc/hostname`' to set the system wide hostname. Note that services may not pick up the new hostname until they are restarted.
<surjikal> I changed /etc/hosts
<SpamapS> kpettit: you want a VPN solution of some kind then.
<kpettit> probaly.
<SpamapS> kpettit: the closest thing to a decent block list is denyhosts .. and its barely more than no protection at all.
<kpettit> VPN's always seem kind of painful to setup.  KNow of a good one that is faily easy to use?
<SpamapS> kpettit: I've always used OpenVPN but I don't know how good or easy the frontends are.
<kpettit> SpamapS, I think your right about VPN though.  I've just been avoiding it becuase of pain with them in the past.
<kpettit> I don't care so much about hte front end.  I'm ok with the CLI stuff.  Last time I tried OpenVPN though it was fairly painful to do a simple VPN for a few people
<SpamapS> kpettit: if you have control over the remote machines its pretty easy to put a shell script or batch file together that starts and stops openvpn automatically w/ client certs for auth..
<kpettit> SpamapS, your right.  I'll give it try.  Thanks for the suggestion.
<MTecknology> !away > smb-afk
<ubottu> smb-afk, please see my private message
<zul> Daviey: when you get a chance can you have a look at https://help.ubuntu.com/community/UbuntuBackports
<zul> doh...
<zul> i mean https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/778392
<uvirtbot> Launchpad bug 778392 in eucalyptus "[UEC 2.0+bzr1241-0ubuntu4.1] Unstable state for the iscsi daemon" [Undecided,New]
<Daviey> zul, looks like one for upstream comment i think
<stgraber> hallyn_: are you going to SRU bug 607636 ?
<uvirtbot> Launchpad bug 607636 in lxc "chardev: opening backend "pty" failed" [High,Fix released] https://launchpad.net/bugs/607636
<stgraber> hallyn_: if you don't have the time to do it, I'm fine doing it
<hallyn_> stgraber: please go ahead.  I do think it should be SRUd
<stgraber> ok, doing it now
<hallyn_> stgraber: thanks
<stgraber> uploaded
<RoyK> hi all. I just started virt-manager to add some drives to a test-vm, but then, I get this http://karlsbakk.net/virt-manager-issue1.png - can't see the old images, and can't create new ones - any ideas?
<RoyK> hm... seems I found the issue - it was trying to open som old storage files which had been removed
<RoyK> where does virt-manager have its config? I need to remove these from the 'known storage files'
<hallyn_> zul: if i give you a natty .deb for lxcguest, can you trivially test that it still does the right thing under libvirt?
<zul> hallyn_: sure i can probably do it tonight
<hallyn_> zul: http://people.canonical.com/~serge/lxcguest_0.7.4-0ubuntu9_amd64.deb
<zul> hallyn_: ok ill get to it tonight
<hallyn_> so long as that passes, i'll push it to oneiric.  (natty doesn't actually need it of course)
<hallyn_> thanks
<hallyn_> ttyl
<seaLne> how do you make ncurses not cause your eyes to bleed in natty (turn it back to normal blue colour)
<seaLne> very scary experience during an upgrade
<addisonj> wtf... why can i not ./run a progam from /tmp on 10.04 lts?
<soren> addisonj: Maybe it's mounted noexec?
<seaLne> no exec mounting?
<addisonj> its not a seperate partition
<addisonj> its just on .
<addisonj> oops /
<soren> addisonj: Maybe it's not executable.
<soren> addisonj: You're not exactly giving a lot of detail here.
<flowbee> hi folks... is there a fast way to move from debian etch => ubuntu 10.04 ?  i have a debian box on linode but id love to move to ubuntu
<addisonj> trying to install SAS, it unpacks its own java version to run an installer, which it unpacks to /tmp, i haven't been able to get it run, thought it was a path issue, but if i go straight ti the folder where the java binary is, it still says no such file or directory
<addisonj> -rwxr-xr-x 1 csroffice csroffice  65116 2007-10-05 03:19 java
<addisonj> http://pastebin.com/ec7VpzT3 there is the mount
<soren> addisonj: What exactly are the commands you're trying to run that fail?
<saveur7elf> hello)
<addisonj> the installer script unpacks its own java and a jar to run the gui installer, here is the actual command  ../../products/javaruntime__92280__lax__xx__sp0__1/bin/java -Xmx1024M -jar deploywiz/setup.jar -startuplocation /media/samba/SAS_9_2_3/Compresed/Linux_64bit/SAS_9.23_Linux_x64 -templocation /tmp/_setup29781
<saveur7elf> guys, Where I can get usb ubuntu?
<addisonj> its a relative path from the location of the jar to the unpacked location of the java binary, but it fails to find the binary (although that is a valid path)
<flowbee> hi folks... is there a fast way to move from debian etch => ubuntu 10.04 ?  i have a debian box on linode but id love to move to ubuntu.  but i'll still need to reconstruct my whole setup right?  there are no migrations scripts?
<maxb> saveur7elf: what exactly do you need, there are several forms
<saveur7elf>  mm... ubuntu 11.04 for usbflash)
<addisonj> I at first thought bash was bugging out on the relative path, but nope, even if i got straight to the directory, it won't run the binary, gives a no such file or path error, which noexec doesn't do correct?
<maxb> flowbee: you need a clean install for that
<flowbee> maxb, i guess i meant getting the configuration and packages off of debian and onto ubuntu
<maxb> saveur7elf: live system? installer?
<saveur7elf> installer
<addisonj> flowbee, what configs? are you talking like apache? or your gnome and everything?
<flowbee> addisonj, i mean like the mysql config/apache config/etc
<flowbee> and bash stuff
<maxb> flowbee: no special tooling, just normal file copy/backup tools
<addisonj> do a fresh install and just move em over, probably the easiest way
<flowbee> yeah
<RoyK> hi all. I have qemu/kvm setup on this ubuntu 10.04 machine. after adding some test disks, I want to remove them, but it seems virt-manager can't do this and removing them manually just messes up virt-manager. any idea where these are referenced and how I can remove that?
<flowbee> how long will 10.04 lts be supported for
<addisonj> 3 more years? something like that
<maxb> saveur7elf: you probably want the boot.img.gz disk image from any mirror
<RoyK> flowbee: LTS is five years for server, 3 for desktop
<bluethundr> hey guys, I am looking for a way to add the backports repository to a 9.04 (jaunty) server
<bluethundr> https://help.ubuntu.com/community/UbuntuBackports
<addisonj> so about 4 more years of support now
<RoyK> addisonj: yeah
 * RoyK still runs 8.04 on some servers
<addisonj> anyways... back to me issue... yep, pretty much absolutely flumoxed as to why this is acting this way...
<flowbee> so done with debian
<flowbee> everything will be running 10.04 now
<RoyK> :)
<Macer> blah
<flowbee> how do i change default editor to vim?
<soren> bluethundr: Jaunty is dead. Move on.
<RoyK> flowbee: see /etc/alternatives - there's an editor symlink there
<RoyK> flowbee: or just set the EDITOR variable
<bluethundr> soren this is a production server.. it moves onto the current release when the senior sa says it does :)
<uvirtbot> New bug: #783699 in php5 (main) "package libapache2-mod-php5 5.3.5-1ubuntu7.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/783699
<RoyK> http://imgur.com/gallery/0pxaV
<SpamapS> bluethundr: has that senior sa decided to backport all relevant security patches to jaunty? Poor sod.
<bluethundr> heh
<Pumpkin-> or vetting every security announcement to see if it impacts them, or getting appropriate signoffs to not patch it
<Pumpkin-> I'm glad I make those kind of decisions
<soren> bluethundr: Production servers that don't receive critical security updates. Fascinating. What was your IP again?
<bluethundr> soren, my IP is xx.xx.xx.xxx
<soren> bluethundr: I thought it might be.
<bluethundr> lol
<uvirtbot> New bug: #783706 in php5 (main) "package libapache2-mod-php5 5.3.5-1ubuntu7.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/783706
<roasted> So... question... let's say I want to rsync my home directory to a samba share. Well, CIFS mounts to .gvfs... wouldn't I create an infinite loop by rsyncing /home/user to /home/user/.gvfs/network_storage/user?
<RoyK> just use --exclude
<RoyK> or -x aka --one-file-system
<roasted> RoyK, do you know of any rsync GUI's that have this option? I'm trying to help my parents set this up with the NAS I left behind.
<RoyK> nah - I only use the commandline
<roasted> yeah, me too
<roasted> maybe I should just walk them through forwarding SSH so I can get in there
<roasted> what exatly doe s"one file system" do?
<roasted> doesnt sound too descriptive at first glance
<RoyK> it doesn't follow mounts
<RoyK> so if you rsync / and /blah is mounted, that won't be rsync'ed
<roasted> it seems as if grsync has a "do not leave file system" option
<roasted> which, when you hover over it, notates -x and --one-file-system
<roasted> so if I'm rsync'ing /home/fred to /home/fred/.gvfs/network_storage/fred, how does that "doesn't follow mounts" apply? I'm not entirely sure I understand.
<RoyK> check with 'mount'
<RoyK> if it's listed there, it won't be backed up with -x
<roasted> so that would thereby include .gvfs as "mount" when its checked
<RoyK> is it listed if you type 'mount'?
<roasted> uh
<roasted> hang on
<roasted> it doesnt say exactly .gvfs/network_storage/fred
<roasted> but it says something about .gvfs fuse
<roasted> daemon etc
<RoyK> dunno if rsync will exclude fuse mounts
<roasted> damnit
<roasted> I wonder if there's a way to tell
<roasted> like to see what command this gui is using
<RoyK> just try
<RoyK> you'll see the loop if it happens
<roasted> thats the problem
<roasted> I won't - they will, and they won't even know it
<roasted> :P
<roasted> I just did a quick test bed here with my laptop and a tes CIFS share
<roasted> looks like it'll work if I check that box in grsync
<roasted> I think they just have SO mcuh data that they cant tell if its looping or just working
#ubuntu-server 2011-05-17
<uvirtbot> New bug: #783747 in php5 (main) "segfault in zif_spl_autoload" [Undecided,New] https://launchpad.net/bugs/783747
<a7ndrew>  
<RoyK>  
<failover>  
<arooni> how do i upgrade my ubuntu server packages (specifically security ones)
<qman__> arooni, sudo apt-get update && sudo apt-get upgrade
<arooni> thank you
<qman__> use sudo apt-get dist-upgrade to install updates which require installing new packages
<arooni> also i'm looking for somethign to keep track of why i seem to run out of memory
<qman__> such as kernel updates
<arooni> i.e. when my app crashes its too late to figure out the culprit
<qman__> use top, or script something with free and ps to log
<qman__> so next time it happens, you have an idea of what was going on
<arooni> is there a package that does that nicely?
<arooni> how do i make bash my default shell
<RoyK> arooni: chsh -s /bin/bash [username]
<qman__> top is likely capable of doing what you want, but you'll have to dig deep in TFM to find the right switches
<qman__> I barely know the basics of it
<arooni> ERROR: APACHE_PID_FILE needs to be defined in /etc/apache2/envvars
<hallyn_> SpamapS: collectd lxc plugin - https://github.com/dotcloud/collectd/tree/lxc-plugin   seems right up your alley :)
<arooni> how do i recreate the /etc/apache2 folder?
<qman__> you could purge apache, then reinstall
<qman__> make sure you back up any important configs first
<julian_c> Would <dpkg-reconfigure apache2> work?
<qman__> I don't think so, but I haven't tried
<arooni> reinstalling i dont see /etc/apache2
<qman__> that's because you have to purge it first, not just remove
<qman__> apt-get remove --purge or just apt-get purge
<qman__> and the package is probably apache2-common
<arooni> i manually removed the /etc/apache2 directory
<qman__> yes, but you still have to purge the package
<qman__> or it won't install new configuration
<arooni> qman__, i purged it first (both apache2-common and apache2
<arooni> and reinstalled but i'm getting no /etc/apache2
<qman__> must be in a different package then
<qman__> ah
<qman__> apache2.2-common
<qman__> arooni, ^
<qman__> purge that, then reinstall, and it will recreate the configuration
<arooni> yup after you said that i purged every installed apache2 package
<arooni> and it worked
<qman__> I found that by using dpkg -L and some tab completion
<zul> hallyn_: http://zulcss.wordpress.com/2011/05/16/the-big-uds-o/
<uvirtbot> New bug: #783780 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.5 failed to install/upgrade: el subproceso post-installation script devolviÃ³ el cÃ³digo de salida de error 3" [Undecided,New] https://launchpad.net/bugs/783780
<hallyn_> zul: cool, thx
<maxagaz> hi
<maxagaz> how to chose which one to adopt between svn and git ?
<Corey> maxagaz: Git.
<Corey> It solves the branching / merging headache.
<Guest43057> bazaar
<Corey> Guest43057: Unless you're the Ubuntu project, bad idea. :-)
<maxagaz> Guest43057: can I use bazaar over git ?
<fallous> bazaar is pretty craptacular in my experience
<AlexMax> The last time I restarted my server, SSHD did not come up.  I'm not really familiar with upstart, how can I tell if openssh is actually attempting to start at boot?
<AlexMax> I have no idea if it's not being started at all, or if it's being started and not working
<AlexMax> My host was able to start ssh manually from the terminal
<Proz01d> noob question.....need to transfer files to my server and from my server. nothing is installed yet... all i have is a web based vnc access.  I'm trying to setup openssh as we speak  but need to get the keys transfered so i can connect..
<Proz01d> any ideas....
<koolhead11|afk> Proz01d, do you have password for the same server? So in order to transfer key you can log in there 4 once?
<jmarsden> Proz01d: Or, use ssh the other around ... ssh from the server command line *to* an sshd on your local machine?
<greppy> Proz01d: you could put your public key on the remote server with just a copy & paste, if you can do that over webvnc that is.  the ssh key files are plain text.
<Proz01d> <koolhead11|afk: yes i have the password
<Proz01d> greppy: the web interface doesn't let me cut and paste... :(
<Proz01d> it's java based Xen
<Proz01d> trying to test my openssh install / config and i get..
<Proz01d> connection closed by UNKNOWN when i do "ssh -v localhost"
<jmarsden> Proz01d: What did you do to your server??  sudo apt-get install openssh-server   # should just work.
<Proz01d> damn it.
<Proz01d> well i was follwing a guide that was telling me to change the configurations etc.
<jmarsden> Lesson #1: Quit following guides.
<Proz01d> lol
<jmarsden> I am 100% serious.
<jmarsden> They may be old, they may be inaccurate... if you do not understand them and agree with their ideas, don't follow them.
<jmarsden> So now you get to   sudo apt-get purge openssh-server   and then   sudo apt-get install openssh-server    # and see if that fixes it.
<Proz01d> will that remove all the configs?
<jmarsden> Yes.
<jmarsden> apt-get remove leaves the configs, apt-get purge ... purges the config files .
<Proz01d> i did the remove last time
<arooni> ok i think i finally have an apache question.  i want to test that my apache/app config is working before i make mydomain.com => newly set up server.  right now i have ServerName and ServerAlias set... is there a way for me to directly address this particular virtualhost by ip/port?  and how would i add that to the apache config?  ps there are two rails apps running on this box
<Proz01d> same error
<jmarsden> arooni: Make that virtual host the first one and it should be the default one.
<arooni> jmarsden, how do i know which is first/second.  all i know are the two sites are already enabled via a2ensite
<jmarsden> Proz01d: OK... so does    sudo netstat -ntl | grep :22     # show you that something is listening on port 22 ?
<Proz01d> i'm purging the client as well
<koolhead11|afk> arooni, in the virualhost file you can specifically mention which port it has to run
<arooni> koolhead11|afk, awesome; do you know which config option that is
<koolhead11|afk> namevirtualhost and port
<koolhead11|afk> arooni, lemme recheck :P
<jmarsden> arooni: I think you can just make the filename under sites-available/ be alphabetically first ... I've not done it for a while :)
<Proz01d> jmarsden: cleaned everything up and i do have listeners on 22 for ip4/6
<Proz01d> there we go
<Proz01d> !
<koolhead11|afk> arooni, Listen and port number :)
<koolhead11|afk> Proz01d, seems that will solve your issue :D
<jmarsden> Proz01d: OK... next time... don't mess with config files you don't understand, that do not need to be messed with :)
<Proz01d> trying remotely.... from my local machien.... hope this works
<Proz01d> :)
<koolhead11|afk> arooni, http://ubuntuforums.org/showthread.php?t=1440839 :D
<jmarsden> if you need to add your public key to the remote server's authorized_keys file, use  ssh-copy-id user@remoteserver.example.com   on your local machine to do that.
<Proz01d> my local machine is windows
<Proz01d> and i'm trying to connect via putty
<arooni> its working now!
<arooni> man it took longer than i thought to get my ubuntu server running like my debian 4.0 one was
<arooni> always longer than you think
<jmarsden> Proz01d: ick.  OK, use pscp to copy the files you need, if you have to do it the hard way :)
<Proz01d> wow... so much easier when i take your advice... no guides!
<jmarsden> :)
<Proz01d> i just want to secure this a little
<jmarsden> Against what?
<Proz01d> anything..
<Proz01d> i'm just using defaults right now..
<jmarsden> The only way to secure a machine against "anything" is to disconnect it from the Internet and bury it in a concrete box :) :)
<jmarsden> What are you worried about, in the realm of "security"?
<Proz01d> shuoldn't i use non standard ports.. disable password access and use keys instead...
<Proz01d> those were some readings from guides
<jmarsden> Random script kiddies?  Your government agencies?
<Proz01d> both
<Proz01d> paranoid :)
<Proz01d> it's my first server...
<Proz01d> lol
<jmarsden> Using keypairs is a good idea... that is what I thought you were copying the public key file for.  Did that work?
<jmarsden> The non-standard port thing is... well, it's your choice.  adding denyhosts is also one way to reduce the clutter from automated attacks on port 22.
<Proz01d> i'm a little lost on PKI....
<Proz01d> the pub / private keys generated on the server.  i should grab the pub key and copy it to my local machine and i should be okay to connect right?
<jmarsden> Other way around... generate a keypair locally on your desktop PC, then copy the public key from it to ~/.ssh/authorized_keys and set the permissions correctly.
<jmarsden> Oh, and if you use Putty I think you have to convert the key from Putty's format to normal ssh format...
<koolhead11|afk> hi RoyK
<Proz01d> by normal you mean openssh key?
<jmarsden> Proz01d: yes.
<jmarsden> I've not used putty for a long time, though.
<jmarsden> When I need to use Windows machines for this sort of thing, I tend to install Cygwin (bigger, but much more unix-like shell environment, so more useful)
<Proz01d> this is going to be the death of me.... the authorizedkeys files is supposed to be located in "%h/.ssh/authorizedkeys
<Proz01d> according to my config but no such dir or file exists..
<Proz01d> i need to create this manually?
<Proz01d> i'm guessing %h means /home/[user]?
<joschi> Proz01d: yes. but the file is named 'authorized_keys' by default (mind the underscore)
<arooni> how do i make it so that a user still has to sudo ; but doesnt have to type password
<arooni> each time
<Bashew> Hi everyone, I have a bit of an issue. I have a server I'm going to colo but I'm experimenting right now. My server has only 1 network card eth0, with ips 192.168.1.[30-34]. I want to selectively forward ports from individual IPs to certain VMs, and have certain VM's send their traffic out of certain IPs
<Bashew> like on 192.168.1.32:80, go to one VM whereas 192.168.1.30:80 goes to a completely different one
<Bashew> arooni, if i remember correctly, sudo shouldn't bother you for a password for 15 minutes after you first use it
<Bashew> arooni, i haven't tried this myself but you could give http://www.webupd8.org/2010/04/how-to-change-sudo-password-time-out-in.html a try. just give the timeout a big number
<jmarsden> arooni, Bashew: You can set that to whatever you want in /etc/sudoers, the default is 15 minutes.  The setting is called timestamp_timeout
<arooni> you would do that over not prompting for a pw?
<jmarsden> If you make it too big and go to lunch with your terminal unlocked, you are asking for trouble :)
<jmarsden> arooni: Once every 15 minutes, for sudo priviledges, is pretty reasonable... why is it a problem for you?
<arooni> i am just typing the pw a lot
<arooni> i guess from differnet terminals
<arooni> each time i have a different session open
<arooni> have to reauth
<Bashew> you could try using screen
<arooni> ok thats a cool idea
<arooni> i've heard of it before
<Bashew> open screen up on your first terminal, then on subsequent terminals, use screen -x
<Bashew> a side benefit is, if you ever drop your local connection, your stuff will still be up :)
<w00> arooni, or you could add something like this in /etc/sudoers: %wheel  ALL=(ALL)       NOPASSWD: ALL
<w00> arooni, so if you are in group wheel you don't have to type pass to sudo
<maxagaz> when I run rm /tmp/*, is there somewhere a log of all what has been removed ?
<maxagaz> if not, is it possible to set it ?
<Bashew> you could make a log every time you run it
<Bashew> rm -v /tmp/*  > /path/to/output.txt
<Bashew> but there are no logs
<uvirtbot> New bug: #783836 in openldap (main) "slapd syncrepl failing using SASL" [Undecided,New] https://launchpad.net/bugs/783836
<missil> hi all
<uvirtbot> New bug: #783864 in qemu-kvm (main) "need a versioned depend on vgabios" [Undecided,New] https://launchpad.net/bugs/783864
<airtonix> I have a ubuntu 10.04 server running apache2 containing two virtualhosts... same domain one is http the other https. currently they both serve files out of /home/ubuntu/vhostname/public_html but i want to move it to /var/www/vhostname/public_html . i can make this happen in the http vhost def file but not the https. when i make the relevant changes in the https vhost file and restart it fails and doesn't ask for the ssl cert password.
<remix_tj> airtonix: what's the error?
<remix_tj> check the error.log of apache
<airtonix> remix_tj: i have to check something to confirm... #httpd are being nazis and unhelpful
<remix_tj> :-)
<remix_tj> check the log
<remix_tj> and let me know
<airtonix> equiv of Oh hoho you're supposed to spell it "you're" not ur
<airtonix> anyway testing...
<koolhead11|afk> why i can`t ask a question at https://launchpad.net/cobbler  :(
 * koolhead11|afk looks at Daviey, 
 * Daviey hides
<Daviey> koolhead11|afk, So the launchpad cobbler project is not related to the upstream project management...  Do you have a question specific to ubuntu server?
<koolhead11|afk> Daviey, i have a question regarding cobbler on natty.
<Daviey> koolhead11|afk, The best place to throw that would be ubuntu-server mailing list tbh.
<koolhead11|afk> Daviey, i just wanted to know if its a good way to hardcode my local repo intp preseed file ?
<koolhead11|afk> *into
<Daviey> koolhead11|afk, it is 'a way'... if you are using cobbler purely for that, then it is purely overkill.
<koolhead11|afk> Daviey, cobbler import --mirror is not an option it seems in case of ubuntu :D
<Daviey> koolhead11|afk, If something isn't working that you expect it to, please raise a bug.
<Daviey> I know i haven't used that feature.
<koolhead11|afk> Daviey, but i cannot in launchpad
<koolhead11|afk>    /o.0\
<koolhead11|afk> Daviey, thanks.
<Daviey> koolhead11|afk: Hmm
<Daviey> koolhead11|afk: You can't in launchpad?
<Daviey> koolhead11|afk: Oh, raise a bug - do that here: https://bugs.launchpad.net/ubuntu/+source/cobbler/+filebug
<koolhead11|afk> Daviey, yay!! got it
<koolhead11|afk> Daviey, i was looking at https://launchpad.net/cobbler all this time
<uvirtbot> New bug: #783951 in libvirt (main) "Automatically add libvirt dnsmasq to resolv.conf" [Undecided,New] https://launchpad.net/bugs/783951
<bencer_> anyone with experience on multipath stuff? i've a lucid box attached to an emc san, dmesg reports qlogic driver load and i can see the 4 scsi devices created by the hba on dmesg, but multipath -l reports nothing
<bencer_> i've filtered out these scsi devices con lvm.conf but still nothing
<bencer_> running multipath on debug shows the scsi devices, but can't manage them: http://paste.ubuntu.com/608968/
<tyreza> hello there
<tyreza> how to check disk on ubuntu?
<patdk-wk> how do you mean?
<patdk-wk> df? smartctl? badblocks? ....
<Pici> fsck?
<tyreza> fsck
<a7ndrew> fsck checks filesystems, not disks. smartctl might be what you are after
<tyreza> i simply need to check filesystem on drbd
<tyreza> what i have to do ?
<Tensibai> Hi there
<Tensibai> May someone help me with preseed files ?
<tyreza> how to find drbd partition on my system ?
<patdk-wk> blkid?
<ppetraki> tyreza, shoudn't they be defined in your drbd config?
<tyreza> correct blkid
<tyreza> i find drbd  partition
<tyreza> normally it is in /dev/mapper
<tyreza> now how to fsck on that partitioN ?
<soren> drbd is not a filesystem.
<soren> fsck is for checking filesystem integrity.
<tyreza> what have to do to make a complete check on drbd ?
<dawolf123> Does anyone know where I can get a list of the maximums for ubuntu server?
<pmatulis> dawolf123: maximums?
<dawolf123> such as the maximum amount of memory, cpus, disk etc...
<RoAkSoAx> morning all
<RoAkSoAx> lynxman: pin
<RoAkSoAx> lynxman: ping
<lynxman> RoAkSoAx: pong :)
<pmatulis> RoAkSoAx: o/
<highvoltage> zul: something seems to be wrong with your blog configuration on planet, your post is summarized and links back to planet, so it's hard to find the actual entry to read it
<highvoltage> (been a problem for a while, not sure if it's intentional)
<jamespage> hey RoAkSoAx
<zul> highvoltage: yeah i know about it i havent figured out how to fix it yet
<RoAkSoAx> pmatulis: o/
 * zul kicks wordpress
<glen1> hey
<RoAkSoAx> zul: /me still waiting for endorsement :
<RoAkSoAx> :P
<zul> RoAkSoAx: everytime you ask ill kill a kitten ;)
<highvoltage> zul: mind if I look at it?
<RoAkSoAx> zul: ehehe
 * lborda hi folks
<lynxman> jamespage: James Page! o/
<jamespage> hey lynxman
<glen1> when I read about websites buying new hardware for their visitors, how do they know how much hardware to purchase?
<pmatulis> dawolf123: that is kernel-specific
<lynxman> glen1: simple logistics and previewing demand :)
<glen1> I see. So they simply say will have this many users so we need to deal with them
<dawolf123> k, thx
<lynxman> glen1: exactly
<glen1> So if I have 100 new customers a month, how would I calculate how much storage, cpu, ram they need. its something that i never knew thanks lynxman haha
<lynxman> glen1: you either allocate limited resources per user, otherwise you oversell the available resources and try to keep up with demand
<glen1> is there a comparison like say 1000 users per cpu?
<lynxman> glen1: your mileage may vary a lot, so there's no strict rule, it depends on what kind of services your users will be running
<glen1> ahh :) So kinda extrapolate a perfect situation. thanks lynxman
<lynxman> zul: you up for some packaging crack hell :)
<lynxman> glen1: no prob :)
<zul> lynxman: depends
<lynxman> zul: just wanted to poke your brain slightly with a couple issues I'm having
<zul> lynxman: sure ask away but im not very alert yet
<lynxman> zul: no worries, your half awakeness packaging expertise is way better than my fully aware one ;)
<RoAkSoAx> jamespage: James Page \o/
 * jamespage takes a bow...
<lynxman> RoAkSoAx: I was sitting one next to jamespage, he's such a gentleman and scholar
<lynxman> s/one/once/
<RoAkSoAx> how's everybody doing post-uds hangovers :)?
<lynxman> RoAkSoAx: I barely cope
<RoAkSoAx> lynxman: hehe I had to move and tide up my new place :S
<lynxman> RoAkSoAx: that'll keep you awake through jet lag
<RoAkSoAx> lynxman: I'm way past jet-lag by now :):D
<lynxman> RoAkSoAx: me too, going through London and back.. crossed the timezone twice :)
<lynxman> zul: is there any way to determine package install order? afaik there isn't
<zul> lynxman: not really an acceptible way why?
<lynxman> zul: I have a postinst script that fixes squid-deb-proxy config for unknown enviroments
<lynxman> zul: I was thinking of just creating a metapackage that gets the package and does the postinst config change, would that be kosher?
<zul> lynxman: you can use a pre-depends but thats frowned upon
<zul> lynxman: whats the problem you are trying to solve?
<MTecknology> I'm trying to use XIV on a Linux box. A storage admin gave me two LUN's. I used xiv_attach to get them seen my the disk. Now apparently they're being seen out of order. (/dev/mapper/mpath15 needs to be assigned to VolID 595). Wondering if by chance maybe someone in here has a clue about something like that...
<lynxman> zul: I need to change squid-deb-proxy config file, to allow ppa import and also open it to more nets than the default value
<zul> lynxman: why not talk to mvo about it then?
<lynxman> zul: I was also thinking of looking at the squid-deb-proxy code and just dotdee the config, but that's a bit more complicated and I would rather find a way around it for the moment
<lynxman> zul: did talk with him, I know the changed I need to do :)
<lynxman> zul: it's just the question of how can I modify the config so the metapackage installs fine
<lynxman> zul: another way would be creating our squid-deb-proxy package with debconf hooks attached
<zul> lynxman: i think you might want to do the debconf hooks and then we can preseed it with puppet or something
<lynxman> zul: can even preseed it from the metapackage, and proceed as we agreed with other default configs and have a puppet module as well for future "modification" from the sysadmin side
<zul> lynxman: that makes sense for me
<lynxman> zul: cool, I'll go that way then, thanks
<Daviey> lynxman: Have you spoken to mvo?
<Daviey> lynxman: If squid-deb-proxy introduces a documented interface for config management, then Orchestra can edit it as it sees fit.
<lynxman> Daviey: yeah, before UDS, he told me where to touch and how and such, but there's no debconf hooks to do so in squid-deb-proxy
<lynxman> Daviey: that's the issue, it's just a plain config file
<lynxman> Daviey: actually several of them
<Daviey> lynxman: Yeah..  do you have a diff of chanegs you want?
<lynxman> Daviey: I'll have in a few, was just agreeing with zul the best way to handle it
<Daviey> lynxman: Well seeing that changes you want to introduce, largely determines how best to handle it :)
<lynxman> Daviey: I see your train of thought :)
<Daviey> choooo chooo. :)
<lynxman> Daviey: I'll add debconf hooks in order to be able to a) add or remove access to different things (updates, ppas, etc) and also be able to add/remove networks to the ACL or just lift the acl completely
<lynxman> Daviey: after speaking with mvo the default acl makes not much sense in heterogeneous networks scenario
<lynxman> Daviey: it's limited to only private IP ranges
<Daviey> ahh
<lynxman> Daviey: and lifting the ACL will only mean that if someone knows the proxy they'll be able to proxy packages only
<lynxman> Daviey: and also it comes with access to ppa's disabled by default, and we want that for orchestra
<zul> why?
<lynxman> zul: because orchestra is in a ppa
<Daviey> i thought ppa.launchpad.net was added last cycle?
<Daviey> (to squid-deb-proxy)
<lynxman> Daviey: it's added but commented by default
<lynxman> Daviey: so not active
<Daviey> oh
<zul> i would leave it as it is and ask the user if they want to enable it or not
<lynxman> zul: hence why I want to add a debconf hook :)
<zul> lynxman: k
<lynxman> zul: it'll ask the user if you reconfig the package and we'll preseed the selection from the orchestra-client package
<Daviey> lynxman: Less yapping, more patching :P
<lynxman> Daviey: aye aye captain!
<zul> lynxman: what daviey said
<lynxman> zul: aye aye coach!
<lynxman> (adapts the aye aye to different cultures)
<Daviey> lol
<hggdh> jamespage: good morning/afternoon/something dear sir. When would super-james have a bit of time to get in details on the amazingly profound advanced testing BP?
 * hggdh hopes that, with so much fluffery, an answer will be forthcoming
<hggdh> Daviey: I think we have some unfinished business, do we not?
<hggdh> something about Lucid
<RoyK> good localtime();
<hallyn_> mdeslaur: meeting-filled morning (relatively), so will ping you this afternoon
<uvirtbot> New bug: #784060 in clamav (main) "freshclam fails in DNS query due to apparmor" [Undecided,New] https://launchpad.net/bugs/784060
<mdeslaur> hallyn_: sure, np
<jamespage> hggdh: yeah - have been thinking that one through over the last day or so.
<hggdh> jamespage: perfect
<jamespage> hggdh: I think we need an approach to each type of testing; trying to build a one-size fits all probably won't work that well
<jamespage> and might end up quite brittle at the end of the day
<hggdh> jamespage: I agree 100%. There is *NO* such thing...
<jamespage> hggdh: this is my current thinking
<jamespage> 1) Re-use existing ISO testing to ensure first install works OK - this should cover LVM, RAID etc....
<lwhalen42> hey all, I'm trying to install a KVM instance of Ubuntu Server 11.04, but I can't seem to get the 'virsh console' feature to work
<jamespage> 1b) Re-use existing ec2 testing to ensure AMI's are OK
<lwhalen42> here's my virt-install: http://pastebin.com/SSYs5RbC
<jamespage> 2) Use orchestra to create complex deployments either on bare metal or vm's
<jamespage> or maybe ensemble
<hggdh> to be tried and seen
<jamespage> 3) Build out a testing framework to support testing complex deployment scenarios (probably based on mcollective which is already part of orchestra)
<jamespage> hggdh: agree that orchestra and ensemble need work; but I don't want to re-invent the wheel
<stetho> I'm having a problem setting up an Ubuntu server as a router between two LANs (192.168.55.0 and 192.168.56.0). I've done the /proc/sys/net/ipv4/ip_forward = 1 and the sysctl stuff but I still can't get any further than pinging the other networks interface on the on the ubuntu box (eg, 192.168.55.x can ping 192.168.56.253 but not 192.168.56.x) Anyone suggest what I might have missed?
<jamespage> 4) Upgrade testing - we need to review with mvo to see how we deliver this
<lwhalen42> stetho: I don't know offhand what you may have missed, but can you hang wireshark off either interface and see what's making it through?
<jamespage> 5) boot testing - no idea at the moment
<lwhalen42> also, could you possibly have iptables filtering traffic?
<hggdh> jamespage: (3) could be split into (3.1) complex server deployment and (3.2) AMI/UEC instance testing
<jamespage> yeah - I was thinking along those lines.
<hggdh> jamespage: I am a bit worried this is too much for one single cycle -- so we need (if I am correct) to prioritise some items, and accept that not all will be there
<hggdh> right now
<jamespage> hggdh: agreed - far to much for one cycle
<hggdh> jamespage: and there is smb's request to facto in also
<jamespage> hggdh: yeah - although I think that should be fairly easy to achieve
<hggdh> jamespage: oh yes, the framework is already in place, just expanding the test suite. But I do not want to do it and have something that does not quite align with the rest
<jamespage> I think it fits well into the testing AMI images use case
<hggdh> I would like to have it compatible with AWS or UEC (openstack/euca)
<hggdh> so we could run on either with just some conf file changes
<jamespage> hggdh: hmmm - that should be possible
<lwhalen42> does anyone even do virsh-serial-like installs with Ubuntu?  Or is that more of a Xen/Redhat workflow?
<mouseclone> GRRRR... I don't understand why when I purge a program using aptitude and then reinstall I do not get all of the .conf files back for that package.  I'm missing radiusd.conf and I"m unsure how to get the defalut file back.
<Daviey> hggdh: we do!
<Daviey> hggdh: i'm tied to the meeting right now, but following that.
<hggdh> Daviey: certainly
<mouseclone> anyone know how to get the default files back in the /etc/freeradius directory?
<mouseclone> apt-get install doesn't put them all back
<lwhalen42> mouseclone: maybe "dpkg-reconfigure"?
<mouseclone> dolwhalen42: doesn't work.  Tries to start the services, which fails because htere is no radiusd.conf file.
<smb> hggdh, jamespage What I was looking for sounded rather like making use of the existing framework for most parts. My actual testing may or may not be different but the main use was the launching and access to instances in a larger scale than ... err one or two.
<hallyn_> zul: did the new lxcguest work for you?
<zul> hallyn_:  not yet will do so now
<hallyn_> k
<mouseclone> anyone know how to reprocess packages so that they fully reinstall?
<hallyn_> zul: http://people.canonical.com/~serge/lxcguest_0.7.4-0ubuntu9_amd64.deb
<zul> hallyn_: what did you fix anyways?
<hallyn_> jdstrand: in case you fetched it last week, there had been a bug in my libvirt package last thu (forget what), so as of last friday the proposed oneiric libvirt package is at http://people.canonical.com/~serge/libvirt-0.9.1-sync.2.tar.gz
<hallyn_> zul: it now allows for LIBVIRT_LXC_UUID=xyz as indicator of running under libvirt
<hallyn_> zul: then the next libvirt sync will drop your patch, and make use of just that
<jdstrand> hallyn_: thanks. I had not yet. I hope to look at it today or possibly tomorrow
<hallyn_> (it's a new boot argument which libvirt added for containers as of 0.9.0 or so)
<hallyn_> jdstrand: thanks
<hallyn_> oops, mtg
<lwhalen42> mouseclone: is there a /etc/radius.conf.dpkg or similar?
<zul> hallyn_: okie dokie
<Thanatos__> Hello . Since I upgraded to Natty , I have to do a manual poff / pon after reboot for ddclient to update my dyndns properly .. does anyone else have the same issue ?
<mouseclone> lwhalen42: no the files i need are in the freeradius-common packages or freeradius-common_2.1.8+dfsg-1ubuntu1_all.deb package in the repoes
<lwhalen42> when you uninstalled them, did you just 'remove' or did you 'purge'?
<mouseclone> lwhalen42: aptitude purge freeradius
<lwhalen42> hrm
<mouseclone> lwhalen42: I have downloaded the packages, ar vx to get the tar.gz files and have put some of them back.
<mouseclone> I just really really do not understand why adding a package back doens't over write everything
<lwhalen42> the packager thinks its smarter than you ;-)
<mouseclone> think i got it.. stupid stupid hobbit.. aptitude purge freeradius freradius-common freeradius-utils
<mouseclone> now it is reinstalling itself and now it has started back up
<lwhalen42> ahh, missed a package?
<lwhalen42> I'm still trying to figure out how I can do the install dialog on a VM without having to run VNC
<mouseclone> lwhalen42: didn't know that you had to purge 3 of them to make it work correctly again.
<lwhalen42> dpkg -l | grep radius can be helpful for that
<mouseclone> what do you mean by install dialog on a VM (virtual machine)?
<uvirtbot> New bug: #784120 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/784120
<lwhalen42> mouseclone: I mean, when I currently do a virt-install against an ISO (or any install source, really), in order to say "Partition my drives thusly, install these packages", etc, I have to hook up a VNC viewer from my desktop
<lwhalen42> I'd like to be able to say "virsh console <vmname>" and do the install like that
<mouseclone> ah
<uvirtbot> New bug: #784123 in samba (main) "Samba printer is not shared after boot" [Undecided,New] https://launchpad.net/bugs/784123
<hallyn_> zul: if that lxcguest works all right, then please grab http://people.canonical.com/~serge/lxc_0.7.4-0ubuntu9-package.tgz   and dput it :)  (I need to request the lxc upload rights, i know)
<zul> hallyn_: okie dokie
<lwhalen42> silly question: is there an Ubuntu Server "netboot" or similar ISO?
<lwhalen42> booyah, Google is my friend: http://cdimage.ubuntu.com/netboot/natty/
<SpamapS> lwhalen42: we've been doing a ton of work getting the Cobbler provisioning system working too btw.
<SpamapS> lwhalen42: can help with managing a whole bunch of server installs.
<lwhalen42> SpamapS: wait, I can rock Natty installs via Cobbler/koan?
<SpamapS> lwhalen42: yes in the latest cobbler
<SpamapS> lwhalen42: its also available in Natty and later
<lwhalen42> most excellent
<SpamapS> lwhalen42: I believe we tested installing lucid too
<rcaskey> has anyone had problems with samba adding machine user accounts in the wrong case?
<uvirtbot> New bug: #784195 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.5 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/784195
<uvirtbot> New bug: #784196 in samba (main) "package smbclient 2:3.5.8~dfsg-1ubuntu2.1 [modified: usr/bin/rpcclient] failed to install/upgrade: corrupted filesystem tarfile - corrupted package archive" [Undecided,New] https://launchpad.net/bugs/784196
<MTecknology> Anyone know anything about multipath? I tried issuing mpath_ctl add path mpath16 but apparently that syntax is wrong?
<hggdh> Daviey: so. Back to Lucid and SRU... what do you need to test?
<ppetraki> MTecknology, linux multipath or some proprietary vendor MP util? That invocation doesn't look like a native MP client
<MTecknology> ppetraki: the invocation could also be me not having a clue what i'm doing...
<ppetraki> MTecknology, no worries
<Daviey> hggdh: I just need to do something, will then upload a bunch of new packages to the PPA.
<Daviey> hggdh: build time dependant.
<hggdh> zul: can I use the test rig?
<zul> hggdh: yep
<hggdh> thanks
<SpaceBass> hey folks
<SpaceBass> anyone know of a good package to create RSS feeds of files in a directory structure?
<CyrusB_1> where is the dir where services / processes are started on startup? ubuntu 10.04. I remember there might be a few .. rc.d is ringing a bell
<pmatulis> CyrusB_1: /etc/init.d and /etc/init
<CyrusB_1> automaticlly get run on startup?
<CyrusB_1> thought that was just for services, and places to place scripts
<pmatulis> CyrusB_1: then look into /etc/rc2.d for sysvinit scripts and look in each and every script under /etc/init for upstart scripts/jobs (grep 'start on runlevel \[2' /etc/init/*)
<CyrusB_1> yep, got it
<CyrusB_1> thank you pmatulis
<pryorda> Upgrading from 32bit to 64bit?
<uvirtbot> New bug: #784231 in freeradius (main) "Sync freeradius 2.1.10+dfsg-3 (main) from Debian unstable (main)" [Wishlist,In progress] https://launchpad.net/bugs/784231
<hggdh> Daviey: interesting... installed NTP, and -- on start, about 20 min from boot -- got a time correction of 0.2 seconds
<mama21mama> hi
<mama21mama> "solution to this?"
<mama21mama> open /dev/null failed: No such file or directory
<mama21mama> ubuntu server 10.04
<guntbert> hggdh: it takes some time for the daemon to find the correct values for the "hardware clock"
<mama21mama> "not find a way"
<hggdh> guntbert: not if you are running with -g -- which is what we default to
<guntbert> hggdh: no, I meant that ntpd tries to get a "feel" for the hardware clock (is it slow, does it wobble?) - and that takes some time so its estimates will not be too good from the start
<guntbert> *it's
<hggdh> guntbert: oh, OK, yes. In this case, since this was a brand new server isntall, there was no drift file
<hggdh> guntbert: what surprised me is that we sync (right now) with ntpdate on interface up time; in my case, we are using the same NTP server for both ntpdate and ntp (after I installed NTP)
<guntbert> hggdh: ah . "drift" was the word I was looking for - yes and that seems to explain the necessary correction
<adam_g> ls/win 2
<guntbert> hggdh: I'm sure the hardware clock might be off by that amount and without a drift estimate...
<hggdh> guntbert: it might be. But to drift 0.2 seconds in 20 min is sort of surprising
 * guntbert cannot be surprised by hardware glitches an more :)
<uvirtbot> New bug: #784252 in backuppc (main) "package backuppc 3.2.0-3ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/784252
<uvirtbot> New bug: #784290 in ec2-api-tools (multiverse) "ec2-bundle-instance should it make clear that it only works for Windows instances" [Undecided,New] https://launchpad.net/bugs/784290
<uvirtbot> New bug: #784300 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/784300
#ubuntu-server 2011-05-18
<SpaceBass> anyone know of a good package to create RSS feeds of files in a directory structure?
<toddnine> Hi guys.  I'm using ami-a17e2ee4 on EC2, but my root partition is only 10 GB and I'm constantly running out of space due to aggressive logging in our application during the beta phase
<toddnine> Any ideas why I'm not getting the 850 GB that's possible in an m1.large instance on EC2?
<Delerium_> toddnine, not familiar with EC2, but I gues this is a SAN ?
<toddnine> Delerium_: I think it's just the way the AMI is recreated
<toddnine> for some reason only 10 GB was allocated to the / mount point.  The remaining 392 gb was allocated to the /mnt mount point.  Seems a bit strange
<toddnine> Given that anything I want to keep should use EBS devices attached to a /mnt/<name> mount point
<Delerium_> you might want to check if there is any space left that you could add to /
<toddnine> Delerium_: How could I do that?
<Delerium_> Let me boot my ubuntu server, I don't remember the command on top of my head... I mostly use AIX ;)
<Delerium_> (be back in 4-5 mins)
<maxagaz> hi
<maxagaz> Can I run a wcentos server or a windows server in eucalyptus ?
<Delerium_> toddnine, paste me the output of "df -k" in a private chat please
<WinstonSmith> why a private chat? nobody learns anything that way....
<Delerium_> WinstonSmith, to avoid flooding the channel...
<Delerium_> Urrggll... Just read what AMI / EC2 is ... heee.. well.. I'm not a big fan of cloud computing
<histo> ugh motd isn't updating on my server install
<histo> it's still showing 52 updates availible with 33 being security updates
<greppy> histo: is it only showing that or is it twice?
<histo> greppy: it's only showing that
<greppy> I had motd.tail on a couple boxes end up with an old motd saved to it, so I was getting one that said multiple packages to update and one that had 0 updates.
<histo> greppy: yeah motd.tail is present should I just clear that?
<greppy> what is in it?
<histo> greppy: yeah removing /etc/motd.tail got rid of the update message
<greppy> there ya go :)
<histo> hopefully it will continue advising of updates though
<greppy> mine does
<greppy> I had 3 LTS boxes do that
<histo> My other box doens't have motd.tail
<histo> yeay
<histo> yeah
<uvirtbot> New bug: #784420 in cobbler (universe) "cobbler/dhcpd serves invalid DNS names under x86_64 Arch" [Undecided,New] https://launchpad.net/bugs/784420
<histo> Where do users cron jobs go from crontab -e?
<histo> nvm found it
<histo> will logrotate get rid of logs that i've created?
<koolhead11|afk> kirkland, the sample preseed file of yours mentions d-i	clock-setup/utc	boolean true twice in the file, is it a typo or needed?
<maxagaz> how to list all hosts in a network ? I tried nmap -sP 10.100.8.0/24, but it show all hosts as up, although I can't ping many of them
<jmarsden> maxagaz: That is a reasonable nmap command, so if it is doing odd things for you, try it with -v so you can see exactly what nmap is doing.  sudo nmap -v -sP 10.100.8.0/24
<jmarsden> But it is 1:22 am here, so I need to sleep...
<koolhead11|afk> jmarsden, :P
<wmp> hello, i have big problem with my ext4.... http://pastebin.com/TP33VNim
<wmp> [  733.013343] EXT4-fs (dm-2): bad geometry: block count 72613888 exceeds size of device (71475200 blocks)
<esbite> Hi. I started an upgrade from 10.04 to 10.10 over ssh. Then my client crashed. In retrospect it was very stupid not to use screen. I have reconnected and can see the update still running on ps, probably waiting for my input. Any idea on how to recover from this?
<_ruben> lovely, setting a vlan tag on my bmc using ipmitool kills arp for that vlan in the os.. pretty weird
<uuser123> i have installed ubuntu 10.04 and after that i have installed utm (unified threat management software -firewall/vpn/av/ips/mail/url/vpn ) on that but now how do i installed /configure  additional  interface
<uuser123> i have 3 nic on my system and only 1 is configure and i want to configure 2 and 3 rd nic so i can use nic 2 and 3 with KVM
<jamespage> uuser123: you will need to add entries for you extra interfaces in /etc/network/interfaces.
<speakman> hi folks. Is it possible to lighten up the error-LEDs when a SATA disk has failed?
<speakman> I've "echo > /sys/bus/scsi/devices/{mydevice}/delete" and according to dmesg it's stopped and disabled.
<speakman> These leds: http://goo.gl/xs7L7
<patdk-wk> those led's are controlled by your ses controller
<speakman> ses? sata?
<speakman> patdk-wk:
<patdk-wk> ses, I never said anything about sata
<speakman> never heard of ses
<patdk-wk> it's been around for atleast a decade
<speakman> scsi enclosure services?
<patdk-wk> yep
<zul> Daviey: is there a central place on the wiki where we are keeping the specs
<speakman> ok, can I control it?
<Daviey> zul, yes
<speakman> patdk-wk: can sdparm control such stuff?
<zul> Daviey: url?
<patdk-wk> dunno
<patdk-wk> I normally just let my raid card do it
<speakman> ok? i'm running linux software raid
<Daviey> zul, https://wiki.ubuntu.com/ServerTeam/Specs/$SPECNAME ?
<speakman> And I have to replace one of the disk in the mirror setup
<patdk-wk> hmm, in this machine here, /dev/sg0 is my ses
<speakman> But I've no clue which disk to remove :)
<zul> i think i might have missed that part
<speakman> I've got /dev/sg0 as well
<patdk-wk> sg_ses to control it
<speakman> ok, any idea how to lighten the LED's by using sg_ses ?
<patdk-wk> http://comments.gmane.org/gmane.linux.scsi/59503
<uvirtbot> New bug: #784567 in eucalyptus (main) "2.0.1 not API compatible with google-collections 1.0" [Undecided,Invalid] https://launchpad.net/bugs/784567
<speakman> Attempt to fetch Enclosure status (SES) diagnostic page failed Receive diagnostic results command not supported
<zul> jamespage: do you want me to upload the google collections bug fix for you?
<jamespage> zul: that would be great - thankyou
<zul> jamespage: url?
<zul> jamespage: actually its part of eucalyptus maybe daviey should upload that for you
<Daviey> zul, feel free... share the love.
<zul> or pain
<jamespage> mp is here -> https://code.launchpad.net/~james-page/ubuntu/oneiric/eucalyptus/google-fix
<Daviey> hmm
 * jamespage loves it when Daviey says 'hmm'
<jamespage> (normally means he's done something wrong :-))
<Daviey> it's all going to go wrong.
<Daviey> i can feel it in my water.
<zul> arrrgh...you called it ppa2
 * jamespage doh
<jamespage> lemme fix
<jamespage> serves me right for testing stuff properly I guess....
<zul> *cough* pbuilder
<zul> thats another "one" to my spreadsheet
<jamespage> man this is going to cost me alot....
<jamespage> zul: amended branch pushed....
<zul> jamespage: thanks
<skrewler> alright I'm usually super good at this stuff.  I've also thought that I had fixed it several times, but it keeps happening.  I've got an Ubuntu 64bit 10.04.2 running on an Amazon EC2 instance.  It's got 17.5GB RAM and two CPUs (m2.xlarge).  Several times a day Nagios will flip out and send alerts wrt this instance.  I'll be unable to SSH into the box (hangs).   if I happened to already have an SSH session open on the box I can 
<skrewler> directories, list environment variables, view logs, but if I enter a command (it's usually 'uptime') it will hang.  After about 5 minutes it will finally recover on its own and the load will be 30+.  It's 100% reproducible when I run svnsync on it, it has two repos .. one 500MB another about 5GB.   Thats not the only thing that triggers this though
<lynxman> hmm guys, when a postinst script is executed on install it's called with scriptname configure right?
<skrewler> the box runs svn, git, redmine (nginx/sqlite), php/apache/mysql, and sendmail.  it's not customer facing and is sometimes used as a staging server
<maxagaz> hi
<maxagaz> I'm trying to install ubuntu server from usb stick
<maxagaz> but it's looking for a cdrom after some step
<maxagaz> is there way to fix this ?
<zul> jamespage: ok done
<maxagaz> with the console perhaps
<jamespage> zul: thanks
<jamespage> now I can get libjibx1.2-java accepted into the archive
<skrewler> maxagaz: dude just google your error message
<maxagaz> skrewler: I did it..
<skrewler> and whats your exact error message?  what havey ou already tried?
<RoAkSoAx> morning all
<lynxman> morning RoAkSoAx
<RoAkSoAx> morning lynxman
<koolhead11|afk> morning RoAkSoAx
<RoAkSoAx> morning koolhead11|afk
<esbite> Hi. I started an upgrade from 10.04 to 10.10 over ssh. Then my client crashed. In retrospect it was very stupid not to use screen. I have reconnected and can see the update still running on ps, probably waiting for my input. Any suggestions on how to recover from this?
<ikonia> hello Loof
<Loof> I'm running into a problem with a fresh install onto a SCSI RAID array... I can't get the grub bootloader to install (fatal error)... it won't run on the command line (grub-probe error... and past that grub-mkimage is missing)... and I can't chroot into my new /
<ikonia> what type or raid, software/hardware/fakeraid
<Loof> Battery backed up Ultra-320 raid... Adaptec controller
<Loof> Serious h/w raid :)
<ikonia> Loof: ok - if you boot from a livecd, can it see the raid disk ?
<Loof> Serverraid 5i to be specific
<Loof> Yep
<Loof> I can see the disk just fine
<Loof> it's grub itself that fails
<Loof> it won't install the bootloader on the local IDE disk either
<ikonia> as in the installer installing grub, or you manually installing grub
<Loof> (I thought... maybe something odd happened and it's trying to boot from IDE...)
<Loof> Either
<Loof> installer says 'fatal error'
<ikonia> either ?
<ikonia> ok, so what device is it trying to install grub to ?
<Loof> It was trying to install it to the IDE drive
<ikonia> what device are you telling it to install to
<Loof> I've tried to both
<Loof> And the installer didn't let me pick the boot disk
<Loof> It just assumed /dev/sda was the boot disk
<ikonia> yes, but what device identifier are you using to install to it
<Loof> device identifier?
<ikonia> yes
<ikonia> as in the disk device you are trying to install grub to
<Loof> So, I booted into rescue mode
<Loof> there's no grub-install... there's something called 'grub-installer' which jails because 'grub-probe' is not found.
<ikonia> ok - I need you to respond to the questions I'm asking please
<Loof> mirc is stupid
<ikonia> ok, bye then
<Loof> Uhm, I could not reply because this irc program ate the response
<Loof> That's why it is stupid
<Loof> I used /dev/sdb1 and /dev/sdb
<Loof> I also went into fdisk to make sure /dev/sdb1 was bootable
<Loof> I've installed linux before a few times.
<Loof> ikonia: I responded... but /dev/sdb1 must be a special command to mirc... it simply didn't post
<Loof> Hello?
<skrewler> how are you using /dev/sdb to install grub to?  it should be like hd(0,0)
<skrewler> (hd0,0) that is
<Loof> skrewler: Modern versions of grub-install were able to use /dev/xxxx
<Loof> skrewler: What tool should I be using?
<skrewler> in my experience if you're having troubles booting the best thing to do is remove every drive but what you want to boot to then install grub to that
<skrewler> no room for error, no headaches
<Loof> skrewler: My issue is that the tools are returning errors... missing files...etc.
<Loof> Has anyone here installed Ubuntu server 11.04 from scratch? I'm wondering if this is my issue or if the ISO is hosed
<Loof> A bigger issue is that I simply can't chroot
<Loof> chroot /target - never returns
<patdk-wk> about 40 times
<patdk-wk> always works for me
<skrewler> you're just giving us really vague info to go off of, which is why i gave you instructions that are idiot proof. it  would also allow you to try the install again and get the actual error message if it still failed
<Loof> skrewler: What is vague about it... I ran grub-install /dev/sdb and I got a grub-mkimage not found
<Loof> I ran 'install grub bootloader' from the menu...and it simply says 'fatal error'
<Loof> there's not much else I'm getting here
<skrewler> so are you at the point where the install has failed
<skrewler> im not sure where you're at
<Loof> Right now, rebooting into rescue
<skrewler> you should get to the point where the installer fails, switch to a term and look at some logs
<skrewler> ok, so mount the disk and give us some logs
<Loof> Ok, I'm now in a chroot environment on my new boot disk
<Loof> What's your next recommendation?
<Loof> skrewler: I did... grub-probe was missing.
<skrewler> are all of your partitions mounted?
<Loof> Yep
<Loof> update-grub works... grub-install /dev/sdb has no problems reported
<Loof> anything else I should do?
<highvoltage> stgraber: you know what? I actually like the aubergine d-i now :)
<skrewler> no idea what grub-probe does, so dunno
<Loof> man grub-probe - probe device information for GRUB
<Loof> it's part of the set of programs required to install the grub bootloader
<Loof> i.e. the installer doesn't find a file it requires
<stgraber> highvoltage: hehe
<Loof> Hmm, that's disturbing... Even with the ide disk removed... I get to a blank screen after a successful GRUB install
<Loof> Is there a way to run the installer and bypass the install steps... just go to where it installs grub... to see what happens when it doesn't see the IDE disk?
<Loof> There's something very wrong /w Ubuntu when an experienced user can't get the bootloader to work.
<skrewler> does your HBA support booting to it?
<Loof> skrewler: Yes... it was booting Linux just before this.
<Loof> skrewler: I'd done a few updates...and decided to start fresh
<RoyK> Loof: grub2 is crappy, I know
<Loof> This won't let me install grub without repartitioning
<Loof> I hit back... try to jump ahead...and it tells me I need to repartition
<RoyK> Loof: it should be sufficient to just choose which partition(s) to use
<Loof> Wow, this is annoying
<Loof> I did
<Loof> It immediately jumped to 'installing base system'
<Loof> Even though I got to the partitioning screen by selecting 'install grub...'
<Loof> Sorry dudes... your installer is borked
<skrewler> get to a shell and try from there
<Loof> skrewler: I -have- that's why I decided to try to let the installer do it... as that didn't succeed.
<Loof> I installed grub once...and got a grub bootloader line
<Loof> which is good... a nice start
<Loof> went back in... did update-grub... redid the install
<Loof> and get to a blank screen on boot
<Loof> no clear indication of what's going on
<Loof> at least lilo had it's little boot indicators
<Loof> Hey, can I still use lilo?
<skrewler> i dunno, use syslinux
<Loof> Isn't syslinux some MSDOS bootloader?
<skrewler> whatever the equiv of iosolinux/pxelinux/syslinux
<skrewler> that shit works
<Loof> skrewler: Selecting 'boot from first disk' on the cd didn't help
<Loof> This is annoying... I'm wasting useful hours...
<skrewler> so there's this alternate install CD that I've used in the past
<Loof> Bleh, is CentOS really a better choice for a server?
<skrewler> i'd run 10.04
<ScottK> Depends on what you want.  Centos tends to have ancient stuff.  If you're good with ancient, then it's something to consider.
<ScottK> Usually Debian and derived distros have a broader and generally more current package selection.
<Loof> No luck... the bootloader is clearly kicking in
<Loof> but it won't boot
<Loof> Oh
<Loof> Sheesh
<Loof> Seriously?
<Loof> Why does Ubuntu 11 show NO BOOT MESSAGES AT ALL until you get a prompt?
<Loof> I've had this fixed for at least an hour
<Loof> and I had no idea because it doesn't look like it is doing a stinking thing
<Loof> Who was the genius that thought servers shouldn't display their boot process to the user
<Loof> it's stupid enough for a desktop to boot with a GUI in front of the boot log
<Loof> that's annoying... but understandable
<Loof> but a SERVER?!?
<Loof> This time I walked away from the stupid thing... and suddenly it's at a boot prompt...
<Loof> no indication of anything
<Loof> sporadic disk activity and such, of course
<Loof> but nothing huge
<Loof> But a raid controller does that even when no OS is running... it does regular disk checks... all by itself
<Loof> Great... no login either
<Loof> Woo, I'm going to have to start from scratch... again... how fun
<Loof> I could have WRITTEN a boot loader by now
<Loof> You know what... it was less difficult and less annoying to manually do the a.out to ELF migration
<Loof> This was downright silly
<Loof> So, lessons learned...
<Loof> chroot on 11.04 is broken if you have an IDE disk + a SCSI disk installed
<Loof> grub is broken if you have an IDE disk + a SCSI disk installed
<Loof> the installed does a grub install BEFORE a grub update
<Loof> so if you go into rescue mode and install your bootloader... you get a grub prompt blinking back at you
<Loof> and the icing on the cake... there's no indication you've succesfully booted until you get a login prompt... not a thing
<Loof> Anyone want to create the 4 bug reports for this?
<Loof> The chroot one is the most disturbing part... chroot should be a VERY simply program and has existed for ages... why it cares if there are 2 devices instead of 1... I have no clue
<martyn> Is the ubuntu-server email list the appropriate place to post the PXE u-boot patches?
<koolhead11|afk> kirkland, thanks :)
<zul> martyn: for cobbler?
<zul> martyn: or uboot in general?
<martyn> For ubuntu server on arm
<martyn> It's okay .. got a hold of  jcrigby
<zul> martyn: i would use launchpad but arm is a weirdo arch ;)
<martyn> we're working on making it non-weirdo :)
<martyn> in fact, working on making it dead-bog-boring-standard :)
<zul> hallyn: seems to work
<hallyn> zul: cool
<hallyn> (my _afk designation, apparently, means nothing - i never remember to change it or change it back :)
<hallyn> zul: can you upload?
<zul> yep will do so in a couple of minutes
<hallyn> zul: thanks!
<_Wally> Would a Dell Dim3000 with a Intel Celeron 2.40ghz  512mb Ram be enough for a home server?
<zul> yep
<_Wally> It can still be used as a computer right?
<zul> barely
<_Wally> More Ram?
<zul> yes
<patdk-wk> depends on what it will be doing
<jmarsden> Some people's home computing needs are just running a shell from which to ssh into their servers :) :)
<zul> smb: ill assign you dom0 stuff or should that spec concertrate on the userland stuff?
<jamespage> zul: any guidance on which list I should use for the  jenkins packages?
<jamespage> sorry - for the maintainer of these packages?
<zul> jamespage: which list?
 * jamespage thinks he might start again
<jamespage> so I'm polishing the packages ready for upload to the archive for Jenkins
<zul> ok
<jamespage> currently maintainer is set as the launchpad team for hudson packaging
<jamespage> should this switch to a ubuntu.com list or stay as is?
<zul> ubuntu.com is pretty standard
<jamespage> zul: ubuntu-devel-discuss? would make my life easier in terms of package updates....
<zul> i was just thinking about that as well, do we have a wiki page for the jenkins packaes where we can keep track of which one has been uploaded, which has problems etc etc
<zul> jamespage: agreed
<zul> jamespage: just run update-maintainer
<jamespage> zul: :-) absolutely
<jamespage> there is an existing wiki page; I'm working on a new one specifically to track progress at the moment.
<zul>  and how many beverages you owe me
<zul> jamespage: cool beans
<Proz01d> hey guys.... i'm trying to run openvpn on 10.04LTS 64 and I am gettin ga permission error "Error redirecting stdout/stderr to --log file: openvpn.log: Permission denied (errno=13)" so i tried running sudo openvpn server.conf andall i get is a blinking cursor on the next line with nothing happening.  wait for a while and need to ctrl=c to stop it in order to get a regular promtp
<ap0c> sudo su -
<ap0c>  /etc/init.d/openvpn start
<ap0c> :P
<ap0c> actually iirc there was a script you had to build to start it, but iirc you definitely have to run it as root
<Proz01d> Unknown id: /etc/init.d/openvpn
<ap0c> yeah there should be a startup script
<ap0c> that loads iptables
<ap0c> and loads the drivers
<ap0c> http://ubuntuforums.org/showthread.php?t=896671
<ap0c> wait bad thread
<ap0c> sorry
<ap0c> http://openvpn.net/index.php/open-source/documentation/miscellaneous/88-1xhowto.html
<ap0c> look at the openvpn-startup.sh
<ScottK> ap0c: All you have to do is enable ufw.  That's what it does.
<ap0c> automatically adds the roads for the bridge?
<ScottK> No.  Loads iptables for firewalling.
<ap0c> yeah, but with a bridge or a vpn you have to open the hole for the remote side
<ScottK> I misunderstood the context.  Sorry
<ScottK> jdstrand: Can you do that with ufw yet?
<koolhead11|afk> RoAkSoAx, I have documented a small cobbler setup with natty and custom DHCP server and also wrote custom preseed file for the same. can i update the current cobbler documentation with it?
<ap0c> and by roads i meant routes, whoops
<koolhead11|afk> if its okey
<jdstrand> well, the way I use openvpn, I open up port 1194 on the server and do nothing on the client
<uvirtbot> New bug: #723419 in mcollective (universe) "Fix libdir" [High,Fix released] https://launchpad.net/bugs/723419
<jdstrand> ufw allows outgoing connections with tracking, so it should just work
<ap0c>  if you're not building a bridge that would work
<jdstrand> now, if you want to allow services on the client to be accissible on the server or behind it, you'll have to add a different rule
<jdstrand> I am not building a bridge
<jdstrand> ufw doesn't do anything with bridging
<ap0c> oh... i stand corrected
<jdstrand> (that is at a lower level). bug 573461 discusses some of the issues and what to do
<uvirtbot> Launchpad bug 573461 in ufw "UFW blocks libvirt bridged traffic" [Undecided,Invalid] https://launchpad.net/bugs/573461
<RoAkSoAx> koolhead11|afk sure add snother section
<koolhead11|afk> Rickardo1, cool.  cobbler all in one :) thanks
<koolhead11|afk> RoAkSoAx, i meant :P
<smb> zul, I won't mind getting assigned the kernel task in your list. And maybe I should move that task I got over to your list. Need to think it over, but probably not today.
<zul> smb: sure lemme know what you come up with and well talk them
<zul> s/them/then/g
<uuser123> is their any other way to add nic 2 and 3 other then editing /etc/network/interface
<pmatulis> uuser123: add nics?  you mean configure them?
 * koolhead11|afk bows to zul 
<uuser123> sorry
<uuser123> yes i want configure them
<uuser123> nics are installed but wan some gui frontend to configure them
<Proz01d> i'm trying to run openvpn (not the daemon) via the "openvpn server.conf" command
<netrat> Proz01d, you might want to run "openvpn --config server.conf"
<Proz01d> however i get several errors related to permissions.
<Proz01d> that it is unable to open the log files etc..
<netrat> Proz01d, post the error messages in pastebin
<Proz01d> 1 sec
<Proz01d> http://pastebin.com/TNiX730D
<netrat> Proz01d, why don't you start openvpn with the init file?
<netrat> Proz01d, change your /etc/default/openvpn file to autostart then start openvpn with /etc/init.d/openvpn start
<netrat> Proz01d, you can't run openvpn as a non-root user, it needs to start as root then it drops permissions
<Proz01d> netrat: thanks for the help seems to be running with the script. i checked the logs and no errors :)
<Proz01d> i was following this guide :http://openvpn.net/index.php/open-source/documentation/howto.html#start
<netrat> Proz01d, your welcome
<Proz01d> netrat: any idea how i would run it from the command line
<Proz01d> with permissions.
<uvirtbot> New bug: #784797 in clamav (main) "[Natty] freshclam.conf has invalid characters and cannot be parsed" [Undecided,New] https://launchpad.net/bugs/784797
<aBs0lut30> hey guys, got a problem... am setting up samba with winbind... seem to have the winbind part up and running ok, getent group and passwd both list the domain users and groups, however chown and chgrp both fail when I try and use a domain account... what have I done wrong?
<RoyK> aBs0lut30: using idmapd?
<aBs0lut30> yeah
<RoyK> configured to map to local users with the same username?
<aBs0lut30> havent changed any of the idmapd config... so its just out of the box, smb.conf has the uid and gid ranges setup though
<RoyK> aBs0lut30: google for it - you need to configure it to map local users to the domain - and the local users must exist
 * RoyK is off for some sleep
<queso> I have an ubuntu virtual machine in esx, installed.  I want to do a fresh install over it with the .iso again.  I have the boot order correct (CD-ROM, hard disk) in the BIOS, but it keeps booting into the OS instead of off the CD-ROM .iso.  Any idea why?
<queso> ha, nevermind
<bencc>  how can I see how many file descriptor a user uses?
<bencc> I'm running a network stress test from a terminal and I want to see how many file descriptors the user use
<patdk-lap> the user? or system?
<patdk-lap> I should hope you turned off the limits for the user
<patdk-lap> maybe, lsof -n -u user | wc -l
<bencc> patdk-lap: it gives me 4531
<bencc> but ulimit -n gives me 1024
<bencc> how can that be?
<patdk-lap> ulimit is per process
<patdk-lap> how many different processes are there?
<bencc> 1
<patdk-lap> heh? you can't even login with 1 process
<bencc> it's an erlang program that uses erlang processes
<bencc> so how can I see how many file descriptors a specific proc is using?
<patdk-lap> man lsof
<bencc> thanks
<Lenhix> Hello. Which package provides /etc/init.d/saslauthd? Seems it's not libsasl2-modules
<Lenhix> Perhaps sasl2-bin?
<hallyn> Lenhix: have you tried 'dpkg -S /etc/init.d/saslauthd'?
<hallyn> (i don't have it installed so can't trivially check myslef)
<hallyn> (but src package shows it is in fact sasl2-bin)
<flowbee> how can i find out the VERSION of a particular package... i.e. redis-server
<flowbee>  the version it would have installed.. (considering whether or not to install from source)
<lifesf> Hi,.. i've been looking around on the net and have not managed to find an answer that would help me understand what I haven't done right yet... I am trying to access ftp on a fresh LAMP... before even checking if i had proftpd installed (since i could not manage to get access via ftp:// ) i tried installing it and ended up install proftd-basic or whatever that is... now i have that much
<lifesf> more on the server and still don't know how to access my ftp... oh and i do have webmin installed and swat now (i thought i could just go through there to trade my files) and still neither i can actually use
<uvirtbot> New bug: #784904 in libaio (main) "package libaio-dev (not installed) failed to install/upgrade: trying to overwrite '/usr/include/libaio.h', which is also in package libaio:i386 0.3.104-1" [Undecided,New] https://launchpad.net/bugs/784904
<lifesf> I think i've found a temporary solution,.. after hours of research .. 2min after writing this... through webmin, a sharing button via windows
<lifesf> nope still doesn't work
#ubuntu-server 2011-05-19
<lifesf> ProFTPD warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration.
<flowbee> i believe port 6379 (for redis) is open on my server.  1) how do i scan that port to see if its open (i'm also on ubuntu now; server is too); 2) how do i close it? 3) is there a REALLY SIMPLE firewall that will block all ports except say port 80 and my ssh port?
<qman__> flowbee, nmap, ufw, ufw
<lifesf> How to actually get access to a folder via ftp, samba or telepathy... so far the best i've managed is to see the linux server on windows network (using, writing, blah blah is impossible) and a root folder access via ftp; i'm completely confused,.. i've tried adding directory and user access but the guides i seem to follow aren't getting me anywhere.
<Proz01d> i'm running openvpn and i  finally got a connection to the vpn working. I'm routing all my requests through the vpn however i can't reach any sites. I'm going to open up port 80 on the server but my question is : is this the best way to do this?
<Shadow_aok> hi
<Shadow_aok> is someone awake to help me solve my problem (and get some sleep at some point) ?
<lifesf> i wish someone was,.. i've been at this for about 8hrs now and in here for about,.. 3 and still no answer
<Shadow_aok> i got a problem with this error : "Unsupported conversion from utf-8 to ISO-8859-1: Invalid argument at /usr/share/perl5/Debconf/Encoding.pm line 52, <GEN23> line 30."
<Shadow_aok> what's yours ?
<lifesf> your converting an iso???? i don't know... mine shoudl be simple for anyone whom knows a bit i think... i just want access to my folder via ftp
<Shadow_aok> well, just install proftpd
<hallyn> lifesf: can you use scp instead?
<lifesf> so far i've managed to see it but i don't know how to grasp permission rights
<Shadow_aok> looks for a tutorial about proftpd and virtual users
<lifesf> i am using proftpd
<lifesf> i got the folder all setup up after seeing i don't know how many webpages on the net
<Shadow_aok> your user needs to have the same virtual uid and gid than the owner of your files
<Shadow_aok> you'll need mysql too
<lifesf> and my last step is to get the rights to it.. even though i enter my name and password i have no write access
<lifesf> i'm only using one user
<lifesf> i have lamp installed
<lifesf> anyways,.. my head's going to explode,.. betcha all i have to do is put some frickin name in one file and everything will work,.. i'm going for the advil bottle and sleep in very little time i think, i started search with what you have told me Shadow_aok, i'll keep those pages open.. thnx
<lifesf> honestly,.. all i want to do is get permission rights to my ftp folder; there's no folder messing around nothing,.. i just need user access to var/www/ that's it... i don't care if i must login with root, ANYTHING as long as it works! please anyone!
<twb> If this machine is connected to a network, you SHOULD care.
<lifesf> i don't i'm using this thing to test
<twb> Because if you allow YOUR machine to be compromised, it can be used to attack OUR machines, so you're potentially hurting others as well as yourself.
<twb> Also http://mywiki.wooledge.org/FtpMustDie
<twb> If your idiot users require FTP (instead of, say, SFTP) to upload files, then it might be easiest to have a new directory (say, /srv/www) that you instruct apache to serve as /
<lifesf> i'm alone on this machine, i'm trying to learn how to build websites and i'm trying to test various crap using the server but it's a complete pain to just transfer my files on it, everything else seems to work fine
<lifesf> i don't need many users, just one
<lifesf> i'm trying to get access with samba,.. same problem
<lifesf> samba locks me in home directory
<lifesf> proftpd won't let me delete, write ... nothing just view
<lifesf> webmin allows me to transfer one file at a time
<lifesf> worst part is i used to use this 4years ago to test my things and it all worked well except i'd get numerous attack attemps but trying this again i feel i've become completely dumb...
<twb> lifesf: use SFTP
<MartynB> life : try relearning everything for ipv6 :)
<lifesf> sftp... with putty you mean?
<lifesf> "like putty you mean**
<twb> Or filezilla or winscp or whatever the hell you windows users use
<lifesf> lol;... i go back and forth between windows and linux at times but i have yet much to learn twb :P
<lifesf> omg thank you twb,.. didn't except a frickin ftp client like that would cut the crap
<lifesf> thanks
<lifesf> 8hrs of this for THAT! can't believe it but thanks
<lifesf> actually,.. still says permission denied
<twb> Connect to root@ with key-based auth, or use a different directory
<uvirtbot> New bug: #784937 in cloud-init (main) "/mnt not mounted, swap not used, disk is xvde" [Undecided,New] https://launchpad.net/bugs/784937
<Delerium_> Hi guys, I'm looking for a web hosting company for a new project.  I need the ability to: SSH / Install my own Software / At least 2gb ram / 50-10 gigs HD.  What company would you proposed?
<toddnine> Delerium_: I really like rackspace cloud
<toddnine> Super easy and will meet your requirements at a decent price
<Delerium_> toddnine, Hey!  Thanks .. I was looking at a local company and they offer me a dedicated server for 79$ a month (CDN), but it's really overkill for me (8gb ram, 2x 350gigs, 5000GB transfert per month)... OVERKILL! :)
<greppy> Delerium_: you are probably looking for a VPS provider, not a traditional webhost.
<Delerium_> Yep Greppy, since I need to SSH into the box, and I will most likely have to install Zimbra
<greppy> Delerium_: you can get ssh on a lot of traditional web hosting rigs, installing software, not so much :)
<Delerium_> I was looking at iWeb.com since it's a local company (Montreal, Canada)
<Delerium_> greppy: yeah... I was with aplus.net back then and they ask for my driver license to get the ssh shell.. go figure
<greppy> that's... wierd.
<Delerium_> greppy: Yup... and I never gave them... I'm running a server, not a car!
<Delerium_> Is it me or that cloud computing is starting to make me sick?!
<jmarsden> Delerium_: Just don't inhale when you are in in the cloud :)
<Delerium_> ;)
<Delerium_> toddnine, on rackspace, I see the the cost are based on hour... is that based on uptime or CPU/MEM used? I mean. If I have a 2gb deal and I only use 1gb, will I be bill for 2gb?
<toddnine> Delerium_: Nah, you pay for your allocated capacity
<toddnine> We use a combination of rackspace and EC2.  Rackspace for our www and operational severs (chef etc) and EC2 for our actual clusters
<toddnine> EC2 is cheaper when you buy a reserved instance, but I find it's a lot of overhead managing EBS etc
<Delerium_> toddnine, Looking at the chart on rackspace, for a 1024gb cloud server, which 730 hours of service, it costs almost the same as a dedicated server
<benedikt> Can anyone give me the md5sum for /usr/sbin/sshd on Ubuntu 8.10 (OpenSSH_5.1p1 Debian-3ubuntu1) ?
<toddnine> Delerium_: I know, but we don't use that kind of capacity :)
<toddnine> We only use the 1024 mb ones
<toddnine> And we don't have to wait 2 days for someone to get their ass in gear to set up our server :)
<Delerium_> toddnine, yeah ... I might need a bit more ... (Tomcat + Zimbra + Mysql + ircd, apache, and blabla..) That's another thing I take in consideration, being a SysAdmin myself, I hate to go to our datacenter ;)
<toddnine> haha
<Delerium_> It's cold, noisy. can't drink a coffee, can't use my cell phone, no internet connection... beauty!
<benedikt> I found it. Just in case, found the package on old-releases.ubuntu.com and extracted it.
<benedikt> Toodles.
<NOSaturn> hello.... i'm wondering how i can remotely access my server's terminal?
<rewt> the console?
<NOSaturn> it's a cloud server and i can do it through this java applet VNC thing,
<NOSaturn> yeyes...
<rewt> well if it's a cloud server, they probably have it running in a vm, and you're seeing the console via the vm
<NOSaturn> right
<NOSaturn> you'll have to excuse me.... i've not touched ubuntu server before so i'm a noob
<rewt> i'm guessing that's not ubuntu-specific; the vm interface would show the console of any os running in the vm
<NOSaturn> yes. i can... but shouldn't i be able to open a windows on my computer and access the console there?
<rewt> you'd have to check with the cloud provider on how to access it
<NOSaturn> o gee.... i found i could connect with vnc viewer
<greyburn> Hi All, im looking for a little advice. I run bind9 internally and want to hijack a DNS request e.g. monkeys.banannas.com. I thought about just setting an zone but this will hijack the whole domain, which i dont want to do... Just one single record. Any tips or suggestions? Thanks in advance
<koolhead11|afk> hi all
<MartinN> hi, short question: i would like to export a nfsv3 mounted directory using nfsv4
<MartinN> is it possible
<MartinN> ?
<twb> If it's within the nfsv4 root export, sure
<twb> In fact, the kernel server's default implementation serves content as both by default IIRC
<sporedi> to setup a ubuntu private cloud how many public ip i require
<twb> 0
<sporedi> ok
<twb> You probably don't even need to use IP as your layer 2 protocol
<sporedi> ok
<sporedi> i am just trying to setup a private cloud @home
<twb> sporedi: I'm not stopping you
<sporedi> twb: sorry i did not get u ,u want i should not try that ?
<twb> sporedi: I don't care
<sporedi> sorry i am not getting u
<twb> sporedi: never mind
<sporedi> twb: to understand how cloud work i want to install it ,don't have any production work
<sporedi> its asking  "Provide a list of "public" IP's for your instances"
<twb> I wouldn't know about that
<MartinN> twb: what i ment was the following scenario: host A exports nfsv3, host B mounts the export of host A and shall export it as nfsv4 (so host B shall act as an nfsv3-to-nfsv4 proxy)
<twb> MartinN: you can't re-export NFS mounts using the kernel server
<MartinN> are there any options?
<twb> userspace NFS server, though that is shit
<twb> Or I guess a non-Linux system
<tyreza> hi there
<tyreza> i m on a live cd
<tyreza> i can't run this command :  fsck /dev/sdb
<tyreza> it give me :
<tyreza> fsck.ext2: Device or resource busy while trying to open /dev/sdb
<tyreza> Filesystem mounted or opened exclusively by another program?
<tyreza> why i got that erro ?
<tyreza> what is usefull of this command ?
<tyreza> fsck when it doesn't work it correct
<tyreza> lee
<twb> tyreza: grep sdb /proc/mounts
<tyreza> fsck.ext2: Device or resource busy while trying to open /dev/sdb
<tyreza> Filesystem mounted or opened exclusively by another program?
<tyreza> it simply return to next line twb
<twb> tyreza: dunno
<tyreza> anyone else ?
<_ruben> does lsof /dev/sdb show anything?
<tyreza> nothing
<tyreza> if i do : fsck /dev/sdb1 i got this :   fsck from util-linux-ng 2.18 fsck : fsck.linux_raid_member: not found fsck : Error 2 while executing fsck.linux_raid_member for /dev/sdb11
<tyreza> if i do : fsck /dev/sdb11 i got this :   fsck from util-linux-ng 2.18 fsck : fsck.linux_raid_member: not found fsck : Error 2 while executing fsck.linux_raid_member for /dev/sdb11
<_ruben> tyreza: cat /proc/mdstat
<_ruben> unless linux_raid_member refers to fakeraid..
<twb> It might be a non-assembled array node
<twb> mdadm --assemble --scan
<uvirtbot> New bug: #785052 in whois (main) "Update whois server for ".*.ua" zones" [Undecided,New] https://launchpad.net/bugs/785052
<airtonix> lol what do they mean by "cloud @home"
<airtonix> a cluster? a SAN? a NAS with a WAN facing connection ?
<soren> airtonix: Who?
<twb> airtonix: "cloud" is this year's equivalent of web devs in the 90s saying "I broke the mainframe"
<airtonix> yeah i'm just being mean
<airtonix> and obtuse
<twb> good man
<twb> We need to keep these punks in their place
<coffeedude>  #likewise-open
<coffeedude> Ooops.  My bad
<lool> hallyn: Hey
<lool> hallyn: I was checking out seabios as it currently FTBFSes and was a bit puzzled by some packaging stuff
<lool> hallyn: There's a seabios_0.6.1.2.orig.tar.gz tarball in the archive which apparently was rolled by you, contains the packaging and a .git with upstream history
<lool> hallyn: Is this intended?
<lool> hallyn: Also, do you have plans to move to 0.6.2?
<lool> hallyn: also, it currently FTBFS on amd64; this seems fixed in tip
<hallyn> lool: the ftbfs seems caused by binutils
<hallyn> the .git wouldve been u an aacident
<hallyn> i wasnt planning to upgfr
<hallyn> upgrade until qemu-kvm updates
<hallyn> debian is also still 0.6.1.2
<hallyn> if you wish i'll update
<RoAkSoAx> morning all
<hallyn> jusgt want planning to
<hallyn> lool: there is an open bug re the ftbfs
<hallyn> i don't have the # handy (on my phone)
<hallyn> lool: but git head doesnt compile so i don't believe tghat 0.6.2 does
<hallyn> in fact, yeah i tried it yesterday too
<hallyn> RoAkSoAx: morning
 * hallyn wonders if he lost his connection
<giovani> hallyn: there's a ping command in IRC just for that purpose
<lool> hallyn: there are two FTBFS causes; one is specific to amd64 and is fixed in tip
<lool> See Debian #625000
<uvirtbot> Debian bug 625000 in src:seabios "seabios: FTBFS: out/../src/bregs.h:40:5: error: duplicate member 'di_hi'" [Serious,Open] http://bugs.debian.org/625000
<lool> hallyn: Moving to 0.6.2 would allow dropping the crude .git in the upstream tarball that you rolled
<RoAkSoAx> hallyn: morning. How's it going today?
<hallyn> lool: but will it be compatible with qemu 0.14?
<hallyn> anyway fixing the ftbfs comes first
<hallyn> lool: thats a different failure from ours btw
<zul> hallyn: i just uploaded lxc sorry for the delay i got side tracked
<hallyn> zul: thanks
<lool> hallyn: I uploaded the patch for the first failure; I commented on the bug for the other failure
<hallyn> lool: i'l  take a look when at laptop
<lool> hallyn: BTW the bug is LP #756044
<uvirtbot> Launchpad bug 756044 in seabios "seabios version 0.6.1.2-0ubuntu1 failed to build on i386" [High,Invalid] https://launchpad.net/bugs/756044
<hallyn> lool: awesome, i didnt realize it was solved, thx
<hallyn> lool: i'll spin an 0.6.2 build and test with qemu
<hallyn> without .git :)
<hallyn> now there is also the new ipxe
<hallyn> but, i'e gotta run, biab
<lool> hallyn: The binutils issue seems to be http://sourceware.org/bugzilla/show_bug.cgi?id=12726
<uvirtbot> sourceware.org bug 12726 in ld "cannot move location counter backwards, assignment related regression" [Normal,Resolved: fixed]
<zul> lynxman: this one? mcollective-plugins_0.0.0~git20110120-0ubuntu1~natty3.dsc
<hallyn> and fix is going inti o and br sru'd (back to lucid)
<hallyn> going into o and be SRU'd, that is
<lynxman> zul: yeah, the last one in the orchestra repo should be good
<lynxman> zul: question, to restart an instance in a postinst, should it be okay to use invoke-rc.d even if the service wasn't running?
<zul> yep
<lynxman> zul: so if I do a invoke-rc.d service restart it won't exit 1 even if the service was stopped
<lynxman> zul: cool, ty
<e-DIO-t> hi there: should dpkg-reconfigure slapd ask me for domain, admin and user password ?
<SpamapS> e-DIO-t: sounds about right
<aBs0lut30> hey guys, got a problem... am setting up samba with winbind... seem to have the winbind part up and running ok, getent group and passwd both list the domain users and groups, however chown and chgrp both fail when I try and use a domain account... what have I done wrong?
<SpamapS> aBs0lut30: what is the failure?
<aBs0lut30> chown: invalid group: `nobody:domain users'
<SpamapS> aBs0lut30: ah, spaces in the names.. IIRC winbind is supposed to replace that with a +
<SpamapS> aBs0lut30: btw that looks like *two* groups
<SpamapS> aBs0lut30: whats your command line exactly?
<aBs0lut30> chown nobody:domain\ users *
<SpamapS> try chown nobody.domain\ users *
 * SpamapS is just guessing
<aBs0lut30> nope...
<robbiew> hallyn: fyi...Toshiba AC-100's (ARM netbooks) arriving next week :)
<aBs0lut30> the odd part is I have another box where it works just fine like that...
<SpamapS> aBs0lut30: and chgrp 'domain\ users' doesn't work either?
<aBs0lut30> nope
<smb> SpamapS, Quick question: is you mailing list server-team@lists.ubuntu.com?
<e-DIO-t> SpamapS: it sounds right to me too, but it only asks for conf omitting, db erase on package purge and ldap version..
<e-DIO-t> :(
<SpamapS> smb: ubuntu-server@lists.ubuntu.com
<smb> SpamapS, Thanks. :)
<hallyn> robbiew: cool
<queso> If I've added a new disk to a machine and intend to use the whole thing for /srv, is there any reason to add a single partition on it, or should I just add the filesystem to /dev/sdb itself?
<SpamapS> e-DIO-t: honestly, I'm one of the people who is very confused why people actually want to use LDAP.. its one of the most insanely complex things ever invented for servers. :-/
<e-DIO-t> SpamapS: i wouldn't  -> but a customers asked for a PDC with samba/ldap & company :P
<Ish10> Hey guys i cant figure out if I should install ubuntu 11.04 or 10.04 LTS, I really don't understand whether LTS is worth it or not. Could you guys enlighten me a bit?
<e-DIO-t> [ah license costs...i'll rotfl when they are going to ask for any kind of "fast-change" :D
<SpamapS> Ish10: 11.04 will cease to be supported October 2012
<SpamapS> Ish10: 10.04 will be supported until April, 2015
<Ish10> SpamapS, what is the consequence of no more support?
<SpamapS> Ish10: no security updates, no kernel enablement for hardware, no critical bug fixes
<SpamapS> Ish10: of course, its open source, so you can support it yourself if you have to
<hallyn> lool: so I assume you'd like to see 0.6.2 + commit 88db9fd632bf3f650244ec69e2f4fd6b2aa5fd3d
<SpamapS> Ish10: also the supported upgrade path for 10.04 is directly to the next LTS (10.04 -> 12.04) .. whereas to get from 11.04 to 12.04, you'll have to go through 11.10)
<Ish10> SpamapS, thank you, I don't knwo too much of the specifics if the updates are neccesary, but to be safe i'll go with 10.04 LTS
<SpamapS> Ish10: glad I could help.
<lool> hallyn: Sure; well 88db9fd632bf3f650244ec69e2f4fd6b2aa5fd3d is already in the packaging as a patch
<lool> hallyn: I don't strictly care about 0.6.2, but I would like us to move away of the .orig.tar.gz we have right now, and use an official upstream tarball
<hallyn> lool: ok, will do.
<lool> hallyn: thanks!
<queso> I'm setting up a new server with mysql.  I want the datadir on /srv (another disk).  Will moving the datadir have any adverse effects?  I notice there's a debian-5.1.flag file in the current data dir, should I move that?
<SpamapS> queso: its not necessary
<SpamapS> queso: but the simplest thing would be to move the whole contents to the new location
<SpamapS> queso: otherwise you need to recreate the root user and debian maintenance user.
<queso> SpamapS: Given upgrades and such, will the package know the datadir is moved?  Not sure it cares..
<SpamapS> queso: mysql_upgrade is used, and it reads my.cnf
<SpamapS> queso: and anything that does break because you changed datadir is a bug in the package.
<queso> SpamapS: oh, okay, great -- thanks for your help
<jmarsden> queso: In the past, moving the mysql databases used to confuse the apparmor stuff for it, I don't know whether it still does.
<queso> jmarsden: k, thanks for the heads up
<jmarsden> You're welcome.
<SpamapS> jmarsden: good catch
<queso> Any reason to put it in /srv/mysql/5.1/data or /srv/mysql/data or just /srv/mysql ?  What's a good practice for this?
<jmarsden> I don't think it matters, by default it is /var/lib/mysql, so /srv/mysql should be fine.
<queso> jmarsden: okay, I'll do that then
<EvilMTeck> Would it be possible to install a DHCP server on a system and have it work on only one NIC and just pass all DNS requests to the DHCP server above it?
<EvilMTeck> Not possible... easily possible...
<ahs3> EvilMTeck: DNS != DHCP.  that's two different servers.  you can easily have the DHCP server hand out info pointing to DNS servers most anywhere else.
<jpds> EvilMTeck: Have DNS1 forward requests to DNS2?
<EvilMTeck> sorry, i spaced a little bit when I said that.....
<queso> Why do I have /etc/apparmor config files if the apparmor package isn't installed?  And, shouldn't it be installed by default?  I'm on lucid-10.04.
<jpds> queso: Some packages have their apparmor profiles within them.
<queso> Oh, perhaps because I did a minimum server install
<EvilMTeck> We have a fully configured network but it's having network issues. The network issues are most noticable between Client A and Server Y. I'd like to have A connect directly to Y without touching the rest of the network but A also needs to be able to talk to the rest of the network through Y if I do thiat.
<queso> jpds: oh, ok
<e-DIO-t> bye
<EvilMTeck> e-DIO-t: hi?
<EvilMTeck> jpds: does that make a little more sense?
<ahs3> EvilMTeck: then i would set up Y as a pure forwarder to another working DNS server in your network.  then, have a DHCP entry for A that only has Y listed as a the DNS server for A.
<e-DIO-t> EvilMTeck:  => having DHCP listening on one port, is possible,. But i can't reach why you should pass dns request to the dhcp
<EvilMTeck> how would I setup the dhcp server to handle the connection on one nic?
<ahs3> it's just an option in the DHCP config file
<EvilMTeck> ahs3: I just got dhcp3-server installed.. I supposed that's somewhere :)
<ahs3> EvilMTeck: /etc/dhcp3, usually.  the man page is pretty good
<EvilMTeck> ahs3: I guess my number one problem is making sure it only operates on eth1 so it doesn't interfere with anything else
<ahs3> EvilMTeck: yup.  easily done.
<ahs3> same with BIND, btw.  something like 'listen { x.y.z.a; }', iirc
<EvilMTeck> wow... dead simple
<EvilMTeck> it's the only thing in /etc/default/dhcp3-server :P
<ahs3> you could also get really paranoid and tell dhcp to only hand out an address to that specific MAC, if you need to
<EvilMTeck> I don't like paranoia; it makes my stress needlessly high
<EvilMTeck> ahs3: any chance you could help me with this? http://dpaste.com/544291/
<EvilMTeck> er... gotaa run for a bit
<queso> How do I calculate the netmask for a given subnet?
<pangrazi> queso: do you want to learn or do you just have one?
<ahs3> EvilMTeck: you need a subnet decl for every subnet, even if you're not passing out addresses on it.  i suspect you have more than one NIC in that machine, so you'll need a subnet decl for each
<hallyn> lool: would you care to look the proposed package over, or should i just push it to oneiric?
<mrmist> what do I need in the config to stop rsyslogd loging cron session open /close information to auth.log ?
<EvilMTeck> ahs3: It's saying so subnet decl for eth1; but that config is supposed to be for eth1; how can I tell it that?
<EvilMTeck> ahs3: ..... I forgot to configure eth1
<ahs3> EvilMTeck: ah.  that would do it.  it can't match the decl to an existing interface.
<Superchkn> qemu-kvm serial passthrough unreliable?: I've tried USB passthrough of a modem & Keyspan, serial passthrough, serial passthrough backed by Keyspan & serial, serial passthrough via telnet & raw. But I can't get my Window guest's fax software working on a libvirt/qemu-kvm Ubuntu 10.04LTS server host.
<hallyn_afk> lool: heading out for an hour;  if you want to look it over, it's at http://people.canonical.com/~serge/seabios_0.6.2-0ubuntu1-package.tar.gz.  Otherwise I'll just push it to o this afternoon.   it works for me locally
<uvirtbot> New bug: #785347 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/785347
<queso> pangrazi: sorry, I figured it out
<pangrazi> queso: np
<queso> How can a server's time be 2 minutes ahead of the ntp server it's syncing with, and how can I fix it?
<RoyK> queso: check /var/log/messages (or was that syslog?)
<RoyK> perhaps it's drifting too far
<koolhead17> /var/log/syslog it would be i suppose
<queso> RoyK, koolhead17: Nothing in /var/log/messages or /var/log/syslog .  Is there a way to tell it to resync and re-calculate the drift?
<RoyK> queso: is ntpd running?
<RoyK> queso: and what timesources do you have in /etc/ntp.conf?
<queso> RoyK: it's running.  the ntp server is one of our own servers
<RoyK> you can force it by running ntpdate <servername>
<RoyK> but you'll need to shut down ntpd first
<queso> RoyK: so shutdown ntpd, run ntpdate server, then start ntpd?
<RoyK> yep
<queso> RoyK: hmm, haven't tried that yet, but I did realize that ntpq -p gives: No association ID's returned
<guampa> anyone, hints on blocking/analyzing MSN traffic? boss wants to block only the new "social" updates in the 2011 client
<guampa> (and allow standard messaging)
<DarkwingDuck> pgraner: ping
<rcaskey> ok, I restored /etc/ssh/*rsa* to a server im bringing back up from backup and did an /etc/init.d/sshd restart but i'm still getting warnings from another box that the ssh host key has changed
<shauno> rcaskey: have you tried restoring *dsa* too?  sshd_config references both
<shauno> (or does on mine, 10.04 LTS)
<rcaskey> yes, plus it explicilty says rsa
<rcaskey> i checked the md5 sums and rebooted, and wala
<rcaskey> when i manually clobbered the entire directory and rebootedi t made it work though, didnt see any sigs in the config files though
<pgraner> DarkwingDuck, pong
<DarkwingDuck> pgraner: Care for a PM?
<pgraner> DarkwingDuck, sure
<JaviSR> hello
<JaviSR> are there any spanish speaker here?
<JaviSR> or anybody who know about kerberos+ldap+nfs
<JaviSR> ?
<erichammond> JaviSR: Try #ubuntu-es
<JaviSR> erichammond ok, thanks!
<erichammond> JaviSR: a la orden
<JaviSR> erichammond tienes conocimientos sobre Kerberos Ldap y NFS?
<erichammond> JaviSR: Go ahead and ask your question here in English or on #ubuntu-es in Spanish.
#ubuntu-server 2011-05-20
<uvirtbot> New bug: #785424 in openssh (main) "Double motd when ssh'ing into 10.04.2" [Undecided,New] https://launchpad.net/bugs/785424
<uvirtbot> New bug: #771557 in dovecot (main) "dovecot does not want to start" [Undecided,New] https://launchpad.net/bugs/771557
<Roasted> Am I not allowed to set raid devices to mount in fstab by UUID?
<jstoone> Hi guys, I'm trying to setup postfix, but I
<jstoone> damnit
<jstoone> Hi guys, I'm trying to setup postfix, but I'm a bit confused about "
<jstoone> Hi guys, I'm trying to setup postfix, but I'm a bit confused about the "destinations to accept mail" part in the reconfiguration
<twb> jstoone: well, suppose you run example.net.  Maybe you accept mail for fred@sales.example.net and sally@marketing.example.net.
<twb> Then you would put "sales.example.net, marketing.example.net"
<twb> In simple cases, you would only put your domain, because all your users are just foo@example.net
<jstoone> twb: sorry for the late reply - I was fooling around - but I don't use any domain, I just have my ip address (I know this is pretty unsecure etc)
<jstoone> I know it's a big favor to ask, but can you guys help/walk me through the configuration of postfix/sendmail?
<Pats> hello ...
<Pats> recently installed server 11.04, and am getting "Resolution not supported" on the monitor connected to it
<Pats> unable to find info when googling for the same - any pointers?
<twb> Pats: is the monitor connected when you boot the server?
<Pats> hello twb ... yes it is
<twb> Pats: also, is a KVM or similar connected between the server and monitor?
<Pats> yes actually i am using a 2-way kvm switch to switch b/w my desktop and the server
<Pats> but it worked with Ubuntu 10.10
<twb> Try without the KVM
<twb> sometimes that can interfere with EDID negotiation
<twb> That is, boot with the monitor connected directly.  Once boot is finished it should be OK to remove and reattach
<twb> Oh, and I'm assuming you're not running a GUI, i.e. you're only getting an fbcon login: prompt at boot
<Pats> is there a way for me to force a console configuration - i understand that "vga=" has been deprecated with the latest grub
<twb> IIRC for 10.04 I did it by adding "blacklist vga16fb" to /etc/modprobe.d/whatever
<twb> And running "update-initramfs -u -k all", of course.
<twb> It depends what, if any, framebuffer is currently loaded
<twb> If a GUI is starting, I can't help you, except to uninstall the GUI stuff.
<Pats> no GUI
<Pats> i am actually using SSH to login to the system - but I do wish to have the option of working directly on the system as well
<twb> No argument there
<Pats> blacklist-framebuffer.conf?
<twb> It doesn't actually matter, but that's where I put it
<twb> as long as the filename is [a-z0-9-]+\.conf
<Pats> :) worked
<Pats> Thank you
<twb> When symmetricaly encrypting an SSL private key, is -aes256 the strongest crypto I can choose?
<fastveg> what is the proper format to use scp to copy a file onto your server?
<twb> scp foo foo:
<fastveg> scp filename.txt root@69.69.69.69:/folder/   -- should that work or am I offbase?
<twb> Looks OK to me
<twb> Although the leading / means it's relative to /, rather than relative to your home directory.
<fastveg> it's giving me mad authentication errors, that don't make any sense
<twb> pastebin the transcript
<fastveg> I ever went so far as to reset the root password on the linode instance
<fastveg> what transcript
<fastveg> I mean the error is basically root@IP's password:  Permission denied, please try again.
<fastveg> =/
<twb> Can you ssh into that server as root?
<jmarsden> adding a -v after the scp will give you more info on what is happening.  Did you set PermitRootLogin No in /etc/ssh/sshd_config ?
<fastveg> I ssh in as another user, and somebody set it up where it uses a key, I don't really understand it
<twb> jmarsden: I wasn't bothering because, by design, sshd will not disclose the nature of permission failures to the client
<twb> fastveg: if you cannot "ssh root@foo", then you cannot "scp root@foo"
<fastveg> let me try that
<twb> fastveg: it sounds like key-based access to root is set up, but you are not using the key.
<jmarsden> twb: I think it shows trying to use certificates, and falling back to password auth, etc... ? But OK.
<fastveg> permission denied
<fastveg> so frustrating..
<twb> jmarsden: true
<twb> jmarsden: or e.g. if he fucked up a -oProxyCommand
<fastveg> I mean, this is the same root password that you would reset on linode, right?
<fastveg> there's only one root password I dont get why it wont work
<twb> fastveg: it is typical to deny password-based access for the root user
<jmarsden> fastveg: Not if you have PermitRootLogon No   set :)
<fastveg> ah ok then
<twb> fastveg: IDEALLY, password-based access is denied for ALL users
<fastveg> .....
<twb> fastveg: if you can get in and read the /etc/ssh/sshd_config file, that will help us isolate the issue
<twb> Ref. http://en.wikipedia.org/wiki/Multi-factor_authentication
<fastveg> so how then do I copy over the files, if no passwords work
<fastveg> I can get to the file probably, one min
<twb> fastveg: using two-factor authentication -- SSH keys with passphrases
<fastveg> twb: I have that file open, what are we looking for in it?
<twb> fastveg: pastebin the output of egrep -v '^[[:space:]]*(#|$)' /etc/ssh/sshd_config
<twb> Be sure to type that command exactly
<fastveg> http://pastebin.com/6UxxHuJW
<fastveg> I guess "# PermitRootLogin no" explains that
<fastveg> =/
<fastveg> I ssh in with the other user just by typing "ssh domain.com"
<fastveg> but I don't know how to use scp with that user
<qman__> same as with root
<qman__> just use that username instead of root
<twb> fastveg: right, that says you cannot log in as root at all
<fastveg> let me try that
<Proz01d> i'm running openvpn and I have a client connect to the server when the client pings the server i get a success. when the client pings any other address such as 4.2.2.1 it fails.
<twb> fastveg: scp will be allowed for any user, but obviously you will not be able to write to, say, /var/www/ directly if that user has no write privileges there
<twb> fastveg: you can simply scp the files across then run something like sudo cp to put them in /var/www
<Proz01d> anyone have any idea?  forgot to mention that the server is able to ping other address ssuch asthe one above.
<fastveg> if I do scp filename.txt otheruser@69.69.69.69:/folder/ it asks me for that users password -- which I don't know, because ssh just connects without any password
<fastveg> how does ssh domain.com work without a password?  is there a way to get scp to work the same way?
<twb> fastveg: because your key is allowed for $USER@domain.com, but not otheruser@domain.com.
<fastveg> sorry, I dont understand
<fastveg> this is such a mess, I'm literally just tying to move over one file
<fastveg> are the ssh configs also preventing me from using SFTP to connect as root?
<twb> Yes
<fastveg> got something to work
<fastveg> why do SSH settings, affect SFTP?
<fastveg> just curious
<fastveg> Is the secure part mean it uses SSH?
<shauno> yes.  sftp uses ssh as it's carrier
<twb> SFTP is a module of SSH
<twb> As distinct from FTP/S, which is FTP over a TLS (SSL) tunnel.
<twb> http://mywiki.wooledge.org/FtpMustDie
<Proz01d> quick question ... are iptable changes effective immediately
<guampa> quick answer: yes they are
<Proz01d> ty
<lool> hallyn_afk: http://people.canonical.com/~serge/seabios_0.6.2-0ubuntu1-package.tar.gz > 404 not found
<lool> hallyn_afk: Oh I see you got it sponsored already
<lool> hallyn_afk: and BTW new binutils had been uploaded yesterday allowing my patched package to build on i386 (it would also build on amd64, but that's not needed on launchpad)
<AnAnt> Hello, have you guys heard of kerrighed (www.kerrighed.org) ? It would be nice to have that in Ubuntu
<AnAnt> the problem (which is why I came here), is that upstream only supports a certain kernel version (2.6.30
<twb> AnAnt: file an RFP
<koolhead11|afk> AnAnt, yes do that
<cxw> hello, i have a question that bothered me for quite some time : i bind many ipv6 addresses to one interface, but it keeps crashing after a while - i have do a /etc/init.d/networking restart although ifconfig still indicates that interface as "running". i'm wondering what could go wrong?
<ClaudiuT> hello
<ClaudiuT> I'm trying to set-up a vsftp server. I'm able to connect, but it fails to upload anything. write_enable=YES in /etc/vsftpd.conf
<ClaudiuT> also chroot_local_user=YES if this counts
<twb> http://mywiki.wooledge.org/FtpMustDie
<twb> Is there a reason you can't use SFTP?
<ClaudiuT> I want a simple way of sharing files without shell account
<twb> Google for "sftponly"
<ClaudiuT> thanks
<twb> But ignore entries that don't use the "internal" sftp implementation -- it used to be a lot more fiddly
<twb> Ah, here we go: http://paste.debian.net/117461/
<twb> Strictly, the user still has a shell account, he just can't access it via ssh
<ClaudiuT> is SFTP friendly with common Windows clients, like Total Commander?
<ClaudiuT> or the user needs WinSCP to connect?
<twb> most "ftp" clients I've seen speak SFTP
<twb> Dunno how many do key-based auth, which I would recommend if poss.
<ClaudiuT> that's great
<ClaudiuT> I'm not very familliar with PAM, can I avoid it?
<twb> Ignore that line, it'll already be there
<twb> PAM just means "use normal user authentication", it's a good thing
<ClaudiuT> great, thanks
<twb> Obviously ignore AllowGroups as well, or add sftponly to that list
<twb> "cyber" is the group all my users are in, because it's the company name
<ClaudiuT> basically I need one very limited user to be able to put and retrieve some files
<ClaudiuT> that's why I want to shell account
<ClaudiuT> but SFTP seems ok for what I need
<ClaudiuT> I always tried to avoid FTP anyway
<twb> Good man.
<real_ate> hi all! i'm looking for the libvirt documentation on vm snapshots but can't find any
<real_ate> ... i assume libvirt supports snapshots, or at lease is there a way to do a snapshot for libvirt managed systems?
<uvirtbot> New bug: #785683 in nmap (main) "Fails to build with OpenSSL 1.0.0" [High,New] https://launchpad.net/bugs/785683
<uvirtbot> New bug: #785707 in clamav (main) "package clamav-freshclam 0.97 dfsg-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/785707
<tyreza> hello there
<tyreza> can  anyone explain what is soft raid ?
<greppy> tyreza: instead of having a hardware raid controller, you let the linux kernel do it for you.
<TeTeT> tyreza: for a more thorough treatment, please have a look at http://en.wikipedia.org/wiki/Software_RAID
<zul> its raid that is soft
<zul> morning
<tyreza> when we have to use raid soft ?
<TeTeT> tyreza: some info on raid levels is also on https://help.ubuntu.com/11.04/installation-guide/i386/module-details.html#di-partition
<pmatulis> tyreza: typically when you do not have hardware raid
<tyreza> what is a raid simply ?
<TeTeT> tyreza: multiple disks looking like one big disk
<Pici> Redundant Array of Inexpensive/Independent Disks
<Error404NotFound> How much max RAM does U10.10 64b server support?
<_ruben> a lot
<pmatulis> :)
<Error404NotFound> _ruben: how much?
<real_ate> hi all
<tyreza> 36GB Error404NotFound
<Pici> Where are you getting that number from?
<Error404NotFound> tyreza: what if i have 64G? any patches?
<real_ate> I was here a while ago looking to see if snapshotting was supported in libvirt for 10.04... got disconnected... anyone care to comment?
<_ruben> most chipsets can address 48 bits -> 256TB
<tyreza> ok Error404NotFound
<tyreza> an other question
<tyreza> how to build a cluster machine ?
<pmatulis> real_ate: what kind of snapshotting are you talking about?
<real_ate> pmatulis: run up the vm, build packages on the disk image and then roll back the disk image
<real_ate> either on shutdown or manually
<real_ate> so baseImage.img > baseImage_snapshot1.img etc
<pmatulis> real_ate: that would be part of the hypervisor (KVM) and, no, it doesn't have that
<real_ate> pmatulis: is there any way to manually do it? ... can I just copy the image and override every time I want to "rollback" ?
<_ruben> one would probably use lvm backed vms for that and use snapshotting on lvm level
<real_ate> _ruben: i don't have lvm
<real_ate> _ruben: and i can't re-install /re-format
<_ruben> making a simple copy of the disk image should do it as well
<tyreza> what is lvm ?
<tyreza> is it raid soft also ?
<real_ate> _ruben: thanks i'll try that
 * _ruben hates trolls
<tyreza> what is lvm ?
<pmatulis> !lvm | tyreza
<ubottu> tyreza: Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/Installation/SoftwareRAID and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto
<lynxman> ping zul
<zul> lynxman: whats up?
<lynxman> I have a packaging crack question for you :)
<lynxman> I have a package that does not compile or install, just copies files to the right path
<zul> sure
<lynxman> using debian .install files
<zul> right
<lynxman> but I have to rename a couple of files
<lynxman> tried to use in rules override_dh_auto_install
<zul> okies
<lynxman> but it complains that it can't find the file in $CURDIR/debian/tmp (as it does in mcollective)
<lynxman> should I just drop the tmp since it's not "building" and go to the straight path?
<zul> so i think you can put <fileA> /path/<fileb> in the install file
<lynxman> zul: I was talking with Daviey about that one as well, looks like you can't, the install will only accept dirs as destionation
<zul> hmm...im not sure then i would have to play with it
<Daviey> :(
<lynxman> zul: no worries, I'll keep hammering at it :)
<lynxman> zul: the mcollective-plugins package is 99% complete, just need a couple tweaks and it'll be good
<zul> lynxman:  k ill beat it into shape as well
<lynxman> zul: cool, thanks mister :)
<_ruben> weird .. got a tagged vlan interface on a bonded interface, when i tcpdump the vlan interface i do see traffic, but when i tcpdump the bond i do see other vlan's traffic but not that one
<EvilMTeck> So... I installed dhcp3-server and had a client connect. They pick up an IP just find and great; but they can't connect to the domain to log in and I assumg name resolution isn't working right..
<EvilMTeck> any help getting that working again?
<EvilMTeck> s/again//
<airtonix> what supports your theory that name resolution isn't working?
<airtonix> other than your head
<EvilMTeck> airtonix: my head
<EvilMTeck> airtonix: really- i just don't know what i'm doing
<airtonix> EvilMTeck: i assume your bind daemon is setup properly? can you use dig and host to get expected data ?
<airtonix> EvilMTeck: i also assume your bind daemon is running on the same machine as your dhcpd3 daemon
<EvilMTeck> airtonix: bind not setup..
<EvilMTeck> maybe that's what's not working
<airtonix> then how do you expect to resolve hostnames in a domain controlled environment?
<airtonix> is it a windows server?
<EvilMTeck> i was hoping this dhcp server would pass everything along
<EvilMTeck> it's ubuntu
<airtonix> no
<airtonix> dhcpd only provides automatic IP addressing
<EvilMTeck> we have a larger and better setup network above this
<EvilMTeck> I'm trying to have one client sit entirely behind another client and still interact with the rest of the network the same way
<airtonix> you need to enable tcp forwarding
<airtonix> investigate ufw + nat options
<jdstrand> (can do that by looking at the ufw-framework man page)
<airtonix> ^
<EvilMTeck> jdstrand: I'm noticing something about the author... that person seems familiar
<EvilMTeck> you were referring to the full example?
<queso> If I run ntpq -p and it returns "No association ID's returned", what does that mean?  That ntpd knows of no server with which to sync, and thus is not syncing?
<EvilMTeck> I wonder how hard that is to do without having ufw at my disposal
<jdstrand> the ufw *rules files are nothing more the iptables-restore files, so those things can be adapted to whatever tool or script you'd like
<jdstrand> s/more the/more than/
<EvilMTeck> yay
<EvilMTeck> thanks :)
<AlexMax> I just rebooted my server and nginx didn't come up, in spite of being in the correct rc.d directories
<AlexMax> The last time I rebooted, sshd didn't come up, in spite of being configured correctly
<AlexMax> it seems like every time I boot, some random service refuses to launch
<AlexMax> How do I diagnose this issue?
<AlexMax> Where would I even look for error messages
<AlexMax> because I'd eally hate to reboot only to find my sshd is gone again
<AlexMax> okay let me ask it this way
<AlexMax> When i rebooted my system, nginx did not launch automatically
<AlexMax> How do I figure out why it didn't launch
<AlexMax> in spite of being in the correct rc.d directories
<AlexMax> oh crap
<AlexMax> just figured it out
<AlexMax> one of my ip aliases never came up
<AlexMax> so my http server couldn't bind to the ip
<AlexMax> which is double weird because according to networking the alias is set to automatically come up
<AlexMax> auto eth0:0
<bencc> how can I see the ulimit of another process/user?
<aradriel> piratenpartei
<aradriel> wc ^^
<ScottK> SpamapS: I'd propose dropping the task on timing the sourcing of /etc/defaults.  We can't stop sourcing /etc/defaults since Debian uses it so I think it's not worth worrying about.
<SpamapS> ScottK: Actually I came up with a way we could drop them.
<ScottK> Oh?
<bencc> how can I get the max allowed file-descriptors for a specific process?
<SpamapS> ScottK: If its worth the time to do it, we can very easily treat them as deprecated config files and convert anything non-default into env lines in the job file.. thus maintaining the changes specified by the user.
<ScottK> How do we do that for packages we sync from Debian?
<SpamapS> ScottK: oddly enough that plan never considered the impending (hopefully) changes in Debian that would allow upstart jobs. Hm.
<SpamapS> ScottK: so maybe we should flip that one on its head a bit.. we can have the init.d scripts "source" the upstart job. ;)
<ScottK> How does that help us for sysv only packages we sync from Debian?
<SpamapS> ScottK: I think its worth the measurement, even if to just show that its not worth the time to implement such insanity. I'm hoping we can just go forward w/ sourcing them.
<SpamapS> For sysv only there's nothing we can do to speed things up anyway.
<ScottK> Right, but there's packages not designed to support upstart.
<ScottK> We need to remain compatible with them.
<SpamapS> /etc/default isn't going away...
<SpamapS> and frankly, anything left in sysv isn't all that interesting in the boot speed argument anyway.
 * ScottK never thought boot speed on servers was particularly interesting in any case.
<SpamapS> This is mostly for the stuff that will get the system booted.. 1st phase of boot.. anything in the 2nd phase (not runlevel 2, but sort of..) can start as slow as it wants IMO. ;)
<ScottK> OK.
<SpamapS> ScottK: the slowest serial booting server still only takes a minute or so. The boot speed argument is more to get the GUI going ASAP .. since thats when the real heavy lifting starts.
<ScottK> Maybe I over analyzed the spec, but it seemed to be contemplating getting rid of /etc/defaults entirely.
<ScottK> Yep.
<SpamapS> If it were 5x slower to use /etc/default.. we could consider getting rid of it. :)
<ScottK> Which is why it's odd to see boot speed discussion in a server spec.
<SpamapS> but my guess is, with ureadahead its going to be negligible.
<SpamapS> Well because we have to share the boot w/ the desktop, we have to make sure we don't regress it.
 * ScottK wishes the reverse were true.
<SpamapS> Hah.. yeah...
<queso> Could someone point me to the summary differences, pros and conts, between pure-ftpd, vsftpd, and proftpd?
<gholms> smoser: Sorry about the sudden pile of cloud-init bugs. :-\
<hggdh> Daviey: time for a quick chat?
<Daviey> hggdh, yeppers
<Trezker> Hello
<Trezker> I'd appreciate some help with rewrite on my web server
<zertyui> hi there
<Trezker> I have a RewriteRule ^([a-z0-9/]+)$  /index.php/$1 [L] that works almost always
<Trezker> but if I load /foo and foo.php exists, then foo.php gets loaded :(
<RoyK> Trezker: try #httpd - lots of apache nerds there ;)
<Trezker> thank you RoyK
<zertyui> hi
<zertyui> there
<speakman> hi folks!
<speakman> I've got a software RAID1 in which one disk has been replaced.
<speakman> But since I didn't removed the faulty one, it looks like it's still waiting for it; http://pastebin.com/kguCfXKn
<speakman> How can I remove it retroactively?
<zertyui> lvm ?
<speakman> no, mdadm
<zertyui> i don't know how it happen on soft raid
<zertyui> are you remove the raid ?
<zertyui> broke the raid
<zertyui> before replacing
<gholms> Can't you add the new disk to the array as a spare?
<axisys> how do I migrate an LV from one VG to another VG .. they are different PV on same box
<speakman> I've added the new disk to the array, and it's syncing atm. But it seems to not have forgotten the old faulty disk. This is /proc/mdstat: http://pastebin.com/zaswJvy0
<lambda_x> mdadm /dev/md0 -r /dev/sda1
<speakman> the current sda1 and sdb1 is the one running
<speakman> the previous failed disk was /dev/sdb1
<speakman> but the new one is also sdb1 :)
<lambda_x> but mdstat says that sda1 is missing, right?
<speakman> lambda_x: ttp://pastebin.com/zaswJvy0
<speakman> doesn't look so
<speakman> but sda1 is 0 while sdb1 is 2
<speakman> the 1 is missing
<speakman> it should be sda1[0] sdb1[1]
<pmatulis> axisys: how much data is in the logical volume you want to migrate?
<axisys> pmatulis: the whole lv
<pmatulis> axisys: how much data is in the logical volume you want to migrate?
<lambda_x> speakman: but its raid1 so it is possible to leave one disk and rebuild md0 from it, what does mdadm -E /dev/sda1 says?
<axisys> pmatulis: 50M
<speakman> lambda_x: this is -E /dev/sdb1 which has the exact same output as -E /dev/sda1
<pmatulis> axisys: why don't you just copy the data to a new volume?
<axisys> pmatulis: but i want to do it for situation when the disk would be 20G or some ..
<speakman> lambda_x: http://pastebin.com/kguCfXKn
<axisys> pmatulis: for learning
<axisys> pmatulis: doing it on a guest OS
<axisys> pmatulis: this would be my tutorial
<axisys> pmatulis: :-)
<lambda_x> speakman: I would mdadm /dev/md0 -a /dev/sda1 -r /dev/sdb1, and then mdadm /dev/md0 -a /dev/sdb1
<pmatulis> axisys: there is no proper way to do this.  i would choose some other project
<speakman> lambda_x: why -a sda1?
<lambda_x> speakman: I was rebuilding that way md some time ago (it is taken from my notes)
<speakman> ok?
<lambda_x> speakman: in case it wont help, remove /dev/sdb1 once more, do mdadm --zero-superblock /dev/sdb1, and then mdadm /dev/md0 -a /dev/sdb1 - again
<speakman> lambda_x: this  is the case now; http://pastebin.com/3WaJ9YNq
<speakman> -E sda1
<speakman> can I --zero-superblock on sda1 as well?
<speakman> or will the raid fail then?
<lambda_x> and what mdstat says?
<speakman> http://pastebin.com/xMCwY0k0
<lambda_x> fine, have you already tried to -a /dev/sdb1 ?
<speakman> noe
<speakman> not yet
<lambda_x> sda1 is in sync, try
<speakman> -E /dev/sda1 still tells me faulty removed
<speakman> this is --detail /dev/md0 http://pastebin.com/xMCwY0k0
<speakman> http://pastebin.com/ny2k4TmP <- this
<lambda_x> it is correct, he wants second device
<speakman> yes
<speakman> and now? just -a sdb1?
<lambda_x> yup
<speakman> http://pastebin.com/Zddxuc8g
<speakman> still [2] instead of [1]
<speakman> but it does work, so maybe It's just as it should be?
<lambda_x> k, remove sdb1 once more and then mdadm --zero-superblock /dev/sdb1 ; and then mdadm /dev/md0 -a /dev/sdb1
<speakman> that's what I just did?
<speakman> it adds sdb1 as spare
<speakman> http://pastebin.com/f0B3PK54
<speakman> this is strange, but I have to leave the office for now.
<speakman> thanks for helping out. will try further on on monday
<_ruben> jikes .. kernel oops during fsck at boottime .. not good i guess :p
<queso> What package gives the apache2 rewrite module?
<queso> Oh, ha, nevermind
<MTecknology> queso: you should consider nginx :)
<queso> MTecknology: I use both, depending on the circumstances
<queso> MTecknology: I'm less familiar with apache, actually.
<MTecknology> cool :)
<queso> MTecknology: Didn't realize you had to enable the module ;)
<MTecknology> that behavior annoys me :P
<AlexMax> I have an ip alias that is not being automatically started in spite of having auto in the definition.  Any clues as to why?
<guntbert> meLon: hi
<meLon> Hey guntbert
<guntbert> meLon: 1) are you able to connect locally?
<meLon> No, guntbert
<meLon> mail.log contains no entries >_<
<guntbert> meLon: look into /var/log/mail
<meLon> There is no mail directory
<guntbert> meLon: no, that is a file
<meLon> I have mail.log, mail.err, mail.warn, procmail.log
<guntbert> meLon: how did you install postfix?
<meLon> Originally, using iredmail
<guntbert> ?
<meLon> Yeah, exactly :P
<meLon> A friend of mine showed me iredmail, which installed postfix as well as postfixadmin to allow easy alias adding and stuff
<guntbert> meLon: no idea about iredmail here
<meLon> Well, I dont need/want to use it
<meLon> Im just trying to diagnose why I am unable to connect to smtp
<guntbert> meLon: how did you install that?
<meLon> http://www.iredmail.org/download.html
<meLon> Seems that they have an uninstall script I can use
<meLon> but what else will that mess up :\
<guntbert> meLon: I suggest to uninstall that for now, and install postfix by sudo aptitude install postfix
<meLon> I followed the ubuntu guide on installing postfix
<guntbert> meLon: you just said otherwise ??
<meLon> Originally, using iredmail
<meLon> Recently, using the ubuntu guide
<guntbert> meLon: sorry, I misled you with the name of the log file (mixing up distros...), if the mail.* files are empty that implies that postfix is not running
<guntbert> try /etc/init.d/postfix start
<meLon> service postfix restart returns no errors
<guntbert> does it say "started"?
<meLon> Still cannot connect.  mail.log is still a 0b file
<meLon> Starting Postfix Mail Transport Agent postfix                                                                              [ OK ]
<guntbert> meLon: next step: lsof -ni       should list postfix as listening
<meLon> postfix-p  3294  policyd    6u  IPv4   5200      0t0  TCP 127.0.0.1:10031 (LISTEN)
<meLon> i like that command :D lsof
<guntbert> ouch - 10031 ??
<guntbert> meLon: try telnet localhost 10031
<meLon> Says it has connected and just hangs.
<guntbert> meLon: good, say HELO ImHere
<meLon> No response.
<meLon> ehlo localhost gives me no response, either
<guntbert> meLon: hmm - that sounds weird - my suggestion, try to sudo aptitude purge postfix, and then install it again, there seem to lie some pieces from that other software around
<meLon> lol
<meLon> I was afraid that that would cause more issues.  I can now connect over port 25 guntbert
<meLon> Now, I just have to see how iredmail made those aliases so I can re-create them
<guntbert> meLon: good :) I cannot assist with iredmail in any way - sorry
<meLon> No problems.  I normally don't do things like that because they cause problems like this
<meLon> I manage multiple domains.  Do you have a recommendation on how to allow users access to mail, but not give them a system user?
<guntbert> meLon: read up on "virtual users", autheticate them against ldap or so ?
<meLon> Am I using dovcot >_< ? Gunni
<meLon> guntbert*
<guntbert> meLon: thats what I use - in our last system we authed against EDirectoy using ldap
<meLon> I have a database (mysql) named vmail.  It contains admin/alias/alias_domain/log/,etc  are you familiar with something like this?
<guntbert> meLon: no, but I have seen several web pages about how to use dovecot and mysql
<guntbert> to an experienced user/admin I may suggest to use google (or the like)
<guntbert> :)
<meLon> I was gooooogling.  I was wondering if you recognized that scheme.
<meLon> It's the standard postfix lol.  Everything converted over perfectly
<meLon> thanks guntbert
<meLon> Next time ./configure make make install vs ./install.sh :D
<Lenhix> Hello. How can I install a new locale? dpkg-reconfigure locales just regenerates installed ones.
<guntbert> meLon: glad it worked for you :)
<meLon> For your time, Lenhix ?
<Lenhix> Â¿?
<guntbert> Lenhix: see https://help.ubuntu.com/community/Locale
<Lenhix> thx guntbert
<guntbert> Lenhix: you're welcome :-)
<skiold> hi, I see references to both 'preseed/url=' and 'url=' as kernel boot parameters to load a remote preseed
<skiold> are the two syntax equivalent?
#ubuntu-server 2011-05-21
<Leben> Does anyone have a clue why a stock (VPS) LAMP installation would download my index page when I view the site from the domain with the www prefix, but work fine if I leave the www off?  (ex. www.test.com doesn't work, test.com does)
<rewt> does www.test.com point to the same ip as test.com ?
<rewt> or is it a cname to test.com ?
<Leben> cname
<rewt> name-based vhost?
<Leben> I'm using Dyndns as a host for the domain
<Leben> Not sure. I tried adding a ServerName line to the 000-default, but it didn't do anything. Not sure if there's more I need to tinker with or not.
<Proz01d> anyone know some ways to test bandwidth speeds (sites as well)?
<Proz01d> also how do i restore the default firewall settings
<Delerium_> speedtest.net for pure bandwith .. for your site, don't know of any online tools, only commercial product
<Proz01d> i need to test from the command line
<Delerium_> do you have a browser (like lynx) on your server?
<Proz01d> nope
<Kiall> Delerium_, if you have two servers .. you can use iperf
<Kiall> sorry - Proz01d
<Delerium_> ;)
<Proz01d> np..
<Delerium_> The following links seems to analyze your site from the Internet http://www.websiteoptimization.com/services/analyze/
<Proz01d> i tried wget and the xp sp2 download link from MS
<Kiall> yea .. thats another method :) wget http://ubuntu/some.iso ;)
<Delerium_> Maybe you can check with your hosting / internet provider to see if they have a FTP speed test available or something like that
<Kiall> if you have two servers - nothing beats iperf for proving the max BW between the two.. other than that .. wget is usually the best option sadly!
<Delerium_> Didn't knew about iperf thanks Kiall
<Kiall> yea - its basically a command line speedtest.net .. but without the servers provided for you ;)
<Delerium_> So you need to have iperf installed on both server and then launch it?
<Kiall> Yea .. One side acts as a client, the other as a server ..
<Delerium_> Cool... I should give this a try
<Kiall> BTW If its under 50Mb/s your expecting .. I can launch a server for a few mins..
<Delerium_> Kiall: I'm waiting for my dedicated server to be setup, I'll test with that ;)
<Delerium_> Thanks
<Kiall> sure...
<Kiall> [ 3] 0.0-10.1 sec 339 MBytes 283.8 Mbits/sec <-- Disappointing results ;)
<Proz01d> what are you trynig?
<Proz01d> kaill -> was that a wget?
<Kiall> aha .. thats better :) "[  3]  0.0-10.0 sec  1.09 GBytes    933 Mbits/sec"
<Kiall> no - iperf
<Proz01d> WHAT?!
<Kiall> LAN ;)
<Kiall> 283.8 Mb/s was internet
<Proz01d> that's still crazy fast
<Kiall> Its not exactly my home connection ;)
<Proz01d> i'm guessing fiber...not ethernet
<Kiall> we take it as ethernet, but yea .. pretty much all BW in and out of datacenters is fibre ..
<Delerium_> I should try to run this on our servers ... but not sure they will let me do it ;(
<Proz01d> you guys know how to get the default firewall settings back?
<Kiall> lol - call it a diagnostic test ;)
<Kiall> `iptables -F` will empty the rules .. empty might not be your default tho
<Delerium_> Kiall: ;) Management will says it's up to the network guys... they are pretty strict when it comes to do modification on our servers
<Delerium_> Wondering about Proz question, does ubuntu-server use SELinux?
<Kiall> not by default, it does use apparmor which is somewhat similar
<Delerium_> Ho okay...
<Delerium_> AppArmor is more on the "application level" if I'm not mistaken
<Delerium_> ?
<Kiall> Yea .. http://paste.ubuntu.com/610893/
<Kiall> thats the mysql appa config...
<Delerium_> Thanks Kiall
<uvirtbot> New bug: #786040 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/786040
<Delerium_> Kiall, so basically, AppArmor restrict the files that a process can read / write !?
<Kiall> yea .. when a program has an AA profile, it only has access to what's in the profile, and nothing else..
<Kiall> eg mysql's one has "network tcp" but not "network udp" .. so no UDP sockets ...
<Delerium_> k, make sense .. nice to know ... I've been using Linux for a while but never go in deep...
<Delerium_> Don't have much time with work (and we have only 2 olllddd Linux server)
<fastveg> if I ssh into my server and run a python script, will the script stop when I close the ssh session?
<Kiall> fastveg, yes .. unless you start it in the background ..
<fastveg> or will it keep running even though I disconnect
<Kiall> eg `python bla.py &`
<Kiall> or `screen -dmS my_app python bla.py`
<fastveg> ok thanks
<Delerium_> fastveg,  ./myscript &
<fastveg> even better
<Kiall> if you think you'll want to "reattch" to see how its doing etc ... use screen.. otherwise pop at & at the end and it'll quit when it quits :)
<Kiall> reattach*
<Delerium_> Having a log file is also a good idea ;)
<Kiall> yea .. nothing worse than seeing a script die after a few hours of processing without logs ;)
<Delerium_> yup.. It kills!
<Kiall> I had a 3 week long data import process that couldnt be paused, it had to start again from scratch if it died ..
<Kiall> 2 weeks in .. bam.
<Delerium_> 3 weeks import!?!?!? Gossshh... that was a DB ?
<Kiall> suffice to say heads rolled ;)
<Delerium_> lol
<Kiall> yea - 3 weeks .. data was sourced from an API that was slow a hell .. and there was craploads of it
<Kiall> slow as*
<Delerium_> Well... there is slow ... and SLLLOWWWWW
<Kiall> ;)
<Proz01d> just curious...what are you guys using for dns?
<Delerium_> My ISP DNS
<Kiall> bind + the probind web UI ..
<Delerium_> ho.. . as a DNS server... sorry ;)
<Proz01d> lol np
<Delerium_> bind too
<Delerium_> but I don't personnaly manage our DNS, so I suck at bind ;)
<Proz01d> i'm setting up a vpn and i need to specify a dns...
<Proz01d> so i'm pointing to one externally
<Proz01d> but i'm trying to improve performance so i was wondering if I should use bind instead
<Kiall> generally (ie unless your ISP's DNS servers are crap) .. you're better using them for recursive resolving...
<Kiall> (ie for looking up google.com... rather than mydomain.com DNS hosting) ..
<jmarsden> Proz01d: Unless you have measured current performance and are sure from that work that DNS is your bottleneck, switching DNS servers seems unlikely to "improve performance"... are you sure DNS is slowing things down, not something else?
<Proz01d> nope... but right now i'm pushing some dns server ip from the base openvpn isntall (it was commented out originally)
<Kiall> you probably dont need to be pushing a DNS server with the VPN, not unless you have your own internal DNS setup on the far side of the VPN, and it sounds like you don't :)
<Proz01d> i guess i can try diabling it
<m_tadeu> what is the best place to put setkeycodes command?
<maxagaz> hi
<maxagaz> I'm in China where many website are banned, but I have a server abroad on which I installed OpenVPN, from this, can you tell me the main lines on how to open some website using this VPN ?
<jmarsden> maxagaz: Sounds like you want to run a proxy on the "abroad" server and the point your local web browser to that proxy.  I have used tinyproxy for this sort of thing (well, not from China...!)
<maxagaz> jmarsden, so, basically, what I need is a vpn (like openvpn), a proxy server (probably squid) and some iptables ?
<jmarsden> squid would be very heavyweight for this kind of (single user) use, and since you already have the tunnel working, no real need for iptables changes that I can see... but other than that, yes.
<jmarsden> If the authorities see your VPN tunnel and get suspicious of you, don't blame me :)
<maxagaz> jmarsden, there's nothing wrong in making a tunnel, many companies do it
<jmarsden> OK.  If I were trying to prevent people seeing some websites, I'd sure be suspicions of people using VPNs... it's the #1 obvious way to get around the blocking :)  Be glad I'm not the Chinese authorities :) :)
<Kiall> maxagaz, you just need the VPN, so long as it sends a default route
<Kiall> (and sends a DNS server from outside china)
<jmarsden> Kiall: You can do that, but on a transcontinental link that could be pretty slow...
<Kiall> a proxy will have the same issue + wont "hide" anything but HTTP (eg DNS ..)
<maxagaz> Kiall, I already have the VPN working, how to redirect the traffic through it ?
<jmarsden> A proxy inside the tunnel is more about bandwidth than hiding, IMO.  Better to only move the web traffic for the sites you need to use over the tunnel that way, leave the rest of your traffic out in the open locally.  But... theres more than one way to do it.
<Kiall> maxagaz, if you add `push "redirect-gateway def1"` to the config .. it should move all traffic over then VPN
<maxagaz> Kiall, where to add it ?
<maxagaz> oh I see
<Kiall> Anywhere in the server config file
<Kiall> jmarsden, yea being selective about what you tunnel will obv make it faster.. but leaves you wide open to making a mistake :)
<maxagaz> Kiall, but then all the traffic would be redirected, I just want the forbidden addresses to be redirected
<Kiall> thats a tad harder to do - since your browser doesn't let you say "use proxy X for bla.com and bla2.com" ..
<jmarsden> maxagaz: Use proxying and set your browser to selectively proxy ... firefox has addings like foxyproxy for that
<jmarsden> Kiall: It does, with foxyproxy :)
<Kiall> jmarsden, ah nice :)
<maxagaz> that sounds a good idea
<jmarsden> actually I hope it still does, not sure I have used that addon in Firefox 4.0 yet :)
<Kiall> anyway - as jmarsden said, a proxy is better for selective traffic .. bear in mind that DNS may be blocked so try google's DNS servers (8.8.8.8 and 8.8.4.4) .. if "they" prevent you using 3rd party DNS, you have to push DNS over the VPN aswell
<maxagaz> I can change it manually to my resolv.conf
<jmarsden> Kiall: Now that could get interesting... I wonder if you could set up a local DNS server and use bind views to do selective DNS forwarding :)
<Kiall> sure - but they can catch all port 53 (DNS) traffic, and hijack it :)
<Kiall> jmarsden, yea .. thats certainly possible
<Kiall> you could do the same with a hosts file aswell tho :)
<jmarsden> Kiall: well, harder to add every host *.microsoft.com to your hosts file than to tell a view to forward dns for *.microsoft.com through the VPN, I would think :)
<jmarsden> or *.facebook.com, or *.google.com ...
<Kiall> yup - I didn't think of that!
<maxagaz> how to allow my vpn to make redirections ?
<maxagaz> in foxyproxy, I have put the address of my vpn, but which port should I set ?
<jmarsden> The port that your proxy is listening on :)
<maxagaz> jmarsden, ah, so I still have to install a proxy
<jmarsden> If you want to do this the "selective" way, then I think so.
<jmarsden> foxyproxy is for using proxies... hence its name :)
<maxagaz> jmarsden, and how to link the proxy to the vpn ?
<maxagaz> jmarsden, else, anybody could use my server as a proxy...
<jmarsden> Hmmm?  Run the proxy server on the remote server at the 'abroad' end of the VPN tunnel.  You can configure proxies to only accept request from specific IPs, etc... read the docs that come with whatever proxy server software you choose.
<maxagaz> jmarsden, ok, I see
<jmarsden> You may be able to only bind the proxy listener to the vpn tunnel interface on that server, so it is invisible to anyone else, too.
 * Kiall would still just go the "want to visit something restricted? start VPN, all traffic goes via it.. done? disconnect" route.. much simplier :)
<maxagaz> Kiall, how would you do that ?
<Kiall> with the default route .. then you can just start and stop the VPN as you want to use it ..
<Kiall> pretty much the same enabling disabling the proxy .. and safter/easier than creating a list of hosts for foxyproxy to selectively route over the VPN+Proxy combo
<maxagaz> Kiall, you mean, by doing route del default gw, route add default gw my_vpn_ip ?
<Kiall> no - with `push "redirect-gateway def1"` in the VPN servers config, and then you start/stop the VPN as you need to use it
<maxagaz> Kiall, okay
<Kiall> Its defiantly easier to manage that way :)
<maxagaz> Kiall, okay, I'll try it right now
<maxagaz> Kiall, do I also need a 'push "route..." ' ?
<Kiall> nope - just the gateway
<Kiall> maybe a `push "dhcp-option DNS 8.8.8.8"` line aswell
<maxagaz> Kiall, it didn't work
<Kiall> humm what happened?
<maxagaz> Kiall, when i restart the vpn client, i can't ping anything
<maxagaz> Kiall, and even lost this chat room
<Kiall> did you setup NAT on the server?
<maxagaz> Kiall, no
<maxagaz> Kiall, perhaps there are some default rules...
<maxagaz> Kiall, i only have fail2ban in my iptables
<Kiall> aha :) I thought that was mentioned earlier .. whoops ..
<maxagaz> Kiall, ah... :)
<Kiall> `iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE` - assuming eth0 is the servers internet connection
<Kiall> BUT
<Kiall> be careful with this part!
<Kiall> (you have console access to the server? or the ability to reboot it?)
<maxagaz> why ?
<maxagaz> Kiall, yes
<Kiall> then no worries :)
<maxagaz> Kiall, perhaps I sould just try it fo a few seconds
<Kiall> Make a mistake with the rule and you could loose SSH access until you reboot / remove it (and that could be wrong .. its late!)
<Kiall> once its added, it either works, or you need to reboot / remove the rule via the server
<maxagaz> Kiall, I'll do it and pray
<Kiall> ;)
<Kiall> also `iptables -t filter -A FORWARD -i vtun0 -o eth0 -j ACCEPT`
<maxagaz> oh, i need both...
<Kiall> (assuming vtun0 == vpn interface, and eth0 == servers internet)
<maxagaz> that was okay for the first one :)
<maxagaz> it's just tun0 for me
<Kiall> yea - tun0 instead of vtun0 then
<maxagaz> okay, now let's restart the client to see if it works...
<maxagaz> I might lose the chat again...
<Kiall> you most likely will as it connects
<Kiall> it should connect right back again tho - if it wored ;)
<Kiall> worked*
<maxagaz> I was disconnected
<maxagaz> Kiall, those to rules were for the server, right ?
<Kiall> yea
<maxagaz> ok
<Kiall> any idea what part failed?
<Kiall> This might be worth a read :) http://alestic.com/2009/05/openvpn-ec2
<Kiall> Skip the ec2 parts and see if there is anything in there you havent already done
<maxagaz> Kiall, with the two open vpn settings you gave me, I should get 8.8.8.8 in my resolv.conf and some changes in my routes, right ?
<Kiall> 8.8.8.8 resolv.conf doesnt always work (depends on the client settings...) .. but the default route should have swapped
<maxagaz> Kiall, it didn't swap...
<Kiall> see anything in that link you've missed?
<maxagaz> firefox is still trying to open it
<maxagaz> I hope this website isn't banned
<maxagaz> so many websites are banned here
<maxagaz> i'll have to use proxy4free to open it...
<Kiall> or http://i.imgur.com/WvKFN.png
<maxagaz> that one works :)
<maxagaz> thanks a lot :)
<Kiall> anyway - gotta run .. good luck
<maxagaz> I have to go out to eat too, i'll try again once back, thanks a lot for your help
<Zaclnxnewb> hi
<Zaclnxnewb> Could someone help me get ddclient working?
<Zaclnxnewb> or any DNS updater that will update multiple DNS servers with the dynamic IP?
<Zaclnxnewb> What I've tried to work out isn't working
<Zaclnxnewb> I would like it to update every 15 minutes
<xperia> hello to all. i have very big problems with web server session handling. for some strange reason session data disapear when i go from one page to other inside my site. i have tryed last 24 hours all what i can think off but nothing helped till yet. need really help with this problem.
<dkn> i'm trying to access a samba smb share from a mac, i'm trying to use force user & guest so anyone can write & delete files on this share, but i can only seem to create folders, not files
<uvirtbot> New bug: #786188 in openssh (main) "package openssh-server 1:5.8p1-1ubuntu3 failed to install/upgrade: le sous-processus nouveau script pre-installation a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/786188
<uvirtbot> New bug: #777855 in glibc "resolver failures without even sending queries, break Postfix" [High,Confirmed] https://launchpad.net/bugs/777855
<bluethundr_> hello... what is the ubuntu equivalent of chkconfig under red hat?
<RoyK> anyone that can see wtf is wrong with this regex? it's meant to mach a mac address, but fails /[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}/
<bencc> how do I know if I need tcp tuning? http://fasterdata.es.net/fasterdata/host-tuning/linux/
<bencc> will I see errors?
<jmarsden> bluethundr_: sudo service --status-all   # for a basic status list.  For run level details, you can try installing and using sysv-rc-conf
<Proz01d> royk: did you get it qworking?\
<Proz01d> where are you trying to run this?
<uvirtbot> New bug: #786250 in backuppc (main) "Remove dependency on perl-suid for Perl 5.12" [Undecided,New] https://launchpad.net/bugs/786250
<uuser123> i am using ubuntu 10.04 ,how do i update my kvm to latest version
<jmarsden> Is   qemu-kvm | 0.12.3+noroms-0ubuntu9.6 | lucid-updates | source, amd64, i386     recent enough for your needs?  That is in lucid-updates.
<RoyK> Proz01d: yeah
<divansantana> anyone know the current state of kolab with ubuntu server? There is a wiki page talking about it being included with 10.10 server, but not sure if it's working, don't see any release news?
<divansantana> anyone?
#ubuntu-server 2011-05-22
<roasted> Has anybody created software raid before? I just did today and my steps didn't complete as I expected. I looked at this guide - http://www.linuxlog.org/?p=144 - and there are screenshots I never saw. Can anybody help?
<nandemonai> I have but not for a boot volume.
<nandemonai> So different process.
<roasted> I didn't set it up for a boot volume
<roasted> I have a flash drive I installed the OS on
<roasted> and two 500gb drives I configured as software raid
<roasted> It never asked me to create an MD device, and it never asked me which kind of array I want (0 1 5 6, etc)
<roasted> It just continued through the installation and I thought nothing of it. Then I booted up and realized the array wasn;t mounted. At this point I realized Ubuntu had no idea /dev/md0 existed, since it was never created DESPITE me selecting software raid on each drive.
<nandemonai> Hmm I did it the manual way.
<roasted> with the alternate CD?
<nandemonai> Nope: http://rendai.homeunix.net/nandemonai/2009/09/27/installing-raid0-mirror-ubuntu-server/
<roasted> or terminal after installation?
<nandemonai> Terminal yeah.
<nandemonai> Those are the rough steps I took.
<roasted> yeah, I did that too, but then I formatted everything because I wanted to make the altenrate CD method work
<roasted> yet it tanked on me again
<roasted> I'm just not sure if I missed a step or something. After all, I never selected a mount point, but I think once I selected software raid in the partitioner menu options like file system type and mount point were hidden.
<nandemonai> So it hasn't even created /dev/mdX?
<nandemonai> To be honest I'm not sure how the installer goes about creating a raid. I assume much the same way as you would manually but haven't tried it myself.
<roasted> I used this guide
<roasted> http://www.linuxlog.org/?p=144
<roasted> See how it has a screenshot for create MD0? I never got that. I also never got to choose what kind of raid I wanted, but I assume that's because I didn't get the other screen first
<roasted> perhaps I did something wrong... I was just like, what the?
<roasted> I can do the installation process again though and see what's up.
<roasted> By the way, if I format each drive individually with gparted and "create a new partition table" would that wipe any trace of them being associated with software raid previously? I want to redo the installation from ground up fresh as if they were brand new drives.
<nandemonai> Yeah new partition table will wipe the lot.
<roasted> k, sounds good
<roasted> appreciate your time nandemonai
<roasted> btw, a regular "format" wouldn't??
<nandemonai> Depends if you change the drive ID. Not 100% on that but a straight format would probably still have the drive ID as fd.
<roasted> but a new partition table is a 100% nuke of that?
<nandemonai> Yeah since the ID bit is written to the table ;)
<roasted> gotcha ;)
<nandemonai> YOu could just format then change the ID from fdisk.
<roasted> yeha, but a new partition table hardly takes that long in gparted
<nandemonai> True enough.
<roasted> I'd rather "sterilize" it and be sure than just wipe it off and hope it's okay.
<roasted> Know what I mean?
<nandemonai> For sure.
<roasted> thanks for your time bro. I gotta get to bed now.
<nandemonai> No worries, good luck with it all.
<roasted> have a good one
<TVision> Hi. How can get operator priveleges in a channel I didn't create, if I'm the owner/administrator of the server? I'm using ircd-hybrid.
<uvirtbot> New bug: #786406 in openssh (main) "package openssh-server (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/786406
<uvirtbot> New bug: #786410 in dhcp3 (main) "package dhcp3-server 3.1.3-2ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/786410
<uvirtbot> New bug: #786408 in dhcp3 (main) "package dhcp3-server 3.1.3-2ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/786408
<diddus> hello everybody
<floown> hello
<floown> I have a question about sed and substitution chain
<floown> I want to remove the http://www. from my urls with this command : sed -e "s/http\:\/\/www\.//g" "my file.txt" now how can I wrote the result in my file.txt ?
<jmarsden> sed -e 's%http://www\.%%g' <oldfile.txt >newfile.txt
<RudyValencia> How do I configure an FTPd to save files as www-data:www-data with whatever permissions I need to set?
<agrundner> got a rkhunter warning messages... says 'hdparm' in file '/etc/init.d/hdparm' - possible Xzibit Rootkit <~ False positive?
<uvirtbot> New bug: #786455 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: il sottoprocesso nuovo script pre-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/786455
<greppy> floown: you can also have sed make the changes in place and save your file to "my file.txt.bak" with this:  sed -ibak 's|http://www[.]||g' "my file.txt"
<floown> thx greppy, I note this syntax too ;)
<uuser123> if i want to remove package with config file which command i should use
<greppy> uuser123: apt-get purge PACKAGE_NAME
<uuser123> ok ,thanks
<greppy> uuser123: which can also be discovered from reading the man page.
<uuser123> sorry for that
<uuser123> greppy: can u pls tell me i remove all apache2 related stuff and reintall apache2 but now i cant see apache2 installed in /etc/apache2
<uuser123> -- /etc/init.d/apache2 restart .: 45: Can't open /etc/apache2/envvars
<Rajko> hey guys
<RoyK>  
<uuser123> Invalid command 'ProxyRequests', perhaps misspelled or defined by a module not included in the server configuration  ---fail why i should  get this error on start/restart apache2 on ubuntu server
<dassouki> interesting how my internet goes from fast mode to slow mode so fast
<martin___> how do I enable IPv6 on my Ubuntu Server? I have a gateway and an address from my provider
<RoyK> martin___: normally, the router should give you an address
<RoyK> otherwise, man interfaces
<martin___> RoyK: http://pastebin.com/1C60TD7d <-- there's /etc/network/interfaces and ifconfig
<martin___> when I ping6 something I get "network unreachable"
<martin___> ipv6.google.com
<RoyK> try to traceroute6 it
<martin___> didn't go that far
<martin___> traceroute to ipv6.l.google.com (2a00:1450:4008:c00::63) from 2a02:40:40:9c::4, 30 hops max, 24 byte packets 1  2a02:40:40:9c::4 (2a02:40:40:9c::4)  3006.55 ms !H  3007.61 ms !H  3009.93 ms !H
<martin___> also in ifconfig there's my IPv6 and then some other, what's that?
<martin___> the "fe80::b4b4:faff:fec6:9e26/64" one
<RoyK> fe80 is for ipv4 compatibility (iirc)
<martin___> oh ok
<RoyK> can you ping6 the gateway?
<martin___> sure - this is what my provider gave me btw http://pastebin.com/xdeRX1Lg
<martin___> moment
<martin___> no I can't ping it
<RoyK> http://paste.ubuntu.com/611451/
<martin___> ok well, this is embarassing
<RoyK> found it? ;)
<martin___> nope
<RoyK> if you can't ping the gateway, there is possibly an issue there
<RoyK> is it in the arp cache?
<martin___> arp cache?
<RoyK> arp -an
<RoyK> for ipv4 at least
<martin___> it's not
<RoyK> erm - arp doesn't exist on ipv6 it seems - sorry - my fault
<RoyK> martin___: seems there are some ndisc tools around
<RoyK> http://www.remlab.net/ndisc6/
<martin___> thanks
<tdignan> What is the difference between ubuntu server and ubuntu enterprise cloud?
<rewt> enterprise cloud is for making a cloud server, while server is for making traditional servers
<tdignan> what makes it more suited for the task than the regular ubuntu server distribution?
<tdignan> is it stripped down and including support for virtualization rather than lots of different hardware?
<tdignan> the thing that scared me the most was the word 'enterprise'... I immediately thought there must be some payment required by me eventually
<Guest12672> I need help installing Ubuntu Server 11.04
<Guest12672> cannot install Ubuntu server 11.04 keeps asking for a different disk than what was created from donwload
<moose_man_1957> I am having a problem trying to install Ubuntu server 11.04
<moose_man_1957> it hangs asking me for disc labelled Ubuntu-Server 11.04 _Natty Narwhal_
<moose_man_1957> but that is not the disk created from the download
<barnode69> hello, can somebody help me with password recovery?
<rkhessel> hi all, when I try to transfer large files to/from my server via ftp/cifs, the nic goes down.  restart networking brings it back up
<rkhessel> any way to increase the logging level in /var/log/messages to debug?
<rkhessel> there doesn't seem to be a peep in there explaining it, and I guess my system isnt using klogd
<jmarsden> tdignan: Ubuntu Enterprise Cloud is being officially renamed to Ubuntu Cloud, I think I remember reading that somewhere recently -- clouds are not just for big enterprises any more :)
<twotenam> awesam
<rewt> but can they still be used on the uss enterprise?
<jmarsden> rewt: Try it and let us know :)
<moose_man_1957> Help I cannot install ubuntu server I386
<moose_man_1957> tried 11.04 and 10.04 basically the same message asking me to insert disc labeled Ubuntu Server (rel} (code name)
<moose_man_1957> and all I have are the ISO images that end in I386
<guntbert> moose_man_1957: my first guess: did you check that the isos are not corrupted?
<moose_man_1957> have tried several different ones, the ISO seem to be fine I think
<moose_man_1957> and the error msgs are so similar
<guntbert> !md5sum | moose_man_1957
<ubottu> moose_man_1957: To verify your Ubuntu ISO image (or other files for which an MD5 checksum is provided), see http://help.ubuntu.com/community/HowToMD5SUM or http://www.linuxquestions.org/linux/answers/LQ_ISO/Checking_the_md5sum_in_Windows
<bencc> should I place sudoers in the /etc/sudoers file or under the /etc/sudoerd.d/ folder?
<uvirtbot> New bug: #786714 in bacula (main) "package bacula-director-mysql 5.0.3-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/786714
<uvirtbot> New bug: #786740 in php5 (main) "package libapache2-mod-php5 5.3.2-1ubuntu4.9 failed to install/upgrade from ubuntu (server) 9.10 to 10.04" [Undecided,New] https://launchpad.net/bugs/786740
<jstad> Anyone know how to get around the /dev/sd[f-p] constraint on ubuntu 10.10/11.04 ami's ?
#ubuntu-server 2012-05-14
<harushimo> hey question for you
<harushimo> I'm using ubuntu desktop version but I want to install maas on it
<harushimo> I want to mess around with cloud computing for ubuntu
<harushimo> can I use it?
<bigjools> yes, you just need to boot the cloud nodes with the server image
<harushimo> I need ubuntu server iso also then?
<harushimo> I'm learning some server side right now. I just want to do this right
<harushimo> especially with the cloud
<bigjools> read this: https://wiki.ubuntu.com/ServerTeam/MAAS
<harushimo> I currently installed maas on my desktop version
<harushimo> I'll get the server image cd
<harushimo> that was easy
<harushimo> thank you
<bigjools> np
<harushimo> maas detected my router ip address not the main one
<harushimo> would that be a problem for the cloud
<harushimo> is it better use maas with the ip address of my service provider?
<harushimo> does it take long to import maas profile? I'm running the script right now
<yaboo> want to setup ufw, but have three interfaces, how do I allow all ports on e.g. eth3,4 and block ppp0
<twb> Not sure if you can in ufw
<twb> Based on ten seconds looking at the manpage, I would guess: ufw default deny; ufw allow on eth3; ufw allow on eth4
<yaboo> two, thanks missed it
<twb> OK so in lucid, when booting a server without the "quiet splash" options, when init prints "fsck of /srv/backup/boot failed with exit status 1" (or thereabouts), and then JUST HANGS FOREVER, refusing to continue booting, what am I supposed to do?
<twb> Because AFAICT the only way to rescue it is to boot a live image and manually fsck it clean.
<twb> Which is bullshit, because the /srv/backup/boot filesystem isn't needed to bootstrap :-/
<henkjan> try S for skipping mounting
<henkjan> plymouth :( i don't understand why its in the server version
<qman__> I haven't seen an fsck on my file server in years because of it
<qman__> just have to hope it's working
<twb> henkjan: I booted without splash
<twb> henkjan: there is no prompt
<twb> I think this also happens if you boot with splash, but you don't have the fancy plymouth-...-theme pacakge installed, but only the unremovable plymouth deps
<twb> Yeah, I just checked and same symptoms with "single splash", there is no splash at all even though plymouth is installed
<twb> It does respond to ctrl-alt-del event though, not totally hung.  Just upstart sitting there being useless as ever
<twb> And this mobo is one of those stupid UEFI hybrid ones, and it thinks my USB rescue keys are UEFI bootable, so it can't boot them correctly
<henkjan> twb: try booting in grub with init=/bin/bash
<twb> henkjan: well of course that will work
<twb> But then I have to fiddle-fart around assembling the array and lvs and so on, and AFAICT the actual problem won't be fixed
<henkjan> no, mdadm an lvm should be working correct with init=/bin/bash
<twb> Oh, yeah, I was thinking break
<veebull> installed squid, then squid-deb-proxy on 12.04 server (VM)... installed squid-deb-proxy-client on a Lubuntu 12.04 VM... squid doesn't appear to be working on the server for some reason?
<twb> henkjan: FWIW init=/bin/sh also hangs same way
<twb> It boots correctly if I comment out all the HDD's filesystems (i.e. all of /srv/backup), so now I'm trying it with them enabled, but with their fsck pass field set to 0
<twb> (i.e. skip fsck of them on boot)
<Techie> is there any way to have ubuntu-server automatically transcode videos that appear in one directory, put the output in a seperate directory and delete the source?
<Techie> and do this on a cronjob without trying to transcode if its already transcoding something
<twb> http://paste.debian.net/168684/
<twb> Ooooh, I wonder if those LVs are set to be read-only
<twb> I *know* under that circumstance, mountall jsut completely shits itself.  ISTR it does so with a much clearer error message, though...
<twb> Could be all the ureadahead-other lines are getting in the way of seeing it.
<twb> Fuck, I worked out what it actually is.  Some of these LVs no longer exist, but fstab still expects them
<twb> So mountall is just sitting there waiting for them to be inserted or something equally inane
<twb> !&^@#&^%!@#^!@#
<twb> Some debugging messages would've been nicer
<henkjan> twb: i'm so fed up with plymouth and upstart :(
<henkjan> missing sane logging
<twb> I've been fed up with it for three years
<twb> It was only managable in hardy because it was handballing all the work to a proper init
<Daviey> Goooooooooooooooooooooooood Morning
<linocisco> hi all
<linocisco> i want to be ubuntu partner. but nobody here will buy  ubuntu commercial edition. how could I do?
