#ubuntu-server 2005-12-12
<Pygi> Hi hi
<etcp> pygi: morning!
<fabbione> morning guys
<etcp> hiya
<fabbione> hey guys
<Pygi> Hi hi
<Pygi> what's up?
<etcp> just up, about to head to work
<fabbione> not much
<fabbione> i didn't get to finish to setup the mailing list
<fabbione> i hate that mailman web interface
* ..[topic/#ubuntu-server:fabbione] : ubuntu-server discussions and support | for general support see #ubuntu | Ubuntu Server (stable) at http://releases.ubuntu.com/ubuntu-server/5.10/ | Ubuntu Server (Devel) at http://cdimages.ubuntu.com/ubuntu-server/daily/current/ | Ubuntu Server dapper specs: https://launchpad.net/people/ubuntu-server/+specs | Ubuntu Server forums at http://ubuntuforums.org/forumdisplay.php?f=45 | ubuntu-server@lists.u.c is up and running
<spike> 'morning
<jimcooncat> hi, looking for assistance on amavisd-new. runs clamav well, eicar test caught. But spamassassin doesn't seem to be hooked up properly. ran "avavisd-new debug" and see "ANTI-SPAM code NOT loaded". What do I check next? I don't see anything in amavis conf file regarding spamassassin.
<jimcooncat> hi, looking for assistance on amavisd-new. runs clamav well, eicar test caught. But spamassassin doesn't seem to be hooked up properly. ran "avavisd-new debug" and see "ANTI-SPAM code NOT loaded". What do I check next? I don't see anything in amavis conf file regarding spamassassin.
<ivoks> hi
<fabbione> hey guys
<ivoks> hi fabbione
<ivoks> thanks for accepting me in
<fabbione> no problem
<fabbione> we got the LP permission sorte
<fabbione> +d
<ivoks> hehe
#ubuntu-server 2005-12-14
<hunger> Are there any useable application benchmarks for linux to measure performance regressions?
<fabbione> hunger: depends what kind of performance you want to measure
<hunger> fabbione: server stuff like serving webpages, etc.
<fabbione> and how long are you prepared to wait for real results
<fabbione> hunger: there is an apache bench for that
<fabbione> let me search for the name
<fabbione> can't rememeber it offhands
<fabbione> ah it's in apache itself
<hunger> fabbione: I got the feeling that my box got slower with the new kernel... but that can very well be just my impression.
<fabbione> it's called ab
<hunger> fabbione: Thanks! I'll run that if I find the time to do so this WE.
<fabbione> hunger: performance are difficult to measures
<hunger> fabbione: Yes, I know...
<fabbione> and you need a really clean env to do it
<hunger> fabbione: currently I do End to end measurements with a proprietary product.
* hunger got to run.
<spike> 'morning
<Pygi> Hi hi
<Pygi> welcome lbm
<lbm> well, thank you :)
<Pygi> :)
<Pygi> hello
#ubuntu-server 2005-12-15
* #ubuntu-server  [freenode-info]  If you're at a conference, please contact freenode staff to make sure we've made special allowance for many users coming into our network from a single internet address ( http://freenode.net/faq.shtml#gettinghelp ). Private messages from unregistered users are currently blocked, except to network staff, services and participating registered users ( http://freenode.net/faq.shtml#privmsg )... Thanks!
<Pygi> heh
<Pygi> troy :P
<zenrox> Player: ( xmms 1.2.10 ) Volume: ( 22% ) Title: ( VA_-_Creative_Braindamage_Compiled_By_Psy-Gothic ) Time: ( 10:12/77:37 (13%) ) BitRate: ( 160 kbit/s - 44100 Hz )
* #ubuntu-server  [freenode-info]  If you're at a conference, please contact freenode staff to make sure we've made special allowance for many users coming into our network from a single internet address ( http://freenode.net/faq.shtml#gettinghelp ). Private messages from unregistered users are currently blocked, except to network staff, services and participating registered users ( http://freenode.net/faq.shtml#privmsg )... Thanks!
<Pygi> hi hi
<Pygi> hehe
<troy> morning folks
<Valandil> hi troy  :-)
<troy> Valandil: I'm curious about the origin of your nick?
<Valandil> why?
<Valandil> ah, You like to know, where it comes from?
<Valandil>  (sorry, my English is not great ;)
<troy> yes :)
<troy> and your English is "Good Enough(TM)"
<troy> probably good enough to make University entrance requirements here in Canada anyway
<Valandil> OK, if You say it ;-)
<Valandil> My name comes from the fact, "chrys" is already registered
<troy> oh, hahaha :)
<Valandil> so I took the name, an "elven name Generator" gave as Output of the name "chrys"
<Valandil> :-)
<troy> cool - it looked 'elven' which is why I asked :)
<Valandil> I play lots of "Live Action Role Play" and I only play elven Characters
<Valandil> #:-))
<troy> live action, with costumes and swords and such?
<Valandil> yes, exactly
<Valandil> I'm a bard, a musician
<troy> do you have any instruments to play in costume?
<Valandil> yes, I play a guitar-like old instrument, some irish tin-whistle, and a schottish warpipe
* troy always plays as an archer, elven or human depending on the game
<Valandil> cool :-)
<Valandil> which system?
<troy> depends who I'm playing with - sometimes D&D, sometimes simply roleplaying without rulesets
<troy> there's a large group in my city here that does live action events, but I don't usually attend (my costume needs a little work)
<Valandil> :-)
<Valandil> if you're interested in photos:
<Valandil> http://www.druidenhain.org/LARP/Bilder/05/A3-sunset/Sunset2.htm
<Valandil> is is from an event we organized
<Valandil> the third photo on the right side is me :)
<Valandil> but nowerdays, the beard is gone :)
<troy> http://tblog.ath.cx/troy/images/jiilik.png
<Valandil> :-)
<Valandil> looks good :)
<Valandil> but I prefer the longbow ;)
<troy> My bow isn't in that picture - I can't wear the quiver and the cape at the same time - they interfere with each other
<Valandil> *giggle* Yes, I can imagine
<Valandil> my blog is coming soon. The domain-owner is learning for exam, so I have to wait a litte
<troy> tblog.ath.cx/troy is mine - I use that domain since it's free, and I can point it to my dynamic IP :)
<Valandil> :-)
<Valandil> mine is chrys.littlecornerofthe.net
<Valandil> but joerg is still in leraning...
<troy> what software do you use?
<Valandil> for blogging? or which I work with?
<troy> blogging
* troy is looking to replace his blogging software but is still looking at options
<Valandil> hmmm, I think, Joerg has set up a kind of wiki
<Valandil> since I have a systemaccount, I can set up this wiki as readonly
<Valandil> perhaps it's not very elegant, but it's quick ans dirty ;-)
<troy> I see - hrmm, I wrote my own software for all my stuff - it can sort of do wiki, see http://tblog.ath.cx/wiki/
<troy> that wiki hasn't been used in some time - I don't think are are any links anywhere on the net that lead to it :)
<Valandil> looks interesting
<Valandil> hi Pygi , hi mgalvin
<Valandil> :)
<Valandil> troy: me, I'm not good in web-programming
<mgalvin> hi Valandil, hi all :)
<Valandil> I like servers and consoles :-))
<Pygi> Hi hi all
<mgalvin> hey mario
<Pygi> hey matt
<Pygi> any progress with your instant-server? :)
<mgalvin> eh, been to busy to think about it, maybe eventually, but not right now
<Pygi> heh
<mgalvin> gotta pay those bills first ;)
<Pygi> hehe
<Pygi> so troy, what's up in this channel? ;)
<Pygi> heh, troy sleeps
<Valandil> ;)
<Pygi> welcome eric
<eric> thank you
<eric> how is everyone
<Pygi> ah, everyone is mostly busy :P
<eric> ic
<Pygi> but still, if you need any help, fire away :)
<eric> well I am making my first attempt at setting up a server
<eric> dont really know what I am doing yet
<Pygi> ah :)
<eric> not much in the wiki
<Pygi> ah, well, ok, so what you did?
<Pygi> installed core server?
<eric> working on it
<Pygi> kk
<Pygi> great
<eric> Do you know much about VPN
<eric> that would be my ultimate goal
<Pygi> ah, good
<eric> The box I am doing the install on was running XP and I had Apache on it as a web server, just tired of all the security concerns
<Pygi> hehe ::)
<eric> so what has your experiance been with ubuntu server
<eric> still partitioning
<eric> the simple server looks interesteing
<Pygi> I installed a couple of ubuntu servers
* troy wasn't sleeping
<troy> just going through amarok and manually retagging songs that have typos in the tags, etc.
<Pygi> heh, you just woke up :)
<troy> nah - I've recently done OS reinstalls for a few family members and took the opportunity to help myself to their MP3 collections - now I have to resort and tag them all to bring them up to par with my existing pile
<troy> takes a long time
<troy> and I'm ignoring wma files for now - amarok 1.3 doesn't index them (1.4 does, but still too unstable)
<Pygi> heh
<eric> I found that rythembox likes wma just fine
<troy> well, the wma files work fine, it's the tag support that's lacking
<troy> which is in the svn version of amarok, and I can install if I'd like, but not worth it :)
<eric> mmm I think mine were already tagged
<troy> amarok 1.3 doesn't read/write wma tags at all
<eric> I just know when I pulled all of wma off my server into rythembox everthing was labble properly
<troy> I only have about 100 wma files, compared to several thousand mp3 and oggs, so I'll just ignore them
<troy> and when amarok 1.4 is released, JRiddel usually packages it for kubuntu right away
<eric> not a problem then
<eric> so how hare is it to setup a VPN on ubuntu
<eric> I am seeing a lot of complaints in the forums
<troy> depends what kind of VPN? tunnelling?
<eric> I dont know much about it I just want to have all of my computers on the same network with a secure login even the windows machines, and I want to be able to acess all of the files from the net
<eric> any suggestions
<troy> eric: probably samba
<troy> over tunnelled ip
<troy> for unix computers you can NFS mount /home, which I find is usually the best solution
<troy> but when adding windows to the picture, *shrugs* I don't use windows ever
<eric> I dont personally but I have to professionally
#ubuntu-server 2005-12-16
<hunger> Could somebody please change the permissions for cdrw drives so that group cdrom can write to them again? Thanks!
* #ubuntu-server  [freenode-info]  If you're at a conference, please contact freenode staff to make sure we've made special allowance for many users coming into our network from a single internet address ( http://freenode.net/faq.shtml#gettinghelp ). Private messages from unregistered users are currently blocked, except to network staff, services and participating registered users ( http://freenode.net/faq.shtml#privmsg )... Thanks!
#ubuntu-server 2005-12-17
<spike> 'lo
<shawarma> Can anyone recommend a good SATA RAID controller that works out of the box with Ubuntu?
<fabbione> shawarma: 3ware are known to work but expensive
<fabbione> shawarma: you get them at good price in rhus tho
<shawarma> How expensive is expensive?
<fabbione> shawarma: dunno.. i usually buy here shg.dk
<fabbione> they are at least 10% cheap than here in Copenhagen
<shawarma> ...and it works of the box? That's the most important factor, actually.
<fabbione> shawarma: i don't have one myself.. most kernel developers told me that's one of the sanest
<shawarma> fabbione: Just any 3ware? Or a specific one? I find it REALLY difficult figureing out if something is actually software raid or if it's real hardware raid.
<shawarma> fabbione: WOW! Just noticed the price tag..
<shawarma> fabbione: That is waaaay out of my league.
<fabbione> shawarma: this is -server.. not -wannabecoolwithsatahwraid
<shawarma> fabbione: But a RAID controller for 195 DKK doesn't sound too much like hardware RAID. :-)
<fabbione> ;)
<fabbione> nope
<shawarma> fabbione: :-P It IS for a production server, but not quite within that budget range.
<fabbione> well.. sucks to be you :P
<fabbione> no seriously..
<fabbione> i have a.. hmm let me check...
<fabbione> 0000:00:0f.0 RAID bus controller: VIA Technologies, Inc. VIA VT6420 SATA RAID Controller (rev 80)
<fabbione> i have this one on my mobo
<fabbione> don't use it tho
<fabbione> but the driver is loaded and doesn't crash :P
<shawarma> I'm almost certain it's really software RAID.
<fabbione> but why do you want hw raid?
<fabbione> do you realize how many problems you have with hw raid?
<shawarma> fabbione: I have one box with it that works just fine..
<shawarma> fabbione: What would those problems be?
<fabbione> that's not a good reason
<fabbione> first of all hw raid is not standard.. you can't unplug disks from one controller and put them into another. you are binded to that brand and porbably model forever
<shawarma> It's for a production server, and my customer wants hardware raid. The want RAID for the obvious reasons and they want it to be hardware raid to minimize the performance impact.
<fabbione> software raid is very light on the CPU
<fabbione> that's because they don't know ^^
<shawarma> I'm curious.. If it's actually software raid.. why is a special driver needed? To fetch the RAID settings from the BIOS?
<fabbione> with hw raid let say in a raid5 3 disks setup, if 2 disks die, you can wave good bye to the data (all of them)
<shawarma> Of cours.e
<fabbione> with software raid you can recover with a bit of luck
<fabbione> ok.. there are 3 raid:
<fabbione> - real hw raid
<fabbione> - fake hw raid
<fabbione> - real software raid (done at kernel level)
<fabbione> the one you are asking about is the fake hw raid
<fabbione> that seems to be hw
<shawarma> right.
<fabbione> but it's done via some device mapper tricks
<fabbione> you need a recent kernel .12 or higher
<fabbione> and dmraid
<fabbione> a tool to manage it
<fabbione> gotta go now
<fabbione> cya around or the 15th at e2e
<shawarma> Sure. when is it?
<shawarma> 14:00, right?
<fabbione> i think so
<fabbione> i will be there before that
<fabbione> remember your GPG fingerprint and documents ;)
<shawarma> Alright. See you there!
<shawarma> Always.
<shawarma> Never leave home without them. :-)
<shawarma> Hmm... So if I'm going to have to settle with fake raid anyhow (1000$ for a true hardware SATA RAID controller is WAAAY out of my budget), pretty much any SATA controller will do just fine, right?
<fabbione> if the SATA is only for storage and you boot from other disks, you are okish.. otherwise no
<fabbione> you can't boot from fakeraid yet afaik
<shawarma> I thought you were leaving? :-)
<shawarma> fabbione: I'm ALMOST sure that you can...
<shawarma> I believe I have a customer who did just that.
<shawarma> No, wait. That was not "fake raid" but software raid.
<fabbione> exactly
<fabbione> you can boot from software raid
<shawarma> fabbione: So the lesson is: Use software RAID instead of fake raid?
<IzzyCC> hey all
<IzzyCC> anyone here mind helping me with an install for some $?
<IzzyCC> im so frustrated right now ;)
<troy> IzzyCC: explain your problem :)
<IzzyCC> okie, *nix newbie here...
<IzzyCC> installed ubuntu... then tried to remove php4/mysql4 and put in 5
<IzzyCC> it "looked right" but yet still shows it using php4
<IzzyCC> so now im ready to just start all over again
<IzzyCC> and getting super frustrated
<IzzyCC> id rather just throw a few dollars via paypal to someone to get me up and going than kept having to read fubared tutorial after tutorial
<troy> IzzyCC: did you use the ubuntu packages for php and mysql?
<troy> php5 is in the repositories, but mysql5 is not - 4.1 is however, and it'll work for everything I can think of
<troy> so "sudo apt-get install php5 mysql-server-4.1 php5-mysql" should do it
<shawarma> fabbione: ping?
<fabbione> shawarma: pong?
<shawarma> fabbione: Regarding the RAID thing... Can you in short explain what the advantages of fake raid over software raid are?
<shawarma> fabbione: To me, it appears there are none.
<fabbione> fake raid sucks.. i never said it has advantages over software :)
<fabbione> i honestly prefer software > *
<shawarma> fabbione: Even true hardware RAID?
<fabbione> it depends from the hw raid
<fabbione> let's put it this way..
<fabbione> if you build a server with one raid controller, you lose
<fabbione> (hardware)
<fabbione> if you want redundancy, you need at least 2 raid controllers
<fabbione> and most of them don't support sharing a disk on a chain
<fabbione> so you still lose
<shawarma> Heh.. Well, the chances of the mechanics or magnetic plates of a disk failing are surely higher than that of a RAID controller? But in principle, you're absolutely right.
<fabbione> statics of that are sort of hairy
<fabbione> i have seen both failing..
<fabbione> so
<fabbione> and tbh, once you get one single raid card on a server
<fabbione> that's a half quality one
<fabbione> i would rather trust more a better SATA controller without raid and use software raid
<fabbione> i can tell you that software raid is chea during normal operations
<shawarma> But a fake raid controller doesn't give any advantages over software raid, afaics. With fake raid, you're still doing software RAID, but paying for the fancy bios configuration interface.
<fabbione> the code is uber optimized
<shawarma> Yeah, I know. I remember looking at it right after 2.6 came out.
<fabbione> no it doesn't. because you still use the kernel device-mapper to access the right blocks on the fake raid
<shawarma> nah...it wasn't right after 2.6... It was right after they revamped the dm stuff.
<shawarma> Well, some time ago, anyhow. :-)
<fabbione> ehehe
<shawarma> Well, this cleared up quite a few things. Thanks a bunch!
<fabbione> no problem dude
#ubuntu-server 2005-12-18
* troy yawns
<troy> hey, anyone done any css?
<troy> I'm having trouble grasping something in css - see http://tblog.ath.cx/~troy/mockup.html and http://tblog.ath.cx/~troy/mockup.css -- I want the left column to adjust it's width to accomodate the right column, how do I do that without tables?
<Pygi> fabbione: how's server going along?
<fabbione> hi Pygi
<Pygi> hi
<fabbione> it's going pretty good
<fabbione> we got the i386 -server kernels
<Pygi> glad to hear that
<fabbione> but i still need to integrate them on CD
<fabbione> and i am working on the specs
<fabbione> the md5 checker thingy
<fabbione> it's giving me some headackes but it's coming along
<fabbione> we have some blockes on the /etc in RCS
<fabbione> snakeoil certificate will happen around end of Dec beginning of Jan.
<fabbione> the other stuff is all WIP
<Pygi> ah, good
<fabbione> today (hopefully) we will get the announce out for the entire project
<fabbione> after which we will start sending out weekly status reports
<fabbione> or something
<Pygi> great ;)
<Pygi> maybe then I could join the server team ;)
<fabbione> you are welcome to
<Pygi> hehe, ok, launchpad url for the team?
<fabbione> http://launchpad.net/people/ubuntu-server/
<Pygi> thanks
<fabbione> no problem
<fabbione> brb
<Pygi> kk
<Pygi> I see I am already in the team...
<Pygi> tell me when your back ;)
<fabbione> re
<Pygi> I hope "re" means you'r back ;)
<fabbione> yeah
<Pygi> k, I have one question not really related to server, if that's ok with you
<fabbione> try :)
<fabbione> otherwise i can always send you to #ubuntu
<fabbione> :P
<Pygi> heh, how do I candidate myself for ubuntu member?
<Pygi> hehe, don't send me nowhere ;)
<Pygi> fabbione response: #ubuntu ;)
<fabbione> Pygi: check the wiki.ubuntu.com
<fabbione> there is documentation for it
<fabbione> you need to go trough the MOTU process
<Pygi> so I have to become MOTU first?
<Pygi> k, thanks
<fabbione> yeps
<Pygi> heh, not the packages ;) I'll see ... maybe it's better to continue contributing to Ubuntu without being a member ;I
<fabbione> Pygi: it's easy to contribute without being a member, as it is to become a member after you do contribute something
<Pygi> hehe, I have contributed
<Pygi> one of the two founders of HR Loco team, installed Edubuntu in one school for now (but will eventually be more), ...
<Pygi> uses Ubuntu as server there
<fabbione> that's good :)
<Pygi> :)
<Pygi> k, I go now
<Pygi> talk to you later
<Pygi> bye
<Pygi> hey hey
<Pygi> hehe, matt, troy, etcp,...
<shawarma> Has anyone here done a Ubuntu install with lvm on top of software raid recently enough to almost remember the exact steps? I'm trying to guide someone through it over the phone and I'm a bit confused.
<fabbione> shawarma: yes i did, but i am really heading to sleep now
<Pygi> night fabbione
<shawarma> fabbione: Argh... Oh well.. I'm trying to emulate in a QEMU but it takes forever.
<shawarma> I'll just have to make do. Cheers. Sleep well.
<fabbione> shawarma: sorry.. i am just too tired to remember it step by step
<fabbione> at 11pm :)
<shawarma> fabbione: Don't be. Go to sleep and make Ubuntu even cooler tomorrow. ;-)
<fabbione> ehe
<shawarma> Don't be sorry, I mean. Not "don't be tired". :-)
#ubuntu-server 2006-12-11
<Zero_Ice> Hi all
<Zero_Ice> Is this the correct place to get noob help with ubuntu LAMP server?
<Zero_Ice> hi can anyone help me find out what is causing this error: error: 'Access denied for user 'root'@'localhost' (using password: NO)'
<Zero_Ice> when running mysqladmin
<Zero_Ice> or trying to anyway
<Zero_Ice> It's off a fresh Ubuntu LAMP installation..
<Zero_Ice> only thing i've done is edit the my.cnf and canceled out the bind of 127.0.0.1
<evilkry> hello everyone
<evilkry> would anyone be willing to help me setup VirtualHost?  I use a seperate IP address for each Site...
<evilkry> I have a fresh install of Ubuntu-Server running
<evilkry> so I guess firstly I need to add a couple of alias-IPs to my server?
<mralphabet> http://ubuntuforums.org/showthread.php?t=284484
<evilkry> thank you
<evilkry> what would you recomend for setting up my virtual host
<evilkry> I have my dns pre-built for my sites through my ISP
<mralphabet> apache2?
<evilkry> i'm running a T1
<evilkry> yes
<evilkry> currently my sites all run on a cobalt raq server
<evilkry> i'm trying to transition over to this ubuntu-server
<mralphabet> http://www.debuntu.org/2006/02/22/7-virtual-hosting-using-apache-2
<evilkry> excellent - thank you 
<Synesthesia> I have a really easy one for you guys -- the ubuntu docs say that I can edit the Document root in /etc/apache2/apache2.conf. But there is *not* a DocumentRoot line there, nor a RedirectMatch line to uncomment. Any suggestions?
<CarlFK> if I boot the CD into the "rescue mode", and "execute a shell in the installer environment" - what is the anna thing to install a package?  (want to install kexec )
<mralphabet> there's aptitude
<mralphabet> or apt-get
<mralphabet> are you thinking anaconda?
#ubuntu-server 2006-12-12
<foo> Er, someone is telling me how debian 2.6.8 is better than ubuntu 2.6.16.
<foo> He is telling me to try a 2.6.8 kernel on ubuntu
<infinity> I wouldn't recommend it.
<foo> eh, yeah, we're not going to do that.
<infinity> OTOH, we've never had a stable release with 2.6.16 either.
<foo> I know there will be some issues with udev, I think.
<infinity> breezy = 2.6.12, dapper = 2.6.15, edgy = 2.6.17, feisty = 2.6.20 (when it's out)
<foo> eh, I'm just having some issues. Everyone says it's IO, but the data center doesn't accept that answer.
<foo> This server pushes 100mbit .. and the iowait from iostat increases.. 
<foo> Load ranges from .1 to 350
<infinity> What does it serve?
<foo> files with apache, mainly.
<foo> Well, only.
<infinity> Static, or dynamic?
<foo> dynamic
<foo> lots of file uploading/downloading
<foo> 100mbit cap
<infinity> DB backend?
<infinity> PHP, Perl, Python?
<infinity> It's entirely possible you just allow too many client connections.
<infinity> Alternately (and this one sounds weird until you think about it), you may be running too few apache instances, not too many.
<infinity> It's very costly for apache to fork new children when the hit count increases.  Very.
<infinity> If you start with more MinSpares, it goes more smoothly.
<foo> PHP
<foo> Hm. infinity, should I check for connections about netstat or something?
<foo> I've had several guys look at this ... everyone is blaming IO
<infinity> When the load is huge, "ps ax | grep apache" and see how many are running.
<foo> But how could a network cap at 100mbit cause IO on a server.. I'd expect it to read/write with that
<infinity> If there's several hundred, or something, then you really want to bump up MinSpares in the config, or limit MaxClients.  Pick one.  Either will help.
<foo> Apache has already been optimized, but. hm
<infinity> Err, when people blame "I/O", they're not blaming the network, they're blaming slow disk and such.
<foo> # netstat -nap|grep -c ESTA
<foo> 381
<foo> yeah, I know
<foo> I just don't get how a server pushing 100mbit could have IO
<foo> issues
<infinity> Why not?
<infinity> It's not about raw disk throughput, it's about crazy random access.
<foo> heh, that might be what it is
<foo> That's what I'm thinking
<infinity> But in my experience with PHP/Apache, I'd suspect you're CPU bound on apache forking.
<foo> 192 requests currently being processed, 20 idle workers
<foo> load is 1.25 right now
<foo> Pushing 81mbit right now
<infinity> grep SpareServers /etc/apache2/apache2.conf
<foo> MinSpareServers      20
<foo> MaxSpareServers     27
<foo> worker and prefork, probably
<infinity> No, those are both for prefork.
<foo> oh, ok
<infinity> Min is the number started at startup as spares, Max is the number it will keep idle once connections die off.
<foo> ok
<infinity> For your sort of load, you might want something more insane like Min 50, Max 75
<infinity> Or even higher.
<infinity> If you're doing 200 requests right now.
<infinity> Min 100, Max 150.
<infinity> Experiment, have fun. :)
<infinity> If you have the RAM to back up that sort of thing anyway, which you better if you're trying to saturate 100Mbit.
<foo> Hm, 1GB RAM
<foo> infinity: FYI, I've been playing around for weeks now. I've pretty much had it. 
<infinity> Is that PHP serving content from a DB?
<infinity> If so, tuning said DB enging for that sort of load is just as important as tuning Apache.
<infinity> s/enging/engine/
<foo> Nope, not from DB
<infinity> Kay.
<ArwynH> lo
<ArwynH> just wondering, is there any plans to implement a server control panel of sorts?
<ArwynH> If so, can I have a link to the spec please? Or should I write one myself?
<levander> ArwynH: there are already some of those written that are free software, like cpanel
<foo> ArwynH: Look into webmin
<ArwynH> foo: webmin is a nightmare and is not in repos.
<foo> ArwynH: Nightmare? Why? Yeah, isn't in repos.
<ArwynH> foo: it isn't in the repos because the code is a nightmare to maintain. I've tried running it before.
<ArwynH> it's a pain to run aswell
<ArwynH> anyway, a web interface isn't what I'm looking for.
<foo> I see
<ArwynH> I've pretty much decided what I want and I havn't found anything like it in the oss world, so It looks like I'll have to write it myself, but I'm just trying to make sure.
<foo> ah
<levander> ArwynH: maybe write a spec first and circulate, maybe people will help you based on the spec?
<ArwynH> levander: i plan to. hence me checking if there was one available to look at first.
<levander> ArwynH: maybe circulate it on webmin and cpanel mailing lists, after written?
* Starting logfile irclogs/ubuntu-server.log
<okaratas> hi
<shwag> phpmyadmin is pretty out of date on ubuntu.
<shwag> 2.8.0.3  vs   2.9.1.1 
<linuxpoet> why is mailman on dapper always using the wrong domain to send?
#ubuntu-server 2006-12-13
<shwag> so phpmyadmin setup generate  /var/lib/phpmyadmin/config.inc.php  do I move this to /etc/phpmyadmin/ ?
<foo> Hm, Cpu(s):  1.5% us,  2.3% sy,  0.0% ni, 43.9% id, 49.2% wa,  1.7% hi,  1.5% si
<foo> Why isn't each one of those (us, sy, ni) described in the man page?
<foo> weird
<shwag> can someone tell me how to get the setup script on phpmyadmin working?
#ubuntu-server 2006-12-14
<lullabud> the more i use other *nixes, the more i love ubuntu.
<shwag> Can anyone help me to figure out why there is a 15 second delay when I ssh to my server before it asks me for my password?
<shwag> what user does cron usually run as ?
<foo> uh, I mv'd the apache2 dir in /etc after I uninstalled apache with --purge ... and I reinstall apache, and the dir doesn't come back with configs. Any ideas?
<infinity> foo: Purge apache2-common.
<foo> infinity: ahh
<foo> thanks
<KenSentMe> I have updated profptd on my ubuntu dapper machine, but since that i get an error when restarting proftpd: IPv6 getaddrinfo 'marge2.lan' error: Name or service not known.I've read the README.debian file about adding '::1 ip6-localhost ip6-loopback your_host_name' and '::fff:A.B.C.D your_host_name'. The server restarts without error, but is unreachable through an ftp client. Anyone know a solution?
<edgy> Hi, how can I tell whether the OS installed is plain ubuntu or ubuntu server?
<rbonnin> Hi! is ubuntu server LSB compliant?
#ubuntu-server 2006-12-15
<jsgotangco> ah
<okaratas> hello
<J-B_> /usr/sbin/apache2: error while loading shared libraries: libgcrypt.so.11: cannot enable executable stack as shared object requires: Permission denied                                                                                                                                    [fail] 
<J-B_> anyone know this error message
<J-B_> ?
#ubuntu-server 2006-12-16
<grogoreo> hi
<grogoreo> I would like to connect to /var/www with SSH but it's owned by root and I want to login with a normal user who's just given access to certain folders within it. Should I create a group, like www-user, and chown root:www-user on all the folders?
<TrioTorus> can you not log in as a user that has ssh acces and then su to the 'normal user'?
<grogoreo> i would like to mount it with Gnome/Nautilus. My user has sudo access
#ubuntu-server 2006-12-17
<dv5237> hi i would like to run a minimalized xorg on server-install any sugestions?
<Hendrikdegraaf> Hi, this is the first time i've ever used IRC... I've set up Ubuntu 6.06 as server and now I am having trouble connecting to my server via the internet.
<Hendrikdegraaf> I've checked the firewall rules in my router, and files /etc/resolv.conf /etc/hosts /etc/network/interfaces. This all seems to be fine.
<Hendrikdegraaf> I was able to connect through the internet before, but then I installed some stuff and everything seemed to #@@##$%^up.
<Hendrikdegraaf> The problem started after I installed eGroupWare, samba and webmin. It seems to me confuration of samba and webmin didn't cause these problems. However I've had to change two things whilst configuring eGroupWare:
<Hendrikdegraaf> file permissions in Apache, and the /etc/host file.
<Hendrikdegraaf> Couldit be that one of these things have caused my server to become unapproachable through the internet?
<Hendrikdegraaf> Perhaps I am doing something wrong??? I will logg off try the beginners forum (even though my question concerns a server).
<Hendrikdegraaf> bye
#ubuntu-server 2007-12-10
<hatter> can anyone here give me a clue as to why samba woould periodically lag for 40 seconds ?
<hatter> its only happening on my ubuntu boxes :(
<jeos_newbie> has anyone used  7.10 jeos?
<osmosis_> apt-get upgrade   shows a new  xen-image-2.6.19-4-server  package. How do I figure out what changed before I install it?
<antdedyet> osmosis_: I don't really like the way this answer tied together, but http://changelogs.ubuntu.com/changelogs/pool/universe/x/xen-source/xen-source_2.6.19-2ubuntu7/changelog might provide the info you desire.
<antdedyet> building and installing a custom 2.6.23.9 kernel package fixed kvm whoas I mentioned here last night..
<soren> antdedyet: When was "last night"?
<antdedyet> [23:57] < antdedyet> Hrmmph... kvm reboots my machine when I run an image.
<antdedyet> [23:59] * antdedyetheads off to ubuntuforums.org
<antdedyet> Day changed to 09 Dec 2007
<soren> antdedyet: Gutsy?
<antdedyet> before the custom kernel image, it was running the packaged desktop gutsy kernel
<antdedyet> soren: yes
<soren> Ok.
<soren> Any image?
<soren> Or a specific one?
<antdedyet> soren: any image probably. It did it with at least 3: win vista home 32-bit, debian etch, or nexenta
<soren> Intel hardware?
<antdedyet> soren: amd ... dell vostro 1000 notebook
<soren> I see. I haven't had a chance to test with amd hardware.
<soren> Could you do me favour and boot the original gutsy kernel, run "sudo m-a a-i kvm; sudo depmod -a ; sudo rmmod kvm ; sudo rmmod kvm-amd ; sudo modprobe kvm-amd" and try again?
<soren> Just for fun?
<antdedyet> Booting it up...
<soren> Thanks
<antdedyet> soren: The virtual machine is running fine on 2.6.22-generic now. kvm loads the nexenta install dvd and an already installed gutsy server image. It's probably worth noting that after the kernel upgrade this morning, I did an update to ubuntu 8.04a1, which includes a pretty hefty version jump in kvm. The kvm package upgrade's probably where the real fix came in at.
<antdedyet> 'cept Nexenta has been loading for about 5 minutes, heh.
<soren> antdedyet: Ah, you said you were running gutsy.
<soren> antdedyet: WEll, you didn't, but your answer sort of implied it :)
<antdedyet> soren: I was until about 5am this morning. :)
<antdedyet> soren: yeah, sorry
<soren> antdedyet: Well, in that case, the above test was quite useless :)
<antdedyet> soren: what renders the method useless in hardy alpha 1?