<linocisco> they will just ask for support
<linocisco> preloaded mail server, proxy server will be popular
<ikonia> linocisco: what are you on about
<Daviey> linocisco: There is no such thing as Ubuntu commericial edition.
<linocisco> actually, I want to start a new business like tech support or preloaded ubuntu servers(mail,squid,firewall, dual wan loadbalancing) with system unit together. But I would like to be acknowledged by ubuntu
<linocisco> actually, I want to start a new business like tech support or sell  preloaded ubuntu servers(mail,squid,firewall, dual wan loadbalancing) with system unit together. But I would like to be acknowledged by ubuntu
<Daviey> linocisco: you probably want to get on the Ubuntu Marketplace, http://www.ubunut.com/partners/programme
<linocisco> Daviey, thanks. let me check out
<linocisco> askubuntu.com vs ubuntuforums.org ??
<linocisco> for server related questions, which one is more interactive?
<bioman> Hello
<bioman> Got a problem with networking :/ I use eth0 and eth0:1. "service networking status" returns "networking stop/waiting" but it works infact...
<twb> bioman: that's an artefact of how upstart reports things
<bioman> when I try with the deprecated method "/etc/init.d/networking restart" it says "RTNETLINK answers: File exists" and "Failed to bring up eth0:1"
<bioman> but both appear with ifconfig...
<soren> You probably created eth0:1 manually and have now added it to /etc/network/interfaces?
<twb> :1 is gibberish
<twb> It's only applicable to ifconfig and only because ifconfig is too stupid to understand that an iface can have zero or more addresses
<bioman> soren: no, I've created it in /etc/network/interfaces
<twb> bioman: pastebin your /etc/network/interfaces
<bioman> twb: a moment please. I'm used to use Archlinux, Ubuntu is at work. Which tool can I use please ?
<twb> apt-get install pastebinit; pastebin -u http://paste.debian.net/ /etc/network/interfaces, IIRC
<maxb> /sbin/ip is generally regarded as the modern replacement for ifconfig
<twb> maxb: AIUI ifupdown 0.7 uses ip internally
<twb> And I thought ifupdwn 0.7 was rolled out a few releases back, but I'm still on lucid so I dunno
<bioman> twb: http://paste.ubuntu.com/986831
<twb> bioman: what version of ifupdown do you have
<twb> If it's a second *card* it should be iface eth1 not eth0:1
<twb> (Or whatever the iface is named; "ip link" will list all known ifaces.)
<bioman> twb: It's for a DRBL. It will be installed on a laptop which has only one physical network card
<twb> I don't know what a DRBL is
<bioman> twb: drbl.sourceforge.net :)
<twb> What, PXE?
<bioman> yep
<twb> You know live-initramfs can PXE boot off an arbitrary http URL, right?
<twb> So you can PXE the ramdisk, and that can pull down the .iso or .img from the internet even
<bioman> twb: here it will be used for the clients to install a syspreped Windows XP Pro
<twb> Lame
<soren> twb: Oneiric is the first release with a 0.7 ifupdown.
<twb> soren: thanks
<twb> bioman: what ubuntu release are you running?
<bioman> twb: 12.04 LTS (need "latest" kernel, for hardware recognizing). Here we have one in 11.10, but it does not work with recent PC's because their hardware is too recent
<soren> twb: Are you familiar with rmadison?
<twb> soren: yeah I was just lazy -- sorry
<soren> twb: No problem at all. Just wanted to make sure. It's quite handy :)(
<soren> :)
<bioman> Ah, another thing : Now when I boot, there is a message "Waiting for network configuration..." for more than 40s, then "waiting up to more 60 seconds for network configuration..." which is really annoying. How to fix this please ?
<trapni> does keystone (still) need "passlib"? is it a hard dependency? (I am to write packages for Gentoo, currently, and feel a bit clumsy about OpenStacks dependencies :)
<twb> bioman: I *strongly* recommend you investigate live-initramfs (and maybe live-config and live-build).
<twb> bioman: they are a central effort to solve this class of booting, once and for all
<twb> The Ubuntu effort is called "casper" but AFAIK it only tries to solve Canonical's problems, and isn't really set up for end users to use
<bioman> twb: I come from Archlinux world, dunno what all you tell me is for...
<bioman> hey people don't tell me you dunno how to get rid of those annoying messages ?
<twb> bioman: what annoying messages
<bioman> twb: at boot, "Waiting for network configuration..." (nearly 40 seconds) and "Waiting up to 60 more seconds for network configuration..."
<bioman> twb: found those messages in /etc/init/failsafe.conf
<twb> Just comment them out
<bioman> twb: before doing this, can you explain me what is this file for please ? using the sleep command make the PC in stand mode isn't it ?
<twb> Sorry, I'm busy
<Techie> if anybody in here is after automated transcoding of videos inside a folder, http://pastebin.com/wWYDpcvg
<Techie> it uses HandBrakeCLI   and doesnt play nice with sub folders
<ikonia> Techie: handbrake has a command line tool that works fine
<ikonia> no need for anything else
<Techie> ikonia, its for automation
<ikonia> yes, you can automate with handbrake
<Techie> ikonia, when hooked up as a cron
<ikonia> just feed things into the queue and click "go"
<Techie> it checks to see whether anythings converting
<Techie> and if nothings converting it converts everything in a specified folder
<ikonia> handbrake does that
<Techie> so rather than having to que things up, you just dump them in a folder
<ikonia> it converts to what you want and checks comatability before processing
<Techie> did you even look at the script, or are you just bashing me because you dont understand it?
<ikonia> I'm not bashing anything
<Techie> then did you atleast look at it
<ikonia> I glanced at it
<ikonia> didn't really follow it through as the description you've given explained the idea
<Techie> then you should have noticed that it doesnt require the user to queue anything or invoke it manually
<ikonia> it does
<ikonia> it requires users to put things in the right directories
<ikonia> that's the same as adding to a queue
<Techie> not when your using server
<ikonia> you may as well just add to the queue in handbrake a proven and supported solution
<ikonia> Techie: of course when you are using a server
<Techie> when server adding to a folder is simple
<ikonia> the command line tool has add to queue functionality
<ikonia> Techie: adding to the queue is simple
<ikonia> and you don't need to worry about arranging subdirectories
<Techie> unfortunately the queue function requires too much reading for my taste, so i created an alternative based on what i need, and i felt that it may be suitable for others
<ikonia> so rather than read a few lines you've created an unsupported shell script wrapper
<Techie> yep
<Techie> coz thats how i roll
<ikonia> people could just read about 10 lines of docs for the cli synatax
<ikonia> seems silly to offer this to people as a solution when an out of the box product does it better with more functionality
<Techie> im not saying its a replacement for the proper method
<ikonia> you're offering as a solution
<Techie> a solution thats easily configuable
<ikonia> which in my view seems pointless as the official tool your wrapping around works fine without this script/need for specific layout and offers more options without your wrapper
<Techie> thats the only reason im offering it
<ikonia> easier to just use the correct tool without the wrapper
<ikonia> more options, no specific file system layout needed etc
<ikonia> but a good effort on your part
<Techie> i find that for most users, more options = more confusion
<Techie> including me
<ikonia> Techie: but you've hardcoded it to settings you like
<ikonia> and you've stipulated a specific directory layout
<ikonia> that seems harder than the official tool
<Techie> that being said, this is my first version
<ikonia> more so as there is an unofficial ncurses wrapper for it (if you want a menu driven interface without the gui)
<Techie> i havent had years to refine it
<ikonia> you shouldn't need years
<ikonia> it's a 30 line shell script calling a program that exists and is well documented
<ikonia> I did something very similar with mplayer and mencode, then realised handbrake did it better and easier
<ikonia> mencoder even
<Techie> but you still did it
<ikonia> I had it doing subdirectories, chapter seperation/naming etc etc, then realised it was a pointless effort
<ikonia> Techie: yes, because mencoder didn't have a tool to do what I want
<ikonia> and I didn't offer my solution to people
<Techie> the same with this
<ikonia> you're aware of the tool handbrake as you actually call it and you're chosing to make it more complex/rigid by wrapping it in a shell script
<Techie> i didnt realised that i could control the CLI version to the extent that i could control the GUI
<ikonia> Techie: I'd say %85 maybe a little more is available in the cli
<Techie> thats why i created this wrapper
<ikonia> the profile options are very useful
<Techie> not because i wanted to change the way things worked, but to get things to work how i wanted, with the knowledge i already have
<ikonia> but you'll find it easier/better to probably just use the tool
<ikonia> especially if you created a profile for the settings (encoding) you like
<Techie> maybe further down the line i will redo it from scratch to work compltely wiht every option handbrake offers
<ikonia> why do it at all ?
<ikonia> just call the handbrake binaries
<Techie> because then i have to call them each time
<ikonia> you have to call this script each time
<Techie> this was created so i could just dump files onto the server via samba and have them convert
<ikonia> I don't see the difference
<Techie> also so my dad could drop files
<ikonia> sorry, I don't see any value to it, but if you find it useful, good on you
<Techie> okay
<Techie> anyway im off, i have work tomorrow.    night ikonia
<ikonia> good night
<zul> good morning
<gary_poster> apw, hi.  IS has some concerns about implementing the work-around to bug 944386 in the data center (comment #4 from kees disabling protected_nonaccess_hardlinks).  If I were able to beg borrow or steal escalation privileges from someone, how likely is it that we'd be able to get a Precise release of a fix for this?
<uvirtbot> Launchpad bug 944386 in linux "Making a hard link of a 0444 permission file fails in overlayfs [Precise]" [Medium,In progress] https://launchpad.net/bugs/944386
<gary_poster> and what might the timeline be?
<apw> gary_poster, i thought we expected that to be fixed upstream, so working now in quantal, if so then it may well be an easy job.  if so then 3 or so weeks to an official kernel a few days perhaps to get something you can test in the interim?
<gary_poster> apw, ok, fantastic, thank you.
<apw> gary_poster, am off today will make a note to poke that in the am
<gary_poster> apw, understood, thank you
<ruben23> hi guys i have uname -r ---> 2.6.18-308.el5.028stab099.3 an i would liek to install kernel headers but only see this version available ---> http://pastebin.com/rPqHjgav ---> it does not fit on its version and it wont install, any idea how to make this work..? to have same exact version..?
<ruben23> help please how to make it worked..?
<nathwill> ruben, that looks like a rhel kernel...
<filo1234> hi all
<filo1234> I'm looking for a way to start recovery ( when I choice it ) in netroot by default... without display choice menu options
<ruben23> nathwill: this is ubuntu server 10.034 LTS instaled on a VPS server..
<nathwill> ah. i'm used to seeing the el business on my rhel machines
<RoyK> ruben23: the 'el' in the kernel name there, is "enterprise linux", meaning redhat
<_ruben> that's no ubuntu kernel, so good luck finding the kernel headers, i'd ask the vps provider
<RoyK> ruben23: it might be openvz, though
<RoyK> ubuntu running under redhat with openvz, although it looks hairy
<ruben23> yes its openvz..sorry guys
<nathwill> wonder if the linux-headers-generic package would work for you.
<zul> Daviey: ping does maas setup the dnsmasq to do the tftp?
<ahxcjb> RoyK: OpenVZ is unsupported on RHEL
<ahxcjb> it will invalidate Red Hat's ability to support the RHEL server
<ahxcjb> given it replaces glibc iirc
<koolhead17> zul, am not correct but currently its cobbler which creates profiles 4 the deplyment
<zul> k
<RoyK> ahxcjb: I didn't know that, but the kernel version he posted, 2.6.18-308.el5.028stab099.3, looks like RHEL to me
<ikonia> it's going to be some junk virtualzation
<RoyK> might be completely wrong, though :)
<koolhead17> *sure
<RoyK> ikonia: openvz doesn't virtualize the kernel, does it?
<ikonia> it's a RHEL 5.5 customised kernel
<ikonia> it's not even a stock RHEL one
<ikonia> RoyK: no, it uses the hosts
<ikonia> the 028stab099.3 big suggests someone's modified it beyond redhat's though
<ikonia> "bit"
<Daviey> zul: maas sets up tftp by default, but doesn't touch dhcp, unless you install maas-dhcp
<zul> Daviey: gotcha but maas-dhcp is dnsmasq right?
<Daviey> yah
<LemU_> Hi! I would need help... I was following this guide https://help.ubuntu.com/community/UbuntuCloudInfrastructure#Deploying_Ubuntu_Cloud_Infrastructure_with_Juju     Im almost end of guide but cloud-publish-tarball ubuntu-11.10-beta1-server-cloudimg-amd64.tar.gz images ain't working.
<LemU_> It just gives me: Unable to run euca--describe-images.  Is environment for euca- set up?
<LemU_> So I was wondering if there is someone who understands eucatools better than I am and sees why i can't use it
<alex88> hello guys, someone tried chef deploy tool?
<JC617> Can anyone verify if scp and rsync come pre-installed (shipped) with Ubuntu Server 10.04 LTS?
<bioman> Hi
<Guest20494> I really need help here: https://answers.launchpad.net/ubuntu/+question/197184
<Guest20494> If someone is familiar with eucatools+juju+maas combination, I would love to have opinion what I am doing wrong
<bioman> What's going on with the "service" command ? "service networking restart" says "stop: Unknown instance:". service start networking says "networking stop/waiting"
 * bioman is thinking...
<pdtpatrick> has anyone installed Landscape Dedicated server ?
<KM0201> doesn't that cost money?
<pdtpatrick> right - I'm trying to figure out whether it is just to license the landscape software or will it require a license for each server it manages (that'll suck).
<KM0201> no idea.
<Jarmo> Anyone familiar with setting up Cloud with MAAS + juju?
<pdtpatrick> Jarmo: i believe there's a #juju room
<Jarmo> there they did sent me elsewhere, because they thought it has something to do with eucatools... (or something like that)
<Jarmo> but I'll try juju room too :)
<pdtpatrick> seems like the juju technology is quite new so i've been struggling to find help myself or get a solid understanding of how the inner parts work. For instance, it'll be nice to see a decent guide on openstack
<Jarmo> we are settnign up openstack :)
<pdtpatrick> ha! is that what you're trying to find help on ?
<Jarmo> and actually we did it up with maas + juju, but we cant add images
<Jarmo> *get it up
<pdtpatrick> was there a guide you followed?
<pdtpatrick> i got all way to the dashboard
<Jarmo> yes
<pdtpatrick> was a PITA -- their documentation is LONNNNGGG
<Jarmo> sec..
<Jarmo> https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<Jarmo> easy & good guide... there is couple of bugs wich we did find
<Jarmo> just make sure your bios time is same on all machines  & If machines wont get RUNNING state: do this on MAAS server machine: sudo ufd disable, then detroy environment and put it up again... Seems your firewall is blocking connections between zookeeper & machines!  Note for myself: You can delete installed "charm" without destroying whole enviroment.... just cant remember command atm...
<Jarmo> and it works
<pdtpatrick> i tried that .. that openstack.cfg never worked. each time i typed "juju deploy --config=openstack.cfg keystone"
<pdtpatrick> it'
<pdtpatrick> it would say charm not found
<Jarmo> i have solution for that!
<alex88> i installed openstack from official guide and i can confirm it's a PITA! :) it also have some errors
<Jarmo> or in that document it is phase 2.... then instead "juju deploy --config=openstack.cfg keystone" you type juju --config=openstack.cfg --repository=. local:keystone
<pdtpatrick> yeah their documentation is not clear. And all their usernames and id field -- better hope you have a large paste buffer or else you'll find yourself having to start over. Especially because you are not warned that you'll need each of those "id" fields it keeps generating
<Jarmo> everything else is working, but just can't add images there..... I hate when i cant find solution :P
<pdtpatrick> Jarmo:  so you copied the repo to ur local box ?
<Jarmo> yeah and to ROOT
<pdtpatrick> Jarmo: did you turn on logs for juju and see what happens when u click to make an image ?
<Jarmo> but you cant be root users when giving that command, but u must be at root, not at that  folder you craeted
<pdtpatrick> Jarmo:  at a different terminal, in ur bootstrapped environment. Type - juju debug-log
<pdtpatrick> or u can do it in your current
<Jarmo> there is no click to make image :(  it is like uec-publish-tarball ./ubuntu-11.10-beta1-server-cloudimg-amd64.tar.gz images gives me nothing, because i dont have access to eucatools or something :/
<pdtpatrick> interesting
<pdtpatrick> I'm sure well let me know if the guys in #juju help as i'll be going through this myself soon :(
<bioman> Got a problem : After a reboot, resolv.conf is empty so I cannot apt-get install...
<Jarmo> uec-publish-tarball isn't right btw it is cloud-publish-tarball
<Jarmo> It gives me this output: Unable to run euca--describe-images. Is environment for euca- set up?
<pdtpatrick> bioman: are you using static entries in /etc/network/interfaces? if so then add dns-nameservers and dns-search as part of you interfaces config
<Jarmo> And if I undrestand right following guide, using those CREDS should give me right access to right place :P but there happens something what i just dont understand
<bioman> pdtpatrick: thank you :) Yep static... so for example I add "dns-nameservers 8.8.8.8" ?
<pdtpatrick> yeah its a bit baffling right as as its a new technology. Im hoping it'll get automated soon where the .deb package actually walks you through setting it up or they create some frontend to configure it.
<pdtpatrick> bioman: yes.
<bioman> pdtpatrick: thank you. Maybe you could help me again... I have installed DRBL. The problem is that when I boot PXE on a machine I want to get, I have "PXE-32: TFTP open timeout" :/
<pdtpatrick> on the machine running tftp .. do you see anything in the logs?
<bioman> I've installed tftp-hpa but done no configuration...
<pdtpatrick> you should probably configure that and ensure that your DHCP server has the correct pxelinux.0 settings. So that when the clients boot up, they know which server to contact to the files
<bioman> pdtpatrick: I'm new to Ubuntu Server. Any wiki please ?
<pdtpatrick> one second.
<pdtpatrick> https://help.ubuntu.com/community/PXEInstallServer
<Jarmo> It is funny when I throw my question at #juju they say come here, and when i throw it here people tell me to go #juju :P
<bioman> pdtpatrick: thanks
<pdtpatrick> np
<bioman> pdtpatrick: it going the wrong way. No /etc/init.d/tftpd-hpa :(
<pdtpatrick> you'd got to install the package
<pdtpatrick> you've*
<pdtpatrick> you can check for the tftp package "apt-cache search tftpd-hpa"
<bioman> pdtpatrick: I've installed the wrong one ;)
<pdtpatrick> and install it with "apt-get install <packagename>"
<pdtpatrick> hehe well there u go :)
<bioman> pdtpatrick: at the dhcpd config, here it goes :
<bioman> filename "pxelinux.0"; next-server <pxe host>;
<pdtpatrick> right
<pdtpatrick> so that's what you'll fill out. That needs to point to whatever server has tftp running and listening
<bioman> where do I get pxelinux.0 ? <pxe host> : what should I write here ?
<pdtpatrick> see where it says "Configure dhcpd"
<pdtpatrick> in /etc/dhcp3/dhcpd.conf
<pdtpatrick> you've also have to have dhcp3 installed
<pdtpatrick> sudo apt-get install dhcp3-server
<pdtpatrick> and if your server is at 10.0.1.2 then your next-server would be "next-server 10.0.1.2"
<bioman> pdtpatrick: installed yet ;) OK for next-server. But where do I find the file pxelinux.0 ?
<pdtpatrick> that's also on the tftp server
<bioman> So I only enter the line and that's all ?
<pdtpatrick> yup
<pdtpatrick> http://www.youtube.com/watch?v=q-MX2B4OpO8
<bioman> thank you :)
<pdtpatrick> watch that video and see if it explains things a bit
<pdtpatrick> here's an extended video -- its for CentOS but same concept
<pdtpatrick> http://www.youtube.com/watch?v=XxULo0FLDR8
<pdtpatrick> Has anyone used this ?
<pdtpatrick> http://www.drbd.org/mc/management-console/
<Jarmo> has anyone been able to do something like this : https://help.ubuntu.com/community/UbuntuCloudInfrastructure and making it working? i'm having problems with eucatools part at the end... and would love to have tips... :D
<alex88> Jarmo, page isn't loading here :/ is that openstack?
<Jarmo> alex88 yes
<pdtpatrick> Jarmo:  the logs didn't show anything ?
<Jarmo> alex88 It aint loading here either atm :/
<pdtpatrick> i remember during my install, you had the option of using ec2 or eucal cloud or creating your own local
<pdtpatrick> maybe u choose the former and now it is looking for such service ?
<Jarmo> pdtpatrick  not those logs wich I was watching... but im not 100% sure where to look... thats why im having really hard time to find where it goes wrong..
<pdtpatrick> in the same terminal you're working on
<pdtpatrick> juju debug-log
<pdtpatrick> it would do something like a tail -f
<pdtpatrick> and then try navigating around and see if u get any logs
<pdtpatrick> it might tell u what it is trying to do and failing
<Jarmo> But im installing it from charms, so i didnt have to choose device...
<pdtpatrick> i guess the question then is - do the charms default to local or some other cloud technology
<Jarmo> hmmm, i think I have to try that tomorrow when I'm at my office again... at some other channel ppl told me that those creds wich i did use should give me ability to use eucatools at any computer with is at same network
<pdtpatrick> that sounds like u should already have euca server
<pdtpatrick> unless the charms auto deploy one for you
<pdtpatrick> dammit - - we need the person who wrote that charm haha
<Jarmo> For that guide, wich we can't reach atm... (damn) i think charms did install it (or atleast should have done that)
<Jarmo> this is what that guide deploys juju deploy mysql juju deploy rabbitmq juju deploy --config=openstack.cfg keystone juju deploy --config=openstack.cfg nova-cloud-controller juju deploy --config=openstack.cfg nova-volume juju deploy nova-compute juju deploy glance juju deploy openstack-dashboard
<pdtpatrick> i don't know much about the euca itself so maybe try to see without openstack if you can get to it and make some changes. If it continues to complain then it could be that it has wrong permissions. Considering it does not run as root (maybe the files/service it is accessing is controlled by root currently? )
<pdtpatrick> yeah when i was installing mine, i don't recall seeing eucatools n e where.  so that's why I was wondering whether it is using local storage or some other cloud
<pdtpatrick> i know it tells you that you can use KVM, or XEN, or EC2 with amazon or euca
<pdtpatrick> but u have to have already set them up otherwise u cannot proceed.
<pdtpatrick> at least that was my understanding when i read the docs
<Jarmo> hmmm, tbh that makes sense... because before I used eucatools, i had to be root, now that guide doesn't say anything about beeing root (even tho I did try it, and didnt help)
<pdtpatrick> right so maybe the logs would say permission denied for <filename> and that would be ur canary in the coal mine?
<Jarmo> well that is atleast best hint where to look it :)
<pdtpatrick> yup
<Jarmo> this is how guide says it: EC2 API  To begin using the EC2 API, select Settings-> EC2 Credentials -> Download EC2 Credentials in the Openstack dashboard. Save the file (eg, /home/adam/openstack/"). We can then unzip these and begin using our cloud:  cd /home/adam/openstack unzip 247e0c5de9dc415a8e411da643308eb6d-x509.zip . ec2rc.sh wget http://uec-images.ubuntu.com/server/server/releases/oneiric/beta-1/ubuntu-11.10-beta1-server
<Jarmo> uec-publish-tarball ./ubuntu-11.10-beta1-server-cloudimg-amd64.tar.gz images euca-add-keypair adam >adam.pk euca-run-instances -k adam ami-00000002
<Jarmo> and uec-publish-tarball  is where my problems begins.. (yeah I did realize that it is cloud-publish-tarball now)
<Jarmo> and BTW when i give command "wrong" way it realises what im doing and helping me..... until I give right command and then it tells: Unable to run euca--describe-images. Is environment for euca- set up?
<Jarmo> *"wrongway"
<pdtpatrick> yup so looks like ur going to have to setup euca and then continue with openstack
<Jarmo> well, normally it wouldnt be problem, but Im not exactly sure how I can add it to maas + juju environment :O
<pdtpatrick> when it said get ec2 credentials
<pdtpatrick> u already had a working AWS account ?
<Jarmo> yeah
<broder> out of curiosity, what does the ec2 ami build process look like? trying to just do some basic auditing - i.e. where does it run, how controlled is the access, etc
<Jarmo> or wait...
<Jarmo> i had installed those charms i did mention before, i had created new project, added user to it (via dashboard), the logged in as that user, and there was putton export credentials
<Jarmo> now it works again!! :https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<pdtpatrick> Jarmo:  but can u for instance log into AWS console and create an EC2 instance? do u have that ability?
<pdtpatrick> wait what? it works now? what changed?
<Jarmo> i mean that guide page :D
<Jarmo> remind me AWS stands for?
<pdtpatrick> http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-credentials.html
<Jarmo> hmmm... now I'm really confused... I dont think I had to use AWS before, and didnt think I have to use it now....
<pdtpatrick> yeah looks like that guide is using their API
<pdtpatrick> to create an EC2 instance
<pdtpatrick> so u'll need an AWS account
<pdtpatrick> to be able to create/launch the instances
<pdtpatrick> they should probably be more clear on that documentation
<Jarmo> agree!
<Jarmo> but that explains why I'm having  problems!
<pdtpatrick> But the good news is u can sign up for the AWS account and you get a free instance for 90days i think -- i forgot what the promo was but Amazon will tell u when the trial ends either way
<pdtpatrick> so once u do that and then u import ur credentials - u should be able to launch those images and u'll be less stressed :)
<Jarmo> thank you very much, i have been wrestling with these images whole day! :)
<pdtpatrick> and maybe u can blog about it with screenshots hehe. I might add that to mine after i finish my installation. http://thinkfirstblindsecond.com
<pdtpatrick> Jarmo: no problem
<pdtpatrick> let me know how it goes
<Jarmo> i will, after that i think I have to start looking way to deployin own system so wotn have to use AWS :D
<pdtpatrick> yeah :) . If u look on the openstack docs, it shows you how to use local. One second i think i have that guide
<resno> pdtpatrick: you use openstack?
<Jarmo> It is just wierd that guide dont way any word about AWS...
<pdtpatrick> resno: trying to -- still new to it myself. I'm just learning on the fly
<Jarmo> *way  = say
<pdtpatrick> Jarmo:  so in your environments.yaml file
<pdtpatrick> is where you'll do that
<pdtpatrick> https://juju.ubuntu.com/docs/getting-started.html
<pdtpatrick> see where it says ec2
<pdtpatrick> i believed i changed that to local for me
<pdtpatrick> scroll down a bit - it should show u an example
<Jarmo> ok, I dont know way to show how thankful I am at this moment :D
<pdtpatrick> no worries - we all help each other right? :) I'm sure I'm going to run into a PITA problem soon. like DRBD cluster!
<resno> pdtpatrick: are you using it in "enterprise" or just home use?
<pdtpatrick> resno: home. Will be testing it in enterprise in couple of weeks when I'm done with my current project.
<resno> pdtpatrick: im on the cusp on setting up our office system and im not sure which of the multitudes of optoins to go with
<pdtpatrick> resno: i keep hoping that the process is more streamlined but you've gotta jump through some hoops for now to get it working but once u do - you're quite pleased.
<resno> pdtpatrick: you said, yaml file, is it ruby based?
<pdtpatrick> resno: well the whole juju idea is quite fantastic actually. Two commands and you have an entire service up is pretty lovely but its very nice. So currently I'm using ESXi cluster. But i'm going to continue testing until i feel comfortable enough to switch. I would have for it to start misbehaving and i'll have to spend hours troubleshooting while servers are down. That would be horrible
<pdtpatrick> resno: yaml does not necessarily mean ruby. I believe most of openstack is python
<pdtpatrick> it just uses the yaml format to import the configs. They could have easily used JSON but yaml is easy to read
<pdtpatrick> so u'll put that in your ~/.juju/environments.yaml
<veebull> How can I tell if squid-deb-proxy is working?
<pdtpatrick> veebull: did u check the .conf files to see if it listens on some port?
<pdtpatrick> veebull: sounds like the squid-deb-proxy is similar to apt-cacher-ng which listens on port 3142
<veebull> I know its *running*... I see it in the list of services @ startup, and I can see it running in htop.
<veebull> when client machines run updates, the squid process for squid-deb-proxy goes active...
<pdtpatrick> does it web interface to show u the hits and misses? if not -- i guess the way to check is to do "apt-get update"
<pdtpatrick> the first time it would pull the packages
<veebull> but I'm not seeing anything cached in /var/spool/squid3
<pdtpatrick> and then run it again - it should be significantly faster since it does not have to out to the web
<veebull> where should I be seeing the cache growing at?
<pdtpatrick> veebull: okay i just wrote
<pdtpatrick> this
<pdtpatrick> http://www.thinkfirstblinksecond.com/2012/05/14/apt-cache-ng-on-ubuntu/
<pdtpatrick> that should help you set up an apt-proxy
<pdtpatrick> This way you can actually see the hits and misses
<veebull> I'll keep that in mind... I kind of wanted to find out what was wrong with the setup I have - especially since its supposed to be 'zeroconf'... ;)
<veebull> install squid-deb-proxy, avahi-tools, and squid-deb-proxy-client on the server
<pdtpatrick> right they want u to use the client
<pdtpatrick> so whenever the server downloads a file, it also caches that
<veebull> and install squid-deb-proxy-client on the clients, and voila, it *should* be working
<pdtpatrick> but you can also see what files the proxy package installed
<pdtpatrick> dpkg -L <packagename>
<pdtpatrick> then check those configs to see where it puts things
<pdtpatrick> for instance - u can tail -f the logs on the server or you can do a watch -d  on the directory where squid should be writing and see if any new files are modified or created
<pdtpatrick> but it doesn't seem like it has a web ui - so i'll suggest using apt-cacher-ng as i posted on the blog which gives u the hits and misses so u at least know what's going on
<pdtpatrick> and if u wanna go a step further - u can repackage the .deb file so it automatically installs the client 03proxy file. But that's if u wanna geek it out
<nyr0x> so, i'm trying to deploy a bunch of server with maas, is there any way to define custom host names that actually work? i can specify them in the web front end but cobbler doesn't pass them to dnsmasq
<pdtpatrick> nyr0x: does clobber use dhcp server? i think it gives u the option to have it use its own dhcp server or use one that you already have right?
<guntbert> Guest74162: connection problems? :-)
<Guest74162> guntbert, yeah :)
<pdtpatrick> nyr0x: so if ur using your own dhcp server .. then adding something like this would give your machine a hostname
<pdtpatrick> http://pastie.org/3911799
<guntbert> Ursinha:  may I suggest you fix them where you are not cluttering this channel?
<nyr0x> pdtpatrick: the only running dns and dhpc server is dnsmasq setup with 'sudo aptitude install maas-dhpc' the node is available with 'ubuntu.domain' but not with the hostname i specified in the maas web front end
<Ursinha> guntbert, sorry, they are fixed now
<guntbert> Ursinha: glad you made it :-)
<veebull> ack.  Found it.  /var/cache/squid-deb-proxy => 346MB :) :) :)
<pdtpatrick> nyr0x: check and see what files were installed by mass-dhpc and then see where it keeps the dhcp file. Once found, check the file and see if it added your host correctly.
<pdtpatrick> veebull: :)
<nyr0x> pdtpatrick: apt-flie doesn't show any files, the package only sets the range gateway etc. with orchestra cobbler wrote a host file based on the know systems that would be included in the dnsmasq config. using the maas web front end this is not longer happening, further more it looks like something goes wrong when cobbler installs server because cobbler sets a wrong hostname
<pdtpatrick> nyr0x: "dpkg -L mass-dhcp"
<pdtpatrick> nyr0x: i'm too well versed on what cobbler should do behind the scenes. I'm using foreman + puppet to provision my servers.
<pdtpatrick> http://theforeman.org/projects/foreman/wiki/Screenshots
<nyr0x> pdtpatrick: the only file that is written is '/usr/share/lintian/overrides/maas-dhpc' with the content 'maas-dhcp: postinst-uses-db-input'
<brainysmurf> Can I setup an ldap that populates the directory with the posix accounts and passwords?
<pdtpatrick> nyr0x: sorry i cannot be of further help with cobbler. Haven't used it much myself.
<brainysmurf> I know openldap needs a config file, but I was wondering if there wasn't a way to do so automatically?
<ARTSIOM> on 12.04 I have created a new user. why it is not picking up path from /etc/environment?
<ARTSIOM> I thought variables added to /etc/environment are global...
<nathwill> ARTSIOM, does the bashrc in /etc/skel redefine the PATH?
<nathwill> ah
<nathwill> nm, other variables
<nathwill> probably not path
<ARTSIOM> anyway I have checked it and scripts in /etc/skel are just trying to enhance PATH with ~/bin folder
<JonEdney> I was reading in the Ubuntu Server book, that  you could install an OEM version of the server O/S, but it didn't say what the difference was between the OEM, and going about it the normal way.
<ARTSIOM> maybe newly created user should be in some special group to see variables in /etc/environment?
<ARTSIOM> one more question: I have added conf file to /etc/init folder. Now I can stop/start my application using service comand, but my application is not starting automatically on boot. how can I configure start on boot?
<pdtpatrick> ARTSIOM: if ur using upstart then "start on runlevel [23]"
<pdtpatrick> if ur using SysV then "update-rc.d <servicename> defaults"
<ARTSIOM> pdtpatrick: I am using upstart. what is the difference between runlevels 2 and 3?
<pdtpatrick> http://www.debianadmin.com/debian-and-ubuntu-linux-run-levels.html
<ARTSIOM> pdtpatrick: thanks!
<pdtpatrick> np
<dotnetted> Hey all - Is it possible to get a 12.04 MAAS server on the same box as a node? (Similar to CC & NC on same box w/ UEC) - I'm limited to one physical box and I'd get a single-node cloud running for some general testing. Thanks.
<ARTSIOM> back to my variables problem: can someone please explaine the difference between "su user" and "su - user". especially the diffrenece in loading environment variables
<dotnetted> I tried installing 12.04 as a MAAS node inside VirtualBox on the same machine as the MAAS server -- The install picked up the MAAS server but shutdown the installation on the next step (And I doubt nested virtualization would be very fun - even if it worked)
<koolhead17> dotnetted, even i would love to see if MAAS works in virtualbox
<dotnetted> Is it possible to install the maas node-specific stuff after a regular 12.04 server install?
<dotnetted> that way I could install server 12.04 on vbox and have log files to tell me when it can't register with the maas server -- instead of the installer crashing on me ;)
#ubuntu-server 2012-05-15
<Gallomimia> how can i re-activate my ssh server? seem to have mistakenly uninstalled it. i think i reinstalled it now
<Ursinha> Gallomimia, if openssh-server is installed, so it should work normally (I guess service activation happens when the package is installed)
<Ursinha> hehe
<koolhead17> waoo awesome :P
<brainysmurf> I see a {crypt}x value for the userPassword field in an ldif file for an ldap; what does that mean?
<tdelam> hey guys, i have a web app where I am encoding a video and uploading to a fileshare, I want to mount the drive locally, i have been using smbmount but I am getting permission denied, i can't seem to set the permissions, am i doing something wrong in the mounting?
<alazare619> tdelam:  is your user accoutn in the smbmount user group?
<tdelam> hmm, no
<tdelam> i don't believe so, let me check when it comes back from reboot.
<tdelam> alazare619: how do i add my user to that group
<jvargas> how do I restore locale to en_US by default?
<jvargas> installation was performed using es_CR, and I need to change it for compatibility reasons.
<qman__> tdelam, try mount -t cifs
<tdelam> i think i finally have it
<tdelam> this is pretty finicky
<tdelam> I have kids so I can deal with picky but this is daft :)
<tdelam> thanks though qman__
<koolhead17> neoXsys,
 * semiosis is back.
 * semiosis is away.  please leave a /msg
 * semiosis is away.  please leave a /msg
 * semiosis is away.  please leave a /msg
<semiosis> oops!  sorry
<twb> Don't do it again.
<semiosis> twb: ok :)
<EvilResistance> semiosis:  yeah, away message broadcasts arent exactly liked on ubuntu irc channels
<semiosis> i can't imagine they're liked anywhere
<EvilResistance> indeed
<semiosis> too tired to be messing with irc client options
<semiosis> sorry again
<stoned> Hi, I'm on Ubuntu Lucid and I need to install python 2.7.x but repositories only have 2.6.x. What should I do?
<stoned> Are there any 2.7 backports? Or do I have to build python from source?
<ScottK> There are PPAs that have it, but as with any PPA, check who's PPA it is and decide if you trust them.
<stoned> I need to install python 2.7 on lucid. What's the best way to do this?
<rbasak> stoned: <ScottK> There are PPAs that have it, but as with any PPA, check who's PPA it is and decide if you trust them.
<twb> ScottK: is PPA upload access discretionary?
<rbasak> twb: anyone can have their own PPA. You just need to sign the Ubuntu Code of Conduct, that's all.
<twb> ScottK: i.e. if I "own" a PPA, can I delegate upload rights to additional people, who maybe you (a user of the PPA) don't trust?
<ScottK> You can tell who had upload rights.
<stoned> What's a PPA?
<stoned> I have to also setup mod python for apache for 2.7
<stoned> Should I build from source?
<twb> stoned: why do you need python 2.7 on lucid?
<stoned> The server we have where everythign is hosted is lucid
<stoned> The client needs to host something that requires 2.7 apparently
<stoned> 2.6 is what comes w/ lucid
<twb> Say to them that this is non-trivial.
<stoned> I can't. I have to get this done.
<twb> Ask them if it is worth the investment, or if they'd prefer to fix/test their app to work with 2.6
<twb> I have had this argument with customers before
<twb> For something as deep in the core as python, it will be a headache to backport it to lucid.  Best is to fix their app, middle is to upgrade the VPS to 12.04; worst is to try to backport newer python to lucid
<stoned> I could backup and restore the sites/db etc. on a new server install
<twb> If it was an "edge" package, the order might be different.
<stoned> however, our ip will change
<stoned> And they use their own DNS to poitn to our server
<stoned> And having them do that takes almost 4-6 weeks (it's a global corporation and paperwork etc.)
<twb> Anyway, deciding on which path to choose is up to the customer; you just need to make them aware of the costs & risks of each choice
<stoned> Ok. Thanks.
<stoned> I let my CEO know. He will talk to them himself.
<stoned> Worst case scenario, we built a new vps for them on new ubuntu
<stoned> they should just let us handle the domain but blah
<twb> You might point out that 10.04's already two years into its five-year EOL
<twb> https://en.wikipedia.org/wiki/Three-point_estimation
<twb> If you use that technique, you give a biiiiig number for the worst case to demonstrate how iffy the backporting can be
<twb> Like Â½/2/14 days
<stoned> I always do that
<stoned> I learned from my mentor that if it takes 10 hours to do something, tell them 60 best case scenario.
<stoned> I mean I get you.
<twb> Haha, that's just inflation
<stoned> Heh.
<stoned> Well I don't do any billing so I dunno
<stoned> I just job it
<twb> I give three-point estimates to my management, who will either make the decisions or bundle it with other estimates and pass the decision up to the customer
<stoned> I am reading it
<stoned> intersting article
<stoned> thanks
<twb> It's really no harder than single-point estimates, and it gives management a lot better understanding on your confidence level for a given task
<twb> Of course its important to understand that "worst case" is also ONLY an estimate.  It only covers the "known unknowns" as Cheney put it
<stoned> how come your nickname is twb
<twb> It's just an MIT-style username.
<stoned> Initials?
<twb> Xavier Yusuf Zbiegniew ==> xyz
<stoned> That's a wicked name if it were a real one
<twb> It's historical; hispanic orthography now uses "javier"
<stoned> sounds like heavier
<stoned> I find Spanish to be a rather funny sounding language, no disrespect intended
<lynxman> morning o/
<linocisco> anybody tried ubuntu mail server on virtualbox? INternet will be through Host XP
<RoyK> linocisco: it should be like running on iron
<linocisco> RoyK, umm. it is to test. what do you mean running on IRon?
<RoyK> hardware
<Tzunamii> bare-metal is the correct phrase :)
<ARTSIOM> can someone please explaine me how "su - user" command works. IN documantation is said that "-" option will "Provide an environment similar to what the user would expect had the user logged in directly.". But this is not the case for me on 12.04. When I am loging in directly with the user I have a different $PATH when I am login in with "su - user"
<ikonia> ARTSIOM:  the - assume the new users enviornment
<ikonia> ARTSIOM: eg: su artsiom just switches user to artsiom, but keeps the current users environment, su - artsiom changes to the user as if you had logged in as that user
<ARTSIOM> ikonia: but this is exactly what is not working for me. When I am loging in with artsiom directly I have a $PATH variable, which differs from the one I get when I login as "su - artsiom"
<ikonia> what is the path variable for both
<ARTSIOM> when I am login in directly I get $PATH which is defined in /etc/environment, when I am login in with su I get - "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
<ikonia> where is /usr/local/games etc set, in your .bash_profile (for example)
<ikonia> sounds like it's not running a login shell
<ARTSIOM>  /usr/local/games etc, is not set in users's  .bashrc and .profile files
<ikonia> where is that set then ?
<ARTSIOM> it is defined in /etc/login.defs, but I have no idea why it is loaded when using "su - user"
<ARTSIOM> I am not even sure that it is really loaded from /etc/login.defs and not from somewhere elese
<ikonia> quite surprised by that
<RoyK> hm... with encrypted home, google tells me there's an --encrypted-home flag to useradd, but that doesn't seem to be the case for precise
<ikonia> RoyK: doesn't core utils have to be built linked against a certain set of libs for that
<RoyK> no idea - I just want to create a set of users on this new precise install, and I want their homes to be encrypted, so I'm looking for an easy way
<anoman> I have problem with installing ubuntu 12.04 server using usb keyboard
<RoyK> anoman: hm... has worked for me a few times... perhaps BIOS is set to USB legacy?
<RoyK> not that that should matter
<RoyK> just guessing
<anoman> I have try but not working
<RoyK> please check if usb legacy is set in BIOS - it might help to change that setting's status
<anoman> when entering the BIOS settings to run normally, but when it entered the keyboard is not detected in ubuntu
<RoyK> but did you check that setting?
<anoman> yes
<RoyK> and what was it set to? and did you try to change it?
<anoman> I do many time for sure
<RoyK> ok
<RoyK> dunno, then
<anoman> USB key board detected
<zul> hallyn: i have libvirt 0.9.12 working i just need to clean things up
<anoman> some one
<hallyn> zul: cool, so do you have that based on upstream, not the debian 0.9.12-rc2 right?
<zul> hallyn: upstream
<hallyn> i've gotta start by ...  figuring out where to start.  would like to start the whole qemu re-do (as early as possible) but don't think i can do that yet
<zul> basically i took whats in the archive right now and a big hammer
<hallyn> what could go wrong?
<zul> hallyn: not a big enough hammer
<mboeru> hello huys
<RoyK> http://imgur.com/vWIul
<mboeru> has anyone succesfully managed to setup raid using kickstart/kickseed/preseed when deploying any ubuntu sever version?
<mboeru> sooo I'm guessing no one
<RoyK> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<mboeru> oh i am patient :) also searched
<mboeru> thanks
<ARTSIOM> can someone please explaine me how "su - user" command works. In documantation it is said that "-" option will "Provide an environment similar to what the user would expect had the user logged in directly.". But this is not the case for me on 12.04. When I am loging in directly with the user I have a $PATH, which differs from the one I get when login in with "su - user"
<xnox> ARTSIOM: ...hence _similar_ =)
<xnox> try `sudo -i -u user'
<frankban> hi hallyn, yesterday I attached a patch to bug 994752: it contains lxc-ip and an updated version of lxc-start-ephemeral.
<uvirtbot> Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Triaged] https://launchpad.net/bugs/994752
<hallyn> frankban: yup, i saw it, haven't opened it yet (was out yesterday)  thanks for that
<frankban> hallyn: thank you for taking a look at that
<randomDude> I'm trying to pxe boot install _alot_ of workstations, i have pxe working... but preseed REFUSES to work! pxe boot config : http://pastebin.com/0Qu84GiP, preseed : http://pastebin.com/VNZBmXSb
<roaksoax> randomDude: you might wanna look at http://bit.ly/uinstall
<roaksoax> and compare your preseed
<randomDude> i'm looking at that
<roaksoax> randomDude: and we cannot help if we don't know what the error is if you don't show us an error
<randomDude> well i can't _ show _ the error
<randomDude> it keeps saying i don't have a cd inserted
<randomDude> i think i've lost 5 hours of my life trying to make this work
<roaksoax> randomDude: why don't you just use MAAS?
<roaksoax> randomDude: https://wiki.ubuntu.com/ServerTeam/MAAS
<randomDude> because i want desktops?
<randomDude> not servers?
<roaksoax> randomDude: then you just add the ubuntu-desktop metapackage in /var/lib/cobbler/snippets/maas_client_packages and that's it?
<roaksoax> randomDude: http://askubuntu.com/questions/127313/how-do-i-add-different-packages-to-maas-clients-on-installation
<randomDude> and learning how to use maas represents a much larger investment of time where as to get this preseed to work *should* be as *simple* as one variable...
<randomDude> yeah no, i don't have the time to learn how to use cobbler, orchestra and puppet etc etc
<roaksoax> randomDude: have you compared your preseed with the one I linked you?
<randomDude> not to mention all the _undocumented_ bugs that go with them
<randomDude> roaksoax: that preseed you linked is for 7.04
<randomDude> https://help.ubuntu.com/12.04/installation-guide/example-preseed.txt
<roaksoax> randomDude: no it is not
<roaksoax> randomDude: try this: d-icdrom-detect/ejectboolean true
<roaksoax> randomDude: try this: d-i cdrom-detect/ejectboolean true
<roaksoax> randomDude: i'm guessing you configured BIOS to boot for PXE first instead from cdrom right?
<randomDude> obviously
<roaksoax> randomDude: try this: d-i cdrom-detect/eject boolean true
<roaksoax> randomDude: even with a minimal preseed file the installer will continue asking questions
<roaksoax> randomDude: I recommend you look at http://blog.dustinkirkland.com/2012/01/ubuntu-quick-installation-preseed-link.html
<mdeslaur> hallyn: how is bug 999681 a virt-manager bug, if virsh doesn't show them either?
<uvirtbot> Launchpad bug 999681 in virt-manager "Afer upgrading "libvirt-bin" to  0.9.8-2ubuntu17.1 to virsh cannot identify  machine after reboot " [Medium,Incomplete] https://launchpad.net/bugs/999681
<roaksoax> randomDude: go to the line: d-ipkgsel/include string byobu vim openssh-server and add "d-ipkgsel/include string byobu vim openssh-server ubuntu-desktop" and if you follow what's specified there in the blogpost, you should have an installation with no questions asks at all
<hallyn> mdeslaur: bc virt-manager isn't actually creating them?  i'm going to mark it as also affecting libvirt, was just in the middle of replying
<roaksoax> randomDude: *and* this is *NOT* for a 7.04 as you mentioned above
<randomDude> still thinks there is a cdrom to use
<hallyn> i like to do things in as many steps as possible
<mdeslaur> hallyn: well, he does say the xml files are in the directory...but I'll follow the bug too, thanks
<hallyn> oh i missed that bit
<randomDude> roaksoax: what am i supposed to do with this blog post you sent me to that just links me to the first url you sent me to ?
<mdeslaur> hallyn: sorry, I'm not trying to play the bug bounce game, I was just curious if I had missed something :)
<hallyn> no, i'm just doing things in silly orders while catching up on email
<roaksoax> randomDude: this is how my pxe file looks like: http://pastebin.ubuntu.com/989101/
<roaksoax> randomDude: using a netboot image on a tftp server rather than nfsroot as you are trying to
<randomDude> roaksoax: remember i want to install desktops not servers
<roaksoax> randomDude: which I suggest you use (a netboot image)
<roaksoax> randomDude: installing the desktop is simply adding 1 package to the package list (ubuntu-desktop)
<roaksoax> randomDude: and you tell what packages to install in the preseed file
<roaksoax> randomDude: i have never pxe booted from a live image so I can't help you with that. I, however, would suggest you use the netboot image, grab the preseed as linked above, add ubuntu-desktop to the package list and that'd be it
<hallyn> stgraber: is bug 999187 related to the sources.list but you mentioned before wrt amd64?
<uvirtbot> Launchpad bug 999187 in lxc "lxc-create for armhf fails with error "failed to execute template 'ubuntu'"" [High,New] https://launchpad.net/bugs/999187
<stoned> hi
<randomDude> roaksoax: i am using the alertnate iso
<randomDude> roaksoax: also alot of the settings in that preseed are unsuitable for desktop
<stoned> I need to setup mod_wsgi w/ python 2.7 on lucid. I came in here last night and I was told that backporting it to lucid would be a very difficult task. I could try to build python 2.7 from source or install a PPA. How would I then configure mod_wsgi to use the 2.7 python instead? please advise
<stgraber> hallyn: yes, that's exactly what I fixed in quantal
<randomDude> roaksoax: so i used your preseed, and it still freaks out that it can't mount a cd rom
<randomDude> roaksoax: should i press the left key and select <yes> try looking for the cdrom again? or should i press the right key and select <no>
<randomDude> roaksoax: does this explain the error enough for you yet?
<hallyn> stgraber: was there an open bug for the q one?
<stgraber> hallyn: I don't think so, I just saw it when doing something else in the template and fixed it immediately
<stgraber> hallyn: btw, for some reason -ubuntu55 was removed from -proposed. I poked cjwatson to have it published again :)
<roaksoax> randomDude: again, I have not tested this on an alternate cd. I have tested this on a netboot image
<Daviey> zul: you are chairig the meeting?
<zul> am i?
<hallyn> stgraber: ok thanks, guess we'll add that one to the list to sru in 56 :)
<Daviey> zul: rota seems to suggest that?
<stgraber> hallyn: well, actually, I think you could just re-upload -ubuntu55 with that extra change as according to LP our current -ubuntu55 was "removed from disk" :)
<randomDude> roaksoax: i thought alternate iso was meant to be used with preseed
<zul> Daviey: who was the last one?
<hallyn> feh.  not sure i have access to my copy of 55 right now
<stoned> I need to setup mod_wsgi w/ python 2.7 on lucid. I came in here last night and I was told that backporting it to lucid would be a very difficult task. I could try to build python 2.7 from source or install a PPA. How would I then configure mod_wsgi to use the 2.7 python instead? please advise
<stgraber> hallyn: wget https://launchpad.net/ubuntu/precise/+source/lxc/0.7.5-3ubuntu55/+files/lxc_0.7.5-3ubuntu55.dsc https://launchpad.net/ubuntu/precise/+source/lxc/0.7.5-3ubuntu55/+files/lxc_0.7.5-3ubuntu55.debian.tar.gz https://launchpad.net/ubuntu/precise/+source/lxc/0.7.5-3ubuntu55/+files/lxc_0.7.5.orig.tar.gz
<stoned> If I build python 2.7 from source, and then build mod_wsgi from source and link against 2.7 python, do you think that would work?
<Daviey> zul: i have NFI, i just know that your name is now there.. is that wrong?
<zul> Daviey: i have no idea
<Daviey> zul: i think it was utlemming
<hallyn> i see i thought i'td gotten deleted :)  ok thanks
<zul> Daviey: ill chair the meeting though
<stgraber> hallyn: the binaries have, apparently the source is still around :)
<Daviey> zul: super.. we'll i'm not going to be able to be entirely there..  Can you ensure that "Quantal Development".. has a strong focus on blueprint writing.. Would be good to be in a position to be able to review them next meeting.  Ta!
<roaksoax> randomDude: yes, but in your particular case, cdrom question being asked sounds to me like something is missing in the preseed, or maybe is due to a kernel argument, or its because you are booting from nfsroot
<zul> Daviey: ack
<stgraber> hallyn: actually, let me do it quickly, I'll stack an -ubuntu56 entry on top of our -ubuntu55 and use -v to include both entries in the changelog
<stgraber> will be cleaner and may avoid some LP weirdness caused by the removal
<hallyn> stgraber: ok.  thanks.  (i assume 0081-fix-multiarch-install was the actual fix - but will let you :)
<Bilge> So I just upgraded from 10 to 12 LTS
<Bilge> There's a few mysterious packages appeared in aptitude that think they have been selected for installation
<stoned> What if I install a latest ubuntu chroot inside lucid
<stoned> install 2.7 python and apache there
<Bilge> Like mbr and g++-4.4
<Bilge> Should I install these or is it fine to just deselect the,?
<Bilge> them*
<stoned> and serve apache out of there and point the traffic there
<stoned> Either no one knows, or no one cares to tell me.
<stoned> :(
<rbasak> Any comment on how to SRU bug 988819 please? I've written up the options I can think of in #6, but I don't like any of them. Is there anything else we can do?
<uvirtbot> Launchpad bug 988819 in apache2 "wrong path to libxml2.so.2 in mod_security" [Unknown,Fix released] https://launchpad.net/bugs/988819
<EvilResistance> rbasak:  if you have a patch to solve this then it could be more capable of SRUing
<EvilResistance> SRUs usually arent version upgrades, so if you proposed that, well...
<EvilResistance> ah
<rbasak> EvilResistance: the question is how to write the patch. I've detailed options in the bug.
<EvilResistance> rbasak:  was this fixed in Quantal?
<EvilResistance> or rather, is this fixed in QUantal
<rbasak> EvilResistance: it will be when packages are synced from Debian, yes
<EvilResistance> is it fixed in this?  https://launchpad.net/ubuntu/+source/modsecurity-apache/2.6.5-2
<EvilResistance> sincie that was synced from Sid recently
<rbasak> The fix will need an apache2 merge, too.
<rbasak> I should do that.
<EvilResistance> should probably fix it in Quantal before you start looking at SRUing to Precise
<EvilResistance> the last SRU-ish-related thing i dealt with for Precise (I'm on BugSquad so i see these sometimes), the fix had to exist in Quantal, so...
<hallyn> stgraber: say, i forgot to add 'generalize apparmor patch to enable selinux' to the lxc blueprint.  do you object to my adding it to the action list (for myself)?
<rbasak> Yes, it's a requirement to have it fixed in Quantal before upload. Doesn't mean that I can't work on both at once :)
<EvilResistance> :P
<rbasak> Here, the fix for Q is trivial as it's in Debian. The SRU is more involved.
<EvilResistance> mh,
<EvilResistance> mhm*
<stgraber> hallyn: I certainly don't have a problem with you adding more work to your own todo list ;)
<hallyn> kthx
<EvilResistance> and, there it goes :P
<blkperl> can someone set the importance of bug 932064
<uvirtbot> Launchpad bug 932064 in amanda "amtape crash" [Undecided,Confirmed] https://launchpad.net/bugs/932064
<EvilResistance> blkperl:  to?
<EvilResistance> actually lemme see
 * EvilResistance is on BUgSquad and can get it triaged if needed
<blkperl> EvilResistance: i would say high, it prevents amanda from working on precise
<blkperl> works on oneiric and quantal :S
<EvilResistance> blkperl:  refer to this first
<EvilResistance> https://launchpad.net/ubuntu/+source/modsecurity-apache/2.6.5-2
<EvilResistance> erm
<EvilResistance> wait
<EvilResistance> sorry
<EvilResistance> https://wiki.ubuntu.com/Bugs/Importance
<EvilResistance> mispaste
<stoned> If I build python 2.7 from source, and then build mod_wsgi from source and link against 2.7 python, do you think that would work?
<EvilResistance> refer to that page first, then confirm you recommend high
<stoned> I need to setup mod_wsgi w/ python 2.7 on lucid. I came in here last night and I was told that backporting it to lucid would be a very difficult task. I could try to build python 2.7 from source or install a PPA. How would I then configure mod_wsgi to use the 2.7 python instead? please advise
<blkperl> EvilResistance: ok then yes, it has a severe impact on a small portion of ubuntu server users
<blkperl> so importance High please
<EvilResistance> blkperl:  does it also prevent the application (and/or dependencies) from working?
<EvilResistance> nevermind
 * EvilResistance answered his own question
<autif> I installed matchbox window manager (on 12.04) - however, after reboot - matchbox did not come up - what else do I need to wire matchbox, so that it starts on reboot?
<EvilResistance> blkperl:  refresh the bug, it should be high now
<EvilResistance> s/high/Importance: High/
<blkperl> EvilResistance: thanks, appreciate the assistance
<stgraber> hallyn: ubuntu56 is now in proposed
<hallyn> stgraber: cool, thanks
<smb> zul, smoser So just to repeat, there likely will still be a linux-virtual and linux-image-virtual meta-package. As there is still those for linux-server and linux-image-server. Just pointing to generic binary packages
<smoser> right.
<smoser> i know.
<smoser> but its still a change. if nothing else, there will no longer be /boot/vmlinux-*-virtual anymore
<smb> Yes, true. Just mention it as the discussion about detecting a server install went slightly confusing (at least for me)
<pdtpatrick> So here's an interesting question - if ubuntu by default sets up the first user with sudo access rather than create a root account (disabled by default), how can u boot into recovery mode and drop to a root shell if the root account has no password/disabled ?
<claude2_> anyone here know how to lock down rpcbind and all the NFS stuff to a specific interface?
<pdtpatrick> claude2_: check /etc/default/nfs-kernel-server
<claude2_> this is for the client side
<claude2_> do i even need rpcbind on the client side?
<pdtpatrick>  then /etc/default/nfs-common ?
<claude2_> yeah i checked there, but didnt see anything in there. I guess it might not be possible
<claude2_>  i can't find anything on google either
<pdtpatrick> check the meta package and see what it installed
<pdtpatrick> if on the server u only installed nfs-kernel-server then see whether that pulled in anything else
<pdtpatrick> apt-rdepends <packagename>
<pdtpatrick> or u can search for rpc  .. dpkg -l *rpc*
<nijaba> zul: hello.  Are we tracking bug #920197 ?
<uvirtbot> Launchpad bug 920197 in swift "webob last stable version 1.1.1 response header bug" [Undecided,New] https://launchpad.net/bugs/920197
<zul> nijaba: now we are
<nijaba> zul: thanks :)
<pdtpatrick> hmmm MaaS's python script will hang if u've already have an OS installed rather than starting anew. For some reason it tries to use "maas" user to configure postgres but it never prompted to set that up or grant it privileges nor does it state what credentials it is trying to use so you end up with a Traceback and it does not exit. Not cool
<pdtpatrick> will have to run it with strace
<RoyK> evening
<RoyK> anyone that knows how I can have ubuntu /etc/skel include a symlink, public_html -> /var/www/$username ? or should I script that somehow?
<nathwill> RoyK, i think that's easier done with apache directive: UserDir public_html ?
<RoyK> nathwill: doesn't work too well with homedir encryption ;)
<ikonia> should do
<ikonia> as the user will decrypt it
<RoyK> while logged in, obviously, but not after logging out
<RoyK> since that will umount the user's filesystem
<RoyK> for obvious reasons
 * RoyK just checked
<ikonia> ah, I see what you mean
<nathwill> hrm
<RoyK> nathwill: less point of having homedir encryption if it's mounted all the time
<nathwill> yeah, agreed
<nathwill> i'm wondering if you can get /etc/default/useradd to run scripts...
<nathwill> looking now...
<nathwill> because putting this in /etc/skel i don't think is going to work since the target is different per user
<RoyK> yeah, agreed
<nathwill> so... i'm seeing discussion of some concept of dynamic symlinks that will create the target if it does not exist...
<nathwill> may be worth investigating
<nathwill> only other thing i can think of is a cronjob... :(
<RoyK> nathwill: or a wrapper script
<nathwill> royk, yeah...
<RoyK> damn - should have been a trigger for a custom script in useradd
<hallyn> zul: would you mind looking at and considering sponsoring http://people.canonical.com/~serge/dialog.debdiff ?
<zul> hallyn: sure
<Daviey> hallyn: make sure you submittodebian :)
<hallyn> Daviey: did
<Daviey> \o/
<Ryan_Lane> on all of my precise virtual machines, I'm getting soft lockups like this: http://pastebin.com/m7ZfhQJB
<Ryan_Lane> not just for nscd, though. for random processes
<Ryan_Lane> hm. ignore me. I seem to be getting them for lucid too
<resno> i am getting "temporary failure resolving '*.ubuntu.com'". i am unsure how to correc this. 12.04
<zul> smoser: ping
<zul> Ryan_Lane: can you trigger it reliably?
<Ryan_Lane> well, I think it's due to filesystem operations timing out under very high load
<Ryan_Lane> we're using glusterfs underneath the instances, and it is performing terribly
<zul> Ryan_Lane: ext4?
<zul> Ryan_Lane: er...what fs?
<Ryan_Lane> ext4 on the instance, then qcow, then glusterfs, then ext3
<zul> Ryan_Lane: can you open up a bug in launchpad please than we can get the kernel team to look at it, or even on #ubuntu-kernel
<Ryan_Lane> well, I have a feeling it isn't actually a kernel bug
<zul> smoser: ^^^
<zul> or utlemming: ^^^
<Ryan_Lane> and there's so many levels of indirection that I doubt a report is going to be terribly useful
<Ryan_Lane> when we switch off gluster I'll report an issue if we're still having it
<zul> k
<Ryan_Lane> I have a really good feeling gluster is my issue
<veebull> hello, having some trouble getting squid3 set up... client machines are supposed to be set to use a proxy for their updates, but I'm still getting a ton of 403 errors whenever they try to use the squid proxy
<RoyK> veebull: does manually setting the proxy work? if so, are the clients listed under the squid ACL in its config?
<smoser> zul, whats up?
<zul> smoser:  you mentioned last week at uds that you wanted to see the openstack-ci do some benchmarking on the images, what do you mean by that
<smoser> veebull, your squid3 ocnfig is probably just not allowing proxying for those hosts (per its config).
<zul> hallyn: i should have libvirt up tomorrow so you can review and play with it
<veebull> RoyK, So far I just have the default setup - I think I need to define an acl for the local lan
<smoser> veebull, you can just install squid-deb-proxy, which is taylored to that, or, you could just look at the config that it uses.
<veebull> here is the (stripped) version of my acl:  http://paste.ubuntu.com/989497/
<hallyn> zul: cool, thanks.
<veebull> smoser, already have squid-deb-proxy running for the ubuntu-based vms... trying to set up 'regular' squid to work with the RH-based distros
<smoser> zul, i meant that if we're running some instances in a per-every-something (commit, day....) then we might as well be running some thing inside those instances, and timing how long that something takes.
<zul> smoser: ah ok
<smoser> which would potentially give us insight into a kvm performance enhancement, regression, change...
<smoser> (but it will unfortunately be hard to isolate the numbers as we have no way that i know of to get a consistent host environment ... ie, one day 2 guests may go to 1 host, the next to a different one)
<smoser> veebull, ah... i suggest just removing the RH-based distros.
<smoser> thats the easiest thing to do :)
<veebull> smoser, true... but probably not going to happen ;)
<RoyK> veebull: vi /etc/squid/squid.conf, look for acl
<veebull> I've edited their /etc/yum.conf files to point to a proxy @ 'http://192.168.1.1:3128', which is the ubuntu server address on the lan
<RoyK> veebull: default config is to only allow access from localhost
<veebull> RoyK, ah.  un commented the line to allow squid to use a disk cache, now I need to set up a lan acl, yes?
<RoyK> yep
<RoyK> create an acl for lan
<RoyK> and set allow on that named acl later
<veebull> cool, I'll give it a go.
<RoyK> veebull: the config file is rather self-explainatory if you try to read it ;)
<veebull> yeah... I hate it when people say 'TLDR'... but this may be one of those times.
<veebull> more a case of the colors used on the terminal screen I'm on make reading comments very difficult
<veebull> on the eyes.
<Destreyf> I was wondering if anyone had any idea's on how to handle nodes that do not appear in the dashboard.  I used the enlist feature on Ubuntu ISO, the environment looked like it provisioned, but it hasn't shown up in the MAAS node panel yet.
<claude2_> is it a risk to have portmap exposed to the internet?
<claude2_> err rpcbind i guess
<claude2_> like can it leak anything important?
<RoyK> veebull: with vim, :set background=dark
<RoyK> claude2_: historically, portmap has been rather bad, but I don't think much bad has happened the last five years, at last
<claude2_> RoyK: we've got internal and external interfaces on our NFS clients. I've been searching all day for a way to make it only listen to the internal interface
<RoyK> claude2_: ufw/iptables is quite easy to use in that respect
<claude2_> yeah I'm trying to do it without iptables first for political reasons
<RoyK> I think it uses tcpwrappers as well
<RoyK> might be more politically correct ;)
<claude2_> haha yeah. I saw that somewhere, but haven't been able to make it work yet. I'll keep fiddling
<claude2_> thanks
<RoyK> edit /etc/hosts.deny
<veebull> RoyK, adding that acl did the trick, thanks!
<Gojko> anyone here that can help about installing ubuntu server installation on old HP proliant server
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Gojko> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<Gojko> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<stoned> hey guys
<stoned> http://pastie.org/3916869 here is my problem in pastebin. Could anyone kindly take a look and please advise?
<stoned> I require a solution to this problem
<qman__> stoned, if it's chrooted and running on a different port, you just point to the different port
<qman__> in that configuration the ports define which to ask
<RoyK> stoned: I don't think "requiring" a solution will work too well in here ;)
<stoned> Would you kindly help me find a resouce online that sheds more liehg on this
<qman__> building a chroot is complicated and difficult, though
<stoned> everywhere it's about mod chroot for apache
<Gojko> well,i guess i havent said what is problem,apparently it seems i need drivers for a scsi controler,i have tried with installing CentOS 6.2 but it did not recognise any disks in system,and since i am very uninformed with this , if there is any1 that can point me out any kind of info i can use to solve this,atm i am downloading nev ubuntu server,with hope it will recognise my controller,or
<Gojko> if there are any additional drivers needed,anyone could point me out to any info
<stoned> not quite that difficult I just need a refresher
<stoned> debootstrap latest ubuntu, mount binds the device tree and other things
<qman__> you have to build a base environment in a directory
<stoned> I can't remember all the things
<RoyK> Gojko: those hp servers may come with a raid controller, which should be supported, but will need to be configured to export the drives either individually (JBOD) or as a RAID
<RoyK> Gojko: you can usually configure that with the "smart start" CD
<qman__> Gojko, depends on how new/old it is and which raid controller
<RoyK> qman__: for an "old" HP server, I think those should be supported. My guess is that the hardware RAID isn't configured
<qman__> probably, but I've also seen some cases where old SCSI drivers aren't loaded by default because they conflict with other things
<claude2_> RoyK: does the nfs client really need portmap/rpcbind anyway?
<RoyK> claude2_: iirc yes
<qman__> yes
<Gojko> huh,alot info at start,RoyK i bought this server as "used" so i dont have any CD or documentation that should or should not have came with it
<Gojko> @:qman__ i can check what controler is in,but my best guess so far is googling compatibility and trying different versions of distros
<qman__> Gojko, have you configured the raid? it prompts you to press a key combo during boot to do so
<Gojko> it prompts me to press <ctrl-S> if that is what you mean,ill check it and be back in few sec
<qman__> I have a compaq proliant DL380 which more or less works out of the box
<qman__> pentium 3 era, only things missing are fan control
<claude2_> yeah most likely it will work fine
<qman__> not important in a data center or server room
<RoyK> Gojko: you can find that smartstart cd with a quick google
<qman__> hugely important when you're sitting in front of it
<Gojko> well i have checked a bit,server is arround 10 years old so... ill try to find that startsmart CD
<claude2_> i think you can just download the newest one?
<claude2_> like its not model-specific i dont think
<Gojko> well as i said,i am very uninformed about linux,but,since this is for my gamehouse i am holding i want to make it to work as dedicated counterstrike server for my clients.
<Gojko> i found this startsmart CD and downloading it
<RoyK> try that first :)
<Gojko> link is a bit long,if anyone wants to check am i on the right path
<Gojko> http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=316537&swItem=MTX-597d7cb6b45d493285e27c1412&prodNameId=3279705&swEnvOID=181&swLang=8&taskId=135&mode=4&idx=1
<RoyK> I'd say try it
<RoyK> it's quite possible that none of us has your hardware
<qman__> that should do
<Gojko> well, i cannot afford some fancy expencive server so this one will be more than good to do it,and i dont want to put windows on it,i wand best for my customers ;)
<qman__> though I have to ask, counter strike 1.6? otherwise it may not be fast enough
<qman__> game servers are a heavy CPU load
<Gojko> yes 1.6
<qman__> ok
<Gojko> WELL
<Gojko> ON INTEL G620
<Gojko> soz caps
<RoyK> !caps
<ubottu> PLEASE DON'T SHOUT! We can read lowercase too.
<RoyK> :)
<Gojko> 2 servers+cafe software+AVP+ deepfreeze console and i have servers on 1000 FPS so i think i can hold 4 servers here if on linux
<Gojko> any1 can give opinion
<RoyK> what sort of server is this?
<Gojko> dedicated CS server
<Gojko> only thing it will serve for
<RoyK> just wondering about cpu+memory+ec
<RoyK> just wondering about cpu+memory+etc
<Gojko> in your opinion,can it hold 4 srv on 1000 FPS,since i will not use it for anything else
<RoyK> you still haven't said what sort of cpu it has or how much memory it's got...
<Gojko> 1 Gb RAM,xeon 2.8
<Gojko> it is ml350 g3
<RoyK> not a whole lot, but then, I don't know much about gaming servers
<qman__> single or dual xeon, how many cores
<qman__> may not be enough RAM for four, not sure
 * RoyK somewhat doubts those CPUs are multicore
<Gojko> i think single,i can get another 1 Gb
<qman__> one single core may not be enough either, but it'll be close
<RoyK> - Up to 1 GB of 2-way interleaving capable PC2100 DDR SDRAM, with Advanced ECC capabilities (Expandable to 8GB)
<Gojko> it is delivered with 1 gb,supports up to 8
<qman__> best to just try it and find out, since you already have the server
<RoyK> most cheap laptops may beat that :)
<qman__> monitor resources and load up the servers
<RoyK> qman__++
<qman__> true, but most cheap laptops don't have raid, remote management cards, or cost $20 like my P3 did
<RoyK> indeed, but then, if you don't need hw raid or remote management, a cheap mobo, cpu and memory will go a long way
<qman__> yep
<RoyK> sw raid may be just as good as hw raid in most cases
<Gojko> well as qman__ said, it was BANG for a BUCK ;)
<qman__> I'm running a minecraft server on just such a setup, a sempron "single core" am3
<qman__> which is actually dual core, and running at ~3.5GHz instead of the default 2.7
<Gojko> well i guess i gotta try to get it up and running first,it is easiest for me to put load on it,so ill first download all of these isos and after that i will try to get it working
<blendedbychris> if i am getting mount.nfs: requested NFS version or transport protocol is not supported what should i be looking for
<blendedbychris> mount -o proto=tcp,nfsvers=3 -t nfs sld-web-4:/srv /srv.gluster
<pdtpatrick> blendedbychris: maybe it wants to use version 4 instead of 3 ?
<blendedbychris> pdtpatrick: no?
<pdtpatrick> what version of NFS do u have installed?
<blendedbychris> pdtpatrick: it's just nfs-common on precise so i pressume its v3 and v4
<blendedbychris> from man
<rockets> How is this information generated on login? Is there a way I can edit what shows up? http://pastie.org/3917485
<pdtpatrick> rockets: look in /etc/update-motd.d
<rockets> pdtpatrick, thanks!
<rockets> pdtpatrick, actually it appears to be non-trivial to edit. hmm
<blendedbychris> pdtpatrick: is it true that nfs-common should support either version?
<pdtpatrick> right but why are you trying to use version 3 ? does it work with version 4 ?
<blendedbychris> gluster doesn't support v4
<blendedbychris> http://download.gluster.com/pub/gluster/glusterfs/3.2/Documentation/AG/html/sect-Administration_Guide-GlusterFS_Client-NFS.html#id1720347
<pdtpatrick> worked fine on my glusterfs setup. Instead of using nfs
<pdtpatrick> i used mount.glusterfs server1:/test-volume /mnt/glusterfs
<blendedbychris> what?
<blendedbychris> i am trying to specifically use nfs
<pdtpatrick> r u on solaris ?
<blendedbychris> no
<blendedbychris> trying to use nfs because it can help io issues
<blendedbychris> instead of mounting using the gluster client
<pdtpatrick> I'm only seeing vers=3 mentioned under solaris
<pdtpatrick> does this not work for u ? mount -t nfs server1:/test-volume /mnt/glusterfs
<blendedbychris> no that times out presumably because it's trying to use udp
<blendedbychris> these guys were saying i had to use portmapper
<blendedbychris> i wonder if the nfs port is wrong
<blendedbychris> tried  :38467 no luck
<pdtpatrick> do u get this message ?
<pdtpatrick> requested NFS version or transport protocol is not supported.
<blendedbychris> yes'
<blendedbychris> OR if i don't specify the protocol it just times out
<blendedbychris> mountproto to be specific
<pdtpatrick> mount -o tcp -t nfs server1:/test-volume /mnt/glusterfs
<pdtpatrick> btw -- what happens when u run "showmount -e <ipaddr>"
<pdtpatrick> do u see any exports ?
<blendedbychris> ^^ that's not a valid option
<uvirtbot> blendedbychris: Error: "^" is not a valid command.
<blendedbychris> clnt_create: RPC: Program not registered
<blendedbychris> presumably i can use a hostname in that command/
<blendedbychris> either way same issue
<pdtpatrick> if show mount returns nothing - then there's probably nothing being exported?
<blendedbychris> what do you mean by that?
<pdtpatrick> on the server ur trying to connect to  -- what does /etc/default/nfs-kernel-server say ?
<pdtpatrick> it would tell u the ports and such
<pdtpatrick> then in there -- do u have anything in /etc/exports ?
<blendedbychris> pdtpatrick: gluster runs the nfs server
<blendedbychris> it's a nfs server on it's own
<pdtpatrick> thanks for that clarification
<pdtpatrick> well I'm out of ideas then.  maybe ask in #gluster  and share your fix when found please
<pdtpatrick> also thought current versions of NFS used tcp by default
<pdtpatrick> TCP is the default transport protocol used for all modern NFS implementations.   It  performs
<pdtpatrick>        well  in  almost  every  conceivable  network  environment  and provides excellent guarantees
<pdtpatrick>        against data corruption caused by network unreliability.  TCP  is  often  a  requirement  for
<pdtpatrick>        mounting a server through a network firewall.
<pdtpatrick> sorry for spam .. was supposed to be paste bin
<blendedbychris>  yea i was bugging those guys and it seemed like they were hinting towards "not our problem, it's your lack of nfs knowledge"
<blendedbychris> heh
<blendedbychris> pdtpatrick:
<blendedbychris> doh
<blendedbychris> http://www.gluster.org/community/documentation/index.php/Gluster_3.2:_Using_NFS_with_Gluster
<pdtpatrick> lol what ?
<pdtpatrick> u hadn't brought the volume set up ?
<pdtpatrick> :(
<blendedbychris> missed the option
<blendedbychris> no
<blendedbychris> nfs is disabled by default apparently
<pdtpatrick> well that's interesting
<pdtpatrick> so what makes u think u get better io ?
<blendedbychris> Using a platform's native NFS client will result in best performance when reading many small files (web serving). However, no automatic fail-over will happen in case of brick failure.
<blendedbychris> docs say so? heh
<pdtpatrick> on small files yes
<pdtpatrick> because gluster using xattr
<blendedbychris> well that's my usecase
<pdtpatrick> i c
<pdtpatrick> well looks like ur all set :)
<blendedbychris> indeed
<blendedbychris> thanks for your persistence :)
<pdtpatrick> np, glad to have "tried" to help
<sako> hey guys, i rolled my own repo with reprepro, what's the easiest way to pin it so apt prefers any package in my custom repo over all others?
<qman__> sako, make your version numbers higher than those in the public repos
<sako> HUH
<sako> oops sorry for caps
<sako> isn't there a way to pin all packages from a repo with 999 or whatever the highest # is so that apt will always install it over other repos?
<qman__> sako, not that I'm aware of, you set that per-package when you create them
<sako> hmm i don't think so.. i found the man file
<sako> man apt_preferences
<sako> thanks
<nathwill> sako: crunchbanglinux.org/forums has some pretty detailed apt-pinning guides for debian
<nathwill> i imagine a lot of that would apply
<three18ti> In a local network, how can I configure DNS so I can address each host by host name instead of by IP?  Initially, I had thought if running a dedicated DNS server, but this will require configuring the DNS for each new guest, and I'd like something more automatic.  I would prefer not to use DHCP for addressing my hosts.
<ikonia> you need a name service such as dns / ldap and you either need to use dhcp to update, or your need to manually manipulate the name service record for each new host
<postpac1> i'm running 12.04 desktop but having some raid/mdadm issues and #ubuntu suggested someone here might have more experience in that area.  basically my raid 5 was working perfectly, i upgraded to 12.04 from 11.10, and as soon as i rebooted everything went to hell.  mdadm is saying all 3 disks have wrong raid level and can't assemble mbr metadata
<three18ti> ikonia, ok, thanks.  That's kinda what I was thinking, but was hoping someone had some magic.
#ubuntu-server 2012-05-16
<harushimo> I installed maas. someone suggested to get the cloud iso
<harushimo> why?
<harushimo> I'm curious
<koolhead17> harushimo, because it contains bare minimum pkg to get your system up and running on cloud :)
<harushimo> koolhead7 even if you do a apt-get install?
<harushimo> I did a apt-get install of maas.
<harushimo> Is there a difference through apt-get install and the iso
<harushimo> I have it and I will burn it
<harushimo> that is my question
<three18ti> umm... I thought the cloud ISO was an all-in-one live cd.  If you want to install MAAS you will need machines that PXE boot.
<three18ti> pretty sure you don't want the cloud ISO.
<three18ti> start here: https://wiki.ubuntu.com/ServerTeam/MAAS
<harushimo> I'm using the desktop version. I want to experiment with the cloud side
<three18ti> take a step back for a sec.  what are you trying to accomplish with MAAS?
<harushimo> in order to setup the cloud, you have install maas and juju
<three18ti> ok, start here: https://help.ubuntu.com/community/UbuntuCloudInfrastructure
<three18ti> three ways to setup "the cloud"
<three18ti> 1) boot from the live cd
<harushimo> okay
<three18ti> likely the quickest option if you just want to test it out
<three18ti> 2) install using MAAS and JUJU
<harushimo> I'm doing step 2
<three18ti> though it's not clear, you need at least 6 machines (not counting your MAAS server) to install "the cloud"
<three18ti> 3) install the packages manually
<harushimo> I'm doing the combination of 2 and 3
<three18ti> if you don't have the requisite number of spare machines, you can install all of the packages, however, an openstack install has a minimum requirement.
<three18ti> do you have the requisite number of machines?
<harushimo> no
<three18ti> so then you can't use option 2.
<harushimo> ok
<three18ti> you'll need to manually install the packages or just use the live cd.
<harushimo> I manually install maas through apt-get install. I can't find juju
<three18ti> It -is- possible to hack together a cluster using a minimum of two or three machines, but openstack really wants atkeast 6.
<harushimo> though
<harushimo> ok
<three18ti> apt-cache search juju
<three18ti> ?
<three18ti> do you understand how openstack works>?
<harushimo> yeah
<harushimo> you said openstack has a minimum requirement of 6 computers
<harushimo> I mean 2 or 3
<three18ti> well, the maas/juju route does, but you can hack together an install on a smaller number of machines.
<three18ti> note, this would be for lab use only and not production ready.
<harushimo> I'm designed this cloud for testing purposes
<harushimo> it is more for me
<harushimo> when I'm ready to do an actual production, then I can do all three
<harushimo> I just started learning here
<harushimo> exactly like 3 days ago
<harushimo> I may be missing a lot of these concepts
<three18ti> welcome. :) do you mean in ubuntu, linux, "the cloud", sysadmin, etc. ?
<harushimo> I've been using ubuntu linux for seven years. I just got into sys admin stuff 2 years ago
<harushimo> now I'm focusing on the cloud aspect
<harushimo> I'm still running ubuntu
<harushimo> sysadmin isn't too bad. I can manage that. I'm more interested how the cloud concept works
<harushimo> that is why I'm doing this experiment
<harushimo> I just want a bare minimum cloud
<harushimo> nothing too fancy
<three18ti> in your own words, what is "the cloud"?
<harushimo> a cloud is where you can offer services to a consumer
<harushimo> is that right?
<harushimo> I notice a lot of clouds doing that
<harushimo> like data backup, music download, streaming video
<three18ti> ok, your mixing IaaS, SaaS, and PaaS
<three18ti> all of which are "cloud services"
<harushimo> IAAS is the data back up
<harushimo> saas is software
<harushimo> what is PAAS?
<harushimo> I haven't heard of that one
<three18ti> Platform
<harushimo> oh okay
<harushimo> would do mean by PAAS? streaming video?
<three18ti> http://en.wikipedia.org/wiki/Cloud_computing#Service_Models
<three18ti> PaaS is like webhosting.
<three18ti> bluehost.com, softsyshosting.com, provide PaaS.
<harushimo> oh okay
<harushimo> if I have apache webserver--> that falls under IAAS?
<harushimo> right
<three18ti> so do you want to build a Data Center, a Web Hosting Company, or a Youtube.com
<nathwill> three18ti, i'd thought of paas as more vps/virt than shared-hosting side, though... not every webhost would be a paas provider, would they?
<harushimo> i don't know
<harushimo> In all honesty, I want to do all 3
<harushimo> hehe
<harushimo> first try the data part
<harushimo> just backing up simple data
<three18ti> nathwill, really... it depends, and these definitions are really... I don't want to say "loose"... but malleable, perhaps.
<nathwill> seems like it's a little soft around the edges.
<three18ti> > not every webhost would be a paas provider, would they?
<three18ti> I would agree ^
<harushimo> nice
<nathwill> yeah... that's what i was thinking. i wouldn't consider your standard shared host where you basically have ftp access to a docroot to be paas
<nathwill> i'd think paas comes in at the point where you manage the software installed.
<three18ti> but see, that's where the line gets a bit fuzzy, since -technically- they are providing the platform, and you provide the software.
<three18ti> nathwill, right, I manage the apache config, you manage your website.
<harushimo> alright
<nathwill> hrm... i'm back to debating whether a website counts as software.
<nathwill> lol
<harushimo> like I said, I just want to setup a basic cloud
<nathwill> i always end up in this conversation.
<harushimo> haha
<harushimo> that is interesting
<three18ti> nathwill, well, I would say that web site itself is not software, it is a GUI interface to the software.
<three18ti> the "software" being the part that handles the business logic.
<nathwill> three18ti. solid explanation. i would agree with that.
<three18ti> kinda like a spreadsheet isn't software, Excel is.
<three18ti> maybe that's a bad analogy.
<three18ti> harushimo, I've kinda taken the long way to tell you that there is no silver bullet to "install the cloud", you really need to define what "the cloud" is to you, then we can help you design the infrastructure.
<harushimo> ok
<harushimo> that is fine
<three18ti> you might be interested in CloudStack (http://cloudstack.org) or OpenQRM
<three18ti> also.
<three18ti> both are "cloud infrastructure" platforms.  OpenQRM aims to be at a data center management package too.
<harushimo> ok
<harushimo> I'll look into to
<harushimo> i'm not doing SAAS
<harushimo> I don't have software to give
<harushimo> I can probably do PAAS..with apache
<yaboo> what is the best way to configure my ubuntu server to use as a gateway server, with firewall etc
<three18ti> https://help.ubuntu.com/community/Router
<three18ti> yaboo ^
<yaboo> three18ti, thanks
<three18ti> yaboo, yw.
<nathwill> yaboo: i'm about to do the same thing :) good luck!
<yaboo> nathwill, thanks
<harushimo> thanks everyone. I'm going to mess with some stuff tonight
<harushimo> I'll ask some more questions tomorrow
<three18ti> please do,
<harushimo> I will
<harushimo> you taught some things I didn't even know
<harushimo> bye now
<hallyn> stgraber: I'm writing down notes and sample usage code on the lxc api, will probably send you my ideas tomorrow.  just fyi.
<three18ti> hallyn, is it possible to run other "operating systems" inside an LXC container?
<three18ti> I'm a KVM guy, but have been seeing LXC thrown around lately.
<hallyn> three18ti: nope.
<hallyn> other distributions, yes
<hallyn> but the kernel is shared
<three18ti> I see, so kinda like openvz in that sense (though as I understand it LXC is nothing like ovz).
<hallyn> very much like openvz in that sense.  in fact lxc is the result of the work to get an upstream acceptable openvz.
<hallyn> (well only sort of :)
<RoyK> hallyn: what's wrong with kvm?
<nathan_> exit
<hallyn> RoyK: I didn't say anything is wrong with it.  why do you ask?
<RoyK> wrong nick, perhaps, I meant three18ti
<hallyn> RoyK: oh, I think he was just curious bc he's been hearing about it.  he soudned satisfied with it
 * RoyK just got up - couldn't sleep
<RoyK> and some idiot posted on another channel that with the right mobo, ECC would work fine on an i3 cpu
<nathwill> royk: so you woke up because someone was wrong on the internet?
<RoyK> http://xkcd.com/386/
<hallyn> lol
<RoyK> nathwill: really, it was the other way around ;(
<RoyK> nathwill: really, it was the other way around ;)
<nathwill> :D
<RoyK> :Ã¾
<RoyK> xkcd ftw
<RoyK> and the birds have woken up and those fucking tits are going beep beep and I can't sleep
<Mischinka> I was referred here after a failed attempt to install apache 2.4.2. (i followed this guide: http://www.discusswire.com/apache-2-4-installation-ubuntu/)    and after the installation i had to comment out MinSpareThreads, MaxSpareThreads, ThreadLimit, ThreadsPerChild in apache2.conf. Well I finally got the server to respond and my website is back up but I did an apache2 -V command and it
<Mischinka> still says im using apache 2.2.22  (Im using an Apache, MySql, PHP configuration on Ubuntu 12.04)
<Mischinka> Could someone enlighten me with the instructions to correctly upgrade?
<RoyK> I didn't think apache 2.4 was part of ubuntu yet
<blkperl> RoyK: the guide he listed, compiles it from source
<Mischinka> I downloaded it and attempted to compile it from source..
<blkperl> RoyK: why are you upgrading? why not wait for ubuntu to release package?
<Mischinka> blkperl: its actually me who was upgrading.
<RoyK> blkperl: I'm not upgrading
<blkperl> RoyK: sorry wrong tab complete :)
<blkperl> Mischinka: why are you upgrading?
<Mischinka> Benchmarking and Comparing.
<RoyK> Mischinka: if it fails to upgrade, and it's not in the ubuntu repos, perhaps #httpd might be better
 * EvilResistance looks in
<EvilResistance> well 2.4.x for Apache2 is in Debian Experimental, so no wonder its not in the repos :P
<blkperl> Mischinka: you probably need to disable apache 2.2 first...
<EvilResistance> (just as an aside)
<blkperl> Mischinka: are you sure 2.4 started?
<Mischinka> It says its a stable release on the apache website.
<Mischinka> http://www.apache.org/dist/httpd/Announcement2.4.html
<blkperl> Mischinka: yeah it just hasn't hit the ubuntu repos yet because its so new
<Mischinka> You wouldnt happen to know how to install it from source would you?
<blkperl> Mischinka: those steps look correct, first did it compile correctly or were there errors, second when you ran the init script did it start w/o errors?
<blkperl> third is apache 2.4 listening on the port your website is running on?
<Mischinka> Yeah everything went fine but when i start apache it still shows 2.2.22
<blkperl> how did you start it?
<Mischinka> # /usr/local/apache2/bin/apachectl start
<twb> You realize stuff in /usr/local is unsupported, right?
<twb> Oh, blkperl already mentioned that
<Mischinka> http://pastebin.com/kxsE6Vxh
<Mischinka> twb: im too curious to wait ;D and I want to write a review on the performance difference.
<RoyK> Mischinka: if you intend to install apache from source, make sure it's not installed from packages at the same time
<blkperl> Mischinka: it didn't start because apache 2.2 is running on port 80
<patdk-lap> hmm? 2.4 installed and runs perfectly for me
<blkperl> Mischinka: turn off apache 2.2 and try again
<patdk-lap> I should upload 2.4 to my ppa
<RoyK> what's so cool about apache 2.4 anyway?
<Mischinka> Noob question.. how?
<patdk-lap> royk, that is why I installed it, to see :)
<RoyK> patdk-lap: no offence, but I just wanted to advice against having two separate apache installs ;)
<patdk-lap> oh, I don't have two different ones, when you install my apache2.4 package, it removes 2.2
 * RoyK has a server or two at work with three or four apache installs 
<patdk-lap> I dunno how he did it
<blkperl> Mischinka: `service apache2 stop`
<RoyK> and that wasn't my work...
<blkperl> Mischinka: `ps -ef | grep apache2`
<patdk-lap> royk, I'll stick to vm's, build one up to test each item
<RoyK> blkperl: or ps axfv ;)
<blkperl> Mischinka: the last command will show you if its still running
<RoyK> ps -ef is so sysv...
<blkperl> RoyK: :_
<blkperl> :)
<blkperl> RoyK: i tend to use pgrep -lf
<Mischinka> I think its running lol but now I need to find the config file to set it up for my website lol im pretty new at this.
<RoyK> blkperl: gimme awk for that ;)
<Mischinka> where do I set 2.4 to point to /var/www/html
<RoyK> ps axf|awl '/whatever/ { print $somecol }'
<RoyK> Mischinka: it's in the apache docs
<twb> RoyK: bleh.  Passing the appropriate format string to ps would be nicer
<RoyK> Mischinka: you can possibly use the debian/ dir from the 2.2 source to make a package suitable for ubuntu
<RoyK> twb: nonsense ;)
<Mischinka> Trust me im no where near that knowledgable.
<RoyK> Mischinka: then don't build from source
<Mischinka> I just got out of the Marine Corps and decided to take on some new things and learn as I wait for my service connection.
<blkperl> Mischinka: turning off the apache 2.2, and turning on apache 2.4 should work for you
<RoyK> Mischinka: google the apache docs if you need to configure apache from scratch
<RoyK> blkperl: it's a wee bit harder than just the config - apache has a bunch of hardcoded paths, so if you build from source, you need to stay calm
<Mischinka> root@server:~# ps -ef | grep apache2               root     24749 24116  0 22:47 pts/0    00:00:00 grep --color=auto apache2
<RoyK> Mischinka: really, hand-compiled apache is *not* supported in this channel
<blkperl> RoyK: oh yeah then Mischinka will want to follow the apache docs
<RoyK> blkperl: apache builds under /usr/local by default, ubuntu changes a bunch of things, mostly to the better
<RoyK> Mischinka: apt-get source apache2.2
<patdk-lap> hopefully all programs would build to local, or opt by default
<patdk-lap> so they don't mess with the main system
<RoyK> take out the debian dir from there and copy it to the apache 2.4 tree
<patdk-lap> what is even easier, is just install the package from sid
<RoyK> patdk-lap: /usr/local is the default on linux, possibly /opt on solarises
<RoyK> ouch - mixing sid into this is rather nasty
<RoyK> sid is the kid that breaks toys ;)
<patdk-lap> why?
<patdk-lap> you only install apache, not everything
<Mischinka> lol
<patdk-lap> the most you break is apache :)
<three18ti> RoyK, nothing is wrong with KVM, I'm a big fan of it and am basing my infrastructure around it actually.
<RoyK> well, ok, justdownload the sid package, just don't add the sid repo
<Mischinka> So i think i figured out the problem is im able to stop 2.2.22 but 2.4 seems like its not starting.
<Mischinka> Im renting a KVM server with Ubuntu 12.04 from dotblock
<Mischinka> I dont even know what sid is lol
<Mischinka> other than RoyK's description.
<RoyK> erm - why would he choose apache 2.4?
<patdk-lap> hmm, ask him?
<RoyK> Mischinka: really, just download the source for 2.4 and copy the debian/ dir into it and create a package
<RoyK> Mischinka: why do you need 2.4 btw?
<Mischinka> Well the plan is to build a social website. So I need the best performing setup.
<Mischinka> and according to apache's website they say: This version of Apache is our 2nd GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases.
<RoyK> Mischinka: you don't need 2.4 for that
<patdk-lap> it's unlikely your selection of webserver software to be the speed issue, for several years
<patdk-lap> normally it's an 1-2% optimization, at best
<RoyK> Mischinka: if you find performance bottlenecks with apache, choose something else, like nginx
<Mischinka> Lol, nginx play well with mysql and php?
<RoyK> Mischinka: yes
<patdk-lap> why would nginx play with mysql?
<RoyK> Mischinka: usually the code, like php or the SQL syntax or the indexing of the database or the database design, is the performance issue, not apache or nginx
<RoyK> Mischinka: just start off with a base setup. if you want to create facebook v2, go ahead ;)
<Mischinka> I see, I really appreciate your guys' help and I apologize for my noob questions.
 * RoyK just realized that the venus passage happens at midnight in europe and he will be at Svalbard at the time and might be able to see it
<Mischinka> do you have any idea why I had to comment out: #    MinSpareThreads      25
<RoyK> Mischinka: you don't
<Mischinka> Well apache wouldnt start until i did this.. #    MaxSpareThreads      75    #    ThreadLimit          64      #    ThreadsPerChild      25
<patdk-lap> probably cause your not using mpm-worker
<RoyK> Mischinka: possibly a typo somewhere
<RoyK> aha
<RoyK> patdk-lap: that should normally be within <if ...>
<Mischinka> http://pastebin.com/B9Sx7fui
<patdk-lap> ya, but he installed from source
<patdk-lap> so who knows what httpd.conf file he has now
<RoyK> Mischinka: really
<RoyK> remove that hand-installed thing if you want to ask for support in here
<Mischinka> Alright how do i do that lol
<Mischinka> i know i know..
<RoyK> Mischinka: you do not need the latest apache or nginx or something, you just need goood engineering
<Mischinka> how do i reverse: http://www.discusswire.com/apache-2-4-installation-ubuntu/
<RoyK> Mischinka: the code, be it java or mono or php or .not, that's the challenge
<RoyK> Mischinka: didn't you do a base install from source? if so, rm -rf /usr/local/apache{whatever}
<patdk-lap> that will only kill the source
<patdk-lap> after killing all source parts
<patdk-lap> I would to a purge of apache packages
<patdk-lap> then reinstall apache packages
<RoyK> patdk-lap: no, that's where apache installs per default
<patdk-lap> even the etc files?
<RoyK> yep
<RoyK> etc, locks, logs etc
<Mischinka> http://pastebin.com/3RwhWF2f
<Mischinka> So in my case:   rm -rf /usr/local/apache2       ?
<RoyK> Mischinka: if you messed up, and this is a VM, just reinstall, takes you 10 minutes ;)
<RoyK> Mischinka: yes
<patdk-lap> man, that apache2.4 install guide is horrible
<RoyK> patdk-lap: agreed
<RoyK> patdk-lap: I've installed it from source a few times ;P
<Mischinka> I think it may be best to reinstall with all the stuff ive been playing with.
<RoyK> patdk-lap: I think the wrote that install guide back in 1998 or so
<RoyK> Mischinka: just don't install anything from source
<Mischinka> The only files I need to backup are the mysql folder and the var/www/html folder right?
<RoyK> Mischinka: if you have fucked up the server, reinstall it
<Mischinka> Yeah I just need to backup the website.
<RoyK> how much data is it?
<RoyK> it's probably all under /var/www
<Mischinka> Yeah that and my mysql database.
<RoyK> Mischinka: make sure to dump the mysql db and back up that part
<RoyK> the data files might not be of much worth
<Mischinka> I have a complete website built already lol.
<RoyK> Mischinka: next time, use a VM to test things ;)
<Mischinka> I just pulled it down to try out some different configurations.
<A2GJeff> does anyone know of a quicker way to add an IP range to the /etc/network/interfaces ? I have 250 IPs to bind to my server, and I am of the understanding I need to do this for each IP manually
<A2GJeff> using 12.04
<RoyK> ip addr add 1.2.3.4/24 dev eth0
<RoyK> A2GJeff: why would you add so many IPs to a single serer?
<A2GJeff> will that write to the network interfaces file?
<A2GJeff> because its a gameserver hosting company, and we need that many :D
<Mischinka> woah phpmyadmin has so many options to export lol
<RoyK> ok :)
<A2GJeff> will that write to the network interfaces file?
<RoyK> A2GJeff: at the end of the eth0 block 'up ip addr add ... dev eth0
<A2GJeff> what do you mean by the end of the block?
<RoyK> A2GJeff: pastebin the interfaces file
<A2GJeff> one moment
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<A2GJeff> http://paste.ubuntu.com/990079/
<A2GJeff> this is how I've been doing it
<A2GJeff> I'm trying to optimize this, as I need to add more IPs to each box
<RoyK> A2GJeff: something like this http://paste.ubuntu.com/990084/
<A2GJeff> I will try that, thank you
<RoyK> forget about the auto eth0:?
<RoyK> just eth0
<RoyK> the :? was the defacto standard some 10 years ago
<A2GJeff> alright, I'm trying it out right now :}
<A2GJeff> if this works, much <3
<RoyK> it will :)
<A2GJeff> http://paste.ubuntu.com/990085/
<A2GJeff> whats wrong with this?
<Mischinka> Alright starting the site backup
<A2GJeff> (different server btw)
<RoyK> A2GJeff: yo may need to apt-get install iproute
<A2GJeff> alright, doing that now
<A2GJeff> its already the newest version currently
<A2GJeff> iproute is already the newest version.
<Mischinka> My setup is called a LAMP server correct?
<RoyK> ok
<RoyK> try
<RoyK> ip addr add 108.177.227.3/24 dev eth0
<RoyK> 'up' is just the word for 'run this when the nic goes up'
<A2GJeff> alright, doing a restart.. give me a moment
 * RoyK still wonders wtf someone would need so many IPs for a single service
<A2GJeff> lol
<A2GJeff> game server hosting
<A2GJeff> people want default ports
<RoyK> ok
<A2GJeff> the machine is a dual 6cores with 128gb ram and 15mb cache on those processors
<A2GJeff> so I'm able to stack it more
<A2GJeff> it still only has primary ip btw
<A2GJeff> didnt bind my range
<Qten> Hi All, anyone running (zfsonlinux.org) zfs on linux in prod yet?
 * RoyK needs some sleep
<RoyK> Qten: running openindiana with half a petabyte of storage on zfs, but I daresay, not on linux
<A2GJeff> any ideas here Ruetobas?
<A2GJeff> errr, RoyK
<A2GJeff> sorry.
<A2GJeff> lol
<Qten> RoyK: fair enough, just looking for something gluster may run ontop of
<RoyK> Qten: really, I wouldn't recommend zfs on linux yet
 * RoyK is off - nite folks
<Qten> RoyK: yeah i do pref solaris myself for ZFS seems logical :)
<Qten> nite
<A2GJeff> Roy! nooo :(
<RoyK> A2GJeff: baby, i have time for a little more ;)
<A2GJeff> I dont want to bind each IP individually again :(
<RoyK> you can't bind a whole subnet
<RoyK> that is, you possibly can, with bridging, but that will be even more ugly
<A2GJeff> so what would be the best attack plan for this?
<RoyK> just do as I said
<RoyK> add each IP as an ip addr add line
<RoyK> one line per address
<A2GJeff> it didnt work like that, already tried
<RoyK> pastebin the interfaces file
<A2GJeff> already started overwriting it to go the old way, give me a sec to try and get it back to the way it was
<A2GJeff> this is how google was stating to do it as well btw
<A2GJeff>     up   ip addr add 192.168.1.2/24 dev eth0 label eth0:0
<A2GJeff>     down ip addr del 192.168.1.2/24 dev eth0 label eth0:0
<RoyK> !pastebin
<A2GJeff> sorry
<A2GJeff> give me a moment
<A2GJeff> http://paste.ubuntu.com/990090/
<nathwill> gaaaah
<nathwill> http://xkcd.com/910/
<A2GJeff> there is my file right now, what do I type to add the next block in?
<nathwill> doing new ubuntu server install on my new n40l
<nathwill> taking suggestions
<RoyK> A2GJeff: just like you wrote it, but without label eth0 etc
<RoyK> just 'up ip addr ... dev eth0'
<A2GJeff> up   ip addr add 192.168.1.2/24 dev eth0
<RoyK> yep
<A2GJeff> ?
<A2GJeff> ok
<A2GJeff> one moment
<RoyK> label is nonsense
<yaboo> join #logstash
<Mischinka> Can NGINX run joomla?
<RoyK> Mischinka: is the pope catholic?
<Mischinka> Sweet strawberries.
<A2GJeff> http://paste.ubuntu.com/990094/
<Mischinka> I was reading some articles and I hear good things with nginx+php-fpm+mysql+memcache+eaccelerator
<A2GJeff> RoyK: error and file in that pastebin
<RoyK> A2GJeff: if it doesn't work, try moving that line before the dns part
<nathwill> mischinka, i use nginx + fpm + varnish
<Mischinka> with a joomla site?
<nathwill> wordpress and a couple other sites
<A2GJeff> same error with that change RoyK
<nathwill> joomla's going to be the same as any other cms
<RoyK> what error?
<nathwill> mischinka: just different caching optimizations if you want to get that deep
<A2GJeff> I put it in my last pastebin
<Mischinka> Alright well i've backed up my website using akeeba backup which saves files/database.
<A2GJeff> http://paste.ubuntu.com/990094/
<RoyK> A2GJeff: sec
<nathwill> mischinka: i don't know akeeba...
<nathwill> mischinka: i generally use tar and mysqldump
<Mischinka> could you give me a hand then since you've been down this path?
<Mischinka> lol
<nathwill> mischinka, i can pastebin some config files for ya
<nathwill> i'm in the middle of a server install... be happy to help, but may be slow to respond, fyi
<Mischinka> you zipped your datafiles and how do i commandline mysqldump?
<nathwill> mischinka: i generally use: mysqldump --all-databases -u root -p
<nathwill> obviously sub in whatever user name is appropriate
<RoyK> A2GJeff: http://paste.ubuntu.com/990101/ <-- I just tried this on a Lucid VM and restarted it - works fine
<Mischinka> its root.
<nathwill> mischinka, cool. to restore from that, you can:  mysql -u root -p < mybackup.sql
<nathwill> uh. mischinka, btw, you want to dump the mysqldump command into a file, like mysqldump -u root -p > mybackup.sql
<RoyK> nathwill: if you're breave, yes ;)
<A2GJeff> Roy, this isnt working..
<A2GJeff> what version are you trying it on?
<RoyK> lucid
<RoyK> 10.04
<A2GJeff> I'm using 12.04, and its not working
<RoyK> and not *trying*, *using*
<A2GJeff> sorry* lol
<RoyK> A2GJeff: that's a bitch ;)
<A2GJeff> ?
<RoyK> A2GJeff: my advice, add a small script to run "ip addr add ..." for those addresses needed, and file a bug
<RoyK> please file that bug - we need those
<Pathos> I'm having trouble getting a python mod wsgi installed
<RoyK> but for now, ladies and gents, mr RoyK is going to take some time off...
<A2GJeff> :|
<A2GJeff> well thanks anyways
<nathwill> royk, i don't understand "if you're brave"?
<Pathos> http://pastie.org/3918585 here is the virtual host in apache
<Pathos> I have libapache2 mod wsgi installed
<Pathos> When I go to the directory in browser, it keeps saying you don't have permission to access
<nathwill> brave to restore from sql backup? it is a destructive process, but the assumption is that you're restoring to a system that's clean...
<Pathos> the vhost file contains -indexes so that's why
<Pathos> Do you guys have an article on how to install python apache server for ubuntu?
<Pathos> Please advise
<nathwill> anyways... take it easy royk, didn't mean to bug you when you were headed out.
<Pathos> I've been trying to figure this out for a couple of hours now and have researched to no avail
<Mischinka> Almost backed up
<Pathos> [Wed May 16 04:06:37 2012] [error] Exception KeyError: KeyError(140189835843392,) in <module 'threading' from '/usr/lib/python2.6/threading.pyc'> ignored
<Pathos> i get this
<Pathos> in the error.log
<nathwill> mischinka: here's my sample nginx site config: http://paste.ubuntu.com/990109/
<nathwill> depending on your setup you may want to tweak some things
<Pathos> anyone?
<Mischinka> well im going to have to reinstall 12.04 isnt there a commandline for that?
<nathwill> mischinka, how do you mean?
<Mischinka> Im renting a KVM VPS
<nathwill> mischinka, this is a pretty good tutorial on the full nginx + php-fpm setup
<nathwill> http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-on-ubuntu-11.10
<Mischinka> Works the same with ubuntu 12.04?
<nathwill> ja. not much has changed with either nginx or php-fpm
<nathwill> the main points are getting php-fpm to use a socket (faster), and a sample nginx config to set the upstream for php
<Mischinka> You think this is the fastest setup for a heavy php and database site?
<Pathos> any help please?
<Mischinka> hmm I did the mysqldump and it didnt work right.. the file is way too small lol
<nathwill> mischinka, you check it w/ less?
<nathwill> because the actual line count will be small
<nathwill> the size should be pretty representative of your data
<Mischinka> well i have phpmyadmin as well.. do i need to check structure, data, or str/data for dump table?
<nathwill> ?
<nathwill> mischinka, if you used --all-databases it should have dumped all tables in all databases
<nathwill> also, only more recent phpmyadmin installs a table
<nathwill> if you just browse the content you should get a quick idea if the resultant sql file contains your data
<Mischinka> like:  mysqldump --all-databases -u root -p > mybackup2.sql  ?
<nathwill> well that'll create another (or the first if you haven't done it before) backup of the db
<nathwill> but if you: less mybackup.sql
<nathwill> you'll be able to see the file contents
<Mischinka> ah im getting errors thats why.
<Mischinka> mysqldump: Got error: 23: Out of resources when opening file './inpaintball_db/joomla_support_discussions_votes.MYD' (Errcode: 24) when using LOCK TABLES
<nathwill> ah
<nathwill> weird.
<Pathos> Am I being ignored or something?
<Mischinka> pathos: sorry i dont know the answer.
<nathwill> ^+1
<uvirtbot> nathwill: Error: "+1" is not a valid command.
<Mischinka> nathwill: i see the sql files in /var/lib/mysql cant i just use those files to restore?
<nathwill> not optimal, but doable
<Mischinka> Like, zip that directory and put it back after I install everything
<nathwill> if you have phpmyadmin, honestly i would just export from there before i grabbed the actul myi & myd files
<Pathos> *sigh*
<Mischinka> Alright I think it worked through phpmyadmin
<Mischinka> Now for the fun part.. destroying my server.
<nathwill> mischinka, hehe. best part!
<Pathos> nm
<Pathos> im an idiot i was editing the wrong vhost file!
<Pathos> haha.
<Mischinka> hah
<Pathos> :D
<nathwill> glad you got it workin
<Mischinka> so I just start ubuntu from cd and select install?
<Mischinka> nathwill maybe i should share my screen with you lol
<Mischinka> do you have teamviewer?
<nathwill> mischinka, nope
<Pathos> now something funnier
<Pathos> http://pastie.org/3918689
<Mischinka> Just doing an install from cd will delete everything right?
<nathwill> also, mischinka, generally vps stuff you don't start w/ a cd, you just pick an image... who're you hosting with?
<Pathos> But if I load a script it works, just says hello world
<Mischinka> Dotblock
<nathwill> mischinka, yeah, best to consider it deleted.
<Pathos> I wonder what the issue is really
<Pathos> any apache gusy here?
<Mischinka> nathwill: Should I encrypt my home directory ?
<Mischinka> Pathos try #httpd
<Pathos> ok
<nathwill> mischinka, up to you, i don't find any difference either way.
<nathwill> except knowing that when i do, it is
<Mischinka> so for the partitioning method what do i choose?
<nathwill> mischinka, either full disk lvm or full disk is fine. if you're not going to be messing with lvm, i'd stick with normal full disk as it'll be easier to manage
<Mischinka> what is lvm?
<nathwill> mischinka, logical volume management
<Mischinka> yeah i dont think i need that.
<Mischinka> so, guided - use entire disk
<nathwill> sounds good...
<Mischinka> oo scsi1 (0,0,0) (sda) - 41.9gb ata qemu harddisk
<Mischinka> MORE COFFEE!
<Mischinka> ;)~
<Mischinka> nathwill, have you done any military service by any chance?
<nathwill> mischinka, nope. can't take orders
<Mischinka> I went to bootcamp with someone named Williams, Nathan
<nathwill> have many good friends in and back out of the service though
<nathwill> mischinka, really?
<nathwill> that's funny
<Mischinka> Yeah
<Mischinka> Marine Corps
<nathwill> ugh. this 4G ECC ram upgrade i just got in the mail is DOA, what a joke
<Mischinka> from where?
<nathwill> hp ram from newegg
<Mischinka> i've been struggling finding the right hardware for my pc.. times have changed so much i have no idea what kind of ram to get anymore.
<nathwill> haha, for sure. i even hear they're rushing to put out ddr4 or some crazy nonsense
<Mischinka> wow.
<Mischinka> i bought some transformer looking ddr3 corsair vengeance stuff.
<Mischinka> But i think im going to return it.. because i really need something a little snappier.. and I need 16gbs of whatever it is.
 * Mischinka twiddles his thumbs (83%)
<nathwill> lol
<Mischinka> Do you have skype?
<nathwill> i've got my fingers crossed that networkmanager is gonna do its magic and configure my card for me.
<nathwill> mischinka, nope
<nathwill> bbiaf, smoke break.
<Mischinka> sure.
<Mischa-Android> Now i have mirc on my razr.. sweet succulent awesomeness
<Mischinka> Should I setup automatic updates on this install?
<nathwill> mischinka, up to you. i usually opt for the security updates, but be prepared to check dpkg log to see what's been installed if something breaks.
<Mischinka> if its off i can manually update?
<Mischinka> Will it slow down the server much?
<nathwill> mischinka, yeah, you can, no it shouldn't
<Mischinka> Alright its asking which software to install.
<Mischinka> Im sure: OpenSSH is important
<nathwill> mischinka, yeah, that's usually what i start with
<Mischinka> I wont need anything else for this setup, will i?
<Mischinka> i have: openssh, dns, lamp, mail, postgresql, print, samba, tomcat, vm host, and manual pkg selection
<nathwill> mischinka, i usually set up ssh on the installer, everything else you can install afterwards
<Mischinka> rogeroger
 * Mischinka goes back to the thumb twiddling (34%)
<Mischinka> its quite the process..
<Mischinka> nathwill: is this what you do for a living?
<nathwill> mischinka, not with ubuntu. i work at yahoo and we're a freebsd/rhel house
<Mischinka> Cool.
<nathwill> but i do sysadmin type things for a living. it's kind of difficult to describe. i bridge customer care and service ops
<Mischinka> Interesting..
<nathwill> mischinka, that's for sure, lol
<Mischinka> nathwill: have you used memcache and eaccelerator?
<nathwill> mischinka, nope
<Mischinka> nathwill: Install the GRUB boot loader to the master boot record?
<nathwill> mischinka, yep.
<Mischinka> hmm.. they need a second bar that has overall percentages, i feel like i was tricked.
<nathwill> lol
<Mischinka> So do you prefer ubuntu over others?
<Mischinka> Now Ubuntu decides to be honest: "Wiping swap space for security (this may take a while)..."
<nathwill> mischinka, yes, i prefer ubuntu
<Mischinka> I was told to use Ubuntu and im unsure as to why yet. lol
<nathwill> mischinka. it's a solid system with lots of readily available, easily installable software, and a freaking amazing community is why :P
<Mischinka> pwn ;p
<nathwill> lol
<Mischinka> Im looking at it and i might even use it for my personal pc.
<Mischinka> I havent seen the desktop in action yet though.
<Mischinka> hmm.. my Finishing installation really likes to be at 13%
<Mischinka> Is this normal for it to hang at 13%?
<nathwill> depends, is this the "wiping swap" piece? cuz i've seen that hang a bunch
<nathwill> usually, just wait it out
<nathwill> well, by hang i mean take a long time, not really "hang"
<Mischinka> ah i gotcha.
<Mischinka> yeah its the wiping swap piece.
<nathwill> yeah. so that takes a long time because linux geeks take their encryption very seriously
<Mischinka> Booya. booting up
<nathwill> :)
<Mischinka> AH my login is incorrect for root?
<nathwill> well there is no root by default
<Mischinka> oh
<nathwill> so login is normal, then use sudo
<Mischinka> alright how do i create a root?
<nathwill> if you *really* want to have a root user...
<Mischinka> oh not really.
<nathwill> mischinka, so... before i get into that...
<nathwill> my preference if i'm going to be doing a lot of stuff that requires root privs is to use : sudo -i
<Mischinka> dir
<Mischinka> should I do an update first?
<nathwill> mischinka, yeah, i'd do a apt-get update && apt-get dist-upgrade
<Mischinka> well, sudo apt-get update && apt-get dist-upgrade
<nathwill> unless you sudo -i first ;)
<Mischinka> gotcha.
<nathwill> :P
<Mischinka> alright updates are set.
<nathwill> woot
<Mischinka> whats next?
<Mischinka> that guide?
<nathwill> so next you'll probably want to install: nginx php5-fpm mysql-server php5-mysql
<nathwill> yeah, pretty much that guide
<nathwill> :)
<Mischinka> alright lets see how this goes.
<nathwill> g'luck.
<nathwill> i'm wrapping things up here, it's time to grab some food and pass out. i'll be back tomorrow.
<Mischinka> Is there anything special I need to do once this is done?
<Mischinka> before i had trouble because apache wasnt pointing to /var/www/html
<nathwill> well, you won't be using apache
<Mischinka> Oh.. is there going to be any tricks to setting joomla up with nginx?
<nathwill> mischinka, as long as you get nginx routing php to php-fpm, and you install php mysql driver, then no.
<nathwill> it should be just like a normal install
<nathwill> but faster ;)
<nathwill> uh.
<nathwill> htaccess stuff would be different
<Mischinka> oh man..
<nathwill> if you're going to use permalinks
<Mischinka> do you want to see how I have my htaccess now?
<nathwill> so if you want to do the permalink type stuff, i'd just google nginx joomla
<nathwill> mischinka, they have some examples in the joomla docs here: http://docs.joomla.org/Nginx
<Mischinka> well i got my nginx running.
<nathwill> but note that they're using a port for php5-fpm instead of a socket
<nathwill> i prefer a socket, but it's not a super big deal
<Mischinka> im @ apt-get install php5-fpm
<nathwill> anyways... best wishes... if you're on tomorrow i'd love to hear how it went.
<Mischinka> Alright ill be here.
<Mischinka> anyone have any idea why im getting
<Mischinka> Reloading nginx configuration: nginx: [emerg] "fastcgi_pass" directive is duplicate in /etc/nginx/sites-enabled/default:69
<Mischinka> nginx: configuration file /etc/nginx/nginx.conf test failed
<glosoli> Anyone here can help me ? fighting against apache and redirect problem: here is part of the log I talked in apache channel, but they asked me to go here and ask you: http://dpaste.org/SKYIf/
<twb> Wow that's bloody awful markup in the dpaste url
<glosoli> twb: ah sorry..
<twb> it puts all the line numbers in a single <TD> or something
<twb> glosoli: not your fault, just a stupid pastebin site
<glosoli> I don't know what else to use pastebin dot com is too much spam for me ,anyway maybe you are familiar with a problem I am fighting against ?
<glosoli> They sent me here
<twb> glosoli: ask sling said, you need to use a2ensite
<twb> it's a program in your path
<twb> It also has a manpage, as Sling suggests.
<glosoli> twb: so to understand, I won't be using virtualhosts ?
<glosoli> I will be using a2ensite instead ?
<twb> Wrong.
<twb> By default, Ubuntu's apache httpd configuration reads files in /etc/apache2/sites-enabled/*.  These are typically symlinks to files in /etc/apache2/sites-available/.
<twb> The a2ensite and a2dissite programs simply make/remove symlinks from the latter to the former.
<twb> #httpd do no wish to discuss it because that directory layout is a Debianism.
<alex88> hello guys, how much should i leave for the /boot partition on a 12.04 server?
<twb> alex88: I usually allocate 256MB
<glosoli> twb: so there is nothing to do for that script just install and restart server, and then it will take care of everything ?
<alex88> ty twb
<twb> alex88: ballpark would be about 24MB per kernel, plus bootloader files.  But note that old kernels are never automatically removed, so the number of installed kernels increases monotonically with kernel security updates
<glosoli> ah a2ensite default
<glosoli> twb: did that a2ensite, it doesn't work still
<alex88> twb, thanks for explaining :)
<twb> alex88: if you have a small (<<1TB) disk, you could dial it down to 64MB or so, but I wouldn't go any lower than that.
<twb> glosoli: sorry, I'm not interested in helping you further.
<glosoli> twb: hmm, thanks anyway :)
<alex88> twb, it's 2tb, so it's not a problem to leave 512mb for that
<lynxman> morning o/
<Mischinka> morning lynxman
<Mischinka> Have you setup phpmyadmin on an nginx setup?
<lynxman> Mischinka: yeah but it's a pain :)
<lynxman> Mischinka: running php on nginx is definitely a world of pain, not worth it
<twb> Isn't it only as painful as any PHP fastCGI usage?
<lynxman> twb: indeed
<twb> i.e. it only sucks because PHP always sucks
<lynxman> twb: doesn't scale well either
<lynxman> twb: doesn't have enough web sauce :D
<twb> http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/ http://slofith.org/fith/images/php-the-good-parts.jpg
<LyonJT> hey
<LyonJT> does anyone know how to change the default port of vsftp ?
<twb> LyonJT: probably in vsftpd.conf
<LyonJT> that's what i thought i've found this article http://askubuntu.com/questions/37058/how-to-change-vsftpd-default-port
<LyonJT> works :)
<Mischinka> I got php running fine on my nginx.. im just having issues setting up phpmyadmin properly for the advanced features.
<alex88> i've created partition for /boot and / which one should i set as bootable?
<twb> alex88: neither
<twb> alex88: GRUB doesn't care about MBR boot flags
<twb> If you were using extlinux, /boot would be the one to mark as bootable.
<alex88> twb, oh ok thank you :)
<wolferz> Question: Do I have to use ubuntu server or can I modify the Linux Mint 12 kernel to the ubuntu server kernel?
<e2b04836> why would you want to do that?
<twb> wolferz: we don't support that
<wolferz> support what twb ?
<twb> wolferz: anything to do with mint
<twb> ikonia: oh, thanks
 * twb extends idiot list
<ikonia> apologies, he was on about this yesterday and rage quit saying he'd never use it again etc etc
<wolferz> twb, as it uses the same repository as ubuntu and is just a flavor of ubuntu, may I ask why it's frowned upon? Does it have some bad issues with being a server?
<wolferz> For the record, I've NEVER been in here before
<ARTSIOM> I have added a conf file to /etc/init/ folder and now I can succesfully stop and start my app with "service start app" command. But how now make app to auto start on boot? Documantation says "there is no concept of runlevels, everything is event driven with dependencies. You would add an upstart config to /etc/init and potentially source a config file in /etc/default to allow users to...
<ARTSIOM> ...override default behaviour." But I do not understand what exactly I need to do.
<Womkes> Which server virtualization method is used / supported by default in ubuntu 12.04 ?
<wolferz> I've thought about getting ubuntu server, just exploring my options.... However, getting kicked for no reason just by asking a question does NOT make me feel warm and fuzzy about ubuntu-server
<ikonia> wolferz: you where told about the no mint support in #kubuntu yesterday when you rage quit
<ikonia> stop asking about it, use mint support resources for mint, use ubuntu support resources for ubuntu
<twb> ARTSIOM: one moment
<twb> ARTSIOM: http://paste.debian.net/169054/ is the minimalist "near enough" version
<twb> wolferz: libvirt-bin, kvm, lxc
<twb> Womkes: libvirt-bin, kvm, lxc (wrong nick)
<ARTSIOM> twb: I have tried with this in my conf file
<ARTSIOM> http://paste.org/49314
<ARTSIOM> but the app is not starting on boot
<ARTSIOM> so I am wondering about this line in doc "potentially source a config file in /etc/default", so maybe I am misisng  some step
<ikonia> actually if anyone has a 10.04 or later server box with kvm installed, could you confirm if qemu-kvm is in /usr/bin or /usr/libexec please (not urgent)
<twb> ARTSIOM: don't do that
<twb> ikonia: I can't find it anywhere
<ikonia> twb: do you have kvm installed ?
<ikonia> (as in the tool set, not the kernel module)
<twb> I have qemu-kvm installed
<ARTSIOM> twb: why? can you please explain
<ikonia> twb: perfect, I wonder why it's not on your system
<twb> ikonia: btw did you ask apt-file?
<twb> ARTSIOM: I can't be bothered explaining
<ikonia> twb: not got a box here to hand, hence wasking
<ikonia> asking
<twb> ikonia: apt-file works without it installed
<twb> ikonia: unlike dlocate/dpkg -S
<ikonia> twb: I mean, I don't have an ubuntu box here
<twb> Righto
<ikonia> that's why I'm checking as I'm looking at something generic in libvirt
<twb> I know the qemu/kvm packaging in ubuntu is quite different from debian
<ikonia> one of the reasons I was curious
<ikonia> looking at two different libvirt releases and issues and just seeing how ubuntu had laid it out
<randomDude> is there a way to add ppaa repositories unattented to a cobbler preseed file?
<ikonia> randomDude: does it not work the same as adding a generic repo ?
<ikonia> do you have to do something specific with a PPA ?
<Daviey> twb: This cycle, qemu-kvm delta with Debian should shrink significantly.. but i fear the libvirt delta will increase.
<Womkes> k
<twb> I *want* to live libvirt
<Womkes> I'm looking for good tutorials on how to set up a KVM environment on top of DRDB accross two servers with LVM
<twb> I just haven't found a place where it saves me more time than it wastes
<twb> s/live/like/
<Womkes> cannot find any, maybe you guys know any?
<twb> Womkes: drbd needs at least three hosts
<Daviey> twb: live migrations it really helps :)
<Mischinka> Starting nginx: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
<ikonia> Daviey: any reason it's falling back in line ?
<twb> Daviey: that's more enterprisey than I need
<Mischinka> How do I start my nginx I keep getting that error
<Womkes> three?, no I have done it before
<Womkes> just two server is fine
<Womkes> raid1 over network right
<twb> Daviey: I can just say "sorry you are losing mail for ten minutes at 6PM on Saturday"
<twb> Womkes: google for "split brain"
<Daviey> ikonia: qemu-kvm Debian Maintainer seems to be more active than when the packages initially diverged, and relationships are improving.
<ikonia> Daviey: straight forward/honest answer, simple, I like it
<Womkes> twb, im not looking for a automated HA setup, just something that will mirror the data
<Daviey> twb: non-shared storage live migrations are too cool to not use!
<twb> Womkes: rsnapshot
<Womkes> and if one goes down i can put the other one online manually
<Daviey> twb: i do it for giggles. :)
<ikonia> !info qemu-kvm
<ubottu> qemu-kvm (source: qemu-kvm): Full virtualization on i386 and amd64 hardware. In component main, is optional. Version 1.0+noroms-0ubuntu13 (precise), package size 3576 kB, installed size 10297 kB
<twb> Daviey: you sound like a solution looking for a problem :P
<Daviey> twb: that is what i do best.
<twb> What I do best is complain
<Daviey> i hadn't noticed... :)
<twb> Holy shit
<twb> I just halved the size of my git repo
<Daviey> twb: *come* to a UDS, and you can have an entire evening of moaning to me about how crap the worl^D Ubuntu is.. if you buy the drinks.
<IdleOne> !language | twb
<ubottu> twb: Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<Mischinka> I guess a server restart worked lol
<twb> Stupid stray tag was keeping an entire bogus history from being GCd
<twb> IdleOne: sorry
<twb> Daviey: I didn't even go to linux conf when it was in my city
<Daviey> twb: Typical Social BOFH? :)
<twb> BOFH/aspy, yeah
<twb> meatspace is hard work
<randomDude> ikonia: i imagine it would, however i need to add the public key yes? so this is the question how
<randomDude> ikonia: essentially i am using cobbler to pxe boot install ubuntu desktop images of kde/unity/gnome-shell, but i want to also install latest gimp,  thunderbird, firefox, google chrome
<randomDude> ikonia: i guess i just turn on "ignore gpg signing" during preseed
<randomDude> ikonia: http://serverfault.com/questions/295174/upgrade-the-ubuntu-puppet-package-within-kickstart-process
<ikonia> randomDude: yeah, I see what you mean about the key
<ARTSIOM> twb: here is my full conf file placed in /etc/init folder http://paste.org/49317 , but the app is still not starting on boot (but starting fine with "start app"). Am I missing smth?
<zul> good morning
<koolhead11> hello zul
<zul> hey
<RoyK>  
<cedwards> I have the need to deploy some ubuntu VMs (libvirt/kvm), and I'd like the install to be mostly automated. Is vmbuilder a good solution for that?
<smoser> hallyn, around ?
<randomDude> sweeeeet!!!! (sarcasm), i just finished a preseed cobler desktop deployment and the password i set doesn't work for the default user! i used : `echo "mypassword" | mkpasswd -s -H MD5` to generate the password
<hallyn> smoser: yup
<smoser> have you ever gotten kvm to work with scripts in /etc/qemu-if{up,down} ?
<smoser> http://paste.ubuntu.com/990697/
<smoser> hallyn, ^
<smoser> it doens't even get to calling the /etc/qemu-ifup script before failure.
<smoser> (per strace)
<smoser> bah. it seems this is not possible.
<smoser> without root
<Jarmo> Hi, does someone know easy way to change openstack so it wont try use AWS, trying to use local... Did install it with maas + juju... and can't find what to change and where..
<roaksoax> randomDude: have you tried somthing like this to set the password?
<roaksoax> d-i     passwd/username string ubuntu
<roaksoax> d-i     passwd/user-password-crypted    password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4.
<roaksoax> user/password
<hallyn> d'oh, sorry, i got lost in email
<hallyn> smoser: well yes, you either need to be root, make it setuid-root, or give it the required capabilities
<hallyn> note: I always just set it up in advance by hand
<hallyn> oh, you know,
<hallyn> yeah it probably isn't set up to be run by non-root anyway.  it probably would need to chown /sys/class/net/$tap to the calling user to do that
<smoser> hallyn, "set it up in advance by hand"...
<smoser> ?
<hallyn> sudo tunctl -u 1000
<hallyn> sudo ifconfig tap0 0.0.0.0 up
<hallyn> sudo addif br0 tap0
<hallyn> and then the chown above
<smoser> hallyn, thanks. trying that.
<hallyn> smoser: tbh i wouldn't be comfortable with it as setuid-root, but with fI would be useful.  Only potential problem then would be that at one point at least something couldn't be done with the capabilities
<hallyn> I suspect that's been fixed
<irkinosor> Hello, I set up LAMP on my computer and it worked fine yesterday. Now the browser won't display my pages any more, does anybody knows what's wrong? thx
<pmatulis> web server listening for requests?
<koolhead17> hola all
<rcsheets> irkinosor: that's not nearly enough information for anyone to help you.
<irkinosor> what info do you want?
<rcsheets> irkinosor: well, exactly what you're doing that doesn't work, and any error messages you get. that would be good to start with.
 * RoyK wonders what stoned is smoking
<stoned> wgt
<stoned> Why
<stoned> Why would you be worried about what I'm smoking all of a sudden
<stoned> And why in #ubuntu-server
<stoned> You couldn't message me privately?
<irkinosor> @rcsheets: I'm developing a website and I install the LAMP configuration on my PC to test it locally before any thing else. I was able to access my pages after installation in my browser and open phpMyAdmin, but now nothing is working.
<zul> SpamapS: lemme know when you are around
<stoned> Be discreet!
<stoned> Come on buddy
<rcsheets> irkinosor: right, but still the only information you provide is "it doesn't work"
<koolhead17> RoyK, hey there
<irkinosor> @rcsheets: this is what firefox throw: unable to connect      Firefox can't establish a connection to the server at localhost.
<rcsheets> irkinosor: is your web server running?
<RoyK> stoned: changing your nick to "stoned" isn't really discreet :)
<stoned> oh
<stoned> but that's my name
<RoyK> :)
<stoned> [09:59:46] NickServ [NickServ@services.]: Registered : Nov 27 22:57:19 2004 (7 years, 24 weeks, 3 days, 16:02:40 ago)
<stoned> I had to register b/c it dropped
<stoned> I registered in like 2000 or something
<stoned> been stoned ever since
<RoyK> it was just
<RoyK> at stoned is smoking
<RoyK> ops
<RoyK> 16:55 -!- Pathos is now known as stoned
<RoyK> that one
<stoned> oh yeah
<RoyK> stoned: so sorry
<stoned> I have a backup nickname
<stoned> Pathos
<stoned> Like opposite of Ethos
<stoned> And I have stoned
<stoned> and denots for peopel who don't like stoned people
 * RoyK goes back to testing RAID level migration
<stoned> it's just stoned spelled backwards
<stoned> i have not yet medicated this morning
<rcsheets> irkinosor: do you know how to tell whether your web server is running? do you know which web server software you installed? was it apache, perhaps?
<stoned> I am super duper hyper
<stoned> I just have to go vaporize my medication and then I should be ok
<stoned> And my bursitis is killing me since two days back hurts a lot
<stoned> And that reminds me i need to go to clinic and renew my medication prescription
<irkinosor> @ rcsheets: I installed apache2  through the the install lamp-server^ process in the terminal. I just reload it and it still not working
<rcsheets> irkinosor: what do you mean by "reload"? how did you do that?
<stoned> you're trying to install a lamp server?
<irkinosor> @rcsheet: sudo service apache2 reload
<stoned> is this a new command system?
<stoned> no more /etc/init.d/apache2 restart|reload etc.?
<stoned> I have a LTS lucid server
<rcsheets> irkinosor: but it might not even be running
<rcsheets> irkinosor: sudo service apache2 status
<stoned> easy to find out
<stoned> telnet localhost 80
<stoned> GET
<stoned> otherwise ps auxf|grep httpd
<stoned> or grep for apache maybe i dunno what the proc is called
<rcsheets> or the thing i said
<stoned> oh right
<stoned> status
<stoned> that's great
<stoned> I need to learn new ubuntu
<rcsheets> for example, i get "Apache2 is running (pid 6071)."
<irkinosor> @rcsheets: you are right it is not running. How do I make it run,I thought I just need to reload it!
<rcsheets> irkinosor: sudo service apache2 start
<irkinosor> @rcsheet: I'm getting a list of options
<rcsheets> irkinosor: that's unhelpful.
<irkinosor> @rcsheet: I got Usage: apache2 [-D name] [-d directory] [-f file]
<rcsheets> irkinosor: _what_ options? i can't see it from here.
<irkinosor>                [-C "directive"] [-c "directive"]
<irkinosor>                [-k start|restart|graceful|graceful-stop|stop]
<irkinosor>                [-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
<rcsheets> irkinosor: what exactly did you type?
<irkinosor> @rcsheet:  Sorry let me try     again
<rcsheets> irkinosor: why not just answer my question?
<irkinosor> @rcsheet: because I don't know how to.  In the terminal there is Usage: apache2 [-D name] [.... then the options are explained
<irkinosor> @rcsheet: is that enough
<irkinosor> @rcsheet: Oh I type : apache2 start
<irkinosor> @rcsheet: I found the answer:  sudo /etc/init.d/apache2 start
<rcsheets> <rcsheets> irkinosor: sudo service apache2 start
<rcsheets> you can't just leave out words
<rcsheets> the /etc/init.d/apache2 script will also work, but using "service" is the new way
<irkinosor> @rscheet: That's ok. Thank you very much. Do you know why apache2 stopped working in the first place and do I need to start it everytime I want to work locally?
<rcsheets> irkinosor: i'm not sure why it stopped. did you restart your computer? did you kill the apache process?
<ARTSIOM> here is my full conf file placed in /etc/init folder http://paste.org/49317 , but the app is still not starting on boot (but starting fine with "start app"). Am I missing smth?
<irkinosor> @rcsheets: Yes I restarted my computer this morning but I think it was working because I was able to access my php files...
<rcsheets> irkinosor: i believe it would normally start automatically on boot...
<rcsheets> irkinosor: what does 'ls -l /etc/rc2.d/S91apache2' give you?
<nathwill> irkinosor, update-rc.d apache2 defaults
<irkinosor> @rcheeets: lrwxrwxrwx 1 root root 17 May 13 23:18 /etc/rc2.d/S91apache2 -> ../init.d/apache2
<rcsheets> so it's already set to start
<rcsheets> irkinosor: i'm not sure why it stopped, and it sounds like you're not sure whether it was running or not before.
<rcsheets> irkinosor: i suppose you could read the error log to see when the server was stopped and started
<irkinosor> @rcsheets: Well I check the error file ealier and couldn't see anything. What line should I look for?
<rcsheets> irkinosor: a normal shutdown looks like this:
<rcsheets> [Wed May 16 08:04:42 2012] [notice] caught SIGTERM, shutting down
<irkinosor> rcsheet: That's exactly what was there: [Wed May 16 05:21:47 2012] [notice] caught SIGTERM, shutting down. Nothing after, now I can see ... resuming normal operation . I guess that after you asked me to restart it
<rcsheets> irkinosor: well, at least now you know how to start, stop, and determine whether the server is running. i'm not sure why it stopped before.
<irkinosor> rcsheet: You have being most helpful. Thanks.
<SpamapS> zul: I'm up now, but need to do some stuff AFK for a few minutes. back in 20
<zul> SpamapS: k
<hallyn> stgraber: got any quantal lxc patches to queue up?
<stgraber> hallyn: nope, haven't really started using on quantal because of the current apparmor kernel bug
<tash> how do you change a user's home dir after you have already added them? I
<tash> I thought usermod -d <dir> <user> ?
<hallyn> chsh
<hallyn> oh sorry
<hallyn> thought you said shell somehow
<tash> or, maybe the better question is ...
<tash> when adding a user, why didn't it add the home dir by default?  I swear it has for me in the past, but I'm on 12.04 now and maybe things are different?
<tash> I did useradd <user>, maybe I should have used adduser ?
<hallyn> i think so
<hallyn> (anyway my answer would be the wrong answer: edit /etc/passwd)
<hallyn> probably adduser --dir /home/user will dtrt, but haven't tested
<tash> adduser does it by default
<tash> I just tested
<hallyn> right but i mean after the fact
<iclebyte> how can snmptrapd be configured to receive all traps if it doesn't have any MIB data?
<iclebyte> i.e. just to log them.
<RoyK>  
<roaksoax> ls/win 14
<a_c_m_> ok i'm ripping out hair at the moment. Trying to get stud to work. Its got a init.d script, but it seems to run, create a pid then exit
<a_c_m_> without leaving any logs
<a_c_m_> if you run the exact same command from the shell, it works fine
<RoyK> stud?
<RoyK> !stud
<a_c_m_> https://launchpad.net/ubuntu/precise/amd64/stud
<a_c_m_> RoyK: like pound or stunnel
<a_c_m_> but faster ;)
<RoyK> ok :)
<a_c_m_> but i can't work out why its not staying running
<RoyK> installed from package?
<a_c_m_> i'm not a sysadmin - but i know enough to be annoying :)
<a_c_m_> yep, direct from the package
<RoyK> and nothing in the logs?
<a_c_m_> it doesn't really do logs
<RoyK> as in /var/log/daemon.log or similar
<a_c_m_> no deamon.log
<a_c_m_> checked syslog
<RoyK> a_c_m_: that's ubuntu/syslog's log
<RoyK> a_c_m_: which distro version?
<a_c_m_> i think this server was 10.04 then upgraded to 12.04
<a_c_m_> may re-install
<a_c_m_> as i'm out of things to try
<RoyK> but - starting it manually works?
<a_c_m_> yes
<RoyK> but not with the init script or upstart?
<a_c_m_> even starting it manually with the same command the iniit script is trying to use
<a_c_m_> works
<sqwaw> from /boot/grub/grub.cfg: can someone explain to me the meaning of multiboot /xen.gz placeholder? specifically the multiboot and placeholder parts?
<RoyK> a_c_m_: what's the name of the script and what's the name of the symlink in /etc/rc2.d?
<a_c_m_> RoyK: /etc/rc3.d/S20stud -> ../init.d/stud
<RoyK> rc3.d?
<RoyK> a_c_m_: are you at runlevel 3?
<a_c_m_> its in rc2 as well
<a_c_m_> no idea :)
<RoyK> type 'runlevel'
<a_c_m_> 2
<a_c_m_> N 2
<RoyK> N was the last one
<RoyK> 2 is the current
<a_c_m_> RoyK: http://sync.in/MaPRNMovID is the script
<a_c_m_> with my mod, to print out the command its using
<a_c_m_> i thrn run that
<mahmoh> jamespage: ping, openjdk 7 blueprint "OpenJDK7 on non x86 architectures" - that should be all arches right, including arm?
<a_c_m_> RoyK: interesting... i think it might be stud thats at fault
<jamespage> mahmoh, regarding the transition?
<mahmoh> jamespage: yes
<RoyK> a_c_m_: you can use 'logger' to log to syslog from a script
<a_c_m_> as if i "ps -A | grep 'stud'" right after... its running, but by the time the init scripts stopped its dead
<mahmoh> jamespage: well, I guess not transition but default jre - it will be openjdk 7 for arm too?
<jamespage> mahmoh, yes - all archs will transition - but the UDS session needed to discuss non-x86 specifically as some of the new Java7 features are only in the x86 JIT
<mahmoh> jamespage: got it, thank you
<RoyK> a_c_m_: perhaps it relies on something else?
<Captain_Proton> does anyone know if there is a web base ticket system that also has inventory, vendor phone book and possibly allow you to create howto guides?
<a_c_m_> RoyK: its some perms
<a_c_m_> sorry
<a_c_m_> not perms, options i'm setting that are causing it to crash without any error message
<a_c_m_> sorry, and thanks for helping
<a_c_m_> RoyK++
<RoyK> :)
<SpamapS> zul: whats up? (I only have 10 min)
<SpamapS> well, maybe 20
<zul> SpamapS:  i forgot :(
<zul> hallyn: http://people.canonical.com/~zulcss/libvirt
<zul> er...http://people.canonical.com/~chucks/libvirt
<hallyn> zul: thx.  did you already run qa-regression-testing?
<zul> hallyn: no
<hallyn> ok
<gabrtv> i'm using cloud-config with apt_update/apt_upgrade: true..
<gabrtv> on first login i get: *** System restart required ***
<gabrtv> are those precise AMIs going to be updated soon?
<stgraber> hallyn: I remember mentioning it but I'm not sure whether it made it to the work items list, do we have something about extending lxc-attach to allow attaching to only specific namespaces (similar to lxc-unshare)?
<hallyn> yup it's in the list
<stgraber> cool
<stgraber> then we can deprecate lxc-ip :)
<hallyn> should even be in the WI list in the blueprint
<hallyn> well, not exactly.  lxc-ip does one thing and does it well :)
<hallyn> lxc-attach would still need to parse ifconfig output or somesuch
<hallyn> so originally i was thinking we'd drop lxc-ip, but now i'm thinking it might be worth keeping.  oh well, we'll see.
<hallyn> I've got stuff written for the rationale/assumptions/etc (still workingon user stories), but I'm waiting to put them into blueprint until we finalize some details on the backend.  (fwiw)
<stgraber> I'll almost certainly implement a .get_ips() call in the python library using lxc-attach (or direct setns call) to retrieve all the IPs of the container. That seems generally useful to have
<hallyn> true
<hallyn> all right let me send you what I've got right now - it's not all that much, but let's see how it jives with what you're doing
<hallyn> stgraber: sent
<craxor> Hello, I have a question about Ubuntu server.  I am running windows xp on my desktop and the most recent version of ubuntu server on my server.  I am running samba on my server and I can see the server on my windows xp computer but when I try to edit a file on it with my xp computer it says make sure the disk is not full or write protected andol that the file is not currently in use.  Does anyone know why this is happening or can he
<craxor> lp me?
<RoyK> craxor: probably file permissions or samba config probs
<sqwaw> irc logs for this channel?
<patdk-wk> !logs
<ubottu> Official channel logs can be found at http://irclogs.ubuntu.com/ . LoCo channels are now logged there too; for older LoCo channel logs, see http://logs.ubuntu-eu.org/freenode/
<sqwaw> ty ubottu
<sqwaw> from /boot/grub/grub.cfg: can someone explain to me the meaning of multiboot /boot/xen.gz placeholder? specifically the multiboot and placeholder parts?
<gary_poster> apw, hi.  did you happen to get a chance to look back into bug 944386?  Would it help me to get the bug escalated, or should I leave you to it?
<uvirtbot> Launchpad bug 944386 in linux "Making a hard link of a 0444 permission file fails in overlayfs [Precise]" [Medium,In progress] https://launchpad.net/bugs/944386
<apw> gary_poster, sorry been pouring water on anther fire today.  i did look at it, and i think we know the issue just need to find a simple soln.  i should have time to look at it tommorrow
<gary_poster> apw, understood, thank you
<stgraber> hallyn: the list in your e-mail looks good. I'll try and spend some time tonight making a python module matching it and see if any of my current usecases or highvoltage's require more stuff there
<hallyn> stgraber: cool, thanks
<stgraber> hallyn: I know I'll at least want something like lxc_list in there (outside of the container struct obviously) either giving me a list of container name (or a list of container struct, but that's likely going to be too expensive if all the user wants is the name)
<hallyn> stgraber: oh right, of course
<hallyn> silly me :)
<stgraber> though I could probably use glob.glob("/var/lib/lxc/*/config")
<hallyn> no, a list fn should be provided
<kayakyakr> Almost closing time today, but would this be a good place to ask, tomorrow, for a bit of help with the last piece of getting a cloud server set up?
<kayakyakr> Have all the outer services working, but cannot get instances to launch. something with apparmor and libvirt profiles.
<lostogre_> what happened to the dlm-pcmk package in precise?
<Resistance> !info dlm-pcmk precise
<ubottu> Package dlm-pcmk does not exist in precise
<Resistance> !info dlm-pcmk oneiric
<ubottu> dlm-pcmk (source: redhat-cluster): Red Hat cluster suite - DLM pacemaker module. In component universe, is optional. Version 3.0.12-2ubuntu5.2 (oneiric), package size 77 kB, installed size 236 kB
<Resistance> looks like it doesnt exist in precise
<Resistance> !info redhat-cluster precise
<ubottu> Package redhat-cluster does not exist in precise
<lostogre_> but what replaced it?
<Resistance> you assume it was replaced
 * lostogre_ is thinking of a better way to ask the question....
<lostogre_> Well, I need dlm_controld.pcmk and it doesn't appear to exist anywhere. Other than going from source, what are my options?
<lostogre_> I have searched for it with apt-file and it isn't available.
<Daviey> roaksoax: ^^
<pdtpatrick> Has anyone run into this error before ?
<pdtpatrick> https://wiki.ubuntu.com/ServerTeam/MAAS/Juju
<pdtpatrick> This: http://pastie.org/3922991
<Daviey> pdtpatrick: that implies you don't have any nodes in the Ready state.
<Daviey> CONFLICT == not enough resources.
<pdtpatrick> Daviey:  http://cl.ly/2s460y2j0Q3b3N3u1G1g
<pdtpatrick> how long does it usually take to go from commission to ready  ?
<Daviey> pdtpatrick: 2 mins, on a default setup
<Daviey> pdtpatrick: they are either blocked or not powered on.
<sidnei> anyone got a backport of rabbitmq-server from precise -> lucid?
 * sidnei glances at almaisan-away
<pdtpatrick> Daviey:  I'm not seeing anywhere to start it
<pdtpatrick> http://cl.ly/1x3v3h1f3H0s0z3v2e04
<pdtpatrick> it is set to Wake on LAN
<micahg> sidnei: if the backport from precise builds, I'll be happy to approve a backport into the archive for you if you'll test it for me :)
<micahg> hrm, no change backport fails...
<Daviey> pdtpatrick: can you turn it on out of band?
<Daviey> pdtpatrick: some nic's are a PITA with wol.
<pdtpatrick> Daviey:  i've changed them to virsh
<pdtpatrick> is it expecting me to be running KVM somewhere ?
<sidnei> im more than happy to test. :)
<micahg> sidnei: 2.5.0 backport from oneiric works, I'll upload to my PPA if you'd like to test it and then I can approve it for an official backport in the archive
<Daviey> no, virsh is more for a developers/experimental environment
<Daviey> pdtpatrick: ^
<micahg> sidnei: is 2.5.0 new enough?
<sidnei> micahg, im actually runnning 2.5.0, so not new enough no :(
<micahg> sidnei: well, give me a minute
<pdtpatrick> Daviey:  this is the only option i have
<pdtpatrick> http://cl.ly/2B3P0C2s2z261f3l202d
<roaksoax> Daviey: he's gone lol
<pdtpatrick> looks like there' s bug
<pdtpatrick> https://wiki.ubuntu.com/ServerTeam/MAAS/Troubleshooting
<sidnei> Daviey, roaksoax, can any of you merge rabbitmq-server 2.8.2 from debian? seems like you were the last to touch it.
<pdtpatrick> Daviey:  even after following the workaround by editing /etc/maas/import_ephemerals  .. now get: http://cl.ly/0e3w3a2F2J2Q0y3K3F1Q
#ubuntu-server 2012-05-17
<roaksoax> sidnei: we are still early in the process, it will be merged /synced soon
<sidnei> roaksoax, ok, thanks!
<pdtpatrick> I've got to be missing something in this setup. Is the maas server expecting some node to connect to it with the MAC address i created in the webUI? or is it going to create a new node with that mac and fire it up? if so - where do i see what the individual nodes are doing? I see it talks about virsh and WOL (almost as if it expects me to setup a new KVM node using PXE)
<harushimo> hey my maas installation got messed up
<jtv> pdtpatrick: MAAS fires it up.  We have no way to show what a node is doing yet.
<harushimo> I was wondering is there a way to do complete reinstall of maas
<harushimo> it gave me an fatal error last night
<pdtpatrick> jtv: so having gone through the MAAS setup and bringing up the UI, setting up the MAC addy in there pretty much sets up a node for first boot using the images it downloaded. That said, do u know why my setup is stuck on Commissioning ?
<jtv> pdtpatrick: do you see any errors on the node's page in the UI, or on its own console?
<harushimo> anyone
<jtv> harushimo: what kind of error?
<harushimo> fatal error: password authenciation
<harushimo> I just want to complete wipe the install and do a reinstall
<harushimo> I don't know if that is possible
<harushimo> that should fix it
<jtv> You might be able to dump the database, uninstall-reinstall, and then restore the database.  But haven't tried that.
<harushimo> how do I do that?
<jtv> harushimo: before you even start trying, please understand that I have no idea whether it'll work!
<harushimo> it may not
<harushimo> unless I try
<jtv> If you overlap with European timezones, another thing worth trying may be to ask allenap (who should not be online now)
<jtv> I think he did the authentication.
<harushimo> oh okay
<harushimo> thanks
<jtv> There may be some way to re-generate the credentials.
<harushimo> that is what I'm trying to figure out
<jtv> If you're interested (perhaps just for exploration), the MAAS database is in postgres.  I think on an installed system (as opposed to our dev setups) you can log in using âpsql maasâ or dump it using âpg_dump maasâ
<harushimo> log in where?
<harushimo> I can't even access the web interface now
<harushimo> through the terminal?
<harushimo> I can't even install apache on the computer
<harushimo> maas total screwed up a lot of stuff
<harushimo> which is okay
<harushimo> I'm learning
<harushimo> its okay. that is how I learn
<harushimo> I just want to get maas working
<jtv> (sorry, was afk for a brief spell)
<jtv> What I mean is you should be able to log in directly to the database by typing âpsql maasâ on the command line.  I'm not sure you'd be authorized though; haven't worked with an installed setup yet.
<harushimo> its on my computer
<harushimo> I'm authorized
<jtv> Then try it!
<jtv> If it works, it'll give you an SQL shell on the MAAS database.
<harushimo> sudo apt-get psql maas
<harushimo> sudo psql mass?
<harushimo> i get an error fatal: role "harushimo" does not exist
<jtv> Just âpsql maasâ â do you have psql installed?
<jtv> (Stupid me.  Of course you do or you wouldn't have gotten that error)
<harushimo> that is cool
<harushimo> I can't apt-get install anything
<jtv> Then âpsql maas -U maasâ may work.
<harushimo> ok
<harushimo> peer authentication failed for user "maas:
<harushimo> I mean maas
<harushimo> this is always happens
<jtv> So you're not authorized.  :(
<harushimo> how do I authorize myself
<harushimo> I even did this on sudo
<jtv> Basically, the database is set up to authenticate the maas user by checking what _system_ user is making the connection.
<harushimo> ok
<jtv> Try sudo'ing to the user âpostgresâ
<jtv> (It's the PostgreSQL equivalent of root)
<harushimo> sudo postgres -U
<harushimo> or sudo postgres
<harushimo> I may have to do a reinstall of the system
<harushimo> luckily I don't have anything on it
<pdtpatrick> jtv: I'm not seeing any errors
<harushimo> I want to know if there is a way to fix maas
<jtv> pdtpatrick: depending on the version you have, there may be a âRetry commissioningâ button on the node's page.
<pdtpatrick> jtv: so here's the node page: http://cl.ly/19452c2d3M1B3S0Z1J2j and here's the page when i click on edit: http://cl.ly/3S2R1Y43132M1D11291O
<jtv> harushimo: it's a very young project still, so a lot of this will have to mature over time.
 * jtv follows links
<harushimo> thats okay
<harushimo> I just want to get a basic cloud setup
<pdtpatrick> jtv: here's the version of maas i have
<pdtpatrick> ii  maas                0.1+bzr482+dfsg-0ub Ubuntu MAAS Server
 * jtv juggles conversations
<harushimo> thanks guys. I'll be back on later
<jtv> Good luck!
<harushimo> thank you
<jtv> pdtpatrick: I think that's pretty oldâ¦ I haven't kept track of the packaging side of MAAS; any chance there's an upgrade available?
<pdtpatrick> did a full system upgrade and no luck
<jtv> In the original version, I think a node in this state is just stuck.
<pdtpatrick> unless there's a ppa I'm unaware of
<jtv> I can't think of one; maybe there's a backport.  Daviey: do we have newer versions of MAAS available somewhere?
<pdtpatrick> should i use this? : https://launchpad.net/~maas-maintainers/+archive/dailybuilds
<jtv> pdtpatrick: that looks like the same version you have, actually.
<jtv> pdtpatrick: do you have just the one node?
<pdtpatrick> Version: 0.1+bzr482+dfsg-0ubuntu1 vs 0.1+bzr482+dfsg-0+557+50~precise1
<pdtpatrick> i have 7 nodes
<pdtpatrick> http://cl.ly/0j0K2Q2S023E47081i1E
<jtv> And all stuck in Commissioning?  :(
<jtv> What should have happened is this:
<jtv> MAAS fires up the node.  It boots and runs a small script.
<jtv> The MAAS server provides some setup data to it over http.
<jtv> Finally, the script contacts that same http service to signal that it's done commissioning and is now ready to use.
<jtv> Pardon me: the script contacts that same http service to signal that it's done commissioning and *the node* is now ready to use.
<jtv> (The Ready state means that a node is ready for a user to allocate it)
<pdtpatrick> :(
<jtv> What this may mean is that the node was unable to reach the MAAS service.
<pdtpatrick> aahh the daily build was different than mine
<jtv> Then I guess the daily build comes off trunk (lp:maas) rather than the 1.0 branch we released with the 12.04 CD.
<pdtpatrick> http://cl.ly/033t1A1v3D013z163u2R
<jtv> That's a much newer version.  There are some schema changes; I hope the installation script will know how to apply them.
<pdtpatrick> i can see that now
<jtv> Yup, that's from trunk.
<jtv> In that version, you should have a âRetry commissioningâ option on the node page.
<pdtpatrick> don't see that
<jtv> Do you get the âDelete nodeâ option?
<pdtpatrick> http://cl.ly/3k0U40461L1h1Z1z083H
<pdtpatrick> yup
<jtv> Ah, I'm being dense again.  The retry option only appears when commissioning has actually _failed_, and we don't time it out yet if it never finishes.
<pdtpatrick> should i check in /var/log/maas to see if anything is happening ?
<jtv> Always good to have a look.
<pdtpatrick> I'm looking at maas.log and pserv.log and txlongpoll.log
<jtv> In particular, see if you can find an http log that shows requests to MAAS.  Look for the /metadata/ path.
<pdtpatrick> tail -f  shows nothing happening
<jtv> That's not surprising.
<jtv> The txlongpoll.log is of no interest; it's basically for ajax interaction in the UI.
<jtv> The pserv.log is for the provisioning server.  That's the component that (using another product called Cobbler) fires up the node.
<pdtpatrick> http://cl.ly/2u331N1J2p2q3f2h3v0r
<jtv> MAAS did succeed in turning the nodes on, right?
<pdtpatrick> there's my apache2 log
<jtv> (Maybe we should add a favicon.ico just to shut up those errors)
<pdtpatrick> Here's what i did - i installed the maas server according to the guide, i logged into the UI, added nodes and its being stuck on commissioning since
<jtv> Did MAAS manage to power up the nodes?
<pdtpatrick> when u say power? are u expecting a VM to be running somewhere? like in KVM or xbox ?
<pdtpatrick> vbox*
<pdtpatrick> i c this in settings
<pdtpatrick> http://cl.ly/0U0M1B0j3b0G2w2P2X44
<jtv> No, but MAAS needs to turn those machines on in order to control what image they boot into.
<jtv> Now, if you turned those machines on by hand before adding them to MAAS and then left them on, then just rebooting them by hand may do the trick.
<pdtpatrick> in that case, how can i check a machine is turned on is what confuses me. Unless maas gives you a vnc console like KVM and I'm supposed to connect to some node. I also only know the MACs of the servers
<jtv> pdtpatrick: wait, are these virtual or physical machines?
<pdtpatrick> hmmmm i think the docs didn't explain something. It sounds like ur asking whether i have a physical server setup to listen to maas to be provisioned
<jtv> No, just whether these are physical machines we're talking about, or whether these nodes are virtual machines.
<pdtpatrick> jtv: i've not setup any physical or virtual sever which is why i was asking whether maas creates these VMs or is it expecting a machine to be running virtual box or a physical machine with those specific macs that it can go ahead and provision
<jtv> Ah!  Yes, in order to manage servers, you need servers.
<pdtpatrick> Okay so there's no machine  -- i've not setup anything besides entering the MACs on the UI
<jtv> Well that explains why MAAS isn't hearing from those servers.  :)
<pdtpatrick> haha wow -- i think the docs should have explained that :)
<jtv> MAAS is meant to manage physical servers, with as one application, the ability to deploy cloud infrastructure on those machines.
<jtv> I sort of assumed that that would be documented somewhere as well!
<pdtpatrick> i was thinking it is like AWS where it'll fire up an instance and then give u access to it
<pdtpatrick> well - that solves that confusion
<jtv> Yeah.  :)
<jtv> It's _similar_ to AWS, but it manages proper metal.