<soren> antdedyet: The fact that you're not testing gutsy which was what I was interested in :)
<antdedyet> soren: eheh, I'm interested in upcoming releases because I know from experience very little gets fixed in stable releases with the exception of security 'spoits.
<soren> antdedyet: Indeed. For good reasons.
<antdedyet> soren: yep!
<soren> antdedyet: I'm working on kvm a lot this release, so to have you around to give me feedback about how it works out on amd hardware would be *really* helpful.
<soren> antdedyet: Well, even just a best-effort promise to file bug reports if it breaks would be lovely.
<antdedyet> soren: Sure. I can dedicate some time for that.
<soren> antdedyet: Great!
<antdedyet> soren: when booting kvm up for an install with a ubuntu 7.10 and 8.04 image, the boot menu doesn't show up; it's just a plain black screen. I hit enter to continue with the installation, having seen the menu before but to others it could definately look like a lockup.
<soren> antdedyet: Which iso ?
<soren> antdedyet: Oh, never mind.
<soren> antdedyet: That should be fixed with the daily CD's.
<antdedyet> grabbing hardy-server-i386.iso for 12/10 to test with
<antdedyet> soren: nice, it works.
<antdedyet> time for sleep.
<soren> I'm glad to hear that.
<soren> antdedyet: Thanks very much!
<Gargoyle> greetings fellow freenoders!
<zul> dendrobates: ping
<dendrobates> zul: yep
<zul> dendrobates: some xen info for you http://pastebin.com/m2de00eee
<zul> in other words things just got easier again
<dendrobates> zul: cool thanks.
<nealmcb> zul: thanks for the fedora xen plan update and  http://fedoraproject.org/wiki/Features/XenPvops    Will hardy depend on their kernel work?
<nictuku> wiki.ubuntu.com is down? "Internal Server Error"
<nictuku> worked now. :-)
<kraut> moin
<sommer> hello
<okaratas> hello
<nealmcb> saluton
<ScottK> Salut
<sommer> if I mount /mnt/cheese to a nfs share on another machine, is it correct to say that /mnt/cheese is a "remotely mounted file system"?
<mralphabet> yes
<mralphabet> though as much as I love cheese, I am not sure I would ever mnt it.
<sommer> mralphabet: lol... you never know until you try!
<mralphabet> I do like me some good swiss cheese
 * mralphabet looks for the line
 * mralphabet thinks he saw it somewhere behind him.
<nealmcb> sommer: I'm confused.  I'm guessing that it is the other way around - you're mounting the nfs share on to /mnt/cheese  and  /mnt/cheese is the local mount point, and the remote file system is.. the remotely mounted file system....
<nealmcb> though "remotely mounted" is a matter of perspective I guess - more context would help
<sommer> nealmcb: yes /mnt/cheese is the local mount point.
<sommer> basically you mount a directory shared by another computer... does that mean the local mount point is now remotely mounted?
<sommer> not sure if that makes sense... heh
<nealmcb> who is doing the sharing.  use some host names
<nealmcb> are there 3 hosts?
<sommer> 2 hosts hosta sharing /home/steve and hostb is mounting the share to /mnt/cheese
<sommer> I'm just wondering what the correct terminalogy is for /mnt/cheese
<nealmcb> the mount point is a local directory.  the stuff that appears under it is from the remote file system
<nealmcb> the mounting itself is local
<nealmcb> "remotely mounted" is still confusing me and seems unnecessary
<sommer> does "remote file system" make more sense?
<nealmcb> a sentence would help
<nealmcb> but it sounds better offhand
<sommer> nealmcb: The archive can also be created on a remotely mounted file system  such as an NFS mount.
<sommer> I'm working on a backup section for the serverguide
<nealmcb> yeah - "remote file system" or "file system mounted from another machine"
<sommer> nealmcb: cool, that sounds better to me to.
<sommer> thanks man
<nealmcb> hey - you're doing the work :-)  thanks
<Goosemoose> trying to install edubuntu from preseed on network, client reboots to a black screen after install though. any ideas?
<zul> nealmcb: i would say yes
<fujin_> anyone familiar with Munin?
<oly-> i have used it before
<oly-> nice and easy to setup as well
<fujin_> oly-: are you familiar with aggregating/summing graphs?
<fujin_> I believe I've got the aggregating working fine, but; summing doesn't want to work
<fujin_> If you would, could you please take a quick look at http://rafb.net/p/qFrRVl88.html ?
<fujin_> http://provdb.maxnet.net.nz/munin/mx-in/mx-in.html#Postfix
<oly-> sorry, thought you was on about another program just realised munin is the monitoring program
<oly-> some one else has probably used it though
#ubuntu-server 2007-12-11
<fujin_> anyone run Munin, in particular postfix_mailstats?
<danp> yeah
<fujin_> you do?
<fujin_> danp: ping
<danp> i do
<fujin_> I'm trying to get postfix_mailstats on 3 servers
<fujin_> into one 'total' mail throughput graph
<fujin_> know how to do that?
<fujin_> the documented methods aren't working
<danp> i think i've seen examples but i've never tried it myself
<fujin_> Damn.
<fujin_> it looks like munin has gone stale aswell
<fujin_> bloody hell
<stansmith> i just installed ubuntu-server, and then i did "sudo apt-get install xorg gdm fluxbox", but flux is owned by root and i cant configure anything as a normal user, where did i go wrong?
<Sier> you did wrong by leaving the channel.
<nealmcb> Sier: well, this is the wrong channel for flux questions....
<Sier> =x
<Burgundavia> lots of people ask questions and then leave
<Burgundavia> I have been guilty of it a few times myself
<kgoetz> itll be one of those 'server needs gui so using flux' people
<zul> heh twm would be better
<fujin_> anyone around familiar with munin / postfix_mailstats?
<fujin_> anyone know *anything* about munin?
<antdedyet> fujin_: I used munin a little a long time ago on debian
<fujin_> heh
<davekempe> munin is a monitoring system or something right?
<fujin_> graphing
<davekempe> like cacti
<fujin_> yeah
<fujin_> like cacti, except without the bloat
<fujin_> http://provdb.maxnet.net.nz/munin/
<antdedyet> fujin_: are you just telling us about munin? :)
<fujin_> antdedyet: no, davekempe was asking about it
<fujin_> i had an issue which i've sinced resolved through hackery
<antdedyet> ah ok ...
 * antdedyet goes back to finding a way to put mutliple gigabytes of data inside a kvm image without waiting on the slow network throughput ... seems like a loop mount could work
<davekempe> antdedyet, do you know of gigabit NIC support in kvm?
<antdedyet> davekempe: no, I don't think I've explored that far yet ... the qemu man page only lists low-level driver names for supported nics, but I don't yet normally recognize a gigabit chipset by it's name and haven't considered journeying further when it just seems there should be a way to mount an image's filesystem and dump a file in there at disk io speeds.
<davekempe> sure but you will have to take the guest offline
<antdedyet> davekempe: that is definately a problem. I guess most situations may not have kvm running on a laptop.
<davekempe> the only solutions i have seen for sharing a file system with a kvm guest and host involve a network file system like smb
<antdedyet> smb is just as slow as apache or rsync over ssh...
<antdedyet> I guess if kvm were to have special hooks for a shared disk, it wouldn't continue to necessarily be the type of virtual machine most expects.
<davekempe> yeah openvz is more like that :)
<davekempe> 40ru for main site
<davekempe> 25ru dr site
<davekempe> thats with the coolhreads boxen. less ru, less power, more work done
<Bawbatos> anyone tell me why trying to stop bind or shut down hangs bind for like 10 mins
<Bawbatos> can my firewall keep bind from stoping
<nictuku> Bawbatos, unlikely
<Bawbatos> yah. okay.
<nictuku> Bawbatos, how busy is your DNS server?
<Bawbatos> home box. just installed
<nictuku> Bawbatos, oh.
<Bawbatos> root@cork:/home/rahafeez# /etc/init.d/bind9 stop
<Bawbatos>  * Stopping domain name service... bind
<Bawbatos> rndc: connect failed: 127.0.0.1#953: timed out
<Bawbatos> hum.
<nictuku> so it's not running after all
<Bawbatos> no it is
<Bawbatos> bind      4894     1  0 19:44 ?        00:00:00 /usr/sbin/named -u bind
<fujin_> firewall rules?
<Bawbatos> that is what i am thinking
<kgoetz> on loop back?
<Bawbatos> i hate iptables so much
<nictuku> Bawbatos, oh in that case it could be firewall rules
<kgoetz> your a little paranoid ;)
<nictuku> Bawbatos, preventing a connection to the loopback interface
<fujin_> iptables-save > poos
<nictuku> kgoetz, hehehe
<fujin_> pastie
<Bawbatos> no, i am not as far as i no.
<fujin_> iptables -F && /etc/init.d/bind9 stop
<fujin_> ;]
<davekempe> thats not firewall rules - your rndc.key file doesnt match the one specified in your config
<nictuku> davekempe, could be. but why the delay?
<davekempe> timeout on the init script?
<davekempe> it doesnt actually stop it
<Bawbatos> i hate iptables!
<Bawbatos> if i have a script i wrote for iptables, what is the best way to have the server run it at boot
<kgoetz> put it in /etc/networking/if-up.d/
<kgoetz> well. its simplest, probably not necesarily best
<Bawbatos> thanks
<Bawbatos> so if i put it there it just runs. i do not have to do anything else?
<kgoetz> make sure its +x
<Bawbatos> thanks.
<Bawbatos> will it run after all 3 interfaces come up
<kgoetz> it should run each time an interface comes up (hence being a little hackish)
<Bawbatos> ah okay thanks.
<Bawbatos> sorry going from PF to iptables and pulling my hair out.
<kgoetz> fair enough
<nealmcb> !jeos
<ubotu> JeOS (pronounced "Juice") is Just enough Operating System.  It is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. See http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos for more information.
<sommer> sweet
<sommer> !orangejeos
<ubotu> Sorry, I don't know anything about orangejeos - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<nealmcb> server team meeting in an hour and 10 minutes - #ubuntu-meeting
<nealmcb> :-)
<sommer> ahhh
<nealmcb> !mta
<ubotu> A Mail Transfer Agent (MTA) is the server software that sends and queues mail. "postfix" is the default MTA for Ubuntu, and "exim" is also officially supported. For help, read https://help.ubuntu.com/community/Postfix and https://help.ubuntu.com/community/PostfixBasicSetupHowto - See also !MailServer, !MUA and !MDA
<lamont> nealmcb: are you testing ubotu's response?
<nealmcb> !thunderbird
<ubotu> Thunderbird is a free email client, capable of close cooperation with Firefox (both by the Mozilla Foundation). To make Thunderbird links open in Firefox, see http://ubuntuforums.org/showthread.php?t=60427
<nealmcb> lamont: in #ubuntu-bots, ljl  is adding new factoids from the wiki page, and tying them in to existing ones.  I'm watching and demonstrating them here
<nealmcb> !mua
<ubotu> A Mail User Agent (MUA) is the application you use to read mail. Examples include Evolution, !Thunderbird and mutt. They are alternatives to programs like Windows Outlook. See also !MailServer, !MTA and !MDA
<lamont> kewl.
 * lamont -> office
<nealmcb> !mail server
<ubotu> Ubuntu provides mail client and mail server software of all kinds. You can install a basic email handling configuration with the "Mail server" task during installation or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/7.10/server/C/email-services.html
<nealmcb> sommer: Have you reviewed the community/MailServer page?  I thought it would be potentially more up-to-date which is why I listed both it and the latest ubuntu server guide.  but I think we also really want a way to refer to the mail section of the most recent ubuntu server guide
<nealmcb> !imap
<ubotu> IMAP and POP are protocols for fetching email. The officially-supported server in Ubuntu is Dovecot (packages "dovecot-imapd" for IMAP, and "dovecot-pop3d" for POP) - See also !MailServer
<sommer> nealmcb: I've stumbled accross it a couple of times.  I've done most of my updating on the "sub-pages" though Postfix, Dovecot, etc.
<sommer> nealmcb: when you say "most recent ubuntu server guide" do you mean the latest released version?
<sommer> nealmcb: or the currently version under development?
<sommer> s/currently/current
<nealmcb> released
<sommer> gotcha, I'll work on updating that page this week
<nealmcb> :-))
<nealmcb> !time
<ubotu> Information about using and setting your computer's clock on Ubuntu can be found at https://help.ubuntu.com/community/UbuntuTime - See https://help.ubuntu.com/7.10/server/C/NTP.html for information on usage of the Network Time Protocol (NTP)
<nealmcb> !proxy
<ubotu> #ubuntu and related channels prohibit access from proxy servers due to a high level of abuse. Project cloaks allowed: http://freenode.net/faq.shtml#cloaks
<ubotu> Attention tor users.  You may think you are anonymous, but you are not.  Please visit http://tor.unixgu.ru/ and see for yourself.   Please evaluate your need to use tor here on irc.  If you wish anonymity, Freenode offers cloaks of many different types. http://freenode.net/faq.shtml#cloaks
<nealmcb> !proxies
<ubotu> "Proxies" are services acting as intermediate agents in various sorts of Internet connections. Examples are !TOR, !apt-proxy, and HTTP proxies (such as "squid"). It is possible to install and use Ubuntu via some proxy connections: see FIXME
<nealmcb> !mda
<ubotu> A Mail Delivery Agent (MDA) is the server software for local delivery and rewriting of messages. The default MDA (and !MTA) on Ubuntu is !postfix ("procmail" or "dovecot" can also be used). See also !MailServer and !MUA
 * lamont grumbles about nealmcb highlighting him.
<lamont> only minor grubleage.
<lamont> grumbleage even
<lamont> and gone
<nealmcb> what are your preferences related to highlighting?
<zul> uh when is the meeting again?
<soren> 20 minutes
<mralphabet> 20 minutes
<nealmcb> !proxy
<ubotu> Many Ubuntu IRC channels prohibit access from !proxies such as !TOR due to a high level of abuse. You can however obtain a hostmask cloak: see http://freenode.net/faq.shtml#cloaks
<ubotu> Attention tor users.  You may think you are anonymous, but you are not.  Please visit http://tor.unixgu.ru/ and see for yourself.   Please evaluate your need to use tor here on irc.  If you wish anonymity, Freenode offers cloaks of many different types. http://freenode.net/faq.shtml#cloaks
<nealmcb> https://wiki.ubuntu.com/ServerTeam/Meeting
<nealmcb> !smtp
<ubotu> Ubuntu provides mail client and mail server software of all kinds. You can install a basic email handling configuration with the "Mail server" task during installation or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/7.10/server/C/email-services.html
<ScottK> nealmcb: So Ubuntu provides Microsoft Exchange? (how about ... software of many kinds vice all kinds)?
<nealmcb> ScottK: aren't there some exchange-interoperation projects out there?
<ScottK> nealmcb: Sure, but we don't provide everything.  Just some things.
<mralphabet> nealmcb: that may be true, but ubuntu doesn't provide *all* software packages out there
<nealmcb> "Ubuntu provides a comprehensive variety of mail client and mail server software"?
<mralphabet> works
<ScottK> +1
<DM|> is it possible to run a graphical window through ssh -X on server without having to install GNOME and GDM?
<DM|> I want it rather lightweight, but I also want a graphical window for firestarter , would installing the GTK stuff weight down the server any?
<zul> it shouldnt
<DM|> cool
<DM|> but is it possible to run a graphical window through ssh -x to a ubnut-server without GDM/GNOME or other DEs installed
<DM|> ubuntu*
<nealmcb> sure - you just need the x11 libraries and such - though I'm not sure of the best package for that...
<nealmcb> DM|: perhaps libx11-6 is all you would need, with ssh forwarding
 * ScottK suggests whatever the standard metapackage is for xubuntu.
<nealmcb> ScottK: why include a window manager etc?
<DM|> nealmcb ok ill try that thanks
<nealmcb> hmm- maybe not....
<ScottK> nealmcb: Because it was an easy way to make sure he got everything he needed.  Dunno if it'd be the best way.
<nealmcb> most apps will want more than just x11 - at least gnome libraries etc for most - sigh
<nealmcb> e.g. last I looked for print server management, xubuntu didn't have something, though cupsys does it via http which works fine
<nealmcb> DM|: also, for hardy, the plan is to support ebox so  graphical admin via the web is easy
<DM|> i prefer ssh atm
<soren> nealmcb: That's what dependencies are for.. When he installs the gui thing he wants, it'll install all the stuff it needs to be able to run.
<soren> DM|: Just install whatever application you want + possibly xauth. That should be sufficient.
<soren> I'd be *very* surprised if that wasn't the case.
<DM|> :)
<DM|> I think ill just learn how to edit iptables, i need to anyway
<DM|> i wanted to run firestarted graphical
<DM|> firestarter*
<nijaba> sommer: for an install with all task, 1G min (vmdk size = 964M, df show 978M usage)
<nijaba> 958M usage
<nealmcb> soren: very true.  we haven't talked about that option much and I guess I'm just trying to figure out what fraction of the whole gnome or desktop tangle would be needed for e.g. gadmintools and whether it is a good option to document.  I'm guessing that it is, but it's just bigger than I thought at first
<sommer> nijaba: awesome thanks, should have that updated later today
<soren> If gadmintools needs something that it doesn't explicitly state a dependency on, that's a serious bug.
<nealmcb> nijaba: thanks!  I wonder what the big space users are there - seems bigger than I would have though
<soren> You should be able to just apt-get install whatever package and be ready to run it.
<nijaba> nealmcb: do you want a full du report? ;)
<nealmcb> soren: sure - I'm talking about recommendations and being forewarned about the size of the install.  but the tools should work!
<sommer> are there going to be any new install tasks for Hardy?
<nealmcb> nijaba: nah - just the results of the other 30 ways to install 5 tasksels :-)
<nijaba> nealmcb: by far, mysql seems to be the fattest
<nealmcb> interesting....  vs postgres?
<nijaba> nealmcb: postgresql is quite slim as a base install
 * nealmcb always liked postgresql
<Bawbatos> any good docs, or tools for setting up an server to server ipsec tunnel
<zul> check google?
<Bawbatos> yes, and like everything with linux there are 10000 differnet choices, etc.
<Bawbatos> i was hoping for, we use this tool on our server and it is great sorta answer.
<fujin_> I always find myself checking Gentoo's wiki, whenever I get stuck
<fujin_> as many community people write tutorials, example "ipsec site:gentoo-wiki.com"
<fujin_> http://gentoo-wiki.com/HOWTO_IPSEC
<nictuku> fujin_: indeed it's a wonderful resource
<fujin_> Bawbatos: all you really need are the ipsec tools ("racoon")
<Bawbatos> thank you.
<micahf> hey guys, how hard is it to squeeze ubuntu server onto a 1 gb drive?
<micahf> I don't need a GUI environment
<micahf> I just need to be able to serve files, perhaps run an HTTP server, and maybe stream audio
<ScottK> It should be quite doable depending on how much data you have.
<nealmcb> micahf: a bare-bones server install is just under 500 MB without the user data, logs etc
<nealmcb> ..or any services... :-)
<nealmcb> so it depends on what sort of server you want to run
<micahf> that doesn't seem too terrible
<micahf> primarily I want NAS
<micahf> so I'm leaning toward freeNAS
<micahf> but I would like to be able to expand in the future, maybe adding some other services
<micahf> especially audio/video streaming
<micahf> nealmcb: I have a small hard drive for storing things like logs and stuff that doesn't need to be too fast
<macd> I think you could build a smaller install fairly easy by just doing a debootstrap install then installing just what you need
<mjbrooks> am I supposed to be seeing the entire RAID5 array during the install?
<mjbrooks> I'm attempting to install Gutsy server on a Dell PE2650 with a Perc RAID controller, but when I get to the partitioning part of the install it's showing all 587GBs available... the controller is set up with RAID5, shouldn't that mean I see less than that?
<fujin> mjbrooks: that is odd, generally with the perc5i cards you should only see one disk
<fujin> are you sure it's configured correctly, saved your raid setup etc?
#ubuntu-server 2007-12-12
<theunixgeek> What can I do with a newly-installed LAMP server? :)
<theunixgeek> (I've never done anything like this before)
<nictuku> theunixgeek, the coolest thing is to host web pages
<nictuku> theunixgeek, try installing a wiki software to begin with :-)
<theunixgeek> What wiki programs are available?
<theunixgeek> nictuku: To make something Wikipedia-ish, perhaps? ;)
<nictuku> theunixgeek, yeah. make a personal wiki
<MenZa> Mediawiki is nice.
<nictuku> like a "notepad on steroids"
<theunixgeek> MenZa: Is it available from apt-get?
<MenZa> theunixgeek, probably is; I'm not sure. I prefer to install the original packages.
<MenZa> !find mediawiki
<ubotu> Found: libparse-mediawikidump-perl, libwww-mediawiki-client-perl, mediawiki, mediawiki-extensions, mediawiki-math (and 6 others)
<MenZa> Jep
<MenZa> Yep*
<theunixgeek> :P
<MenZa> !info mediawiki | theunixgeek
<ubotu> theunixgeek: mediawiki: website engine for collaborative work. In component universe, is optional. Version 1:1.10 (gutsy), package size 1 kB, installed size 32 kB
<theunixgeek> MenZa: does that mean it's preinstalled? :O
<nictuku> theunixgeek, no it's not
<theunixgeek> Ok.
<theunixgeek> How do I get a domain for my server box?
<MenZa> You purchase one. :)
<theunixgeek> How? Like if I get one from GoDaddy.com, how will I be able to apply it on my machine?
<nictuku> theunixgeek, then check if other people on the internet can reach you on port 80. depending on how is your connection, that may not work
<theunixgeek> nictuku: I have two computers, so I can check it more easily like that :)
<nictuku> theunixgeek, you'll point the hostnames for that domain to your servers' IP. is your IP dynamic or static?
<theunixgeek> nictuku: I'm guessing dynamic since it changes
<nictuku> theunixgeek, not if they are on the same local network
<theunixgeek> nictuku: oh.
<nictuku> theunixgeek, go to http://checkip.dyndns.org
<theunixgeek> ok. I have it :P
<nictuku> your IRC whois shows your address is c-71-203-10-234.hsd1.fl.comcast.net / 71.203.10.234. and this address has port 80 filtered
<theunixgeek> nictuku: what does that mean?
<theunixgeek> by having a port filtered?
<nictuku> so you'd have to make your site accessible from a different port if you want people on the internet to reach it
<theunixgeek> ok
<theunixgeek> Wow, this is a lot of info :P I'll come back later when I've installed it. I just wanted to get a sneak peek of what I'm able to do.
<theunixgeek> Thank, all :)
<nictuku> theunixgeek, your ISP prevents you from using your server to host HTTP content in the standard port. it's a way to make you pay for a more expensive connection
<theunixgeek> nictuku: lol :P
<theunixgeek> thank you!
<nealmcb> nictuku: so did you just get no response to a port 80 probe?  perhaps he has a local firewall or modem doing that?
<nictuku> nealmcb, perhaps.
<fujin> anyone versed in the ways of redhat-cluster-manager / gnbd + gfs?
<Bawbatos> is the kernel build with what is need for ipsec out of the box.
<ScottK> nictuku: That's also, I'm pretty sure, a dynamic IP which causes another set of problems.
<kgoetz> fujin: #redhat :)
<fujin> kgoetz: It's the only supported cluster suite in Ubuntu
<fujin> (in main)
<kgoetz> fujin: i didnt know there was a supported cluster suite
<fujin> You fail.
<kgoetz> hm....
<kgoetz> cheers
<fujin> np
<kgoetz> yw
<Centaur5> Ever since I quit using firestarter on my server and used a custom iptables script I'm no longer able to go to apple.com, msn.com, hotmail.com, or windowsupdate.microsoft.com. Can anybody give me an idea of why this is happening?
<nictuku> Centaur5, can you resolve DNS? try pinging those hosts from the server and see what happens
<Centaur5> I can't ping them cause they don't accept pings but yes they do resolve.
<Centaur5> The server itself can go to the sites but the clients can't.  I noticed in wireshark that when I try to go to those sites I get a lot of bad checksums on the GET request and also duplicate TCP packet transmissions
<fujin> clients?
<Centaur5> yes, the server routes the internet to the workstations from eth0 (ppp0) to eth1 and eth2
<fujin> can the clients get to the internet, at all?
<Centaur5> yes, it's mainly just the M$ sites and the apple.com site that don't work.
<kgoetz> any proxys running on the gateway?
<fujin> I had a similar issue along time ago, while routing a PPPoE connection through a linux gateway
<Centaur5> no
<fujin> something about the MRU/MTU PMTU or something in iptables
<fujin> no
<Centaur5> iptables script is here http://paste.ubuntu-nl.org/47896/
<fujin> tcpmss
<Centaur5> fujin: Do you remember what you changed to fix it?
<fujin> let me try and remember
<nictuku> Centaur5, sometimes you may require ICMP for some things work. like Path MTU detection
<Centaur5> It really makes me wonder why their websites are so much different than the rest.
<nictuku> Centaur5, can you enable ICMP temporarily and see what happens?
<Centaur5> nictuku: So you're saying that I should accept ping requests from outsiders?
<nictuku> Centaur5, not ping. ICMP is not used only for ECHO (ping)
<Centaur5> nictuku: Sorry, I'm not real familiar with different packet types and uses.  :)
<nictuku> Centaur5, in this case we're interested in the "can't fragment" message
<fujin> what's the policy on INPUT?
<nictuku> Centaur5, so just test that. it won't work
<nictuku> Centaur5, http://www.znep.com/~marcs/mtu/
<nictuku> Centaur5, I mean, it wont *hurt
<fujin> try enable all icmp
<Centaur5> nictuku: Okay, I'm currently googling for a iptables command to allow that but if you have one that would help.
<fujin> iptables -A INPUT -p icmp -j ACCEPT
<fujin> what's the policy on your input table?
<nictuku> yeah I was asking myself the same thing
<Centaur5> my policies are here http://paste.ubuntu-nl.org/47895/
<fujin> lol.
<fujin> no use having an allow ssh rule when you're already allowing everything
<nictuku> yeah
<fujin> anyway, the commands regarding tcpmss were:
<Centaur5> fujin: Well I temporarily disabled the block everything just for testing.  :)
<fujin> iptables -A FORWARD -i ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS
<fujin> iptables -A FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN --clamp-mss-tp-pmtu -j TCPMSS
<fujin> err
<fujin> s/tp/to/
<Centaur5> so --clamp-mss-tp-pmtu should be --clamp-mss-to-pmtu?
<nictuku> yes
<Centaur5> that still gives me an error saying Unknown arg `--clamp-mss-to-pmtu'
<nictuku> iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu
<nictuku> Centaur5, else try google
<Centaur5> I'm currently searching google.  The allow ICMP command didn't seem to make a difference.
<fujin> oh
<fujin> doh
<fujin> you'll have to -j TCPMSS before --clamp..
<Centaur5> that ran beautifully  :)
<Centaur5> Hmm...those websites still aren't working.
<fujin> hrghm
<fujin> maybe that wasn't it.
<fujin> It was something to do with tcpmss
<Centaur5> alright, well atleast I know what direction to go.  I've been working on this all day.  It's amazing that firestarter does something different than this script to make it work.
<fujin> fire up firestarter
<fujin> make everything work as you want
<fujin> and then iptables-save > save
<fujin> vi save
<fujin> take a looky :)
<Centaur5> fujin: maybe that's what I'll have to do.  I wish firestarter would give the option to share to 2 NICs that's the whole reason I had to search for this script.
<Centaur5> nictuku: I'm really slow.  I just barely noticed your message was different than the one fujin gave me.  That command worked beautifully and everything is working!
<nictuku> Centaur5, which one?
<Centaur5> Thanks nictuku and fujin!  I'm very glad I can quit googling this now.
<Centaur5> iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -clamp-mss-to-pmtu
<nictuku> Centaur5, cheers!
<Centaur5> I didn't look close enough to see that yours didn't specify the external interface.
<Centaur5> Just out of curiosity where do you learn stuff like that to come up with that command?
<nictuku> Centaur5, the Path MTU issue is well know. it's described in all relevant TCP/IP books
<nictuku> Centaur5, so I just googled for 'path mtu iptables' at google
<nictuku> take a look for example at http://blue-labs.org/howto/mtu-mss.php
<Centaur5> nictuku: I just got done eating.  I just finished a college class that taught a little bit about TCP/IP but didn't get advanced enough to help out that much in this situation.
<fujin> Centaur5: good work :{
<Centaur5> I'm guessing that none of the classes I take will get to that extent and I'll probably have to study all that on my own.
<fujin> All of the classes I ever took never taught me anything.
<fujin> and now I'm a high rolling linux systems engineer *g*
<Centaur5> haha, I'm not too surprised...I mean, this semester was a huge wake up call of how much I don't know but we also still didn't get near as advanced as I want to go.
<Centaur5> So did you mainly have to learn it all at your first job or what did you do?
<fujin> I've been using Linux for years
<fujin> I'm 20 now, started when I was 12?
<fujin> >.
<fujin> first job I inherited loads of poorly built linux systems
<fujin> which may have helped
<fujin> but really I probably learnt it by blowing away my pc numerous times over the year to try different distros and concepts
<fujin> and freelance shit across the net
<Centaur5> Well I didn't start playing with computers til I was 17 so I had a slow start compared to a few people I know and graduated with.  Also my problem is that I've never been able to play with anything that I can't afford.
<Centaur5> I've read that most people that have real experience rather than degrees are the ones making the better money though.
<fujin> Centaur5: that is true, in most parts of the world
<Centaur5> So that's the way that you did it?
<fujin> although I've seen multiple examples of the person with experience being out-paid and out-jobbed by others with qualifications
<fujin> yes, indeed.
<fujin> the only training I've received so far is training on a Dell (EMC) SAN
<fujin> :}
<Centaur5> haha, that's pretty cool
<Centaur5> I'm only taking classes that will give me experience I'm not going to bother with history and science....therefore, no degree for me.
<fujin> classes != experience unfortunately
<fujin> I was on shit pay for ages
<fujin> doing crappy repair work
<fujin> which I probably could have skipped with qualifications
<fujin> although I have seen many amply qualified Helpdesk operators.
<Centaur5> crappy repair work like in a retail store fixing residential machines?
<fujin> indeed :)
<Centaur5> Well that's a good way to experience a lot of bizarre problems.
<Centaur5> I do a little bit of work on some of the repairs brought in but I usually do the onsite work so you would probably hate my job.  :)
<antdedyet> is there an incoming ubuntu server that functions similar to incoming.debian.org?
 * antdedyet could use the kvm 1:55 pkg to get his vm going after some paths quit working after building from the kvm-source 1:55 pkg
<ScottK> Look in Launchpad.  It'll be there first.
<antdedyet> OK ... I will check. Updating the bios.bin symlink seems to be the temporary fix.
<antdedyet> the files to build 1:55 from source are there, but I guess there's a process that hasn't reached the point of putting the .deb for amd64 in the "File Download" section.
<antdedyet> my problems are fixed, just though soren would want to know
<Bawbatos> question - i come from openbsd where the ipsec tunnels get an interface. i just got a tunnel up using racoon. it seem that is not the way it is done under linux
<Bawbatos> the question is i have this in my logs - Dec 11 21:55:22 cork kernel: [ 7442.581865] RULE 6 -- DENY IN=eth0 OUT= MAC=00:50:da:bf:f5:e8:00:30:b8:aa:bb:b1:08:00 SRC=192.168.119.117 DST=192.168.22.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=61459 PROTO=UDP SPT=137 DPT=137 LEN=58
<Bawbatos> both the network 192.x are each side of the vpn, lan side, the rules is is my deny all. do i need to 1. put a rule that says, no nat for those [2. do i really define letting an rfc1918 address on the external interface? that would make no sense
<_ruben> sweet .. just found out that qmail is now in the public domain .. time for an ubuntu package i'd say ;)
<ScottK> _ruben: It's already in multi-verse
<Kamping_Kaiser> !info qmail
<ubotu> Package qmail does not exist in gutsy
<Kamping_Kaiser> guess i'll have to put effort into finding out about it *heh*
<_ruben> the !info trigger doesnt cover multi-verse then i guess?
<_ruben> hmm .. apt-cache search qmail doesnt show it on my ubuntu server and it has multiverse enabledf
<ScottK> https://launchpad.net/ubuntu/+source/qmail
<ScottK> apt-cache search shows binary packages
<_ruben> ah
<Kamping_Kaiser> http://packages.ubuntu.com/cgi-bin/search_packages.pl?keywords=qmail&searchon=names&subword=1&version=gutsy&release=all
<avatar_> _ruben: why do you want qmail?
<_ruben> been too long since i actively worked with apt
<_ruben> avatar_: its what im used to .. i like its speed and the way its configration works
<_ruben> grrr .. for some reason my remote X session died on my
<_ruben> hmm .. on launchpad the qmail package is marked as 'failed to build' on feisty/gutsy/hardy .. doesnt sound very promising
<_ruben> hmm .. build-daemontools is hanging .. bah :/
<_ruben> crap .. and it assumes the presence of /etc/inittab
<pteague_work> how's ubuntu-server for a production environment?
<mralphabet> uhh, great?
<leonel> pteague_work: Just Works !
<mralphabet> well . .. not great for .net development
<leonel> mralphabet: .net .. here is  .not ...
<mralphabet> I know ;)
<pteague_work> was just wondering if there were any issues that i should be aware of... i'm using it at home for my file server/test server, etc, but wasn't sure about production
<leonel> pteague_work:  just watch for the security for  universe packages  and if you can  send  patches :)
<pteague_work> it's got to be better than this blasted rpm crap & whm/cpanel !#%
<pteague_work> oh & did i forget to mention the current server being used has apache running as nobody:nobody? ;o)
<dendrobates> pteague_work: google uses it.
<pteague_work> uses which? ubuntu-server or whm/cpanel? =)
<pteague_work> i'm guessing the suggestion is to use ubuntu-server gutsy?
<leonel> pteague_work: an then upgrade to hardy  when released  in Apr   and stay there  for a long term
<stickystyle> pteague_work: if your still around, i use ubuntu as a production server on a dozen servers at work.  LTS (6.06) only though.
<pteague_work> k
<fujin> Centaur5: on your iptables yesterday, I noticed you weren't allowing in *all* established,related traffic
<fujin> which you probably should be
<alejandro> someone tested Xen 3.0 with gutsy? here it hungs up in xen-create-image when mounts the filesystem, any idea ?
<alejandro> https://bugs.launchpad.net/ubuntu/+source/xen-tools/+bug/161171
<ubotu> Launchpad bug 161171 in xen-tools "create image  - kernel panic " [Undecided,New]
<alejandro> yes
<alejandro> :(
<Centaur5> fujin: So you're saying that after a client connects to a web site iptables doesn't notice that?
<fujin> no, I'm saying you should have it for happy stateful behaviour ;)
<fujin> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
<fujin> iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
<Centaur5> fujin: Alright, well thanks for the tip I'll add it to my script right now.  I hope my class next semester covers iptables really well so I can be more fluent with this.
#ubuntu-server 2007-12-13
<lydgate> so i'm using ubuntu server for the first time, i like it a lot... but how different is it from debian? (which i've never set up)
<J-_> how hard would it be to create an Ubuntu mirror of torrents, and how much bandwidth would it suck up?
<Burgundavia> lydgate: development focus is a key difference. Ubuntu Server is designed to be easy to setup and administer
<Burgundavia> J-_: I don't know what you are getting at?
<Burgundavia> are you talking about mirroring ubuntu isos or illegal content?
<J-_> ubuntu isos
<J-_> if it's possible
<lydgate> running any torrent client will do that
<J-_> why would I mirror illegal content?
<lydgate> that's the whole point of torrents
<lydgate> if you set it up properly you're uploading
<lydgate> the client will allow you to determine how much bandwidth is used
<J-_> cool
<J-_> I just have a server that I really have no use for anymore(I hosted a blog) and don't really want to anymore since it's a waste. I can do it elsewhere for free like wordpress, etc..
<lydgate> Burgundavia: interesting. i'm coming from slack/arch to it, and i do find it very easy... but a friend who uses all debian servers asks why i would use ubuntu
<lydgate> J-_: and you have ssh access? or what?
<J-_> lydgate: yep
<Burgundavia> J-_: it is pretty easy, but the question about bandwidth can be answered this way: try it
<Burgundavia> if you are seeding off the main seeds, you are likely to get a great deal of traffic
<lydgate> then just get ctorrent (bad) or rtorrent (good) and leave it running
<Burgundavia> lydgate: a lot of the work ubuntu does builds off what debian does
<Burgundavia> they do great packaging of individual apps
<J-_> kinda blows my mind "illegal content" was ruptured when I asked.
<Burgundavia> that is a large use of bittorrent
<Burgundavia> and having never met you, given you just joined the channel, I had to ask
<J-_> heh besides it's o4o, and probably against the CoC and also noting the ubotu piracy factoid.
<lydgate> Burgundavia: yeah, I'm finding the ability to apt-get (almost) everything is what makes it all easy
<lydgate> in arch or slack you still end up compiling a lot of stuff
<lydgate> which is fine sometimes
<lydgate> just depends what you want to do i guess
<leonel> lydgate:   http://www.youtube.com/watch?v=F6L51uZjaZU   :)
<lydgate> hehehe
<fujin> win
<fujin> although in our office, we'd more likely be playing Office Cricket.
<fujin> which involves cricket, and office chairs
<ScottK> lydgate: IMO the big difference between Ubuntu and Debian on servers is that ubuntu-server is largely a stabilized version of the Debian development branch and so if you need stuff not in the Debian stable release, ubuntu-server's a good place to be.
<ScottK> OTOH, if Debian Stable covers what you need, then it's not a big deal either way.
<ajmitch> fujin: sounds like fun
<ajmitch> our office isn't quite big enough for that
<lydgate> ScottK: yeah, i like stuff newer than stable typically
<lydgate> which is i guess why i'm using arch :)
<lydgate> for my workstation
<fujin> is Gutsy using exim now by default, instead of postfix?
<ScottK> fujin: Ubuntu does not include an MTA at all by default.
<fujin> yes, but when you pull a package that requires an MTA of some sort
<ScottK> fujin: Postfix is the standard MTA for ubunt-server though.
<fujin> in feisty it pulled postfix
<ScottK> It depends on the package you install.
<fujin> but, upstairs on a gutsy desktop yesterday I tried to install mailx and it went to pull exim4
<ScottK> Most such packages have either exim4|mail-transport-agent if they are straight from Debian or postfix|mail-transport-agent if we've touched them.
<fujin> makes sense :)
<ScottK> So it's a function of whatever package you choose to install first needing an MTA.
<ScottK> There has been an attempt by soren to get Debian to invent a default-mta package in Debian so derivatives can pick without a lot of hassle to change dependencies.
<ScottK> It solves this exact use case.
<fujin> ah yep
<fujin> not sure why debian is so exim-happy
<ScottK> Exim isn't bad.  I'm not a huge fan of it for my needs, but it's not like it's qmail or sendmail.
<fujin> that's true
<ScottK> Both Debian and Ubuntu balance between exim4 and postfix.
<ScottK> I think usage in Debian is pretty evenly split among developers
<ScottK> Here Postfix and Exim4 are both in Main (Sendmail is in Universe).
<lamont> ScottK: debian policy says that you depend on the standard-pri package, or virtual-package.  in debian, taht's exim4, not postfix.
<lamont> in ubuntu, it's postfix, and several packages are "incorrect" in depending on exim4.
<lamont> hrm.. that reminds me, I need to review and upload default-mail-transport-agent so we can sync it.
 * lamont goes to fetch kids
<ScottK> lamont: Yes.  I know.
<soren> lamont: Did you ever grab that package I posted a link to?
<NineTeen67Comet> Hello all .. Is there a good way to watch my server's data via something like Munin? I "tried" Gkrellm but I'm not sure how to get it to display on my client from the server .. Nagios? I see it but I can't figure out how to "use" it .. ideas?
<NineTeen67Comet> data like CPU temps, Network data, and of course loads...
<soren> Why are you looking for something like munin instead of just using munin?
<NineTeen67Comet> soren: Munin works good and I use it. but it doesn't monitor cpu temps .
 * NineTeen67Comet Munin monitors all my computers via my server.
<fujin> I'm certain you can configure munin to use lm_sensors?
<fujin> yes, indeed
<fujin> sensors will let you monitor through stuff through lm-sensors
<NineTeen67Comet> fujin: I'll go check on that .. I have lm_sensors installed already ..
<NineTeen67Comet> Looks like my mobo/cpu is too old to have built in sensors .. sa-la-vi I guess .. :(
<NineTeen67Comet> Sounds like I have a good reason to "upgrade" my server .. hehehehehe
<osmosis> how difficult is it for me to setup some sort of local smtp server so I can send msgs without needing someone elses smtp.
<fujin> apt-get install postfix
<fujin> dpkg-reconfigure postfix
 * NineTeen67Comet e-mail has always kicked my butt, called me a sissy and told me to go play darts with water baloons ..
<fujin> the dpkg wizard in postfix will point you in the right direction
<fujin> 'wizard'? :P
<osmosis> fujin: cool, so postfix is the way to go ?
<fujin> well
<fujin> it's kidn of like a vi vs. nano debate, right?
<fujin> you could pick postfix, exim, sendmail, qmail
<fujin> whatever..
<fujin> postfix is easy, and the dpkg configuration will get you up-and-running, delivering mail with no hassel at all
<osmosis> fujin: well...the way i understand it, exim isnt at stable, and qmail has a bad license.
<osmosis> so postfix must be the way to go.
<fujin> Postfix is nice.
<osmosis> fujin:     No configuration             Internet Site                           Internet with smarthost              Satellite system               Local only
<infinity> In who's world is exim "not stable"?
<osmosis> I think Internet Site is what I want
<fujin> osmosis: read what it says!
<fujin> internet site delivers and receives mail directly (via DNS MX records)
<fujin> internet site with smarthost receives mail directly, but delivers through another server (relay)
<fujin> satelllite system doesn't receive mail at all, it only delivers through a relay
<fujin> and local only is for user->user (i.e.; cron) mail
<osmosis> fujin: cool
<_ruben> and qmail got stripped of its bad license as well .. at last
<fujin> shame it's terrible anyway.
<antdedyet> == fujin ...
<J_5> anyone have any idea why mysql wouldn't install /etc/mysql/my.cnf or /etc/mysql/debian-start/ when I use apt-get install?
<fujin> mysql is a metapacakge I think?
<fujin> you want mysql-server-5 or similar
<J_5> so, apt-get install mysql-server-5  ?
<_ruben> fujin: once you set a ton of patches loose on it, it's actually not so bad imo
<fujin> J_5: something liek that
<fujin> _ruben: vs. no-patches Postfix? :)
<_ruben> fujin: i wasnt saying its perfect ;) .. but i also must admit i havent given postfix the ammount of attention it might deserve .. we've been using qmail for ages, and that's im used to work with now
<fujin> as is the way with most engineers/admins :)
<_ruben> guess so yeah :)
<_ruben> and this admin is sitting at home .. at 4:38am .. waiting for a customer to give a green light to complete their migration between 2 enviroments .. *sigh* :P
<fujin> agh
<fujin> hate that
<_ruben> if i had known it would take this long i might had concidered getting some shut-eye for a bit
<J_5> is it a good idea to apt-get dist-upgrade on a new install before I start reinstall my packages? So it doesn't mess anything up after I have everything installed and running?
<_ruben> it shouldnt really matter at what stage you'd do it .. doing it first shouldnt do any harm
<fujin> I generally do it straight away
<fujin> after installing
<fujin> especially as we're still in Feisty's life cycle here.
<J_5> ok thanks. I ask, because I did this the other night and then mysql stopped working after that. my i am a noob, so it my be me :)
<J_5> this is my thrid reinstall..i'm getting pretty good at that part lol
<pschulz01> Greeting.. I have a gutsy server which 'kind of' hangs on reboot at 'starting syslog' stage.
<fujin> install syslog-ng! :D
<pschulz01> Has anyone seen'heard of this sort of thing?
<pschulz01> fujin: Is this a well known issue?
<fujin> no idea
<fujin> I always replace the ubuntu standard syslog with -ng
<fujin> as I'm more familiar with it and prefer it
<pschulz01> I kill 'syslogd' and then everything else continues to load.
<sommer> pschulz01: can you start syslogd after you've booted the system?
<pschulz01> Whan I try and restart by hand (/etc/init.d/syslogd restart) I get 'syslogd: Unknown priority name 'exec'
<pschulz01> The odd thing is that this is only on the console..
<sommer> pschulz01: mmm... it smells like a config issue.  I found this: http://www.freebsddiary.org/syslog.php
<pschulz01> Ahh..
<pschulz01> Running it from an ssh session causes it also to be displayed on the console.
<sommer> pschulz01: it may be a tabs v. spaces thing in your config file
<pschulz01> (not to the ssh window)
<pschulz01> ha ha! somer.. you are a genius!
<pschulz01> Trailing '/' on one of the options
<sommer> pschulz01: heh... it happens
<pschulz01> Located just after the line '# Modified by x'
<pschulz01> Where x is going to receive some counciling sortly.
<pschulz01> shortly.
<sommer> heh... least they documented who made the change
<pschulz01> It was followed by '# This didn't work.'
<sommer> lol... that's pretty awesome
<J_5> why does it ask me to cd everytime I use apt-get now? Can I change this? The most up to date packages are not on the CD, correct?
<_ruben> comment out the line in /etc/apt/sources.list
<J_5> oh ok, thanks
<pschulz01> Kamping_Kaiser: Ping
<pschulz01> sommer: I spoke to soon.. my syslog problem is still there. (Although the error message ehas not gone away.)
<pschulz01> How do I reinstall a package and force it to replace the config files with their default packaged files?
<pschulz01> Something like 'apt-get  install --reinstall <package>' appears to work.. but does it replace the default files?
<antdedyet> pschulz01: you can 'sudo apt-get remove --purge <package> && sudo apt-get install <package>'
<pschulz01> antdedyet: Unfortunaely there are a lot of other packages that depend on sysklogd and klogd.
<pschulz01> Hmm.. maynbe apt-get  install --purge --reinstall <package>
<antdedyet> pschulz01: I'd disclose my practice of 'sudo dpkg --purge --force-all <package> && sudo apt-get install <package>' but it should be handled with care. :)
<antdedyet> That last one is probably the reason Ubuntu wants to hide the command-line.
<ScottK> antdedyet: In what way does Ubuntu hide the command line?
<antdedyet> ScottK: well ... Debian doesn't come with X! :)
<ScottK> antdedyet: ubuntu-server doesn't either.
<ScottK> antdedyet: Notice which channel you're in.
<antdedyet> ScottK: I'm sold on Ubuntu (even to the point of spooling out a few servers based on it), you won't have to lecture me. :)
<ScottK> antdedyet: Fair enough.
<antdedyet> The only thing left in my house that isn't Ubuntu is an u2w SCSI disk separated from a controlling motherboard with Debian installed since slink.
<antdedyet> any servers going into my colo space will be Ubuntu server.
<ScottK> Cool.  I wouldn't mess with that one either.
<pschulz01> Now I'm really confused!!!
<antdedyet> nice to meet you ScottK ... you have an amazing resemblance to someone that wrote a web based SPF query tool I was using earlier this afternoon
<antdedyet> pschulz01: about?
<ScottK> antdedyet: Interesting.  It's a small world.  Glad you found it useful.
<pschulz01> I remove (rename) /etc/rc2.d/S10sysklogd and the system boots.. other than syslog not running.. but if I rename it to S12syslogd .. just to put it after S12dbus then the system halts on the scripts after that..
<pschulz01> which is bind
<pschulz01> This is just nuts.
<ScottK> pschulz01: Why are you moving it to S12?
<pschulz01> ScottK: 'cause it doesn't work at S10
<ScottK> OK.  Mine's at S10 and working.
<antdedyet> Mine's also at S10 and working.
<ScottK> So whatever your problem is, I don't think that's it.
<pschulz01> ScottK: System is hanging on bootup, at the S11klogd.. if I stop sysklogd manually then book progresses and completes.
<pschulz01> antdedyet: I have 10 other machines that work as well :-/
<ScottK> OK.  I don't know what your problem is, but I really think moving the init scripts around is barking up the wrong tree.
<pschulz01> ScottK: (1) I know that leaving out sysklogd from the boot sequence allows the system to boot.
<pschulz01> (2) I need start sysklogd at some stage.
<pschulz01> (3) I would really like ot ge tto the bottom of this :-)
<antdedyet> will sysklogd start after the system boots if you manually run 'sudo /etc/init.d/sysklogd start' ?
<antdedyet> Yes, that the time after you have disabled the init script, but you really should consider learning 'update-rc.d' to handle that for you.
<antdedyet> s/that/that's
<antdedyet> ScottK: Things would have been much better if the authoritive dns server for the txt records wasn't tinydns (and also even possibly nicer if the SPF type record was supported)
<ScottK> Ah.
<ScottK> antdedyet: Type SPF has virtually zero deployment.  I wouldn't sweat it to much.
<pschulz01> I'm trying a syslog.conf file from another machine that I know is working (waiting to reboot).. one hit was that there was a complaint about /dev/xconsole not exisitng.
<ScottK> We knew it would never get deployed, but adding it was enough to appease the IETF DNS gurus who knew the internet would melt if we didn't.
<pschulz01> I commented that out..  still no luck.. same issue.
<antdedyet> Talk about liking self-induced pain: I was working for DJB based client (qmail, tinydns, daemontools, although, I don't think rblsmtpd is in the mix) that can't send email to hotmail.com/msn.com. That's how I spent the first part of this week.
<ScottK> Yum.  Well no one can send mail to Hotmail reliably unless they are mass marketers who pay to play.
<antdedyet> pschulz01: so the init scripts definately re-installed after the 'sudo dpkg --purge ...' ?
<antdedyet> pschulz01: because my sysklogd init script makes the /dev/xconsole device and prepares it for use
<antdedyet> pschulz01: see create_xconsole()
<antdedyet> pschulz01: (in the sysklogd init script)
<pschulz01> antdedyet: I don't think the init scripts did get re-installed.. conf file certainly didn't/
<pschulz01> gutsy?
<antdedyet> pschulz01: gutsy desktop ... what have you got?
<pschulz01> antdedyet: It was an alternate install.. had some odd SAS driver to deal with.. DELL 1950 1RU
<antdedyet> pschulz01: also shows up in gutsy server
<antdedyet> ScottK: Maybe the SPF query-type will gain some traction with the IETF in the future now that the statement has been made.
<ScottK> antdedyet: Maybe, but it's got a serious chicken-egg problem.  Particularly as there are brain dead resolvers out there that don't respond at all to queries about unknown types.
<ScottK> Because of that you have to look up TXT no matter what SPF tells you, so why bother?
<antdedyet> ScottK: I continued to wonder why there wasn't a way to query more sub-types like you can with chaosnet (version.bind is the only example that comes to mind), but my thinking was probably influenced entirely too much on microsoft-ism at the time...
<lousygarua> is there any security risk in running `ssh-keygen` on a remote server?
<pschulz01> lousygarua: For user keys? or server keys?
<ScottK> antdedyet: Dunno, but the biggest impact is time, not packets anyway.
<pschulz01> lousygarua: No risk at all.. as long as you don't copy private keys around afterwards.
<lousygarua> pschulz01: not sure. i'm setting up a script for remote backups between servers over rsync+ssh. so i'm creating an ssh key on my server remotley because i'm not in office.
<lousygarua> pschulz01: yes it does not sound risky to me i just recalled i read somewhere DONT CREATE KEYS REMOTELY but i might have been sleepy
<ScottK> lousygarua: How are you connected to the machine?
<pschulz01> lousygarua: No problem at all.. provided you do the key generation on the machine that you plan to login 'from'.
<lousygarua> ScottK: via ssh
<pschulz01> lousygarua: You don't want to be moving private keys over the network.
<antdedyet> lousygarua: If you are using ssh to connect to that remote server that you are running ssh on, you are fine. A pro (although albeit minor) of running ssh-keygen over ssh is that ssh data used  xfer contributes to the entropy pool used for generating the new key pair.
<antdedyet> s/used/used for the/
<ScottK> lousygarua: OK.  As long as it's not telnet or something.
<antdedyet> s/running ssh/running ssh\-keygen
<lousygarua> antdedyet: oh so it's not a REAL problem because i'm not the pentagon
<lousygarua> here's another funny question, i seem to have the old ssh private key, what's the command to generate a public key out of it (rtfmlazy)
<antdedyet> I don't know. <-- rtfmlazy too
<lousygarua> ok well thanks everyone :)
<antdedyet> ScottK: Ah ... I am not yet that familiar with SPF. Today was the first time I had a reason/chance to implement it and from what I read, the visual effects of it publishing a SPF record only keep my senders' emails out of the Junk/Spam Folder of hotmail.com. But I know I'm overlooking the technical advantages of an sysadmin/netadmin of it in this statement.
<antdedyet> lousygarua: ssh-keygen -y
<antdedyet> lousygarua: or some variant of that
<lousygarua> antdedyet: oh cool :)
<antdedyet> lousygarua: ssh-key -y -f priv_key
<antdedyet> prints to STDOUT, methinks
<lousygarua> yeah
<lousygarua> thanks
<antdedyet> np
<ScottK> antdedyet: As far as Hotmail goes, maybe, maybe not.
<antdedyet> ScottK: There's that too.
<ScottK> antdedyet: They do lots of strange stuff, so no guarantees.
<ScottK> antdedyet: As a domain owner, a complete (ends in -all) SPF record is a good way to deter spammers from using your domains.
<antdedyet> ScottK: In a certain way, I really wish people would take the psychological approach of boycotting Microsoft and all it's deritivies.
<ScottK> antdedyet: As a receiver it's a good way to reject during SMTP (when it's cheap - before DATA even) a class of mail that's almost certainly (~99% in the data I've seen) junk.
<ScottK> SPF's biggest drawback is that it's complicated and even 99% right isn't enough for some services/companies.
<antdedyet> ScottK: ah, good... I used the openspf.org wizard to create the first records I did today, which included the -all for my bind backed domains and an ~all for the tinydns served ones.
<antdedyet> The biggest resistance I had to adopting SPF early was the availablity of format/syntax documentation.
<ScottK> antdedyet: Just keep in mind that the wizard is not very smart.  It can and will lead you astray.
<ScottK> The SPF record syntax is just a fancy way to come up with a list of IP addresses that a domain is authorized to send from.
<ScottK> antdedyet: When you have a choice, what MTA do you use?
<antdedyet> ScottK: I use Postfix for myself and recommend it to as many of my clients as possible when they do a server rebuild/replacement/redesign
<nealmcb>  lousygarua, antdedyet  huh - that openssh -y option is odd.  as far as I know you can't generate a public key from a private key - that would be a huge security issue - instead you generate both at the same time.  I'm guessing openssh stores both public and private keys in the private file, and the -y option extracts it rather than regenerating it.
<ScottK> antdedyet: Yeah.  Me too.  For SPF checking we've got several policy servers you can use that are easy enough to integrate.
<nealmcb> seems like the man page gets it right and the faq confuses private file with private key
<lousygarua> nealmcb: i know that you can generate public keys from ssl private keys as well with openssl
<lousygarua> nealmcb: so they really save the public key along with the private key somewhere?
<nealmcb> that's my guess - just semantics, but that's a scary way to document it
<lousygarua> maybe mathematically the keys are not the exactly same
<nealmcb> they are opposite sides of the coin, and if you could make the public key from the private key, you could also make the private key from the public key....
<nealmcb> would would be really bad :-)
<lousygarua> we should consult the high ubuntu mathmeatician
<nealmcb> who?
 * lousygarua looks left and right, and still has no idea
<antdedyet> lousygarua: there is no different in the keys generated that I tested.
<antdedyet> s/keys/public keys
<nealmcb> ?
<antdedyet> s/different/difference
<antdedyet> nealmcb: tested the theory of the generated public keys being different from openssh's -y option with an RSA key
<antdedyet> nealmcb: they were the same except for the comment at the end
<antdedyet> dropped that off and ran diff on it; they came up the identical
<antdedyet> so the public key could definately possibly be stored in the private key
<antdedyet> or less like that my machine doesn't have enough entropy to generate a unique key, eheh.
<antdedyet> ScottK: Are your policy servers open or paid for or available to outsiders at all? # /me surfs to your site again
<ScottK> Open.
<ScottK> antdedyet: For Ubuntu you can just apt-get them.
<antdedyet> ScottK: Ahh, I see you are part of the openspf.org site Council and so forth.
<ScottK> Yes.
<nealmcb> antdedyet: I'd say " public key could definately possibly be stored in the private FILE"
<nealmcb> like the man page says....
<antdedyet> nealmcb: ah, my mistake. I know now.
<nealmcb> id_rsa is much bigger than id_rsa.pub - so that's my guess
<lousygarua> nealmcb: cool to know
<ScottK> antdedyet: If you decide you want to install SPF checking for your Ubuntu servers, https://help.ubuntu.com/community/Postfix/SPF
<ScottK> antdedyet: In general I recommend the Python one as it's more featureful.
 * ScottK is off to bed.
<antdedyet> ScottK: Ahh ... Just as you'd have it I would be installing the postfix-policyd-spf-perl package just because the name says postfix. After further inspection of the python-policyd-spf I see it is also for Postfix. Thanks. Have a good night.
<ScottK> antdedyet: Yes.  I plan to rename the binary package for the Python one.
<ScottK> Thanks.
<antdedyet> nealmcb: looks like the public key data is stored inside even a pem encoded private key file.
<vetrii> how to use scramdisk
<susscorfa> hi i have a ubuntu desktop with apache installed and i can reach it from the localhost but from other computers i can't access it
<lousygarua> susscorfa: you should check 3 things, first if your firewall is not blocking port 80
<lousygarua> susscorfa: then that apache listens on port 80 and not on 127.0.0.1:80 or something similar
<lousygarua> susscorfa: hmm and that's it. there's also an issue with permissions on a per-directory basis
<lousygarua> susscorfa: but if you get 404 instead of 'permission denied' it's probably one of the first things i mentioned
<susscorfa> ok ill check the firewall first
<susscorfa> ok it is firestarter thx lousygarua just have to find out how to allow port 80 to be allowed
<lousygarua> susscorfa: np, if you need more help ping me
<vetrii> how to use scramdisk
<vetrii> how to encryt my hard disk
<vetrii> i installed scramdisk
<vetrii> but i dont know how to use
<good_dana> what do i need to do to install on a sata raid with 6.06?
<Nafallo> install?
#ubuntu-server 2007-12-14
<owh> Is anyone else seeing a long boot delay, that is "Starting Up" shows for about 20 seconds before the splash screen shows (On a bare JEOS-gutsy install with IDE drive).
<owh> Initially I put it down to the resume image, but adding noresume to menu.1st just removes the error, not the delay.
<owh> Hmm, I've reread that question and it doesn't quite join the dots between line 1 and line 2, initially I thought the delay was the resume image, and the error I refer to is the kinit one, but while the noresume removes the kinit error, it does not speed up the phase between "Starting Up" and the splash screen appearing.
<nealmcb> owh: what vm are you running jeos on?
<owh> vmware-server
 * owh is checking the exact version.
<owh> 1.0.4-1gutsy2
<nealmcb> sorry I haven't tried that.  I do love the script in development at https://code.launchpad.net/~shawarma/ubuntu-jeos/trunk - much faster and easier than the iso
 * owh looks
<nealmcb> a simple shell script that uses debootstrap
<nealmcb> well - "short" shell script, with great non-simple magic inside
<nealmcb> gotta run to hear Jon Corbet give a kernel talk :-)
<owh> Tah
<nealmcb> more tips on that script at http://ubuntuforums.org/showthread.php?t=549222&page=4
 * nealmcb needs to get back to properly documenting that - so many fun things to do.....
<owh> Thank you!
<nealmcb> :-)
 * owh was chuffed with the https://help.ubuntu.com/community/JeOS
<Icehawk78> What would be the easiest recommended method for setting up an extremely basic mailserver on my server? The only ability I need if for it to recieve emails and be able to forward them to a PHP script. I need absolutely *no* other features than that.
<leonel> install nothing  and  then  apt-get install postfix  libapache2-mod-php5
<DM|>  what is the "find" command to locate files? not used to haveing no UI
<Icehawk78> I'm sure this is *not* the most efficient method, but I typically do this:
<Icehawk78> cd /; sudo find | grep (search terms)
<Icehawk78> It's probably inefficient, but it works.
<DM|> ah thanks
<DM|> Any of you have exp setting up a slimserver?
<The_Kernel> Hi, I'm trying to install Ubuntu server 7.10, and it stops at 83% and tries to download the kernel, is there no kernel on the disc?! ANd how do I get it to not do that?
<PanzerMKZ> not setup net connection
<PanzerMKZ> til after the box is up
<The_Kernel> I know, i already did that
<thomas__> is there a way to configure the network settings without using ifconfig
<owh> thomas__: Sorry to ask the obvious, but why?
<thomas__> because I'm not to familiar with ifconfig
<owh> thomas__: Do you have a dhcp server somewhere on your network?
<thomas__> no
<thomas__> I have to set it static
<nealmcb> thomas__: Is this a static config?  I'd think you'd want /etc/network/interfaces
<owh> thomas__: It depends, is this configuration once off, or permanent?
<thomas__> ok
<thomas__> I have a static IP
<nealmcb> there is probably a dpkg-reconfigure way to do it - hmm - which package...
<owh> thomas__: Yes, but are you just configuring your network temporarily, or permanently?
<thomas__> it should be a permanent connection
<thomas__> if that is what you're asking
<thomas__> permanently
<owh> thomas__: Then nealmcb is correct. You can set up your network in /etc/network/interfaces
<owh> thomas__: The format is described using this command: man interfaces
<thomas__> nice
<owh> nealmcb: I'm thinking the delay I'm seeing between "Starting up ..." and "Loading, please wait..." is a vmware-server thing, because I'm seeing it with also with the server and desktop installs as well as a jeos install.
<owh> s/with also/also/
<nealmcb> owh: remember - 90 seconds to build and boot a new vm with ubuntu-jeos and kvm....
<owh> nealmcb: It's extremely tempting but I have some hurdles. I've figured out how to check out the latest revision of the code (modified three days ago by nijaba) and I end up with a tree with stuff in it. How I make that into a package so I can install it I've not yet devined :)
<nealmcb> it is a really simple package, and last I looked you just had to run the shell script itself, after getting the other packages you needed.
<nealmcb> I have an older version in my ppa, but it has some vmware bugs IIRC
<nealmcb> and then my machine melted down and I haven't gotten back to getting that up-to-date :-(
<owh> nealmcb: Yeah, but this is going to end up on a production server and I don't really want to install 'loose scripts' if I can help it at all. I realise that this hasn't been released yet as a product, but making the tree into a .deb would be very welcome.
<nealmcb> the server would have the script on it?
<owh> nealmcb: Ironically the build commands are all there in the debian directory.
<owh> nealmcb: Yup, it's going to have several VM's on it and I'd like to have the ability to generate a new VM simply. At the moment I can duplicate a VM directory and rename it, but that's pretty awful.
<nealmcb> but yeah - installing via  packages, with man page etc, is the right way to go
<owh> nealmcb: Mainly because of ethernet adapters and host names.
<owh> nealmcb: I came across bzr-package, but I'm sure there is a magic incantation that I've missed.
<nealmcb> there are several incantations.... but it may be worthwhile to figure it out for other purposes.  I'm a newb myself there....
<owh> nealmcb: Of course googling for bzr-package helpfully removes the dash :(
<owh> Doh, when I say bzr-package, I mean bzr-builddeb
 * owh starts RTFM with renewed enthusiasm after nealmcb's recommendation that it's "90 seconds to build and boot a new vm with ubuntu-jeos and kvm"
<nealmcb> well, I don't think there is a way to change /etc/network/interfaces via dpkg-reconfigure.   probably just an installer option or something under certain circumstances.  and I know the topic has come up of making it a bit easier.
<nealmcb> anyway - time for bed!
<owh> Cheers and thanks for your help today.
<nealmcb> owh you do need apt-cacher and lots of memory and tmpfs to get that performance.  but still way more fun than installing isos....
<nealmcb> and hardware virtualization for kvm
<owh> nealmcb: That's cool, 4GB of RAM :)
<nealmcb> :-)
<nealmcb> hmm - I think I'm misremembering the timing - that was the time to make the vm.  booting was separate, but also quick especially assuming it is already in tmpfs memory
 * _ruben wonders if nealmcb brought his laptop to bed or smth... ;-)
<owh> ROTFL
<owh> nealmcb: Hey 90 seconds for a build is just fine and dandy.
 * owh wanders off to make some coffee.
<nealmcb> _ruben: LOL.  ok - teeth are brushed - now to SLEEP :-)   good thing caffeine doesn't seep thru the network....
<_ruben> hehe
 * antdedyet yawns ... 3:08am
<_ruben> hmm .. wonder if there's a way to get notifications when new packages (updates) are available (for those installed) and show the changelog of those as well .. guess it'll be a nice scripting challenge to add to my todo list :)
<owh> _ruben: You know about apt-changelog?
<owh> _ruben: Doh, apt-listchanges
<_ruben> not untill now .. i just did an 'apt<tab><tab>' .. but that doesnt show it
<_ruben> not installed by default i guess?
<owh> _ruben: Nope, but it's an apt-get install away :)
<antdedyet> _ruben: no, it's not installed by default.
<_ruben> just making sure :)
 * owh bangs head against the desk. How do I make a .deb from a bzr branch <url> download?
<_ruben> hmm .. lets see how this thingie works
<_ruben> hmm .. seems like its invoked during apt-get install .. which looks like a rather nasty hack to me .. tho maybe im not (yet) aware of more functionality
<owh> _ruben: IIRC, you can use it in a script as well.
<owh> _ruben: Yup, you can just give it a .deb
<_ruben> the docs are rather limited
<owh> man apt-listchanges seems to have lots for me.
<_ruben> perhaps im just not awake enough for it to understand .. i want to run a nightly script that checks for updates and shows me which updates are available (apt-get upgrade -s would do so) and also the news/changelog for those
<owh> _ruben: Well without actually doing it, IIRC you can configure apt-listchanges to email you with those details.
<owh> _ruben: Not only that, it will track which ones it's already told you about.