<jtv> (Hence the name: it manages metal, as a service)
<pdtpatrick> good point :)
<pdtpatrick> hmmm back to the drawing board. Now I'm not sure what the advantage is using this plus openstack vs using servers managed by puppet + mcollective
<jtv> If you've got a minute, I'll file a bug for this and perhaps you can add a quick story of how you got to setting up a MAAS installation without getting presented with the basics along the way?
<pdtpatrick> jtv: will try and do that
<jtv> OK, just a mo'
<pdtpatrick> thanks again
<jtv> There goes my alarm clock.  Scared the life out of me.
<jtv> pdtpatrick: if you would just add the details here: https://bugs.launchpad.net/maas/+bug/1000509
<uvirtbot> Launchpad bug 1000509 in maas "Basics not explained?" [High,Triaged]
<jtv> (You have a Launchpad account?)
<pdtpatrick> yup
<jtv> Great.  Thanks for your patience!
<pdtpatrick> jtv: added
<pdtpatrick> Thanks for you help
<jtv> Thanks.  About the advantage over servers managed by puppet etc., I'm not a sysop and have very little experience with those, but I think the key thing is that you don't just set up servers, manage them, and deploy services on them; you get a pool of servers that you can deploy to specific tasks from the central command line.
<jtv> Or, from the UI, you can allocate servers (or have your users allocate servers), use them, and later release them to the pool again.
<pdtpatrick> that could be interesting
<pdtpatrick> does maas have to control the DHCP server ?
<pdtpatrick> I'm guessing it would since it needs to set up the params for PXE booting ?
<pdtpatrick> most places already have DHCP server so I'm just wondering how is it going to listen on the network to grab those MACs entered in the UI
<pdtpatrick> I guess for now I'm best to just follow the project until it is more mature
<jtv> That's pretty much in a nutshell.  I'm pretty sure we've got a work item in the backlog to make it work with an external DHCP server.
<pdtpatrick> Yup - is there some mailing or newsletter i could follow ?
<jtv> There's a mailing list â hang on, I'll dig it up.
<jtv> maas-devel@lists.launchpad.net is the public development mailing list.
<jtv> It's still pretty quiet; we do most of the work on IRC.
<pdtpatrick> in here or a different room ?
<jtv> A bunch of rooms, to be honest, some private.
<pdtpatrick> i c
<pdtpatrick> well i'll just try to keep with what I can get my hands on.
<pdtpatrick> Thanks again
<jtv> Now, this stuff is out in the open and we want it to be transparent, so feel free to prod us.
<pdtpatrick> You got it
 * jtv is dismayed by the volume of his inbox
<jtv> pdtpatrick: thanks for playing with it and giving us your feedback.  That's important for getting it more mature.  I'll move on to that inbox now!
<pdtpatrick> You're welcome. Take care
<three18ti_> how would I configure bind9 for a local network?  I would like to address my computers by name, so I attempted to to add the following record http://pastebin.com/dAZegGsY
<three18ti_> but I get a server fail when I attempt to dig the address
<three18ti_> /etc/bind/named.conf.local looks like this http://pastebin.com/j40z0Ht3
<three18ti_> ok, just restarted bind and it seems to work...?
<stgraber> hallyn: http://paste.ubuntu.com/991691/
<stgraber> hallyn: that seems easier to SRU than lxc-ip ;)
<stgraber> it's abusing the netns function of ip a tiny bit, but well, it works ;)
<twb> stgraber: is that a new thing?  I'm still on 2.6.32 here, and I haven't noticed "ip netns"
<twb> You should double-quote "$1" and probably error out if lxc-info exits unsuccessfully.
<stgraber> twb: patch was submitted to iproute a year ago, so maybe 11.10 already had it, otherwise it's new in 12.04
<stgraber> twb: yeah, the script was meant as a proof of concept for hallyn more than something I'd really use ;) checking that the container indeed exists and is running, as well as ensuring you're root would be useful at least
<hallyn> stgraber: oh right, I remember eric mentioning that ip supported that.
<hallyn> stgraber: cool.  I'll leave it in your capable hands :)
<stgraber> hallyn: yeah, I've noticed it a few months ago on 12.04 but didn't try to use it with lxc, turned out it's really quite simple ;)
<twb> Okey dokey
<hallyn> do yo uwant to switch it out for q too?
<stgraber> hallyn: not sure for Q, for P it seems like we can get away with just a 2-3 lines delta which should be much easier to SRU
<hallyn> (btw if you want me to follow up on it that's fine, just tell me :)
<hallyn> it's probably more robust to re-use ip...  not that i can see much going wrong with using sys_setns from python
<nathwill> i just bought one of these: http://www.newegg.com/Product/Product.aspx?Item=N82E16816401170 and 12.04 can't see it... any advice?
<stgraber> hallyn: right, looking at lxc-ip's code, I think it'd be better for now to switch to using "ip netns" on both precise and quantal. I think we should also add a function to the API to retrieve all IPs from the container's network namespace so we can get that into lxc-info and the python module
<nathwill> specifically, it can't see the nic.
<stgraber> hallyn: or if you don't want that kind of code in the C library, it should be easy enough to do with ns_attach/execute_in_container from the python code (or in the C code of the python module)
<hallyn> stgraber: yeah i'm not sure it needs to be in the c library.  it's not dependent on anything in liblxc.  But either way
<hallyn> OTOH
<hallyn> stgraber: I need to run soon, but I don't like the ln -s into /run/netns/$1
<hallyn> racy
<hallyn> manpage says that's for named netns.  But the name == the pid, so it seems like it should work just using the pid without that file?
<stgraber> hallyn: apparently ip doesn't support "netns exec PID", only "netns exec NAME"
<stgraber> though I can symlink to anything I want, including the pid
<hallyn> stgraber: better to tmpfile that then
<esuave> how come my server has a static IP set but every once in a while it looses its IP and pulls a dhcp IP
<stgraber> hallyn: indeed, a random name is probably be best to avoid the (unlikely) race
<hallyn> stgraber: yeah i guess that addresses my concern
<hallyn> cool, thanks :)
<hallyn> good night
<stgraber> hallyn: I'll have a look at SRUing this tomorrow (well, putting it somewhere in the SRU queue)
<hallyn> stgraber: wait there's another one waiting for SRU I think
<stgraber> hallyn: and will also fix Jibel's bug in the process (package conflict)
<stgraber> yeah, we have one in proposed currently, so I'll have this one ready to be pushed to -proposed once the other one has cleared
<hallyn> ok cool - thanks
<hallyn> good night
<stgraber> good night
<esuave> what does this mean? ADDRCONF(NETDEV_UP): eth0: link is not ready
<nathwill> oh nm, haha. this damn thing is IPMI..
<nathwill> urgh
<three18ti_> how do I configure a secondary "storage' network?  I set eth1 to address 10.10.10.1/2 and netmask 255.255.255.0 w/o gateway and am able to ping 1/2 from that machine but cannont ping 2/1
<twb> Uh, what?
<twb> Oh I see, that's not a CIDR.
<twb> three18ti_: do not use 1.2.3.4/5 notation, because the /x aready means something else.
<three18ti_> oh, yea.  sorry.
<three18ti_> I mean I have two machines 10.10.10.1 and 10.10.10.2 (n/s 255.255.255.0) connected directly on eth1
<three18ti_> I can ping 1 from 1 and 2 from 2 put I can't ping 2 from 1 and vice versa
<twb> They can't BOTH be directly connected.
<twb> Do you have a switch, or a hub, or what
<three18ti_> so, eht0 is connected to a switch -> router -> internet
<twb> eth0 of which host
<three18ti_> I would like eth1 to be a private "storage" network, but don't have a second switch yet, so I have my two machines directly connected with a patch cable.
<three18ti_> both.  both hosts are connected on eth0 to the internet.
<three18ti_> eth1 should be isolated from the internet.
<twb> I still don't follow.  Please sketch an ascii-art diagram and pastebin it
<three18ti_> ok.
<twb> http://paste.debian.net/169201/ is an example of what I mean (yours need not be so elaborate)
<three18ti_> http://pastebin.com/7a5TK0H7
<three18ti_> not exactly like your example.  Let me know if I'm still unclear.
<three18ti_> I need to switch monitors around, so if I disconnect I'll be right back,
<twb> OK so IIUC you have a normal switched 192.168/16 private network, and you want to additionally hook up a point-to-point connection over separate cables going into separate ethernet ports in the back of Machine1 and Machine2?
<three18ti_> ok, that was fun...
<three18ti_> twb, did that diagram make sense?
<twb> OK so IIUC you have a normal switched 192.168/16 private network, and you want to additionally hook up a point-to-point connection over separate cables going into separate ethernet ports in the back of Machine1 and Machine2?
<three18ti_> yes.
<three18ti_> in the future, I would like this to be a dedicated network, but for the time being it's just a point to point connection.
<twb> OK so just run a cable between them, and do ip link set eth1 up; ip address add dev eth1 brd + 10.10.10.1 peer 10.10.10.2
<twb> Er, sorry, of course "brd +" is not needed on a point-to-point link
<three18ti_> on both machines?
<three18ti_> linkseteth1 ip; ip address add dev eth1 10.10.10.1 peer 10.10.10.2
<twb> On the second machine the IPs would be reversed
<three18ti_> linkseteth1 ip; ip address add dev eth1 10.10.10.2 peer 10.10.10.1
<twb> I don't nkow what "linkseteth1 ip" is; I said "ip link set eth1 up"
<three18ti_> ip link set eth1 ip; ip address add dev eth1 10.10.10.2 peer 10.10.10.1
<three18ti_> yea, apparently I can't type...
<twb> *up* not *ip*
<three18ti_> ok, wow.  thanks! :)
<twb> And you might need to double-check the "peer" part; I usually just use /30's or so.
<twb> The ip a add should set up the route automatically; otherwise you'll also need to use ip r
<mr-rich> Ok, I'm setting up an Ubuntu web server. What is the best free (GPL'd) web control pannel software?
<three18ti_> i just installed webmin today.  it's relatively painless to install.  Not pretty, but it is functional.
<mr-rich> three18ti: Ubuntu doesn't support Webmin
<three18ti_> tell that to... me...
<mr-rich> I just did ... :)
<three18ti_> http://www.webmin.com/deb.html
<three18ti_> Well, you should tell my computers that it doesn't work...
<three18ti_> literally added the repos, updated the key, and apt-get installed it...
<three18ti_> http://i.imgur.com/FGbYO.png
<three18ti_> mr-rich, ^
<twb> I have maintained webmin modules, and in my professional opinion "it is functional" is an outrageous lie.
<twb> It is, as best, marginally less bumbling than a FNG sysadmin
<three18ti_> well, as you can see, I've installed it three hours ago.  So I cannot attest to the functionality of the product.
<three18ti_> */I've/I/
<three18ti_> what do you like twb?
<twb> Learning to use the bloody system.
<linocisco> twb, what is bloody system?
<twb> linocisco: the ubuntu server that you're tasked with babysitting
<linocisco> twb, ok
<three18ti_> twb, what about for reselling web services?  Unfortunately, you can't expect your customers to know what they're doing and expect to make money.
<twb> That industry can die in a fire.
<three18ti_> twb, +1... but it pays my rent...
<three18ti_> I work for a data centre that started as a web hosting company...  we do some bass ackwards $4!t...
<twb> FWIW in that situation, we wrote a little in-house python WHCP that was hard-coded to do what we needed and nothing more.
<twb> Which I'm not happy about, but I'm a lot less unhappy about it than I was about webmin
<three18ti_> ... I hate RHE/CentOS... (don't mind Fedora) but cPanel is not... horrible.  I support mostly WebSitePanel and Helm though... :(
<twb> cpanel is horrible
<twb> It even ships its own broken apache instead of using the distro's one.
<three18ti_> haha, you're just a hater. :P seriously though, what's so horrible about cPanel?  it's certainly better than Webmin.
<twb> three18ti_: 15:04 <twb> It even ships its own broken apache instead of using the distro's one.
<twb> And there was this "easy_apache" thing that got in the way
<three18ti_> it ships with an independent web server so if there is an issue with the apache config, you can still access the CP.  what's so "broken" about it?  I agree with you about easy_apache... it's a pain in the ass.  but as long as you use easy_apache you won't break cPanel (don't even get me started on this).
<three18ti_> so yea, I agree, there's lots of problems with it.  but I challenge you to name a "good" control panel.
<three18ti_> I'm just trying to understand your point of view.
<twb> My point is there is *no* good WHCP.  And it's impossible to build one, because the very idea that a piece of software can take an incompetent user's requests and convert them into competent sysadmin actions, is absurd.
<twb> If the user wants to learn, give them the CLI.  If the user doens't want to learn, let them pay for a competent human operator.
<three18ti_> I can agree with that.  Very astute.
<twb> If there are security reasons to prevent them getting a root shell, then a WHCP is... probably not the best way to enact that security policy.
<three18ti_> it's like I always say, wordpress is a remote shell with a neat blog feature.
<blendedbychris> how can i check if nfs service is running ?
<blendedbychris> http://gluster.org/pipermail/gluster-users/2010-November/005685.html
<blendedbychris> having a issue related to that
<twb> blendedbychris: nfs kernel server?
<blendedbychris> ya
<twb> It will be listed in /proc/mounts
<twb> Oh sorry, brain fart
<twb> rpcinfo -p localhost will mention it, at least
<twb> exportfs will mention specific exports I think
<blendedbychris> twb: The program 'exportfs' is currently not installed.  You can install it by typing:
<blendedbychris> apt-get install nfs-kernel-server
<twb> yes, if you run exportfs without -r it queries the current state of affairs
<twb> blendedbychris: if that package is not installed, you definitely don't have a an NFS server running
<blendedbychris> twb: well
<blendedbychris> http://pastie.textmate.org/private/wbz1tqczepsuc7gtdkoqzq
<pdtpatr1ck> in cluster theres an option to enable nfs
<pdtpatr1ck> it is disabled by default
<pdtpatr1ck> u need to turn that on
<blendedbychris> pdtpatr1ck: i've enabled it
<pdtpatr1ck> r u using version 3 of NFS or version 4 ?
<twb> I am discussing *actual* NFS; I don't know anything about gluster "pretending" to be an NFS server or whatever
<blendedbychris> yes
<blendedbychris> twb: does that look like a nfs server trying to be run though? the last line maybe?
<blendedbychris> twb: i understand that btw :)
<twb> http://paste.debian.net/169208/ is an active lucid NFSv3 kernel server
<blendedbychris> i just wasn't sure if nfs-server was hidden somewhere considering that post references a "kernel" nfs service
<pdtpatr1ck> http://www.gluster.org/community/documentation/index.php/Gluster_3.2:_Using_NFS_with_Gluster
<twb> quota and lock services are TECHNICALLY not required, but it would be unusual for them to be absent
<twb> NFSv4 of course has additional gssapi/krb stuff
<twb> pdtpatr1ck: have you spoken to the gluster people about it?
<blendedbychris> pdtpatr1ck: i have that set to off
<twb> Sorry, wrong nick
<blendedbychris> twb:  ya i'm bugging them
<blendedbychris> but i figured i'd ask the rudimentary "is nfs running" question in here heh
<mr-rich> wow ... webmin seems a bit ... overkill
<pdtpatr1ck> so let me understand ur issue  -- ur using glusterfs and trying to mount the gluster shares as NFS right ?
<blendedbychris> pdtpatr1ck: indeed
<pdtpatr1ck> u don't need NFS-kernel-server
<blendedbychris> pdtpatr1ck: right...
<pdtpatr1ck> you just need the glusterfs package and nfs.enable should be on
<pdtpatr1ck> then u would run mount.nfs -o vers=3 and then the rest of ur setup
<blendedbychris> [2012-05-17 00:26:12.71863] C [nfs.c:240:nfs_start_subvol_lookup_cbk] 0-nfs: Failed to lookup root: Input/output error
<blendedbychris> [2012-05-17 00:29:03.552540] E [nfs3.c:724:nfs3_getattr] 0-nfs-nfsv3: Failed to map FH to vol
<pdtpatr1ck> cluster volume info <vol-name>
<pdtpatr1ck> damn auto correct
<pdtpatr1ck> s/cluster/gluster
<blendedbychris> http://pastie.textmate.org/private/2dyi2vaeqmye7ptvazhrq
<blendedbychris> this has me somewhat concerned [2012-05-17 00:26:12.71806] I [afr-self-heal-common.c:705:afr_mark_sources] 0-srv-replicate-0: split-brain possible, no source detected
<pdtpatr1ck> r u able to mount using the mount.gluster option ?
<blendedbychris> let me try againâ¦ i wasn't able to earlier
<blendedbychris> ah
<blendedbychris> pdtpatr1ck: yes but i get -bash: cd: /srv.gluster: Input/output error
<blendedbychris> [2012-05-17 00:43:10.513155] I [afr-self-heal-common.c:705:afr_mark_sources] 0-srv-replicate-0: split-brain possible, no source detected
<blendedbychris> is related
<blendedbychris> [2012-05-17 00:43:07.409932] W [fuse-bridge.c:419:fuse_attr_cbk] 0-glusterfs-fuse: 2: LOOKUP() / => -1 (Input/output error)
<pdtpatr1ck> does ur status say created? when u run volume info ?
<blendedbychris> says "Started"
<blendedbychris> fwiw these two bricks are empty
<pdtpatr1ck> does lsmod show the driver?
<blendedbychris> driver?
<pdtpatr1ck> try "modproble cluster"
<pdtpatr1ck> whoops
<pdtpatr1ck> "modprobe gluster"
<blendedbychris> FATAL: Module gluster not found.
<pdtpatr1ck> u don't have gluster installed on the client then
<blendedbychris> i don't think that's true
<pdtpatr1ck> does gluster --version show anything ?
<blendedbychris> yes
<blendedbychris> plus i'm using the cli?
<pdtpatr1ck> is fuse loaded ?
<pdtpatr1ck> "modprobe fuse" && dmesg | grep -i fuse
<twb> !ur
<ubottu> U is the 21st letter of the modern latin alphabet. Neither 'U' nor 'Ur' are words in the English language. Neither are 'R', 'Y', 'l8', 'ryt',  'Ne1' nor 'Bcuz'. Mangled English is hard for non-native English speakers. Please see http://geekosophical.net/random/abbreviations/ for more information.
<blendedbychris> modprobe fuse returns nothing
<blendedbychris> [    1.283854] fuse init (API version 7.17)
<nathwill> wat?
<blendedbychris> welcome back?
<pdtpatrick> switched to computer i have gluster running on
<blendedbychris> fuse is running
<blendedbychris> modprobe fuse
<blendedbychris> [ Â  Â 1.283854] fuse init (API version 7.17)
<pdtpatrick> okay
<pdtpatrick> type "mount." and press tab
<pdtpatrick> is gluster one of your options ?
<blendedbychris> i have glusterfs, nfs, fuse
<blendedbychris> yes
<blendedbychris> otherwise i wouldn't have been able to mount -t glusterfs :)
<twb> Grumble intermitting non-breaking spaces, grumble
<blendedbychris> i think this split brain crap is throwing off
<blendedbychris> pdtpatrick: care to take this in #gluster
<pdtpatrick> sure -- those guys know a lot more than i do but let's talk there.
<blendedbychris> twb seems to want a dead chan :)
<twb> blendedbychris: I want people to stop writing IRC clients that automatically convert "     " into " &nbsp; &nbsp; "
<twb> (Where &nbsp; is a non-breaking space, but I assume you can't actually SEE them because if you could, you would fix your IRC client.)
<blendedbychris> twb: ah. i thought you were referring to the multiple lines of thought
<blendedbychris> it's adium, i'm sure it sucks
<twb> blendedbychris: well yo uclaim to be using libpurple
<twb> I mean, if you're going to pretend that IRC is HTML, and want to force whitespace folding, at least do five &nbsp; in a row instead of interposing non-breaking and regular spaces :-/
<twb> >rage<
<twb> *forcibly prevent whitespace folding
<three18ti_> ok... I'm an idiot...  I've followed these destructions: https://help.ubuntu.com/community/SettingUpNFSHowTo
<three18ti_> when I attempt to write to my mounted nfs partition I get a permission denied.
<three18ti_> I mounted as root and am attempting to write as root...
<three18ti_> will need to also be able to write as libvirt user
<three18ti_> machine1 from before is the storage machine and machine2 is the KVM hypervisor.
<twb> three18ti_: if this is just to push data from one host to another temporarily, just use scp or rsync
<three18ti_> twb, ^ machine1 from before is the storage machine and machine2 is the KVM hypervisor.
<three18ti_> is there a better solution than nfs?
<twb> Not really
<twb> Rule #1 of network filesystems is: they all suck.  They especially suck at locking, and they also suck at authentication.  (Except for kerberized ones, which get auth right, but are a royal pain to configure and babysit.)
<twb> Some VM technologies use a sort of fake filesystem implemented in both the host and guest kernels, to exchange data without using the network stack.  e.g. vmware has hgfs.  AFAIK this is not available for KVM at this time.
<twb> If you are on a trusted network, I suggest you avoid NFSv4 and stick to NFSv3 which is much simpler to get going
<three18ti_> well, cloudstack uses NFS for its KVM storage.  I've gotten it to work there, but now I'm trying to do it manually...
<three18ti_> sure, got a link on NFSv3?
<twb> Try the ubuntu server guide
<twb> basically just install nfs-kernel-server and write an exports(5) line; and on the other box install nfs-common and write an fstab(5) line
<three18ti_> lol 8.04 is the first google link.
<twb> three18ti_: /topic
<three18ti_> lol, that's 10.04
<three18ti_> fortunately, the version is canonicalized in the link.
<twb> Shrug.
<yaboo> has anyone used mgetty+sendfax
<KXTwo> Hi everyone, I just installed ubuntu server on an old machine I had ubuntu desktop on.  For some reason eth0 is down, even when I use ifconfig to set it to up, I does not connect to my router, when I reboot eth0 is set back to down
<twb> KXTwo: pastebin your /etc/network/interfaces
<KXTwo> twb: It just had lo in there
<KXTwo> I just added eth0 in there
<KXTwo> but now my system is hanging out waiting for network configuration
<twb> it should be auto lo eth0; iface lo inet loopback; iface eth0 inet dhcp
<twb> ...more or less
<KXTwo> yes hold on ill show you what I have
<KXTwo> twb: here is a dumb question that I SHOULD know
<KXTwo> I can set a static ip address outside the range of dhcp on my router right?
<twb> I'm not stopping you
<KXTwo> twb:  ok I found a typo.
<KXTwo> rebooting
<three18ti_> IDK WTF, but purging and reinstalling nfs seems to have solved the problem... chock one up to the great ubuntu gods.
 * three18ti_ shrugs
<three18ti_> * s/nfs/nfs-kernel-server/
<twb> three18ti_: well, NFS and upstart do not play nice together IME
<twb> three18ti_: so if you restarted recently that might have pissed it off
<KXTwo> I hope this works, for some reason my ps2 keyboad wouldnt let me navigate the bios so had to switch to usb
<KXTwo> twb: it worked, I just ahd a typo in my interfaces file.  15- istead of 150
<KXTwo> now for the hard part, setting up services!
<three18ti_> twb, fscking upstart...  well, I was trying to get NFSv3 to work and was still getting errors, so I rebooted, had to hard power down, then after reboot upon still having errors, apt-get purge / apt-get install nfs-kernel-server and every thing seems to be kosher.
<three18ti_> > 500 MB xfer speeds via nfs and rsync
<three18ti_> (small files for a quick test...
<three18ti_> )
<three18ti_> twb, thanks for the tip,
<three18ti_> mr-rich, see puppet http://docs.puppetlabs.com/learning/
<blendedbychris> is there an easy way to strace a set of pids based on their process name?
<blendedbychris> like in one command instead of doing a ps aux and typing in the pids
<blendedbychris> ah brilliant found something
<blendedbychris> pidof apache2 |sed 's/\([0-9]*\)/\-p \1/g'
<KXTwo> When I installed server, I opted for guided use entire disk and setup LVM.  what is LVM though?
<KXTwo> I know it stands for logical volume management and as Im raeding about it, it sounds like I didn't need itk, I only have one harddrive in there
<twb> LVM is useful if you don't know /a priori/ how much space a filesystem will need.
<twb> i.e. it's pretty much always useful
<twb> In the simplest case, you probably want to keep your OS (/) and user data (/home) on separate filesystems, and so LVM is still useful to avoid reserving too much or too little space for the OS
<KXTwo> twb: oh I dont think tahts how im setup at all
<KXTwo> twb: ive never done that before, where / and /home were different file systems
<KXTwo> or at least if I had I was unaware
<twb> KXTwo: well otherwise if you need to reinstall the OS, you have to take more care not to trash the user data
<KXTwo> twb: something tells me that is a lesson I will learn the hardway
<twb> Shrug
<KXTwo> if thats what LVM does though why does it go with the option use entire disk?  If you were going to have multiple partitions I could see it, but with just swap and primary it seems useless?
<twb> Because partman's guided choices are crap
<twb> The way you use LVM is you say "OK in the first six months, / will need about 2GB and /home will need about 8GB, so allocate those and leave the rest of the disk as unallocated LVM space"
<twb> Then when your users whinge about needing more space, you grow /home to say 16GB
<twb> If you use LVM and you allocate everything up-front, you have missed the point
<twb> LVM is also useful for making temporary snapshots of filesystems, but this also requires (a little) unallocated space in the volume group
<KXTwo> ahh server uses aptitude, I thought apt-get was taking that over
<twb> Uh, you can use either on any ubuntu
<twb> Historically aptitude had substantially better functionality; nowadays that is less noticable.  apt-get still starts substantially faster.
<KXTwo> I actually dont even know the syntax of apt-get lol
<KXTwo> twb: in the past when ive updated via shell, I would type aptitude update then aptitude upgrade.  This howto Im looking at changes it to aptitude update then aptitude  dist-upgrade.  Is there a difference?
<twb> That's wrong.
<KXTwo> which part?
<KXTwo> I did it my way
<twb> As at precise it should be "aptitude update"; "aptitude safe-upgrade" and "aptitude full-upgrade".
<twb> The second will apply upgrades that do not require packages be removed; the third does not have that constraint.
<twb> Historically, "safe-upgrade" was "upgrade", and "full-upgrade" was "dist-upgrade".
<KXTwo> oh
<twb> But as at precise the old command names should emit a warning
<KXTwo> what do you recommend then
<KXTwo> I did upgrade
<KXTwo> then dist-upgrade but no packages were upgraded when i did
<KXTwo> the second one
<twb> In a released version, it would be unusual for full-upgrade to have any effect.
<KXTwo> so my way is fine?
<KXTwo> just update upgrade?
<twb> Sure, whatever
<KXTwo> lol
<KXTwo> ok server question, during install i chose lamp.  that means I already have the apache mysql and php packages right?
<twb> NFI
<blendedbychris> any idea why flock would hang on nfs?
<twb> blendedbychris: nfs client or server
<ARTSIOM> sorry, for asking it again, but I still can't make it work. here is my full conf file placed in /etc/init folder http://paste.org/49317 , but the app is still not starting on boot (but starting fine with "start app"). Am I missing smth?
<KXTwo> the answer is yes lol
<blendedbychris> twb: no idea? hehâ¦ i just see flock in my strace from a php app and it hangs
<twb> ARTSIOM: that script should not work at all
<blendedbychris> php can't write files because of this
<ARTSIOM> twb: but it is for sure working when I am doing "service start torquebox"
<ARTSIOM> twb: what is wrong with it?
<twb> ARTSIOM: you should use this: exec su -u torquebox -c 'exec torquebox run >>/var/log/... 2>&1"
<twb> ARTSIOM: well if it "works" it's only because you're running it as root
<twb> ARTSIOM: that is, your sudo -i line doesn't do what you think
<twb> ARTSIOM: I also encourage you to use syslog(3) or logger(1) to push log entries through the standard log infrastructure, instead of writing to log files directly.
<blendedbychris> twb:  you mentioned a bunch of stuff about lockingâ¦ should i enable like a nolock option maybe?
<ARTSIOM> twb: I have switched to "sudo -i -u", because of my previous problem: "can someone please explaine me how "su - user" command works. In documantation it is said that "-" option will "Provide an environment similar to what the user would expect had the user logged in directly.". But this is not the case for me on 12.04. When I am loging in directly with the user I have a $PATH, which differs...
<ARTSIOM> ...from the one I get when login in with "su - user""
<twb> blendedbychris: that depends if you need locking
<twb> blendedbychris: if you have exactly one NFS client, you probably do not need locking
<twb> ARTSIOM: sorry, I don't care enough to help you further.
<rcsheets> am I crazy, or should I see a hostname *and* an IP address on each "64 bytes from..." line when I "ping 74.125.224.81"?
<rcsheets> e.g. "64 bytes from nuq04s07-in-f17.1e100.net (74.125.224.81): icmp_req=1 ..."
<twb> That depends on the ping
<twb> If there are appropriate forward/reverse resolutions, Ubuntu's ping appears to print both on each echo-reply.
<rcsheets> ok, so if it's in DNS, it should show up?
<twb> if you're resolving stuff via DNS, yes
<twb> Check your resolv.conf and query the DNS server directly with dig, 7c &C
<twb> &c &c, I mean
<rcsheets> ok, so nsswitch has hosts set to "files dns"
<rcsheets> and "host 74.125.224.81" gives me the right hostname
<rcsheets> but if i ping 74.125.224.81, the hostname doesn't show up in the echo-reply output
<twb> "getent hosts 74..."
<rcsheets> fair point...
<rcsheets> that returns the hostname
<twb> Then I don't know why you aren't seeing it
<twb> ping and getent hosts should be using the same syscalls
<rcsheets> ok, so i'm not crazy (at least not because of this)?
<twb> rcsheets: can you reproduce the issue for arbitrary IPs?
<twb> What does ping say for 203.7.155.1
<rcsheets> well i'd call one of google's web servers pretty arbitrary, but sure i'll try that one
<rcsheets> 64 bytes from 203.7.155.1: icmp_req=1 ttl=55 time=196 ms
<rcsheets> etc
<rcsheets> 'getent hosts ...' gives me alpha.cyber.com.au
<twb> Yeah something is wrong there.  Double-check that you get a PTR by other means.
<rcsheets> 'host ...' also yields the hostname
<twb> That is the correct PTR
<rcsheets> DNS seems to be working fine, getent works fine, but whatever ping uses doesn't work fine
<rcsheets> the actual reason i'm asking though is because this is happening on my mysql server (but also other servers), and that's bad because the users' host specifications are written as hostnames.
<rcsheets> so it relies on getaddrinfo (or whatever) working properly
<rcsheets> so access is denied right now for everyone, because the host-by-addr lookup fails
<rcsheets> i would understand this if DNS were failing, but... i'm just really confused
<twb> rcsheets: just in case: know that mysql hard-codes either "localhost" or "127.0.0.1" specially to mean "use sockets instead of ports"
<rcsheets> yeah this is non-local
<rcsheets> but a good thing to note. i've been bitten by that before. localhost is the one it forces to a socket.
<twb> Where is your resolv.conf pointing?
<rcsheets> my ISP's three recursors
<rcsheets> 216.218.196.2, 65.19.175.2, and 65.19.176.2
<twb> If you're chrooted, /etc/resolv.conf might point to a different file
<rcsheets> nothing is running chrooted. ping _certainly_ isn't.
<rcsheets> and this is happening on multiple systems
<twb> Try limiting it to a single resolver, or to 8.8.8.8 specifically.  Check if nscd is running.
<twb> It's also worth noting that ping is setuid
<rcsheets> ah that's a good point
<twb> And of course tcpdump
<twb> And check logfiles :-)
<rcsheets> nscd would be the process name, right?
<twb> Dunno
<rcsheets> ok, a system far away on a different network is doing the same thing (with ping)
<twb> To make things extra interesting, sometimes things work only if nscd *is* running...
<rcsheets> fully updated 64-bit lucid system
<rcsheets> 64 bytes from 203.7.155.1: icmp_seq=1 ttl=49 time=331 ms
<twb> Is this a contanier or openvz ve or anything like that?
<rcsheets> the far-away system is virtual. the ones i was looking at before are one KVM virtual machine and one physical box
<twb> That can cause bizarre issues due to different kernel than expected.
<rcsheets> i will try another physical box
<twb> KVM should be fine
<rcsheets> same result pinging 203.7.155.1
<rcsheets> i'll try changing recursors
<twb> Might also want to compare dig with and without that option that makes it do its own recursing
<rcsheets> dig gives the same results regardless of my resolv.conf settings (modulo the info about where it connected, of course)
<rcsheets> do you have a system where you can verify for sure that 'ping 203.7.155.1' shows the hostname on each echo-reply line?
<rcsheets> btw i don't have nscd installed on any of these boxes
<twb> rcsheets: yes, that happens here, on 203.7.155.1 :-)
<rcsheets> "that" being the reverse lookup?
<twb> Oh, crap
<rcsheets> crap?
<twb> OK, ignore everything I've said for the last twenty minutes
<rcsheets> okay
<twb> It looks up As but not PTRs
<twb> http://paste.debian.net/169212/
<rcsheets> okay
<rcsheets> so the results of 'ping' were a red herring, but mysql still seems to be broken.
<rcsheets> for instance, from margaret.picosecond.org, connecting to kumquat.picosecond.org, i get
<rcsheets> ERROR 1130 (HY000): Host '184.105.204.160' is not allowed to connect to this MySQL server
<rcsheets> which is because 184.105.204.160 doesn't match any users' host patterns
<rcsheets> but normally that wouldn't matter, because mysql would look up the hostname
<twb> Have you asked #mysql about that?
<rcsheets> no, i thought i had a general nss-related issue, because of the ping stuff
<rcsheets> woah, wait a sec. i restarted mysqld and now it's okay?!
<twb> IME when you are using <stupid thing>, it doesn't hurt to check with them if it's a known issue
<rcsheets> i mean, i made a config change. i _turned logging on_.
<rcsheets> you know, i wouldn't be the least bit surprised if whether logging is turned on somehow effects whether hostnames are looked up for new connections.
<rcsheets> just because, well, mysql
<twb> tell me about it
<rcsheets> yeah, and now <random website that was broken> is now fine
<rcsheets> what. the. FFFFFFFFFFFFF
<twb> So the obviousl solution, is to have a cron job that restarts mysqld every ten minutes amirite
<rcsheets> remind me to start charging extra for mysql databases.
<twb> Not that I have ever been ordered to deploy such a solution, ohnono
<rcsheets> ok, well i'm putting the laptop down for a bit and letting my brain relax now that i'm done with that
<rcsheets> many thanks, twb, for talking through all that with me.
<twb> No worries
<rcsheets> even being wrong together about the behavior of ping is better than being wrong alone :)
<twb> !beer
<twb> Useless bots in #ubuntu-* :-/
<three18ti_> twb, you wouldn't -DOWNLOAD- a -BEER- would you?
 * rcsheets pours twb a cold beer
<rcsheets> also, here's a seahorse. http://i.imgur.com/ciTzp.jpg
<twb> In separate steins, I trust
<rcsheets> of course
<samba35> if i have to setup pexlinux what do i require on client side ? do i require bootrom on nic ?
<blendedbychris> is there like an iotop ?
<blendedbychris> indeed
<twb> samba35: do you mean pxelinux?
<samba35> yes
<nibalizer> 142
<nibalizer> thats waht you need
<twb> If so, all you need is a PXE ROM.  Most ethernet NICs ship with one onboard, you simply enable it in the BIOS.
<twb> Otherwise, get either ipxe or gpxe, and bootstrap that from something else (e.g. CD or USB key).
<samba35> ok
<samba35> is ipxe boot over internet ? never heard of ipxe just read about gpxe
<twb> ipxe is a fork of gpxe
<twb> Each claims to be better than the other
<samba35> ahh ok
<samba35> twb, have you ever hard or is it possible to boot ubuntu desktop form (?)pxe  from ubuntu server
<samba35> sorry just thinking of played very long time back on ltsp
<twb> samba35: http://prisonpc.com
<twb> That's an ubuntu desktop booted off PXE
<samba35> ok thank you
<samba35> have you ever tryed ?
<samba35> and sorry not a native english speaker
<twb> samba35: PrisonPC is my product.
<samba35> ahhhhh
<samba35> can i send you pm ?
<twb> Whatever
<twb> Technical questions should be addressed to the channel.
<blendedbychris> night guys
<lynxman> morning o/
<linocisco> hi all
<linocisco> how can I get myname@Ubuntu.com ?
<linocisco> just by signing ubuntu COC?
<nathwill> linocisco, need to be an ubuntu member
<nathwill> https://wiki.ubuntu.com/Membership
<linocisco> nathwill, can you check if I am already a member by seeing my page https://launchpad.net/~naymyowin ? I want to know what to do next
<lynxman> jamespage: thanks for triaging, it was on my todo list for today :)
<jamespage> lynxman, np
<nathwill> linocisco, you'll need to read the section "prodedure for obtaining membership"
<jamespage> lynxman, something weird going on with triggers for mcollective + plugins
<lynxman> jamespage: I reckon its missing the option in the postinst
<linocisco> nathwill, to my understanding, after signing COC, it was done. but now all changed
<nathwill> linocisco... not to my knowledge. ubuntu membership has always been more involved
<nathwill> signing the COC is a prereq, certainly...
<rcsheets> a necessary condition, but not a sufficient condition
<nathwill> linocisco: #ubuntu-community-team is more likely to have details
<linocisco> nathwill, thanks
<nathwill> linocisco: yw. glad you're interested :)
<rcsheets> i have to admit, realvnc enterprise is pretty decent stuff
<eagles0513875> hey guys how can i setup my mail server to work with a different domain if i have a client that wants email hosting and restrict the Maildir accounts to their domain? as well as how can i set quotas on other users in regards to email except for my account
<Mischinka> Is there anyway to install a package that is dependent libmysql16 on ubuntu 12.04 ?
<Daviey> hey zul, fancy checking if the Dep is *needed*? https://launchpad.net/ubuntu/+source/routes/1.13-1/+build/3496282
<zul> Daviey: ack when i get in
<Daviey> get in there!
<Mischinka> hmm this APE Server installation is a pain on precise.
<livtyler> Hello, can EAP and LDAP as a bind user store coexist without interfering with each other?
<zul> Daviey: its in the archive so i dont know whats happening there
<Mischinka> ANyone know how to get this libmysql16 on precise?
<Daviey> zul: Are you kidding me?
<zul> Daviey: too early in the morning
<Daviey> zul: heh, ok. You had me there.
<lollisoft> Hi, I have installed ubuntu server (cloud) on my Mac within VirtualBox using a 8GB disk. Then I installed open ssh and made a snapshot. Then after installing open jdk 6 and rebooting I got a grub error out of partition. Any help?
<brainysmurf> I need an afp share on ubuntu, what's the best package to use?
<brainysmurf> the afp share comes from a mac
<RoyK> netatalk
<brainysmurf> I thought netatalk turns ubuntu into a server; I need a client to connect to afp server
<RoyK> oh
<RoyK> http://bit.ly/L2Ixwv
<veet> Hi! I installed Ubuntu MaaS server, but I have Internal Server Error on http://my.ip.address/MAAS. Can you help me to solve this problem?
<RoyK> veet: have you checked the apache logs?
<brainysmurf> How about sharing via ssh?
<RoyK> sshfs?
<brainysmurf> I found sshfs, but can't get it installed ...
<RoyK> brainysmurf: does the server *only* support afp?
<brainysmurf> RoyK: no, anyway I'm root there
<RoyK> then using something else would possible be desirable
<brainysmurf> you mean not using afp?
<RoyK> yep
<RoyK> nfs is probably better
<veet> I have these errors on apach log: http://pastebin.com/mevBTjqF
<patdk-wk> veet, fix your cgi programs
<veet> All my cgi programs seems correct. I think trouble is in something else.
<hallyn> zul: your libvirt has swarves in build-deps, but dwarves is in univers?
<drPoO> hi all, I am having difficulties installing sun java6 jre on 10.04 LTS. Could anybody point me to a working tutorial?
<cocoa117> drPoO, u still using 10.04?
<drPoO> cocoa117, I will update to 12.04 soon but need to fix java ASAP
<cocoa117> drPoO, so what's the problem
<drPoO> I added http://archive.canonical.com/ubuntu lucid partner to my sources.lst
<cocoa117> that method won't work anymore
<cocoa117> Oricle change Java distribution license
<drPoO> but still get the following message http://pastebin.com/EGmSm2wf
<cocoa117> ubuntu can't distributed anymore
<jpds> drPoO: You have to download it from the Oracle site.
<drPoO> but how can I install it then?
<drPoO> ah
<drPoO> the .bin file?
<cocoa117> yes
<kayakyakr> Alright, I would love to get another eye on this issue I'm having. Trying to get a single server instance of openstack set up and have everything working except for the most important part: launching instances.
<kayakyakr> This is the error I'm getting: http://pastebin.com/21MXmrfX
<kayakyakr> Essentially boils down to one line: libvir: Security Labeling error : internal error cannot load AppArmor profile 'libvirt-8daa5252-9795-42e1-8e5a-f16df7d5932d'
<kayakyakr> I can launch new instances in KVM using virsh and virt-manager, just can't get openstack to launch them
<Hoyt> hi , apt-get dist-upgrade doesn't work in ubuntu server ?
<tash> I've never setup Ubuntu Server on a system with fake raid ( aka bios raid, not a real raid controller ), and I'm having some issues in doing so.  Ubunt 12.04, Supermicro X8SIL-V Mobo, 2 X 500 GB Westerd Digital hdd's, bios Intel raid, everything works until the installer tries to install Grub and it fails.  Anyone else had similar issues that you were able to conquer??
<tash> I tried again and am at the "Detect disks" screen.  Says that one or more drives contains SATA RAID and wants to know if I want to activate the Serial ATA RAID devices.  I assume "Yes", and that's what I did the first couple of times....
<tash> any help would be greatly appreciated.
<rbasak> Daviey: it looks like openipmi in main is too low level. It could be used but ipmitool from freeipmi (in universe) matches the level we need, ie. no low level IPMI knowledge, just commands like "chassis power reset" and "chassis bootdev pxe". ipmitool doesn't look to have any dependencies that aren't in main already. What do you think about promoting ipmitool to main and then using that?
<rbasak> Daviey: apparently ipmitool is already the de-facto standard too.
<Daviey> rbasak: that is the plan.
<rbasak> Daviey: so that's fine then, right? If ipmitool works then there's nothing further for me to test?
<NCommander> Daviey: so we're going to promote ipmitool to main?
<Daviey> rbasak: how come ipmitool from openipmi doesn't work?
<Daviey> NCommander: That is what i am pushign for.. it's a more healthy and polished project IMO.
<rbasak> Daviey: I think it could be made to work, but it's low level so I'd need inside IPMI knowledge. It would make sense to write a wrapper around it to issue high level commands like reboot and change boot device. But is there any need to write such a wrapper when it already exists in ipmitool, even if ipmitool uses its own stack?
<NCommander> Daviey: ipmitool is really just a very small tool that speaks ipmi. open/freeipmi look like IPMI implementations and do other stuff. I'm not quite sure why we even ship those (though I'mstillhaving trouble wrapping my head around openipmi)
<Daviey> rbasak: what do you by low level?
<Daviey> mean by*
<rbasak> Daviey: I would have to use commands like ipmicmd channel [ipmb] IPMB-addr lun netfn [seq] cmd [data1 [data2 ...]]
<rbasak> No idea what that means. ipmitool uses commands like "ipmitool chassis power reset". Presumably that can be translated to the former syntax with a wrapper.
<iSeeDeadPixels> hey, i'm having a MAAS problem
<rbasak> But the wrapper would have to be written.
<iSeeDeadPixels> two actually
<rbasak> Not so much the wrapper but gathering the knowledge needed, at which point the wrapper would fall out of that knowledge.
<iSeeDeadPixels> one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission
<NCommander> In addition an entire new program would have to be written for SOL support
<NCommander> as far as I can tell
<rbasak> Essentially high level command to binary blob translation as I see it.
<Daviey> rbasak: right... so the promotion opportunity is for http://www.gnu.org/software/freeipmi/, when http://ipmitool.sourceforge.net/ is alreayd in main
<Daviey> ^^ two high level projects.
<uvirtbot> Daviey: Error: "^" is not a valid command.
<rbasak> Daviey: no, ipmitool is in universe. ipmicmd is in main (it's from the openipmi package)
<Daviey> openipmi provides a kernel interface, which is useful for poking the BMC directly.. i don't actually know if freeipmi covers that scope
<Daviey> (that scope is required for setting auth and network details on first comission)
<rbasak> ipmitool can poke the BMC directly.
<rbasak> I tried that yesterday
<Daviey> rbasak: So.. ipmitool is the tool we traditionally recommended.. but looking to bump that to freeipmi
<rbasak> auth details I'm not that clear about. I don't full understand the IPMI auth model yet. But it appears that this should work too.
<rbasak> OK so freeipmi I haven't looked at yet. Looks like it's a third one, in universe. What's the reason we want to switch to that?
<Daviey> rbasak: variations of what i use, http://pb.daviey.com/p3xx/
<Daviey> but that uses ipmitool.. which i'm keen to move away from
<rbasak> Looks like freeipmi does have the high level functions I want, but I need to test it
<rbasak> Why do you want to move from ipmitool to freeipmi?
<Daviey> rbasak: freeipmi is a more healthy project IMO, over ipmitool
<rbasak> The vendors appear to be behind ipmitool. They are patching that for their custom commands, not freeipmi.
<Daviey> ipmitool last released in 2007
<Daviey> freeipmi is averaging on montly releases
<rbasak> freeipmi does appear to work for me
<Daviey> rbasak: Where are you seeing the patches?
<rbasak> Daviey: I know of one vendor with unpublished patches for support of some of their vendor-specific stuff.
<Daviey> rbasak: well if it's unpublished, it doesn't impact the Ubuntu Archives :)
<rbasak> Daviey: that same vendor reckons that "everyone else" is also using ipmitool. But I don't think that they're particularly averse to switching if we can convince them it's a good idea.
<Daviey> rbasak: Well the project activity alone is a good indicator
<rbasak> Maybe not the ubuntu archives, but if we want MAAS to have the widest support possible, it would make sense to use the IPMI tool that vendors want us to use and are prepared to patch when necessary. This could still be freeipmi - I'm just asking the question.
<Daviey> freeipmi uses saner config files than ipmitool
<jhobbs> ipmitool uses config files?
<rbasak> config files? Why would we need any?
<Daviey> you can dump the config in xml, edit it, and push it back
<Daviey> ipmitool doesn't support this
<rbasak> Why do we need config files?
<Daviey> freeipmi you can also do 192.168.1.[100-200] chasis power on
<rbasak> What extra state should an ipmi tool be storing?
<Daviey> and it'll do the whole range
<Daviey> rbasak: not state, but config.. i suggest trying it to see what i mean
<kayakyakr> welp, got the openstack running
<kayakyakr> tore down apparmor completely and it works
<rbasak> I just tried it. I have no idea what you mean. What exactly would be in these config files that you would want in there/
<rbasak> ?
<kayakyakr> now have to see if i can do it without destroying system protection.
<hallyn> zul: hm, also i'm getting test failure at build (on q, will try on p to compare)
<Daviey> rbasak: freeipmi was originally declared on https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-arm-system-management .. so vendors were aware.
<stgraber> hallyn: hey, I'm doing some SRU validation for lxc. The testcase in bug 997687 seems weird to me, I don't see anything in there that'd get expanded by the shell, did I miss something?
<uvirtbot> Launchpad bug 997687 in lxc "lxc-start-ephemeral needs to quote $line when echoing" [Undecided,Fix committed] https://launchpad.net/bugs/997687
<rbasak> Daviey: and from what I remember of that session, they objected right at that time.
<jhobbs> <-- I objected
<Daviey> jhobbs: you did?  why?
<rbasak> Daviey: I'm just asking why exactly we want freeipmi. So far the only reason I understand is the range facility.
<jhobbs> because we use ipmitool, as do most of the partners that we've discussed with
<Daviey> rbasak: no, i also stated it's a more healthy project.
<hallyn> stgraber: abc:abc gets expanded
<hallyn> well, '*:*' gets expanded to abc:abc
<jhobbs> and fwiw, that blueprint mentions openmpi, not freeipmi
<rbasak> ok so that's one other (IMO weak) reason. If it's stable and works, why does it need to have a recent release?
<jhobbs> openipmi that is
<stgraber> hallyn: oh, I see, I guess I should have actually checked the code :)
<hallyn> stgraber: the "echo $line" (with $line unquoted) gets expanded for "lxc.cgroup.devices.allow = c *:* m"  :)
<jhobbs> we also use freeipmi sometimes, it has better dcmi support
<Daviey> rbasak: please investigate the differences yourself.
<hallyn> luckily i see that my scripts forwarding what i type to my irc client are properly quoting :)
<stgraber> hallyn: right, fix confirmed. That's all of the fixes from the current SRU confirmed, so we just need to wait for the wait period, then I can upload the next one ;)
<hallyn> here's hoping we don't ge tmore int he meantime
<Daviey> rbasak: Personal experience with openipmi has shown that the kernel module isn't that robust.. it previously has locked up cores for myself.  Parallel execution of tasks lends itself to hyperscale more.  Having a 'detect' utility ipmi-locate fits MAAS well for initial setup (does this work on that box?  it *might* use dmi tables).  Provides some nice abstractions for status, richer bmc watchdog, SOL seems more polished, user experience provides 
<rbasak> OK those sound like good reasons - thanks!
<Daviey> the sensor output is more reliably parsible IME.
<SpamapS> Daviey: who would be good MaaS people to invite to hang out in #juju? We get on average 2-3 questions per 24 hour period in there about MaaS
<stgraber> hallyn: currently running tests, but it looks like all the package lists in lxc-ubuntu are actually useless. We could achieve the exact same by just having a single packages=vim,ssh for all distro versions
<SpamapS> Daviey: and frankly, most of us know almost nothing about maas
<stgraber> hallyn: I think these lists were only relevant before we switched the deboostrap mode to be closer to that of the distro.
<stgraber> hallyn: I confirmed it on precise for now and I'm running tests on lucid, natty and oneiric now
<kayakyakr> woo! openstack server up and running
<kayakyakr> without any sort of apparmor security >_<
<Daviey> SpamapS: roaksoax, smoser, robbiew, jtv, bigjools, flacoste, rvba, allenap, sabdfl.. all MAAS experts :)
<Daviey> i know a thing or two, but those are the best people :D
<robbiew> SpamapS: right...so the same could have been said about juju..until people started *using* it ;)
<anoo> if you mean "Magic As A Service," I want some of that.
<anoo> if it's that same ol' "metal", not really as interesed :)
<SpamapS> robbiew: right, so perhaps what we need is a "beginner's maas" so that we can speak intelligently when people ask about how to fix the provider.
<robbiew> beginner's maas?
<robbiew> like a wiki page?
<pdtpatrick> kayakyakr: was there a guide u followed for Openstack? if so - can you please share?
<robbiew> just trying to understand what's needed...if folks are having problems with the provider...bigjools is their man
<robbiew> and I would agree that he should probably hang out in #juju
<robbiew> but he's also asleep right now ;)
<Daviey> slackr.
<kayakyakr> pdtpatrick: http://docs.openstack.org/trunk/openstack-compute/install/content/ch_installing-openstack-overview.html
<stgraber> hallyn: looks good on all ubuntu releases, so I'll probably SRU it like that, only real changes will be that I'll drop resolvconf on < precise (as it's known to be broken/unreliable) and we won't install dialog (but whiptail is there by default, so if that was for debconf, it'll work exactly as it does today)
<pdtpatrick> ahh you used their docs - that's what  i had used earlier as well. Very long guide. They've got to trim that down or automate it a bit more or allow some setup via a UI.
<kayakyakr> pdtpatrick: it took me about 3 days. i used devstack at first, but you can't transition devstack into a full deployment
<kayakyakr> it really wasn't nearly as complex as getting cloudstack set up... which I never successfully did.
<pdtpatrick> Yeah i spent an entire day getting my setup working. I like how they don't tell you hey - don't lose this "ID" you're going to need it shortly. Or they don't really tell you how the IDs are related so you have to play a bit of guess game. Anyway - once it is up and running, it's a SEKSY project.
<kayakyakr> The hard parts were getting the endpoints properly set up in the identity service, and getting past that apparmor crap
<pdtpatrick> :)
<kayakyakr> Would be nice is openstack had a bit more you could do from the interface. uploading new images, managing endpoints, stuff like that.
<pdtpatrick> I tried the juju openstack charms - FAIL. Was quite excited when i saw the charm
<kayakyakr> ha
<jdstrand> I wrote https://wiki.ubuntu.com/SecurityTeam/TestingOpenStack and didn't have to adjust apparmor at all
<jdstrand> kayakyakr: please file bugs and include your kern.log that has the denials
<kayakyakr> yeah, I saw that option in the 12.04 server install. didn't think it'd work out well.
<kayakyakr> jdstrand: it wasn't a denial, it was http://pastebin.com/21MXmrfX
<kayakyakr> and it failed in both enforce and complain modes
<jdstrand> kayakyakr: can you paste the output of 'cat /etc/apparmor.d/libvirt/libvirt-8daa5252-9795-42e1-8e5a-f16df7d5932d*'
<kayakyakr> doesn't exist
<jdstrand> kayakyakr: I suggest you file a bug using 'ubuntu-bug libvirt-bin'
<jdstrand> and details the steps used to reproduce the bug, etc
<kayakyakr> jdstrand: I'll do that later, though I am unsure if anyone will be able to reproduce. It seems to be rare. The only other mention of the same error with openstack + libvirt in google is in this same IRC.
<hallyn> stgraber: is it bc we stopped doing minbase variant?
<kayakyakr> right now i'm going to be working on getting it imaged
<stgraber> hallyn: yeah
<stgraber> hallyn: I'm doing quite a few other changes to lxc-ubuntu, trying to reduce/remove the need for update every time we release a new ubuntu
<hallyn> stgraber: excellent
<kayakyakr> jdstrand: that's a clean tutorial. some suggestions from my experience: I got mine up with a single network interface. This might be better for a lot of smaller installs. You also skip over the 'volume' service, which is tougher to explain but very, very useful (and not difficult to get set up if you set up LVM properly). euca is useful, but no longer necessary, you can do everything without it.
<jdstrand> yeah, I wanted swift too. it is a work in progress
<jdstrand> thank adam_g-- he walked me through it
<kayakyakr> i skipped over swift for now. wanted to get it running first.
<kayakyakr> something to make a note of: logs for the nova services, when you're using upstart to run them, are located at /var/log/upstart/nova-____.log
<kayakyakr> that took me a few hours of frustration to figure out.
<kayakyakr> and getting the endpoints right was the other thing that took me ages. using the template file might be a much more maintainable method of handling endpoints for small deployments)
<stgraber> hallyn: I think my changes are good to go for lxc-ubuntu. I'll write a changelog based on them then will ask you to review (as there are a good lot of them)
<stgraber> hallyn: http://paste.ubuntu.com/992635/
<stgraber> hallyn: better with the changelog: http://paste.ubuntu.com/992636/
<hallyn> stgraber: part of me wants to suggest waiting until 12.04.1 to change default to precise, but given the feature diff, precise is worth it
<zul> hallyn: gah?
<zul> hallyn: where is it failiting?
<hallyn> test-nonblocking-socket.sh
<hallyn> /home/ubuntu/libvirt-0.9.12/./gnulib/tests/test-nonblocking-reader.h:153: assertion failed
<zul> weird
<hallyn> taht was interesting
<hallyn> there went my byobu session
<hallyn> zul: so you don't get such a failure?
<hallyn> if not i guess i'll dig in...  how utterly weird
<hallyn> zul: oh, what about the universe build-dep ?
<zul> no that doesnt happen for me
<zul> which one?
<hallyn> stgraber: looks good, thanks
<hallyn> zul: dwarves
<zul> hmm...thats something i cherrypicked from debian
<hallyn> it may end up being something we need MIRd, based on the description
<zul> yeah ill get that started
<hallyn> heh, apologies to jdstrand
<zul> hallyn: lemme do the build again and see if i can reproduce again
<hallyn> d'oh.  it's a gnulib test, not a libvirt test
<zul> hallyn: this will disable it: http://anonscm.debian.org/gitweb/?p=pkg-libvirt/libvirt.git;a=blob;f=debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch;h=64f6968fd48f9161cd515d8a1f22e78048dac497;hb=0c361401bb36be6326021182d0e6d28b6495e5ec
<hallyn> zul: ok i guess we need that. t he problem is that the '*-main' test for that one failed to compile, so the test script fails
<zul> logs?
<hallyn> cd gnulib/tests and make test-nonblocking-socket-main
<hallyn> test-nonblocking-socket-main.c:18:20: fatal error: config.h: No such file or directory
<hallyn> sounds to me like bad gnulib
<zul> grrr
<zul> ok ill look into it
<hallyn> no wait, the patch you linked to was for test-nonblocking-pipe.  this is -socket
<zul> hallyn: this is building on precise right?
<hallyn> zul: nope
<zul> hmmmm
<hallyn> I think this has been mentioned to me before in ubuntu-devel, at least some gnulib breakage was known
<hallyn> but ... probably not exactly this
<zul> hallyn: yeah i get that as well, im getting network tests failure as well
<hallyn> zul: networkxml2argvtest ?
<zul> yeah
<hallyn> yeah that seems to not happen every time.  it happened first and third, but not second time...  weird
<zul> it might have failed because i have dnsmasq running
<zul> but yeah its weird
<stgraber> hallyn: doh, you were faster than me ;) (at replying to the lxc-net e-mail on lxc-devel)
<stgraber> hallyn: so the guy will get twice the same answer (though I linked my shell script to my reply, so hopefully he can use that in the mean time)
<hallyn> cool
<hallyn> my hope was he'd come back with the lxc-attach patch :)
<hallyn> jjohansen: I notice we didn't put down an action item for relating to apparmor for lxc.  Are those in the apparmor blueprint?
<zul> Daviey: routes was using a custom repoze.lru
<iSeeDeadPixels> hey, i'm having a MAAS problem
<iSeeDeadPixels> one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission
<zul> Daviey: https://bugs.launchpad.net/ubuntu/+source/python-repoze.lru/+bug/1000914
<uvirtbot> Launchpad bug 1000914 in python-repoze.lru "[MIR] python-repoze.lru" [Undecided,New]
<hallyn> all right, i'm trying to udpate the server guide (https://help.ubuntu.com/12.04/serverguide/dns-configuration.html) to clarify earlier that bind cannot write under /etc/bind
<hallyn> but i'm not entirely clear on, under what conditions will it try to do so?
<KXTwo> Does anyone know if what server might have a dokuwiki channel, I am looking fo rhelping with using dokuwiki on my webserver
<hallyn> is it an allow-update line in the zone section?
<hallyn> stgraber: you need to do something about your mailer :)
<hallyn> people can get uppity about that...
<stgraber> hallyn: my mailer is the default mailer with the default config ;)
<stgraber> hallyn: let me see if I have some broken settings ...
<stgraber> hallyn: hmm, the e-mail preview looks good, so thunderbird is messing with it afterwards...
<hallyn> weird
<hallyn> would be worth makign sure that ubuntu users aren't automatically shunned from lkml and the likes
<Daviey> zul: super
<stgraber> hallyn: looks like enigmail is to blame actually...
<hallyn> ah.  good, i guess
<KXTwo> wow did i ask a dumb question
<iSeeDeadPixels> hey, i'm having a MAAS problem
<iSeeDeadPixels> one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission
<hallyn> zul: would you mind taking 3 minutes today, any time, and quickly reviewing https://code.launchpad.net/~serge-hallyn/serverguide/serverguide-dns-varlibbind/ ?
<zul> hallyn: sure but i dont think i can merge it
<hallyn> zul: right, i just want to make sure it's right.
<zul> hallyn: looks ok to me
<hallyn> i'll do a proper merge request after i can get both you and jdstrand to look at it :)
<hallyn> thanks
<hallyn> jdstrand: if you get a few minutes this afternoon, could you look at https://code.launchpad.net/~serge-hallyn/serverguide/s
<hallyn> erverguide-dns-varlibbind and see if it makes sense to you?
<stgraber> hallyn: can you confirm the e-mail I just sent you appears correctly?
<stgraber> hallyn: apparently the problem was with the needed wrapping when doing inline gpg signing. I changed my settings to do pgp/mime instead which should fix the issue.
<jdstrand> hallyn: what is the reference to /var/lib/ypbind/db.example.com? Other than that, it seems fine. I might note that the apparmor policy is based on the packaging rather than dictating it. not sure if that really needs to be captured in the serverguide, but it seemed sorta like there is a problem with apparmor
<hallyn> jdstrand: what do you mean by what is the reference?  (I'll reword to make clear it comes from policy)
<jdstrand> hallyn: I didn't read the whole thing-- ypbind is the method to use DDNS?
<hallyn> d'oh
<hallyn> typo.  that was supposed to just be /var/lib/bind.  thanks
<hallyn> i'll just drop the apparmor bit again.  it's probably extraneous info.
<jdstrand> ok, that is what I thought (I was not familiar with ypbind in this context :)
<RoyK> yp* == NIS != DNS
<hallyn> yup :)  i was also looking at an nis bug last night, hence...
<stgraber> hallyn: did you have a chance to look at these lxc-ubuntu changes? (planning to get these into quantal later today along with dropping lxc-ip)
<koolhead17> hi all
<iSeeDeadPixels> anyone have experience with MAAS?
<koolhead17> iSeeDeadPixels, shoot your query am sure someone will respond
<iSeeDeadPixels> one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission
<iSeeDeadPixels> but because there seems to be missing stuff
<iSeeDeadPixels> it's a clean MAAS install.
<hallyn> stgraber: the ones from the pastebin?  yes, sorry, thought i had said - they look good
<hallyn> i especially like the improved tests (over 'release = "precise"')
<stgraber> hallyn: good, I'll run a batch of test to make sure I can actually bootstrap and boot all the supported releases, then I'll look at what I want to SRU to precise
<koolhead17> iSeeDeadPixels, if you think something is missing file a bug with all the details and distribution your trying it on, am sure someone will have a look at it. It will help the devs at same time
<stgraber> hallyn: looks like that guy will take care of your lxc-attach work item after all ;)
<hallyn> woot!
<iSeeDeadPixels> and now i am greppin' COMMISSIONING_SCRIPT
<arooni-mobile> generally accepted opinion on using ext4 versus ext3 on a ubuntu production server enviornment?
<KXTwo> I finally have my web server up!
 * wolferz is downloading ubuntu-server now and will be setting up shortly
<poorangus> Good day all. I'm having a very frustrating problem with Postfix. Is this an appropriate place to ask for help?
<JonEdney> poorangus, Go ahead and ask your question.  If someone knows the answer or can provide input, they will.
<poorangus> Excellent.
<poorangus> Under Ubuntu 12.04 LTS, Postfix receives all mail 100% of the time from every service, except Gmail.
<JonEdney> Are there any log entries?
<poorangus> Yes, this is what gets written to mail.log when GMail tries to deliver the email:
<poorangus> May 17 10:23:29 myhostname postfix/smtpd[3547]: connect from mail-pb0-f51.google.com[209.85.160.51]
<poorangus> May 17 10:23:29 myhostname postfix/smtpd[3547]: warning: TLS library problem: 3547:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20:
<poorangus> May 17 10:23:29 myhostname postfix/smtpd[3547]: lost connection after EHLO from mail-pb0-f51.google.com[209.85.160.51]
<poorangus> May 17 10:23:29 myhostname postfix/smtpd[3547]: disconnect from mail-pb0-f51.google.com[209.85.160.51]
<poorangus> So, the connection is being dropped immediately.
<poorangus> Nothing gets written to mail.err ..
<poorangus> Strangely, this only happens with email sent from an email client using Google's SMTP server.
<poorangus> GMail sent from the browser-based client is delivered as expected.
<poorangus> Real stumper, eh?
<poorangus> This is a very clean install too .. installed from DVD, installed the dovecot-postfix package, and did some basic configuration..
<KXTwo> So I forwarded ports 22 adn 80 but when people outside my network put in my public ip address its not connecting?
<stgraber> hallyn: did you notice the natty containers being broken lately?
<stgraber> hallyn: I don't think it's my change breaking them, the rootfs looks good but none of the tty/console jobs start
<stgraber> hallyn: ssh starts though and forcing the console jobs to start works fine, so I'm suspecting something is wrong in whatever triggers rc RUNLEVEL=...
<stgraber> hallyn: lucid, oneiric, precise and quantal all work fine, so it seems to be limited to natty
<hallyn> stgraber: nope, last i ran the tests a few days ago, all worked.
<hallyn> (or is natty not in my list in the testsuite?)
<stgraber> hallyn: tracked it down to the missing "net-device-up IFACE=lo" event
<stgraber> hallyn: wasn't that SRUed to the releases that ship lxcguest?
<stgraber> hallyn: oh right, you fixed it but the SRU is still in -proposed...
<stgraber> hallyn: bug 924337
<uvirtbot> Launchpad bug 924337 in lxc "lxc on precise is not working with lucid containers (container does not reach runlevel 2)" [Undecided,Fix committed] https://launchpad.net/bugs/924337
<stgraber> hallyn: I marked the SRU as verification-done, so it should be moved to -updates soonish
<hallyn> gah.  hate that.  need to start actively looking for those weekly
<hallyn> thanks
<stgraber> hallyn: in case you don't know about it: http://people.canonical.com/~ubuntu-archive/pending-sru.html
<lamont> poorangus: what version of postfix is installed?
<lamont> poorangus: because it feels like a libssl issue actually
<iggi> Can someone help me with recovering a RAID 5 array after OS drive failure? I have a USB live cd in, I installed mdadm, did modprobe raid5, mdadm -E -s shows arrays present, but they are not in /dev/md*
<lamont> iggi: mdadm --assemble --scan
<iggi> lamont, Thanks, that started most of my arrays ( I have 4) the largest one is sating that only 4 of the 6 drives are present, but I can see all 4 partitions in the OS
<iggi> err all 6
<lamont> iggi: that's where  you --examine all of them and figure out if you're willing to just tell it to force assembly even though things are technically not happy
<lamont> as in see the revno for all 6 drives, and you'll probably find that 2 of them are out of date
 * lamont needs to run
<iggi> thanks, I'll look into it
<poorangus> lamont - it's Postfix 2.9.1
<poorangus> Dang it, looks like I missed him.
<iggi> Well hopefully I can get someone else to give me a bit of assistance
<iggi> I'm trying to force mdadm to make the array, but I'm getting Device or Resource busy when it's not even mounted that I can tell
<iggi> Looks like it might be dmraid messing around with it, I'm going to try removing it
<Mischinka> Has anyone properly set up an ape server before? I cant seem to get any guidance as to do so using Precise
<pdtpatrick> Mischinka: http://www.ape-project.org/wiki/index.php/Setup
<pdtpatrick> ?
<hattorihanzo> anyone deal with isseus in byobu in 12.04
<poorangus> so many questions, so few answers :)
<pdtpatrick> hattorihanzo: what issues? I believe Dustin Kirkland is in this room. He might be able to answer if no one else can tackle it
<grendal-prime> hey..im runing 12.04 on vmware.  I removed all the nics.  In the past with 10.04 i needed to remove the /etc/udev/rules.d/70-persistant-net.rules
<grendal-prime> otherwise it would remember the interface isingments for the hardware.  I just deleted that file..and it no longer gets regenerates the file on system start..
<iggi> I'm trying to force assemble a software raid 5 array, however it seems to detect all of my disks as spares, any help?
<jMCg> Hey folks - bug in MySQL on 12.04: http://dpaste.com/749584/
<jose__> hi
<jose__> may i ask a question
<jMCg> jose__: you already did.
<jose__> trolling like a sir
<jose__> ok , here it goes, i have two internet connections (two modems) i want to have 2 gateways in nthe same interface, is it posible?
<jose__> so i can router some ports with one modem, and some other with the other router
<ZenMaster> One hour left of work.
<kees> hallyn: shouldn't clone(..., CLONE_NEWNS, ...) fail if I don't have CAP_SYS_ADMIN ?
<kirkland> hattorihanzo: pdtpatrick: thanks, I'll have a look at that later tonight!
<poorangus> Totally stumped .. anyone able to help with my Postfix woes?
<poorangus> When receiving from GMail: "May 17 10:23:29 myhostname postfix/smtpd[3547]: warning: TLS library problem: 3547:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20:"
<ZenMaster> poorangus: Do you have the write ports?
<ZenMaster> I know that I have to setup a lot of outlook accounts here.
<ZenMaster> imap 993 and ssl and smtp 587 and tls.
<ZenMaster> Of course the log record you posted looks tay say something about a library problem, and a bad recorrd.
<ZenMaster> So sorry i guess that did not really help.
<poorangus> TLS connections using with other ciphers including DHE-RSA-AES256-SHA (256/256 bits), ECDHE-RSA-RC4-SHA (128/128 bits) and RC4-SHA (among others, probably) seem to work. mail-*.google.com usually uses RC4-MD5 (always causing a warning/lost collection), but sometimes uses ECDHE-RSA-RC4-SHA (128/128 bits).
<poorangus> Thinking this is related to the cipher.
<patdk-lap> poorangus, for ubuntu 12.04? this was solved awhile ago on the postfix list, no idea if it made it into ubuntu
<iggi> when I force assembly of my software raid 5 array I get "mdadm: /dev/md3 assembled form 0 drives and 6 spares - not enough to start the array. My question is why does it recognize all the drives as spares?
#ubuntu-server 2012-05-18
<poorangus> patdk-lap: Yes, this is 12.04 .. I have researched this extensively and somehow managed to come up empty
<poorangus> patdk-lap: Would you happen to have a link to the resolution?
<poorangus> patdk-lap: Which list?
<patdk-lap> the postfix maillist
<poorangus> patdk-lap: I'm sorry, there appears to be several. Can you please be more specific?
<poorangus> patdk-lap: wait, think I found it .. smtpd_tls_exclude_ciphers = AES ??
<patdk-lap> no idea, I know the issue is with openssl 1.x, and there was a programming patch to work around/fix it
<patdk-lap> dunno if there was a config adjustment to help or not
<wolferz> I just installed ubuntu server, I need a gui for setting some things up. I installed xinit and e17, but when I startx, there are no system settings, package managers, or anything else at all... Also, my entire sdb drive is forbidden to access... Does anyone have some guidance for me?
<patdk-lap> wolferz, try #ubuntu? we don't do gui here
<wolferz> no one has a gui on their server? ...... wow
<poorangus> wolferz: while you're headed over there, run this: sudo apt-get install ubuntu-desktop
<poorangus> but no, typically a server would not involve any GUI
<patdk-lap> hehe, even windows has dropped gui for servers
<wolferz> I don't want a constant gui, I just need one to set the server up
<wolferz> won't ubuntu-desktop use unnessecary resources?
<wolferz> and open up security issues?
<poorangus> yes, that's why it would normally be excluded
<poorangus> if you want something lighter try this: sudo apt-get install xubuntu-desktop
<poorangus> still not recommended though
<wolferz> I just don't know how to set it up using cli
<poorangus> join the club, buddy!
<wolferz> lol, how'd you manage without the gui?
<patdk-lap> vi, bash, maybe even rsync
<poorangus> I used the patch
<poorangus> and the gum
<wolferz> lol
<poorangus> I did hit a road bump, that's why I'm here .. but hopefully our man @patdk-lap just resolved it.
<poorangus> Re-installing now and then I shall see.
<mariooo> hi all. I'm working on upsizing an LVM pv, however after a reboot i've been dropped to an initramfs shell, and unsure how to remount the disk..?
<mariooo> I know it's /dev/xvda5, ext3/4, and that's about it
<mariooo> I ended up here because before reboot fdisk claimed my device needed a new disklabel built, so I let fdisk do that
<mariooo> http://pastie.org/private/yb9z8tid9hv6z0uotjryq
<poorangus> No!!!
<poorangus> patdk-lap: That didn't work.
<patdk-lap> hmm?
<poorangus> The "smtpd_tls_exclude_ciphers = AES" solution from the Postfix list.
<patdk-lap> heh, didn't think it would
<poorangus> But this is the resolution you were referring to, right?
<patdk-lap> no
<patdk-lap> the solution is a patch
<patdk-lap> that means recompiling postfix
<BentFranklin> What's the right way to populate my resolv.conf these days?
<owh> Salutations. I have an 8.04.4 server which shows that overnight my log went from  May 17 23:42:01 to May 17 16:53:58 - that's right, backwards in time. The May 17 16:53:58 entry is a reboot. When I connected to it, the time was wrong by just under 12 hours. The server is a VMware guest. The underlying host SAN went down around the time of the reboot. Can someone point me in any direction please? My google-fu is not what it is supposed to be and I've never 
<mardraum> BentFranklin: /etc/network/interfaces, dns-* options like dns-nameservers dns-search
<twb> owh: hardware clock set to UTC?
<twb> Oh, VMware.
<mardraum> your vm may be getting time from the host. fix that, and use ntp properly.
<twb> owh: try #vmware; when it runs in a VM, normal timekeeping procedures no longer apply.
<twb> mardraum: ...in particular, you're supposed to use vmware guest stuff instead of NTP, IIRC
<hallyn> kees: CAP_SYS_ADMIN should be required, yes, by kernel/nsproxy.c
<mardraum> twb: I disagree, but whatever works for you :D
<mardraum> (note I didn't say *where* to fix ntp)
<owh> The machine is using the ntp pool. There are no vmware tools installed.
<owh> Hmm. What if I look at this differently. What if the machine went down at 23:42 and came back up with the wrong time.
<BentFranklin> mardraum: Ok thanks, that's where I have it.
<owh> That would account for this.
 * owh breathes a sigh of relief.
<patdk-lap> correct your esxi ntp service to get time
<owh> patdk-lap: You mean the host right?
<owh> (Rather than the guest which is my server.)
<twb> mardraum: "no longer apply" in the sense that if you install ntp on the guest in the hope of protecting it from vmware brokenness, it fails catastrophically
<mardraum> haven't heard of this failure you are talking about
<twb> The reason it's a VM and not a jail is because it's supposed to emulate hardware correctly, such that the guest doesn't know or care that it's in a VM in the first place.  vmware people violate this by telling you to *not* run ntp inside teh guest, but to instead rely on the  vmware guest tools and to only install ntp on the host.
<twb> ...at least, that is what I remember, and I remember being very annoyed at them.  That was a few years back; I run KVM these days.
<owh> Hmm. Locally in my own environment I run ntp to the host, never had any issues.
<twb> Shrug.  Oh well.
<owh> Thanks all. I'm poking the host provider in the eye with a pointy marsupial.
<twb> I prefer monotremes.
<owh> And some of those come with pre-made spikes, excellent. A Monotreme it is :)
<twb> owh: the platypus has a stinging barb, too
<patdk-lap> heh? you can easily run ntp in a guest, if you do it right
<patdk-lap> but I mean someone must have failed to configure the esxi host ntp
<twb> No argument about the latter
<owh> Yeah, that is what I'm thinking too - now that I have a scenario that I can understand :)
<owh> twb: Sorry for the delay, but the image that I thought existed online didn't - now it does: http://demo.itmaze.com.au/australian_animals.jpg
<owh> (It's like the punch-line of a joke being translated from English to Portugese to Batak and back.)
<KXTwo> This might be out of the range of this # but i'm not sure where else I'd ask. I got my server up and running and have been trying to learn network tools.  I installed nmap and it picks up all the devices on the network but my phone.  Is there a reason for that?
<Zanzacar> I have apache2 installed, I have tried to uninstall it and all the config files but I have failed
<Zanzacar> I tried to do sudo apt-get --purge remove apache2 but they persist
<Mischinka> hmm
<SpamapS> Zanzacar: some aren't owned by 'apache2'
<SpamapS> Zanzacar: dpkg -S /etc/apache2
<SpamapS> Zanzacar: that will show you what packages own the files, from there, you can purge those packages too
<Mischinka> SpamapS i believe its a setting in my nginx, but i in my shopping cart when i go to the last area (checkout) the button seems to loop to the same page
<Mischinka> Where would i look to fix this.
<Zanzacar> thanks SpamapS I think that will take care of everythign
<SpamapS> Mischinka: sorry, I'm very tired and about to fall asleep
<nibalizer> so reading about upstart, and getting confused, it says(and i've verified) you can use /sbin/start and /sbin/stop, which is bizare to me since both are symlinks to initctl
<nibalizer> can someone shed light on this
<nibalizer> is like ARGV[0] the name of the file called and somehow this is acted upon
<adac> what is the correct command to create a system user, an user that is created for to start an application only
<nibalizer> adac: you can use useradd/adduser
<nibalizer> but if you want a mysql user, the mysql package should create a user for you
<Daviey> jamespage: thanks for doing the samba merge.
<jamespage> Daviey, np
<jamespage> I needed todo an SRU for it anyway :-)
<Daviey> jamespage: Odd, 'Colin' noticed the issue in Ubuntu.. but 'Clin' noticed it in Debian. :)
<jamespage> lol
<Mischinka> how do i get rid of: identity of this website has not been verified
<Tm_T> Mischinka: by buying proper cert? (if that's what you're asking)
<iSeeDeadPixels> Hello, who has experience with MAAS?
<Daviey> jamespage: you don't fancy doing a re-merge of samba from sid, do you? :) ..
<jamespage> Daviey, can do
<Daviey> iSeeDeadPixels: Quite a few people.
<Daviey> iSeeDeadPixels: We don't maintain an extensive list, as we just don't know who exaclty.. the list would probably be too long.
<iSeeDeadPixels> Daviey, do you have experience with it?
<iSeeDeadPixels> because it's such an annoying thing to set up.
<iSeeDeadPixels> python errors EVERYWHERE
<Daviey> iSeeDeadPixels: I do..
<iSeeDeadPixels> Daviey, i have a error when i run maas test, import oauth failed
<iSeeDeadPixels> and when i want to Commission & Accept i get an internal server error (Can't find a thingy /etc/maas/comm..." because of a missing "/" at the beginning)
<iSeeDeadPixels> ValidationError: [u'Commissioning script is missing: etc/maas/commissioning-user-data']
<Daviey> iSeeDeadPixels: Can you describe how you got to where you are?
<iSeeDeadPixels> i installed MaaS server via a 12.04 Unetbootin thumbdrive
<iSeeDeadPixels> and then i ran maas-import-isos
<iSeeDeadPixels> So yeah, i really hoped it would be better than this, did you have any problems Daviey?
<jamespage> Daviey: is there any etiquette I should be following before uploaded an large number of no-change rebuilds?
<iSeeDeadPixels> Daviey ?
<Daviey> jamespage: how many?
<Daviey> and what for?
<Daviey> iSeeDeadPixels: Hey, it's not an issue i've seen... you used the cd menu option to install?
<iSeeDeadPixels> Daviey, yes
<Daviey> iSeeDeadPixels: i've done this same process 100's of times without issue.. So something is odd.. the on;y difference i can see frm what you have said, is that i didn't use unetbootin
<iSeeDeadPixels> hmmm...
<jamespage> Daviey: pitti answered my question in -devel - around ~90 for the Java7 transition
<iSeeDeadPixels> Daviey http://pastebin.com/P3S0w7mF
<iSeeDeadPixels> Daviey: http://pastebin.com/vE6LFDQi
<iSeeDeadPixels> Daviey, http://pastebin.com/s7RxLHYp
<iSeeDeadPixels> i'm now installing MaaS on a VM
<iSeeDeadPixels> if it works i know i am gonna grab a CD
<Daviey> iSeeDeadPixels: This is really odd... *Something* is different.. but i don't really have enough info to say what..
<Daviey> It's not an issue i'd previously heard of.
<iSeeDeadPixels> Daviey, i wanted to show wy employer that MaaS would be better than RHEV
<iSeeDeadPixels> this kinda... meh
<Daviey> iSeeDeadPixels: you know MAAS isn't directly for virtualisation?
<iSeeDeadPixels> Daviey, i assume you can use MaaS in combination with Xen?
<Daviey> iSeeDeadPixels: no, it's not for that.. it's for providing metal on demand.. Xen isn't metal :)
<iSeeDeadPixels> uhm.
<iSeeDeadPixels> explain me more
<Daviey> iSeeDeadPixels: you can use MAAS to deploy Openstack for example, which provides virtualisation..
<Daviey> but an Ovirt / VmWare style tool, MAAS isn't.
<iSeeDeadPixels> the ni will use maas for openstack
<Daviey> ni?
<Daviey> ah
<iSeeDeadPixels> but what is "metal" then, blank servers?
<Daviey> iSeeDeadPixels: Have you explored the difference between oVirt and OpenStack btw?
<Daviey> iSeeDeadPixels: Well, Ubuntu Servers.. with a meta-data service, and an API exposed to them.
<Daviey> iSeeDeadPixels: power control and commissioning / burn-in etc.
<iSeeDeadPixels> Daviey, dynamically adding and removing servers?
<iSeeDeadPixels> because, if i can use MaaS to distribute the load between the machines for VM'ing, it'd be awesome
<Daviey> that is the intent.. plug in a new server, and it comes part of the pool, automagicaly.
<iSeeDeadPixels> can i create a "node" image and let MaaS use that?
<iSeeDeadPixels> e.g. a openstack configured image
<iSeeDeadPixels> and no, i don't know the difference between oVirt and OpenStack
<iSeeDeadPixels> but i want something close to RHEV, for free.
<Daviey> iSeeDeadPixels: A private cloud, Openstack is like Amazon's cloud.  oVirt is more similar to VMware, for managing virtual machines.
<Daviey> My view is that a 'cloud' scales better.. :)
<iSeeDeadPixels> then i want Openstack
<iSeeDeadPixels> but the whole idea is that i can put a server in the rack, and that i connect the lan, wan and power, and then it should automatically install, configure and be added to the cloud
<brainysmurf> My ubuntu box mounts a afp share served by a Mac; I need that dir writeable by www-data. Has anyone done this? What do I do with acl on the Mac side to get this to work?
<iSeeDeadPixels> i also want VM-Load balancing
<iSeeDeadPixels> so that the VM's get evenly distributed between machines, and if i give a VM priority it should get more resources.
<iSeeDeadPixels> dynamically scaled VM's
<iSeeDeadPixels> if it uses more CPU, give it more CPU
<twb> brainysmurf: what does the dir look like (ls -ld) on the linux side, at present?
<iSeeDeadPixels> if it uses more Mem, give it more mem
<brainysmurf> twb: owned by root, world access
<twb> brainysmurf: is the AFP share kerberized?
<Daviey> iSeeDeadPixels: you are looking for features which don't normally go in hand with a cloud.
<iSeeDeadPixels> well, the CPU and Mem scaling isn't really important
<brainysmurf> twb: NOt sure how an afp share is kerberized, but there is OD on that share I think
<twb> What is "OD"?
<iSeeDeadPixels> as long as the VM's get distributed over multiple machines
<Daviey> iSeeDeadPixels: a well designed application for the cloud (imo), should just expect failure.. if you need to resize, you kill the machine, and start a new one.. The application shouldn't be impacted.
<brainysmurf> Open Directory
<iSeeDeadPixels> Daviey, i just want the VM's to be distributed, i assume that when you use a cloud that the memory and cpu power is combined as one machine?
<Daviey> no
<twb> brainysmurf: you perhaps want to chgrp on the apple side to www-data's numeric group
<twb> brainysmurf: otherwise you need to make the user/group mappings line up, or fiddle with kerberos
<brainysmurf> twb: Do you mean chgrp to www-data's gid?
<iSeeDeadPixels> ugh...
<twb> brainysmurf: yes
<twb> brainysmurf: or of course use something else, e.g. SFTP
<twb> The webserver should not, in general, be writing files
<brainysmurf> twb: Investigated that, apparently OD shares have to be afp according to colleague
<iSeeDeadPixels> Daviey, well, how can i do what i want then?
<Daviey> iSeeDeadPixels: i think you need to spec out what your application needs, then find the right tool for the job.
<twb> Oh, apparenty "Open Directory" is an LDAP server.
<twb> You should speak LDAP to it
<iSeeDeadPixels> Daviey, Xen
<brainysmurf> Wait, I can mount an LDAP?
<twb> No
<Daviey>  iSeeDeadPixels, Your application needs Xen?
<twb> You write LDIFs, which are the LDAP equivalent of HTTP requests
<iSeeDeadPixels> Daviey, the application IS xen
<brainysmurf> twb: Wow that would be slick
<brainysmurf> Didn't even realize you can write to LDAP
<iSeeDeadPixels> i am going to build VM's for hosting and other tasks, i want to be able to distribute the VM's evenly over the machines
<twb> Uh, LDAP is basically a database
<twb> you query it and make changes and so on
<Daviey> iSeeDeadPixels:  In which case you might want XCP
<iSeeDeadPixels> yeah...
<iSeeDeadPixels> but can i still use MaaS or is that not needed then?
<Daviey> iSeeDeadPixels: I really need to get back to work, but i suggest doing further research before settling on something.. and/or speaking to Canonical professional services, or similar.
<brainysmurf> twb Hmm... but it has to look like a directory on the hard drive, the moodle and php need that
<twb> Don't use PHP
<Daviey> iSeeDeadPixels: Nobody i know of has done it, but technically you could use MAAS to deploy XCP, i think.
<twb> http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/
<brainysmurf> Totally agreed; I'm a pythonista myself. No choice, though. Don't worry, I'm slowly getting my client to plone instead of moodle
<Daviey> jamespage: I've just uploaded a new cifs-utils that will depwait on your new, new samba.. thanks muchly.
<jamespage> Daviey, have I not uploaded that yet?
<jamespage> oh - no
<brainysmurf> twb: I don't have a user with same gid as www-data on linux, does this mean I just make one?
<twb> brainysmurf: if it is not kerberized, apple doesn't need the group to exist, it just needs the file to be grouped to that gid
<twb> The resolution of uids/gids to usernames/group names is not needed for anything except humans -- same as IPs don't need hostnames to work
<jamespage> Daviey: just uploaded
<Daviey> ta!
<brainysmurf> So i chgrp'd it to 33 and it reads "33" when I list; that is all? Great explanation, by the way.
<RoyK> brainysmurf: just add the user to the www-data group
<faizanaziz> hiâ¦. my server has solr installedâ¦ I keep getting too many files open errorâ¦. I google and found out that I need to increase ulimitâ¦ however even when i change it the process ulimit does not changeâ¦. Even after restarting the process
<jamespage> faizanaziz, how are you altering the ulimit?
<faizanaziz> ulimit -n 100000
<jamespage> faizanaziz, OK - let me ask that a different way
<jamespage> how are you running solr?
<jamespage> on tomcat? jetty?
<faizanaziz> jetty
<jamespage> faizanaziz, so are you using the standard solr-jetty package?
<jamespage> and restarting the process using the init script?
<faizanaziz> noâ¦ its a solr-jetty recipe from the solr wiki
<faizanaziz> yepâ¦. i restart using the init script
<faizanaziz> this is the setup i am using http://wiki.apache.org/solr/SolrJetty
<twb> faizanaziz: you should apt-get install the supported package
<faizanaziz> twb: thats the legacy 1.4 package we are using 3.6
<twb> Tough
<faizanaziz> hmmm :(
<zul> good morning
<brainysmurf> I think this afp share is kerberorized as www-data still can't write to it. Also just noticed that there's acl permissions in the directory listning
<brainysmurf> *listing
<twb> brainysmurf: might be worth askign ##macosx as well
<brainysmurf> Thanks twb
<zul> hallyn: upated libvirt in the usual place
<hallyn> zul: ok, thx.  i'd like to figure out this initscripts debacle first
<zul> hallyn: k
<Merlin83b> Oh, was trying to join #ubuntu-cloud!
<Pici> Merlin83b: #ubuntu-cloud forwards here.
<Merlin83b> So I see.  I guess we can just talk cloud things here then.
<Merlin83b> Like why on my new cloud live install I'm getting lots of errors about the dashboard being unable to retrieve lists of volumes.
<tash> anyone here used virtuabox on Ubuntu Server before?  As in a virtual machine host, to create individual virtual machines?
<iSeeDeadPixels> how do i install MaaS with PXE boot on a network with Existing DHCP?
<eagles0513875> hey guys I'm running an upgraded 12.04 with xen
<eagles0513875> and I'm gavin tissues when i boot onto the xen kernel that it doesn't load kde as well as it randomly reboots for some reason :(
<iSeeDeadPixels> ok, i'm having a dnsmasq issue along with maas (maas-dhcp)
<iSeeDeadPixels> it won't stick to eth0
<sarthor> HI, how can install java on 12.04 server?
<RoyK> !java
<ubottu> To just use java you need a "Java Runtime Environment" (JRE) and/or a browser plugin. If that is not sufficient you will need a "Java Development Kit" (JDK) aka "Software  Development Kit" (SDK).  Please see https://help.ubuntu.com/community/Java about how to install one of three current implementations.
<chmac> What's the apt-get command to upgrade to a new lts?
<patdk-lap> from?
<chmac> 10.04 to 12.04
<patdk-lap> you never upgrade between releases using apt-get
<patdk-lap> I would recommend waiting for 12.04.1
<patdk-lap> but you use do-release-upgrade
<chmac> patdk-lap: When does 12.04.1 land?
<chmac> Hmm, no do-release-upgrade on this machine, it's an openvz image, so could be more complicated.
<patdk-lap> well, it does help to install it
<chmac> patdk-lap: I need t install do-release-upgrade? `apt-get install do-release-upgrade` says package not found...
<LordOfTime> its in update-manager-core
<LordOfTime> [kahless]% apt-file search do-release-upgrade
<LordOfTime> update-manager-core: /usr/bin/do-release-upgrade
<patdk-lap> it's all explained in the release notes
<patdk-lap> that you did read didn't you?
<patdk-lap> cause if you didn't, your likely in for some big suprises
 * LordOfTime assumes not
<LordOfTime> speaking of which, i should reread the release notes
<LordOfTime> :P
<LordOfTime> yep, thought so
<chmac> Hmm, `do-release-upgrade -d` finds precise, but `do-release-upgrade` does not.
<patdk-lap> also explained :)
<chmac> Outstanding, download times quoted for a 56k modem :-)
<LordOfTime> chmac:  https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes/UbuntuServer#Upgrade
<LordOfTime> you should read the rest of the release notes as well :)
<chmac> LordOfTime: It's a brand new machine, a test vm, so I'm not too concerned, there's nothing to lose, but yes, reading the release notes is probably not a bad idea at some point, thanks for the link.
<LordOfTime> mhm
<LordOfTime> chmac:  its all explained in the release notes :)
<chmac> patdk-lap: Thanks a lot for your help, I appreciate it.
<iSeeDeadPixels> who can help me with setting up MaaS with a existing DHCP server?
<e_t_> iSeeDeadPixels: it might be helpful to describe what's involved in "setting up MaaS with a existing DHCP server." Are there particular steps you're stuck on?
<iSeeDeadPixels> e_t_ i'm stuck on the part where you PXE boot, and get the ISO's from the TFTP server (192.168.11.4)
<iSeeDeadPixels> the DHCP server is on 192.168.11.3
<genii-around> Do you have something like: next-server 192.168.11.4    set in the dhcpd.conf ?
<ninjai> using ubuntu server 11.0, why is SSH 5.8 still in the repo's when SSH 5.9 and 6.0 are out? How can I upgrade to SSH 6?
<iSeeDeadPixels_> genii-around, thanks for the tip, it's working ^_^
<genii-around> iSeeDeadPixels_: You're welcome
<iSeeDeadPixels_> it should be added to the wiki
<iSeeDeadPixels_> https://wiki.ubuntu.com/ServerTeam/MAAS/ see?
<genii-around> Wiki page updated.
<RoyK> wtf - trying to install ubuntu server precise from usb fails, 'fails to mount cdrom'
<KM0201> RoyK: thats a common problem... there's instructions on how to install ubuntu server from CD rom (i can't remember exactly what to do.. but google should turn it up)
<negone> Hello I am trying to setup ubuntu server 12.04 for the first time and im running into some problems
<KM0201> RoyK: what tool did you use to create the USB
<KM0201> negone: i saw your question in #ubuntu, what exact problem are you having?
<negone> I( cant seem to get past the partiion disks part
<negone>  i want one drive setup on a raid0 to host the os and the other 5 set up on a raid 5 to be the data base and so forth
<KM0201> ok
<KM0201> are the current raid 5 drives blank?
<negone> all of them are blank
<KM0201> hmm
<KM0201> i've never set up a raid 5, so i can't help you there.
<RoyK> KM0201: that windows tool
<negone> the raid 5 is set i just need to partition them
<RoyK> usually works well, and mounting the usb thing works too, but it still complains
<KM0201> RoyK: yes, i know that... i've had issues w/ ubuntu's usb creator and ubuntu server... you can try unetbootin, but i suspect you'll have the same issues.
<negone> KM0201 i tried to follow these directions but i keep getting problems https://help.ubuntu.com/11.04/serverguide/advanced-installation.html
 * RoyK gets out an old-school DVD disc and burns the thing
<KM0201> negone: what do you mean you need to partition the raid 5?
<negone> in the setup process it asks me to partition the disks
<KM0201> right.
<negone> thats my problem im not sure what to do here haha
<RoyK> negone: first of all, don't run raid-0 unless you know what dataloss costs
<KM0201> hmm, negone are you new to ubuntu? (just curious)
<RoyK> negone: second, don't use raid-0
<negone> ubuntu server i am
<RoyK> negone: third, use raid-0 only when you know the havoc of getting your data back
<KM0201> RoyK: he's only using the "OS" drive as raid 0
<negone> first time i ever setup a server
<KM0201> negone: what are you using your home server for?
<RoyK> KM0201: doesn't matter - striped disks are evil by default
<RoyK> use mirrors or nothing
<negone> i am a web developer
<RoyK> for os disks
<KM0201> RoyK: i tend to agree..
<KM0201> just saying.
<RoyK> negone: then just do a base install, it uses a single drive and that's fine
<negone> well the website for this is going to be big really big
<RoyK> negone: then, if you want to store data on that system, create a mirror or a raid-[56]
<negone> ecommerce
<RoyK> negone: I'm managing systems with a few hundred drives - they die all the time
<RoyK> all drives die
<KM0201> lol
<RoyK> like people ;)
<negone> haha
<RoyK> seriously
<RoyK> never ever trust a single drive
<negone> this is how my boss wants it set up im just trying to get it done
<negone> he wants one drive as a raid 0 with just the os and the others raid 5
<RoyK> tell your boss he's out of his mind
<RoyK> a single drive isn't raid-0
<negone> im just trying to get past the partision end of the install for ubuntu
<RoyK> negone: raid-[056] support isn't in grub
<RoyK> negone: so use a mirror or a single drive
<negone> well my head hurts already what should i do? i have 6 drives to work with and we want it to be as fast as posible
<negone> accepting any suggestions
<RoyK> negone: what size of those drives_
<RoyK> ?
<negone> the raid 0 is 73 gig and the raid 5 is 586 gig
<RoyK> ok, by raid-0, is that a raid controller exporting that?
<negone> yes
<RoyK> then your raid-0 is a single drive, but both are seen as single drives from ubuntu, right?
<negone> yes
<negone> in the partision menu it just shows up as 2 drives
 * RoyK reinstalls his home server on SSD :D
<negone> haha
<negone> i just need to get to the part where im most useful *coding*
<negone> and thats after the os is installed apache the works
<esuave> is there a way to rsync the output of a grep? example.. grep -irl 'test' * | rsync outputted filenames from grep?
<RoyK> SSD for the root only, some 2TB drives for the data
<negone> RoyK talk me like i just downloaded ubuntu server yesterday
<negone> cause i did :)
<RoyK> negone: heh - been running ubuntu for some five years, linux since 1994 or so
<RoyK> sorry if I was hard on you
<negone> its ok
<negone> its a real learning curve when your just starting
<negone> there is no real instructions its expect you to nkow what everything is
<negone> guh i cant typer
<negone> LOL
 * RoyK just needs to reconnect those eight or so 2TB drives
<RoyK> think my record was 5-6 minutes for a debian server install - ubuntu is a bit slower
<negone> I really need to get this up by today
<RoyK> negone: please ask if there's a problem. the docs usually aren't written for newbies, and that's bad
<cedr> RoyK: Mine was ~30 seconds, although that was with openvz :P
<negone> well im just trying to figure out this partition thing
<negone> i just dont know how to partition it to make it work
<negone> i keep running into problems and it tells me to fix it
<genii-around> negone: Are you trying to resize some old Windows partition? If so and it has not been marked clean by a filesystem check done from inside windows, it will not let you resize it.
<negone> no
<negone> rgw partition disk part of installing ubuntu 12.04
<negone> the*
<zul> hallyn: around/
<esuave> how do i know what version of php is compatible with what version of openssl?
<hallyn> zul: what's up?
<zul> hallyn:  have you seen: "libvir: QEMU error : internal error unable to execute QEMU command 'device_add': Duplicate ID 'virtio-disk0' for device"
<genii-around> negone: There is a pretty comprehensive page on the subject at https://help.ubuntu.com/community/HowtoPartition
<hallyn> zul: is that happening after you disconnect and then reconnect a device?
<zul> hallyn: just attaching the disk device
<zul> i have a disk that is alias to virtio-disk0 for some reason
<hallyn> any other virtio disks in the xml?
<zul> hallyn: http://paste.ubuntu.com/994714/ and http://paste.ubuntu.com/994716/
<hallyn> zul: well you're asking it to be assigned to xvda, what if you do xvdc?
<negone> im doing this from the install window
<negone> so i dont have a lot of options
<negone> nore can i even use a mouse
<hallyn> zul: or really, just get rid of the 'dev="xvda"' in the blockdev one
<genii-around> negone: The information for how much to use, how much for swap, etc is still valid.
<zul> hallyn: blah...nm i suck
<hallyn> zul: ?
<zul> hallyn: i was using xvda
<hallyn> ok :)
<RoyK> ?
<RoyK> s/^.*//g
<zastaph_> what to do if you have an equals sign in a samba password? seems not to work to put password=mypass=123 in .smbcredentials
<sarthor> Hi, I have running a computer shop, Accessories sale / Windows / software installation, Very small shop and a very small business, I want to install some Linux based Free software that can handly my invoicing , accessories detail and daily cash record, I will like the software that have Server and Client, Any idea brothers?
<sarthor> Hi, I have running a computer shop, Accessories sale / Windows / software installation, Very small shop and a very small business, I want to install some Linux based Free software that can handly my invoicing , accessories detail and daily cash record, I will like the software that have Server and Client, Any idea brothers?
<genii-around> sarthor: lemonpos may be close to what you need
<sarthor> genii-around,  has that server and client?
<genii-around> sarthor: It can run standalone, or as server-client model
<stgraber> hallyn: http://paste.ubuntu.com/994956/
<stgraber> hallyn: that's generated by http://paste.ubuntu.com/994957/
<carwatt> hello
<carwatt> guys
<carwatt> i have this trouble
<carwatt> error at dev volgroup00 logvol00
<hallyn> stgraber: i'm just not sure that's in the end going to be more robust than the ioctl-based one :)
<carwatt> how oto repair it?
<carwatt> i run fsck -y
<carwatt> but didnt work
<axisys> how do prevent users from seeing other users' process(es) ?
<hallyn> stgraber: btw, my initscripts patch works great for debootstrap, but i'm not 100% convinced that it'll work right for upgrade i.e. from lucid to precise in a chroot
<stgraber> hallyn: lucid => precise doesn't quite work anyway because of the mounts in /dev and /lib/init
<hallyn> oh?  then maybe i should just live with it and be happy?  :)
<hallyn> stgraber: oh on second look, no, your scripts does look better.  since ip netns does the right things for you.  looks good
<stgraber> the only release we can reasonably upgrade from, inside a container, is precise
<hallyn> in a container.  but what about crazy ppl with a chroot?
<hallyn> maybe i shouldn't care
<stgraber> hmm, indeed, some people may try to upgrade from outside the container, which "might" work
<hallyn> upgrade inside a container (btw) isn't actually affected because it is detected as '! ischroot'
<hallyn> which is fine, it's what we want, bc there will be a proper shutdown.
<stgraber> hallyn: yeah, the shell script doesn't do direct calls to liblxc and doesn't mess with mounts or anything like that, so it should be safer than lxc-ip. I'm still hoping to one day be able to do "lxc-info -n my-container | grep ^ip" :)
<hallyn> heh, don't hope.  we'll make it happen :)
<stgraber> hallyn: http://paste.ubuntu.com/994996/
<stgraber> hallyn: fixed a few race conditions in the process
<koolhead17> hey zul
<koolhead17> hello everyone
<stgraber> hallyn: looking at exactly what lxc-start-ephemeral needs, I'll probably change the function a little so we don't need to parse its output, should make it much smaller and more readable for an SRU
<hallyn> stgraber: yeah that makes sense
<hallyn> hey koolhead17
<koolhead17> hallyn, hello there sir. :)
<stgraber> hallyn: is lxc-start-ephemeral supposed to be working as a regular user? it's giving me quite a few error messages here unless I run it through sudo
<hallyn> stgraber: no, it can't currently work unprivileged
<hallyn> stgraber: they had wanted it to call sudo itself so you don't have to, but then some places do "x > y", and you can't really do "sudo x > y"
<stgraber> hallyn: right, should be easy enough to fix with tee though
<stgraber> hallyn: http://paste.ubuntu.com/995034/ seems to work here
<tmt1020> Would anyone happen to have experience using CloudStack with Ubuntu server and KVM?
<koolhead17> tmt1020, does cloudstack works/pkg in general for 12.04
<hallyn> stgraber: sudo a | tee b, b is unprivileged no?
<stgraber> hallyn: yes, but I used a | sudo tee b >/dev/null
<hallyn> not in that pastebin you didn't
<tmt1020> koolhead17, I'm sorry, I'm still getting familiar with Unix/Linux. Are you asking if CloudStack has a pre-built package for 12.04?
<stgraber> hallyn: gah, I did for one and forgot the two others ;)
<koolhead17> tmt1020, yes
<stgraber> hallyn: http://paste.ubuntu.com/995043/ :)
<tmt1020> They do have a download for Ubuntu in general on their open-source download page. Everything seems to be working correctly, except I'm having trouble adding my KVM host machine (which is running Ubuntu 64-bit 12.04) to the management server.
<hallyn> stgraber: looks good :)  I'm outta here, good night
<koolhead17> tmt1020, you should probability check out #cloudstack
<stgraber> hallyn: good night
<koolhead17> hallyn, night :)
<tmt1020> koolhead17, Gotcha. I posted a message there, I just haven't gotten a response yet. I thought someone here might have some experience with. But I'll check the #cloudstack channel again in the morning and see if I've gotten a response. I appreciate your help!
<koolhead17> tmt1020, np :_
<koolhead17> tmt1020, you might like to try openstack as well if your evaluating cloudy stuff :)
<tmt1020> koolhead17, sounds good. (: I had taken a quick look at it the other day and made a mental note to give it a try next. My main goal at the moment is to get a setup working with a successful failover in case one of the physical VM host machines fails. It looks like openstack would accomplish that goal as well.
<koolhead17> :)
<jMCg> By default, is there anything that caches passwd entries?
<Dead_AssClown> hey how do you delete windows vista os
<mysteriousdarren> Dead_AssClown: delete the partition and repartition it, or delete the files if your gonna boot a different OS
<Dead_AssClown> i need step by step help lol
<mysteriousdarren> Dead_AssClown: what OS are you running?
<Dead_AssClown> ubuntu
<mysteriousdarren> do you have gparted installed? are you going to dual-boot?
<Dead_AssClown> its dual-boot right now, do i really need vista, does it slow down my computer?
<Dead_AssClown> im not a big gamer
<Dead_AssClown> i dont use adobe
<mysteriousdarren> I deleted vista and kept xp until 7 came out.
<mysteriousdarren> this question is better suited for #ubuntu
<Dead_AssClown> newb question right here....i started writing code, whats the best program for linux?
<mysteriousdarren> Dead_AssClown: what language?
<Dead_AssClown> i want to stick with ruby
<Dead_AssClown> downloading ruby from terminal
<Dead_AssClown> wat does the program 'yum' do
#ubuntu-server 2012-05-19
<sarthor_> here is invoice software, Can i get any free like this software in Linux? http://www.hillstone-software.com/invoice_software.htm
<genii-around> sarthor: http://frontaccounting.com/wb3/pages/products/features.php is not bad. There is also a package for it already in Ubuntu
<Hoyt> hi , how should I start the VM after ubuntu-vm-builder completed ?
<Hoyt> the kernel in the config was specified as 'None'
<koolhead17> jamespage, ping
<carwatt> any idea mkdir: cannot create directory `test': Read-only file system
<carwatt> ?
<carwatt> input/output error
<aarcane> I heard ubuntu ditched iet for iscsi target mode for 12.04, but I don't remember what the new system is called.  What's the new system called, and/or where is a quick start guide ?
<Mischinka> Anyone know where i can get ioncube?
<brainysmurf> I want to make a 2,1 xserve an ubuntu box, but I dont' know how curren the information is here https://help.ubuntu.com/community/Xserve2-1
<RoyK> perhaps offtopic, but has anyone seen a mobo being unable to see a pci-ex card when it's in the 16x slot? I know the card works, but maybe the mobo only allows vga cards there?
<brainysmurf> Does anybody know anything about mounting an afp server so that I can have www-data write to it? Specifically, I think I need to do something with the acl on the mac side, but I'm not sure what.
<RoyK> brainysmurf: didn't you say you had root on this server? if so, why would you use afp?
<brainysmurf> Hi RoyK, thanks for helping. I'm actually a bit confused, because my colleague is telling me that afp is a raid.
<RoyK> is a what?
<brainysmurf> RAID
<RoyK> as in redundant array etc?
<RoyK> afp is a protocol, not related to how you store data on disks
<brainysmurf> right, there is a stack of hd below the xserve and they connect to the mac through afp
<RoyK> yes, but the xserve doesn't store data in afp
<brainysmurf> It has a hd, but it's not big enough to hold what I need it for
<RoyK> it probably uses a raid controller and HFS+
<RoyK> AFP is an access protocol, like NFS or CIFS or even NCP
<brainysmurf> So xserve sees those hd as hfs just like anything else, but then serves it up as afp.
<RoyK> yes
<brainysmurf> If that's the case, then why does it show it looks like a network drive on the desktop??
<RoyK> and it can probably serve them with CIFS or NFS as well
<RoyK> brainysmurf: what desktop?
<brainysmurf> the mac desktop, it's not a hd but connected as a network share
<RoyK> yes, that's because you use nfs or afs or something across the network to access it
<RoyK> but on the drives, there's no such thing as afp
<brainysmurf> I think I need to spend some time with this xserve without my colleauge around.
<brainysmurf> She's confusing me.
<brainysmurf> If I have troot on both, what's best to share files if I need to have www-data write to it. sshfs?
<RoyK> nfs
<RoyK> sshfs is generally a good idea when all else fail ;)
<brainysmurf> RoyK: xie xie (thank you in Chinese)
<RoyK> ;)
<alex_____> hi can somebody tell me how i can run the asuse35m-1 deluxe with ubuntu server?
<RoyK> alex_____: what is that?
<alex_____> a mainboard from asus there is the soundchip acl892 on it
<alex_____> i want to hear webradio but there comes no sound out of the speakers
<alex_____> alsamixer works an show me the soundchip aplay also
<samba35> i am facing strange problem ,my internet on my ubuntu dmz server ,today only i am facing this problem how do i diagnose this
<samba35> even apt-get update is taking 15-20 mints where it was 3-4 mints usally
<samba35> but when  i ping download some software on my gateway it was fast
<randomDude> i'm having some issues installing cobbler on ubuntu server 12.04 : http://dpaste.com/750253/
<ikonia> looks like the ip command has the wrong syntax
<randomDude> ikonia: i am unable to control that, all i did was ask apt-get install cobbler
<ikonia> I understand that
<randomDude> perhaps it's a bug with the package then
<ikonia> possible, or your config (eg: it reads your config and the current setup is incompatible with what it's trying to do )
<randomDude> first time i tried to install cobbler on this system
<randomDude> ikonia: nothing i do seems to make apt-get install cobbler... and google only returns results that talk about the deb package info, or things like maas not importing isos (not relelvant to me )
<ikonia> unpack the deb and see what the setup is trying to do and how it fails against your systems setup
<randomDude> not sure how to do that
<ikonia> get the debian source package and have look through the setup
<ikonia> see if the setup script is either a.) got a bug in b.) got something that conflicts with your system
<randomDude> where does dpkg --unpack send its stuff ?
<randomDude> it's not in the folder i'm in nor is it in the folder cobbler deb was in
<ikonia> I'd just grab the source package
<randomDude> can i do that with dpkg?
<ikonia> apt-get source
<randomDude> i'm not even sure what i'm supposed to be looking at, what files does apt-get use to install stuff in a package?
<randomDude> PKG-INFO ?
<randomDude> yeah i have no hope of fixing this which should work by now on a LTS release
<ikonia> the control file should show the layout (I've not got an debian based system here to go through it)
<ikonia> randomDude: it may work fine on an LTS system, it may be something as simple as your machine isn't setup in line with the pre-requisits
<randomDude> so i guess i can't use orchestra thus i shouldn't buy a support contract from canonical if this is whats to be expected
<randomDude> ikonia: what makes my system a "non lts system" ?
<ikonia> randomDude: I didn't say it wasn't an non-lts system
<randomDude> oh i thought you did
<randomDude> as in implied
<ikonia> no, I said your system may not be setup in line with the pre-requisits for cobbler, which is why it's failing
<ikonia> eg: it may not be a problem with the package, more a a problem with how your system is setup
<ikonia> I don't know without looking
<randomDude> i doubt it
<ikonia> why do you doubt it ?
<randomDude> i'm pretty sure the package is broken
<ikonia> !info cobbler
<ubottu> cobbler (source: cobbler): Install server. In component universe, is optional. Version 2.2.2-0ubuntu33 (precise), package size 36 kB, installed size 246 kB
<ikonia> randomDude: why are you pretty sure ?
<ikonia> what research have you done to make yourself "pretty sure"
<randomDude> because my server is standard?
<ikonia> randomDude: standard does mean you've configured it to meet the pre-requists
<ikonia> hang on, I'll get a 12.04 machine running in a vm and test it
<randomDude> why should i have to configure it? thats what i use apt-get
<randomDude> apt-get is suppposed to configure this stuff for me
<ikonia> randomDude: apt-get is a package installer not a "make my machine a certain setup"
<ikonia> randomDude: it will configure cobbler, sure
<randomDude> i mean if apt-get can't configure it to the point where it at least isntalls without failing then...
<ikonia> then what ?
<randomDude> well apparently apt-get can't get it right
<ikonia> please stop talking
<ikonia> your basing this on nothing
<ikonia> the package maybe broken, it may not be
<ikonia> but you've done no research and you're just sat there complaining
<ikonia> I was going to test it for you now, but I can't be bothered as you've already made your mind up so you can have a moan
<ikonia> package is broken, you won't by a support contract, fair enough, move along
<randomDude> :)
<randomDude> it's actually quite a shame, because cobbler installs fine on the same system when it has ubuntu server 10.10 on it.
<ikonia> ok, it's shame, great
<randomDude> shouldn't it stand to reason that if it installs fine on the same system with a previous version of ubuntu and cobbler that there's now something wrong with the version of cobbler that ubunut provide for their latest lts server?
<ikonia> no
<randomDude> oh ok
<ikonia> you've made your mind up it's broken, so find a distro that it's not broken in
<danchou> I just bought a server and want to set it up first can someone tell me how to create a usb install disk of ubuntu server my server does not have a cd drive. Second it comes already installed with vmware is it better to install ubuntu-server first and then install vmware if i want virtuilization which i believe i do not need now
<LordOfTime> danchou:  you can write the image to USB
<LordOfTime> !liveusb
<ubottu> For information about installing Ubuntu from USB flash drives, see https://help.ubuntu.com/community/Installation/FromUSBStick - For a persistent live USB install, see: https://wiki.ubuntu.com/LiveUsbPendrivePersistent
<Mischinka> how do i clear cache on my server?
<danchou> LordOfTime: thanks
<LordOfTime> Mischinka:  which cache?
<Mischinka> in my server block of nginx i have: location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { expires 14d; }
<awutz> can't find the package to install sphinx php client in ubuntu 12.04...
<awutz> i used to do: 'yum install sphinx-php' on centos...
<awutz> bump
<patdk-lap> bump?
<patdk-lap> it doesn't exist
<patdk-lap> use pear to install it?
<awutz> patdk-lap: i'll give that a shot.
<rfrittmann> hi all
<rfrittmann> I just did the HowToForge Perfect Ubuntu 12.04 server, but have some problems with it, mostly networking and DNS related.
<rfrittmann> Some background: the laptop I'm on now is connected to a Linksys WRT54G, then out to an iiNet BOB Lite ADSL/VoIP device to the Internet. IP range from laptop to router is 192.168.2.x, while from router to ADSL is 192.168.1.x
<rfrittmann> From the server (static IP 192.168.2.3) I can ping the router (192.168.2.254), but not the other side of it (192.168.1.254) and cannot connect to the Internet. The laptop I'm on now has a DHCP assigned IP from the router, and as you see, it connects fine.
<rfrittmann> I have pointed the default gateway on the server to the router (192.168.2.254) and the router's own default gateway is the BOB Lite (192.168.1.1), and this works fine for my laptop, but not for the server.
<rfrittmann> Any ideas why this might be?
#ubuntu-server 2012-05-20
<rfrittmann> To complete the steps of the HowToForge Perfect Ubuntu 12.04 Server installation, I installed a second NIC in the server, static IP 192.168.1.3 and connected it striaght to the iiNet BOB. I'd prefer to have it inside the 192.168.2.x network though.
<denaf> why there's no mention of "label" in man interfaces?
<jmarsden> denaf: Because it is a parameter to the ip command, not part of the syntax of the /etc/network/interfaces file , I suppose
<denaf> ive been wondering why having interface label or alias in the interfaces file causes the "waiting for network configuration" issue when booting up
<jsmin12e> Hello
<koolhead17> jamespage, around?
<iggi> I'm having some trouble with a fresh 12.04 install. The system installed just fine, but when boot I get a blank screen after the grub menu and I can't get a text console form ctrl+alt+f1 or f2
<iggi> the system respond to num lock changes and ctrl+alt+del reboots, so it doesn't appear to be completely locked up
<iggi> recovery mode seems to work but then dies immediately due to a degraded array I guess
<iggi> yep, recovery mode worked once I overrode the boot degraded.
<Mischinka> whats the default permissions for files in: /var/www/website.com/
<Mischinka> ?
<Technetium> can anyone help with a kernel performance question?
<RoyK> !ask, Technetium
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<RoyK> Mischinka: owned by the user that created the dir, perhaps root, and with masks according to your current umask, normally 022, so 755, just ls -ld /path/to/dir to view them
<Bilge> So I upgraded to 12 LTS
<Bilge> And now I can't run any ELF binaries
<Bilge> Bash claims the file doesn't even exist
<Bilge> They're 32-bit running on a 64-bit system if that makes any difference whatsoever but they all worked fine before
<Technetium> I set up 4 virtual servers, 2 x12.04 and 2x10.10 - one of each has the default server/generic kernel while the other has the virtualisation optimised kernel. I wrote a bash script loops 5 million times and calculates a square root on each iteration.
<Technetium> Problem is that the 10.10 kernel servers (both virtual & server) running version 2.6.35-2 complete the loops in half the time it takes the 12.04 servers - 4 hours compared to 8!. Any thoughts on why?
<brainysmurf> anbody have efi working for 12 lts on an xserve?
<brainysmurf> Something about needing grub?
<RoyK> Bilge: 32bit libs installed?
<RoyK> brainysmurf: https://help.ubuntu.com/community/Xserve2-1 ?
<Bilge> RoyK: that was the problem, yes
<Bilge> Somehow ia32 libs had become uninstalled during the upgrade process
<Bilge> No idea what Xserve 2 is or what that has to do with anything
<RoyK> Bilge: brainysmurf asked about installing ubuntu on an xserve, therefore the prefix with his nick ;)
<Bilge> Oh shit it's like you're multitasking
<RoyK> :)
<brainysmurf> Thanks RoyK but that url seems out of date.
<RoyK> brainysmurf: have you tried installing yet?
<tash> My resolv.conf file keeps getting wiped out. I've never had this happen before, prior to Ubuntu Server 12.04
<tash> anyone know why?
<jdrab> tash: did you manualy edit your resolv.conf?
<tash> yes
<tash> when I reboot, it gets wiped clean
<tash> is there a package, possibly, that does some cleaning during boot?
<tash> I see dns-clean in init.d, but have no clue what that is
<tash> probably the resolvconf package
<tash> idk
<jdrab> tash: is your resolv.conf empty or not? there are at least two lines with comments
<tash> when I reboot it is empty, if I add nameserver <blah> to it, it works, til I reboot
<tash> am going to add dns-nameservers <blah> to the interfaces file and test
<jdrab> tash: i think you don't need to reboot to test it. just restart your network
<tash> that worked
<blendedbychris> sounds like one is a forward increment and one is reverse
<blendedbychris> is a reverse incremental backup less prone to corruption?
<RoyK> a *reverse* incremental backup? wtf is that?
<blendedbychris> RoyK: instead of starting with a full backup and adding incrementalsâ¦ it takes a full backup and subtracts incrementals
<blendedbychris> so your restore process is backward
<blendedbychris> http://james.lab6.com/2008/07/09/rdiff-backup-and-duplicity/
<blendedbychris> that's what i was reading
<blendedbychris> how do i flush dns cache?
<blendedbychris> ah nm doesn't look like ubuntu caches dns
<blendedbychris> can i prevent iftop from resolving names via rdns?
<guntbert> blendedbychris: try iftop -n
<blendedbychris> got itâ¦ thanks!
<losplaya> hello
<LordOfTime> hi
<losplaya> how you doing lord just wondering if you can advice how to make my phpbb install visible online
<LordOfTime> losplaya:  probably can, depends on what's wrong with the system
<LordOfTime> first question: are you on a residential network or corporate network behind a firewall or router?
<LordOfTime> secondly: how did you install phpBB?  from the package in the repos, or from the .tar.gz that you download from their site
<losplaya> ok so far every thing seem fine i have disabled the fire wall i thinkg its to do with apache as i can see the apache default page
<losplaya> i got it from repos
<LordOfTime> ahh
<LordOfTime> that's problem 1 (no offense)
<LordOfTime> !info phpbb precise
<ubottu> Package phpbb does not exist in precise
<LordOfTime> what's its name in the repos nowadays...
<losplaya> no worries im new to this
<LordOfTime> actually i wonder if it was removed from the repos :PO
<losplaya> i can view it on my local network
<LordOfTime> losplaya:  local network != internet
<LordOfTime> ;P
<LordOfTime> you didnt answer my first question either
<losplaya> home network
<LordOfTime> ah.  behind a router right?
<losplaya> yeah
<LordOfTime> did you forward the ports on the router correctly?:
<LordOfTime> so that port 80 forwards to the system running phpbb
<losplaya> yep got port 80 forwarded to my server
<LordOfTime> hmm
<LordOfTime> i'm not used to apache, but i dont trust repository versions of phpBB
<LordOfTime> they're at least a year behind upstream
<LordOfTime> i'd recommend just using whatever the default directories are for apache, and plop phpBB in there from the download on the phpBB site
<losplaya> i will give that a go
<losplaya> thank you for the advice lord feel like im praying when i talk to you
<LordOfTime> heh
<LordOfTime> tbh, the nick 'TimeLord' is taken xD
<losplaya> lol
<losplaya> first time i have used irc dont know why it has taken me so long
<LordOfTime> heh
<LordOfTime> tbh, i dont use Apache, i use nginx, but considering i'm also one of their bug responders (for nginx), i kind of have bias for using nginx xD
<brainysmurf> LordOfTime nginx rocks
<LordOfTime> brainysmurf:  i know right? :P
<LordOfTime> i use it almost exclusively
<LordOfTime> i'm also jumping on the CVE bugs that've been in Oneiric and prior
<LordOfTime> (they're already fixed in Precise)
<brainysmurf> sweet
<losplaya> i have lot learn
<brainysmurf> I am trying turn two xserves into ubuntu boxes; I found this: http://bit.ly/4I11zK Do I need to do anything for Precise?
<LordOfTime> !efi
<LordOfTime> really?
<LordOfTime> REALLY?
<LordOfTime> ubottu doesnt have anything on it?
<ubottu> LordOfTime: I am only a bot, please don't think I'm intelligent :)
 * LordOfTime glares at ubottu
<brainysmurf> lol
<LordOfTime> i think this'll help, not sure though
<LordOfTime> https://help.ubuntu.com/community/UEFIBooting
<LordOfTime> most of my systems that're servers are converted desktops
<LordOfTime> that sit in an airconditioned room 24/7/365
<losplaya> you be surprised what peeps use for servers
<LordOfTime> this laptop here could technically be a server
<LordOfTime> its runnign a GUI, but its got some server packages on it
<LordOfTime> (nginx, php, mysql, for starters)
<brainysmurf> Yeah these two live in air-conditioned rooms
<brainysmurf> Okay it says to use the alternate mac iso. Thanks What did you google to find that?
<LordOfTime> ubuntu server efi
<LordOfTime> :P
<LordOfTime> but note i dont know \if that's recent
#ubuntu-server 2013-05-13
<codepython777> anyone who knows how to do bandwidth management per user basis when the network is near full utilization?
<psivaa> hallyn: we get http://pastebin.ubuntu.com/5660610/ again in the lxc smoke tests for the last few days
<psivaa> hallyn: hmm possibly the queue is too big and its still waiting.
<webwurst1> hi! i'm using a Intel network-adapter (I350-T2) with sr-iov-capability. finally virtualized ubuntu-server work fine. but on windows an adapter lacking drivers is shown.. the Intel driver for the adapter aborts installation; maybe it is only for host-systems? do i need special windows-drivers for sr-iov adapters?
<hxm> hi
<hxm> i have configured a smtpd in a dedicated server, then i send email using sendmail and google and hotmail detect it as spam
<hxm> i checked the reputation in trendmicro (as someone asked me) and is not blacklisted
<hxm> indeed is not still being used
<hxm> i think is a problem of my configuration related with the DNS txt records
<Katafalkas> Hey. I am quite a noob and this is probably very noobish question, but what happens when you do not set a password for user. in /etc/shadow file there is "*" what does that mean ?
<mardraum> Katafalkas: yes, 'man shadow'
<gyre008> is there a way to list changelog of INSTALLED package on Ubuntu ?
<gyre008> I dont mean to list changes of the deb file available on the server..
<Katafalkas> mardraum: danke <3
<gyre008> I thought apt-listchanges --apt <pkg_name> would do the job but boy was  wrong
<hallyn> psivaa: ok, i've temporarily switched the lxc testsuite to branch the raring lxc bzr branch which works
<psivaa> hallyn: ack
<hXm> hi again
<Daviey> bladernr`: hey, are you around?
<bladernr`> Daviey: I am
<Daviey> bladernr`: hey, just found - https://blueprints.launchpad.net/cloud-testing/+spec/servercloud-1305-cloud-testing
<Daviey> bladernr`: can you mark me the approver please?
<bladernr`> sure
<Daviey> bladernr`: i think it also needs associating with the ubuntu project
<bladernr`> Daviey: possibly, I need to check with ara on that but probably so
<Daviey> bladernr`: Well, it is a ubuntu deliverable.. no?
<bladernr`> Daviey: ok, it's re-targeted
<bladernr`> :)
<Daviey> bladernr`: thanks muchly
<bladernr`> Daviey: did you schedule a UDS session for that testing BP?
<Daviey> bladernr`: not quite yet.. but that is the plan
<bladernr`> we werent' going to schedule it initially (it's already on there for Wednesday)
<bladernr`> mainly because a lot of the discussion for htat is internal and has already occurred
<Daviey> bladernr`: Ugh, surely some primary stakeholders are absent fro the discussion ?
<BAMbanda> Has anyone had success in installing dropbox on ubuntu server?
<TheLordOfTime> who decides what's "default" or available through tasksel or on the ubuntu-server images?
<TheLordOfTime> or better question, who decides the "default" httpd software in the ubuntu images/repositories
<TheLordOfTime> (i kinda assumed there *was* no 'default')
<Daviey> TheLordOfTime: Apache is mostly the default, but the world is changing a bit with the advancement of juju charms.  There are a few factors which drive the decision process, but I feel the weight of this.  Wassup?
<TheLordOfTime> Daviey:  Launchpad Bug 1177919, comment #3
<uvirtbot`> Launchpad bug 1177919 in nginx "Merge nginx 1.4.1-1 (universe) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/1177919
<TheLordOfTime> trying to figure out how to answer them :/
<BAMbanda> Anyone install dropbox successfully on ubuntu server?
<TheLordOfTime> Daviey:  key issue is they are like "Can we make nginx the default"
<TheLordOfTime> my concern: "It's not modular",  "It has no easy-configured "default" php integratoin"
<TheLordOfTime> and a thousand others
<TheLordOfTime> not to mention that nginx is kinda unofficially guardian'd by me :/
<TheLordOfTime> oh, and universe.
<TheLordOfTime> Daviey:  can you dump me a list of the factors which drive the decision of what is "default"
<Daviey> TheLordOfTime: Are you free in 24hrs + 40 mins?
<TheLordOfTime> Daviey:  um...
 * TheLordOfTime checks
<TheLordOfTime> 24hrs + 40 minutes is... 12:00 here...
<Daviey> TheLordOfTime: we have our team meeting then, and it would be great to discuss at the Open Discussion part near the end.
<TheLordOfTime> should be, unless comcast does some stupid crap with the internet
<TheLordOfTime> Daviey:  server team meeting i assume?
<Daviey> yeah
<TheLordOfTime> i *should* be here
<TheLordOfTime> can't guarantee it though
<TheLordOfTime> in the mean time i'd like to give this guy an answer
<TheLordOfTime> would a simple "It's not something we can decide on a whim, and will need further discussion" suffice?
<TheLordOfTime> (or similar)
<tom_ilsinszki> Hey! Some of my cron jobs won't execute (depending on the time settings for the command in crontab). For example if I have a command like this: * * * * * CMD or */5 * * * * CND, then CMD will execute, but if I have it set like this: 54 17 * * * CMD, then CMD will not execute. Can someone help how to run commands in cron whenever I wantâ¦
<Daviey> TheLordOfTime: For 'main' the Ubuntu project tries to make opinionated decisions on what it considers to be the best of free software.  'Best' Is determined by a number of factors, including supportability (inc security) and popularity.  On occasions, we do support more than 1.
<TheLordOfTime> Daviey:  i'd say that the security aspect is the key factor here
<TheLordOfTime> Daviey:  there was a discussion at a prior UDS of moving nginx to main
<TheLordOfTime> but i don't think that went anywhere
<TheLordOfTime> so it's still "universe"
<Daviey> TheLordOfTime: whilst personally I am an apache fan, i am well aware nginx is gaining more popularity - so we should consider it.
<TheLordOfTime> agreed, but the only "ubuntu" maintainer in an unofficial capacity is me, upstream doesn't care and their debian maintainers don't really care much
 * resno supports nginx
<Daviey> TheLordOfTime: Well, kees (formally ubuntu security team tech lead) was hesitant to support it, but that was 2 years ago IIRC.  Things might have changed since then
<TheLordOfTime> i'll try and make it to the meeting, no guarantees I'll remember to bring this up, so if you can jot down about this and then remind me if i'm not /away at the meeting that'd be awesome
<Daviey> It seems to have a better security vulnerability handling procedure than i did then
<TheLordOfTime> at least upstream.
<Daviey> ok, thanks TheLordOfTime
<TheLordOfTime> Daviey:  just as an fyi, two years ago i wasn't handling the nginx bugs :P
<TheLordOfTime> Daviey:  most of the nginx bugs end up fixed in debian, and when they don't i tend to go searching upstream :P
 * TheLordOfTime has become  the unofficial adopted maintainer of nginx in ubuntu *shrugs*
<Daviey> TheLordOfTime: That sounds super
<Daviey> TheLordOfTime: If you ever need to look for sponsorship, or help - do give me a shout.
<TheLordOfTime> ... that reminds me, note to self, apply for nginx PPU rights.
<TheLordOfTime> Daviey:  I tend to go poking -motu for the sponsor uploads, usually don't get to getting things included unless Medium or higher because otherwise "I'll include it in a batch update"
 * TheLordOfTime yawns
<TheLordOfTime> ... bleh coffeetime
<Daviey> o/
<TheLordOfTime> ... oh crap i just realized i forgot to include the bugfix for bug #1162177 in the nginx team's ppa for 1.4.1
<uvirtbot`> Launchpad bug 1162177 in nginx "nginx-light: invalid parameter "ipv6_only=on"" [High,Fix released] https://launchpad.net/bugs/1162177
<TheLordOfTime> whoopsies.
<zul> adam_g:  i just approved the folsom sru branches for the CA btw
<zul> adam_g:  https://code.launchpad.net/~zulcss/nova/havana-pbr/+merge/163578
<shiki-> Does anyone have experience with Wifi (WPA2) and Ubuntu Server?
<adam_g_> zul, what do we do about the cinder 2012.2.4  update? re comments on https://code.launchpad.net/~gandelman-a/ubuntu/quantal/cinder/2012.2.4/+merge/161057
<zul> adam_g_:  ill double check the SRU
<zul> adam_g_:  *sigh* we need to open up an SRU for that one
<zul> (for paramiko)
<adam_g_> zul, there already is one open
<adam_g_> https://bugs.launchpad.net/cinder/+bug/1150720
<uvirtbot`> Launchpad bug 1150720 in cinder "[SRU] There is now a dependency on paramiko v1.8.0" [High,In progress]
<adam_g_> though im having a really hard time testing the fix
<adam_g_> dont know if im using an unrealted test case and cannot reproduce the original, or if the fix is inadequate
<adam_g_> whatever happens with the paramiko update, the pip-requires of cinder needs to be patched regardless
<zul> adam_g_:  agreed ill take a look at it better
<gyre008> can someone tell me when I start acct service...how can I grep its PID ??
<RoyK> gyre008: ps? pidof?
<Pici> pgrep?
<gyre008> hah RoyK Pici but what should I be grepping for!
<gyre008> I tried grep for acct acc ct
<gyre008> notthing found arrgh
<gyre008> yet the log file is being updated
<gyre008> maybe acct does not actually run anything in the userspace ?
<shauno> process accounting is handled in the kernel.  accton is used to turn it on or off, but doesn't run as a daemon
<sarnold> kernel accounting is indeed done by the kernel as processes die
<sarnold> or maybe its as process statuses are reaped?
<gyre008> I see ...yeah I was guessing the same...
<gyre008> sarnold: how do I know if the accounting is enabled ?
<gyre008> I know I can turn it on and off but would be handy to know if its enabled...
<hXm> i configured stmpd, im able to send emails but i got treated as spammer, my reputation is clean and i think is a dns txt record because the machine is multidomain
<hXm> what can i do?
<hXm> i stuck at this
<jacobw> hXm: Many providers require DKIM now
<hXm> yes, i configured it
<jacobw> https://help.ubuntu.com/community/Postfix/DKIM
<jacobw> hXm: Have you tested the mails from your server with the opendkim tools?
<hXm> hm not, thanks there i go
<jacobw> There's some tools in the opendkim package that take a mail with DKIM headers, and the public key file and try to verify the mail
<sarnold> gyre008: I'd assume something like : ls -l /var/log/acct ; /bin/true ; ls -l /var/log/acct ; and see if the timestamps have changed
<sarnold> gyre008: note that's a pretty big assumption on my part :0
<sarnold> :)
<hXm> http://dkimcore.org/c/keycheck this asks for a Selector and i dont know what is that
<luminous> this may be better suited for ubuntu-server, so apologies on the cross post for anyone in #ubuntu..
<luminous> hello! I am following http://code.google.com/p/bigbluebutton/wiki/InstallationUbuntu and after adding their .asc key to apt, my apt-get update breaks with: "W: GPG error: http://ubuntu.bigbluebutton.org bigbluebutton-lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 705F9EED328BD16D" - what ought to be done?
<hXm> jacobw: i sent a test mail to autorespond+dkim@dk.elandsys.com and i got this (host megawatt.resistor.net[208.69.177.116] said: 450 4.7.0 Greylisted by Eland Systems - Please retry after 8 minutes (in reply to end of DATA command))
<hXm> in the mail.log
<hXm> do i really need wait 8 minutes or it is a missconfiguration?
<sarnold> wait 8 minutes
<sarnold> greylisting relies upon spammers being too greedy to have deployed decent MTAs to their botnets
<sarnold> they want raw sending speed, not RFC compliance :)
<hXm> aha
<luminous> any thoughts on properly adding keys to apt in 10.04?
<hXm> these are the slowest 7 minutes in life
<jacobw> luminous: apt-key-add
<sarnold> hXm: haha :)
<sarnold> luminous: you should verify from some trusted source that 705F9EED328BD16D is the correct key for whichever repository you are trying to configure
<luminous> jacobw: the instructions I'm following (see link above) sent me through: echo "deb http://ubuntu.bigbluebutton.org/lucid_dev_08/ bigbluebutton-lucid main" | sudo tee /etc/apt/sources.list.d/bigbluebutton.list
<sarnold> luminous: the wget command immediately before is the important one
<sarnold> luminous: if and only if you trust this group to have root access on your computer.
<luminous> sarnold: err, sorry, I meant to post that
<anepanal1ptos> not really ubuntu related, but do dual cpu server motherboards _need_ two cpus? or can i put one and 'expand' later?
<luminous> sarnold: as in, who knows what is in that wget download.. or..?
<sarnold> anepanal1ptos: should run fine on just one CPU..
<anepanal1ptos> sarnold: thank you.
<sarnold> luminous: that wget downloads their public key from their web server
<sarnold> luminous: and the apt-key-add command adds it to your apt repository's list of trusted keys
<luminous> how am I giving out root access then?
<sarnold> luminous: because package installed on a server using that key can provide their own postinst scripts that run as root
<sarnold> luminous: that came out wrong :) packages, downloaded from APT repositories with lists signed by that key, can run arbitrary postinst scripts as root
<luminous> ok I can see that
<jacobw> dpkg runs as root
<luminous> sarnold: isn't that the same issue with any ppa you add?
<sarnold> luminous: yes.
<luminous> ok
<luminous> good to know
<sarnold> and knowledge is power!
<luminous> anyway to verify post-instal scripts as/before they run?
<sarnold> not easily; download packages, unpack, read scripts :/
<luminous> :(
<luminous> and going back to the original question, provided I copy/pasted those three commands correctly, from their install doc, I should not end up with that error, no?
<luminous> or what am I doing wrong there?
<jacobw> If the package is signed, you know that it came from the PPA associated with the key, beyond that there's no way of verifying that a maintainer script is not malicous without reading it
<sarnold> luminous: re-run the wget command, and paste any errors..
<luminous> jacobw: it'd be really cool if ubuntu were smart enough to show you something like that for confirmation, when it knows the package is not coming from official repos
<hXm> i think i found the problem
<luminous> ah, I see the problem..
<hXm> google uses spf
<jacobw> luminous: apt does that, if you try to install a package it can't verify it'll warn you and prompt you whether to install it or not
<hXm> but can i add a spf record for ipv6?
<luminous> jacobw: that isn't what i mean.. I mean that a post-install script be shown for verification/confirmation, if the pkg is not from an official repo
<luminous> not just "do you want this package"
<luminous> sarnold: I ran the first wget through my salt master, and it didn't get to run on the minion for a different reason
<jacobw> You should read the maintainer script if your worried anyway :)
<sarnold> luminous: well, the postinst is just the easiest to describe.. if you wind up running code from the package as root (quite possible via many other mechanisms), you'll be giving them vast amounts of power regardless of their scripts..
<jacobw> Rootly powers
<luminous> sure
<luminous> but that is why it is good to run your own pkg repos
<luminous> and verify what goes in there
<luminous> except few of us have ever had the time to do it proper like that
<jacobw> I do :D
<luminous> :)
<shauno> hXm: of course.  you can use ip6:2001:db8/32 just as with ip:10.0.0.0/8.  you can also simply add 'mx' so that anything that's returned as an MX is spf-valid
<jacobw> luminous: I import packages from PPAs manually after testing them
<luminous> i'm jealous
<luminous> do you have any handy sciprts that help you with that, and which you could share?
<jacobw> reprepro, mostly, which is quite a common package
<luminous> jacobw: and do you use salt (saltstack.org) at all?
<jacobw> luminous: I use Puppet which has a much larger community
<luminous> ah a puppeteer
<luminous> I used to do so as well
<luminous> I find salt fits my needs, with a MUCH larger feature set
<luminous> larger/more helpful
<luminous> :)
<luminous> either way, thanks for the assistance here
<jacobw> A larger feature set?
<sarnold> "run random command on N machines without a specific recipe" sounds both tempting and terrifying :)
<luminous> jacobw: well, as an example, salt states covers the vast majority of what puppet cna do on its own. you need mcollective to get some of salt's built-in remote execution capabilities
<luminous> sarnold: it's a game changer, wrt how we admin boxen
<luminous> salt-cloud is another game changer, for example
<hXm> shauno: just for understand it, the domain sender, i add it a txt record with this "v=spf1 mx -all" ?
<hXm> or i should add that to the ipv6 who is the smtp server
<shauno> hXm: that'd work, if outbound email only originates from the same addresses as your MX addresses
<hXm> do i need configure something in the server ip?
<hXm> for allow that record
<shauno> should be just that record in dns.  you may find http://www.kitterman.com/spf/validate.html  useful
<hXm> thanks
<hXm> SPF record passed validation test with pySPF (Python SPF library)!
<hXm> did it ok?
<hXm> oh, oh
<hXm> well thanks to you
<shauno> there's two tests there; whether it's syntactically correct, and further down, whether a given address matches it.  you want good news from both
<hXm> yes, i fail the last part
<dewdrop> Hi is there a log file where I can look the server reboot timestamp?
<sarnold> dewdrop: 'last reboot'
<dewdrop> sarnold: perfect, there were 2 reboots done, and it shows both, thanks.
<hXm> ok now google says Received-SPF: pass (google.com domain of test@mydomain designates ip.server as permitted server
<hXm> but the email is still in spam folder
<sarnold> try adding dkim?
<hXm> in the original message google says nothing about dkim, i just sent an email to a hotmail account for see what happen
<hXm> and then recheck dkim
<hXm> hotmail mark as spam too, but it says about dkim=none
<hXm> dkim requires to create _domainkey.<mydomain> and dkim._domainkey.<mydomain> thats all?
<hXm> with the private rsa key generated
<WeThePeople> hi just installed ubuntu-server 13.04 x64 in vbox, how to i connect to it using ssh
<WeThePeople> when i try to connect it says no route to host
<chilicuil> WeThePeople: by default ubuntu-server doesn't install ssh, log in manually and install it, 'sudo apt-get install openssh-server', and later re try
<WeThePeople> chilicuil, that is what i selected to install in the prompt
<WeThePeople> openssh
<WeThePeople> now i am getting connection refused
<three18ti> in the ubuntu "expert install mode" I have the choice between linux-virtual linux-image-virtual kernels. what's the difference?
<three18ti> (virtual server install)
<chilicuil> WeThePeople: enable -v to produce more output, example: 'ssh -v user@machine'
<chilicuil> three18ti: afaik, both of them refer to the same package, but dont take me too seriusly
 * three18ti flips coin
<three18ti> thanks chilicuil
<WeThePeople> im logged in
<three18ti> guess the worst that happens is I have to reinstall :)
<WeThePeople> thanks
<three18ti> hmm... I just did a non "Expert" install and the install went pretty quickly.  I just selected the virtual-image kernel and the install appears to be taking significantly longer.
#ubuntu-server 2013-05-14
<WeThePeople> hi, filezilla wont delete files from the server because of a permissions, how do i access permissions to delete and upload files
<sarnold> WeThePeople: understanding unix permissions is integral to being able to use linux well.. you may wish to study these three quick overviews: http://www.sal.ksu.edu/faculty/tim/unix_sg/nonprogrammers/file_sys/permissions.html http://oldfield.wattle.id.au/luv/permissions.html http://en.wikibooks.org/wiki/A_Quick_Introduction_to_Unix/Permissions
<sarnold> (as a side-note, it's amazing how many 'introduction to unix permissions' don't cover _directory_ permissions, which is just as important as file permissions. sigh.)
<WeThePeople> sarnold, i think i need to chown  /
<WeThePeople> with -R
<patdk-l2> you could, if yo uwanted to totally destroy all permissions on that server
<WeThePeople> ok, is " cd /var/www/ " the correct way to cd dir. in the server?
<WeThePeople> i cant get passed /var
<WeThePeople> into www
<sarnold> WeThePeople: you might want to pastebin the results of ls -ld / /var /var/www /var/www/*  -- and describe what you're trying to do
<WeThePeople> sarnold, i am trying to delete the index.html from /home/var/www/ >>> http://imgh.us/Screenshot_from_2013-05-13_17:31:29.png
<WeThePeople> from filezilla, and am getting permission probs
<WeThePeople> it is a chown issue
<WeThePeople> ok i think filezilla doesnt have the correct permissions then
<WeThePeople> how do i set the permissions for filezilla?
<sarnold> WeThePeople: what account did you use to log in?
<sarnold> WeThePeople: .. and why not just sudo rm /var/www/index.html ?
<WeThePeople> sarnold, i did
<WeThePeople> i am working on a solution to upload now
<sarnold> aha. what user account will you use to upload?
<WeThePeople> what i ssh into
<sarnold> ace?
<WeThePeople> idk what user account
<WeThePeople> yes
<WeThePeople> ace
<sarnold> sudo chown -R ace:ace /var/www
<sarnold> that'll change /var/www and all its child directories to owned by ace
<WeThePeople> sarnold, i did that and still filezilla would not let me delete that file
<sarnold> WeThePeople: really? o_O
<WeThePeople> yes
<WeThePeople> its a command issue in filezilla, its only "ls" listing it
<WeThePeople> sarnold, >>> http://imgh.us/Screenshot_from_2013-05-13_18:15:23.png
<sarnold> WeThePeople: figure out for certain what user account you're using in filezilla..
<WeThePeople> im using ace
<WeThePeople> sarnold, im using ace
<sarnold> WeThePeople: pastebin the ls -ld / /var /var/www  again...
<patdk-l2> really, just add ace to the www-data group
<sarnold> patdk-l2: it was owned root:root before I suggested ace:ace ...
<patdk-l2> oh? odd
<sarnold> patdk-l2: indeed. (not that I like www-data owning files, but I'm sure you're sick of hearing that particular rant :)
<WeThePeople> patdk-12, how do i do that
<WeThePeople> patdk-l2, ^^
<WeThePeople> sarnold, http://paste.ubuntu.com/5663113/
<sarnold> WeThePeople: aha. your chown didn't actually work.
<sarnold> WeThePeople: it's still root:root
<WeThePeople> ah yes i see
<WeThePeople> interesting
<patdk-l2> sarnold, well, www-data owning files depends, but ya
<sarnold> WeThePeople: time to run :) you can either fix things up as patdk-l2 recommends or you can change evreything to be owned by ace. either way.
<WeThePeople> thanks for the help
<sarnold> WeThePeople: just be sure to spend some time with those three introduction to unix permissions I pasted earlier -- knowing how to fix this stuff is important, even if it does take a bit to understand initially...
<sarnold> have fun and good luck :)
<WeThePeople> is it possible to have a gui come up in ubuntu-server
<qman__> WeThePeople, it's possible to install a desktop, but then that's not ubuntu server anymore
<WeThePeople> thanks
<adam_g> zul: http://people.canonical.com/~agandelman/ca/grizzly/python-glanceclient/
<adam_g> jamespage: ^
<_PehdeN_> anyone here
<Corey> Just you.
<_PehdeN_> Good. Error duplicat sources.
<_PehdeN_> lol
<_PehdeN_> I dont remember how to clear the cache I think thats what i need to do
<Corey> ...wat
<_PehdeN_> apt-get cache   or some there was a command that clears the cache
<Corey> Your DNS cache, your disk cache, your web cache, your proxy cache, your LDAP cache, your apt cache, etc...
<Corey> apt-get clean?
<_PehdeN_> right
<_PehdeN_> apt cache
<_PehdeN_> i asked you then remembered man. lol
<_PehdeN_> Can i pm you Corey
<_PehdeN_> or
<_PehdeN_> nvm here > https://pastee.org/h2s23
<_PehdeN_> im lost
<_PehdeN_> thats the only ones that fail, i am not sure what the issue is it seems like everything else tuns smooth
<Corey> _PehdeN_: Your sources list may be nutty, check /etc/apt/sources.list and sources.list.d/ for duplicates.
<_PehdeN_> https://pastee.org/r522g
<_PehdeN_> corey ^
<_PehdeN_> looks like there is something odd here
<_PehdeN_> https://pastee.org/dht4q
<_PehdeN_> the second is sources.list.d
<_PehdeN_> have to love clex right
<alkisg> Hi, server packages are supported for 5 years and desktop packages for 3 years. But how can I find a list of which packages are considered "server packages"?
<railsraider> can anyone help with upstart
<railsraider> i am trying to create an instance
<railsraider> env PIDFILE="/var/www/shared/tmp/pids/resque_worker_0_instance_$ID.pid"
<Jeeves_> alkisg: IIRC, everything in 'main'
<railsraider> but the file being created with the $ID not being parsed
<alkisg> Jeeves_: apt-cache policy kde-l10n-el => main, apt-cache show kde-l10n-el => Supported: 18m
<alkisg> But some packages don't have a "supported" entry in apt-cache show... :-/
<Jeeves_> alkisg: So that's correct then
<alkisg> Jeeves_: so there are packages in main that are supported for 5 years, other packages in main supported only for 18 months, and also some packages don't have a "supported" entry in their control file... ...so I'm at a loss on how to tell which packages are supported for 5 years and which not
<Jeeves_> alkisg: If it's in main, and you're on a desktop: 18m
<Jeeves_> 18m?
<alkisg> LTS desktop packages are supposedly supported for 3 years
<Jeeves_> That's not correct :)
<alkisg> Not for 18 months, although that's what the package says, 18 months
<Jeeves_> Miscalculation on my part
<alkisg> On 12.04: $ apt-cache show kde-l10n-el | grep Supported
<alkisg> Supported: 18m
<alkisg> $ apt-cache show kde-baseapps | grep Supported
<alkisg> Supported: 5y
<alkisg> ...I don't understand the difference there :-/
<alkisg> dpkg -l | awk '/^ii/ { print $2 }' | xargs apt-cache show | grep ^Supported | sort -u
<alkisg> Supported: 18m
<alkisg> Supported: 5y
<alkisg> ...I don't have any package at all that is supported for 3y
<sander^work> How do I make it possible to send mail from my server.. when I have another mail relay server I can point the configuration to?
<Daviey> jamespage: I guess https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r-seeded-qa-workflow needs refreshing?
<maruq> Hi guys
<hXm> hi again
<hXm> can i paste real ips or it is unallowed?
<hXm> http://pastebin.com/LpZFfnRK
<mardraum> hey? here is a real IP - 1.2.3.4
<hXm> mardraum: :)
<hXm> i dont see the probelm
<hXm> the 12345 error is not (i bet)
<mardraum> you have told postfix you are running a milter on localhost:12345
<mardraum> but you are not
<mardraum> fix your config
<hXm> yes, i just did it
<hXm> but thats the reason because i get my emails as spam?
<mardraum> I don't follow what you are getting at, sorry
<mardraum> what exactly is the problem?
<hXm> i have a server with various domains, the main domain is sudoers.so which i use for send emails, conoced.me is an other domain i want to send emails from
<hXm> but when i send emails from conoced.me they are treated as spam
<mardraum> by whom?
<hXm> i send an email from conoced.me trought sudoers.so to librepensamiento.es (which is really a gmail account)
<hXm> just for testing, i dont have more accounts
<hXm> anyway i tried some @gmail.com and i get the same result, is the pastebin
<mardraum> hXm: I don't see any spam problems in the pastebin?
<hXm> either me! but the mail is stored in the spam folder in the gmail
<hXm> instead the normal inbox
<mardraum> try some different text in the email?
<hXm> http://cl.ly/OwHf still
<hXm> oh wait
<hXm> it uses ipv6 now
<hXm> Received-SPF: fail (google.com: domain of testing@conoced.me does not designate 2001:41d0:8:3d62::1 as permitted sender) client-ip=2001:41d0:8:3d62::1;
<hXm> i used telnet this time
<hXm> anyway i added this to the dns  Non-authoritative answer:
<hXm>  conoced.me	text = "v=spf1 a ptr ip6:2001:41d0:8:3d62::1 -all"
<hXm>  conoced.me	text = "v=spf1 a ptr ip4:176.31.118.98 -all"
<mardraum> I don't think submitting an email via telnet is a good test of the gmail spam system somehow
<hXm> is because i dont a client email for this domain
<hXm> sending this email body: hello this is a testing is also treated as spam
<mardraum> I'd treat you telnetting as spam too if I were gmail.
<mardraum> it stinks of some custom code written by a spammer they got to run on a botnet
<hXm> ok so i go to configure a thunderbird for send
<sk1pper> hi all, i am trying to restrict authorized_keys to use just rsync, can someone explain me this line?  command="rsync --server --sender -vlogDtprz . /var/backup"
<sk1pper> actually the --server and the .
<mardraum> sk1pper: man rsync the search for server by typing "/--server", and the . refers to "here", ie, pwd
<sk1pper> mardraum: thanks, is it possible to use to restrict the ssh key to just command="rsync" without any parameters?
<mardraum> sk1pper: authorized_keys has nothing to do with rsync afaik?
<hXm> wait, i cant send emails to internet without tls?
<mardraum> you probably want some sort of restricted shell
<RoyK> sk1pper: rssh
<mardraum> anyway, you seem to be rsyncing inside a system, why not just use cron?
<mardraum> no need to connect remotely to run a local command.
<jamespage> adam_g, reviewed and uploaded - thanks!
<jamespage> zul, oh great "/usr/src/modules/openvswitch-datapath/openvswitch/datapath/linux/datapath.c:65:2: error: #error Kernels before 2.6.18 or after 3.8 are not supported by this version of OpenvSwitch"
<jamespage> saucy #bang
<zul> jamespage:  im lauging so hard that im crying
<jamespage> zul, I'll poke it with 0.10.0 release and see if that fixes stuff
<zul> jamespage:  by the end of the release cycle i can call you a kernel hacker then ;)
<jamespage> zul, I think you could call me that already
<jamespage> had to hack it last cycle as well!
<zul> im going to go get saucy built this morning
<jamespage> zul, 1.10 might not be the right thing todo; 1.9.x is the lts release
<jamespage> I suspect its just a quick patch to fixup the kernel version check
<zul> jamespage:  im sure it is
<swaT30> http://cloud-images.ubuntu.com/releases/ down?
<jamespage> smoser, utlemming: ^^ re cloud-images
<jamespage> swaT30, let me see what I can find out
<swaT30> jamespage: thanks
<jamespage> swaT30, should be back now - was impacted by some datacenter issues earlier today
<swaT30> jamespage: cool, just wanted to make sure you guys were aware
<swaT30> thanks!
<jamespage> swaT30, thanks for reporting the issue - much appreciated!
<swaT30> no worries!
<Daviey> zul, adam_g, jamespage: Who is running servercloud-s-openstack-havana ?
<Daviey> (vUDS session)
<zul> me i think
<jamespage> Daviey, zul is
<jamespage> generally Drafter == Lead
<jamespage> Daviey, we start in just over 1 hour right?
<gyre007> is there any way how you can update all packages BUT ONE...or all but certain group ?
<zul> Daviey/jamespage: apparently i can run the qa session as well
<jamespage> w00t
<patdk-l2> gyre007, make it sticky
<gyre007> patdk-l2: how ?
<patdk-l2> by setting it's priority
<gyre007> so pinning
<gyre007> ?
<patdk-l2> yep
<gyre007> pinning in Ubuntu is UTTER pain
<gyre007> literally
<gyre007> but yeah
<gyre007> thats the option
<patdk-l2> heh? thought it was pretty simple
<gyre007> cheers
<patdk-l2> atleast every time I have done it, it is
<gyre007> patdk-l2: hah! if you have like 6 different PPAs and each provide the same package..different versions etc..
<gyre007> no fun
<gyre007> i had my share of this fun...
<patdk-l2> dunno how that makes a difference
<gyre007> trust me it does ...
<patdk-l2> you increase the prority of the one you want, done
<jamespage> zul, someone already proposed a 3.9 kernel fix upstream - I'll let that land and then pull into saucy
<gyre007> patdk-l2: http://serverfault.com/questions/506772/prioritise-repositories-in-ubuntu/506938?noredirect=1#506938
<patdk-l2> you could always rebuild it into your own ppa, adjusting the version number
<zul> jamespage:  cool
<zul> jamespage:  cmd2 version mismatch with cliff so thats why quantum is failing
<jamespage> zul, great
<jamespage> oh well - it gonna be like this for a bit yet!
<smoser> jamespage, did someone fix ? swaT30 i guess?
<jamespage> smoser, there was a datacenter issue earlier - fixed now
<Daviey> jamespage: kick off plenary starts in 1:54, but i don't think our prescience is required.
<zul> jamespage:  yay we have a clean cinder (no more patches)
<sudobash> has anyone ever setup ubuntu server as a network virus scanner to scan all PC's on a domain plus network shares
<TheLordOfTime> Daviey:  server meeting @ 16:00GMT right?
<TheLordOfTime> server team meeting*
 * TheLordOfTime kicks his computer
<Daviey> TheLordOfTime: Erm, about that.
<TheLordOfTime> Daviey:  cancelled, changed, etc.?
<Daviey> TheLordOfTime: I forgot we canceled it, due to having virtual UDS
<Daviey> TheLordOfTime: Sorry about that.
<TheLordOfTime> Daviey:  no problem, i wasn't up *just* for the server meeting, just making sure of things :)
<TheLordOfTime> Daviey:  TBH I forgot about vUDS o.O
<TheLordOfTime> and that's uncommon since i'm usuallly keeping track of those
<TheLordOfTime> Daviey:  when's the next server team meeting, i assume sometime after vUDS
<Daviey> TheLordOfTime: same time next week
<TheLordOfTime> i'll make sure to be around :)
<sudobash> no idea on a samba / clamav network virus scanner?
<Daviey> Ugh, vUDS times are all out by 1hr.  It's all off by 1hr.
<Daviey> jamespage / smoser ^
<smoser> oh?
<smoser> what now?
<smoser> the schedule is not showing utc you mean ?
<smoser> Daviey, what did you mean
<Daviey> smoser: No, the UTC timings are correct. Many people thought it was starting now.
<smoser> ah.
<TheLordOfTime> Daviey:  got a link to the vUDS schedule?
 * TheLordOfTime can't find it even though he looked
<smoser> http://summit.ubuntu.com/uds-1305/2013-05-14/
<TheLordOfTime> i blame my crappy cache
<TheLordOfTime> smoser:  thanks
<smoser> you can see server/cloud only also
<smoser> go "up" to http://summit.ubuntu.com/uds-1305/
<koolhead17> hello all
<sudobash> guess I have to figure it out myself
<TheLordOfTime> smoser:  i actually was looking for everything, i occasionally attend non-server stuff :)
<TheLordOfTime> sudobash:  we might just be busy and not have gotten around to answering you
<TheLordOfTime> !patience > sudobash
<ubottu> sudobash, please see my private message
<Daviey> rbasak: did you see foundations-1305-checkbox-arm-server ?