<_ruben> well .. i found the confirm option to ask whether or not to continue, but that forces interactive mode .. might be able to get away with piping an 'echo N' to it, but thats rather nasty id say
<owh> _ruben: Hold on a tick...
<owh> _ruben: You can configure it to have the front-end as mail, which is non-interactive.
<owh> _ruben: Are you reading the man page?
<_ruben> yeah .. also check how it 'integrates' into apt, and it seems to be 'pre-install' .. so it will be only be triggered when you're actually trying to install/upgrade .. doing apt-get upgrade -s for example doesnt trigger it
<owh> _ruben: One mo...
<_ruben> when enabling the confirm option in apt-listchanges, you can 'safely' do apt-get upgrade and then you're given the option to bailout .. but that introduces 2 interactive questions (asks twice to continue, one before downloading, one after listchanges)
<_ruben> it could very well be that im missing something obvious .. i havent used apt in ages (spend the last few years in rpm land (sles9))
<owh> _ruben: Hmm, seems there's also apticron and apt-cron :)
<owh> _ruben: You can run cron-apt to download all updates, then use apt-listchanges to mail the changelogs/news :)
<owh> _ruben: Note, that you won't need to install them.
<owh> Sorry, I'm with my head completely somewhere else, so can I leave you with it for the moment?
<_ruben> sure no problem .. i'll look into those
<owh> Tah
<_ruben> ah .. cron-apt and apticron ;) .. couldnt find apt-cron .. but the desc of apticron mentions cron-apt
<_ruben> but apticron might be exactly what i want
<owh> Doh
<owh> As I said, my head is somewhere else :)
<_ruben> hmm .. lets focus on my old qmail-sendonly first .. it requires an mta :p
<owh> ROTFL
<_ruben> before we switched to suse, we used debian woody .. ex-collegue made qmail and qmail-sendonly packages .. lets see if i can adapt those to ubuntu gutsy :)
<owh> _ruben: Why not just install an MTA?
<owh> _ruben: No point in re-inventing the wheel.
<_ruben> we use qmail on our bulkmail servers .. and i prefer using the same mta everywhere
<owh> _ruben: Here's an older guide, looks pretty sane: http://www.paralipsis.org/2006/03/ubuntu-qmail-howto/
<_ruben> well .. the qmail-src is present in multiverse so need to download the debs anymore .. its mostly the qmail -> qmail-sendonly patch i need to look into
<owh> _ruben: So you can then just download the source, use apt-get --build to make it :)
<owh> _ruben: Just don't get sucked into using the builder that comes with qmail, keep using the .deb approach, that way you can uninstall and upgrade it too :)
<owh> _ruben: What I mean with "the builder that comes with qmail" is, most likely it comes with a 'make install' option :(
<_ruben> well .. currently the ubuntu/debian way is: apt-get source --build qmail ; dpkg -i qmail-src ; build-qmail ; dpkg -i qmail (can be done by build-qmail script) .. build-qmail is part of the qmail-src pkg
<owh> _ruben: I'm guessing that the build-qmail makes a .deb file?
<_ruben> yes
<owh> All good then :)
<_ruben> yeah .. just need to include a ton of patches .. and kill the smtp part of the installer to create qmail-sendonly
<owh> _ruben: Perhaps this is the time to consider moving to a more supported application :)
<_ruben> true, back in the day when we chose qmail it was by far the best performing mta available
<_ruben> not sure if that statement still holds
<owh> I realise that you generally stay with what you know for support reasons, but if we always did that we'd still be running VAXen :)
<_ruben> few days ago we set a new 'personal' record .. 120k email sent in 30 mins
<_ruben> haha
<_ruben> our 'advertised' (what we tell managers) is 60+k email per hour
<_ruben> +speed/performance/whatever
<owh> Sounds like a sane margin of error :)
<_ruben> the performance averages between 80k and 100k most of the time .. 120k in 30mins is highly exceptional :)
<owh>  Big numbers :)
<_ruben> ecommerce hosting company .. tons of mailinglists :)
<_ruben> mailings of serveral 100k recipients are not that uncommon ;)
<owh> Yeah, just because you can have 100k recipients, doesn't mean you should :)
<_ruben> its all opt-in ... ok sure, tons of ppl check 'i want the newsletter' after ordering something and then start complaining they receive "spam" ...
<owh> Yeah, I understood that you weren't selling viagra :)
<_ruben> we do have some pharmacutical customers though ;)
 * owh is doing a ubuntu-jeos-build across a 2way vSat and it's taking a little while :)
<_ruben> vSat?
<owh> Satellite link. I travel around Oz with my dish and fix stuff.
<_ruben> nice
<owh> Been doing for nearly five years, lots of fun and you meet some really interesting people in the outback :)
<_ruben> downstream of sat isnt all that bad tho right? the upstream sucks donkeyballs afaik .. then again, that goes for all ozzie internet lines, the latter that is, the downstream of those suck as well ;)
<_ruben> judging from ur ircname i'd have guessed u're dutch
<owh> I've got a 1M/256K link, pretty nice.
<owh> My parents are, I was born in Oz, but speak fluent Dutch :)
<_ruben> ah nice :)
<owh> The latency is hard for some people, but it's better than 300 baud :) ssh is doable :)
<_ruben> can imagine
<owh> These days I have a 10Gb limit per month, so I don't even notice anymore.
<_ruben> here at work i got a darkfiber line which is supposed to be capped at 50Mbit at the upstream router and at 20Mbit at our router (but since our migration of firewalls i havent reinstated the policy) .. but yesterday i downloaded an ubuntu-server iso with 12MB/sec .. so i guess 50mbit cap aint working either :p
<_ruben> ah sweet .. on desktop i found a backup of my old workstation which has a backup of our old apt repository including the qmail-sendonly bin/src debs :p
<owh> Thing is, I can setup on the side of the road with a generator :)
<owh> And have :)
<_ruben> with fiber thats a bit harder indeed ;)
<_ruben> -rw-r--r-- 1 root           50   291336 Oct  9  2003 qmail-sendonly-src_1.03-24_all.deb
<_ruben> -rw-r--r-- 1 root           50   355354 Oct  9  2003 qmail-sendonly_1.03-24_i386.deb
<_ruben> been a while :p
<owh> Yeah, wouldn't really want to run those today.
 * owh needs to go and burn some fish on the BBQ. Nice meeting you.
<_ruben> well .. qmail's still at 1.03 .. so ;)
<_ruben> yummie .. bring me some .. its only like 15hr flight to .nl or so ? :P
<owh> Nothing like "sta(b)le" software,
<owh> Niet deze keer :)
<_ruben> hehe :)
<_ruben> well .. have a nice one .. en eet smakelijk :)
<_ruben> hrm .. my ubuntu-server 7.10 under vmware is having some disk i/o issues .. when i try to access files under /var/log (and possibly elsewhere as well) said process (like tail) hangs
<_ruben> top hangs as well .. odd
<_ruben> hmm .. found the cause: qmail .. which was installed from the ubuntu repo (multiverse tho)
<soren> _ruben: How would qmail cause top to hang?
<_ruben> soren: im not sure .. i had syslogd in D state ..
<soren> _ruben: Well, somehow you must have determined that it was qmail?
<_ruben> since it was a rather clean install .. qmail was the most probable suspec .. /etc/init.d/qmail stop unfroze the system
<_ruben> sudo didnt cache my credentials either .. so smth in the disk subsystem seemed to be screwed up
<_ruben> hmm .. bug?
<_ruben> Dec 12 20:30:50 ubuntu-test01 dhclient: can't create /var/lib/dhcp3/dhclient.eth0.leases: Permission denied
<_ruben> the dir /varlib/dhcp3 is owned by root .. dhclient runs as user dhcp
<_ruben> ignore the timestamp .. only just installed ntp on it
<soren> _ruben: You probably ran sudo dhclient at some point?
<CrummyGummy> Hi all, how do I map the dm-$ partitions back to my hdd for rebuilding an array?
<soren> CrummyGummy: Look in /dev/disk/by-id/
<CrummyGummy> That doesn't show the dm-$ it shows scsi-1ATA_HDT722516DLA380_VDBD1ATCDV6WAC-part1 -> ../../sdd1
<CrummyGummy> I need to see which partition is indicated by the following
<CrummyGummy> md1 : active raid1 dm-6[2]
<_ruben> soren: nope
<CrummyGummy> anyone? I really miss the days when it was just sda1 etc.
<_ruben> my /proc/mdstat lists sda1, etc
<CrummyGummy> Wow, the big cleanout...
<_ruben> grmbl .. wondered if i could reproduce that dhclient error .. did an extra install of gutsy in vmware .. this time syslogd isnt writing to any files .. wonder if there's an issue with the disk system provided by vmware to the guest (the host is suse machine)
<_ruben> hmm .. cant reproduce it .. dont see any diffs in rights either .. http://pastebin.ca/815908 shows some logs and ls of the dhclient stuff
<ivoks> Burgundavia: AD and single click solution for desktops are already there
<h4x0r7h1s> mysql on Feisty seems to not pay attention to grant tables now
<h4x0r7h1s> I created a user foo@'%' with a password, flushed privileges, reloaded the server
<h4x0r7h1s> user has no privs
<h4x0r7h1s> and he logs in only with a blank passord
<h4x0r7h1s> shit.
 * h4x0r7h1s just deleted debian-sys-maint
<ivoks_> bad move
<h4x0r7h1s> by accident, not sure how to auto-recreate it
<h4x0r7h1s> apt-get install --reinstall ???? what?  not mysql-server it seems
<ivoks> reinstall doesn't recreate tables
<ivoks> why don't you just add that user
<ivoks> username and password are stored in /etc/mysql/debian.cnf
<h4x0r7h1s> ivoks:  it has all kinds of interesting privileges
<h4x0r7h1s> I can just grant all
<ivoks> let me check
<ivoks> it has y,y,y,y,y,y,y,y,y,y,y,y,y,y,y,y,y,y,y,y,y,n,n,n,n,n
<h4x0r7h1s> ivoks:  if I add a user@'%' it gives that user no privileges, and a blank password
<h4x0r7h1s> if I add the user@localhost it give that user ... it works right.
<ivoks> to be honest, i never added user without password to mysql
<h4x0r7h1s> ....
<ivoks> not even with '%' for host
<h4x0r7h1s> jmoser@portal:~$ mysql -u root -p
<h4x0r7h1s> Enter password:
<h4x0r7h1s> mysql> GRANT ALL on *.* TO testme@'%' IDENTIFIED BY 'test';
<h4x0r7h1s> mysql> FLUSH PRIVILEGES;
<h4x0r7h1s> I can now log in as testme, but only with a blank password.  No privileges granted at all
<h4x0r7h1s> If  I use localhost instead of '%' it works as expected
<ivoks> wrong
<h4x0r7h1s> explain wrong.
<ivoks> grant all privileges on *.* to 'user'@'host' identified by 'password';
<h4x0r7h1s> '%' means all hosts
<h4x0r7h1s> % is wildcard
<ivoks> grant all privileges
<h4x0r7h1s> ah ok
<h4x0r7h1s> well
<h4x0r7h1s> I still can't use a password.
<h4x0r7h1s> so it's stil l broken.
<h4x0r7h1s> If I use phpmyadmin 2.11.3 to create a user, it also doesn't work (though it shows the user properly)
<h4x0r7h1s> jmoser@portal:~$ mysql -u testme -p
<h4x0r7h1s> Enter password: (test)
<h4x0r7h1s> ERROR 1045 (28000): Access denied for user 'testme'@'localhost' (using password: YES)
<h4x0r7h1s> using a blank password lets me in with no access.
<infinity> Do you have an entry for %@% with no privs?
<h4x0r7h1s> yes two that I didn't create
<infinity> Kill 'em.
<h4x0r7h1s> (there are other super user users that work)
<infinity> %@% can mess with other wildcard entries, IME.
<h4x0r7h1s> ok.  No idea why that's there
<h4x0r7h1s> stupid security wise
<infinity> Hysterical raisins, they've always shipped those.
<ivoks> hysterical? :)
<infinity> ("They" being MySQL AB, not us)
<infinity> Hysterical raisins = Historical reasons.  Sorry.  Too much nerd slang.
<h4x0r7h1s> that works
<ivoks> infinity: it sounded right :)
<h4x0r7h1s> infinity:  kefka?
<h4x0r7h1s> infinity:  r u lving 4ever, 4 no raisin?!
<h4x0r7h1s> thanks ivoks
<infinity> GAH.
<h4x0r7h1s> and infinity
<infinity> That hurts my brain.
<h4x0r7h1s> i am not a dba :(  so I don't know quite how to figure out what those last 4 privs are to tell phpmyadmin, and don't know the command in mysql
<h4x0r7h1s> but no matter
<h4x0r7h1s> (no, I shouldn't be administrating something I can't control, wtf)
<moos3> anyone wake in here
<ivoks> yes
<moos3> can anyone help me with openvpn?
<ivoks> maybe
<moos3> my client runs but server fails
<ivoks> there's /var/log/syslog
<ivoks> it has some info why it failed
<moos3> yeah its about the certificate, i made those tho
<moos3> and put them in the config like they should be
<ivoks> ok
<ivoks> so, what's the problem then?
<moos3> Dec 14 13:05:20 tibby ovpn-server[7389]: Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/server.conf:43: presist-key (2.0.9)
<moos3> thats the problem, its a vaildate option
<moos3> but it doesn't like it
<ivoks> you have only 'persist-key' right?
<moos3> persist-tun
<moos3> i have both
<ivoks> ok
<moos3> because thats what is in the sample
<ivoks> persist-key is a valid option
<moos3> yeah heres my configs http://ubuntuforums.org/showthread.php?t=640567
<ivoks> you are starting both client and server?
<ivoks> why?
<ivoks> on server start only server
<moos3> i'm not its doing it by default
<ivoks> that's cause you have both configs
<ivoks> open /etc/default/openvpn
<ivoks> and change AUTOSTART to "server"
<ivoks> stop openvpn before that
<moos3> k
<moos3> moos3@tibby:~$ sudo vi /etc/init.d/openvpn
<moos3> moos3@tibby:~$ sudo /etc/init.d/openvpn start
<moos3> Starting virtual private network daemon: server(FAILED).
<ivoks> check logs
<moos3> moos3@tibby:~$ sudo cat /etc/openvpn/openvpn
<moos3> Fri Dec 14 16:05:05 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar  2 2007
<moos3> Fri Dec 14 16:05:05 2007 Diffie-Hellman initialized with 2048 bit key
<moos3> Fri Dec 14 16:05:05 2007 WARNING: file '/etc/openvpn/keys/server.key' is group or others accessible
<moos3> Fri Dec 14 16:05:05 2007 TLS-Auth MTU parms [ L:1592 D:140 EF:40 EB:0 ET:0 EL:0 ]
<moos3> Fri Dec 14 16:05:05 2007 TUN/TAP device tap0 opened
<moos3> Fri Dec 14 16:05:05 2007 ifconfig tap0 10.8.1.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.1.255
<moos3> Fri Dec 14 16:05:05 2007 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:135 ET:32 EL:0 AF:3/1 ]
<moos3> Fri Dec 14 16:05:05 2007 failed to find GID for group nobody
<ivoks> don't past everything
<moos3> Fri Dec 14 16:05:05 2007 Exiting
<moos3> k
<ivoks> group is nogroup
<moos3> yeah I have that set as nobody:nogroup 644
<ivoks> in config
<ivoks> you have nobody as a group
<ivoks> there's no such group
<ivoks> there's only nogroup
<moos3> ok that working
<moos3> ok
<moos3> cool I knew it was something dumb but it all look right
<moos3> thanks for the help
<ivoks> np
<moos3> now to rdp to my windows box to make sure its gonna work
<moos3> thanks again
<ivoks> dendrobates: hello
<dendrobates> ivoks: hello
<jetole> hey guys, I want to make some changes to my server kernel but I would like to start with the configuration used by ubuntu and reconfigure and re make from there...
<jetole> does anyone know how I can install the sources with the default ubuntu setup?
<soren> jetole: The kernel source is in linux-source-2.6.22 (assuming gutsy). The kernel config is in /boot/config-*
<jetole> soren: thanks
<soren> jetole: np :)
<Burgundavia> soren: do you know if anybody from the server team has poked APOC
<Burgundavia> ?
<soren> sommer: I think not.
<Burgundavia> soren: was that directed at me?
<soren> Er.. Yes, it was. I don't know what went wrong.
<soren> Too many channels.
<soren> This is the current status line of my irrsi: " [5:#ubuntu-server(+cns)] [Act: 3,4,7,12,15,16,20,64,81,178,183,188,194,210]"
<Burgundavia> right
<infinity> You may want to kill a few of those windows.  Just a thought.
<jetole> how the hell do you have that many open?
<jetole> I typically find 10 irc channels a little high for me
<jetole> 6 - 8 seems about average
<jetole> I am waiting for a kernel compile on a dual processor quad core 2.5Ghz and the damn thing still take forever
<soren> infinity: What? why?
<soren> I might miss someone talking about me!
<jetole> soren: I think he means all those channels
<soren> jetole: So do I?
<infinity> soren: No one talks about you anyway.
<soren> infinity: Oh, now I'm confused.
<soren> Saying that noone talks about me is talking about me, so... I'm confused.
<infinity> No, no, that was talking TO you.
<infinity> Which I only do to reassure you that no one talks ABOUT you.
<infinity> Otherwise, I do neither.
<soren> That's right. They're not talking about me, _because I'm watching_. If I /part the channel... sheesh!
<nealmcb> infinity: so does soren really have 210 channels open??  or am I forgetting irssi status line syntax?
<nealmcb> :-)
<soren> No, that sounds accurate.
<infinity> nealmcb: He really has that many WINDOWS... Most are probably old queries.
<soren> Well, 211.
<nealmcb> soren: I wasn't talking to YOU!
<soren> And a lot are queries.
<soren> About 50/50, I think.
<nealmcb> :-)
<soren> Gah.
 * nealmcb is enlightened
<infinity> I find myself going on "old query reaping" runs every once in a while when I get close to 100 windows.
<infinity> Of course, my status line isn't as scary, because I don't hilight on anything but chat/msg/action
<nealmcb> soren: what's up with ebox these days?
<infinity> So, no hilighting on joins/parts/etc.
<soren> infinity: Nor do I.
<soren> nealmcb: I'm not really on top of it right now. It's mostly upstream doing the work. I'll be getting closer to it in about a month, I think.
<soren> infinity: I ought to be doing some old query reaping, but I remember what most of the window id's are. 194 is #linux-cluster, for instance. 123 is #aalborg, #188 is #ubuntu-x... It would suck to have to relearn that.
<nealmcb> soren:  that's what I was figured - hoping they are on schedule
<Burgundavia> as am I
<nealmcb> 5 years of supporting hardy without a good popular gui would mean a lot more questions and lost opportunity...
<Burgundavia> yep
<jetole> soren: I don't care, keep as many open as you want ;)
<soren> jetole: Will do :)
#ubuntu-server 2007-12-15
<jetole> soren: I changed my mind, close them all
<soren> Aw..
<jetole> :P
<soren> But I don't wanna!
<jetole> Hey there are lots of things I don't wanna do, like leave my room, shave and drag my ass to the office but sometimes you just have to
<jetole> now close the channels dammit
<jetole> is there a man page for iftab?
<jetole> apt-cache search says no
<soren> iftab? You're on dapper or something?
<nijaba> jetole: if soren and I don't drag our asses out of rooms, we would never get out of the office.
<nijaba> would that explain why we do not like closing tabs?
<soren> I suppose that's somewhat related, yes :)
 * nealmcb wonders what donkeys have to do with the server team :-)
<soren> nealmcb: You'd be surprised.
<nealmcb> lol
<jetole> soren: nope but it has been a while since I had to use iftab. is there replacement for it?
<nijaba> donkeys were surprised
<soren> jetole: Yes. /etc/udev/rules.d/75-persistent-net-something
<jetole> what DON'T donkeys have to do with the server team?
<jetole> cat: /etc/udev/rules.d/75-persistent-net-something: No such file or directory ;)
<jetole> well this file seems odd, I think I will have to RTFM as soon as I can find it
<soren> jetole: Reinstall. Something's broken.
<nealmcb> reboot a few times first
<soren> Yes. An even number of times, of course.
<soren> You wouldn't want the AC stabiliser to get out of sync, would you?
<soren> jetole: Sorry, make that /etc/udev/rules.d/70-persistent-net.rules.
<soren> jetole: it's quite simple. It's autogenerated by /etc/udev/rules.d/75-persistent-net-generator.rules
<soren> jetole: ..if you want to change anything, just move stuff around in the obvious ways.
<jetole> I was actually just looking at that from it came up on google and I was about to say this looks a lot easier
<jetole> I take it name determined by mac I specify
<jetole> like iftab?
<soren> Yes, pretty much.
<nealmcb> soren, last night jon corbet tipped us off to the most excellent documentation/adventure game of the lguest virtualization code and this delightful thread of lkml: http://kerneltrap.org/node/13992
<nealmcb> but I'm probably just way behind the times :)
<soren> nealmcb: I hadn't seen that. I'll be looking at it later. It looks like fun :)
<soren> Now, it's bedtime, though.
<osmosis> http://dpaste.com/28110/    /usr/bin/dpkg returned an error
<osmosis> dpkg.log just says   2007-12-14 17:43:59 status half-configured munin-node 1.2.5-1
<J-_> Is there a way to use wake on lan with a LAMP server?
<Travis> Hi I just put a hard drive in my server from my older server, the data on it is in a format called LVM2 MEMBER, because my old server was LVM, I just need to get the data off it for my new server? how do I go about this?
<jetole_> hey guys. I have a question, I compiled a kernel this afternoon using the pre-existing config that came with my system in /boot, after several tries I didn't change anything in it so I should have a duplicate kernel
<jetole_> using this new kernel with a copy and paste in grub or with update-grub I had identical grub entries for either kernel and yet the new one would not boot my system
<jetole_> it claimed unknown type of media for UUID
<jetole_> why would a kernel using the exact same config file have this issue?
<mattwalston> dhcpd3 fails to start-up quietly and does not leave any trace in logs after moving to gutsy.  Any suggestions?
<mattwalston> let me clarify... dhcpd3 does not start and returns no output
<mattwalston> Define ubuntu problem, dhcpd3 works fine if started manually, init script fails everytime... any ideas?
<moos3> i need some samba help, i use to remember how to get my system account to be able to log in, I can't remember can someone help me
<soren> moos3: "smbpasswd -L -a username" probably.
<moos3> but for every user?
<moos3> I have some 500 users
<moos3> I would use ldap but everytime I install ldap it kills my ubuntu installation
<soren> Samba can't authenticate against the system user database (/etc/passwd and /etc/shadow)
<soren> Well, yes, if you're running win 95 and can set it to unencrypted logins, but I'm guessing you're not..
<soren> moos3: LDAP is surely what you want.
<moos3> yeah i was hoping to avoid it because on 7.04 i keeps killing my kernels and recover images
<moos3> 7.10 wont even run on my server hardware
<soren> LDAP cannot kill your kernel.
<moos3> trust me last time I had ldap on my server it shit the bed and wont even boot
<soren> You realise that there are other things than the kernel involved in booting, right?
<moos3> yeah I know that
<soren> And you still believe ldap "killed your kernel"?
<soren> You need to qualify that statement somehow? I've not seen a bug report about anything of the sort.
<moos3> it killed everything I'm sure its what led to the corrupt kernel
<soren> You're trying to fix the wrong problem here.
<soren> You tried doing things the right way (use ldap), and failed miserably ("killed your kernel"( and now you want to do things the wrong way instead..
<moos3> fresh install the first thing I did was upgrade from 6.10 to 7.04 then installed ldap then I logged off and lost power a hour or so later it wouldn't boot it just hanged on kernel load
<soren> a) That makes no sense. LDAP does not get anywhere near your kernel. If you've upgraded to 7.04 and lost power before having a chance to reboot it, yes, your kernel might very well be in a bad state due to not having been synced to disk. This has nothing to do with ldap.
<moos3> so I had to go thought the miserable install process again because 7.04 doesn't have hardware support for my server, I spent about 2 hours of reinstall time
<soren> Besides, you said "every time". This is a single instance, I hope?
<moos3> nope I have tried it install first then upgrade to 7.04, then reboot, no go, i got everything install now with out ldap and life is good, but I need to get system users to access, and I'm not going to have a choice but to use ldap
<moos3> in bsd I have never had this type of problem before,
<soren> You're messing things up here.. Why don't you install 7.04 directly instead of upgrading?=
 * soren will be right back
<moos3> because 7.04 install hangs at 21% when loading libc6-udeb
<moos3> same with 7.10
<mattwalston> What's new in virtualization?  Should I go with vmware-server or xen on gutsy?
<sommer> hey all, anyone a moderator to the ubuntu-server mailing list?
<soren> sommer: Yes?
<sommer> soren: I just sent a message with an attachment of 137k.  just wondering if that could go through this once?
<sommer> trying to get some help with a backup section to the server guide.
<soren> sommer: Already did. Like 27 seconds after you sent it.
<soren> sommer: More than 15 minutes ago, surely.
<sommer> soren: oh cool, thank you very much
<soren> sommer: np :)
<sommer> I just saw the bounce message
<soren> sommer: Ah. I might get the notification about stuff needing moderation faster than you get the bounce message. :) Don't know.
<sommer> soren: probably not, but I started writing another message right after sending.  so I didn't check for new mail right away.
<soren> sommer: Oh, got it.
<soren> moos3: I see. I need to make a phone call right now. I'll get back to you later.
<moos3> ok
<moos3> i got a bunch of python to write, just let me know when your back
<Matts> are there problems with mdadm when deleting MD's in the server edition during the installation ?
<ember> jdstrand: there?
<ember> bug 176175
<ubotu> Launchpad bug 176175 in linux-ftpd-ssl "CVE-2007-6263: security vulnerability in linux-ftpd-ssl" [Wishlist,Fix released] https://launchpad.net/bugs/176175
 * MatBoy solved it..
#ubuntu-server 2007-12-16
<zul> damn too bad dendrobates is not here
<ScottK> Why is that?
<zul> ottawa beat atlanta in hockey rather baldy
<ScottK> Ah.
<ScottK> Hockey in Atlanta is just plain wrong anyway.
<zul> it is
<antdedyet> == ScottK
<antdedyet> Canada has more ice to practice on
<antdedyet> at least that's how I attempted to comfort the Georgia LoCo :)
<ScottK> Or, put slightly differently, hockey in Canada is not un-natural.
<lamont> soren: looking at the postfix doc (yes, finally).
<lamont> 1.3.2: what's diff between that and using the snakeoil-cert?
<jason442> hello
<jason442> I'm looking to setup a homeserver and really want to use ubuntu as my OS. However, I'm really having a hard time getting SlimServer working...anyone have any experiance getting SlimServer to work?
<somerville32> What is SlimServer?
<jason442> Its for the Squeezebox by Slim Devices... its a device that streams music wirlessly to your stereo
<somerville32> !slimserver
<ubotu> Sorry, I don't know anything about slimserver - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<somerville32> !info slimserver
<ubotu> slimserver: Streaming Audio Server. In component universe, is optional. Version 6.3.0-5 (gutsy), package size 1277 kB, installed size 6068 kB
<jason442> ok
<jason442> I may have to just use windowsXP for my server OS
<jason442> :(
<jason442> Anyone recommend a good windows channel for setting up a home server?
<jason442> I might get kicked for mentioning windoes in this channel :)
<jason442> alrighty, well... this is a kick'n channel....cya
<zul> uh ok
<sommer> lamont: did you mean me?
<sommer> lamont: that's a good point I don't think there is a difference.
<sommer> lamont: is the snake-oil cert installed with Postfix or Dovecot?
<lamont> postfix Depends: ssl-cert --> snakeoil
<lamont> and it currently auto-configs snakeoil on new installs (for currently== breezy and later or some such)
<sommer> lamont: cool, does postfix use it for tls automatically?
<lamont> somewhat
<lamont>         if [ -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
<lamont>             cat /usr/share/postfix/main.cf.tls >> main.cf
<lamont>         fi
<lamont> and that file has:
<lamont> # TLS parameters
<lamont> smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
<lamont> smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
<lamont> smtpd_use_tls=yes
<lamont> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
<lamont> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
<lamont> # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
<lamont> # information on enabling SSL in the smtp client.
<somerville32> !pastebin
<ubotu> pastebin is a service to post large texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the #ubuntu channel topic)
<lamont> so if ssl-cert is installed and configured before postfix configures, then you get tls by default
 * lamont doesn't consider 400 chars to be a large text
<sommer> lamont: gotcha
<sommer> so from a base install if you do a apt-get install postfix you don't get ssl-cert?
<sommer> the plan is to add modified install/config instructions once the dovecot sasl+postfix integration is done
<sommer> that should tie in to the configuration done when using the tasksel options too
<sommer> I'll add something about the snake-oil cert as well though
<sommer> everything else look good?
<sommer> we could also link to the self-signed cert portion of the apache section... I believe it's the same instructions
<lamont> sommer: I don't know that there's a guarantee that ssl-cert
<lamont> s postinst has run first.
<sommer> okay, so we can just document it as an option along with a self-signed cert?
<lamont> yeah
<lamont> self-signed certs make postfix cry, anyway
<sommer> hehe... I know how it feels sometimes they make me sad too
<sommer> thanks lamont I'll adjust that part
#ubuntu-server 2008-12-08
 * IL12 is now away - Reason : Auto-Away after 30 minutes
<slestak> is there anyone using dnsmasq for home use?  i have a couple of laptops that my backuppc server need to be able to find and last time i tried dnsmasq it was a mess
<hads> dnsmasq has always worked well for me
<slestak> i think one my previous hangups was i had my server multihomed, and it just added complexity that wasnt necessary
<slestak> i want to use my linksys router for dhcp too, i really just want the dns portion of dnsmasq
<slestak> not sure how to handle multiple nics on the clients.  i may want to backup over wifi for a quick one, or over wired nic for full backups.
<slestak> im really not sure how to handle the multplie nics.  i would never use the both at the same time, but last time i remembered, dnsmasq wouldnt let me say macid1 and macid2 are both host laptop1, i had to make hostnames laptop-wifi and laptop-wired
<uvirtbot> New bug: #306134 in net-snmp (main) "package snmpd 5.4.1~dfsg-7.1ubuntu6.1 failed to install/upgrade: subprocess post-installation script returned error exit status 127" [Undecided,New] https://launchpad.net/bugs/306134
<uvirtbot> New bug: #306168 in samba (main) "Unable to connect network drive SAMBA Share" [Undecided,New] https://launchpad.net/bugs/306168
<Gargoyle> Morning all
<LoveGuru> morning Gargoyle!
<Evilscare> Hi all
<safl> hey :)
<yann2> that virtualisation annouvement with IBM is quite deceiving, knowing that there is no free and good alternative to nomachine NX server :(
<kaushal> hi
<kaushal> I have set limits for tomcat user in limits.conf for nofiles
<kaushal> but still it shows 1024
<kaushal> its on Ubuntu 8.04 server
<kaushal> what could be the issue
<Kamping_Kaiser> yann2, hum?
<kaushal> tomcat soft nofile 32000
<kaushal> tomcat hard nofile 32000
<yann2> http://www-03.ibm.com/press/us/en/pressrelease/26230.wss
<Kamping_Kaiser> yann2, oh. to many buzwords in there for me to handle, but i thin i understand
<yann2> too bad canonical goes the proprietary way for virtualisation. makes me really think if I did the right choice.
<yann2> with that type of agreement they won't want to compete with it. Which is, for me, very, very bad as it is pretty much the type of solution i am waiting for.
<henkjan> kaushal: ask Jeeves_ . He has a customer were we also played with limts but i forgot how we managed to fix it
<Jeeves_> henkjan: Hmm
<Jeeves_> ndcgames you mean?
<henkjan> Jeeves_: yup
<Jeeves_> tomcat55         -       nofile          4096
<Nafallo> ehrm.. looks more like it's based on the Ubuntu base and other companies adding their appliances on top surely?
<Jeeves_> That's what we have there
<Nafallo> yann2: ^--
<maswan> limits.conf only applies to pam though, and not things started from init
<Nafallo> Canonical's virtualisation offer is still KVM as far as I'm aware.
<yann2> Nafallo > that offer is KVM + some other clever bits, apparently including a clever X export solution, which I'd find interesting to know what it's based on
<Nafallo> yann2: but that's the Virtual Bridges thing, no? :-)
<yann2> The VERDE Clients Protocol utilizes the Virtual Bridges VDI remote client protocol, an open source
<yann2> implementation combining the standard RFB (VNC) protocol with remote device access functions.
<yann2> bah.
<_ruben> if only the nx (windows) clients would have proper multi-mon support (where both heads are different resolution) .. but that's totally unrelated :P
<yann2> I think NX server has pretty much the same features for a lot lower cost of ownership.
<yann2> _ruben > ever used NX with xdmcp? rocks :)
<yann2> (too bad XDMCP in KDM is broken)
<_ruben> yann2: nah, i use nx to start a konsole remotely and start my stuff from there, like kontact
<yann2> you dont like ssh? :)
<_ruben> yann2: i want to be able to (re)connect to already running programs (like vnc), but not have a complete desktop within a window (seamless remote desktop)
<_ruben> the fix for nx would be "trivial" .. they just need to upgrade they cygwin/x version to add xrandr (i think) support :
<_ruben> :)
<_ruben> but like i said, its unrelated and offtopic for this channel ;)
<slestak> i am not understanding something about basic networking.  i think i need dnsmasq, becuase i want local name resolution and i think bind wold be overkill for my home lan.
<slestak> my laptops have of course wired and wireless nics, and I would liek to be able to use either to my backuppc server.
<slestak> last time I tried to setup dnsmasq, it would not let me map 2 mac addresses to the same hostname (even if only one is enabled)
<slestak> so would the _correct_ way to handle this to have 2 hostnames?  e1505-wifi and e1505-wired?  that sucks
<_ruben> slestak: configure your dhcp server so that both the wired and wireless interface would use the same ip .. then again, if you'd do so, you cant use wired and wireless simultaneously ofcourse (not that that would be a common thing tho)
<slestak> _ruben: yeah, i didnt intend to use both.
<slestak> i think last time i tried that, dnsmasq wouldnt let me map 2 to the same ip.
<slestak> there is also a 3rd floating gigbit nic i use for full backups that can be in any of three laptops (for full backups).  what a pain
<safl> hey ppl, I have been building appliances all of last week with Soren Hansens vmbuilder script and all has been well, but today when i went to work and started building a new appliance it simply stalled with "Installing guest operating system. This might take some time...". Could it be that i have been banned from the repositories or something like that? It used to take 6-7min now it never finishes...
<slestak> safl: could be just the repo you have chosen having problems.
<slestak> safl: i recently had to change from my favorite close one when they stopped getting updates
<safl> slestak: yeah i thought that as well... but i have been trying various mirrors and the issue persists...
<slestak> interesting
<safl> slestak: hmm i actually think that it is our local network... i really should't have a latency of 25ms to my gateway...
<uvirtbot> New bug: #251337 in openssh (main) "Shutdown from XFCE returns to login if inbound ssh session active" [Medium,Confirmed] https://launchpad.net/bugs/251337
<uvirtbot> New bug: #306233 in php5 (main) "Segmentation fault in timelib_builtin_db()" [Undecided,New] https://launchpad.net/bugs/306233
<FebruariusX> hello everyont this could be the right room to ask about high-availability / load-balancing
<tonyyarusso> FebruariusX: You certainly can - just be warned that you may not get an answer right away, so it's a good idea to stick around for a few hours to see what people say.
<FebruariusX> ok thnx
<russell_nash> hi, does anybody know what the following error message means in the xsession-errors log of my ltsp client means? Message: another SSH agent is running at: /tmp/ssh-GaeyUQ8558/agent.8558
<fw1> hi i am installing a server via pxe, however there seems some strange requirements for the gimp and myspell
<soren> safl: If you pass --debug to vmbuilder, you might be able to get some more information.
<soren> safl: Which version of Ubuntu are you running?
<safl> soren: Sry for not replying but the problem actually was with the first three mirrors.... so now I've set up a proxy as your guide suggest :) I actually found the --debug option very helpful earlier. And I am running 8.10
<safl> soren: btw, thank you SO much for Ubuntu JeOS and that vmbuilder script! I am really enjoying myself at work lately ;)
<soren> safl: I'm glad  you like it :)
<yann2> boah exim packages are bdly broken.. just no way to uninstall :|
<agampher> hello, anyone here have any experience with installing nagios on ubuntu server?
<agampher> if so, a link to non-outdated documentation would be very much appreciated
<yann2> i use it, but no link to documentation.. although if you use munin as well I'd recommend using check_munin_rrd as a nagios plugin :)
<agampher> ive installed the nagios package on 8.10 just to play with it on ubuntu
<agampher> i suppose ill just try to adapt the debian instructions i found and go from there, just thought id check with you guys before i did. thanks for the tip yann, ill take a look at it
<antdedyet> agampher: you may benefit from installing the nagios doc package
<agampher> ah, i didnt go down the page far enough
<agampher> nagios3-doc
<agampher> thank ya sir
<agampher> yeah yeah, i know rtfm :P
<yann2> oh, nagios3 in 8.10? :)
<yann2> sounds lovely :)
 * antdedyet has plenty of folks still running nagios 2
<agampher> yeah, found this
<agampher> http://packages.ubuntu.com/search?keywords=nagios&searchon=names&suite=intrepid&section=all
<yann2> I'm actuallythinking of moving my nagios box to 8.10, some features look lovely.. service dependancies and hostgroup_members particularly
<Oliber> hi all, i've got a slight hiccup with drbd on some ESX VMs running 8.04.1, it sees the volumes as 1kb, and claims to be stalled while sync'ing
<uvirtbot> New bug: #306293 in apache2 (main) "Mod_ssl randomly causes apache threads to use 100% of CPU" [Undecided,New] https://launchpad.net/bugs/306293
<ivoks> Oliber: anything in dmesg?
<Oliber> the last two messages are writing meta data super block, and began resync as syncsource (will sync 4kb [1 bit sets])
<Oliber> this is the initial sync btw, so it could be a config issue
<Oliber> 2 secs
<ivoks> is your physical partition bigger than 4kb?
<Oliber> 50gb, yeah
<ivoks> paste your config on paste.ubuntu.com, so i could check
<Oliber> http://paste.ubuntu.com/82591/
<Oliber> stupid phone :s
<Oliber> sdb1 is a 256mb partition, sdb2 is a clean 50-ish-gb
<Oliber> on both notes
<ivoks> how about /proc/drbd
<Oliber> http://paste.ubuntu.com/82592/
<Oliber> from loadb1
<Oliber> http://paste.ubuntu.com/82593/ - loadb2
<ivoks> network error?
<ivoks> sync is stalled
<ivoks> firewall?
<Oliber> both nodes have no iptables rules
<Oliber> same subnet, and no devices between them
<Oliber> however, they are VMware ESX (3.5.0u3) VMs, which has caused some problems in the past
<Oliber> and are running ldirectord, which is setup for a couple of apache boxes
<Oliber> it's udp for drbd sync, right?
<ivoks> udp, iirc, yes
<Oliber> netcat opens, but dosn't get any headers/etc, don't think i've ever used nc for testing udp, so don't know if thats normal
<Oliber> just spotted a typo
<Oliber> arse
<Oliber> loadb2's config said /dev/sda2, should be sdb2
<ivoks> there you go :)
<Oliber> it's only been annoying me for 4hrs ;(
<jerone-mobile> what is the summit irc channel ?
<jjesse> ubuntu-developer-summit
<jjesse> i think that #uds redirects as well
<jjesse> plust there is #ubuntu-server-summit
<TrioTorus> I'm running into: auth-client-config -a -p lac_ldap
<TrioTorus> Error in updating the file: 'pam_account' not found
<TrioTorus> --
<TrioTorus> Errors found.  Aborting (no changes made)
<TrioTorus> I've checked and the lac_ldap profile is available when auth-client-config -l
<TrioTorus> this is on intrepid
<sommer> TrioTorus: are there any errors in /var/log/auth.log ?
<TrioTorus> sommer: auth-client-config doesn't report anything in auth.log
<TrioTorus> so, I've adjusted nsswitch manually to passwd: files ldap
<TrioTorus> but getent does give me errors in auth.log
<TrioTorus> Dec  8 20:57:31 joseph getent: nss_ldap: could not connect to any LDAP server as cn=admin,dc=ebox - Can't contact LDAP server
<TrioTorus> Dec  8 20:57:31 joseph getent: nss_ldap: failed to bind to LDAP server ldapi:///192.168.0.100: Can't contact LDAP server
<sommer> TrioTorus: check /etc/ldap.conf, that contains the connection configuration... also want to make sure that your user has an ldap account :)
<TrioTorus> sommer: found the problem uri ldapi:///192.168.0.100 wasn't working, but uri ldap://192.168.0.100/ is. Wonder why that is...
<sommer> TrioTorus: you can enable ldapi in /etc/default/slapd... as well as ldaps
<rezor21> I have a friend who is trying to install Ubuntu server, and he tells me that the server installer always installs Grub to (hd0) without giving him any choice to change it. Does anyone know how to change where Grub gets installed to?
<greenfly> one way would be through changing preseed options
<zul> 2cheeks
<rezor21> How do you change "preseed options"? I'm not familiar with installing Ubuntu server, so if you can, please be specific so I can tell him exactly what to do.
<slicslak> so what should i be doing to keep my box secure (in terms of upgrading)?  should i cron aptitude update and safe-upgrade?  or run these once a week?  is there a doc on this?
<xenocampanoli> I am suddenly finding my ubuntu server apache2 won't print stderr output from my CGI scripts to the error file no matter what I do.  the #apache group people don't have an answer...???
<xenocampanoli> This was working before, a few months back, but is not working now.
<xenocampanoli> Or, I may be mistaken there.  This was working when I had the site coinfigured to work on http, port 80.  It now works on https.
<xenocampanoli> But I still need the scripts to write stderr to the error log file, in all cases.
<xenocampanoli> I am not getting any helpful diagnostics to the log anymore, and I need those.  I particularly need to have lines of failure in the scripts.
<slicslak> i noticed that aptitdue safe-upgrade will download new kernel files.  are these applied and will take effect on the next boot?
<ivoks> if that's something like apt-get dist-upgrade, yes
<slicslak> so with apt-get only a dist-upgrade will upgrade the kernel?
<ivoks> yes
<ivoks> upgrade will also update the kernel, if there wasn't an ABI change
<slicslak> ok
<ivoks> if there's an ABI change, you'll need dist-upgrade
<Jared555> what is involved in getting mysql 5.1 up and running on ubuntu?
<ivoks> Jared555: mysql said mysql 5.1 isn't ready yet
<ScottK> Well unfortunately we need it in Jaunty for Amarok 2.
<ivoks> if you ask me, that's not our problem :)
<`6og> mysqld is needed for a music player? ew.
<ScottK> ivoks: It is because Ubuntu security has very strongly hinted that the would 'prefer' only to have one mysql version in Main.
<ScottK> And generally, I think "screw $FLAVOR, it's not our problem" isn't a good attitude.
<slicslak> i'm trying to mount a dvd.  cd's mount fine but the dvd says:  mount: No medium found   in macosx it says the disc is formatted iso9660.   my fstab entry: /dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0   any ideas?
<ivoks> ScottK: it was a joke
<ScottK> ivoks: OK.  Sorry.  There are enough people around who take that attitude towards Kubuntu, I'm probably over sensitive.
<xenocampanoli> So I'm sorry if these seems an apache2 issue, but  I have lost use of stderr output in my ssl configuration of apache2 on Ubuntu, and I don't have the problem in Centos apache2.  I also don't get line oriented diagnostics anymore in my ssl Ubuntu apache2.
<[Drake]> is there no an alternate CD?
<`6og> hm?
<[Drake]> used to be an alternate install cd for ubuntu-server
<`6og> ubuntu-server only uses 'alternate' install, last i heard
<[Drake]> did they do away from that?
 * [Drake] ponders
<ahasenack> [Drake]: the alternate still exists
<[Drake]> ahasenack ohh know where i can get it?
<ahasenack> [Drake]: it's usually together with the other isos
<[Drake]> i found the link
<[Drake]> http://www.ubuntu.com/getubuntu/downloadmirrors#alternate
#ubuntu-server 2008-12-09
<Jared555> what do I have to do to get mysql 5.1 installed on ubuntu?  this is NOT a production box so don't say 'you shouldn't do it, it isn't stable'
<[Drake]> apt-get install mysql
 * [Drake] shrug
<Deeps> http://www.letmegooglethatforyou.com/?q=mysql+5.1+ubuntu&l=0
<hads> Hah, love that.
<Deeps> Jared555: http://www.letmegooglethatforyou.com/?q=mysql+5.1+ubuntu&l=0
<Jared555> Deeps, you know.... I didn't think of google..... it is so much faster to open irc, connect to freenode, ask a question, and probably wait five hours to get a response..... thank you for your mind blowing answer
<hads> Way to get help
<[Drake]> ivoks
<Jared555> hads, I tried asking politely, got the standard 'it isn't stable' response, asked again, got the 'go to google' response (which I had tried, getting a bunch of old responses before mysql 5.1 went GA and with very limited help, hence, my sarcastic response
<ivoks> Jared555: 5.1 isn't supported on ubuntu
<ivoks> Jared555: supported mysql is in ubuntu's archive
<ivoks> anything else - google it
<[Drake]> ivoks i am about to do a dreaded overhaul :P
<ivoks> \wii [Drake]
<[Drake]> going back to a 32bit system with a 64bit kernal
<Jared555> most distros seem to have some form of unstable repository available for people who want to test things, etc.  I thought that MIGHT be the case with ubuntu
<[Drake]> i hope I don't loose my data lol
<ivoks> [Drake]: most != debian
<ivoks> bah... Jared555
<ivoks> and we do have unstable - jaunty
<[Drake]> ivoks heh so true I am half tempted to go back fbsd lol
<Jared555> ivoks, yes, but is it possible to just install one unstable package out of that version?
<Deeps> Jared555: assuming it doesn't depend newer version of packages trhat only feature in unstable, yep
<Jared555> thank you..... so how would I do such a thing?
<Deeps> Jared555: if newer unstable package depends on other newer unstable packages, then no
<Deeps> easy way would be to grab the .deb from packages.ubuntu.com, and install using dpkg -i package.deb
<Jared555> thanks
<Deeps> that way would ensure no additional packages are installed from unstable too, but would also complain if the deb in question had unmet dependancies
<[Drake]> Jared555 yes grab the appripiate package and dependancy and make and install them
<ivoks> 5.1 isn't in jaunty yet, irrc
<ivoks> iirc
<Deeps> lol
<zul> mysql? no it isnt
<`6og> if [[bleeding edge required ]] ; do put in the effort yourself; fi
<Deeps> s/do/then/
<Deeps> close though
<`6og> Deeps: its annoying when psudo code is close enough that people correct it ;p
<Deeps> ;)
 * [Drake] crosses his fingers and hopes he doesn't loose any data
<`6og> gl!
<edge> can i flush dns on my server?
<`6og> what do you mean?
<edge> my box got some bad dns info , i wanna get rid of its cache of dns
<Deeps> rndc flush
<[Drake]> errr
<[Drake]> getting an error that forcing me reboot
<[Drake]> after it checks for updates during an install, it says that the cdrom media was changed!
<[Drake]> of course it wasn't
<[Drake]> blah the alternate cd is crappy for 8.10
<slestak> im setting up dnmsasq for local dns of a small home lan.  i have it issuing dhcap addresses to the client, but I do not see in Network Manager where to set the gateway address.
<slestak> crap typos, dnsmasq, dhcp
<`6og> why isnt dnsmasq giving out the gateway address?
<slestak> im not sure, lemme look at config
<slestak> the client has the dnsmasq server ip as both its primary dns as well as gateway.  not right
<slestak> i didnt have option set to override the default route.  now it appears to be working.
<slestak> thanks for the hint `6og
<`6og> slestak: well done :)
<slestak> hmm, pinging by name for local machines doesnt work though
<slestak> what is the necessity for the 127.0.1.1 line in /etc/hosts?  shouldnt the hostname be set on a line resolving to the nic?, i.e. 192.168.0.2?
<nme> anyone noticed newly appeared hardy/intrepid (with ubuntu-desktop installed) in the network which is flooding ARP packets to destination 00:00:00:00:00:00 ? (it seems to be caused by gnome networkmanager)
<nme> packets with 00:00:00:00:00:00 as a destination mac address are invalid, am I right? so why Ubuntu sends them?
<nme> it might be caused by avahi, but none of my server instances with no X desktop do not cause it
<nme> the problem is serious issue for me... when it happens, my gateway receives 140k pps on every vlan.. while during typical traffic it is 5k pps
<uvirtbot> New bug: #306430 in openssh (main) "~/.ssh/config does not handle multiple hosts correctly" [Undecided,New] https://launchpad.net/bugs/306430
<_ruben> hmm .. what be the "standard" way of making sure a certain process is always running; upstart?
<_ruben> other than figuring out why my postfix dkim milter keeps crashing ;)
<Kamping_Kaiser> install solaris <flamebait> (in all seriousness, isnt there apps avilable via apt that do that? <if app exits, start it>
<hads> monit is one
<_ruben> i use daemontool on my old qmail servers .. tho what would prevent the monitoring app to die? guess it'd be monitored by upstart, so why not use upstart directly .. assuming upstart has that same feature as init has
<_ruben> monit seems to have a fair chunk of features (judging from apt-cache show)
<Jeeves_> How long does it take for packages to go from proposed to updates?
<Kamping_Kaiser> Jeeves_, hey mate
<Jeeves_> ola
 * Jeeves_ is testing the Sun Open Storage 7110, btw
<Jeeves_> good stuff
<Kamping_Kaiser> lucky bugger
<Kamping_Kaiser> my work was thinking about trialing the T2k, but we wont have any use for it in the near future, so i didnt get to play
<_ruben> Jeeves_: it requires two acks, and then someone needs to notice those acks and upload it
 * Kamping_Kaiser reads between the lines: "a long time"
<Jeeves_> _ruben: An ack from anyone?
<_ruben> Jeeves_: yes (based on a single experience)
<_ruben> #ubuntu-motu is where the knowledgable people hang out wrt issues like these :)
<Bleupomme> I have a very curious situation with ubuntu server and a DELL server. I have connection problems to the server. When I type ifconfig on the console it displays a MAC address of the type aa:aa:aa:aa:aa:d6. but when I type arp -a on a client it displays a mac address of type aa:aa:aa:aa:aa:d3 for the IP of the server. Could anyone tell me what is going on?
<Nafallo> probably multiple network interfaces
<Bleupomme> Yes there are two network interfaces. One with aa:aa:aa:aa:aa:d6 and the other with aa:aa:aa:aa:aa:d7 not finishing in d3
<Kamping_Kaiser> Bleupomme, is there a switch/router in the middle?
<Bleupomme> Kamping_Kaiser: yes there is a router. It has already been restarted
<nme> Bleupomme: do pastebin.com of cat /etc/udev/rules.d/70-persistent-net.rules
<nme> anyone have a clue how to solve this? -> "CRON[18630]: Sigfile not found"
<uvirtbot> New bug: #306464 in bacula (universe) "bad path to configuration file" [Undecided,New] https://launchpad.net/bugs/306464
 * Kamping_Kaiser suspects the routers mac addy is being picked up by arp
<Bleupomme> nme: have no access to the server at the moment. Will try to do it soon
<Bleupomme> nme: http://debian.pastebin.com/m1d35c2ca
<Bleupomme> nme: everything seems ok. arp -a on a client gives the same mac adress but with the last byte set to d3
<Bleupomme> could it come from some kind of redundant NIC on the server that has not been picked up by the kernel?
<nme> Bleupomme: try to setup another IP address on one of the interfaces (in the same subnet), try to contact "client", and then check arp -a on the "client"
<Bleupomme> nme: there is no network collision with that IP address. What makes me sceptic is that the entry in the ARP table is the same as the NIC's Mac addresses except for the last byte. There is no other recent DELL server in the network
<nme> you can flush arp table and watch occurances of this arp through: tcpdump -i eth0 -en
<Bleupomme> nme: could it be some NIC redundancy artefact?
<nme> Bleupomme: naah
<Bleupomme> I'm going to give up and call DELL support I think
<hansin> Jared555: I saw your question on MySQL 5.1.  I am not sure of this, but the non-RPM tar.gz files might just be an unzip and run kind of thing, but I think you need to add a user and set some permissions.  You might want to do your homework in regards to that because I think I had an issue once with that.  Anyway, the files are here: http://dev.mysql.com/downloads/mysql/5.1.html#linux
<Scix> Using preseed: The last sensable log entry in syslog is "main-menu[2691]: INFO: Menu item
<Scix> *'download-installer' selected
<Scix> then i het wget: server returned error: HTTP/1.1 404 Not forund
<Scix> *found
<Scix> Anyone have a idea?
<Scix> I have tried with both a local and a public mirror
<Scix> same error
<_ruben> Scix: how do you specify your mirror in your preseed file?
<_ruben> and #ubuntu-installer is the place the hangout for stuff like this
<Scix> apache logs says: 404 - /var/www/ubuntu/dists/intrepid/restricted/debian-installer
<Scix> i use mirror/http/hostname
<_ruben> Scix: you specify protocol as well?
<_ruben> oh wait, apache log, i thought installer log :)
<_ruben> that dir exists on my local mirror, so it oughta work with a public one as well
<Scix> i aslo have a local mirror. I'm not spesifying protocol, bit it gets all orherfile, like the release file :S
<Scix> sorry typos. Tired nowegian here ;)
<_ruben> hehe, no problem
<nme> guys I know the way how to DoS lan network with at least one ubuntu desktop with NetworkManager turned on ;)
<nme> 1) setup a device with mac address 00:00:00:00:00:00
<nme> 2) connect given device to the network
<nme> 3) wait for ubuntu guy to restart his box
<nme> 4) network will die in aprox 2-5 minutes
<nme> (Gigabyte AccessPoint GN-AP01G, ver 1.10E does that by default)
<_ruben> nasty
<nme> it seems to be avahi related
<nme> avahi uses 00:00:00:00:00:00 packets, found some example at centos support page - http://www.centos.org/modules/newbb/print.php?form=2&forum=40&topic_id=15763&post_id=55427
<netrat> i have a server running Ubuntu 8.04.1 that authorizes users against an MS domain controller using kerberos. sometimes the authentications take extremely long, 1-2mins, is there a way to see what part of the process is holding things up?
<netrat> i've read the man page for pam_debug, but i can't make much sense out of it
<slicslak> i screwed up fstab and now when i boot / is mounted read only.  i need to change fstab though.  how can i get it to mount rw?
<yann2> mount -o rw,remount /
<yann2> or something like that :)
<slicslak> yann2, ya, tried that, but i get:
<slicslak> mount: / not mounted already, or bad option
<yann2> google for "mount remount"
<yann2> its something with this :)
<slicslak> ya, that's the right syntax alright
<slicslak> but it doesn't work
<slicslak> if mount would let me mount the drive a second time that would also be fine
<_ruben> might need to kill the ' ' between -i and rw
<_ruben> -o even
<slicslak> _ruben, thanks tried that, doens't help.  :(
<slicslak> i also tried -n which should do it without writing to /etc/mtab
<slicslak> but that doesn't help
<slicslak> anyone know how i can force mount to mount the drive somewhere else?
<slicslak> so i can write to it there?
<lamont> I wonder if there are errors logged during boot that tell you "ZOMG drive b0rked. mounting read only"
<lamont> that's the only time I've seen that happen
<lamont> alternate plan C: boot from livecd and mount the drive
<yann2> syslog?
<slicslak> lamont, i screwed up fstab.  that's why it's mounting read only.  so the fix is really easy but i only have ssh access.  :(
<jjesse-dell9> are we acutally having the weekly mtg
<ScottK> jjesse-dell9: No
<jjesse-dell9> thanks ScottK
<slicslak> heh, finally figured out the synatx.  it's:   mount -o remount,rw /dev/sda1 /
<slicslak> that is so wierd.  basically one extra command does it?  bizarre.
<yann2> :)
<uvirtbot> New bug: #284126 in samba (main) "New folders replace files in Samba" [Undecided,New] https://launchpad.net/bugs/284126
<Scix> does this guide apply to ubuntu 8.10 also? https://help.ubuntu.com/community/Debmirror#Create%20the%20file%20%60mirrorbuild.sh%60
<Scix> _ruben: Is there anything else but install debmirror I have to do to get your script to work?
<angeleyes> can any 1 help
<angeleyes> i want to add an account to empathy but it tell me to install a backend
<Ng> woohoo!
<coffeedude> Wahooo!!!!!!
<nxvl> \o/
<ivoks> yay!
<jjesse-dell9> mmm buzzz
<jdstrand>  5
<jdstrand> o/
<jjesse-dell9> server team gots it groove baqck
<kees>      5
<kees>     o/
<coffeedude> zzzzzzzzzzzzzzzz
<nealmcb> wow, the server team really rocks!
<ajmitch> nealmcb: let me guess, the beer is flowing freely?
<uvirtbot> New bug: #285304 in samba (main) "dragon crashed with SIGSEGV" [Medium,Confirmed] https://launchpad.net/bugs/285304
<djwon1> kirkland: got some time to talk about pwrkap?
<xenocampanoli> I just want to bring this up, but not bug it yet, as I may just be confused:  I had some troubles getting basic log output from Ubuntu/apache2.  What I found was ErrorLog definitions in the primary virtualhost definition for both http and https were not yielding much of my output, and I had to go back and define an ErrorLog in apache2.conf...???
<xenocampanoli> In other words, my definitions in my /etc/apache2/sites-enabled/000-??? thingy didn't get me all my output, but when I defined a third log file in /etc/apache2/apache2.conf, I got the stuff.  What gives?
<uvirtbot> New bug: #306689 in samba (main) "package smbclient 2:3.2.3-1ubuntu3.1 failed to install/upgrade: lecture courte (short read) dans ??buffer_copy?? (backend dpkg-deb pendant ??./usr/bin/smbget??)" [Undecided,New] https://launchpad.net/bugs/306689
<edge> The server i get to use from my virtual host. its nearly useless. is there a way to restore it to what originally comes with it from the install. Likes its missing wget, and file, and all kinds of important things including all the sources
<sommer> edge: sudo tasksel install server ... probably
<edge> what is that?
<ivoks> sudo apt-get install ubuntu-standard ubuntu-minimal
<Deeps> those wont do much if the bins have just been deleted, rather than having had their packages removed though, surely?
<edge> deeps should over write them again
<edge> ivoks, i think thats what im looking for , will that work for the server as well?
<uvirtbot> New bug: #306693 in open-iscsi (main) "open-iscsi upgrade fails to stop iscsid" [Undecided,New] https://launchpad.net/bugs/306693
<edge> ivoks, i mean that ubuntu-standard will work for a server
<ivoks> edge: yes
<edge> Thank you Very much ivoks
<Deeps> in my experience, apt simply tells you that the package is already installed, rather than actually checking that the files are there
<ivoks> if binaries are deleted, then that won't help, that's true
<`6og> --reinstall install
<uvirtbot> New bug: #306703 in dhcp3 (main) "typo in /usr/lib/pm-utils/sleep.d/95dhcp3-server prevents it operating" [Undecided,New] https://launchpad.net/bugs/306703
#ubuntu-server 2008-12-10
<uvirtbot> New bug: #306706 in bind9 (main) "bind9 should flush the DNS cache on suspend / resume to avoid stale records" [Undecided,New] https://launchpad.net/bugs/306706
<uvirtbot> New bug: #306678 in open-iscsi (main) "open-iscsi fails to correctly update rc.d on upgrade" [Medium,Triaged] https://launchpad.net/bugs/306678
<`6og> bind9 is run on systems which suspend??
<Deeps> run a local caching dns server
<Deeps> reduce your internet traffic marginally
 * `6og is using dnsmasq for that - seems a better fit for the job
<`6og> its a laptop after all :) bind == cputime++
 * Deeps shrugs
<lox_> hi
<lox_> I have created a VM using vmbuilder
<lox_> how do I launch it? it does not appear using virsh list
<lox_> seems it is dead over here.... is there a special time when we can get some help ?
<sommer> lox_: vursh start vmname
<sommer> lox_: usually during business hours in north america and europe the channel is most active
<ivoks> lox_: except when we are at UDS :)
<sommer> err virsh start vmname
<lox_> sommer: thks but virsh list returns nothing
<lox_> anyway I managed to add it doing: virsh virsh
<lox_> virsh create /etc/libvirt/qemu/ubuntu.xml
<lox_> ping 10.0.4.10
<lox_> oops
<lox_> ls
<lox_> please anyone here taht can answer questions about vmbuilder?
<ScottK> !ask | lox_
<ubottu> lox_: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<lox_> Using vmbuilder do I have to create a bridge interface mannually for each VM? Or vmbuilder should do it? thks
<lox_> (sorry new to trc)
<kees> lox_: i have, in the past manually adjusted settings to get bridging. soren may know more but probably afk for the evening.
<lox_> kees: well I don't really un derstand how bridge do work.... if I follow https://help.ubuntu.com/8.10/serverguide/C/network-configuration.html#bridging my eth0 is not configured anymore. Does a bridge can be use by multiple VM?
<kees> lox_: yes, but you need to configure the bridge first
<lox_> kees: so having a look to https://help.ubuntu.com/8.10/serverguide/C/network-configuration.html#bridging i need to delete from /etc/network/interface the eth0 config and replace it with br0 config using eth0 "past" ip config?
<kees> lox_: yes, that guide looks correct
<lox_> kees: ok, and do you know where is that vnet0 that ifconfig shows please?
<kees> I just ignore vnet0 -- libvirt will do the right thing once it's been configured to use br0
<hads> You can remove it
<lox_> Remove it from where? ....
<lox_> hads well vnet0 is default libvirt bridge interface, this is only for NAT connectivity, no way/need to remove it
<d-b> hi there why is a closed source piece of software shown to me with the motd ?
<d-b> yes the landscape client is open source. but the server isn't
<d-b> doesn't this go against ubuntu policy ?
<hads> lox_: Yes, you can remove it.
<lox_> hads: are you talking about "virsh net-destroy default" ?
<hads> I've not done it from virsh, I have from VMM though.
<Severian> Howdy.  I want to make a Ubuntu Server installed system run gnome on startup.  I have been searching the web for what to do, and have not found instructions for 8.10(intrepid ibex).  Any suggestions?
<d-b> Severian: sudo apt-get install gdm and xserver etc.
<zoopster> Severian: you are better off running ubuntu desktop as a server than trying to install the gui parts
<hads> ubuntu-desktop will install everything
<Severian> http://ubuntuforums.org/archive/index.php/t-186298.html  says I needed to run two more commands after installing, but they did not work on 7.10 and later.
<lox_> hads: can you tell me how please ? what is VMM ...
<hads> lox_: Virtual Machine Manager, the GUI which connects to your server via SSH. There will be a virsh command that does the same thing.
<Severian> zoopster, vmbuilder builds virtual machines off of what is essentially JeOS.  I am not installing the OS an hardware, but creating scripts to build virtual machines.  vmbuilder is shipped with Ubuntu, and I am using the installed version.
<zoopster> Severian: so you want to add x to that?
<Severian> zoopster, yes.  I want to build a VM to use for software demos.
<Severian> Well nevermind.  the instructions at http://ubuntuforums.org/archive/index.php/t-186298.html say there is a problem after 7.04, but it is pretty minor.  Thank you.
<zoopster> Severian: the problem is that ubuntu-desktop installs a lot more than just gdm and xserver - good luck
<lox_> hads: still have trouble setting my virtual machine network, my server ip is 10.0.4.10, I would like my VMs ip in the range 10.0.4.20 to 10.0.4.40, any advices? Here is my interfaces file: http://paste2.org/p/113535. With that config my VM takes the 10.0.4.10 ip ....
<Scare|Working> Hi all
<nme> anyone knows how to get rid of "CRON...: Sigfile not found" from /var/log/syslog ?
<lox_> I always trace a log file with tail -f /var/log/mylog.log. I would like that it runs on a console a each system reboot, by "on a console" I means so I can see it if I Alt+F2
<lox_> Is it possible?
<Oliber> think you can do it with inittab
<Oliber> but i havn't done that in years
<_ruben> or just have syslog log to a tty, assuming its a log used by syslog
<Oliber> oh yeah, thats how i did it 9yrs ago!
<lox_> thks I'll continue to search
<lox_> done it many years a go to and can't remmeber how ..
<incidence> How to find out filesystems block size?
<Scare|Working> incidence,  dumpe2fs device. but you can use it only if you have an ext2 o ext3 filesystem
<maswan> xfs has xfs_info, I'm sure all the sane fss have some kind of util for that
<maswan> actually, hm, if you want a general method, the block size is available in statvfs
<AlexC_> hey all
<AlexC_> is there a way to read what email was sent via Postfix? I just saw in my logs a weird email, sent by one of my address (a noreply@ one) to a weird email address. I'd like to read that and see just what it was, because I am confused as to where it was sent
<hypnus9> ! server crash
<ubottu> Sorry, I don't know anything about server crash
<hypnus9> !server access
<ubottu> Sorry, I don't know anything about server access
<lamont> AlexC_: once the mail is gone from the server, reading it is a matter of finding where it was stored on disk and looking there for what's left of it.
<lamont> if it's still on the server, postcat is your friend
<AlexC_> lamont, hum, I've really no idea how to go about finding it. I'll check postcat now, though do you have time to poke me further in the right direction?
<AlexC_> lamont, I would have thought a copy would be in the 'Sent' mail dir (or where ever) in the users Maildir directory. Though I can't see any Sent email when using Mutt
<hypnus9> Hello room. I just install Intrepid server edition on my desktop pc, and I had it accessible from my laptop, but I rebooted the server, and now I can't access it from my laptop. Any help?
<Deeps> can you ping it?
<hypnus9> Yep.
<lamont> AlexC_: mutt is a mail user agent.  mail transport agents keep only logging records
<Deeps> in what way were you 'accessing' the server?
<hypnus9> SSH and samba
<Deeps> you can ping the server, but you're unable to ssh anymore? what error do you get when attempting to ssh?
<AlexC_> lamont, hum, ok. So what is meant by 'Copying to Sent Folder' in Thunderbird, when using IMAP when I sent email - where is that data stored? Locally?