<lambdak0re> how I upgrade the driver for HP Smart Array Controller P420?
 * rbasak looks
<rbasak> Daviey: thanks - I'll attend. Not sure why it's in Foundations. I guess there's no specific QA track?
<Daviey> rbasak: QA is EVERY track :)
<koolhead17> hi all
<TheLordOfTime> Daviey:  do we still have the server team mailing address?
<TheLordOfTime> s/address/list/
<zul> jamespage:  interesting in cinder if i do fakeroot debian/rules clean setup.cfg gets blown away
<arosales> TheLordOfTime, were you looking for ubuntu-server@lists.ubuntu.com ?
<TheLordOfTime> probably
<TheLordOfTime> :P
<TheLordOfTime> but i'll wait to the next server team meeting :)
<Daviey> smoser: Have you lower 3rd "How To" handy?
<sudobash> has anyone ever integrated clamav and samba for a network virus scanner?
<hallyn> ppetraki: doe the problem lie in md or in udev?  I wonder if new libudev in saucy is meant to fix that
<ppetraki> hallyn, no, it's just plain incomplete
<ppetraki> hallyn, we use udev to respond to things like lvm, but don't use event driven scanning for any other block devices
<ppetraki> hallyn, once an md array starts, you would have to inspect whatever new disk was hotplugged, determine which array it belongs to and insert it
<hallyn> ppetraki: but where are the races comin from?  who's trigging two device up events?
<ppetraki> hallyn, scsi probe is async, it can scan N buses, the first one can complete before the md scan, the next one can complete a year from now
<hallyn> (this might be better discussed on ubuntu-devel)
<hallyn> and so the dups are for the same device on different channels?
<hallyn> at different completion times?
<ppetraki> let me try my hack first :) http://pastebin.ubuntu.com/5664678/
<hallyn> ok
<ppetraki> hallyn, they are unique devices, on different channels, might as well be different hbas
<ppetraki> hallyn, and they all are required for this RAID 10 I built, sometimes I just get half, other times I don't get enough to start
<hallyn> hm, why the upstart job, as opposed to adding scsi_wait_scan to your initramfs or something?  is there  atrick you're doing there?
<ppetraki> hallyn, mdadm runs as rc.d script, so this should be good enough, or I read it wrong
<ppetraki> hallyn, you're probably right, I should address this in ramdisk
<hallyn> ppetraki: ok - that can be worried about later then, i was just wondering if i was missing something cool
<ppetraki> hallyn, we could make something cool :)
<ahs3> hallyn: a quick ping...is netcf ready for promotion to unstable from experimental yet?
<hallyn> ahs3: I should think so
<hallyn> we've been using it in ubuntu for some time now
<ahs3> hallyn: nod.  now that the Debian freeze is over, i'll likely do that this week
<hallyn> ahs3: cool, thanks
<hallyn> happily, not much going on upstream there for now :)
<ahs3> :-)
<hallyn> (it does what it needs to - /me doesn't enjoy needless churn)
<ahs3> ack
<NginUS> I have 2 LUKS volume groups, OS & cinder-volumes, but only OS prompts for decryption at boot. How do I make it prompt for the other, too?
<pmatulis_> NginUS: why did you not put them in the same volume?  you will need to do it manually, which is not a biggie
<pmatulis_> write a shell script
<pmatulis_> http://askubuntu.com/questions/21025/mount-a-luks-partition-at-boot
<Daviey> adam_g, zul, jamespage: bug 1179750
<uvirtbot`> Launchpad bug 1179750 in python-glanceclient "python-glanceclient requires python-keystoneclient <0.2 but 0.2.3 is installed" [Undecided,Confirmed] https://launchpad.net/bugs/1179750
<Daviey> The latest comment confuses me
<Daviey> is it that glance needs to depend on glanceclient?
<Daviey> but.. surely it would have updated regardless?
<zul> Daviey:  im confused as well ill take a look
<adam_g> Daviey, thats what prompted my question re dh_python2/overrides
<adam_g> Daviey, glanceclient functions fine even with the unsatisfied hard version requirement in requires.txt
<Daviey> interesting.
<adam_g> Daviey, i noticed the same thing yesterday with cinder, which has a requires.txt of paramiko > what is installed. does not error out with the standard distutils errors
<Daviey> adam_g: Have you identified why this passed ok in CI?
<adam_g> Daviey, no, as i said.. none of this is causing any functional errors
<Daviey> :(
<NginUS> pmatulis_: I found it in /etc/crypttab
<NginUS> Why doesn't my WiFi show up after bootup? It's only present if I have the wired connection plugged in at boot, which defeats the purpose.
<adam_g> Daviey, at least not with new installs.t he bug states there is an issue upgrading glance and it not pulling in the correct, newer glanceclient version.
<adam_g> Daviey, that sounds like a legit bug (d/control doesnt specify a version requirement on python-glanceclient)  still doesn't explain why  everything works when requires.txt deps are not satisfied (or overridden in pydist-overrides)
<Daviey> yeah
<pmatulis_> NginUS: nice
<NginUS> I just wish my WiFi would work now
<NginUS> Ok it was the F2 key, on linux you have to reboot after toggling the radio
<NginUS> hooray my WiFi works again
<guma> I am having horrible time enabling multicast (well getting it) on multi home machine. I have both NIC configured as static IP (p4p1 default gateway) and (p1p1 to receive multicast) I added static route "route add -net 224.0.0.0 netmask 240.0.0.0 dev p1p1". AppArmor is disabled (/etc/default/apport) enabled=0. When trying to listen using my app bound to p1p1 I am not getting any mcast data. When running netstat -g I see "p1p1            1
<guma>  224.0.25.67".
<guma> I do not have SELinux installed
<sarnold> guma: apparmor has nothing to do with apport. different tools.
<guma> Also I have another machine with just one NIC connected t othe same router as p1p1 and this machine can get mcast data just fine with same application and settings
<guma> sarnold: ok. So how do you go about finding out what is wrong. I am on 12.10 x64
<sarnold> guma: are you confident you need to be manipulating the multicast routes by hand?
<sarnold> (it's out of my experience either way, but it sounds odd..)
<guma> I am king of out of ideas. Been reading docs and can't find anything. I just moved from CentOS and my app server was working. Well Different Linux...
<guma> sarnold: At this point my confidence is very low :) I am really out of ideas...
<Dandalion> Hi, I'm installing for the first time the server version of Ubuntu onto a Dell Poweredge 840 server, where can I find out if the hardware is fully supported?
<guma> I do not have iptables running....
<guma> Is there a better channel to ask such question?
<RoyK> Dandalion: which ubuntu version? what problems are you seeing?
<Dandalion> 13.04, I haven't installed it yet, I'm just trying to read before I install it since this is my first time installing server.
<Dandalion> Does server have a GUI also or just shell?
<RoyK> Dandalion: servers generally doesn't have a GUI - what's the use?
<RoyK> Dandalion: also, I'd recommend using an LTS release, 12.04, for a server
<Dandalion> I want to create a nagios server
<Dandalion> for my windows domain
<Pici> Just shell.
<Dandalion> in order to monitor our servers and notify me by email when any of them go down
<RoyK> Dandalion: then use LTS, really
<Dandalion> Ok
<RoyK> 13.04 has 9 months worth of support IIRC
<RoyK> LTS is 5 years
<RoyK> Dandalion: that server is pretty old, so it should be well supported. chipset support issues usually happens on newer stuff
<hazmat> smoser, did the jstack stuff ever end up being useful for real ostack dev?
<smoser> no.
<smoser> 3 thigns stop it
<hazmat> smoser, ignoring screen/tmux for the moment.
<smoser> a.) io killed it
<guma> BTW what is the TLS release cycle? When is new TLS release? Just wondering. I am new to ubuntu...
<adam_g> jamespage, i know we're busy but to get a head start on the new cadence:  http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1/ & http://people.canonical.com/~agandelman/ca/folsom/2012.2.4/  i have (quantal, raring)-proposed versions of each, ready to go into queue there as well
<adam_g> zul, Daviey ^
<smoser> b.) openstack componnts (nova and others) expect basically full access to hardware and to kernel (modprobe)
<hazmat> guma, the next LTS is 14.04, the last was 12.04 with 5 years of support, they come out every 2yrs
<zul> adam_g:  ill have a look in a bit about to head into another sessopm
<smoser> so the only way that you could really do this stuff is have the charm declare "I need these modules, and access to these devices"
<smoser> and have juju set that up during deployment
<smoser> anyway...
<guma> hazmat: thanx. is TLS considered more stable for production? Or jsut longer support
<hazmat> smoser, i ask b/c the guy asking about btrfs/juju is apparently trying out openstack w/ local provider juju
<Pici> guma: we're less likely to make crazy decisions during a cycle if we're going to be releasing an LTS
<guma> I see.
<hazmat> guma, fwiw, most people deploy production on LTS.
<hazmat> smoser, thanks
<Pici> My personal servers are running the latest releases, but at work I stick to LTSes.
<guma> Also what solutions (possibly free tools) are available or recommended to stage/update servers to some version or better date. Lest say I have one dev server and two small prod servers. I always want to update dev first and do some testing. That take some time so when ready I would like to update prod to same version/time as dev instead of latest which could be newer at that time.
<RoyK> guma: LTS is rather conservative, when 14.04 arrives, 12.04.x installations won't upgrade to 12.04 with do-release-upgrade until 14.04.1 is released, some months later
<RoyK> guma: meaning it'll be generally safer, although not bulletproof, of course
<guma> RoyK: sure. You talking about major upgrades. I got it. But what about my above point related to apt-get update or distro upgrade
<RoyK> guma: stuff like redhat/centos/scientificliunux is very conservative, so is debian, but then, they lack new stuff added later
<RoyK> guma: generally, an LTS release doesn't add much new, mostly bugfixes
<RoyK> that is, the updates to an LTS release
<guma> RoyK: That is why I am giving a spin :) and see what is going on hee ...
<RoyK> in 12.04.1, a new kernel was added for new installs, though, to add better hardware support for new stuff
<RoyK> guma: I somewhat doubt that machine will have problems running 12.04
<sarnold> guma: you could install without -updates or -security, and then later, install your second system without -updates or -security -- but that feels entirely too conservative to me, you'd probably want at least the security updates, and probably the normal updates as well
<guma> but even bug fixes in system updates could possibly break or uncover my app server updates.
<RoyK> obviously, yes
<RoyK> but that rarely happens
<guma> So what you saying it is "ok" when you on TLS to update to latest even that updating prod TLS might happened little later then initial dev TLS box.
<RoyK> TLS == transport level security, LTS == long term support ;)
<sarnold> guma: that is the goal and so far as I can tell, the reality as well :)
<guma> RoyK: I was looking for some sort of mirroring service or app that can be added to dev box and them prod point to it and update to same version that dev box is. Dev box is also very controlled. So not one is messing with it.
<RoyK> guma: rsync?
<guma> opps LTS :)
<sarnold> oof, rsync feels wrong for that :)
<kermit> should i use ldap or salt for user management?
<RoyK> guma: just don't turn on automatic updates and test on a dev box first. usually that's paranoia, but if you have specialised applications it may be needed
<guma> I never used rsync for that. But I got a bad feeling about it. But then again i like to heat what works and what does not.
<RoyK> guma: what sort of systems do you use on this thing?
<guma> it is a price feed
<RoyK> well, java, php, what?
<guma> C++
<RoyK> then there really shouldn't be a problem. never seen API changes on LTS updates
<RoyK> with php, perhaps, since php is rather slack on version control, but c++? not likely
<guma> ok thanx for info. too bad apt-get does not have option like update to specific date/time
<RoyK> guma: have you experienced apps broken by a an apt-get update?
<guma> so other machiens can be updated to same date/time dropping anything new.
<RoyK> guma: I've been using debian/ubuntu for more than a decade,  and I've never experienced userspace stuff broken by an update that wasn't major (as in do-release-upgrade)
<guma> One while back on CentOS. Well it was really problem in my app. But still found out too late :) That is why I am extra carful now ...
<guma> release upgrades I prefer "full clean reinstall" it is quite quick for me since I keep it to minimum. So that is my preference. Perhaps over kill. But I feel more safe... I just realized how paranoid I am LOL
<hXm> if someone remembers me because im configuring a smtp for life, i just want to say: the main domain can send emails without any spam mark, so im so happy
<hXm> but the second domain is still filtered
<hXm> at this point i just can imagine is a txt record in my dns?
<hXm> btw i configured dkim too
<sarnold> hXm: excellent :)
<hXm> thanks, is a step
<hXm> but i still need send emails from the secondary domain name because is the main project
<hXm> and i still wont think about dovecot and roundcube
<jamespage> adam_g, do you think we should lock step the entry of packages into each pipeline
<jamespage> i.e. the CA package only gets accepted into -proposed once the associated SRU upgrade does
<adam_g> jamespage, i think they should both be uploaded in lock step (to ubuntu queue and CA stagin), and we can use the acceptance into ubuntu -proposed as trigger to promote to CA -proposed.
<jamespage> smoser, do you intend on attending the Kernel topics session in the next slot?
<jamespage> adam_g, agreed
<hXm> does postfix requires a special configuration for multidomains?
<hXm> in $myorigin
<hXm> it only allows one domain tough
<RoyK> hXm: the origin shouldn't matter much - the From: header in the envelope sets that and whatever the MTA does shouldn't be an issue
<hXm> using this tool for the second domain http://www.kitterman.com/spf/validate.html? all tests are ok but i get this
<hXm> Results - None SPF records must start with 'v=spf1' please use the back button your browser and try the Mail From record again.
<hXm> which im not sure if thats an error or just an info, the last message is this HELO/EHLO Results - PASS sender SPF authorized
<RoyK> dunno - try #postfix
<jdstrand> jamespage: fyi, bug #1180084
<uvirtbot`> Launchpad bug 1180084 in nova "nova-conductor should be in main" [Undecided,New] https://launchpad.net/bugs/1180084
<jamespage> jdstrand, gah - yes - of course
<jamespage> I'll sort that out
<jdstrand> thanks
<jamespage> jdstrand, thanks for pointing it out
<jdstrand> np, I was setting up grizzly and couldn't figure out why nova-manage service list wasn't listing compute. bingo :)
<savid> On a standard apache install, are logs rotated by default by apache, or is log rotation handled by another config somewhere else?
<savid> oh, nm. I just saw /etc/logrotate.d/apache2
<wdilly> Hello, I am attempting to have nfs home directories mounted upon users login (users are authing against sun LDAP) I am able to Create the directory using pam module common-session "session required  pam_mkhomedir.so umask=0022 skel=/etc/skel" LDAP works but the NFS mount doesnt work until a restart. I would like it to work without a restart because I am building a private cloud. Thanks so much
<GrueMaster> wdilly: Have you tried autofs?  Bit antiquated, but I use it at home on my network.  works ok.
<wdilly> GrueMaster, I am using autofs.
<wdilly> GrueMaster,  I have elaborated on my issue here:  https://answers.launchpad.net/ubuntu/+question/228898
<wdilly> thanks
<GrueMaster> Not sure why it wouldn't work.  It may be something in your autofs configuration.  Have you tried logging in as a local user (no LDAP) and seeing if you can ls a NFS directory forcing an automount?
 * GrueMaster hasn't setup ldap.  Just a simple autofs for different mirror mount points.
<wdilly> GrueMaster, yes local user automounting works, and it works for the ldap user after restarting the system
<GrueMaster> Are you using nfs4 or nfs3?
<wdilly> GrueMaster, thanks for your help, unfortunately gotta pick kids up
<wdilly> nfs3
<GrueMaster> I'll dig around and see if I can find any solutions.
<wdilly> yhx
<wdilly> thx
#ubuntu-server 2013-05-15
<surjikal> Hey guys, for some reason, my sshd service isn't starting on boot. I see no errors in syslog. I'm able to mount the server's drive onto another ubuntu distro. Is there a way I can make sshd boot on startup by modifying some config file? Alternatively, can I somehow chroot into my mounted drive?
<sarnold> surjikal: check /etc/init/ssh.conf, /etc/init/ssh.conf.override, /etc/default/ssh, /etc/ssh/sshd_config
<sarnold> surjikal: you can chroot into the filesystem with ... drum roll ... cd /path/mounted/filesystem ; chroot .
<surjikal> sarnold, would I be able to start sshd from the chroot?
<sarnold> surjikal: I would expect so, unless your system already has an sshd bound to port 22...
<sarnold> surjikal: upstart has some chroot awareness, it might be worth reading about that a bit before just starting sshd..
<shauno> what am I missing here?  quantum is complaining I haven't specified an sql_connection, but it's right where I expect it to be; http://paste.ubuntu.com/5666366/
<three18ti> shauno, I don't know the application you'
<three18ti> re trying to configure
<three18ti> but the sql_connection
<three18ti> sql_connection = mysql://quantum:quantum@192.168.1.10/quantum_db
<three18ti> doesn't look right to me.
<three18ti> where is the config manual?
<shauno> http://docs.openstack.org/grizzly/basic-install/apt/content/basic-install_network.html  is for a different plugin (ovs), but the same format is used for sql_connection throughout
<three18ti> I <3 ovs
<three18ti> well... it's identical to the manual so... there goes that line of thinking.
<shauno> this "Option 'sql_connection' not specified in any config file" feels like it's not even getting that far, and this config file isn't being parsed
<resno> i have a python process that should always run. if it fails, i want to reboot it. i remember there being an app to handle it... any suggestions
<resno> sysserv or something...?
<resno> daemontools with supervise?
<resno> hmm, theres monit too
<BlackWeb> I'm currently using Ubuntu Server 12.04, Which it use to WOL, But then did a update and it killed the WOL function, Which I have the correct entries in /etc/rc.local & ethtool eth0 shows that its enabled but still nothing Does anyone have any IDeas?
<dfo1981> anyone who can help me with setting up vsftpd ?
<dfo1981> its not so much the setting up vsftpd, its more the user/permission part of logging into vsftpd
<yolanda> Daviey, jamespage, i have several approved MPs for dep-8-tests
<Daviey> yolanda: super, fancy showing me the first one?
<yolanda> https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/postfix/dep-8-tests/+merge/161610
<Enich> I was looking for a solution to unattended installations of mysql and i came across this..  http://stackoverflow.com/questions/7739645/install-mysql-on-ubuntu-without-password-prompt    My question is this.     in question 2, when the person does the sudo debconf ....<<< '.... password'   will that password stay in the debconf-set-selections permenantly or is it a temporary thing.  It might be a stupid question, but i would rather ask then messing stuff
<Enich>  up ..  i was thiking of using the third answer, with the noninteractive, and then instead of doing a mysqladmin thing, then put in the hashed password directly instead of the changepassword option with mysqladmin
<yolanda> Daviey, i submitted all the changes to debian for the approved MP, does it make sense to wait until they are included, or do we incorporate in our packages?
<rbasak> Enich: permanantely, if I understand your question correctly. This is the same as if you had entered in the password by hand on installation. Unless there's a bug, the password is held so that only root can read it, though. This is the same as if you had created a ~root/.my.cnf manually. I think the package might do that anyway?
<Daviey> yolanda: I think it's reasonable for us to do it in parallel with Debian on most packages
<yolanda> ok, so there is the MP for postfix
<Daviey> jodh: Are you sponsoring https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/postfix/dep-8-tests/+merge/161610 ?
<hXm> btw reading the log i got this http://pastebin.com/TgDCVXPf
<hXm> it repeats for a long time
<Enich> rbasak, thanks for the answer..  i wouldnt want the root password floating around in files in plaintext.. even though it might only be readable by root.
<hXm> is someone trying to do something weird or what? and what can i do
<rbasak> Enich: I agree. It's what the package does anyway though, I think.
<Enich> i guess its better having it "float around" less places then.   :)   now for the second question.
<rbasak> Enich: since mysql doesn't present any other way to get to the server AFAIK, and the package does things like certain upgrades for you, I don't think it has any choice. If you try and go against that, test it carefully because I'm not sure if the packaging will break or not (it may be fine - I just don't know).
<rbasak> I just noted in the askubuntu.com answer that using "echo ...|" is bad because it may leave your password in the shell history of the unprivileged user.
<Enich> we really dont want that.
<rbasak> But if you get it into debconf-set-selections securely yourself (eg. in a here doc), you'll get exactly the same result in terms of plaintext passwords floating around as if you had entered it by hand.
<Enich> Would any of you know of application(with scripting support) that would let me connect to a serial interface, and then send ascii strings (i am basically trying to make a script that connects and sends the initial configuration to a device with a serial interface.)
<rbasak> echo "foo" > /dev/ttyS0
<rbasak> With stty first to set the serial parameters up.
<Enich> iv been looking at miniterm.py  cutecom and a few others
<rbasak> Or about three lines of python with the pyserial module
<Enich> /dev/pts/x
<Enich>  rbasak, the echo "foo" > /dev/pts/3   does not work im afraid,  i think i would need a application like miniterm.py, cutecom etc to establish the negotiation etc.
<RoyK> hi all. any idea how to open an ssh tunnel from A to B so that C can reach A through B directly? I'm testing with 'ssh -f -n -N -o ExitOnForwardFailure yes -R 3035:0.0.0.0:22 -D 0.0.0.0:3035 asdf@adsf.karlsbakk.net', but that only makes B listen on 127.0.0.1:3035
<patdk-lap> not sure what -D does for that
<patdk-lap> but it's as simple as, -R localip:localport:Cip:Cport user@b
<patdk-lap> wait, you want to go from C to A
<patdk-lap> you will have to do that ssh from C to B
<patdk-lap> unless you wanted to do that, double-ssh trick to break through nat
<patdk-lap> http://www.howtoforge.com/reverse-ssh-tunneling
<RoyK> patdk-lap: testing...
<RoyK> patdk-lap: so something like ssh -f -n -N -o ExitOnForwardFailure\ yes -R 0.0.0.0:3035:0.0.0.0:22 u@b ?
<RoyK> patdk-lap: tcp        0      0 127.0.0.1:3035          0.0.0.0:*               LISTEN
<RoyK> sitll
<patdk-lap> the first 0.0.0.0 if missing becomes localhost, if you only need to connect from that computer, the second one is the computer the connection should go to (with source b)
<patdk-lap> maybe some ssh option limiting it
<RoyK> GatewayPorts
<patdk-lap> oh wait, I'm thinking -L not -R
<RoyK> GatewayPorts yes helped
<RoyK> patdk-lap: in sshd_config
<hXm> hi
<hXm> how can i disallow postfix for external use
<hXm> i only want from localhost
<greppy> hXm: you could setup firewall rules, or you could configure it to bind to 127.0.0.1
<hXm> it could be in main.cf?
<hXm> talking about postfix
<hXm> ah, inet_interfaces
<hXm> thanks
<NginUS> I'm having trouble with xrdp in that it disconnects me as soon as the desktop loads- right after the kdm splash screen. Anyone have ideas as to a solution?
<lamont> df
<lamont> doh
<RoyK> -bash: doh: command not found
<Nafallo> nafallo@wizard:~$ doh
<Nafallo> No command 'doh' found, did you mean:
<Nafallo>  Command 'dh' from package 'debhelper' (main)
<Nafallo> doh: command not found
<Pici> zsh: correct 'doh' to 'dot' [nyae]?
<zul> Daviey:  ping can we look at dropping Samba 3 in favor of Samba 4
<Daviey> zul: i'd rather we went to samba 5!
<Daviey> zul: it would be good to work out the upgrade path. is smb3 dead upstream?
<zul> Daviey:  no its just everyone is moving to Samba 4 (i think) and good to have active diretory support
<Daviey> zul: for sure, especially before the next LTS
<mardraum> I think "everyone" might be an overstatement; those using samba reliably for simply file/print sharing have work to do
<Daviey> mardraum: do you think smb3 will be supported for the next few years upstream?
<mardraum> for security, yeah
<mardraum> all that said samba4 has been a long time coming, and I bet they want to get it out there...
<Daviey> mardraum: Yeah, I thought it made sense to get it in this release - prior to throwing it into the next LTS release (next)
<mardraum> yeah, that makes sense
<zul> Daviey:  its already in universe at least
<Daviey> mardraum: that said, if smb3 is still OK upstream - we can keep it in the archive
<zul> Daviey:  i would see what slangasek would say though as well
<Daviey> zul: good thinking
<jamespage> plars, ping re http://summit.ubuntu.com/uds-1305/meeting/21806/servercloud-s-seeded-qa-workflow/
<jamespage> first up this afternoon/morning - are you able to attend and join the g+ please
<plars> jamespage: yes, I'm planning to be there, and also pitti and jibel
<plars> jamespage: they are the dep8 test experts :)
<jamespage> plars, marvellous!
<jamespage> thanks
<zul> yolanda:  https://code.launchpad.net/~zulcss/python-swiftclient/pbr/+merge/163949
<zul> yolanda:  https://code.launchpad.net/~zulcss/python-ceilometerclient/ftbfs/+merge/163961
<zul> yolanda:  couple more https://code.launchpad.net/~zulcss/horizon/ftbfs/+merge/163967
<yolanda> python-d2to1? first time i see it!
<yolanda> i see a diff of local_settings.py.example , with only the dir names changed, is that ok?
<yolanda> zul ^
<zul> yeah
<paco1> hello all!
<paco1> if anyone can help me. I have a problem with my servers ldap 2.4.28 > => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994) | conn=-1 op=0: attribute "entryCSN" index delete failure
<paco1> it affects all my ldap servers (15 servers) :s
<paco1> si quelqu'un a une idÃ©e d'oÃº peut provenir le probleme...
<guma> I was asking yesterday about my multicast problem on my new setup 12.10 x64 multi home system. After adding missing static route "route add -net 224.0.0.0/4 dev p1p1" when starting my app server I see in tcpdump that data in coming. But my application does not gets it.
<paco1> if anyone can point me to the right direction to resolve that issue
<guma> So i have another (two) test apps to send and listen using the same socket settings. If I send data from the same box to p1p1 or 127.0.0.1 and listen on the same box it works
<guma> but when I try to send multicast test message from different box my other test app listening on p1p1 does not see that message. but while doing it tcpdump shows such message on the same machine where listener is running on?
<guma> I tried to disable rp_filter and that does not have any affect. Any ideas? Is there some setting in 12.10 that is turned off by default?
<bcessa> hi there, can someone point to a channel where I can ask a bit about x509/ssl? I mean other than #openssl, apparently nobody's there
<smokie> hey guys, is it possible to run weekly backups of a running ubuntu server thats acting as a webserver?
<zul> yolanda:  https://code.launchpad.net/~zulcss/ceilometer/havana-ftbfs/+merge/163992
<guma> Is there something like SELinux on Ubuntu? And how can you turn it off?
<roaksoax> guma: we have apparmor
<sarnold> guma: https://help.ubuntu.com/community/AppArmor
<sarnold> .. I bet that's out of date. heh.
<roaksoax> guma: https://help.ubuntu.com/13.04/serverguide/apparmor.html
<guma> I just found this before your post :). Does this in any way control is app can receive multicast data?
<sarnold> guma: no.
<sarnold> guma: check /var/log/audit/audit.log or dmesg output to see AppArmor DENIED messages
<guma> sarnold: Good idea. Did not think about that. Let me check
<guma> I have no audit I have auth.log only
<sarnold> guma: auditd is responsible for the audit log. if auditd isn't installed, MAC messages go through dmesg/syslog
<guma> sarnold: Ok I did installed auditd. After it was installed I tail -f on audit.log  dmsg and syslog. After starting my app I see multicast coming in tcpdump but my app does not get it. And no messages of any kind
<sarnold> guma: good :) then apparmor isn't involved. :)
<guma> I also disabled apparmor. Perhaps he is responsible to write errors?
<guma> let me enable it back on and try again
<guma> sarnold: Just rebooted system get get it back to initial state. And will try on clean
<guma> sarnold: ok So while tailing on dmsg, syslog and audit logs I did not see any messages when I started my mcast program
<guma> so as you stated it is not apparmor
<sarnold> guma: yeah. sorry, you'll still have to keep digging :(
<guma> if I send test message from same box I can receive just fine. But when coming from another box it is a problem.
<guma> tcpdump shows activity with correct src IP and multicast addrs
<guma> sarnold: I was wondering if there are better channels to ask this? Well I keep digging
<adam_g> jamespage, okay to pull the trigger on these to CA staging and ubuntu -proposed? http://people.canonical.com/~agandelman/ca/folsom/2012.2.4/nova/  http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1/
<sarnold> guma: if you can write a program to reproduce the problem in 30~50 lines of code, stackoverflow.com would be ideal. it might take a bit longer than IRC, but there's plenty of smart folks over there, someone might know what's going on
<guma> sounds like a plan
<Daviey> zul: You are driving the mysql session in 1hr?
<zul> yeah i guess so
<Daviey> jamespage: did we invite any external people to it?
<Daviey> zul: ^
<zul> Daviey:  SpamapS said he was coming
<jamespage> adam_g, grizzly looks OK
<SpamapS> Indeed I should be there
<Daviey> SpamapS: Greta
<Daviey> Great*
 * Daviey struggles to think of SpamapS as external to Ubuntu. :)
<jamespage> adam_g, folsom to - I'm assuming they when through merge proposals first anyway right?
<adam_g> jamespage, yup
<jamespage> adam_g, +1 then
<SpamapS> Daviey: Norvald Ryeng from Oracle will join us too
<Daviey> SpamapS: oh splendid, what is his IRC nick?
<SpamapS> Daviey: ryeng
<SpamapS> Daviey: he might only be on OFTC in debian-mysql
<Daviey> SpamapS: when the time comes, can i give you the hangout url and you pass it to him?
<SpamapS> Daviey: sure.
<Daviey> ta
<dlloyd> hmm mariadb not in ubuntu repos yet?
<SpamapS> dlloyd: no, but packages are nearly done for Debian
<dlloyd> ah, thanks
<SpamapS> dlloyd: undergoing review right now
<dlloyd> ironically this wasnt the channel i meant to ask that in
<dlloyd> but thanks!
<SpamapS> ooohh the irony
<NomadJim> so I've got a silent install of mysql using something like: echo mysql-server mysql-server/root_password select PASSWORD | sudo debconf-set-selections
<NomadJim> and I want to do a silent install of citadel's mail server as well
<NomadJim> where do I look to find the variables to set like "mysql-server/rootpassword select PASSWORD"
<NomadJim> but for citadel
<rbasak> NomadJim: install debconf-utils and then after installation grep the output of debconf-get-selections to see what the config option names are against what you answered.
<NomadJim> so, I install debconf-utils, then install citadel manually, then grep debconf-get-selections
<NomadJim> ?
<rbasak> Right.
<NomadJim> rbasak:  thanks
<rbasak> Doesn't matter if you install debconf-utils at the end; it'll still work.
<NomadJim> cool
<SpamapS> Daviey: FYI, I may be a few minutes late, have an errand to run and not sure it will be completed by 1800 UTC.. will get there ASAP
<rbasak> NomadJim: note that echoing passwords into commands is bad because it may temporarily show up in a ps listing, and may end up in an unprivileged user's shell history file.
<NomadJim> is there a secure way for setting debconf-set-selections
<rbasak> The debconf-set-selections end is secure. It's the echo end that's not necessarily secure.
<rbasak> You can use a heredoc from a script. Then it's down to whether the script can be read by unprivileged users.
<NomadJim> i guess I could put a file on the server i'm deploying
<NomadJim> never heard of heredocs. I'll check that out
<rbasak> Yes - if in a secure file, then "cat /path/to/file|debconf-set-selections" would be secure.
<NomadJim> rbasak:  sweet thanks
<zul> Daviey:  mayhe we should have someone from the security team as well
<rbasak> zul, Daviey: +1
<zul> Daviey:  they are sending two or 3 poeple
 * SpamapS returns in time
<SpamapS> zul: hah, are they bringing torches and pitchforks?
<zul> SpamapS:  perhaps
<hallyn> stgraber: that lxc-alpine patch is kind of scary.  Does a wget $url | tar x > apk; ./apk
<hallyn> stgraber: could you take a look at bug 1176287 when you get a chance, and comment on whether there's anything in the steam-lxc script which woudl cause this?
<uvirtbot`> Launchpad bug 1176287 in lxc "lxc-start: Error creating cgroups" [High,Confirmed] https://launchpad.net/bugs/1176287
<hallyn> oooh, wait, i wonder...
<hallyn> nm, i see the problem the steam guy is having
<nedbat> I have a web server running as www-data.  I want to spawn subprocesses running as user sandbox, and have the sandbox process killed after a certain amount of real time.
<nedbat> I tried spawning the process "sudo -u sandbox blah blah", but then I can't kill the process later.
<sarnold> nedbat: can you start up fastcgi or something similar as your user sandbox?
<nedbat> sarnold: i don't understand how fastcgi would help: the sandbox code is not trying to be a web server.
<sarnold> nedbat: just that it represents a known way for a web server to interact with code potentially running as another user
<nedbat> sarnold: an interesting idea.
<nedbat> sarnold: apart from the web-server nature of the problem, do you know why I can't kill the process, or how I can?
<sarnold> nedbat: one user can't kill another user's processes. root can, so perhaps you could write a setuid program to let you kill processes owned by another user..
<nedbat> sarnold: I'm trying "sudo kill -9 <pid>", and www-data is in the sudoers with: "www-data ALL=(ALL) NOPASSWD:/bin/kill"
<nedbat> sarnold: it feels like I'm missing one small piece of this puzzle.
<sarnold> nedbat: 'kill' is quite often a shell-builtin, try /bin/kill in that command
<nedbat> sarnold: that sounded really good, but doesn't seem to fix it.  Looking some more...
<sarnold> nedbat: anything in the logs?
<nedbat> sarnold: right now I'm testing this in a Python module running unittests, are there system log files you think might have info?
<sarnold> nedbat: sudo will log to /var/log/auth* something at a minimum
 * nedbat looks
<nedbat> sarnold: http://paste.pound-python.org/show/33118/  There's one line there about a failure, I don't know what it means.
<sarnold> nedbat: pam_xdg_support is a pam module to set up all that newfangled /run/user/ business. I'm not sure why'd it happen through sudo, and it probably doesn't affect whether or not this works.
<nedbat> sarnold: and when I run the /bin/kill, I get an exit status of 0, and nothing written to stdout or stderr.
<sarnold> nedbat: is the process dead? :)
<nedbat> sarnold: for the test, the process is just a sleep(5), and it ends naturally after the 5-second sleep.
<sarnold> nedbat: can you change to sleep 20 or something and check?
<nedbat> yes, it's still running.
<sarnold> :(
<nedbat> sarnold: in fact, it's python: "sleep(5); print 'Done'", and I get the Done string on the stdout.
<nedbat> sarnold: i really appreciate you spending time on this.  It seems like it should be possible.
<sarnold> nedbat: indeed, I'd expect that to Just Work
<jdstrand> yolanda: how far along is bug 1089488 to being verified?
<uvirtbot`> Launchpad bug 1089488 in nova "Meta bug for tracking Openstack Stable Updates" [Undecided,Fix committed] https://launchpad.net/bugs/1089488
<arosales> smoser, thanks for the update in bug 1020695
<uvirtbot`> Launchpad bug 1020695 in cloud-init "Add variable for local IP address to /etc/hosts manager" [Low,Triaged] https://launchpad.net/bugs/1020695
<jdstrand> jamespage: ^
<nedbat> sarnold: a new piece of data: the pid I'm trying to kill is not the same as the sleeping process.  Can I kill the process and any that it spawned?
<sarnold> nedbat: ah!
<sarnold> nedbat: look into cgroups
<sarnold> nedbat: that's afaik the only way to track children of a process ..
<jdstrand> Daviey: ^
<yolanda> jdstrand, we've launched some tests in jenkins, tomorrow i'll work more on it and i expect is done
<jdstrand> yolanda: cool, thanks. so, we expect this to be out the door this week?
<jdstrand> (ie, in -updates)
<yolanda> jdstrand, i hope so, tomorrow i'll have more time to work on it
<yolanda> adam_g, what do you think?
<jdstrand> yolanda: I have a keystone CVE I'd like to get fixed that is blocked currently
<jdstrand> but I don't want to reset you work
<jdstrand> s/you/your/
<Daviey> jdstrand: Another one aswell?
<jdstrand> it is the one that came out last week
<adam_g> yolanda, you said you had tests passing with logs. right? should be good to mark verification done
<yolanda> adam_g, yes, latest ones were ok
<Daviey> adam_g: Can you make sure the jenkins results get lots of love?
<adam_g> Daviey, what do you mean?
<Daviey> jdstrand: It's looking close enough that it makes sense to base your update on this stuff.
<Daviey> adam_g: You kicked off a fresh jenkins test for bug 1089488?
<uvirtbot`> Launchpad bug 1089488 in nova "Meta bug for tracking Openstack Stable Updates" [Undecided,Fix committed] https://launchpad.net/bugs/1089488
<jdstrand> ok, cool
 * jdstrand rebases keystone on -proposed
<adam_g> Daviey, yolanda and i have been running tests for whats in precise-proposed, yea
<yolanda> had a problem with floating ips in some run, but today they worked ok
<Daviey> adam_g: perfect, thanks
<yolanda> tomorrow morning i'll take care of the logs and update the bug
<Daviey> yolanda / adam_g: to check, the testing looks good.. we just need to double check the results and update the bug status?
<yolanda> yes, that's it
<Daviey> jdstrand: we look good :)
<adam_g> yolanda, its probably EOD for you soon do you want me to post-back the verification and tags after this session is over?
<yolanda> adam_g, it's ok for me, or i can do it tomorrow morning if that's on time
<K4k> I'm looking for help with using a ks.cfg for automating ubuntu installs. I've got it working fine but I thought that specifying "url --url http://...." would install the packages from there instaed of the CD. Instead, it seems to still be installing from CD. Has anyone got experience with this or know why it isn't installed from the network mirror?
<yolanda> leaving for today, bye!
<nedbat> sarnold: just to close the loop: I got it working by killing the process group, and by using setsid() so that my spawned process was a new process group.  Thanks for the help! :)
<codex> Is there a way to prevent apt-get dist-upgrade from doing a release upgrade?
<codex> I am assuming /etc/update-manager/release-upgrades seeting to 'never' would be it, but not sure
<dpb1> codex: it shouldn't do a release upgrade.  does it?
<codex> dpb1: my 10.04 lts just did to 11.04
<codex> i was under the impression that it shouldn't either
<codex> (ended up running into this: http://aaron-kelley.net/blog/2011/04/grub-prompt-after-upgrade-to-ubuntu-11-04/) which was frustrating
<dpb1> codex: that should not happen unless the /etc/apt/sources.list* files were changed unintentionally ("lucid" -> "natty")
<codex> looking into puppet, it doesn't seem to have been
<codex> i wonder if there was some sort of a bug. I am looking at the log now and it looks like dist-upgrade had >308 packages that could be upgraded
<mdeslaur> dist-upgrade never does a release upgrade unless you changed the sources.list file
<dpb1> so, the only tool that you should run that updates those series names in ubuntu is "do-release-upgrade"
<dpb1> If the series names get updated, then apt-get dist-upgrade will do something like a full update of your distro, but in a non-managed and non-recommended way. if that makes sense.
<codex> yea, that was my impression too. I'll check with someone to make sure they didn't modify the sources, but this was definitely "interesting"
<Lartza> Let's take a default OpenVZ Ubuntu 13.04 install... or even a disc maybe, what is running in Port 53 that answers to UDP?? :/
<sarnold> Lartza: I have no idea where you'd get a "default openvz install", but check for dnsmasq
<Lartza> sarnold, I have a VPS that just got DDOS'ed, and the provider told me it was UDP flood to port 53, but I have nothing installed there, so it must be something default
<sarnold> Lartza: flood -to- port 53? or flood -from- port 53?
<Lartza> sarnold, "it was an udp flood against the port 53 "
<Lartza> So umm :S
<Lartza> Don't know
<Lartza> Do I need anything publicly accessible in 53?
<sarnold> Lartza: only if you're intentionally providing authoritative DNS service...
<Lartza> Yeah I'm not...
<sarnold> Lartza: if you're just providing recursive DNS service on that port, it'd be wise to ensure you only answer queries from your own netblock..
<Lartza> sarnold, It was just a default install from my VPS provider :/
<K4k> after re-mastering an iso and re-creating the iso file with mkisofs, other than unetbootin, is there a way to get the iso onto a usb stick? I tried dd, but that didn't seem to work with the iso formatted in this way.
<sarnold> Lartza: then no, nothing should be bound to port 53. check with sudo netstat -nlup  | grep :53   to see if anything is listening..
<Lartza> sarnold, Just sending another message to support wether they could open the server back up before 24 hours... they nulled my IP
<sarnold> Lartza: ow. do you have console access?
<sarnold> nedbat: hey, glad to hear you found a good solution to killing your tasks :) nice.
<Lartza> serial console from the VPS panel doesn't seem to work
<Lartza> sarnold, It's named
<Lartza> :/
<sarnold> Lartza: ah. I wonder why you're running named.
<Lartza> sarnold, I can't make it stop
<Lartza> Unrecognized service
<Lartza> ahh
<Lartza> bind9
<sarnold> you might wish to just apt-get purge bind9 and make sure that can't happen again
<Lartza> Yeah I will
<sarnold> .. if apt tells you something depends upon it, that might give some insight why it was there in the first place..
<Lartza> Nope
<Lartza> I think I've seen a DNS server on every DNS I've owned...
<Lartza> sarnold, Just checked my smaller, Debian server, named listening there too :)
<sarnold> Lartza: o_O
<Lartza> sarnold, Yeah...
<Lartza> sarnold, Uninstalled bind9 on both servers, now for some sleep since it's 1:53... Thank you for your help :)
<sarnold> Lartza: have fun :)
<RoyK> why do some people use 20 drives in a single raid-6?
<RoyK> oh well, some people like base jumping ;)
<Patrickdk> royk, heh, hp limits me to 16 disks per raid set
<Patrickdk> so max 16 drive raid10, raid6, raid50, ...
#ubuntu-server 2013-05-16
<adam_g> Daviey, 2012.2.4 + 2013.1.1 updates in their respective ubuntu release upload queue  and cloud-archive stagings, waiting for approval
<nicekiwi> can someone help me restart my server?
<sarnold> nicekiwi: normally that's just "sudo shutdown -r now" -- is there something more to it? :)
<sarnold> nicekiwi: .. are you worried that e.g. sshd might not come back up and you'll have to drive to a datacenter?
<nicekiwi> well, the apache server in particular. It keeps saying "Fail" when i restart it
<sarnold> ah :)
<nicekiwi> the error log does not seem to contain useful information
<sarnold> nicekiwi: check /var/log/apache* directories... might be something useful there?
<nicekiwi> unfortunatly not
<sarnold> nicekiwi: can you pastebin how you're trying to restart it, what output you get, and any log messages that might be generated at the same time?
<nicekiwi> the only real error im getting is "[Thu May 16 10:16:11 2013] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)"
<sarnold> aha :) well, it does say 'error' rather than 'warning', might as well assume that's the problem..
<sarnold> nicekiwi: do you expect this server to serve SSL/TLS?
<nicekiwi> yes
<sarnold> nicekiwi: do you have a SSLCertificateFile directive somewhere in the configuration?
<nicekiwi> yes
<sarnold> nicekiwi: does ls -l on that filename look right?
<sarnold> nicekiwi: also check ls -ld on all directories above the file.. perhaps permissions are incorrect on a directory (it can be easy to overlook these..)
<nicekiwi> what should the permissions be?
<nicekiwi> for /etc/ssl/certs/
<sarnold> nicekiwi: for /etc/ssl/certs, root:root 755
<nicekiwi> i mean everything appears correct
<nicekiwi> drwx-xr-x
<sarnold> okay, good
<nicekiwi> sarnold, http://paste.ubuntu.com/5669904/
<sarnold> heh, you're right, not very useful :)
<nicekiwi> yeah :/
<sarnold> nicekiwi: the last two comments here look useful: http://forums.freebsd.org/archive/index.php/t-6561.html
<nicekiwi> hmm.. in both of those they upgraded apche, I havnt changed anything :/.
<sarnold> nicekiwi: it did seem like grasping at straws
<nicekiwi> sarnold, fixed it! :D See point #3 http://imranbhullar.blogspot.co.nz/2012/07/server-should-be-ssl-aware-but-has-no.html
<sarnold> nicekiwi: woah.
<sarnold> nicekiwi: I saw that page and figured the dude couldn't possibly be right...
<sarnold> nicekiwi: thanks :) now I can go to bed happy.
<nicekiwi> lol.. i just opened heaps of sites and that happend to be the first one :P
<nicekiwi> sarnold, yes you can. thanks for your help :)
<sarnold> I wonder how it came that the error message is -so- vastly wrong compared to the cause..
<nicekiwi> yeah :/ not really sure eh
<Daviey> rbasak: thanks for kicking off the thread.
<rbasak> np
<mah454> Hello
<mah454> /etc/shadow is sha-512 or sha-256 ?
<mah454> find ...
<rbasak> mah454: see the crypt(3) manpage, and look up the id in the hash in your shadow file against the table in the manpage. /etc/shadow supports multiple schemes at once.
<Daviey> rbasak: regarding bug 1180094, zul yesterday planned to discuss it with slangasek.. If we need to switch for support in LTS, it would be better to do this cycle IMO.
<uvirtbot`> Launchpad bug 1180094 in samba "Update to 4.0" [Undecided,Invalid] https://launchpad.net/bugs/1180094
<rbasak> Daviey: oh, OK. I didn't realise it was remotely near the cards.
<Daviey> rbasak: Would "Wishlist, Incomplete" make more sense?
<rbasak> Daviey, zul: what's the need to go ahead of Debian here?
<Daviey> rbasak: Well, zul raised it yesterday - and broadly, *might* make sense?
<Daviey> rbasak: I agree about desktop needing to be involved.  At base, it would be good for smb4 to get more exposure *IF* it needs to be standard for the next cycle.
<Daviey> But then, smb3 might still be ok for LTS.. so i don't know.
<rbasak> AIUI, samba4 is useful for server people wanting to emulate AD. For this use case, the samba4 packages are available.
<rbasak> AIUI, samba3 is fine for everyone else, but perhaps I'm mistaken.
<rbasak> Oh. Upstream list 4.x as current stable.
<Senor> what is the relation between ubuntu and debian ?
<rbasak> Senor: good question! http://askubuntu.com/questions/1336/how-is-ubuntu-different-from-debian has some answers if that helps you.
<rbasak> SpamapS: ^^ some nostalgia for you perhaps? :)
<Senor> rbasak:I am trying to implement one game server on linux , which distro is the best ?
<rbasak> Senor: Ubuntu Server, of course. What a silly question! :)
 * rbasak notes that this is the #ubuntu-server channel, so answers here might be a bit biased.
<Senor> is ubuntu distro open source ?
<rbasak> Senor: essentially yes, with the exception of restricted and multiverse (like non-free in Debian). See: http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-archive.html#s-ulp for details.
<RoyK> Senor: yes
<RoyK> Senor: or what rbasak said
<Alina-malina> Hello all! Is there any mail caching server. For example the office has a very low  internet connection, but the workers sending e-mails so e-mails go very slow and the most of the time workers have to wait for the process rather then typing e-mails. How it is possible to make work with yahoo, gmal and other e-mail services? So the workers submit their e-mails to that server, and server during 5-6 hours login to their accounts an
<Alina-malina> d send
<Alina-malina> those messages?
<Alina-malina> anyone?
<Alina-malina> Do i need a separate caching computer to chache the stuff there and execute with queue?
<caribou> Daviey: Hi, just saw your update of the rsyslog SRU being blocked by another inflight SRU (from stokachu)
<caribou> Daviey: anything that must be done ?
<Alina-malina> do i need a proxy caching serve?R How it works?
<Senor> RoyK: I have installed ubuntu 10.4.2 server ,but why no step for password root?
<Senor> and no root account
<RoyK> Senor: because root normally don't have a password, login as your own user and run sudo -i
<Daviey> caribou: Well the other SRU needs verification, that would help unblock it :)
<caribou> Daviey: ok, I'll coordinate with Adam
<Daviey> caribou: Thanks muchly
<Senor> RoyK:That is ok!
<Senor> RoyK:Is ubuntu server the best for deploying my gameserver?
<RoyK> any linux distro should work
<RoyK> up to you
<Senor> which kernel version ubuntu server 10.4.2 is using ?
<RoyK> Senor: 10.04.4 runs 2.6.32-38-server - you should upgrade to at least 10.04.4 (apt-get dist-upgrade), or perhaps to 12.04
<Alina-malina> Hello all! Is there any mail caching server. For example the office has a very low  internet connection, but the workers sending e-mails so e-mails go very slow and the most of the time workers have to wait for the process rather then typing e-mails. How it is possible to make work with yahoo, gmal and other e-mail services? So the workers submit their e-mails to that server, and server during 5-6 hours login to their accounts an
<Alina-malina> d send messages? Or do i need some webcaching proxy server? Are those secure? What is the secure webcaching server if any exist that can handle my request?
<Daviey> Alina-malina: If the user wants to use gmail, yahoo or other WEB UI - it is not a good idea to interfere.
<Daviey> Alina-malina: if they are using a local mail client, such as thunderbird or outlook - you can help.
<Alina-malina> Daviey, maybe i should put a separate computer and route the traffic to it and that machine queue the requests and send during some hours like?
<Daviey> caribou: If you can get Adam's verified today - we can get yours in to proposed today
<Daviey> Alina-malina: right, that is something you can do.  But only smart for IMAP or Pop3 and smtp
<caribou> Daviey: won't both fixes interfere ? I suppose that my SRU don't have Adam's patch
<Alina-malina> Daviey, how i can do that? Is there any manuals? i never did anything like that before, i just have imagination:)
<Senor> RoyK:  Does debian branch  from ubuntu ?
<RoyK> Senor: no, it started with debian
<Senor> RoyK: where can I get the distro's source code ? include login relevent programes .
<Daviey> caribou: Your update does include Adam
<Daviey> 's, no?
<caribou> Daviey: lemme check
<Daviey> caribou: The idea is that Adam's can be released to updates, and yours can then enter proposed.  Currently proposed is blocked with Adam's
<Daviey> Alina-malina: I'm sorry, I am unable to spend the time helping atm
<caribou> Daviey: yeah, but if mine doesn't have Adam's patch, there's no point into getting it into proposed. I should rework mine
 * caribou goes to check his
<rbasak> Senor: I suggest you ask in #ubuntu for questions that aren't server-specific. I think there are more people there who will be able to help you.
<Daviey> caribou: http://pb.daviey.com/zCDO/
<Alina-malina> Daviey, what is atm?
<Daviey> Alina-malina: At The Moment
<Senor> rbasak:oh,yes
<caribou> Daviey: yep, the Raring one does. I don't know if Adam's patch applies to Precise but I think it does
<Daviey> caribou: Ah, i only looked at the Raring candidate so far
<caribou> Daviey: ah, ok.
<RoyK> Senor: apt/get source packagename
<Senor> RoyK:qpt-get source ubuntu?
<RoyK> Senor: no, linux distros consist of thousands of packages, each for a program or set of programs. those you can apt-get source
<Senor> how canI config my source get  mirror   ?
<Daviey> Senor: There is a bit of an expectation that you do some searching yourself for answers, and using this channel to help fill in the gaps.
<yolanda> Daviey, is ok that i start packaging testlib to reuse that on our dep-8-tests?
<Daviey> yolanda: super idea
<Daviey> adam_g: I accepted your openstack uploads, but at least one will be superseeded today - so you'll need to rebase
<adam_g> Daviey, i only saw the quantal-proposed get accepted. did the raring-proposed go in as well?
<Daviey> adam_g: will be shortly
<BlueShark> Hi,
<BlueShark> I'm trying to set up OpenVPN on my Debian VPS. I followed the instructions on http://aahank.com/2013/debian-ubuntu-vpn-server/ . But when I try to do "/etc/init.d/openvpn start", it's giving the error "Starting virtual private network daemon: filmygirl failed!". What could be wrong?
<BlueShark> This is what I found when I did "grep ovpn /var/log/syslog" : http://pastie.org/private/i7ljwz8qidykztwai2nkuq . But I can't figure out what's wrong. Could someone help?
<rbasak> BlueShark: 503 Service Unavailable when I look at that pastebin. Try another one - eg. paste.ubuntu.com?
<megha> do vmware, kvm, qemu works flawlessly with ubuntu ?
<megha> because in arch linux i am fed up of config things after each kernel upgrade.. :(
<megha> is that the case with ubuntu too ?
<yolanda> jdstrand, i verified SRU this morning, and updated the related bugs
<rbasak> megha: KVM Just Works for me. I can't speak for VMware.
<megha> rbasak: kvm works flawlessly ?
<rbasak> megha: for me, yes.
<megha> it good than...
<jacobw> Nothing works flawlessly
<megha> rbasak: what should be my ideal choice ubuntu server or ubuntu-desktop..
<megha> jacobw: yeah you are right...
<jacobw> It depends what issues you have with Arch that you don't want to have with Ubuntu
<megha> but frequent probs is not a good sign...
<jacobw> What's your use case?
<megha> i am coding for Freebsd, so i need to run it in KVM  and qemu. as i would be testing for different platforms..
<megha> jacobw: in arch linux a new kernel version in 15 days, and i have to config and install modules again. that's waste of time, when you have limited time left in your hand..
<jacobw> OK, then you'll want to run a VM on your desktop
<rbasak> For coding, I'd use desktop with libvirt and virt-manager. Though virt-manager doesn't anything close to the snapshot UI that VirtualBox has.
<jacobw> Arch is rolling release whereas Ubuntu isn't, the breakages with Arch are a consequence of the rolling release scheme
<jacobw> Lot's of developers use Vagrant
<jacobw> * Lots
<jacobw> https://github.com/xironix/freebsd-vagrant/blob/master/README.md
<megha> jacobw: that link is really cool..
<megha> should i switch to virtualbox from vmware.... as i never have used virtualbox before..
<jcastro> ubuntu will still rebuild the kernel modules on upgrade
<jcastro> it's automatic though
<jcastro> it's about an extra minute when the package is upgraded on my machine
<megha> jcastro: :)
<jacobw> megha: Vagrant is pretty awesome
<megha> yeah..
<jdstrand> adam_g: arg, bug #1179626
<uvirtbot> Launchpad bug 1179626 in quantum "Meta bug for tracking Openstack 2013.1.1 Stable Update" [Undecided,Fix committed] https://launchpad.net/bugs/1179626
<jdstrand> adam_g: I'm trying to get keystone and nova out
<adam_g> jdstrand, go for it. ill rebase on you, those were just accepted to proposed today
<jdstrand> adam_g: ok, keystone already has it: 1166670
<jdstrand> so that will only be nova
<jdstrand> adam_g: you could get ahead of it and just apply https://github.com/openstack/nova/commit/a4fc0c800502338e4530cad910efb64a5483e1ea
<adam_g> jdstrand, you're planning on releasing them as security updates based on whats in -updates currently, right?
<jdstrand> adam_g: for raring, it is based on 1:2013.1-0ubuntu2
<jdstrand> adam_g: for precise, I based keystone and nova on -proposed and am waiting on the packages to migrate since they are now verification-done
<jdstrand> adam_g: so I'm suggesting you just apply https://github.com/openstack/nova/commit/a4fc0c800502338e4530cad910efb64a5483e1ea to 1:2013.1.1-0ubuntu1 and reupload
<adam_g> jdstrand, right, we will. but that patch is going to go out as a security update in the meantime based on 1:2013.1-0ubuntu2?
<jdstrand> adam_g: that was my plan, yes
<jdstrand> adam_g: so I do my thing, you cherrypick that patch for -proposed and we're both good
<adam_g> jdstrand, okay. ill rebase on your update when its out, to preserve changelog history and patch references
<jdstrand> that'll work too
<adam_g> jdstrand, thanks for keeping us posted (yesterday, too)
<jdstrand> adam_g: np
<jdstrand> adam_g: well, some goes for quantal: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1179707/comments/7
<uvirtbot> Launchpad bug 1179707 in quantum "Meta bug for tracking OpenStack 2012.2.4 Stable Update" [Undecided,Fix committed]
<jdstrand> adam_g: (but it is both nova and keystone that need updates)
<adam_g> jdstrand, k thanks
<jdstrand> adam_g: yesterday I thought it was implied that me trying to get an update out for precise meant that quantal and raring were needed to. I'll try to be more explicit next time
<jdstrand> (sorry)
<Daviey> jdstrand: Don't worry, i already briefed adam_g with the expectation we'd need to rebase these recent ones
<jdstrand> :)
<Daviey> At least i thought i did..
<mdeslaur> So, what's the status of md in precise...is it working ok now? I have two mirrored sata disks running 10.04, and was holding off upgrading...
<K4k> Is there a way, perhaps through editing isolinux/gfxboot.cfg to remove the language prompt and install/try screen from the install CD?
<sarnold> K4k: investigate preseed files
<K4k> sarnold: That's what I'm working on now, I've created a preseed that automates _everything_ but the language select prompt before I select the preseed boot option for install
<K4k> none of the locale or language d-i settings seem to affect it, only thing I've found so far is something mentioning hacking up gfxboot.inc but I'm not building this on an ubuntu or debian system so I don't have access to that tool.
<mojtaba> Hi, Does anybody know how can I make a full backup of my server with rsnapshot? (I mean databases, files, emails, ...)
<RoyK> mojtaba: I don't use rsnapshot, never had, but if it does an rdiff/rsync backup, it should work. but what database(s)?
<mojtaba> RoyK: mysqls
<mojtaba> RoyK: The problem with rsync is that I must use sudo
<RoyK> mysql should be dumped regularly - backing up mysql data files may lead to inconcistency
<RoyK> so if you dump the mysql dbs and backup the dumps, it shouldn't be much of an issue
<RoyK> postgresql is better in most ways (tm)
<mojtaba> RoyK: Actually I am pretty new to linux and this is my first time I am going to backup in this way.
<mojtaba> Can you help me to figure it up.
<RoyK> mojtaba: see mysqldump - dump the mysql databases somewhere and backup the dump files
<RoyK> as in
<RoyK> mysqldump --all-databases -uUSER -pPASSWORD > /var/backup/mysql-`date -I`.sql
<RoyK> or something
<RoyK> add that to cron
<mojtaba> what does dump do exactly?
<mojtaba> RoyK:
<RoyK> mojtaba: it dumps the whole database(s) to SQL code so that it can be recreated easily - try it on a test db
<K4k> meh, setting the isolinux.cfg timeout to 1 works well enough. I still get the prompt but it skips it faster than someone can react in order to change it.
<mojtaba> RoyK: ok, thanks.
<Black_Knight> roger
<resno> RoyK: do you have to stop mysql or can you dump  and keep moving?
<RoyK> no, it needs to be running
<resno> lol
<resno> wow, i asked that question
<resno> thats not how i meant it
<resno> ill justleave it there though
<RoyK> you can't dump a mysql db without the DBMS running :P
<resno> maybe i can the db binaries?
<RoyK> no reason
<RoyK> just dump the db while it's running
<resno> no, im just being silly
<bcessa> hi, just a doubt, can you recommend an available open source alternative to the landscape service? thnx
<hallyn> stgraber: heh, you know, I *do* have an error_string in the lxc_container struct since day 1.  just never got around to using it yet :)
<stgraber> hallyn: ;)
<hallyn> anyway got shutdown and stop converted, will do destroy and create and send off
<Rick28> Hey. I want to mount one folder from server A at server B. There should be read/write access just like a usual folder. What is the best protocol / FS for this? Are there better options than WebDAV?
<sarnold> Rick28: investigate nfs and cifs
<Rick28> Thanks sarnold.
<Rick28> sarnold, What would you prefer? nfs or WebDAV for non sensitive big data transfer.
<Rick28> over the net
<sarnold> Rick28: I'd prefer NFS, it does a better job of providing posix-style filesystem gaurantees
<Rick28> thanks
<sarnold> Rick28: cifs if I had to work with windows-like systems too
<dewdrop> Hi I am root, can I login to a user who doesn't have shell access?
<dewdrop> sudo su username says shell access is not enabled for the user. There must  be a way root can login into a suer right
<sarnold> dewdrop: if 'sudo -u name -s' doesn't work, 'sudo -u name bash' should work..
<ScottK> sudo -i then su name should work too.
<dewdrop> sarnold: thanks, 'sudo -u name -s' works
 * fortmac is away: I'm busy
<nsahoo> hi. /boot ran out of space. I tried to remove the old kernels using dpkg directly. However, now I am getting some dependency error and can't fix it.
<nsahoo> it's asking me to run apt-get -f install, which fails saying, "dpkg: dependency problems prevent configuration of linux-server"
<sarnold> nsahoo: when /boot is full, I think removing one or two kernels by hand _before_ removing them by dpkg is the best approach..
<nsahoo> sarnold: after removing using dpkg, i freed some space. Now it's failing because of some dependency issues. Let me post a paste bin link
<nsahoo> here is the paste bin link
<nsahoo> http://pastebin.com/LRQ2QNwt
<nsahoo> some more information : http://pastebin.com/Nn2ELaMP
<jdstrand> adam_g: fyi, nova and keystone published for precise-raring
 * jdstrand -> out
<GrueMaster> nsahoo: Have you tried running "sudo dpkg --configure -a" ?  It might help to fix this.
#ubuntu-server 2013-05-17
<tohuw> Where can I find the authoritative documentation on creating a service in Ubuntu Server 12.04? Related: should I be creating the service as an "upstart" service? This isn't clear to me.
<sarnold> tohuw: hopefully useful: http://upstart.ubuntu.com/cookbook/
<sarnold> I don't know if it is The Definitive Source, but it sure is useful :)
<tohuw> sarnold: Thank you, I'll read through this.
<sarnold> SpamapS: hey, your @canonical.com is still on the header at http://upstart.ubuntu.com/cookbook/   :)
<SpamapS> sarnold: there's a bug link at the bottom... ;-)
<sarnold> SpamapS :)
<Senor> I am trying to deploy one web server cluster , can I put the shared mem-cache on one single server ?
<Daviey> jamespage: Hey, do you fancy merging the nova and keystone security uploads into the pending SRU ones.. or shall we wait for adam_g ?
<jamespage> Daviey, I'll take a look in a bit
<Daviey> jamespage: ok, we should push out the sec uploads directly to the UCA.
<jamespage> Daviey, agreed
<rurufufuss> hi guys, I can't seem to do ./somelocalbinary even though its in my path
 * koolhead17 pokes Daviey 
<rurufufuss> anyone?
<jamespage> Daviey, keystone point release already includes the security fix
<jamespage> so do I just need to document that in the changelog? I guess so
<Daviey> jamespage: Probably fair to merge changelogs and make comment to it, without using valid LP synatx.
<Daviey> so, SRU orig changelog, jdstrand's then your brief message with LP: FOO ?
<jamespage> Daviey, okay
<jamespage> Daviey, "Make sure both public and admin API work with 1-way ipv6 & SSL. ... SKIP: Eventlet doesn't support IPv6, lp 1176204"
<uvirtbot> Launchpad bug 1176204 in keystone "keystone ipv6 tests fail" [Undecided,Fix committed] https://launchpad.net/bugs/1176204
<jamespage> thats going to be an issue
<jamespage> (for our IPv6 testing plans that is)
<Daviey> jamespage: I'm not sure it is
<Daviey> I saw that go past, and discounted it as we are focusing on floating ip ipv6 this cycle, rught?
<Daviey> right*
<jamespage> Daviey, maybe
<jamespage> yeah - I guess thats enough
<Daviey> jamespage: There is a partial patch for eventlet ipv6
<Daviey> it was on bitbucket, but they moved to github(? or somewhere), and lost the bug history
<jamespage> Daviey, moved on github somewhere
<Daviey> jamespage: can you review this please? Folsom CA + Security update, http://pb.daviey.com/7sc7/  (quantal-updates -> folsom CA, http://pb.daviey.com/2yV8/)
<jamespage> Daviey, so the security update will pull in the new point release as well?
<jamespage> is that what we did in distro?
<Daviey> and for giggles, *.changes http://pb.daviey.com/tNAr/
<Daviey> jamespage: No
<jamespage> Daviey, duh - yeah - sorry getting my point releases confused
<Daviey> yeah, it's a little confusing - which is why i wanted a double check :)
<jamespage> Daviey, the changes needs -v2012.2.3-0ubuntu2 I think
<Daviey> hm
<Daviey> Ah yes
<Daviey> good catch
<jamespage> omg the keystone test suite takes some time
<koolhead17> jamespage: what is missing? Some new dep got added :P
<jamespage> koolhead17, nothings missing I think
<koolhead17> jamespage: happy to hear that :)
<Daviey> jamespage: pushed to -staging, when it's published - can you review into -proposed & fire off a jenkins job?
<Daviey> (keystone & nova for folsom and grizzly)
<Daviey> Oh curse.
<Daviey> keystone_2013.1-0ubuntu1.1~cloud0.dsc: Version older than that in the archive. 1:2013.1-0ubuntu1.1~cloud0 <= 1:2013.1.1-0ubuntu1~cloud0
<jamespage> Daviey, yeah
<jamespage> I thought that might happen
<jamespage> you'll need to drop it from the PPA first
<Daviey> just did
<jamespage> Daviey, the reprepro sync from the proposed and staging ppa's will work OK with this right?
<jamespage> (I think it will - reprepro does not work quite like PPA's)
<jamespage> Daviey, OK - I've uploaded a rebased keystone for raring; just testing nova now
<Daviey> jamespage: it will at least work to -updates
<Daviey> as it isn't published there
<Daviey> jamespage: (we might need to go straight to updates, is what i think you are saying)
<jamespage> Daviey, I think it will be OK via proposed
<jamespage> Daviey, hmm - I just spotted a potential issue
<jamespage> not sure how much of a problem it actually is
<jamespage> Daviey, we don't push the new point releases into dev prior to SRU
<jamespage> which I think makes sense (as dev will shift to havana)
<jamespage> but we are in that pre-first milestone phase with upstream right now
<Daviey> jamespage: I am not terribly concerned by that TBH
<jamespage> Daviey, OK - nova/raring also rebased and re-uploaded
<Daviey> jamespage: if you want to upload it there aswell, i wouldn'tgrumble
<jamespage> Daviey, I'll do the same for folsom now
<Daviey> jamespage: where did you upload?
<jamespage> Daviey, raring-proposed
<Daviey> ok, cool
<Daviey> jamespage: Security uploads re-done to staging
<jamespage> Daviey, okies
<jamespage> Daviey, keystone/quantal-proposed uploaded; just waiting on nova/quantal tests to complete
<jamespage> Daviey, I think we need a less awkard way to deal with security fixes into the UCA
<jamespage> Daviey, like the security team do we should have XXX-security PPA -> XXX-updates
<jamespage> bypassing -proposed and avoiding all this deleting package non-sense
<Daviey> jamespage: that sounds a good idea
<Daviey> jamespage: preparing the updates is quite gentlemanly now
<Daviey> jamespage: folsom-security-staging ?
<jamespage> Daviey, yeah
<jamespage> Daviey, OK - nova/quantal-proposed uploaded as well
<jamespage> I updated the lab branches with the revised changelogs
<jamespage> yolanda, care to review -https://code.launchpad.net/~james-page/ceilometer/refresh-patches/+merge/164341
<jamespage> ta
<yolanda> sure
<yolanda> jamespage, we will be adding mongo as default?
<jamespage> yolanda, no
<jamespage> Daviey, OK - this sucks as for some reason the tooling is still seeing the old source packages in the staging PPA
<Daviey> jamespage: might need to wait for the publisher?
<jamespage> Daviey, maybe
<Daviey> +----------+-----------------------------------------------------+----------+
<Daviey> | package  | staging                                             | proposed |
<Daviey> +----------+-----------------------------------------------------+----------+
<Daviey> | nova     | 2012.2.3-0ubuntu2.1~cloud0                          | None     |
<Daviey> | keystone | 2012.2.3+stable-20130206-82c87e56-0ubuntu2.1~cloud0 | None     |
<Daviey> looks right to me?
<jamespage> Daviey, the grid is OK but when I query the changelog it brings back the most recent versioned one
<Daviey> ah
<Daviey> indeed
<Daviey> jamespage: I suspect this is a bug in LP tbh.
<jamespage> Daviey, I think its just the changelog retrieve bit; the copy-package call under the hood appears todo the right things
<jamespage> Daviey, trying now - it will send the wrong email content but I can live with that for the time being
<Daviey> jamespage: hmm
<Daviey> wait a min
<jamespage> Daviey, I think I see the problem in the code as well
<Daviey> jamespage: It grabs the Publication by name
<jamespage> Daviey, yeah - it does not include the version
<jamespage> [0] is latest normally - which in this case is incorrect
<Daviey> yeah
<Daviey> We know the version, so matching on version should do the trick... i'd think
<Daviey> jamespage: I'd argue that LP isn't DTRT here, as the original version is no longer Published.
<jamespage> Daviey, OK -  I have a fix for the tool
<Daviey> super
<jamespage> version=XXX on getPublishedSources
<jamespage> I'll sync up the grizzly security fixes to proposed now
<jamespage> Daviey, okies - that is working
<jamespage> tooling pushed
<jamespage> I also added the security-staging -> updates workflow
<jamespage> Daviey, hmm - lab seems unhappy
<Daviey> jamespage: unhappy?
<bjf> jamespage, bug 1164739
<uvirtbot> Launchpad bug 1164739 in linux "Can not mount cephfs in VM from cloud image" [Medium,Fix committed] https://launchpad.net/bugs/1164739
<bjf> jamespage, is that something you could verify as fixed?
<bjf> smoser, ^ ?  (i see you have comments on that bug)
<ak5> hi guys, do you know how I can get mod_proxy_fcgi for apache?
<smoser> bjf, i'll get that done.
<bjf> smoser, awesome
<TheLordOfTime> ak5:  i believe there's a package to install it...
<TheLordOfTime> but i might be wrong
<ak5> TheLordOfTime: I see, I just reralized I am in apache 2.2
<TheLordOfTime> that might be the problem
<ak5> are there repos for 2.4 for 12.04 ?
<TheLordOfTime> ak5:  i dunno, but i don't use apache so... xD
<ak5> nginx then?
<TheLordOfTime> yep i'm an nginx user :P
<TheLordOfTime> ... that reminds me... note to  self: push patch to nginx devel branch ppa...
<TheLordOfTime> ak5:  you could always search "apache 2.4 ppa ubuntu" and see what comes up on google
<TheLordOfTime> you might find a PPA for it.
<TheLordOfTime> but...
<TheLordOfTime> ~ppa
<TheLordOfTime> erm
<TheLordOfTime> !ppa
<ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
<TheLordOfTime> ^ that
<uvirtbot> TheLordOfTime: Error: "that" is not a valid command.
<TheLordOfTime> shut up uvirtbot
<jamespage> Daviey, dunno - I know adam_g and smoser where working on some sort of issue yesterday
<ak5> http://ubuntuforums.org/showthread.php?t=2011603 <- this doesn't look very promising
<Daviey> jamespage: ah ok
<Daviey> they should be here soon
<smoser> jamespage, we're closer
<TheLordOfTime> Daviey:  about the nginx support thing, would the mailing list be a good place to start the discussion, or should I wait until Tuesday?
<TheLordOfTime> i ask because Tuesday's election day where I am, and I might be busy
<TheLordOfTime> (and might miss the server team meeting :/)
<ak5> How do backports work? I uncommented them in sources.list, now I apt-get update'd
<ak5> now will it just install all kinds of backports on upgrade?
<ak5> or do I need to choose specific ones
<ak5> /s/need/can/
<TheLordOfTime> ak5:  what version of ubuntu are you on
<ak5> 12.04
<ak5> TheLordOfTime: ^
<TheLordOfTime> i believe the policy is written that unless you specify the package from backports it won't install from backports
<TheLordOfTime> but i can't be certain
<TheLordOfTime> but i'm not certain, since if I want something from backports i usually dump it into a PPA of my own
<ak5> TheLordOfTime: ok, then how do I search backports?
<TheLordOfTime> ak5:  if you're looking for backported apache 2.4 there is none
<ak5> TheLordOfTime: jesus
<ak5> from source it is I guess
<TheLordOfTime> ak5:  not everything get's backported
<TheLordOfTime> ;P
<ak5> this seems like so big of a deal
<rbasak> apache 2.4 isn't in Ubuntu at all. In Debian it's in experimental.
<rbasak> Presumably because of the wheezy freeze.
<rbasak> When was 2.4 released as stable upstream? I wonder if we should sync 2.4 from experimental, but it's quite an involved package, there may be upgrade path issues and I'm not sure it's worth going out on a limb for that.
<rbasak> Oh and I guess we have a delta to forward port too.
<patdk-wk__> well, in itself, using the debian package worked well for upgrade
<patdk-wk__> but attempting to sync in all the other packages, like php and all the modules, become a real pain
<patdk-wk__> I put 2.4 in a ppa for me to play with over a year ago
<Daviey> TheLordOfTime: mailing list is always a good place :)
<patdk-wk__> hmm, I have apache 2.4 for 12.04 in my ppa :)
<patdk-wk__> the real question is, why are you looking for apache 2.4?
<patdk-wk__> if it's for pci compliance, your solving this the wrong way
<patdk-wk__> I have had soo many emails asking about my apache 2.4 ppa cause of people attempting to solve pci issues
<rbasak> patdk-wk__: that's interesting. Why does using < 2.4 cause people PCI concerns?
<patdk-wk__> it shouldn't :)
<patdk-wk__> the issue is, the pci compliance companies do scans
<patdk-wk__> and to be quick and efficient, they only check the version of the software in use
<patdk-wk__> they don't check if you patch it for known CVE's
<patdk-wk__> therefor you always fail, unless you have the latest version, and you have to file a report to them, showing the ubuntu CVE patchs made to your version
<patdk-wk__> so when they get the failure report, and it says, fixed in apache 2.4, they attempt to install that :) instead of knowning that the version they have is already fixed
<rbasak> Oh I see - thanks
<zul> uh we just had an earthquake tremors
<rbasak> zul: nothing on http://earthquake.usgs.gov/earthquakes/map/
<zul> rbasak:  dude my house was shaking :)
<zul> like 2 minutes ago
<rbasak> Computer says no :-P
<patdk-wk__> zul, could easily be mining operations
<patdk-wk__> road construction, ...
<zul> rbasak:  https://twitter.com/CANADAquakes
<zul> no it was an earthquake
<zul> Automatic detection of seismic event: magnitude 4.8 - 17 May 9:43 EDT - BRAESIDE, ON region
<vlad_sta_> Hello everyone.
<vlad_sta_> Need emergency help with recovering RAID1 on Ubuntu 12.04
<vlad_sta_> Having 2 RAID1: md0 and md1
<vlad_sta_> 1 disk was down few hours ago
<vlad_sta_> The file system became read-only
<vlad_sta_> cat /proc/mdstat
<vlad_sta_> Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10]
<vlad_sta_> md0 : active raid1 sdb1[1]
<vlad_sta_>       975296 blocks super 1.2 [2/1] [_U]
<vlad_sta_>       
<vlad_sta_> md1 : active raid1 sdb2[1]
<vlad_sta_>       975653696 blocks super 1.2 [2/1] [_U]
<vlad_sta_>       
<vlad_sta_> unused devices: <none>
<vlad_sta_> then I made  mdadm --assemble -scan -v
<vlad_sta_> and mdadm -A --scan
<vlad_sta_> after that
<vlad_sta_> cat /proc/mdstat
<vlad_sta_> Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10]
<vlad_sta_> md126 : active raid1 sda1[0]
<vlad_sta_>       975296 blocks super 1.2 [2/1] [U_]
<vlad_sta_>       
<vlad_sta_> md127 : active raid1 sda2[0]
<vlad_sta_>       975653696 blocks super 1.2 [2/1] [U_]
<vlad_sta_>       
<vlad_sta_> md0 : active raid1 sdb1[1]
<vlad_sta_>       975296 blocks super 1.2 [2/1] [_U]
<vlad_sta_>       
<vlad_sta_> md1 : active raid1 sdb2[1]
<vlad_sta_>       975653696 blocks super 1.2 [2/1] [_U]
<vlad_sta_>       
<vlad_sta_> unused devices: <none>
<vlad_sta_> Where the md126 and md127 appeared from?
<vlad_sta_> This is not my raid as I only had md0 and md1
<RoyK> !pastebin | vlad_sta_
<ubottu> vlad_sta_: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<vlad_sta_> Sure. Sorry about that
<RoyK> vlad_sta_: doesn't look too good
<RoyK> I'd say, first run smartctl -x on /dev/sda and /dev/sdb
<RoyK> pastebin that
<RoyK> !pastebinit | vlad_sta_
<ubottu> vlad_sta_: pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
<RoyK> vlad_sta_: looks like it's rather confused - md126-127 is apparently the other side of the mirror
<vlad_sta_> http://pastebin.com/mLgtWEvD
<vlad_sta_> RoyK: Could you guide me a bit about how serious is this problem and what are the first aid here?
<RoyK> vlad_sta_: check the drives first. something has happened. you shouldn't just assemble a raid if a drive is kicked out
<RoyK> btw, pastebin dmesg output
<vlad_sta_> smartctl -x /dev/sda
<vlad_sta_> bash: /usr/sbin/smartctl: Input/output error
<rbasak> jamespage: bug 1181135 - looks like he's using the quantal HWE stack on Precise. Is our position that he needs to downgrade to the 3.2 kernel if he wants to build open-vm-dkms?
<uvirtbot> Launchpad bug 1181135 in open-vm-tools "open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/1181135
<vlad_sta_> dmesg
<vlad_sta_> Traceback (most recent call last):
<vlad_sta_>   File "/usr/lib/command-not-found", line 21, in <module>
<vlad_sta_>     from CommandNotFound.util import crash_guard
<vlad_sta_> ImportError: No module named CommandNotFound.util
<vlad_sta_> Error in sys.excepthook:
<vlad_sta_> Traceback (most recent call last):
<vlad_sta_>   File "/usr/lib/python2.7/dist-packages/apport_python_hook.py", line 66, in apport_excepthook
<vlad_sta_>     from apport.fileutils import likely_packaged, get_recent_crashes
<vlad_sta_> ImportError: No module named apport.fileutils
<vlad_sta_> Original exception was:
<RoyK> !pastebin | vlad_sta_
<ubottu> vlad_sta_: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<vlad_sta_> Traceback (most recent call last):
<vlad_sta_>   File "/usr/lib/command-not-found", line 21, in <module>
<vlad_sta_>     from CommandNotFound.util import crash_guard
<RoyK> vlad_sta_: stop spamming!
<vlad_sta_> ImportError: No module named CommandNotFound.util
<vlad_sta_> oops too much
<vlad_sta_> RoyK: absolutely sorry about that
<RoyK> vlad_sta_: generally, more than 2 lines should go to pastebin
<RoyK> I guess you'll have to reboot that thing
<RoyK> try 'reboot'
<vlad_sta_> RoyK: I got it first time you pointed me. This time was a mistake
<vlad_sta_> reboot
<vlad_sta_> bash: /sbin/reboot: Input/output error
<RoyK> if that doesn't work, press and hold alt+sysrq (print screen) and type S U B while holding
<vlad_sta_> RoyK: I have remote KVM there, but I'm on Mac and don't know where is sysrq
<rbasak> jamespage: it might be an idea to document this on https://wiki.ubuntu.com/Kernel/LTSEnablementStack too
<RoyK> vlad_sta_: then 'echo s > /proc/sysrq-trigger'
<RoyK> then echo u .. then echo b
<RoyK> as above
<disposable> does anybody run a mdraid-1 array of Samsung 840PRO? what speeds are you getting?
<RoyK> vlad_sta_: in the state it's now, echo b > /proc/sysrq-trigger should do
<vlad_sta_> I made remotely by ssh echo s > /proc/sysrq-trigger && echo u > /proc/sysrq-trigger && echo b > /proc/sysrq-trigger
<vlad_sta_> after that I lost connection to the server
<RoyK> yes
<vlad_sta_> oh rebooting
<vlad_sta_> fine
<RoyK> b is reboot
<vlad_sta_> RoyK: this magic is awesome. Don't know what it was
<RoyK> vlad_sta_: http://en.wikipedia.org/wiki/Magic_SysRq_key
<RoyK> vlad_sta_: so, did it boot correctly_
<RoyK> ?
<vlad_sta_> No
<vlad_sta_> How can I paste image here?
<RoyK> !imgpaste
<RoyK> hm. dunno
<RoyK> !screenshots | vlad_sta_
<ubottu> vlad_sta_: Screenshots can be made with the [PrtScr] button. Want to show us a screenshot of your problem? Upload an image to http://imagebin.org/?page=add and post a link to it.
<vlad_sta_> http://cl.ly/image/1W1k2v3e2O1e
<RoyK> try rebooting into single
<vlad_sta_> http://cl.ly/image/1r0r2V432u3o
<RoyK> type exit
<RoyK> default config in ubuntu is for some moronic reason not to boot correctly if a raid is degraded
<vlad_sta_> To be clear, config is 2 HDD + RAID1 + encryption + LVM
<RoyK> shouldn't matter
<vlad_sta_> RoyK: the reason is that raid is encrypted. I had the same result when I was installing this server and testing how raid works. I set explicitly to load in degraded mode, but 12.04 LTS has a kinda bug with that (as read in forums)
<vlad_sta_> RoyK: rebooting in single (recovery) mode
<RoyK> works for me, though
<vlad_sta_> RoyK: what version is your ubuntu?
<RoyK> lots :)
<vlad_sta_> Lucky you then :-)
<RoyK> but typing exit from the recovery prompt should make it boot normally
<vlad_sta_> the same thing
<vlad_sta_> it waiting for encryoted and busybox then
<vlad_sta_> while loading it showed error reading ata2 drive
<vlad_sta_> I'll reboot and try to screenshot it
<RoyK> probably a bad drive, then
<vlad_sta_> RoyK: I think it could be that
<RoyK> well, that's why you're using raid, isn't it? ;)
<vlad_sta_> Sure!
<RoyK> anyway - whatever you have on top of the md raid shouldn't matter
<vlad_sta_> http://cl.ly/image/2Q2O2i2w113a
<vlad_sta_> RoyK: ok. I'm just newbe to Raid and just started digging deeper inside Linux (reading huge book now)
<RoyK> ok
<RoyK> for linux raid specific stuff, it's sometimes easier to get good answers on #linux-raid
<vlad_sta_> RoyK: Thanks a lot!
<vlad_sta_> Could you recommend some other good channels on linux and related?
<RoyK> not sure - it all depends what you want to know. there are hundreds
<jamespage> rbasak, otp right now - give me 10 mins
<rbasak> np
<vlad_sta_> RoyK: I'm not ready to answer this question right now
<vlad_sta_> RoyK: so I have to go to obtain new hdd and then goto data-center...
<RoyK> it should be possible to boot the system with one drive in that mirror
<vlad_sta_> RoyK: so having looking to the last boot screen, what do you think had happen?
<RoyK> just did a wee test on a raid test vm on precise (12.04), set boot_degraded=on and removed a drive, dd'ed a bunch of zeros on it and rebooted
<RoyK> came up
<vlad_sta_> RoyK: If it possible it would be awesome. Currently the system falls down to busybox (initramfs)
<RoyK> type exit
<RoyK> it should continue
<vlad_starkov> oops timeout
<vlad_starkov> RoyK: http://cl.ly/image/1B1U42450j2T
<resno> im tryin to write a bash script to capture the hostname - HOSTNAME=`hostname` isnt working
<resno> i also tried "`hostname`"
<RoyK> resno: just tried HOSTNAME=`hostname`; echo $HOSTNAME
<RoyK> works for me...
<resno> hmm, then ive done something else wrong
<hXm> i have many /usr/sbin/apache2 -k start process, are normal?
<RoyK> hXm: no
<RoyK> hXm: pastebin 'ps axf'
<hXm> http://pastebin.com/cBPUVDbx
<RoyK> oh
<hXm> the tclsh script is allowed, the SCREEN too
<RoyK> those are ok
<RoyK> it's just apache starting a some listening processes
<hXm> ah
<resno> RoyK: i missed typed the variable lol
<resno> mistyped*
<RoyK> ;)
<hXm> good, thanks
<RoyK> hXm: apache normally starts a few processes to balance incoming requests
<hXm> ah ok, so i dont scare
<RoyK> if traffic grows, the number of processes will grow, and then lessen again if traffic decreases
<resno> as long as apache isnt going "crazy"
<RoyK> resno: never seen that ;)
<resno> havent seen it today ;)
<RoyK> resno: what do you mean "go crazy"?
<resno> when to many people hit it and it makes more processes then the machine can handle
<resno> default installation with little tinkering of workers
<resno> and the machine just doesnt kill them off as it should
<RoyK> resno: if you have low memory, reduce MaxClients in the apache config
<RoyK> resno: it's not apache's fault, it's the admin's fault, as usual ;)
<resno> but of course
<resno> im a admin learning as i go :)
<resno> i've tested my setups enough to realize a few tweaks to make apache not kill a server
<mndo> hi, does kvm support cpu hotplug?
<RoyK> mndo: afaik, no
<RoyK> mndo: there's been some talk about it, but I don't think there's anything there yet. try #virt @ OFTC.net
<patdk-wk__> I can't remember if the linux kernel supports cpu hotplug even
<RoyK> patdk-wk__: it's been supporting cpu hotplug for a decade or so
<RoyK> http://www.linux-kvm.org/page/CPUHotPlug
<patdk-wk__> ah, like memory, still need to online them manually
<RoyK> should be doable with some kvm guest utils
<patdk-wk__> I wonder if a udev rule could be made to bring hotplug memory/cpu online automatically
<patdk-wk__> ok, udev rules work to online cpu/memory on add, seems to work good, as long as the memory hotplug module is loaded before you add ram
<krababbel> Hi, can I upgrade using apt-get upgrade, so that also recommended packages are installed? They are left out and --install-recommends won't work on upgrade it seems.
<Pici> krababbel: Why do you think packages are being left out?
<patdk-wk__> krababbel, no you can't
<patdk-wk__> the whole point of upgrade is NOT to install new packages
<krababbel> Pici: I tried aptitude before, but didn't install, just looked in the list it would install. I showed packages which would be recommended after the upgrade, which would not be installed by an apt-get upgrade.
<krababbel> patdk-wk__: OK, I see.
<patdk-wk__> you need dist-upgrade to install new stuff, but not sure if you will have the *same* issue still
<Pici> krababbel: 'upgrade' will never install new packages, only new versions for existing packages.
<patdk-wk__> upgrade will only upgrade things that don't need new items :)
<krababbel> Thanks, I will try dist-upgrade too.
<patdk-wk__> I don't believe dist-upgrade will, but it solves half the issue :)
<patdk-wk__> I purposely don't install recommended packages for many things, cause I don't want them
<patdk-wk__> and dist-upgrade doesn't bring them in
<patdk-wk__> but probably an option to do that
<Pici> You can just re-do an install and include --install-recommends there.
<krababbel> OK, thank you for your help. :)
<jamespage> rbasak, OK
<jamespage> rbasak, there are lot of those on 12.04 with the enablement kernel
<jamespage> (s)
<jamespage> the DKMS modules package should be fixed to work with the newer versions - that what we did with ovs and iscsitarget
<hallyn> stgraber: if you're not playing with the staging tree right now, i coudl quickly revert, add your ack, and push --force
<stgraber> hallyn: not playing with it, so if you want to add the ack, go ahead
<hallyn> k done
<olivier_bK> hi
<rbasak> jamespage: OK, thanks. Presumably using the original kernel, if possible, is a suitable workaround then?
<jamespage> yes
<rbasak> Got it.
<jamespage> I think there is a segment of users who want todo this sort of stuff who don't really need the HWE kernels
<jamespage> they should stick on 3.2 IMHO
<patdk-wk__> I have attempted to upgrade to the newer kernel on a few vm's, so that I could get the newer network stack, as it helps a lot
<patdk-wk__> but open-vm-tools dkms breaks badly doing that
<patdk-wk__> haven't revisited since that failed attempt
<rbasak> jamespage: some discussion of DKMS and HWE in #ubuntu-kernel atm
<rbasak> jamespage: http://paste.ubuntu.com/5674611/
<rbasak> jamespage: 17:57 <rbasak> openvswitch is probably the module that we care about the most. I'll ask jamespage about it.
<zul> adam_g: derp https://code.launchpad.net/~zulcss/cinder/cinder-ftbfs-pbr/+merge/164464
<rbasak> jamespage: you should probably read the #ubuntu-kernel logs when they appear. And lurk there, too :)
<rbasak> Sorry if I confused matters.
<zul> adam_g:  fixed
<foxbuntu> anyone in here got much experience with ZFS?
<foxbuntu> got an issue with trying to expand zfs pool/fs on top of a hardware raid5 that has been expanded (JBOD isnt an option because of the controller)
<foxbuntu> ...and cant remove the disk from the raid5 now
<RoyK> foxbuntu: has the raid capacity been extended?
 * RoyK knows a wee bit about zfs
<irv> any easy way to unencrypt a home dir?
<irv> done using the installation time encryption
<RoyK> irv: rsync -avPHA /somewhere/else # ;)
<irv> ahh that's what i figured :P
<irv> kk
<irv> spinnin up a new vm now
<irv> :D
<foxbuntu> RoyK, yes, the raid5 logical volume has been extended
<foxbuntu> RoyK, so we went from 3tb to 4tb
<RoyK> virtualization is the new thing! I mean, IBM hasn't been doing it for more than three decades ;)
<RoyK> foxbuntu: zpool set autoexpand=on
<RoyK> iirc
<sarnold> RoyK: but they cheated, they designed their chips to be virtualizable without any extra hassle. :)
<foxbuntu> RoyK, then just export/import? or is it all automagic?
<RoyK> should be no need for export/import
<RoyK> try zpool list
<foxbuntu> RoyK, cool, thanks. I will give it a shot
<zul> adam_g:  ping it got resubmitted to the right branch can you have a look please?
<RoyK> foxbuntu: any luck?
<balloons> so forgive me because it's friday afternoon here, but I seem to remember something about the ubuntu cloud images no longer being produced. Is this correct?
<sarnold> balloons: timestamps still look new: http://cloud-images.ubuntu.com/
<foxbuntu> RoyK, havent had a chance to test it yet...gotta try off hours...
<balloons> sarnold, ty :-)
<vlad_starkov> RoyK: Hello again! I changed faulted HDD to the new one and partitioned it as it should be: 1GB boot,raid + 999GB raid. No file system formatted.
<RoyK> vlad_starkov: perhaps something borked in the encryption part
<RoyK> dunno
<JoeyJoeJo> If I build a kernel and some modules on one machine how can I package it all up into a deb file for redistribution onto different machines with the same hardware?
<sarnold> JoeyJoeJo: investigate the kernel-package pacakge.
<JoeyJoeJo> thanks
<vlad_starkov> Question: mdadm. I'm in initramfs shell. I just successfully launched recovery process. No it's about 10% done. Can I type exit and reboot to normal system and be sure that everything will be recovered properly?
<vlad_starkov> Question: can anyone explain me how it is possible that after I changed faulty HDD in my RAID1 and launched recovery process, after system boot I have clear system with no software and my data like?????
<RoyK> vlad_starkov: what do you mean?
<vlad_starkov> RoyK: I have a server with 2 HDD built to RAID1+encryption+LVM. One HDD was failed. mdadm was shoing that raid is stopped. I changed it with the new one and reassembled the raid. After that mdadm showed that raid is active and new hdd is recovering now.
<vlad_starkov> I reboot to normal mode and I see there is no software
<vlad_starkov> actually there is only 1 user of several that system was supported before disk fail
<vlad_starkov> I can't understand what's going on....
<vlad_starkov> RoyK: As I think the system should boot normally OR do not boot at all.
<RoyK> vlad_starkov: seems to me you had a faulty array in the first place
<vlad_starkov> RoyK: hmmm....
<vlad_starkov> how to check it?
<RoyK> vlad_starkov: I guess it was dead for some time and that the data resides on the other drie
<phillw> Hi good people, do you have a zsync link for 12.04.2 ? I'm struggling.
<RoyK> drive
<vlad_starkov> RoyK: this looks the most reasonable cause of the problem...
<RoyK> vlad_starkov: try to remove the other drives and boot on the old one
<RoyK> vlad_starkov: I've seen similar stuff happening before, but not on linux
<vlad_starkov> RoyK: the recovering process is still on. I think of this strategy: remove old drive from the server. One more time repartition the new drive that I installed after raid failure. Then clone the drive, that I removed initially and thought that IT WAS failed, to external disk. Then put it back to the server and reassemble the array.
<RoyK> vlad_starkov: try booting on the old drive first
<RoyK> if the data is there, the new stuff won't matter
<RoyK> make a backup, as in copying it to somewhere else, and fix the mirror
<RoyK> don't try to do magick with the existing stuff
<vlad_starkov> RoyK: what is the better way to make backup from old drive?
<vlad_starkov> RoyK: Can I "hot swap" a regular HDD by unplug it from motherboard cords and then plugin another HDD? Is it fine for working server?
<RoyK> if the drivers support it, yes
<RoyK> SATA is hotplug by design
<RoyK> vlad_starkov: but in your case, better reboot into the old drive
<RoyK> you can't hotswap mounted filesystems on single drives
<vlad_starkov> RoyK: I'd like to make a backup copy of the old drive before recover the RAID
<vlad_starkov> RoyK: I mean boot with USB flash (Ubuntu Live) and hot swap disks
<RoyK> vlad_starkov: raid isn't backup
<RoyK> keep that in mind
<RoyK> backup your data to something and then try to recover the raid
<vlad_starkov> RoyK: Yep, it's like insurance
<RoyK> no, it's not, backup is insurance
<RoyK> or the step before it
<RoyK> raid is like safety belt
<vlad_starkov> RoyK: I have free healthy HDD that i'd like to use to clone old disk to it. And then begin recovery process
<vlad_starkov> if recovery fail the old disk for some reason, I'll have cloned disk
<vlad_starkov> RoyK: nice
<vlad_starkov> RoyK: I made a short script that I used to successfully launch recovery process. Did I miss something? http://pastebin.com/irJ3JxFU
<RoyK> I wonder why you should need that
<RoyK> md devs are automatically assembled
<RoyK> except nested ones, a bug
<RoyK> see bug 1171945
<uvirtbot> Launchpad bug 1171945 in mdadm "Nested RAID levels aren't started after reboot" [Undecided,Confirmed] https://launchpad.net/bugs/1171945
<vlad_starkov> RoyK: On Ubuntu 12.04 Server md devs don't automatically assemble after fail if md is encrypted
<phillw> secondary server for 12.04.2 is now mirrored at http://phillw.net/isos/ubuntu-server/
<vlad_starkov> RoyK: When I make sudo ddrescue -v /dev/sda /dev/sdb it says  Output file exists and is not a regular file. Use `--force' if you really want to overwrite it, but be  aware that all existing data in output file will be lost.
<vlad_starkov> RoyK: should I add -f key?
<sarnold> vlad_starkov: do you truly intend to overwrite the hard drive /dev/sdb and not just make a new file in the filesystem that is already on /dev/sdb?
<vlad_starkov> sarnold: oh. sure I do
<vlad_starkov> thanks!
<sarnold> vlad_starkov: then go for it :)
<vlad_starkov> sarnold: cloning...
<vlad_starkov> sarnold: Don't you know, Ubuntu determine the drive name (sda,sdb,sdc...) just randomly and it doesn't bounded to SATA port on motherboard?
<vlad_starkov> RoyK: it's cloning 1Tb... for the moment, I'd like to thank you for your help and advices. It was extremely helpful for me.
<sarnold> vlad_starkov: this is currently under discussion: https://lists.ubuntu.com/archives/ubuntu-devel/2013-May/037084.html
<sarnold> vlad_starkov: but I believe the current behaviour will be retained for the time being...
<vlad_starkov> For the moment there is no errors while cloning.... It will be funny if I've removed the wrong drive initially)
<sarnold> hehe, "funny" :)
<vlad_starkov> sarnold: so the current behaviour is like a just wrote above?
<sarnold> vlad_starkov: as I understand it, yes; /dev/disk/* has 'stable' names available..
<vlad_starkov> sarnold: mmmm, I didn't understand then
<sarnold> vlad_starkov: ls -l /dev/disk/by-id/ will explain :)
<vlad_starkov> sarnold: ok then
<vlad_starkov> Am I right thinking that instead of doing md array recovering, I can just clone current disk to another and plug it in?
#ubuntu-server 2013-05-18
<qman__> no
<qman__> even though the disks in a mirror contain the same user data, they are not the same disk
<qman__> the metadata will be wrong and it will rebuild anyway
<vlad_starkov> Nice article about choosing hard drive http://www.directron.com/howtochoosha.html
<vlad_starkov> qman__: oh I see, thanks!
<vlad_starkov> So what is more reliable: SSD or HDD?
<qman__> neither is particularly reliable
<qman__> if you care about your data, implement a good backup system
<qman__> and, the old addage is true: raid is not backup
<qman__> raid is there to possibly prevent you from needing your backup, but it doesn't replace it
<vlad_starkov> Question: what is the best strategy to scheduled replace all old hard drives for multiple servers with RAID1? For the moment, I think we need 2 planned maintenances: first â remove 1 of 2 existing drives and add new drive so md will recover data on the new drive; second â removing second old drive and add new one instead, so md will recover data on it from the previous new drive. So that system will have 2 completely new
<vlad_starkov> drives.
<qman__> that's a good strategy
<vlad_starkov> qman__: OK
<butchlugrod> back up early, back up often, back up off site.
<qman__> it has the benefit of that first-removed drive being a backup copy
<qman__> if your hardware supports it, there is a third option
<qman__> add your disks to the existing mirror without removing the old ones
<qman__> then remove the old ones after the resync
<vlad_starkov> But I'm wondering when md starts recovering process, may I use the server? Or it is better to unplug it from network and let md finish recovering?
<vlad_starkov> qman__: you mean 3 drive slots on a single system?
<qman__> the recovery process happens in the background and does not require downtime; that said, if your system is on the raggedy edge in terms of performance, you may slow down beyond the point of workability
<qman__> actually I mean 4, but yes
<vlad_starkov> qman__: for these servers we have only to slots and they're not removable
<qman__> in a raid 1 you can add as many mirrors as you want
<vlad_starkov> qman__: really?
<qman__> so adding 3 or 4 mirrors, then removing the old ones, is a valid strategy too
<vlad_starkov> I didn't know that
<vlad_starkov> qman__: how the system know what to recover if at the beginning of recovery process the MyFile.doc was 15 pages book, and then I turned on my server in degraded raid mode so recovering could proceed in background, and then when system done recovering this MyFile.doc for 50% (theoretically) I saved new version of that file, that contains 30 pages and different content of some paragraphs in the first 3 pages. How system knows w
<vlad_starkov> hat is the valid version of MyFile.doc for the moment?
<qman__> vlad_starkov, it updates it on the fly
<qman__> how exactly it does this is a bit voodoo magic to me, but it automatically handles writes while resyncing
<vlad_starkov> qman__: OK np
<vlad_starkov> Want to read a good book about raid and related
<vlad_starkov> Some stat on cloning 1TB SATA2 drive: from 0 to first ~400GB the speed was ~ 86Mbyte/sec. Now it's 485GB and speed is ~77Mbyte/sec
<patdk-lap> qman, it's very simple
<patdk-lap> when you write, it writes
<patdk-lap> no vodo needed
<patdk-lap> when you read it will limit reads from the good drive, till it's done
<qman__> that works on a raid 1, but how it does it on a raid 5 or 6 is still a bit confusing
<patdk-lap> ya, it bitmap tracks it
<patdk-lap> that was going be my next saying
<patdk-lap> vlad_starkov, you know harddrives start fast, then get upto like 1/3 their speed at the end?
<patdk-lap> if it starts at 120mb/sec, you can expect 50mb/sec at the end of the disk
<vlad_starkov> patdk-lap: I didn't
<patdk-lap> heh?
<patdk-lap> you have never seen a harddrive benchmark ever in your life?
<vlad_starkov> I noticed that but never know that it's normal behaviour
<qman__> it's because the beginning of a hard drive is at the outside edge of the disk
<qman__> which, by the nature of rotation, is capable of a much faster speed than the inner edge
<patdk-lap> http://img40.imageshack.us/img40/5864/hdtuneproahcibenchmarkv.png
<vlad_starkov> 514GB done, speed is ~74MByte/sec
<qman__> optical discs are set up the opposite way
<qman__> with the start on the inside, working out
<vlad_starkov> A century study
<patdk-lap> ever since they switched form constant sectors per track
<vlad_starkov> What about SSD?
<patdk-lap> ssd's don't normally rotate
<vlad_starkov> ))
<qman__> they're just flash chips
<qman__> should be a flatline
<patdk-lap> well, if it was ram it would be
<patdk-lap> flash is on page/block issues, for writing
<patdk-lap> for reading, it's just how many chips you have
<vlad_starkov> So when manufacturer specify read/write timeout, speed and so on, is it an average value or what?
<patdk-lap> depends what value your looking at
<patdk-lap> avgerage latency, is just that avg
<qman__> they would normally publish both
<patdk-lap> speed, will be max
<patdk-lap> if you notice you get basically max speed for half the disk
<patdk-lap> so if you shortstroked the disk 50% :)
<qman__> it's actually a common tactic
<qman__> well, was, before SSD
<vlad_starkov> the hdd technology now seems so old...
<qman__> if you needed faster disks but didn't need the space, just make your partitions small at the start of the disk
<qman__> stay within the high range of speed and reduce latency because you're only seeking over part of the disk
<vlad_starkov> What max sizes of disks Ubuntu supports?
<vlad_starkov> qman__: I see. Good trick
<qman__> now you just buy SSD because it's almost an order of magnitude faster and seek times are nonexistant
<patdk-lap> hmm, for 64bit? something like pb's per disk
<patdk-lap> for ext4? we still at 16tb cap? for ext4tools?
<qman__> yeah, the software is way ahead of the hardware on that one
<qman__> nah
<qman__> ext4 is something like 8eb
<patdk-lap> no
<qman__> ext3 is 16TB
<patdk-lap> ext4 could do it, but the tools couldn't
<patdk-lap> so it wasn't possible to format it
<patdk-lap> atleast when 12.04 came out
<vlad_starkov> so RAID 10 of 16TB is ok for Ubuntu 12.04?
<qman__> yes, no problem
<qman__> and even if you can't go bigger with ext4, there's still xfs
<vlad_starkov> 16Tb with ext4 or ext3?
<qman__> yes
<patdk-lap> both
<vlad_starkov> nice
<patdk-lap> just the ext lib needs to be fixed up in order to format bigger, was the issue
<patdk-lap> I haven't looked back into that isuse for awhile
<patdk-lap> mainly cause I've gone zfs
<qman__> should be straightforward, I'd be really surprised if it isn't fixed yet
<vlad_starkov> don't know is it reliable to build raid 10 of 4+4 drives. Chances that more than one will fail
<patdk-lap> I have a few 30+tb ntfs volumes
<qman__> ouch
<patdk-lap> well, generally, going >2tb with raid1 or raid5 is a bad idea
<patdk-lap> qman, it works well :) just backups
<qman__> ntfs is just plain awful in terms of performance
<patdk-lap> really suggest only using raid6 and 3way mirrors for that size
<qman__> I can't imagine how bad the fragmentation would be on 30TB
<patdk-lap> qman__, I'm getting a nice 1400MB/sec
<patdk-lap> qman__, fragmentation? on files >100gigs?
<vlad_starkov> I want to read about it to dig deeper file systems
<qman__> I guess it wouldn't be TOO bad if you _only_ have giant files
<patdk-lap> I did say, backups
<qman__> but windows just does absolutely retarded things on write
<qman__> brand new system install is something like 15% fragmented
<qman__> literally copy and paste from CD
<patdk-lap> well, copy/paste is a good method really
<patdk-lap> but in order to get that fragmented something else is going on
<qman__> yeah, the ntfs driver
<patdk-lap> it's better than the alternatives :)
<patdk-lap> fat12?
<vlad_starkov> Do you guys know who is the best on SSD market today?
<patdk-lap> !best
<ubottu> Usually, there is no single "best" application to perform a given task. It's up to you to choose, depending on your preferences, features you require, and other factors. Do NOT take polls in the channel. If you insist on getting people's opinions, ask BestBot in #ubuntu-bots.
<vlad_starkov> !best on the ssd market
<ubottu> vlad_starkov: I am only a bot, please don't think I'm intelligent :)
<vlad_starkov> )
<vlad_starkov> 586GB done, speed is 72Mbyte/sec
<vlad_starkov> Don't know is it normal result for 1TB drive?
<patdk-lap> 100mb/sec max speed
<patdk-lap> so 40mb/sec slow
<vlad_starkov> ok
<patdk-lap> your just over halfway
<patdk-lap> so you will see speed drop off good
<patdk-lap> but is that for hte whole array? or per disk?
<vlad_starkov> so while cloning there is 0 errors. Does it mean that disk does not contain BADs or BADs could be detected on write operation?
<vlad_starkov> I clone single 1Tb SATA2 drive to another exactly the same
<patdk-lap> well, that only means it didn't get a read error from the disk
<vlad_starkov> using GNU ddrescue
<patdk-lap> it doesn't mean the data it got from the disk was correct :)
<vlad_starkov> so errors classified to read and write?
<vlad_starkov> oh
<patdk-lap> disks are only suppost to return bad data 1 out of 10^14 times
<vlad_starkov> almost never
<patdk-lap> na, that would be enterprise disks, 1 out of 10^15 times
<patdk-lap> I have several bad data reads from disks
<qman__> with the size of modern disks, silent corruption is a real issue
<vlad_starkov> ok you convinced me: backups, backups, backups...
<qman__> if your data is important you need to verify it with good checksums
<vlad_starkov> qman__: I always wanted to ask, how checksum works?
<qman__> I wanted to go with zfs for the data integrity but it kept locking up my server
<qman__> a checksum, in its most basic form, adds up all the bits of a given set of data and returns the total
<qman__> in simple, small scale stuff like ECC, it just records whether a byte has an even or odd number of ones
<qman__> with more complex stuff like md5 or sha1, it performs a hashing algorithm on the data
<qman__> if any bits get flipped, the checksums won't add up the same
<vlad_starkov> that's interesting. A few days ago I learned how does SSL/TLS actually work
<qman__> in the case of large files and algorithms like md5 or sha1, collisions can and do happen, so you have to take more than just that string into consideration
<vlad_starkov> qman__: many times I downloaded files from Internet there was additional .md5 or .sha1 files with the same basename. How should I use these files to validate checksum on Ubuntu?
<qman__> while it's reasonably possible that any two given files could have the same checksum (and even likely in some cases), it's astronomically unlikely that two files of identical size with different data will match
<qman__> especially in the case of a handful of bit flips
<qman__> md5sum filename
<vlad_starkov> and then compare it with content of .md5 file? in case of sha1 what will be command?
<qman__> sha1sum
<qman__> you can also verify a burned disc that way, md5sum /dev/cdrom
<qman__> or whatever your disc drive is
<qman__> a properly burned iso will match exactly on-disc
<vlad_starkov> nice
<vlad_starkov> how do you know all these? how long do you use Linux?
<qman__> I first started taking it seriously around 2004
<qman__> my formal education is windows focused, but linux is my preferred operating system
<qman__> I also have some experience with solaris and freebsd
<vlad_starkov> qman__: I just started learn it seriously a three months ago. Reading book and all new. Runlevels was pretty complicated but I deal with them.
<vlad_starkov> The thing I still do not understand is mail system.
<qman__> runlevels don't really exist in ubuntu, upstart works differently
<vlad_starkov> Yep, I read it in the book)
<qman__> it still deals with them in order to support sysv-style software
<vlad_starkov> it's a bit harder when you learn something that has a history. Linux is such a thing. I think it should be much faster to learn new things when you have some experience.
<qman__> very much so
<vlad_starkov> qman__: you're right
<qman__> once you reach a certain level of knowledge, you can work toward pretty much any problem you encounter
<vlad_starkov> yepp
<qman__> you need a basic level of experience and knowledge of tools to work through problems
<qman__> coupled with good google skills, you can solve nearly anything
<vlad_starkov> I think you have to know a set of technologies. There's just a set of them that is a part of almost every product today. After you deal with them then you just have to keep up to date your knowledge.
<vlad_starkov> qman__: about SMART, is it really objective and helpful?
<qman__> yes
<qman__> it's not perfect, and you shouldn't expect disks to always warn you before they fail
<qman__> but around 9 out of 10 times, disks will show errors in the SMART log before they go
<qman__> giving you a nice heads-up
<vlad_starkov> how much time do I have after first disk error notification?
<qman__> could be a month, could be an hour
<qman__> the good news is, any errors in the SMART log normally qualify for RMA status
<qman__> except for temperature ones
<vlad_starkov> what is RMA?
<qman__> return to the manufacturer for replacement
<vlad_starkov> 730GB done; 64MByte/sec
<vlad_starkov> oh nice
<vlad_starkov> I heard WD gives 5 years warranty
<qman__> only on some drives
<vlad_starkov> 2 years at least
<qman__> only on some drives
<qman__> both manufacturers offer anywhere from 1 to 5 year warranties depending on the class of drive you purchase
<vlad_starkov> As I know many manufacturers gives at least 2 years
<vlad_starkov> server drives
<qman__> there are only two hard drive manufacturers, seagate and western digital
<qman__> they own all the other brands
<qman__> seagate bought samsung's hard drive division, and western digital bought hitachi
<qman__> there are only two hard drive manufacturers, seagate and western digital
<qman__> they own all the other brands
<qman__> seagate bought samsung's hard drive division, and western digital bought hitachi
<qman__> and I'm pretty sure fujitsu stepped out of hard drive manufacturing
<vlad_starkov> which one do you prefer?
<vlad_starkov> WD or Seagate?
<vlad_starkov> My faulty drive is Hitachi
<qman__> I don't really have much of a preference, I've lost the most seagates but I've also bought the most seagates
<qman__> my last purchase was WD reds, trying those out
<vlad_starkov> What's the difference between WD series?
<qman__> the warranty, mostly
<qman__> that, and blues and greens will probably not work with a hardware raid controller
<qman__> because they're designed specifically to not be
<qman__> I also recommend against any and all green drives
<qman__> they're by and large crap
<qman__> greens are intended for low-use patterns, such as external hard drives or a web-browsing desktop
<qman__> blues are intended for typical desktops, reds for NASes, blacks for high performance desktops, and then they have raid class drives for servers
<qman__> the raid class drives are a lot more expensive so I'm trying the reds, since that's pretty similar to the role my server plays
<qman__> my personal experience has been about 20% failure rate within the warranty period across all drives and manufacturers that I've purchased
<vlad_starkov> Ok that's valuable for me
<vlad_starkov> qman__: thanks for advices
<vlad_starkov> qman__: Success! I recovered my RAID1
<hXm> hello
<hXm> i have a dedicated server with a company, i wonder how can i manage the backups
<hXm> i could like use something like dropbox or google drive
<hXm> is that possible?
<jacobw> hXm: Hosting providers often offer some kind of backup service
<hXm> yes
<hXm> but in my case they only do it with a professional plan
<jacobw> Backup isn't a simple service
<hXm> i know
<hXm> but dropbox could be a temporary solution
<jacobw> http://lassebunk.dk/2011/03/16/linux-dropbox-remote-backup/
<jacobw> AFAIK, there's no offical Linux client for Google Drive
<hXm> gdrive gives 7gb, i thought it gave more
<hXm> i prefer dropbox since i have the free 20gb
<hXm> i installed dropbox with something like that, now i just want to know how to sync different folders
<mardraum> didn't google recently combine mail and gdrive amounts?
<mardraum> regardless if they did or didn't, your "backup solution" still sucks :P
<hXm> haha i know :)
<hXm> i just dont want to lose something before than i decide if switch to pro or not
<hXm> EstÃ¡s utilizando 6 MB de 5 GB (0 MB en la Papelera).
<hXm> still 5gb even
<hXm> google drive sucks more than my backup
<mardraum> why not just use rsync to home?
<hXm> my home to where, an external hd?
<mardraum> I don't know about your home
<hXm> is a remote dedicated server
<mardraum> that's nice
<mardraum> why not rsync your settings from your remote dedicated server to home?
<hXm> that means incremental backups in cron, isnt?
<hXm> subversion service are so cool, they doesnt lose a line of typed code
<mardraum> yes, you can run rsync from cron, I don't understand your question
<mardraum> if you don;t know what rsync is, you really should go and learn
<hXm> what i mean is, rsync requires a cron, then is not real-time backup
<hXm> did i explain it right now?
<hXm> dont be rude, i have neuronal deficit because im spanish
<jacobw> hXm: What are you backing up?
<hXm> jacobw: sites, sql databases and few tcl scripts
<jacobw> For the code, you should consider developing with git on your workstation and pushing to your server, or pushing to a repository on your server and cloning the repository to your working directories
<jacobw> Are you dumping the MySQL databases to SQL files with cron?
<hXm> i use transact-sql
<hXm> yep, with cron
<hXm> about the git i tried configure it twice, then i gave up (in this case i also still live with the dropbox crap-solution)
<hXm> i know git is easy to configure and use but for some reason it wont work for
<hXm> i didnt paid much attention so probably thats the fault
<hXm> i hope the day had 32 hours instead
<Senor> how can I communicate with memcache server ?
<jacobw> hXm: What problem did you have with Git? It's a bit counter intuitive the first time but there's a lot Git users here and in #git
<jacobw> hXm: Check out gitref.org and https://www.youtube.com/watch?v=ZDR433b0HJY
<hXm> jacobw: im watching it right now
<hXm> do you know if google apps support git hosting?
<jacobw> hXm: A git repository is just a directory, so you can put it anywhere that supports file storage, but I don't think any Google Apps integrate with Git right now
<bitbyte> hey guys can you help me find a way to get apt-get working agian
<bitbyte> keep getting issues with E: Problem with MergeList /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_quantal-security_main_i18n_Translation-en
<andol> bitbyte: try apt-get --list-cleanup update
<bitbyte> ill give that a shot now
<andol> bitbyte: Otherwise you can try manually deleting the problematic file. Those files in that directory (/var/lib/apt/lists) will be recreated upon apt-get update
<bitbyte> andol: i get bitbyte@bitbyte-core:~$ sudo apt-get -list -cleanup update
<bitbyte> E: Command line option âlâ [from -list] is not known.
<andol> bitbyte: That wasn't the option I gave you :P
<andol> apt-get --list-cleanup update
<bitbyte> haha sorry my eye sights bad,
<bitbyte> but just removed the file and went through
<bitbyte> removing the file seemed to work
<bitbyte> mmmmmm any reason why the package list would fall over ?
<andol> bitbyte: Well, could have been some hickup on the repo server, and hat you managed to try to download the old version of that file at the very wrong moment, or perhaps that cron was making an apt-get update in the background while you rebooted the machine, or perhaps your local disk going bad, or something else.
<bitbyte> mmmm
<bitbyte> well thanks for getting back to me
<bitbyte> I'm following this guide
<bitbyte> http://www.thefanclub.co.za/how-to/how-setup-ubuntu-business-box-server-ubb-part-1
<bitbyte> to setup my server for a test
<andol> bitbyte: Unless that same thing happen again, I wouldn't worry about it.
<bitbyte> andol: thanks for taking a look :)
<ruben231> hi guys i have a ubuntu server with 250GB HDD only setup to entired disk used with LVM and i have added a new HDD 2 terbytes, how do i configure this and add it to the curent storage somehow..?
<patdk-lap> add it?
<patdk-lap> you mean you want to do like a raid0? where if one disk fails it all fails?
<patdk-lap> pvcreate, vgadd, lvextend
<ruben231>  patdk-lap: just wanted to increase the existing HDD storage..how
<ruben231> patdk-lap: this is my output after i conencetd the additonal HDD --> http://pastebin.com/mxHgdK55
<ruben231> guys any help
<bugzc> hey, anyone with experience in bonding nics? I'm having some issues where im guessing one of the interfaces isnt coming up in time and im getting a message saying something along the lines of 'waiting up to 60 more seconds for network'. after the message it boots into the server fine. no mac address associated w/ bond0. im using mode0 bond and 3 nics teamed up. ubuntu 12.04.2LTS. more or less a clean install.
<RoyK> bugzc: have been (and still are) using bonding, yes
<RoyK> bugzc: what is mode0?
<RoyK> balance-rr it seems
 * RoyK likes the text-based names better 
<RoyK> bugzc: I haven't used balance-rr, though. Currently using active-backup, and have used LACP earlier
<patdk-lap> how is it connected?
<patdk-lap> hopefully not to a switch
<bugzc> all ethernet cards are connected to a cisco unmanaged switch
<patdk-lap> hmm, balance-rr doesn't work that way
<patdk-lap> no wonder
<RoyK> bugzc: get a managed switch and use LACP
<bugzc> What Im trying to achieve is network aggregation so bandwidth is provided/shared by all nics
<RoyK> yes, that works rather well with LACP
<bugzc> Cant replace the switch here. Gotta work with what ive got, unfortunately
<patdk-lap> heh? just use tlb mode
<patdk-lap> or alb, but alb causes issues with lots of things
<patdk-lap> if you need reliable incoming balancing, lacp is best
<patdk-lap> outgoing only, tlb works good
<bugzc> it's basically a caching proxy
<patdk-lap> and that means to me? nothing?
<RoyK> well, it should be mostly outgoing, then
<bugzc> well it needs to provide a lot of bandwidth, thats what I mean. But not much for incoming
<RoyK> try tlb
<RoyK> but
<RoyK> if you need >1Gbps for a caching proxy, why on earth don't you have a managed switch?
<bugzc> because there is no budget and im improvising :)
<RoyK> http://www.ebay.com/itm/CISCO-WS-C2950T-24-CATALYST-SWITCH-10-100B-TX-1000Base-T-GIGABIT-UPLINKS-MANAGED-/290839605531?pt=US_Network_Switches&hash=item43b764311b
<RoyK> well, not gigabit, though
<RoyK> but you can get them quite cheap
<RoyK> and managed switches save you a *lot* of headache
<bugzc> aye but the company wont let me expense anything any time soon, alas. So my priority right now is to improvise and get bonding to work. I have it working quite nicely on my windows server with Intel nics.
<RoyK> what sort of bonding do you use on windoze_
<RoyK> ?
<patdk-lap> well, windows only supports failback and lacp I think
<bugzc> the intel nic driver supports aggregation+fallback
<bugzc> yes but Intel has a proprietary driver for that
<patdk-lap> so does hp
<bugzc> so im getting a 2gbps link shared for samba etc
<patdk-lap> the hp one does lots of options
<patdk-lap> heh?
<patdk-lap> it's doing lacp without confirming it with the switch
<patdk-lap> so it's basically doing tlb
<bugzc> nice
<bugzc> seems so
<bugzc> Alright let me set it up as tlb and see what I get here
<RoyK> bugzc: but really, tell your boss you need a managed switch
<bugzc> I have many times lol
<patdk-lap> a managed 10gbit 24port switch
<RoyK> do you have an internet link > 1Gbps and no managed switches?
<RoyK> patdk-lap: we have a few ;)
<RoyK> patdk-lap: 10Gbps internet access from work...
<patdk-lap> royk, I'm close to getting one (for home)
 * RoyK wonders who might need 10Gbps at home
<patdk-lap> I  could use 100gbit, but that is kind of pricy
<RoyK> patdk-lap: infiniband?
<patdk-lap> ya, I have infiniband
<RoyK> ok
<patdk-lap> but attempting to drop it
<RoyK> trying to cut down? ;)
<patdk-lap> just not worth the pain of keeping it working, and playing with it's compatability issues
<bugzc> Aye :/
<bugzc> I wonder why all the samples/docs use mode balance-rr
<KennettAZ> I'm trying to follow this page http://manpages.ubuntu.com/manpages/raring/man4/sge.4freebsd.html  but I've never compiled a driver.
<bugzc> Looks like switching to tlb did not resolve the problem
<RoyK> well, then, LACP!
<RoyK> bugzc: if you have 10G connectivity to the net, you're bound to have a managed switch
<bugzc> it's 1gbps
<RoyK> then why do you need >1gpbs to the proxy?
<bugzc> the proxy is running a raid stripe with a large cache of commonly accessed objects
<bugzc> so clients download them through the transparent proxy instead of WAN
<RoyK> yes, but the bottleneck isn't the network connection to the server if the internet connection is 1Gbps
<bugzc> no no the WAN is not 1gbps lol
<RoyK> was this a forward proxy or reverse proxy?
<RoyK> bugzc: do you monitor the network use on this proxy?
<bugzc> it's squid3 with caching enabled and http traffic redirected through it
<RoyK> usually networking isn't a bottleneck for squid - often memory or I/O
<bugzc> Aye. but I want at least a 2gb link for the large files. This serves a dual purpose as I am setting up something similar for a different use case elsewhere. Here it's not as critical
<RoyK> just get a managed switch, then
<RoyK> LACP is well tested
<RoyK> well proven
<RoyK> it works
<bugzc> that's not really a solution as it's not an option for me
<bugzc> I would gladly get one if the guys higher up gave me the budget to do so
<RoyK> well, tell them there's no other options
<RoyK> you have indeed tried
<bugzc> Well, how come it works just fine with the intel software? I have also seen it done on centos with a similar configuration
<mardraum> seen exactly what done?
<bugzc> I did stumble onto this bug specific to 12.04: https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/839595
<RoyK> I somewhat wonder why someone couldn't afford a managed switch to make a proper setup when you need >1Gbps
<uvirtbot> Launchpad bug 839595 in upstart "failsafe.conf's 30 second time out is too low" [High,Fix released]
<bugzc> RoyK: Overe here it's more of a want than a need. It will save me time. That's why it's not high priority for the higher ups :)
<RoyK> what sort of company is this?
<bugzc> it's a computer service place, nothing fancy
<RoyK> well, it's rather bad if they want you to create a good solution and can't even get a managed switch for something like $500
<KennettAZ> I could use some help compiling a kernel
<RoyK> !ask | KennettAZ
<ubottu> KennettAZ: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<bugzc> RoyK: agreed, but again, not in my control heh
<RoyK> heh
<RoyK> bugzc: but what makes you think 2x1Gbps will make things go faster? Usually bandwidth to a squid proxy isn't the bottleneck
<KennettAZ> I'm  new to linux and I need help with this.  http://manpages.ubuntu.com/manpages/raring/man4/sge.4freebsd.html
<bugzc> So right now after waiting for the 60 sec thing it boots up and im getting no mac addr but im getting an IP i can ping. if i bring down eth0(not part of team) and try to ping the router it fails.
<bugzc> RoyK: Well imagine 15 clients needing to download windows updates at the same time.
<RoyK> bugzc: 1Gbps is still rather a lot
<bugzc> time is money :)
<RoyK> bugzc: if time is money, get a proper switch
<RoyK> bugzc: as in *really* - you'll spend hours/days to work out something that may work, or may not, and the time you spent (time is money) could be used on a proper switch instead
<RoyK> we considered replacing VMware with KVM, because KVM is so much cheaper, but decided managing KVM was much more time consuming than VMware, and we still run VMware
<RoyK> same thing
<bekks> And there is no professional support for KVM in case of need.
<RoyK> from redhat there is
<RoyK> but then, kvm from redhat is about as expensive as vmware
<RoyK> and there are consultants around that can help
<RoyK> but still, paying for good software or hardware pays in the long run
<bugzc> Well the problem is that this is a pet project of mine. it serves a dual purpose since there is something similar I want to set up elsewhere. So the company isnt spending much if anything on my time per se
<bugzc> i understand what you're saying but it's just not happening in my case alas
<RoyK> then get a managed switch second hand from ebay or something
<bekks> RoyK: You're better off using vmware then. :)
<bugzc> RoyK: That would mean paying out of pocket
<RoyK> you get them rather cheap, and you learn a bit more :)
<RoyK> bugzc: if it's a private project, sure, but not sure what you mean
<bugzc> Even $100 would be a bit of a stretch for me right now
<bekks> If its a private project, which isnt used for business purposes, you could use vbox, too.
<bugzc> it's a pet project that the business approved as long as I dont spend a lot of money on it and it proves fruitful. The whole proxy thing is, not the teaming bit. The teaming was an idea for a bit more optimisation.
<RoyK> bugzc: monitor network traffic first
<RoyK> bugzc: I really doubt you need more than 1Gbps for a proxy
<RoyK> bugzc: install munin or something to see the actual traffic levels
<bugzc> RoyK: traffic isnt a huge issue right now, though there are peak times, but this box will also be running PXE deployment very soon at which point it will become more of a problem
<bugzc> RoyK: So instead of using one nic for PXE and one nic for squid, the idea was to aggregate and balance etc
<RoyK> bugzc: I see, but I still would recommend using something standardised like LACP. Saves you a headache or three
<bugzc> RoyK: I appreciate that and when I have the budget a managed switch will be my first investment. But how would you explain this: I did the same thing on a ESXI5.1 VM with 4 nics, 3 of them teamed in LACP, and it was doing the same thing. ESXI virtual switch supports LACP natively
<bugzc> Any other ideas? :)
<bitbyte> any ideas of how to add noip2 into cron so it will update on its own
<bitbyte> I've followed all the guides and it just seems to never update
<RoyK> bugzc: really, I don't understand why you don't get a proper switch. non-managed stuff isn't meant for production
<bugzc> RoyK: that's one issue. But now Im talking about a setup /with/ a managed switch - and it was the same exact outcome
<RoyK> bugzc: if you have a managed switch, enable LACP on those ports
<RoyK> LACP needs to be configured at both ends
<RoyK> there's no automatic magic at this level
<RoyK> or layer
<bugzc> RoyK: *facepalm* :)
<RoyK> :)
<bugzc> I thought though on the bond driver end it would be oblivious to all that with a static ip configuration
<bugzc> not with LACP but the other modes ive tried like tlb/rr
<zanzacar> I was looking for a way to monitor directories. I was thinking about using inotify but I can't seem to figure it all out. Is inotify already on my system because I tried apt-get inotify and that didn't do anything.
<RoyK> zanzacar: inotify is there
<RoyK> zanzacar: what sort of monitoring are you trying to do?
<zanzacar> I created a sftp chroot account and I wanted to be able to monitor it to see for uploaded files. Instead of checking through it every so often.
 * RoyK wrote this little perl thing some time ago to monitor an ftp server's incoming dir
<zanzacar> RoyK: did you write this? http://jmorano.moretrix.com/2012/03/watch-directory-uploaded-files/
<RoyK> zanzacar: you can script that easily
<RoyK> no, not me
<zanzacar> that is one of the things I saw, but since I am much more familar and like python more i figured this would work http://pyinotify.sourceforge.net/
<RoyK> zanzacar: you setup a monitor for the directory and wait for a create, when that happens, setup another for the file created and monitor for file close, then do your stuff
<zanzacar> seems reasonable. but all this is based off inotify correct?
<germanstudent> Hey. I set up a WebDAV virtual host for apache2. Now I can only delete / change files in that webdav folder if I change permissions to 777. Is there another way to avoid getting 403 forbidden in my WebDAV client?
<RoyK> zanzacar: you hook up to the inotify in kernels, yes
<RoyK> germanstudent: not sure, perhaps some can tell at #httpd
<zanzacar> RoyK: ok so inotify isn't something I can run by myself from the terminal since it is already part of the kernel.
<germanstudent> Thanks RoyK
<RoyK> zanzacar: inotify is a kernel interface, so no, it's not a userspace thing
<RoyK> or kernel api or whatever
<zanzacar> interesting this is all new to me
<RoyK> http://en.wikipedia.org/wiki/Inotify
<RoyK> there are APIs for most programming languages
<zanzacar> cool thanks I will have to read up on it. Thank you.
<RoyK> so pick your choice - python? perl? c?
<zanzacar> I have always enjoyed python
<RoyK> then stick to it :)
 * RoyK sticks to perl
<RoyK> out of old habit
<zanzacar> gotcha, I don't know perl I only know python and it hasn't failed me yet.
<RoyK> then just use it :)
 * RoyK doesn't like wars, neither distro wars, programming language wars or otherwise
<RoyK> editor wars, though...
<zanzacar> ya for sure. thank you for your help. Now that I know what I am dealing with I can move forward. I appreciate it.
<zanzacar> not sure what an editor war is.
<RoyK> :)
<RoyK> well, talks about vim versus emacs are common
 * RoyK is higly addicted to vim
<zanzacar> gotcha gotcha gotcha I definetly can say I enjoy vim over anything else.
<ScottK> Nothing to have an editor war about really.  The Emacs people are just wrong.
<ScottK> ;-)
<RoyK> ScottK++
<zanzacar> haha
<zanzacar> well thanks I really appreciate the help/nudge in the correct direction. Always appreciated.
<bitbyte> any of you guys know libmemcache6 ?
<bitbyte> or to my question above any one good with aptitude
<bitbyte> I've got a package which seems its missing form there
<bitbyte> from*
<ScottK> bitbyte: What's the exact error you're getting?  Please pastebin it.
<bitbyte> http://pastebin.com/ksn1XZvq
<bitbyte> its on paste bin in there
<bitbyte> when trying to apt-get sogo
<ScottK> looking
<ScottK> bitbyte: What release are you on?
<bitbyte> Ubuntu 12.10 (GNU/Linux 3.5.0-28-generic x86_64)
<ScottK> bitbyte: The sogo in 12.10 depends on libmemcached10, which does exist.  Where are you trying to get the package from?
<bitbyte> I'm following http://www.thefanclub.co.za/how-to/how-setup-ubuntu-business-box-server-ubb-part-2
<bitbyte> and just doing command sudo apt-get install sogo sope4.9-gdl1-mysql memcached rpl
<ScottK> bitbyte: Those instructions tell you to add deb http://inverse.ca/ubuntu precise precise to your sources.list.
<ScottK> You aren't on precise, so sogo built for precise (12.04) isn't installable on 12.10 due to the libmemcached library change.
<ScottK> I'd check and see if they have a package for quantal.
<bitbyte> so in theory if i change the package to precise it should install
<ScottK> In theory, yes, but then you're using memcached which is using the newer libmemcached and so it starts to get complicated.
<ScottK> Alternately, remove that repository, sudo apt-get update and then sudo apt-get install sogo
<ScottK> sogo wasn't in the official repositories fro 12.04, but it is for 12.10.
<bitbyte> ok well ill try removing and see how it goes
<bitbyte> thanks
<bitbyte> well soho is installing but it does complain about not finding sope4.9-gdl1-mysql
<RoyK> bitbyte: I'd recommend using LTS releases for servers :P
<bitbyte> they should already be there
<ScottK> Or at least if you're following a guide for 12.04 and are on 12.10, you should expect to have to make some adjustments.
<patdk-lap> heh, some :)
<bitbyte> http://pastebin.com/VHjPzT6Z
<bitbyte> there the packages on right now
<bitbyte> thanks for the help anyway guys ill tinker later with it
<aarcane> I've got about 2 dozen packages on my server tagged as ip or id.  THey show up in aptitude search '~g', but when I try to purge them, using aptitude purge '~g', nothing is purged.
<maxb> Those letter codes don't seem quite right to me if they are what I guess them to be...... are you sure / give more context?
<maxb> Oh, right
<maxb> How helpful, aptitude uses similar yet different codes to dpkg
<maxb> Well, if you want to review and run pending aptitude actions, I'd say using the interactive aptitude UI is the nicest way, though you could also go for 'aptitude install'
<germanstudent> Is there any way to get inotify working for remote FUSE/sshfs directorys
<yofun> can i reinstall my VPS server via ssh. from ubuntu 12.10 x86_64 to ubuntu 12.10 x86?
<Ben64> no
<Ben64> why would you even want to
<yofun> Ben64:  becasue the service im trying to run works better on 32bit and atm i cant access my VPS control panel
<wting> Hey, my Ubuntu server keeps freezing every 30 minutes and I need to do a hard reboot. How do I diagnose random crashes?
<wting> I thought it might be the native zfs package, but I've been stress testing my pool and I can't crash it. However running rtorrent will consistently crash within an hour.
<wting> I've uploaded the kern.log here, not sure what other logs are important: http://temp.ancientpc.net/kern.log
<RobbyF> qexit
<RobbyF> wrong window.
<krys> anyone feel like helpping me with a system that wont boot?
<krys> after the grub menu it just reboots, doesnt give me any error
<krys> already tried repairing grub with the rescue-disk
<krys> i have the disk mounted on another system and can access the file system, so its not a disk issue
<krys> nobody home?
<lenios> krys, can you modify grub options?
<lenios> i mean, modify the linux line on the grub entry
<bugzc> RoyK: thanks for the assistance earlier and thanks to everyone else.
<krys> lenios: probably
<krys> what should I try?
<krys> i used the boot-repair disk already thinking that would fix it but it didny
<krys> ditn*
<krys> didnt*
<krys> i just dont understand why i dont get any error messages or anything
<krys> weird, i ran all grub commands manually expecting to see an error message, same thing... no error just an reboot
#ubuntu-server 2013-05-19
<krys> any vmlinuz or initrd gurus out there? I feel like mine might be corrupted and thats why i cant boot
<yofun> how can i search for "Failed launched: No such file or directory" in *.log files in ssh?
<mardraum> yofun: grep
<bigbrovar> Hi guys trying to incease the ulimt on ubuntu for a tomcat user I created
<bigbrovar> ulimit -n for this users hows 1024
<bigbrovar> but when I cat /proc/sys/fs/file-max the limit is set to 599191
<enraged> If I have, let's say, 10 servers that I want to control over SSH from a remote location, would it be more secure to have 1 server act as a key server which I access over the internet, and then after connecting to the key server, port forward to the other 9 servers OR simply carry keys for all 10 servers and connect to each one independantly?
<RoyK> well, if that one server is compromised, the attacker will have full access to the others ;)
<enraged> Exactly my concern.
<enraged> So you would agree it would be better to have each server accessed independantly?
<RoyK> maybe
<RoyK> but if you have a common ssh server, you can close ssh from the net from the others
<RoyK> not sure what's best
<enraged> Theoretically couldn't I run clusterSSH to shutdown all 10 servers at the same time?
<enraged> Ofcourse I'd need to be local to bring them all back online, but in an emergency situation where security rather then accessibility is the concern, that should work?
<RoyK> if  an attacker gets root, he or she probably won't shut down the systems but rather plant a rootkit there
<RoyK> I guess a common login server should be easier to manage
<RoyK> then setup the others to block ssh access from the net
<RoyK> setup the login server with denyhosts/fail2ban/something
<RoyK> and make sure it's updated regularly, and not running any other services
<enraged> Exactly my thinking
<enraged> Whatever the setup for security was on the key server I was going to install on each of the 10 servers independantly if I didn't bother going with the key server
<enraged> And then I hoped to manage them over cluster SSH
<enraged> So yeah, fail2ban, SSHkeys with no password access, standard stuff
<RoyK> denyhosts may be better - supports distributed ban lists
<enraged> mm
<enraged> 1 last question - Since this is my first time having to remote SSH to my servers, I can normally run clusterSSH on a Ubuntu desktop which has a GUI, however, I am travelling with a Windows laptop. If I connect by SSH to the key server, with Putty, can I run clusterSSH in the terminal because all references I can find to it online mention the opening of a terminal for each server with 1 terminal acting as the main,
<enraged> Sorry, does Cluster SSH work over a Putty terminal?
<enraged> Assumably if I connect to a key server with ClusterSSH installed
<RoyK> http://paste.ubuntu.com/5681058/ <-- nice drive size
<qman__> nice
<RoyK> seems a disk died :)
<Jeruvy> Trying to ping INTO server, noticed shorewall is installed, is there a quick way to disable this for testing?
<RoyK> Jeruvy: iptables -F INPUT
<RoyK> or something
<Jeruvy> RoyK thank you that worked.
<Jeruvy> I see I'm going to have to brush up on this.  Cheers!
<Syria> Hello! I have a VPS , Can I know if other users are using Tunnels and browsing websites using socks proxy through it?
<RoyK> User Capacity:        600,332,565,813,390,450 bytes [600 PB]
<James_Epp> How can I make the tftpd-hpa service start on boot? I edited /etc/default/tftpd-hpa to include 'RUN_DAEMON="yes"' but this does not resolve my issue.
#ubuntu-server 2014-05-12
<Guest23784> Is there anybody here who could help me with manual compiling and installing of openssl version 1.0.0f on ubuntu compiled before heartbleed vulnerability. I have read docs but am still unsuccessful "make: *** [install_docs] Error 255". Im just really stuck and annoyed after trying 2-3 days.
<networkadmin> Any direction anyone can point me would be great "Guest23784"
<teward> networkadmin, it'd be helpful if you had provided us with more logs
<teward> the error's probably listed in those somewhere
<networkadmin> Thanks, ill provide you with what I can get. sec
<networkadmin> Im going to come back with as much details as I can later. All I have at the moment is this
<networkadmin> cms.pod around line 457: Expected text after =item, not a number
<networkadmin> cms.pod around line 461: Expected text after =item, not a number
<networkadmin> cms.pod around line 465: Expected text after =item, not a number
<networkadmin> cms.pod around line 470: Expected text after =item, not a number
<networkadmin> cms.pod around line 474: Expected text after =item, not a number
<networkadmin> POD document had syntax errors at /usr/bin/pod2man line 71.
<networkadmin> make: *** [install_docs] Error 255
<teward> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<networkadmin> Sorry, ill be sure not to do that again. Before I go and investigate this a little more, since compiling openssl requires perl, should I be concerned about perl setting locale errors? http://paste.ubuntu.com/7449955/
<xeno_> Okay, we finally got the command in, and update-manager-core is latest version.
<xeno_> But apt doesn't see a do-release-upgrade.
<xeno_> Direct command says no new release found.
<xeno_> Can anyone tell me how to get my Terminals to have the full set of control buttons, like full page, minimize, disappear?  All I have is the x button now for deletion.
<fun> apt-get purge desktop
<fun> to remove it
<fun> then install again
<xeno_> Ok.  I'll try that.
<xeno_> Can anyone tell me what the command is to get a full list of --config options for the present machine for update-alternativers --config?
<xeno_> Can anyone tell me what the command is to get a full list of --config options for the present machine for update-alternativers --config?
<DefunctProcessZZ> is there no minidlna package in the repos?
<pleia2> DefunctProcessZZ: there used to be, looks like it was synced from debian and debian has since dropped it from testing, so it never made it over for 14.04
<pleia2> https://packages.debian.org/search?keywords=minidlna
<pleia2> issues here: http://packages.qa.debian.org/m/minidlna.html
<DefunctProcessZZ> pleia2: ty
<pleia2> DefunctProcessZZ: sure thing, I use it as well so that's good to know
<Sebas_> hey! :)
<Sebas_> someone knows if there is a all-in-one openstack install other than devstack ?
<Macer> is there anythign similar to fbsd jails in ubuntu ?
<Macer> something that isn't just a chroot
<sarnold> Macer: lxc https://help.ubuntu.com/lts/serverguide/lxc.html
<Macer> oh.
<Macer> sarnold: awesome thanks
<sarnold> Macer: this may be a nicer introduction: https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/
<Macer> that's great :) appreciate it
<lordievader> Good morning.
<pmatulis> morning
<lordievader> Hey pmatulis
<championofcyrodi> Hello.  Curious if anyone has seen this issue: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1316320
<uvirtbot> Launchpad bug 1316320 in unity "Screen Lock does not prompt for password" [Undecided,New]
<patdk-wk> nope, works for me
<championofcyrodi> I'm thinking perhaps because the ubuntu server does not have unity desktop installed, the thick client is failing to start the process(es) on the terminal server to support the LDM session controls.
<championofcyrodi> it seems like almost all processes run locally on a thick/fat client... However, since users are authenticated on the terminal server, I'm trying to understand how the client image is supposed to authenticate users when the screen locks, etc.  Anyone know where these logs are?
<championofcyrodi> (for LTSP clients)
<gigirock> Hi all. I have a 64 bit server 14.04 updated. I need ssh login as root. I already edited sshd_config with 'PermitRootLogin yes' but nothing is changed ,since i have always 'acces denied' trying to login from a putty client on win7 machine on the same lan network
<championofcyrodi> gigirock:  is there anything in /var/log/syslog ?
<championofcyrodi> sorry, /var/log/auth.log
<gigirock> ..mmmmh meeting
<lunaphyte_> hi.  i have a number of computers on which i've noticed that i can never get /proc/sys/kernel/random/entropy_avail higher than 4067.  i'm wondering how i might be able to figure out why this is
<lunaphyte_> the symptom is that, when using haveged with -w 4096, haveged ends up consuming 100% cpu
<patdk-wk> hmm, the kernel only has 4k entropy buffer
<patdk-wk> so >4000 is basically 100% full
<lunaphyte_> ah, interesting.
<patdk-wk> normally, I just shoot for 2k full
<lunaphyte_> yeah.  i was just playing around, experimenting
<lunaphyte_> where is there documentation of the kernel's entropy buffer, specifically its size?
<bitbyte_> hey guys, im trying to figure out how to rename files in bulk to take out âpt â any ideas on where to start
<remix_tj> bitbyte_: man rename
<lunaphyte_> cat /proc/sys/kernel/random/poolsize says 4096 here
<lunaphyte_> "The read-only file entropy_avail gives the available entropy.  Normally, this will be 4096 (bits), a full entropy pool."
<lunaphyte_> "The file poolsize gives the size of the entropy pool."
<xerxas> Hi all ! I want tu mkfs.btrfs a block device but I get "Device or resource busy"
<xerxas> the device isn't mounted, lsof doesn't see any open files on the device
<xerxas> the device is for now an ext3 and was mounted , the only thing I find is a kernel thread named [jbd2/xvdb-8]
<xerxas> is it the culprit process for the device being busy ? how do I stop it ?
<BLZbubba> is it part of an mdraid or anything like that?
<BLZbubba> ok what is the fastest way to transfer a file between two machines, that isn't painful to set up?  I have a 40 gigabit network but my usual transfer methods like scp, wget, even netcat are CPU bound due to being single threaded
<BLZbubba> so far nfs is the winner, believe it or not, but it is annoying to go through that when I just want scp
<patdk-wk> heh?
<patdk-wk> well, ya, nfs should be the fastest, expecially if you support nfs/rdma
<tomixxx7> hi, i have two nics in my server pc: eth0 and eth1. i have only configured eth1 in "etc/network/interfaces", however, i get my ip and i-net access always from eth0! how is that possible?
<patdk-wk> other options is ssh+hpa
<patdk-wk> BLZbubba, and did you properly tune your tcp stack at both ends?
<rbasak> BLZbubba: that's a good question. I imagine something like netcat that can use sendfile(2) would be the fastest. I don't know of any such tool, though.
<rbasak> Sounds like it could be a useful addition to socat.
<BLZbubba> patdk-wk: yeah it works pretty well with things like iperf and nfs
<BLZbubba> time to google for socat
<rbasak> socat is sort of like a multilingual netcat on steroids.
<genii> tomixxx7: Probably because you still have the stanzas in there like "auto eth0" and possibly "iface eth0 inet dhcp"
<tomixxx7> genii: no, definity not. i have only configured "auto eth1 \n iface eth1 inet static ... "
<tomixxx7> genii: now i have removed the cable from eth0 and now everythings works fine with eth1
<tomixxx7> genii: strange, not? ^^
<genii> tomixxx7: It's unusual, yes.
<DenBeiren> I am trying to configure a bond on my 12.04 server
<DenBeiren> i'm using this config : http://pastie.org/9168848 but it doesn't seem to work
<DenBeiren> any hints on where i am going wrong?
<patdk-wk> DenBeiren, bond-slaves none
<DenBeiren> on the last line?
<patdk-wk> I guess
<patdk-wk>  but as the whole thing is commented out, not likely to work
<DenBeiren> i know,.. but i have two scenario's in my conf file,.. one is failsafe, one is testing bond :-)
<DenBeiren> patdk-wk: tried and restarting network
<DenBeiren> patdk-wk: works!!
<DenBeiren> thanks
<rbasak> lutostag: fancy taking a look at bug 1318660? Seems to me it might be a good bug to get started with maas packaging.
<uvirtbot> Launchpad bug 1318660 in maas "trying to overwrite '/usr/lib/python2.7/dist-packages/apiclient/__init__.py', which is also in package python-googleapi 1.2-2" [High,New] https://launchpad.net/bugs/1318660
<lutostag> rbasak: sure thing
<rbasak> Thanks!
<zop_> Hello
<zop_> I have just aquired a HP microserver g7 nl54
<zop_> and i was wondering if ubuntu 12.04 server would work on it?
<zop_> Also HP seems to provide some BIOS update
<zop_> http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=5336618&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalState%3Didx%253D4%257CswItem%253DMTX_57720d956df94dfcbaa0e28256%257CswEnvOID%253D4168%257CitemLocale%253D%257CswLang%253D%257Cmode%253D4%257Caction%253DdriverDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.v
<zop_> ignette.cachetoken
<zop_> It seems to only fix something related to windows server, so i woudnt be needing that right??
<sarnold> heh, I've already visited a newegg.com page about that little machine. probably one of my pals bought one to run ubuntu on it. looks promising.
<zop_> So yay?
<zop_> I say one forum post saying it runs so i am just curios
<sarnold> probably yay :) if 12.04 LTS doesn't work 14.04 LTS really should work.
<zop_> what about 12.10
<zop_> ?
<zop_> Is it even out?
<sarnold> 12.04 is slightly complicated by the different point releases that have been made since initial release, those include newer hardware enablement kernels; the first 12.04 images didn't support secure-boot systems, but newer ones should..
<sarnold> zop_: 12.10 has only supported for another four days
<sarnold> me english good :)
<sarnold> zop_: https://wiki.ubuntu.com/Releases
<zop_> Oh wow
<zop_> Thanks for that!
<zop_> So wait
<zop_> How do i find out if my box has secure boot?
<sarnold> your best choices are 12.04 if you're relatively conservative or 14.04 if you're a slight touch more adventurous or don't want to upgrade again in another two years.. :) hehe
<sarnold> zop_: probably it'll be an option in the bios that you can turn on or off; not all systems let you turn it off, so those may not put it in the bios..
<fridaynext> when ubuntu says a system restart is required, are the kernel updates that necessitate that usually security related?
<zop_> Ok thanks
<zop_> I would love to install libre boot on it
<zop_> since i dont trust whats in there
<sarnold> fridaynext: I suspect every kernel update includes security updates, but I'm not 100% positive of that. of course different bugs have different chances of exploitability, but iirc the most recent kernel includes an update for a vulnerability with an exploit already available
<fridaynext> thanks sarnold.
<fridaynext> Just wondering when the best time is to reboot my server, since most of the sites on it get pretty good traffic, especially at night.
<fridaynext> and it seems there are more and more kernel updates lately.
<zop_> While on topic, would it be possible to install 12.04, on a fresh box, with no screen?
<zop_> i.e: do the actuall install headless?
<sarnold> zop_: does that little machine do someting like integrated lights out or some other mechanism to e.g. serial console or vnc to it?
<dasjoe> The N54L does not come with ILO
<sarnold> zop_: there may be other options but I know even less about those...
<dasjoe> It's an optional PCI(e?)-card
<zop_> i dont think so
<sarnold> fridaynext: best would be to have multiple machines you could update in a rolling fashion..
<dasjoe> zop_: Why do you want to install 12.04 when 14.04 has been released by now? :)
<zop_> So i am best of just sticking a cable in it and doing it by screen i guesss
<zop_> sarnold	your best choices are 12.04 if you're relatively conservative or 14.04 if you're a slight touch more adventurous or don't want to upgrade again in another two years..hehe
<dasjoe> zop_: I have had good success with my N54L, as a matter of fact I'm working on it right now
<fridaynext> sarnold: interesting.
<zop_> Hey
<zop_> Because of that
<zop_> Did you do the BIOS update?
<zop_> The one on the HP website
<dasjoe> Yes, I applied that update
<zop_> The one that needs to go to a USB key yes?
<zop_> Also are you using 32 bit or 64 bit?
<dasjoe> All HP BIOS updates I did installed from a USB key, yes
<dasjoe> zop_: I'm running a 64 bit 14.04 on a ZFS / on it, I've got 4 GB RAM in the box
<zop_> Do you know what the bios update actually fixes?
<zop_> yes i am sticking 8GB in it
<sarnold> dasjoe: zfs / ? ooooo
<zop_> so i should go with 64 bit?
<sarnold> zop_: yeah, 64bit is probably the best choice these days, it enables so many cool CPU features that the slight size increase of pointers is usually outweighed by better performance all around
<zop_> Also why would i want ZFS? Never heard about it, just reading about it now
<zop_> Ok
<dasjoe> zop_: there's no reason not to use 64 bit software on machines which support it
<zop_> btw, this is basically going to be a torrent/media box
<zop_> download stuff and serve it up to my raspebery pi
<zop_> pis*
<dasjoe> zop_: ZFS is a "next-generation" file system with integrated checksums and other nice stuff. I've been using it for a while, but you're probably better off with a normal Ubuntu Server installation, as in / as ext4
<zop_> ahh yes
<sarnold> zop_: zfs helps protect against bit rot and dead drives by providing redundancy and checksumming, and because it is a copy-on-write filesystem it can cheaply provide snapshots and sending and receiving filesystem updates. it's pretty cool stuff, but since it is an add-on module for linux, it isn't easy to use it for root filesystems
<zop_> Yes i am just reading about, sounds nice! i think il skip it for this box
<zop_> hey dasjoe does 14.04 require any tweaking or fixing on the microserver?
<dasjoe> zop_: no, a plain install worked out of the box
<zop__> Hello sorry my conection got reset
<sarnold> zop__: you may have missed ths: < dasjoe> zop_: no, a plain install worked out of the box
<zop__> Thx!
<zop__> sweet!
<zop__> So is there any reason why i shouldnt use 14.04?
<sarnold> zop__: I intend on using zfs "soon" but I don't think I'll go to the effort of using it for the root filesystem; I'll just use it for a pile of storage mounted after the system is up and running. it isn't as awesome as it could be but it feels like it'll be far easier to maintain over the years.
<zop__> Be aware that i have been using linux not for very long :(
<dasjoe> zop_: if you want to play with ZFS: install Ubuntu 12.04 or, better, 14.04 on a USB stick that's plugged into the on-board slot and use ZFS on your data disks
<sarnold> zop__: I'd start with 14.04 myself; it's newer and nicer :)
<zop__> Does it have all that amazon/canonical crap tho?
<sarnold> zop__: what's that?
<zop__> Something about sending your searches out?
<dasjoe> sarnold: we're in #zfsonlinux if you need any help or want to discuss about that ;)
<sarnold> zop__: you can turn off the internet searches if you wish -- and as a server user, you wouldn't see it anyhow :)
<zop__> http://www.enqlu.com/2014/03/how-to-disable-amazonproduct.html
<sarnold> dasjoe: oh thanks for the reminder :) my pandaboard died and I forgot to re-join the zfs channels in my laptop's irssi config...
<zop__> Ugh what a shame that Ubuntu sold out :(
<zop__> Is the crapeware present in the 12.04 also?
<dasjoe> sarnold: oh right, I thought I knew your nickname
<sarnold> dasjoe: and likewish I figured I only knew you from here. go figure. :)
<dasjoe> zop__: Ubuntu has not "sold out" any more than Mozilla did. You can easily deactivate the amazon stuff. Also, I'd go for a pure server installation, so there wouldn#t be a GUI anyways
<zop__> Yes i know about Mozilla (Moving away from that too, what a shame). Yes i going to go for a v light GUI anyways
<zop__> Is it easy to remove the one there is an install another one?
<sarnold> zop__: imho the idea behind a 'smart search' button is pretty cool, but the first release should have shipped with ten search providers rather than just amazon. it'd have been harder to hate a 'search internet' button.. :)
<zop__> Yeah, no sorry i think its crap and i dont know why you would ever want something integrated like that.
<zop__> Hey dasjoe, what did you choose from here
<zop__> http://h20566.www2.hp.com/portal/site/hpsc/public/psi/swdHome/?sp4ts.oid=4310887
<zop__> ?
<sarnold> zop__: if you do put a gui on you can easily install new ones; e.g. apt-get install ubuntu-desktop or apt-get install ubuntu-gnome-desktop or apt-get install kde-standard or apt-get install lxde or whatever you want
<zop__> Yes lxde is what i was after
<zop__> Simple and light
<sarnold> or just 'apt-get install ion3' or dwm or whatever if you don't even want the overhead of a "desktop environment"
<zop__> What do you mean by overhead?
<dasjoe> zop__: you could just use Xubuntu's installation medium if you wanted Xubuntu. Or Lubuntu's iso. But that's not really "Ubuntu Server", which names a very specific installation medium
<sarnold> zop__: well, apple's "siri" and google's "google now" are quite popular features :) so I'm not surprised we're offering something similar but much more configurable -- users can turn on or off individual search backends or write their own. try that with siri or google now :)
<dasjoe> zop__: I've used a direct link, this one http://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p1657370250/v93269/SP64420.exe
<zop__> Thanks!
<zop__> Well, all i am trying to do is download torrents, do some renaming (bash scrypts+chron), server the movies to two raspery pies
<zop__> Is an ubuntu server 14.04 install excessive then?
<zop__> I am also thinking of setting up and FTP or HTTP transfer, so friends/familly can log in and download (or stream??) what they want
<zop__> What do you think?
<sudormrf> Hey guys, not sure if this is the right place for this, if not please forgive me, but do any of you guys have a recommendation for a web based administration type software of ubuntu server?
<dasjoe> zop__: no, it's just an installation that's tailored to server tasks
<sarnold> zop__: the 'server' install will be nice and small, anything else will be extraneous to server tasks :) but from any of the installers you can get to more or less identical outputs, it's just a matter of apt-get installing or apt-get purging different packages.
<sarnold> zop__: Avoid FTP. it's horrible. httpd is alright, and if you want to allow people to upload to you, I'd recommend using sftp instead.
<zop__> No on upload just download
<sarnold> sudormrf: most seem to be a vector for remote exploits. I'd avoid them all.
<zop__> Yes i am still looking at my options atm
<sarnold> zop__: cool, that's easier. :) apache or nginx for simple, owncloud if you want something fancier..
<sudormrf> sarnold, suppose said server was not exposed to the internets?
<sarnold> sudormrf: that helps :)
<sudormrf> sarnold, lol.  so suggestions for something that will do this?  I don't mind using the CLI, but for simple tasks it is easier to just click a link than ssh in issue commands.
<sarnold> sudormrf: do you have ssh keys and ssh-agent configured? that might make using ssh less distasteful..
<dasjoe> sudormrf: that depends on what you want to do from the web, I'd not use one at all but if you absolutely must use one: check out Zentyal or Webmin
<sarnold> sudormrf: sorry, no suggestions -- my distaste is strong enough I never looked at their actual merits :)
<sudormrf> dasjoe, looking at zentyal now.  I hear webmin isn't supported :).
<sudormrf> sarnold, no worries :).
<sudormrf> this is just a home media server.  so not really doing a whole lot with it
<dasjoe> sudormrf: Zentyal comes as a complete package, though. So you're (probably) better off doing a fresh install using their installer (which is based on 13.10, as of now)
<zop__> I think i am going to go with 14.04 Ubuntu
<zop__> and then remove the stuff i dont need and install lxde
<sudormrf> dasjoe, yeah that is what it was looking like.  Which I kind of want to avoid.  oh well :).