<hypnus9> Hold on.
<lamont> thunderbird is a mail user agent as well
<lamont> and it's probably in the "Sent" folder on the imap server
<lamont> (and none of that is "postfix" related)
<hypnus9> I get "timed out when logging in
<AlexC_> lamont, I know it's a user agent - I'm just wondering if this 'Sent' folder is a feature of the MUA, or is what postfix does when an email is sent
<lamont> MUA only
<lamont> MTAs take the mail, pass it along, log it, and remove the copy they have on disk once the next hop says it has it.
<AlexC_> bugger. Is there no way to get hold of what that email was?
<AlexC_> if not, is there a way to trace what process could have triggered postfix to send that email?
<lamont> tct - Forensics related utilities.
<lamont> if you have process accounting turned on (unlikely, I think), then quite possibly
<AlexC_> =(
<lamont> what does /var/log/account have in it?  lots of pacct* files?
<Deeps> hypnus9: is the sshd running on the server? `ps ax|grep sshd` on the server console should tell you
<AlexC_> lamont, I've no such directory
<lamont> likewise, do the postfix logs say that it was local, or received via smtp?
<AlexC_> lamont, let me see
<hypnus9> I check it out.
<lamont> (so no process accounting)
<AlexC_> lamont, http://paste2.org/p/113659
<hypnus9> it looks to be.
<lamont> connect from foobar[foobar] <-- so that, whatever it really was, is where the mail came froim
<Deeps> hypnus9: are you sure you're connecting to the right ip? `ifconfig` on the server will tell you what ips it's assigned
<AlexC_> lamont, indeed, which is very odd - since nothing should be sending email from noreply, and the things that do - don't email to that weird .ru address
<lamont> AlexC_: and without the actual headers (I assume you trashed them?), there's not much more that can be said
<AlexC_> lamont, I've not touched any headers
<lamont> ah, ok
<lamont> I assumed the 'foobar' comments were changed IP/hostname ish stuff
<AlexC_> lamont, correct
<lamont> that would be "trashed"
<lamont> as in, yes, you touched the headers
<AlexC_> lamont, hum, I just change them in the pastebin to remove them =)
<lamont> thereby removing the information required to be able to do any further advising about what actually happened.  ok
<AlexC_> lamont, are you saying, you need the Ip/hostname that I removed to help further? The values are there, I only changed it in Pastebin so they are not in a public pastebin
<Deeps> 9 lines later...
<lamont> AlexC_: either it's 127.0.0.1 and the mail originated there, or it's not 127.0.0.1 and that host delivered mail (which either means it was one of your TLS users, or you have really poor SASL password, or some such
<AlexC_> lamont, the values were the main external IP of the server. The login was by a known users of mine ... I guess I'll just have to check all the logs I can
<lamont> ok.  the mail arrived externally from that IP, and that computer is the one which you need to be looking at to find the origin of the mail
<AlexC_> that is this computer
<AlexC_> it's ok, I may be able to poke some of my application logs to see where the devil it came from
<kraut> moin
<kebomix> Free Programming e-books With Direct Links & Request ebooks Here : http://request-ebooks.blogspot.com/
<Faust-C> after upgrading to 8.10 my system upon reboot gives file system is read only
<Faust-C> and i have to manually make it r/w
<zoopster> Faust-C: what hardware?
<Faust-C> typical desktop system
<Faust-C> zoopster, issue is really a desktop one but #ubuntu is worthless for real help
<zoopster> Faust-C: understood, was curious simply because there is a kernel issue with ath9k and the 2.27.9 kernels that presents itself strongly on a macbook pro, but is present in other systems that shows a symptom like you describe, but usually not directly after reboot
<Faust-C> ic, no we dont have that
<Faust-C> hmm man idk wth happend
<zoopster> Faust-C: without a lot more detail, not sure anyone can help - this channel may not be the proper forum...I would post to ubuntuforums.org as well as search there and generally in google
<Faust-C> zoopster, yeah im gathering more info
<zoopster> Faust-C: for the forums useful info is hardware detail, dmesg output, etc
<Faust-C> zoopster, problem is that we cant even login to system to get that
<zoopster> Faust-C: no way to open a terminal session after boot?
<Faust-C> zoopster, nope
<Faust-C> but im bootinhg to live gonna see what i can do
<zoopster> Faust-C: that was the next suggestion...see if you can mount the disk - even if the disk is RO you can read from it
<Faust-C> yeah
<Faust-C> gonna see what the real issues are
<uvirtbot> New bug: #306886 in mysql-dfsg-5.0 (main) "AppArmor profile included doesn't allow mysql to bind to socket" [Undecided,New] https://launchpad.net/bugs/306886
<uvirtbot> New bug: #306889 in amavisd-new (universe) "Default Ubuntu configuration is backscatter source" [High,In progress] https://launchpad.net/bugs/306889
<Faust-C> init: tty2 main process (4063) killed by SEGV signal
<Faust-C> init: tty2 main process ended, respawning
<Faust-C> thats the error i get if i try to login via console
<uvirtbot> New bug: #306897 in apache2 (main) "LDAP Authentication problem : ldap_simple_bind_s() failed" [Undecided,New] https://launchpad.net/bugs/306897
<lionel> is someone experimenting issues with check_ntp_time since the beginning of december?
<lionel> (with leep seconds not beeing handeled correctly)
<Faust-C> why in the hell does the IP address keep going to dhcp
<Faust-C> can someone please explain why server keeps using dhcp for inet even when ive specified a IP in /etc/network/interfaces
<sommer> Faust-C: did you set the interface to static?
<Faust-C> yep
<Faust-C> iface eth0 inet static
<sommer> Faust-C: do you have
<sommer> dhcdbd running?
 * Faust-C looks
<Faust-C> ah dhclient3 is running
<sommer> you should be able to turn that off
<Faust-C> hmm ill look for the file to disbale it
<sommer> Faust-C: if there's an init script you can do: sudo update-rc.d -f service_name remove
<sommer> Faust-C: that should not start the daemon on boot
<Faust-C> yeah i dont see a init script
<Faust-C> nor a option to stop it via cmd
<ivoks> if you installed system with dhcp address
<ivoks> then on boot dhclient will start
<ivoks> even if you change network configuration, dhclient will still be running
<ivoks> so, best cure is to kill dhclient or restart machine after network configuration change
<ivoks> we might consider this as a bug
<ivoks> er....
<ivoks> we should consider this as a bug
<Faust-C> ivoks, oic
<Faust-C> guess ill report it
<Faust-C> where is bug report site
<ivoks> lanuchpad.net
<Deeps> launchpad*
<ivoks> you don't have to report it
<ivoks> i plan bringing this up on uds tomorrow
<Faust-C> ivoks, oic sweett
<refnumzx> have an ml350 G5 with the e200I controler, write performance is bad but my main problem is hat using 8.10 server i can not get the system to boot properly install goes fine but then when it is time for the cd to come out and we reboot says atempting to boot from drive c: any ideas?
<ivoks> what's e200i?
<Nafallo> ivoks: controllercard.
<ivoks> ah, hardware raid
<ivoks> have you setup raid logical volume before installation?
<ivoks> refnumzx: ?
<refnumzx> yes i have using the hp tools
<refnumzx> the instaler recognizes it as an array so its fine
<ivoks> what kind of array?
<ivoks> 0 1 5 6?
<ivoks> if you want me to help you, i'll have to understand what you are trying to achive
<ivoks> otherwise, we'll spend hours for nothing
<ivoks> do you have disks outside the array?
<ivoks> either on controller or some other port (IDE/SATA/SCSI)
<refnumzx> its a raid5 array with 4 SAS disk directly connect to the backpln  when i start the instaler the ubuntu system formats and recognizes the drives, what i want is for when the instaler finishes i want it to reboot and load the os. everythingelse during the instal is successful
<refnumzx> no i do not
<ivoks> so, before restart, inside ubuntu installer, you get 'atempting to boot from drive c:'?
<ivoks> or after reboot?
<refnumzx> no, after reboot.
<ivoks> ok
<refnumzx> grub does not even seem to load
<ivoks> have you checked bios?
<refnumzx> the installer completel finishes what it is supposed to do
<genii> And it specifically says C:     ?
<ivoks> did you set up raid controller as a first boot device?
<refnumzx> i have updated the bios, firmware updated to latest, controler order is just fine. etc
<refnumzx> it specifically says C:
<ivoks> i see
<refnumzx> well, it tries to boot from the cd then the disk, i assume because it does nothing accept for show that message
<ivoks> did you set up your own partitions or system camed with at least one partition?
<refnumzx> the controller is the only boot device.
<refnumzx> i used guided, use entire disk
<ivoks> hm, ok
<ivoks> you have a ubuntu cd, right?
<genii> You need raid support in the initrd for it to boot from there. But grub should have a tleast tried, I would think
<ivoks> it should have 'boot from first cd'
<refnumzx> yeah no grub anything
<ivoks> genii: system doesn't boot from disk at all
<ivoks> boot from first disk, not cd :)
<refnumzx> the system boots the instal media and goes through the instaler just fine
<refnumzx> when i rebot, i remove the install media
<ivoks> refnumzx: put the cd in
<ivoks> refnumzx: and don't start installer, choose 'Boot from first disk' option
<refnumzx> the server is rather far away. then what?
<ivoks> if it boots, then you bios is broken
<refnumzx> ok. i will brb
<ivoks> it it doesn't, which i doubt, then you'll tell us what message you get
<refnumzx> absolutely nothing
<refnumzx> booting from local disk.
<ivoks> and blank?
<ivoks> if it's blank, then grub might not be installed on disk
<ivoks> how big is your raid logic volume?
<refnumzx> 400gb or so
<refnumzx> and blank, yes
<ivoks> hm, odd
<refnumzx> quite
<refnumzx> during the installer it does say installing grub and produces no errors
<ivoks> did building of logic volume finished?
<refnumzx> here is the thing the raid is configured thtough the hp tols. during the installer it asks me if i want to recognize the device as a raid configuration, i answer yes, then i go off and format the single logical volume which is the correct size, and then i continue with the instal as normal
<ivoks> and, in ubuntu, you see only one disk or more of them?
<refnumzx> a single disk
<refnumzx> which is what i am supposed to see
<ivoks> right
<ivoks> anything that comes to my mind is that logic volume isn't built, and mbr isn't formed yet
<ivoks> which i've seen with low cost raid controlers
<ivoks> never with 3ware :/
<refnumzx> ok. so how couold that be if it formats the disk?
<ivoks> dunno
<refnumzx> thanks for the help though, we tried.
<ivoks> could you start resuce option
<refnumzx> gonna have to call hp, again.
<ivoks> when you start it, you should be able to chroot to your partition
<refnumzx> never tried that. isn't that available from the grub menu? this is the thing man grub is not loading
<ivoks> then you should mount all
<ivoks> you can enter resuce from installation CD
<refnumzx> ok. then what croot what? mount all. and then....???
<ivoks> it's an option above boot from first disk
<ivoks> you'll be guided
<ivoks> then, when you get droped in chrooted shell
<ivoks> run grub-install /dev/sda
<ivoks> or whatever it's name is
<ivoks> maybe /dev/cciss/something
<refnumzx> /dev/cciss is how its shown in the installer
<ivoks> right
<ivoks> it isn't cciss
<ivoks> but /dev/cciss/c0d0 or something like that
<refnumzx> right
<refnumzx> i'll give it a whirl
<ivoks> go go go :)
<jcliff> I have a farm of about 800 servers about to be running ubuntu, is there some way of making sure they each get their ubuntu security updates/etc without sshing into each one
<jcliff> pssh looks better than mannually sshing in but there's got to be better out there right?
<yann2> same question here :)
<jcliff> yann2: serious? lol
<yann2> can have a look at puppet
<yann2> but the thing is usually people use to say, " you dont want to automate apt upgrade"
<genii> No one makes cronjobs for updates or so?
<jcliff> maybe
<yann2> considered harmful afaik :(
<maswan> We use our own version of pssh
<maswan> But yeah, that's how we do it. You just need to take care and make a wrapper script that works as hard as possible to make it run without interacting with the user.
<maswan> Good env to set: DEBCONF_ADMIN_EMAIL= DEBIAN_FRONTEND=noninteractive
<jcliff> yann2: as in automating security upgrades considered harmful or cronjobs considered harmful?
<maswan> etc
<yann2> jcliff > automating...
<yann2> you know
<maswan> jcliff: automating security upgrades isn't really considered harmful as such, but at least I'd prefer to apply them first to one of the servers before rolling them out everywher
<yann2> "blah wants to install a new config file but it seems you have changed the original file - do you want to keep your old personnalized (incompatible) file? (Y)
<ivoks> there are unanttened updates
<refnumzx> right so reinstaling grub fixed the booting issue
<refnumzx> so. is that an error in the installer?
<ivoks> refnumzx: don't think so
<ivoks> refnumzx: you installed grub on logical volume
<ivoks> refnumzx: some raid controllers have an option of defining a boot volume
<jcliff> maswan: thanks
<refnumzx> boot volume
<refnumzx> so what is the difference? wouldn't it go on the logical volume, is not that the corect way?
<ivoks> i don't know, i don't know internals of all raid controllers
<ivoks> maybe if you don't set up boot flag on logic volume, maybe controllers ignores it
<ivoks> refnumzx: bottom line is that grub is installed on logical volume
<ivoks> refnumzx: but, for some reason, controller doesn't boot from it
<ivoks> refnumzx: oh, sorry
<ivoks> refnumzx: i just saw that reinstalling the grub *fixed* the problem
<ivoks> refnumzx: i tought it didn't :)
<ivoks> refnumzx: yes, that's a installer bug
<ivoks> refnumzx: could you send me /var/log/installer/syslog?
<jcliff> maswan: oh absolutely.
<jcliff> I've never had anywhere near this many computers to deal with in one go though :)
<jcliff> yann2: thanks btw
<yann2> np
<mibocote> I have two gateways setup for 0.0.0.0, but I only want one of them. how do I delete the other one from handling dest: 0.0.0.0?
<dejuren> sommer: ping
<sommer> dejuren: yo
<dejuren> sommer: question: who write ubuntu server guide? specially e-mail https://help.ubuntu.com/8.04/serverguide/C/email-services.html
<sommer> dejuren: I've written a lot of that chapter, but some sections only updated
<sommer> dejuren: did you have a question about a specific section?
<dejuren> sommer: cause I'm looking for /etc/postfix/main.cf, /etc/postfix/master.cf, and /etc/dovecot/dovecot.conf examples. Can you help? Mean only default configuration.
<sommer> dejuren: the default files are pretty good for a "standard" install.
<sommer> dejuren: what are you trying to accomplish with your mail server?  ie, receive mail from internet, only forward mail to internet, etc
<dejuren> sommer: receive mail from internet and send mail to internet and internaly in a small local network
<sommer> dejuren: the serverguide should help you do that, I'd basically follow the postfix and dovecot sections
<sommer> dejuren: then if you want to add spam, virus, etc filtering later work through the mail filtering section
<sommer> dejuren: and when you run into trouble or have a specific question feel free to ask
<dejuren> sommer: ok, will work on it. tks.
<sommer> dejuren: you're welcome
<donspaulding> I'm having some troubles setting up Samba+LDAP,  smbldap-populate is saying... "failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 234."
<donspaulding> I'm not sure why it's giving me this particular error.  I've got the username/password setup in /etc/smbldap-tools/smbldap_bind.conf
<donspaulding> ah, nevermind, my DN wasn't fully qualified (i.e. "admin" instead of "admin,dc=mydomain,dc=local"
<donspaulding> in smbldap.conf
<agampher> Hello. I am trying to get a startup script to run at startup (crazy, I know), and it requires me to have the JRE_HOME environment variable defined to run it. It seems I am only successful at running the script at all if I sudo -s first. Any ideas on how to proceed?
<agampher> i suppose i should reword that to say run a startup script at boot
<`6og> init scripts are executed as root anyway
<`6og> but in answer to your question, `export JRE_HOME=/path/goes/here/`
<agampher> which i did, but using the sudo command to run the script causes is to fail
<agampher> i have to sudo -s, then run the command as root
<agampher> so if scripts are run as root at bootup, what is the best way (best practice) to include an application startup script in the mix?
<agampher> pardon my noobishness
<agampher> ok, heres what i did and it worked, tell me if it's bad practice
<agampher> i created a file in the init.d folder with a line that defines the environment variable and then a line that initiates the application startup script
<jmedina> agampher: using sudo -s it doesnt import all the env vars from root user
<jmedina> why not start it with a rc script?
<agampher> then i added to startu pwith sudo update-rc.d <name of script> start 51 S .
<jmedina> agampher: that is the usual wey in ubuntu
<agampher> k
<agampher> just checking to see if that was best, thanks for your help
<tonyyarusso> I'm having a bit of trouble with hostname lookups on my home network.  'ping <machinename>' gives "unknown host", but 'ping <machinename>.local' works fine.
<jmedina> tonyyarusso: add local to your resolv.conf
<jmedina> the line is "search local" without quites
<jmedina> quotes
<tonyyarusso> jmedina: I have that already, but it doesn't seem to be working.
<tonyyarusso> jmedina: FWIW, the router is running DD-WRT
<tonyyarusso> jmedina: Meanwhile on the router, the resolv.conf also has "search local", but it is the second search line - the first is "search hsd1.mn.comcast.net." (with the trailing period)
<jmedina> I think you can only have 1 search line
<jmedina> but you can use something like search local hds...
<`6og> trailing . is ok. you might want to put search local above the other.
<uvirtbot> New bug: #306821 in gvfs (main) "Network servers are not refreshed properly (dup-of: 209520)" [Undecided,Incomplete] https://launchpad.net/bugs/306821
<tonyyarusso> Okay, I got rid of the comcast line altogether, and I still have the same behavior.
<`6og> do you have network mangler installed?
<tonyyarusso> On the clients, yes.
<tonyyarusso> not the router, obviously
<donspaulding> can I use debootstrap to return a server to its original state?  after a fresh install?
<donspaulding> how can I take a running server and lose all of its settings/installed packages? (keeping /etc/network/interfaces and .ssh/authorized_keys would be bonus, but isn't critical)
<`6og> you save those files and reinstall. (i'm not aware of another method)
 * jmedina thinks donspaulding wants something like MS system restore :D
<tonyyarusso> `6og: what effect does N-M have on this?
<donspaulding> jmedina: yes, that's it!  How can I install System Restore on my server?
<`6og> tonyyarusso: the .local made me wonder. i'm also wondering if the wrt is eating the mdns data
 * donspaulding is only kidding....
<tonyyarusso> `6og: what should be my next step for diagnosis?  Disconnect the router and just work on the switch for a bit?
<tonyyarusso> .local appears to be from avahi afaik
<`6og> yes, its an avahi thing
<jmedina> tonyyarusso: do you have a local dns?
<jmedina> the .local domain on the router?
<tonyyarusso> jmedina: The router can do DNS, yes.  Uses DNSmasq.
<jmedina> tonyyarusso: why dont you send the search option via DHCP?
<tonyyarusso> jmedina: It is - and it's sending 'local' for that too.
#ubuntu-server 2008-12-11
<badawi> what's the linux-virtual package? how is it different from linux-server? doesn't linux-server kernel have the xen support?
<ivoks> linux-virtual is for guest operating systems
<ivoks> so, if you ubuntu runs in vmware, use linux-virtual
<ivoks> s/you/your
<badawi> ahh i see
<badawi> ivoks: thanks
<ivoks> np
<tonyyarusso> Clearly I don't understand Avahi...
<Lokin> Can someone help me set up my web server? Got a domain name and DNS A record set, also port forwarded :80 But it still doesn't work
<Lokin> anyone?
<Gargoyle> mornin all
<_ruben> mornin
<Scare|Working> Hi all
<dsandage> can anyone help me with a postifix issue?
<dsandage> postfix, sorry
<ScottK> dsandage: What issue?
<dsandage> ah... ill give you the err as seen in /var/log/mail.err
<dsandage> fatal: parameter smtpd_tls_session_cache_timeout: bad time value or unit: 3600a
<ScottK> dsandage: Please pastebin the output of postconf -n
<_ruben> 3600a is most likely a typo for 3600s
<ScottK> Probably.
<dsandage> it ends a
<dsandage> but ill go find the output of postconf here in a minute
<dsandage> ill have to return
<dsandage> AHHH!
<dsandage> I see what you mean I think the line with the cache_timeout reads 3600a but should read 3600s
<ScottK> 3600s is the default anyway, so there's no need to specify it.
<dsandage> at the end of setting up postfix it tells me to telnet into the "mail.example.com" on port 25, I telnet into my mailserver at port 25 but I don't see the lines that the documentation suggests
<dsandage> it doesn't do anything actualy
<dsandage> it has you type "ehlo mail.example.com"
<dsandage> I get nothing when plugging in ehlo and my server name
<dsandage> any thoughts?
<ball> Daviey: so what's the server-side news?
<ball> hello EtienneG_laptop
<EtienneG_laptop> hello ball, but who are you?
<Daviey> ball: talking about puppet right now
<ball> Daviey: remote control?
<ball> EtienneG_laptop: nobody of importance, happily :-)
<EtienneG_laptop> ball, ok, greeting nonetheless!  :)
<ball> Daviey: screen with the status bar would break compatibility with actual teletypes though.
<ball> (and perhaps hamper logging)
<ivoks> ball: thing about it as a 'special multipourpuse ubuntu maintainance shell'
<ivoks> not a replacement for screen
<ivoks> or shell
<Daviey> ball: just an idea at the moment
<ball> Daviey: I hope it gets shot down in flames, or at least made optional (perhaps a program that you can choose to launch once you log in)
<ivoks> it won't be default, of course
<ball> Oh good!
<Daviey> i said it's reinventing zsh (hi jpds)
<jpds> Daviey: o/
 * ball isn't familiar with zsh
<ball> Is that a Bourne derivative?
<ball> hey, it's lunch time!
<ivoks> zsh supports multerminal interface?
<Daviey> !zsh
<ubottu> Sorry, I don't know anything about zsh
<Daviey> :(
<ivoks> zsh is a shell
<ball> !lunch
<Daviey> jpds: please fix :)
<ubottu> Sorry, I don't know anything about lunch
<jpds> !info zsh
<ubottu> zsh (source: zsh): A shell with lots of features. In component main, is optional. Version 4.3.6-4ubuntu1 (intrepid), package size 3888 kB, installed size 11540 kB
<jpds> Daviey: Still use my .zshrc?
<Daviey> jpds: not since i reinstalled
<Daviey> :(
<Daviey> jpds: can you give it to me again?
<Daviey> it's backed up at home, would be nice to have here :)
<jpds> Yeah, I have it here - just don't have anywhere to dump it at.
<Daviey> email?
<jpds> Daviey: Sent.
<Daviey> winner \o/
<Daviey> afk
<Fenix|work> Greetings
<Fenix|work> a Jr. admin of mine accidentally ran chmod on / with the permissions 770
<Fenix|work> now no user can log in... any quick fix? :)
<sommer> chmod -R 755 /home/
<sommer> err no -R, sorry
<maswan> ehm. if it wasn't recursive, just chmod the / dir back to 755
<maswan> if it was recursive, you're out of luck
<Fenix|work> it was recursive
<nrpil> hi people
<nrpil> any kvm users here ?
<chimp> If you accidently send shutdown now without -r on it, is there a way to make the server come back to life (i haven't done this)
<Deeps> if it has WOL you might be able to magic packet it, assuming you ahve another machine on the same subnet to send from
<soren> chimp: I'd advise you to take a look at molly-guard at any rate..
<soren> It wraps reboot, shutdown and halt, checks if you're logged in remotely and asks you to enter the name of the machine you think you're shutting down.
<soren> That way, you don't accidentally shut down a remote machine.
<soren> For local logins, it doesn't do anything. Only remote logins.
<tonyyarusso> btw, why is it called molly-guard?  Who is this molly?
<tonyyarusso> Meanwhile, is there anyone who understands dnsmasq and avahi?  Technically I think the changes I need to make are on my router running DD-WRT, but if someone knows about those applications here that might be enough to figure it out.  (Issue explained at http://www.dd-wrt.com/phpBB2/viewtopic.php?p=238861#238861)
<Fenix|work> ok... I need some advice
<chimp> soren: That sounds great, I was thinking of doing alias' but that seems better
<Fenix|work> my jr adm screwed up the permissions royally on this and two other boxes that were NFSed to this one... if I use apt-get install ubuntu-minimal ... how badly is it going to mess up my current config?
<soren> He managed to uninstall ubuntu-minimal?
<hads> I believe it was a chmod -R /
<Fenix|work> soren, no... he managed to run the following --- find . -type d -exec sudo chmod 770 {} \;
<soren> Fenix|work: apt-get installing ubuntu-minimal is not going to help that.
<Fenix|work> I was thinking it may fix permissions
<hads> Good time to test your backups :)
<Fenix|work> hads, would be if this thing would even boot :)
<Fenix|work> my backups are all on tape
<hads> Your backups rely on the server being going?
<Fenix|work> yes...
<Fenix|work> ... even if it were a brand new install... which takes no time with ubuntu, I need a live server to restore to
<Fenix|work> and my restore will restore everything to just the way it were
<Fenix|work> although I had just started on experimenting with making live cd's of my installs... I hadn't finished in my vm environment
<Fenix|work> soren, is it safe to say that all directories outside of var should be permed at 755?
<Nafallo> hrm
<ivoks> no
<Nafallo> I'm doing it wrong.
 * Fenix|work smacks his forehead ... /bin = 660 ... everything
<Nafallo> this virtual machine should not use on of the hosts IPs externally...
<Nafallo> one even
<Lamo> I set up a Hardy web server and am having trouble getting my .htaccess file working. I created a .htaccess file in ~/public_html that looks like http://nopaste.com/p/aDsE6kD2M and used htpasswd -c /etc/apache2/passwords to create the file passwords. yet I am still able to load the page without being prompted for a usr/pass?
<jmarsden|work> Lamo: check permissions on the .htaccess file, and then restart your web server and retest?
<Lamo> 644
<tonyyarusso> also, check that .htaccess is enabled in your apache config - I don't think it is by default
<Lamo> that's apache2.conf?
<tonyyarusso> I think it's in sites-available/default actually
<Nafallo> Lamo: rather enable the correct modules with a2enmod
<tonyyarusso> The option's called AllowOverride
<Nafallo> Lamo: that will load in the correct options and enable the module.
 * tonyyarusso defers
<Lamo> I ran a2enmod and it gives me many choices but I don't see AllowOverRide in there
<drate> What am I missing:  I am trying to setup postfix per the documentation for Ubuntu Server 8.10, here is a pastebin of my postconf -n followed by a link of the step at which I encounter an issue:
<drate> http://pastebin.com/d283b6664     https://help.ubuntu.com/8.10/serverguide/C/postfix.html#postfix-testing
<drate> The expected behavior is shown in the second link, the actual behavior is the computer equivilant of a blank stare.
<Lamo> aha
<Lamo> needed to change none to all in my default config
<Lamo> like you were saying
<Lamo> thanks
<lamont> drate: I'm going to guess that is a modified output of postconf -n and that you've tweaked anything like hostnames and IPs, which may or may not be of significance... .what does /var/log/mail.log have to say on the subject?
<lamont> and anyway, about to run off for the evening, myself
<Lamo> where do I find my server error log?
<drate> you are correct, I am doing this for my place of business so I figured certaind details should be masked... I'll go get what you asked for
<DBAmethyst> ok I got a DL360 and I just installed 8.04.1 server.  Bios shows up both P3 1.266 procs yet a cat /proc/cpuinfo only shows up one
<DBAmethyst> how can I change this
<Fenix|work> I'm trying to run chroot from the livecd and I'm getting the following: chroot: cannot run command `/bin/bash': Permission denied
<Fenix|work> I'm logged in as root (as I've sudo bash, and then passwd
<Fenix|work> any ideas?
<drate> http://pastebin.com/d7a4b5be1   http://pastebin.com/d660e5f54
<drate> there are cats of mail.log and mail.err respectively
<drate> lamont  I think I do see something I might can track down myself but another that I cannot
<drate> the SASL can't connect to  private auth/client no such file or directory I might can trace
<drate> but the no sasl mechanisms I cannot
<drate> lamont: do you think they are related?
<drate> lamont: correction I am completely confused, it is in the /etc/postfix/main.conf exactly as indicated by the documentation
<ScottK> I guess he left.
<ScottK> If he turns up again, he should look in /etc/postfix/sasl/smtpd.conf
<uvirtbot> New bug: #307291 in dovecot (main) "Security hole in ManageSieve: Virtual users can edit scripts of other virtual users" [Undecided,New] https://launchpad.net/bugs/307291
#ubuntu-server 2008-12-12
<redneck> ï»¿could some expert tell me what is the safest way to update Hardy's network manager to version 0.7?
<ivoks> omg
<jpds> Hi ivoks
<ivoks> hi
<ScottK-laptop> kees: It seems to me that now that we've tried out clamav micro-releases a couple of times as an experiment, it's probably time to get it official and added to https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions
<kees> ScottK-laptop: yeah, I was thinking about that.  it's been a while since there's been a TB meeting.
<ScottK-laptop> According to the wiki it's done via email.
<kees> oh... er, I should read more carefully.  :)
<phix> hey
<phix> I was just saying on #ubuntu-devel, wouldn't it be a great idea if ubuntu had a concept of "templates", in which, it looks at hardware (for example hard disk drives) and determines if say suggesting a RAID1 or RAID5 "template" is appropriate
<phix> to give the user for is installer ubuntu a more high-level approach to installing and setting up ubuntu
<phix> jussi01: <3
<ivoks> ScottK-laptop: here?
<ScottK-laptop> For a bit.
<ivoks> you have a blueprint link for the mail stack you worked on?
<ScottK-laptop> Yes.  Just a moment.
<ivoks> np
<ScottK-laptop> ivoks: https://blueprints.launchpad.net/ubuntu/+spec/integrated-mail-stack and that's got a link to the wiki page.
<ivoks> great
<ivoks> mailbox backup
<ivoks> ummm... always_bcc?
<ivoks> clumsy, but a good start
<ivoks> RBL can be solved with postconf, inside postfix
<ivoks> works beautiful on all my setups
<phix> is postfix the mail server of choice now
<ScottK-laptop> RBL I didn't know if we'd just use postconf or want some intermediate script, e.g. postfix-add-rbl which wraps postconf.
<phix> ?
<ScottK-laptop> For Ubuntu, yes.
<phix> I thought it was exim
<ScottK-laptop> That's default in Debian.
<ScottK-laptop> It's supported in Main in Ubuntu, but not the primary.
<phix> ah ok :) Any main reasons why postfix is prefered over exim?
<ScottK-laptop> It's been that way since before I was involved.
<phix> ah ok
<ivoks> phix: yes; ubuntu devs prefere it
<phix> I have nothing against it, I used postfix on slackware before I even heard of Debian'
<ScottK-laptop> For myself, i looked at both a few years ago and preferred postfix.  I don't recall exactly why.
<ScottK-laptop> I tend to remember decisions, but not all the reasons.
<ScottK-laptop> Off to bed with me, so good night.
<ivoks> ScottK-laptop: night
<ivoks> me too
<ivoks> night
<uvirtbot> New bug: #262011 in mysql-dfsg-5.0 (main) "Fresh install Hardy Server + mysql-server there is no root user. No password on only user: debian-sys-maint" [Undecided,New] https://launchpad.net/bugs/262011
<uvirtbot> New bug: #307367 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/307367
<Scare|Working> Hi all
<Assid> heya
<Assid> anyone around?
<Assid> is there a bug list available on ubuntu
<_ruben> bugs.launchpad.net
<Assid> am reloading a box. wanna see if its worth moving from etch to maybe lenny or ubuntu
<ropetin> Assid: depends on what you want to acheive with the reload
<Assid> err  a server? whats there to achieve.. still deciding the os :(
<ropetin> Do you want cutting edge, stability, somewhere in the middle?  GUI, no GUI?
<Assid> middle.. but yes stable..  no gui
<ropetin> Lenny is good then :)
<Assid> #debian guys are saying to stick to etch.. use backports
<ropetin> To each their own I guess
<derefr> I'm installing JeOS in VMWare Workstation, on a Pentium M laptop. Apparently I don't have PAE available, and according to the forum posts I've read, that means I should use the generic, rather than server, kernel. How do I go about doing that? Is there some easy switch to flip, or do I have to have a long talk with apt and grub?
<Gargoyle> ho ho ho!
<Gargoyle> Interesting! I got a "moo" from #ubuntu-uk, a "gigolo, gigolo, gigolo" from #zftalk and a "humbug" from #phpnw... which means were all mad! :P
<Oliber> wrong
<selinuxium> Hi all, the linux-virtual kernel... Is that for the VMhost or VMclient? ANd is it just a case of apt-getting it?
<Oliber> from what i understood, it's for guests
<_ruben> guest indeed .. and its best to install it using apt-get install linux-virtual
<eax_fr> hi there
<incorrect> hello i am trying to find more info on the preseed file to the automated pxe boot install
<eax_fr> i'm looking for information about creating nas server with web interface (like freenas) but based on ubuntu server....
<eax_fr> does anyone know a good panel (web interface) to manage iptables ?