<zop__> Just because i have never used Lubuntu and "Unlike Ubuntu, Lubuntu 12.04 is not a LTS, this version will be supported for 18 months. However, a lot of work has been done to improve the stability of the system"
<dasjoe> zop__: you could install a normal Ubuntu Server, then use tasksel to add Lubuntu or Xubuntu
<zop__> That is news to be, i think i have some more reading to do :/
<zop__> never hread of tasksel
<zop__> Looks neat tho
<dasjoe> zop__: it's just a nice helper to install some packages
<zop__> So i would just do a regular server install and then use tasklet to customise it?
<sudormrf> dasjoe, with Zentyal you can install normal ubuntu packages, right?
<zop__> Does it matter that Lubuntu only goes up 12.04
<dasjoe> sudormrf: yes, it's based on a normal Ubuntu
<bekks> zop__: Lubuntu goes up to 14.04
<zop__> Oh
<xibalba> what can i use, thats lightweight, to fire off emails form the command line? the apt pkg `mail-utils` seems to install everything until the sun
<zop__> Thanks!
<zop__> Well i am gonna start by doing that BIOS upgrade, let see how that goes :)
<zop__> Is it littarly: Make the USB, plug in and turn on and go threw the options?
<zop__> for the BIOS upgrade that is
<sudormrf> dasjoe, cool.  I am going to toss it in to a VM and see how I like it.
<xibalba> what happened to just `mail -s foo bar@example.com`
<sarnold> xibalba: 'mail' requires a MTA such as postfix or exim or sendmail to be installed and properly configured; if you don't have that yet, it will look like the entire world is being installed..
<xibalba> i have other boxes already running my MTAs, I dont need another MTA on this box :/
<dasjoe> zop__: the BIOS update is even simpler. Run their installer to put it on a USB stick, plug it into the N54L, start it and wait until it's completed
<zop__> Ok thanks!
<xibalba> i just stumbled on `sendemail` that may be a suitable fit
<zop__> Well i am off to try it out, thakns for the help and patience!
<zop__> peace!
<sarnold> xibalba: your MTA on that machine may just hand off to the other mcahine..
<sarnold> zop__: have fun :)
<xibalba> yes, but its uncessary
<sarnold> oh nice, sendemail on my system didn't drag in any other dependencies
<xibalba> this is sufficient, root@sh:/var/log# sendemail -f reza@lethalnetworks.com -t reza@lethalnetworks.com -u foo -m bar -s zcs
<dasjoe> xibalba: check out nullmailer
<xibalba> dasjoe, cool i'll take a gander
<zop__> Hey dasjoe
<zop__> I always get bad volume label when i try and use the utility to make the USB bios thingy? any ideas?
<zop__> I renamed it already, the usb is formated to a primary partition in FAT32
<dasjoe> zop__: use a fresh USB stick? It'll delete all data
<xibalba> dasjoe, thanks. think i'm going to stick w/the `sendemail` pkg
<zop__> Yeah i did
<dasjoe> zop__: Let HP's software handle the stick. Remove the stick's partition table, plug it into your Windows box and give it to HP's tool? Iirc that's what I did
<xibalba> dasjoe, you work as an IT Admin?
<dasjoe> xibalba: yes, you could say that
<xibalba> the domain you're coming from is a good organization
<zop_> I still get bad volume label :s
<zop_> any ideas?
<zop_> Changed USB device stiill getting bad volume label
<RoyK> zop_: are there any data on the thing?
<zop_> The first one i cleared it
<zop_> the second one there was stuff
<Tazmain> hi all how do I enable the mod_proxy for apache2 ? I do no see it in mods-aviable
<xibalba> maybe the pkg wasn't installed
<zop_> ugh tried NTFS nothing still
<wastl> zop_ as far as it got assigned a device you could try overwriting it with zeroes or random
<zop_> huh?
<wastl> zop_ like dd if=/dev/zero of=/dev/yourusbstick
<zop_> I am on windows atm musing minitool partition
<wastl> oh ok
<wastl> didn't see that
<dasjoe> Tazmain: "a2enmod proxy" should work
<zop_> I can boot from my linux but i rather not imo
<wastl> what do you want to do with your stick?
<zop_> Trying to install the BIOS upgrade utilitx provided by HP for my G7 microserver
<wastl> oh ok
<wastl> hm
<Tazmain> dasjoe, I keep getting no protocol handle was valid. if you are using a DSO version of Mod_proxy make sure the proxy submodules are included.
<dasjoe> Tazmain: a2enmod proxy_http?
<Tazmain> dasjoe, did that as well
<RoyK> zop_: try to create the filesystem from linux after doing a wee bit of dd'ing
<zop_> Is there no way to do it under windows? i dont really trustmyself on it lol
<wastl> hm
<sarnold> Tazmain: do you need to apt-get install a new package for it?
<RoyK> zop_: from linux, dd if=/dev/zero of=/dev/yourdev bs=1M count=1k # that'll nuke the fs from the stick
<Tazmain> sarnold, cant find that package
<RoyK> zop_: then mkfs -t vfat -n yourlabel /dev/yourdev
<dasjoe> No need to mkfs, HP's tool will do that
<sarnold> Tazmain: ah, sure enough the mod_proxy_*.so files are in apache2-bin .. sorry
<wastl> maybe you could use something like hdshredder to zero it zop_
<wastl> this is available for windows too
<wastl> or bootable as standalone
<RoyK> dasjoe: just wondered if linux and HP disagreed on something, and therefore suggested making the fs from linux
<dasjoe> RoyK: he wants to flash a new BIOS, and he's on Windows right now. HP supplies BIOS updates as windows binaries which write FreeDOS and their flashing tools to a USB stick
<RoyK> dasjoe: ah - missed that
<RoyK> can't most bioses read from usb sticks directly these days?
<wastl> heh I knew IBM Server which you had to boot from a cd and then supply bios updates on a stick to it xD
<wastl> and those donÃt have only one bios to update
<wastl> xD
<RoyK> having to use DOS in 2014 is somewhat wierd :P
<wastl> ack
<sarnold> I'm sure any day now they'll start sending along disk images of a linux 1.2.13-based system to do their firmware updates :)
<wastl> IBM and HP do use linux on their update cds
<wastl> you boot from those and get an X gui :D
<sarnold> oo :)
<RoyK> sarnold: [offtopic] my first linux was 1.1.59, slackware 2.1 IIRC. Not *very* stable ;)
<sarnold> RoyK: nice! :D
<wastl> mine was a slackware with kernel 1.0
<wastl> but already ELF
<wastl> *g*
<sarnold> heh, that was my first thought, you guys probably saw the ELF transistion; it was well underway by the time I joined up
<qman__> One of my new boards has a feature in the bios to go online, download the latest one, and install it
<qman__> No OS or media required
<qman__> You can also use local media if desired, really well thought out design
<zop_> Still getting the damn bad volume
<zop_> tried dd tried making it NTFS, FAT32 nothing
<zop_> anyone got any ideas?
<user_> cabars
<user_> Hey, anyone have had experience with snort ?
<BLZbubba> i set it up once a few years ago
<sarnold> zop_: fat16?
<sarnold> qman__: dang that does sound convenient :)
<sarnold> qman__: .. and a bit scary
<zop_> huh?
<zop_> oh
<zop_> sorry
<sarnold> zop_: you're not having success with fat32 or ntfs, maybe fat16 would work okay?
<zop_> dasjoe gave me an image i got it working
<sarnold> cool! :)
<zop_> wel i have not tried it just yet
<zop_> no VGA cable....
<zop_> so stupid
<zop_> While on topic
<zop_> I was looking for a GPU to stick inside
<zop_> So far everything seems to point to
<zop_> http://www.amazon.fr/XFX-HD5450-graphique-G-DDR3-PCI-Express/dp/B004TCM634/ref=sr_1_1?ie=UTF8&qid=1399926758&sr=8-1&keywords=XFX+5450
<zop_> Any thoughts/reccomendation? It has to be kind of cheap, supported, and small ish to fit inside
<Patrickdk> your in the wrong channel?
<Patrickdk> we don't know about video cards in here
<Patrickdk> though, I will say, I use several of these
<Patrickdk> http://www.amazon.fr/Gainward-GeForce-graphique-Nvidia-Express/dp/B004UQNF52/ref=pd_sim_sbs_computers_7?ie=UTF8&refRID=0KF33982S2PVTC0XPX5D
<BLZbubba> how cheap and what features
<BLZbubba> i just got a 650 gtx for $100 and it rocks
<BLZbubba> htpc has a 210 which is fine for vdpau
<Patrickdk> yuk, vdpau
<BLZbubba> compared to what?
<Patrickdk> cpu based decode
<Patrickdk> vdpau has lots of limits, and if the video stream isn't perfect, well, like atsc
<BLZbubba> i have been using vdpau for a long time and it works very well
<Patrickdk> I used it for a week or two, went back to cpu only decode
<Patrickdk> also don't think vdpau supports 10bit yet
<BLZbubba> no way my cpu could decode h264 1080p
<Patrickdk> why? it's not that hard
<BLZbubba> atom 330
<Patrickdk> I'm currently using core2duo's
<Patrickdk> but they will probably get upgraded soon
<zop_> no is my card compatible with ubuntu?
<Macer> wow. lxc is awesome
<ciastek> it is
<xibalba> whats lxc
<sarnold> xibalba: lxc is a lightweight linux containers mechanism, similar to solaris zones, fbsd jails, openvz or linux-vservers
<xibalba> ah, i know jails
<xibalba> is it akin to docker?
<sarnold> xibalba: I haven't looked much into docker, sorry
<sarnold> I believe docker does use some of the same underlying linux systemcalls though
<xibalba> are you near okalahoma city sarnold ?
<sarnold> but I don't know if docker works above lxc or has no relationship to lxc.. hehe
<sarnold> xibalba: no, near portland oregon
<xibalba> ah man, one of the places i want to visit
<xibalba> how's the tech industry up there? plenty of jobs?
<sarnold> when you do, check out multnomah falls :)
<xibalba> h o m g
<xibalba> wow
<xibalba> ty, book marked that
<sarnold> xibalba: portland feels like a center of linux, between ibm and intel out here there's a large linux focus. iirc puppetlabs is also in portland, and ora (often? always?) hosts their Open Source conference here
<xibalba> im in hot sandy eggo
<sarnold> haha
<xibalba> 92F now
<sarnold> the land of always-nice weather? :)
<sarnold> ouch
<sarnold> not so nice
<xibalba> nice most of the time
<xibalba> need more rain
<xibalba> the closer you get to the coast the nicer it is
<sarnold> ahhh if it's rain you want.. :) (actually, this winter had surprisingly long stretches of wonderful weather; normally november-june is all rain.)
#ubuntu-server 2014-05-13
<Macer> does anybody here use lxc?
<jpds> I imagine a lot of people do.
<Macer> heh. i'm a bit curious. how do i assign an ip to a container on the same subnet as the host?
<jpds> I imagine you'd need some sort of bridge set up on the host.
<Macer> i'm having difficulty finding decent instructions
<Macer> oh ok. so it HAS to be a bridge?
<jpds> Yep, same as any other virt tech.
<Macer> i just figured i could change the veth in the container to the same subnet but that seems like it would be a bit problematic
<Macer> hm. i'll keep looking for some good instructions on how to do it. can't seem to find anything that is straightforward
<Macer> https://wiki.debian.org/LXC/SimpleBridge <- i'm guessing these similar instructions would work in ubuntu?
<Macer> hm. that doesn't make sense. you lose the physical interface on the host and replace it with br0?
<Macer> jpds: so let me get this straight.. if you remove eth0 from the host.. you can still access the internet on the host through the bridge with the ip?
<Macer> that just seems strange
<gigirock> hi all. I installed 'standard' a ubuntu 64 bit server , 13.10 version then upgraded to 14.04 version. I installed lamp as 'extra' packets and everythings seems fine. I need ssh or scp root access in order to connect directly for some programming, but i can't login as root in any way. Note that i'm trying to login form local lan and the server is on my local lan. Accessing to the server via ssh wi
<gigirock> th the 'only one' user that i created during installation works properly and then i can use sudo to act as root. I already readed and searched some documentation about it ma all the  suggestions doesn't solve the problem.
<gigirock> *ma=but
<lordievader> Good morning.
<Ben64> gigirock: then make sure you have a root password and root login is enabled in sshd.conf
<gigirock> Ben64, yes according with all the docs, i use PermitRootLogin yes in sshd_config
<lordievader> gigirock: Have you given root a password? (as Ben64 says)
<gigirock> lordievader, mmmh no i assume that the root user has the same password as the default user....
<Ben64> and now you know what happens when you assume
<lordievader> Hihi
<gigirock> do you mean i have to give "passw root" command ?
<Macer> gigirock: you have to sudo passwd root
<Ben64> do "sudo -i" to give yourself a root shell, then you can use "passwd"
<lordievader> The root users is disabled by default, that means it doesn't have a password. However it can still be used by logging in with other means (keys, sudo, etc). But you can also set a password for root.
<Macer> also.. if it is just a matter of using a root shell you can always just sudo -s
<gigirock> Damned.... the password can be the same of the only one user that i have on that server ?
<Macer> you can set it to whatever you want
<Macer> personally i'd use a different password for root but to each their own
<gigirock> thank you... i will send a box of beer.......next time
<gigirock> sorry people, i have another problem about that ssh , but on a centos server.... :)
<Ben64> can't help you there
<Macer> i'm still a bit confused about bridging
<gigirock> Ben64, i have to switch to #centos-server  :) ?
<Ben64> i'm not sure the channel for it
<Macer> in ubuntu you disable the eth0 interface.. create br0 and use eth0 as its port ?
<Macer> and you should still be able to hit the ubuntu box on the network ?
<gigirock> Macer, as far ai I know you have to build a bridge in that way, but normally you will use br0 only for 'other' connection than your local connection
<Macer> gigirock: yeah i'm trying to put lxc containers on the same subnet as the host
<Macer> akin to fbsd jails
<Macer> i guess this requires a bridge to be created on the host
<Macer> so will the host using br0 with eth0 as its port just work like it normally would ?
<Macer> https://wiki.debian.org/LXC/SimpleBridge
<Macer> i was just looking at that and noticed that eth0 is disabled in the example. it just seems odd to me
<gigirock> Macer, i did something in the past but using two physical different eth board... then with routing and bridging
<Macer> well i only have 1 physical nic
<Macer> but i want to use lxc similar to how i was using jails in freenas
<Macer> with the jails being on the same subnet
<Macer> i guess by default it uses its own dhcp and nats it
<lordievader> Macer: My server uses the br0 inteface for its network. The kvm vms tap into that bridge device.
<Macer> ah ok. so the br0 simply acts as the net interface?
<Macer> instead of eth0 on the host?
<Macer> sorry. just never had to manually set up a bridge before that wasn't done automatically for me
<Macer> and i guess this is the only way to get lxc containers onto the same subnet as the host
<lordievader> It does act as eth0 here.
<Macer> and all you have is eth0 with no ip and br0 with the host ip?
<Macer> or something to that effect?
<Macer> i'lll try it out when i'm next to the box
<Macer> so i don't have an oops moment heh
<lordievader> Macer: http://paste.ubuntu.com/7456296/
<lordievader> The vnets are the vm's.
<Macer> oh ok... nice. thanks :)
<Macer> actual VMs.. not lxc containers right?
<Macer> i'm sure the setup is exactly the same tho
<Macer> oh ok. it looks like it's pretty much by default setting up its own bridge..i'll have to toy with it later.
<lordievader> Macer: Qemu-kvm vms, yes.
<Macer> http://paste.ubuntu.com/7456302/
<Macer> so it makes sense that eth0 would be blank
<Macer> thanks tho... that's awesome. appreciate it
<lordievader> Macer: As you can see from my post, br0 is the master over eth0.
<Macer> do you set that up when you make br0 in network/interfaces?
<Macer> can i see your interfaces file on your host?
<lordievader> Macer: http://paste.ubuntu.com/7456307/
<Macer> ah ok. that's pretty straightforward
<Macer> i'm guessing it's set by the bridge_ports ?
<lordievader> Nope, wrote it myself.
<Macer> no i mean the "master" part
<Macer> bridge_ports eth0
<lordievader> Wrote that myself too ;)
<Macer> in the lxc example there is no entry for eth0 tho
<Macer> https://wiki.debian.org/LXC/SimpleBridge
<Macer> it says to comment out the entire section about eth0.. that's where i got a bit confused heh
<Macer> in yours you still haveit enabled and set to manual
<lordievader> I've used this one: https://help.ubuntu.com/community/KVM/Networking
<Macer> ah that's awesome. thanks a lot.
<Macer> really needed that information :) i'll try it out when i'm in front of the box and see how it goes and set up lxc to be on the same subnet as the host
<Macer> thanks again.
<lordievader> Macer: No problem, have fun.
<Macer> lordievader: hm. i managed it set up the bridge
<Macer> but i can't seem to hit anything via the internet from teh lxc console
<Macer> but i can ping internal ips
<Macer> :/
<lordievader> Macer: From the host can you ping everything?
<Macer> yes
<Macer> nameserver is the same as well
<Macer> there really isn't anything about the need for routing afaik
<Macer> the bridge and the container ip are correct
<Macer> and i can ping the local IPs
<lordievader> Macer: You probably need to allow your firewall to forward those packets: iptables --append FORWARD --in-interface br0 -j ACCEPT
<lordievader> And possibly sysctl -w net.ipv4.ip_forward=1
<lordievader> And possibly "sysctl -w net.ipv4.ip_forward=1"*
<Macer> nope
<Macer> heh
<Macer> that's odd because you'd think
<Macer> that this would just act like a typical virtualized nic
<Macer> have to be missing something here
<Macer> forwarding didn't work
<Macer> i think it may have to do with the lxc default config
<Macer> if ican ping inernally i should be able to hit the outside
<lordievader> Macer: You can ping the host and other machines on your network?
<Macer> yes
<Macer> how odd
<lordievader> Can you ping 8.8.8.8 from a vm?
<Macer> connect: Network is unreachable
<Macer> no. can't ping outside IPs either
<Macer> 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.755 ms
<Macer> but i can ping the internal gateway
<Macer> :/
<lordievader> How does your kernel routing look?
<Macer> although i do keep getting some bridge made by lxc
<Macer> not sure where it is coming from
<Macer> oh i think i may have found the problem
<Macer> although i have no i dea why but service networking restart isn't working
<Macer> nor is running the script itself to restart
<Macer> ok. got it
<Macer> nice :)
<Macer> it was because lxcbr0 was still enabled in /etc/default/lxc-net
<Macer> https://help.ubuntu.com/12.04/serverguide/lxc.html
<Macer> found that there
<Macer> it's workign now :D awesome
<Macer> so now i'm wondering what happens when lxc tries to update a kernel within the container
<Macer> when i do an apt-get upgrade
<lordievader> Congratulations :D
<aandy> hi guys. unsure how to add aliases for a loopback device, i'm wondering if there's a way for me to *generate* /etc/network/interfaces based on the current interface setup (i.e. i've added the aliases using the `ip` utility)
<aandy> anyone? this is an example, but not working: http://pastebin.com/USqgBYZ7 (line 6 is a misspelled option - 'address'?)
<aandy> based on this http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch03_:_Linux_Networking#Creating_Interface_Aliases
<Macer> can you alias lo?
<ivoks> aliases for lo are pointless
<ivoks> once you have 127.0.0.1 you have 127.0.0.1 -> 127.255.255.254
<ivoks> try pinging random ip from that range :)
<stephank> smb: I tried reproducing the skb error using netcat and inetd echo earlier, but that didn't do the trick. Am now trying with redis pubsub.
<stephank> Okay, can reproduce it with redis, but I'll respond to the bug.
<vila> hi there, is this the right channel to ask about issues accessing az3.clouds.archive.ubuntu.com from a cloud instance ? (As in wget hangs at HTTP request sent, awaiting response)
<pmatulis> did we end up implementing a kernel cleanup mechanism?
<pmatulis> kirkland: i found a thread you started about this â in 2012 on ubuntu-devel but it led to a dead-end.  anything change?
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 70943
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 62488
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 83055
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 16288
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 5669
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 15688
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 23815
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 87886
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 7981
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 24824
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 74771
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 16577
<andol> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 31868
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 53599
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 24633
<FyouA> FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! FUCK YOU ALL!!! 5348
<andol> Tm_T: Thanks
<lordievader> Thank you Tm_T :)
<Tm_T> sorry for being slow
<smb> stephank, Ah ok, I will read up there. Sorry was away for a bit.
<ogra_> kirkland, congrats for going public !
<smb> pmatulis, apt-get autoremove (--purge) should get you to keeping 2 (or 3, I cannot remember exactly) kernel versions since I believe Saucy
<pmatulis> smb: oh really?  will look thanks
<tomixxx7> hi, when i execute "java -version" i get meaningful result: "java version "1.8.0" ..." if i call the "java" command from within a bash file located in the same directory, i get "java: command not found"
<patdk-wk> and?
<tomixxx7> why?
<tomixxx7> java is installed
<tomixxx7> so the bash script including the java call should work
<tomixxx7> ah i have also to modify bashrc and not only .profile
<tomixxx7> nevermind
<tomixxx7> i have still the same problem, "java" from within bash script does not work if i execute the bash script
<tomixxx7> if i call "java -version" from the shell for example, it works
<tomixxx7> (same directory)
<rberg__> try putting the full path to java in the script
<rberg__> sounds like its in the path for a interactive shell but not in the non-interactive shell path
<tomixxx7> rberg__: i have already the full path in .profile file
<tomixxx7> i have also set the full path in .bashrc
<rberg__> and putting the full path in the script isnt working? or $(which java)
<tomixxx7> reberg__ i will try it
<tomixxx7> yep, putting full path in client bash script is working
<rberg__> cool.. are you exporting PATH in your script? possibly overriding the one from .profile?
<tomixxx7> now, iam exporting PATH in the client bash script, yes, but before u told me, there were no export statements in it
<tomixxx7> i mean
<tomixxx7> i set the -cp though
<tomixxx7> java -cp ./bin:./bin/lib/* ...
<tomixxx7> but this should not affect if java is working in general, i guess
<rberg__> I dont know much about java really.. is cp class path?
<tomixxx7> yep, additional class pathes, e.g. directing to directories containing depending jar files
<raydeo> I have a couple upstart jobs created using the pattern described at the bottom of the section http://upstart.ubuntu.com/cookbook/#another-instance-example
<raydeo> basically a dummy job with no exec that starts some workers
<darkxploit> hii anyone can help me how to transfer/ copy a file from VPS [SERVER] to LOCAL [MY-PC] using SCP please
<raydeo> this works fine upon boot, however *very* consistently when I "stop workers" and then "start workers" the start will hang in start/starting state with no way for me to see what's happening or recover
<sarkis> hey all, i have rsyslog watching some files and for some odd reason it just stops logging
<sarnold> sarkis: did those files get rotated or renamed or something similar?
<sarkis> i mean it doesn't write the watched files to /var/log/syslog as it should, no errors.. i did notice there is a profile being loaded up in /etc/default/rsyslog and then the profile is present in /etc/apparmor.d/disable
<sarkis> sarnold: ah they do get rotated... interesting.
<sarkis> sarnold: i think that is the problem, it works fine until the files are logrotated and then it stops ;(
<parallel21> I have simple dnsmasq server setup and am unable to load images from twitters cdn. abs.twimg.com
<parallel21> And if I disable dnsmasq everything works
<parallel21> images from abs.twing.com will load, that is
<parallel21> It happens to a few other sites, but most definitely with twitter's cdn services
<N0C> Hello i was here yesterday and i talked to someone joesomething or somethingjoe, not to sure. Anyone know who i am talking about and if he is a regular around here?
<Pici> Joey Jojo Shabadoo?
<sarnold> N0C: that may have been dasjoe?
<N0C> yes that sounds right
<N0C> It was about an N54l microserver and making a BIOS update and some other things
<sarnold> ah, that's what it was :)
<N0C> So
<N0C> i got the update going
<N0C> it wrote a bunch of stuff
<N0C> but now i am just left with a c:> blinking
<sarnold> -probably- you just hit the power button -- I don't think freedos has any 'sync' or 'umount' or 'shutdown -h now' equivalent commands
<N0C> Any ideas?
<N0C> It looks like this https://imgur.com/xzPPtlY
<N0C> I am fuckin scared to brick the thing
<vlad_starkov> Question (cross-post on #ubuntu): How can I disable ufw/table to filter inter-bridge traffic? I tried "iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT" but it doesn't help.
<jdstrand> vlad_starkov: what version of Ubuntu are you using?
<N0C> IT WORKED! GREAT SUCESS
<vlad_starkov> Ubuntu Server 14.04 64bit
<vlad_starkov> I'm also using bonds
<vlad_starkov> so the config is eth -> bond -> bridge
<jdstrand> vlad_starkov: you might be interested in https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/573461/comments/12
<uvirtbot> Launchpad bug 573461 in ufw "UFW blocks libvirt bridged traffic" [Undecided,Invalid]
<vlad_starkov> jdstrand: nice :-)
<sk1pper> hi all, I see some ICMP echo request from serverA to serverB, how can I find out which process is sending these ICMP packages?
<vlad_starkov> jdstrand: made changes to /etc/sysctl.conf. now everything works :-)
<vlad_starkov> jdstrand: thanks
<jdstrand> nice!
<RoyK> I wonder who might be interested in running a server with nested raids on ubuntu :P
<genii> Well, i have a couple of these hanging around, so maybe: http://www.networkstorageantics.com/products/jet_stor_416s.php
<genii> Actually, 5 altogether but 2 are different model
<rberg__>  
<rberg__> whoops
<ahmadgbg> Hi, i wonder what is the difference between using postfix as an own mailserver or going threw my ISP's mailserver? My ISP has blocked port 25 :P
<patdk-wk> it's not suppported to run email servers at home :)
<ahmadgbg> i mean, is there a difference when running it threw my ISP ?
<ahmadgbg> there isnt a problem if i do it like that right?
<patdk-wk> there will be issues no matter what you attempt
<ahmadgbg> like what?
<dw1> i guess this is cool, right? https://pastee.org/f5za3 :-/
<patdk-wk> dunno, I don't use lvm
<dw1> im sure its fine..
<dw1> "Don't worry. It is a problem of os-prober. Here an old quote way back from 2009:" https://forum.manjaro.org/index.php?topic=5438.0
<dw1> meh
<dw1> i dont understand it but whatever :p
<dw1> tho maybe should file a bug report..... hrm
<genii> Or, just add to bug 1313784
<uvirtbot> Launchpad bug 1313784 in grub-installer "File descriptors leaked on lvs invocation" [Undecided,Confirmed] https://launchpad.net/bugs/1313784
<Macer> does anybody know where ubutntu sets up which lxc groups are auto-started?
<Macer> by default nogroup is started.. i want to autostart groups on boot but can't seem to find out where it happens
<Macer> i guess newer lxc just reads the autostart flag
<sarnold> Macer: some details on autostart here: https://www.stgraber.org/2013/12/21/lxc-1-0-your-second-container/
<Macer> sarnold: yeah i read that but it doesn't explain how to autostart by group
<sarnold> Macer: ah :) I know just enough to be dangerous, hehe
<Macer> heh
<Macer> like if i set lxc.start.auto = 1 in the container.conf
<Macer> then it will start but if i add the conainer to a group it does not
<Macer> and i dont' understand where you set which groups auto start or how to get groups to auto start
<sarnold> stgraber,hallyn, Macer has a question about lxc autostarting groups that I don't know how to answer :)
<Macer>  By  default  only containers without a lxc.group set will be affected.
<Macer> from the lxc-autostart man page
<Macer> but it doesn't explain where that is set or where to set it or how to do it
<Macer> nor does the lxc.conf man page.. nor does any other documentation i've read so far heh
<Macer> i'm just trying to set which groups start on boot
<hallyn> Macer: that is set in th e conatiner's configuration file
<hallyn> Macer: it's actually hopefully going to be augmented soon so you can specify lxc.group = onboot,whatever or lxc.group = ,whatever , in either case it woudl be autostarted at boot
<hallyn> (so you could ahve a container in a group but still have it autoboot)
<hallyn> Macer: but if you haven't added a group to it, then it'snot in a group
<hallyn> so just lxc.start.auto = 1 whould work
<hallyn> (see the lxc.container.conf(5) manpage)
<Macer> yeah i saw that. and i added the container to a group
<Macer> but i don't see a way to autostart on boot
<hallyn> correct, right now you can't autostart on boot if it's in a group
<Macer> oh ok
<hallyn> well, you can by editing /etc/init/lxc.conf ...
<Macer> well. :) there's 30 minutes of my life i won't get back heh
<hallyn> yeah, sorry, it's a bit convoluted.  hopefully it'll be cleaned up in the next few weeks
<Macer> lol. np. but you might want to throw that out there in big bold letters hehe.. i was looking for some setting like above for the lxc.conf
<Macer> something like
<Macer> lxc.onboot.startgroups = group1 group2 etc
<Macer> like you stated earlier heh
<Macer> but thanks. i'm glad someone told me before i spent more time on it
<hallyn> yeah - ii think that'd be a nice feature, but i dno't remember where we ende dup on that.  (autostart is stgraber's baby, i don't use it :)
<hallyn> must run - o/
<sarnold> thanks hallyn :)
<Macer> so just going to throw stgraber under the bus huh? :)
<Macer> thanks a lot hallyn .. appreciate the info
<Macer> ok ... well i guess i can move on and start working with this container then
<Macer> awesome stuff. been curious about having a linux "jail" that wasn't a chroot
<hallyn> Macer: by all means do look at the seccomp, apparmor, and unprivileged container bits.  sarnold may be able to help you, or i shoudl be back ina  few hours, if you have any questions
<hallyn> heh, under the bus - no i quite like the way he did it, we just need to find 'just the right' api, and i'm leaving that to him since he cares more than i do :)
 * hallyn out
<Macer> hallyn: lol. maybe soon. i'm setting up a container now to play with
<dw1> genii: ahh, will do, thanks
<phuh> how do i apt-get install specific package when there are multiple ones with the same package name? (added via ppa)
<Macer> ubuntu server is surprisingly good
<PryMar56> Macer, yes - less is more
#ubuntu-server 2014-05-14
<Zorky> can anyone help me changing steam password on ubuntu server trying to make dedicated server
<Zorky> cant log in to do anything cause i dont know the password
<Zorky> can i unistall steam or
<pmatulis> steam password?
<Zorky> you create user but i forgot what password i used
<Zorky> so i cant install the server without it
<sarnold> unix user account password?
<Zorky> su steam password
<Zorky> its the SteamCMD
<Zorky> thingy
<Zorky> http://danielgibbs.co.uk/2014/02/steamcmd/
<pmatulis> Zorky: reset the password
<Zorky> dont know how
<Zorky> thats the issue :p
<pmatulis> sudo passwd <username>
<Zorky> sudo passwd adduser steam..... does not work
<Zorky> nvm
<Zorky> lol removed adduser
<Zorky> thank you sir
<Zorky> +1 internet approval
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 57257 F{}CK YOU!!!
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 10233 F{}CK YOU!!!
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 44480 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 97435 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 9883 F{}CK YOU BITCH!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 68393 F{}CK YOU BITCH!!!
<Ucker> 97000 F{}CKERS 14511 F{}CKERS 17205 F{}CKERS 59974 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> F{}CKERS F{}CK F{}CKERS F{}CK F{}CK F{}CKERS F{}CKING BITCHES F{}CK F{}CK YOU ALL F{}CKERS F{}CK YOU ALL F{}CKERS F{}CK YOU ALL 29567 F{}CKERS
<Ucker> MOTHER F{}CKERS!!! 5625 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 92740 F{}CK YOU BITCH!!!
<Ucker> 79920 F{}CKERS 3304 F{}CKERS 74843 F{}CKERS 24400 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 53131 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Ucker> 75765 F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 11522 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Ucker> F{}CK 92642 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 30373 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Ucker> 5349 F{}CKERS 3843 F{}CKERS 16612 F{}CKERS 75443 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> 36312 F{}CKERS 29270 F{}CKERS 93955 F{}CKERS 48867 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> F{}CKERS F{}CK F{}CKERS F{}CK F{}CK F{}CKERS F{}CKING BITCHES F{}CK F{}CK YOU ALL F{}CKERS F{}CK YOU ALL F{}CKERS F{}CK YOU ALL 85231 F{}CKERS
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 4734 F{}CK YOU BITCH!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 91072 F{}CK YOU BITCH!!!
<Ucker> MOTHER F{}CKERS!!! 74835 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 62348 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 28423 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Ucker> 18246 THIS SPAM BROUGHT TO YOU COURTESY OF ALL THE F{}CKING FREENODE OPERATORS.
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 25222 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 41284 F{}CK YOU!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 39239 F{}CK YOU BITCH!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 27607 F{}CK YOU BITCH!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 55994 F{}CK YOU BITCH!!!
<Ucker> MOTHER F{}CKERS!!! 85127 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 70332 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Ucker> 16946 THIS SPAM BROUGHT TO YOU COURTESY OF ALL THE F{}CKING FREENODE OPERATORS.
<Ucker> MOTHER F{}CKERS!!! 84556 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> F{}CK 38355 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Ucker> F{}CK 29703 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Ucker> 34665 F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES
<Ucker> 30855 F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 97558 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 76398 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Ucker> F{}CK 64064 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Ucker> MOTHER F{}CKERS!!! 11993 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 96350 F{}CK YOU BITCH!!!
<Ucker> F{}CK 42733 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 33619 F{}CK YOU!!!
<Ucker> MOTHER F{}CKERS!!! 2510 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> 18574 F{}CKERS 27358 F{}CKERS 52610 F{}CKERS 78894 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Godzilla1954III> Ucker, bad dude.
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 34209 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Godzilla1954III> LOL
<Ucker> MOTHER F{}CKERS!!! 1260 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 16067 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Godzilla1954III> LOLOLOLOLOLOLOLOLOLOLO THIS IS HILLARIOUS.
<Ucker> MOTHER F{}CKERS!!! 27478 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Godzilla1954III> no offense.
<Godzilla1954III> :P
<Ucker> 42419 F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 30191 F{}CK YOU BITCH!!!
<Ucker> 268 F{}CKERS 45054 F{}CKERS 50041 F{}CKERS 96170 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> 67931 F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES
<Ucker> 3008 F{}CKERS 70894 F{}CKERS 6317 F{}CKERS 79869 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> F{}CK 18159 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 81276 F{}CK YOU BITCH!!!
<Godzilla1954III> :D
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 60231 F{}CK YOU BITCH!!!
<Ucker> 40222 THIS SPAM BROUGHT TO YOU COURTESY OF ALL THE F{}CKING FREENODE OPERATORS.
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 75255 F{}CK YOU!!!
<Ucker> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 16152 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<Ucker> 73962 F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 73633 F{}CK YOU!!!
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 55613 F{}CK YOU!!!
<Ucker> 33672 F{}CKERS 53406 F{}CKERS 84542 F{}CKERS 3267 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 83462 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Ucker> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 83870 F{}CK YOU!!!
<Ucker> F{}CK 44074 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Ucker> 2319 F{}CKERS 46007 F{}CKERS 12776 F{}CKERS 51569 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> MOTHER F{}CKERS!!! 89078 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<Ucker> F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! F{}CK YOU BITCH!!! F{}CK YOU ALL!!! 33609 F{}CK YOU BITCH!!!
<Ucker> 70511 THIS SPAM BROUGHT TO YOU COURTESY OF ALL THE F{}CKING FREENODE OPERATORS.
<Ucker> F{}CK 32554 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<Godzilla1954III> lol
<Ucker> MOTHER F{}CKERS!!! 57286 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
 * Godzilla1954III smacks Ucker with a rainbow trout
<Ucker> 77732 F{}CKERS 88963 F{}CKERS 85953 F{}CKERS 19809 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<Ucker> F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! 3602 F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL! F{}CK YOU ALL!
<Godzilla1954III> hahaha
<sarnold> yano <3
<Godzilla1954III> TEST
<Zorky> Any idea how to fix this ./rust_server.x86: error while loading shared libraries: libGLU.so.1: cannot open shared object file: No such file or directory
<Macer> for lxc to mount a dir from the host to the container.. do i just add it to /etc/fstab and make it a bind?
<Macer> and it should work?
<Macer> or do i have to do something special?
<Macer> nm. figured it out
<dw1> thats weird. grub-install disappeared and doesnt reappear even with sudo apt-get install --reinstall grub-pc
<dw1> now dpkg-reconfigure grub-pc throws an error: /var/lib/dpkg/info/grub-pc.postinst: line 587: grub-install: command not found
<dw1> oh i renamed it :p
<dw1> should be replaced with reinstall tho one might think
<dw1> ah its in grub2-common
<dw1> obviously i was very confused before ;)
<dw1> thought grub-install was for legacy only. heh
<lordievader> Good morning.
<stevehan> Why maas-import-pxe-files always hang up there?
<sarnold> stevehan: it's been a while since I've run it, but it always completed for me, though I think I remember it taking a very long time
<stevehan> Hello there,I can not finish maas-import-pxe-files to import boot images,should I use uvtool for my 14.04 installation?
<stevehan> Why maas-import-pxe-files always hang up there?and should I use uvtool for my 14.04 installation?Thank you a lot
<lordievader> !patience | stevehan
<ubottu> stevehan: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<hxm> hi, I cant use apt-get http://paste.ubuntu.com/7462088/
<hxm> i tried to apt-get install -f --reinstall -purge
<hxm> what can i try
<hxm> is a VPS
<hxm> is 14.04 lts too new for use as server?
<cfhowlett> hxm no, but 12.04 is still supported on server, so if you want to wait ...
<hxm> #Â service udev start: * udev requires hotplug support, not started ...fail!
<hxm> thats the problem i have
<hxm> it goes to /sys/kernel/uevent_helper and that file dont exists
<hxm> and I can create it either
<cfhowlett> hxm if no answer here, perhaps ##linx
<cfhowlett> ##linux
<hxm> thanks
<hxm> can I disable udev safely?
<amdp> hi
<amdp> novice here
<amdp> if I sudo passwd -l root and lose connection is there a way to add a new user to sudoers?
<hkraal> amdp: "sudo passwd" can only have 2 results with an timeout; 1) the password has been changed 2) it hasn't. Besides, the "sudo password" you have to enter is the password of your regular user, not the password of the root user. Hance; changing the root password and forgetting it doesn't matter. Just log in as your regular user and do "sudo passwd -l root" to change it again :)
<FukY> F{}CKERS F{}CK F{}CKERS F{}CK F{}CK F{}CKERS F{}CKING BITCHES F{}CK F{}CK YOU ALL F{}CKERS F{}CK YOU ALL F{}CKERS F{}CK YOU ALL 10216 F{}CKERS
<FukY> 3916 F{}CKERS 8937 F{}CKERS 42172 F{}CKERS 88009 F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS F{}CKERS
<FukY> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 3858 F{}CK YOU!!!
<FukY> F{}CKERS F{}CK F{}CKERS F{}CK F{}CK F{}CKERS F{}CKING BITCHES F{}CK F{}CK YOU ALL F{}CKERS F{}CK YOU ALL F{}CKERS F{}CK YOU ALL 40955 F{}CKERS
<cfhowlett> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
<IdleOne> they got k-lines
<IdleOne> -s+d
 * genii makes more coffee
<cfhowlett> what IS that?  I get that it's a script but ... is there a function/goal beyond being a PITA???
<genii> I suspect they're part of a rascist group that used to spam here before ( or an affiliated group) and got banned. But it's just speculation on my part.
<patdk-wk> isn't that enough of a goal?
<cfhowlett> patdk-wk I wondered if it was a data suck attack, DDOS or whatever/
<patdk-wk> defently not ddos
<patdk-wk> or even dos
<patdk-wk> I forget exactly
<patdk-wk> but they got some info out of him yesterday in another channel
<cfhowlett> patdk-wk sad little life of a sad little man would be my guess
<dmsimard> Any Openstack cloud-archive maintainer around ? Pretty nasty packaging bug breaking swift-proxy: https://bugs.launchpad.net/ubuntu/+source/swift/+bug/1317147
<uvirtbot> Launchpad bug 1317147 in swift "Swift-proxy needs python-pecan >=0.4.5, but 0.3.0 is present" [Undecided,Confirmed]
<FckFreenode> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 62080 F{}CK YOU!!!
<FckFreenode> F{}CK YOU ALL!!! F{}CK YOU!!! F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!!F{}CK YOU ALL!!! 62053 F{}CK YOU!!!
<FckFreenode> PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! 65674 PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL! PHUCK U ALL!
<FckFreenode> 97786 F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES F{}CKING BITCHES
<FckFreenode> F{}CK 39512 F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK F{}CK
<dasjoe> !ops
<FckFreenode> MOTHER F{}CKERS!!! 16333 MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!! MOTHER F{}CKERS!!!
<ubottu> Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
<dasjoe> ty, Pici
<Pici> np
<tyhicks> lazyPower: Hi - you just commented on an apparmor bug (bug #1296384, which is a duplicate of bug #1296459) that was fixed prior to Trusty's release
<uvirtbot> Launchpad bug 1296384 in apparmor "LXC apparmor profile broken w/recent trusty update (dup-of: 1296459)" [Undecided,Confirmed] https://launchpad.net/bugs/1296384
<uvirtbot> Launchpad bug 1296459 in apparmor "Upgrade from 2.8.0-0ubuntu38 to 2.8.95~2430-0ubuntu2 breaks LXC containers" [Critical,Fix released] https://launchpad.net/bugs/1296459
<tyhicks> lazyPower: How are you still hitting that bug? Do you have pre-release packages installed on that system?
<lazyPower> I don't but the bug may be misfiled
<lazyPower> 1 sec
<lazyPower> https://launchpad.net/bugs/1305280
<uvirtbot> Launchpad bug 1305280 in apparmor "apparmor get_cgroup fails when creating lxc with juju local provider" [Undecided,Confirmed]
<lazyPower> It appears to be this upon further discussion
<tyhicks> lazyPower: The AppArmor denial that you posted (apparmor="DENIED" operation="mount" info="failed type match" ...) is definitely caused by the bug that was fixed prior to release
<lazyPower> tyhicks: thanks for the confirmation. I thought they were related.
<tyhicks> lazyPower: no problem - I just wanted to make sure you weren't banging up against something that was already fixed :)
<lazyPower> tyhicks: do we have a workaround that's not removing apparmor?
<lazyPower> i'd like to patch this so i can keep moving forward pending a fix landing.
<tyhicks> lazyPower: for which bug?
<lazyPower> the apparmor denial.
<lazyPower> i ahd some packages in dist-upgrade, but nothing related to apparmor :|
<lazyPower> this was an ugprade from beta => release
<tyhicks> lazyPower: it is fixed - use the apparmor package from the trusty release (2.8.95~2430-0ubuntu5)
<lazyPower> so, i may have some leftover cruft somewhere
<lazyPower> charles@desktop:~â« dpkg -l | grep apparmor
<lazyPower> ii  apparmor                                              2.8.95~2430-0ubuntu5
<lazyPower> looks like i'm already on -current
<tyhicks> lazyPower: and you still get that denial?
<lazyPower> i do
<tyhicks> lazyPower: can you paste it here?
<lazyPower> you bet, let me clean up and do a fresh deploy so you've got fresh logs. I'll pastebin everything pertinent
<tyhicks> oh, my eyes and/or brain were deceiving me
<tyhicks> this may actually be a different/new bug
<lazyPower> interesting, i see other output i missed my first time around too
<lazyPower> looks like the mongodb unit attached to juju is getting finicky
<lazyPower> machine-0: 2014-05-14 17:20:33 ERROR juju.worker runner.go:218 exited "peergrouper": cannot get replica set status: cannot get replica set status: not running with --replSet
<tyhicks> the old bug fixed the denial containing this info: info="failed flags match"
<lazyPower> ahhh ok
<lazyPower> tyhicks: http://paste.ubuntu.com/7463805/
<lazyPower> there's what i had aggregated so far
<lazyPower> it worked fine up utnil i hit machine 3, its sporadic at when it decides to deny via apparmor.
<tyhicks> the bug you're hitting generates a denial containing this info: info="failed type match"
<tyhicks> it looks like we may have some more unitialized variables :/
<jjohansen> :(
<tyhicks> err... maybe not
<tyhicks> jjohansen: it looks to me like dev_type should get properly initialized in parser/mount.c
<tyhicks> jjohansen: can you double check?
<jjohansen> sure
<tyhicks> jjohansen: it is the first thing that gets assigned in mnt_rule(), so we should be good as long as extract_fstype() doesn't return junk
<jjohansen> tyhicks: yep, it should be good
<tyhicks> jjohansen: thanks for taking a look
<jjohansen> tyhicks: allow is also good
 * tyhicks agrees
<fridaynext> http://pastebin.com/TNg6tR1L - how can I find where xcache.so is trying to be loaded?
<fridaynext> I've checked /etc/php5/fpm/php.ini, /etc/php5/cli/php.ini, /etc/php5/apache/php.ini, and it's not being loaded in any of those
<patdk-wk> why would it be?
<patdk-wk> did you bother to check /etc/php5/conf.d/xcache.ini
<tyhicks> lazyPower: did you make a change in the lxc config to get rpc_pipefs mounted?
<tyhicks> lazyPower: I don't see an apparmor mount rule that would allow that to be mounted
<lazyPower> negative, i haven't touched the lxc configuration other than what juju-local provides
<lazyPower> which may have been an update - this just started happening today
<jjohansen> tyhicks: I think extract_fstype is bad, I'm looking at it right now, and so far it looks wrong
<jjohansen> tyhicks: but maybe that is just /me getting reaquainted with it
<tyhicks> jjohansen: well, I'm starting to think that I jumped the gun on assuming a bug in the parser because I don't see a rule in the lxc-container-default profile that would allow a fs of type rpc_pipefs
<jjohansen> ah, maybe
<hxm> hello, in an accident I removed the ssh server and now I cant log in, I restarted as rescue mode trought the provider panel and I can run a live distro, how can I install, or run an script for the restart and install the ssh service?
<jjohansen> tyhicks: so no its, good, its just the transfer of the vals is less clear than it should be
<tyhicks> jjohansen: that confused me, too
<tyhicks> lazyPower: to get rid of the apparmor denial, you could add "mount fstype=rpc_pipefs," to /etc/apparmor.d/abstractions/lxc/container-base
<tyhicks> lazyPower: then you'd need to run `sudo service apparmor restart` and then try again
<lazyPower> tyhicks: thank you! i'lli test it in just a moment.
<tyhicks> lazyPower: I think that would help determine if the problem is caused by the apparmor denial or the finicky mongodb unit
<lazyPower> tyhicks: initial testing seems that has fixed me, thanks a million for the info
<tyhicks> lazyPower: are you still seeing the mongodb problem?
<lazyPower> tyhicks: i am.
<shwaiil> when updating the /etc/hosts file do we need to restart ?
<lazyPower> that's a config problem witht eh mongodb provider on localhost. it's expecting a replicaset.
<lazyPower> shwaiil: nope. Should be immediate.
<shwaiil> lazyPower: oh ok thanks : )
<shwaiil> Learning the very basics here. Just wondering, on my minions I've run the command salt-minion -l debug, to "listen" the master. I'm right now with the console open. if I close this, I assume the "daemon" stops right ? How does this work ?
<shwaiil> actually I'm going to close the terminal window and try to run the "taste"
<shwaiil> oops
<shwaiil> sorry wrong channel
<andol> Hmm, being able to to refer to minions is almost in itself a reason to try salt :)
<tyhicks> lazyPower: do you think that there's a chance that mounting rpc_pipefs is in some sort of fallback path for the mongodb issue?
<tyhicks> lazyPower: if so, I'd like to see if the new apparmor rule is still needed once the mongodb issue is sorted out
<lazyPower> tyhicks: i think it was added for a new feature for charm dev that was discussed bind mounting the fs with local provider
<lazyPower> that way you can make edits ont eh HOST and they show up in the guest.
<lazyPower> a-la vagrant shared-fs style
<lazyPower> i asked  in #juju-dev but haven't received confirmation yet
<tyhicks> lazyPower: ok, if/when you receive confirmation, can you open a new bug against lxc (that's where the policy file lives) and point me at the bug?
<lazyPower> you got it
<tyhicks> lazyPower: we'll need to SRU the fix for the apparmor policy
<tyhicks> thanks!
<brianblaze420> if I install ubuntu server and create a ssh server
<brianblaze420> and do not install the desktop or anything (basically making a headless server)
<brianblaze420> can I still x-11 forward or will i have to install the desktop to forward it?
<wastl> afair you have to have the libs etc installed
<wastl> but no need for a desktop
<brianblaze420> so apt-get X11?
<dasjoe> X11 forwarding does not require an installed X11 server, but you still need some libraries (which should get pulled in automatically when you install GUI software)
<wastl> as i said
<brianblaze420> yeah so what do I have to install to make this work on my server
<brianblaze420> since I didn't install gui
<dasjoe> Whatever GUI application you want to use, it'll come with the required libs
<sarnold> brianblaze420: just apt-get install whichever program you want to use
<sarnold> it'll drag in the libraries it needs
<brianblaze420> okay cool
<wastl> unless the pkg maintainers didn't screw it up *g*
<brianblaze420> so my problem is i need an x server on my connecting osx as well
<wastl> uh he said 'osx' xD
<sarnold> brianblaze420: iirc OS X has a rootless X server available or already installed or something similar
<lazyPower> tyhicks: https://bugs.launchpad.net/juju-core/+bug/1319525
<uvirtbot> Launchpad bug 1319525 in juju-core "juju-local LXC containers hang due to App Armor Denial of rpc_fsbind request with local charms" [Undecided,New]
<wastl> does the crapple os still have an X server? I remember that leopard did
<brianblaze420> i am tryin xquarts and gunan se if that works :) thanks
<tyhicks> lazyPower: thank you!
<Hexch> HI, If I want to do AD user validation, do I need to join my ubuntu server on the domain name??
<Patrickdk> hexch, you really should, yes
<Hexch> Patrickdk: ok thx
<Hexch> or (tak!) :)
<sarnold> hallyn: one of my qemu/kvm VMs just remounted the filesystem read-only, with the following error message: "qcow2: Preventing invalid write on metadata (overlaps with refcount block); image marked as corrupt."
<sarnold> hallyn: is there anything you'd like me to collect for a bug report?
<hallyn> egads
<sarnold> hallyn: 1319578
<hallyn> sarnold: thanks
<hallyn> i assume this really is a result of yoru other bug
<sarnold> hallyn: it feels plausible that the two are related
<hallyn> do you know which file is causing that?
<sarnold> hallyn: and it might just be me tripping over one of the many many open CVEs against qemu. :(
<hallyn> yeah...
<sarnold> hallyn: which qcow2 tripped it? yeah
<hallyn> no,
<hallyn> i mean which file inside qcow2
<hallyn> so you coudl fire up qemu-nbd inside gdb,
<hallyn> touch the file and get your stacktrce
<hallyn> and figure out what's corrupted
<hallyn> if you have space for it to stash the image file somewhere, that'd be great.  i'm still at ods right nwo though, so can't look at it locally.  but maybe i can do it tomorrow remotely.
<hallyn> this is on trusty?
<sarnold> hallyn: oh! uh, hrm, this image had recently dist-upgraded a hundred megabytes of updates, then I ran a test script that should have involved another 100-ish files..
<sarnold> hallyn: yes, trusty/trusty
<sarnold> hallyn: thanks :)
<hallyn> yeah so if you push the file to p.c.c without getting yelled at, then i'll take a look
 * hallyn out for a bit -= bbl
<sarnold> hallyn: lillypilly.canonical.com:~sarnold/sec-trusty-amd64.qcow2.gz{,.sig} -- thanks :)
#ubuntu-server 2014-05-15
<nestle19> i installed ubuntu server 13.10 on this dedicated server with raid1 (2x 2TB) and when it first installed, it was doing a raid resync or something in /proc/mdstat (software raid).. i let it finish to 100%.. once it was no longer doing any sync i began using the server. Now randomly a week ago it started resyncing again.. I've been told this can be normal? so my question is.. it says [=========>...........] check = 47.3% (920534400/1945569088) finish=
<andol> nestle19: /etc/cron.d/mdadm
<andol> Assuming that applies
<nestle19> there is a file there yes
<nestle19> so shoul di disable that ?
<nestle19> i mean i dont mind checking but, this is 800gb worth of data on there..
<nestle19> so what if i wanted to reboot.. i feel like i cant
<nestle19> i mean its a server so its not meant to be rebooted necessarily but i just feel like its taking a long long time just to do this so i dont konw if itsnormal or what
<hxm> where is htpasswd command?
<hxm> i installed apache2-dbg
<sarnold> hxm: apache2-utils
<hxm> ah, ah, thanks
<hxm> apt-file confused me
<morph__> anyoen know how I can safely back up my server
<morph__> i dont havea nother server to put it to
<morph__> so if gure id have to put it in a tar or omething
<sarnold> morph__: take a look at tarsnap, amazon glacier, amazon s3, rsnapshot, rsync, duplicity, syncthing... there's a lot of options, perhaps too many, but hopefully among those you can find something that works for you
<morph__> yea ive never done this
<andol> morph__: What sarthor said :) +1 for tarsnap or for duplicity against either S3 or rsync.net.
<andol> morph__: Oh, and since you are new to this, also remember to early try verify that you actually can restore the files you think you have backuped up.
<lordievader> Good morning.
<Tazmain> Hi all I am new to the whole firewall setup on ubuntu. Is the only way to setup a firewall through iptables ?
<cfhowlett> !ufw | Tazmain
<ubottu> Tazmain: Ubuntu, like any other Linux distribution, has built-in firewall capabilities. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | GUI frontends such as Gufw also exist. | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo
<cfhowlett> !firewall
<Tazmain> cfhowlett, thank you
<love23> iam using ubuntu serever and i installed squid3 ans squidGouard  and have already fully configured but squirdguard doesnt  block unwanted site from blacklist dtaabse is  any one who can help me thnks?
<love23> I installed squid and squidguard.   I enabled them and they are running.   I enabled the blacklist for squidguard and pasted in http://www.shallalist.de/Downloads/shallalist.tar.gz and downlaoded the blacklist.   Looked like it downloaded and updated the db properly.   I clicked apply and save for squidguard.     However when I try to go to some bad sites (for example using URLs from within that downlaoded file) they still work 
<lkthomas> hey guys
<lkthomas> I am trying to use module-assistant
<lkthomas> but it keep saying kernel headers could not be found
<lkthomas> I did m-a prepare and all are fine
<ciastek> ubuntu 14.04, proftpd's logrotate script is broken. it makes proftpd to shutdown instead of restart.
<ciastek> service proftpd restart -> works fine; invoke-rc.d proftpd restart - server doesn't work anymore.
<Tazmain> If I start a vncserver on my server and I have xubuntu-desktop installed and I just get a grey screen when I connect what does that indicate ?
<InFierno> Tazmain, Something isnt working?
<InFierno> Tazmain, It indicates there may be a configuration problem?
<Tazmain> InFierno, I mean is my xstart the session incorrect or is the vncserver not working or the desktop session not functioning
<InFierno> I know mate; as to that I dont actually know - I tend to command line in - Did you turn off encryption to start with?
<Tazmain> turn of what encryption ? I am not tunneling it through ssh
<ciastek> proftpd's bug already confirmed: https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1246245
<uvirtbot> Launchpad bug 1246245 in proftpd-dfsg "proftpd service failed to restart" [Undecided,Confirmed]
<samiux> I am running ubuntu 14.04 server, the apparmor's aa-genprof will crash when select scan.  meanwhile, the aa-logprof takes several hours not complete.  any idea?
<Jonny86> guys, does anyone know what to do to fix limited plantar flexion motion of left ankle ?
<cfhowlett>  Jonny86 wrong channel.
<Jonny86> are you sure?
<Jonny86> i thought i was in the right place
<cfhowlett> Jonny86 so NOT funny.  read the topic.  play somewhere else.
<cfhowlett> Jonny86 if you truly thought this was the place for medical help, you have issues.
<Jonny86> omg
<Jonny86> i was sure someone would come up with a fix
<cfhowlett> Jonny86 go away now.
<Jonny86> cfhowlett do you think i might get better support in the android-dev channel ?
<Jonny86> i'm afraid they might kick me before i ask
<cfhowlett> Jonny86 they won't.  just explain that in addition to your ankle problem, you suffer from terminal cranial-rectal inversion.  They'll understand.
<Jonny86> lmfaootf thanks for the laugh cfhowlett
<Jonny86> you just made my day
<Jonny86> i'm no freakin bored at work
<Jonny86> hell is real
<dw1> ciastek: add this "sleep 2" line to /etc/init.d/proftpd -- fixed it for me: https://pastee.org/dd7cx
<Jonny86> dw1 what about my issue?
<dw1> ciastek: found the fix here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675081#10
<uvirtbot> Debian bug 675081 in proftpd-basic "proftpd-basic: logrotate kills proftpd instead of restarting it" [Important,Fixed]
<Jonny86> omg
<Jonny86> are you guys discussing string theory
<Jonny86> Debian bug 675081 = is that what you call the 6th dimension
<uvirtbot> Debian bug 675081 in proftpd-basic "proftpd-basic: logrotate kills proftpd instead of restarting it" [Important,Fixed] http://bugs.debian.org/675081
<dw1> ciastek: ahh thers a better solution at the bug link you provided. nice :)
<Jonny86> ok
<Jonny86> i opologize
<love21> I installed squid and squidguard.   I enabled them and they are running.   I enabled the blacklist for squidguard and pasted in http://www.shallalist.de/Downloads/shallalist.tar.gz and downlaoded the blacklist.   Looked like it downloaded and updated the db properly.   I clicked apply and save for squidguard.     However when I try to go to some bad sites (for example using URLs from within that downlaoded file) they still work 
<dw1> hmm, dont know. try in #squid too
<love21> I installed squid and squidguard.   I enabled them and they are running.   I enabled the blacklist for squidguard and pasted in http://www.shallalist.de/Downloads/shallalist.tar.gz and downlaoded the blacklist.   Looked like it downloaded and updated the db properly.   I clicked apply and save for squidguard.     However when I try to go to some bad sites (for example using URLs from within that downlaoded file) they still work 
<Tazmain> will export VAR=myvar set a global environment variable or just local variable to the user?
<pmatulis> love21: maybe check in #squid
<pmatulis> Tazmain: try it and tell us
<Tazmain> pmatulis, well seems to be global until reboot
<Tazmain> who else do you set a global environment var, in /etc/environment ?
<Tazmain> how *
<jdstrand> samiux: can you file bugs with steps to reproduce? we plan on fixing these sorts of bugs in the coming weekesz
<jdstrand> weeks*
<med__> smoser, is 255 a real firm limitation in metadata (being discussed in the Nova room 303 a few moments ago) proposal about to extend it
<samiux> jdstrand, I cannot find a open a bug report at launchpad.net
<jdstrand> samiux: https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug
<samiux> k
<smoser> med__, metadata on nova ?
<smoser> i have no idea. not listening :).
<med__> smoser, no worries. It was the previous session
<smoser> ah.
<Kawaiola> Anyone know how to make changes to the php configuration files by chance?
<Armadillos> Kawaiola: They usually reside in /etc/php4 directory.  There's a config for the CLI, and one for the web.
<Armadillos> Kawaiola: Or /etc/php5/
<Kawaiola> Armadillos, Okay sweet thank you would you happen to know where I would get the download for the latest version of vtiger 6 I can't seem to find the download location anywhere
<Armadillos> Kawaiola: That I do not know :(
<Kawaiola> Armadillos, no worries haha just having a hard time setting this up unfortunetly and the vtiger channel has like 4 people who aren't even there
<shwaiil> Hi
<shwaiil> Q: a sudoer in ubuntu is wheel, right ? why isn't that created by default ? Thanks!
<shwaiil> I just runned: groups, I only get root
<jpds> shwaiil: It's 'sudo', not wheel.
<shwaiil> jpds: Thanks for looking!
<Pici> or 'admin' in older releases.
<shwaiil> Ok, to see the groups less /etc/group ?
<InFierno> Guys, If I make a subdomain that is served through nginx via and apache reverse proxy - I only need a CNAME record right?
<Kawaiola> Where do files go by defult when you download them ?
<rbasak> Kawaiola: download them how?
<Kawaiola> rbasak, I used wget
<rbasak> Kawaiola: wget will put files in the current directory, unless you're using some particular options that change that.
<Kawaiola> rbasak, but I can't unpack the files because I'm not real sure where they are haha
<Kawaiola> Oh so if I was in my main directory that is hwere they would be.
<Kawaiola> rbasak, How would I find a file, for example I need to find  vtigercrm6.0.0.tar.gz on my server so I can upack it
<samiux> anyone know how to download the lastest apparmor-utils for ubuntu 14.04
<pmatulis> samiux: install the package with apt-get?
<jdstrand> I think he wants trunk based on bug feedback
<Kawaiola> Hey does anyone know how to change the settings for php
<SCHAAP137> change what settings
<jdstrand> samiux: we have daily builds of apparmor trunk, but you don't want those since Ubuntu has several Ubuntu-specific patches that you would want. I can say that the work is planned to gather up all those bugs and push them as SRUs to 14.04 this month
<samiux> jdstrand, thanks
<Kawaiola> I need to turn display_errors off change the max_time_exicution
<jdstrand> samiux: if this puts you in a bind, I suggest profiling by hand. see: http://wiki.apparmor.net/index.php/Profiling_by_hand
<Kawaiola> I assume they are config settings
<samiux> jdstrand, k
<esde> Kawaiola: /etc/php/cli/php.ini might be what you're lokoing for
<esde> *looking
<Kawaiola> esde, okay I will take a look and let you know thank you
<Kawaiola> esde, there is nothing in that file when I open it perhaps I'm doing something wrong
<esde> php -i | find /i "Configuration File"
<esde> run that
<esde> erm
<esde> php -i | find "Configuration File"
<Kawaiola> esde, It came up saying no such file or directory
<esde> same here
<esde> got it from stackoverflow, let me frind the proper command for you
<esde> *find
<Kawaiola> esde, thank you I've been trying to figure out how to do this forever
<esde> php --ini
<esde> there ya go
<Kawaiola> esde,  ahh okay I see now how do I open and modify those files?
<esde> you'll probably only be changing the php.ini file, but there might be some settings in the additional inis listed
<Kawaiola> okay sweet would I open those files with nano ?
<esde> display_errors and max_execution_time should both be in php.ini iirc
<esde> yeah
<Kawaiola> esde, When I change and save settings is there something special I have to do?
<esde> they *should* take effect immediately unless you're using like php5-fpm, in which case you'd need to restart the service like sudo service php5-fpm restart
<esde> you could also check phpinfo()
<Kawaiola> I have php5
<samiux> I submitted a bug for apparmor at ubuntu 14.04 server.  the developer requests me to submit backtrace.  How can I do that on a server?
<jjohansen> samiux: apport-collect bug#
<sarnold> jjohansen: I don't thikn that'll do it
<jdstrand> I think it will. there is a cli backend
<jjohansen> sarnold: it should, or it used to
<sarnold> jdstrand: but are python stack dumps saved anywhere useful? I thought they just went to the terminal and that was that.
<jdstrand> but I forget if you need to invoke it specially
<jdstrand> python tracebacks should end up in /var/crash too
<jjohansen> samiux: you can also always just manually attach the part of the log with the backtrace
<jjohansen> if the back trace isn't showing up in the logs the, just copy it, and paste it into the bug
<sarnold> jdstrand: really? neat. all I've got in there now are some systemd crashesh, I'd have expected a python stack dump somewhere, as that's the usual python error handling :)
<jdstrand> hehe
<sarnold> samiux: if apport-collect 1319829  doesn't do it, try: sudo -s <enter> then aa-genprof suricata 2>&1 > /tmp/aa-genprof.out
<samiux> sarnold, thanks
<jdstrand> I think it depends on if it is an official binary as opposed to some random script. pitti could explain more. I do know that I've seen tracebacks in there
<sarnold> hrm, maybe that functionality was dropped somehwere? I just tried again with the 'maas' command line program, nothing new in /var/crash
<hans67521> Hi i've install Ubuntu 14.04 LTS as a KVM guest, sudo apt-get update produces 403 forbidden, i've tried changing the sources.list to a different mirror but still getting the same output
<hans67521> any ideas?
<sarnold> hans67521: can you pastebin your sources.list?
<dasjoe> hans67521: pastebin your sources.list, for example on http://paste.ubuntu.com/
<sarnold> (the pastebinit program can make that very easy :)
<hans67521> http://pastebin.com/uf9UEuST
<hans67521> i dont see the sources.list been the issue here, just installed the machine
<dasjoe> Are you behind a proxy/firewall of some sorts?
<hans67521> Yes, the VM runs behind a shorewall box
<hans67521> i can ping out onto the internet, ssh to remote hosts
<hans67521> Ah!
<dasjoe> Also, I assume you are not in the US but in ZA. Replace us.archive[...] with za.archive[...] for (probably) better downloads.
<hans67521> lol i know what is issue is...
<hans67521> squid acl...
<dasjoe> :)
<sarnold> woot
<hans67521> lol works now....
<hans67521> thanks.
<samiux> my ubuntu 14.04 server displays "audit: printk limit exceeded", why?
<sarnold> samiux: the short answer is that it looks like e.g. apparmor is generating too many messages too quickly
<samiux> sarnold, I see
<jjohansen> samiux: the message rate limit is rather low, you can up it or turn it off
<sarnold> samiux: the longer answer is that the audit system looks to offload messages from the kernel to the auditd daemon, but to avoid allowing someone to perform a denial of service attack against the machine by logging too many errors at once, it only has a backlog that's so long..
<raub> Has anyone seen sudo-ldap crash on 14.04?
<jjohansen> samiux: to turn it off, as root do: echo 0 >  /proc/sys/kernel/printk_ratelimit
<samiux> jjohansen, thanks
<rberg_> Hi folks I have been seeing a lot of this "INFO: rcu_bh detected stall on CPU 1 (t=0 jiffies)" on 12.04 lately I was reading that 0 jiffies means its not a real hang.. does anyone know how to go about debugging this?
<Julinux> Hi everyone
<pmatulis> hello there
#ubuntu-server 2014-05-16
<Voyage> Hi
<lordievader> Good morning.
<samiux> when apparmor service is enabled, there are a lot of syslog entries.  is it normal?
<samiux> it is a ton of syslog, I mean.
<jjohansen> samiux: no and yes
<samiux> jjohansen, what is the meaning of "no and yes"?
<jjohansen> samiux: if your profiles are properly developed, then there should not be any denials
<jjohansen> samiux: when developing profiles you can have a LOT
<samiux> the syslog entries are all "ALLOWED".
<samiux> You mean in complain mode?
<jjohansen> samiux: right
<samiux> I see, thanks, jjohansen
<jjohansen> samiux: complain mode will tag all log entries that would have been denied as ALLOWED
<samiux> jjohansen, yes, you are right.  when the apache2 profile is in force, no more entry in syslog.  thanks.
<jjohansen> samiux: this is distinct from DENIED, which you can still get (other profiles in enforce mode, or even explicit denials that are audited), there is also an AUDIT message, which is an access that is allowed in policy but an audit entry has been requested. An example would be
<jjohansen>   audit /etc/shadow w,
<jjohansen> so that any write to /etc/shadow has an audit entry
<samiux> jjohansen, thanks for the info
<stephank> The scatter/gather option on a network interface (as in, ethtool -K ethX sg on/off) is solely a performance optimisation, correct?
<stephank> I'm wondering if it's going to have any effect on my application if I disable it.
<FrEaKmAn_> hi all.. for example if I have an app which runs on server and stores some data.. where should I store data? what is the best practice? /var/mydata?
<FrEaKmAn_> and this is an app that runs on a server, not a webpage or something similar
<NOC> -
<NOC>  /usr/bin/local
<stiv2k> hello
<stiv2k> how do i know if my openssl is ok?
<stiv2k> and, i think i need to re-generate my certificate
<stiv2k> https://lastpass.com/heartbleed/?h=stiv2k.info
<dw1> if you're updated it should be fixed.  check version dpkg -l | grep openssl
<stiv2k> dw1: i have an old ubuntu though
<stiv2k> 12.10
<dw1> no longer supported, good chance its bugged
<dw1> oh actually no
<dw1> it just ends support today :)
<dw1> what is openssl version?
<stiv2k> ii  openssl                            1.0.1c-3ubuntu2.8                      i386         Secure Socket Layer (SSL) binary and related cryptographic tools
<dw1> apparently it was fixed in 2.7 https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7
<stiv2k> so im good?
<dw1> yeah, but could have been compromised before that
<stiv2k> do i need to regenerate cert?
<dw1> you can use this online tester too https://filippo.io/Heartbleed/
<dw1> to be safe, yeah, it was an unknown bug for ~2 years as I undersatnd
<stiv2k> https://filippo.io/Heartbleed/#stiv2k.info
<dw1> stiv2k: youre not vulnerable.. i checked with nmap, e.g. https://pastee.org/czavy
<dw1> stiv2k: https://pastee.org/x8jdy
<dw1> !sslbug
<ubottu> A fix for the recent OpenSSL vulnerabilities (2014-0076 & 0160) has been pushed to the Ubuntu repositories, see http://www.ubuntu.com/usn/usn-2165-1/ and http://heartbleed.com/ for more information.
<pmatulis> morning
<dw1> http://www.webhostingtalk.com/showthread.php?t=1374900 ?!
<dw1> Just got this scary email from provider about linux kernel vulnerability: https://pastee.org/rfd2h
<dw1> Is latest 14.04 kernel affected? Hmm
<dw1> http://www.hostingseclist.com/
<cfhowlett> dw1 the notice specifically states the fix...
<dw1> k sounds good :)
<dmsimard> jamespage: ping ?
<sander^work> How do I check the version of an apt-get package before I install it?
<cfhowlett> sander^work apt-cache policy packagename
<dmsimard> sander^work: apt-cache show <package> works also
<sander^work> is that the version I get when doing dist-upgrade, or upgrade?
<sander^work> dmsimard, cfhowlett
<sander^work> ..in case of an upgrade
<cfhowlett> sander^work to get the latest packages for your current installed distro:   sudo apt-get dist-upgrade
<sander^work> cfhowlett, Yes, I know. But I want to check which version i'm upgrading to, before I do it.
<cfhowlett> sander^work note: this DOES NOT upgrade your os, so if you're on 12.04, you will remain on 12.04
<sander^work> package version.
<cfhowlett> sander^work as I understand it, the "available" package version in the one for your distro.
<sander^work> cfhowlett, Yes, and apt-cache policy/show displays this new version of a package i'm about to upgrade.. but does it take into account the package I get when doing upgrade or dist-upgrade?
<cfhowlett> sander^work new "available" version will be the highest package number available to you via upgrade
<sander^work> cfhowlett, so it will display the highest version of a package even if it's hold back by apt-get when doing an regular upgrade?
<sander^work> ..I guess :-)
<jamespage> jodh, did we ever get to a consistent way to disabling/enabling upstart and init.d scripts?
<jodh> jamespage: you mean the chkconfig-alike for upstart? No, that never happened.
<jamespage> jodh, great- that what i though
<jamespage> jodh, does chkconfig actually work in Ubuntu for init.d based stuff?
<dmsimard> jamespage: I was hoping I could bring your attention to these ubuntu-cloud-archive packages that are broken and preventing swift from working properly: bit.ly/1szWmsa
<jamespage> dmsimard, hmm - that's odd - that did not show in my testing
<jamespage> dmsimard, this is on 12.04 or 14.04?
<hallyn> smb: zul: bug 1320031
<uvirtbot> Launchpad bug 1320031 in libvirt "libvirt package is not being build with flag --with-libxl" [Undecided,New] https://launchpad.net/bugs/1320031
<dmsimard> jamespage: I'm experiencing the issue with cloud archive on 12.04. The bug reporter (and AskOpenstack) are reporting issues on 14.04 as well
<jamespage> dmsimard, oh - I see
<jamespage> dmsimard, its with the ceilometer integration enabled
<dmsimard> jamespage: people in #openstack-swift are saying it could be a conflict with ceilometer
 * jamespage thinks that might be a testing gap
<smb> hallyn, IMO that is not needed when libxl is found
<jamespage> dmsimard, ah indeed - pecan>=0.4.5
<hallyn> smb: no idea.  i do know that when i tried to build without --without-lbixl, compilation failed for me
<jamespage> zul, ^^
<hallyn> smb: but i wasn't even sure if you wanted libxl, so i just wanted to make sure you knew about teh bug
<smb> hallyn, Right and since I use the xl stack I am quite positive it is build using libxl
<smb> hallyn, ok sur
<smb> sure
<hallyn> smb: thanks :)  (zul might also care)
<hallyn> me i'll be having to get comfortable with hyperv and widnows guests, i think, bc a bunch of related bugs are cropping up
<dmsimard> jamespage: doh, zul went ping timeout :p
<dmsimard> you scared him off IMO
<jamespage> dmsimard, I'm not far from him this week so will go find him
<dmsimard> jamespage: You guys are at the summit ?
<hallyn> i bet jamespage is sitting at a table with zul,
<hallyn> "answer my ping on irc"
<jamespage> dmsimard, yes
<dmsimard> jamespage: Nice. Wish I could be, some of my colleagues are there though. Lucky them :D
<jamespage> dmsimard, so it looks like we have a to new version of happybase and an old version of pecan
<jamespage> dmsimard, the problem is in ceilometer, symptoms in swift
<jamespage> for the time being you can disable the ceilometer egg to workaround
<dmsimard> jamespage: I'm working around it manually already but it's .. inconvenient
<dmsimard> jamespage: Thanks for your attention, appreciate it.
<shwaiil> Q: I was talking about sshfs to mount a remote dir, so I could use my sublime-text from my local machine. Someone told me, I can actually run sublime-text directly from my ubuntu server ? and it launches my local sublime-text ?
<shwaiil> so I don't have to relay on sshfs or nfs, etc. How does that work ?
<shwaiil> Never seen that before.
<shwaiil> he also mentioned: you may have to authorized the remote host to display content on local machine via 'xhost + remote_ip' ( on local machine )
<shwaiil> does anyone know anything about this ?
<qman__> shwaiil: I believe that is referring to X11 forwarding over SSHb
<qman__> SSH*
<jpds> There's also xpra
<jpds> !info xpra
<ubottu> xpra (source: xpra): tool to detach/reattach running X programs. In component universe, is optional. Version 0.12.3+dfsg-1ubuntu1 (trusty), package size 775 kB, installed size 3537 kB
<pmatulis> was testing xpra yesterday on trusty.  it's quite actively developed
<medberry> jamespage, I'm doing a new OpenStack Icehouse deploy this week. Should I build on Precise and upgrade it to Trusty later (current plan) or bite the bullet and go to Trusty first? (just asking for a best practice/recommendation based on current stability/maturity of each)
<medberry> thanks, trusty it is
<rostam> HI I am using ubuntu 12.04 lts.. we are observing some performance issues. Any recommandation on what profiling tool to use to root cause the issue? thx
<rostam> k
<SCHAAP137> performance issues in which sense?
<sarnold> rostam: there are dozens to pick from :) one of my favorites is the 'vmstat 1' output, check the 'so' and 'si' columns to see if you need to buy more ram :)
<rostam> we have mutli-threaded application, some of the thread are queued on an interrupt from video sync and are missed.
<rostam> sarnold, thx I will look into those, but we have lotus of ram
<sander__> Is the recent local root security bug fixed in 10.04 ?
<sarnold> sander__: which one?
<sander__> sarnold, is there several ones? Thinking about the race condition one.
<sarnold> sander__: ah, then it might have been this: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0196.html
<uvirtbot> sarnold: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO &amp; !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196)
<sarnold> sander__: if it'sthe one I think you're thikning of, then yes, updates were released on 5th of may
<zriddick|2> should I set up both an external and an internal nic on a mail server
<sarnold> zriddick|2: that's probably more hassle than it is worth.
<zriddick|2> ok I am wondering why zentyal has option for external or internal on the nic settings
<zriddick|2> but that seems to be the common response
<sarnold> zriddick|2: I can imagine scenarios where it might make sense, but it feels to me that if you've got a good reason for an internal mail server address and an external mail server address, having them on two servers is probably the wise next step :)
<zriddick|2> understood
<zriddick|2> when you set it up you get all kinds of crazy stuff happening
<zriddick|2> Ill stick with the one
<rostam> Hi I am using ubuntu 12.04. I am trying to install an opensource driver after compiling (lttng-modules-2.0.2),. It seems during installtion it requires private key, I keep getting this error: Can't read private key.  Is there anyway I can force install it? thx
<patdk-wk> rostam, you need to ask lttng
<rostam> patdk-wk, thx
<Macer> good afternoon
<justizin> is there an equivalent to policy-rc.d for update-rc.d ? i somehow thought policy-rc.d would prevent both starting and enabling of services installed by packages, but iâm finding that they donât start on install, but do on reboot.
<axisys> I wanted to save people from keep typing their securid password everytime then login to router and we have tons of backbone routers
<axisys> how to cache authentication credentials instead of sending the authentication request to authentication server if request comes within say 5 mins of last successful authentication?
<axisys> our setup is like this tacacs -> pam -> radius on securid server
<sarnold> axisys: my first thought is to look into using sssd to cache credentials; keep in mind that I've not actually -used- sssd myself, I've just spent an hour skimming their documentation a few months ago..
<sarnold> axisys: maybe simpler, try the pam_succeed_id module
<axisys> sarnold: google thinks pam_succeed_if ?
<sarnold> axisys: ignore google, just 'man pam_succeed_if', that ought to get you there :)
<axisys> read it few times.. not sure if I following.. can it do like this? if pam_radius was success 5 mins ago then login success and no need to send another auth request?
<sarnold> axisys: that's my thought... I haven't looked into it deeply, it might not be even close..
<axisys> so sssd can talk to a pam library and keep the success in cache for a certain time for any future auth req ?
<sarnold> axisys: I believe so, yeah
<axisys> hmm.. so caching auth credentials is a feature with sssd.. nice.. but I do not know if it can talk to PAM..
<axisys> atleast not showing anything here
<axisys> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-authconfig-auth.html
<axisys> may be need to read more to find out
<axisys> ok.. so pam is an option
<axisys> services = nss, pam
<axisys> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/Configuring_Services.html
<axisys> thanks
<sarnold> axisys: yeah, it looks like it's a Big Thing, but it feels like it should be able to do whatever it is you need doing. :)
<stiv2k> dw1: thank you
<Godzilla1954III> WHERE IS MAH F{}CK MONKEY
<cloudman> why is rkhunter not updating on 12.04???
<Godzilla1954III> WHERE IS MAH F{}CK MONKEY I WANT MY TOASTAH! GIMME ME TOASTAH WHERE IS MAH TOASTAH?!
<sarnold> cloudman: what do you mean by 'updating'?
 * Godzilla1954III FINDS THE F{}CK MONKEY AND GIVES IT A GOOD OL' FASHIONED F{}CKING TO DAT BITCH ASS
<Godzilla1954III> WHERE IS MAH F{}CK MONKEY I WANT MY TOASTAH! GIMME ME TOASTAH WHERE IS MAH TOASTAH?! GIMME MAH F{}CK MONKEY AND MAH TOASTAH! WHERE IS MAH TOASTAH YOU SONS OF BITCHES
<cloudman> just ran rkhunter --update and get an error, one moment
<Godzilla1954III> WHERE IS MAH F{}CK MONKEY I WANT MY TOASTAH! GIMME ME TOASTAH WHERE IS MAH TOASTAH?! GIMME MAH F{}CK MONKEY AND MAH TOASTAH! WHERE IS MAH TOASTAH YOU SONS OF BITCHES update and get error one moment enjoy your stay puppy time oh gangman style scglkal furururu
<cloudman>  Checking file i18n versions                                [ Update failed ]
<Godzilla1954III> WHERE IS MAH F{}CK MONKEY I WANT MY TOASTAH! GIMME ME TOASTAH WHERE IS MAH TOASTAH?! GIMME MAH F{}CK MONKEY AND MAH TOASTAH! WHERE IS MAH TOASTAH YOU SONS OF BITCHES update and get error one moment enjoy your stay puppy time oh gangman style scglkal furururu GODDAMN PUPPY WHERE THE HELL ARE YOU SCREW YU GUYS AIM GOING HOME HONEY IM HOME TIME FOR YOU BEEATING TROLOLOLOLO
<Godzilla1954III> WHERE IS MAH F{}CK MONKEY I WANT MY TOASTAH! GIMME ME TOASTAH WHERE IS MAH TOASTAH?! GIMME MAH F{}CK MONKEY AND MAH TOASTAH! WHERE IS MAH TOASTAH YOU SONS OF BITCHES update and get error one moment enjoy your stay puppy time oh gangman style scglkal furururu GODDAMN PUPPY WHERE THE HELL ARE YOU SCREW YU GUYS AIM GOING HOME HONEY IM HOME TIME FOR YOU BEEATING TROLOLOLOLO FURURURURURURUR
<Catdaemon> apt-get install toaster
<cloudman> o shut up dude
<dcosnet> what the hell...
 * Godzilla1954III walks away
<cloudman> sarnold:  Checking file i18n versions [ Update failed ]
 * Godzilla1954III apologizes to cloduman and sarnold and other people
<cloudman>  just shut up is better :)
<Godzilla1954III> tomaw: I'm done here.
<Catdaemon> worst channel flood of all time
<Godzilla1954III> sorry about that.
<sarnold> tomaw: <3
<cloudman> prove it a,d shut up
<cloudman> prefer godzilla gone
<cloudman> why is rkhunter not updating???
<cloudman> not another heartbleed thing I hope
<cloudman> not updating becaues it does not want to detect something
<cloudman> anyone running 12.04 can you try rkhunter --update and see what happens
<Patrickdk> cloudman, invalid command
<lorfds> i am locking down a production ubuntu web server
<lorfds> i am trying to figure out if i should just be using ufw
<lorfds> or if i should be digging into nftables
<lorfds> is ufw generally secure?
<lorfds> this isnât a super secure server, but i want to defend against most automated attacks
<Catdaemon> ufw is a frontend for iptables
<lorfds> would you say setting deny for everything except 80 and 443 is generally secure?
<lorfds> or are there other things i should be doing regarding the firewall?
<sarnold> lorfds: ufw is a nice-enough frontend for iptables; it might not have all the bells and whistles of more complicated configuration tools or hand-written rules, but if it is easy enough to be used, that's awesome :)
<lorfds> also, what timezone do you use for your server?
<sarnold> lorfds: allowing ssh access from some specific networks might be nice too
<lorfds> this is u.s. basedâ¦serving east coast at first and eventually all u.s.
<lorfds> is utc the best you think?
<Catdaemon> ufw allow ssh, ufw allow http and ufw allow https should be good for you
<lorfds> sarnoldâ¦i blanket enabled ssh
<Catdaemon> don't forget to allow ssh if it's a remote server or you're in for a fun time
<lorfds> should i make it more specific for ssh access?
#ubuntu-server 2014-05-17
<lorfds> catdaemonâ¦yes indeed
<Catdaemon> use key based authentication for good security, don't worry about blocking/changing the ssh port
<lorfds> catdaemonâ¦isnt allow 80/tcp and allow 443/tcp the equivalent of allow http and https?
<sarnold> lorfds: well, blanket-allowing is probably fine, sshd hasn't had a huge problem in ages.
<lorfds> or does ipv6 change things?
<Catdaemon> I like using the names as it adds both rules by itself but it doesn't matter
<lorfds> what do you think about timezone?
<lorfds> is utc best?
<lorfds> i havent set up my own production server in a while, and i dont know what the kids are doing these days
<lorfds> damn kids
<lorfds> :P
<Catdaemon> depends what you're doing I guess
<lorfds> web server
<Catdaemon> I use UTC because it's the same as GMT and I live in london so it's gr8
<lorfds> serving u.s. mostly
<sarnold> if you have staff/users in multiple timezones then I'd do UTC, but if you're the only admin, local is fine
<lorfds> i amâ¦for now
<Catdaemon> just use UTC so you know it's UTC and don't have to worry about programs being weird
<lorfds> yeah thats why im thinking
<sarnold> Catdaemon: eh? I thought UK did summer-time as well and moves away from UTC for a few months each year?
<Catdaemon> yeah we do have BST but for 6 months of the year the time is correct
<Catdaemon> a broken clock is right twice a day!
<sarnold> :D
<ahmadgbg> hi guys, so i have my ubuntu server and i was thing about backup systems. What do you recommend? Nas with UPS?
<ahmadgbg> Hi guys, i have a ubuntu server and i wonder what is the best way to back it up? NAS with UPS?
<sarnold> ahmadgbg: "best" varies from person to person..
<sarnold> ahmadgbg: some people like making CDs or tapes of their data, it's easy to store those off-site ..
<sarnold> ahmadgbg: some people like rsync t oanother server, as you've described
<qman__> Cost, convenience, retention all go into that mix
<sarnold> ahmadgbg: some people like to upload to e.g. amazon glacier
<ahmadgbg> sarnold: So if i back it up with NAS, is that a good solution for ubuntu?
<sarnold> ahmadgbg: it can be, yes
<ahmadgbg> sarnold: how does the backup work? do i need the same drives as in the server (storage)?
<ahmadgbg> sarnold: or will i create a raid in the nas?
<sarnold> ahmadgbg: no, you can use whatever you want in the NAS system
<sarnold> ahmadgbg: you'll run a program like rsnapshot or rsync or amanda or bacula or duplicity or whatever to back up to your NAS system
<ahmadgbg> sarnold: lets say a drive failes in the server in a raid, the NAS drives are seperate from that right?
<ahmadgbg> sarnold: the backup is just the files right? not the whole raid system for the server
<sarnold> ahmadgbg: right, your NAS-based backup should still be there
<sarnold> ahmadgbg: depending upon your backup type, maybe your NAS would have synced from the server and destroyed some of the backup data.
<sarnold> you need to evaluate the software you pick to make sure it can recover what it needs to when you need it
<ahmadgbg> sarnold: okey! thanks!
<zombu2> evening i m trying to get channel bonding to work on ubuntu server 14.04 but no dice so far
<zombu2> any help would be apreciated
<Flam> I'm highly confused but for some reason my server can't connect to services at 127.0.0.1.  I checked /etc/hosts and it's mapped to localhost.  Unsurprisingly, localhost doesn't work either.
<Flam> i.e.: GET http://localhost:3001/socket.io/1/?t=1400301947427 net::ERR_CONNECTION_REFUSED  // GET http://127.0.0.1:3001/socket.io/1/?t=1400301947427 net::ERR_CONNECTION_REFUSED
<zombu2> firewall on?
<Flam> iptables yes
<Flam> but i opened those ports
<Flam> -A INPUT -p tcp --dport 3001 -j ACCEPT
<Flam> -A INPUT -p udp --dport 3001 -j ACCEPT
<zombu2> hmm
<Flam> wget http://localhost and wget http://127.0.0.1 worked.  Weeeird.
<zombu2> sometimes ufw get in the way too
<Flam> Ah solved it, I'm stupid haha.  It was JS running 127.0.0.1, which is ran on my machine
<zombu2> ah
<Flam> Lol fail
<zombu2> meh happens
<eagles0513875> hey guys I have a number of accounts which are already on my server. What would be the easiest way to set a password expiration on them all at once
<bekks> for acc in account1 account2 account3; do sudo passwd -d $acc; done   # untested
<eagles0513875> bekks: any tested manner?
<bekks> Just test it out.
<bekks> I wont do anything automagically reading from /etc/passwd since you might accidentially disable a needed account, too.
<eagles0513875> bekks: so in a nutshell you are saying its safer to just do it individually
<bekks> Yes.
<eagles0513875> ok no problem gives me a good opportunity to clear out old accounts
<lordievader> Good morning.
<rostam> hi during installation of third party kernel module, lttng, I get  following error: Can't read private key. Here is the pastebin for it:   http://paste.debian.net/100134/
<catphish> i have some servers where init appears to have gone a little insane at 2.5GB RAM and 80-100% cpu usage, is there any way i can investigate this?
<catphish> i enabled the debug log, it seems to be in a constant loop of "init: job_register: Registered instance /com/ubuntu/Upstart/jobs/network_2dinterface_2dsecurity/network_2dinterface_2fvethQMF01R" with various interfaces
<catphish> i fear there are too many NICs "registered"
<bekks> So how many interfaces are registered?
<catphish> i don't know, how can i find out?
<bekks> ifconfig -a would be a start
<catphish> there are about 350 currently active interfaces
<bekks> In a single server? :)
<catphish> indeed :)
<bekks> Which hardware is that? :P
<dasjoe> Sounds like a docker host
<catphish> it is a lxc host, yes
<catphish> but by itself, that's not a problem, i have a recently rebooted host with the same numbr of instances and no load from upstart
<catphish> so i'm thinking that over time an increasing number of old no longer used interfaces might be getting registered with some database
<catphish> no, on second thoughts, it's not that, that only happens once when changing the log level, i don't know what's actually upsetting it :(
<catphish> i also have another server that's not started any services after a reboot, i'm hoping it's just running a rather long disk check, but it's been an hour :(
<xeno2> Sorry, but this is probably the better place anyway.
<xeno2> So, the interface file. I don't see a place for that in vbox gui.  I"ll ask on #vbox too.
<Yelu> xeno2, hi
<xeno2> Sorry, but this is probably the better place anyway.
<xeno2> So, the interface file. I don't see a place for that in vbox gui.  I"ll ask on #vbox too.
<Yelu> xeno2, I agree
<xeno2> Is that in VBoxManage?
<xeno2> (and actually, these are VBox questions, so perhaps this isn't the best either)
<Yelu> no, we are talking about interfaces file in your guest. - vbox doesn't let you change ips from the outside
<Yelu> xeo2, PM me?
<xeno2> PM?
<Yelu> xeo2, only a suggestion, if you want to talk privately via "private messages" (PM) here.
<xeno2> Ok.  In /etc/network directory or some such?
<Yelu> xeno2, yes
<xeno2> Thank you for your patience.
<Yelu> xeno2, I got time, and had similar problems, also it's fun. - You're welcome ;)
<xeno2> Ubuntu doesn't work with the mouse.
<xeno2> I see a line:  iface eth0 inet dhcp
<xeno2> In interfaces already.
<xeno2> Above that auto eth0
<Yelu> that'S okay
<xeno2> Then before that lo is defined first.
<Yelu> perfect
<Yelu> so should it be
<Yelu> iterfaces = checked.
<Yelu> next step: the network-manager in your gui
<Yelu> we define eth0 as static interface
<xeno2> This server doesn't have a GUI.  It's not nice like the Debian one.
<Yelu> xeno2, I'm so sorry, my bad. we are on a server then? okay
<xeno2> Isn't there a plain iface command?  You used to be able to use ifconfig to define these, but I've never done it with iface.
<bekks> So just use ifconfig
<Yelu> so we want to change the /etc/network/interfaces with "sudo nano ..."
<Yelu> bekks, why
<bekks> Yelu: cheater ;)
<Yelu> bekks, hi, thank you for the cheater, but why I'm? :)
<bekks> Yelu: Why not? ifconfig works, so no need to learn new commands for a tasks solution with known commands
<bekks> Yelu: Because that was the most obvious approach ;)
<Yelu> bekks, xeno2, so we do it as a team, okay?
<bekks> Consider me being level 2 support at this point ;)
<Yelu> nice
<xeno2> Okay, I tried a few things from a web example, and so far it rejects.
<Yelu> xeno2, your are awake?
<xeno2> I cannot pull it off, because no network connection.
<Yelu> ok
<xeno2> So there is no cut and past of examples, because ubuntu server doesn't handle that well.
<Yelu> xeno2, I'll give you my interfaces, please be patient a short time ... thx
<xeno2> But if I can see one that works, I can transcribe it.  I found http://askubuntu.com/questions/342705/how-to-set-a-static-ip-address, but that multi-line thing doesn't seem to work for me.
<Yelu> xeno2, here you go => http://paste.ubuntu.com/7480860/
<xeno2> I will try.
<Yelu> xeno2, you have to pick an ip out of your subnet range of your (real) local lan, which isn't used
<xeno2> It is saying "Cannot find device eth0"
<Yelu> xeno2, anf thiink about your firewall
<Yelu> xeno2, and think about your firewall
<xeno2> And I try the syntax, and I get around the restart failures except that.
<xeno2> No firewall.
<xeno2> Just behind cable ISP.
<xeno2> Keep in mind, the original vm works.  It's just the clone that doesn't pick up the dhcp.
<donvito> lol ubuntu 12.04 only 64bit?
<xeno2> That makes me think it's something that gets dropped in the cloning.
<Yelu> what is the outcome of ifdown eth0 and ifup eth0
<xeno2> ...I'll try.
<Yelu> yes, you cloned a guest ... mmmh
<xeno2> interface eth0 not configured.
<xeno2> That was the ifdown response.
<donvito> lol ubuntu 14.04 only 64bit?
<xeno2> So 14.04 didn't do this, but Chef server won't work with 14.04.
<a1fa> hello, is there a way to encrypt root file system that will boot system w/o password, but wont allow single user boot w/o password?
<Yelu> rataplan for ifup
<xeno2> What is rataplan?
<Yelu> if you beat a drum (like at a execution ...)
<Yelu> only joking ...
<xeno2> I wonder if there is something that just automatically gets dropped from the vm in cloning.
<a1fa> yo-yo!
<xeno2> It might be something 14.04 and Debian work around fine, but 12.04 Ubuntu didn't work with.
<Yelu> xeo2, another way could be, to power down the vm and delete the interface and set it up as new
<xeno2> Ok.  I'll try that.
<Yelu> xeno2, or to leave the first interface as is and set up an additinal one (which is to add in the guest again)
<xeno2> Yes.
<xeno2> Weird.  It only allows me one eth, and that's eth0.
<xeno2> This was a full clone, not a linked, by the way.
<xeno2> It doesn't want to let me change it through the GUI.
<Yelu> xeno2, but it isn't running? - Then you can't change things there.
<xeno2> No, it was powered down.
<xeno2> You cannot use NAT Network at that point.  It won't save.
<Yelu> xeno2, ok, another approach would be, to try to give the vm a new interace via VMBoxManage with CLI
<xeno2> I tried a NAT, and a Local.  It won't allow me to add a second eth, like eth1.  I only get eth0 Bridged.
<xeno2> Yes..checking results after boot first.
<Yelu> xeno2, how about changes to eth0
<Yelu> xeo2, also not possible?
<xeno2> No, it still blocks on boot for waiting eth0.
<xeno2> I looked at advanced, and that didn't seem to have anything interesting.  Specific suggestions?
<Yelu> xeo2, not atm - thinking ...
<xeno2> It did not pick up anything for any of my 3 interfaces.
<xeno2> It's like NICS Aren't Us in Clones.
<Yelu> xeno2, I did never have a vm, which behaved like that ehen it comes to changing interface parmeter and the like ...
<Yelu> Åµhen
<xeno2> Well, I have seen Ubuntu behave this way otherwise, a little, but I don't have helpful knowledge to fix it.
<Yelu> I'll try to mimic your scenario here in my place - which is your setup? 14.04 Desktop as Vbox-Host? and a 14.04 Server as guest?
<xeno2> I just checked the original once again, and it boots fine, and gets the network fine.
<Yelu> xeno2, then make a file system copy of the .vdi and change the uuid of the machine , power down the origiinal (if running) nd start the new vm and ceck
<Yelu> ^check
<Yelu> xeno2,if it behaves right, hust power down add or change the interface to your needs and check that.
<xeno2> Okay,..uuid?
<Yelu> xeno2, please stand by ...
<Yelu> xeno2, vbox manual chapter 8.24 this is a command line interface cloning procedure
<xeno2> Ok I'll look that up.
<Yelu> xwno2, maybe this gives us also a proof, if it is the GUI function call which is causing your problem
<xeno2> Okay, you are NOT saying this is what causes the problem, but cloning this way may avoid it?
<xeno2> The term "registered virtual hard disk image" is confusing me.
<Yelu> xeno2, I'm not sure, as I told you, that this behaviour is also unknown to me. - I wanted to test this next week
<Yelu> xeo2, reading ...
<xeno2> Yes.  Well, it appears I'm deadending on Chef server tonight.  I'm sorry.  It is better not to burn yourself out when you're not ready.  I will try to help you when you have time, and you can reach me at the email I gave you.
<Yelu> xeno2, yes, registered is a machine, which is known by the progrm VirtualBox (you alreay cloned such a first machine)
<xeno2> But I don't want to pull you in unfairly.
<a1fa> gentlemen, and ladies.. is there such thing as encrypted root fs w/o password, but single user mode would require pass?
<Yelu> xeno2, I've got no boss, so it's up to me, how I spend my time. - But if you want to suspend the work, it's no problem ;)
<xeno2> I just reviewed the 14.04 clone, and comes up clean and fast.
<xeno2> So it is apparently specific to the 12.04 Ubuntu.
<Yelu> xeno2, so this would be a good base to start again from?
<xeno2> But it's only the clone of the 12.04, and not the original, that yields the problem.
<Yelu> xeno2, I see
<Yelu> xeno2, why not stick with 14.04?
<xeno2> If you can suggest a bunch of combinations to clone by hand, I would be glad to try each one and see how they boot.
<xeno2> Because chef server does not support it yet.  They only have a take home install for 12.04 and earlier.
<xeno2> Everyone else works off the cloud, and perhaps that's what I should do.  However, I'd be happy to try the aforementioned combinations if you want, and it would be better for me to make it work.
<xeno2> Otherwise, it just means I need to install on my original.
<xeno2> And I can make more originals.
<xeno2> So you don't hurt me to stop now, but I'm glad to go forward if you have some combination you'd like me to try.
<Yelu> xeno2, I will give you a cli cloning command i a couple of minutes (have to re-read manual or re-find my script)
#ubuntu-server 2014-05-18
<xeno2> Ok.  I'll start the teapot and be in earshot.
<Yelu> xeno2, cloud is okay, but "knowing" stuff at detail level is much better (my opinion)
<xeno2> D'accord.
 * Yelu reads and searchs  in the meanwhile ...
<Yelu> xeno2, => first hit (but only to create a new vm) => http://paste.ubuntu.com/7481044/
<Yelu> xeno2, hit 2 (modifying/cloning a vm) is coming soon ...
<xeno2> I got the pastie.
<xeno2> That's not too long a sequence.  I think I can get 'em all right, probably on the first try.
<Yelu> xeno2, you have to set execution bit (chmod 755) as root on these files, ut you sirely know ...
<xeno2> Which files, and no I haven't done that for at least a decade, but go ahead...
<xeno2> Please keep in mind that when I create it fresh, it works fine.  It's only the cloned version that fails like this.
<Yelu> xeno2, thanks for the heads up, I remember. - I'm interested in this issue, cause I wanted to deal with your current software (chef etc.)
<xeno2> Ok.
 * Yelu hacks together some cloning script lines ...
<stoned> hi
<stoned> I have mod_php/mpm_prefork (ubuntu default php setup) working
<stoned> When I switch to mod fcgid, I get internal server error
<stoned> I cloned the orignal server instance, I made my eidts/changes there, and everything seems tow ork
<stoned> I make the same changes on the live server, and Internal server error happens
<stoned> so I switched it back to mod_php for now
<stoned> I mean, I can clone the server inifinite times, and make changes and switch to mod_fcgid and it works, but if i then makes the same changes on the original server where the site is running, I can't get it to work
<stoned> i looked through the errorlog in apache, nothing. I look through ssl_error log nothing. same w/ access log
<stoned> I changed the log level to be more verbose (debug) and still nothing
<stoned> Currently a clone of this server is runing the website on mod fcgid in apache 2.2 ubuntu 10.04 lts
<stoned> works fine
<stoned> the original server is 10.04 lts ubuntu apache 2.2 mod_php/mpm prefork
<stoned> Any gurus wanna help me tackle this?
<stoned> Since I can't take the server down
<stoned> I considered creating a 64 bit chroot, and debootstrap a debian stable install in there, get apache and fastcgi to work on another port like 8080 and test it out
<stoned> once it's working and everything, redirect all incoming requests to that chrooted apache server
<stoned> or just build apache 2.4 + php 5.6 etc. w/ fast cgi in /usr/local/bin and get it working on 8080 or somethign and then forward all to localhost:8080 and have that new apache instance run it
<stoned> or just tell the new apache instance the same webroot as the other server
<stoned> can one ssl certificate on one domain listen on two separate server instances each serving on a diff port
<stoned> say 2.2 apache on 80 and 2.4 apache on 8080
<stoned> ?
<xeno2> Yelu:  http://paste.ubuntu.com/7481090/
<xeno2> Yelu:  On boot it complains we got the cpu wrong.
<xeno2> It says it thinks it's i686 instead of x64.
<xeno2> Going to find my wife.  BRB.
<Yelu> xeno2, new pastebin with a "oneliner" for cloning a vm => http://paste.ubuntu.com/7481141/
<Yelu> xeno2, for the i686/x64 discrepancy - I just can't understand it :(
<Yelu> xeno2, I'm double checking the parameters now.
<xeno2> Okay, but I can start from one that works with this clone command, right?
<Yelu> xeno2, if the guest is running, then the clone should also run.
<xeno2> Basefolder...
<xeno2> Like ./VirtualBox VMs/$2 or ./VirtualBox VMs?
<Yelu> xeno2, basefolder is something like /root/VirtualBox VMs/<your-new-vm-lives-inside-here/>
<xeno2> Ok.  Thank you.
<Yelu> xeno2, but take care: standard is /root as home NOT /home/xeno
<Yelu> xeno2, I saw, you did nstall VBox into another home
<Yelu> ^install
<xeno2> Hmm.  Perhaps that is my problem all along.  I have always installed on /home/xeno, never on /root.
<xeno2> Machine has been successfully cloned as "ububhclone1"
<Yelu> xeno2, you can do it this way, your user must own all files under his home
<Yelu> xeno2, okay, we got a new clone, but is it running?
<xeno2> Not yet...
<xeno2> I am sorry I'm taking so long....
<Yelu> xeno2, time is o your side
 * Yelu orders a new keyboard (better takes 2)
<xeno2> Not according to my wife, my bank account, employment security, nor my hip bones.
<Yelu> xeno2, :)
<Yelu> xeno2, the order of your enumeration is very interesting for me (same here)
<xeno2> But we're gonna take a long walk around the park later, and it's not really my hips.  It's actually my back cramping that makes them hurt.  The bones are strong.
<Yelu> xeno2, movement in fresh air in ggod company is always a good thing - and leaving the tec stuff behind ...
<xeno2> Okay, the clone does not come up in the GUI, even after restarting it.
<Yelu> xeno2, what is in the log of vbox?
<xeno2> Where do I find that?  I don't see a vbox log in /var/log
<xeno2> There is an item in the GUI dropdown up above, but I see nothing related to the by hand vm.
<Yelu> xeno2, ah, okay, you meant the GUI of the clone, which isn't starting yes? - Then forget about the GUI-log - the VirtualBox log is under the basefolder, I think ... just chekcig.
<Yelu> xeno2, difficult to check for me, how about ubploding a screenshot if possible?
<Yelu> *uploading
<xeno2> No, I mean the menu GUI that lists all the clones.  The GUI menu for accessing the clones does not show ububhclone1
<xeno2> And here is the command I gave:  VBoxManage clonevm "ubuvm1" --mode all --name "ububhclone1" --basefolder "$HOME/VirtualBox VMs/ububhclone1"
<Yelu> how did you create the clone? as root or as user<x>
<xeno2> Oh, as user.
<xeno2> Maybe I need to go back and try both steps by root.
<Yelu> xeno2, i agree
<Yelu> xeno2, set it up clean as root (Virtualbox software) and do all commands as root (cloning etc.)
<xeno2> Okay, well I will need to log out and change the desktop to root desktop so I can fully test.  I'm gonna do that on my laptop...
 * Yelu goes into stand-by for a little tea time ...
<xeno2> Ubuntu won't let me do that.  Never mind.
<xeno2> Okay, trying blindly from a terminal.
<Yelu> xeno2, wait, just copy all your folders (VMs) to the /root folder, then get the ownership of it.
<Yelu> xeno2, chown -R root:root /root/*
<xeno2> Okay, I'll try that first.
<Yelu> xeno2, no, this is a bad idea, the pathes are within the virtualbox definitions
<Yelu> sorry, my bad
<xeno2> Okay, going back to the command sequence.
<Yelu> xeno2, and I'm going for a tea
<Yelu> xeno2, 10 minutes
<xeno2> Best wishes.
<xeno2> Okay, I have followed the sequences.  I don't know how to boot without the GUI, however, so I am stuck at this point.
<xeno2> Looking up on the web.
<xeno2> Okay, I used startvm to start my install of the by hand install on root, and I get the same complaint about wrong arch, i686.
<xeno2> Doublechecked and my iso is correct.
<Yelu> xeno2, 'm back. - Okay, this is of no good :(
<Yelu> I've installed a 14.04 Desktop 64bit (as a vm). - Then I installed VIrtualBox with apt-get install virtualbox (as root)
<xeno2> Well, I feel we've learned something, but perhaps my hip says I need to rest.  Please keep my email:  xeno@eskimo.com
<Yelu> Wait ...
<xeno2> Ok...yes but `14.04 works for me too.
<Yelu> just one seocnd, please
<xeno2> Sure.
<xeno2> Don't feel rushed.
<xeno2> I can stay longer.
<Yelu> Then I tried to install in THAT VirtualBox Porgram a Ubuntu Server 14.04
<Yelu> But it gave me ONLY 32 bit as choice ...
<Yelu> Thanks for your time
<xeno2> Ok, I get the ability, with the GUI to install an Ubuntu 64 bit server on my virtualbox Ubuntu Server 14.04, 14.04 on vbox on 14.04.
<xeno2> Therefore it must be something else.  It could be that works that way just with VBoxManage, and the GUI has some edge on it.
<xeno2> At any rate, thank you for your time too.  When you spend more time on it, please invite me.  I'll keep an eye out for emails with even rough time when you might want feedback.  Very best wishes, and good evening.
<Yelu> xeno2, so your situation is as to be expected. - Your suggest to give it a rest is a wise one, I think. - Please ell free to email me under yelupic@gmail.com if you like.
<Yelu> All the best to you.
<mikey85> message me if you want to join my channel. IT is for Christians, new Christians, and people interested In learning about Jesus
<darkxploit> hello guys
<darkxploit> ANyone with experience on tunneling ssh through http proxies
<xiangtong> hello
<xiangtong> èå¤©å¦ã
<xiangtong> åµåµï¼æè®²ä¸­æçå?
<pmatulis> hello
<wizard_A> how do i install the ubuntu-desktop on ubuntu-server 14.04
<cfhowlett> wizard_A sudo apt-get install ubuntu-desktop
<wizard_A> i do not want office and extras...
<cfhowlett> wizard_A ah, so unity Desktop Environment only?
<wizard_A> yes
<cfhowlett> wizard_A sudo apt-get install unity
<wizard_A> error: unable to locate unity??
<cfhowlett> wizard_A run this command    lsb_release -a
<wizard_A> yes thats 14.04 LTS
<wizard_A> cfhowlett: you there??
<cfhowlett> wizard_A yes.
<cfhowlett> wizard_A probably easier to install ubuntu and add the server packages as opposed to the inverse
<wizard_A> yes thats a possible work around but, i want to hack around with ubuntu server, because may be installing ubuntu-dektop and the server packages on top of it, may take a lot of time and plus can go in vain...
<cfhowlett> wizard_A suggest you ask in #ubuntu.  there's apparently a method to remove unity, so I imagine you can reverse that process.
<cfhowlett> !nounity
<ubottu> Ubuntu 11.10 and higher use GNOME 3 with the !unity shell by default. To use GNOME Shell instead, from 12.10 and up install the "ubuntu-gnome-desktop" package. From 11.04 to 12.04, install the "gnome-shell" package and investigate "gnome-tweak-tool".  For GNOME Fallback mode, which is similar to GNOME 2, install "gnome-panel". Both packages will place entries in the Sessions dropdown. Using Natty? See !classic
<cfhowlett> wizard_A and installing server packages in ubuntu is dead simple
<rostam> HI I am using ubuntu 12.04. How kernel module signing is support on ubuntu? thx
<bekks> rostam: It works, why?
<rostam> bekks, I get this error :   http://paste.debian.net/100134/
<bekks> rostam: "Entry was not found in database".
<rostam> bekks, sorry here is the correct one: http://paste.debian.net/100461/
<bekks> rostam: http://askubuntu.com/questions/379714/error-backports-install-ath9k-using-12-04-lts
<rostam> bekks: according to that url, the kernel modules will get installed but in my case it doesnot.
<rostam> bekks, I apologize it is thanks
<jak2001> hi all
<jak2001> why i acces to my servr with user: jak  and password but when try acces with putty on my windows laptop cant? access deneied? how to fix it? thanks
#ubuntu-server 2015-05-11
<Onionnion> Do some backup managers just use existing utilities like tar or dump in the background?
<Onionnion> I just ran an upgrade from 10.04 to 12.04
<Onionnion> and most things seemed to migrate smoothly
<Onionnion> but it seems something SSL broke with mail
<Onionnion> mail dovecot: imap-login: Error: Timeout waiting for handshake from auth server.
<Onionnion> I get a lot of errors like this in /var/log/mail.err
<squisher> Onionnion, so this is just a guess, but maybe 10.04 doesn't have the updates that disable sslv3, and 12.04 has? Though I don't recall explicitly setting ssl params in the dovecot config
<Onionnion> squisher, I think I found the problem
<Onionnion> seems to be postfix configuration
<Onionnion> changed smtpd settings
<Onionnion> like smtpd_use_pw_server=yes
<hadifarnoud> how can I find out my nginx is 64bit or not?
<cluelessperson> hey guys sshd is showing ServerKeyBits 1024
<cluelessperson>     if I up this to 2048, will I have to change my user key files?
<andol> cluelessperson: Note that ServerKeyBits only affects the ssh protocol v1, which you hopefully aren't using.
<cluelessperson> andol, ah
<cluelessperson> I've just noticed with owncloud, but confirmed with SFTP.  I'm having very slow network file transfer speeds for a gigabit connection
<Sling> so, in /etc/network/interfaces, an 'up /root/script.sh' action will still bring the interface up if the script doesn't return 1, but 'post-up /root/script.sh' doesn't ?
<cluelessperson> I'm seeing 4.5MiB/s tops on a gigabit connection.  I've tested to WIFI laptop, GB LAN Desktop, and over WEB.
<Sling> cluelessperson: don't test over the web or over wifi, what results did you get with testing a local wired connection to another gigabit host?
<Sling> also how is it connected? what kind of cables, what kind of network device(s)
<Sling> and how are you testing the speed
<cluelessperson> Sling, The same.  4.5MiB for them all.   I just transfered a large file and watched the speeds.  they all topped at the same 4.5 MiB/s
<cluelessperson> Sling, Owncloud (PHP/apache/HTTPS)   and SFTP.
<cluelessperson> Sling, ubuntu is reporting full duplex GB link
<YamakasY> holy mow, I think there was some ubuntu security issue ? all my servers got load while being upgraded
<YamakasY> how are you guys managing removing old kernels using puppet ? my /boot gets filled up because there is no autoremove
<Basz0r> YamakasY: Why is there no autoremove? You can easily build a cron script to autoremove old kernels, and deploy that with Puppet to your Ubuntu servers
<YamakasY> Basz0r: yes I think I need some exext
<YamakasY> *exec
<Basz0r> YamakasY: You can use the onlyif parameter in combination with a command, that executes apt-get autoremove and counts the amount of old kernels available to remove. That command has to return an 0 ofcourse
<Basz0r> But it's better to not automate that kind of tasks
<YamakasY> Basz0r: on 300 servers you want to automate that
<Basz0r> Are you monitoring all these servers on their disk usage?
<JanC> YamakasY: you might want to delay autoremove until after you're sure the new kernel works well though
<YamakasY> JanC: I need some reboot indeed
<JanC> and problems might only show up after some time
<YamakasY> mhh this kinda sucks
<Basz0r> My opinion is that it's better to remove old kernels in your update plan
<YamakasY> Basz0r: erm my puppet updates my servers
<Sling> the unattended-upgrades has an option to also run apt-get autoremove
<Sling> +package
<YamakasY> Sling: it does but that doesn't seem to work
<YamakasY> at least not for kernels
<Sling> oh
<jpds> YamakasY: /etc/apt/apt.conf.d/01autoremove
<YamakasY> jpds: yes looking in there but what do I need to set there ? my kernels file only holds the last 2
<YamakasY> + running
<YamakasY> jpds: I only have linux-firmware there and the opposite of that one
<jpds> YamakasY: Actually, your issue is that autoremove will only remove old kernels, once the new one is installed.
<YamakasY> jpds: yes but even than, it always fills my /boot up to 100%
<YamakasY> so even with a new install...
<jpds> YamakasY: Get a bigger /boot ?
<jpds> Random server of mine I picked, three kernels installed: /dev/vda1                    453M  110M  316M  26% /boot
<YamakasY> jpds: my /boot is 250M
<YamakasY> so large enough
 * jpds runs autoremove, down to two kernels; /dev/vda1                    453M   76M  350M  18% /boot
<YamakasY> with my autoremove there are removed 5 kernels
<YamakasY> so, soemthing is not OK
<YamakasY> I need to pee, brb
<Sling> on recent servers I always take at least 500M for /boot
<Sling> 250M is tight
<YamakasY> is it ?
<YamakasY> mhh never had issues with it
<YamakasY> I use only 3 kernels max
<jpds> YamakasY: So, what you're having right now, isn't an issue?
<YamakasY> jpds: it doesn't autoremove
<jpds> But yeah, I always go for 512M.
<YamakasY> jpds: even than it would fill up
<YamakasY> jpds: what do you have in 01autoremove
<jpds> YamakasY: The default.
<YamakasY> jpds: which is?
<devster31> is clamav worth it on a single remote server? it's quite powerful, so no problem with resources, but I still wonder if it's necessary
<jpds> devster31: Is it sending emails to people running Windows?
<devster31> no mails, but I download a lot of stuff
<jpds> devster31: Are you running Windows anywhere?
<devster31> yep, at home
<YamakasY> jpds: pastebin ?
<jpds> YamakasY: I have the default, haven't changed it.
<jpds> devster31: Then yeah, might be worth it.
<YamakasY> jpds: and when does the kernel be removed ?
<jpds> YamakasY: When I install a new one, and run "apt-get autoremove --purge".
<YamakasY> jpds: yes ok, but that autoremove should be done in my puppet run actually, I think I need to exec it
<YamakasY> jpds: you are puppetizing your servers ?
<jpds> YamakasY: They already are.
<YamakasY> jpds: already are ? I mean... you puppetize them once and never again ?
<YamakasY> jpds: I ask you if your kernel removals are done in your puppet run
<psivaa> matsubara: hey, would you mind taking a look at https://code.launchpad.net/~psivaa/ubuntu-test-cases/lvm-grub-preseed-fix/+merge/258620 for https://bugs.launchpad.net/ubuntu-test-cases/+bug/1443999 please.
<psivaa> i've disabled the lvm and multi-lvm server installation tests for now, since they hang on installation and occupies the jenkins executors for quite a long time. this is delaying the other tests being run
<matsubara> psivaa, I see. I'll take a look and reply in the MP. Thanks for the fix!
<psivaa> matsubara: ack, thanks
<fidothe> is anyone else experiencing timeouts from all the Ubuntu Apt mirrors in eu-central-1? Our machines are working their way through the IP addresses in the sources conf and none of them are responding...
<OpenTokix> eu-central-1? Whats is that?
<fidothe> OpenTokix: AWS's Frankfurt region
<fidothe> basically, no apt-get update / install seems to be working in an entire AWS region at the moment - the Ubuntu base AMI use the mirrors for everything except security
<OpenTokix> fidothe: ok
<pmatulis> fidothe: following up.  lemme know of any changes
<fidothe> pmatulis: will do
<pmatulis> fidothe: can you pastebin your sources.list ?
<pmatulis> fidothe: better yet, output to 'apt update'
<fidothe> pmatulis: apt-get update output http://pastebin.com/91V6JKyX
<fidothe> pmatulis: my sources.list http://pastebin.com/eJD5GWee [this is the default cloud init generated sources.list - it's a vanilla Ubuntu EC2 AMI launched machine which has not yet been configured]
<pmatulis> fidothe: thanks
<fidothe> pmatulis: eu-central-1b.clouds.archive.ubuntu.com has 8 IP addresses, and apt-get is just working its way through them one after the other, presumably after whatever the default timeout is
<fidothe> the IP address in that last line of output changes every few minutes
<pmatulis> fidothe: i only get one IP for that name
<pmatulis> 91.189.92.201
<fidothe> pmatulis: are you hitting it from a machine inside eu-central-1?
<pmatulis> fidothe: no
<fidothe> that's why
<pmatulis> ok
<fidothe> that IP address isn't one of the 8 i get: http://pastebin.com/YR9X40iQ
<fidothe> if your instance is in eu-central-1a you get a different list...
<fidothe> sorry, different domain name
<fidothe> i'm spinning up an instance in eu-central-1a to see if there's anything different going on there
<ozanhazer> hi... LINES and COLUMNS env. variables are not passed to the lxc container which is (probably) causing screen to be scrambled
<ozanhazer> any idea what might be the reason for it or what keywords should I search for to investigate the issue?
<ozanhazer> (I'm using iTerm2 b the way)
<fidothe> pmatulis: well, eu-central-1a's list of IP addresses is the same as eu-central-1b's
<fidothe> pmatulis: okay, so only one of the IP addresses, 91.189.92.176, responds to `host` with a reverse DNS name - that points to cursa.canonical.com
<fidothe> and if i use that in my /etc/apt/sources.list I get resolution and (very slow) updating - around 120KBps
<fidothe> (i.e. 1.2Mbps)
<fidothe> as opposed to the 20-40 Mbps I normally get from the EC2 mirrors
<pmatulis> fidothe: i believe some DNS update was made.  please try again in 15 and report back
<fidothe> pmatulis: will do
<fidothe> and thanks for the help :-)
<jacekn> fidothe: TTL was only 60s so if you could try again that would be great
<bresk> Hi. I use apache2 and dav_fs for webdav. My webdav share is /var/www/webdav
<bresk> I ran sudo chown -R www-data:www-data /var/www/webdav
<bresk> and sudo chmod 755 -R /var/www/webdav
<bresk> Is this configuration secure? My users will upload files and folders, I want to mitigate possible exploits, what should I do?
<pmatulis> fidothe: ?
<fidothe> pmatulis, jacekn: yup, all seems good now
<pmatulis> fidothe: wonderful, thanks for helping
<fidothe> pmatulis: thank you guys for fixing it :-)
<fidothe> pmatulis: although i can't help noticing that those IP addresses aren't in AWS' published ranges for eu-central-1. I thought the EC2 mirrors were S3 based...
<designbybeck> Has anyone used TeamPass on Ubuntu Server?
<maddawg2> hey guys.. need some quick help.... I recently installed ubuntu server 14.04 and because I was using a proxy server on the network i was on during the install i set the proxy server
<maddawg2> however now i moved it to a network without proxy server and i cant get rid of it
<maddawg2> unset http_proxy doesnt work
<maddawg2> i'm not sure how the installer sets the proxy server
<pmatulis> maddawg2: grep /etc for _proxy
<Psyclops> ahoihoi
<Psyclops> some freeradius pros over here?
<sarnold> maddawg2: grep -r name-of-proxy /etc  ?
<Psyclops> only idlers here?
<maddawg2> oops sorry sarnold i ended uo figuring it out breifly after asking
<maddawg2> it was in /etc/apt/apt.conf
<sarnold> maddawg2: aha :) nice
<maddawg2> i thought it was an environment thing
<maddawg2> not a apt thing
<sarnold> Psyclops: irc tends to work best if you ask specific questions...
<Psyclops> sarnold i know but nobody seems around
<Psyclops> in the free radius channel
<Psyclops> and e friend of me need serious help
<sarnold> Psyclops: but perhaps the expert you need will come by in an hour and see your question; if it remains unasked, it could remain unanswered :)
<Psyclops> i already told him
 * patdk-wk wont answer pointless questions
<Psyclops> but i still have problem to get an login/pw field for users to authenticate with mysql & dolaradius
<Psyclops> thats a part of my friends questions. just posted for you patdk-wk
<Psyclops> hehe
<patdk-wk> I don't see any question
<patdk-wk> I see a part of a *statement*
<Psyclops> i have a problem to get an login/pw field for users to authenticate with mysql & dolaradius. how can i do it?
<Psyclops> better that way?
<Psyclops> so ill guide him here
<pmatulis> Psyclops: even better to describe the actual problem.  not just 'it doesn't work, how do i do it?'
<Psyclops> thanks a lot he can explain it much better
<sarnold> pastebinning errors and warnings from logs is also very helpful :)
<Psyclops> yeah i know :)
<Psyclops> so i dont have any probs and i cant post error logs :)
<Psyclops> i just told hin to join here
<Psyclops> him
<Radius_Noob> Hi there
<Radius_Noob> Im in need of urgent help, my future depends on it. Ubuntu 14.04/LAMP/FreeRadius/DaloRadius & (f*cking) HP MSM720 AP-Controller.
<Radius_Noob> Im in need of urgent help, my future depends on it. Ubuntu 14.04/LAMP/FreeRadius/DaloRadius & (f*cking) HP MSM720 AP-Controller. It's for the Final Exam and i just have problems to get the APC woorking correctly, i didnt get any help in the freeradius chat
<genii> I would suggest to probably get off IRC and start studying then.
<sarnold> Radius_Noob: as we explained to Psyclops, specific questions are always better than generic pleas for help; there's nothing quite as good as pastebinned logs with error messages and warnings.
<sarnold> Radius_Noob: this is worth some bedtime reading :) http://www.catb.org/esr/faqs/smart-questions.html
 * patdk-wk wonders why we should care about radius_noob's future
<patdk-wk> hmm, that should be loads of fun though :)
<patdk-wk> wht radius protocol are you using?
<Psyclops> patdk-wk may he will guide the world to peace. you never know
<Psyclops> its better to be helpfull if you can. afterwards its to late
<Radius_Noob> Ok to specify my problem: Does anyone know or got information how to correctly configure 802.1x Authentication with FreeRadius?
<patdk-wk> Radius_Noob, there are like 100+ different *correct* ways
<Radius_Noob> Yeah but i dont find any solution
<ozanhazer> HEELP! I increased the innodb_buffer_pool_size and mysql is not starting at all. Ubuntu 15.04
<ozanhazer> It's really awkward because I can see the mysqld process
<ozanhazer> but it doesn't start-up
<mfisch> check /var/log/mysql/error.log
<ozanhazer> nothing in there :(
<ozanhazer> ...or maybe I'm blind :P thanks mfisch
#ubuntu-server 2015-05-12
<tarvid> looking for ways to use a samsung tab3 as a terminal over a usb connection
<YamakasY> guys is have some unknown load on my server(s) but top isn't showing it
<Sling> define unknown load?
<YamakasY> Sling: cpu usage on my HV's but load in top on the VM... it's strange as I don't see any CPU load in top
<Sling> ah you had this before I think?
<YamakasY> nope
<YamakasY> never had this
<Sling> oh recall somebody else with load issues on his HV which was undetectable on the vm's
<YamakasY> a reboot of the VM's seem to solve it
<Alina-malina> what is the console version of utorrent? i want to organize a utorrent with awesome WM but i am not sure what to pick, thanks
<OpenTokix> Alina-malina: or.... run transmission
<OpenTokix> and transmission-cli
<OpenTokix> and flexget
<Alina-malina> OpenTokix, just to specify will that work with awesome VM?
<OpenTokix> Alina-malina: You are asking if a cli-program works with awesome vm?
<Alina-malina> yes that transmission
<OpenTokix> yes, any cliprogram will work your your awesome vm
<Alina-malina> ah thanks, i never used awesome vm, before, so i am preparing computer for it and i need torrent to be run there, thanks for help
<psih0man> hello! by using apt-get, I installed some libboost-*-dev libraries and ld can't find them. they are installed directly under /usr/lib, but that path is't listed in /etc/ld.so.conf.d/*.conf. how are libraries installed in that location found?
<psih0man> ld complains: /usr/bin/ld: cannot find -lboost_filesystem. but I can see the files under /usr/lib
<OpenTokix> psih0man: did you run ldconfig ?
<psih0man> OpenTokix: of course
<psih0man> ldconfig -p | grep boost finds them: libboost_filesystem.so.1.49.0 (libc6,x86-64) => /usr/lib/libboost_filesystem.so.1.49.0
<psih0man> shouldn't they be installed under /usr/lib/x86_64-linux-gnu ?
<psih0man> possibly, I found the problem: only installing libboost-filesystem and libboost-system won't work. they might depend on other boost libs. to fix this one needs to install libboost-all-dev
<jamespage> med_, juno is in the proposed pocket as of monday - sorry - forgot to ping you
<jamespage> in order to comply with baking process, I need to leave it there until next Monday
<hhonenine> hi guys, I have installed ubuntu server on my VMware just for PRACTICING, and I have installed apache2 on the same server, I'm trying to redirect my connection from port 80 to port 8080, can someone help me with that?
<hhonenine> also I'm searching for the file inside ubuntu, I saw it under the /etc/init.d but I cannot access it, why?
<hhonenine> hi guys, can someone show me how to redirect my connection from port 80 to port 8080
<pmatulis> hhonenine: there are a few ways.  study mod_alias or mod_rewrite
<hhonenine> do you know how to use it with header?
<hhonenine> pmatulis, do you know how to use it with header?
<pmatulis> hhonenine: no, sorry, what's header?
<hhonenine> pmatulis, I'm new to this
<hhonenine> OK, I header that mod_rewrite it's not good, but maybe header or  something like that is preferred
<Sling> why are my old kernels not marked for autoremove ? http://paste2.org/GvXOAncG
<teward> Sling: does http://askubuntu.com/questions/563483/why-doesnt-apt-get-autoremove-remove-my-old-kernels almost answer your question?
<Guest17135> Hi all. Does someone know a good reference or tutorial for me? I have to create an apache webserver. It has to host websites for 120 users. They should be able to access their files through samba and ftp. BUt it needs Windows authentication. I have found some tutorials but they aren't in-depth enough. Thanks in advnce :)
<Sling> teward: my /etc/apt/apt.conf.d/01autoremove-kernels only contains the current and previous kernel
<Sling> and in /etc/apt/apt.conf.d/01autoremove there is nothing that should match those linux-image packages..
<teward> Guest17135: samba/ftp can probably be configured to use the Windows AD via LDAP or similar, but I'm not sure what Apache has to do with that...
<Guest17135> should I use virtual hosts or use the userdir mod from apache? I don't know if userdir works well with Windows AD
<jamespage> bug 1338732
<jamespage> sorry - no context to that and no bot as well
 * jamespage sighs
<dasjoe> Sling: your kernels may be marked as manually installed, mark them as auto and apt-get autoremove will pick them up once a new kernel gets configured
<teward> jamespage: so basically: "Bug #1338732 âTimed out waiting for a reply via rabbitâ oslo.messaging (Ubuntu Trusty, Utopic, Vivid)"
<teward> (for your context)
<Sling> dasjoe: hmyeah pretty sure that they were installed with regular dist-upgrades, but i just apt-get remove'd them now
<Sling> at least my /boot isn't 88% full anymore now :)
<jamespage> teward, thanks for filling in for the bot :-)
<teward> jamespage: i have a bot that could fill in for the bot but I'd need IRCC and/or ops permissions to drop them here
<teward> and they probably would say no unless they had access (which could easily be arranged) xD
<teward> so you've got me :)
<dasjoe> Sling: you can mark them as autoamtically installed so future kernel versions will inherit the marking, see "apt-mark showmanual '^linux-*'" for stuff set to manually installed
<Sling> dasjoe: thanks, will check that out
<dasjoe> Sling: also, make sure to have the base metapackage (linux-generic or linux-generic-*) marked as manually installed
<devster31> what's a good free alternative for cpanel? I'm currently managing all via ssh, but some coworkers would like something gui-based or more user-friendly
<pmatulis> zentyal modules?
<scoutmastershake> Hey guys I'm getting a dpkg error trying to clean up /boot by removing old kernels
<scoutmastershake> http://pastebin.com/UCXvQ5uK
<scoutmastershake> any help would be appreciated I've tried everything I can think of
<sarnold> scoutmastershake: delete those linux-image-generic and linux-headers-generic packages too
<sarnold> scoutmastershake: but make sure you put back the linux-generic when you're done cleaning up, otherwise you'll miss kernel security updates
<patdk-wk> heh?
<patdk-wk> sounds more like someone didn't run apt-get update
<patdk-wk> or something
<patdk-wk> it shouldn't be installing older versions, ever
<scoutmastershake> so remove the generic-image?
<patdk-wk> no
<sarnold> patdk-wk: I assumed it got in trouble when /boot filled and now it's time to clean up mistakes by hand
<patdk-wk> oh, heh
<patdk-wk> I don't see any outofdiskspace messages
<sarnold> patdk-wk: .. which case the easiest way out is uninstall the metapackages, delete some kernels, delete some packages, then re-install the metapackages again.
<patdk-wk> in that case, your just going have to remove them all, and let it reinstall
<patdk-wk> na
<patdk-wk> apt-get remove linux-.*3.2.0-8.*
<scoutmastershake> I did that then when I ran apt-get install -f because a package was half way through installing i got that error
<patdk-wk> and then clean up the other ones you don't need also
<patdk-wk> than update again
<patdk-wk> maybe something like
<sarnold> patdk-wk: heh if I run into it again I'll have to give that a shot :)
<patdk-wk> apt-get remove linux-.*3.2.0-[0123456].*
<rsully> Hm any reason why specifying iocharset=utf8 for mount.cifs fails saying "CIFS VFS: CIFS mount error: iocharset utf8 not found"
<rsully> Using 14.04.2 certified image from joyent
<sarnold> rsully: wild-ass-guess, modprobe nls_utf8 first?
<rsully> modinfo: ERROR: Module nls_utf8 not found.
<sarnold> rsully: interesting; ls -l /lib/modules/`uname -r`/kernel/fs/nls/
<sarnold> rsully: do you see an nls_utf8.ko in there?
<rsully> only file is nls_iso8859-1.ko
<sarnold> interesting. I'm reluctant to investigate further since it was a wild guess in the first place, but if this is your best lead, it might still be worth investuigating
<rsully> Yeah I don't really have any ideas.
<sarnold> rsully: what kernel do you have installed on that machine?
<sarnold> uname -a, dpkg -l 'linux*' might be good places to start..
<rsully> Sure, http://pastie.org/private/vh2gyclbzgzt2ga8xgfvq
<rsully> raw for formatting http://pastie.org/pastes/10185542/text?key=vh2gyclbzgzt2ga8xgfvq
<rsully> (This is the Ubuntu Certified image running on SmartOS)
<sarnold> rsully: the nls_utf8.ko module on my system is in linux-image-extra-3.13.0-46-generic -- try installing that package, then try modprobe nls_utf8 again
<rsully> Let me spin up a duplicate VM to test this, sec
<sarnold> does joyent let you spin up a new vm with identical file system?
<rsully> I could probably duplicate the zvol or something, but I'm not savvy enough
<sarnold> yeah that was my thinking.. snapshot, promote, and instantiate it with another machine..
<sarnold> it'd be one heck of an awesome debugging tool :)
<rsully> alright new machine is back to old state
<rsully> extra pacakges = crda iw libnl-3-200 libnl-genl-3-200 wireless-regdb
<rsully> (dependencies for that extras)
<rsully> alright, that worked
<rsully> From the mailing lists it sounded like utf8 should be supported by default with the kernel
<sarnold> it probably should be, but with those extra dependencies, I'm hnot surprised that the -extras package isn't installed by default on guest imagines
<sarnold> images
<rsully> I only know about the charset option because of the ubuntu wiki saying to use it - any idea if it is even necessary?
<rsully> I mean obviously it works without it, but I'm not really sure what the difference between unicode (default) and utf8 is
<sarnold> sorry, no idea there
<rsully> Now going forward with upgrades that extra packages shouldn't hold anything back and it should keep up to date with the kernel without any intervention right?
<sarnold> rsully: good question. I'm not 100% sure what keeps it updated on my system, tbh..
<rsully> there is also a linux-image-extra-virtual, any idea?
<rsully> and linux-image-extra-virtual-lts-utopic
<sarnold> we -used- to have virtual-machine specific kernels, but got rid of those at some point. I assume that package is there to provide a transition during upgrades.
<rsully> Alright I'll be back in a bit
#ubuntu-server 2015-05-13
<rsully> sarnold I kind of would have expected some type of generic extra package that installed the right one indirectly based on current kernel
<sarnold> rsully: yeah, same here. my machine has it installed because I have linux-signed-image-3.13.0-46-generic installed, but I don't know what installed -that- package..
<rsully> sarnold are you running 14.04.2?
<sarnold> rsully: no, original 14.04
<Patrickdk> sarnold, why not centos?
<rsully> it looks like both linux-generic and linux-generic-lts-trusty would install the extras package, but would also bump me from 3.13.0-46 to 3.13.0-52 - not sure if that matters
<sarnold> Patrickdk: hehe
<sarnold> rsully: it'd probably be for the best, I just haven't rebooted yet..
<rsully> "Anyone wishing to opt into the hardware enablement stack for Trusty may do so by running following command which will install the linux-generic-lts-utopic "
<rsully> should that say -lts-trusty?
<sarnold> rsully: the HWE stack comes from utopic or vivid or wily or whatever comes after wily..
<sarnold> rsully: note that the HWE stacks EOL _before_ the original 14.04 stack -- so if you opt into them today, it'll mean dealing with that again in another year or so..
<sarnold> rsully: https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Kernel.2BAC8-Support.A14.04.x_Ubuntu_Kernel_Support
<rsully> I'm just trying to understand what it means if I were to install linux-generic* to get the extra package
<Patrickdk> heh?
<sarnold> rsully: the -52 is just a regular security/reliability update
<Patrickdk> oh, utopic
<Patrickdk> I was going say, I was already running it on my laptop
<Patrickdk> wifi works better :)
<rsully> sarnold so if I don't want to keep dealing with updating, should I really be installing 14.04.1 instead of 14.04.2?
<Patrickdk> wait, utopic is old
<Patrickdk> I'm running vivid enablement I believe
<Patrickdk> you can install either for updates
<sarnold> rsully: yeah, I think so; unless you've got a specific reason to install 14.04.2
<Patrickdk> but 14.04.1 will default to trust kernel
<Patrickdk> you can downgrade 14.04.2 to trusty if you want, just extra work
<rsully> nah this box is so simple its easier to spin up a new VM and reprovision
<rsully> sarnold no no reason to be on 14.04.2, I just figured it was 14.04 with some updates already applied or something - really had no idea the implications
<Patrickdk> ya, this started with 12.04
<Patrickdk> it's really more for desktops than server
<sarnold> rsully: completely understood :) aside from kernel / X11 / handful of other small things it really is about the same..
<rsully> whats the difference between 14.04.0 and 14.04.1?
<Patrickdk> just updates
<Patrickdk> fixes and stuff
<rsully> they're both 3.13 and supported to the same time period, but then 14.04.2 drops off support way earlier
<sarnold> rsully: that one is just updates; the .1 is when 12.04 LTS users were offered to upgrade automatically
<rsully> ah ok
<sarnold> it represented a point of "all the obvious things have been fixed by now" :)
<rsully> well one reason I am on 14.04.2 is apparently joyent hasn't published 14.04.1 images for smartos
<rsully> I've been getting this today too
<rsully> W: Failed to fetch http://joyent.archive.ubuntu.com/ubuntu/dists/trusty-updates/universe/i18n/Translation-en  Hash Sum mismatch
<sarnold> rsully: I think it'd be fastest to file a support ticket with joyent for that one -- the mirror admins in #ubuntu-mirror (or #ubuntu-mirrors?) _might_ be able to kick off a re-sync but joyent folks might be more responsive
<Patrickdk> too bad the only joyant people I know are the wrong ones to ask
<sarnold> same here :)
<rsully> I dropped it into #smartos for time being
<rsully> ok so I did another fresh install of 14.04.2 (and now apt-get updated/upgraded it)
<rsully> out of the box without any changes this is the kernel situation http://pastie.org/pastes/10185640/text?key=na44gckmawnuajs2rdhna
<rsully> (well changes not including apt upgrading)
<sarnold> rsully: I wonder if that's mislabelled; the handy infographic suggests that 3.13 is the original 14.04.0 and 14.04.1 kernel: https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Kernel.2BAC8-Support.A14.04.x_Ubuntu_Kernel_Support
<rsully> I'm just not sure which package I should be installing to get the 'extra' kernel package. linux-generic* packages look like they would all install it. I'm not sure if I should be installing a -lts-* version or not, or if there is another package altogether I should be looking for
<Patrickdk> it is
<Patrickdk> you don't need extra
<Patrickdk> unless you using 3.16 or 3.18 kernel
<sarnold> Patrickdk: he wants extra because the nls_utf8 kernel module is in the -extra package
<rsully> Sorry, what specifically is mislabelled?
<Patrickdk> oh ah
<Patrickdk> apt-get install linux-image-extra-virtual
<sarnold> rsully: I'm curious if the smartos "deploy ubuntu 14.04.2" is mislabelled; perhaps it should read "ubuntu 14.04.1"?
<sarnold> rsully: .. but then my laptop shows 14.04.2 for lsb_release -a ...
<Patrickdk> sarnold, no, then it would have had an older kernel
<sarnold> .. even though I'm using the original 3.13 kernel too.
<Patrickdk> likely what it is, is a netboot isntaller?
<rsully> Yeah, my lsb_release shows 14.04.2
<Patrickdk> or could be updates are run on install
<rsully> Patrickdk the image I'm using is a joyent supplied ubuntu certified image for smartos
<Patrickdk> yes, I'm not sure how they do their images
<Patrickdk> could be clones of a base install
<Patrickdk> but it could be any 14.04 image, and then updates added to make it 14.04.2
<sarnold> that's common for cloudy things
<Patrickdk> doesn't have to be a 14.04.2 install iso
<rsully> I assume Cannonical has a say since they're certified images
<rsully> Patrickdk so is linux-image-extra-virtual the correct package to use? What does it mean by 'transitional package'
<Patrickdk> odd
<Patrickdk> someone broke it?
<Patrickdk> oh, it is cause of the virtual
<Patrickdk> that is what is screwing it
<Patrickdk> virtual is transitional also
<Patrickdk> ubuntu switched to only generic
<Patrickdk> so linux-generic would be the totally correct way now
<Patrickdk> and remove linux-virtual
<Patrickdk> but they get the same result these days
<Patrickdk> apt-get install linux-generic
<rsully> Then reboot and remove linux-virtual?
<Patrickdk> you don't need to remove it, but you can :)
<Patrickdk> and then apt-get autoremove to let it clean up the rest
<rsully> Is a reboot necessary?
<Patrickdk> no
<Patrickdk> but you should, to update to the newest kernel
<Patrickdk> what is it 48 or 49 currently
<rsully> 52
<Patrickdk> ah
<rsully> Yep, just wanted to make sure I could script this all without a reboot in the middle
<Voyage> how to send email from linux to an external email like gmail etc?
<abhishek> hello I want to configure a centralized log management server. I have around 50 server(multiple linux versions) installed. I want to know a solution that our developer can access each server logs
<abhishek> how can i manage jboss logs in rsyslog. is it posssible
<devster31> if I wanted to compress images with the small possible size what should I use?
<devster31> in an archive, not the actual file
<davegarath> devster31: tar support gzip and bzip2. tar jcf archive.tar.bz2 youimages*. but if the original images are in a compressed format you will not have sensible saving.
<Siilwyn> devster31, although not the smallest size I would go for a simple .zip archive if you make it available for download for others.
<devster31> I don't need it to be public, it's simple data migration, I just wanted the smallest size algorythm, and bzip2 is good enough
<Siilwyn> Alright in that case go ahead and use bzip2. (=
<devster31> hi, how would I go about importing a table from a file.sql into an existing database? i want to import eg table1 from backup.sql into table2 from the actual database
<Siilwyn> devster31, #sql or #mysql could be a better place to ask.
<jcastro> roaksoax, maas tagged questions on askubuntu need love if you guys have some time.
<roaksoax> jcastro: /win 13
<roaksoax> jcastro: err
<roaksoax> jcastro: i'll see if anyone is not running around fixing last issues to get 1.8 out of the door
<jcastro> yeah I just wanted to get it on your radar
<jcastro> the amount of incoming questions has increased a great deal, which is nice
<squisher> rbasak, jamespage, has either of you tested the 1.0.8 code? I don't have any issues. I think it'd be good to upload that soon - what distribution do I put into the changelog?
<rbasak> kickinz1: ^^
<rbasak> I've not looked.
<rbasak> Put unstable in the changelog I think.
<jamespage> squisher, context?
<rbasak> jamespage: bcache-tools
<squisher> jamespage, bcache-tools
<jamespage> ah - sorry
<squisher> no worries
<rbasak> squisher: do we have a well-defined upstream repository/release tags now?
<squisher> afaik yes, but then again there has been so little changes
<rbasak> squisher: can we send 0001-Clean-should-remove-bcache-register.patch there?
<squisher> rbasak, I already did, but no response so far
<rbasak> squisher: oh OK, thanks. Do you know about dep3?
<rbasak> We can track upstream status in the quilt patches.
<squisher> no, but sounds interesting
<rbasak> squisher: http://dep.debian.net/deps/dep3/
<rbasak> squisher: it's just a metadata format so we can see if a patch has been sent upstream etc.
<squisher> rbasak, ok, I'll add that
<rbasak> Thanks!
<squisher> rbasak, pushed. Now I only have to update debian/watch to point to http://evilpiepirate.org/git/bcache-tools.git instead of github. I can't find a good guide for (gitorious|gitweb) though, any ideas?
<rbasak> squisher: I'm not aware of one, sorry.
<rbasak> squisher: https://wiki.debian.org/debian/watch doesn't seem to list those
<rbasak> But that page does have some other resources listed that might help
<squisher> yeah, I was just trying to avoid working my way through that regex mess
<squisher> seems like a decent git support for uscan would be nice, but this bug hasn't been closed yet: , part of the bcache hybrid storage project (features, debian packaging)
<squisher> oops: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663357
<Fishscene> Greetings. I'm trying to set up vlc on my server, but I'll only be using the "cvlc" command as there is no GUI on the server. Should I just install "vlc"? or will that also install a GUI on my server?
<jrwren> Fishscene: there is a package: vlc-nox which may be what you want.
<Fishscene> jrwren. Awesome! That looks to be exactly what I'm looking for. Thanks!
<robertj> so for netbooting, where should I get my syslinux.0 from? build it from src?
<sarthor>   /j #java
<pmatulis> robertj: syslinux package?
<_2_Whenureachme3> hey
<ay_caramba> Hi everyone, trying to get a munin plugin going but the author says it requires "logsince" to parse logs but apt-get install logsince comes back with not found, any idea what this package might be known under?
<pmatulis> ay_caramba: i don't think it is available in a package
<ay_caramba> pmatulis: hmm ok, yeah I tried searching for it online but can't even find the source
<pmatulis> ay_caramba: where do you see reference to logsince?
<ay_caramba> pmatulis: https://github.com/himyouten/munin-nginx_response
<pmatulis> ok
#ubuntu-server 2015-05-14
<Rob__> so err, is dhcp with nfsboot broken on 14.04?
<Rob__> perhaps net module aren't being loaded before dhcp...
<Patrickdk> dunno
<Patrickdk> iscsi root works
<Rob__> Patrickdk, it works if i manually specify an ip
<jshsmn> I was wondering when the VEMOM patched qemu/kvm will be available in the icehouse cloud archive
<sarnold> jshsmn: I think the 2.0.0+dfsg-2ubuntu1.11~cloud0 packages in the cloud archive are the updated packages
<sarnold> .. at least I see them here, http://ubuntu-cloud.archive.canonical.com/ubuntu/pool/main/q/qemu/ and this says 2.0.0+dfsg-2ubuntu1.11 is the fixed version: http://www.ubuntu.com/usn/usn-2608-1/
<sarnold> I'm not sure why the ~cloud0 rebuild though
<sarnold> jamespage,Odd_Blok1, why the ~cloud0 rebuilds in the cloud archives? :)
<jshsmn> I'm not seeing that package in the  http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/icehouse main
<xavpaice_> I don't see it, maybe the mirrors aren't synced yet?
<xavpaice_> ha, +1
<jshsmn> I see it shows up in proposed as well
<sarnold> I see... strange.
<sarnold> jamespage,Odd_Blok1, why hasn't the qemu update migrated to precise-updates/icehouse main yet?
<sarnold> bedtime for me, sorry I don't have answers for you jshsmn.
<jshsmn> sarnold: Thanks for your time :)
<sbeattie> jshsmn: according to http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/icehouse_versions.html it should be there, now.
<jshsmn> sbeattie: thanks, I see it now
<Vexena> Anyone knows/uses a good android app that monitors your ubuntu server and gives you notifications if something goes wrong?
<carandraug> hi! I'm creating a virtual machine using Ubuntu's vmbuilder. It started 1 hour and half ago. I have no idea how long it usually takes, but I thought it would be faster. I found people online saying that it hangs for them, and one reply saying that it really takes time. But ps tells me that it's sleeping (S+)
<smoser> strikov, http://paste.ubuntu.com/11130592/
<smoser> that will run seemingly indefinitely on a instance of utopic
<smoser> but fails pretty much immediately on vivid
<strikov> smoser: define 'pretty much immediately' please
<strikov> smoser: 1.5k commands is too early?
<smoser> oh.
<smoser> really.
<smoser> it was failing < 100
<smoser> nice.
<smoser> there.
<smoser> i just caught it on that vivid instance run 73
<smoser> run byobu there.
<smoser> strikov, ^
<strikov> smoser: heh
<strikov> [90418.02] 2639: pt1
<strikov> BLKRRPART: Device or resource busy
<strikov> failed[1]: ptwrite/blockdev: partition 1
<smoser> on utopic ?
<strikov> vivid
<smoser> ah. yeah.
<smoser> make sure we're not running it at same time :)
<strikov> so basically we need to check for blockdev's return code
<smoser> that'd be kind of unfair
<strikov> ah, i see
<smoser> well, no...
<smoser> blockdev shoudln't return fail because nothing should have that busy
<smoser> ie, we could have checked that return code, certainly. and you're right, that we did not in curtin
<smoser> but it shouldnt fail. if it does its a race.
<smoser> note, that very obnoxiously, there is no way to tell sfdisk < 2.26 to *not* call blockdev
<smoser> that is really why i dropped using it and in that script use dd
<strikov> smoser: my point was mostly about blockder --rereadpt
<smoser> and in sfdisk 2.26 and later, it doesn't call that at all.
<smoser> right... but we need to do that. and there should *not* be anyuthing making that "busy"
<strikov> it may silently return error (busy) but we ignore it and run settle
<smoser> the fact that something is busy is udev handle on it (blockdev possibly) having not finished.
<strikov> smoser: let's try partprobe <dev> instead of blockdev
<strikov> just for checking
<smoser> apw, rbasak lets put all conversation here. ^
<smoser> <rbasak> smoser: just been looking at the udev source. I'm pretty sure it's racy. Not sure if what we're trying to do is supported behaviour.
<smoser> <rbasak> I believe there's a race in that "udevadm settle" can return before udevd sees an event that the kernel has queued.
<smoser> rbasak, well, apw implied that the kernel does not return from blockdev until it has added the event to the queue
<rbasak> smoser: so event_queue_update() in udevd.c is the thing that informs "udevadm settle" via a sentinel file AFAICS.
<apw> smoser, that BLKRRPART just tells you you oculdn't change the partitiont table because one of the parititons was busy
<smoser> right
<smoser> but it should not be busy.
<rbasak> smoser: it is only called a while after epoll_wait() returns.
<apw> that doesn't tell you that the partition change worked and you waited and moved on before it was done
<smoser> the only reason it is busy is udev re-acting to previous things.
<smoser> apw, maybe i'm just assumign something wrong. but what i'm saying is 'udevadm settle' should have completlye finished with those events.
<rbasak> An added complication is that "udevadm settle" does "ping" the udevd control socket first, but I don't think this necessarily eliminates the race.
<smoser> and thus nothing should be using that device
<apw> right, but you can only rely on udev settle to settle any events, that doesn't mean nothing was spawned in the background
<rbasak> smoser: I think your busy thing is a red herring. Probably caused by a udev rule.
<rbasak> It might need to be fixed too, but there's still a separate race.
<smoser> apw, right. if that is the case, that udev just takes the events anad forks somthing, then i would have to wait until all those things were finished.
<apw> if for example we sent a dbus message to something else and it opened things
<smoser> but... how could i know that.
<smoser> its quite possibl eyou're right.
<smoser> but how would i know "i'm all done now".
<apw> smoser, i would be wondering if LVM is installed in the image
<smoser> thats what i want.
<apw> and i am not sure you have any cirtain way of doing that
<rbasak> smoser: I think you need much finer control of what udev does during your partition creation time. Effectively the only udev hooks should be your own ones under your own direct control.
<rbasak> smoser: you don't really want other general distro stuff doing anything when you create the partition. Maybe even suspend udevd during that time or something.
<smoser> rbasak, well i dont think its a red-hearing.
<smoser> its the problem.
<rbasak> It's only part of the problem. I still think there's a separate race despite that.
<rbasak> Inside udevd.
<apw> rbasak, what makes you think that
<smoser> if i went on and tried to 'mkfs.ext4' at that point (after partitioning), then mkfs could find it busy also.
<rbasak> apw: I think "udevadm settle" can racily be blind to an event queued to udevd immediately before it is called.
<rbasak> apw: as an implementation detail in the communication between udevd and "udevadm settle".
<rbasak> I'm not absolutely certain though. There's an extra thing in the implementation that complicates things a little.
<smoser> so... if udev gets an event, and then forks a bunch of stuff into background, then 'udevadm settle' is pretty worthless.
<smoser> apw, so... lvm is not in either image.
<apw> so the quesition is whether that is the reason
<smoser> but bcache is in vivid
<smoser> which could be doing that.
<smoser> well, i just purged bcache-tools from the image and recreated in vivid
<smoser> so its not specifically that
<rbasak> smoser: write "ps axf" to a file just before you call partition2? Then when you get the failure you should have a process listing showing what had the partition device open.
<rbasak> smoser: also maybe lsof.
<Munt> Hello there folks, Iâm running a pptp vpn on my home server in order to hide my home ip from the big bad internet.    is there a more âstandardâ way of doing this ?   my way seems a bit convoluted
<apw> yeah i was going to say an lsof would be most useful
<rbasak> As long as the race stays for the time that takes.
<apw> yep as long as that
<apw> smoser, rbasak, it occurs to me that in the new world order things interact with udev in a different way
<apw> they can consume the incoming events directly, by monitoring the udev queue directory
<apw> directly
<apw> i am pretty sure that systemd does this, and would start jobs based on those events
<rbasak> apw: does the udev queue directory actually contain content?
<rbasak> apw: AFAICT /run/udev/queue is just a file that is empty when stuff is in the queue, and not there when there's nothing in the queue.
<rbasak> Or are you talking about something else/
<rbasak> ?
<apw> rbasak, i am not quite sure how it works, but many things consume the event stream directly via libudev
<apw> rbasak, i am talking about the events that udev emits
<apw> not the ones it is consuming
<rbasak> I see
<apw> but things consume those and run things, and those would not be something udevadm settle would know about
<smoser> well, adding 'ps' and 'lsof' to 'fail' doesnt help much. cant catch anything interesting in it.
<rbasak> Yeah anything that basically does what "udevadm monitor" does can essentially do that.
<apw> and i am thinking of systemd in particular whihc has a number of device specific jobs
<rbasak> smoser: try logging ps and lsof *before* the failure.
<smoser> apw, can i get finer granularity on uptime anywhere?
<rbasak> After the failure will be too late.
<rbasak> Well, could be too late.
<rbasak> If you log before and the race goes away, then we know we've been too slow.
<smoser> rbasak, right. its too late, but running it before is going to be useless and slow everything down.
<apw> sys-devices-pci0000:00-0000:00:1f.2-ata1-host0-target0:0:0-0:0:0:0-block-sda-sda1.device                            loaded active plugged   M4-CT256M4SSD2 EFI\x20System\x20Partition
<apw> and for example on my box that systemd unit was created on my system, so clearly it is listening
<smoser> ok. so lets say i dont care *why* this exists
<smoser> what could i do that would not be racy.
<smoser> what can i block until
<rbasak> pkill -STOP udevd
<rbasak> Do your thing
<rbasak> pkill -CONT udevd
<apw> oh ugg
<smoser> but i need it
<smoser> because it is going to create /dev/<dev>1
<smoser> udev is what creates that.
<rbasak> I know it's ugly.
<smoser> and i really dont want to get to managing my own events. or replacing udev.
<rbasak> But you don't technically need that. Create a device node somewhere else. You know what it'll be.
<apw> that osounds dangerous
<smoser> well, even then i still have to know.
<smoser> and yeah... its not really safe either if udev is telling other things they should possibly mess with the block device
<smoser> as it will still be busy
<smoser> the path in /dev/ is not what is busy...
<rbasak> Or, what if you inotify watch for the device node to arrive instead?
<smoser> still might be busy.
<apw> the device is there ok now, it is busy
<apw> can't you just retry if it is busy
<rbasak> It's only busy in smoser's test
<apw> what is it in the real sceanario
<rbasak> In reality it isn't busy when writing the partition table, righit?
<rbasak> Blat partition table, wait for partition device node to appear, write to partition device ndoe.
<rbasak> Blat partition table, ask kernel to reload, wait for partition device node to appear, write to partition device node.
<smoser> well, the thing we caught was that after partitioning, when going to 'mkfs' the partition did not exist
<rbasak> In a way, it's cleaner and better abstracted away from udev to just wait for the device node to appear.
<smoser> rbasak, i dont follow. i dont think your suggestion is safe from udve.
<smoser> because 'write to device node' is "mkfs.ext4"
<smoser> and that checks "is this busy"
<smoser> and even if it didnt' check, and just did it... the fact that it is busy means something is (possibly) doing something to that.
<rbasak> No it doesn't. This is Unix - no locks.
<rbasak> If the partition device node exists, you can write to it.
<rbasak> As long as it matches the partition table you're safe. And I don't think that's an issue, is it?
<smoser> but i'm not guaranteed something else isn't using it.
<rbasak> You aren't getting EBUSY on the kernel re-read partition table ioctl in practice.
<rbasak> If something else is using it it probably doesn't matter anyway. I seriously doubt anything would be *writing* to it.
<smoser> i doubt that too.
<smoser> but whatever is causing me to get EBUSY could also be causing mkfs to get that.
<smoser> right?
<apw> it is almost curtainly something trying to identify that device
<smoser> its probably blockdev
<smoser> i suspect
<smoser> and udev doing /dev/by-id/
<rbasak> smoser: but you're not getting EBUSY in reality. I don't think you risk that unless you change the partition table twice in quick succession, which you're not doing.
<rbasak> smoser: the race you have in your test is that you change it twice in quick succession, and the first change causes stuff to read the partitions which causes the second change attempt to fail.
<rbasak> smoser: that's not happening in reality, is it?
<smoser> well, in reality, what happened was /dev/<disk><ptnum> did nto exist at all
<smoser> when i went to mkfs to it
<smoser> which is odd, because the code actually checked "does it exist".
<rbasak> Yes, and for that case, just waiting for the device node to appear should be fine.
<smoser> which i think means that the code checked and found it, udev continued on, and then removed and created it.
<strikov> rbasak: in reality udev settle returned before all the hooks finished
<rbasak> <smoser> which is odd, because the code actually checked "does it exist".
<rbasak> It did?
<smoser> and after the remove mkfs happend
<smoser> yes. the code has that. [ -b <partition> ]
<smoser> rbasak, code in trusty is at:
<smoser>  http://bazaar.launchpad.net/~curtin-dev/curtin/trunk/view/201/helpers/common#L250
<smoser> i'm not sure if we were in pt_mbr or pt_uefi
<strikov> smoser: assert_partitions checks for /dev/vda1, right?
<smoser> strikov, well, yeah. but we didn't have assert_partitions until just yesterday. its not in trusty
<smoser> but the  code in trusty does do [ -b ${target}1 ]
<smoser> http://bazaar.launchpad.net/~curtin-dev/curtin/trunk/view/201/helpers/common#L191
<smoser> so all of that happened, and then after that happened, we tried to 'mkfs' and the device did not exist
<rbasak> But that doesn't call mkfs.ext4?
<rbasak> And pt_mbr doesn't seem to do the check at all?
<rbasak> I'm looking at Wily BTW. Is Trusty materially different here?
<rbasak> Oh I'm sorry
<rbasak> pt_mbr does check for 1
<rbasak> wipefs "--offset=$(($start*512))" "$target"
<rbasak> Why not "${target}1" with no offset there?
<rbasak> smoser: what if /dev/sda1 existed previously?
<rbasak> smoser: say it did, then you repartition, then you ask kernel for reload.
<smoser> rbasak, mkfs happens later in other code.
<rbasak> smoser: that doesn't happen yet, then previous /dev/sda1 still exists.
<rbasak> smoser: your test passes.
<rbasak> smoser: then udev sees the old /dev/sda1 going away, so deletes it.
<rbasak> smoser: then you try to mkfs.
<smoser> rbasak, wipefs blocks
<rbasak> smoser: then udev sees the new /dev/sda1 arriving, and creates it.
<smoser> it does the same thing. wipes filesystem . blockdev . rereadpt
<smoser> err.. wipedev does
<smoser> but you're right. it coudl be that.
<rbasak> I don't think that matters. Are you checking that the old /dev/sda1 has vanished?
<smoser> wipefs  calls  the BLKRRPART ioctl when it has erased a partition-table
<rbasak> I'm fairly sure that udevadm settle is racy
<smoser> well, clearly it is racy
<smoser> that is proven at this point :)
<rbasak> So at this stage I think the best solution is to inotify on /dev for what you want, rather than udevadm.
<rbasak> If you're vanishing sda1, make sure it has vanished before you continue.
<rbasak> But better, I think you could adjust things to make sure that the ioctl gets called once and only once.
<rbasak> Hmm. Though then you have a race since you don't know if sda1 is the old one or the new one.
<rbasak> So maybe disappear sda1, wait for /dev/sda1 to not exist, then partition as you want, then wait for /dev/sda1 to exist.
<rbasak> Given that udevadm settle is racy, best to rely on its actual result with inotify I think.
<smoser> freaking annoying
<rbasak> BLKRRPART -> EBUSY is a separate problem.
<smoser> its not really.
<smoser> i don thtink
<smoser> its just a result of the race
<rbasak> A different race.
<caliculk> Hello, I recently installed some auditing programs on my Ubuntu Server installation. Afterwards I ran apt-get auto-purge and it responded with the following line: "Removing symbolic link vmlinuz.old you may need to re-run your boot loader[grub]", so I ran boot-repair just in case. However, at the moment, the boot-repair software has been stuck/running at "Unhide boot menu. This may require several minutes", however it has been roughly 20
<caliculk> minutes and it still hasn't progressed. I was wondering if anyone had any suggestions on how to fix this or make sure nothing happens when I restart the server (as I am currently in Sweden and the server is in the US).
<caliculk> I could ask someone to boot from a LiveCD, but I am not sure if there is any available where the server is.
<med_> heh, jinx (email jinx) jamespage
<jamespage> med_, lol
<jamespage> med_, endeavouring to get that juno update out as well
<jamespage> but might be next week now
<med_> wins.
<med_> thanks!
<med_> next week seems... kind of busy
<jamespage> mdeslaur, oh - not even the jinx I mean't
<toothe> Hi! Is there a *current* guide to installing Roundcube on Ubuntu? I keep getting a "unable to connect to database" error.
<PGNd> On an Ubuntu Trusty server install, the /etc/resolv.conf contains both IPv4 and IPv6 nameserver declarations.  Along with a warning to NOT edit the file directly, as it's maintained by resolvconf.
<PGNd> I need to change the IPv6 assignment, but there's no mention of any IPv6 nameserver in /etc/resolvconf/resolv.conf.d/*; I'm not clear where that originates.  In ubuntu-server land, where's the right place to make that change?
<YamakasY1> ok, 5GB for / is not that much anymore these days
<YamakasY1> I thought it was enough
<patdk-wk> PGNd, same as always, in /etc/network/interfaces
<PGNd> patdk-wk: Are /etc/resolvconf/resolv.conf.d/* ignored?
<Overand> I'm trying to figure out details on *how* ruby/rails/passenger/gems/etc were configured on my Ubuntu Server box.  (So, anyone using ruby and/or rails and/or passenger on ubuntu server (in my case 12.04?))  i don't know what was installed manually vs. the package manager etc
<caliculk> Hello, I recently installed some auditing programs on my Ubuntu Server installation. Afterwards I ran apt-get auto-purge and it responded with the following line: "Removing symbolic link vmlinuz.old you may need to re-run your boot loader[grub]", so I ran boot-repair just in case. However, at the moment, the boot-repair software has been stuck/running at "Unhide boot menu. This may require several minutes", however it has been roughly 60
<caliculk> minutes and it still hasn't progressed. I was wondering if anyone had any suggestions on how to fix this or make sure nothing happens when I restart the server (as I am currently in Sweden and the server is in the US).
<caliculk> I just want to know some reasons that unhide boot menu might stop working, or why it might stall.
<caliculk> Here is a ubuntu-pastebin for boot-repair: http://paste.ubuntu.com/11133824/
<YamakasY1> damn my server is messed up, it boots but the partition table is doing weird, I cannot do an apt-get upgrade as there is no space left on device (which is)
<YamakasY1> but all services run great
<pmatulis> YamakasY1: so you filled your disk
<YamakasY1> pmatulis: nope
<YamakasY1> pmatulis: any other options
<pmatulis> YamakasY1: you said it's full then you said it's not. what's going on?
<YamakasY1> pmatulis: fixed
<YamakasY1> http://techpain.blogspot.nl/2011/07/df-error-df-cannot-read-table-of.html
<Overand> Holy crap zsh is smart.  It won't let me tab complete "git add (filename)" if the filename - for example - hasn't been changed since the last commit.  wow.
<Overand> (Well, the git module for zsh anyway)
<jrwren> i always use git add -up
<robertj> sooo...i cought my rabbit, don't know what to do with it now
<pmatulis> know thy shell...
<robertj> got my netbooting from dhcp working so i can hotplug in 20 or 30 machines and get them all booted up
<robertj> but it occurs to me...them all sharing /etc and /var/lock and friends probably aint such a great idear
<robertj> so lots of /var can go into tmpfs so that's not a biggy
<robertj> but /etc probably ought be a bit fancier...
<pythonista> Hi, I am having an issue with updating the mysql package. I accidently restarted while the update manager was running an update and am now having an issue getting mysql to start. Here is a full description of the problem with a print out of the error message: http://askubuntu.com/questions/623797/error-updating-mysql-package
<IronDev> Hi I am new to openstack and I want to know where do I find openstack on ubuntu server
#ubuntu-server 2015-05-15
<sarnold> IronDev: openstack is a collection of multiple services
<darius93> IronDev, look on openstack wiki about finding the tools needed for it
<sarnold> IronDev: if you've got enough machines handy, this looks like a great starting point http://www.ubuntu.com/download/cloud/install-ubuntu-openstack
<IronDev> sarnold Can I use ESXi
<sarnold> IronDev: yes, though note that nested virtualization will be quite a bit slower than having enough physical machines
<IronDev> sarnold Is there a detailed guide
<sarnold> IronDev: looks like the openstack website isn't happy; this should help though https://web.archive.org/web/20150407215942/http://docs.openstack.org/icehouse/install-guide/install/apt/content/
<IronDev> sarnold Hehe thx
<nuby> can anybod help me
<nuby> hello
<nuby> anyone
<sarnold> nuby: irc works best if you ask specific questions
<nuby> can anybody help be
<sarnold> nuby: enjoy http://www.catb.org/~esr/faqs/smart-questions.html
<nuby> i need someone to test my website
<jrwren> http://downforeveryoneorjustme.com can do that for you
<trammel> hello
<trammel> anyone down to help me with a problem
<trammel> is anyone on out of the 445 users?
<mrmylanman> trammel - I might be able to help; what's up
<trammel> basically, my power went out today, there was no hardware damage, however for some weird reason I can no longer ssh to my ubuntu server, nor can I connect to mysql, mumble, or my apache and glassfish servers running off my ubuntu server
<trammel> however, it has internet access and I can ping it
<mrmylanman> trammel - is it a physical server or through a hosting provider?
<trammel> it is a physical server
<mrmylanman> Do you have physical access to it?
<trammel> yes
<mrmylanman> Have you looked at the logs yet to see any errors? It's possible that something got corrupted if there was a power loss
<trammel> I have not. What log should I look at?
<mrmylanman> You can type dmesg to view the kernel output messages to see if anything looks suspicious, as well as files within /var/log or /var/log/upstart
<mrmylanman> You'll maybe need sudo access to view files in /var/log/upstart
<sarnold> trammel: maybe check firewall rules too? perhaps you had added some rules to allow access in the past, but not saved them?
<trammel> ok, so the dmesg log is super long but at the bottom there are a few things
<trammel> ext4-fs (sda2): unable to read superblock
<JanC> or the firewall rules used fixed IP which now changed...?
<trammel> FAT-fs (sda2): invalid media value
<trammel> no, my IP is the same and my firewalls all look fine, i even tried shutting them off to see if that was it
<trammel> my router IP, server IP and public IP have not changed
<trammel> qnx4: no qnx4 filesystem (no root dir)
<trammel> that one is weird
<trammel> ufs: You didn't specify the type of your ufs filesystem
<trammel> can't find a hfs filesystem on dev sda2
<sarnold> most of those are probably fine to ignore; that looks like something probin gthe partition to determine what type of filesystem it is.
<sarnold> and sadly the best way to probe is to actually try mounting it in two dozen different ways.
<mrmylanman> can you run "cat /etc/mtab" and paste the lines for sda2, but like sarnold said it's probably probing the FS type
<trammel> i cannot paste them unfortunately, ssh doesn't work
<sarnold> .. but if you expected /dev/sda2 to have an ext2, ext3, or ext4 filesystem on there, that might be trouble ;)
<sarnold> trammel: heh :(
<mrmylanman> is there "ro" in the file, that could be the problem
<trammel> i do not see a ro
<trammel> when i try to ssh, btw, this may be significant
<trammel> I originally got this
<trammel> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<trammel> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
<trammel> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<trammel> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
<trammel> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
<trammel> It is also possible that a host key has just been changed.
<trammel> then fixed that
<trammel> and now get this
<trammel> Password:
<trammel> Password:
<trammel> Password:
<trammel> Permission denied (publickey,keyboard-interactive).
<mrmylanman> Are you accessing the right machine?
<trammel> yes
<trammel> I have tried with my hostname and the ip
<sarnold> does 'ip addr list' show the IP you expected?
<mrmylanman> When you get that error it means either the installation changed, the machine is different than in the past, or something else along those lines has changed (thought I don't know what exactly causes the host ID to change)
<trammel> yes it does
<trammel> ah wait
<trammel> no
<trammel> and i just sshed to it
<trammel> and it worked
<trammel> why would my ip change?
<sarnold> dhcp is the usual culprit
<mrmylanman> If you were using DHCP
<trammel> i wasn't. I wanna blame the PGE power outage but I can't see how shutting the server off can do much
<trammel> if not physically harm it
<trammel> my mumble server is still not working... hmmm
<mrmylanman> Well if the power went off when something was in progress you can corrupt stuff; I've had that happen with MySQL before
<mrmylanman> Long time ago though
<trammel> luckily mysql is running fine, just checked it in the workbench
<JanC> possibly some checks / repairs took so long that certain services failed to start?
<trammel> who knows
<trammel> anyway, I bid you all a farewell
<trammel> thanks a million you guys are great
<trammel> especially mrmylanman, thank you a bunch!
<noteugene> Hi people, I have problem with apt-get complaining that package is not authenticated (http://paste.ubuntu.com/11144078/). Looking at strace the last thing it does it executes /usr/lib/apt/methods/http, it reads greeting and quits.
<noteugene> it's literaly this http://paste.ubuntu.com/11144460/
<jelly> noteugene: Does "apt-get update" complain of repos with missing keys?  What does "apt-cache policy libaio1; apt-cache policy" say?
<noteugene> apt-get fixes that problem temporarily (it returns again later)
<noteugene> http://paste.ubuntu.com/11144605/
<noteugene> this error sometimes happens on server boot when chef-solo runs apt-get install. and I do run apt-get update before running chef. it's not specific to mysql/aio package, I've seen another packages failing exactly like this
<noteugene> the server I can reproduce this error at the moment has been running for 28 days, and apt-cache was updated the last time at 6:00 this morning via unattended-upgrades
<teward> any idea why vsftpd might suddenly start choking on this error in 14.04?  "500 OOPS: prctl PR_SET_SECCOMP failed"
<rbasak> That sounds familiar.
<teward> rbasak: it fubar'd my ability to update my wordpress blog for a month, only stumbled upon this workaround today: http://superuser.com/questions/908024/vsftpd-500-oops-prctl-pr-set-seccomp-failed
<teward> rbasak: i'm not really concerned since only two IPs (both mine) can actually communicate to vsftpd, and there's no other users on that server, but...
<teward> (I also don't have it autostart - i turn it off and on manually xD)
<rbasak> teward: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1219857 might be related
<teward> rbasak: regression perhaps?
<teward> or is that change still in there?
<rbasak> I don't see any other updates.
<rbasak> What kernel are you using?
<teward> y'know it'd help if i had set up landscape or something, I have... 148 upgrades to run
<teward> my fault for being busy :/
<teward> i feel stupid because that's a lot of missed security updates O.O
<rbasak> I just use unattended-upgrades and forget about it.
<teward> rbasak: i kinda threw this server up fast because another died :/
<teward> so i didn't do full configuration
<teward> still i have... what, 6 - 8 servers now...?  maybe i should set up standalone (free?) landscape or something
<jcastro> you get 10 licenses so you've got 2 spare!
<teward> rbasak: is there a way to get unattended-upgrades to only apply security updates?
<jcastro> teward: comment out the non-security lines in /etc/apt/apt.conf.d/50unattended-upgrades
<jcastro> I believe by default it's security-only, but I could be wrong
<rbasak> Yes - I think it's security-only by default.
<teward> I'll check.  Thanks.
<teward> jcastro: i don't have a link handy to the standalone landscape, do you know where I can find that?
<rbasak> teward: http://askubuntu.com/a/550625/7808 maybe?
<teward> rbasak: thank you kindlg!
<teward> kindly*
<teward> urgh i can't type... maybe i need more coffee
 * genii slides teward a fresh mug of the high octane stuff
<teward> rbasak: stupid question, do VPSes count as physical machines or virtual machines to Landscape?
<teward> genii: not strong enough.  INCREASE THE CAFFEINE CONTENT MY A FACTOR OF TEN THOUSAND!
<teward> :p
<rbasak> No idea, sorry
<teward> meh no problem
<genii> teward: http://askubuntu.com/questions/549809/how-do-i-install-landscape-for-personal-use
<teward> genii: that's what rbasak linked to :)
<teward> genii: the question is whether VPSes apply as Virtual Machines, or Physical Machines
<genii> Hm, not sure.
<teward> heh.
<teward> meh, no problem.  :)
<teward> anyone know what the minimum system requirements are for a personal landscape standalone instance?
<fellayaboy> is it possible to SSH -x (X11 forward) an app even though the server has no desktop environment?
<fellayaboy> ssh -x (x11 forward) from a ubuntu desktop client?
<smoser> strikov, rbasak
<rbasak> o/
<smoser> i clearly have no idea how this works
<smoser> http://paste.ubuntu.com/11150407/
<smoser> run that on vivid
<smoser> shows this:
<smoser>  http://paste.ubuntu.com/11150412/
<smoser> my 'dd' of /dev/vdb somehow updated /proc/partitions
<smoser> i'm pretty certain 'dd' did not call ioctl(fd, BLKRRPART);
<rbasak> I didn't expect that.
<rbasak> apw: ^^ kernel magic?
<smoser> utopic behaves like i expected.
<smoser> ie, after final sleep , vdb1 is still there. and running 'blockdev --rereadpt /dev/vdb' will make it disappear
<strikov> smoser: sfdisk --no-reread shouldn't reread it as well i think
<strikov> smoser: it looks like kernel does its own work and by running BLKRRPART we do it twice on vivid
<strikov> that's why we observe this strange pattern of add/delete
<smoser> strikov, well, thats known behavior :)
<smoser> silly behavior, but known.
<smoser> '--no-reread' does not say "do not call BLKRRPART". it says "dont call it *before* you do anything"
<smoser> it will still call it afterwards :)
<smoser> i just can't believe the kernel is actually doing that
<smoser> almost impossible.
<strikov> smoser: side note, i just figured out that libparted doesn't create ext{3,4} that's silly but it takes these names as fs but do nothing for them, just partitions the drive
<strikov> smoser: so i predict world of pain with manual partitioning :)
<smoser> thats what i thought :)
<smoser> at least i'd heard that at some point.
<strikov> smoser: 'i told you so' :)
<strikov> smoser: dd somehow triggers udev remove event
<smoser> yeah, it sure does.
<smoser> it is crazy
<strikov> smoser: did you try older kernel?
<smoser> wlel... investigating that.
<darius93> is it safe to use debian packages on ubuntu? like add it to the source list to be installed via apt-get?
<genii> darius93: It is not recommended
<genii> ( or supported )
<rbasak> smoser: I wonder if something's being clever in userspace. systemd inotifying on the device node and sending the kernel the BLKRRPART ioctl when it detects change and close maybe for example?
<rbasak> Seems unlikely, but so is your behaviour.
<darius93> genii, i know its not recommended but since there isnt any ppa of the package i wish to install (trying to use any other version of ubuntu wouldnt work since it would require packages that isnt available on trusty) that is up to date (or have the fixes im looking for) that what lead me to ask. I could build the application from source but i was informed its not wise to do a system install (eg make install) due to problems it could bring
<smoser> rbasak, yea, it would seem like that.
<smoser> but think about what that means...
<smoser> if someone is using the device for something else than a partition... as a raw device.
<smoser> then arbitrary open/close could trigger udev events and such
<genii> darius93: I would try instead to temporarily add whatever repo it uses, and then follow https://help.ubuntu.com/community/UpdatingADeb to make a deb installable for Ubuntu from the Debian sources.
<smoser> rbasak, well.. something is watching for sure.
<strikov> rbasak: smoser: my understanding was that's not systemd because we tried with vivid/upstart
<genii> ( that example shows to apply a patch but process is the same )
<smoser> but crazy...
<smoser> i run 'udevadm monitor'
<smoser> and then
<smoser> sudo dd if=/dev/zero bs=1 count=1 of=/dev/vdb
<smoser> KERNEL[101461.100081] change   /devices/pci0000:00/0000:00:04.0/virtio2/block/vdb (block)
<smoser> UDEV  [101461.237178] change   /devices/pci0000:00/0000:00:04.0/virtio2/block/vdb (block)
<smoser> even this triggers the events
<smoser> and on utopic
<smoser> sudo python -c 'with open("/dev/vdb", "w") as fp: pass'
<smoser> wow. so pretyt much any time open in rw occurs on a block device, kernel sends event.
<smoser> that was completely unexpected for me.
<strikov> smoser: open or close?
<smoser> well, close. i suspect.
<smoser> strikov, it is on close
<strikov> smoser:
<strikov> # watch metadata changes by tools closing the device after writing
<strikov> KERNEL!="sr*", OPTIONS+="watch"
<strikov> /lib/udev/rules.d/60-persistent-storage.rules
<smoser> yeah.
<smoser> strikov, in vivid
<smoser> http://paste.ubuntu.com/11151254/
<smoser> that is /lib/udev/rules.d/60-persistent-storage-dm.rules
<strikov> smoser: yeah, i'm not sure which one actually triggers it but it's definitely one of them
<smoser> its not
<strikov> smoser: Drop me email please if you find a root cause for this. Weather is very bad in Moscow and I'll be hacking during the weekend.
<smoser> :)
<smoser> k. this just seems like madness
<smoser> sheer madness
<strikov> smoser: why did you say that it's not watch? you tried to remove it from rules and checked?
<smoser> yeah, i think.
<smoser> i have done so many things since then . i forgot :)
<strikov> smoser: I see :) Happy hacking then. See you on Monday.
<caliculk> Hey, I am on LTS 14.04.2, and after running Nessus, I found that my server is running an unsecure version of Samba. However, looking through the package list, the most recent version of samba seems to be pretty out of date (by more a little more than a year). I was wondering why Samba hasn't been upgraded or secureity releases haven't been rolled into an upgraded samba package?
<sarnold> caliculk: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions https://www.debian.org/security/faq#version
<sarnold> caliculk: nessus assumes everyone on the planet builds all their software from source themselves.
<sarnold> caliculk: if that's what you do, feel free to take their advice :)
<sarnold> caliculk: here's the ubuntu security's team view of what's outstanding in the 'samba' package: http://people.canonical.com/~ubuntu-security/cve/pkg/samba.html
<caliculk> I know that the packages aren't routinely upgaded like that of 15.04 or a non LTS release. But, I would think that Code Execution would be a pretty serious issue, which has been patched for the past 5 months.
<caliculk> I mean, it is easily fixed with a single line in the config, but, still.
<sarnold> caliculk: hmm; do you have a CVE number handy?:
<caliculk> https://www.samba.org/samba/security/CVE-2015-0240
<sarnold> caliculk: http://www.ubuntu.com/usn/usn-2508-1/
<caliculk> Well, I am on that version, but Nessus still reports that vulnerability.
<caliculk> So... hm... alright
<sarnold> that's because they aren't testing vulnerabilities, they are testing version numbers from banners.
<sarnold> and that's a silly idea because almost no one uses software that way ...
<caliculk> Hm, yeah, alright. Do you have any other suggestions on software similar to Nessus that actualyl tests vulnerabilities rather than just reporting version number?
<cryptodan_laptop> caliculk: use google
<sarnold> caliculk: the metasploit project is probably the best bet..
<sarnold> Chrisfu: some folks are working on bringing OVAL to ubuntu, I suspect the end result of that would be something similar to version-scanning but with actual information about which package versions fixed which issues..
<caliculk> Yeah I am in the process of installing that
<sarnold> Chrisfu: sorry, tab-misfire, ignore me :)
<patdk-wk> testing vaunerabilities are hard
<patdk-wk> cause it depends on what is open for it to exploit
<patdk-wk> there could be many entrances to get to something, such as an openssl exploit
<patdk-wk> but openssl is easy to test against so far, as that is on the first layer normally
<patdk-wk> something else, such as php, would be harder
<patdk-wk> and nessus will do vaunerability testing, if you pay and enable it
<sarnold> oh that's why they're still doing version number scraping..
<sarnold> to do a poor enough job to be paid to do a better job :)
<patdk-wk> lucky, I can't remember the last time a bank told me I failed their pci compliance scan
<patdk-wk> they used to tell me that all the time, and I would respond back to tell them to fix their ssl scanner, incorrectly tagging stuff
<patdk-wk> haven't heard from them in over a year
<sarnold> :)
<YamakasY> is it possible that shopt it not found when running a bash script using puppet ?
<bekks> YamakasY: Is it what you are experiencing?
<sarnold> YamakasY: shopt is a shell builtin, built in to bash but not dash. are you using /bin/sh scripts?
<YamakasY> snolahc1: whoops, no /bin/bash
<YamakasY> bekks: not found
<bekks> YamakasY: Then yes, it is possible. You are experiencing it, it is possible.
<YamakasY> will try sh
<RoyK> YamakasY: why isn't bash installed?
<YamakasY> RoyK: it is was missing the !
<YamakasY> ok, so fixed :()
<YamakasY> thanks guys
<Fun> hi
<Fun> disk went funky
<Fun> saying 1 bad sector
<Fun> wont boot
<Fun> seems some parts of boot partition ended up in that sector
#ubuntu-server 2015-05-16
<aardmark> is this the right place to look for troubleshooting support for dovecot / postfix ?
<sarnold> not wrong, anyway :)
<aardmark> hah, fair enough. :) .. I'm getting errors trying to retrieve mail
<aardmark> May 15 22:35:13 fountain dovecot: imap(aardmark): Error: user aardmark: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/aardmark/
<aardmark> May 15 22:35:13 fountain dovecot: imap(aardmark): Error: Invalid user settings. Refer to server log for more information.
<aardmark> so I set up dovecot on my server, and am trying to get mail using my iphone
<sarnold> aardmark: is it looking for a ~/Mail/?
<aardmark> sarnold: I would think it was, but the errors aren't saying that specifically â¦ my 10-mail.conf file is configured with the line:
<aardmark> mail_location = mbox:~/mail:INBOX=/var/mail/%u
<aardmark> sarnold: so I would have thought that would do it â¦ and both of those paths do exist for my user
<aardmark> no thoughts on this?
<aardmark> can anyone help with some dovecot troubleshooting?
<atuvenie> Hey, can someone help me with a little problem. I have ubuntu server 14.04.2 and for some reason it is ignoring my static ip setting in /etc/network/interfaces
<atuvenie> but for some reason after a minute or so it is still making requests to dhcp server
<teward> rbasak: ping if you're around, otherwise disregard
<Walex> atuvenie: that's rather vague...
<Walex> atuvenie: however if you are the impression that defining entries in '/etc/network/interfaces' automatically disables DHCp that's bit optimistic
<strikov> smoser: hey, around?
<aardmark> my postfix configuration doesn't seem to be allowing emails to come in that are addressed to meâ¦ can someone help me with troubleshooting?
<jak2000>  hi friends why can do an apt-get update ? here more info: http://pastie.org/10192155  thanks
<aardmark> jak2000: does a "sudo apt-get upgrade" work?
<aardmark> jak2000: the errors you're getting seem to be connectivity issues. are you sure the machine you're on has full access to the internet, etc?
<jak2000> yes i am connected
<shauno> I Believe they're genuine 404s.  Saucy (13.10) was EOL'd in July 2014, so it's been rotated off the main mirrors (else the mirrors get way too big to politely expect anyone to mirror)
<jak2000> aardmark: http://pastie.org/10192370  need install the essentials libs?
<shauno> the short-term fix is to point your source.list at old-releases.ubuntu.com rather than archive.ubuntu.com.  long-term, the good news is 13.10 to 14.04 is an easy upgrade, and 14.04 is an LTS, so you're "back on track"
<jak2000> shauno for me?
<shauno> sorry, yes
<shauno> you appear to be using saucy, which is end-of-life nearly a year ago, per http://fridge.ubuntu.com/2014/07/17/ubuntu-13-10-saucy-salamander-end-of-life-reached-on-july-17-2014/
<jak2000> how to know the version of my ubuntu?
<ObrienDave> jak2000, in terminal, cat /etc/issue
<shauno> well, I took a guess based on 'saucy' appearing in every error in your paste :)
<jak2000> Ubuntu 13.10 \n \l
<jak2000> shauno then cant upgrade my ubuntu?
<shauno> just updating the packages within 13.10, you'd need to use the other repository  (old-releases.ubuntu.com, you're currently using archive.ubuntu.com)
<shauno> or you can upgrade the whole thing to 14.04 which is supported to 2019 (on -server)
<jak2000> is possible do remotely?
<jak2000> if yes, with putty? wich is the command?
<shauno> it should be but I'd bow out to someone with a bit more experience there, I tend to just roll out a new VM personally
<dasjoe> jak2000: https://help.ubuntu.com/community/EOLUpgrades
<dasjoe> jak2000: so, in short: replace "archive.ubuntu.com" with "old-releases.ubuntu.com" in your /etc/apt/sources.list, then run "apt-get update", then "apt-get dist-upgrade", then "do-release-upgrade"
<jak2000> dasjoe: http://pastie.org/10192436
<jak2000> its ok?
<dasjoe> jak2000: change security.ubuntu.com, too
<dasjoe> jak2000: you're good to go, then. Good luck, and as always: have a reliable backup handy
<jak2000> arghh not work apt-get
<jak2000> ok better i try reinstall
<dasjoe> "apt-get update"
<jak2000> W: Failed to fetch http://old-releases.ubuntu.com/ubuntu/dists/saucy/Release  Unable to find expected entry 'partner/binary-amd64/Packages' in Release file (Wrong sources.list entry or malformed file)
<jak2000> E: Some index files failed to download. They have been ignored, or old ones used instead.
<RoyK> !ask
<ubot93> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<devster31> hi, what can I use to mount a remote folder? I know about smb and nfs, and I use them on a local network, but I'm not aware of any similar solution to get a secure mount over the web
#ubuntu-server 2015-05-17
<kevindf> Hello, I'm attempting to setup Bind server and configuring the reverse zones now. I'd like to create a reverse zone for 192.168.50.0, If i'm correct the file name has to be "db.50.168.192" and zone "50.168.192.in-addr.arpa" { right?
<cluelessperson> is a server's ssl key supposed to be in raw format in a permissioned directory?
<Rob__> should igb included in the default netboot moduels select in mkinitramfs?
<dasjoe> jak2000: you can safely remove the "partner" line
<NginUS> Is there a standard for where file paths should be on github-built apps? I had Icecast2 installed gfrom the repo, but needed to install a new version for royalty payment automation. Now I dunno where to put my config file or where to point the paths in it.
<devster31> what's this line do in .profile ERM=${TERM:-cons25}
<devster31> ?
<devster31> NginUS no, no standard, but it's usually documented in the wiki or readme from the apps, also, you can try going through the Makefile and see what operation the make install does, and revert them, sometimes there's a make uninstall too
<NginUS> devster31: thx
<med_> utlemming, OpenStack Summiting this week or just regular wfh week?
<Rob__> so my nfs timeout problems were solvedy moving my server closer, not sure how I feel about htat
<root____1> hello?
<Rob__> yo
<Rob__> btw, irc as root = bad
<root____1> noob. Would you mind telling me how to change that?
<Rob__> you ircing from the terminal?
<Rob__> if so don't do it from inside your sudo session
<root____1> yea
<root____1> ok
<root____1> exit
<root____1> oops
<jack_> ok
<jack_> this is better
<Rob__> yup
<jack_> now, my problem.
<jack_> I have an old hp mediasmart server that corrupt. I took out and recovered the data and put ubuntu as a server back on the mediasmart server. It worked on a temporary machine, but now I'm getting squat.
<jack_> Would you know anything about that or where else I could ask?
<Rob__> your ognna need to be more specific
<jack_> ex475 mediasmart server, ubuntu 14.04, on the temp machine, I was able to connect to a web server running on it through its local ip, but still didn't work on the mediasmart server. Then I tried editing the network interfaces, adding auto eth0 didn't help either.
<jack_> on the mediasmart server, both the power and internet lights are nice and blue, but the health light is blinking and the led that should indicate the hard drive is not on
<TheShagg> Hello all, I am looking for guidance building a custom kernel that I can run on Amazon AWS EC2
<devster31> check their referenec? i believe they have the specs you need, as for the actual building I'd go buildroot
<TheShagg> devster31: Well, I know that every distro has to enable things their own way
<TheShagg> It's one part packaging everything up for EC2, and one part building the correct way
#ubuntu-server 2016-05-16
<RoyK> conrmahr: dd if=/dev/zero of=/dev/thatdevice bs=1M count=1
<conrmahr> that removed the RAID array?
<conrmahr> now i want to format with zfs
<Kallis> can anyone help me authenticate to my samba server via ldap on a windows server please ?
<RoyK> first mdadm --stop the raid
<RoyK> then mdadm --zero-superblock those devices
<RoyK> then zpool create yourpool .....
<conrmahr> Did that, but it says Cannot get exclusive access to /dev/md2
<RoyK> do you have a vg on that?
<conrmahr> yes
<RoyK> then vgremove
<RoyK> pvremove
<RoyK> etc
<conrmahr> i don't know what it means
<conrmahr> but i have it
<conrmahr> in the fdisk -l
<RoyK> pastebin "pvs;lvs;vgs"
<conrmahr> do i have to install a pkg for pastebin?
<RoyK> !pastebinit
<conrmahr> oh wait i'm stupid
<ubottu> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
<conrmahr> http://paste.ubuntu.com/16450099/
<RoyK> you haven't stopped the raid, have you?
<RoyK> cat /proc/mdstat
<conrmahr> no
<conrmahr> it says i don't have special access
<RoyK> make sure you use mdadm --zero-superblock on those disks before you create a zpool
<RoyK> well, vgremove, pvremove
<RoyK> and perhaps umount the filesystem first
<conrmahr> i don't know the cmd line
<conrmahr> sudo vgremove /dev/md2
<conrmahr> ?
<RoyK> pastebin output of "mount" and "lvs"
<conrmahr> http://paste.ubuntu.com/16450137/
<conrmahr> sudo lvs = no volume groups found
<RoyK> well, you have a zpool
<RoyK> pastebin lsblk output
<RoyK> and zpool status
<conrmahr> just fyi, i have 1 SSD 14.04 UBNT disk, and 2 WD Red 4GB (just for data disk)
<conrmahr> second one i'm trying to clean
<RoyK> please do as I asked
<conrmahr> http://paste.ubuntu.com/16450202/
<conrmahr> and yes I am an idiot
<RoyK> mdadm --stop /dev/md2
<RoyK> mdadm --zero-superblock /dev/sdc5
<RoyK> zpool attach --force data1 sdb1 sdc1
<RoyK> or something like that
<conrmahr> mdadm: Cannot get exclusive access to /dev/md2:Perhaps a running process, mounted filesystem or active volume group?
<RoyK> you may want to dd a few zeros over that disk first
<RoyK> what about vgs?
<RoyK> pvs?
<RoyK> lvs?
<RoyK> vgs first
<conrmahr> sudo vgs
<conrmahr> ?
<RoyK> yes
<conrmahr> No groups found
<RoyK> pvs?
<conrmahr> nothing lists
<conrmahr> lvs no groups found
<RoyK> dd a bunch of zeros over sdc
<RoyK> what's strange is that lsblk lists is as a member of lvm
<conrmahr> well this drive
<conrmahr> i took out of a Synology Diskstation
<RoyK> well, just dd over it
<conrmahr> so what now
<conrmahr> sudo dd if=/dev/zero of=/dev/md2 bs=1M count=1
<RoyK> no
<RoyK> the disk, not md2
<RoyK> md2 was the raid
<conrmahr> ok
<RoyK> just don't overwrite sda or something :P
<bindi> what do you want to do
<bindi> dmraid -r -E /dev/sdc if you want to remove raid flag
<RoyK> doesn't matter
<RoyK> dmraid?
<RoyK> that's OT in here
<conrmahr> sudo dd if=/dev/zero of=/dev/ sdc=1M count=1 ?
<bindi> that's what i had to do a few times to get raid disk recognized :p
<RoyK> conrmahr: to sdc, probably
<RoyK> conrmahr: that wipes the first 1MB of the disk
<conrmahr> ok i did
<RoyK> conrmahr: I won't post the full commandline - that's not accepted
<RoyK> conrmahr: ok - try lsblk again
<bindi> not accepted? lol
<conrmahr> sudo dd if=/dev/zero of=/dev/sdc bs=1M count=1
<RoyK> bindi: just because someone may do that unintentionally
<bindi> :|
<conrmahr> look the same
<RoyK> conrmahr: give it a reboot
<conrmahr> shutdown -r
<RoyK> or just "reboot" :P
<conrmahr> oh i forgot simple reboot
<bindi> init 6
<bindi> :P
<conrmahr> :)
<conrmahr> ok looks like it's removed!
<RoyK> the "reboot" command has been around for almost 10 years ;)
<conrmahr> sdc      8:32   0   3.7T  0 disk
<conrmahr> only
<RoyK> ok - so do you want those mirrored?
<conrmahr> yeah it's just a backup
<RoyK> zpool attach data1 sdb sdc
<RoyK> should work
<bindi> ugh
<RoyK> perhaps with an -f
<bindi> creating a new pool?
<conrmahr> i used zfs to format the first one
<RoyK> just attach the other disk
<RoyK> it'll become a mirror
<bindi> zpool create -f -m /mnt/mypool mypool mirror ata-1234 ata-2345
<bindi> ? :P
<bindi> ls /dev/disk/by-id
<bindi> you really should do it by-id
<RoyK> doesn't matter
<bindi> sure it does
<RoyK> no. it. does. not.
<bindi> if you use a script to mount them then it does :p
<RoyK> zfs will revert to using by-id names
<conrmahr> nvalid vdev specification
<conrmahr> use '-f' to override the following errors:
<conrmahr> /dev/sdc contains a corrupt primary EFI label.
<RoyK> conrmahr: as I said, you may need -f
<conrmahr> i think i need to format it first right?
<RoyK> no
<RoyK> just use -f
<conrmahr> ok
<RoyK> that will create the EFI label
<RoyK> there's nothing like formatting anymore
<conrmahr> look like it did something
<conrmahr> how do i name the drive?
<RoyK> conrmahr: try zpool status
<conrmahr> or mount it
<RoyK> conrmahr: it's mounted under /data1
<RoyK> conrmahr: perhaps name that "data"
<RoyK> just export it and reimport it as "data"
<conrmahr> http://paste.ubuntu.com/16450521/
<RoyK> you'll have subvolumes for that
<RoyK> goodie
<RoyK> looks good
<conrmahr> beautiful
<conrmahr> so i don't need to name it /data2
<RoyK> if you want to rename it, export the pool and import it with a new name
<Sachiru> Is there really no way to get PHP5 working on Ubuntu 16.04?
<Sachiru> There are a lot of things that I can't get to work on it right now, because they all want PHP5
<conrmahr> if i new how to do that
<conrmahr> knew
<RoyK> conrmahr: zpool export data1
<bindi> Sachiru: http://askubuntu.com/questions/756879/cant-install-php5-on-ubuntu-16-04
<RoyK> conrmahr: zpool import data1 mynewname
<bindi> check out the ppa
<conrmahr> RoyK: so this will name the first drive /data1 and the second /data2?
<Sachiru> Sigh, thanks. So much is broken with PHP7 (omdistro, librenms, etc.)
<Sachiru> But I guess that isn't ubuntu's fault, rather, they don't move to PHP7 fast enough.
<RoyK> conrmahr: no - the two drives are mirrored
<RoyK> conrmahr: meaning when one of then dies, the data persists
<conrmahr> so i'll just keep it as data1
<conrmahr> no need to change
<Sachiru> Ooh, we have ZFS discussion here?
<Sachiru> Nice!
<RoyK> conrmahr: if you want to stripe them, which I won't recommend, just detach sdc and add it
<RoyK> but don't do that, really
<conrmahr> Sachiru: Not really I used it to setup my first drive
<conrmahr> yeah I like to mirror, that's all I wanted anyway
<conrmahr> is it clustering the data?
<RoyK> drives die, the silicon wants to back to the mountains
<RoyK> it's all natural
<Sachiru> conrmahr: Define "clustering"
<Sachiru> Because it means many different things, some of which apply to zfs, some of which do not.
<RoyK> conrmahr: it's not clustering, that's far larger
<conrmahr> file gets written to Disk1, then soon after it its copied to Disk2
<RoyK> conrmahr: no, they are written to both at the same time
<conrmahr> i only know clustering from the work i've done on MariaDB between to server databases
<RoyK> conrmahr: and when one drive files (not "if"), the data is available
<conrmahr> ok even better
<conrmahr> how would you know if one drive fails/
<RoyK> s/files/fails/
<RoyK> zpool status shows that
<RoyK> or use some monitoring
<RoyK> smartmontools is good at that
<conrmahr> do i have to apt-get that?
<RoyK> install smartmontools and it installs smartd which can send you emails when something goes wrong
<RoyK> yes
<conrmahr> awesome
<Sachiru> ZFS can detect if a disk fails (as in whole disk fails), or a certain sector/cluster on the disk fails
<Sachiru> If the cluster fails, ZFS can detect if it can repair it or not, and auto-repairs if it is repairable
<Sachiru> If not, it reports an unrepairable failure via "zpool status <poolname>"
<RoyK> Sachiru: sometimes smartmontools is good also, to detect pre-failures
<Sachiru> You can also initiate a scrub ("sudo zpool scrub <poolname>"). This reads all data written to disk, checks against checksum, and repairs repairable errors.
<conrmahr> this is great
<RoyK> smart stuff doesn't always work as intended, but according to google disk stats, almost 50% of the failures gave smart errors before dying
<RoyK> failures as in smart errors
<Sachiru> Additionally, (if you have Ubuntu installed onto a ZFS dataset as root), you can snapshot and revert easily. Thus, you can do "apt-get dist-upgrade" and other potentially destructive features without fear, since you can just snapshot the dataset, and reboot to the snapshot if it fails.
<Sachiru> Same thing with if you want to install anything. Also, snapshots take at most 5 seconds, even if the thing you're snapshotting is several hundreds of terabytes of data.
<Sachiru> Reversion takes the same amount of time.
<conrmahr> so the config file says don't use SMART if you are using smartd
 * RoyK messed up a VM rather badly last night, but then, it was on ZFS, so he just restored from the 15min old snapshot - zfs autosnap is neat
<RoyK> conrmahr: huh?
<RoyK> conrmahr: it's the same thing
<conrmahr> # List of devices you want to explicitly enable S.M.A.R.T. for
<conrmahr> # Not needed (and not recommended) if the device is monitored by smartd
<RoyK> conrmahr: btw, if you have drives supporting SCTERC, turn that on if it's not enabled already
<RoyK> conrmahr: no need to list any
<conrmahr> ok
<conrmahr> I have WD Red 4TB NAS (2x)
<conrmahr> do they support SCTERC?
<RoyK> conrmahr: can you pastebin smartctl -x /dev/sdb?
<Sachiru> RoyK: Why the conservative auto-snapshot?
<RoyK> Sachiru: conservative?
<conrmahr> http://paste.ubuntu.com/16450748/
<Sachiru> I have mine snapshot every 5 minutes. Then again, the host that does this handles only 6 VMs, and most of them are nginx+php+mariadb stacks.
<RoyK> Sachiru: see SCT Error Recovery Control in there - set to 7 seconds
<RoyK> should work fine
<RoyK> I prefer 1s or so, but that's up to you
<Sachiru> RoyK: I mean zfs auto-snapshot
<Sachiru> Not SCT
<Sachiru> For VMs
<RoyK> conrmahr: sorry, that was for you
<Sachiru> Ah
<RoyK> Sachiru: I beleive 15 minutes is sufficient
<conrmahr> so in the smartd.conf?
<RoyK> not sure - but anyway - 7s is ok
<RoyK> far better than without ERC
<bindi> dont you want to disable that tler thingy?
<RoyK> without ERC the disk can go into so-called deep recovery, meaning it'll spend a minute or two trying to recover a single sector
<RoyK> bindi: ERC == TLER - and that's not a thing you want to disable
<RoyK> without ERC, your raid, be it md or zfs, may kick out a drive for a single bad sector
<conrmahr> RoyK: I think by default it's set to 7s
<conrmahr> i did $smartctl -l scterc /dev/sdc
<conrmahr>            Read:     70 (7.0 seconds)
<conrmahr>           Write:     70 (7.0 seconds)
<RoyK> 7 is default on sata disks
<conrmahr> so I should change to 1s?
<conrmahr> whats the advantages and disadvantages? This is a NAS/Media Server
<RoyK> advantages are to avoid a 7s drop if a sector goes bad
<RoyK> zfs can handle that
<RoyK> disadvantages are (something Donald Trump said)
<Sachiru> IMHO, it's good to set ERC even if you're not using ZFS
<RoyK> conrmahr: smartctl -l scterc,10,10 /dev/something
<Sachiru> I know mdadm (at the very least) also complains about dropped sectors.
<RoyK> Sachiru: it's not about sectors
<RoyK> Sachiru: it's about the disk trying to find out about those sectors and becoming unavailable for a long time
<Sachiru> RoyK: I know, it's sectors causing drives to drop from the array
<RoyK> and you don't really want a few dead sectors to make your md or zfs or whatever to kick it out
<RoyK> that's why we have raid
<conrmahr> Write SCT (Set) Error Recovery Control Command failed: scsi error badly formed scsi parameters
<conrmahr> SCT (Set) Error Recovery Control command failed
<conrmahr> Retry with: 'scterc,70,70' to enable ERC or 'scterc,0,0' to disable
<conrmahr> Write SCT (Set) Error Recovery Control Command failed: scsi error badly formed scsi parameters
<conrmahr> SCT (Set) Error Recovery Control command failed
<conrmahr> Retry with: 'scterc,70,70' to enable ERC or 'scterc,0,0' to disable
<RoyK> heh - crippled fucking disks
<RoyK> I've stopped bying WD stuff
<RoyK> but then, 7s should do
<conrmahr> what the?
<RoyK> WD cripples the firmware
<RoyK> toshiba has good, cheap drives with good firmware, at least for now
<RoyK> the 'enterprise' SATA disks from WD are just the same as the desktop drives, just with better firmware
<RoyK> a few years ago, they were the same, more or less
<conrmahr> how do i start smartd
<RoyK> which ubuntu version_
<RoyK> ?
<conrmahr> trusty
<RoyK> should be running
<RoyK> service smartd start
<conrmahr> you didn't change the config file?
<conrmahr> how do i define my email for notifications?
<RoyK> default config should work
<RoyK> it sends email to root
<RoyK> just forward root emails to yourself
<conrmahr> ah right
<RoyK> in /etc/aliases
<RoyK> (and then run newaliases)
<conrmahr> no such dir
<RoyK> is there any mail in the queue?
<RoyK> mailq should tell
<RoyK> do you have postfix installed?
<conrmahr> i don't have mailq
<conrmahr> it tells me what package its in
<RoyK> apt-get install postfix
<conrmahr> in the gui how can i select ok?
<RoyK> don't use a guo
<RoyK> don't use a gui
<conrmahr> i mean i use terminal
<conrmahr> but it looks like a gui
<conrmahr> Package configuration
<conrmahr> nvm
<conrmahr> it was TAB + Enter
<conrmahr> thanks everyone
<conrmahr> especially RoyK
<House> does anyone have cifs automounting working on 16.04?
<House> i can successfully `smbclient -gL //server.fqdn/` with a password at commandline, but as soon as I use "-k" like auto.smb uses it throws errors
<jamespage> coreycb, ok poked neutron-vpnaas, builds OK now
<jamespage> coreycb, nova - needs microversion-parse, heat - needs monascaclient
<jamespage> new deps, not in archive...
<jamespage> coreycb, switching to merge-mode=replace makes sense to me - updates made...
<jamespage> coreycb, poking at liberty failures now
<jamespage> coreycb, neutron/wily failure test failure looks genuine; glance liberty failures consistent across trusty and wily.
<jamespage> coreycb, I've also shoved the dh-python update into the SRU queue for Xenial - that will unblock most xenial things and the trusty/mitaka failures...
<jamespage> coreycb, reverting merge-mode for now - not supported on trusty
<jamespage> coreycb, ddellav: do you think major version matching might be a good idea for charm-helpers?
<jamespage> I really hate having to update for x.1's
<jamespage> hmm although that won't work for 20XX.X versions...
<jamespage> grak
<jamespage> coreycb, wedged the dh-python SRU into the openstack-ubuntu-testing PPA's to unblock branch builders...
<jamespage> coreycb, will need to sru a glance-store point release for liberty
<coreycb> jamespage, ddellav, yes major version matching would be nice for charm-helpers
<coreycb> jamespage, thanks for all the updates, I updated the spreadsheet to track some of these and making a card for glance-store.
<bc2946088> Morning!  Does anyone have a page showing the steps to adding Ceph OSD's to an already deployed cluster with JUJU?  Is it as easy as adding the drives to the server and rescanning using ceph-osd charm?
<xnox> smoser, hey i have questions about config-drive metadata, networking, and static networking
<xnox> i have provided a valid /etc/network/interfaces.d/enc1000.cfg with static network configuration...
<xnox> and cloud-init ended up writing dhcp auto for the enc1000 interface in the /etc/network/interfaces.d/50-cloud-init.cfg
<xnox> providing my own 50-cloud-init.cfg in the config-drive did not do a thing - cloud-init would still overwrite it with dhcp auto
<xnox> i guess the only thing that worked was to provide /etc/networking/interfaces full stop. but that is sad =(
<xnox> for networking json.... i did not find enough keys in it to configure static network configuration as needed either.
<xnox> so questions
<xnox> smoser, is it possible to use interfaces.d in xenial and trump 50-cloud-init.cfg? should i be recommending to the cloud provider to ship a straight up /etc/networking/interfaces ?
<jamespage> coreycb, pointer to spreadsheet? I can update myself...
<coreycb> jamespage, sent it to you
<coreycb> jamespage, thanks
<jamespage> coreycb, ta
<jamespage> coreycb, oh - sorry - I see you where already looking at nova
<jamespage> coreycb, I pushed my changes to the git repository...
<jamespage> my bad
<jamespage> now I can see the list that's great!
<jamespage> coreycb, the babel update may be ignorable for now
<jamespage> coreycb, heat wanted it as well, but built and worked ok without it...
<coreycb> jamespage, no problem :)  ack on babel
<dunaeth> Hi, any idea for partitioning a single machine for openstack testing ? There's a doc for automated cloud install but it does not recommand anything
<smoser> xnox, there are some issues with config drive providing networking configuration right now.
<smoser> if you do not want cloud-init to set fallback networking (write 50-cloud-init.cfg) then you have to disable cloud-init networking entirely.
<smoser> i do not expectt that to change, but want to fix the config drive networking scenario in short order.
<jamespage> dunaeth, openstack deployed in LXD containers on a single machine?
<jamespage> coreycb, where I need to rev a dependency to fix a daily builds issue, I've been backporting a version to the ppa under ~openstack-ubuntu-testing as well
<jamespage> coreycb, glance-store being an example of that
<coreycb> jamespage, I guess that would mostly only be the case for stable releases, since it'll take longer to get deps uploaded to the archive for them
<jamespage> coreycb, yes
<jamespage> I think that's OK
<jamespage> coreycb, for dev, I've been uploading and then backporting straight away using backport_package - that places into <series>-staging and the trunk testing ppa's
<coreycb> jamespage, it makes sense, for example I think glance-store dep probably should wait for the point release of glance before SRUing it
<jamespage> coreycb, Iagreed
<coreycb> jamespage, ok makes sense
<jamespage> coreycb, I think the mitaka build failures should be OK now
<jamespage> just waiting for the queue to clear :-)
<coreycb> jamespage, awesome!
<nabukadnezar43> hello ubuntu-server fails during installation with an error "modprobe -v usb-storage failed"
<nabukadnezar43> are there any workarounds?
<nabukadnezar43> i'm trying to install from a usb stick and i don't have a cd/dvd rom drive
<TJ-> nabukadnezar43: check the 'dmesg' output for clues as to why/if the module fails to load
<nabukadnezar43> TJ-: ok let me try
<basilAB> I am looking to test latest Mitaka release available in latest openstack neutron tag ( https://github.com/openstack/neutron/releases/tag/8.1.0 ) on Ubuntu . But the updates are not yet available in Ubuntu Cloud archive as packages. Does anyone knows, how often OpenStack updates added to Cloud Archive?
<jamespage> hey basilAB - I know :-)
<jamespage> basilAB, apologies for not responding to your email - I was just thinking about doing that
<basilAB> ah! you are here.
<basilAB> great :-) thank you!
<jamespage> basilAB, typically we sweep up any avaliable stable release in the first two weeks of the month, with the aim of getting them out into -updates by the end of the month
<jamespage> basilAB, you'll be interested in the tracking bug - https://bugs.launchpad.net/cloud-archive/+bug/1580674
<ubottu> Launchpad bug 1580674 in neutron-vpnaas (Ubuntu Xenial) "[SRU] mitaka point releases" [Undecided,New]
<jamespage> basilAB, work should progress this week...
<basilAB> subscribed now and thanks for the schedule details. I will keep an eye.
<jamespage> although we are a little blocked by a related dh-python issue - trying to get that clear first...
<nabukadnezar43> apperantly "usb_storage" module needs to be signed
<EmilienM> jamespage: do you have LP for newton too?
<basilAB> jamespage: since you are here, heard or any plans on adding 'octavia' lbaas addition to cloud-archive?
<jamespage> EmilienM, we don't generally bug track development releases...
<jamespage> basilAB, not in the short term no
<basilAB> okay
<nabukadnezar43> how do i sign the usb_storage module for secure boot?
<jamespage> EmilienM, if you want to sniff current master branches for newton for Xenial and Yakkety - https://launchpad.net/~openstack-ubuntu-testing/+archive/ubuntu/newton
<jamespage> that is the state of currently built master branches - its not complete - working some new dependencies...
<EmilienM> jamespage: nice! please ping me when you feel like I can start testing it (asap)
<jamespage> EmilienM, I'd not want you to put that into a voting gate btw...
<EmilienM> jamespage: ok
<jamespage> EmilienM, the gate for that PPA is 'it builds and passes its unit tests' ...
<EmilienM> ok
<EmilienM> jamespage: as soon as all packages are there, please ping me, I'll start testing it and report you feedback.
<jamespage> EmilienM, that would be nice - thankyou!
<EmilienM> cool
<jamespage> coreycb, hmm - niggle with adding a newer dh-python to the sbuild environment
<jamespage> working on that now...
<jamespage> it gets installed by s-p-c so we can add the PPA, which contains the newer version...
<jamespage> grrr
<coreycb> jamespage, s-p-c?
<nabukadnezar43> TJ-: dmesg output didn't show anything relevant but i tried probing usb-storage module manually. Got a "could not insert usb_storage required key not available"
<nabukadnezar43> error
<TJ-> nabukadnezar43: that sounds rather like a secure-boot issue; well checking the module signing key anyhow
<jamespage> software-properties-common
<TJ-> nabukadnezar43: the modules shipped with the distro should all be signed
<nabukadnezar43> TJ-: yeah that's weird
<TJ-> nabukadnezar43: which ubuntu release are you working with? 16.04 ?
<nabukadnezar43> 16.04 server amd64
<TJ-> nabukadnezar43: using the -generic kernel, or -lowlatency?
<coreycb> jamespage, are you familiar with the get_component_config() error that several of the newton packages are hitting?
<TJ-> nabukadnezar43: it defaults to -generic but its always worth checking, I've noticed some differences with the -lowlatency as regards signing, though I forget what I did notice right now :)
<nabukadnezar43> TJ-: i have no idea, i haven't changed anything
<coreycb> jamespage, I'm looking at keystone and cinder for newton btw
<TJ-> nabukadnezar43: I can't see any obvious bug reports with a similar problem. But, as its the installer I'm wodering if the installer has kernel version A, and during the chroot installation of the latest kernel version B it tries to modprobe the version B usb_storage module, which would upset version A kernel I think (because the kernel uses different signing keys per build if I recall correctly)
<brelod> hey guys
<brelod> do you know some good book / other source to learn linux server administration?
<genii> !guide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/lts/serverguide/
<brelod> thx
<xnox> smoser, how does one completely disable cloud-init networking? i'm pondering if I should try that out.
<xnox> at least for this special usecase.
<smoser> well, i'm pretty sure we do want to support your  use case. at least i think
<smoser> but for disabling:
<smoser> echo "network: {config: disabled}" | tee /etc/cloud/cloud.cfg.d/99-xnox-hates-networking.conf
<smoser> echo "network: {config: disabled}" | tee /etc/cloud/cloud.cfg.d/99-xnox-hates-networking.cfg
<smoser> (.cfg, not .conf)
<xnox> smoser, right. or i should have a proper networking_json in my config_drive for static network configuration....
<John[Lisbeth]> I need to connect my ubuntu server to the internet via command line and/or sideloading software via usb
<coreycb> jamespage, I'm going to exclude install  of keystone in-tree tempest tests (dh_install --fail-missing --exclude keystone_tempest_plugin).  let me know if you disagree.  I think with tempest not packaged and not in main this makes sense.
<John[Lisbeth]> ok I got internet working but now I need to block the automatic updating so I can free up apt to use for myself
<John[Lisbeth]> nevermind everything is solved now thank you
<devster31> does anyone know if and how I can regenerate cups certificates to access the web-ui?
<EmilienM> coreycb: hey, did you update something in sahara / mitaka?
<coreycb> EmilienM, there have been no updates since the final release
<EmilienM> coreycb: ack thx
<newbsie> How can I delete all existing logs on Ubuntu 16.04? "journalctl --vacuum-time=1seconds" did not work....
<synchronet_> what logs exactly?
<newbsie> synchronet_: it's a webserver with nginx/gunicorn/postgres so I want to purge all logs
<newbsie> synchronet_: it's not a production/running server, just more an image I'm working on right now.
<synchronet_> do it manually I guess
<synchronet_> cd /var/log and go wild with the del command :)
<synchronet_> there are more sever commands :)
<synchronet_> servere
<synchronet_> you have root yeah?
<newbsie> synchronet_: yes, I'm root
<newbsie> synchronet_: I can't use the journalctl command to do this?
<synchronet_> why the logs bothering you?
<newbsie> synchronet_: I wanted to start it fresh after doing a bunch of test while setting up.
<newbsie> I understand it gets deleted or rotated out, but still... no need to clutter it with bunch of python errors/etc
<synchronet_> not familiar with nginx but with apache you can just delete the VS etc
<synchronet_> all logs go
<synchronet_> not sure exactly what your doing tho
<synchronet_> not sure the facination with nginx, its shareware
<synchronet_> Virtualmin and Apache always worked for me :)
<synchronet_> for website things
<synchronet_> and with php7 now its fast enough
<newbsie> synchronet_: I use nginx, mostly because it is used often in python/gunicorn projects and docs are easy for me to work with.
<synchronet_> with a nice server
<synchronet_> ok
<synchronet_> area not familiar with
<newbsie> synchronet_: typically, easy wins for me... I don't need advanced super functionality. :)
<synchronet_> :) me niether
<synchronet_> intersted in a quiet life these days, not so easy there days
<synchronet_> things move so fast
<synchronet_> upgraded to php7 and WP plugins hate it
<synchronet_> something about php7 and symboles
<synchronet_> easy fix tho
<newbsie> Yeah, I really don't enjoy server management/IT so it is just a necessity to do what I do, but I prefer development.
<synchronet_> I prefer to win the lotto and have done with it ;)
<newbsie> I prefer to win the lottery too, that way I can just do what I enjoy.
<newbsie> That said, I have better chance of making money in the stock market than winning the lottery....
<synchronet_> employ some clever dude then :)
<jak2000> hi all how to use QUOTA on home dirs? 40gb for user1 and 60gb for user2? how to do?
<synchronet_> in Virtualmin its a piece of cake
<patdk-lap> wekk, go get a baker than
<jak2000> synchronet_ any advice for me?
<synchronet_> not froma command point of view no
<synchronet_> hang around
<jak2000> Virtualmin  is for me?
<synchronet_> maybe
<jak2000> not
<jak2000>  Open Source Web Hosting and Cloud Control Panels
<jak2000> :(
<jak2000> how to configure the quotas for homedirs?
<sarnold> jak2000: http://manpages.ubuntu.com/manpages/xenial/man8/setquota.8.html
<synchronet_> can set quotas etc very easily but go to the forum first and ask if its what you need
<synchronet_> sarnold: great
<synchronet_> seems to be people help only after others try :)
<synchronet_> irc sucks at times its best to know everything
<sarnold> nah, it just took longer than usual for me tofind the manpage in question :) someone I suspect jak2000 didn't need the kernel interface, which was the first thing that came to mind :)
<synchronet_> :)
<synchronet_> too much to learn and too short a life
<jak2000> thanks
<synchronet_> :) fixed then?
#ubuntu-server 2016-05-17
<nacc> rcj: rbasak: https://git.launchpad.net/~nacc/ubuntu/+source/open-vm-tools
<nacc> rcj: rbasak: that is the result of the latest iteration of my script that imports the launchpad history with merges against the debian history for all version of the package
<nacc> rcj: rbasak: hrm, already found an issue, will debug it (the xenial history is incorrect/not indicating a merge correctly)
<nacc> rcj: rbasak: fixed that bug, deleted and recreating the repository now, should be pushed in the next 30 minutes, take a look at it
<nacc> rbasak: I think there's still an issue with the NMU sequencing being wrong in my code (favoring d/changelog instead of the upload order) -- will verify and fix tmrw AM
<eatingthenight> Anyone have a good guide for using KVM on a headless server
<eatingthenight> everything I see uses virsh with a GUI
<eatingthenight> but i can't figure out how I can setup an ubuntu server VM on ubuntu server.
<sarnold> eatingthenight: check out the uvt-kvm tool
<trippeh> virt-manager also works OK over SSH
<trippeh> with libvirt on the server side.
<eatingthenight> aaa i see, i'll try both out.
<sarnold> trippeh: ooh you know I've never tried that..
<trippeh> you really want to use ssh keys with it though, or else it gets super annoying.
<eatingthenight> uvt-kvm is pretty nice
<placeed>  Hi all ! I'm looking to setup "on premises Landscape" but i don't really understand the pricing. I understand it's 150$ per server/year. It mean the amount of landscape server or client server ?
<placeed> If it's client server, it's a little expensive only to manage updates :(
<rbasak> placeed: best to ask Canonical sales. I don't think many people here will know the answer.
<coreycb> jamespage, keystone newton is hitting that gbp import merge failure.  could we backport git-buildpackage to the UCA and then we could use --merge-mode=replace on trusty.
<coreycb> jamespage, looking at the yakkety version, it looks like it's dependencies would be satisfied already in trusty
<coreycb> beisner, hi, can you promote horizon 2015.1.4-0ubuntu2 from kilo-staging to kilo-proposed?
<beisner> hi coreycb, ^ done.
<coreycb> beisner, thx
<beisner> yw coreycb
<jamespage> coreycb, monascaclient packaged and uploaded to unstable and wedged into the newton ppa for xenial and yakkety...
<coreycb> jamespage, awesome, thanks.  I'll work on packaging microversion-parse.
<jamespage> coreycb, as soon as you have it ready give me a ping - I can upload to unstable if you like
<jamespage> coreycb, remember to file and ITP as well
<coreycb> jamespage, ok
<coreycb> wolsen, I added some comments to bug 1374999. thanks for the patches.
<ubottu> bug 1374999 in nova (Ubuntu Trusty) "iSCSI volume detach does not correctly remove the multipath device descriptors" [Low,Triaged] https://launchpad.net/bugs/1374999
<thirax> hi!
<wolsen> awesome thanks coreycb
<dddshroom> Anyone familiar with UFW and prerouting traffic from one interface/port to another IP/port?
<coreycb> beisner, can you promote nova from kilo-staging and juno-staging to *-proposed?
<Bae> honestly. whats the best production friendly way to jail an application so that the only directories it can access are specified directories ?
<sdeziel> Bae: you can probably achieve this with an Apparmor profile
<Bae> yeah most likely
<sdeziel> Bae: if the application/daemon supports chrooting you could also have the few specific directories mount binded to the chroot
<Bae> sdeziel, isnt chroot only for ssh and ftp services only?
<nacc> Bae: chroot is a generic concept
<sdeziel> Bae: for daemons in general but not all of them support it
<nacc> Bae: you could also run your application in a container :)
<sdeziel> that was my next suggestion :)
<Bae> nacc, sdeziel the main purpose of this is im trying to make sure the application daemon cannot be manipulated to change files that its not even supposed to touch
<nacc> Bae: yeah, a container would be "easiest", I think
<sdeziel> the only drawback with containers is you cannot apply an Apparmor profile inside it
<nacc> yeah, that's true
<Bae> i heard chroot is only for ssh and ftp though thats why i did nt go that route. if chroot made it so that the application cannot access under any circumstances thats good
<nacc> sdeziel: although i think that's a feature gap, not a fundamental issue (cmiiw)
<sdeziel> nacc: last I've heard the support for it kernel/AA side landed ~a week before Xenial release
<nacc> sdeziel: yeah that sounds right :)
<sdeziel> nacc: lxd/lxc have yet to support this
<Bae> nacc, sdeziel for the thing you said about containers not supporting apparmor. why is apparmor necessary if the container keeps my application jailed to its own allowed directorise ?
<Bae> seems like containers and apparmor perform the same function ?
<sdeziel> nacc: I've also heard that should land in LXD 2.1 (I've been waiting for too long already ;) )
<nacc> Bae: yeah, in some sense they do, wrt this question
<nacc> Bae: containers provide isolation, apparmor provides resource limitations
<sdeziel> Bae: also, containers are themselves locked in Apparmor profiles
<beisner> coreycb, ack on kilo, underway.   curious why juno being it is eol?
<nacc> Bae: my intuition is if you ran lxc launch ubuntu:xenial; lxc exec <container> program, you'd get most of what you want
<nacc> Bae: but it's hard to say
<coreycb> beisner, it is isn't it.  don't worry about juno then.
<Bae> nacc, all i want to do is lock the application so that it can read/write to a specific directory on disk. and be able to open to the network. and if the app tries to write/read to a different direcotry it will be blocked. i suppose apparmor can do this yes ?
<Bae> open socket to the network*
<nacc> Bae: i assume it can, but i don't honestly know :)
<Bae> and socket would be >1024 so root is not important
<Bae> ah okay nacc. well i'll try it. i tried it a few hours ago and i failed. so gotta load up my vm again
<beisner> coreycb, ok.  nova 2015.1.4-0ubuntu2 --> kilo-proposed
<nacc> Bae: gl! feel free to ask questions as you go, hopefully others can help out
<Bae> yea. hopefully
<coreycb> beisner, thx
<Bae> thanks nacc and sdeziel
<sdeziel> Bae: you are welcome
<Bae> do you guys have experience with apparmor yourselves ?
<sdeziel> Bae: some but only with profile writing/debugging
<Bae> yeah thats probably as far as i will go is write profiles for my own app and do testing. my idea was to make a nodejs app that will write a file to a specific directory that is allowed my apparmor. then trying to get it to write it to a directory that is denied by apparmor. then seeing if apparmor blocks it
<Bae> in this kind of unit testing i will be able to see what works in apparmor and does not. then finish the whole app then do unit testing then :)
<sdeziel> Bae: Apparmor should work well for your use case. Just know that the network restrictions are a bit coarse
<Bae> sdeziel, in what sense? i want to enable input/output from 2 ports. any limitations of apparmor i can make up for in my iptables rules
<sdeziel> Bae: iptables is the best place to further limit input/output
<Bae> alright thanks sdeziel i'll try this then ask
<marcinlawnik> Hello, I have broken my php7 to apache bridge. I have both installed, but doing sudo a2enmod php7.0 says no module found. I have libapache2-php7.0 installed. Does anyone have any ideas? I also found a thread on a german forum, posted yesterday, no solution yet. Ubuntu 16.04
<sarnold> marcinlawnik: perhaps it's just called 'php'? or 'php7'?
<marcinlawnik> sarnold, Tried all of then, then checked the internet. it's definitely php7.0. I have some progress though, will let you know.
<marcinlawnik> It was a bad install somewhere, after third reinstall it worked
<sarnold> aha :)
<marcinlawnik> Now I have to find that pesky redirect loop in apache :/
<nacc> marcinlawnik: yeah, it should be php7.0, but it also should be enabled by default with teh ubuntu package in 16.04
<nacc> marcinlawnik: was this 16.04?
<marcinlawnik> Yes, 16.04
<marcinlawnik> Anyway, I have it installed, but one of my virtual hosts files is generating an infinite redirect loop
<nacc> marcinlawnik: hrm, strange, i've not seen reports of that (the apache2 module not being found or laoded)
<marcinlawnik> Any idea what might be causing it? I've checked the .conf file and .htaccess in the directory and found nothing
<marcinlawnik> php is now installed and confirmed working with apache by running phpinfo
<marcinlawnik> But I still get that redirect loop :/ Where is the config file responsible for the default apache2 page?
<nacc> marcinlawnik: you're getting a redirect loop for the default page?
<marcinlawnik> I have 3 virtual hosts on my single server. I removed all references to ssl, thinking it might be causing redirects.
<marcinlawnik> Now when I enable 2 of the 3 hosts without ssl they work correctly
<marcinlawnik> the third one, without ssl, has a redirect loop
<marcinlawnik> after being activated
<marcinlawnik> I thought there were other config files being used for sites besides the ones in sites-available
<nacc> marcinlawnik: i'm not an apache expert, but I don't think so
<marcinlawnik> Yeah, after some searching i agree.
<marcinlawnik> I'll try over at #httpd, maybe they can help. Thanks foryour suggestions ;)
<nacc> marcinlawnik: yeah, nothing obvious to me comes to mind
<ihre> I'd really like to install a specific version of a package (freeipa-client v4) which isnt available for 14.04. The same package is available in the official repositories for 16.04. Can I somehow add a xenial repo to trusty, a bit like debian sid? I've checked the package in xenial-proposed but unfortunately it isn't the right version either.
<nacc> no
<nacc> :)
<nacc> ihre: you really don't want to mix versions of packages
<nacc> ihre: or distributions
<ihre> bummer
<marcinlawnik> Compiling from source?
<ihre> or that, pull it from deb-src
<ihre> but then again, it depends on a ton of packages to begin with..
<nacc> ihre: do the freeipa folks publish a ppa?
<ihre> there is a ppa, yes, but just v3 available for trusty
<nacc> ihre: i'd assume there is good reason for that then
<ihre> and I'd really like to install v4 due to the kerberos & dns additions
<nacc> ihre: meaning you'd need some other libraries and such to be updated
<ihre> I assume so, yes
<nacc> ihre: which implies you should just switch to 16.04 :)
<nacc> ihre: or run it in a container/vm?
<ihre> I can easily update 90% of my lab, tested puppet deploys w/ 16.04, but upgrading the hypervisor itself...
<nacc> ihre: i meant you could run 16.04 as a container or VM under 14.04, no?
<ihre> possible, but not for freeipa client enrollment
<coreycb> beisner, can you promote qemu - 1:2.2+dfsg-5expubuntu9.7~cloud3 from kilo-staging to kilo-proposed?
<beisner> yepper coreycb
<beisner> coreycb, qemu 2.2+dfsg-5expubuntu9.7~cloud3 --> kilo-proposed
<coreycb> beisner, thanks, I should be done pestering you for a bit now :)
<newbsie> My service won't start at boot time? I have the following configuration: http://pastebin.com/u3AHKsKm in a file located at /etc/systemd/system/example.com.service
<newbsie> I checked the docs, but frankly do not entirely understand it. Help?
<sarnold> newbsie: did you do the systemdctl enable example.com.service ; systemctl start example.com.service  dance yet?
<newbsie> stupid me. apparently you have to enable the service too 'systemctl enable <service name>"
<sarnold> newbsie: does /webapps/example.com/ exist?
<sarnold> hooray :)
<newbsie> sarnold: I feel so lost in the Ubuntu world....
<sarnold> newbsie: systemd is a pretty big change. I've spent five or six hours in the last week trying to do simple tasks that would have taken a few seconds to do via old tools
<newbsie> sarnold: yeah, upstart is so much easier... systemd is huge (at least to me)
<newbsie> sarnold: if delete files in /var/log/journal/*, will that delete all logs?
<sarnold> newbsie: I don't think so; I think the journals are stored in /run?
<sarnold> see journalctl --header output
<newbsie> there are two files there, and both are in /var/log/journal....
<newbsie> it seems, individual service (like say nginx) still logs to it's normal place independent of the journal
<sarnold> right, most things still use syslog logging..
<sarnold> you may be able to configure systemd in some way to replace the rsyslog daemon, or maybe extend it, if you'd rather just use journalctl for everything
<newbsie> sarnold: I'd rather not mess with it. :)
<newbsie> sarnold: Thank you for the help! :D
#ubuntu-server 2016-05-18
<caliculk> Does anyone here use an inventory management solution in the workplace that is compatible with Linux, OS X, and Windows and can perform SNMP scanning/polling, agent and agentless based information, has an API, and can pull serial numbers for all hard drives.
<vbotka> caliculk, you might want to take a look at ansible.com
<EmilienM> jamespage: hey, we're trying to deploy Mitaka on Xenial, we're having an issue with OVS
<EmilienM> degorenko: can you past your logs here?
<degorenko> yep
<degorenko> http://paste.openstack.org/show/497463/
<degorenko> http://paste.openstack.org/show/497467/
<EmilienM> it sounds similar to https://bugs.launchpad.net/networking-ovs-dpdk/+bug/1512701
<ubottu> Launchpad bug 1512701 in networking-ovs-dpdk "Database connection failed on ubuntu when running ovs-dpdk init" [Undecided,Invalid]
<EmilienM> maybe do we need openvswitch-switch-dpdk ?
<EmilienM> degorenko: can you run "dpkg -l | grep openvswitch" ?
<degorenko> EmilienM, http://paste.openstack.org/show/497469/
<EmilienM> jamespage: do we need something else when deploying openvswitch-switch package?
<jamespage> EmilienM: nope
<jamespage> EmilienM: status looks ok
<EmilienM> jamespage: we also have an issuel with SSL deployment. The same Puppet manifests to deploy SSL certs on Trusty does not work on Xenial, see https://etherpad.openstack.org/p/puppet-openstack-xenial
<EmilienM> we have a lot of [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
<EmilienM> something changed in Xenial for SSL certs?
<EmilienM> degorenko: I'm adding the Horizon failure in the etherpad, you missed it
<degorenko> are you about failed tempest tests?
<EmilienM> yes
<EmilienM> jamespage: we're trying to deploy Mitaka on Xenial, we have some issues
<EmilienM> degorenko: I'm going to enable SSL again so we can have the failures available in logs
<degorenko> EmilienM, what we should to do with openvswitch? :)
<EmilienM> degorenko: I have no idea
<degorenko> :(
<EmilienM> jamespage: if you can help us that would be awesome, please let us know what you think about our issues in the etherpad. Thanks
<jamespage> EmilienM: sorry juggling a few things todo so will be a bit async on responses
<jamespage> EmilienM, degorenko: OK lets look at ovs first...
<jamespage> you should not need the -dpdk binary for general use
<jamespage> and the path looks just fine for the database.
<jamespage> things to look at:
<jamespage> check perms on /var/run/openvswitch/db.sock
<jamespage> look in /var/log/openvswitch/*
<jamespage> might give some further clues...
<EmilienM> jamespage: thx for looking, I'm a bit afk for lunch, with reply in async
<degorenko> jamespage, root@de-xenial:~/puppet-openstack-integration# ll /var/run/openvswitch/db.sock
<degorenko> srwxr-x--- 1 root root 0 May 17 15:06 /var/run/openvswitch/db.sock=
<degorenko> cat: /var/run/openvswitch/db.sock: No such device or address
<jamespage> degorenko, is the trailing '=' a typo or actually whats in the directory?
<degorenko> jamespage, http://paste.openstack.org/show/497480/
<degorenko> i don't know why was added =
<degorenko> :)
<jamespage> degorenko, ok have one running as well - my /var/run/openvswitch looks comparable to yours
<jamespage> and cat /var/run/openvswitch/db.sock does the same thing
<jamespage> but
<jamespage> I can add a bridge to the configuration
<jamespage> http://paste.ubuntu.com/16487891/
<jamespage> degorenko, anything useful in /var/log/openvswitch?
<degorenko> jamespage, nothing, but let me look one more time
<degorenko> jamespage, ovsdb-server has: 2016-05-18T10:46:51.182Z|01882|ovsdb_jsonrpc_server|WARN|Dropped 11 log messages in last 56 seconds (most recently, 6 seconds ago) due to excessive rate
<degorenko> 2016-05-18T10:46:51.182Z|01883|ovsdb_jsonrpc_server|WARN|punix:/var/run/openvswitch/db.sock: connection exceeded maximum (330)
<degorenko> and nothing interesting in ovs-vswitchd log
<jamespage> degorenko, anything in syslog?
<degorenko> jamespage, i see several neutron errors, but it is related to already posted error during creating bridge - and same error i see in syslog
 * jamespage scratches his head
<jamespage> degorenko, can you do a ovs-vsctl show?
<jamespage> just wondering what is working and what's not
<jamespage> also anything in /etc/default/openvswitch-switch ?
<jamespage> other than the stock installed file
<degorenko> jamespage, i found this in syslog http://paste.openstack.org/show/497480/
<EmilienM> degorenko: do you have enough memory on the VM?
<jamespage> degorenko, I think thats a previous pastebin
<degorenko> 2 gb more free, 5.6 from 7.8
<degorenko> EmilienM, ^
<degorenko> jamespage, file /etc/default/openvswitch-switch is empty
<jamespage> that's ok
<degorenko> only comment lines
<jamespage> on the deployment I have running we run it in a 1.5G instance for network nodes - and thats working fine...
<degorenko> jamespage, show command also failed with same error
<jamespage> degorenko, its related to 2016-05-18T10:46:51.182Z|01883|ovsdb_jsonrpc_server|WARN|punix:/var/run/openvswitch/db.sock: connection exceeded maximum (330)
<jamespage> the socket is full - are both ovs processes still running?
<degorenko> jamespage, http://paste.openstack.org/show/497483/ - yes
<jamespage> degorenko, can I access your instance/
<jamespage> ?
<degorenko> no :( it is under private network
<degorenko> jamespage, ^
<jamespage> degorenko, what was the syslog thing you found?
<degorenko> jamespage, well, i see a lot of request for creation bridges and then
<degorenko> jamespage, http://paste.openstack.org/show/497484/
<degorenko> after that i have database connection error
<jamespage> degorenko, hmm
<jamespage> degorenko, something is getting wedged, but I've not seen this before
<jamespage> degorenko, can you try a restart of openvswitch-switch pls
<degorenko> jamespage, full log for ovs commands: http://paste.openstack.org/show/497485/
<degorenko> that's all i have from syslog related only ovs
<jamespage> ovs was functional
<degorenko> yes, it was
<jamespage> and then after a few hours borked in some way
<degorenko> i can redeploy it again
<degorenko> and we will have fresh logs
<degorenko> but anyway
<degorenko> we have issue, that during second puppet run for idempotency - service was restarted
<jamespage> degorenko, before you do "netstat -an | grep openvswitch" would be useful
<degorenko> yeah
<degorenko> to many connections
<degorenko> http://paste.openstack.org/show/497486/
<degorenko> jamespage, ^ that's not a full output
<degorenko> i have 404 lines after this command
<jamespage> degorenko, ok so we need to figure out what's holding those connections open
<jamespage> sudo lsof | grep /var/run/openvswitch
<jamespage> degorenko, I see this sort of thing:
<jamespage> http://paste.ubuntu.com/16488179/
<degorenko> jamespage, yep, http://paste.openstack.org/show/497487/
<degorenko> i have a lot of db.sock
<jamespage> from which processes?
<degorenko> jamespage, root     17422  0.0  0.0  24732  2036 ?        S<s  May17   0:00 ovs-vswitchd: monitoring pid 17423 (healthy)
<degorenko> root     17423  0.1  0.6 394188 50404 ?        S<Ll May17   1:37  \_ ovs-vswitchd unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach --monitor
<degorenko> so, both processes which i posted above
<degorenko> all db.sock from ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/var/run/openvswitch/db.sock --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach --monitor
<jamespage> degorenko, might seem like an odd question but is self host resolution ok?
<jamespage> degorenko, any spurious output on sudo XX comands?
<degorenko> jamespage, he he, yes, it is
<degorenko> ubuntu@de-xenial:~$ sudo -i
<degorenko> sudo: unable to resolve host de-xenial
<jamespage> degorenko, can you pastebin /var/log/openvswitch/ovsdb-server.log pls
<jamespage> degorenko, hmm
<degorenko> but i 'm not sure that we have same error on our infra slaves
<jamespage> degorenko, are there alot of ovs-vsctl processes hanging around?
<jamespage> or ovs-* processes - might be other cli tools
<degorenko> jamespage, http://paste.openstack.org/show/497488/ - yes
<degorenko> ~200
<jamespage> degorenko, this is your problem
<jamespage> degorenko, when there is spurious output on the sudo command, neutron-openvswitch just spins loads of those monitor processes and everything collapses...
<jamespage> that's consuming all of the socket connections, resulting in what you see now...
<jamespage> degorenko, EmilienM: this might be a diff in the  xenial image vs trusty image...
<degorenko> jamespage, hmmm, ok, thank you for help, i'll rebuild my vm, then will add my host name to /etc/hosts and try to redeploy
<jamespage> degorenko, np
<jamespage> coreycb, hey - I switch the newton neutron builds to using ostestr - build speed picked up alot in the PPA's
<jamespage> and seems more reliable...
<jamespage> sort alot of sqlite racey things before - which I think is the cause of the FTBFS in yakkety for the mitaka point relase uploads...
<jamespage> coreycb, also backported git-buildpackage for trusty for liberty and mitaka - should be able to switch --merge-mode=replace on soon
<jamespage> coreycb, replace mode re-enabled...
<coreycb> jamespage, awesome thanks
<jamespage> coreycb, I also switched over keystone for newton
<jamespage> appears to test alot faster now
<jamespage> 19 mins vs 1hr
<coreycb> jamespage, wow, that's a huge improvement
<jamespage> coreycb, keystone in ppa is now 16 mins vs 52
<coreycb> jamespage, that is really awesome.  my laptop is burning up here running neutron tests. :)
<coreycb> beisner, these packages are ready for promotion to kilo-updates.  they've tested successfully and have aged 7 days in kilo-proposed.  http://paste.ubuntu.com/16490018/
<beisner> coreycb, are there any pre-requisite charm upgrades tied to those package revs?
<coreycb> beisner, no not for these
<coreycb> beisner, while you mention it, I'm going to make a card to generalize that charm-helpers minor point release versioning so we don't have to deal with that.
<beisner> coreycb, yes that'd be really nice.  it seems like an easy win to not potentially break folks, and ... peace of mind :-)
<coreycb> beisner, definitely
<beisner> coreycb, jamespage - kilo-proposed has libvirt-python and qemu.  are those needing to go as well?
<coreycb> beisner, not yet for qemu, that's new
<beisner> coreycb, ack
<coreycb> beisner, not sure about libvirt-python
<jamespage> coreycb, beisner: libvirt-python ++ yes please
<jamespage> https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1539506
<jamespage> for reference
<ubottu> Launchpad bug 1539506 in Ubuntu Cloud Archive liberty "AttributeError: 'virDomain' object has no attribute 'fsFreeze" [Medium,Fix committed]
<jamespage> coreycb, reverted merge-mode again
<jamespage> apparently my backported package was foobar.
<coreycb> jamespage, doh
<coreycb> jamespage, need anything?
<jamespage> coreycb, nah - back in now - testing atm
<jamespage> coreycb, hows microversion-parse?
<coreycb> jamespage, oh sorry, I'll work on it, I thought you said it was done
<jamespage> coreycb, nope
<EmilienM> jamespage: for the SSL errors, everything works fine on Trusty, but same manifests fail on Xenial, I have some logs
<EmilienM> Error: Could not prefetch keystone_service provider 'openstack': Execution of '/usr/bin/openstack service list --quiet --format csv --long' returned 1: SSL exception connecting to https://127.0.0.1:35357/v3/services: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
<EmilienM> http://logs.openstack.org/30/308530/16/experimental/gate-puppet-openstack-integration-3-scenario003-tempest-ubuntu-xenial/cd44c41/console.html#_2016-05-18_10_16_38_727
<EmilienM> apache logs: http://logs.openstack.org/30/308530/16/experimental/gate-puppet-openstack-integration-3-scenario003-tempest-ubuntu-xenial/cd44c41/logs/apache/
<jamespage> EmilienM: deploying now to see if I can reproduce
<EmilienM> jamespage: thanks for your help
<jamespage> EmilienM: np
<jamespage> want to see you unblocked so you can start testing out newton packages :-)
<EmilienM> so here's how we deploy SSL :
<jamespage> EmilienM: oh I have a way to deploy SSL :-)
<EmilienM> 1) we drop /etc/ssl/certs/puppet_openstack.pem file
<EmilienM> I mean, we put the file at this place
<jamespage> sure
<EmilienM> 2) we run /usr/sbin/update-ca-certificates -f
<EmilienM> 3) we put the cert in /etc/keystone/ssl/private/cert.pem (etc for every project)
<EmilienM> that's all I think
<EmilienM> it used to work fine with Trusty
<jamespage> EmilienM: is that for the CA cert?
<EmilienM> the CA cert is put in /etc/ssl/certs/puppet_openstack.pem
<jamespage> EmilienM: hmm ok
<EmilienM> well
<EmilienM> in fact we use the same cert for both
<EmilienM> https://github.com/openstack/puppet-openstack-integration/tree/master/files
<EmilienM> we have a crt & key for ipv4 & ipv6 (because we deploy apache and use ::1 or 127.0.0.1)
<jamespage> EmilienM: any way you can turn up and capture the output of update-ca-certificates?
<jamespage> -v would be useful
<EmilienM> jamespage: yes! we can do it
<EmilienM> degorenko: I'm going to update the patch ^
<jamespage> EmilienM: awesome
<jamespage> EmilienM: looking at the log I think you're writing it to /usr/local/share/ca-certificates/puppet_openstack.crt
<jamespage> and then running update-ca-certifcates
<EmilienM> yeah
<EmilienM> jamespage: can I run it afterwards the puppet run?
<jamespage> yup
<EmilienM> ok let's try
<jamespage> EmilienM: testing out my Juju deployed SSL openstack xenial mitaka foo now
<EmilienM> excellent
<EmilienM> jamespage: how do you deploy SSL?
<EmilienM> can you point me to the charms?
<EmilienM> (see how good is my vocabulary)
<jamespage> EmilienM: kinda the same way you do  - the keystone charm acts as a CA for everything else, and provides signed certs back to related services
<EmilienM> ok same yeah
<jamespage> which then use them and update their endpoint entries todo https
<jamespage> EmilienM: OK so I'm looking functional with https enabled...
<jamespage> EmilienM: that's from a xenial client to a xenial cloud
<EmilienM> ok, let's see
<jamespage> EmilienM: that's good because it broadly means we're not looking at a code fault somewhere in the stack on installed things...
<jamespage> EmilienM: how do you generate your CA and cert? I wonder whether its something about them that xenial does not like
<EmilienM> jamespage: on http://www.selfsignedcertificate.com/
<EmilienM> I'm very lazy, I know.
<EmilienM> but it just works
<jamespage> EmilienM: so how does the chain of trusty work with those?
<jamespage> puppet_openstack.crt is the cert for the signing CA?
<EmilienM> jamespage: yes
<EmilienM> our certs are here: https://github.com/openstack/puppet-openstack-integration/tree/master/files
<EmilienM> we have a pair of cert/key for ipv4 & ipv6
<jamespage> hmm this rings a bell for some reason...
<jamespage> EmilienM: I suppose those match to localhost right?
<EmilienM> jamespage: 127.0.0.1 and ::1
<EmilienM> we don't match on localhost because we want to test ipv4 & ipv6 endpoints
<EmilienM> jamespage: but ipv6 tests don't run on ubuntu, so consider 127.0.0.1 only.
<jamespage> ok
<jamespage> EmilienM: verbose output of that update-ca-certifcates looks like it might help
<jamespage> EmilienM: I'd like to check that your cert is getting into /etc/ssl/cert/ca-certificates.crt
<EmilienM> yeah, CI is currently running
<jamespage> you can grep for a line or so in that file to match
<jamespage> EmilienM: might be relevant
<jamespage> http://www.python.org/dev/peps/pep-0476/
<jamespage> trusty has a pre 2.7.9 python 2.7 version
<EmilienM> ok I have logs
<EmilienM> a sec
<jamespage> EmilienM: OK my SSL cloud appears completely functional, so it must be something todo with the way you're doing cert and building the trusty chain
<jamespage> just a hunch
<jamespage> trust chain
<jamespage> not trusty...
<EmilienM> ok
<EmilienM> I'm trying to get the logs
<EmilienM> job is still running, will show output in a few min
<jamespage> ok stepping away for a bit...
<jamespage> biab
<jak2000> my network card not bringup at the start/boot, i need do a ifdown eth0 and then ifup eth0 how to fix it?
<nacc> rbasak: i assume you're gone already, but if not o/; and if so, can we sync up tmrw AM?
<smb> hallyn, somehow your 1.3.4 libvirt merge did upgrade without issues and it even seems to boot Xen PV and HVM guests... I wonder what I am doing wrong... ;) nice job
<hallyn> smb: did you get a systemctl preset error on upgrade?
<hallyn> once i finish testing my kernel patch i was going to try and reproduce that with a minimal empty pkg set
<smb> hallyn, hm, not that I remember. I might have missed it if it did not cause a upgrade failure. But systemctl status on libvirtd was ok. Not sure whether one would now expect libvirt-bin to be the alias (or whether that actually is possible)
<hallyn> smb: it is now the alias, and on clean installs that works
<EmilienM> jamespage: http://logs.openstack.org/30/308530/18/experimental/gate-puppet-openstack-integration-3-scenario002-tempest-ubuntu-xenial/e17a5b4/console.html#_2016-05-18_15_26_02_283
<smb> hallyn, ah ok. so that would be the only odd thing "systemctl status libvirt-bin" reports it as not running. Even after reboot...
<EmilienM> jamespage: and http://logs.openstack.org/30/308530/18/experimental/gate-puppet-openstack-integration-3-scenario002-tempest-ubuntu-xenial/e17a5b4/console.html#_2016-05-18_15_26_13_161
<hallyn> smb: yeah i think that may even be the whol eproblem - maybe systemd is trying to set up the symlink for the Alias and that fails bc something already exists
<smb> hallyn, I believe that is what is done. But I don't know how one is supposed to cleanly do that switch-over
<hallyn> :)  I can tell you that it worked before an init-system-helpers update in yakkety
<hallyn> so it still may really be a bug there
<hallyn> or, i was always doing something wrong and the old code just let it fly
<smb> hallyn, :) I would not want to claim I knew what is right or wrong when it comes to systemd... one thing I just noticed is that status reports active running and then "bad" whatever that means
<jeeves_moss> is the pagkage PuppetMaster still broken for 16.04?  I'm trying to install it through apt-get, and it fails
<nacc> jeeves_moss: fails how?
<jeeves_moss> nacc: "Job for puppetmaster.service failed because a timeout was exceeded. See "systemctl status puppetmaster.service" and "journalctl -xe" for details."
<jeeves_moss> nacc: full error  --->  http://pastebin.com/3KNDZ4Nx
<nacc> jeeves_moss: anything in the referred to logs (feel free to pastebin them too)
<jeeves_moss> one sec.  I'll have a look once this wget is done
<xnox> smoser, is it possible to do "xnox hates cloud-init networking" via cloud config drive and/or via user data and/or vendor data?
<jeeves_moss> ugh, I miss having a box in the datacenter.  Trying to do a setup at home takes forever!
<jeeves_moss> nacc: lol.  looks like it couldn't make the .pid file.  <rolls eyes>
<nacc> jeeves_moss: permissions?
<jeeves_moss> nope.
<jeeves_moss> nacc: "puppetmaster.service: Failed to read PID from file /run/puppet/master.pid: Invalid argument"
<nacc> jeeves_moss: does said file exist? and have valid contents?
<jeeves_moss> the file didn't exist.  so I tried touching the file, and re-running the installer
<nacc> jeeves_moss: it probably needs a pid in it
<nacc> jeeves_moss: but i might be wrong
<jeeves_moss> nacc: http://pastebin.com/WWWw7Hny
<nacc> jeeves_moss: that still happens you mean? or was the original error?
<jeeves_moss> nacc: orignial error.  new server, new install
<nacc> jeeves_moss: and after `touch` it gets further?
<nacc> jeeves_moss: just fyi, it would be good to file a bug (or see if one si filed) for puppetmaster that it fails to install due to the above
<jeeves_moss> I had a look through the service file, and it should be "master.pid"
<jeeves_moss> I'm going to see if it fails again.
<jeeves_moss> would be nice if I can fil a bug.  would be the first one I've ever filed
<nacc> !bug | jeeves_moss
<ubottu> jeeves_moss: If you find a bug in Ubuntu or any of its derivatives, please file a bug using the command Â« ubuntu-bug <package> Â» - See https://help.ubuntu.com/community/ReportingBugs for other ways to report bugs.
<nacc> :)
<jeeves_moss> typical.  most things I want are always broken
<nacc> jeeves_moss: fwiw, the version in 16.04 (and yakkety) is the same as in debian, so it's probably a debian bug, really -- would be good to verify if it happens there too
<nacc> not strictly necessary, but it will probably get asked in teh bug :)
<jeeves_moss> nacc: lol.  no body's got time for 'dat.   -->  http://s2.quickmeme.com/img/a0/a0ed68c2b414e58e131e7fa1c7ac66e4df4a14d30df577734812cdb95d9aaa99.jpg
<jeeves_moss> ohhhh, new error!!!  java ins't installed.  might be a dep problem here guys
<jeeves_moss> <rolls eyes>  all of this to manage 8 machines
<nacc> jeeves_moss: puppet shouldn't need java? it's a ruby tool
<nacc> i thought
<jeeves_moss> hummm, we shall see.  I tried intstalling the latest snapshot from puppetlabs, and that's what I got.  so, we shall see
<nacc> jeeves_moss: hrm? so not the ubuntu pacakge?
<jeeves_moss> no, I grabbed the latest from their site.  if it installs, then the one oin the repo is suspect
<jeeves_moss> nacc: it says puppetserver requires java
<nacc> jeeves_moss: "it" being their version?
<nacc> their being puppetlabs?
<jeeves_moss> yes.  the latest from puppetlabs.  if that package works, then there is something wrong with the package in the ubuntu repo
<nacc> well, they are different versions clearly
<sdeziel> jeeves_moss: puppetmaster (ruby based) is not to be confused with puppetserver (java based)
<nacc> sdeziel: thanks
<sdeziel> nacc: np
<jeeves_moss> sdeziel: any ideas on how to fix this install issue?
<sdeziel> jeeves_moss: the puppetserver or the puppetmaster on?
<sdeziel> s/on/one/
<jeeves_moss> sdeziel: puppetmaster
<jeeves_moss> sdeziel: this is the error we are getting.  http://pastebin.com/3KNDZ4Nx
<sdeziel> jeeves_moss: I don't have any experience with puppetmaster directly. I've only used "puppetmaster-passenger" on Trusty
<sdeziel> jeeves_moss: if you pastebin "systemctl status puppetmaster.service" and "journalctl -xe" I could look at them though
<jeeves_moss> sdeziel: the outputs are in http://pastebin.com/3KNDZ4Nx
<sdeziel> jeeves_moss: I only see the apt install failure log
<jeeves_moss> hummm.  one sec.  it looks like even the latest pagakge from puppetlabs suffers the same issue
<sdeziel> jeeves_moss: upstream focus seems to be on the Java based daemons (puppetserver and puppetdb) so it's possible they legacy version isn't in top shape
<jeeves_moss> hummmm
<jeeves_moss> at this rate, I should just abandon this mess
<sdeziel> jeeves_moss: but for those you will get better support in their own channel
<jeeves_moss> I've asked in there,  it's a ghost town!
<sdeziel> jeeves_moss: hmm OK. If you want a puppetmaster/server and want to use the upstream apt repo, you are better off using Trusty because they don't yet officially support Xenial as the server role
<jeeves_moss> sdeziel: fun.  how do I get the previous release if I'm installing with Apt-get?
<sdeziel> jeeves_moss: apt-get install foo=<version>
<jeeves_moss> hummm, google!!
<coreycb> jamespage, https://git.launchpad.net/~corey.bryant/ubuntu/+source/python-microversion-parse
<davethenoob> hi there everyone
<davethenoob> I wonder if I could get a little advice please?
<davethenoob> about me running my home server with Ubuntu Server installed
<jak2000> my network card not bringup at the start/boot, i need do a ifdown eth0 and then ifup eth0 how to fix it?
<genii> davethenoob: A more specific question might be more useful for someone to give an answer to :)
<patdk-wk> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<patdk-wk> !poll
<patdk-wk> !best
<patdk-wk> damn bot
<TJ-> !giveupwhilstyoureahead
<davethenoob> hah. fair point. So I have my server installed and have had owncloud running on it and all good. Except that it started running slow and would upload photos to owncloud, which made me think it could have been a ddos attack. My question is can you recommend some good steps to do tonight to help minimize that risk?
<jak2000> patdk-lap any advice?
<davethenoob> thanks in advance
<davethenoob> its 14.04
<beisner> coreycb, oh i forgot to confirm that i pushed kilo-proposed to updates, except for qemu earlier.
<coreycb> beisner, cool thanks
<genii> davethenoob: Move ssh from port 22 to something more obscure, above 1024. Use key based authentication and not password based. Install and configure fail2ban
<patdk-wk> genii, how does any of that help?
<patdk-wk> he wants ddos protection
<patdk-wk> you cannot protect yourself against a ddos unles you have enough bandwidth to handle it, or you hide behind someone that does
<patdk-wk> you could completely firewall port 22 and not evne have ssh or any other service open
<davethenoob> i have a home server that I want to access from outside home with owncloud and subsconic
<patdk-wk> but your still vaunerable to a ddos
<davethenoob> I have pasted an iptables rule into terminal
<davethenoob> iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
<davethenoob> that one
<patdk-wk> davethenoob, what is the goal?
<patdk-wk> cause nothing you do on that server will help protect you from a ddos
<patdk-wk> that limits http connects, not ddos
<genii> patdk-wk: When someone is trying to bruteforce ssh passwords, it effectively chews up all the bandwidth and can cause outages
<davethenoob> and used iptables persistent for it
<patdk-wk> genii, yes, but that is hardly ddos protection
<patdk-wk> he asked for ddos
<patdk-wk> now to do more, stop bad/unwanted things from using your bandwidth, there are millions of things yo ucan do
<patdk-wk> but you should find out what is using your bandwidth to find out what you should attempt in what order
<patdk-wk> but no matter what you do, it is a simple job for someone to ddos you, just by flooding too much traffic to you
<patdk-wk> it doesn't matter if you have an iptables rule that says DROP all incoming
<davethenoob> thanks for advice guys.
<davethenoob> After thinking, I think im gonna just make it a local server and not accessible outside
<davethenoob> for safety
<davethenoob> or start off local then maybe make it web-facing when I have some more knowledge / confidence
<roaksoax_> ~/win 8
<fellayaboy> can someone help me on how a thinclient connects to a vm on either xenserver or vsphere esxi?  how do i setup a thinclient to connect to a vm on a server?
<patdk-wk> what is this *thinclient*?
<fellayaboy> what protocol does the thinclient use to boot into a vm?  what server serves the thinclient
<fellayaboy> a thin client machine - no cd/dvd, no hard drive.  just boots a VDI off the network.
<fellayaboy> very small and minimal machine
<patdk-wk> ok, but what does that have to do with a vm at all?
<fellayaboy> i assumed a thin client connects to a vm
<fellayaboy> how does it work then
<patdk-wk> I guess this is more a question to your thinclient seller
<fellayaboy> someone give me the basics pooo lease
<patdk-wk> you need to know what your thinclient supports, what it can do
<patdk-wk> I dunno what you mean by connects to a vm
<fellayaboy> have u ever worked/setup a thinclient before patdk-wk
<patdk-wk> the *standard* definition of a thin client is a basic monitor/keyboard has no, or very little programs installed
<patdk-wk> fellayaboy, around 15years
<fellayaboy> i thought a thin client machine boots an operating system off a server somewhere
<patdk-wk> it might, it might not
<patdk-wk> that depends on the thin client
<fellayaboy> i see
<fellayaboy> well in this case lets say it does
<patdk-wk> it might have a 1gig cf card or something
<fellayaboy> whats cf?
<patdk-wk> yes, but I don't know what one oyu have, what it wants to do, does it do iscsi? nfs? http? how does it boot, what image does it expect?
<patdk-wk> is it pxe? dhcp?
<fellayaboy> so thin clients can boot straight to iscsi, nfs, http, pxe
<patdk-wk> thinclients is a generic term that means nothing
<fellayaboy> i see ok makes sense
<patdk-wk> it is a catchall for any simple, reimagable bare-minimal workstation
<patdk-wk> a thinclient could be custom hardware, that runs customfirmware
<patdk-wk> it could be normal computers
<patdk-wk> it could be normal computers that boot remotely, centrally
<patdk-wk> but generally they are stripped down graphics, minimal ram, ...
<fellayaboy> well, i want to create a system where i can use cheap inexpensive thin clients that connect to a centralized server, where they can run an operating system.
<patdk-wk> normally only powerful enough generally to remote into something else, like using rdp/vnc
<fellayaboy> through the network
<patdk-wk> sounds like yo uwant to recreate vmware view with desktop hardware
<patdk-wk> your going end up running a full blown desktop os on the clients, in order to run vnc, if you roll this yourself
<fellayaboy> i guess that would be it.. ihavent used vmware view, ive used esxi server and client and rdp to connect to vm
<fellayaboy> but never used a thin client to connect to one
<fellayaboy> i want to have inexpensive thin clients connect to server. have the server do all the work etc.  and so that i can expand it all i want of course.  add more vm's, more endpoints. put all the load on the server.
<fellayaboy> using 10gbps network card if have to with heavy duty switch/router etc
<patdk-wk> you cannot put all the load on the server
<patdk-wk> you can only put the cpu/ram load onto the server
<patdk-wk> all graphics load will be on the client
<patdk-wk> and on the server
<fellayaboy> well not all, just want to have inexpensive endpoints thus thin clients
<patdk-wk> and the vnc/rdp/... protocol processsing on the client
<fellayaboy> that part is fine
<fellayaboy> so theres  some thinclients that have in there bios a vnc/rdp protocol running already? or some kind of embedded os ?
<patdk-wk> yes
<fellayaboy> oh i see that makes sense
<fellayaboy> and some have to option to boot off iscsi and nfs right
<fellayaboy> what i want to do is create a Point of Sales network system.  say for a store.  using all open source technology
<patdk-wk> maybe, those are getting not as thin then
<fellayaboy> i see
<fellayaboy> well now i know that some thinclients use vnc rdp in there embedded os
<fellayaboy> that gives mea little headstart and some clarity
<fellayaboy> thank you patdk-wk
<mikedep333> So the Vagrant Xenial cloud images are currently broken. In the past, ultlemming fixed a Vagrant cloud image issue ASAP. Is he or someone else able to fix this?
<mikedep333> https://bugs.launchpad.net/cloud-images/+bug/1565985
<ubottu> Launchpad bug 1565985 in cloud-images "vagrant vb ubuntu/xenial64 cannot mount synced folders" [Undecided,New]
<OerHeks> mikedep333, interesting.
<OerHeks> dpkg -s virtualbox-guest-utils  is missing.. and post #7 about standard ssh keys missing..
<OerHeks> i am glad about that last part, security wise
<mikedep333> Yeah. Empirically, the ssh solution is working, but the shared folders is not.
<OerHeks> not even after manual install, like post #5?
<mikedep333> it looks like someone builds the virtualbox kernel modules without the package being installed
<OerHeks> jups
<OerHeks> corporate
<mikedep333> the other virtualbox packages are not installed either
<OerHeks> is it fixed v20160518.0.0 (last release 2 hours ago) ?? https://atlas.hashicorp.com/ubuntu/
<mikedep333> So I should use those images rather than the ones on http://cloud-images.ubuntu.com/ ?
<OerHeks> those are the same, see the last comment.
<mikedep333> ok
<mikedep333> I'll try them out, thanks
<davethenoob> hello again. thanks for help earlier
<davethenoob> I have opted for local home server with computer running ubuntu server. I know just have a pptp port open so i can vpn into home network and upload any new photos to my owncloud
<davethenoob> are there any security measures to put in place when taking this route at all please?
<sdeziel> davethenoob: pptp is known insecure
<sdeziel> davethenoob: for alternatives you could check out OpenVPN or some IPsec implementations
<davethenoob> umm. is it easy to swap?
<davethenoob> I am complete noob to server stuff. Im just learning the ropes. Im php dev by trade
<davethenoob> which do you suggest between the two?
<sdeziel> davethenoob: OpenVPN as you'll be able to reuse the pptp port (TCP/1723)
<Sling> davethenoob: why not just use SSH to manage the server?
<sdeziel> davethenoob: this will save you a trip to your router's config
<davethenoob> all i need it for is to access music on my subsonic, or photos on owncloud, both through android apps pointing to 192.168.x.x
<davethenoob> I just want a vpn to access it outside
<sdeziel> davethenoob: OpenVPN is available on Android as well
<davethenoob> sdeziel so i just apt-get install the openvpn, disable pptp and enable openvpn?
<sdeziel> davethenoob: that's a good starting point. Then you'll want to head to https://openvpn.net/index.php/open-source/documentation/howto.html for the configuration
<sdeziel> davethenoob: you can also take a look at https://help.ubuntu.com/community/OpenVPN but I'd recommend to avoid bridged VPN (tap), prefer the tun/routed style
<davethenoob> https://help.ubuntu.com/16.04/serverguide/openvpn.html
<davethenoob> ?
<sdeziel> davethenoob: that's actually an excellent guide
<davethenoob> darn it
<davethenoob> just realized im using my raspberry pi as vpn server
<sdeziel> davethenoob: I have to go. Good luck with the VPN
<Bae> anyone here good with the apparmor?
<sarnold> hi Bae, what's up?
<Bae> hey sarnold. glad i found someone who uses the project. i have a question about it. when i installed it and set it enabled what i saw was that it creates profiels for every bin/ binary out there. that means it creates some for ping etc. all that jazz. my question was about the default state of such bin files in the context of apparmors. as in, are they all set BY DEFAULT to inherit permissions/rules from its parent (calling process?) ?
<sarnold> Bae: it depends upon the profile of the calling process. If the calling process is unconfined, then the "attachment specification" at the start of the profile says which programs to confine and with which profile
<Bae> an example of this would be. say i made a nodejs file that calls the ping binary. would the ping binary BY DEFAULT (right after installing apparmor) be set to inherit apparmor permissions from the parent? as in if the parent is not allowed to access the network the ping service would be denied by apparmor?
<sarnold> Bae: does your nodejs program run confined or unconfined?
<Bae> sarnold, confined. and that will be enforced
<sarnold> Bae: if you want to allow ping to run as expected, you could use /bin/ping Px,   rules in the nodejs program's profile
<Bae> sarnold, a better example i thought up right now would be something like say, if my nodejs profile is not allowed to edit a file in directory say /home/someone/blockedDir/. i would add deny rules in the nodejs profile. cool. but what if nodejs calls another process to run (another binary) that is set to access that very folder? i want to make sure that that child process binary cannot also access that particular folder ONLY if nodejs calls it
<sarnold> Bae: if you want to forbid ping's networking but still let it be run (for whatever reason...) you could use /bin/ping Cx -> ping,  rule, then add a "child profile", something like "profile ping { ... }"  to your nodejs profile..
<sarnold> Bae: if you want to forbid ping's networking but still let it be run (for whatever reason...) you could use /bin/ping Cx -> ping,  rule, then add a "child profile", something like "profile ping { ... }"  to your nodejs profile..
<Bae> OH i see what you mean sarnold. so that means i could leave the ping binary as is. and then in the node js {} i add a nest that shows the binary for ping {} that disallows it. cool.
<Bae> shows the rules for ping {}*
<sarnold> Bae: you could also use 'ix' rules instead of 'cx' -- then they'd run with the same privileges. But I like to encourage Cx where practical, since it can often be a drastic reduction in what privileges are allowed where
<Bae> i should say
<Bae> sarnold, if i were to use ix (inherit right? ) i would have to set ix in the ping binaries profile right ? not in the branched profile of the nodejs one
<sarnold> Bae: btw, even though apparmor does all you to write e.g. "allow /home/** r, deny /home/sarnold/** r," it's really best to stick to _whitelisting_ as much as you can. It's often possible to construct attacks that get at data that is denied via a "deny" rule
<Bae> yeah thats the plan. the deny thing was an example. my idea is to only whitelist certain directories and functions
<sarnold> Bae: the nodejs' program's profile would use "/bin/ping ix," -- and the global /bin/ping profile is left alone completely
<sarnold> Bae: okay, good, good :)
<Bae> sarnold, the /bin/ping ix in the nodejs programs profile is not saying "inherit rules from ping" ?
<Bae> because i want the ping to inherit from node. not node to inherit from ping
<sarnold> Bae: correct; it is saying "when executing ping, it inherits this current profile"
<Bae> ok let me do a quick clarification example if u dont mind
<sarnold> or, rather, "when a program executing in this profile executes ping, ping inherits this current profile"
<Bae> AH Yes
<Bae> ok
<Bae> so in here: http://pastebin.com/ArQFSCeF this is saying. when ping is born from nodejs app. ping inherits from nodejs app. right?
<sarnold> Bae: ahh, skip the "-> child1," bit when using ix rules
<Bae> thats from the site lol
<Bae> sorry
<sarnold> Bae: it is? can you link me? :)
<Bae> maybe they did it for clarifications but here: so sarnold to ensure maximum security
<Bae> ugh
<Bae> http://wiki.apparmor.net/index.php/QuickProfileLanguage
<Bae> so sarnold to ensure maximum security what i could do then is in the nodejs app i could put all the names of binaries that are profiled and tell them all to inherit rules from the nodejs app. in this way, any sort of exploit into the nodejs children processes would be thwarted. what do you think about it ?
<sarnold> Bae: you should only need to add 'ix' rules for programs that your nodejs program actually executes
<Bae> sarnold, so what is best way to see what programs nodejs executes? or rather, apparmor detects that the nodejs program executes ?
<sarnold> Bae: if it only ever calls awk and sed, for example, you could just add /usr/bin/awk ix, /bin/sed ix, and be done :)
<sarnold> Bae: aa-logprof should prompt you for them, but.. that family of tools is cranky. please file bugs as you find them. :)
<Bae> oh ok
<Bae> yeah i was thinking of something like valgrind that shows all the processes as you run it
<Bae> but in apparmor :p
<sarnold> Bae: you'll find them in the logs: apparmor="DENIED" operation="exec" profile="/tmp/bash" name="/tmp/ls" pid=21726 comm="bash" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
<sarnold> or apparmor="ALLOWED" if you're running the profile in learning mode, of course
<Bae> so the best way for me to proceed right now to ID these processes first would be to run it in permissive mode and generate logs and unit test the full app
<Bae> then grep those logs for all the processes generated. then add those in the nodejs app profile in apparmor with the ix
<sarnold> you ought to be able to get apparmor to report all execs using something like (UNTESTED): "/tmp/bash { file, audit /** ix, }"   :)
<Bae> to make sure that all the processes nodejs can ever generate, will be inheriting rules from the original one :)
<Bae> ah thank you so much sarnold you are very helpful :D
<sarnold> Bae: the aa-genprof tool should step you through those steps :)
<Bae> yeah i did that lol. it just generates a boilerplate
<Bae> i want something i can look through. that i can see those logs and see exactly what file is called and where
<sarnold> aha then you sound like you -do- want to do things by hand. :)
<stoned> Hello, I'm having trouble finding the xdebug config file in ubuntu server
<Bae> i do yes sarnold
<Bae> anyway i will be saving this conversation
<Bae> i dont mind getting my hands dirty
<sarnold> Bae: there's also #apparmor on irc.oftc.net in case there's no one around here who can help
<Bae> oh i did not know that! thanks so much :)
<sarnold> sure thing :) have fun :)
<Bae> yeah sarnold thank you so much for all your help
#ubuntu-server 2016-05-19
<roaksoax> win 4
<caliculk> I have a ubuntu machine, that whenever the primary router restarts, the network interface never comes back up on the ubuntu server. I have a crash log, but am unable to switch kernels (mainly due to lack of out of band management/ipmi). I have the crash log here: http://pastebin.com/0jb8VxJN but was wondering if anyone had any other suggestions.
<sarnold> caliculk: you could also try linux-lts-wily or linux-lts-xenial kernels, too; it might have been fixed upstream in the meantime, too
<jamespage> coreycb, pushed microversion-parse to git, uploaded to unstable  - I see you shoved it in the PPA already
<jamespage> coreycb, so pushed relevant changes to nova master packaging branch as well
<sivir> sudo dnf install p7zip
<EmilienM> jamespage: hi, we'll need this backport in ceilometer: https://review.openstack.org/#/c/318503/ otherwise it's impossible to run tempest against Ceilometer Mitaka (see commit message)
<EmilienM> jamespage: do you think it's possible?
<jamespage> EmilienM, is there an associated bug for that?
<jamespage> EmilienM, and do the ceilometer team plan a point release anytime soon?
<EmilienM> jamespage: I don't know
<EmilienM> maybe we can ask on #openstack-telemetry
<jamespage> EmilienM, I'd not put that through the SRU process individually, so really it would be nice to get a ceilometer point release made including other things
 * jamespage looks to see what's been added since mitaka release.
<jamespage> hmm only two fixes so far - one for a gate break and the other is some re-alignment only
<EmilienM> jamespage: in the meantime, I'm trying to revert https://review.openstack.org/#/c/318519/
<EmilienM> jamespage: because the problem is also in Liberty
<sobersabre> hi. I want to add a machine to AD domain. I've tried using SSSD instructions: https://help.ubuntu.com/lts/serverguide/sssd-ad.html
<sobersabre> And I think this one is a bit too simplistic. even though my setup is not complicated.
<cpaelzer> nacc: is the section sobersabre reports here part of what you rewrote for the updated serverguide?
<cpaelzer> nacc: is this even the new content already?
<cpaelzer> sobersabre: while he (nacc) isn't here yet could you describe a bit what more or less compelx steps would be missing?
<cpaelzer> sobersabre: or was that just a general statement of it being too simplistic?
<halvors1> Where could i add a network script?
<halvors1> I need to add a VTI interface, but because ifupdown is massivly lacking support for stuff like that, i need to do this using iproute2.
<halvors1> Is there a ny good way to add a persistent iproute2 interface in Ubuntu?
<sobersabre> cpaelzer: the problem is that sssd is hiding (naturally) most of subsystems of AD, so it would be very helpful to have tests for those subsystems, namely - ntpd, nmbd, smbd, krb and their integrations
<sobersabre> I mean, I did all, and after joining the domain users don't show in getent passwd or getent group
<sobersabre> There is a lot that could've gone wrong, and I'm now digging the logs.
<sobersabre> I did similar flow with centos/fedora and it worked well. I don't know what goes wrong here exactly.
<sobersabre> cpaelzer: ^^^ you here, aye?
<cpaelzer> sobersabre: yes, still here
<sobersabre> well, cpaelzer the howto didn't work :-]
<cpaelzer> sobersabre: was at lunch for a few :-)
<sobersabre> yep, people eat.
<cpaelzer> sobersabre: I get with tests you mean kind of verification steps for each of those things so that one can track down if/where things fail
<rbasak> jamespage: bug 1331630 is one for you I think? jgrimm: did this get missed from your subscription rearrangement?
<Black-Ridder> hi :)
<Black-Ridder> i'm a student and i've to make a server with bind9 an apache2, so i made it, but there is a little think that i don't understand
<Black-Ridder> can someone help me please?
<hateball> !help | Black-Ridder
<hateball> mhm.
<Black-Ridder> hateball : it's about virtual hosts
<Black-Ridder> i've a server with differents website hosted
<Black-Ridder> toto.com, tata.com (for example lol)
<Black-Ridder> so in my bind9 server i've made a "zone" named ServerTestEcole.com.
<Black-Ridder> but i can't link toto.com, tata.com etc
<Black-Ridder> when i wrote www.toto.com i go to the default site of apache :'(
<Black-Ridder> hateball : can you help me?
<hateball> Black-Ridder: Not quite sure I understand it all, but perhaps someone else does
<hateball> Be patient :)
<Black-Ridder> okay thanks
<Black-Ridder> is it my sentenses?
<Black-Ridder> i'm from belgium so i probably make some error in my sentenses, sorry :p
<hateball> well you need to configure apaches various sites to show you different things depending on what url used to reach it
<Black-Ridder> yes
<Black-Ridder> with apache's virtual host you can had many website on the same server (1website = 1 address; www.toto.com, www.tata.com,.. etc)
<Black-Ridder> so in my link they explain how to do it with apache2 but they don't explain the bind9'part of the configuration :/
<jgrimm> rbasak, i'll add suds to the list of things that should move to openstack.  i'm not done auditing the full server list yet for places where openstack isn't yet subscribed.
<rbasak> jgrimm: OK
<jamespage> EmilienM, hey - not sure what the puppet module for ceph does but https://review.openstack.org/#/c/318612/ is something to be aware of
<jamespage> that changed between final rc and release of ceph jewel
<EmilienM> jamespage: oh nice! we have some troubles to make it work, I'm sure this link will help
<EmilienM> jamespage: thanks a lot for that
<jamespage> EmilienM, np - it only effect use of OSD's on things other than xfs
<jamespage> so we saw impact on zfs and ext4
<EmilienM> jamespage: yeah OpenStack Infra is providing nodes with ext4 and we have issues
<EmilienM> cool
<EmilienM> thx for sharing that
<jamespage> EmilienM, you are welcome
<jamespage> coreycb, one patch away from newton/nova being functional  https://review.openstack.org/#/c/318568/
<coreycb> jamespage, \o/
<rbasak> nacc: o/
<frickler> can anyone successfully run an yakkety cloud image? I'm stuck without networking even after 20 minutes: http://paste.ubuntu.com/16506150/
<EmilienM> jamespage: did you see the logs yesterday about SSL?
<jamespage> EmilienM, I did but I don't have an answer as to why its not working
<jamespage> EmilienM, all I can think is that the nature of the cert you add to the ca-certifacates file means that its still not trusted - but I'm not 100% sure
<EmilienM> jamespage: http://logs.openstack.org/30/308530/18/experimental/gate-puppet-openstack-integration-3-scenario002-tempest-ubuntu-xenial/e17a5b4/console.html#_2016-05-18_15_26_13_161
<EmilienM> ok
<jamespage> EmilienM, Replacing debian:puppet_openstack.pem
<jamespage> yeah got that
<EmilienM> ok I'll try with another cert
<jamespage> so we can see it being added, but for some reason the clients are still not trusting it
<EmilienM> thx
<jamespage> EmilienM, the testing I did was a little different - I installed the cert for the private CA we setup, not the cert for each of the services...
<rbasak> Odd_Bloke: see frickler's question above
<jamespage> EmilienM, it would be handy to run something over that to see why - maybe openssl has a 'figure out trusted-ness' type thing?
<jamespage> as I think that's what python actually uses for the verfication
<EmilienM> jamespage: yeah, I would investigate that
<jamespage> EmilienM, openssl s_client -connect 127.0.0.1:5000 might tell you more
<EmilienM> I need to reproduce all of that in a VM
<EmilienM> degorenko: ^ FYI
<degorenko> EmilienM, i have VM with my 15 patch set, without ssl, but i'll deploy latest for you :)
<jamespage> EmilienM, yup
<jamespage> tested against my deploy - verified OK with the CA cert installed for me
<Odd_Bloke> frickler: I have run one, but it did take ~7 minutes to get networking; I expect you're seeing https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1577844.
<Odd_Bloke> rbasak: (Thanks!)
<jamespage> EmilienM, for example http://paste.ubuntu.com/16506393/
<EmilienM> ok
<Odd_Bloke> frickler: Does xenial work for you?
<jamespage> EmilienM, that will at least give you more information about what's not working properly
<halvors1> Hi.
<halvors1> I want to add a tunnel using the "ip -6 tunnel add" command of iproute2, but i want it to be persistent so that it is loaded at boottime.
<halvors1> How can i do this in ubuntu?
<EmilienM> jamespage: ok we'll investigate, thanks again for your help
<jgrimm> rbasak, billard can possibly be demoted?  i think it had been drug in as dependency for celeryd & friends at some point, but they've been demoted since.  for consideration.
<jgrimm> rbasak, noticed this while doing my package audit
<rbasak> jgrimm: billard?
<jgrimm> rbasak, https://launchpad.net/ubuntu/+source/billiard
<rbasak> jgrimm: looks like it's seeded only by the development seed now: http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.yakkety/view/head:/development#L62
<rbasak> jgrimm: so up to Foundations I guess? They should have the bug subscription or demote it I think.
<frickler> Odd_Bloke: xenial runs fine, yes
<halvors1> Is network interfaces handled by systemd or ifupdown in ubuntu 16.04?
<frickler> halvors1: should still be ifupdown by default, but you can enable systemd-networkd.service if you want to have that
<frickler> Odd_Bloke: well, there is one issue for Xenial, the ensX names are non-predictable and may get changed after a reboot
<Odd_Bloke> frickler: Hmm, that's definitely a bug.
<Odd_Bloke> smoser: rharper: ^
<frickler> start with one interface: ens3, add a second via "nova interface-attach": ens7, do a "nova reboot": get ens3+ens4 instead
<jamespage> coreycb, added manila to mitaka and newton ci
<coreycb> jamespage, thanks.  I'm taking a look at the neutron liberty failure.
<jamespage> coreycb, okies
<jamespage> coreycb, ostestr might be a good first change
<jamespage> the wily failure looks like bad mocking to me
<jamespage> chance that it passed on trusty...
<coreycb> jamespage, yep!
<halvors1> Um. Someone said something but my IRC client crashed.
<halvors1> Can you please repeat? :)
<frickler> halvors1: should still be ifupdown by default, but you can enable systemd-networkd.service if you want to have that
<halvors1> Ah ok.
<halvors1> frickler: Is it possible to use both?
<frickler> halvors1: maybe it is, but I don't think that that would be really stable
<smoser> frickler, that is very odd.  cloud-init is trying (which needs improvements) to make sure that ens3 good, but the second attached nic should also be stable in name.
<jamespage> frickler, hey - thanks for the quality of your bug reports btw - much appreciated...
<frickler> smoser: it isn't, when nova recreates the libvirt.xml, the order of pci slots may change. it even gets fancier if you also attach and detach volumes
<frickler> smoser: I would think going back to using ethX for cloud instances would be much more sensible. Like special case this for Virtio network devices maybe
<degorenko> jamespage, hey, about checking ssl, my output on vm for openssl s_client command:http://paste.openstack.org/show/497729/ i have not experience with ssl. May be it can help you somehow
<degorenko> and also i see this error: 2016-05-19 14:43:45.106 30584 ERROR oslo.messaging._drivers.impl_rabbit [req-2198cd2f-e791-47c9-ad41-d064f25750cb - - - - -] AMQP server on 127.0.0.1:5671 is unreachable: [SSL: TLSV1_ALERT_INSUFFICIENT_SECURITY] tlsv1 alert insufficient security (_ssl.c:590).
<sdeziel> frickler: special casing virtio NICs only would miss the SR-IOV one
<jamespage> degorenko, that's something quite different...
<degorenko> EmilienM, fyi ^
<jamespage> degorenko, but your first paste lgtm - the cert verified ok
<degorenko> jamespage, any ideas? :)
<sdeziel> frickler: but PCI ordering is really annoying I must admit
<jamespage> Verify return code: 0 (ok)
<jamespage> degorenko, second is probably rmq is not configured to support tlsv1.2
<jamespage> v1 has some issues I think
<EmilienM> weird all of this worked on trusty
<EmilienM> maybe a dep in python or?
<degorenko> jamespage, same error from rabbit log =ERROR REPORT==== 19-May-2016::14:45:38 ===
<jamespage> EmilienM, I think it all worked on trusty because python 2.7 ignores certificate validate chains in trusty
<degorenko> SSL: hello: tls_handshake.erl:167:Fatal error: insufficient security
<degorenko> for the recored - rabbitmq is running
<jamespage> degorenko, I've not seen that problem before - I'd have to google it but I would suspect its something related to tls version level negiotiation
<degorenko> jamespage, i will try also to find out the problem, thanks in advance, ping me, if you will have something
<jamespage> degorenko, https://www.rabbitmq.com/ssl.html good reference for checking
<degorenko> thanks, going to read article :)
<smoser> frickler, thats an openstack bug honestly.
<smoser> using eth0 and eth1 was only randomly better if it was
<smoser> if openstack arbitrarily moves nics around on a bus on reboot or shutdown / startup, then it really needs to stop doing that.
<smoser> really, even in the old 'eth0' and 'eth1' world, it could brea
<smoser> break.
<smoser> i'm sure that they keep the mac, so it seems that the solution would be to really have to "pin" nics to a given name based on mac.
<nacc> rbasak: hey, would you be free after the team hangout today?
<rbasak> nacc: yeas
<nacc> rbasak: great, thanks!
<coreycb> ddellav, hey, ping me your package for review in #ubuntu-server if it's ready
 * coreycb thought he was in another channel
<ddellav> will do, one sec coreycb
<frickler> smoser: well, they keep the ordering stable (at least I hope, will have to check), so if eth0 is the first virtio-nic and eth1 the second one (as it is with e.g. Trusty IIUC), everything should be fine
<frickler> smoser: the trouble comes from systemd-udev assuming that PCI slot ids are stable, which is pretty fine for real hardware, but less so for virtual environments
<smoser> yes. thats absolutely it, but for a vm, why is it *not* stable ?
<smoser> why does openstack arbitrarily move nic devices around. that is silly.
<nacc> is this a hotplug case? looking above, i see a nova-attach invocation. And maybe something ensures that the new device comes "after" the current one? But on reboot, it gets normally detected and the order can be whatever hte bus order is?
<frickler> nacc: yeah, that is about what I gather happens
<frickler> or rather, on reboot/recreate the default ordering happens, which is network interfaces first, then console/vga, then block devices
<nacc> smoser: i don't know about the first part (what nova attach does), tbh, but i do recall seeing (in other contexts) a device being added, and then the order can be different on a normal boot with the same config
<smoser> i really think the thing we have to do is to make the names based on nic
<smoser> er... based on mac address
<nacc> smoser: ack, that's the only "stable" thing
<nacc> smoser: and also means if you hotplug in, hotplug out, hotplug in a second, and then reboot, you'll get the right config for the second, not just happen to share the config from the prior (if you went off device naming and happened to get the same name)
<nacc> smoser: with newer setups, i guess the "stable naming" implies mac address? (it's in the suffix), but i'm not savvy with how that all works and where it exists
<smoser> fyi, ubuntu-server and such do get logged at
<smoser>  http://irclogs.ubuntu.com/2016/05/19/%23ubuntu-server.html
<smoser> and i quite often link to those things from bugs.
<smoser> sdeziel, is https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1573192 a regression ?
<smoser> from 15.10 or 14.04 ?
<ubottu> Launchpad bug 1573192 in libvirt (Ubuntu) "apparmor prevents using SCSI hostdevs" [Undecided,New]
<sdeziel> smoser: I never tried on anything before 16.04
<smoser> sdeziel, ah. ok. thanks.
<sdeziel> smoser: I could check that out since I have some trusty laying around
<smoser> sdeziel, youd ont have to just jump and do it right now. would be good to know as that would raise my feeling of priority on nit.
<sdeziel> smoser: OK, thanks
<coreycb> jamespage, I'm surprised the midonet plugin was removed by upstream in a stable branch - https://github.com/openstack/neutron/commit/f5d1a42ee252605e51694352b8521c78201603e5
<degorenko> jamespage, hey, i've also checked rabbit port for openssl s_client, there are no any tls session tickets, is it ok? http://paste.openstack.org/show/497736/
<sdeziel> smoser: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1573192 is reproducible on Trusty
<ubottu> Launchpad bug 1573192 in libvirt (Ubuntu) "apparmor prevents using SCSI hostdevs" [Undecided,New]
<smoser> sdeziel, thanks
<ddellav> coreycb here the heat repo, lp:~ddellav/ubuntu/+source/heat, it builds successfully and i believe the config file matches yours
<ddellav> sorry for the delay, i got wrapped up with this backport reading docs and forgot to paste that to you
<coreycb> ddellav, can you fix that on the master branch instead?  we have to fix the current release first.
<ddellav> coreycb ah ok, sure
<coreycb> ddellav, also does it work?  I would think the PYTHONPATH=.  would need to be on the same line as oslo-config-generator
<ddellav> coreycb i copied it from the barbican package and when I installed the produced heat deb it looked right but i'll double check
<fermulator> Hey all, I've recently been trialling landscape for personal server/desktop admin/management, it's pretty sweet! saves me oodles of time on system maintenance, (especially pkg upgrades atm).  My unfortunate situation though is that all (~7-8) desktops+servers are Ubuntu, except ONE (1), which is Fedora. Has anyone any information/refs on if it's possible to hook a non-Ubuntu Linux distro into landscape
<fermulator> ? (obviously not all features would be available, but I'm interested in at least the ability to monitor the system via landscape web UI)
<Sebastien> ok, so. i want to manage emails on my box, and also subdomains. Is it possible to do this with webmin ?
<rharper> nacc: smoser: frickler: re the MAC; that is probably the only uniq thing that won't change;  the MAC in nic name however, presents a challenge w.r.t stacking devices since en+strlen($MAC)+\n is like 15, to a 16 char limit for ifname; so things like bridges, aliased interaces, vlans, all become problematic due to existing mechanism to assume appending extra stuff , eth0.123;
<nacc> rharper: ah yeah i remember talking about that at the sprint
<nacc> rharper: yep, so makes sense to somehow keep a mapping of MAC -> data about interface somewhere?
<fermulator> Sebastien, your question may be better asked in #webmin
<rharper> yeah; aka udev-rule/systemd.link file; which is eactly this MAC -> NAME mapping;
<rharper> openstack has a network_data.json which can export this information (and could update it upon nic hotplug);  cloud-init is parsing that and can emit the mapping;  the remaining on-hotplug trigger cloud-init to regenerate netconf and name nics as the remaining todo here;
<rharper> I agree with smoser though that there is little reason for openstack/libvirt to reorder the devices on the bus;
<rharper> mapping that to a real hotplug of a nic; one usually don't move all of the boards around when adding one new one
<rharper> that's causing churn for no reason;
<nacc> rharper: does hotplug have some special cases for adding the bus? like it puts it "after" existing busses when live-hotplug?
<rharper> libvirt has code for walking the existing topology in the case that the libvirt hotplug xml doesn't include an explicit bus address
<rharper> it's possible that they've got some code that collects them all and then writes out a new xml file;  so you can see a nic get plugged into slot 3 at hotplug time, but when rebooting, the on-disk xml has it in a different slot
<nacc> i'm just wondering if somehow the non-xml state (live) isn't matched up to the xmls tate
<nacc> yeah
<rharper> yes
<rharper> happens quite often
<rharper> with disks as well
<nacc> right, makes sense
<nacc> hence why UUIDs are important :)
<rharper> but disks have fancy things like /dev/disk/by-id which map to disk serial
<rharper> however, oddly; qemu doesn't provide default serial number (unlike default mac addrs) except for HDA types.
<nacc> yeah, wasn't there a request at some point to have a /dev/net/by-id by-mac etc
<rharper> we never fixed that  silliness
<rharper> yeah; but the kernel interface doesn't allow for filesystem ops
<nacc> oh right
<smoser> rharper, but tha trequirees the serial :). which they're not providing.
<rharper> my current reading of the code is that the only real thing is the ifindex
<rharper> then ifname is field of a structure indexed
<nacc> right
<rharper> smoser: yeah, uuidgen[:20]
<nacc> so is the issue in the above queries that the device got renamed or that hte libvirt busses got reordered on reboot?
<rharper> that's good enough and can be "persisted" in the xml
<rharper> nacc: it's the classic nic hotplug case where a nic shows up, it's been hotplugged into slot 7; but libvirt wrote out an xml on disk that didn;t put the hotplug nic in slot7; so upon reboot the hotplug nic is now in slot4
<nacc> ah ok, now i get it
<rharper> since we're using systemd "persistent" naming, we don't trigger a udev-write-net-persist script which could have recorded MAC -> name (ens7) mapping
<nacc> so a "fix" would also be to write to the XML the live state?
<rharper> but slots aren't as persistent as MAC->NAME mapping
<rharper> yeah, or figure out why libvirt persistent of hotplug devices changes slots
<nacc> i guess s/"fix"/"hack"/
<nacc> and i'm sure from a data-structure, cleanliness perspective, there are advantages to compressing the bus namespace down
<rharper>  s/hack/return-to-previous-mostly-sane-behavior
<nacc> :)
<rharper> nacc: I doubt it's that level of sanity
<nacc> rharper: this is libvirt? probably not, you're right
<rharper> my guess is that no one noticed the movement due to persistent rules being written in the past
<rharper> libvirt
<rharper> now that everyone is 'persistent'; the OS is taking the "hardware" at it's word; turns out the machine builder (nova/libvirt/qemu) aren't actually providing a persistent hardware machine
<rharper> sorta moving the bubble around
<nacc> right
<rharper> I thought about playing around if the ifalias structure in the kernel (it supports up to 256 chars) per interface
<rharper> there are some existing users of that though (snmp MOBs use those for tagging)
<rharper> but it'd be nice to have 256 char space per device for naming and such; though I don't think anyone really wants to type in: ifconfig enx8cae4cfdb971
<rharper> maybe if we add tab-completion for ifconfig and ip with the netdev names
<nacc> people already don't want to type eth<anything other than 0> it feels like :)
<rharper> that's probably a really nice thing to do  now
<sdeziel> rharper: in your previous example, if you persisted the name ens7 to map to your hotplugged NIC that later gets moved to slot4, what will happen when you hotplug another NIC that lands in slot7?
<rharper> sdeziel: it'll fall back to the kname (like eth3)
<sdeziel> rharper: OK. This is going to be confusing at some point
<rharper> the systemd.network manpage on NamingPolicy talks about the order in which it attempts to get a name
<rharper> sdeziel: at some point? =)
<nacc> i think the notion should be that if it's consistent over reboot, and there is a way to go from the name to the 'physical' location, then the name is just a handle
<sdeziel> ens7 sets some expectations on the location of the said NIC.
<nacc> sdeziel: if it's explicit that the name isn't hte location, but there is a mapping somewhere, then we just break that expectation from the get-go
<rharper> sdeziel: right, which is why we don't currently write out a persistent rule
<rharper> the name is supposed to reflect where it is
<rharper> sdeziel: and in this example, the admin (libvirt/nova) did move it (ens7 -> ens4)
<rharper> that's like someone in the lab pulling the card and putting it somewhere else
<rharper> one probably wants to know that;  though we had large discussion about the location of the interface not mattering as much as what the nic is connected to
<rharper> which is opposite of say disks which are more concerned with the data _in_ them
<nacc> right, you want subnet information, roughly (connectivity like you said)
<rharper> nacc: right; in the case of openstack which _can_ tell us about the nics; there's no reason to use the "location" mapping at all
<nacc> yep
<nacc> it only leads to confusion :)
<rharper> the oracle, as we say, can then name it whatever  red, blue, management, private
<TJ-> we need a /dev/net/by-route/ like /dev/disk/by-uuid/
<rharper> TJ-: yeah
<rharper> that'd be super cool
<nacc> yeah i guess that'd just the gateway(s)
<rharper> by-mac, by-ip, etc
<rharper> but that's, I think, a rather large endeavor
<TJ-> I always wondered why that wasn't the systemd solution seeing as it absorbed udev, which love symlinks
<nacc> yep, and one most people have just avoided :)
<rharper> where's 9P
<sdeziel> what I'm saying is persisting a name that embeds slot location is confusing at best
<rharper> sdeziel: how so?
<rharper> for a real server in the lab
<rharper> it's useful information;  which card do I pull out ?
<rharper> the one in slot 7
<rharper> ens9 doesn't have a link (go plug in a cable)
<TJ-> it could just be a tag though, it doesn't need to be the if name, which should be something that means something to the network admin
<rharper> TJ-: yeah; so the ifalias field has 256
<sdeziel> in the ens7 -> ens4 case, if you persisted the name ens7 and the card actually moved to slot4 you can not longer figure out where it is hooked by the name
<rharper> one could come up with some tooling to apply info to that field and then assemble symlinks
<rharper> but all of the ip tools work on ioctls
<rharper> so a lot of effort to revamp tooling to look at symlinks to figure out which ifindex to use to query more info and set values
<rharper> sdeziel: correct; we'rre not suggesting to persist the nic name based on slot location into the OS;  rather in libvirt which is like the machine definition
<rharper> sdeziel: instead, the cloud should provide a name -> mac mapping in the config (openstack can do this) and cloud-init will generate mappings between name and mac via systemd.link files
<sdeziel> rharper: ah OK, I had missunderstood
<rharper> we're in a unstable time now that cloud-init can do this for some clouds (openstack has a network_data.json source);  other clouds may have theres too, and we need those clouds to start providing that level of netconf
<sirhumpalot> anyone have experience expanding an ext4 fs while online with TB of data and connected users?
<hallyn> drat.  my qemu 2.6.0 merge fails a guest scsi test.
<hallyn> well this is maddening.  my yakkety vms won't boot
<hallyn> all right purging cloud init helped
<HappySomethingSo> hi
<HappySomethingSo> I'm having problems setting up a static ip on ubuntu 16
<HappySomethingSo> I used to edit /etc/network/interfaces on ubuntu 14 to set it up, but that no longer works
<HappySomethingSo> and everything I do in /etc/network/interfaces.d gets erased on system boot
#ubuntu-server 2016-05-20
<HappySomethingSo> What changed in regards to setting up  a static ip on 16 vs 24?
<HappySomethingSo> thanks
<HappySomethingSo> vs 14*
<sarnold> "no longer works", what fails?
<HappySomethingSo> it doesn't set the assigned ip
<HappySomethingSo> sarnold:  this is what my image came with: http://pasted.co/212f34e7
<HappySomethingSo> I do not recognize the last line from ubuntu 14
<HappySomethingSo> sarnold: I have a feeling the problem's there
<sarnold> HappySomethingSo: what is your interface named? 'ip link' should show you the name; add your configuration to the file, then try to bring it up with ifup <interfacename>
<HappySomethingSo> sarnold:  in /etc/network/interfaces.d I have a file named 50-cloud-init.cfg with this in it: http://pasted.co/e213548b
<sarnold> HappySomethingSo: aha, does that match your interfacename?
<sarnold> HappySomethingSo: do you want it to use dhcp?
<genii> sarnold: Any .cfg files he makes in interfaces.d get wiped out next boot, any changes he makes to the existing file there also get reverted
<HappySomethingSo> sarnold: yes, eth0 is now  enxb827eb7c6bae apparently. I ant to use a static ip
<HappySomethingSo> not dhcp
<genii> sarnold: ( we were just going through this issue in #ubuntu and I referred him here for more specific help )
<sarnold> hey genii :)
 * genii waves
<sarnold> HappySomethingSo: are you using cloud-init intentionally? if not maybe the easy answer is uninstalling it
<HappySomethingSo> sarnold: it's a fresh image, I haven't touched anything
<HappySomethingSo> what exactly is cloud-init?
<sarnold> cloud-init makes it easy to fire up VM images (or actual hardware, in the case of MAAS) and have them "autodiscover" their configuration: networking, package repositories, new users, packages to add, etc. I find it a bit underdocumented but they have some nice examples up that give the flavor of what it does: http://cloudinit.readthedocs.io/en/latest/topics/examples.html
<HappySomethingSo> sarnold: I see, well if it came preinstalled I'd rather not meddle with it
<HappySomethingSo> ok
<HappySomethingSo> I think I've got it
<TJ-> that explains it, "50-cloud-init.cfg" is created by cloud-init, so of course it'll get overwritten
<sarnold> HappySomethingSo: interesting, this feels like it might also interact poorly with this bug https://bugs.launchpad.net/cloud-init/+bug/1571004 -- but I'm not 100% sure ..
<ubottu> Launchpad bug 1571004 in cloud-init "apply networking only on first instance boot" [Medium,In progress]
<genii> Now that my curiosity is sated, I'm off to watch hockey
<HappySomethingSo> sarnold: genii: TJ-: I managed to get the static ip working, I edited /etc/network/interfaces like usual but used the new interface name instead of eth0 (which is werid because it was called eth0 on the 50-cloud-init file until I rebooted it a couple of times)
<sarnold> HappySomethingSo: and it sticks across reboots?
<HappySomethingSo> sarnold:  I've rebooted it twice more and it seems like it's staying on the desired ip
<HappySomethingSo> so it was a problem with the interface names
<HappySomethingSo> thank all of you for your help
<sarnold> HappySomethingSo: excellent, I'm glad that was sufficient. :) like I said, I find cloud-init underdocumented, so I feared trying to find the fix if something simple didn't do it. :)
<HappySomethingSo> I was quite lost
<HappySomethingSo> :)
<sarnold> there's Good Reasons for these new interface names but it's going to take me another twenty years or something to get used to them.
<HappySomethingSo> sarnold: yeah, I thought something had gone wrong and that it was an error when I first saw the new name
<sarnold> understandable :)
<Datz> Hi, I'm having trouble network troubles with my install of 16.04. I can't install packages, and I can't ping outside servers. I'm currently logged in remotely though. I think there is some sort of DNS trouble. Any ideas?
<sarnold> can you ping by ip address? try e.g. ping 8.8.8.8
<Datz> This is what I'm getting trying to install a package : http://hastebin.com/iwozasesig.vhdl
<Datz> sarnold: yes, I can
<sarnold> Datz: alright, cat /etc/resolv.conf -- that should list some nameservers. ping each one in turn..
<Datz> ok
<Datz> sarnold: resolv.conf appears to be two commented lines long
<OerHeks> Datz, on 16.04?
<Datz> yes
<OerHeks> then you suffer this bug, https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1579712
<ubottu> Launchpad bug 1579712 in appstream (Ubuntu Xenial) "Refresh hangs due to strdup on non-NULL terminated string" [Medium,Fix committed]
<Datz> think so.. just installed today
<OerHeks> lot of heat.. remove it, and you'll be fine, patch is in proposed
<sarnold> OerHeks: .. how does that bug lead to busted dns?
<OerHeks> you don't need that appstream , it is optional
<Datz> so run sudo appstreamcli refresh --force ?
<OerHeks> sarnold, not sure how, but removal fixed it for a lot of users in #ubuntu
<sarnold> OerHeks: ouch :/
<OerHeks> i know, ugly fix ..
<sarnold> Datz: well, lets try OerHeks's suggested fix :) apt-get purge appstream
<Datz> ok, will do
<sarnold> OerHeks: did they need to do anything else along the way? re-poke apt in the eye or reboot or something else?
<OerHeks> ehm, good point. after removal, i would (try) to rerun apt update
<Datz> purged.. still not resolving.
<JanC> actually, the package in -proposed doesn't fix that bug  :)
<OerHeks> #30 john wang - The reason I warned against removing the binary is because it's a bad practice in general, even though in this particular problem scenario the removed binary gets restored when its package is upgrade
<OerHeks> :-(
<JanC> or, wait, maybe it's because it tried to install appstream before libappstream or something
<JanC> right, that was it
<Datz> So, is there a workaround or fix, or am I holding tight for now?
<sarnold> OerHeks: I think that was specific to the "rm /usr/bin/appstream*" advice or whatever it was
<JanC> Datz seems to have a DNS issue
<sarnold> Datz: well, as a half-ass solution you could try adding "nameserver 8.8.8.8" to your /etc/resolv.conf by hand; that'll use google's public resolver
<sarnold> JanC: OerHeks said the appstream screwup broke a bunch of people's dns. it seemed worth trying.
<Datz> I like the sound of htat
<Datz> that*
<Datz> I think I've had to do this before actually. Maybe something with my network instead.
<sarnold> if you've got a dhcp server that hands out leases without giving you dns server info that might be able to do it
<sarnold> but tbh since I never see that situation that's a wild guess
<OerHeks> more info now on the bug page
<OerHeks> https://bugs.launchpad.net/ubuntu/+source/appstream/+bug/1579712
<ubottu> Launchpad bug 1579712 in appstream (Ubuntu Xenial) "Refresh hangs due to strdup on non-NULL terminated string" [Medium,Fix committed]
<Datz> sarnold: I'm not sure if that's the case or not. Adding that nameserver does seem to fix the problem though.
<Datz> Will that nameserver be overwritten as stated in the comments of resolv.conf ?
<Datz> Also, I guess I can add back appstream?
<sarnold> Datz: meh, as far as I can tell appstream just downloads 8 megabytes of icons incase you want to browse gnome-software-center or something like that. If you're in here asking for help you'll probably never notice it's gone. ;)
<Datz> Ah, yes.. no gui.. ok guess I don't need it. Surprised it was added with the netinstall.
<sarnold> Datz: it's possible that the file will be re-written to be useless. if that keeps happening you can either uninstall the resolvconf package or you can figure out the /etc/resolvconf/resolv.conf.d/  files to re-add this..
<Datz> sarnold: great I'll make a note, and try and do this. Thanks.
<sarnold> Datz: note that there's half-billion people in the world using the google dns recursor -- while there's some safety in numbers, it feelsl ike I ought to let you know that that -is- a step outside of whatever the machines next to you might be doing
<sarnold> Datz: so e.g. local hostnames may not resolve correctly, or a local cache may do a better job for you. (or google's might be faster. most ISPs suck at running DNS so many people do get better results with google...)
<Datz> In the past I've added google's DNS servers without every really thinking about it. Maybe my isp is better ,I don't know :)
<Datz> I assume I can add some redundancy..
<sarnold> funny thing with dns, redundancy isn't always better -- finding one server that works is way better
<sarnold> and dns is super strange, the recursors get far better the more traffic they have
<sarnold> if they have all data already cached because someone else asked for a second ago, you'll get a muchf sater response..
<sarnold> one hot recursor is almost always better than two cool recursors
<sarnold> in stark contrast against e.g. web servers where multiple cool servers are usually better than one hot server :)
<JanC> it depends on how hot, of course
<JanC> webservers use lots of caching too (filesystem cache, database table/query cache, memcached, etc.)
<sarnold> yeah, if you can get webserver ram served stuff, that's best :)
<patdk-lap> sarnold, depends :)
<sarnold> patdk-lap: just buy more ram of course! :)
<patdk-lap> caching helps, but not tuning the recursor properly and giving it too much ram
<patdk-lap> can cause it to get slow as crap
<patdk-lap> ya, but unlike most things, dns is one huge hash table lookup, can cause all kinds of issues when it gets large
<patdk-lap> you talking normally about caching 200bytes or so maybe 1k per entry :)
<patdk-lap> hot webservers are good, just not *hot* cgi/fcgi/... servers :)
 * patdk-lap can't imagine what it would take to run 10k r/s wordpress site, without static caching
<sarnold> but 10qps dns recursor ought to be standard desktop thing :)
<patdk-lap> 10qps dns is less than a web browser does :)
<sarnold> of course i meant 10kqps :)
<sarnold> 10qps .. well, tandy 1000 :)
<JanC> tandy 1000 would have zero memory left for caching probably  :P
<patdk-lap> sarnold, dunno
<patdk-lap> my large dns installs, are only doing 1kqps recursive, and 300qps authorative
<patdk-lap> using two primary large recursives, and tiny ones on the smtp servers
<AndyWojo> the link to hp moonshot on the arm server page is broken btw
<AndyWojo> http://partners.ubuntu.com/hp?_ga=1.169315112.868843675.1460222902
<AndyWojo> http://www.ubuntu.com/download/server/arm down at the bottom
<AtuM> Hi. I am having some trouble starting nfs-kernel-server as rpcbind starts after the nfs service. any thoughts? I see that nfs service is started by init script while rpcbind is already converted to systemd unit
<AtuM> I've found bug #1558196 .. but the solution provided makes no difference
<ubottu> bug 1558196 in rpcbind (Ubuntu) "ypbind not able to socket activate rpcbind under systemd, fails at boot unless something else starts rpcbind" [Undecided,Triaged] https://launchpad.net/bugs/1558196
<halvors> Anyone knows if the "lo" interface is added by the kernel in Ubuntu?
<halvors> Even after emptying the "/etc/network/interfaces" file it is added.
<AtuM> halvors, lo is added by networking service or network-manager
<AtuM> having lo is essential to many services running on linux
<halvors> Yeah, the thing is that i want to disable the "network" service in favor of "systemd-networkd"
<AtuM> halvors, having "lo" does not impact you then.. either way you will need it.
<AtuM> it might be brought on by systemd.. i have not checked that yet..
<halvors> AtuM: Yeah i know,  just wondering if it's added by ifupdown or systemd :)
<halvors> Not going to remove it.
<halvors> AtuM: Do you know how to disable ifupdown?
<AtuM> halvors.. check /etc/init/network-interface.conf.. there are some definitions there..
<AtuM> systemd still needs configuration files to do anything
<halvors> Yeah i know.
<AtuM> in the mentioned conf file it is stated for "lo" : # bring this up even if /etc/network/interfaces is broken
<AtuM> so there you have it
<AtuM> halvors, no, i've never tried to disable ifupdown.
<halvors> Ah ok, thanks :)
<AtuM> how would i tell systemd to start rpcbind before nfs-kernel-server ? I'm doing a workaround by restarting both services inside rc.local, but i really do not like doing things this way
<sobersabre> hi, I managed to configure my ubuntu server as a member to active directory. I have ids problem.
<sobersabre> I also ran ldapsearch and it seems there's some kind of pre-defined list of attributes used by ldapsearch
<sobersabre> I'm noticing the attributes I want to be mapped in /etc/ldap.conf are not listed in the LDIF query result.
<AtuM> ubuntu's defaults are not made for microsoft ad. you might need to adjust those attributes
<Walex> sobersabre: schemas...
<davethenoob> hey yall
<davethenoob> I have a vpn question if i may?
<davethenoob> i have tried setting up openvpn on my raspberry pi and moved client key to phone and used openvpn client on android phone, but the connection just stays at 'waiting server response'
<davethenoob> After trying many times various openvpn guides, i have decided to go back to using pptp, which i have set up before
<davethenoob> is there a way a making pptp a bit more secure? Limiting to a specific device to connect from etc?
<davethenoob> not completely ubuntu-server, but i am trying to connect to my network to get access to my owncloud/subsonic, which is on ubuntu server
<davethenoob> thank you in advance
<rbasak> I wouldn't trust pptp. I'd focus on making openvpn work.
<rbasak> It might be worth running tcpdump on the server to see if two way traffic is getting through.
<TJ-> davethenoob: first thing on the server-side is consult and watch the logs, having enabled additional verbose debug log messages
<frickler> jamespage: chown -R root:neutron /etc/neutron/ in neutron-common.postinst breaks our deployment, was this added recently?
<davethenoob> hmm okay
<davethenoob> ill give it another go
<jamespage> frickler, not changed for a long time...
<jamespage> Date:   Thu Apr 30 15:29:57 2015 +0200
<jamespage> was the last touch on that file - and tbh that was the creation of the git repo its in...
<davethenoob> how does tcp dump work? Do run it and then connect from phone client?
<frickler> jamespage: ok, well, nevermind then, nothing that a decent chef-client run couldn't fix ;)
<davethenoob> can anybody recommend a good step by step guide for installing openvpn on raspberry pi? Ive tried a couple and one video guide.
<robb_nl> try #raspberrypi or #openvpn
<TJ-> davethenoob: "apt-get install openvpn" and add a config in /etc/openvpn/server/ I think it is
<jamespage> coreycb, added ironic, trove and nova-lxd to CI; ironic does not like xenial; nova-lxd foobar on newton generally
<coreycb> jamespage, ok
<coreycb> jamespage, we were 100% success at one point yesterday
<jamespage> coreycb, yup
<jamespage> coreycb, ddellav: horizon bugs could do with some love. https://bugs.launchpad.net/ubuntu/+source/horizon/
<coreycb> jamespage, I'll take a look
<PMunch> Hi, I'm having a little trouble after I updated from 14.04 to 16.04
<PMunch> The problem I'm having is that suddenly none of my git repositories are working
<PMunch> http://pastebin.com/TLCBYxPA that's the error I'm getting when I'm trying to pull a repo.
<Sagar> udo systemctl status apache2 => Failed to get properties: Failed to execute program org.freedesktop.systemd1: Permission denied
<Sagar> sudo*
<Sagar> ubuntu xenial 16.06
<Sagar> what can be the issue?
<RoyK> 16.04, perhaps
<RoyK> but what is org.freedesktop doing on a server?
<Sagar> idk
 * RoyK find systemd confusing
<RoyK> s/find/finds/
<Sagar> o.O
<TJ-> its the Dbus path to the IPC damon
<Sagar> is it?
<TJ-> the path is the freedesktop specificied path
<TJ-> Sagar: as I asked in #ubuntu, did the system boot using Upstart? in which case that error would make sense
<Sagar> idk how can i check that?
<TJ-> possibly "cat /proc/cmdline" will have an 'upstart' or something on the line
<Sagar>  cat /proc/cmdline => BOOT_IMAGE=/boot/vmlinuz-4.4.0-22-generic root=/dev/md1 ro rootdelay=10 net.ifnames=0
<TJ-> Nope
<TJ-> "permission denied" ... have you modified the sudoers entries at all?
<Sagar> yes
<TJ-> Sagar: so you shot yourself in the foot?
<Sagar> i am root
<Sagar> this is my /etc/sudoers
<Sagar> http://pastebin.com/tChH3sFE
<TJ-> you're root but calling it with sudo?
<TJ-> how about just "systemctl status apache2.service ?
<Sagar> Failed to get properties: Failed to execute program org.freedesktop.systemd1: Permission denied
<Sagar> still the same
<Sagar> is it policy kit?
<TJ-> The error is coming via Dbus
<Sagar> then what should i do?
<Sagar> TJ-?
<TJ-> Sagar: well first I'd return to a vanilla sudoers to determine if those changes are responsible or not (generally its' better not to edit /etc/sudoers but add an additional file with e.g. "visudo -f /etc/sudoers.d/my_admins "
<TJ-> Sagar: I'd also do a reboot in case this is a one-off
<Sagar> rebooted already
<Sagar> i just removed php from my server
<Sagar> after that iam getting these issues
<TJ-> Did something else get removed too? check the /var/log/apt/history.log and /var/log/apt/term.log in case
<jamespage> coreycb, 12 packages togo until 1000 uploads...
<coreycb> jamespage, ha!  where do you see that?
<jamespage> coreycb, https://launchpad.net/~james-page/+uploaded-packages
<coreycb> jamespage, that's got to get a karma bonus :)
<jamespage> I'm waiting for achievement unlocked to resound across my office.. :-)
<genii> sarnold: So, did HappySomethingSo's issue last night end up to be cloud-init, in the end?
<coreycb> jamespage, lol
<coreycb> jamespage, I'm fixing cinder for newton
<jamespage> coreycb, microversion-parse is in unstable; I missed two copyright holders for monascaclient - sorting that now
<coreycb> jamespage, ok
<coreycb> ddellav, I see you signed up for glance in the spreadsheet.  it's building ok so I think we can hold off until the next breakage.
<coreycb> ddellav, did you do some work on oslo.cache?  I see you have it marked as done
<coreycb> ddellav, let me know if you need a sponsor
<halvors> I have a router running linux and a problem with a TCP connection that comes in another interface than it went out is being dropped somehow. This is IPv6, does the kernel do any reverse path filtering?