<incorrect> http://tinyurl.com/5tkfxa
<Nafallo> nice. it's working again :-D
<selinuxium> hey there _ruben, after installing how do I check it is using the corect kernel?
<incorrect> strange my preseed file works apart from when i tried to log in after the system as installed i just get diamonds
<_ruben> selinuxium: which ubuntu version?
<selinuxium> _ruben: 8.04
<_ruben> in 8.04 uname -a will show -virtual when the -virtual kernel is loaded
<selinuxium> _ruben: Cheers, I di dthat before and it wasn't showing.. it is now.. :)
<incorrect> where can i get a list of the 'tasksel' options for the preseed file?
<_ruben> incorrect: check /var/log/installer/cdebconf/templates.dat and /var/log/installer/cdebconf/questions.dat
<incorrect> is there anyway to get the preseed file after an install?
<ikonia> pressed file ?
<hads> preseed
<uvirtbot> New bug: #307424 in samba (main) "problem in starting samba daemons cannot load libtalloc" [Undecided,New] https://launchpad.net/bugs/307424
<nnull> server run on 64 meg?
<nnull> asin, would it be usable? (i know it will work)
<eax_fr> l
<nnull> |
<_ruben> define "usable"
<_ruben> incorrect: you want a preseed file based on an existing install or what?
<Faust-C> anyone here use otrs2 for a ticket system?
<Faust-C> or have any other suggestions for a ticket system
<Deeps> rt
<Deeps> kayako
<Deeps> (kayako's not free, but it's quite easy to hack up and add new stuff to, and easy to integrate with an existing website layout)
<Faust-C> Deeps, ah ty, we are in serious need of a ticket system
<ScottK-laptop> RT is widely used.
<Deeps> otrs was a pita when i tried it
<Faust-C> atm we use a access frontend to deal w/ users
<Deeps> both to setup and to use
<Faust-C> Deeps, yeha otrs2 is being retarted atm
<Deeps> RT may leave you in dependancy hell
 * Faust-C looks at both and see whats best
<Deeps> and kayako's written by indians
<Deeps> so they all have their downsides
<Deeps> i'd recommend kayako over the lot though, especially if interface visuals matter
<Faust-C> lol
<Deeps> owned license is.. $300?
<Faust-C> 499
<ScottK-laptop> RT is packaged for Ubuntu so the dependency part is dealt with.
<Faust-C> thats not bad compared to the others ive seen
<Deeps> there's 2, the tickting only and the full supporesuite
<Faust-C> perldesk is more expensive iirc
<Deeps> i think the full supportsuite is $500
<ScottK-laptop> Canonical uses it internally, so I'd guess the RT packages are in good shape.
<Deeps> sounds like that may be your bet
<Deeps> i did encounter some problems trying to setup RT in ubuntu though when i tried, in gutsy i think
<Deeps> might have been an older version and needed a newer for some reason
 * Deeps shrugs
<Faust-C> ScottK-laptop, o rly
<Deeps> if canonical are using it internally then the packages will be in good shape though aye
<Deeps> if you're needing ticketting for internal issues than RT's almost definately the one to look at
<Deeps> if external, dunno, not used it properly in a few years so it's probably less crusty than it used to be by now
<Faust-C> internal luckly
<Faust-C> just tired of users BCC'ing boss like thats gonna make me jump on it
<Faust-C> tired of other depts ragging on IT saying we dont do anything and we just spend money
<Deeps> ugh, mysql user + group has rw rights to /home/mysql, running mysqld as mysql user results in error
<Deeps> 081212 13:46:58 [Warning] Can't create test file /home/mysql/shitbox.lower-test
<Deeps> `touch /home/mysql/shitbox.lower-test` as mysql user works
 * Deeps grumbles
<Faust-C> lol
<Deeps> oh, apparmour
<nblracer> hello
<incorrect> _ruben, i am looking to find the end result of an installation,  you see for some reason my preseed file says en_GB but i am getting arabic or something
<_ruben> incorrect: use debconf-get-selections (part of debconf-utils package) to extract that data, tho those files i mentioned before will probably have that info as well (since debconf uses those)
<incorrect> thanks
<incorrect> grep doesn't find anything that relates to the tasksel options
<Assid> heya
<incorrect> can i say 'tasksel tasksel/skip-tasks      string true' in my preseed file?
<Assid> okay i been running debian... well all my servers till date. and used ubuntu on desktops as far as that goes.. now i am considering using ubuntu server. however, i do need stability .. also a working openvz
<Assid> and dont really need/care for gui
<incorrect> Assid, then don't install one, server, desktop, jeos etc its all the same pretty much
<Assid> incorrect: yeah.. just making it clear on my usages
<Assid> to be honest. i can use etch with an old kernel.. like 2.6.18
<_ruben> $ grep tasksel /var/www/preseed-virtual.txt
<_ruben> tasksel tasksel/first multiselect standard, openssh-server
<incorrect> Assid, if you install something you don't want do apt-get --purge autoremove x
<Assid> wait for updates every now and then
<_ruben> thats all the tasksel stuff im preseeding
<incorrect> _ruben, its too muh for me :D
<_ruben> standard = server packages
<_ruben> jeos doesnt offer all that much less .. base install differs like 50megs
<Assid> right.. but im still trying to decide on moving to ubuntu on my server.. or sticking to debian.. it has been good to me.. so far.. but would be nice to have newer software.. which perhaps in general terms run better
<incorrect> fair enough
<Assid> i tried lenny.. well openvz is acting rather strange
<incorrect> maybe i am being too anal
<Assid> i still cant get setting cpus or cpulimit
 * Nafallo fears openvz
<Assid> dont get me wrong.. i like ubuntu.. well.. atleast the community.. and even am part of all Release parties.. as a major seeder and mirror (unofficial)
<Assid> http://bobbo.me.uk/index.php/intrepid-seeding/
<Assid> Nafallo: its pretty good once you get the hang of it
<Nafallo> Assid: I've had it fail miserably on me. not a fan.
<Assid> hrmm works perfect here
<Assid> what happened for you
<Nafallo> migrated to another host, didn't start up properly, so migrated back, and the damn thing got all UIDs wrong.
<Nafallo> mysql doesn't run well as postfix...
<Assid> err
<Nafallo> total bloody disaster.
<Assid> uid actually will show as the host node uid if you login from hostnode
<Assid> unless you ENTER the container itself
<Assid> and i dont mean cd /var/lib/vz/private/<VE>
<Nafallo> no. username uid
<Nafallo> it changed the RIGHTS of all systems
<Nafallo> what users and groups owned what and whatsnot
<Assid> nah
<Nafallo> yes. it did.
<Assid> i said no.. AND THATS FINAL.. !!!!
<Assid> lol
<Nafallo> ...
<Assid> your definitely doing something wrong
<Assid> okay ..
<incorrect> strange my preseed file keeps creating weird console settings
<Nafallo> not anymore I'm not. not going to touch that crack again.
<Assid> so should i use ubuntu server?
<incorrect> just get diamonds when typing
 * Assid starts to think
<incorrect> Assid, if you want to
<Assid> lemme get a os reload ordered
<Assid> lets try it
<Assid> is it "stable"
<Assid> i mean really stable
<Assid> hrmm
<Assid> only option is hardy
<incorrect> Assid, its only a tunip
<Assid> tunip ?
<incorrect> turnip
<genii> incorrect: Did you preseed a keyboard type?
<incorrect> if you wish try it and see if it mights your high standards
<Assid> a fruit?
<incorrect> genii, i did
<incorrect> locale=en_GB console-setup/layoutcode=en_GB  from the default.cfg
<incorrect> and d-i debian-installer/locale string en_GB.UTF-8,  d-i console-setup/charmap   select  UTF-8, d-i console-setup/layoutcode        string  gb
<Assid> will update to intrepid
<Deeps> Assid: 'really stable' requires a few years of testing.
<incorrect> and why does gimp-help-common get intalled
<Assid> alrite lets see
<Assid> sent in a os reload
<Assid> should have it in 10-15 mins
<incorrect> err
<Assid> ?
<Assid> 10 mins more
<Assid> you guys using ii or hh ?
<genii> incorrect: I think console-setup/layoutcode  string en
<incorrect> thank you
<incorrect> lets see if this works
<genii> incorrect: Possibly also you may need something like console-keymaps-at/keymap=gb             as well
<genii> incorrect: On my pxelinux.cfg/default   kernel line i have some options like these
<genii> (although in my case is set for Canada with US english keybd, etc)
<incorrect> i've tried a number of combinations
<incorrect> if i set it manually everything is happy
<incorrect> shame the installer doesn't dump the preseed config after its done
<genii> Hm
<genii> !info pastebinit dapper
<ubottu> Package pastebinit does not exist in dapper
<genii> incorrect: I was going to pastebin my preseeds and kernel load line but it's running 6.06 on that box
<incorrect> genii, i am rebuilding my system now, i should know the results shortly
<genii> incorrect: OK
<incorrect> i think i need to change console-setup/layoutcode=en in my default.cfg
<incorrect> ok lets try again
<Assid> anyone know what kernel comes with ibex ?
<incorrect> 2.4.3
<Assid> 2.4.3 ???
<incorrect> Assid, try this http://tinyurl.com/6z7hq5
<Assid> hahahaa
<incorrect> why on earth do package components from gimp and openoffice get installed when i do a server install?
<Faust-C> hmm mod_perl, fastcgi, or speddycgi
<Faust-C> which one would be better
<leonel> if you have to serve static content  you don't need mod-perl  in the server ..
<Faust-C> leonel, its for 'request-tracker'
<genii> Assid: To answer your versions question I'm using headless 6.06 on a couple, 8.04 on the others
<leonel> Faust-C: so the static  content will be serverd from  a perl handler ??
<leonel> Faust-C: not so static ?
<Faust-C> leonel, if 'request-tracker' requires one of the above i dont think its static
<leonel> Faust-C: that's why I said that you don't  need mod-perl  to server static content in the httpd server
<Faust-C> leonel, i think youre misunderstanding what im asking, http://bestpractical.com/rt/rt-broken-install.html
<leonel> I understand that you are asking what's better and for  static content  you don't want  a mod-* in your httpd server, so , I'll go  fastcgi
<Faust-C> leonel, oic thats what i was wanting to know, thank you very much
<incorrect> this is getting silly, i can't get the console to to set itself correctly
<incorrect> sigh
<Faust-C> i swear my developers are gonna hate me
<incorrect> they don't already?
<Faust-C> "how come my vnc internally wont work it works at home"
<Faust-C> why the hell are you using vnc w/o telling someone
<Faust-C> "its encrypted"
<genii> incorrect: Hang on I'll post what I have somehow, you can examine and see if any of it is useful
<Faust-C> i dont care, it wont work soon
<incorrect> thanks genii
<netrat> i'm looking for a shared disk file system... what would you guys recommend and what is the recommended/supported solution in ubuntu? glusterfs, gfs, etc??
<incorrect> setting the passwd using md5 doesn't seem to work either
<genii> incorrect: http://pastebin.ubuntu.com/84430/             this is for unattended 6.06 install of kubuntu and there is some custom stuff in there, but you may find some of the stuff useful
<incorrect> i will go over that see if i can see what i've done wrong
<ivoks> Daviey: http://ivoks.blogspot.com/2008/09/full-control-over-server.html
<Daviey> ivoks: nice!
<uvirtbot> New bug: #307496 in samba (main) "no display network computer" [Undecided,New] https://launchpad.net/bugs/307496
<Nafallo> Daviey: I can be nice
<Nafallo> !
<Daviey> Nafallo: you are never nice :(
<Nafallo> Daviey: that wasn't what you said while I scripted :-P
<jpds> Daviey: Come to the community room.
 * Faust-C subscribes to ivoks blog
<Faust-C> woo still messing w/ fastcgi
<Fenix|work> Greetings
<Fenix|work> anyone have a handy-dandy link that shows which versions of ubuntu livecd's have which kernel version?
<Daviey> https://help.ubuntu.com/community/Dovecot  Vs. https://help.ubuntu.com/community/Courier  <--- "For a first installation, the default options perfectly match most of the needs. So no modification will be done"
<Daviey> Why are we using dovecot again?
<jtaji> Fenix|work: http://packages.ubuntu.com/search?keywords=linux-image&searchon=names&exact=1&suite=all&section=main
<Fenix|work> jtaji, thanks!
<Fenix|work> trying to install the qnx4fs module but it's only compatible up to 2.6.24
<Fenix|work> so Hardy should do the trick
<Faust-C> hmmm how do i make a link properly
<Faust-C> atm im using "ln ../mods-available/<mod-name> <mod-name>" in mods-enabled
<genii> Maybe use -s
<Faust-C> yeah i just read that as you said it
<hads> You talking about apache?
<Faust-C> yeah
<Faust-C> trying to get RT working
<hads> Okay, then use a2enmod/a2dismod and a2ensite/a2dissite
<Faust-C> i get it half working and when i load the site it says "almost there" then complains i dont have mod-perl, fastcgi or speedycgi configured
<leonel> Faust-C: use   sudo a2enmod      to enable  apache modules
<leonel> Faust-C: and restart apache
<Faust-C> leonel, ty, im reading into that now
<Faust-C> the install docs for RT arent up to date for ubuntu
<Faust-C> well atleast now i have a forbidden rather than 'half way there' error
<Faust-C> omg wth else do i have to do to get this to work ?!
<Faust-C> ive done all that the docs have done and still cant get this to load
<Faust-C> complains that i dont have a perl thing configd when i do
<Jared555> hey, does enabling serial port console enable any security risks?
<kees> Jared555: in general, no.  it still requires authentication, and something needs to be attached to it.
<Jared555> does it affect ability to do at keyboard/ssh administration at all?
<Jared555> you know I suppose I should see if the system even has a serial port LMAO
<Jared555> well... thanks
 * antdedyet sets up another ubuntu server
<chimp_> Don't laugh, but I accidently made a bash script that incidently gets stuck in a loop and added via update-rc.d foo defaults, and as such it gets stuck on the script on bootup, is there a way to kill the script as ctrl-c has no effect on boot?
<antdedyet> chimp_: ^\
<antdedyet> chimp_: or you can find the PID and use the kill command from another terminal.
<chimp_> Thanks for that
<chimp_> Is there a name for things like ^\ so i can look up more of them for future use
 * Faust-C fights w/ apache
<Faust-C> argh this is really teeing me off
<rickross> hi all, we're trying to get a clear sense of what differences to expect in an 8-disk RAID 5 array when using software RAID versus a hardware RAID controller like the Adaptec 5805
<rickross> anyone know of any good benchmark reports or data to look at?
<antdedyet> chimp_: get to know your shell
<antdedyet> chimp_: man bash ... or zsh, ksh, csh, and so on... whatever you're running
<Faust-C> rickross, idk how you would compare the 2
<rickross> Faust-C: nor do I
<Faust-C> considering they both have basic benefits and drawbacks
<rickross> we're trying to figure it out - trying to assess whether it is a good value to spend $500+ more for a HW RAID controller or not
<Faust-C> rickross, i would just search for a list that compares sw raid, then one that compares various hw raid as well
<rickross> we have found data that compares the Adaptec to other hw raid controllers, but so far we have had no luck finding a comparison to a linux software raid baseline
<rickross> ok, this might help - http://www.linux.com/feature/140734 - Benchmarking hardware RAID vs. Linux kernel software RAID
<LeeQ> Hi all.
<LeeQ> Anyone have any recomended reading on backing up my ubuntu server?
<jtaji> LeeQ: look up rdiff-backup
<LeeQ> excellent, thank you
<Tonio_> hi there
<nijaba> Tonio_:  meet kees, seeting two seats away ;)
<nijaba> seating too
<kees> heh
#ubuntu-server 2008-12-13
<uvirtbot> New bug: #307437 in mysql-dfsg-5.0 (main) "mysql has to autostart later" [Undecided,Incomplete] https://launchpad.net/bugs/307437
<xp_prg> oh cool, hi everyone, I just installed 8.04 on my virtual host, want to upgrade to 8.10 but not clear how to do that using only command line, can anyone assist?
<xp_prg> hi anyone here?
<xp_prg> I want to user ubuntu server
<xp_prg> user = use
<ScottK-laptop> xp_prg: sudo do-release-upgrade
<xp_prg> do-release-upgrade
<xp_prg> Checking for a new ubuntu release
<xp_prg> No new release found
<xp_prg> should that happen ScottK-laptop?
<ScottK-laptop> There's a flag you need to use.  Let me look (this is because 8.04 is LTS).  Hang on.
<xp_prg> ok many thanks
<xp_prg> is it:  do-release-upgrade -d
<xp_prg> ?
<ScottK-laptop> I think so.
<ScottK-laptop> Worst case it won't find anything either.
<hads> Yeah -d
<zoopster> did you already apt-get install update-manager-core?
<xp_prg> ya just did that
<xp_prg> that will bring me up to 8.10 right?
<ScottK-laptop> Should.
<hads> Yeah
<xp_prg> nice! what are the benefits of 8.10 compared to 8.04?
<hads> Some things
<hads> Depends what services you use etc.
<xp_prg> well I am hoping to make this a django/postgres type server
<hads> Not a lot of difference then I'd say.
<ScottK-laptop> 8.10 has django 1.0 for starters then.
<hads> Unless you use django from packages I guess, heh.
 * hads doesn't use django
<xp_prg> I guess everyone loves php
<ScottK-laptop> Now that it's 1.0 that's a pretty reasonable thing to do.
<hads> ScottK-laptop: True
 * ScottK-laptop wouldn't touch php with a 10 foot pole.
<hads> xp_prg: I wouldn't guess that
<xp_prg> what do you like Scott?
<xp_prg> jsp?
 * ScottK-laptop is more of a mail server guy than a web server guy, so I tend to hand write python scripts when I need non-static web stuff.
<ScottK-laptop> But I'd do Perl before I'd do PHP.
<hads> I do websites in Python, not django though.
<xp_prg> what do you use hads?
<ScottK-laptop> I know a number of people who really like Pylons.
<ScottK-laptop> I haven't tried it myself.
<ScottK> I'm also experimenting with different IRC clients right now.
<hads> I use Werkzeug/Jinja/SQLAlchemy mostly.
<xp_prg> I wish perl had a good backend, only thing you can use is like catalyst but that is not very turnkey
<xp_prg> if I do the do-release command and disconnect from the terminal does it stop running?
<hads> Of course, unless you're running in screen.
<xp_prg> well if I exit in the middle can it restart ok or not?
<xp_prg> anyone know the answer to that, I need to know please
<zoopster> xp_prg: not a good idea, you may be left with a non-functional system depending on where it is left
<xp_prg> oops ok
<hads> Patience is a virtue
<ScottK> If you run do-release-upgrade via ssh it'll start a second instance of ssh you can connect to
<ScottK> It's not recommended, but I've never had a problem with it.
<hads> And print several warnings telling you all about it.
<ScottK> Yes.
<xp_prg> yes I ran it via ssh
<ScottK> It's not clear to me how else one is supposed to do a remote upgrade.
<hads> Yeah, I do it too.
<hads> In screen of course
<xp_prg> so it is ok to disconnect if it I did that way?
<xp_prg> ScottK ?
<ScottK> I suppose.
 * xp_prg wishes he would have used screen
<ScottK> I actually don't generally bother with that as my ssh connections are very reliable.
 * hads has dodgy NZ ADSL
<xp_prg> wow the upgrade is done!
<zoopster> my upgrade went quick as well, but then again I don't have much on it!
<alex_21> I want to set up my own equivilant to dyndns for my users. I run a service where people can use hard drive space on their home hdd to store stuff and access it via username.vipbc.org instead of ipaddress. How to do this, is what I am after
<axisys_> is there a pkg for lustre filesystem?
<Kapli> Hey, I've used apt-get install eggdrop to install the eggdrop bot but i cant find out where it was installed
<badawi> dpkg -L eggdrop
<_ruben> and dpkg -L eggdrop-data
<Kapli> thanks
<stefg> Hi, i'm about to set up a backup server and find contradicting info about wether a mdadm raid 1 takes advantage of the combined read speed of the participating disk. The mdadm wiki says yes, some benchmarkers say no... any mdadm expert in here who can shed light on this?
<Kamping_Kaiser> its supposed to, wether you see a noticeable difference on the other hand ... (note, not an expert on mdadm)
<stefg> Hmm... my problem is that it the server needs to be a drop in replacemant for the actual file server in case of failure. As you can imagine the budget only paid a backup machine whose I/O performance will get my users angry, should the actual server ever fail ... so if raid 1 does not increase read speeds over a single disk i might beg for some more disks to setup a raid 10 instead
<_ruben> too many factors involved, run benchmarks to make sure, also depends on the type of workload and everything .. tho the global rule of thumb is that raid1 has better read performance over single disk
<_ruben> raid10 gives even more read performance, and also increased write performance
<stefg> Yeah, i was hoping to get around of doing benchmarking myself... workload is just files erving (samba) in a 30 user network. but as all users have all their files on the samba server it's quite busy
<refnumzx> i am getting the following error in the kernel log from my ubuntu 8.10 server [236776.421342] console-kit-dae[9983]: segfault at 1a0 ip 00007fa54526ee09 sp 000000004091d090 error 4 in libglib-2.0.so.0.1800.2[7fa545242000+c3000]
<refnumzx> any advice on how to stop this error? or what is causing this?
<refnumzx> google doesn't help
<ScottK-laptop> refnumzx: That's related to the consolekit package, which isn't normallly a part of Ubuntu Server installs.
<refnumzx> i did not install it on my own the only packages i select during install was the virtualization package and openssh-server. can i remove this package with out harm, and if so what is the package name?
<ScottK-laptop> consolekit is the package name.  You can try to remove it and see what else is removed too (it'll ask for confirmation).  If you don't care about the other stuff it wants to remove, then go ahead.
<refnumzx> consolekit is the name.
<refnumzx> uhh dbus and dbus-x11
<refnumzx> do you know wha they do?
<ScottK-laptop> Those are things consolekit needs, not things that need consolekit, so if that's it, it's safe to remove.
<refnumzx> ah right, thanks man appreciate it
<ScottK-laptop> Dbus is more commonly found in desktop installations.
<ScottK-laptop> http://www.freedesktop.org/wiki/Software/dbus
<refnumzx> why would it install for this server? strange.
<refnumzx> i tried to be minimal when it comes to this instal as i am going to be using it for virtual machines
<refnumzx> using the kvm builder that ships with this version
<ScottK-laptop> Dunno.  I checked and I don't have it installed in my Intrepid server, but it was also an upgrade from Hardy, so it's possible a new install would bring in more packages.
<refnumzx> ah. ok
<refnumzx> are you sing VM on your server? if so, do you use the built in ubuntu tools? do you like them? how is network performance? any problems with USB storage?
<ScottK-laptop> I've experimented a bit, but not really and not recently, so i don't have much to offer.
<ScottK-laptop> I know that Ubuntu is putting a lot of effort into it, so I'd expect the supported tools to work reasonably well.
<refnumzx> yeah, i would as well.  how do you use your server?  i mostly use my servers for file storage over samba/nfs, mail and other database tasks so i think virtualizing will be a good approach?
<ScottK-laptop> Sorry, need to run off ....
<refnumzx> seeya
<Miscc>  hello is there some program or script to allow only some countries make connection into my server and prevent other countries from connecting to my server in deffirent ports ??
<lianimator> how do I make a local server accessible from the outside (e.g. Internet)?
<lianimator> I have installed apache server on Ubuntu. it's works locally. I am behind a router.
<lianimator> so if I access my external IP, the it goes to my router config page by default.. what do I do from here?
<lianimator> I tried adding port 8080 to NameVirtualHost and Listen in the file etc/apache2/ports.conf
<lianimator> but when I restart apache, it says NameVirtualHost takes one argument.. I'm trying to adapt http://www.groovypost.com/howto/apache/configure-apache-web-site-to-use-multiple-ports/ to Ubuntu
<Miscc>  hello is there some program or script to allow only some countries make connection into my server and prevent other countries from connecting to my server in deffirent ports ??
<lianimator> Miscc: what do you mean by different ports?
<Miscc> lianimator : all public ports like 22 80 21 ...
<Crystalli> blaae ! :S
<Crystalli> +tnc
<Chipzz> Miscc: for apache, you can try geoip
<Chipzz> but that doesn't work for arbitrary ports
 * Chipzz is having some troubles with the crap called UUID
<Chipzz> findfs only finds my root partition, not the other partitions
<Chipzz> I'm thinking it's because some symlinks (/dev/md-*) are not created
<Chipzz> what would be responsible for that? udev I suppose?
<Hawkey> hi, im looking for some mysql diagnostic tool for ubuntu, can someone give me some tip?
<jmarsden> Hawkey: mysqladmin?  Be more specific -- what is the problem you are having?
<Hawkey> hi loads
<Hawkey> high loads ...
<jmarsden> So you think there is a specific query causing this?  You can turn on query logging and see what is happening that way... is that the kind of thing you are looking for?
<Hawkey> or back forget.. some utility which shows me  why are my cores on 100%.. for example i have own program and it loads 100% of one core.. so.. is there some utility to check where could be some mistake?.. some kind like valgrind if you now
<jmarsden> Sounds like this is not a MySQL issue, but a basic "my prorgam is looping" issue... what language is your program written in?
<Hawkey> jmarsden : i wrote forget;) written in c++
<jmarsden> So why not use whatever debugger you normally use for C++ programs (gdb or watever) to debug this one?
<Hawkey> well.. good point :DD
<jmarsden> You could try gprof if you ened a profiler, but I think a normal debugger might be the first thing to try.
<jmarsden> s/ened/need/
<maswan> Hawkey: oprofile takes a system view on what's taking up time. systemtap if you need to do more in-depth instrumentation in the kernel etc.
<Hawkey> thanx
<uvirtbot> New bug: #307773 in mysql-dfsg-5.0 (main) "apparmor profile in hardy inhibits replication slave" [Undecided,New] https://launchpad.net/bugs/307773
<aaronkrill> anyone here use haproxy?
<Hawkey> lol interesting
<Hawkey> jmarsden : remember advice you gave me before 4 hours? ;)
<aaronkrill> i cant get haproxy to add the x-forwarded-for headers to requests... any ideas? my config: http://dpaste.com/98651/
#ubuntu-server 2008-12-14
<jmarsden> Hawkey: I'm back... was my advice helpful? ;)
<Hawkey> well not exactly:D
<jmarsden> What have you discovered so far?
<Hawkey> i discovered that 100% cpu time is producted when i start my binary via nohup
<jmarsden> But not when started from a normal interactive shell prompt?
<Hawkey> i connect on my ssh.. when i run app with binary , core one jumps on 100% usage.. when without nohup it's normal
<jmarsden> OK.  Does your app ever read input from stdin?  I would expect it is not handling stdin begin connected to /dev/null very well?
<Psi-Jack> Okay, here's a curious poll then. What filesystems to users here commonly use?
<LoveGuru> ext3/ext2 / raid
<hads> ext3 and jfs
<LoveGuru> Kamping_Kaiser ?
<jmarsden> help /topic
<axisys_> how hard is it repartition a live ubuntu server.. i want make a separate partition for /home dir and move it off of / (root) partition
<Kamping_Kaiser> axisys, you shouldnt resize live partitions (unless its on lvm iirc)
<jtaji> shouldn't be a problem with /home if no users besides root are logged in
<LoveGuru> Hay Kamping_Kaiser Welcome :) i m looking for ya :) if u are not bzy :<
<jtaji> axisys: pretty easy... add new entry to fstab; mount /dev/<newhomedevice> /mnt; cp -a /home/* /mnt; umount /mnt; mount /home
<Kamping_Kaiser> jtaji, sounds like its on / , so unless its moving to a new drive it migh be a problem
<Kamping_Kaiser> LoveGuru, you should just ask the channel, if i know, i'll talk  :)
<jmarsden> axisys_: Shut down server, boot from live CD, shrink existing / partition, create new ext2fs on freed-up empty space, then do what jtaji suggested, basically.
<jmarsden> s/ext2fs/ext3fs/
<LoveGuru> Kamping_Kaiser: well i tried :< anyways fine thanx.. i really glad to see ya again :) tx
<jtaji> axisys: yep my advice should be preceded by what jmarsden said
<jtaji> axisys: then if it's working, you can delete stuff from the /home on your root while in the live system with: mount --bind / /mnt; rm -rf /mnt/home/*; umount /mnt
<axisys_> ok.. so has to be booted from cd first.. ok.. no way to adjust the / partition size while running.. that is what I thought.. thanks
<jtaji> axisys: right that's the only reason you need to reboot is to resize
<axisys_> jtaji: yep
<LoveGuru> Well im trying to setup a server, i Just want to know that.. how can i use some custom authorization like. if i add user so first of all that user can't cd or view any other users directories, other thing i want to set diskspace allocated so user can just that allocated space, same thing with compiler authorization without my permission user can't compile or gcc to anything else, can i do that?
<jmarsden> LoveGuru: Sounds like you want (a) jails for each user (b) disk quotas and (c) chown 0700 /usr/bin/gcc and all its friends.
<LoveGuru> jmarsden: correct
<Kamping_Kaiser> d. not install gcc to start with (and put it in a chroot)
<jmarsden> LoveGuru: So.. yes, you can do that :)
<LoveGuru> jmarsden, well i m learn all those stuff, so how can i ? Please if u have Brief tutorial or info that can help me out with sort of those things? all help really appriciateable.
<Kamping_Kaiser> debian hardening guide
<jmarsden> Have you already googled for each of them and the two words "ubuntu" and "tutorial" ?  There should be several on chroot jails... I think you can Google as well as I can?  I'll find you a tutorial on disk quotas...
<LoveGuru> jmarsden: sure.
<LoveGuru> Kamping_Kaiser: debian hardening guide?
<jmarsden> LoveGuru: Third hit googling for ubuntu disk quota howto leads to: http://computingtech.blogspot.com/2008/09/ubuntu-linux-disk-quotas.html
<jmarsden> LoveGuru: Try googling for debian hardening guide too :-)
<LoveGuru> jmarsden: so the debian guide work with ubuntu server? well its sort of debian. but still wanna know ?
<jmarsden> The principles are the same, yes.
<LoveGuru> Alright Thankyou so much.
<LoveGuru> Kamping_Kaiser: thanks you too.
<LoveGuru> jmarsden: is there anyhow i can make script,? and put all this thing together and run with each user should it work? or not?
<jmarsden> I don't understand the question.  Yes, if you know how to write scripts, you can write them and run them...?
<jmarsden> Whether they work depends on how well you wrote them ;)
<LoveGuru> ahh .. exactly thats what my question answer is.
<LoveGuru> :)
<LoveGuru> thankx :)
<jmarsden> BTW se http://ubuntuforums.org/showthread.php?p=6309118 for a Ubuntu Hardening Guide
<LoveGuru> ahh alright kool ty again :)
<jmarsden> No problem.
<LoveGuru> u know what.. i would that.. if kinda u guys are helping new comers .. then always *nix rocks n keep rocking :)
<LoveGuru> *say
<Kamping_Kaiser> LoveGuru, it would be nice if you'd say 'you' not 'u'
<LoveGuru> ahh sorry my bad/shortcut language, i will be carefull next time
<jpds> !u
<ubottu> Unless you're Dutch or Flemish, or a government officer, the letter 'U' is not a pronoun.  If you want to be taken more seriously, please bother to type out the extra letters in "you".  The same goes for "are", "why", "because", "anyone", and so on..
<jpds> ;-)
<LoveGuru> :\
<LoveGuru> got it
<jpds> LoveGuru: The bot was just a joke. :)
<LoveGuru> i won't mind :)
<LoveGuru> rule iz rule :) not to be broken
<axisys> how do I make the link full duplex? line 517 in my dmesg shows it is half duplex
<jmarsden> axisys: It should be autonegotiated with the switch port you are connected to.  Unless you messed with the switch configuration?  Duplex mismatch is bad... see http://en.wikipedia.org/wiki/Duplex_mismatch
<axisys> jmarsden: looking at the wiki
<axisys> how do I find out what my server is set to? also how do I force it full assuming switch is full
<jmarsden> Unless you have a configurable switch and played games with it, everything autoconfigures.  I've not had to manually set half duplex/full duplex for... at least 8 years...
<jmarsden> Are you seeing the symptoms of duplex mismatch -- VERY slow networking when transferring files, etc?
<jmarsden> If not, leave it all alone.
<axisys> what tool to check the nic stat beside the dmesg for the server?
<jmarsden> I'm not sure, it's been too long.  May be NIC-specific?  grep the log files in /var/log/ maybe?
<jmarsden> If the output of ifconfig shows no errors, there is a VERY high probability all is well.
<hads> ethtool
<axisys> hads: thnx
<axisys> my ibm netvista 8305 gets me login prompt but after I put my user name it hangs.. just installed ubuntu 8.10 from alternate ISO.. the splash was nice.. may be gnome issue?
<axisys> i cannot even swicth to other psuedo ttys using ctrl-alt-F1
<axisys> i just need to install sshd and that is all.. dont care of gui after that
<axisys> is there any option i can give it to kernel at grub menu to not start X and just drop me to a shell?
<axisys> hmm I did not I could do vga=ask
<axisys> let me try
<axisys> well that gave a vga option to pick from.. atleast now when I login I see the mouse but no gnome.. how do I tell it to boot w/o any X
<axisys_> looking for an article on to setup gmail as the relayhost
#ubuntu-server 2009-12-07
<mgpcoe> trimeta: Pop open another terminal window and tail -f /var/log/syslog
<Ninjix> what virt software are you using?