<ezicial> Ahoy all, I'm looking for help / advice on setting up an IRC server on a dedicated Ubuntu server, the purpose of which is to create a web based IRC chatroom on a website.
<Sling> ezicial: it's probably much easier to use an existing irc network to create a channel
<Sling> unless you have good reasons not to use one
<ezicial> Sling: nope no good reason, we just have the dedicated server so thought why not, it could be interesting...
<Sling> ezicial: having a communication channel on another server is especially useful if you want your community to still be able to reach each other when the server is down :)
<nacc> there is also webchat.freenode.net already
<ezicial> Also I have no idea what the rules are with regards to freenode, etc.'s policy on creating chatrooms for a particular site. In this case an internet radio station.
<ezicial> Don't want to step on any toes if it can be avoided.
<Pici> ezicial: #freenode can help explain
<ezicial> Out of interest sake though, is there any reason not to create our own IRC server other than possible down time (which doesn't really apply since the website is hosted on the same server anyway)?
<Sagar> i am getting this error
<Sagar> root@wolf:~# sudo systemctl status apache2 => Failed to get properties: Failed to execute program org.freedesktop.systemd1: Permission denied
<ddellav> coreycb ok i'll hold off on glance and yes, oslo.cache is ready, i'll push the repo and send you the link for sponsor directly
<Sagar> what could be wrong?
<coreycb> ddellav, ok.  feel free to grab broken packages to work on that have a red dot on the ci dashboard.  we're at a point now where most everything is successful and we can spend a little time each day on daily maintenance.
<coreycb> ddellav, how's heat?
<ddellav> coreycb ok, i'll keep an eye on the dashboard. Heat is done. It seemed to create the config properly the way I had it but I updated it with your suggestions. I'll re-push in a minute
<coreycb> ddellav, jamespage: I pushed a new version of cinder for newton, that should fixup today's failure
<maswan> ezicial: no, not particularly, but irc servers are not very widely used as packaged, so you might find some rough corners as you try to set it up
<ezicial> maswan: yep, already seeing some of those rough corners...
<Sagar> i am getting this error root@wolf:~# sudo systemctl status apache2 => Failed to get properties: Failed to execute program org.freedesktop.systemd1: Permission denied
<ddellav> coreycb lp:~ddellav/ubuntu/+source/oslo.cache ready to go, heat is having build failures after i changed d/rules, looking at them now
<Sagar> anyone who could tell me why i am getting permission denied issue on root@wolf:~# systemctl status apache2 => Failed to get properties: Failed to execute program org.freedesktop.systemd1: Permission denied
<ddellav> coreycb i think what happened with heat was because i moved my changes to the master branch and there are dependency issues: https://launchpad.net/~ddellav/+archive/ubuntu/xenial-newton/+build/9778758
<coreycb> ddellav, did you bump those requiremetns up?
<ddellav> coreycb i did not touch d/control at all. Only change I made was to d/rules
<coreycb> ddellav, that's odd. send me a link to your package.
<ddellav> coreycb however jamespage did have an unreleased version bump in the repo that my changes attached to
<coreycb> ddellav, that's probably just daily ci fixes
<ddellav> coreycb lp:~ddellav/ubuntu/+source/heat
<coreycb> ddellav, fwiw heat is building ok. 4 successes today.
<coreycb> on the daily build ^
<coreycb> ddellav, you'll need to build that with the daily snapshot, so use the daily snapshot process
<coreycb> ddellav, also leave the version as 0ubuntu1
<coreycb> ddellav, wait...
<ddellav> waiting
<coreycb> ddellav, nevermind, yes do that and we won't upload the fix until b1
<ddellav> coreycb remind me what is the daily snapshot process? Is that the pastebin james posted about core releases?
<coreycb> ddellav, oh and the depwait you're getting is because you're building it in a xenial ppa
<coreycb> ddellav, yes
<ddellav> ok, i'll use yakkety
<Sagar>  service apache2 start doesn't show any output, i am on ubuntu 16.04 xenial
<mpjetta> does anyone know if the 70-persistent-net.rules udev interface tricks should work in 16.04 ? I have a server that canât decide if the NIC is rename3 or rename5 ;(
<Sagar>  service apache2 start doesn't show any output like it used to starting/running .... apache2 [ok], i am on ubuntu 16.04 xenial
<riz0n> Hello -  I have an Ubuntu 14.04 LTS web server and I am trying to make some changes to its behavior. Currently, I have each user's web page within their home folder (for example, www.foo.com would be /home/foo/www). The problem I'm running into is that each time a file is added, permissions have to be re-set to allow that file to be accessible by Apache. I am trying to eliminate that.
<riz0n> What I was thinking was create /var/www/foo.com and give the user mike and group foo permission to this, then create a symlink from /home/foo/foo.com to /usr/var/foo.com. The problem I'm running into is that when I ftp into foo's account, and try to browse to the symlink, I get permissions denied. What would be the best way to go about setting foo's web folder access so that any newly
<riz0n> created files will be accessible by Apache?
<ddellav> coreycb i rebuilt on a yakkety-newton ppa and its still complaining about monasclient. In the spreadsheet james noted the latest build also has a depwait on it for his system as well
<coreycb> ddellav, ah. ok.  let me review and upload it to directly to the testing ppa for newton.
<coreycb> ddellav, let me know when it's fixed up (--> 0ubuntu1)
<ddellav> coreycb: ok, I'll fix that and repush.
<ddellav> coreycb: ok it's fixed.
<coreycb> ddellav, oslo.cache pushed/uploaded, thanks
<coreycb> ddellav, heat's pushed and I manually kicked off a daily build for the newton combinations
<jeeves_moss> what is the command to get a service to start at boot?
<synchronet> check the man but usually default setting
<genii> If you use the regular update-rc.d way, systemd will execute it the same way sysvinit would have previously
<jeeves_moss> I tried the update-rd.c defaults path, and when I reboot, still nothing
<genii> jeeves_moss: Old but still relevant Debian step-by-step: https://debian-administration.org/article/28/Making_scripts_run_at_boot_time_with_Debian
<jeeves_moss> perfect, thanks.  I'm going to need to do some self signed certs, and push this out.
<riz0n> Hello: I am using Ubuntu 14.04. I have set up a web server where I have multiple users on system, each having their own sites.
<riz0n> For example, user foo may have bar1.com and bar2.com as domains, so they would have /home/foo/bar1.com and /home/foo/bar2.com. We use VSFTPD to upload files to the server
<riz0n> When I create directories, I create them with permissions of 775
<riz0n> However, when files are uploaded, they are given permission of 600. What changes do I need to make in vsftpd to where permissions, by default, are 775?
<synchronet> riz0n:  if your using 14.04 make sure if your using proftpd to comment out the mod_copy.c in modules.conf
<synchronet> or you will be hacked sooner or later
<synchronet> Ubuntu dont care
<riz0n> ok so let's try something else (because I don't wanna be hacked0
<riz0n> Here's what I'm aiming for
<sarnold> vsftpd should be fine
<synchronet> if your using proftpd then yes, either comment that module out etc
<riz0n> When individual users add files to their web directory, I want it to have the proper permission so that Apache doesn't throw up a 500 or 403
<teward> riz0n: unless you have a lot of other controls in place, you shouldn't have web files running from a user's home directory
<sarnold> synchronet: if you're going to use proftpd instead of vsftpd you should go through the list of open CVEs against it http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html
<synchronet> sarnold: its a Virtualmin thing
<synchronet> they use it
<teward> hate my IRC client
<synchronet> sarnold:  I have moaned enough
<synchronet> should be fixed
<JanC> virtualmin...
<riz0n> I did not have any of these problems until I upgraded to 14.04. But I was also giving people access to SSH. To eliminate that, I set their shell to /bin/false and they can use FTP (I do have encryption support in vsftpd)
<synchronet> yeah you can find it on Google, nice virtual server software
<sarnold> synchronet: yikes, if you're going to use virtualmin be sure you've got that firewalled to only your specific IP address
<synchronet> VM is for webhosting
<teward> riz0n: I would instead put user web docroots in /var/www/${USER}/public_html or similar, set up a symlink in the user's home directory to that, and set permissions such that you then execute the following on that directory: chown ${USER}:www-data /var/www/${USER}/; chmod 2750 /var/www/${USER}/
<synchronet> yet the still use profpd etc
<synchronet> proftpd
<JanC> so, don't use webmin/virtualmin
<teward> riz0n: that way, the web server can't traverse (unless it's not jailed or configured right) into user home directories, but the user can edit/create things and still the webserver will be able to access
<synchronet> its a well know exploit
<synchronet> known
<synchronet> JanC:  maybe not use Ubuntu 14.04?
<synchronet> as you ship it
<synchronet> took you ages to sort the headless server reboot problem in Grub
<genii> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<JanC> there is no proftpd in Ubuntu by default and no virtualmin in it at all
<genii> ..so there's that...
<synchronet> that cannot be possible
<synchronet> hangon, will ask
<patdk-wk> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<patdk-wk> oh, he already did that
<synchronet>  Webmin works quite well with Ubuntu and Debian. It's also considered a Grade A supported distro. Was the reply
<synchronet> I said, Quire well?
<synchronet> Quite
<teward> synchronet: Webmin is not provided in the repositories
<synchronet> Geez is Webmin and Virtualmin a second hand car dealer?
<teward> synchronet: it does some oddities in it that make it incompatible with how the systems actually work under the hood
<synchronet> teward: not trusted etc??
<patdk-wk> oh, you can use them if you want
<teward> synchronet: not trusted, doesn't work correctly alongside other utilities, botches configuration storage paths at times, etc.
<teward> synchronet: you can install it if you want, but we don't support it here
<patdk-wk> just if you do, NEVER update your system automatically
<teward> synchronet: you also are going to have to NOT enable any automated updates
<teward> because webmin doesn't work well with that
<teward> there will be death
<synchronet> works fine it appears but not have have Ubuntu endorsement?
<teward> synchronet: let me talk as a security guy then:
<synchronet> thats important
<teward> if you run webmin, its going to open you to vulnerabilities
<teward> many service scanners search for it, and hunt for exploitable paths as well
<synchronet> everything as vunrabilties I get your up^dates daily
<teward> and unless you are always on the latest of it, you will be opening yourself to hell
<teward> synchronet: i mean in webmin
<teward> NOT in the underlying software on Ubuntu
<synchronet> sure
<teward> you don't get security updates for webmin via Ubuntu
<synchronet> ok
<synchronet> you dont look after it
<teward> and those security updates that happen automatically will need ***turned off*** if you use webmin
<synchronet> I get it
<teward> or you will break things
<patdk-wk> I normally only see security updates every other week, or less
<teward> it will break, and it will break things.
<patdk-wk> but that is better than monthly rollouts for me atleast
<teward> synchronet: as a server administrator, and a security guy, you can use webmin if you want, but we don't support it, we don't endorse it, we recommend NOT using it, and you will use it at your own risk
<synchronet> teward: got ya
<synchronet> will just relay that on
<teward> to whom
<teward> webmin?
<teward> or your IT admins :p
<synchronet> VM irc
<teward> why are we playing relay tag again?
<synchronet> its important
<teward> again, *why* are we playing relay tag with a channel that isn't an Ubuntu channel?
<synchronet> some of use are trying to make a secure living using Linux
<synchronet> so
<teward> learn the command line, where configuration files are, SSH connections, and the stuff that server administrators who actually get certified as such (like myself) have to learn.
<synchronet> even so webmin etc say Ubuntu is a GRADE A OS you dont support it!
 * teward grumbles
<sarnold> yikes, if you're using webmin firewall the living hell out of -that- too
<synchronet> what CP for webhoster do you recommend then?
<teward> y'know what, I'm going to chalk all this up to "user and upstream stupidity", and going to do something actually productive, like clear the "TODO" items off my worklist for Yakkety...
<darko0> Hey guys! I'm thinking of setting up a ubuntu server for webhosting on Linode and currently my main concern is security setup.. Could anyone point me in the right direction to set that up a guide/tool or whatever , thx for the help!
<synchronet> np
<sarnold> the most common causes of breakins are: (a) brute-forced ssh passwords (b) vulnerabilities in those terrible "control panel" programs
<synchronet> noob here just trying to use the tools out there
<synchronet> why dont Ubuntu do a web hosting CP?
<synchronet> charge a few bucks
<JanC> sarnold: well, and all sorts of web apps in general
<sarnold> JanC: true, but something about control panels attracts the worst programming discipline :(
<JanC> hehe
<synchronet> Ubuntu server and the new Ubuntu web hosting CP, would sell no?
<sarnold> it's kind of a niche market thse days... fifteen years ago, maybe
<synchronet> who needs cpanel, direct admin, Virtualmin etc after
<synchronet> food for thought
<synchronet> niche market, using a linux server for webhosting??
<sarnold> these days folks just roll out something on digital ocean or amazon s3 or whatever, it's cheap, they've got full control over their own site..
<sarnold> two thousand users on a host is just not as common as it once way
<JanC> there are a couple of CP that were designed to be used with Debian/Ubuntu, IIRC
<teward> sarnold: s/way/was/
<synchronet> talking about dedicated
<synchronet> to be honest I dont think any of you really know what your doing
<synchronet> and chasing after what suits your needs
<Bae> sarnold, hello
<sarnold> synchronet: all I'm saying is if you're going to use programs with such terrible security histories, _please_ take precautions.
<teward> synchronet: if you don't think we know what we're doing, the exit is over there --->
<sarnold> synchronet: confine your ftpd with apparmor..
<teward> you are the one who came here with questions ;)
<Bae> i came back to ask you question about apparmor if you do not mind. since you already know my specific config sorta. sarnold
<sarnold> synchronet: confine your web control panels with firewalls
<Bae> btw are you a developer?
<Bae> of apparmor i mean
<sarnold> hey Bae :) how you're doing today?
<teward> Bae: sarnold's on the Security Team
<Bae> hey sarnold im fine thx. how are you?
<Bae> sick ass
<sarnold> Bae: well, sort of. I don't actually write much code for it but I've been working on apparmor for ~16 years :)
<Bae> dang
<Bae> nice to have u here
<patdk-wk> did apparmor nesting land for lxc?
<patdk-wk> if so, I didn't figure it out :)
<Bae> so my question is what is the purpose of logprof sarnold. according to this http://www.howtogeek.com/118328/how-to-create-apparmor-profiles-to-lock-down-programs-on-ubuntu/ it seems like you can create profiels from logs after running the profile normally in complain mode?
<sarnold> patdk-wk: not et
<patdk-wk> no wonder I couldn't get it working yet :)
<sarnold> patdk-wk: john wrote some docs http://wiki.apparmor.net/index.php/AppArmorStacking#Using_Stacking_in_combination_with_Policy_Namespaces  -- I haven't looked at them yet
<sarnold> Bae: yeah aa-logprof can do that for programs that you've started running; if you're creating a profile from scratch you can use aa-genprof and it will automate the aa-logprof steps for you
<Bae> sarnold, ah so my steps would be if i set complain mode on my nodejs program for example. and say the nodejs program starts up, accesses /home/user/directory1 and then accesses /home/user/directory2 then does some other network shit. this will all get logged. then if i tell apparmor to generate logs it will blacklist ALL other directories and ONLY whitelist those 2 directories and the networking shit? is that what it does?
<sarnold> Bae: mostly. it'll ask you a question about every log entry. if some of your answers covers log entries it hasn't reached yet, it gets to skip those :)
<Bae> sarnold, when will it ask me questions about log entries? when i do the aa-logprof command?
<sarnold> Bae: yes
<Bae> sarnold, so basically it will look at everything i've done when i perform every possible functionality of the app, then ask me is this ok? is that ok? and then if i say yes and no, it will generate a profile automatically for me and then i can run the enforce mode to enforce that profile so that every possible command of the nodejs app can be done. and anything outside of that will be blocked?
<sarnold> Bae: right
<Bae> damn thats really smart
<sarnold> yes :)
<patdk-wk> and then all is good, till you expand your node app
<patdk-wk> and you can't figure out why you keep getting permission denied errors
<patdk-wk> and forgot to look at dmesg
<Bae> patdk-wk, if it came down to that i will edit the nodejs app, upload it to the server. delete the current node app profile. and then logprof again
<patdk-wk> that would be really annoying
<patdk-wk> just run it on the new entries it is printing, or add them manually
<patdk-wk> then just append
<Bae> maybe i will just do that yes patdk-wk
<Bae> sarnold, how is the scope of this? if nodejs accesses a file say /home/user/directory/file.txt. is the apparmor generated profile going to blacklist everything else and ONLY whitelist /home/user/directory/file.txt in logprof ?
<Bae> like what is the default way that app armor works? blacklist everything and whitelist a few things?
<sarnold> Bae: it'll ask you what you want to do; you could answer "allow" and only that file will go in the whitelist. Or "glob" and /home/user/directory/* will be added. "glob ext" will add /home/user/directory/*.txt. "glob ext glob ext" will give you /home/user/**.txt. And so on. :)
<sarnold> Bae: exactly
<sarnold> Bae: the 'deny' rules can subtract accesses but that's subject to the usual "blacklists aren't safe" reasoning.
<Bae> yeah i dont like that deny shit tbth
<Bae> i like blocking to everything EXCEPT the things i need
<sarnold> exactly
<sarnold> it's sometimes useful
<sarnold> and apparmor also allows you to use the 'deny' keyword to silence the logging when you know something is doing something stupid
<sarnold> for example, everything linked with kerberos tries to write to /etc/keytab.something as part of startup -- the intention is that they fail if they can write to it
<sarnold> .. but _every_ _program_ doing this is annoying :) so add the 'deny' rule to the profile and apparmor will be silent about those.
<Bae> sarnold, question. if nodejs app calls another binary in the bin folder and apparmor profile contain catches that, can i tell apparmor to put the other binary as an "ix" mode in the nodejs app profile ???
<Bae> profile complain*
<Bae> as in is there way to send the "ix" command from the logprof method ?
<Bae> or do i have to generate the logs, then open the profile file then manually add ix where need be?
<Bae> tbh any other binary the nodejs app calls i will probably do ix just to make sure those bins can only access the file directories that my nodejs app can access
<patdk-wk> I whitelist stuff
<patdk-wk> but I also blacklist stuff, to keep down log noise
<patdk-wk> like things the app does, that I don't want to work :)
<sarnold> Bae: yes, logprof will let you pick between px, ix, cx, ux, as appropriate :) it also makes it hard to e.g. pick 'px' for /bin/grep, etc., because that'd wreck your day.. :)
<patdk-wk> ux all the stuffs
 * sarnold kicks patdk-wk
<Bae> wow are u a hacker
<patdk-wk> hmm /usr/bin/* ixr,
<patdk-wk> looks like that is what I'm mainly using is ixr
<Bae> man this apparmor shit is cool af
<sarnold> patdk-wk: oh yeah that's fine :)
<patdk-wk> fun php one, owner @{WWW_DIRS}/phpsessions/?/?/* rwk
<patdk-wk> had to use, to make sendmail work, owner /var/spool/mqueue-client/* rwk
<patdk-wk> run this app in total confinement
<Bae> sarnold, does apparmor by default blacklist all things and whitelist certain things (as described in complain mode) ?
<patdk-wk> define default?
<patdk-wk> if you setup an empty profile, it will audit deny everything
<patdk-wk> depending on how you switch into it
<Bae> patdk-wk, yeah say i put something in aa-complain mode. then ran it. then generated with logprof. at this moment in time, is apparmor going to generate an profile with everything blacklisted BUT my specifications whitelisted?
<patdk-wk> depends, it will make that profile, yes
<sarnold> Bae: yes; try this: cp /bin/bash /tmp ; echo "/tmp/bash { /tmp/bash rix, /bin/* rix, /usr/bin/* rix, }" | apparmor_parser --reload     and then run /tmp/bash, see what happens ;)
<patdk-wk> but I'm not sure if it will override the calling or not
<Bae> oh i see
<Bae> damn
<sarnold> Bae: start with somethin gnice and small and see what happens :)
<patdk-wk> can't remember how the calling works, for switching, maintaining and adding, ...
<patdk-wk> as I always use, swapping :)
<patdk-wk> changehat :)
<Bae> ok thanks guys. it answers all my questions this has been great :)
<patdk-wk> what those ux, ix, px, ... mean
<Bae> heh. all i know is i like ix most
<Bae> probably ixr. yep
<patdk-wk> ix if I remember right is, include restrictions and execute
<Bae> inherit
<sarnold> "inherit"
<patdk-wk> close enough :)
<Bae> yeh pal
<sarnold> "unconfined"
<sarnold> "profile exists"
<patdk-wk> hmm, kindof like wrapping your program into one of these? http://www.ostrichpillow.com/
<Bae> lol
<Datz> sarnold: Thanks for the advice yesterday with my DNS resolving issue (adding nameserver 8.8.8.8) to /etc/resolv.conf.  A little to add to that. I had configured the machine for a static address in /etc/network/interfaces which seems to be defined correctly. Today I checked /etc/resolv.conf after ping failed to resolve DNS, or course it was overwritten. So I started checking in /etc/resolvconf/resolv.conf.d/ as you suggested 
<Datz> Hopefully that wasn't cut off^
<Datz> That loong post is really directed at anyone.
<sarnold> Datz: the last thing that went through was "as you suggested"
<Datz> as you suggested yesterday to have it added automatically. I noticed in /etc/resolvconf/resolv.conf.d/original there's a nameserver for the wrong gateway, the one for where I set the machine up instead of the one for the current location. This seems like a bug?
<Datz> I edited it for the gateway where it currently is, but it really seems like it should reidentify and be overwritten
<Datz> There could also be something wrong with my gateway/router
<sarnold> Datz: I think the "original" file is just one that resolvconf stuffs away in case you need it
<Datz> Ah, I see.
<Datz> Looks like everything else in /etc/resolvconf/resolv.conf.d/ is basically empty
<sarnold> Datz: yeah; the 'head' gets prepended to the /etc/resolv.conf that it generates
<Datz> ah, interesting, so I could define a nameserver there?
<teward> Datz: yes, you could
<Datz> Neat, I bet there's docs on it(i hope) I'll have a look. THanks
<teward> in fact, this is what I do on my local Ubuntu 14.04 laptop, which runs its own bind9 resolver, because I have a lot of different DNS rules
<teward> there isn't, really
<Datz> ok, I can just add "nameserver 8.8.8.8" then?
<teward> basically, under the two commented out lines (with # at the beginning), put this: nameserver 127.0.2.1
<teward> replace 127.0.2.1 accordingly
<Datz> ah, gotcha, thanks
<Datz> I can add one for redundancy also in the same format I suspect.
<sarnold> since "unreachable nameserver" takes an absolute eternity, you'll probably want to just fix whatever unreliability is in a nameserver :)
<sarnold> it's like six seconds or something outright intolerable
<Datz> ha
<Datz> head also warns that changes will be overwritten
<JanC> there is documentation in /usr/share/doc/resolvconf/README.gz
<sarnold> yes, that's how the warning makes it into /etc/resolv.conf :)
<Datz> ah
<Datz> heh heh
<Datz> On a completley unrelated note, I thought that ZFS was now the default FS in 16.04, but it looks like I'm on ext4.
<sarnold> seriously though you can reach the other side of the planet in about 250 ms or so. four trips around the world, one second, yeah alright..
<skylite> which one is faster NFS or samba? I cant see clear answers to that anywhere
<JanC> ext4 is default, ZFS is available
<sarnold> I guess six seconds is long enough that it's so terrible you actually go investigate -why- it's broken
<bekks> skylite: NFS has a smaller protocol overhead.
<sarnold> if it was one second you might not bother, or just think something else is broken..
<Datz> JanC: Ok thanks.
<sarnold> Datz: zfs on root currently takes some work
<sarnold> it's possible but I decided for myself that it was too much effort
<JanC> once we've colonized Mars we'll have to increase that 6 sec though  :)
<Datz> sarnold: gotcha. I hadn't looked into it, I just noticed that's what was mentioned in ol reliable Wikipedia.
<sarnold> JanC: mars will doubtless run their own recursors :)
<sarnold> Datz: zfs is awesome stuff; here's a nice series of blog posts https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/
<Datz> Cool, I'll take a look.
#ubuntu-server 2016-05-21
<halvors> Is the linux kernel doing any reverse path filtering for Ipv6?
<halvors> I have an issue where a TCP stream routed out one interface on the router but comming in another interface is dropped...
<AndyWojo> does 16.04 cloud image not have cloud-init?
<zosky> hi yall. my ubuntu server is hanging during boot, the last line i see is 'starting nfs-kernel-server'... but if i drop to a shell, i can start it manually without error. so is it the next init script after thats hanging ? how can i tell
<zosky> i looked at the files in /etc/rc3.d/ ... the one after S20nfs-kernel-server is S20smartmontools... disabling that (from /etc/default/smartmontools) and it boots... starting it manually (sudo service smartmontools start)... no errors. why does it hang the system during boot ?
<shekhar> hi
<shekhar> hello guys can i get some regarding the apache2 server
<shekhar> here
<shekhar> hey anyone here
<sarnold> shekhar: irc works best if you ask specific questions
<shekhar>  i followed instruction https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts everything is fine but it is showing "the site cant be reached " when i type the url in addr bar
<shekhar> where can i find the error log specific to the above problem
<shekhar> sarnold:  ^^ could you please look into the above issue
<sarnold> shekhar: probably /var/log/apache/
<sarnold> shekhar: is "the site can't be reached" coming from your browser? or is a server-generated error?
<shekhar> from my browser  sarnold
<sarnold> shekhar: then the request is probably not getting to your server at all -- use 'host' to see if your server name resolves to the correct ip address
<sarnold> shekhar: if the IP address is good, then use telnet or nc to connect to that IP address, port 80, and see if there's a webserver listening on the port
<shekhar> https://www.irccloud.com/pastebin/asbnuCCf/
<ShekharReddy>  i removed apache2 using sudo apt-get purge apache2* and reinstalled. Now i get a different default pages on localhost and IP addr
<ShekharReddy> https://snag.gy/ZpHTjn.jpg  it is different from  https://snag.gy/PEJxef.jpg  https://snag.gy/0fx2GT.jpg
<ShekharReddy> any help is appreciated
<ShekharReddy>  i removed apache2 using sudo apt-get purge apache2* and reinstalled. Now i get a different default pages on localhost and IP addr
<ShekharReddy> https://snag.gy/ZpHTjn.jpg  it is different from  https://snag.gy/PEJxef.jpg  https://snag.gy/0fx2GT.jpg
<ShekharReddy> any help is appreciated
<Bae> do ubuntu-server installations have spyware software ?
<AndyWojo> Bae: like what?
<Bae> like amazon?
<AndyWojo> uh no....
<Bae> some kid was spewing such nonsense earlier
<Bae> that ubuntu is spyware and should not be messed with
<Bae> idk if the minimal installation comes with such things by default
<teward> Bae: I think Amazon used to be something included in Unity, but I don't think that's included anymore?
<teward> Bae: Server never had the Amazon stuff - that was part of the shopping search scope on Unity I believe
<Bae> ooooh. so the desktop one had it ?
<teward> Bae: 16.04 doesn't have that last I checked, but that was a Unity thing, not Server or "Ubuntu Standard Feature"
<teward> and only applied to the Unity search barl
<teward> I have a script I Used to yank that stuff out but eh
<Bae> teward, i'm going to be using ubuntu server 15.10 though. is it there? if it is, i want to remove all spyware out there. can u remember what spywares are in there so i can take the steps to remove em?
<teward> Bae: so you don't listen to what I said
<teward> [2016-05-21 11:55:09] <teward> Bae: Server never had the Amazon stuff - that was part of the shopping search scope on Unity I believe
<teward> Unity != "Ubuntu" overall
<Bae> yeah i read that. i was talking about other spywares that may exist on the server
<Bae> not just unity or what not
<teward> wha...
<teward> ***why*** would oyu assume Ubuntu comes with spyware
<Bae> ok so there is no spyware. i understand now lol
<teward> **why** would you make the equivalency that just because Unity Desktop had an Amazon Shopping scope, *everything* in Ubuntu comes with some spyware
<AndyWojo> It's just ubuntu haters saying this stuff
<Bae> i did not say ubuntu *must* come with spyware. i asked if there was. and i said if there may be some i would like to remove them. and that if you remember any, do tell me. no accusation was made
<Bae> and i dont even hate ubuntu i am going to use it in a production environment anyway
<Bae> and the reason why i asked such things was because some kid was talking about it eaerlier in a different channel
<teward> Bae: the context after I said that Server never used the Amazon stuff, and the 'spyware' reference was to Amazon and searches in the Dash being sent automatically, it came across as such an accusation
<teward> also, I haveni't had coffee
<teward> so i'm not 100% 'awake' yet ;)
<teward> (take my attitude with a grain of salt, i'm not normally this way)
<Bae> ok no worries :}
<ashd> .
<Basketball> hello
<Basketball> i would like to make a printer server any guides
<ashd> Basketball: https://help.ubuntu.com/lts/serverguide/cups.html
<Datz> Hi, I'm having a problem getting phpmyadmin to work on 16.04. started out complaining that mbstring was missing, after I installed that, I started getting 500 error. I can't find anything in the apache2 logs. What should my next step be?
<baller> hello
<baller> how can i setup a google cloud print server
<RoyK> baller: https://support.google.com/a/answer/2906017?hl=en perhaps_
<RoyK> ?
<baller> i tried that
<baller> is there a better os to use for thisz?
<RoyK> google cloud printing sounds like a really good idea if you want google to index everything you're printing
<baller> i have a chromebook
<baller> and idc i am a student and don't print anything classified
<RoyK> your personal letters should be classified ;)
<baller> got any thing else?
<OerHeks> obvious, you don't need anything else.
<baller> OerHeks: that doesnt work
<baller> will this work? https://www.niftiestsoftware.com/cups-cloud-print/
<baller> or is that only for normal ubuntu
<OerHeks> baller, try it if you can find a newer package than 12.04 on that site.
<baller> OerHeks: for what i want to do would you recomend normal or ubuntu server
<OerHeks> oh that ppa gives xenial too.. but why not the google tool, as suggested?
<baller> OerHeks:  A) I don't remember how to install it B) i tried it a couple of months ago and it didnt work
<baller> OerHeks: the link i found is the opposite of what i want to do
<baller> OerHeks: how do i install the given on ubuntu server
<OerHeks> maybe you are better off with a regular desktop, as you need to build stuff from git
<baller> OerHeks: ok and once i install ubuntu what are the steps of getting this set up
<OerHeks> i have no cloudprinter anyway.
<baller> but how do i do it?
<OerHeks> oh that answer you find in the wiki
<baller> thanks
<baller> gtg
<arooni> anyone know how to make fish shell work with syntax highlighting for less ?  i tried setting the LESS and LESSOPEN env variables and installing the syntax highlighting package... still not working :\
<Datz> Ok, looks like two dependencies: php-mbstring as well as php-gettext are missing from phpmyadmin package. Looks like it's already in the system too.. so just fyi I suppose.
<RoyK> Datz: who really uses phpmyadmin?
#ubuntu-server 2016-05-22
<baller> hey RickyB98  i tried installing it from this morning
<Datz> RoyK: I suppose I do. What do you use?
<RoyK> Datz: the commandline
<Datz> I see. I find sometimes it's nice to have everything laid out. But really it depends..
<RoyK> if you know what you're doing, you design the database before you put it into production
<RoyK> and the visualisation from phpmyadmin is minimal
<Datz> I think I fall only partly into the "know what you're doing" category.
<JemoeE> I have a problem on my SMTP mailserver. It is set up with Postfix and Dovecot, and should require AUTH but somehow spammers are able to send from my email without AUTH. See a snippet from mail.log on http://pastebin.com/raw/s9KsqKNE
<trippeh> JemoeE: so it's sending to your gmail address? is it set up to forward?
<JemoeE> trippeh,  yep
<trippeh> that would be why then, I guess
<trippeh> is it sending to anyone else not having forwards?
<trippeh> that is, the spammers
<JemoeE> yeah but they were refused by the server because the email addresses did not exist
<JemoeE> so no, the only succeeded to send to my personal email (i think)
<JemoeE> but i can't see how it has to do with the forwarding. the mail should even get in if the client did not AUTH
<trippeh> is it your MX?
<JemoeE> yes
<trippeh> if it required AUTH noone would be able to send you mail then.
<JemoeE> can't I require AUTH when the mail from email is from mine ?
<trippeh> its possible, not entirely sure how with postfix. most likely what you want is to have auth-only on the submission port, and reject anything from the outside with your domain as sender on port 25
<trippeh> maybe just enforced using SPF?
<trippeh> oh wait
<trippeh> if its also sending, SPF wont really help
<trippeh> err
<trippeh> sorry, disregard the last line
<trippeh> mind melted for a few seconds
<JemoeE> hehe it's cool
<JemoeE> maybe SpamAssassin would help, but im just not sure im covering up the right hole
<trippeh> SPF would, and would also make others make sure your email comes from the right places
<trippeh> SPF is a little finicky with mailing lists though, so beware.
<JemoeE> yeah i've thought about SPF. that should work. Im just still not sure why postfix/dovecot doesn't require auth when an email is sent from my domain
<rbasak> JemoeE: usually the submission and regular smtp cases are implemented completely separately. Either by port or by entire server. It's pretty unusual to try to configure both cases on a single port.
<rbasak> JemoeE: I would either use a submission port or a separate MTA instance for the two cases, and forget about trying to implement both on the same port on the same server.
<JemoeE> rbasak, if I understand you correctly, that's also what i'm trying to. In gmail my SMTP is using port 465 using SSL, so that's is my sender port. And incoming mails should be on port 25..
<JemoeE> but it seems like the spammers are sending mails from my port 25 also (from my email address to my own email address)
<rbasak> JemoeE: so they're "just" spoofing you as a sender. They can do that equally to any other recipient. Use normal spam fighting techniques (SPF as mentioned or DKIM, RBLs, etc)
<JemoeE> rbasak, im setting up SPF now, thanks for taking the time, and thanks trippeh
<patdk-lap> whitelisting your own domain/email address is normally a very bad thing to do
<JemoeE> patdk-lap, sorry what?
<patdk-lap> the only way those emails should be getting past your normal anti-spam/anti-virus/.... stuff, would be if you whitelisted your own address/domain
<patdk-lap> so spam checking is skipped when someone spoofs you
<JemoeE> does spf whitelist my own domain ? (sorry if noob question :)
<patdk-lap> that is up to your postfix/spamassin/... configs
<patdk-lap> spf doesn't do anything itself
<patdk-lap> how you use spf does though
<JemoeE> ah, i just started reading about spf
<JemoeE> as I understand i could set SPF up to allow mails sent from gmail, and then only gmail can send mail from my domains?
<patdk-lap> if you use -all, and everyone that receives emails from you, checks spf, and follows SPF strictly
<JemoeE> :|
<JemoeE> so what do you recommend?
<patdk-lap> protecting other people from people spoofing your domain, you cannot control that, you can do what you can, implement spf, dkim, dmarc
<patdk-lap> but once you do that, you can easily add spf/dkim checks and reject based on someone spoofing you to yourself, easily
<patdk-lap> and the reason to do that is so, instead of creating that for your own use, let others use the same stuff, if they want too, and limit the amount of backscatter you get
<JemoeE> so I can only reject if someone is spoofing from my mail to my mail, and not to other mails? (because they need to check spf on their end?)
<patdk-lap> jamespage, mostly yes
<LargePrime> hi.  I am adding a user to my server, and granting ssh access.  they sent me a putty generated pub key.  how doi add it to my server?
<LargePrime> I have created and permed the .ssh dir and the authorized_keys fle
<LargePrime> I am really looking for the authorized keys file format or example
<LargePrime> also, am i doing it wrong?
<teward> LargePrime: if they sent you the Putty format Public Key they need to go back and get the OpenSSH public key string inside of puttygen for their private key
<teward> LargePrime: PuttyGen has a blank space at the top area of the window where it puts the OpenSSH public key string
<teward> you need them to give you that
<patdk-lap> or just convert it, though converting it is annoying
<LargePrime> from a learning point of view can i not just cut the one key into opwn ssh format
<patdk-lap> many options: http://superuser.com/questions/232362/how-to-convert-ppk-key-to-openssh-key-under-linux
<LargePrime> thank you patdk-lap teward , much apprecated
<teward> patdk-lap: i've had issues converting the public key parts without the private key
<teward> though you're right converting is doable
<teward> LargePrime: probably easier for the user to just give you the *correct* information
<LargePrime> absolutly.  but for political reasons i am trying to get it working
<LargePrime> you guys make me look good
<patdk-lap> hmm, I hadn't had that issue, sometimes though rarely people had those to me for sftp usage
<LargePrime> well perhaps
<LargePrime> awaiting the user to awake and test
<teward> patdk-lap: someone gave me an SSH-2 pubkey once, that was fun to convert.
<teward> :
<teward> (that proprietary format of pubkey from ancient times heh)
<Seveas> teward: ssh-keygen -i :)
<teward> Seveas: context is nice, I don't remember anything from a few hours ago (pre-Coffee, I usually don't retain things well heh)
<teward> ah, import
<compdoc> Froberg, can I have your computer?
<Froberg> heh, whatever for?
<Froberg> it is mine
<Froberg> mine own
<Froberg> my precious
<compdoc> Without your computer, I am useless.
<Froberg> As I am without it.
<compdoc> youve had it for a while. its my turn
<Froberg> Well, I see you're based in Lithuania
<Froberg> Feel free to come visit me in Denmark, we'll see about it ;-)
<Froberg> Nice country, by the way, I've been there a couple of times.
<BadApe> i am thinking about using ubuntu as the base OS for hosting docker containers
<BadApe> are there any webui's to manage containers?
<compdoc> Im in Denver. bit further away. But Ive been to Denmark
<profall> Can I install fglrx (amd proprietary drivers) on server even though there is no Xorg?
<patdk-lap> doubtful
<patdk-lap> isn't those drivers in the kernel?
<patdk-lap> been awhile since they where seperate
<profall> yea, makes sense.
#ubuntu-server 2017-05-15
<kaleidoscope> hi guys
<kaleidoscope> need some helping fixing an apt-get issue.
<kaleidoscope> i can't seem to connect to any update servers without apt-get saying could not resolve '<url>'
<kaleidoscope> i can ping address (ping 8.8.8.8) but nothing with dns
<Latrina> kaleidoscope, DNS issue?
<kaleidoscope> Latrina: exactly. but i have one DNS installed which points to my gateway
<Latrina> can you ping external DNS other than any APT repos?
<kaleidoscope> i can ping google's DNS (8.8.8.8) perfectly
<Latrina> can you ping the domain name?
<Latrina> 8.8.8.8 does not belong to a domain name afaik
<kaleidoscope> Latrina: i believe not, i'm not exactly sure i set a domain name?
<kaleidoscope> domainname returns (none)
<Latrina> a domain name is the url
<Latrina> anyways add some DNSs in /etc/resolv.conf
<Latrina> like 80.80.80.80 and 80.80.81.81
<Latrina> or whatever you like best
<Latrina> than fix your DNS server
<kaleidoscope> Latrina: gotcha, but the resolv.conf warns not to input any DNS entries? wouldn't a reboot wipe out the changes?
<Latrina> I am not sure honestly. My DHCP controller deal the whole thing
<Latrina> and I don't quite do network or system administration on linux, particularly on ubuntu
<kaleidoscope> Latrina: same here, i usually left it up to default install.
<kaleidoscope> it's okay, i found the solution. apparently my /etc/hosts file was error'd
<kaleidoscope> '127.0.0.1    localhost.localdomain localhost' this line was missing, which caused the problems
<Latrina> https://help.ubuntu.com/lts/serverguide/network-configuration.html
<Latrina> this wiki page has the solution to your answer on how to setting DNS statically
<Latrina> okay
<kaleidoscope> gotcha, thank you for the help!
<Latrina> no worries
<cpaelzer> good morning
<adrian_1908> hello. Anyone familiar with Nginx? Can the `ssl_session_cache` setting be set only once for the entire Nginx configuration? I thought it might be per-site, even the one shared accross workers, since it can be defined in the `server { â¦ }` blocks. Anyone know?
<fallentree> adrian_1908: yes. context: http, server    http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
<adrian_1908> fallentree: "Each shared cache should have an arbitrary name" Arrr, I missed that part. I had them set with the same name.
<zioproto> coreycb: hello, you guys had a good summit in Boston ?
<coreycb> zioproto: hello, yes it was a good summit
<mwhahaha> coreycb: are you guys aware that the last update (pike m1?) seems to have a broken osc  client? http://logs.openstack.org/53/464553/1/check/gate-puppet-nova-puppet-beaker-rspec-ubuntu-xenial/2a0b871/console.html#_2017-05-15_12_16_20_658041
<coreycb> mwhahaha: hi, yes i believe so. jamespage, is that the same issue you were hitting?
<mwhahaha> anyway to get that fixed as it's royally fubared our ci
 * jamespage looks
<jamespage> that's 3.9.0 of osc
<jamespage> hmm looks like I need to rev on keystoneauth1, osc-lib and openstackclient itself
<jamespage> mwhahaha: are you running against proposed or updates for pike?
<mwhahaha> updates
<mwhahaha> (pretty sure)
<mwhahaha> something flipped last friday and broke everything
<mwhahaha> https://github.com/openstack/puppet-openstack-integration/blob/master/manifests/repos.pp#L6-L10 which defaults to updates https://github.com/openstack/puppet-openstack_extras/blob/master/manifests/repo/debian/ubuntu.pp#L47
<jamespage> mwhahaha: yeah pike1 dropped into updates last friday
<jamespage> (and no we'd not seen this issue - but our test endpoint is not coupled with the target cloud in the same way the puppet gate tests are)
<mwhahaha> you should one of our scenarios in your testing ;)
<jamespage> mwhahaha: it will take a bit to work this through - have three layers of versioned depends to land
<Ussat> Has anyone here had to set up a *nix system on a wired 802.1X protected network ?
<jamespage> awesome keystoneauth1 does not like py3.6
<pmatulis> caribou, o/
<ahasenack> I can't install mysql-server-5.7 in artful, this looks like is the error:
<ahasenack> May 15 20:10:26 artful systemd[7938]: mysql.service: Failed at step KEYRING spawning /usr/share/mysql/mysql-systemd-start: Permission denied
<ahasenack> has anybody seen this before?
<ahasenack> I'm using an artful lxd container on xenial
<ahasenack> dmesg is clean, no apparmor messages
<duckydan> This may be super-basic, but is mysql-systemd-start set to be executable? (chmod +x)
<ahasenack> yes
<ahasenack> worked on artful bare metal
<ahasenack> must be lxd related, I'm asking there
<ahasenack> why is mysql-server-5.7 in xenial-updates ahead of artful?
<ahasenack>  mysql-server-5.7 | 5.7.17-0ubuntu1         | artful           | amd64, arm64, armhf, i386, ppc64el, s390x
<ahasenack>  mysql-server-5.7 | 5.7.18-0ubuntu0.16.04.1 | xenial-updates   | amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
<arooni> why am i getting a 'connection refused' when i try to ssh to my ubuntu server from my ubuntu laptop?  i checked netstat and its listening on my non standard ssh port tcp        0      0 0.0.0.0:22222           0.0.0.0:*               LISTEN      - ... i can connect when NOT from behind my unlimited VPN.  why would this be happening?
<nacc> arooni: you can look at the logs on the server or run, perhaps, `ssh` with -vvv.
#ubuntu-server 2017-05-16
<CarlenWhite> I'm having a mild panic over the whole ransomware shanagains.
<CarlenWhite> Which doesn't apply to Ubuntu machines, of course. But I'm tasked to migrate a Ubuntu file server to Windows for future-proofed service which leaves me with that glaring cravat.
<pmatulis> Just say 'No'
<sarnold> once the system has been replaced by a windows machine, the original machine could be turned into a handy zfs storage target, and store snapshots from the windows machine
<sarnold> that way when the botnets invade and encrypt all the things, you'll have snapshots to roll back to
<trippeh> then again the main reason MS still ships SMBv1 enabled by default is due to crappy linux based devices requiring it ;-)
<sarnold> lol
<cpaelzer> good morning
<sarnold> cpaelzer: isn't it too early? are you trying to take over pitti's spot of being awake entirely too soon? :)
<cpaelzer> oh I'm actually here a while already sarnold
<sarnold> oh my :)
<cpaelzer> sarnold: it isn't that badwaking up 5am (homoe work) 6.15am (kids) ~7.xx (start) - that is not too early
<cpaelzer> homoe sounds interesting, but is just cleaning up and prepping kids food :-)
<sarnold> lol
<sarnold> poor kids, that's also too early :)
<cpaelzer> sarnold: unless I want to shove them from bed to school instantly that is the time they need
<sarnold> lets hope the first hour or two is classes that don't matter much, hehe
<geek> help me? https://bpaste.net/show/0a5a7299eea8
<geek> I am trying to allow remote access for my postgresql server
<sarnold> geek: looks like it's bound to localhost rather than 192.168.0.100 or 0.0.0.0
<andol> grep "listen_addresses" /etc/postgresql/*/main/postgresql.conf
<geek> I did hostssl  all             all             0.0.0.0/0          md5
<geek> also listen_addresses = "*"
<geek> maybe the hostssl is the problem, let me try host
<geek> nmap only show port 22
<geek> I did ufw allow 5432 already
<geek> ufw allow from 192.168.1.102 which is the ip that I am trying to connect
<sarnold> I don't think the firewall rules would influence which IP addresses it listens to
<geek> my conf https://bpaste.net/show/4e9f2edcd375
<sarnold> maybe throw a gigantic error into the file and make sure that postgresqal refuses to start at all? just something to double-check that the two of you agree on which file to use to configure it :)
<adac> Hi guys, is it possible to reserve memory for the OS itself? If yes how?
<rbasak> What do you mean by "the OS itself"?
<adac> rbasak, there is one aplication that eats up all memory
<adac> hmm but maybe the better approach would be to limit the memory usage of that  app
<adac> instead of "reserve stuff for the OS itself" which is rather ah broad term as you say
<jamespage> mwhahaha: I'm just pushing fixed versions of openstackclient + deps to pike-updates
<jamespage> should sync out in the next hour to the UCA
<mwhahaha> jamespage: ok since we use the openstack infra mirrors it'll probably be a bit longer. I'll let you know (they are still failing at the moment)
<jamespage> mwhahaha: ack
<jge> hey all good morning, I have an Ubuntu server with two nics facing two different networks, I'm setting up a default route for one of them and the other I'm doing a route after the system boots up, is this the correct way
<jge> ?
<jge> adding* a route
<geek> anyone recommend me a good tutorial for setup ssl in posgresql?
<nacc> jge: is there a reason you can't setup default routes for both at boot?
<jge> nacc: I could do that but I thought configuring multiple gateways was bad practice..
<qman__> multiple gateways is fine but they won't "just work", there are a few ways to do it, setting up metrics, or configuring the kernel, etc
<qman__> if you just set two gateways, you will have a bad time
<qman__> for a specific route, the way I do it is in /etc/network/interfaces, I add "up ip route add ..." and "down ip route del ..." for the interface the route is on
<qman__> jge: ^
<jge> yikes, I see what might be going on.. this is a remote server with two NICs one facing the management LAN and the other is to an upstream provider (internet).. the way we log into this box is through a VPN which lands on the management network, problem is that all VPN traffic is seeing as coming from a public IP so return traffic is probably being forced through my default gateway instead of the
<jge> management lan
<jge> this public IP being our office IP
<jge> so I can add a static route but this will create problems as this is also a webserver, so whenever anyone tries to access it from the office (no VPN) the box will route all return traffic through this static route out to the management LAN..
<jge> damn :(
<jge> qman__: if I specify a metric in a default route, would it try the lowest metric first then move on to the second? any other way I can have both responses (return traffic) go out to both gateways?
<jge> or that's a bad idea..
<jge> or I'm wondering if there's a way to tell the box to return traffic through the same interface it was requested from..
<qman__> you have to tweak the kernel settings for that
<qman__> https://unix.stackexchange.com/questions/4420/reply-on-same-interface-as-incoming
<tomreyn> it sounds like the real issue you have therre is that requests tunnelling your site-to-site vpn end up as coming from a public ip address
<jge> qman__: that could be  a solution, thanks for that.. how would I make that rule and route persistent though?
<jge> tomreyn: I know.. our server is colocated and the company who does it asks all clients to NAT interesting traffic to either a subnet they give you or your public IP
<jge> I guess we can change it but geez that will take days for them to do..
<nacc> Ubuntu Server Bug Squashing Day #4 will be tmrw, here
<nacc> just sent an e-mail to the server list re: the same
<Capprentice> Hi where is the option to select the custom adapter. Here i want to select eth0,eth1 and eth2 for seperate bridge vmnet1,2 and 3. https://i.imgur.com/KR6bwYK.png
<geek> I am able to connect through pgadmin3 but not with psql http://sprunge.us/UfOC  https://i.imgur.com/TMJegsm.png http://sprunge.us/QOYO?c++ I am setting up ssl in postgrs on ubuntu server
<rbasak> nacc: not sure about bug 1658469
<ubottu> bug 1658469 in apache2 (Ubuntu) "mod_http2 is not available under Apache 2.4.23 / Ubuntu 17.04 xenial" [Low,Fix committed] https://launchpad.net/bugs/1658469
<teward> rbasak: refer to -hardened and my mention about nghttp2
<rbasak> nacc: to my knowledge we've never added and then removed things to avoid putting things in an LTS.
<rbasak> Yeah I saw that, but nacc wasn't in that channel.
<teward> yep.
<teward> nacc: IIRC, the Security team had NACK'd http2 back in Xenial
<teward> at least nghttp2
<rbasak> nacc: if it's not good enough for an LTS, it's not good enough for a non-LTS release.
<teward> (NGINX rolls their own implementation separate from nghttp2)
<teward> rbasak: any chance that upload to proposed can be NACK'd and rejected because of the MIR and nghttp2 contention?
<rbasak> teward: let's see what nacc thinks. If we did decide to reverse this, we'd upload a revert to artful-proposed, and that's make any MIR moot.
<teward> mmkay.  Just thought I'd ask :)
<nacc> rbasak: yes, this was the plan with the security team
<nacc> rbasak: as in, we want it in 18.04 presumably, (another 2 years of no http/2 support seems less than ideal)
<nacc> rbasak: and 17.10 is an appropriate place to start staging it
<nacc> rbasak: if you want me to upload a version that again drops it, I can, but the whole point is for the MIR to be processed, one way or another
<nacc> rbasak: i guess i don't understand what you mean by "to my knowledge we've never added and then removed things"
<mdeslaur> rbasak: nacc summed it up
<teward> nacc: I think one big concern will be https://bugs.launchpad.net/ubuntu/+source/nghttp2/+bug/1677958 unless we've confirmed it's been fixed
<ubottu> Launchpad bug 1677958 in nghttp2 (Ubuntu) "no SSL certificate verify " [Undecided,Confirmed]
<teward> last update was the 3rd, code maintainer saying they confirmed the bug
<nacc> teward: i think i addressed that
<teward> and large text in the source code making a note insecure for production use
<nacc> let me find the e-mail
<nacc> the reported e-mailed me offline
<nacc> teward: that particular chunk of code is an example in their docs, iirc
<nacc> teward: and the automated 'static analysis' tool that perosn is using is dumb and doesn't know that
<nacc> teward: it's not part of nghttp's shipped libraries or binaries, afaict
<nacc> teward: the upstream response was: http://paste.ubuntu.com/24588157/
<teward> nacc: then i think bug triage needs done on that bug as 'It's not part of the standard code, so not a bug"
<teward> just saying :)
<nacc> teward: i know
<nacc> teward: it's on my todo
<teward> in any case, if that's a non issue then the MIR reviewer will get the next say heh
<nacc> I'll just do it now
<teward> ... oh dear, i found a vulnerable system on my network...
<teward> *disappears to fix it*
<Skittishtrigger> If one were to have two updated 16.04 servers. One being in use with some basic installs and a few extra and the other being a shiny, new, better and better server. Is there a built in migration functionality or a package that can be used to gather all installed data (installed packages, db files, installed web apps, etc) and transfer or mirror exactly what is on server A(old) to server B(New)?
<dasjoe> I have heard about third-party tools for migrations like that, I do not know how well they work
<teward> Skittishtrigger: o dpm
<teward> oops
<teward> Skittishtrigger: I don't think there's any guaranteed-to-work tool for that
<dasjoe> But with both machines being somewhat alike I would try rsyncing / over to the new one's disks by using a live system, chrooting into the cloned system and letting grub reinstall itself
<teward> normally I just backup the configs on server A, copy to Server B after backing up the distribution-default configs, and test from there to make things work
<dasjoe> Pay attention to fstab and mdadm
<Skittishtrigger> Dang. I have been reading up and it seems everyone has an opinion on how to do it and whats best but no definitive answer for it.
<dasjoe> Skittishtrigger: another popular answer would be "destroy old server, restore on new one from backup". Alternatively "have your configuration management reprovision everything on the new hardware"
<Skittishtrigger> I was hoping there would be something using a script where you do movethisbox.sh and in the script it finds(greps, ls, w/e) all files, makes a list of all packages and versions, copies all databases, copies all configs, copies all user/www/srv files, and puts all this into a tar or zip with another script that auto installs it all.  Just cause I have hopes and don't want to do it manually. lmao
<Skittishtrigger> Oh well, guess I have to be all proper abou it. lol. Thank you both for your time and help.
<dasjoe> rsync -aAXv --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} root@old-server:/ root@new-server:/mnt/rootfs/
<rbasak> nacc: what if upstream don't declare it ready by 18.04?
<nacc> rbasak: we'll hold back the internet by not supporting http2 :)
<teward> nacc: I think the core issue is that it's still considered "experimental" by Apache
<teward> not whether we're holding back the Internet or not
<teward> IIRC that was the original issue too
<nacc> right
<nacc> but experimental in this case means the spec can change
<nacc> in any case, isn't this what  MIR would address?
<nacc> amongst other issues
<thatstevecena> Has anyone seen this SSL error on Ubuntu 14.04LTS - error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01; error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
<nacc> also, people have been asking in the apache page about that status with no response
<thatstevecena> They verison of OpenSSL that ships with 14.04 has left official support
<thatstevecena> i cant figure out how the error is occuring, but the openssl library seems to be the logical choifce
<dasjoe> No, it's more likely a problem in your key file
<thatstevecena> dasjoe: if i decrypt manually everything works
<dasjoe> Manually, as in with pen and paper?
<thatstevecena> dasjoe: decryption also works for ~1 hour or more and then i just get pelted with that error
<thatstevecena> sadjoe: no; im doing DKIM
<thatstevecena> dasjoe, sorry
<thatstevecena> if i use online tools (any of them) all the decryption works fine
<nacc> teward: i'll ask apache2 folks
<JanC> manually on the same system?
<thatstevecena> JanC: no, third party sites. on the host system it works perfectly for a while. then something happens on the system & it just starts failing everyone
<JanC> that's really weird; memory issue or something?
<thatstevecena> im googling anything i can think of but nothing is getting me closer to an answer
<dasjoe> thatstevecena: memory gone bad?
<thatstevecena> JanC: now that i think of it maybe it is
<thatstevecena> or could be rather
<thatstevecena> we were looking to move to 16.04LTS anyways. i can grab fresh hardware & see if that fixed it
<thatstevecena> fixes*
<thatstevecena> (we're on 14.04LTS now)
<JanC> disk issue could in theory also be the issue, if it's flaky and sometimes returns corrupted data
<thatstevecena> JanC: very good points i hadnt though od
<thatstevecena> of*
<dasjoe> I wouldn't consider disk issue if the process keeps running, I doubt it'd unload the key from RAM
<thatstevecena> dasjoe: process yeah, keeps trucking right along
<JanC> depends on whether it forks workers or something like that
<thatstevecena> it just goes from working to failure
<thatstevecena> sadly its my only MTA so taking it offline to check anything isnt possible
<thatstevecena> this is all good though. ive been banging my head against this for about a week. its given me some new angles to think from
<thatstevecena> oh; something else this made me think of:
<thatstevecena> we're currently using Untangle for antispam. it works more like a packet sniffer than an appliance. it stands to reason that it could be causing issues too, no?
<teward> nacc: I think the HTTP/2 spec is pretty solid at this point, unless you're saying it's still under massive changes and revision (which it usually was doing)
<nacc> teward: no, the 'experimental' of mod_http2 is that mod_http2 itself isn't fixed yet
<nacc> teward: per their own text
<nacc> teward: it's not about http/2, it's about their implementation of what mod_http2 does
<teward> ah, i mention because:
<teward> [2017-05-16 14:18:26] <nacc> but experimental in this case means the spec can change
<teward> ambiguity :p
<nacc> yeah, spec of mod_http2
<nacc> sorry about that
<teward> nacc: ambiguity is the death of developers :)
<teward> no problem.
<nacc> teward: yep :)
<teward> nacc: if they don't even know what they all want to do with it yet, I'd consider it unfit for LTS, but it's ultimately not my call
<teward> (nginx is more cared about than Apache by me heh)
<nacc> teward: right, but i can't know if they will stabilize it by 18.04
<nacc> teward: so that's what i'm trying to figure out
<teward> nacc: if they don't respond back, it may be safe to assume they don't even know heh
<nacc> teward: i think they're just reserving the right to change behavior still
<nacc> teward: also, the 'experimental' status in apache2 i think means taht between releases, interfaces/directives might change
<nacc> it's basically an out that they dont' have to stay BC
<thatstevecena> thank you everyone. im going to go down the server rebuild path on newer hardware. i appreciate the help!
<federicoaguirre> Hi people.!
<federicoaguirre> I've a question
<federicoaguirre> how you protect against rnswr attack?
<sarnold> what's "rnswr"? google's no help
<federicoaguirre> sorry... ransomware.!
<teward> federicoaguirre: backups, updated antivirus, patch all your systems, don't open suspicious links, sites, emails, attachments.
<teward> common sense protections
<teward> and backups in the off chance you *do* get hit so you don't lose all the data
<sarnold> disable password logins on ssh
<sarnold> don't use web-based control panels
<teward> disable 'root' logon via SSH
<teward> beat yourself against the wall when you do get crypto'd
<teward> wait... that's not a protection.
<tarpman> teward: well, maybe it protects against a recurrence. one hopes
<federicoaguirre> Thnks to all guys.!
<teward> tarpman: :P
#ubuntu-server 2017-05-17
<mason> Hey all. I'm moving some VMs over from CentOS, and I've got my bridge set up, but I'm struggling to figure out how to aim virt-manager at it. Is attaching to an existing bridge possible with virt-manager?
<pmatulis> mason, you have a ubuntu server acting as a KVM host and you want to manage its VMs from a desktop?
<mason> pmatulis: Well, from a combination of virt-manager and virsh.
<sarnold> hey mason :)
<mason> sarnold: o/
<mason> pmatulis: I don't like the three pages of command line I need to define new VMs with virsh. I like the wizardly approach.
<mason> Ah, maybe it's an issue with virt-manager. Just noted https://bugzilla.redhat.com/show_bug.cgi?id=1355907
<ubottu> bugzilla.redhat.com bug 1355907 in netcf "Unable to use / create existing NetworkManager bridge" [Unspecified,New]
<mason> (although I made my bridge manually, not with NM)
<pmatulis> mason, ok, so your KVM host has a bridge, say br0?
<mason> It is indeed br0.
<mason> (FWIW, I've spent years with Xen, so KVM is still fairly new to me. Also, bridging still seems slightly alien to me.)
<pmatulis> mason, so you are now trying to configure a connection to the KVM host from virt-manager right?
<mason> No, that's easy - I can connect to it. I want to be able to define new virtual machines using the existing bridge.
<mason> If from the Virtual Network tab I say to add a new one - call it foo - and I turn off address space definition, I come to a choice of isolated virtual network for forwarding to a physical network. This has a popdown that doesn't end up listing br0, although it lists the underlying ethernet interface.
<mason> It seems unhappy with this, and complains that I haven't provided an IP address for network 'foo'
<pmatulis> mason, what ubuntu release is running on the desktop?
<mason> virt-manager seems willing to create new bridges for me, but it's not seeing the existing one
<mason> pmatulis: This is all on a single Xenial box.
<mason> I'm not unwilling to edit virt-manager or libvirt config, but it seems odd that I'm running into a wall here.
<pmatulis> mason, you mean the kvm host is running a graphical environment?
<pmatulis> (just one machine?)
<mason> pmatulis: It is, yes. nVidia proprietary drivers even. Sometimes Steam runs alongside the virtual machines.
<mason> Yeah, not a cluster.
<mason> But even so, it seems like I should be able to use the existing bridge.
<mason> I'll go compare the old config from the CentOS environment.
<pmatulis> i have not needed to configure that stuff in a while. it automatically chooses the bridge. although i've never run it on kvm host itself before
<mason> pmatulis: So, under CentOS, it offered to make a bridge for me, and it set it up itself, but now that I'm back on Ubuntu with the very comfortable /etc/network/interfaces and friends, I just made the bridge myself. I would have run into this same issue on CentOS I guess.
<mason> FWIW, the bridge config is largely identical to what I used for a long time on Debian/Xen, and it seems to be working fine.
<sarnold> hrm, when I hit the 'specify shared device name' i get a field for bridge name
<sarnold> but no idea how to use it; does it work? :)
<mason> (Backstory: It's my desktop, and I use it as a lab environment for work reproductions as well.)
<mason> sarnold: It's a freeform field I believe.
<mason> looking
<mason> sarnold: Wait, where did you find that?
<mason> If I could "specify shared device name" I think that's where I'd point it at my bridge, but I haven't found something with that wording as yet.
<sarnold> mason: 'open' a vm, hit the 'i' icon, focus the 'nic:xx:xx:xx' entry in the sidebar on the left; then the 'Network source' dropdown box
<mason> Oh, I don't have any VMs defined yet. Hrm.
<sarnold> ohhhhh
<mason> Trying to set up the virtual network in advance.
<sarnold> I just used what I had rather than going through the wizard
<mason> That said... In the CentOS /etc/libvirt, I do only see the bridge defined in actual VM .xml files.
<sarnold> bah and the wizard gets real personal real quick "give us an install media" uhhhh let me just click!
<mason> heh
<mason> I'll make a VM and see if I can back my way into the right bridge.
<sarnold> aha, step 5 of 5, there's a weeeeee tiny little triangle near the text Network Selection
<mason> That's where the "specify" field is. Trying it.
<sarnold> hit that little triangle and there's a dropdown, change that to "Specify shared device name", and that adds a new text field to the dialog box
<mason> Yep!
<mason> So, *somewhere* in the config there exists a way to specify that so I can pull my bridge off the menu, rather than typing in br0
<sarnold> I <3 that a simple text field is hidden behind two separate "this is too advanced for you" things
<mason> hehe
<mason> So, under Xen/Debian I *loved* xen-tools to set up most of my defaults. Is there such a thing for KVM/libvirt under Ubuntu?
<sarnold> no idea what xen-tools does.. the server team put together a uvt-tool that tries to abstract over a bunch of libvirt things
<mason> I'll look at it.
<mason> xen-tools lets you set up a set of prefs, so you only had to specify deviations when creating a new vm
<sarnold> but I lose track of things right about the time I find out that I've got to hand-edit xml in order to use zfs datasets for backing devices
<mason> half a sec
<mason> sarnold: Oh no no no!
<mason> virt-manager makes that easy
<sarnold> does it?
<sarnold> maybe I can skip my libvirt NIH then
<mason> say "yeah, I want storage, but I'll specify the device"
<mason> Do you use Xen?
<sarnold> no
<mason> Or just straight KVM?
<sarnold> yeah
<mason> Anyway, you get a freeform text field, and you can say things like: /dev/zvol/zroot/vm/foo
<mason> ...which is what I did for this test VM.
<mason> Works fine.
<sarnold> for some reason the libvirt based tools never seem to work real well for me, so I set out to write my own qemu wrapper becase How Hard COuld It Be? three months later and it still doesn't boot any machines. lol.
<mason> Also, FWIW, your "specify" option you noted works fine. Spun up my VM, and I could pull an address from DHCP.
<sarnold> \o/
<mason> sarnold and pmatulis: If you're *not* using virt-manager, is there a reasonable way to get a console on a new VM you're building right off?
<mason> Part of my using it is ignorance of the options.
<mason> So I configure stuff with virt-manager, but then randomly start/stop things with virsh or virt-manager, depending on what's in front of my at the moment.
<mason> s/my/me/
<sarnold> mason: one of my coworkers on the security team wrote a wrapper around the libvirt wrappers :) so the idea is you'd use 'uvt new precise amd64 hostname-here' to build the machine with defaults from a config file, then 'uvt start hostname-here', 'uvt stop hostname-here', 'uvt view hostname-here', etc
<mason> Oh, right, I was going to get some config snippets, speaking of wrappers.
<sarnold> mason: but the tool requires so much security-team specific tooling that it's probably worth looking at the server team's 'uvt-tool' instead. (completely different uvt. oops.)
<mason> heh
<mason> So, xen-tools has a config that lets me specify a default volume group (LVM-centric) for VM disks, lets me specify debootstrap or rinse or various install methods, lets me set default sizes for memory, swap, disk, fs types, default networking types.
<sarnold> sounds lovely :)
<mason> And then when I want to create something, I don't have to say much. Example:
<mason> xen-create-image --hostname=FOO --mac=DE:AD:BE:EF:00:**
<mason> or if I want to override debootstrap and make it a CentOS box, I could say:
<mason> xen-create-image --force --hostname=centos --mac=DE:AD:BE:EF:00:06 --install-method=rinse --dist=centos-6
<mason> I'd love something similar for KVM/libvirt, so I'll look at that uvt-tool stuff.
<sarnold> uvt-tool may be too specific to ubuntu
<mason> Whenever I see how people specifying a metric tonne of options on a command line for virt-install, it kind of horrifies me.
<mason> Maybe. I tend to run Ubuntu, FreeBSD, CentOS, and varieties of RHEL on this.
<mason> So, compare my xen-create-image, above, with the example they give for virt-install here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Host_Configuration_and_Guest_Installation_Guide/sect-Virtualization_Host_Configuration_and_Guest_Installation_Guide-Guest_Installation-Creating_guests_with_virt_install.html
<compdoc> i let virt-manager do all the work for me
<mason> compdoc: Yar. The trick is that if virt-manager didn't define your bridge, you have to invoke Mickey Mouse to specify an existing bridge, it seems.
<compdoc> I create the bridges manually
<mason> compdoc: Same. Is there a way to not have to type the bridge name into virt-manager, so as to make that bridge the default?
<mason> That's what started all this. :P
<compdoc> all bridges and interfaces appear as drop-down lists
<compdoc> err, no. as a list
<mason> compdoc: It doesn't here - I have to specify a shared device. If I type my bridge name into that field, it does the right thing.
<mason> The difference is that on CentOS I could have a default network selected, so I could whip past that. Not a big deal, but it struck me as an odd difference.
<mason> compdoc: FWIW, it seems to exist elsewhere too: https://bugzilla.redhat.com/show_bug.cgi?id=1355907
<ubottu> bugzilla.redhat.com bug 1355907 in netcf "Unable to use / create existing NetworkManager bridge" [Unspecified,New]
<compdoc> oh. heh. network manager. I tend not to install that on Server
<sarnold> mason: at least that example's easy enough to shove into a shell script
<mason> compdoc: Same here. But I'm not using it - the problem is the same though.
<mason> sarnold: That's true. And I could wrap it easily enough. I'm just... lazy... I guess. :P
<mason> Plus, I like popping right into a console, which virt-manager makes easy.
<mason> In any event, I think I have enough to get my VMs moved over now. =cheers=
<mason> I need to move this channel to a better window. It's /window 41 now.
<sarnold> it's /win 30 for me
<sarnold> not ideal, since #debian-security is /win 38 and the idfference between the two is mighty small
<mason> There, not it's /window 4. I made #zfs and #openzfs share a window. They're both mostly dead, so it'll work.
<mason> s/not/now/
<sarnold> hehe
<mason> So, there were a lot of niggling little changes needed. Some examples: s/pc-i440fx-rhel7.0.0/pc-i440fx-xenial/g s/Skylake-Client/Broadwell/g were the big things.
<mason> That said, my VMs are happily moved.
<cpaelzer> good morning
<helpImStuck> So.. I want to create a lxc router where the physical nic are bound to the container and removed from rest of the system. Is this possible?
<ikonia> helpImStuck: it would be quiet hard as the kernel is what provides netfilter and the container would need to interact with the kernel to update the rules
<ikonia> helpImStuck: it seems like a bad idea, when a VM would work better if you require it virtualized
<ikonia> also securing a containers interface is quite tricky
<helpImStuck> so what are the containers good for? I tried alpine and acf . it was cool.
<ikonia> alpine...ha ha ha ha ha ha ha ha ha ha
<ikonia> helpImStuck: self contained mass immuatable deployment
<helpImStuck> And what does that even mean xD immutable .
<helpImStuck> helpImStuckAndMyEnglishSuck should i name myself here
<ikonia> helpImStuck: "throw away"
<helpImStuck> and why not alpine? They've created a small distro with.. hm. didn't work so well. small things like it didn't save my keymap after boot. And it's been along for a long time.
<helpImStuck> it's good in theory
<ikonia> small != good
<helpImStuck> I like lxd 2 because i can run arch and have all the packages from yaourt on an ubuntu base..
<ikonia> what ?
<helpImStuck> Yes, small, not so complex
<ikonia> complex...it's very complex
<ikonia> they have applied some custom security patches
<ikonia> they have made their own "odd" package manager format
<helpImStuck> are unprivileged lxc container safer?
<helpImStuck> s
<ikonia> safer than what ?
<helpImStuck> alpine on xen
<ikonia> I can't / won't comment on other setups like that
<ikonia> #ubuntu-server is for ubuntu server based support
<helpImStuck> this is that channel
<ikonia> how secure/good alpine is isn't as a container guest isn't really for this channel
<helpImStuck> but you can use alpine in a lxc container.. so it's related
<ikonia> no it's not
<ikonia> you can use almost any OS in a container
<ikonia> how good that OS is as a container isn't really ubuntus issue
<helpImStuck> and then, for someone to get support if they use ubuntu server + lxc and let's say arch.. they have to look for help on the arch wiki instead of here? Even tho both os:es are involved
<ikonia> helpImStuck: if they are having problem with the arch container, yes
<ikonia> if they are having problems with the ubuntu host hosting the container, no
<helpImStuck> oh.. now i get it.. LXD is not ubuntu specific
<helpImStuck> lxd/lxc
<helpImStuck> it can't be. i'm using ubunt userver as host for the containers
<helpImStuck> -u
<ArchaicLord> Morning all!    Could use some help and mentoring please..     I had a ubuntu server which  was installed on  a usb. It then had a seperate raid array which i was using for meida sharing.           I moved house and as a result the easist thing seemed to be to reinstall the ubuntu. which i have now done. I pluged the raid disks back in and to my suprise unutu seems to have picked it up. The issue I have is rec
<fallentree> The issue you have is unfinished senten
<ArchaicLord> Sorry, its hard to see a lot of text in a tiny box
<ArchaicLord> So fdisk -l  produces Disk /dev/md0: 3.7 TiB, 4000529252352 bytes, 7813533696 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 524288 bytes / 1048576 bytes
<ArchaicLord> this is the raid I previoulsy set up
<ArchaicLord> and its been picked up automaticly
<ArchaicLord> lv display shows the two volumes I created previously. will having different host names cause an issue
<fallentree> hostnames? no, hostnames have nothing to do with software raid or LVM
<ArchaicLord> or do I just need to configure SAMBA ?
<fallentree> ArchaicLord: what problem do you have that you wish to solve?
<ArchaicLord> I am trying to reimpliment the old array.
<fallentree> define reimplement. From what you say, Ubuntu picked it up automatically.
<ArchaicLord> yes it has.. I can see it I can view it locally, so I guess I just need to set up samba config to complete it
<fallentree> yeah, if you want to export it over smb/cifs protocols
<ArchaicLord> i have a feeling I may have mapped the lvm to another place on the previous setup ..
<ArchaicLord> I can cd to /dev/file-server/    inside here i have 2 folders    but when I can't cd into them. when I do ls -l IU get folder -> ../dm-0 /-1
<ArchaicLord> wow my typing sucks.
<fallentree> ArchaicLord: LVM is mapped under /dev/mapper/
<fallentree> probably something like /dev/mapper/vg0/...   where vg0 is the volume group name
<fallentree> ArchaicLord: oh also, you have to mount the lv somewhere, the stuff under /dev are (mapped) block devices
<ArchaicLord> would that be like mounting to md0
<fallentree> ArchaicLord: not 'to' but 'of'. eg. mount /dev/mapper/lv-foo /mnt/someplace
<fallentree> you mount the lv inside vg on a pv :)
<fallentree> (to a directory)
<fallentree> iirc lvscan will tell you what the logical volumes you have available
<fallentree> their labels are available as block devices under /dev/mapper/
<fallentree> it's been a while since I LVM'd
<ArchaicLord> LOL.. sorry fallentree.. My trouble is I previously set it up over a year ago.  I was doing it for the first them and found it hard.
<ArchaicLord> now i have a fagiue memory and can't rember exaclty how it was set up
<ArchaicLord> lvscan gives me this
<ArchaicLord>  ACTIVE            '/dev/file-server/plex-share' [1.50 TiB] inherit   ACTIVE            '/dev/file-server/server-backup' [1.50 TiB] inherit
<fallentree> I suppose those are the mountable names
<fallentree> eg. try `mkdir -p /mnt/plex-share && mount /dev/file-server/plex-share /mnt/plex-share`
<fallentree> same for server-backup, then see if you can access files under /mnt/plex-share and /mnt/server-backup
<ArchaicLord> ahh so i needed to mount the directory
<ArchaicLord> mounting to /mnt/ allows me to cd into the share
<ArchaicLord> now i just need to sort out permissions
<ArchaicLord> thank you
<ArchaicLord> fallentree  thank you all sorted.. In windows I can now access the foleder and create new files
<fallentree> nice.
<fallentree> btw be careful with windows and smb... there's that wannacry thing :)
<ArchaicLord> whats that?
<ArchaicLord> oh the ransom ware thing
<fallentree> the ransomware that's been hitting the news for the past few days?
<fallentree> yah
<fallentree> make sure you disable smbv1
<fallentree> (on the windows side)
<ArchaicLord> ok will do that... I have just finished universtiy. I aquired a job for a company currenlty using ubuntu as their main os so I am hoping I can fully switch out of windows. BUt I will need to keep my windows instance for a bit
<ArchaicLord> just in case
<ArchaicLord> and I think I can' tplay  a few games on linux
<fallentree> ArchaicLord: WINE never ceases to amaze me how smoothly it can run some things :)
<ArchaicLord> yeah  I have dabled with it.. I have never been able to get it to run League of Legends
<ArchaicLord> which is ultimtly the one game I adore the most
<ArchaicLord> but agian there is a lot I dont understand about LInux and I can't retain the info either
<ArchaicLord> I was hoping once I got my ubuntu server up and running hosting my files to look into if i can package up my widnows as is and transfer it into a kvm inside ubuntu
<ArchaicLord> so for hosting files/ streaming music/dvds what would be ur suggestion?
<fallentree> suggestion for what?
<ArchaicLord> server application to host music, films and my own files
<ArchaicLord> so then i dont need to use spotify, google docs  and things
<fallentree> I wouldn't know what to suggest.
<fallentree> I don't deal with that kind of services
<ArchaicLord> no worries thought I would ask incase there is anything new
<ArchaicLord> well I am pleased I didn't have to trash the raid adn start again :D
<ArchaicLord> thanks again fallentree
<aoam> hello
<aoam> id like to ask, is it possible to set lxd containers to be separated (do not see each other) and see to internet, but not in the way when i setup /etc/network/interfaces, but setup /31 from lxdbr or somehow like that, thanks
<cpaelzer> aoam: you can create two bridges instead of only the default lxdbr0 and link them up to one or the other - would that suit your needs?
<aoam> im going to have more containers, maybe .. 80, isnt that problem?
<cpaelzer> aoam: no problem
<aoam> so it would setup per conteiner one bridge
<cpaelzer> aoam: I don't know the limit on bridges thou, but it should work
<cpaelzer> aoam: essentially you can have a script that sets up a custom bridge the way you want it, and then creates a lxd profile to link it up there to then start that container with that profile
<cpaelzer> aoam: but since I now read that you want to scale up but nothing see each other wI wondere if there is a better way
<cpaelzer> aoam: mayb not type bridge at all for the uplink - let me check
<aoam> iâv found that theres p2p nictype but it doesnt working when i set it up
<cpaelzer> well you get a virtual dev in the host that you then need to link up right?
<aoam> p2p: Creates a virtual device pair, putting one side in the container and leaving the other side on the host.
<aoam> https://github.com/lxc/lxd/blob/master/doc/containers.md
<cpaelzer> sure "leaving the other side"
<cpaelzer> I'd more think that macvlan might help - IIRC multiple macvlans don't see each other (only if the switch sends them back)
<cpaelzer> but that was on s390x OSA cards, other cards might shortcut and reflect the traffic (which usually is good but not for your case)
<aoam> iâv even tried macvlans but it has the same effect, conteiners cant see each other and also cant see to the internet
<aoam> so theres the only one possibility, to have per container one bridge and then connect them, thanks :/
<cpaelzer> aoam: more experienced container networkers might see a better one
<cpaelzer> stgraber: ^^ better solutions?
<cpaelzer> aoam: isn't that a better solution https://serverfault.com/questions/388544/is-it-possible-to-enable-port-isolation-on-linux-bridges ?
<aoam> wow? it seems that thats working ( ebtables --append FORWARD --logical-in vmbr1 --jump DROP )
<aoam> Yup, it works. Thanks
<aoam> also one more question, i cant find how to set ebtables pernamently after reboot
<ahasenack> is there an ebtables-save command, like there is for iptables?
<aoam> yes it is
<ahasenack> actually
<ahasenack> aoam: /etc/init.d/ebtables
<ahasenack> aoam: I *think* that if you call that with "save", it will automatically restore on the next boot
<ahasenack> that initscript has some interesting options
<ahasenack> case "$1" in
<ahasenack>   start)
<ahasenack>     [ "$EBTABLES_LOAD_ON_START" = "yes" ] && load
<ahasenack> you should edit /etc/default/ebtables to your liking
<aoam> i did /etc/init.d/ebtables save, and then enabled on start, thanks, it works :)
<aoam> its perfect guys, iâv lost with that a lot of time :) have a nice day
<ahasenack> \o/
<cpaelzer> aoam:  yw
<zetheroo> I have been trying to install Ubuntu 16.04 Server on a system with two identical HDD's in it. I want to setup softraid 1 but grub fails to install every time no matter how I have tried to do the partitioning - which includes following the official documentation https://help.ubuntu.com/lts/serverguide/advanced-installation.html
<cpaelzer> jamespage: starting to build the OVS 2.7 against the new DPDK that I'm prepping and testing - anything on the OVS changed to be aware of?
<jamespage> cpaelzer: don't think so - upstream took off the experimental status
<jamespage> but that's it
<cpaelzer> thanks jamespage
<cpaelzer> zetheroo: you install from a server CD like - http://releases.ubuntu.com/16.04.2/ubuntu-16.04.2-server-amd64.iso?
<mason> zetheroo: Any chance your disks came in formatted with GPT? If so and if you didn't change to legacy MBR, you'd have lacked a uefi_boot partition, which would certainly make GRUB fail. Of course, if you're actually running UEFI, that's a very different situation all by itself.
<zetheroo> cpaelzer: I installed by following the Ubuntu 16.04 'Ubuntu Server Guide' I linked to. That should work ... or!?
<ahasenack> zetheroo: it should, I tried that the other day on a VM with two disks and it worked just fine
<cpaelzer> zetheroo: sure, I just wanted to know from which iso (or whatever) to retry on a VM - also look for mason comment
<cpaelzer> ahasenack: thanks that lets me skip my test
<ahasenack> I created / and swap on raid, so in the end I had something like /dev/md0 and /dev/md1 (swap and /)
<zetheroo> cpaelzer: I am using the iso you linked to, yes
<ahasenack> zetheroo: someone else had a similar problem here a few weeks ago, in that case the issue was UEFI boot
<mason> ahasenack: A nifty trick if you're in the pre-ZFS world is to make one big RAID and cut volumes out of LVM sitting atop it.
<ahasenack> I think he disabled it and enabled legacy boot, then it worked
<ahasenack> mason: yeah, love lvm
<zetheroo> ahasenack: ok, will try that
<ahasenack> I have a mix here
<zetheroo> what's the benefit of UEFI actually?
<ahasenack> pass :)
<zetheroo> ok, well the USB stick (with Ubuntu Server install) is not booting with UEFI and neither are the HDD's
<zetheroo> I don't know if there is somewhere else that UEFI needs to be disabled from in the BIOS
<ahasenack> there should be a legacy mode
<ahasenack> but, I don't have hw with uefi, so I can't tell from experience
<zetheroo> for each device individually or ....?
<zetheroo> hmm
<ahasenack> in general I think
<dpb1_> yes, in general
<mason> zetheroo: Cleaner multibooting, possibility for SecureBoot.
<dpb1_> zetheroo: this answer is good: https://askubuntu.com/a/647604/7056
<mason> zetheroo: You should have a legacy mode available in any event.
<zetheroo> I am looking through the BIOS for legacy boot or something similar
<mason> zetheroo: Also, Ubuntu is fine running inside UEFI if you do want to run in the hardware's preferred mode. You simply have to partition accordingly.
<mason> zetheroo: Might also be called CSM
<zetheroo> mason: well that's the thing .. if I do the partitioning how I normally did it before (on the RAID device - Guided use all space) there is automatically an efi boot partition made .. so I thought that would work ...
<mason> zetheroo: To give you an idea of the possibilities, I'm running on UEFI right now with MD-RAID1 EFI System Partition and ZFS mirrored across a pair of LUKS block devices.
<mason> zetheroo: Yeah, if you let it partition, it should do the right thing.
<zetheroo> right, but grub fails to install at the end
<mason> If you manually partition, you'll want to be intimately aware of the requirements.
<mason> zetheroo: It fails when you allow it to partition on its own?
<zetheroo> well this is more automated than the documentation and it still doesn't work
<zetheroo> yes
<mason> zetheroo: My recommendation is to use dd if=/dev/zero across both disks. Let it start fresh and add a partitioning scheme, etc.
<zetheroo> well I can't find any legacy setting on this bios
<mason> Might be hard to find, but it probably has one. That said, UEFI works fine.
<zetheroo> mason, is this how you setup your softraid https://help.ubuntu.com/lts/serverguide/advanced-installation.html ?
<mason> zetheroo: No, I use LVM.
<zetheroo> ic
<mason> Well. I use ZFS. But I used LVM before that.
<zetheroo> One thing I notice is that I cannot change the bootable flag to 'on'
<zetheroo> I press enter and it remains 'off'
<mason> That's fine. That's a legacy setting.
<zetheroo> so leaving 'off' then
<mason> Should be fine.
<zetheroo> So this is what I have now http://tinypic.com/r/9ub2w6/9
<zetheroo> as per the documentation
<zetheroo> proceeding with the installation ...
<zetheroo> grub failed to install :(
<zetheroo> http://tinypic.com/r/339ocas/9
<mason> zetheroo: You need to nail down if you're in UEFI mode or not.
<zetheroo> any ideas?
<zetheroo> hmm
<mason> Your layout is fine for legacy booting
<mason> But if you're on GPT, it'll fail, and if you're on UEFI, it'll fail.
<mason> So: 1. dd if=/dev/zero of=yourdisk across both your disks prior to install, as then the installer will Do The Right Thing. 2. Make sure you're explicitly in legacy mode booting, because you'll have to do something quite different if you're booting UEFI.
<ArchaicLord> can any help me please.  I am in UK. My Broadband is supplied by BT. In order to use my  own router I have the BT Router set on network 1.254 I had to have my own router set on 0.1 so i beileve its a different subnet.        on the 0.1 network I have no a ubuntu web server which I want to host application like next cloud.    i am hoping i have set up ddclient to connect to my dynu account to update the ipaddre
<mason> If you've got GPT partitioning (dunno!) then you'd need to add a bios_grub partition to each disk as well as what you've got, for the combination of legacy booting on GPT. If you've got legacy booting on MBR you don't need this, and the wipe will make that happen.
<ArchaicLord> eg xxx.xxx.1.254 and xxx.xxx.0.1
<mason> If you've got UEFI, then you need GPT and you need an EFI System Partition, but not a bios_grub partition.
<mason> ArchaicLord: You don't want a separate subnet on a public space. You need NAT.
<ArchaicLord> mason: ok how and where do I learn to do this properly
<mason> ArchaicLord: https://help.ubuntu.com/community/Internet/ConnectionSharing maybe
<zetheroo> mason: it seems I have to change the SATA Mode to IDE (it's currently AHCI)
<mason> zetheroo: You shouldn't have to do that. I would in fact strongly advise against it.
<mason> zetheroo: While IDE counts as "legacy" for what it is, it's not the droid you're looking for.
<zetheroo> mason: SATA Mode Selection This item selects the mode for the installed SATA drives. The options are IDE, AHCI and RAID. SATA RAID Option ROM/UEFI Driver (Available if the item above - SATA Mode Select is set to AHCI or RAID) Select Enabled to use the SATA RAID Option ROM/UEFI driver for system boot. The options are Enabled and Disabled.
<mason> zetheroo: Maybe take some screenshots of your BIOS.
<mason> zetheroo: I don't think you want your BIOS doing RAID.
<ahasenack> +1, don't do that
<ArchaicLord> mason: my server points to xxxx.xxx.1.254 as its gateway
<zetheroo> screenshot coming
<mason> ArchaicLord: Okay. And you likely have a single IP assigned, and that IP is your window onto the world.
<zetheroo> my motherboard is X10slm-f btw
<mason> ArchaicLord: Anything behind your firewall will live on a private address space.
<mason> zetheroo: Doesn't ring a bell. Screenshots FTW.
<zetheroo> it's a Supermicro board
<zetheroo> screenshot coming
<zetheroo> http://tinypic.com/r/mhgi1k/9
<zetheroo> disable the 'SATA RAID Option ROM/UEFI Driver' ?
<compdoc> what a horrible website
<compdoc> is there a problem with youir drives?
<zetheroo> compdoc: not that I know of ... why?
<compdoc> ahci is a good choice, but raid also enables ahci, so Ive heard
<zetheroo> mason: wdyt?
<mason> zetheroo: looking
<zetheroo> k
<mason> zetheroo: Cab you catch each menu like that? It's going to be something further over to the right. Also, might help to reset to factory defaults. You don't want that BIOS RAID turned on.
<mason> And that BIOS knows about UEFI, so you'll need to clear that up.
<zetheroo> mason: I already tried restoring to 'Optimized Defaults'
<mason> zetheroo: Snag a snapshot of the screen that talks about boot options.
<zetheroo> ok
<zetheroo> http://picpaste.com/Screenshot_from_2017-05-17_17-14-33-IHys49Gx.png
<zetheroo> http://picpaste.com/Screenshot_from_2017-05-17_17-14-44-PMkToHau.png
<zetheroo> http://picpaste.com/Screenshot_from_2017-05-17_17-14-55-hsoqATaI.png
<mason> zetheroo: Maybe the security screen too?
<mason> I'd tend to expect what we want on the Boot screen (with boot options) but maybe it's on Security instead.
<zetheroo> nothing uefi-related in there ... but just a sec
<mason> On the plus side, the Boot screen shows the nice variety of UEFI boot manager.
<Pici> /25/
<zetheroo> Under Advanced there is Boot Feature
<mason> A picture is worth a thousand words.
<zetheroo> http://picpaste.com/Screenshot_from_2017-05-17_17-20-52-8FsoBv3K.png
<zetheroo> http://picpaste.com/Screenshot_from_2017-05-17_17-21-03-c42nZmdG.png
<zetheroo> this is the motherboard manual https://www.supermicro.com/manuals/motherboard/C222/MNL-1428.pdf
<mason> zetheroo: Yeah, not seeing it. Welcome to the world of UEFI, which you'll be using with that server! :)
<zetheroo> but I can't find anything which clearly says how to disable UEFI
<zetheroo> shit
<mason> It's not a bad thing.
<mason> UEFI works fine, and you've got one of the better boot management interfaces.
<zetheroo> but no documentation :P
<mason> Wait.
<mason> So, the Re-try Boot menu should have a legacy mode in it,.
<mason> try that
<zetheroo> ha
<zetheroo> Legacy or EFI boot
<mason> FWIW, I searched for "legacy" in the PDF you linked.
<zetheroo> doh
<mason> If that had turned up dry, the next search would be for "csb".
<mason> But do read more about UEFI someday. It's not at all bad.
<mason> Just different.
<zetheroo> will do ... some day ...
<zetheroo> so this should do the trick?
<mason> Leave a tip in the jar.
<mason> Maybe you'll have other issues, but this seems like a good start. You might still need to wipe the disks to get rid of GPT formatting, if it's there. The installer doesn't know how to deal with that gracefully.
<dpb1_> +1 on UEFI, it's worth learning about.  it's the way all servers are being built now.
<dpb1_> and desktops
<helpImStuck> is it ok to task questions regarding lxd/lxc here, running ubuntu server as host.
<helpImStuck> ask :)
<mason> helpImStuck: Sure. Sadly, I have no experience with lxd, but other folks probably do.
<zetheroo> well I don't mind using UEFI or whatever, so long as it doesn't mean installing an OS like Ubuntu suddenly takes all kinds of hoops to jump through that were not needed before :P cost vs benefit
<dpb1_> helpImStuck: you can, #lxcontainers might be a better community.
<helpImStuck> dpb1_, thanks :)
<nacc> how's bug squashing day going (/me just waking up)
<zetheroo> mason: when formatting the disk should I use GPT or MBR?
<mason> zetheroo: IIRC the installer doesn't give you an option, but if you're booting legacy, use MBR.
<mason> This is why I recommended wiping with dd to make sure. But give it a try.
<zetheroo> I booted into Ubuntu Live and used Disks to format the two disks .. the default was GPT - it seemed to say that GPT was for disks larger than 2TB ... ?
<mason> zetheroo: Alright, if you're using big disks, you *will* want GPT. The difference between the printed docs and what you want is that you'll format as GPT and have one bios_boot partition per disk.
<mason> bios_grub partition type is ef02 FWIW
<zetheroo> is that what that bios_grub thing is?
<mason> yes
<mason> You can give it 1MB and that'll be fine.
<zetheroo> I just don't get why each partition has to be it's own raid
<mason> per disk, as after install you'll want to make sure both disks are populated - see dpkg-reconfigure grub-pv
<mason> sorry, dpkg-reconfigure grub-pc
<mason> Each partition is a raid COMPONENT.
<zetheroo> why can't you just make one md device and then make all the partitions on the one raid device?
<mason> And normally you'd want to use LVM.
<mason> You can and should, but LVM is what lets you do this.
<zetheroo> and without LVM?
<mason> In the pre-ZFS world, one must use distinct tools for each layer.
<zetheroo> well I am trying now like this http://picpaste.com/Screenshot_from_2017-05-17_17-58-58-KS7WpFba.png
<nacc> Hey everyone! It's Ubuntu Server Bug Squashing Day #4! Planning at: http://pad.ubuntu.com/JxBHprOBVM
<mason> zetheroo: You might have an issue there. bios_grub needs to be on old metadata if you're doing it as RAID
<mason> zetheroo: You want to have one bios_grub per disk, not in the raid.
<mason> You can have it in a RAID, but that's a bit funkier than you might want at present. Ubuntu will handle populating it on two disks automatically, so you might as well let it.
<zetheroo> gah, I never had this kind of trouble with Raid1 before :P
<zetheroo> I just let the Guided option make what it wanted to on the Raid device
<robinwassen> Hi :)
<mason> The guided option did that?
<zetheroo> yes
<mason> Well. Try it then. Interesting.
<mason> If it blows up, go back to having one bios_grub per disk, outside of the RAID.
<mason> If it works, please mention that in here.
<zetheroo> I manually made a single partition on each disk to be used as raid devices, then made the md device using those two partitions, then let the Guided option make those partitions on the md device
<mason> Ah.
<mason> I'm betting it blows up then.
<mason> But we'll see.
<zetheroo> :D
<robinwassen> I would like to contribute to solving some bug in Ubuntu, but I don't know where to start. Anyone got a good guide on how the process looks?
<nacc> robinwassen: have you found a bug?
<robinwassen> I am a developer, but not very familiar with how the process looks when contributing to Ubuntu
<dpb1_> hey robinwassen :)
<nacc> https://bugs.launchpad.net/ubuntu/
<nacc> there are only 131659 to trawl through :)
<robinwassen> @nacc: https://bugs.launchpad.net/hundredpapercuts/+bug/1646025 I was thinking of this
<ubottu> Launchpad bug 1646025 in One Hundred Papercuts "libreoffice 5.1.6 for xenial" [Critical,Triaged]
<nacc> robinwassen: cool
<robinwassen> Seems easy enough
<nacc> heh
<nacc> libreoffice is ... never easy
<nacc> but this one might be, if it's just a dotrelease
<robinwassen> Ah, thought it was a stable release of libre and the reference of what version to install as default just had to be updated
<nacc> robinwassen: no, i think they mean the version packaged in 16.04 needs to be updated
<nacc> but i see 5.1.6~rc2 is in xenial-updates and xenial-security
<nacc> mdeslaur: --^ do you know if the security team is going to do a 5.1.6 full release?
<robinwassen> @nacc: Can you link to where you saw that? :)
<nacc> robinwassen: the versions? there are two ways: http://pad.lv/u/libreoffice near the bottom and 2) the `rmadison` tool
<mdeslaur> nacc: rc2 is the final release
<robinwassen> Thanks
<nacc> mdeslaur: oh ok, so that bug should be closed then?
<mdeslaur> nacc: yes
<nacc> mdeslaur: thanks
<nacc> robinwassen: you did it! :)
<robinwassen> @nacc: It solved itself? :)
<robinwassen> By being included in a patch? :D
<nacc> robinwassen: well, it's confusing why one task is fix released and one is not
<nacc> i don't really understand the mgmt of the one hundred papercuts project
<nacc> dpb1_: do you?
<dpb1_> nacc: nope
<dpb1_> :/
<nacc> dpb1_: sorry, killed my screen :) -- yeah, ok
<robinwassen> Any chance that you can point me in the right direction of solving some other bug?  :)
<nacc> robinwassen: probably server bitesize is good
<robinwassen> Like finding a suitable bug and then point to where I find the source repository that contains it
<ahasenack> https://goo.gl/H66PTQ bite-sized bugs
<nacc> robinwassen: we can talk about the latter generically as well
<nacc> ahasenack: thanks!
<nacc> robinwassen: so given a src package we have a couple of optoins (note that lp bugs are always against src packages)
<nacc> robinwassen: easiest for now is `pull-lp-source <srcpkgname>`
<ahasenack> logwatch has some simple ones, but it's a config issue, not something that requires development
<robinwassen> @ahasenack: The easier the better I guess at this point, I just need to get the workflow to start with, that is the challenging part.
<zetheroo> mason: check this out ... the layout on the 10th minute https://youtu.be/kfuByWYDlhI
<ahasenack> right
<zetheroo> mason: there raid devices ... one of which is for boot
<zetheroo> three*
<zetheroo> http://picpaste.com/Screenshot_from_2017-05-17_18-18-03-2tOQeeaV.png
<mason> zetheroo: That's different, as the BIOS can see something that looks like its regular partition.
<mason> Not all inside one RAID
<zetheroo> yeah
<zetheroo> it's different than the documentation as well
<mason> zetheroo: Note that he's on MBR partitioning, with smaller disks that don't need GPT.
<mason> This is a critical difference.
<zetheroo> how do you know it's MBR though?
<mason> zetheroo: Size and lack of bios_grub
<zetheroo> he remakes empty partitions on the disks and is not asked what type he wants ... which is just like here
<mason> You don't have to believe me, of course. :P
<zetheroo> well bios_grub is made by the Guided option .. he did everything manually
<mason> Well, give it a try. Can't hurt to see what happens.
<nacc> robinwassen: would you like my 7 step (or so) guide to fixing a package?
<nacc> let me right it a bit more clearly
<dpb1_> robinwassen: I would
<zetheroo> mason: ok, my previous attempt failed :)
<dpb1_> er
<dpb1_> nacc: I would
<dpb1_> :)
<robinwassen> @nacc: I would love it ! :D
<zetheroo> mason: so last try here ... going to make a bios_grub on each disk
<zetheroo> 100MB should be enough ... or?
<mason> zetheroo: 1MB will be enough.
<mason> zetheroo: 100 would be a bit of a waste
<zetheroo> :)
<mason> Also, you don't need a separate /boot if you're not using encryption.
<nacc> dpb1_: robinwassen: http://paste.ubuntu.com/24593656/
<nacc> i think that's right
<nacc> robinwassen: we are working on a git-based workflow that wraps some of this up, but even there, 2)-5) will be the same process
<nacc> robinwassen: just with git commits rather than having to remember what you did :)
<zetheroo> mason: ok, how does this look? http://picpaste.com/Screenshot_from_2017-05-17_18-40-45-gaBQ9rhK.png
<patdk-lp> 1MB is normally enough, depends
<patdk-lp> but you have to be doing something really really odd with grub
<mason> zetheroo: Looks good from here.
<zetheroo> k
<zetheroo> going to give it a try
<mason> BTW, if you ever actually use all that swap you'll be deeply unhappy with life. :P
<zetheroo> yeah
<zetheroo> I don't care at this point :P
<zetheroo> already so unhappy :D
<robinwassen> @nacc: Correct me if I am wrong, a normal workflow is to include patches that are applies on packages rather than fixing the problem directly in the package itself?
<robinwassen> (my interpretation of quilt patches)
<nacc> robinwassen: that's what `dpkg-source --commit` does
<nacc> robinwassen: yeah
<nacc> robinwassen: in some future world (we are working to create) the difference between the two optoins will be managed by tooling
<nacc> robinwassen: and you can provide us just your changes however you want and we'll figure it out
<nacc> robinwassen: not sure if that addressed your question or not, i guess
<robinwassen> I would guess these patches makes it quite a challenge to update versions of the package released by the author :)
<robinwassen> I think I understand now :)
<nacc> robinwassen: you mean like the upstream version?
<robinwassen> yep
<nacc> robinwassen: right, so one of the steps on every upstream bump is to refresh patches
<nacc> robinwassen: which often includes dropping them (if fixed upstream)
<nacc> robinwassen: or, in our case, if debian has picked them up, we don't need to keep them separately ourselves
<clandest> Hello. I am trying to access my local web server that i have running on my Ubuntu machine from other computers on my network with my Ubuntu's network ip address. I have the server ruinning on 127.0.0.1:8080, i added 192.168.1.22 to my /etc/hosts file but i still cant access the network address even on the ubuntu machine. Would anyone know how i can go about configuring this so that I can access my
<clandest> local webserver on my network computers? THank you
<dino82> nginx or apache
<nacc> clandest: --^
<nacc> clandest: um, if you have the server listening explicitly on 127.0.0.1:8080, then it won't listen on another address
<clandest> dino82: nacc: tyvm.. I didnt think i would have to use nginx locally, thought there would be an easier way without other programs. but ill try nginx
<dino82> Yeah that's your issue, only the machine running the instance will be able to hit it
<nacc> clandest: you want :8080 to listen on all addresses at that port (iirc)
<nacc> *all interfaces' addresses
<clandest> and nginx is prolly the easiest way to achieve that?
<nacc> clandest: also, dino82 wasn't saying to use nginx, they were asking what you were using?
<nacc> clandest: no, it's a basic web server decision
<dino82> You can use whatever you are comfortable with
<nacc> clandest: you have told your webserver (based upon what you described) to *only* listen on 127.0.0.1
<nacc> clandest: therefore, it doesn't matter about anything else, it will only listen on 127.0.0.1
<dino82> Sorry, I need to be more verbose with my questions, heh
<nacc> dino82: :)
<zetheroo> mason: well that seems to have worked
<zetheroo> grub installed and system is booting
<mason> zetheroo: \o/
<mason> zetheroo: So, the time you spent before was NOT wasted. You learned stuff, and you didn't take it on faith.
<zetheroo> indeed
<mason> zetheroo: Now, your next projects are to mess with UEFI and learn ZFS.
<dpb1_> robinwassen: part of the bug fixing process in ubuntu is possibly filing a bug on the debian package (if it exists), and then upstream on the source package, if the bug originates there.
<nacc> dpb1_: oh true, that's a good point, meta tasks that should be at the top
<dpb1_> robinwassen: did you find a bug yet to work on?
<robinwassen> @dpb1: Thanks, it feels like submitting the patch to upstream is at least mandatory :)
<zetheroo> mason: when ZFS is an option during Ubuntu install ....
<zetheroo> harhar
<dpb1_> robinwassen: usually.  unless the bug is in the package!!  lol
<robinwassen> @dpb1_ No luck in finding a bug yet, I am trying to navigate through the huge list!
<mason> zetheroo: It can be an option (for servers) if you use the graphical installer.
<robinwassen> Haha
<mason> zetheroo: It's what I use.
<dpb1_> robinwassen: same here actually
<zetheroo> mason: graphical installer for Ubuntu Server?
<dpb1_> ahasenack: do you have pointers?
<mason> zetheroo: It's the desktop installer, but it gives you access to things like ZFS. You do an install by hand.
<ahasenack> about what?
<zetheroo> ok
<robinwassen> dpb1_: It is easier said than done, and I don't feel like grabbing a bug like "compiz freezes sometimes" :)
<ahasenack> bugs? I suggested the logwatch ones in the bite-sized list
<mason> zetheroo: Want to see simple partitioning for a root/boot disk? Here: https://bpaste.net/show/489876e780f2
<zetheroo> mason: well thanks for all your help.
<robinwassen> @ahasenack: Where do I find that one?
<nacc> robinwassen: only 12 bugs in https://goo.gl/H66PTQ
<mason> zetheroo: What you don't see from that is that the EFI partition is on RAID, and that root0 is LUKS with half a ZFS mirror inside.
<mason> zetheroo: My pleasure.
<nacc> dpb1_: https://goo.gl/H66PTQ
<ahasenack> https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705, https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583706, https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1578004
<nacc> that's the bitesize list
<ubottu> Launchpad bug 1583705 in logwatch (Ubuntu) "unmatched entries for postfix" [Undecided,New]
<ubottu> Launchpad bug 1583706 in logwatch (Ubuntu) "unmatched entries for rsyslogd" [Undecided,New]
<ubottu> Launchpad bug 1578004 in logwatch (Ubuntu) "unmatched entries for courier" [Medium,New]
<mason> I should have named is esp0. Oh well.
<mason> s/is/it/
<robinwassen> Thanks @ahasenack and @nacc
<ahasenack> robinwassen: if you are familiar with some service, you could search for bugs against that service too
<nacc> robinwassen: yeah, that's the other suggestion i'd have, if you have tools you use, or projects you have familiarity with, start there
<CarlenWhite> I lost understanding of what this script I have that is doing backups to the point I'm looking up into the sky and going, "It's fuckin' magic."
<CarlenWhite> Script in question. https://pastebin.com/cmkTKaQj
<Seveas> CarlenWhite: it's doing an unneeded cp, rsync can do this as well using --link-dest. Other than this is a perfectly reasonable simple backup script
<CarlenWhite> On the page talking about this method mentioned a problem with rsync's --link-dest
<CarlenWhite> But I'll keep the cp to do what it does best and what rsync does best.
<CarlenWhite> But I guess I'm pretty tripped up on how hardlinks are being made and how modified files are being done.
<CarlenWhite> I kinda understand how it might be working when files are deleted. Pretty much hardlink after hardlink is removed until the physical file is no longer reference and marked for free space.
<CarlenWhite> But for how file modifications are done is screwing with my head.
<CarlenWhite> Oh!
<CarlenWhite> rsync!
<CarlenWhite> It's the one that will create a new inode when a file is modified.
<CarlenWhite> It all makes sense now.
<CarlenWhite> Wait does it even do that?
<dino82> <3 rsync
<CarlenWhite> Oh. Does rsync remove a file and then replace it if it needs to update it?
<CarlenWhite> Because if it's doing that, then it'll pull a new inode to use for the updated file.
<CarlenWhite> For a moment I thought rsync would zero-byte the file and refill with updated data.
<andol> CarlenWhite: The default is to rename/replace, but you can also get the overwrite behave by using the --inplace flag
<CarlenWhite> Which I don't want at all otherwise each instance of myfile.txt in the rotating backup would be replaced with a updated version.
<CarlenWhite> Assuming myfile.txt was there for the past 7 days and I decided to change something.
<CarlenWhite> Since myfile.txt from backup.0 to 6 would be sharing the same inode.
<CarlenWhite> If rsync did a inplace update, it'd update the file with the same inode and ruin previous backups.
<hallyn> rbasak: (bc i don't see nish here) i would like to formally suggest that server team meeting notes always be pasted in the email in plain text, rather than only having a link.
<nacc> hallyn: what's up?
<nacc> hallyn: sure that can be done
<nacc> we got lazy :)
 * CarlenWhite quickly updates the backup script with the information so he doesn't have blow his mind again.
<CarlenWhite> Quick question, I presume the OS will watch when all hardlinks to the physical location of a file are removed and mark it for free space when it is no longer referenced?
<hallyn> nacc: oh sorry :)  looked for wrong nic :)
<nacc> hallyn: np
<nacc> hallyn: i'll bring it up in our team mtg to make sure we do both
<hallyn> nacc: anyway, i'm probably the only one left reading email with mutt and not wanting to click the link to read the contents :)  kernel team does the same thing,
<hallyn> nacc: awesome, thanks.
<nacc> hallyn: are you ok if the text is c&p of the link contents?
<hallyn> yup
<nacc> hallyn: ok, np
<mason> Hey, generic question... EL has "yum provides" to identify what package provides something I don't have installed. Is there an equivalent for apt in Xenial and newer?
<nacc> mason: is provides for package names?
<mason> nacc: Not package names... Files inside packages.
<hallyn> mason: dpkg -S /bin/ls
<nacc> mason: apt-file
<mason> hallyn: That's only for installed packages.
<mason> nacc: Looking.
<nacc> mason: dpkg for installed stuff, apt-file for archive
<hallyn> mason: yup
<mason> Is apt-file essentially the same as apt-cache?
<nacc> mason: no
<nacc> mason: unrelated beyond both being apt- :)
<mason> heh, kk
<nacc> mason: apt-cache searches your apt cache
<mason> populating now
<nacc> mason: apt-file searches a package contents list
<mason> alright
<mason> I was looking for nslookup earlier, and I found it, but it occurred to me that I didn't know how to search properly.
<mason> Cool, apt-file works nicely.
<mason> t
<nacc> mason: also, command-not-found will tell you the right thing generally for commands; arbitrary files you need apt-file
<mason> ty*
<nacc> mason: np
<mwhahaha> jamespage: sahara-common missing from pike?
<mwhahaha> jamespage: looks like sahara in general http://logs.openstack.org/70/465670/1/check/gate-puppet-openstack-integration-4-scenario003-tempest-ubuntu-xenial-nv/87bfe0c/console.html#_2017-05-17_17_09_07_591919
<Aison> hello
<Aison> what may be a reason that smbd almost always run at 100% cpu usage
<ahasenack> Aison: check with smbstatus if it's tied to a particular user
<Aison> ahasenack, there is no locked file, no user, etc..
<ahasenack> Aison: just a lone smbd process at 100%?
<Aison> yes
<ahasenack> check the samba logs then, and if they show nothing useful, increase the verbosity
<nacc> if that doesn't help, Aison, you might strace the smbd process and see what it's actually doing
<rbasak> hallyn: I'll pass that on, thanks. Nice to know that >0 people care :)
<hallyn> :)  thanks
<Aison> ahasenack, nacc with log level 4 I don't see anything in the logs
<ahasenack> then strace it
<nacc> yeah, i think strace is the next step
<ahasenack> strace -f -o output -p <pid>
<ahasenack> something like that
<ahasenack> leave it a bit, then ctrl-c and inspect the output file
<ahasenack> Aison: besides the 100% cpu usage, is it working normally?
<Aison> ahasenack, yes
<Aison> works normally
<nacc> if it is pegging the cpu, it'll be quite noisy, but ideally you can see it maybe busy-waiting for a file/lock or something
<nacc> or determine what loop it's in
<ahasenack> Aison: wait a sec, with log level 4, you don't see anything *relevant* in the logs, or no logs at all?
<Aison> I mean, it is a 32core machine, and all cores are somehow in use when samba is running  ^^
<Aison> that's not normal
<Aison> ahasenack, there are logs, but they are not growing
<ahasenack> Aison: maybe there is a config change you are not aware of that is sending them elsewhere? Are the logs you see current? Or from the last time it was restarted?
<ahasenack> testparm -s can be used to show a dump of the config, with no comments (i.e., it's short)
<Aison> yes, they are current. I deleted everything in /var/log/samba and then started again. The logs are created
<Aison> 10 seconds strace creates a 10mb log file
<Aison> err, 5 seconds
<ahasenack> :)
<ahasenack> it's definitely busy
<ahasenack> you could also try higher log levels perhaps, I don't remember how far up they go
<ahasenack> but inspect that strace output, look for repeated patterns
<Aison> that's it: https://people.alvhaus.ch/~ivost/samba.log :)
<ahasenack> what's /var/log/samba/log.2a02_168_200f_100__2_1, is 2a02_168_200f_100__2_1 an actual machine name?
<ahasenack> it's "almost" something like 192.168.200.100 :)
<ahasenack> ipv6 also came to mind :)
<ahasenack> yeah, ipv6
<ahasenack> 2a02:168:200f:100::2
<Aison> 2a02:168:200f  is my ipv6 prefix
<ahasenack> that file is opened several times, does it not contain anything useful?
<Aison> and 2a02:168:200f:100::2 is the IP of the samba server
<Aison> no, filesize is 0
<webnar> hi
<webnar> someone there?
 * mason hides in the corner.
<nacc> webnar: sure, just ask your question
<ahasenack> Aison: can you post your smb.conf (output of testparm -s)? Sanitize at will if needed
 * dpb1_ points at mason
<webnar> Ok i'm a basix ubuntu server user so thats why i drop my question here. I had a NAS running ubuntu server 14.04 (was working great). I have upgraded to server 16.04. But now i have issues with my RAID.
<webnar> Can that be a driver issue or something?
<webnar> Its working until x hours and then 4 drives get dropped out of the raid. Rebooting fix everything.
<webnar> ut it are 4 drives connected to my sata controller
<webnar> the other drives are on the onboard controller
<nacc> webnar: any messages in the kernel logs when the disks dropped?
<ahasenack> Aison: do you have something on that server itself connecting to it maybe? I see a ton of accepted connections from itself, if I'm reading that right
<webnar> no there just gone
<webnar> also in fdisk
<nacc> webnar: did you check `dmesg`? disks don't generally silently disappear from the kernel
<webnar> yes i checked but i really have no clue where to look for.
<ahasenack> search for the disk device names
<ahasenack> something like sda usually, but could be sometihng else
<ahasenack> (in dmesg, that is)
<nacc> webnar: or pastebin the output
<nacc> webnar: but it's only relevant if you're in the failed state
<nacc> if you've rebooted, `dmesg` won't help
<nacc> you'd need to look in /var/log/syslog or so
<webnar> i'll post the output when it drops the hd's but still its strange there all on the same controller.
<ahasenack> webnar: is it software raid? aka, mdadm?
<webnar> yes
<ahasenack> webnar: and these are just storage, you have another disk for /, swap, etc?
<webnar> these are just storage
<webnar> yes os is on seperate ssd
<webnar> harddisks show no failures
<nacc> webnar: right so i'm thinking the driver barfed (maybe) and dropped the controller
<nacc> webnar: without logs, though, it's hard to know
<nacc> webnar: did you look at the old logs (or look for them)
<webnar> where to find old logs?
<webnar> i only have one dmesg log not a .0 version
<nacc> webnar: look in syslog
<webnar> is see dozen of these messages every second of the day in the syslog:
<webnar> May 17 06:26:12 MediaServer systemd[6908]: dev-disk-by\x2dpartlabel-primary.device: Dev dev-disk-by\x2dpartlabel-primary.device appeared twice with different sysfs paths /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/ata10/host9/target9:0:0/9:0:0:0/block/sdj/sdj1 and /sys/devices/pci0000:00/0000:00:17.0/ata2/host1/target1:0:0/1:0:0:0/block/sdb/sdb3
<webnar> May 17 04:09:53 MediaServer mdadm[29886]: Fail event detected on md device /dev/md0, component device /dev/sdj1
<webnar> May 17 04:09:53 MediaServer kernel: [141885.926279] md/raid:md0: Disk failure on sdj1, disabling device.
<webnar> May 17 04:09:53 MediaServer kernel: [141885.928506] md/raid:md0: read error not correctable (sector 1642918560 on sdj1).
<webnar> May 17 04:09:53 MediaServer kernel: [141886.456458]  disk 5, o:0, dev:sdj1
<dpb1_> webnar: can you replace that disk?
<dpb1_> it would be my first course of action
<webnar> its not 1 there 4 disk failing at the same time.
<webnar> all 4 that are on a seperate sata controller
<dpb1_> how many total on the array
<webnar> 1 of the 4 is even a SSD drive(this one is not in the raid)
<webnar> 6 total of array
<dpb1_> ah, even disks not on the raid, gotcha
<webnar> 3 on this controller and the other 3 onboard controller
<dpb1_> and that controller is internal?
<webnar> the failing one is a pci controller
<webnar> But it just happend after upgrading to server 16.04
<dpb1_> what is the controller
<dpb1_> lspci should show it
<webnar> 01:00.0 SATA controller: Marvell Technology Group Ltd. 88SE9230 PCIe SATA 6Gb/s Controller (rev 11)
<dpb1_> webnar: you say it's working "fine" for 4 hours
<dpb1> do you still get error messages in syslog when it's working fine?
<webnar> sometimes it can be 4 other times its a few minutes last time it took almost day.
<webnar> yes
<webnar> its working now and i get this:
<webnar> May 17 21:37:53 MediaServer systemd[1]: dev-disk-by\x2dpartlabel-primary.device: Dev dev-disk-by\x2dpartlabel-primary.device appeared twice with different sysfs paths /sys/devices/pci0000:00/0000:00:17.0/ata5/host4/target4:0:0/4:0:0:0/block/sde/sde2 and /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/ata10/host9/target9:0:0/9:0:0:0/block/sdj/sdj1
<webnar> there maybe 50 of those on the same second for drive sdj only
<sarnold> systemd just spews those
<sarnold> you've got a lot more than I do though
<dpb1> webnar: but what about the mdadm and kernel errors.  ignore the systemd ones for a sec
<webnar> May 17 04:08:31 MediaServer kernel: [141804.131926] ata8.00: exception Emask 0x0 SAct 0xc SErr 0x0 action 0x6 frozen
<webnar> May 17 04:08:31 MediaServer kernel: [141804.131948] ata8.00: failed command: WRITE FPDMA QUEUED
<webnar> May 17 04:08:31 MediaServer kernel: [141804.131962] ata8.00: cmd 61/08:10:18:10:80/00:00:02:00:00/40 tag 2 ncq 4096 out
<webnar> May 17 04:08:31 MediaServer kernel: [141804.131962]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
<webnar> May 17 04:08:31 MediaServer kernel: [141804.131993] ata8.00: status: { DRDY }
<webnar> May 17 04:08:31 MediaServer kernel: [141804.132001] ata8.00: failed command: WRITE FPDMA QUEUED
<webnar> May 17 04:08:31 MediaServer kernel: [141804.132014] ata8.00: cmd 61/08:18:38:16:80/00:00:02:00:00/40 tag 3 ncq 4096 out
<webnar> May 17 04:08:31 MediaServer kernel: [141804.132014]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
<webnar> May 17 04:08:31 MediaServer kernel: [141804.132045] ata8.00: status: { DRDY }
<webnar> May 17 04:08:31 MediaServer kernel: [141804.132054] ata8: hard resetting link
<webnar> May 17 04:08:37 MediaServer kernel: [141809.504148] ata8: link is slow to respond, please be patient (ready=0)
<webnar> May 17 04:08:41 MediaServer kernel: [141814.160288] ata8: COMRESET failed (errno=-16)
<webnar> May 17 04:08:41 MediaServer kernel: [141814.160342] ata8: hard resetting link
<webnar> May 17 04:08:47 MediaServer kernel: [141819.524401] ata8: link is slow to respond, please be patient (ready=0)
<webnar> May 17 04:08:51 MediaServer kernel: [141824.180491] ata8: COMRESET failed (errno=-16)
<webnar> May 17 04:08:51 MediaServer kernel: [141824.180546] ata8: hard resetting link
<webnar> May 17 04:08:57 MediaServer kernel: [141829.548697] ata8: link is slow to respond, please be patient (ready=0)
<webnar> May 17 04:09:02 MediaServer kernel: [141835.108908] ata10.00: exception Emask 0x0 SAct 0xe0000 SErr 0x0 action 0x6 frozen
<webnar> May 17 04:09:02 MediaServer kernel: [141835.108986] ata10.00: failed command: READ FPDMA QUEUED
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109042] ata10.00: cmd 60/00:88:00:30:39/04:00:0b:00:00/40 tag 17 ncq 524288 in
<mason> webnar: Maybe try bpaste.net
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109042]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109169] ata10.00: status: { DRDY }
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109206] ata10.00: failed command: READ FPDMA QUEUED
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109258] ata10.00: cmd 60/00:90:00:f4:ec/08:00:61:00:00/40 tag 18 ncq 1048576 in
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109258]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109386] ata10.00: status: { DRDY }
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109421] ata10.00: failed command: READ FPDMA QUEUED
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109473] ata10.00: cmd 60/a0:98:00:fc:ec/06:00:61:00:00/40 tag 19 ncq 868352 in
<ahasenack> webnar: might be silly, but you should check for loose sata cables
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109473]          res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)
<mason> webnar: This kind of paste often results in a temporary kick for flooding.
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109600] ata10.00: status: { DRDY }
<webnar> May 17 04:09:02 MediaServer kernel: [141835.109639] ata10: hard resetting link
<webnar> so i guess it started to stop working from that point
<webnar> before that there are no erros
<webnar> and from that moment its full of those errors
<webnar> yes tried the sata cables and power. But the only thing i noticed was the fact the 4 failing drives are on the pci sata controller
<dpb1> webnar: if it were me, my next course of action would be to replace the controller
<ahasenack> yeah
<ahasenack> all drives failing at the same time doesn't happen, unless they are rebuilding the array (that causes extra stress)
<dpb1> you've narrowed it down pretty well, I'd say.
<webnar> yes but wouldn't it be something with ubuntu 16.04 because it only happend after the upgrade
<webnar> https://bpaste.net/show/a66f06183190
<webnar> after reboot everything works again
<ahasenack> webnar: if you think it's some driver, you could boot the previous ubuntu with a live-cd, mount the array and leave it be for a while, see if it also encounters the same problem
<ahasenack> or install a newer kernel in 16.04 using the hwe series
<ahasenack> but so far all points at a hardware problem
<dpb1> webnar: you might find this thread interesting... https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700975
<ubottu> Debian bug 700975 in src:linux "linux-image-3.7-trunk-amd64: Marvell 88SE9230: Freaks out and drops all disks if sent SMART command during RAID rebuild" [Normal,Open]
<dpb1> webnar: I know it's old
<genii> Hm, 3.7
<dpb1> end result was a recommendation against that controller, and a list of ones with better kernel support: http://blog.zorinaq.com/from-32-to-2-ports-ideal-satasas-controllers-for-zfs-linux-md-ra/
<sarnold> oh man I spent -days- on that blog post :)
<webnar> But the recommended controllers most of them are very outdated.
 * dpb1 nods
<sarnold> it is from 2012 or something.
<webnar> Hmm i'll try to install 14.04 first and check if it still works with 14.04 like it always did
 * ppetraki catching up on sata errors
<ppetraki> webnar, so umm, how old are these ssds?
<webnar> few months
<webnar> just installed server 14.04
<ppetraki> webnar, you haven't written like 50TiB of data in the meantime have you?
 * ppetraki suspects not
<bindi> why 14.04
<webnar> 14.04 was working perfectly before the issues
<Aison> ahasenack, [2017/05/17 22:48:09.606627,  4] ../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
<Aison> this is the log entry that is written endless
<webnar> if i check loggin now there are no errors
<ahasenack> Aison: is that part of a panic?
<Aison> so samba stays at 100% cpu usage
<ppetraki> webnar, scsi error handler is pretty thorough. if it can't recover a drive something is really wrong
<Aison> ahasenack, no idea :-(  these entries are repeated: https://pastebin.com/GJ50YHu8
<webnar> yes but before i got the 50 errors a sec on ubuntu 16.04 just installed 14.04 now and no errors in my syslog anymore.
<ahasenack> Aison: what was the logging level before, 0? Or has it always been at 4?
<webnar> raid is up and clean
<ahasenack> webnar: that could also be because of the reboot, right?
<ppetraki> marvell controller, ok not my favorite but this is a well travelled solution.
<ahasenack> if it stays like that for a few hours, under load/usage, then yes, this is good info
<Aison> ahasenack, before it was 0 (testparm always removed log level)
<Aison> now it is 4
<ppetraki> webnar, it's possible that your combination of drive and controller is making a bug pop up in 16.04
<ppetraki> webnar, those are hard errors being reported
<ppetraki> webnar, that or you got hit with a power spike and everything is compromised
<ahasenack> Aison: maybe 4 is too much detail already
<Aison> with log level 10 over 100mb/s of log file is written :P
<ahasenack> yeah, stay away from that :)
<webnar> I'll post a update on the status after some time. i'll let it run for now. Powerspike i don't think the NAS is on a UPS.
<ahasenack> although that shows that connections to the server are being made
<ahasenack> try 3, then 2, 1
<ppetraki> webnar, yeah I'm catching up on the rest of your logs
<ahasenack> and check smbstatus again
<ppetraki> webnar, I think you found a bug, stuff like this is so simple it shouldnt even happen
<ppetraki> webnar, you on amd or arm?
<Aison> ahasenack, here with log level 3 :) https://pastebin.com/aeFdYEf5
 * ppetraki nm amd
<ppetraki> yeah, weird
<webnar> intel
<ppetraki> so... intel cpu and marvel sata controller?
<webnar> yes
<ppetraki> onboard?
<webnar> pci
<ahasenack> Aison: still doesn't ring a bell
<ppetraki> oh ok
<ppetraki> could you move these the onboard and try 16.04 again? that would tell us for sure its a driver issue
<webnar> all other drives are onboard. and the half of the drives from the raid
<ppetraki> oh ok
<webnar> the 3 onboard drives keep running. The 3 PCI sata controlled drives stop. There is a fourth harddisk on the controller download SSD drive
<webnar> that SSD also stops working.
<webnar> there is no raid or something on the SSD
<Aison> ahasenack, maybe it is related to ldap?
<ahasenack> well, talk about a wrench in the gears
<ppetraki> webnar, yeah this is just dumb simple io having a bad day. most basic functionality
<ahasenack> Aison: did you check the pure smbd logs as well, or just the log.<machine> files? There should be a log.smbd file too iirc
<ppetraki> webnar, this marvell thing is finicky. you can file a bug ... or dump it with a basic lsi or atto and move on with life
<ppetraki> webnar, you can try reducing the link speed on the driver down to 3G in the hopes it will reduce the probability of this event. which will also reduce you to about 250MB/s.
<ppetraki> webnar, other than that I don't have any quick fixes for you. sorry :(
<webnar> anyway thanks for the help.
<webnar> sudo make
<webnar> srry wrong screen
<ppetraki> :), np
<nacc> smoser: around?
#ubuntu-server 2017-05-18
<cpaelzer> good morning
<cpaelzer> jamespage: of course openvswitch 2.7 atm FTBFS in artful for something around python
<cpaelzer> jamespage: I'll open a bug and work on it, I'll let you know if I need anything
<cpaelzer> jamespage: but take a look and let me know if this looks like a known issue - IIRC you had python issues around pike last week?
<jamespage> cpaelzer: hmm odd - obs did not see that when I did the ovs 2.7.0 uploads a few weeks back
<jamespage> the C extension thing is a know problem - there is a bug report for that
<jamespage> I did spend some time trying to fix that but did not get to a resolution
<jamespage> mwhahaha: its an installability problem due to new sqla
<jamespage> python-sahara : Depends: python-sqlalchemy (< 1.1.0) but 1.1.9+ds1-0ubuntu2~cloud0 is to be installed
<jamespage> fixing that this morning
<zetheroo> yesterday I setup this server with Raid1 and something I noticed is that it's very very slow
<zetheroo> disk activity LED is constantly lit up
<bhuddah> is it still syncing, zetheroo ?
<zetheroo> top shows md1_resync at the top
<zetheroo> under that is md1_raid
<bhuddah> zetheroo: "cat /proc/mdstat" for the status of the sync
<zetheroo> bhuddah: ah ok ... resync at 10.1%
<bhuddah> zetheroo: you can change the speed of the resync or you can just simply wait until it's done. performance will be back to normal then.
<zetheroo> ok, thanks .. I'll just wait
<zetheroo> it's still usable .. just a bit sluggish
<fishcooker> is ubuntu have list like this https://packages.debian.org/stable/
<hateball> !packages | fishcooker
<ubottu> fishcooker: You can browse and search for Ubuntu packages using !Synaptic, !KPackageKit, !Muon, "apt-cache search <keywords or regex>", or online at http://packages.ubuntu.com - Ubuntu has about 30000 packages available, so please *search* for an official package before installing things in awkward ways!
<fishcooker> should we service cron reload/restart after editing the executable file of the cronjob?
<zetheroo> is there a nifty command which could accomplish the following?
<zetheroo> remotely (via ssh) change a line of text in a specific file on multiple hosts
<andol> zetheroo: The lightweight solution: for nodename in hostname1 hostname2 hostname3; do ssh $nodename "sed -e '....' -i /path/to/file"; done
<andol> zetheroo: Or if you want to put a bit more investment into, familiar yourself with a tool like Ansible.
<zetheroo> andol: ok thanks!
<zetheroo> we are actually in the process of getting things setup with Ansible ... but just not quite there yet ;)
<kaushal> Hi
<andol> zetheroo: A piece of advice is to start small, and be satisfied with Ansible initially just being used for something minor. That way you get a feel for the tool, making it easier to take the next step.
<kaushal> I am unable to start mysql on Ubuntu 15.10 server
<kaushal> pastebin here -> https://paste.ubuntu.com/24598515/
<smoser> nacc, here now. sorry.
<andol> kaushal: Doesn't look like a fresh install? So, what did you change which broke it?
<andol> kaushal: Kind of looks like you already have an instance running, trying to start a new mysqld on top of it?
<kaushal> andol: ok
<andol> ..which doesn't have to be the case, but it's an easy thing for check for.
<nacc> smoser: np, was going to be about your lp-user stuff, but i think i had a reasonable workaround
<nacc> smoser: and the bikeshedding will resolve it
<smoser> nacc, other than it always being a bad idea to drop code that *I* wrote, i think its ok :)
<smoser> nacc, i think there is a fair amount of things that fit into a 'git lp' subcommand.
<dpb1> :)
<smoser> like my add-remote-user, and also i have a 'git-lp-url'
<smoser> $ git-lp-url
<smoser> https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+ref/bug/1683038-ec2-no-warn-on-explicit
<nacc> smoser: yeah, i was thinking about that too in the end
<nacc> smoser: just didnt' have time before EOD to implement :)
<carpenike> Is it possible for JuJu to ignore the IPv6 check at bootstrap? I have an unmanaged network and not able to bootstrap JuJu as a result. IPv6 has been disabled on the parent interface.
<dpb1> carpenike: don't know.  might want to ask in #juju
<carpenike> dpb1: Thanks.
<Pici> 21
<Pici> 21
<pmatulis> 22
<mason> 6060842
<sarnold> leave 22 alone those poor guys have too much to do already
<hallyn> user alice?  unknown  user amber?  unknown.  user amy?   unknown  user anatoly?  unknown user ....
<mason> sarnold: Traffic in Some Other Channel makes me curious... What's a sane way to understand what's been backported to the ZFS bits Canonical ships?
<sarnold> mason: I'm not sure that we do
<nacc> apt changelog zfsutils-linux ?
<nacc> not sure if that's everything, though
<mason> sarnold: I thought you did. Hrm. nacc: ty, checking
<mason> sarnold: Yar, nacc's advice is good. Numbered series starting at 0.6.5.6-0ubuntu1 and working up.
<sarnold> but that only grabs what touches the utils packge; things that affected only linux won't show up there
<mason> Shouldn't be anything baked into Linux, just spl and zfs modules.
<nacc> smoser: yeah that was the part i wasn't sure about
<mason> oh, hrm
<mason> Oh.
<mason> Yeah. Alright. /lib/modules/4.4.0-78-generic/kernel/zfs/zfs/zfs.ko ships in linux-image.
<nacc> so then you'd also need to check `apt changelog linux-image-generic-4.10.0-21-generic, e.g.
<mason> yeah
<nacc> and look for zfs or spl, i think
<mason> You're not running Xenial there, it seems...? Or just a customer kernel?
<nacc> mason: yeah i'm on 17.04
<nacc> smoser: around?
<mason> nacc: Looks like zfsutils-linux's changelog encompasses kernel changes, as the kernel package changelog only notes imports of Ubuntu ZFS build versions.
<nacc> mason: ok, you might also ask the developer(s) that contribute if there is a better way to know, as i'm not one of them :)
<mason> I'm pretty happy with apt changelog now that I've looked at it.
#ubuntu-server 2017-05-19
<smoser> nacc, here.
<cpaelzer> good morning
<webnar_> @ppetraki Hi
<webnar_> the Raid still works without issues
<webnar_> So indeed it looks like a bug in Ubuntu server 16.04
<joy-ict> Hi there :-) I'm looking for some help with setting up a forwarding dns
<joy-ict> I want to use Moodle and Suitecrm outside the office. But the only things i can run outside now are SSH and Webmin
<coreycb> jamespage: when you get a moment can you promote newton-staging to newton-proposed?
<aaronr> cpaelzer: happy to help further with the proposed verification of https://bugs.launchpad.net/ubuntu/+source/nagios3/+bug/1686768 when it gets to that stage. i'll continue to monitor the bug, and will check in here to find out what i need to do when the time comes
<ubottu> Launchpad bug 1686768 in nagios3 (Ubuntu Zesty) "Restricted contacts can see servers that do not belong to them" [Medium,Fix committed]
<DammitJim> have you guys disabled SMBv1 on all your linux systems?
<DammitJim> someone just came to me telling me we need to disable it on all of our Linux systems because of the wanna Crypto vulnerability
<DammitJim> how true is this? or where should I go to get the truth?
<azidhaka> i don't think samba is vulnerable
<DammitJim> dammit... it's so hard to find answers to these questions from a reliable source
<DammitJim> azidhaka, nothing against you. I appreciate that at least you replied
<DammitJim> but I need something to backup my answers so that the company doesn't send me to update all my linux machines
<DammitJim> I have other projects that need to get done and I don't know that this is a real critical problem at this time
<dpb1> DammitJim: did they point you to a CVE?
<DammitJim> no, this is more of an: I read a blog and they said you need to disable SMBv1
<DammitJim> now, since they have posed the question, I have to show that it's not necessary
<DammitJim> does that make sense?
<teward> DammitJim: does https://www.cyberciti.biz/faq/how-to-configure-samba-to-use-smbv2-and-disable-smbv1-on-linux-or-unix/ help?
<DammitJim> teward, actually I think that's the article they read
<teward> DammitJim: ultimately CIFS / SMB will default to trying version 2.0 or 3.0 and fall back to 1.0 iirc.  That said, if you have older servers (Win 2k3) or servers which aren't new enough to support SMBv2 then, that's out of the scope of what you can do
<teward> DammitJim: that's... not an article, that's a how-to
<teward> and that only applies to Samba servers
<DammitJim> but I don't know who told this guy that he needs to disable SMBv1 because of wanna crypto
<teward> not Samba clients on Linux devices
<DammitJim> make sense?
<azidhaka> DammitJim: the samba vulnerabilites are listed here: https://www.cvedetails.com/vulnerability-list/vendor_id-102/Samba.html
<teward> DammitJim: because SMBv1 *is* ancient and vulnerable and should be disabled except for absolutely critical legacy support of things
<DammitJim> again, I am just trying to figure out if I need to disable SMBv1 because of wanna crypto or because of it being OLD and vulnerable in general
<DammitJim> does that make sense?
<teward> DammitJim: stop saying "does that make sense"
<teward> it's irritating
<teward> yes, it does make sense.  you should disable for BOTH reasons
<DammitJim> because if it is because of wanna crypto, I have to drop everything and disable SMBv1 on all my servers right now (test first)
<teward> and patch all Windows 7 systems.
<azidhaka> DammitJim: if you have old clients which require smbv1, do not disable it
<teward> windows 7 / 8 / xp systems *
<DammitJim> but if it is just because of it being old and vulnerable, I can table that and deteremine where it falls in my schedule of things
<azidhaka> DammitJim: i wouldn't unless it vulnerable
<DammitJim> yeah, windows server/workstations patching is in progress
<DammitJim> teward, I'll stop saying "does that make sense"
<DammitJim> ;)
<teward> DammitJim: unless your LInux systems are running Wine, then, you shouldn't disable SMBv1 unless it's absolutely necessary to disable it.
<teward> WannaCrypt won't hurt your Linux boxes unless you've got Wine, and unless your SMB servers are internet facing directly I'd be a little less concerned
<DammitJim> ok, so it seems the consensus is that disabling SMBv1 doesn't have much to do with WannaCrypt
<azidhaka> DammitJim: in linux
<teward> ^ that
<teward> DammitJim: in Windows it's a different story
<DammitJim> thanks azidhaka ... in linux
<DammitJim> right
<DammitJim> ok, thanks! I'll tell the group that asked me this question that the how to they found makes it sound like wannacrypt and SMBv1 are related but in reality they aren't
<teward> well
<DammitJim> thanks guys!
<teward> DammitJim: that's not entirely accurate either
<DammitJim> uh oh
<azidhaka> DammitJim: SMBv1 was vulnerable in Windows, is not vulnerable in Linux
<azidhaka> DammitJim: disable it or patch all your windowses and leave the linuxes alone :)
<teward> azidhaka: The question is two-fold.
<teward> erm
<teward> DammitJim: ^
<teward> Question 1: Is SMBv1 vulnerable in Linux?  Question 2: Is SMBv1 vulnerable to WannaCrypt in Windows?
<teward> And Question 3: Is SMBv1 vulnerable to WannaCrypt in Linux
<DammitJim> yes, I am trying to address question 3
<teward> Answer to #1: No, not really.  Answer to #2: Absolutely, patch all windows systems and disable SMBv1 on the client systems
<teward> Answer to #3: Not really.  Just don't run Wine on linux systems.
<DammitJim> it's all in the context of: Do I need to disable SMBv1 on all my linux systems because of wanna cry
<DammitJim> and the answer is NO
<DammitJim> thank you!
<teward> DammitJim: read https://askubuntu.com/questions/914623/what-is-the-wanna-cry-ransomwares-possible-impact-on-linux-users
<DammitJim> oh, also know that we don't use wine
<DammitJim> we drink it ;)
<teward> ultimately you have your answer.  So long as you patch your Windows systems and servers and install the security updates regularly
<teward> because there's other nasties that get patched regularly you need to patch against :p
<DammitJim> yeah, I am trying to get our group on a schedule for patching different o/s in a regular basis
<DammitJim> I got interrogated about: do you read all the release updates at all times to know if we need to patch our systems?
<DammitJim> if someone can tell me how one can do that, please let me know!
<teward> unattended-upgrades for Linux systems, exclude the Linux packages, set to run daily, don't force reboot
<teward> email a given email address on the network when completed.
<teward> unattended-upgrades is what keeps the mail server and a few other servers at the one workplace i work with up to date with security updates
<teward> we patch the rest for bugs monthly
<Ussat> teward, if you use unattended, I assume you test first, on a test system....
<teward> On six systems, yes.
<teward> THat said, the only things that we really just need patched are the kernel and a few other things, we disable all other updates.  Security-only, and those go through some pretty thorough tests, as I understand those security releases/updates.
<teward> sarnold: ^ cc
<teward> the only other thing we'd worry about is nginx, but that's usually patched within a day of me seeing a patch heh
<teward> since I help the security team sometimes with that :)
<DammitJim> teward, how do you test that the updates aren't breaking something?
<teward> i have a test environment running the same services as production does, and a test suite that tests functionality every day an hour after updates complete.  If nothing fails, that doesn't issue a "Don'tUpdate" notice to the production systems
<teward> lots of custom code
<nacc> smoser: do you think it's reasonable (UX) to have `git ubuntu add-remote` only work with an explicit directory or from the current directory? (then we can derive, e.g., the srcpkg and such)
<smoser> nacc, that seems fine to me.
<smoser> add-remote user ?
<smoser> you mean
<nacc> smoser: yeah
<smoser> git-ubuntu add-remote <thing>
<nacc> smoser: so you'd only need to add the lp-user you want to add the remote of
<nacc> smoser: we'd figure out everything else
<smoser> i was thinkign <thing> could be a full remote, but then it takes a name too
<smoser> i think its sane.
<nacc> smoser: oh true, it could be -- although, imo, adding a remote with a full url is a better task for `git` itself :)
<smoser> git ubuntu add-remote <user> [name-if-different]
<smoser> but i think it should be remote-add
<smoser> right ?
<smoser> as that is gwhat it is to git
<smoser> git remote add <name> <url>
<nacc> smoser: hrm, true
<smoser> git ubuntu remote-add <user> [url]
<smoser> that follows pretty easily dont you think ?
<smoser> if you give it url, it just calls git add remote
<smoser> except fdor the case where you dont want your name the same as the user i guess.
<smoser> :-(
<nacc> smoser: yeah, but then i need to check the input for a url
<nacc> smoser: your 'name' meaning the remote's name?
<smoser> well, you need both remote name and user
<smoser> right ?
<nacc> right, we curently make them the same
<nacc> we can take a remote-name as an optional parameter
<nacc> or a flag, even
<smoser> i think its probably reasonable to want to change the name
<smoser> (ie, for that ~ubuntu user)
<smoser> git ubuntu remote-add [--remote-name=name] user [url]
<nacc> smoser: oh good point , i usually change racb to robie :)
<nacc> smoser: yep
<smoser>  remote name is user by default
<nacc> smoser: thanks! that's good!
<smoser>  if url is provided, then it just goes onto git remote add
<nacc> smoser: yep
<nacc> smoser: cool, thanks!
<smoser> switfching location
<sarnold> DammitJim: we publish USNs to https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce and https://www.ubuntu.com/usn/ -- and we're trying to get the hang of https://twitter.com/ubuntu_sec but no promises there
<DammitJim> thanks sarnold!
<DammitJim> sarnold, this is different than lists.ubuntu.com mailing lists, right?
<mason> azidhaka: That's on lists.ubuntu.com.
<mason> DammitJim: *
<mason> Not sure how tab pulled up azidhaka.
<DammitJim> I say that because I had forgotten that I have some kind of account and get the email every first of the month telling me what my password is LOL
<sarnold> "gee thanks mailman"
<sarnold> hehe
<DammitJim> what I mean, though is that the link you posted seems to be a separate subscription?
<DammitJim> or can I just add that subscription to my account?
<sarnold> 'separate' to what? there's a billion lists hosted there..
<DammitJim> meaning... if I go to my Membership configuration page
<sarnold> iirc there's a button in one of the mailman fields for allowing you to turn off the monthly password reminders 'globally', but they're for the most part all independent from each other
<DammitJim> I don't see an option to get security subscriptions ? I'm blind
<DammitJim> and you are right, there is an option to NOT get your password
<DammitJim> oh, interesting... so I guess my account is just for the ubuntu-us-fl mailing list
<DammitJim> nothing to do with getting security announcements....
<DammitJim> man, patching is a neverending story, isn't it?
<mason> DammitJim: You can just subscribe to the security list. It's a plain vanilla Mailman.
<mason> I subscribed, and it yelled at me because I was already subscribed.
<DammitJim> LOL
<DammitJim> I"m going to shut up now
<sarnold> DammitJim: never-ending.. you have no idea.
<DammitJim> :D
<mason> Patching makes my cold heart warm.
<sarnold> DammitJim: it's insanely demoralizing to have new issues reported against a packaage just when you're about to release updates for it for older issues..
<DammitJim> hahaha... I don't have a problem patching a system
<DammitJim> I have a problem testing all the systems after the patch
<mason> True, doing things right is a beast.
<DammitJim> I don't know why, but the company where I work wants all applications that we use on that server tested in a sandbox before the patch
<mason> Containers will save us.
<mason> heh
<DammitJim> mason, I'd like to think that ;)
<mason> Do you do dev â qa â prod and the sandbox is one of the first two?
<DammitJim> sandbox is kinda like dev
<mason> I'm a fan of organized promotion. That said, I don't do it for my home set-up, and I'm not an admin any more, so I've grown lax.
<DammitJim> we've moved away from the dev being managed by my team and dev is more what the developers maintain, which is kinda nice
<DammitJim> what do you do now, mason ?
<mason> DammitJim: Technical Account Manager
<DammitJim> I'm starting to get tired of the admin role
<DammitJim> but heck, I have a job, so I shouldn't complain
<mason> Being a TAM's like being an admin, but more use of soft skills, and issues don't follow me into evenings and weekends.
<mason> Yar.
<DammitJim> LOL
<DammitJim> that's 1 of them... it gets in the way of my family life...
<mason> Before I became a TAM, I was an admin, and right before I took the offer for my current job, I had an on-call week where I got four hours of sleep, once, during my on-call week. That was the peak of sleep, and most sleep periods were much shorter. Made it easy to accept the offer.
<sarnold> DammitJim: definitely if you can put together enough of your environment in a VM or something, it can save some hassles. we do our best but mistakes happen, and, like you, it's quite difficult to test everything.
<DammitJim> anyways, thanks for the info. I'm trying to assign someone in my team to review the security updates on a daily/weekly basis so we know if we need to accelerate patching for a system
<mason> DammitJim: The list will be useful, and you probably already use something like apticron.
<mason> ...or something centralized that does that.
<DammitJim> sarnold, man, thanks for speaking from the heart. I know you guys are doing your best and I don't have anything about patches. it's just that sometimes developers and even admins make mistakes in putting configs where they shouldn't be and then an update (that needs to really fix something) changes how something works and then the developed app no longer works
<mason> DammitJim: Do you use Ansible or Puppet or similar?
<DammitJim> the hard part about the list is really understanding the impact or severity to determine if we need to go through the patching cycle
<DammitJim> I use salt, so with that respect, things can be fixed quickly
<mason> The whole cfengine-inspired trusted repository with admins only accessing the repo through version control is hugely good.
<mason> kk
<DammitJim> but that's not the problem... the problem is time spent testing and guess who ends up having to test? the support team
<DammitJim> and letting the customers know that there will be an outage
<DammitJim> I'll be honest in saying that in other companies, I patched w/o testing and this wasn't as much of an issue... out of patching hundreds of times, we probably only had an issue once
<mason> Redundancy can help with outages, especially if your platform is using a stable API and you're just fixing bugs.
<DammitJim> yeah!
<DammitJim> do you guys have someone on your team that reads the security releases on a daily basis?
<DammitJim> how do you determine if the patch needs to be applied ASAP?
<DammitJim> I wanna say for Ubuntu servers, I patch every quarter *cringes*
<mason> In admin teams I've been on, I tend to do that regardless of any formal activity. Varies a lot formally.
<DammitJim> yeah, very subjective, right?
<sarnold> DammitJim: we don't really judge -severity- since that can vary wildly from site to site. we do prioritize the order in which we work through the CVEs; here's the criteria we use http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/view/head:/README#L191
<mason> Oh, you mean sarnold and the Canonical security team. Sorry for the noise. Heh.
<DammitJim> no, I meant exactly what sarnold just said... for my company, how do I determine the severity of the security problem for which a fix has been released
<sarnold> DammitJim: most of us do take most weekends :)
<DammitJim> I'd drive myself nuts learning every single issue and understanding how it impacts me
<sarnold> but tracking CVEs is almost a full-time position for us
<mason> Gods, just reading the security-lists is a ton of work, let alone parsing for applicability.
<DammitJim> right... that's my challenge, but it's a good one and one that needs to be dealt with
<DammitJim> this week when this whole thing about WannaCry came out
<DammitJim> I didn't know what to say about patching when I was asked about it
<DammitJim> why haven't you guys patched the Windows servers?
<DammitJim> well, we are in a 3 month cycle and we haven't gotten around to it since we patched back in March
<DammitJim> oh, you need to patch them... sure, that's the plan
<DammitJim> I'm digressing.... I'm going to stop
<DammitJim> I hope you guys have a great Friday, though!
<mason> DammitJim: You too!
<DammitJim> I'm not going anywhere, just trying to keep the channel on-topic ;)
<nacc> rbasak: i assume you're not around?
#ubuntu-server 2017-05-20
<teward> is there any guide or tutorial for setting up routing of a public IP to a specific container, for bidirectional NAT so that that container's traffic only is routed over that public IP?
<teward> LXD containers :)
<patdk-lap> that is just normal iptables stuff, nothing special about lxd
<patdk-lap> or whatever your firewall is
<patdk-lap> why would you even bother doing that though, and not just bind that public ip to the container itself, and bypass the need for all the extra firewall layers and nat?
<teward> patdk-lap: got a guide for *that*, given that i've only got one host nic interface, with two additional IP aliases added to it, so it only uses the one IP alias?
<teward> i'd *love* to bind the public IP to the container itself, but not sure how :)
<teward> (more fluent with NAT and iptables than direct-binding heh)
<teward> it's basically ens3 ens3:0 and ens3:1, so that the three IPs properly can connect to the 'net.
<teward> erm
<teward> :1 and :2
<teward> patdk-lap: is there a guide for how to bind public IPs to containers?  Or is that some host ip-route stuff and container ip setup stuff?
<teward> sorry for asking stupid questions, not as familiar with ip routing on LXD vs. ESXi / physical switch routing, etc.
<patdk-lap> hmm, I just assign the ip to the lxd, and it's done
<patdk-lap> or you use the network bridge, and then assign the ip from inside the lxd
<patdk-lap> it really has to do with how you configure your container, and host, how you do it
<patdk-lap> there isn't going be any generic guide, unless you build the whole system host and container using the same guide
<teward> patdk-lap: I'll see what I can do, then, and if all else fails create a second bridge that bridges to the specific virtual interface (ens3:1 or such)
<IShavedForThis_> hey guys! by trying to get winscp the permission allowed to transfer webtools to my plex plugin folder on my ubuntu server, I chown -R 777 to change the permission and seem to have screwed up horribly, as now plex wont play videos, and i still can't copy
<IShavedForThis_> the folder. Does anybody know how to change the owner group back to the original for plex?
<sarnold> what was the owner before you reset it?
<IShavedForThis_> I can't remember because im an idiot. It was whatever the default was
<IShavedForThis_> plex [117] possibly
<sarnold> does the plex user need to be able to write to all the files? does it need to make sure other users can't read or write them?
<IShavedForThis_> owner group and others should be able to read and execute, while only the owner (plex) should be able to write
<IShavedForThis_> with an octal of 775
<IShavedForThis_> problem is, I must have changed the owner with the chown -R 777 command
<IShavedForThis_> how do I change it back to plex?
<IShavedForThis_> by the way, thank you sarnold
<sarnold> IShavedForThis_: if you want it to be plex, then chown -R plex should do the job
<IShavedForThis_> okay ill try that
<IShavedForThis_> now, do you know how to transfer files from between sftp on windows to linux? I cannot get this folder to transfer without error code 3 popping up, with no help from google
<IShavedForThis_> and that did fix the playback issue!
<sarnold> hrm, the sftp manpage suggests that 'put' should work fine on directories
<sarnold> at least if you use put -r
<sarnold> error 3 appears to be "path not found" https://msdn.microsoft.com/en-us/library/windows/desktop/ms681382(v=vs.85).aspx -- does lls show the directory as expected?
<IShavedForThis_> weird. I'm trying to copy a file and paste it into linux
<IShavedForThis_> the directory is there as it should be, just not the folder I'm trying to paste (since it hasn't been pasted yet)
<teward> patdk-lap: I got a pretty quick response on a mailing list on how to achieve the bridged connection setup, and altered my host system's settings to provide a 'bridge' with a static IP for the host that can access the 'net, and a NAT'd bridge for other containers.  That should solve the direct-assignment issue.  NO need to reply to my other pings :)
<IShavedForThis_> nothing. I even made the directory in ssh and still cant move the files over.
<IShavedForThis_> it looks like i need write permission as my user, as well as plex.
<sarnold> if plex doesn't need write access and you don't care about other users onthe machine reading the data, the easy thing might be to re-chown the whole pile to your user account instead of plex
<IShavedForThis_> yeah I tried that and that broke plex lol, it works best as its own user
<IShavedForThis_> i wish there was a way to just sign into winscp as root so I can copy a damn directory
<sarnold> sign in as plex then?
<IShavedForThis_> I tired, plex doesnt have a password, but when I enter nothing it says that access is denied.
<IShavedForThis_> is there anyway of finding out if plex does have a password?
<sarnold> feel free to set one, or put an ssh key in the authorized_keys file
<CarlenWhite> In BIND, if I want to prevent redundancy of IP's like if two subdomains point to the same IP, I can do:
<CarlenWhite> mysubdomain 14400 IN A 123.123.123.123
<CarlenWhite> otherdomain 14400 IN A mysubdomain
<CarlenWhite> Or am I thinking of CNAME actually.
<sarnold> you're probably thinking of CNAME
<CarlenWhite> Ah
<CarlenWhite> I'm playing around in the config files to configure a home mail server for a few things to complain if something screwy is happening around the house.
<CarlenWhite> E.G. The DVR system is alarmed for some reason.
<CarlenWhite> So: `home 14400 IN MX 0 home` should work, since home is already defined elsewhere as a A record.
<CarlenWhite> And this is a very basic mail server and I should probably prevent mail going in since it should only send mail out.
<sarnold> mx records are only used when mail senders are trying to figure out which machine handles incoming email for a domain
<CarlenWhite> Ah. Then I should toss that then.
<CarlenWhite> If I can send mail at this state, I'll giggle.
<sarnold> :D
<sarnold> it's such an insanely simply protocol but the layers upon layers of stuff these days..
<CarlenWhite> Wait can I even send mail outbound with mail...?
<sarnold> maybe
<sarnold> some ISPs prevent their users from sending outbound mail except through their services in order to reduce spam
<sarnold> hopefully you can configure your systems to 'smarthost' or 'satellite' to their systems in that case
<CarlenWhite> I don't even have a mail account with em nor could I even if I wanted.
<CarlenWhite> Some nuttiness on how the account was created requires us to wait until the account is put into a abandoned state so we can retake responsibility.
<CarlenWhite> All because an accountant signed under their name.
<sarnold> comcast? that sounds like comcast :)
<CarlenWhite> Nah. TDS.
<CarlenWhite> We could provide all the information that proves that the house is owned by us and they wouldn't budge.
<sarnold> holy cow I'm pretty sure I paid a huge chunk of money to them in the 90s to buy an expanded memory card for my calculator.
<CarlenWhite> TDS Telecom?
<sarnold> this logo looks right https://en.wikipedia.org/wiki/TDS_Telecom
<sarnold> apparently I can't remember their logo worth crap :) http://www.ebay.com/sch/sis.html?_nkw=Tripod-Data-Systems-TDS-48-COGO-CARD-HP-48SX-GX-
<CarlenWhite> Has a vague resemblance in your defense.
<CarlenWhite> Also I'm not recieving any test message so.
<CarlenWhite> TDS is blocking or I'm not good with Ubuntu mailing guff.
<sarnold> do you get any errors in logs?
<CarlenWhite> Nope. All I got is certbot being awake to do something.
<CarlenWhite> Derp I only checked dmesg
<CarlenWhite> Yeah something isn't happy. https://puu.sh/vVHPK.png
<sarnold> well that's at least something you can troubleshoot :)
<sarnold> from the machine in question try nc alt1.gmail-blah..com:25 and try to talk smtp with it
<sarnold> change networking / firewalling / etc until you can connect
<CarlenWhite> Gets hung up on connection.
<sarnold> based on this here it feels like a firewall is set to DROP packets
<sarnold> does that ring a bell?
<sarnold> it might be your isp of course
<CarlenWhite> Maybe? Let me attempt to figure out what the hell resides in my IPTABLES file
<sarnold> try to contact other smtp servers on port 25
<sarnold> time for me to bail, good luck :)
<CarlenWhite> Bye
#ubuntu-server 2017-05-21
<GanzAndere> hello, I have a ubuntu server where the version of mongodb is 2.6,but I need 3.2+
<GanzAndere> how can I get it?
<GanzAndere> ybuntu 14
<GanzAndere> xenial is the one I have
<ezethnesthrown> In cups service. Why is listening to /var/run/cups/cups.sock needed? Thank you in advance
#ubuntu-server 2018-05-14
<cpaelzer> good morning
<lordievader> Good morning
<UDworker> Hi, anyone can install docker-ce on ubuntu 18.04 ?
<UDworker> from deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
<UDworker> I had the answer on the other channel, the package is not stable :(
<goodi___> I'm looking into user Subiquity via PXE and pressed - can anoyone point me to the variable names it accepts? e.g. for 16.04 it wsa url=http://somehost/preseed.cfg
<goodi___> preseed ;-) not pressed
<cpaelzer> goodi___: I thought it is not meant to be used hat way (old preseed still works)
<cpaelzer> goodi___: but you can wrap the answers
<cpaelzer> see https://ubuntuforums.org/showthread.php?t=2390710
<goodi___> cpaelzer: how do I wrap the answers? I found the https://github.com/CanonicalLtd/subiquity/blob/master/examples/answers.yaml and it looks so nice and clean vs the current preseed.cfg I use. How 'should' it be used? or is there now a better way to fully remote install machines>?
<cpaelzer> goodi___: #1 you can still use preseeds, #2 the link I had describes how to repack the squashfs (if you want to change the subiquity answers) #3 depending what you want to remote install maas/juju can help you
<cpaelzer> goodi___: thanks that found answers.yaml nice and clean (were design points of subiquity), but IIRC remote/preconf install was not
<cpaelzer> goodi___: OTOH you have to understand that this just generates a curtin yaml
<cpaelzer> which is what subiquity uses, but also what maas uses
<cpaelzer> so we circle back to either hacking something, or understanding the triplet of curtin/maas/cloud-init for this use case
<cpaelzer> goodi___: some pointers https://readthedocs.org/projects/curtin/ http://cloudinit.readthedocs.io/en/latest/ https://maas.io/
<cpaelzer> smoser: and cyphermox might have better pointers if you really want to go this way
<cpaelzer> cyphermox: was subiquity-preseed every a thing and I missed it?
<cpaelzer> s/every/ever/
<goodi___> cpaelzer: thank you very much, missed the first link
<goodi___> cpaelzer: so I read it like: build your own image that includes the answer.yml I need, and then do most of the installation via curtin/cloud-init if needed?
<goodi___> does that make roughly sense?
<cpaelzer> goodi___: if you insist on subiquity answers yes, but I think that is the wrong approach
<cpaelzer> I can't decide which is the right approach for you, but subiquity answers only gets you subiquity loaded to generate a curtin yaml for you
<cpaelzer> so I wonder IFF you really want to go that way, why not provide a curtin.yaml right away
<cpaelzer> in all of this cloud-init is what you'd use initially to get the target doing what you want
<goodi___> cpaelzer: I'm open for any solution that is simpler/fully unattended
<cpaelzer> if you do that via pre-baked custom images or via external datasource is up to you
<cpaelzer> hmm - simpler ...
<goodi___> cpaelzer: prefered external datasource, but can I use subiquity and only provide a curtin yaml and get if unattended installed?
<cpaelzer> honestly, unless cyphermox / smoser beat me with better answers I think for "simpler" you could just stick with classic preseeds for now
<Gargoyle> Hi All. I'm trying to get the MOTD section which shows how many packages can be updated (and which are security updates) from a 14.04 system. However it looks like /etc/update-motd.d/90-updates-available is no longer there. Just 91-release-upgrade. Is there any way to manually fetch this info (Need to produce a report for updates required on a bunch of servers). ?
<cpaelzer> Gargoyle: does "apt list --upgradable" work on 14.04 already ?
<Gargoyle> yeah.
<goodi___> cpaelzer: oki, will give it a try; the new one looks just so much nicer; esp. using yml over the current config files it a way nicer IMHO; I just don't really understand how to provide my own datasource/how it should look and if it's even possible todo unattended - but will dig
<cpaelzer> goodi___: mass uses cloud-init/curtin to do its installs, so feel free to read through the latter and then see maas for one example how to integrate it
<goodi___> I think I'm just missing the picture how Subiquity talks/work with curtin and then cloud-init ;-)
<Gargoyle> cpaelzer: So I can see all the packages that need an upgrade, but the count (especially the one that separated security updates) was just a nice short summary
<goodi___> cpaelzer: I tried maas a bit, but I always run into issues regarding storage detection if it's not typical server hardware/without ipmi etc ;-)
<goodi___> but good point - will look into it
<cpaelzer> Gargoyle: I still have /etc/update-motd.d/90-updates-available from update-notifier-common btw
<Gargoyle> on 14.04 ?
<cpaelzer> and (the last generated data) is in /var/lib/update-notifier/updates-available
<cpaelzer> Gargoyle: yes
<cpaelzer> well a contianer of 14.04 not updated for a few weeks
<cpaelzer> let me update if it is dropped
<Gargoyle> hmmm. guess these servers are not vanilla then. (They existed before "my time" here)
<cpaelzer> updated, not broken by an update
<Gargoyle> Thanks cpaelzer. My /var/lib/update-notifier/ dir is empty. Don't really want to install anything on these servers to get a report. They are in production.
<Gargoyle> Most likely we'll provision 18.04 replacements and migrate the app across.
<Gargoyle> Lets say I "apt upgrade" my staging server on a Monday, and deploy the app. On Wednesday QA come back with the thumbs up for deployment. What's the best strategy to make sure that when I run "apt upgrade" on production on Wednesday I get exactly the same packages I got on staging on the previous monday?
<cyphermox> cpaelzer: what is this about?
<cyphermox> cpaelzer: I think subiquity has some form of a preseed, but I'm not sure of the details -- I think it was more just some kind of logic somewhere so it could be automatically tested, not to do specific installs
<cyphermox> cpaelzer: what I was told some time ago was that the preseeding story for subiquity was to use MaaS
<cyphermox> (but I think we still want to properly support preseeding somehow in subiquity, I just don't know if that's been done yet
<Gargoyle> I've found dpkg --get-selections based answers, but that doesn't seem to include package versions - just the names, so I assume any resulting target server could be a few minor revisions ahead on some packages depending on the time between getting the list from one server and installing it on another.
<cpaelzer> cyphermox: thanks, you confirmed my assumptions - and for official subiquity preseeding at least I haven't heard of it
<samba35> i have configure tun/tap interface with ip command and tun/tap interface configure with openvsitch also  (ifconfig also show tun/tap interface) but i could not see tuntap interface with virt- manager on ubuntu 18.04 ,can some one please give some idea
<samba35> i want to use that interface for internet (can i ?)
<samba35> sorry exploreing  new thing
<rbasak> ahasenack: when you get in, would you like a HO to sync on nvdimm? I think it might be easier/quicker to discuss the outstanding points in person.
<rbasak> s/person/realtime/
<cpaelzer> samba35: to not seen it is a known issue
<cpaelzer> samba35: libvirt can only manage devices that are handled through old ifupdown, but Ubuntu for a while migrated to networkd/NetrowkManager
<cpaelzer> samba35: you'd not extra add a tun/tap to get the guest internet access
<cpaelzer> I mean usually
<cpaelzer> I haven't done so for years
<cpaelzer> even in virt-manager just add an interface map it to the default net and that is it
<cpaelzer> all else will be done by libvirt for you
<samba35> cpaelzer, thank you .understood
<cpaelzer> sorry I mostly use libvirt through xmls/virsh so I can't lead you through virt-manager UI for that
<samba35> reaily i need to learn more cmd base configuration part
<samba35> but i stuck with passing parameter to guest or adding it to guest
<cpaelzer> worst case that libvirt doesn't support just one extra arg you can add it there as raw qemu arg still
<cpaelzer> https://libvirt.org/formatdomain.html
<cpaelzer> and for all it supports you become agnostic to changing qemu versions and such
<cpaelzer> as it will abstract it for you
<samba35> ok ,thanks again
<samba35> cpaelzer, can you please tell me after creating vm with virt-manager can i make changes /add NIC or VGA device to esixting guest with virsh ?
<ahasenack> rbasak: hi
<ahasenack> rbasak: I was thinking about making an MP this time
<ahasenack> rbasak: base branch would be what you reviewed, and new branch would be my changes as a response
<cpaelzer> samba35: virsh edit <guestname>
<cpaelzer> samba35: look at the definition of one interface and you'll understand
<cpaelzer> samba35: use the link I pasted above to understand what is not obvious
<samba35> ok ,i tryed with edit part but it failed to boot guest (may be wrong fomation/editing )
<rbasak> ahasenack: I was under the impression I still owed you some responses?
<samba35> still i am not able to understand why ubuntu 18.04 is using consuming  6 gb ram and i could not see it with top (top 1o process using 2 gb max )
<samba35> can some one help me to dig into issuse
<samba35> i am using on 18.04
<samba35> i have only 1 windows guest with 2 gb many time it fail to load due to low pc.ram message
<ahasenack> rbasak: that is true
<ahasenack> there is a mix
<ahasenack> rbasak: https://hangouts.google.com/hangouts/_/canonical.com/standup-server
<samba35_> sorry
<lordievader> samba35_: What is the output of 'free -m'?
<samba35_> Mem:           7934        6268         294         244        1370        1799
<samba35_> Swap:          4095           0        4095
<samba35_> may be stupid quastio but i reaily fail to copy text from terminal in 18.04 with less effort
<tomreyn> !paste
<ubottu> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<tomreyn> !pastebinit
<ubottu> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit
<samba35_> sorry ,no i am trying to copy multiple lines with text but fail to copy them
<Gargoyle> samba35_: got htop?
<samba35_> yes
<Gargoyle> sort the list by mem%
<tomreyn> "ps auxw | sort -nk6 | tail" should likst the most memory hungry processes
<samba35_> tomreyn, this this syntex is correct or typo ?
<tomreyn> samba35_: works here
<samba35_> ok ,sorry
<Gargoyle> On 32GB RAM I have, chrome 0.7%, /proc/self/exe 0.8% (??), atom 0.8%, atom 0.8^, chrome 0.9% + 1.0% + 1.1%, gnome-shell 1.1% and slack 1.2%
<samba35_> seems gnome-shell is problem with many many entry with 240 mb each
<samba35_> gnome  shell is use by user and gdm
<Gargoyle> I don't think it works like that. IIRC the "many entries" are child processes who all report the parents mem usage?
<samba35_> is it becasuse of @reboot cron ?
<samba35_> Gargoyle, sorry i did not get your point about paremnts mem usage
<samba35_> there is only one terminal open /but even without opening terminal ( gnome-shell ?) usage is high
<samba35_> english is not native :) (:
<Gargoyle> samba35_: If you use htop, and put it in tree mode
<samba35_> ok
<Gargoyle> samba35_: Some of the entries are white, and some are green. The green ones always just report the exact same numbers as their parent white one (which not always the next white one above them in the list).
<Gargoyle> Since I literally have 100's of chrome processes all reporting 1GB usage, they can't all actually be using 1GB!
<samba35_> deja-dup monitor is 96 g with virt is that ok ?
<samba35_> using server as a desktop :) is that a problem ?
<Gargoyle> What do you have running?
<Gargoyle> As in, main Apps?
<samba35_> xchat ,terminal and firefox
<samba35_> libvirt
<Gargoyle> No vm's actually running at the mo?
<samba35_> dpdk with 2048 m huge page
<samba35_> yes not vm running
<Gargoyle> OK. So assuming that the memory is being managed properly, what's the actual issue you are having?
<samba35_> 8 gb ,HugePages_Free:     2048
<samba35_> is that you are asking  ?
<samba35_> sorry
<samba35_> 8 gb total memory on system
<samba35_> teamviewer  ok to you ?
<Gargoyle> samba35_: If you are going to go through your entire process list and ask if it "looks ok to you", no-one is going to answer.
<Gargoyle> Did you say that the error is that a guest vm fails to start?
<samba35_> yes becasue of pc ram
<Gargoyle> what version of windows are you trying to run
<samba35_> windows 7 and 2 gb ram
<samba35_> should i pastebin log
<Gargoyle> Have you tried giving it more?
<Gargoyle> set the vm to 4 gig?
<samba35_> ok let me try with 4gb
<samba35_> https://pastebin.com/57xQBT1v
<Gargoyle> samba35_: Ahh ok.
<Gargoyle> An error from qemu not inside the guest.
<ahasenack> rbasak: would this be a Vcs-Browser url for a package in lp? https://code.launchpad.net/ubuntu/+source/sssd
<Gargoyle> You are gonna need a bigger computer or a lighter desktop.
<cpaelzer> ahasenack: https://code.launchpad.net/ubuntu/+source/sssd/+git maybe?
<ahasenack> hm
<ahasenack> yeah, better, that one has cloning instructions
<Gargoyle> oh.
<rbasak> Yeah the +git one
<rbasak> Personally I prefer https://git.launchpad.net/ubuntu/+source/sssd but I suppose that's not canonical.
<Gargoyle> samba35's xchat probably just got OOM killed! :/
<Gargoyle> :D
<ahasenack> tand vcs-git git://git.launchpad.net/ubuntu/+source/sssd ?
<compdoc> samba35_, I installed 18.04 and had to learn to set interfaces in /etc/netplan/*.yaml, but virt-manger cannot see bridges created there. virt-manager wants the bridges set in /etc/network/interfaces. but thats fine, works great
<rbasak> Yeah
<ahasenack> seemed to work without the +ssh bit
<ahasenack> ok
<Gargoyle> compdoc: is virt-manager (qemu, etc) significantly better than virtualbox? (for the additional headache that seems to be involved in getting it running)?
<samba35> sorry ,have to pull wire from wall ,
<samba35> system hang after vm start
<Gargoyle> samba35: You're gonna need a bigger machine or a much lighter desktop env.
<samba35> agree
<Gargoyle> I've got pretty much the same as you running: Desktop, Browser, few chat apps. Nothing *major*. and I am using 5GB RAM.
<samba35> but on same system i was running 3 guest on ubuntu 16.04.03 (4)
<Gargoyle> I play with 3 or 4 virtualbox VM's most days, so got a Ryzen 1800X + 32GB RAM.
<samba35> when i install system for couple of day it was 2-3 gb but after 1 day system update /upgrade memory spike right after that
<samba35> r u using 18.04 ? or 16?
<Gargoyle> 18.04
<samba35> which  kernel version
<samba35> 4.15.0-20-generic ?
<Gargoyle> yup
<Gargoyle> git:(master) â uname -a
<Gargoyle> Linux ryzen1804 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
<samba35> Linux shrikant 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
<Gargoyle> samba35: Not sure it will help, but here's meminfo... https://paste.ubuntu.com/p/bVh627k929/
<Gargoyle> samba35: Do you have a large value for unevictable?
<samba35> Unevictable:       54888 kB
<samba35> how do you copy text from terminal ? i could not select all  cat /proc/meminfo
<samba35> VmallocTotal:   34359738367 kB
<samba35> ??
<samba35> Gargoyle, what is size of cpu and motherboard /which make and model
<samba35> sorry what is price of ......
<samba35> brb
<Gargoyle> OK. Slightly different approach. Anyone know of any existing systems or guides for setting up an apt mirror so we can effectively freeze updates during our testing window. Eg, on a Monday we would update and sync with main ubuntu repo's, and then all our servers use our own internal mirror?
<tomreyn> https://wiki.ubuntu.com/Mirrors
<tomreyn> https://wiki.ubuntu.com/Mirrors/Scripts
<Gargoyle> thanks tomreyn
<ahasenack> rbasak: should I add systemd to build-depends because of my usage of systemd-detect-virt? systemd itself has "Priority: important"
<rbasak> ahasenack: is systemd-detect-virt usually in the build environment without it?
<rbasak> ahasenack: if so, you could condition it on a test -x
<rbasak> That'd save the expense of such a major build dep possibly.
<ahasenack> systemd is there in all vms and containers I tried
<ahasenack> but maybe not in a chroot
<ahasenack> I can treat it not being there as "ok, run the tests"
<ahasenack> seems like a safe default
<rbasak> +1
<hehehe> :0
#ubuntu-server 2018-05-15
<xyz> hi, is mcelog not available on 18.04 anymore?
<sdeziel> xyz: see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889741
<ubottu> Debian bug 889741 in ftp.debian.org "RM: mcelog -- ROM; obsolete; no kernel support in testing" [Normal,Open]
<xyz> thanks so I need to use rasdaemon now?
<sarnold> xyz: thanks for the pointer :)
<xyz> no problem sarnold let me know if you figure out how to use that
<sarnold> xyz: on my bionic laptop I did apt-get install rasdaemon ; systemctl start rasdaemon ; ras-mc-ctl --summary
<sarnold> no ecc on this thing so ras-mc-ctl --status didn't work (at least I think that's why it didn't work..)
<xyz> hmm I see, for me --status just says "ras-mc-ctl: drivers are loaded."
<xyz> so I guess it's working
<sarnold> it was a bit anti-climactic.. but I guess that's best, it's unfun to see machine check exceptions :)
<cpaelzer> good morning
<lordievader> Good morning
<hwpplayer1> could you please suggest me an article for ubuntu 18.04
<hwpplayer1> i read official article
<Chryzo> Good morning, i have my DNS entries in the ethernet configuration: /etc/network/interfaces with dns-nameservers  but they are not getting picked up by resolv.conf. any idea why ?
<hwpplayer1> could you please suggest me an article for ubuntu 18.04 i read official article
<tomreyn> hwpplayer1: what kind of article are you looking for?
<hwpplayer1> tomreyn : something tells more detailed about new missions related cloud computing storage artificial intelligence especially machine learning with the view of canonical roadmap and critisitive
<tomreyn> hwpplayer1: i only know about https://www.markshuttleworth.com/archives/1518 regarding canonical's strategy.
<xnox> tomreyn, hwpplayer1 - i'd recommend https://blog.ubuntu.com/ specifically, e.g. https://blog.ubuntu.com/2018/04/26/ubuntu-18-04-lts-optimised-for-security-multi-cloud-containers-ai & https://blog.ubuntu.com/2018/04/27/whats-new-in-ubuntu-18-04-and-openstack-queens
<xnox> Chryzo, which ubuntu release is this on?
<xnox> Chryzo, and by not picked up... do you see them in $ systemd-resolve --status ?
<sdeziel> teward: I wrongly marked LP: #1578344 as fix release and can't undo this to triaged, sorry about that and could you please fix it for me?
<ubottu> Launchpad bug 1578344 in nginx (Ubuntu) "code duplication between nginx-*.postinst and init script" [Low,Fix released] https://launchpad.net/bugs/1578344
<Buoy172> I don't know if this is the right channel to ask but...
<Buoy172> I have this webserver that I can login to
<Buoy172> and I can do 'ls' and see "bin boot data dev" ... etc
<Buoy172> where's the website located at?
<Buoy172> where's index.php?
<sdeziel> Buoy172: usually somewhere under /var/www
<Chryzo> xnox, ubuntu 16 and 14 lts. I forcefully modified the header of the file for now. As for: systemd-resolve --status, my system does not recognized --status
<xnox> Chryzo, typically you would not modify the header, you should modify files in /etc/resolvconf/resolv.conf.d and run $ resolvconf -u, to regenerate /etc/resolv.conf
<xnox> Chryzo, you mean 16.04 LTS and 14.04 LTS, i presume, right?
<Chryzo> by header i meant i modified /etc/resolvconf/resolv.conf.d/head :)
<Chryzo> xnox, yep
<xnox> ah =) well done, that's support / the right things to do, if things fail to propagate =)
<xnox> ah =) well done, that's supported / the right things to do, if things fail to propagate =)
<Chryzo> had to push some ansible playbooks so had to fix it that way for now. When I have time i ll need to try and investigate why it happens though
<Buoy172> How do I search for "index.html" location from the command line?
<Buoy172> btw, there's no www folder in /var
<Chryzo> Buoy172,  find / -name index.html
<teward> sdeziel: yep, fixed.  Sorry, i'm battling Sophos being stupid at the workplace so sorry for slow response
<sdeziel> teward: thanks
<teward> yep.  I've got a fix prepped for Cosmic.
<teward> so whenever I get up off my lazy butt I'll upload it.
<sdeziel> awesome
<dr4c4n> hi there, does anyone have a simple apparmor profile writing example?
<teward> apparmor profiles are by their nature 'not simple'
<sdeziel> SELinux isn't simple, Apparmor is much more accessible
<teward> sdeziel: creating the profile from scrach IIRC isn't easy either though
<sdeziel> dr4c4n: I have a small collection of profiles I use: https://github.com/simondeziel/aa-profiles/
<dr4c4n> sdeziel: thanks ! I'm looking for an easy example, for understanding
<sdeziel> dr4c4n: if you want, pick a daemon/binary you know from that list https://github.com/simondeziel/aa-profiles/tree/master/16.04 and I'll be happy to answer your questions re its Apparmor profile
<dr4c4n> I have a project idea, (sounds crazy) to write a conversion between an apparmor profile to an selinux policy
<sdeziel> teward: yeah starting from scratch can be tedious which is why I always copy from an existing profile ;) I'm lazy too
<sdeziel> dr4c4n: oh, that sounds pretty involved to me
<teward> depends on which level of "lazy" though
<teward> sdeziel: and for what they *sound* like they're doing "tedious' is an understatement
<teward> BTW, thanks for your ongoing help with nginx bug triage
<teward> it's nice to be able to ignore most of the bugs because others help triage them :P
<teward> and by "ignore" I mean "acknowledge but not do anything with"
<teward> :P
<sdeziel> teward: that's my way to say thanks for the SRUs you are doing :)
<teward> heh, well, that's just my job :)
<teward> all part of maintaining the software :)
<dr4c4n> so there are somethings that selinux can't do, for instance confine NFS mounts specifically that apparmor can do, and selinux can enforce RBAC and sensitivity levels, that apparmor can't.
<teward> *waits for his cosmic sbuild to finish*
<sdeziel> dr4c4n: not sure what you mean by confine NFS mounts. Got an Apparmor example of what you have in mind?
<Neo4> what is version php have ubuntu by default? There written 7.0 and when I install I get 7.2
<Neo4> and then when install php5.6 apache can't run
<Neo4> what is current version php in ubuntu?
<sdeziel> Neo4: the supported version differs from one Ubuntu release to the other
<Neo4> sdeziel: I use 16.04
<sdeziel> then it would be 7.0.30
<Neo4> there apt-cache show php
<Neo4> no, it 7.2?
<Neo4> I now remove all and check
<sdeziel> If you want 7.2 you need 18.04
<Neo4> sdeziel: no, I want 5.6
<Neo4> many wordpress plugins doesn't' support even php 7.0
<sdeziel> Neo4: that version was never officially supported on Ubuntu so you have to resort to PPA
<sdeziel> or even better find better maintained plugins
<Neo4> sdeziel: yes, I load from ppa and before it works, not doesn't
<Neo4> sdeziel: becaue now version 7.2
<Neo4> sdeziel: how to check which version?
<Neo4> at first remove php:
<Neo4> sudo apt-get purge php*
<Neo4> then install
<Neo4> sudo apt-get install php and check?
<sdeziel> Neo4: I don't know/use PPAs providing PHP
<teward> there's one.
<sdeziel> Ondrey Sury?
<teward> one *decent* one by one of the well-known people for their PHP contribs
<teward> yep
<Neo4> sdeziel: see https://paste.ubuntu.com/p/c3MwdQCtqh/
<Neo4> 7.2
<teward> that's the only way to get the backported PHP versions to Xenial, unless you're me and are a power user backporting it in order to apply certain patches that PPAs and upstreams said no to for local envs :P
<Neo4> how to check ubuntu version?
<sdeziel> Neo4: you installed the generic (non versioned) package so you got the latest from the PPA
<Neo4> sdeziel: why not from official repository?
<Neo4> sdeziel: see https://paste.ubuntu.com/p/qDBq32wTxJ/
<Neo4> version and description php
<Neo4> it shoudl be 7.0
<Neo4> sdeziel: that php7.2 break all my shell script
<sdeziel> Neo4: then don't install it
<Neo4> sdeziel: no it work well when I install at first from official repository php 7.0 and then php 5.0 from not official
<Neo4> it doesn't works because I don't install php7.0
<Neo4> sdeziel: can I somehow off that not official repository?
<sdeziel> Neo4: add-apt-repository --remove
<Neo4> sdeziel: yes, :)
<Neo4> sdeziel: I'm doing shell script that installing applications one by one
<Neo4> sdeziel: see https://ibb.co/i2Vevd
<Neo4> yes, now 7.0 load, nice
<Neo4> sdeziel: listen, should I off repository after installation php 5.6?
<Neo4> is php equal in both repository?
<Neo4> i mean 7.0
<sdeziel> Neo4: you need to keep the PPA if you want (security) updates which Ondrej seems to provide regularly
<teward> PHP is not equal in both the repos.  You cannot cohabitate the Repos PHP 7.0 with PPA 7.2
<Neo4> it should be equal in both and doesn't matter from where you load?
<teward> sdeziel: he also needs to install php 7.0 from Ondrej's repo as well, if co-usage is needed
<teward> they fight each other otherwise
<sdeziel> Neo4: if all you need is 7.0 and 5.6, I'd use 7.0 from Ubuntu and 5.6 from Ondrej's PPA
<Neo4> sdeziel: but I mean when I include ppa all libs for php7.0 load from this php, I load php7.0 from ubuntu and libs not
<sdeziel> oh right
<teward> sdeziel: he'll have to remove the PPA to avoid PPA clobbering of php7
<sdeziel> Ondrej's version have the "+" in their version
<teward> assuming he's using the only PHP PPA usable.
<teward> (the others are deprecated)
<Neo4> teward: no, I remove before install php, in script , it's temporarely
<Neo4> then script after install php5.6 add thsi ppa and it is left
<Neo4> it was install by php , 7.2 version if we repeat run shell script
<teward> sdeziel: i should also point out PHP 5.x is dead, so I don't know if there's any security updates any more.
<teward> not without lots of backport work
<teward> ... i need lunch, back in a while.
<sdeziel> teward: upstream is still putting out 5.6 versions
<sdeziel> dunno for how long though
<sdeziel> but yeah, 5.x is close to dead
<Neo4> teward: no, 5.6 isn't dead, I tried use php +7 and impossible with wordpress, blugins don't works
<Neo4> php5.6 will live long
<teward> sdeziel: ah, well, it's probably 'dead' soon enough.  either way.  *lunchtime*
<sdeziel> blugins == plugins for blogs? :P
<sdeziel> or plugins full of bugs?
<Neo4> I would use php7 if it worked
<Neo4> php7 has more possibilities
<teward> it sounds to me like you need upgraded wordpress *and* upgraded plugins, because most of the plugins that worked in PHP 5.x work in updated Wordpress on PHP7, if you install the PHP7-compatible Wordpress
<teward> (evidenced by the ten or so Wordpress deployments I maintain on PHP 7, just saying)
<sdeziel> IIRC, WP upstream now supports and recommends 7.2
<Neo4> sdeziel: ?
<Neo4> teward: CMS supports but plugins not
<Neo4> sdeziel: what do you use for install applications on server?
<Neo4> sdeziel: do you want to test my script?
<sdeziel> Neo4: no thanks, I use Puppet
<Neo4> sdeziel: I little read about puppet in one book
<Neo4> sdeziel: can you create virtual hosts in puppet?
<sdeziel> yes
<Neo4> something like select menu "add virtual host" and then follow tips input name and everything should be done
<Neo4> sdeziel: really?
<Neo4> sdeziel: what you can't do in puppet that I can do in shell?
<Neo4> about repository, when we install ppa, ubuntu give priority packages from outside repository or which last in list?
<Neo4> ok, it doesn't mater, it was by the way
<Neo4> sdeziel: I will use "grandfather method" shell script for deploy :)
<sruli> does a network card need to support nic bonding? i set it up yesterday on a server works fine, now i am trying on a old server but not working
<sdeziel> sruli: no, this is NIC agnostic AFAIK
<sdeziel> sruli: some bonding modes require cooperation from the switch ports though so maybe that's what different between the old/new servers
<sruli> sdeziel: bonding in 802.3ad, switch supports it, i have 1 server working fine with 4 bonded nics, dont know how to troubleshoot this, ubuntu 18.04
<sdeziel> 802.3ad support is a per-port thing so I'd double check this
<sdeziel> on the switch that is
<sruli> sdeziel: its configured correctly on the switch, even tried putting it in the ports that worked for the other server
<sdeziel> sruli: I have never really had to debug a bond but maybe this tool would hint you in the right direction: http://folk.uio.no/trondham/software/check_linux_bonding.html
<sruli> thanks
<rbasak> nacc: FYI, git-ubuntu snap builds are currently failing. Nothing changed in our repo. kyrofa is looking in to it but he's out this week.
<nacc> rbasak: yeah i saw the email
<nacc> looking
<rbasak> nacc: no rush!
<rbasak> nacc: my MP is separate to that.
<sruli> sdeziel: the tool output is "warning... number of AD ports (1) does not equal number of slaves (2)" however i have green lights on both nics and both ports on switch
<rbasak> I'm not sure I'll want to land MPs without the snap build succeeding. But we could still make progress and get them to approved state on the assumption that we'll land once CI is passing again.
<rbasak> (given that we're confident that the changes won't impact the snap build)
<nacc> rbasak: i'm fine with you taking your cleanup branch (for the tmpdir changes)
<nacc> rbasak: that one would be nice to land once CI works, since it does affect the bastion
<rbasak> nacc: shall I file a superseding MP then? Would you like to review it, or was that your review? :)
<sdeziel> sruli: looks like one of the NIC was not able to setup LACP with the switch
<rbasak> nacc: or would you prefer ahasenack to review?
<nacc> rbasak: file and i can review (ahasenack can too)
<rbasak> OK
<sruli> sdeziel: will test each separately for regular dhcp and see where i get
<nacc> rbasak: looks like a patch changed
<nacc> rbasak: in snapcraft.yaml:          - -lib/python3.6/site-packages/lazr.restfulclient*
<rbasak> https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/345617
<nacc> rbasak: in the build log:          - -lib/python3.6/site-packages/lazr.restfulclient*
<nacc> bah
<nacc> in the build log: lib/python3.6/site-packages/lazr/restfulclient/__init__.py
<nacc> lazr/restfulclient vs. lazr.restfulclient
<nacc> *possibly* we were getting away with a regex match before?
<rbasak> It sounds like you're onto something, but I'm not sure I follow.
<nacc> rbasak: our yaml does not stage (in the git-ubuntu part) the lazr.restfulclient package
<nacc> rbasak: because we know we get it from the launchpadlib part
<nacc> rbasak: perhaps snapcraft changed how it parses those paths, so, and allows for globbing only, and not arbitrary regex
<nacc> a simple test would be to change the yaml to be -lib/python3.6/site-packages/lazr*
<nacc> and see if cleanbuild works
<rbasak> I'll try that, thanks.
<nacc> np
<nacc> ah there is also lazr/uri
<nacc> so you need to be on more path strict, sorry
<nacc> try: -lib/python3.6/site-packages/lazr/restfulclient*
<nacc> rbasak: --^
<rbasak> As the only line that includes lazr?
<nacc> line 401 of the yaml
<rbasak> Running (as the only line)
<rbasak> Dinner's here. I'm not sure I'll be back later today.
<nacc> http://paste.ubuntu.com/p/77DP922V9z/
<nacc> rbasak: np
<rbasak> Thanks. That's exactly what I'd guessed.
<sruli> sdeziel: independently each nic works fine, i am really stuck
<sdeziel> sruli: I'd check if both NICs negotiate the same duplex/speed
<sdeziel> beyond that, you'll have to wait for others to help as I don't know LACP all that well
<sruli> sdeziel: just checked in the bios, option to enable embedded nic1 & nic2 or enable nic1/gb i guess they migh not be same speed, waiting for it too boot now will be able to check
<sdeziel> sruli: check with ethtool on each NICs
<sruli> sdeziel: thanks, will report in 2 min
<sruli> sdeziel: both nics reporting exact same
<sdeziel> sruli: oh well
<sruli> sdeziel: just tried bonding with 2 usb to eth, same issue, maybe some dependency missing? its a fresh install
<Chryzo> Been looking into clustering for HA without needing to control resources (just running a load balancer on the cluster members) which software would you recommend (Corosync, Heartbeat, other ?)
<Chryzo> i just need to move an IP between them
<dpb1> corosync+pacemaker is the usual solution to control a vip
<sdeziel> keepalived works well for that too
<Chryzo> just installed keepalived, super easy to configure and seems to work amazingly. I pretty much needed to just move a floating IP between 2 servers. Thanks for the help
<Chryzo> some days you just gotta love linux :)
<sruli> 18.04 headless server, how do i renew dhcp lease? if i disconnect the eth cable i cannt reconnect it without a reboot
<tomreyn> sruli: does "systemctl restart networking" help?
<sruli> tomreyn: no, dhclient takes forever and does not renew, checking tcpdump form another tty shows its trying to get ip from 0.0.0.0 but its definitely on the network as the dump shows all the traffic from other ip's on the network
<Blueking> hello
<genii> sruli: For clarification: Are you trying to renew the IP from the client, or are you trying to re-issue a number to the client  from the server?
<sruli> genii: in respect of the ip the server is the client
<Blueking> I have a question...  not sure where I can get info about this. But question are about plex server to get benifit from hardware accelerated feature from gpu (igp)  but if one got  motherboard that hasn't got hdmi or displayport output, then question are if  xeon cpu with igp on server mobo, would igp be disabled ?
<Blueking> or would plex sever get access to igp ?
<sruli> i guess will reintall 16.04 and see if i have the same issues
<rbasak> nacc: snapcraft.yaml change> looks like it worked. Thanks!
<rbasak> nacc: so what exactly changed?
<rbasak> (to break it)
<nacc> rbasak: i'd need to talk to kyrofa about it
<nacc> rbasak: my initial guess is that before, snapcraft took the paths as regex, so we had a '.' that allowed for /
<nacc> rbasak: but something (presumably in snapcraft) changed and made it a literal '.'
<nacc> rbasak: alternatively, lazr.restfulclient's installed path change, but I find that harder to believe
<rbasak> nacc: that makes sense, thanks. I'm not sure what to put in the commit message to fix it, but at least we have what looks like a fix then.
<rbasak> nacc: kyrofa is out this week, but hopefully we can land a fix on Monday then?
<nacc> rbasak: yeah, i mean it's not 'wrong' to make the change even now
<nacc> as if the path 'happened' to work before, it's better to use the right path anyways :)
#ubuntu-server 2018-05-16
<Howie69> I seem to be missing something...
<Howie69> I used ssh-keygen to make an rsa key for a user on my server
<Howie69> I tried to put that key into PuTtyGen but it said unable to convert, OpenSSH format
<Howie69> How do I convert it from that format that something that PuTty can use and WinSCP can use (for a client)?
<Howie69> You see, I did it the other way around before...
<Howie69> I used AWS to make the key and then download it and used puttygen
<sarnold> what did you try to import? the private key or the public key or the authorized_keys fingerprint line?
<Howie69> The authorized_keys in .ssh
<sarnold> are you trying to use the key from putty to log in to a linux machine?
<Howie69> Used these directions: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<Howie69> (I hope paste from ubuntu is ok)
<dpb1> which key are you pasting in to "putty gen"
<dpb1> you want to paste the 'private key', the one in ~/.ssh/id_rsa
<dpb1> ~/.ssh/authorized_keys gets the one in ~/.ssh/id_rsa.pub
<Howie69> the id_rsa and authorized_keys are the same, as I cat'd one to the other
<Howie69> I downloaded the keyfile, and tried to open it with PuttyGen, and it said "Failed to open: OpenSSH Format"
<Howie69> do I need to just paste the contents instead?
<Howie69> this is the question that Google couldn't give me a straight answer to :)
<sarnold> your ~/.ssh/authorized_keys SHOULD NOT be the same as your private key
<Howie69> I misspoke... or did I mistype?  let me look closer
<Howie69> nope, it's the right key
<Howie69> just wanted to make sure I used the .pub
<dpb1> well, a simple google search does appear to show a difference between putty keys and openssh keys
<Howie69> right, but doesn't show how to convert them besides PuttyGen
<dpb1> https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-ssh2-keyfmt
<Howie69> right... that's what I use when I use AWS to generate the keys instead of OpenSSH
<Howie69> But it complains about it being an SSH2 key
<Howie69> not sure if that's what the issue is or not
<sarnold> "and the pterm and command-line puttygen utilities are not described at all"  :(
<Howie69> because all of the results say to import it into PuttyGen, which says it cannot open because it's OpenSSH format
<dpb1> there is a #putty channel
<sarnold> ssh2 *might* mean the old terrible horrible commercial closed source ssh.com ssh
<Howie69> although the page I am reading is mentioning using the private key.. instead of the public
<dpb1> might get better results there
<sarnold> or maybe it means the modern protocol. hard to guess.
<dpb1> I mean, you are running into problems using a putty tool, it's not something people will have experience with here.
<Howie69> dpb1: I will try that.  Just trying to eliminate it is not on the server end first
<dpb1> in general
<dpb1> yes
<dpb1> I understand it's involving two systems. :)
<sarnold> but it does seem like you're more likely to find a puttygen expert in a putty channel, hehe
<dpb1> I have used windows enough to grit my teeth at the problems encountered.
<dpb1> anyway, I'm not really sure, sorry Howie69
<Howie69> hrm.. here's a simple question that I may have overlooked...
<Howie69> do I have to restart opensshd after I edit the .ssh/authorized_keys file?
<dpb1> that FAQ is very clear that it's a problem, but finding the right solution is more difficult. :)
<sarnold> no, the authorized_keys files are re-read as needed every attempt
<Howie69> ok, that checks that one off the list...
<sarnold> BUT if *that* isn't working, the usual solution is to set the permissions more restrictively :) opensshd is very picky about permissions on that file.
<sarnold> but if you're getting an error message frmo puttygen, best sort that out first
<Howie69> it's set to 600
<sarnold> iirc the ~ and ~/.ssh permissions matter too
<Howie69> bcause I run the webserver under /home/user/web folder
<Howie69> I'm half tempted to reenable password auth :)
<Howie69> and the disturbing answer is...
<Howie69> that PuTtyGen wants you to import the PRIVATE key, enter the password for it to convert into their public key format
<dpb1> that's expected at least by me
<dpb1> your private key is always on your client
<dpb1> it's how the server knows you are you
<irwiss> what's disturbing about it? it can't derive your private key from your public key
<Howie69> sleep deprivation it seems
<Howie69> I knew better than that
<Howie69> But in this scenario, but not in the AWS made keys, is that even with the key, it also asks for the associated key's password
<sarnold> it needs to decrypt the blob to get the raw numbers back out of it somehow
<Howie69> now if I could only find an openoffice channel with someone on it...
<sarnold> does it have to be openoffice? i thought that project was pretty much dead
<sarnold> but there's 198 folks in #libreoffice
<dpb1> 198 poor souls
<dpb1> :)
<sarnold> :D
<Howie69> I didn't realize that openoffice is dead... I just updated it last week
<Howie69> I use openoffice on windows public machines because MS Office is retardedly expensive to use on a public thin client :)
<cpaelzer> good morning
<lordievader> Good morning
<Neo4> what is good book about apache2.4 ?
<Neo4> I'm going to read something
<Neo4> lack knowledge
<hateball> Neo4: I guess you can ask in #httpd they probably have some tips
<Neo4> hateball: yes, and you personally what have read about?
<Neo4> LAMP is always used, and we need knowing it
<Neo4> hateball: I saw one book apache2 2002 years, does that book appropriate for 2018? )))
<Neo4> hateball: I've install /localhost/manual , but that manual very boring read
<Neo4> hateball: manual is enough https://ibb.co/cWQiOy
<Neo4> $
<Neo4> $
<Neo4> $
<Neo4> What do read about ubuntu - server?
<Neo4> or about linux?
<hateball> Neo4: Personally I don't read books. I just try and do something, if I fail I read the man-pages or search online for solutions
<hateball> Learning by doing
<Neo4> hateball: I am used to read books, Now can't stop :(
<Neo4> hateball: I'm going to read 30 book dedicated linux,
<hateball> Good luck!
<Neo4> and I read only 7, 2 not about linux
<Neo4> hateball: see books that I've read this year https://ibb.co/hN1t6J
<Neo4> hateball: my record 30 English books for year, I want to increase to 50. Could it help me with English? I read in internet some people read 100 books per year.
<Neo4> hateball: the best was linux bible
<Neo4> really very useful, others are crape
<tobasco> jamespage: coreycb do you think we could get a point release for neutron 12.0.2 http://tarballs.openstack.org/neutron/neutron-12.0.2.tar.gz
<tobasco> on UCA xenial i can only see 12.0.1 right now, and there is a annoying bug that is fixed in 12.0.2
<tobasco> it's actually pretty critical since it disrupts network
<Neo4> when I do: a2dissite 000-default.conf I got this site
<Neo4> and I don't understand why I can reach site http://test2 or http://test if in my /etc/hosts they not exist?
<Neo4> strange behavior
<kiokoman> - /etc/apache2/sites-enabled is empty ?
<Neo4> empty
<Neo4> kiokoman: see my host file https://ibb.co/d9QL3y
<Neo4> kiokoman: in /etc/apache2/sites-enabled this
<Neo4> https://ibb.co/ejciOy
<Neo4> when I do systemctl stop apache2.service I can't reach
<Neo4> how browser know about http://test2 if /etc/hosts doesn't have record?
<Neo4> and why apache2 show sites if all disabled?
<kiokoman> maybe cache, idk
<Neo4> kiokoman: maybe not cache it sees when apache stop and show
<lordievader> Neo4: Do you have a domain set up in `/etc/resolv.conf`?
<Neo4> something says browser that test2 is myserver
<Neo4> now check
<Neo4> lordievader: no https://ibb.co/mcnWbJ
<Neo4> if it was cache browser wouldn't refresh when apache stopped
<lordievader> Does `test2.localdomain` resolve to your server?
<lordievader> `dig @127.0.0.1 test2.localdomain`
<Neo4> yes
<Neo4> http://test2.localdomain show apache main page
<Neo4> test.localdomain and test1
<Neo4> all sites that I created before
<lordievader> So, that is why `test2` resolves to your server.
<Neo4> lordievader: why?
<Neo4> $/etc/hosts doesnt' have test2 test test1
<Neo4> I though we put name in hosts
<lordievader> You have a domain defined in `/etc/resolv.conf`. This gets appended to `test2`, which is resolvable.
<Neo4> lordievader:
<Neo4> I have there this two
<Neo4> nameserver 127.0.1.1
<Neo4> search localdomain
<Neo4> ddd.localdomain doesn't work
<Neo4> only that I created before, but I removed them
<lordievader> There is no host with the name `ddd` in your network?
<Neo4> lordievader: no, nor with test2
<Neo4> why I have test2 host?
<Neo4> I remove that from /etc/hosts
<lordievader> Perhaps your resolver (dnsmasq?) has cached that entry.
<Neo4> lordievader: see https://paste.ubuntu.com/p/rYf4p66yDd/
<lordievader> What is in `/etc/hosts`?
<Neo4> lordievader: I tried add dddd virtual host and then remove it using my shell script. It seems something wrong with it
<Neo4> lordievader: https://paste.ubuntu.com/p/8smFrPkRVN/
<kiokoman> host is a dns lookup utility, you must have son dns server caching it somewhere
<kiokoman> *some
<lordievader> Yeah, that is my guess too. Dnsmasq (or something) caching the answe.
<lordievader> answer*
<kiokoman> sudo service network-manager restart
<kiokoman> sudo kill -HUP $(pgrep dnsmasq)
<Neo4> kiokoman: my local computer where installed vmware https://paste.ubuntu.com/p/YDjCSB9SHM/
<Neo4> it means hosts on my local computer lnked to virtual machine hosts
<Neo4> if domain in parent os (how it called suppervisor os?) that it aveilabe in virtual machine
<Neo4> no I commendted and all right
<Neo4> do you understand?
<kiokoman> https://kb.vmware.com/s/article/1013644
<kiokoman> ?
<Neo4> my vmware see host form /etc/hosts where its installed
<Neo4> kiokoman: don't know, just on virtual machine don't create sites with name that has parent computer cause they will intersect
<Neo4> this is not cache
<Neo4> I interesting will my vmware see ip my parent?
<Neo4> ping that
<Neo4> kiokoman: it can ping
<Neo4> see from virtual machine we can reach outside computer
<Neo4> without share folder, using ssh
<Neo4> and filezila
<Neo4> interesting why I have 3 ip when I do hostname -I ?
<Neo4> before it was always one
<Neo4> $
<Neo4> $
<Neo4> $
<Neo4> who know why there 3 ip addresses?
<Neo4> https://paste.ubuntu.com/p/M3dd6Wms4Q/
<Neo4> hostnam -I show all ip addressess for hostname, my hostname neo, FQDN mail.neo.ru
<Neo4> for virtual machine I have only one IP, and I use this "howtname -I" for determine IP adress in my shell scripts, it is right?
<RoyK> Neo4: pastebin output of "ip a"
<Neo4> RoyK: https://paste.ubuntu.com/p/HxHZsWwSmh/
<Neo4> RoyK: I think maybe real host will have one ip and for shell enough hostname -I
<Neo4> I cna check before run shell if one ip
<Neo4> and this ip I use it a few times, one for put to apache ServerName ip
<Neo4> might once only
<Neo4> but interesting why there 3 ip
<Neo4> each computer has 1 IP doesn't it?
<Neo4> how could 1 computer has 3 IP?
<RoyK> looks like you have two virtual machines there, each with an IP address
<Neo4> RoyK: yes, had before two and remove one cause didnt have space, do you think its virtual machine added
<Neo4> RoyK: yes, I remember i had one only before
<Neo4> RoyK: or maybe no, virtual machine has different ip
<Neo4> vmnet1 - virtual machine
<RoyK> it's a virtual interface
<RoyK> vmware?
<Neo4> RoyK: yes
<RoyK> well, what's the problem? ;)
<Neo4> RoyK: when we isntlal vmware our host has one more ip?
<Neo4> RoyK: without problem now
<RoyK> we have a machine, without VMs at work, that has 64 IP addresses
<RoyK> doing NAT operations for a few thousand users, so it needs a lot of addresses to balance the load (since there's only 65k TCP/UDP ports)
<Neo4> ok, I don't understand this :)
<Neo4> this theme
<lordievader> RoyK: Hahaha, nice ð
<rbasak> ahasenack: would you be OK reviewing https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/345617 please?
<rbasak> nacc: ^
 * ahasenack takes a look
<jason_grammenos> the following process is hanging
<jason_grammenos>   /usr/bin/python3 /usr/lib/ubuntu-release-upgrader/check-new-release -q
<jason_grammenos> i am trying to figure out why
<jason_grammenos> but nothing i do seems to be able to replicate the issue
<jason_grammenos> it only hangs when invoked from the cron.weekly
<jason_grammenos> but never when run manually
<tomreyn> this can be due to different environments when you run it vs. when run by cron
<jason_grammenos> i figured as much, so i attempted to run it with env -i
<jason_grammenos> after dumping the environment of one of the hung process (cat /proc/pidnumber/environ)
<tomreyn> does it also hang when you make the cron job run without -q ? i would guess it will, and if it does, this may hint on where it gets stuck.
<jason_grammenos> hmm, the cron job only runs once a week
<jason_grammenos> so i guess i could modify the job and wait a week
<tomreyn> i would think the daily cron jobs run in the same environment
<jason_grammenos> good point
<tomreyn> and the hourly ones, too
<jason_grammenos> ok, i copied the cron job over to the hourly
<jason_grammenos> i might also try one in cron.d
<jason_grammenos> with a really short run time
<tomreyn> right, or root's crontab.
<tomreyn> on a 16.04 system (i do not know what you are running there, you did not say), /usr/lib/ubuntu-release-upgrader/check-new-release is a symlink to /usr/bin/do-release-upgrade
<tomreyn> so you could probably just run "/usr/bin/do-release-upgrade -cq" instead (with or without the q)
<jason_grammenos> 14.04 and yes it is a symlink
<tomreyn> but i guessw that's not the issue, it should not cause it to get stuck
<jason_grammenos> ya, running it manually like that as root, it does not hang
<tomreyn> when you type 'sh' and, once there, run "env -i /usr/bin/python3 /usr/lib/ubuntu-release-upgrader/check-new-release" - does it get stuck?
<tomreyn> ^ as root
<jason_grammenos> no
<jason_grammenos> it ran successfully
<tomreyn> okay, it was worth a try ;)
<jason_grammenos> :)
<tomreyn> it will be some network related issue, such as a mandatory proxy server not set
<jason_grammenos> no proxies in my environment
<tomreyn> if this changed cron job doesn't help you identify the issue, you can still use the python debugger (as seen in the second example, invoking it as a python module on the command line): https://docs.python.org/2/library/pdb.html
<jason_grammenos> so my per minute cron job runs fine
<jason_grammenos> * * * * * root /etc/cron.hourly/update-notifier-common > /tmp/test.log
<tomreyn> this would not catch stderr output
<jason_grammenos> so at this point i am starting to suspect some race condition or something, as in the job happens to run when some other schedule job runs and then bump heads
<jason_grammenos> sure i guess it wont catch stderr output but it also is not hanging
<tomreyn> right
<tomreyn> and i agree the race condition or dead locking sounds like a possible explanation
<jason_grammenos> i was expecting if it failed to see multiple hang jobs in ps -ef
<jason_grammenos> s/hang/hung/
<tomreyn> failed, as in hung? then that would be my expectation, too.
<tomreyn> otherwise this theory seems wrong
<jason_grammenos> right
<jason_grammenos> i was also hopign the strace -p pid would help
<jason_grammenos> but i dont get anything i see as usefull in the ouput
<jason_grammenos> brief as it is
<tomreyn> btw the cron.*ly jobs are run by /etc/crontab - you can modify the times when they run for your testing purposes
<jason_grammenos> ah, cool thanks
<tomreyn> make sure you keep the original times somewhere, though
<jason_grammenos> right good idea
<tomreyn> and keep in mind that running some of the regular cron jobs in shorter period can have adverse effects. e.g. log rotation
<jason_grammenos> right
<coreycb> tobasco: yes i'll get working on another queens update. must've just missed neutron with the last one.
<coreycb> tobasco: we'll be tracking the queens updates in bug 1771572
<ubottu> bug 1771572 in Ubuntu Cloud Archive "[SRU] queens stable release update" [Undecided,New] https://launchpad.net/bugs/1771572
 * tomreyn afk
<tobasco> coreycb: tyvm!
<ahasenack> rbasak:
<ahasenack> +        if self.raw_repo and self._delete_on_close:
<ahasenack> +            shutil.rmtree(self.local_dir)
<ahasenack> shouldn't that be self._local_dir?
<rbasak> ahasenack: local_dir is a property that returns _local_dir
<ahasenack> ah, I see it
<ahasenack> thx
<rbasak> I looked for a pattern to follow just now.
<rbasak> The only other instance in the class itself seems to be in _maybe_quiltify_tree_hash which uses the property.
<rbasak> So it's consistent at least.
<ahasenack> rbasak: I'm getting leaked tmpdirs in /tmp when running  pytest-3 gitubuntu/test_importer.py. master doesn't have this behavior
<rbasak> Thank you for spotting that. I didn't think to look, assuming that the test caught it.
<rbasak> I'll take a look now.
<ahasenack> rbasak: at the end of test_importer_main_cleanup_on_exception, the assert makes sure that the directory is emtpy, but it still exists
<rbasak> Reproduced
<rbasak> Ah right
<rbasak> ahasenack: http://paste.ubuntu.com/p/wjC6DBHRpN/ fixes it I think.
<rbasak> The diff looks horrible but really the change is in indentation
<rbasak> http://paste.ubuntu.com/p/VqNGX2wwmz/ is clearer
<ahasenack> commit on top and I can try
<rbasak> ahasenack: pushed
<rbasak> ahasenack: though that's the test I'm proposing to drop anyway
<ahasenack> ok
<ahasenack> in other news
<ahasenack> what does this mean?
<ahasenack> trying: apache2
<ahasenack> skipped: apache2 (55, 0, 10)
<ahasenack>     got: 15+0: a-8:a-1:a-1:i-1:p-3:s-1
<ahasenack>     * ppc64el: libapache2-mod-proxy-uwsgi-dbg, libapache2-mod-shib2
<rbasak> It means that libapache2-mod-proxy-uwsgi-dbg and libapache2-mod-shib2 become uninstallable on ppc64el if apache2 were to migrate to the release pocket
<ahasenack> ugh
<kristian2709_> Hey. I am getting this error. "mount: mounting https://images.maas.io/ephemeral-v3/daily/bionic/amd64/20180426.2/squashfs on /root failed: No such device". What I basically want is to pxe boot the ephemeral image from a custom pxe server. My kernel is "https://images.maas.io/ephemeral-v3/daily/bionic/amd64/20180426.2/ga-18.04/generic/boot-kernel", initrd is "https://images.maas.io/ephemeral-v3/daily/bionic/a
<kristian2709_> md64/20180426.2/ga-18.04/generic/boot-initrd" and cmdline args "root=squash:https://images.maas.io/ephemeral-v3/daily/bionic/amd64/20180426.2/squashfs ro". Am I missing something?
<tomreyn> kristian2709_: /join #maas
<rbasak> cpaelzer, ahasenack: I don't think I'll be able to do the chrony review in the time I have left today, sorry.
<ahasenack> rbasak: hmpf, turns out libapache2-mod-shib2 (one of the packages from the error message) is already uninstallable in the previous apache package
<rbasak> ahasenack: AFAIK, not-worse is the criteria. Perhaps the real cause is the other one?
<ahasenack> yeah, I'm tracing it down
<ahasenack> eventually libxmltooling7 gets installed, and that fails because it wants libcurl3 which is what removes apache
<ahasenack>  libxmltooling7 : Depends: libcurl3 (>= 7.16.2) but it is not going to be installed
<ahasenack> I have to understand what's the story with libcurl3 and libcurl4 in the archie
<ahasenack> archive*
<ahasenack> there is libcurl3-gnutls, for example, but no libcurl4-gnutls
<ahasenack> and so on
<ahasenack> and libcurl4-gnutls-dev depends on libcurl3-gnutls (!)
<ahasenack> hm
<ahasenack> xmltooling (1.6.4-1ubuntu2) bionic; urgency=medium
<ahasenack>   
<ahasenack>   * Switch back to openssl1.0 via newly-added libcurl-openssl1.0-dev, since
<ahasenack>     libxml-security is not ported to openssl1.1.
<jr_admin> hi i keep getting emails from awstat.conf that it cant open access.log ...can anybody help me
<jr_admin> permission denied
<jr_admin> how do i have permmission for awstat.conf to write to access.log
<ahasenack> jrahmy: there is a bug for that
<ahasenack> hm, can't find it now
<ahasenack> ah
<ahasenack> jrahmy: sorry, not you
<ahasenack> jr_admin, who is gone
<ahasenack> jr_admin: https://bugs.launchpad.net/ubuntu/+source/awstats/+bug/1252467
<ubottu> Launchpad bug 1252467 in awstats (Ubuntu) "/etc/cron.d/awstats: wrong user for cron job" [Undecided,Triaged]
<hackeron> hi there, quick question, I installed 18.04 and /etc/default/rcS is missing, more specifically I cannot find the FSCKFIX=yes option anywhere. Can someone please point me to the 18.04 equivalent please?
<nacc> hackeron: it's there in my 18.04; do you have 'initscripts' installed?
<JanC> nacc: I assume it wouldn't be used though?
<JanC> not sure exactly what the FSCKFIX=yes alternative would be with systemd
<hackeron> JanC: hmm, initscripts is no longer used?
<nacc> JanC: i'm not sure )
<nacc> :)
<JanC> https://discourse.osmc.tv/t/automatic-fsck-of-root-filesystem-on-start-stop/9163/2 might be useful
<JanC> although it seems old
<JanC> basically, adding "fsck.repair=yes" to the kernel command line is supposed to do the same
<JanC> you should be able to do that with 'GRUB_CMDLINE_LINUX' in '/etc/default/grub' if you need it added to all kernel command lines automatically (run 'sudo update-grub' afterwards)
<JanC> if you need it only once you can do that in grub itself, of course
<JanC> (when booting)
<JanC> and of course remember that sometimes it breaks your filesystem instead of fixing it  :)
<JanC> (well, it would likely "fix" it, but you might lose data)
<hackeron> JanC: oh neat! I'll try that thank you :)
<JanC> hackeron: I didn't test it, so be careful  :)
<Neo4> why sudo apt-get purge apache2.* doesn't remove apache and
<Neo4> sudo apt-get purge apache2* can remove?
<Neo4> what is difference between apache2* and apache2.* ?
<Neo4> this both equal
<Neo4> .* mean any symbol?
<teward> Neo4: because Bash/APT globbing isn't regex
<teward> it's straight globbing
<teward> i.e. apache2* is equivalent to the regex /apache2.*/
<teward> (between the slashes is the regex)
<Neo4> teward: what is dot equvalent?
<Neo4> . - any symbol?
<teward> Neo4: i just gave you this...
<teward> ***it's not regex***
<teward> it is NOT a regular expression, it does not work AT ALL like a regular expression.  The single asterisk will mean Any Character
<teward> unlimited number of them
<teward> so REGEX(apache2.*) == GLOBBING(apache2*)
<teward> so just use apache2*
<Neo4> teward: ok, see I read how to remove php and there people suggested using php.* instead php* becasue php* could match ph(any symbol) they might have been wrong?
<Neo4> in this topic https://askubuntu.com/questions/59886/how-to-completely-remove-php
<teward> Neo4: yes, they were wrong.
<teward> but that's to remove PHP
<teward> **NOT** Apache
<teward> that's a completely different question.
#ubuntu-server 2018-05-17
<teward> and a completely different procedure
<Neo4> teward: ok, then I return php*
<sarnold> be careful with shell globs at the command line
<teward> Neo4: that can be damaging to do that, I would use one of the other answers.
<teward> ^ this
<Neo4> teward: no command the same sudo apt-get purge php* or php.*
<sarnold> if you have files named php... in the directory then things will get very surprising very quickly
<Neo4> sarnold: in what directory apt-get purge search files for remove?
<Neo4> shall I use php* instead like suggested in that topic use php.*
<Neo4> php.* will match php.(any text)
<Neo4> I might need php(any text)
<Neo4> ok
<sarnold> Neo4: that's the most surprising thing -- if you type "cd /etc ; apt-get purge pass*"   what will RUN is "apt-get purge passwd passwd- passwd.org passwdqc.conf"
<sarnold> Neo4: if you're in a different directory, maybe the shell will expand the * to match other files
<sarnold> or maybe it won't expand anythuing at all, if no files or directories match, so the glob will be passed to apt directory
<sarnold> s/directory/directly/
<teward> sarnold: they can do 'php*' to interpret it as a direct literal, which can be problematic if you aren't careful with it.
<teward> which is how I purge apache2 and a dozen other patterns from VPS preinstalled images which come with crap on them :p
<Neo4> sarnold: i run shell script that placed in $HOMe/shell/vps_install
<teward> Neo4: may I ask, what's your native language?  we might be able to find a language-specific room that you can work with if your primary language is not English, so that they can answer you in your primary language.
<teward> if you don't mind answering, that is.
<Neo4> sarnold: do you think apt-get linked to current directory? I think it search in some list of certained direcotries
<sarnold> Neo4: I don't think apt-get cares about the current working directory
<sarnold> but the shell sure does
<Neo4> teward: I very proficient in English, don't need :)
<sarnold> which is why I ALWAYS use single-quotes when passing globs to apt-get
<Neo4> sarnold: but you said if I go to cd /etc and then run apt-get purge pass* it will remove passwd and others file
<sarnold> right
<sarnold> so DO NOT DO THAT :)
<sarnold> use single quotes
<sarnold> always
<Neo4> sarnold: why I neccessary do cd /etc ?
<Neo4> I can run run apt-get purger from any place?
<teward> Neo4: it doesn't matter whether you do that or not, the problem is how the terminal shell interprets php* versus 'php*'
<sarnold> Neo4: because I know the /etc directory has files with predictable names that I can use as an example
<teward> one with single quotes, one without.
<Neo4> sarnold: ok, you just say about files?
<teward> Neo4: consider this example: we are in a directory that has the following files: phptest.php phpinfo.php index.php haillucifer.php
<sarnold> Neo4: files *and* directories
<teward> if we do this command: apt-get remove php*
<teward> the shell will see php* and then replace that with all the filenames or directory names with 'php' at the beginning
<teward> and then apt-get will fail
<teward> because there is no phptest.php package and no phpinfo.php package
<teward> *however*, if you do this command: apt-get remove 'php*'
<teward> then it hands the exact literal string of: php*
<teward> ... to apt, and then lets apt handle expanding that pattern into package names to mark for removal
<teward> so then it'd pick up php5.2 php5.2-fpm php5.2-common, etc.
<Neo4> teward: why we should be in some directory? it maybe rm php* will remove not apt-get remove ???
<teward> ...
<teward> okay, i'm done, I tried, I'm sorry, but your broken english is irritating me too much.  I believe sarnold can build upon what I said
<teward> sarnold: sorry to drop this on your plate :/
<teward> *goes to do something else*
<Neo4> teward: if we go to this direcotry $HOME/ddd and there will files 1.php 2.php and we run apt-get remove *.php. does it remove files form this direcotry?
<sarnold> no, apt-get only works on packages
<sarnold> but the shell will expand all the filenames
<sarnold> and those might match something important.
<Neo4> teward: see only on package, you are tried explain me about you badly understand yourself
<Neo4> if we run rm *.php than we remove files in current dir
<Neo4> sarnold: you are right
<Neo4> teward: don't find reason in language if you can't clearly convey your thoughts :)
<Neo4> ok, understood
<sarnold> Neo4: you might also want to turn on join/part messages in your irc client, teward logged off four minutes ago, heh
<Neo4> sarnold: what does it mean?
<Neo4> I don't know what the messages
<sarnold> Neo4: you missed this: Thu 17 00:10:44 -!- teward [teward@ubuntu/member/teward] has left #ubuntu-server ["Leaving"]
<sarnold> so you kept arguing with someone who wasn't there :)
<Neo4> sarnold: I have this, just didn't noticed he left
<Neo4> yes I see he has left
<Neo4> now
<Neo4> sarnold: in this theme in each answer each people offer his regex https://askubuntu.com/questions/59886/how-to-completely-remove-php
<Neo4> last guy said all are wrong and need to use "^php*"
<sarnold> yes, and note that it's now got a score of 50 instead of 51, I just downvoted him :)
<Neo4> ok
<Neo4> I know regex
<Neo4> just here simple regex
<jjuujjuu> anyone have any idea why there are [two] ephemeral block devices mapped in the ubuntu hvm-ssd backed AMIs?
<jjuujjuu> i can't seem to update it through the console, awscli, or boto (that's an amazon problem), but i'm curious why it's there in the first place
<Neo4> sarnold: it called globing http://mywiki.wooledge.org/glob
<sarnold> Neo4: heh, ys, remember my very first message to you tonight? :) < sarnold> be careful with shell globs at the command line
<Neo4> sarnold: I first time heard about and didn't understand,
<Neo4> will know :)
<sarnold> :)
<arooni> about to shut down a vps i used as a web app server; i've already checked and backed up all mysql databases id want; looked thru the code /var/www section... and downloads.  trying to think if there might be anything else i need before i shut it down.  am i missing naything?
<sarnold> I'm sure you'll remember it around 2am in a cold sweat..
<sarnold> uploads? keys?
<cpaelzer> good morning
<lordievader> Good morning
<rbasak> cpaelzer: https://code.launchpad.net/~paelzer/ubuntu/+source/chrony/+git/chrony/+merge/345498 doesn't have a logical tag. Are you following a different workflow?
<cpaelzer> rbasak: I had it pushed ...
<cpaelzer> hmm
<cpaelzer> paelzer/lp1771061/logical/3.2-4ubuntu4
<cpaelzer> rbasak: isn't that available to you
<cpaelzer> paelzer is my remote, so that should be good
<cpaelzer> are the other tags as they should be?
<rbasak> cpaelzer: I'm only seeing three - old/new debian/ubuntu
<rbasak> Let me see what the Launchpad UI shows me
<rbasak> (or cgit)
<rbasak> I see them all at https://git.launchpad.net/~paelzer/ubuntu/+source/chrony/refs/?h=merge-cosmic-3.3-1
<rbasak> Not sure why my fetch isn't picking them up
<cpaelzer> rbasak: they are all under the lp1771061
<rbasak> But you've pushed them, so sorry for the trouble. I'll figure it out.
<cpaelzer> I even list the pushed tags every time in a MP, so people know which to fetch if needed
<cpaelzer> rbasak: TBH I'm sometimes affected by https://bugs.launchpad.net/usd-importer/+bug/1739000
<ubottu> Launchpad bug 1739000 in usd-importer "git ubuntu tag failing on changes in work-tree" [Low,Confirmed]
<cpaelzer> rbasak: so sometimes I make some of the tags "on my own"
<cpaelzer> rbasak: but they are still pointing to the refs they should as well as that I push them
<cpaelzer> rbasak: let me know if there is something on my side that makes you not getting the tags
<cpaelzer> IIRC ahasenack and I had such issues when using the --bug namespaces
<cpaelzer> but manual fetching made it work
<rbasak> cpaelzer: will do. I don't see how it could be anything you're doing. Seems they're on Launchpad but my local git isn't fetching them, so it has to be on my end.
<rbasak> cpaelzer: I need to run for an early lunch. Back online later.
<ahasenack> cpaelzer: I'm dropping the apache2 upload, it links with libcurl4 (which is fine, as that is the latest and default) but one of its universe modules from another source uses libcurl3, and libcurl3 and 4 cannot be installed at the same time
<ahasenack> and we are doing funny things with the curl package, like:
<ahasenack> $ cat debian/libcurl3.lintian-overrides
<ahasenack> libcurl3: package-name-doesnt-match-sonames libcurl4
<cpaelzer> ahasenack: ok, so you'll do another upload then that fixes this up?
<ahasenack> no, I don't have a solution
<cpaelzer> ahasenack: or how should I think of "dropping" the upload?
<ahasenack> cpaelzer: deleting the upload tag
<ahasenack> and rejecting the MP (I can't do that, I can only delete it, but I'd rather leave it so we have history/context)
<ahasenack> I'm adding some info to the bug
<cpaelzer> ahasenack: but the upload is done, you can't reuse the version number
<cpaelzer> and the tag matches what was uploaded
<ahasenack> cpaelzer: the upload is in proposed and won't migrate
<ahasenack> I asked in ubuntu-release to reject it
<cpaelzer> doesn't matter
<cpaelzer> you can reject it, but in terms of the archive it exists
<ahasenack> well, I don't know how that part works
<cpaelzer> so you'll have to spin your fix as ubuntu2 on top of what you have
<ahasenack> are you sure about that? Isn't the point of proposed to make sure it's ok before making it official?
<cpaelzer> rejecting in -unapproved means it never existed from the archives POV
<cpaelzer> but if it has been in proposed and failed for whatever reason the version number is still burned
<cpaelzer> ahasenack: for example if you fetch in your gu repo
<ahasenack> that's not the case for srus, I was told I could either use the previous version number or not
<cpaelzer> ahasenack: you'll see a new pkg/import/2.4.33-3ubuntu1
<cpaelzer> ahasenack: if the SRU is rejected in -unapproved that is true
<cpaelzer> ahasenack: if it reached proposed then LP will later reject uploads od the same version
<ahasenack> I see
<ahasenack> well, let me finish writing up this blurb
<cpaelzer> https://launchpad.net/ubuntu/+source/apache2/2.4.33-3ubuntu1
<cpaelzer> there can't be "another" 2.4.33-3ubuntu1
<ahasenack> as I said, I don't have a fix. So I either epoch it back to 2.4.29, or leave it like that for someone else to pick it up and come up with a fix
<cpaelzer> epoch = URGS, there are better solutions to that
<cpaelzer> but lets brainstorm about the issue and what could be done
<cpaelzer> or have you evaluated it already and decided there is no way (for now)
<cpaelzer> ahasenack: you might throw me a hangout link and explain me which apache module uses the old libcurl and why
<cpaelzer> maybe we get an idea how to resolve
<cpaelzer> if not I can explain how one would revert this now
<ahasenack> it's libapache2-mod-shib2, which needs libxmltooling7, and libxmltooling7 cannot use libcurl4
<ahasenack> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1770242 commented
<ubottu> Launchpad bug 1770242 in apache2 (Ubuntu) "Please merge from debian 2.4.33" [Low,New]
<rbasak> ahasenack: is the transition completed in Debian? If so, how did they achieve it?
<ahasenack> their libcurl is different
<ahasenack> irc discussion start: https://irclogs.ubuntu.com/2018/05/16/%23ubuntu-release.html#t16:45
<ahasenack> fun fact: "huh, in debian libcurl.so.4 is in the libcurl3 package"
<ahasenack> and they do have a libcurl.so.3
<ahasenack> we don't
<ahasenack> whoever updates apache to even 2.4.30 (we are at 2.4.29) will come across this
<rbasak> This sounds like it's going to get very involved to understand :-/
<rbasak> Shall I leave it to cpaelzer to help? Or if you prefer I can do it, but it probably would be a waste for both of us to catch up on what is going on.
 * rbasak is now regretting sticking his head in
<cpaelzer> hehe
<cpaelzer> rbasak: leave it with me for now
<rbasak> ack
<cpaelzer> we can re-sort on the standup later
<cpaelzer> ahasenack: sometimes odd issues have rather blunt soltions :-)
<cpaelzer> ahasenack: what happens if we just NOT provide the libcurl4 dev libs?
<cpaelzer> ahasenack: Debian enabled this in 2.4.33-1
<cpaelzer> so it is rather new, maybe it is a new feature and not 100% required?
 * cpaelzer readas apache changelog
<ahasenack> what is reather new? mod-md?
<ahasenack> it's in 2.4.30, but we (and debian) have it in the archive already as its own source, an older version. I think it was finally absorbed by apache upstream
<ahasenack> the 2.4.33 pkg now builds a transitional binary for it, as it's in apache2-bin now.
<cpaelzer> ahasenack: and that is what needs the new libcurl and for now causes this dependency mess?
<ahasenack> I don't know if the older source, if rebuilt now, would also link with libcurl4
<ahasenack> which is not really "new", btw
<ahasenack> (curl4, that is)
<cpaelzer> libcurl3-gnutls is the old one
<cpaelzer> lets check how old the libapache2-mod-md we have is
<cpaelzer> Apache changelog: "mod_md: new experimental, module for managing ..."
<cpaelzer> I think it is fair to disable that for now
<cpaelzer> to untangle this
<cpaelzer> and revisit after some time to pick up it and libcurl on all parts of this puzzle
 * cpaelzer needs to rad through last buildlog and then hopefulyl comes up with an interim solution for now
<ahasenack> I can try dropping it, there are some d/control breaks/replaces to take care of because apache 2.4.30 is essentially obsoleting the module from the other source
<cpaelzer> yep
<cpaelzer> but "for us" that other module exists until you get out of proposed
<cpaelzer> so my suggestion would be (for now) drop the libcurl4 build-dep, drop the -md bits in d/rules and d/control
<cpaelzer> that should give you a new apache with the old mod-md for now
<cpaelzer> you can later on with a bit more patience and time re-evaluate how to get the integrated mod-md
<ahasenack> well, with no mod-md
<cpaelzer> --disable-md
<ahasenack> yes
<cpaelzer> hrm did you look at jansson ?
<cpaelzer> oh that is no curl||jansson
<cpaelzer> to bad
<cpaelzer> so I stick with my suggestion above
<cpaelzer> ahasenack: if it works it would resolve it for now, but not free you from solving the libcurl3-vs4 puzzle eventually
<cpaelzer> never the less if it works IMHO much better than 2.4.33-3ubuntu1+really2.4.29-1ubuntu4.1
<ahasenack> ok, thx
 * cpaelzer is hooked and needs to check curl libs in Debian vs Ubuntu
<ahasenack> cpaelzer: check how xmltooling is built wrt openssl version, and how debian solved the problem of xmltooling only working with openssl 1.0 (not 1.1), I think that is important
<cpaelzer> I'm looking at that already
<cpaelzer> and the ubuntu delta of "Rename libcurl3 to libcurl4 ..."
<cpaelzer> ahasenack: after you have an apache in as-is you might ask slangasek to discuss a valid path out of this
<cpaelzer> I'm pretty sure Foundations has already a plan on this
<cpaelzer> "this" being the overall transition of curl/ssl
<cpaelzer> after it is clear how that applies to apache2 you can lay out the steps you need to do there
 * cpaelzer shakes his fist at soname 3 vs 4 while at versions like 7.58.0-2ubuntu2
<cpaelzer> consistency FTW
<ahasenack> yeah, did you see that lintian override about the soname? :)
<cpaelzer> no but I saw your quote above
<cpaelzer> I'm convinced trying to read into this on our own can only fail
<cpaelzer> try to resolve it as suggested for now
<cpaelzer> and then get in touch with the people owning the transition
<cpaelzer> seems a much saner approach to me
<ahasenack> let's hope it works
<ahasenack> finding out problems so late in the upload is disturbing
 * cpaelzer feels bad for ahasenack stumbling over stuff like this he didn's cause
<ahasenack> thanks for the hug, appreciated
<rbasak> ahasenack: I remember that email now. Sorry, I forgot to flag it.
<ahasenack> np
<hackeron> hi there, I installed ubuntu 18.04 and the commands ifdown and ifup are missing - is there a new way to start and stop a specific network interface using the settings in /etc/network/interfaces?
<rbasak> hackeron: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#netplan.io
<rbasak> hackeron: and https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#Network_configuration
<hackeron> rbasak: ah, I see! - is there any way to use the old /etc/network/interfaces file?
<rbasak> hackeron: "The ifupdown package remains available and supported in Ubuntu main for users that find netplan does not currently meet their networking needs."
<hackeron> rbasak: ah, fantastic, thank you!
<rbasak> ahasenack: wrap-and-sort is changing things for me on your nvdimm branches, running on Bionic.
<rbasak> I don't know if you haven't run it recently, or if Bionic's wrap-and-sort behaves differently from yours.
<ahasenack> rbasak: in what way? I'm building that in cosmic now
<ahasenack> rbasak: ppa:canonical-server/nvdimm has the cosmic build
<ahasenack> rbasak: also, I ran wrap-and-sort with -a, to wrap even when the line isn't long enough
<nikolasc> hi there. My server is always setting ondemand cpufreq with cpufrequtils disabled, tried rc.local but after reboot is always ondemand instead of performance
<kiokoman> sudo systemctl disable ondemand
<kiokoman> ondemand.service - Set the CPU Frequency Scaling governor
<nikolasc> service --status-all does nto show it
<nikolasc> kiokoman: worked
<nikolasc> thank you
<kiokoman> good !
<coreycb>  jamespage: do we still bundle boost with pxc 5.7? seems like orig tars don't exist nor does d/bundle-boost.sh.
<Ussat> whats the eta on 18.04 release ?
<jdr> ?
<Pici> ?
<sdeziel> Ussat: few weeks *ago*, 18.04 was released on April 26th
<Ussat> ahh cool, thanks
<Ussat> hows the 16.04LTS --> 18.04 LTS ?
<Ussat> guess will fire up a vm and test it
<sarnold> Ussat: upgrades are mixed; my laptop upgrade did not go well, but 90% of the upgrade problems I've seen were self-inflicted
<sarnold> (there's a decent chance my upgrade problems were self-inflicted, but we never did figure out the cause.)
<Ussat> sarnold, I have a vm I spun up to test...gonna test about 4 more times before I attempt to do a prod system
<Ussat> plus I have good backups
<sarnold> Ussat: be sure to test smething that actually approaches what you use
<sarnold> stock install upgrades are probably less interesting / less useful than "we installed a thousand packages for this that and the other thing"
<Ussat> sarnold, oh we do, I ahve a full esxi server full of test vm's running the apps I use
<Ussat> just pared down resource wise
<sarnold> nice nice nice
<sarnold> please file bugs as needed :D
<Ussat> Work at a hospital...we are paranoid carefull
<Ussat> probably wont actually do any prod upgrades for a few months, just want to get ahead of the curve
<Ussat> MOstly my labs use Ubuntu, you all have the best bio/genetic packages avaliable
<sarnold> :D
<Ussat> We are a RHEL/AIX shop, but all our pathology labs/genetic labs run Ubuntu, as well as our genetic torrent servers
<Ussat> Ubuntu is VERY big in medical stuff
<Ussat> https://www.thermofisher.com/order/catalog/product/4483643
<Ussat> we have a lot of these
<Ussat> specialised stuff
<Ussat> Along with my test lab, I do a lot of preliminary testing on vm's on my mac
<sarnold> that was not what I expected from "torrent server" :)
<Ussat> heh...yea I know...the name
<Ussat> full name is ION-Torrent
<Ussat> we have 5 of those along with some 64core 512GB VM's
<Ussat> Ubuntu 16.04 LTS
<Ussat> in our Molecular Pathology lab
<sarnold> hehe, reminds me of running Folding@Home back in the day..
<Ussat> OUr lab was a sponsor of that
<sarnold> cool! :D
<Ussat> Yea we are ultra carefull with updates, full backups, snapshots etc
<Ussat> I say we.....I am the Linux guy here
<rbasak> ahasenack: ah, that'll be it. No worries.
<ahasenack> rbasak: running with -a?
<rbasak> ahasenack: yep
#ubuntu-server 2018-05-18
<Goop> I have a VPS provider that I would like to use to resell mail and web hosting. The smallest package they provide is $5/mo, and I want to turn around and sell a $5/mo service. What would be the best way to split the virtual hosts/domains between users?
<sikun> what would cause a systemctl restart service command to cause a server to hard reboot, IPMI logs aren't showing any entries when they reboot, they reboot almost instantly so I haven't been able to get anything from logs and this is only happening to a handful of the nodes in the cluster.
<Goop> I'll be offering Postfix/Dovecot, MySQL, and Apache2.
<Goop> sikun, can you give me a context?
<sikun> I have a script that I run to restart a service on nodes, it simply runs a remote ssh commmand "ssh mgmt@192.168.1.2 systemctl restart service_name"
<Goop> Wait wait wait, that still doesn't tell me the context. What are nodes? virtual machines? SQL nodes?
<sikun> as soon as that command finishes, a handful of nodes will instantly power cycle.
<sikun> compute
<sikun> they all PXE boot, no local storage.
<sikun> all are the same model of server, have the same amount of RAM, every single config option in the BIOS are identical, yet.. starting here recently I've been having about a dozen nodes start rebooting on their own, so I'd simply run a script that would "provision" them after they've booted and they'd be good to go but today these nodes started rebooting as soon as the provisioning script finished running the remote SSH commands
<sikun> I've dug through their IPMI logs, none show any CPU/RAM/Thermal events
<sikun> they reboot whether the command is remotely ran or locally ran
<cpaelzer> good morning
<lordievader> Good morning
<hellyeah> corrupted stack and detected inside scheduler what does that mean?
<lordievader> hellyeah: Where does that come from?
<hellyeah> when i try to install ubuntu with vmware
<lordievader> Is the error from Ubuntu, or from vmware?
<hellyeah> lordievader,  i amm not sure about that
<hellyeah> but i got this error in ubuntu shall
<hellyeah> i mean i booted ubuntu and i saw kernel panic
<hellyeah> i guess kernel panic is about ubuntu
<lordievader> During the boot of a live-cd?
<lordievader> https://askubuntu.com/questions/825841/kernel-panic-cant-boot-into-ubuntu-after-windows-did-some-updates
<hellyeah> i boot with wmware
<hellyeah> and i got kernel panic
<hellyeah> man there is no answer there :D
<lordievader> hellyeah: Did the kernel panic occur during the boot of a live image or during the booting of an install?
<hellyeah> during the boot of install
<lordievader> Does a live-cd boot correctly?
<hellyeah> i am not sure
<hellyeah> can irt be about windows 10?
<hellyeah> it*
<vimes> Hello! I run a small ubuntu server hosting some websites for student associations and some small businesses, it runs some django, some php, nginx etc. And it's 16.04, but now 18.04 is here and I've been told "always upgrade", should I? configuring all of this to work takes times, I would re-install everything any how. Is it generally a "good idea" to upgrade to latest LTS or just sitck with 16.04 for it's lifecycle?
<hateball> well for starters you can't officially upgrade until 18.04.1
<vimes> ooh
<hateball> and even then I guess it is up to you. security stuff will keep being patched in 16.04, but you wont get new features for the services you're offering
<Nafallo> if it's working and there is nothing new you need, you don't have to upgrade "just because" no.
<Nafallo> changing production environments is obviously always a risk you have to decide if it's worth making.
<vimes> read a sysadmin book recomending me to always use newest stable versions, but I guess 16.04 will be updated as well, thanks! :D
<Nafallo> until April 2021 ;-)
<Nafallo> after that you could always upgrade to 18.04 straight to 20.04 :-)
<Nafallo> two steps
<vimes> It's probably time for me to learn ansible soon any how, then I assume upgrading would go much faster
<Nafallo> depends how you do it, but I'd probably wouldn't do an upgrade with ansible.
<Nafallo> rather a new deploy/re-provision if so.
<vimes> no no, install from scratch, use ansible to install and configure everything
<Nafallo> yeah, that.
<Nafallo> :-)
<rbasak> cpaelzer: could you glance at a shell script for me please? I'd like a second opinion on my review comment for ahasenack's nvdimm packaging.
<rbasak> https://git.launchpad.net/~ahasenack/ubuntu/+source/pmdk/tree/debian/tests/manage-pools?h=clean-changelog-for-upload
<rbasak> cpaelzer: lines 61 and 68
<rbasak> cpaelzer: are the purpose and operation of these obvious to you?
<tyx> Hi
<tyx>  How to open port# when it in nmap is "filterd" ?
<tyx> i'm using ubuntu 16.04 and ufw interface
<kiokoman> tyx: example -> sudo ufw allow 2222/tcp
<cpaelzer> rbasak: reading
<cpaelzer> 61: almost yes
<cpaelzer> 61: I see what it is doing, the check is fine and it follow the no-message = good message approach
<cpaelzer> but in case the grep goes off and can't find a "consistent" under the reqzested pool_file
<cpaelzer> then IMHO it will just break due to the set -e
<cpaelzer> I'd ask for an explicit "could not find consistent pool for pool_file" or such
<cpaelzer> 68: yes I see what it is doing
<cpaelzer> 61+68: both suffer from the implicit RC issue
<cpaelzer> they are the last commands and are meant to return the RC to the function above
<cpaelzer> but, due to the set -e if they do so it will abort right?
<cpaelzer> and if one adds another command in the function afterwards it will change behavior
<cpaelzer> I'd consider it better to collect and return the RC explicitly to avoid the latter issue
<cpaelzer> for the former I think it is fine as it is meant to break on an issue
<cpaelzer> OTOH if you want to have all tests run in all cases and know which of all of them fail
<cpaelzer> instead of breaking on the first
<cpaelzer> then it would need changes
<cpaelzer> rbasak: is that what you wanted to know?
<rbasak> cpaelzer: yes thanks
<rbasak> They will abort because of the set -e too, and I was missing that before.
<rbasak> But only because of the way the function is invoked
<rbasak> If it was invoked with, say "if ! foo; then echo "tehre was a problem"; fi", then the set -e will stop working.
<rbasak> At that point I think we'd be relying on the implicit rc.
<DevNull1> I'm looking to move an existing install of wordpress on apache2 to nginx.  I've got Let's Encrypt installed too.  Is it as easy as removing apache2, installing/config Nginx, redoing .htaccess and then re-doing Let's encrypt?
<DevNull1> It's just a stock Wordpress install - nothing fancy
<kiokoman> idk but i don't think it would be that easy, nginx does not support .htaccess
<DevNull1> kiokoman, Yes, I am aware. It will have to go in the vhost config
<DevNull1> Anyone have http2 working on Ubuntu server 18.04?
<DevNull1> Can't get it working and I've followed all the docs -- no dice
<tomreyn> DevNull1: there's #nginx if nginx functionality isn't working properly. but make sure your client supports it properly, too.
<tomreyn> DevNull1: you migration apache httpd -> nginx may also run into issues about switching the php model / API. there is no mod_php for nginx, in case you were using this so far. so you'd need to switch to fpm (which is better anyways IMO).
<tomreyn> that's only relevant if you weren't already using fpm with apache httpd, of course
<DevNull1> tomreyn, Thanks I'm gonna rebuild from scratch. Take this as a learning experience. =)
<tomreyn> good luck
<compdoc> if you have a 32bit ubuntu system, is it possible to upgrade to 64but using apt-get? or do you need to wipe?
<compdoc> *bit
<_KaszpiR_> compdoc reinstall
<tomreyn> it's not an 'upgrade', it's rather a replacement.
<compdoc> sure, if you reinstall
<nacc> rbasak: i think you can drop our local oauth part with the bump of launchpadlib?
<nacc> rbasak: and at the same time remove line 194
<nacc> (from the yaml)
<nacc> i think that will fix the test failure
<nacc> rbasak: http://paste.ubuntu.com/p/838jdvRhPN/
<nacc> is my theory
<nacc> i am struggling to get snapcraft to actually run right now
<nacc> stgraber: trying to see why my `lxc launch ubuntu:x` doesn't seem to be doing anything, and passed -v, still just get "Creating the container" and then silence...
<nacc> stgraber: rebooting seems to have made it well again; oh well
<rbasak> nacc: thanks!
<rbasak> I'd just about got as far as being able to reproduce locally before I EODd
<rbasak> I couldn't find where launchpadlib actually used oath
<rbasak> But if we can drop the part then it doesn't matter I guess
<nacc> rbasak: i'm doing a cleanbuild now locally, and will run a selftest
<nacc> see if i can get it to best
<nacc> wow, brain failure, *to pass
<nacc> rbasak: yeah, the version of launchpadlib in our snap *before* the commit in the above paste did you use oauth
<nacc> but now it does not
<rbasak> Ah, that makes sense
<nacc> so it's really a consequence of the bump, that we also needed to shift this part of the snap
<nacc> I probably won't have an answer until Monday locally. I might just push up a MP so that CI tests it faster
<nacc> https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/345963
<nacc> rbasak: ok, that fixed the unit tests, but failed integration tests, which i just pushed a second fix for (bumping lazr.restfulclient to not need oauth by moving to 0.14.0)
<nacc> rbasak: i'm thinking we need to drop our strict versioning in setup.py actually, and maybe express minimums (if we know they are needed) or just use the latest?
<arooni> what server does cron use by defualt
<arooni> grr... shell
<nacc> arooni: probably /bin/sh ? If you need a specific shell, you should invoke it by path
<arooni> nacc: can i change the shell per command
<arooni> or do i need to set it for the entire cron set of tasks
<nacc> arooni: i'd check `man 5 crontab`
<nacc> arooni: it appears to be a global in the crontab
<sarnold> /bin/sh -c "/bin/tcsh -whatever tcshs 'programs use'"
<sarnold> probably far better is to just write what you want in a shell script and execute that from crontab. don't get too clever in the crontab itself.
<nacc> sarnold: good point
#ubuntu-server 2018-05-19
<arooni> but is there anyway to actually know what shell is being used?
<sarnold> arooni: sure, check crontab(5) and see that it says /bin/sh is used :)
<arooni> ok my bad; i shoulda rtfmd
<Neo4> who know how to reach roundcube?
<Neo4> I did sudo apt-get install roundcube
<Neo4> and go to this url kselax.ru/roundcube and can't reach
<ikonia> define "can't reach"
<Neo4> ikonia: can't access roundcube
<Neo4> http://kselax.ru/roundcube/
<Neo4> now good it shows error 500, before didn't work at all
<Neo4> this instruction https://help.ubuntu.com/community/Roundcube
<Neo4> I forgot where to watch errors for web server
<ikonia> /var/log/
<Neo4> ikonia: https://91.227.18.36/info.php
<Neo4> php doesn't show errors by default
<Neo4> and apache log file I removed everything from there and it doesn't show errors also
<Neo4> apache log here /var/log/apache2/error.log
<Neo4> I need put php log in the same file for easier look logs
<Neo4> better when all logs in the same file
<ikonia> php logs just fine
<Neo4> ikonia: default it off
<ikonia> it will log in the apache error log the core problem of a 500
<Neo4> ikonia: php hasn't errors, and apache also
<ikonia> pretty such if you're getting an error 500 one of them will be erroring
<Neo4> now works,
<Neo4> might it was cache
<Neo4> I watch log in vim
<ikonia> vim won't update real time
<Neo4> ikonia: yes, there might exists cache
<Neo4> who can update?
<ikonia> not cache
<Neo4> error https://paste.ubuntu.com/p/zsd33dcyHM/
<Neo4> ikonia: buffer
<ikonia> it's just not a real time tool
<ikonia> it's not a buffer
<ikonia> it's not a real time tool
<Neo4> in vim all files open and put to buffer
<ikonia> it opens what is there at that moment in time
<ikonia> it's not a buffer
<Neo4> I changed user for apache from www-data to neo
<Neo4> ok, I see it doesn't work properly, better way install roundcube it's load on server files and put to separated folder like I before doing
<Neo4> automatically it impossible something customize
<Neo4> using sudo apt-get
<Neo4> drwxr-x---  2 www-data adm       4096 Apr  6  2016 roundcube/
<Neo4> my user neo can't write there
<Neo4> for apache2 more useful to have main user user which is load files to server
<Neo4> I don't want www-data
<ikonia> you need to use www-data
<ikonia> it is the correct way to use the permissions model
<Neo4> ikonia: why? How I will load files on server using ftp? I will always care about permission
<ikonia> ok, then you do that
<ikonia> no-one else will
<Neo4> correct, but not useful, after each load I need change my neo to www-data
<ikonia> that's because your approach is wrong
<Neo4> ikonia: no, with neo like apache user I load files and not ot change permission
<Neo4> this approach works, I read about in one book
<Neo4> we can change user for apache
<ikonia> then why are you having problems if this process works ?
<Neo4> ikonia: because I installed roundcube by default using ' apt-get install roundcube', and it uses www-data, and might some folders don't have needed permission for my user neo
<Neo4> did you see this log file
<Neo4> drwxr-x---  2 www-data adm       4096 Apr  6  2016 roundcube/
<ikonia> so your process is broken with all standard packages / permissions model
<Neo4> rwx r x, my neo can't do there nothing
<ikonia> roundcube is a webmail client why would you manually need to upload anything into that directory
<Neo4> ikonia: if I use www-data, how I will load my files on server using filezila?
<ikonia> why would you need to load any files into the roundcube web root
<Neo4> ikonia: roundcube is usual php application and we can easy set up it loading on server
<ikonia> right, you don't need to upload anything if you do apt-get install roundcube
<ikonia> so you don't need "file zilla to upload" anything
<Neo4> ikonia: but permission, did you see? Roundcube has been installed in a few folders, and my neo can't rich that, from this might errors
<Neo4> ikonia: which model do you use/
<Neo4> ?
<Neo4> www-data is your apache2 user?
<Neo4> Then say how you load php files to your server using your own user. it' impossible without changing permission on file always
<ikonia> Neo4: you don't need to access roundcube folders
<ikonia> there is nothing to upload
<Neo4> i load some file file.php to server and it wil have 664 rights and user neo grop neo. www-data can't reach it
<Neo4> ikonia: no, I need, in those folder could be needed files for roundcube could work
<Neo4> when apache2 run roundcube he see in config folders where it placed, and go to this folders to include files and it can't, that's why I got error 500
<Neo4> ok, I temporarely change user on www-data and will see what happen
<ikonia> Neo4: there is nothing you need
<ikonia> Neo4: you apt-get install roundcube - it puts all you need in place
<ikonia> there is no need for you to upload anything
<ikonia> you are making a problem where one doens't exist
<ikonia> you changing the permissions is breaking things
<ikonia> there is no need to change the permissions
<Neo4> ikonia: see http://kselax.ru/roundcube/
<ikonia> I dont need to see that
<Neo4> www-data works, but I want neo
<ikonia> why
<ikonia> why do you want "neo"
<Neo4> ikonia: reason in uploading files to server, see when I neo and connected to server using FileZila, load there files, which atribute will have this file?
<Neo4> user: neo
<Neo4> grop: neo
<Neo4> permission 644
<Neo4> standard permission for directory 755 for files 644
<ikonia> you don't have to upload files to the roundcube directory
<ikonia> so you don't need to change the permissions at all
<Neo4> and could www-data read my file? No
<ikonia> you have zero reasons to upload files for roundcube
<ikonia> so you have zero reasons to want the user neo to own them
<Neo4> ikonia: for roundcube I don't, but I need for virtual hosts
<ikonia> so you have zero reason to change the permissions
<ikonia> Neo4: right, so don't impact round cube with your other virtual host problem
<Neo4> before I have a few tests servers where I upload wordpress and other applicatiosn. if user www-data I will alway change permission
<ikonia> then you are silly
<Neo4> add my neo to group www-data
<ikonia> as that is the correct permissions model
<Neo4> ikonia: model correct, but difficult work with server in real time
<ikonia> no it's not
<ikonia> everyone else in the world manages just fine
<Neo4> ikonia: no, right, I want to modify file, I open it using FileZila, file download to my computer and went to editor, after modifying I load it back and it now not to belong www-data
<Neo4> ikonia: and I must again connect to server using console and change file atributes,
<ikonia> as I said your model is wrong
<Neo4> ikonia: why wrong?
<ikonia> because it doesn't work
<Neo4> Why apache2 have this opertunity to change user? It might made specially for this case
<ikonia> sorry, I don't understand your last question
<ikonia> could you try to explain it again please
<Neo4> ikonia: no, if I do apache2 user neo then all works perfactlly
<ikonia> right, but nothing else works
<ikonia> as you've just found with roundcube
<ikonia> because you've broken the correct permissions model
<Neo4> ikonia: I load files they are neo:neo and apache also neo user, and everything don't have errors
<Neo4> ikonia: automatically installation doesn't works only
<ikonia> it's pointless to discuss this
<ikonia> correct, it won't work - because it uses the correct standard permisisons, which you've broken
<Neo4> ikonia: before I installing roundcube and squirelmal copying them to server by ftp
<ikonia> so your workflow breaks everything else
<ikonia> so because you don't understand the permission model, you're breaking things
<ikonia> which is fine, if you want to overrirde the standard permissions model, do it, but don't expect help with your custom workflow approach
<Neo4> ikonia: well, see what I think, phpmyadmin works, nevertheless I installed it by using apt-get install, it means there something could have www-data user, I think about run some command that will scan all folders and change www-data to neo.
<ikonia> you're incorrect
<Neo4> is it possible? This would be entrance
<ikonia> but you seem unable to understand why, so just carry on
<Neo4> ikonia: ok what do you offer?
<ikonia> change your workflow to something that everyone else uses
<Neo4> ikonia: How can I useful modify files over ssh usinb FileZilla without forever change manually permission or user?
<ikonia> look at your workflow for starters
<ikonia> look at your users and group permisisons and where they are shared between interactive users and system users
<ikonia> look at where / how you set up document roots
<Neo4> ikonia: I add user neo to group www-data and www-data to grou neo, anyway files has 644
<ikonia> I don't understand your last statement
<Neo4> I forgot, for apache can modify file that is from group we need 664
<Neo4> ikonia: see suppose I add www-data to group neo, addgroup www-data neo
<Neo4> ikonia: now my www-data is able to modify files that belongs to neo, yes?
<Neo4> www-data has group neo and can modify files belonging to neo:neo
<Neo4> but this files should have 664, and they have 644
<Neo4> 4 only read
<Neo4> again it can't. I anyway must manually changed rights after upload files
<Neo4> ikonia: do you know php?
<Neo4> you can make experiment
<Neo4> open FileZila and load on your server two php files from your user
<ikonia> I don't need to do a test
<Neo4> or open remotely file from your server, in your local editor, modify it and load back and check atributes
<ikonia> I don't need to do a test
<Neo4> ikonia: atributes will changed
<ikonia> "attributes" ?
<Neo4> ikonia: I noticed it when I was using windows. From linux it works difference
<ikonia> what are you even talking about ?
<Neo4> ikonia: see on a remote server resized file index.php with www-data:www-data and 664
<ikonia> resized file ??
<ikonia> if you change a file - of course its file size will change
<Neo4> plased*
<ikonia> as thats the point you've "changed" the files size
<Neo4> ikonia: I forgot that word with re, will use placed
<Neo4> ikonia: there placed index.php www-data:www-data 664
<Neo4> ikonia: you open FileZila, navigate to file and right click on it select open in editor or edit
<Neo4> ikonia: you do some editing and press CTR+S (save file), then go to fileZila and confirm loading back file
<Neo4> and check file atributes, now they will neo:neo with 644
<Neo4> ikonia: your apache can't reach it even if it has neo group, 4 means only read
<Neo4> you need put 6 manually 664 for www-data could modify goup files
<Neo4> it isn't useful do in real time editing and alway care about rights,
<Neo4> that's why I changed user to neo from www-data
<Neo4> ikonia: ok, I see you aren't in this theme :)
<Neo4> ok, Ill try find command that find all files with owner www-data and replace them to neo
<ikonia> ?
<ikonia> Neo4:  you're making a problem with your workflow
<lordievader> Good afternoon
<Neo4> ikonia: Ð²Ð¾Ñ Ð½Ð°ÑÑÑÐ¾Ð¸Ð» Ð½Ð° Ð¾Ð±ÑÑÐ½Ð¾Ð¼ ÑÐ¾ÑÑÐµ Ñ apache neo ÑÐ°Ð±Ð¾ÑÐ°ÐµÑ http://kselax.ru/roundcubemail-1.3.6/
<Neo4> ÑÐ°Ð¼ Ð½ÐµÐ±ÑÐ»Ð¾ Ð½ÑÐ¶Ð½ÑÑ Ð±Ð¸Ð»Ð¸Ð¾ÑÐµÐº
<Neo4> oh, forgot language
<Neo4> works on ordinary server, with user neo
<Neo4> there weren't needed php libs
<Neo4> now, I'll try to create instruction for apt-get
<Neo4> before use apt-get we must install all needed php libs
<Neo4> this also works with www-data https://91.227.18.36/roundcube/
<Neo4> well, everything is clearly. Need list of php libs, and list of paths where allow server access, and then write shell function that will do this automatically
<Neo4> roundcub is not good install using apt-get, because you can't see whether all right with server. When we install manually we see page where all requirements are shown
<blackflow> Neo4: roundcube in Ubuntu has been supported very badly. It's in universe and so far didn't receive any security fixes in previous ubuntus. A thing to keep in mind.
<Neo4> blackflow: ok, I don't know how to create shell script for it. use apt-get install roundcube or try set up manually in separated folder
<Neo4> in separated folder works perfactly, but automatically would be nice with apt-get like phpmyadmin
<blackflow> Neo4: using the tarball from upstream directly would be a wise choice, as the package in ubuntu is not taken care of.
<Neo4> it put it to /usr/lib
<Neo4> no to /usr/share
<blackflow> thankfully, it's very easy to maintain it that way, just unpack into a target folder and stay at the major branch. updates are as simple as that. unpack and run the upgrade script. There's a README with all the info.
<Neo4> blackflow: download using curl in folder
<Neo4> blackflow: yes, and we will see page with errors. that roundcube installer
<Neo4> blackflow: I'm going to write two scripts for roundcube and squirrelmail
<blackflow> why squierrelmail? that's... long abandoned.
<Neo4> blackflow: easy to use
<Neo4> simple interface, easy to install, good mail client
<blackflow> so is roundcube. I wonder if squirrel will even run on PHP 7.x
<Neo4> anyway we can use thunderbird or others desktop clients
<Neo4> blackflow: I tried on php5.6, works nice
<Neo4> roundcube has modern interface, squirrelmail is old, but anyway could be used
<blackflow> Neo4: you should really pay more attention about security of software you're trying to use. Running a web server exposes your machine to thousands and thousands of bots that will touch and try every facet exposed to the public internet and try to break it somehow. Especially if you run mail, and PHP.
<Neo4> blackflow: I don't know, I will run one mails server for myself, and for VPS migh be only postfix. and might be to install some mails servers for send ads. and nothing else
<Neo4> I dont think somebody will interested my personal mail server :)
<blackflow> Neo4: you don't understand do you? BOTS. Automated programs that will find your server in no time and try to probe it.
<Neo4> blackflow: ok
<Neo4> need to use long passwords 15 - 20 symbols
<Neo4> main protection
<Neo4> bots could make Ddos on front page webmail and try brute force password
<blackflow> and exploit bugs in your software, avoiding your long passwords to break in.
<Neo4> blackflow: see additional protection for phpmyadmin https://91.227.18.36/phpmyadmin
<ikonia> Neo4: as you where told in #postfix - you should not be running a mail server
<ikonia> you have zero understanding of how any of this works, and you should really not be doing it
<blackflow> you should not be running ANY public server, until you're familiar with all the problems that occur when exposing a computer to the public internet.
<ikonia> you don't understand the basic needs and principals of these services
<Neo4> ikonia: less listen what somebody says, they just joked
<ikonia> they didn't joke
<ikonia> they where serious
<blackflow> indeed.
<Neo4> ikonia: it was somebody personal opinion that not pretending to be truth, Don't pay attestation :)
<ikonia> no it wasn't
<ikonia> it was multiple people echo'ing what I've just said
<ikonia> and I agree with them
<Neo4> ikonia: one person says you don't need to run and you can always find many others who say you are the best. It isn't worth worrying about
<ikonia> multiple people said you should not do, no-one said you should
<Neo4> ikonia: this is even better, multiple people are herd, World is consists from people so called gray mass and some excursive people, if say all something it could be also good sight, don't pay attantion :)
<Neo4> ikonia: multiple people are stupid herd. not worth paying attantion too. There in #postfix was everythign all right
<ikonia> no they where not stupid
<blackflow> Neo4: why are you here then? If you don't take advice seriously, why are you here? You obviously don't need any support. Go run your mail server and good luck with that.
<blackflow> don't listen to "gray mass" of advice. You know better.
<ikonia> already found 2 weakeness
<ikonia> 220 mail.kselax.ru ESMTP Postfix (Ubuntu)
<Neo4> blackflow: no I need, I don't like bad support like you don't need run mail sever, etc... :)
<ikonia> that is good support and really good advice
<ikonia> more so when basically you're just going to run yet another spam service
<Neo4> blackflow: yes, don't need listen "grey mass" because you will like they are
<Neo4> blackflow: do you want to be like majoryty people (80%), obviously not, better to belong to 20% people
<blackflow> Neo4: good, then /part and save yourself from the bad people.
<Neo4> ikonia: yes, nothing help and say you are don't need run it
<Neo4> ikonia: that was direct abuse
<ikonia> it's not abuse
<Neo4> ikonia: that guy said I am stupid and can't run mail server
<ikonia> no he didn't
<ikonia> he said you lacked experience and basic understanding to run a mail server
<Neo4> ikonia: I can estimate this like abuse, couse he said I am stupid for run mail server. It was abuse, he attacked me, Why I should seriously perceive that crape, if person deliberately wants to hurt me? That guy always criticize me :)
<ikonia> you're behaving foolishly now
<ikonia> taking someone's constructive advice as "abuse"
<ikonia> and to be honest, even if it was abuse, you shouldn't ignore the context
<ikonia> someone being rude still may have valuable experience and information
<Neo4> ikonia: oh, I don't like such advices that hurt my self estim
<ikonia> then you are foolish
<ikonia> if you ignore advice because it hurts your pride/self estim
<Neo4> ikonia: oh, yes, will you listen somebody who will say 'you are stupid'? Why shall I follow that stupid advice? That was insult
<Neo4> I couldn't have accept that, sorry :)
<ikonia> lovely so running your mail server on the same physical host and IP as your mail server
<ikonia> and you're running PHP version with vunerabilities
<Neo4> and that guy is moderator, I can't say something him, he can kick me
<ikonia> this shouldn't be too hard to compromise
<Neo4> ikonia: no, I better know how to behave, simply don't listen everything what somebody says you
<ikonia> I don't know what you're last statement means, sorry
<Neo4> ikonia: do you know who he is? Suddenly that was said by some student, or I dont know? You don't know hothing about person and you accept his advice like truth, it is stupid
<Neo4> ikonia: simply not to listen everthing that said by somebody
<ikonia> I don't know him or any of the others who spoke to you personally, I certainly know their experience and knowledge and can see by their regular advice/understanding how well they know postfix
<Neo4> ikonia: if I don't like you, can I start criticize you for humiliate you, will you listen me?
<Neo4> :)
<Neo4> ikonia: when somebody criticize you it means he is don't like you
<Neo4> ikonia: I can't be love by everybody in #postfix, it's obviously, and normally
<ikonia> Neo4: no it doesn't
<ikonia> Neo4: if someone criticizes you it has nothing to do with if they like you or not
<ikonia> no-one humilated you
<Neo4> ikonia: don't pay attantion as I said, That was nothing bad. You will see such guys many in your life
<Neo4> ikonia: I said it doesn't matter
<ikonia> it wasn't nothing
<ikonia> it was seasoned experienced people giving you advice, and you bluntly refusing it, but still asking for help
<ikonia> I suggest we end this discussion, its way out of scope for this channel
<Neo4> ikonia: why? it directly show his attitute to you, Will you criticize girl what you like of she you? Might not
<Neo4> ikonia: and all persons aren't ideal, we always can find something wrong and start humiliate him. I don't want explain how ti works.
<Neo4> That guy just show that he is not like me
<Neo4> :)
<Neo4> I understood this
<Neo4> nobody said bad about me, only he
<ikonia> drop it please
<Neo4> ok
<Neo4> stop
<ikonia> thank you
<samba35> i am using kvm on 18.04 and i have ,windows 7 and centos as a guest installed
<samba35> i have assign 3 gb ram to centos ,when i start centos ,free /top/system monitor say 3 gb ram is use but centos is using only 900 mb of ram so i am just wondering why host/ubuntu consume 3 gb ram
<ikonia> samba35: please don't cross-post
<ikonia> you're asking this in other channels
<ikonia> samba35: the bottom line is it's the host is "using" ram because you've allocated it to a VM
<ikonia> think of it as reserved
<samba35> ikonia, my host is ubuntu
<samba35> and guest is centos
<samba35> ikonia, do you have any idea
<samba35> how this issuse can be fixed
<blackflow> samba35: ikonia just told you. it's not an issue to be fixed. the host is reserving the ram for the VM
<samba35> ok
<Neo4> who know how apt-get install roundcube creates mysql database?
<Neo4> without asking root password for mysql
<Neo4> I'm going to write shell script that will install roundcube in the same way
<Neo4> but now formy script need mysql root password
<Neo4> how to avoid asking mysql root pasword?
<RoyK> do you have a root password for mysql?
<Neo4> RoyK: yes
<Neo4> RoyK: and apt-get install roundcube has access to mysql withotu root password
<Neo4> RoyK: see my script with asking https://gist.github.com/kselax/418a052b49fb2d16a57014b3213c8cc0
<Neo4> it works with asking, I am interested how "apt-get install roundcube" works without asking
<Neo4> apt-get asks me about input password for db name and password for roundcube user
<RoyK> Neo4: if you run "mysql" as root, does it prompt you for a password?
<Neo4> RoyK: if I do mysql -uroot -p it prompt me
<Neo4> if I do mysql -uroot without -p it show error
<RoyK> Neo4: try sudo -i ; mysql
<Neo4> ok, now
<Neo4> RoyK: https://paste.ubuntu.com/p/9TtgvBWdky/
<Neo4> RoyK: I need to reach mysql and input commands for create db and user, but some installers for phpmyadmin for roundcube do it without root. Can I do the same
<Neo4> in google couldn't have found answer
<RoyK> only way to bypass mysql security is to start mysqld with --skip-grant-tables
<RoyK> last I checked
<Neo4> RoyK: how you start? systemctl restart mysql.service --skip-grant-tables
<RoyK> no, just stop the service and start mysqld manually
<Neo4>  how manually?
<RoyK> mysqld --skip-grant-tables
<Neo4> I stopped using systemclt stop mysql.service
<Neo4> RoyK: doesn't work
<Neo4> ok
<Neo4> with use with root password, nothing bad
<Neo4> for a while
<Neo4> https://paste.ubuntu.com/p/Wg2tq5jqRj/
<RoyK> not "mysqld start --skip-grant-tables" - "mysqld --skip-grant-tables"
<RoyK> and not systemctl something - just start mysqld directly with that flag
<Neo4> ok, will try
<RoyK> adding --skip-networking may be a good idea
<Neo4> RoyK: doesnt work, computer hang
<Neo4> RoyK: https://paste.ubuntu.com/p/bqmn65Qm4D/
<[Kid]> anyone have multipath setup and working in 18.04?
<[Kid]> my server will see the paths, but it is not giving it a friendly name so that I can mount it
<[Kid]> unless the friendly name is dm-0
<[Kid]> but i don't think so
<ironhalik> AA
<ironhalik> sorry, my weechat went insane, carry on
<mojtaba> Hello, I have installed ufw on a VPS (ubuntu 16.04), and I have executed ufw allow 63263, but when I execute: sudo nmap -sU -p 63263 localhost, it says: 63263/udp closed unknown
<mojtaba> Do you know what is going on? and what should I do to open a port?
<mojtaba> I was trying to do the same thing for 1194/udp. But it was the same.
<irwiss> probably missing the /udp part?
<mojtaba> irwiss: I have tried 1194/udp and also without udp, but still the same
<irwiss> you can try poking in ufw status to see what ufw thinks it's allowing and check if it matches your expectations
<mojtaba> irwiss: I have checked ufw status, and it is saying ALLOW.
<mojtaba> on the vps I typed ifconfig, and the inet IP address and broadcast IP address are the same. Is that Ok?
<Neo4> mojtaba: try listen port telnet localhost 1194
<Neo4> ufw status
<Neo4> mojtaba: you can scan wholly your server using:
<Neo4> nmap ip_of_yourserver
<mojtaba> telnet: Unable to connect to remote host: Connection refused
<mojtaba> Neo4:
<Neo4> it means port nobody use, it won't work
<mojtaba> telnet localhost 1194, telnet: Unable to connect to remote host: Connection refused
<mojtaba> ufw status
<mojtaba> 1194/udp                   ALLOW       Anywhere
<Neo4> mojtaba: what is show nmap?
<Neo4> port is opened
<mojtaba> nmap -sU -p 1194 localhost
<mojtaba> 1194/udp closed openvpn
<Neo4> all right, now you need customize applicatiosn that will use this port
<Neo4> mojtaba: I don't know exactly, but it seems you need customize applicatiosn that will use port
<mojtaba> in one window I typed nc -l 1194
<mojtaba> it shows it still as closed.
<Neo4> mojtaba: it's bad, it should be opened and prepared for getting data
<mojtaba> Neo4: So, why it is still closed? What should I do? It is a VPS.
<Neo4> mojtaba: when I customize IMAP on 143 port or SMTP on 587 and port is closed, telenet refused to connect. you must see config files app that must use port
<Neo4> in my case for 143 I look at dovecot config and 587 for postfix
<Neo4> mojtaba: it's not UFW problem
<mojtaba> Neo4: but nc -l 1194 should make it open, right?
<Neo4> what is it? I don't know
<Neo4> maybe
<mojtaba> netcat
<Neo4> mojtaba: for what you do this?
<Neo4> what will use this port?
<Neo4> node.js?
<mojtaba> Neo4: Openvpn
<Neo4> mojtaba: with Openvpn, I can't help, sorry, haven't even heard about.
<mojtaba> Neo4: nc opens the port and waits for connections, but after that nmap still shows the port as closed.
<Neo4> mojtaba: I'm not sure, it seem port will always closed when turn off in your case Openvpn
<Neo4> mojtaba: see I opened 400 port on ufw in my vps kselax.ru and don't see that port
<Neo4> and see 143 and 587, if I turn off postfix and dovecot, will I see ports?
<Neo4> now check
<mojtaba> Neo4: install netcat, with netcat you can mimic an app using the port.
<Neo4> mojtaba: see two port imap and smtp are closed https://paste.ubuntu.com/p/dWHJsrcmVR/
<Neo4> I'll off apache
<Neo4> mojtaba: https://paste.ubuntu.com/p/wQ4NH9Bprb/
<Neo4> yes, experiment show that closed port mens application off or badly customized
<Neo4> and I don't understand why I didn't see 400 port, in ufw it opened
<Neo4> mojtaba: telnet kselax.ru 80 . refused connection on closed port
<Neo4> now on all apps
<mojtaba> Neo4: How you can open a random port for a short time to test.
<Neo4> mojtaba: I don't know, I opened 400 and nmap doesn't show 400
<Neo4> mojtaba: recently I opened 3000 port for test node.js chat. I did ufw allow 3000 and it was shown in nmap
<Neo4> mojtaba: see what I think, you need run something on port
<Neo4> if port allowed in firewall we might can't see it without apps, I'll now try run some node.js on 400 port and will test using nmap
<Neo4> mojtaba: chat has been installed http://kselax.ru/chat/
<Neo4> now we need to run it on some port
<Neo4> 400 for example
<Neo4> mojtaba: see http://kselax.ru:3000/
<Neo4> mojtaba: can you do nmap kselax.ru? Do you see there 3000 and 400 ports?
<Neo4> I don't
<Neo4> something strange work
<Neo4> mojtaba: why I don't see 400 port?
<Neo4> https://paste.ubuntu.com/p/vYHrFmqQ6k/
<Neo4> mojtaba: do you there?
<Neo4> see http://kselax.ru:400/
<Neo4> ports that under 1024 should be run only by root, each regular user can't run it
<Neo4> guys why nmap doesn't show opened ports?
<Neo4> it is said that nmap is the best tool for seek valnurabilities on servers
<Neo4> See this, telnet shows, nmap doesn't, why?
<Neo4> https://paste.ubuntu.com/p/3ypBPctb3N/
<Neo4> crape
<Neo4> Which apps to use for to scan server ports?
<Neo4> nmap isn't reliable, telnet also
<Neo4> mojtaba: this is openVPN? https://openvpn.net/
<Neo4> I wanted to install it and test. I need it also
<arooni> having trouble getting my command that runs fine in my fish or bash shell to run on cron
<arooni> i followed http://g14n.info/2016/05/crontab-best-practices/ ;; but command still doesnt run
<Neo4> arooni: what command you do?
<Neo4> arooni: try this put to crontab -e
<Neo4> @reboot echo "1 - `date`" >> $HOME/crone.test
<Neo4> or @reboot ./your_shell_script.sh
<Neo4> and then reload computer
<Neo4> @reboot echo "1 - `date`" >> $HOME/crone.test create file
<Neo4> in /home/$USER/crone.test and put there current data after each reboot
<Neo4> arooni: if you can run your script in termina, put the same line to crontab -e and it must work
#ubuntu-server 2018-05-20
<SynfulAck> Anyone know how to allow local lan traffic to a server(16.04) while its connected to a vpn(this case Private Internet Access). I think what i did last time but on centos was use the nm-cli utility and create some route and or metric change to make it prefer a method?
<SynfulAck> Not familiar with ubuntu to know what to use if thats the case.
<dpb1> I do something like this in /etc/network/interfaces
<dpb1>     post-up route add -host 8.8.8.8 gw 10.10.0.1
<dpb1> (where host is some resource I want to add through my local router)
<dpb1> *access through my local router
<SynfulAck> dpb1, wb a more general catchall like -network 172.31.255.254 255.240.0.0 and etc to include all of the ipv4 private address space. Not sure i quite understand how that statement affects the network cause id assume if every private ip address was included it might just starting routing everything how it orignally was...
<SynfulAck> i think i messed up that statement but you get the idea.
<SynfulAck> dpb1, looks like it works using -net. Thx. Although if any problems came up relating to networking not sure i could make sense of this routing table lol...
<mojtaba> Hello, I am using netcat to test a port that I have opened using ufw. But still it says Connection refused.
<mojtaba> On VPS I ran: netcat -l 63263
<mojtaba> on my laptop: netcat -n -v 167.114.185.238 63263
<mojtaba> but I got (tcp) failed: Connection refused
<mojtaba> Any idea?
<mojtaba> ufw status: 63263                      ALLOW       Anywhere
<kiokoman> mojtaba: there is something listening on that port ?
<mojtaba> netcat
<kiokoman> mojtaba: netcat is trying to connect to that port, but there must be something on the other side listening to that call else u get connection refused
<kiokoman> even if it's open
<RoyK> mojtaba: try tshark -f "port 63263" on the server side
<RoyK> mojtaba: just to check if the traffic gets through
<mojtaba> RoyK: netcat is listening on the server side!
<mojtaba> by netcat -l 63263
<tomreyn> mojtaba: try the netcat command you run on the client, but this time run it on the server (unmodified). does the listening netcat show the incoming connection?
<mojtaba> tomreyn: What do you mean?
<RoyK> mojtaba: sure, just thought it would be interesting to see if traffic ever arrives to the server
<tomreyn> mojtaba: also, i think the command to make netcat listen would be: netcat -l -p 63263
<tomreyn> mojtaba: opn your server, run this for listening: netcat -l -p 63263
<mojtaba> tomreyn: Yes, -p flag was missing.
<tomreyn> mojtaba: now, also on your server, run this: netcat -n -v 167.114.185.238 63263
<tomreyn> does the connection get established according to both client and server netcat?
<mojtaba> tomreyn: The flag -p was missing. but it is working now.
<mojtaba> I was configuring openvpn, but the problem that I was facing was that, the connection was refused.
<tomreyn> mojtaba: oh ok. i was thinking you meant you just forgot to write "-p" here
<tomreyn> so everything works now, nice.
<mojtaba> tomreyn: Have you any experience with openvpn?
<mojtaba> :)
<tomreyn> not much, a bit
<tomreyn> others probably have more, just ask your questions.
<mojtaba> I am getting Connection refused on port 63263/tcp
<tomreyn> mojtaba: didnt you just say you solved this issue?
<tomreyn> mojtaba: i mean, with netcat listening on your server and your laptop connecting to that it works, right?
<Neo4> who know how to open port?
<Neo4> I want this 51413
<Neo4> put to my firewall in modem and can't see
<Neo4> I tested port and it's closed https://ibb.co/j1jLAo
<Neo4> in transmission
<Neo4> I created torrent file and trying to get it on virtual computer but it doesn't work
<tomreyn> you need to have something listen on this port (and on the correct network interface, and the correct IP address, or all of them) AND have no firewalls blocking it.
<Neo4> tomreyn: do you know how create torrents file in ubuntu?
<tomreyn> also, the ip protocol needs to be the same on server and client, e.g. tcp, udp, ...
<tomreyn> most bittorrent applications will offer to do it for you or do it automatically.
<Neo4> this is my file kselax.ru/Selection_066.png.torrent
<Neo4> on virtual machine I wait and can't download
<tomreyn> there's no tracker information on this torrent file.
<Neo4> tomreyn: I added these trakers manually
<Neo4> https://paste.ubuntu.com/p/wDCDcp8YjB/
<Neo4> in my seed file and in virtual machine
<Neo4> anyway didn't work
<Neo4> tomreyn: https://ibb.co/nrkJVo
<Neo4> I think my transmission works only accept files and not give
<Neo4> https://github.com/transmission/transmission/wiki/Why-is-my-port-closed%3F
<Neo4> or here
<Neo4> https://ubuntuforums.org/showthread.php?t=2347463
<Neo4> Need somehow open port 51413
<tomreyn> Neo4: here's how you test whether your server port is firewalled: on the server, stop bittorrent. then run "nc -l -u -vv -p 51413"; now run this on a different computer, such as your desktop / laptop (which needs to connect to the server over the internet): "nc -vv -u -p 51413 SERVERIP" - replace SERVERIP by the public IP address of your server before you do.
<tomreyn> the client should then connect to the server and any text you type on the client needs to actually show up on the server, and vice versa.
<tomreyn> if all of this works then you have verified that your server port is not firewalled. if it does not work then your server port is probably firewalled. inspect "iptabes -L", if there's nothing clocking connections then talk to your server hosting provider.
<tomreyn> *b*locking
<tomreyn> (not 'clocking')
<Neo4> this  nc -vv -u -p 51413 46.200.157.129 shows error
<Neo4> nc -l -u -vv -p 51413 this works
<Neo4> when off bittorrent show port is free
<Neo4> when bittorren on port is busy
<Neo4> tomreyn: this I did from my VPS
<Neo4> https://paste.ubuntu.com/p/PNNgtChGKS/
<Neo4> here something about ports
<Neo4> https://transmissionbt.com/help/gtk/2.8x/html/preferences.html#network
<Neo4> where that automatically map port? there not exists item
<Neo4> https://transmissionbt.com/help/gtk/2.8x/html/portforward.html
<tomreyn> Neo4: sorry, the command for client was incorrect, use: nc -vv -u 46.200.157.129 51413
<Neo4> tomreyn: https://paste.ubuntu.com/p/KF7sBhxdwt/
<Neo4> mean port opened
<Neo4> transmission closed, now I'll open and test
<Neo4> equal result
<Neo4> transmission test show closed port
<Neo4> tomreyn: see https://ibb.co/fDAzLo
<tomreyn> Neo4: so your netcat client claims it connected fine to the server, but since this is udp (and not tcp) this statement is not reliable. this is why i'm saying you need to type text on the client and server netcat and make sure it is printed on the other end.
<Neo4> if you have transmission  you can test yours port
<tomreyn> keep transmission off during these tests
<Neo4> I'll try
<Neo4> I think all right with ports
<tomreyn> that's because only one application can listen on a port at a time.
<Neo4> Can somebody reach this page? http://46.200.157.129
<Neo4> What is there?
<Neo4> tomreyn: try this url
<Neo4> I see for router need strong password, anybody can reach it
<jon_> Hi all. Would this be a good place to ask a question about ssh (on ubuntu-server)?
<Neo4> jon_: yes
<Neo4> jon_: what the problem?
<jon_> I can't ssh (Permission denied (publickey)) until after I log in at console.
<jon_> Neo4, PubKeyAuthentication is yes, PasswordAuthentication is no
<Neo4> jon_: yes, after installing ssh key to your server
<Neo4> it will forbid use password
<jon_> well pubkey auth works but just not after reboot and before a console log in.
<jon_> Neo4: timeout for that addr on 80 and 443
<Neo4> jon_: you need this variable
<Neo4> PasswordAuthentication no
<Neo4> PubkeyAuthentication yes
<Neo4> ChallengeResponseAuthentication no
<jon_> Neo4, those variables are set that way
<Neo4> jon_: check status
<Neo4> sudo systemctl status ssh.service
<Neo4> should be enaubled
<Neo4> it very top
<Neo4> or make
<Neo4> sudo systemctl enable ssh.service
<jon_> is enabled
<Neo4> jon_: good it means it will run after each reload automatically
<tomreyn> jon_: unable to login via ssh until you logged in on the console, that's not something i've run into before. are you sure this is related?
<Neo4> try make login to server using ssh key
<Neo4> ssh -i path_to_your_public_key your_user@ip_addres
<tomreyn> do auth.log records look different pre and post console login?
<Neo4> jon_: if you can connect, change forbid password, put thouse three varialbes, restart server. and check promt it password or only public key
<tomreyn> the only way i could imagine the console login coming into play there is if the system enters some sleep mode before you do.
<jon_> tomreyn, I'm not sure but that's what happens. Websearching retuns nothing so seems very obscure. It's a vm on ESXi but not sure if that's relavent.
<tomreyn> jon_: so how about auth.log?
<tomreyn> also, does the system boot up completely?
<tomreyn> Neo4: it is not an sshd configuration issue.
<Neo4> you don't off ssh password, just set up ssh key and reload server, and check if you can go using key
<tomreyn> it's also not an issue with how he authenticates.
<jon_> checking...
<Neo4> tomreyn: maybe his ssh off and he can't log in
<Neo4> ok
<tomreyn> we can rule this out since it works after console login, iwith unmodified sshd configuration and ssh client authentication
<jon_> before console login auth.log shows: Connection closed by <ip> port <port> [preauth]
<jon_> dmesg looks ok
<jon_> <ip> about is the client ip
<jon_> abouve
<tomreyn> jon_: are you sure the system is fully booted by the time you login to the console? can you show "systemd-analyze blame" and "systemd-analyze critical-chain"?
<tomreyn> i meant to ask: are you sure the system is fully booted by the time you try to ssh in first?
<jon_> systemd-analyze results: https://pastebin.com/dl/TCg94Mu7
<jon_> hold on
<jon_> https://pastebin.com/TCg94Mu7
<tomreyn> same url
<jon_> second one without /dl
<tomreyn> oh right. please use paste.ubuntu.com or some pastebin which doesn't require the other party to work around riddles in the future.
<jon_> I believe it's fully booted. Trying to log in after a minute or an hour is the same.
<jon_> Thanks. Didn't know paste.ubuntu.com existed.
<tomreyn> (pastebin.com can't be accessed from tor without solving a google captcha and accepting their cookies, has referer checks preventing direct access to some locations, requires filling a captcha to post in some cases.)
<jon_> They must not like you :), doesn't do that to me. https://paste.ubuntu.com/p/q8ZNH38yYz/
<tomreyn> must be that. ;) okay the systemd boot looks fine, and i'm still not sure what the problem could be.
<jon_> And I block everything google.
<tomreyn> at this point i guess i'll just back up the ssh configuration and reinstall it.
<tomreyn> at this point i guess i'll just back up the ssh configuration and *purge and* reinstall openssh-server.
<jon_> ok. purging and installing...
<tomreyn> also its dependencies
<tomreyn> first purge openssh-server and everything related, then install it all again.
<jon_> ok. Do you mean autoremove after purge?
<tomreyn> jon_: --purge autoremove is good, yes.
<tomreyn> i'd also purge libssl1.0.0, then install again, maybe the openssh client, too, and maybe also the pam libs. apt-cache show openssh-server | grep ^Depends: | head -n1
<jon_> tomreyn, trying to remove libssl1.0.0 complains about python-apt-common and errors out
<jon_> "umnet dependencies"
<tomreyn> jon_: right, it could break your system, maybe don't do it. if you still want to do it you'd need to purge uit using dpkg --purge
<jon_> tomreyn, yes I was using using apt. I tried only purging openssh-server and reinstalling to the same result.
<jon_> I have a snapshot so here goes....
<chamar> elezium
<jon_> tomreyn, I tried the default sshd_config and was able to log in via password. Going to compare configs. Thank you very much for your help and time. I'll post back here if I figure it out.
<jon_> Neo4, thanks for the help.
<SmirGel> In my NAS server I've tried to make the HDD to go sleep after 5 hours of idle and seagate ironwolf seems to be ignoring all the commands.
<trippeh_> hum. isc-dhcp-server6 keeps crashing on bionic
<trippeh_> ../../../lib/isc/heap.c:251: REQUIRE(idx >= 1 && idx <= heap->last) failed, back trace
<jon_> tomreyn, this ssh thing is so strange. With Password and PubKey on, it asks for a password the first time after reboot but uses pubkey after that. Same as before I guess but it could ask for the password the first time.
<jon_> *couldn't
<jon_> oh well
<jon_> tomreyn, Turns out /home is encrypted which needs the password to unlock before sshd can read authorized_keys. I moved that file out of home, pointed the config to and it works now. No .bashrc anymore but that is minor. Thanks again.
<jon_> Neo4, Turns out /home is encrypted which needs the password to unlock before sshd can read authorized_keys. I moved that file out of home, pointed the config to and it works now. No .bashrc anymore but that is minor. Thanks again.
<Neo4> jon_: ok
<Neo4> jon_: can't torrent make
<Neo4> https://forum.transmissionbt.com/viewtopic.php?f=1&t=19086
<Neo4> can create torrent file and can't load using it from virtual machine
<jon_> Neo4, I don't know about torrents. Is it specific to that or can you not download any file?
<tomreyn> jon_: nice trick there
<Neo4> jon_: yes, download can,and with torrent you can select any file and create your own torrent file, then put it to torrent site
<Neo4> for example if you have 50Gb books collection you can easy share it on your site
<jon_> How are you trying to download it? wget?
<Neo4> or even a a few terrabaits with torrent not problem
<Neo4> double click on file
<Neo4> jon_: this file http://kselax.ru/Selection_066.png.torrent
<Neo4> it won't work
<Neo4> I need to try in windows using mtorrent
<jon_> so you're in a vm that's running on vmware?
<Neo4> from this site I can download, but can't share http://rutracker.org/forum/index.php
<Neo4> jon_: no, seed runs on my local computer and on vm I run one more transmission and try download
<Neo4> I don't know how it should work
<Neo4> there exists trackers, it might any computer who has file say tracker site that he has full file and can give access to dowload. This calls seed
<jon_> No idea. Torrents are out of my wheelhouse at this time.
<Neo4> and user who don't have file say tracker site that they want to download, and might tracker sites connect seeds with leetches
<Neo4> jon_: ok, :)
<Neo4> this is very interesting theme
#ubuntu-server 2019-05-13
<patstoms> is there any way to upgrade kernel up to 4.15 on ubuntu 16?
<patstoms> just tried 4.18 which depends on libssl1.1 (>= 1.1.0), but ubuntu 16 have libssl1.0
<tomreyn> !info linux-image-generic-hwe-16.04 xenial
<ubottu> linux-image-generic-hwe-16.04 (source: linux-meta-hwe): Generic Linux kernel image. In component main, is optional. Version 4.15.0.48.69 (xenial), package size 2 kB, installed size 11 kB (Only available for i386; amd64; armhf; arm64; ppc64el; s390x)
<tomreyn> !hwe | patstoms
<ubottu> patstoms: The Ubuntu LTS enablement stacks provide newer kernel and X support for existing LTS releases, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<tomreyn> i'm assuming you're referring to "ubuntu 16.04 LTS" ("ubuntu 16" is ambiguous)
<patstoms> tomreyn, so i should not upgrade kernel?
<tomreyn> patstoms: If you run ubuntu 16.04 LTS and want to stay with it for now, but want kernel 4.15, then you should install the HWE kernel package.
<patstoms> !info linux-image-generic-hwe-16.04 bionic
<ubottu> linux-image-generic-hwe-16.04 (source: linux-meta): Generic Linux kernel image (dummy transitional package). In component main, is optional. Version 4.15.0.48.50 (bionic), package size 1 kB, installed size 15 kB
<patstoms> !info linux-image-generic-hwe-18.04 bionic
<ubottu> linux-image-generic-hwe-18.04 (source: linux-meta-hwe): Generic Linux kernel image. In component main, is optional. Version 4.18.0.18.68 (bionic), package size 2 kB, installed size 11 kB (Only available for i386; amd64; armhf; arm64; ppc64el; s390x)
<patstoms> ok, i will just upgrade then, thanks for info
<tomreyn> so 4.15 works fine on 16.04 LTS if you just install the linux-image-generic-hwe-16.04 package, but sure, upgrading all of ubuntu is always an option.
<ahasenack> hi, I have a package that builds on all arches, but has a runtime dependency on another package, from another source, that is amd64 only
<ahasenack> should it be restricted to amd64 as well?
<ahasenack> "depends"?
<teward> ahasenack: if it has a dependency that only exists on amd64 your package should probably only be an amd64 package
<teward> to avoid dependency hell
<ahasenack> it came from debian like this, I'll suggest that to them
<teward> Ubuntu Delta Necessary maybe?
<teward> ahasenack: it SOUNDS like if it's depping on an amd64-only package it needs to be amd64 only
<ahasenack> it builds in other arches, but the binaries are not installable on !amd64 (well, one in particular), because of this depends
<ahasenack> it's a -dev binary package that has the depends on -dev from the amd64-only one
<ahasenack> ok, it could be a delta
<ahasenack> as I think without this, it won't pass migration
<teward> yeah i think that'd be a problem :p
<teward> ahasenack: IMO you may need to add it as a delta until Debian fixes it, but that'd be a q I'd run by the release team just in case.
<tomreyn> is bug 1828878 known? is this not the right way to install mysql server on a fresh ubuntu installation?
<ubottu> bug 1828878 in mysql-defaults (Ubuntu) "Error installing default-mysql-server on fresh ubuntu 18.04.3 install" [Undecided,New] https://launchpad.net/bugs/1828878
<tomreyn> (this is 18.04.2, typo)
<tomreyn> ^ OP, thanks for joining, JuJUBee
<tomreyn> JuJUBee: i'm trying to reproduce this now. while installing default-mysql-server, i notice it will install a lot more dependencies than it did for you: https://i.imgur.com/30BJvbH.png
<JuJUBee> tomreyn, any chance that is because I tried mysql-server first?
<tomreyn> if you're looking for a workaround, then i suggest you apt purge all these packages on my screenshot
<tomreyn> yes, probably, but it should still not have been an issue.
<JuJUBee> easier for me to resinstall 18.04
<tomreyn> ok
<JuJUBee> This is a VM anyway.
<tomreyn> fwiw, it installed fine for me
<tomreyn> also a VM, also 18.04.2 amd64
<JuJUBee> ok, I will give it another go...
<tomreyn> JuJUBee: if keeping this VM is an option, please do for at least a couple days, in case seomeone will respond to your bug report
<JuJUBee> tomreyn, sure, I created a new one.
<tomreyn> thanks
<JuJUBee> no, thank you
<tomreyn> :-)
<tomreyn> JuJUBee: maybe you could later post your /var/log/apt/term.log* from the 'broken' VM as well, this could help reproducing the issue.
<JuJUBee> tomreyn, ok, so installed 18.04 and upgraded.  Then default-mysql-client & server, but server never asked for a root password.
<JuJUBee> tomreyn, ran mysql_secure_installation and all seems good now.
<JuJUBee> tomreyn, thanks again, time for me to go home...
<tomreyn> JuJUBee: glad you worked it out. :)
#ubuntu-server 2019-05-14
<chl_> has anyone switched from isc-dhcp to kea-dhcp recently? any difficulties?
<Odd_Bloke> chl_: I haven't, so I can't offer any advice; one thing to note is that isc-kea is not in the set of packages that the Ubuntu Security team maintain, so you won't receive security updates for it.
<chl_> Should be able to work around that, but thanks for the heads up Odd_Bloke
<tomreyn> more precisely: there's no guarantee that you'll receive timely security patches for it.
<chl_> any recommendations for another dhcp server? pref. with some kind of db support
<Odd_Bloke> Yes, thanks tomreyn, that's more accurate.
<tomreyn> thanks
<supaman> so, a bit of advice would be welcome here. I have several VM's running ubuntu-server. One of them is an NFS that others have to mount from. I am having a bit of a difficulty with getting permissions right for normal users to write to the NFS from other servers. Should I debug it further or just get LDAP up and running?
<supaman> on the nfs server I have set the permissions so that group 33 (www-data) can write to the directories that are shared
<supaman> on the nfs-client the user that is supposed to write is a member of the same group on the nfs-client machine (id=33, www-data)
<supaman> still if I do a 'touch filename' on the nfs-client machine in the nfs mounted directories I get permission denied
<supaman> but if I go up a directory into a local directory on the nfs-client machine that has ownership www-data:www-data and permissions 775 then I can write to that directory
<supaman> hmmm, the writing works if I am using NFSv3
<supaman> argh! ... now it works fine
<supaman> which is good, but still frustrating when it only needs time for things to work :-)
<supaman> ahh, it needed one more thing then just time, the corresponding user on nfs-server had to be added to www-data group for the write to work, thats what fixed it
<rbasak> ahasenack: bug 1789527 is on the 180 not touched list. Please could you take a look?
<ubottu> bug 1789527 in resource-agents (Ubuntu) "Galera agent doesn't work when grastate.dat contains safe_to_bootstrap" [High,In progress] https://launchpad.net/bugs/1789527
<rbasak> It is server-next but maybe that isn't pertinent any more due to the time delay
<ahasenack> right, server-next can be dropped
<ahasenack> back then I thought it was an escalation, but that wasn't the case
<ahasenack> rbasak: ^
<rbasak> ahasenack: thanks, I dropped the tag. Is Importance: High still accurate? Should we restore to Triaged and unassign you?
<ahasenack> rbasak: yes please
<ahasenack> I'd mark it medium
<ahasenack> there is a workaround
<Ussat> Is there an upgrade path from 17.X --> 18.x ?
<teward> Ussat: 17.04 -> 17.10 -> 18.04
<Ussat> OK, thankyas
<teward> or 17.10 -> 18.04 direct
<Ussat> Ya its at 17.10 now
<rbasak> Ussat: importantly, 17.04 to 17.10 is a major upgrade. Saying 17.X --> 18.x suggests to me that you have a dangerous misunderstanding of how Ubuntu release versions work.
<teward> ^ this though
<Ussat> No I understand, I just was not on the box to get the exact release when I typed that
<Ussat> and I did not remember
<rbasak> OK
<Ussat> I have a few hundread and dont remember exactly detail about each one
<AvidWolf43> hey whats up guys
<AvidWolf43> how can I force my end users to only have access to install things from ubuntu repo
<teward> probably shouldn't give end-users that kind of access, sounds like a security risk.
<Ussat> How about not letting users install things
<AvidWolf43> ok so i have a tall order and im just trying to figure out how to make it work
<AvidWolf43> as a POC we are looking at giving developers ubuntu workstations (laptops) that are managed with landscape
<teward> AvidWolf43: so setup the systems, and drop the 'users' to non-sudo users?
<AvidWolf43> right, but they are developers who will need sudo acces for some things
<AvidWolf43> just not all
<AvidWolf43> the directive was "use your best judgement"
<AvidWolf43> I'm just not sure what I want to allow / disallow them sudo for
<rbasak> What type of scenario are you looking to prevent by disallowing certain sudo access?
<AvidWolf43> data exfiltration mainly
<rbasak> What - from elsewhere on the network?
<AvidWolf43> installing unapproved applications that havent passed legal review
<rbasak> Are you going to prevent developers from creating VMs and/or containers?
<AvidWolf43> no, we are trying to be as least restrictive as possible
<rbasak> Then a developer could just create a VM and install whatever software they like into that.
<rbasak> So what is achieved by blocking the developer from installing software on the host machine?
<AvidWolf43> but at least we can log all the things? and hopefully have appropriate flags setup to alert in real time
<rbasak> You won't get a log of what happened in a VM.
<rbasak> You'd effectively be pushing developers from doing things in places that you _can_ log (eg. host machine package list via Landscape) to doing things in places that you can't see (inside a VM).
<AvidWolf43> we can't see what is in the vm, but we can see if there are vm's installed. So we can have a policy that you can have vm's but you have to pipe logs to us for visibility? would that be acceptable?
<AvidWolf43> I'm just brainstorming
<mason> Are packages for https://blog.ubuntu.com/2019/05/14/ubuntu-updates-to-mitigate-new-microarchitectural-data-sampling-mds-vulnerabilities not out the door just yet?
<mason> Not seeing them here.
<sdeziel> mason: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS shows that packages were built already
<rbasak> paride, cpaelzer, ahasenack: FYI https://github.com/powersj/ubuntu-server-triage/pull/20
<mason> sdeziel: Ah, maybe they're making their way out.
<sdeziel> mason: looks that way
<mason> ty for the link, though - I'll bookmark it
<Ussat> I have a question regarding landscape, can I centerally managet encryption keys, something like the way an orginization can centerally manage TPM keys on windows ?
<Ussat> manage
<Ussat> AvidWolf43, its a trust thing more than a tech issue
<Ussat> All the polocies in the world are pointless if you dont trust your devs etc
#ubuntu-server 2019-05-15
<JonHanDin> Question to those who are much more in the knowledge. I by default use UFW for desktop. For server I use IPTABLES but its configured using a GUI provided by my server mgmt GUI - Are there any IPTABLES cheatsheets. I'm a noob, it seems like a lot of work. Is it as much work as it looks or am i missing something?
<lotuspsychje> !firewall | JonHanDin
<ubottu> JonHanDin: Ubuntu, like any other Linux distribution, has built-in firewall capabilities. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | GUI frontends such as gufw and ufw-kde also exist. | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo
<lordievader> Good morning
<blackflow> The zombieload PoC is scary. If this is not the final coffin in the public "cloud"/VPS industry's coffin, I don't know what is. We dropped all public clouds like hot potato back in 2017.
<ducasse> JonHanDin: you can use a frontend, like 'ferm' - it makes rules easier to write
<JonHanDin> ducasse:You are a star! that is exactly what i have been looking for. Thank you very much
<lotuspsychje> !cookie | ducasse
<ubottu> ducasse: Wow! You're such a great helper, you deserve a cookie!
<ducasse> JonHanDin: you're very welcome :)
<cpaelzer> jamespage: coreycb: please see the question in #ubuntu-hardened when MDS arrived in UCA PPAs
<jamespage> cpaelzer: I've joined but can't see
<cpaelzer> I'll repeat the question jamespage
<cpaelzer> umm I didn't see you joining
<cpaelzer> let me check if I mistyped the chan
<cpaelzer> no seems fine
<rbasak> ahasenack: any action needed on bug 1827041?
<ubottu> bug 1827041 in samba (Ubuntu) "Regression in smbclient, username required for anonymous login" [Low,Triaged] https://launchpad.net/bugs/1827041
<ahasenack> rbasak: research where the regression was fixed between samba 4.7.6 and 4.8.4
<rbasak> ahasenack: thanks. So just leave in the backlog?
<ahasenack> yep, you can add a comment stating the above, but otherwise, that's it
<ahasenack> we have enough to search for a fix: reproduced, and where it happens and doesn't happen
<rbasak> Commented. Thank you!
#ubuntu-server 2019-05-16
<lordievader> Good morning
<uzee> Hi All, does anyone know how lvm partitioning can be done in preseed but based on percentage of disk space, instead of absolute numbers for min/max/priority ?
<_KaszpiR_> d-i partman-auto-lvm/guided_size string 90%
<_KaszpiR_> or just create simple partitions and use script to make your own customs
<chl_> anyone know where static leases are written to in isc-dhcp, when you add them by omapi?
<uzee> _KaszpiR: thanks but "d-i partman-auto-lvm/guided_size string 90%" would give me how much a logical volume can use from the volume group, no?
<uzee> sorry, I meant how much of the volume group to use
<uzee> _KaszpiR: Also, not sure what you mean by creating simple partitions and then use script, do you mean create non-lvm partitions and then use like a preseed/late_command or something?
<uzee> The first thing I'm trying to understand is that if its even possible to use percentage values in the min, priority and max fields
<uzee> It seems counter-productive to allow absolute values only, as that implies knowing my disk sizes everytime before hand. While thats doable, but we have an almost 100% virtual env. and sometimes VM creations from templates or clones is carried out without giving a lot of thought to storage size
<uzee> IMHO percentages would allow to do the right thing whether a VM is created with a 15GB disk or 150GB
<weedmic> cheers
<Onepamopa> Q: what's the best way to transition ubuntu xenial 16.04.4 from openssl 1.0 to 1.1 ?
<Onepamopa> (system-wide)
<Onepamopa> if that's even possible
<rbasak> Not really practical.
<rbasak> 18.04 ships 1.1. You could put a 18.04 container on a 16.04 system if you can't upgrade it.
<Onepamopa> well, I could but then I'd have to fix 50 custom software-related s***s ...
<Onepamopa> + directadmin is running there ... it'd be a mess
<supaman> trying to set up an ldap server which is working, I can connect to it using basic slapd tools, but when I try to connect to it using tools from ldapscripts like ldapadduser then I get a error 49 (permission denied or wrong password), I set the debug level to -1 and here is the result from one ldapadduser try: http://paste.debian.net/1081705/
<supaman> can someone here see what is wrong?
<supaman> I have double checked the password in /etc/ldapscripts/ldapscripts.passwd and it does not contain a trailing newline
<supaman> dammit, the password is wrong
<uzee> Asking again in the hopes that some more folks would've come online and I might be able to get clarity
<uzee> I'm trying to do lvm partitioning in a preseed file and can't figure out if I can use percentages for min, priority and max fields..? anyone?
<uzee> Absolute values work fine but I'd like to setup a preseed where I don't have to keep changing the values based on the disk size of each server I provision
<uzee> hence percentages would be much cleaner solution, can anyone advise if thats possible? I've tried sticking in percentage values but the install fails at a later time with "no space left" error
<rbasak> With partman?
<rbasak> I've tried before and never got anything useful out of it. The algorithm is well specified, but it cannot be easily reversed, IIRC.
<tomreyn> uzee: since lvm is so flexible, you could just create those LVs with small (but large enough to install ubuntu) fixed sizes, then resize them according to your needs post install.
<lordievader> I'd second that approach. LVM with ext4 can easily grown. Shrinking is a bit harder. So determine what you need. Add a bit of headroom and use those values in the preseed.
<gislaved> lordievader why shrink ? never reducre your private collection ;)
<gislaved> *reduce
<uzee> thanks much rbasak, tomreyn and lordievader
<uzee> My fundamental thing was to first verify if partman can actually handle percentage values. Looks like it can't. You'll are right, I also thought of the same approach to create small enough lvm partitions and then resize later. I use ansible for config mgmt, so that can be automated as well, but again, for potentially every different disk-sized server, I will need to individually address it at either preseed or ansible :(
<uzee> kickstart on the other hand handles it without any issues. I could be wrong but my thinking is that a percentage approach allows to have a single kickstart file for me regardless of disk sizes, the partitions will always be proportional
<samba35> i am trying to setup pci passtrough with 16.04.06 i am able to start guest with no error but i could not see another guest on second monitor
<samba35>  i have blacklisted nvida for  guest /monitor
<samba35> be right back
<bobbytables5_> hello, where should a cloud-config yaml should be put ?  or if I want to run a bash script on first launch, is it enough to copy it somewhere for cloud-init to start it ?
<blackboxsw> bobbytables5_: if you are rolling your own images, you can place cloud-config yaml  in a file under /etc/cloud/cloud.cfg.d/ in that image. you can use bootcmd: config directive in that case per https://cloudinit.readthedocs.io/en/latest/topics/modules.html#bootcmd
<blackboxsw> bobbytables5_: you can also provide that as user-data to most clouds when launching an instance either through their web UI or CLI tools.  cloud-config userdata just needs to be prefixed with #cloud-config on the first line. here are some examples https://cloudinit.readthedocs.io/en/latest/topics/examples.html#yaml-examples
<blackboxsw> bobbytables5_: alternative number 3:   put your executable script in /var/lib/cloud/scripts/per-instance/ or per-once/
<bobbytables5_> blackboxsw: had to delete my response because I think alternative number 3 would be the perfect solution
<blackboxsw> sounds good :)
<bobbytables5_> blackboxsw: /var/lib/cloud/scripts/per-once/myscript.sh   just putting it here should be enough ?  I created an AMI and a new instance but in the scripts there is trace of it beeing called :(
<bobbytables5_> no trace*
<blackboxsw> bobbytables5_: per-once is only called on first clean boot of cloud-init ...... if you have cloud-init version 18.3 or later you can run sudo cloud-init --logs --reboot.. then check /var/log/cloud-init.log for logs related to per_boot
<blackboxsw> sorry I mean per_once not per_boot
<bobbytables5_> ah I see, it should have been on per-instance
<blackboxsw> per-instance would work as you end up booting a new instance id from your snapshot AMI
<blackboxsw> right
<blackboxsw> output or errors from your script will typically end up in /var/log/cloud-init-output.log FYI
<ninekeys> Anyone know how I can get ahold of the racadm util? Dell's site has stuff for RHEL but their Debian/Ubuntu sections are lacking/broken
<tomreyn> http://linux.dell.com/repo/community/openmanage/
<ninekeys> tomreyn: Thanks! I'll give that a shot!
<tomreyn> you're welcome
<RoyK> dell is usually very aqueinted to redhat and not with open systems like debian
<ninekeys> RoyK: Yea, damn shame too. That's one of the reasons why most of the boxes here are CentOS.
<RoyK> ninekeys: same reason why my boxes run debian
#ubuntu-server 2019-05-17
<lordievader> Good morning
<heller_> hey
<heller_> how do you guys keep track that your servers are up to date with security?
<yossarianuk>  Hi - for the zombieload bug - when using VMs do I need to update the VMs as well as Hypervisors or is just the hypervisor enough
<heller_> im trying to dry-run unattended-upgrades but i get error about "sudo unattended-upgrade --dry-run
<heller_> An error occurred: '404  Not Found'
<heller_> The URI 'http://security.ubuntu.com/ubuntu/pool/main/c/cups-filters/libcupsfilters1_1.8.3-2ubuntu3.4_amd64.deb' failed to download, aborting"
<heller_> Does this mean that UU requires manual apt update?
<lordievader> I don't think unattended-upgrades promises to run 'apt update' before the actual update run.
<lordievader> There should be an `/etc/apt/apt.conf.d/10periodic` where this period of `apt update` is defined.
<ahasenack> rbasak: I would like to update the importer whitelist
<ahasenack> rbasak: the code is updated already, but the snap that is doing the import isn't
<rbasak> ahasenack: to do that I grab the latest nightly build from Jenkins and push it to edge in the store
<rbasak> ahasenack: then eventually promote it up to beta, and refresh and restart the importer service
<rbasak> ahasenack: or alternatively move the importer service instance to the edge snap temporarily
<ahasenack> rbasak: this is really just a config file in the end, right
<rbasak> Yes
<rbasak> It can be overridden on the command line
<rbasak> But I've never been confident about keeping that in sync properly, so have been going via the snap
<rbasak> Suggestions welcome
<ahasenack> rbasak: how can we see what changed between the snap that is running and the one to be pushed to edge?
<ahasenack> rbasak: would another option be to import the package manually from somewhere else?
<rbasak> ahasenack: yes you can just run the importer on the importer service instance in a different screen window
<rbasak> ahasenack: for the differences, snap info git-ubuntu and look for the git commit hashes?
<ahasenack> let me check
<ahasenack> ok, edge is just one commit behind my whitelist change, as expected
<ahasenack> beta is quite behind
<ahasenack> does not have the --split change
<ahasenack> nor the cache changes? That's odd
<rbasak> Did I leave the importer service instance on edge?
<ahasenack> rbasak: let's check
<rbasak> Yes, I did
<ahasenack> well, good for me :)
<ahasenack> and it's been working for a couple of weeks now?
<rbasak> So we could probably upload the latest nightly to edge and beta together, and move the importer service instance back to beta.
<rbasak> Yes
<ahasenack> rbasak: ok, want to walk me through it, or do it yourself this time?
<rbasak> I can walk you through it
<ahasenack> h/o?
<rbasak> ack
<ahasenack> let me fetch my headset
<tobias-urdin> coreycb: hello :) quick questions, will ubuntu keep neutron-lbaas packages for the train release?
<tobias-urdin> it will be retired in Train, but RDO will keep the packages pinned to latest version https://review.rdoproject.org/r/#/c/20683/
<tobias-urdin> will ubuntu do something the same, or will it be completely removed in Train?
<tobias-urdin> s/latest version/latest commit/g
<tobias-urdin> then drop next release
<coreycb> tobias-urdin: that's a good question. i think we can keep them around.
<coreycb> jamespage: +1 on keep neutron-lbaas* around for train?
<jerichowasahoax> "journalctl -u postfix" used to bring me my mail logs in 16.04, but in 18.04 it comes up empty, and my postfix logs are in /var/log/mail.log instead. Can I switch back to journalctl? I don't want to rework my scripts today.
<TJ-> jerichowasahoax: are you sure you've not got that inverted? the 16.04 Xenial package has no systemd-related files or config, but the 18.04 Bionic package does
<jerichowasahoax> TJ-: does 16.04 have some kind of package that lets journalctl read "classic" log files?
<jerichowasahoax> it's possible that in 16.04 "journalctl -u postfix" was just some kind of fancy pants "cat /var/log/mail.log"
<jerichowasahoax> but like, my daily report scripts are reading mail logs via https://pypi.org/project/systemd/, and i wrote these scripts back in 2017, so i was most definitely for sure using journald
<jerichowasahoax> somehow
<TJ-> jerichowasahoax: I'd suspect a custom config to route the mail logs to journald
<jerichowasahoax> TJ-: depends on how custom we're talking - i could definitely have filled in "syslog" for a log file somewhere but i wouldn't have gone more complex than that
<TJ-> jerichowasahoax: I would presume that journald was configured to take over the syslog function, via its /run/systemd/journal/dev-log (symlink to /dev/log). That's where the syslog() library function writes to (and Postfix uses syslog() by default)
#ubuntu-server 2019-05-18
<entropygain> hello all - I am trying to install Ubuntu 18.10 using the alternative ISO which I put on a raw disk .. the installation alerts me that it cannot find the cdrom
<entropygain> I am trying to go into the ash shell and mounting the disk to /cdrom/ubuntu (i created ubuntu)
<entropygain> i am having a little trouble but first I want to ask
<entropygain> is this the wrong approach?
<entropygain> oh sorry this is Ubuntu 18.04 Server btw*
<entropygain> mount /dev/disk/Ubuntu-Server\\x2018.04.2\\x20LTS\\x20amd64 /cdrom/ubuntu
<entropygain> gives me a failed : Invalid argument
<entropygain> anybody try something similar in the past?
<entropygain> actually i am able to mount with a -t iso9660 option
<entropygain> still issues though
#ubuntu-server 2019-05-19
<entropygain> prefconfig ubuntu-server.seed cannot be found
<entropygain> had to mount to /cdrom myfault
<tomreyn> entropygain: is there a specific reason that you're trying to install this (very unusual) way?
<entropygain> ease of disk encryption on a remote system
<tomreyn> hmm i don't think i can follow
<entropygain> disk encryption + LVM is super easy using the alternative installer
<entropygain> this worked though I am very happyu
<entropygain> I only have Finnix
<tomreyn> why don't you just boot the system you want to install on from the iso (written to a bootable storage) and use the intstallers' partitioning tool to setup the encryption?
<tomreyn> what is "finnix"?
<entropygain> so I made a raw drive and pulled the .iso image in
<entropygain> but then it was not recognizing the cdrom past the keyboard setup
<entropygain> so i had to open the shell
<entropygain> and mount the disk to /cdrom
<entropygain> and all is well now
<entropygain> maybe if I somehow wrote to /cdrom in the first place this would have been easier
<entropygain> I wrote to /dev/sda
<entropygain> Finnix is some sort of system that my provider allows me to use as a rescue
<entropygain> so its like an outside system that has bash and internet where I can mount the disks alottet to my account
<tomreyn> so you can't boot this system off the iso?
<entropygain> i can boot the system off of the raw disk where I wrote the ISO
<entropygain> but in the process after setting up keyboard it does not recognize my cd
<tomreyn> which hosting provider is this, if you don't mind disclosing this?
<entropygain> linode
<tomreyn> ok, i have no first hand experience with them. what you can probably do is to use debootrap to install ubuntu from the running finnix system
<tomreyn> however, the latet finnix release seems to be from 4 years ago, probably not an ideal installation environment. but it will liekely still work.
<tomreyn> linode provides an imaging function where you can just have them create an ubuntu installation for you. it won't be encrypted and adding the full disk encryption later is, while possible, not that easy. but if you had them setup a bootable ubuntu for you this way, then added a second empty volume, and used ubuntu to install to the other volume, that should work out fine.
<tomreyn> here's another approach, looks even easier: https://www.linode.com/docs/security/encryption/use-luks-for-full-disk-encryption/
<[rg]> is password login is disabled by ubuntu server on default?
<_KaszpiR_> for root? yes
<_KaszpiR_> but it really depends on what preseed configig was used when creating that server
<lotuspsychje> _KaszpiR_: he left
<_KaszpiR_> ah, the joy of hidden join/part/quit
<Azlligia> Hi. I'm looking for tricky software. I want it to read STDOUT and STDERR of application and if something appears in STDERR then get last N strings from STDOUT and send to remote server so I can see source of problem. I can't find it in google. Anyone know something like this?
<weedmic> this is built in to linux bash - do want a way to extract the data?  or something else - basically, it's a one line thing
<weedmic> Azlligia: ^
<Azlligia> weedmic, my idea is that I launch my code on multiple servers and my code logs errors to STDERR. If error occurs then I want to receive last 1000 lines of STDOUT on my central server/email/messenger. So I can debug it.
<weedmic> Azlligia: I cannot tell if you are asking or telling something - here is an example of how to dump errors to a file - the imporant part is 2> - rsync -aprv root@172.20.1.25:/DATA/ACTIVE/ /mnt/weekly/01-MON/ 2>> /home/weedmic/CRONs/MONbackuplog.txt
<Azlligia> weedmic, I will try to explain. I want to receive last 1000 lines of log ONLY if error occurs. I need not only error, but last 1000 lines of STDOUT too.
<Azlligia> weedmic, Something like "reporterrors myapp" which will run "myapp" and listen for STDERR and remember last 1000 lines of STDOUT. If something appears in STDERR then send 1000 lines of STDOUT and STDERR to my server. I hope you understand what my idea is.
<weedmic> i just don't grep what you mean.  You can dump all errors to a file, then grep out the lines you want 1000 or whatever.  Although I can't imagine have that many errors.
<Azlligia> weedmic, 1000 lines of STDOUT, not STDERR. So STDOUT will will be like "user joined", "user sent message: hell'o" and STDERR will be like "Server crashed due to syntax error". If I will receive only STDERR without seeing STDOUT I will not know what happened. What did user sent to server.
<Azlligia> And I will be unable to reproduce error without seeing STDOUT.
<JanC> Azlligia: you shouldn't log to STDOUT; just send everything to STDERR
<JanC> or use proper logs (journald and/or syslog)
<JanC> STDERR is *NOT* meant for error messages only
<JanC> STDERR is meant for âprinting diagnostic or error messagesâ
<JanC> but really, you should be logging to a proper logging facility, which has timestamps etc., and then get whatever you need from there
<blackflow> Azlligia: like others have suggested, use journal or syslog. you can set severity to messages and thus have more than just two levels.