<Roath> windows virtual PC
<trimeta> mgpcoe: Oh, wait, I think I know what's happening: I've put public_html in peoples' home directories, but all home directories are 700.
<trimeta> Well, I wanted the security of 700, but it probably isn't an option here; oh well.
<mgpcoe> trimeta: :) That's probably at least part of it.
<Ninjix> Roath: strange, I would assume the default vga 8-bit mode would work
<Roath> well, after an install with all default, the display gets all garbled, like long lines going from top to bottom, i can see something is happening on the screen but not what
<mgpcoe> trimeta: I know there's a way to set Apache to spawn its processes under the UID of the file owner; that will probably solve part of the problem.
<Roath> as if it cant render in that bit depth
<Roath> default as far as i know is 24, but i read somewhere that windows virtual pc only supports 16 when running linux on it
<trimeta> Yea, that was it. I knew it was probably something stupid, but I hadn't thought it would be that stupid.
<Ninjix> Roath:
<mgpcoe> trimeta: I wouldn't sweat it; I know I've done worse.
<Ninjix> Roath: here are some other vga boot mode codes: http://www.pendrivelinux.com/vga-boot-modes-to-set-screen-resolution/
<Roath> they dont work, i keep getting the same "popup" called Boot loader
<trimeta> Anyway, thanks.
<Ninjix> is that after you hit Tab and exit the boot options?
<Roath> tab does nothing
<Ninjix> Roath: "Boot loader" sounds like Grub wanting more command arguments
<Roath> Ninjix, i've never needed to do this, so dont know what to do, which is why i ask so much
<Ninjix> Roath: are you still trying to boot from the ISO or have you gotten 9.10 server installed already?
<Ninjix> Roath: no worries
<Roath> no install, im on the screen where i can choose to install and type in boot options
<Roath> on the iso
<Roath> brb phone
<Ninjix> ok
<Roath> back
<Ninjix> Roath: I'm testing on a spare machine
<Roath> ok, thanks
<Roath> Ninjix, this here explains what i used to do last time (thought that was a long time ago) where it had a VGA option during install: http://www.cosky.com/installing_ubuntu_lamp_server_within_microsoft_virtual_pc
<Ninjix> Roath: I'm able to hit the tab button after the syslinux menu appears
<Ninjix> then it let's me edit the "install" boot arguments
<Ninjix> but the screen reverts to standard VGA when the Debian/Ubuntu installer launches
<Roath>  one moment
<Roath> hit tab on what menu?
<Ninjix> the installer boot menu
<Ninjix> with the Ubuntu logo
<Ninjix> choose "Install Ubuntu Server"
<Ninjix> the hit Tab instead of enter
<Roath> aah, i never needed to initiate the install first
<Ninjix> erase the -- at the end
<Ninjix> and replace with your vga= mode of choice
<Roath> top, tab does not work
<Roath> nope*
<Ninjix> perhaps your Virt PC is intercepting it?
<Roath> probably, but removing the two -- made it work
<Ninjix> :)
<Roath> now i hope the vga setting was the one that will make it work
<jmarsden> Roath: vga=ask   would be one way to see what the virtual screen has available...
<Ninjix> correct
<Roath> during install?
<jmarsden> On the boot line, where you removed the --
<Ninjix> yes
<Ninjix> I'm not sure if syslinux/isolinux supports all of the extra framebuffer modes
<Ninjix> my spare laptop has one of those wacky Intel video chipsets
<jmarsden> BTW, what virtual machine software is this?  I use virtualbox-ose and have never had an issue with this here...
<Roath>  the Windows Virtual PC that runs on win7
 * mgpcoe grumbles something unsavoury about postfix and dovecot
<jmarsden> Interesting.  I thought that was only intended to let you run Win XP.  If it continues to give you issues, look at virtualbox instead :)
<Ninjix> yeah. virtualbox is a great alternative
<Ninjix> too bad it's now part of Oracle/Sun
<Roath> jmarsden, it can run anything like more virtual machine software, its just that its XP mode can embed itself in the system, so i can launch eg. IE6 as if it was a native app in win7
<Roath> will try virtualbox if it still ends up garbled when booting after install
<Roath> up... off to virtualbox
<Roath> yup*
<MTecknology> that survey was fun :)
<twb> I like KVM because it's endorsed by Linux and Ubuntu, and because qemu has curses and serial I/O (which is much nicer than VNC or SDL for server VMs).
<twb> And I don't trust virtualbox because they have a non-free version, which shows a... lack of commitment to FOSS.
<MTecknology> twb: I like vbox because it's a fast and easy deployment. I want to play with kvm someday but right now I have yet to own a bios that will let me use kvm
<twb> MTecknology: do you deploy via apt-get, or using third-party (i.e. not .deb) packages?
<MTecknology> apt
<twb> Cool.
<MTecknology> If it's not in apt I tend to not bother
<twb> I agree, but you get some idiots in here :-)
<MTecknology> i do get the closed source vbox though...
<twb> (BTW, you don't really need anything in the BIOS for kvm, but you need hardware virtualization support.)
<MTecknology> I don't know why anymore. I used to use the USB support but not anymore
<MTecknology> The BIOS needs to allow you to enable the hardware virt support though
<twb> MTecknology: have you tried futzing around it with dmidecode or whatever?
<MTecknology> cat /proc/cpuinfo <- I have the flags there
<twb> There ought to be a way to just poke the necessary bit from linux, and then reboot.
<MTecknology> I never tried that
<twb> MTecknology: hm, if /proc/cpuinfo reports it, then surely you have it turned on?
<MTecknology> nope
<twb> Interesting.
<MTecknology> some vendors are pricks like that :(
<twb> So if you "modprobe kvm", it hangs the machine or something?
<twb> Hm, weird.  I can modprobe kvm even on my celeron...
<twb> Oh well.
<MTecknology> it says it can't enable the module. I'm using a kernel that has that stripped out now though
<twb> Oh.
<MTecknology> twb: I custom compiled this puppy - only what I need/want is in it and no init* :)
<MTecknology> but that's not why I can't use kvm - I'm not the only one that's stuck on that road block
<twb> Now, *I* can't use KVM on my main box because vmware and openvz are installed there, and I'm not allowed to scrap them :-(
<MTecknology> I'm not a particular fan of vmware anymore
<twb> I have always hated vmware
<MTecknology> I used to rather like it
<MTecknology> hm... How can I make any package that is no longer in the repos get uninstalled? I disabled a repo and anything that was installed through it I want gone
<twb> You want to purge packages from that source?
<MTecknology> ya
<pmatulis> MTecknology: i think you will need a script to query all installed packages and then come up with a list
<MTecknology> pmatulis: how could I query them?
<MTecknology> If I know how to check one, it's easy enough to check them all..
<MTecknology> actually aptitude full-upgrade seems to be taking care of it...
<pmatulis> MTecknology: off the top of my head:
<pmatulis> aptitude show -v vim | grep Filename | cut -d / -f 2
<pmatulis> main
<MTecknology> nifty :)
<MTecknology> of the top of my head .......
<pmatulis> MTecknology: so need another command to list every installed package and pipe that into the above command
<MTecknology> easy - dpkg --get-selections | grep -v deinstall | awk '{print $1}'
<pmatulis> or
<pmatulis> dpkg -l | cut -d ' ' -f 3
<pmatulis> actually, need to check for install status (ii) first
<pmatulis> dpkg -l | grep '^ii' | cut -d ' ' -f 3
<MTecknology> for app in $(dpkg --get-selections | grep -v deinstall | awk '{print $1}'); do echo $app; aptitude show -v $app | grep Filename | cut -d / -f 2; done
<MTecknology> when aptitude full-upgrade finishes I'll try that
<pmatulis> ok
<MTecknology> lol if that works then...
<MTecknology>  ^^^ > packages; grep repo packages
<MTecknology> I would like to trim out a lot of the installed packages though... for a few various reasons
<twb> You should be able to simply use ~V and ~A patterns in aptitude
<twb> (Sorry, I was afk.)
<twb> http://algebraicthunk.net/~dburrows/projects/aptitude/doc/en/ch02s03s05.html
<twb> e.g. ~VCURRENT ~Ahardy-backports
<MTecknology> nice page
<twb> Where "hardy-backports" is the relevant value from the Release file of the repo in question.  You may need to temporarily reactivate the deb entry in sources.list and apt-get update.
<twb> MTecknology: it's just the aptitude manual
<MTecknology> this is a whole stinking crap load of updates considering 9.10 isn't that old....
<MTecknology> twb: I've never seen it - and I like it a lot
<twb> MTecknology: yup, it's one reason I like aptitude
<twb> It's a lot faster to use limits like that than to chain together grep-dctrl and apt-cache and friends.
<MTecknology> please tell me I'm not on my own system again.....
<MTecknology> my drive isn't spinning...
<MTecknology> wtf is going on :S
<MTecknology> I love aptitude - now I have more reasons
<MTecknology> apt-get is nice but I've developed a fondness of aptitude
<MTecknology> Current status: 0 updates [-258].
<MTecknology> Lovely... that's a lot of updates
<TheGreatToilet> How sexy is my ride?
<TheGreatToilet> http://www.youtube.com/watch?v=uEO2eRw4y5Y
<twb> TheGreatToilet: plonk
<MTecknology> W: Duplicate sources.list entry http://www.ksplice.com karmic/ksplice Packages (/var/lib/apt/lists/w
<MTecknology> ww.ksplice.com_apt_dists_karmic_ksplice_binary-amd64_Packages)
<twb> MTecknology: haha, ksplice
<MTecknology> twb: umm.. that only shows up once in sources.list..
<MTecknology> hu?
<twb> MTecknology: check your sources.list.d/
<MTecknology> heh... ranning aptitude update again fixed it
<MTecknology> I moved from jaunty to karmic on the sources.list line but they seem to be the exact same package so no updates
<MTecknology> twb: you don't like ksplice?
<twb> MTecknology: I'm reluctant to allow anything from foo.com to taint my kernel
<TangentCollision> hello
<twb> I'm also dubious as to the utility and reliability of "upgrade your kernel without rebooting... as long as no data structures have changed."
<TangentCollision> I just installed imagemagick and I don't know where it is installed to...context of expublish
<TangentCollision> ez
<twb> MTecknology: btw, I see from http://www.ksplice.com/apt/dists/karmic/ksplice/binary-i386/Release that the Archive: is karmic, so you can't match its packages using ~A
<twb> TangentCollision: dpkg -S imagemagick
<TangentCollision> thanks
<MTecknology> twb: I haven't used ksplice long enough to know what I think but I've been wanting to test it
<MTecknology> I just like the thought of security updates and bug fixes being applied without reboot
<twb> MTecknology: as long as it isn't on a production server :-)
<MTecknology> it is
<MTecknology> worst case; I need to reboot the thing and remove it
<MTecknology> worstest case; I'm boned
<HFSPLUS> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<HFSPLUS> !ops| MBTA IS GOD
<ubottu> MBTA IS GOD: Help! Channel emergency! soren, lamont, mathiaz or tom
<HFSPLUS> !ops| Come on lazy ops ban me
<ubottu> Come on lazy ops ban me: Help! Channel emergency! soren, lamont, mathiaz or tom
<HFSPLUS> !ops| Come on lazy ops ban me
<HFSPLUS> !ops| twb
<ubottu> twb: Help! Channel emergency! soren, lamont, mathiaz or tom
<MTecknology> twb: so when my server is an hour away; only 22/80 is allowed in; I killed any ssh access; and nobody is around for me to give my password to; ........ any suggestions other than cry? :P
<pmatulis> MTecknology: you disabled SSH access?  why?
<twb> pmatulis: presumably accidentally
<twb> MTecknology: I think you're hosed
<twb> MTecknology: you need some waldos to reboot it
<twb> MTecknology: unless it's a VPS...
<uvirtbot> New bug: #493422 in eucalyptus (main) "ubuntu enterprise cloud's store downlonad image" [Undecided,New] https://launchpad.net/bugs/493422
<MTecknology> pmatulis: AllowGroups sshlogin
<MTecknology> pmatulis: I forgot to create the group and add myself to it
<pmatulis> MTecknology: and you restarted the daemon?
<MTecknology> yup.....
<jmarsden> MTecknology: Only an hour away?  Could be worse... if it had been 3000 miles away you'd *really* be in trouble :)
<jmarsden> I think you're stuck until you can get you or someone else at a console session of that machine.
<jmarsden> well, if you run some really buggy webapp on port 80, you could try breaking into it... but it's probably faster to drive for an hour than to do that.
<Hammit> i'd like to be able to restrict cpu and memory of a vm...any ideas?
<jmarsden> VM memory limits are usually set when you create the VM...
<Hammit> oh, that's right
<Hammit> forgot temporarily
<Hammit> cpu was the main one tho...
<jmarsden> CPU... nice the relevant processes?  use ulimit ?  What have you already tried?
<Hammit> i just threw mem in while i was at it :)
<jmarsden> Run it on a machine with a multicore CPU and set it to only use one core?
<Hammit> well, i haven't setup the server yet...but was hoping to allocate part of a core
<Hammit> for VPS stuff
<twb> jmarsden: some servers I babysit are in .za and .il o_O
<Hammit> i saw OpenVZ and noticed that it can restrict cpu to that level
<MTecknology> jmarsden: The only web app right now is It Works!
<jmarsden> twb: Yup, I've done that from CA for servers in the UK and in Mali and India, at one point... not in my current job though.
<MTecknology> :P
<jmarsden> MTecknology: So... why you still on IRC... get in your car and drive to the datacenter ... right?
<Hammit> jmarsden: doesn't look like kvm handles this sort of thing atm
<Hammit> ?
<MTecknology> jmarsden: datacenter?
<jmarsden> MTecknology:  Where they host your server.
<MTecknology> under the steps counts as a data center?
<jmarsden> I guess... :)
<MTecknology> :P
<MTecknology> I have two systems that run on xen... linodes (those are my only two production systems) the rest are backup, dev, etc
<Hammit> can xen handle cpu restriction?
<Hammit> as in restricted to user specified mhz?
<MTecknology> When we grow big enough I'll donate the systems to some prick I hate and let him kill himself trying to make them function correctly... then get real systems and put them in a real data center with real cloud computing technology
<jmarsden> MTecknology: Maybe you should move "the rest" to Linode too, so they have console access etc etc foe times like this?
<jmarsden> *for
<MTecknology> idk.. - this is the cpuinfo output - http://paste.ubuntu.com/336294/
<MTecknology> jmarsden: Linode really doesn't offer much in the way of >1TB data + >8GB RAM
<jmarsden> And you keep that "under the steps"? :)  I hope the steps have a good lock on them...
<MTecknology> it works great for the two web services we provide. Given the money it would be nice to move the dev system to linode - but we can't afford it now
<MTecknology> the area they exist is at the security level that I consider 'well enough'  - I'd like something better but then we get back to that price issue
<jmarsden> Understood.  Since you already have the hardware, finding a (relatively) cheap local colo that has serial console access and remote reboot might be worth trying.
<jmarsden> But for now... get in the car :)
<MTecknology> If I had an extra $40,000 to blow; I would get 7 awesome systems with real raid an dput them in a datacenter with all the great "cloud" technology and guarantee some uptime. Then try to expand very fast to help ensure that I can afford it when the money  dries up
<MTecknology> for now I'm going to just wait for somebody to show up :P - I was there once today
<MTecknology> I wonder how much it would cost to do that in reality.....
<MTecknology> I hate dealing with old crappy hardware that needs to maintain reliability in order for me to
<MTecknology> I'm trying to build a business
<Leszeck> Noob question: apt-get install python-vm-builder tells me it couldn't find the package.  What do I need to change to get it to view it?  Ubuntu 9.10.
<Leszeck>  /view/install/
<MTecknology> !info python-vm-builder
<ubottu> python-vm-builder (source: vm-builder): VM builder. In component universe, is extra. Version 0.11.3-0ubuntu1 (karmic), package size 243 kB, installed size 3336 kB
<MTecknology> Leszeck: enable your universe repository; update apt; install it
<Leszeck> Sorry, how does one do that?  Is there a tutorial someplace?  I'm more used to centos and yum.
<MTecknology> Leszeck: the way I do it is.....
<MTecknology> actually maybe ubottu can say better
<MTecknology> !sources
<ubottu> The packages in Ubuntu are divided into several sections. More information at https://help.ubuntu.com/community/Repositories and http://www.ubuntu.com/ubuntu/components - See https://wiki.ubuntu.com/RecommendedSources for the recommended way to set up your repositories
<jtaji> did something change in 9.10? upgrade my linode, I have no getty on hvc0, I do have gettys on tty1-6, although both /etc/inittab and /etc/event.disabled show the tty1-6 should be disabled
<MTecknology> Leszeck: follow those links to enable the universe repository; then apt-get update && apt-get install python-vm-builder
<MTecknology> hm?
<Leszeck> Thanks, I'll try it out.
<Leszeck> Outstanding; that did it.  Thanks everyone.
<MTecknology> jtaji: Linode guys are irc.oftc.net #linode - they can tell you a lot easier
<jtaji> yeah I did ask their first
<MTecknology> I have no idea - I don't use their getty interface much
<MTecknology> sorry
<jtaji> no prob.. it's more of a general upstart question... tty1-6 files have been moved from /etc/event.d/ to /etc/event.disabled/ yet they still start... odd
<MTecknology> I know the kernel is handled by xen which could potentially affect that
<Leszeck> Does anyone know what I have to install on a 9.10 EC2 instances to get ec2-ami-tools?  I've got an updated universe and multiverse, but it can't find the ec2-ami-tools package.
<jtaji> MTecknology: indeed.. the one reply I've received so far thinks my kernel should be good...
<jmarsden> Leszeck: per http://packages.ubuntu.com/lucid/ec2-ami-tools they are supposed to be in multiverse
<jmarsden> Leszeck: You are running Lucid, right?
<jmarsden> Wait, you said 9.10.  ec2-ami-tools does not exist in Karmic, as far as I know, only in Lucid.
<Leszeck> Got it working; I'm running karmic.  When I copied the multiverse stuff from the webpage I googled to my sources.list, it had "hardy" instead of "karmic".
<jmarsden> OK.
<Leszeck> apt-get got it; I'll let you know in a sec if it works.
<Leszeck> cli gives me usage; now trying to bundle an image.
<jmarsden> Oh, my mistake, they do exist in earlier version of Ubuntu too.
<Leszeck> Working like a champ.  Thanks, all.
<jmarsden> :)
<jtaji> figured it out... it's moved again from /etc/event.d/ to /etc/init/
<spoonybooncoon> Hi all, i have a ubuntu 8.04 LTS host with server 2.0.2 installed, i have an issue with performance, my windows guest is running amazingly slow, yet this host machine used to have windows on it running vmware server, and it was fine... Any performance tweaks i should know?
<jmarsden> spoonybooncoon: How much RAM is allocated to the Windows guest?  Is that RAM really available for it to use, or is it swapping?  Do general performance checks on the server as a whole and see what the bottleneck seems to be?
<spoonybooncoon> The windows guest has 2024MB ram, on a system with 4GB installed, and linux-headers-server with PAE...
<spoonybooncoon> And, no it's not swapping... According to TOP
<jmarsden> So why is it slow... disk access?  Using 100% CPU?  network access???
<jmarsden> Try to narrow it down, the fact that it is Windows or a VM doesn't really matter at this point, just determing what the bottlenecked resource is.
<spoonybooncoon> The load average goes way up when it's doing anything.
<jmarsden> That could be several things... when it is "doing anything", does top show a lot of CPU usage?  Does iostat show a lot of disk activity?  etc.
<spoonybooncoon> I'll have a look
<spoonybooncoon> It's weird because i'm sure it was alot more efficient when i had windows as the host os, running the same vm.
<jmarsden> That's no way to troubleshoot a performance issue :)  Get read information instead...
<jmarsden> *real
<spoonybooncoon> Ok
<spoonybooncoon> what do you make of this
<spoonybooncoon> this is with it not doing much at all
<spoonybooncoon> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
<spoonybooncoon>            1.12    0.00   11.21   34.46    0.00   53.21
<spoonybooncoon> and it under load
<spoonybooncoon> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
<spoonybooncoon>            1.12    0.00   11.20   34.64    0.00   53.03
<spoonybooncoon> Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
<spoonybooncoon> sda             127.23      1566.00      4563.68   35232588  102675360
<jmarsden> Looks IO bound... but don't paste that much at once to the channel, use pastebin
<jmarsden> Could something else (in Linux) be causing significant disk i/o ?
<jmarsden> 34% iowait when it is "not doing much at all" seems unusual, to put it mildly.
<spoonybooncoon> It's a fresh install.
<jmarsden> That doesn't answer the question.  It might be doing an update of the locate database, it might be downloading and applying a pile of security updates...
<jmarsden> Use the Ubuntu tools you already know to determine what the server itself is doing...
<jmarsden> Then look at the VM and Windows after that.
<spoonybooncoon> how can i tell if it's doing a locate update?
<spoonybooncoon> and how long does that generally take?
<jmarsden> Use top to see what processes are running and using CPU... might go on for a few minutes, shouldn't be hours.
<jmarsden> Worst case, shut down the Windows VM and then look at top and iostat and vmstat etc and see if there is still a lot going on...
<spoonybooncoon> I think it might have been doing that, because i ran iostat directly after installing iostat
<spoonybooncoon> so it could have been updating indexes still
<spoonybooncoon> But i've noticed my IO wait continues to rise, and it's not dropping....
<jmarsden> CAn you kill off the VM and see if it then drops to zero?
<spoonybooncoon> My vm is doing some rather intensive operations...
<spoonybooncoon> IO intensive..
<jmarsden> BTW I have a Windows 2000 VM running here and iostat shows 0% iowait when Windows is "not doing much"...
<jmarsden> OK, so then it is probably that IO which is the bottleneck.  How did you create the virtual disk -- is a file or a separate partition?
<spoonybooncoon> file based.
<jmarsden> Do you have a spare drive on the server -- I'm no vmware expert, but in general one way to reduce I/O overhead can be to use a real partition or LVM volume rather than a file for the virtual disk.
<spoonybooncoon> No, i don't it's a laptop...
<jmarsden> You are running the server version of Ubuntu on a laptop?  Really?!
<jmarsden> So you can't display the windows VM screen on the laptop, you can only remote in over the network from another PC to see it?
<twb> It *would* be reasonable to deploy Ubuntu Server on an old laptop when repurposing it as a router...
<jmarsden> twb: Yes.  But it seems odd to run Windows server in a VM on it, and then do I/O intensive stuff in that VM... and the "old" laptop has 4GB RAM... I suspect we're looking at a Ubuntu desktop install, not server.
<twb> Shrug
<syncrondi> does anyone know an apache library package substitute for libaprutil1  that will work with php4-mysql?
<twb> Isn't PHP4 long gone?
<syncrondi> I wish
<twb> It is.  Unless you're running Dapper, you can't have PHP4
<syncrondi> Why not?
<twb> Because later versions of Ubuntu ship with PHP5, and attempting to downgrade that is an insane nightmare
<syncrondi> Ah. Well, I didn't think it came with php5 installed, however I recently started over and am using Lenny currently
<twb> Lenny isn't Ubuntu
<syncrondi> Right, I do know
<syncrondi> But I came across the same issue
<syncrondi> The issue is that I can get most of the php4 packages to install but libaprutil1 conflicts with php4-mysql
<arj>  
<twb> syncrondi: I won't help you with that, because IMO it is an extremely Wrong Thing.
<syncrondi> twb: The script I'm trying to run was written for a shared host that was and is still running php4 and I think the coder must not be competent because when I moved this to a VPS and installed it on php5, the script stopped working. It would be a lot of effort to rewrite the script and under a deadline it isn't feasable. I thought it might be possible to just install php4 for the time being.
<twb> syncrondi: IME it'll be more effort to get PHP4 on a recent Ubuntu or Debian that it will be to fix the script.
<twb> I have been in exactly the same position before, IIRC on Etch.
<syncrondi> twb: I'll take your word for it.
<twb> It also depends how large and stupid the script is, I guess
<syncrondi> Well, I've already sunk enough time into fixing this problem infrastructure side, that the coder is going to need to take this from here out!
<syncrondi> thanks for the advice twb
<`jpg> Heya, anyone running Ubuntu Enterprise Cloud here?
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<`jpg> Well I am only looking for a general impresssion and a maybe a few technical questions regarding the redundancy of the control services etc.
<`jpg> I want to implement a high availabily high performance cloud.
<`jpg> Main concerns are the redundancy of the control services.
<Jeeves_> Morning
<`jpg> I need to know if I can run multiple cloud controllers for a single set of nodes as to provide redunancy if the phsyical host hosting one or more of the control services fails.
<andol> ttx: Regarding the NIS package and a "LDAP setup" as an alternative. Must be plenty of environments where Ubuntu computers are primary clients, the NIS is already in place, and there really isn't an alternative to using the NIS "client" included in the NIS package.
<ttx> andol: right, that's what I meant by "existing environments to support"
<andol> ttx: ok, with you then.
<andriijas> my ubuntu-server installation has upgraded the kernel but its not using server labled kernels anymore, it automaticly switched to generic. why?
<twb> andriijas: -server flavour disappeared on i386, IIRC
<andriijas> twb: ah
<andriijas> thats resaonable
<andriijas> i've discovered that i infact have a 64bit cpu so will probably swap out the system and reinstall from the ground
<andriijas> if theres no easy way to just reinstall all packages as 64bit instead...
<twb> You can't switch to 64-bit without reinstalling.  Sorry.
<andriijas> is there any easy way to download 64bit iso, extract to usb stick and install ubuntu from it?
<Jeeves_> is it 'safe' to upgrade to Lucid yet? Or is it in non-working state? (I know it's pre-Alpha)
<andriijas> Jeeves_: wierd qustion. upgrading to anything thats pre-alpha is on your own risk.
<twb> Nothing is safe.
<twb> Perhaps you should qualify your question
<andriijas> living is not safe ;)
<`jpg> You can install from usb using Unetbootin.
<twb> You can install from USB using d-i
<Jeeves_> andriijas: It's not a weird question. There is a difference between 'expect daily breakage' (which I do) or 'its completely broken, upgrading will definitly cause total breakage'
 * twb doesn't like this newfangled crap
<andriijas> Jeeves_: It's a wierd question because it might be working now but it could be broken any sudden day
<twb> Jeeves_: I don't know, but you could start by asking malone (launchpad) about release-critical bugs in lucid...
<andriijas> `jpg: https://help.ubuntu.com/community/Installation/FromUSBStick   sounds pretty trivial
<Jeeves_> twb: There will obviously be release-critical bugs..
<Jeeves_> But, nevermind, I'll try and see..
<andriijas> Jeeves_: if you just want to play with it virtualbox is nice
<twb> Jeeves_: but some of those RC bugs will not affect you
<soren> Nafallo: Well, ospf and rip at least work.
<Nafallo> soren: let me find the backtrace.
<Nafallo> 2009/12/05 22:01:49 BGP: Assertion `ret != ((void *)0)' failed in file bgp_attr.c, line 647, function bgp_attr_unintern
<Nafallo> full backtrace in PM
<jpds> Hmm, quagge.
<uvirtbot> New bug: #493510 in vm-builder (universe) "vmbuilder: Creates mostly empty EC2 images on 64-bit" [Undecided,New] https://launchpad.net/bugs/493510
<Jeeves_> https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/489499
<uvirtbot> Launchpad bug 489499 in nfs-utils "An issue with rpc.mountd's --manage-gids option makes NFS operations hang" [Undecided,New]
<Jeeves_> Who can we bug about that bug? :)
<uvirtbot> New bug: #493523 in eucalyptus (main) "[lucid] Eucalyptus-cc fails to start, missing axis2 apache module" [High,Triaged] https://launchpad.net/bugs/493523
<shriedi> what is vps
<_ruben> virtual private server
<Jeeves_> kees: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/487010
<uvirtbot> Launchpad bug 487010 in linux "ip6table modules are not included in the -virtual kernel packages" [Undecided,Confirmed]
<Jeeves_> Isn't that enough of a security issue?
<twb> You'd think that if iptables is around, iptables6 should be, too.
<twb> i.e. both or neither
<twb> (Unless you know a-priori that only on will be used...)
<Jeeves_> twb: the binary ip6tables is available. The needed modules aren't
<twb> Jeeves_: I meant the modules.
<Jeeves_> Ah ok :)
<_ruben> who uses ipv6 anyways :P
<Jeeves_>  /kick _ruben
<Jeeves_> ;)
<_ruben> hmm .. crap .. my sarcasm failed .. how'd i end up on a ipv4 freenode server?!
<Jeeves_> :P
<_ruben> hrm
<_ruben> that's better
<twb> _ruben: I was gonna migrate to native IPv6 last weekend, but I got distracted
<twb> Tunneling over IPv4 is for losers
<_ruben> twb: the office complex we're in is scheduled to get native ipv6 Q1 2010
<twb> Internode has trial native IPv6 for its ADSL customers, yaaaay
<_ruben> and tunneling ipv6 over ipv4 beats using ipv4+nat
<twb> Ugh, tell me about it.
<_ruben> i'd switch back to xs4all (big dutch isp), if only they wouldnt be so expensive, they've been offering tunnels for years, and also started deploying native to dsl users
<twb> My boss was trying to get NAT working for his OpenVZ VEs tonight
<twb> _ruben: yeah, I know of them.  IIRC Russell Coker was telling me how they were a nice employer.
<twb> I think he (my boss, not Coker) managed to get triangle routing
<_ruben> triangle routing ftw! :)
<twb> Here, I pay about an extra AUD10/mo (about 15% of the total) to go with Internode instead of <mainstream idiot ISP>.
<twb> IMO it's worth it just for Debian mirror and not having to pretend to edit the registry if I ever need to call their tech support.
<yann2> hi
<twb> And no bullshit like them blocking ports below 1024 or a bad transparent http proxy, or those laughable default DNSs some ISPs seem to have.
<_ruben> switching from current "crap" isp (telfort) to xs4all would mean E30/mo -> E60/mo for same speed (20mbit adsl)
<arj> telfort is fine here
<_ruben> telfort just works, usualy .. that's as far as i'll go :)
<arj> and the people that can read and or talk on the phone aren't mutually exclusive like tweakdsl
<arj> and "lie at every phone call" is not a requirement for all the people that work there
<arj> so I'm happy with it
<_ruben> hehe
<arj> does xs4all allow more than one ip when bridging?
<_ruben> they did untill a few years ago .. fast-adsl had 4 ips
<Jeeves_> _ruben: Don't expect xs4all to deliver native v6 any time soon
<Jeeves_> I do know someone who is thinking about starting a cool ISP in .nl again
<Jeeves_> But, a cool ISP cannot deliver under costprice :)
<_ruben> Jeeves_: hehe
<_ruben> speaking of cool, reducing the number of pcs here means i'll have to go turn on the heater .. frozen fingers
<uvirtbot> New bug: #491273 in libvirt (main) "netfs storage pools are not autostarted at boot (karmic) (dup-of: 351307)" [Undecided,New] https://launchpad.net/bugs/491273
<aubre> hello
<Hammit> hi aubre
<cemc> is there a dpkg equivalent to rpm -V ?
<cemc> which would verify all the files in a package and show if anything changed
<sommer_> morning
<pmatulis> cemc: investigate package 'debsums'
<cemc> pmatulis: thanks
<pmatulis> !info debsums
<ubottu> debsums (source: debsums): verification of installed package files against MD5 checksums. In component universe, is optional. Version 2.0.46 (karmic), package size 44 kB, installed size 268 kB
<uvirtbot> New bug: #491791 in whois (main) "Incorrect server for .ae" [Undecided,Fix released] https://launchpad.net/bugs/491791
<spiekey> Hi!
<alex88> hi
<spiekey> this is maybe a little OT, but....what component is responsible if i want a Hot-Plugable SATA Disk?
<spiekey> the Raidcontroller or the disk case or both?
<alex88> i think the controller
<alex88> but i'm not sure
<alex88> i'm not so informed about these things
<spiekey> me neither :)
<spiekey> i am quite sure, but not 100% :)
<alex88> :)
<_ruben> spiekey: the controller indeed (doesnt have to be a raid controller, 'simple' sata controller could support it too)
<spiekey> _ruben, thanks!
<_ruben> the driver probably needs to support it too i think
<rj175> does anyone know about ubuntu cloud?
<MTecknology> rj175: I tried to understand what they mean when you install a "cloud" server but it's beyond me
<smoser> rj175, people here do know "about ubuntu cloud". what particularly do you want to know?
<ScottK> MTecknology: Step one is have ssh access to a system so you can install stuff.
<ScottK> ;-)
<ssd5> i am able to ping from linux to windows but not from windows to linux. destination host unreachable. am using ubuntu 9.10 server on virtualbox.
<MTecknology> ScottK: :P
<EsatYuce> is .bin file about Linux or Windows?
<MTecknology> EsatYuce: *nix
<MTecknology> chmod +x file.bin; ./file.bin
<MTecknology> or sh ./file.bin
<EsatYuce> Can i run this file in Linux?
<MTecknology> read above
<EsatYuce> it is just name
<EsatYuce> i dont understand
<MTecknology> !bin
<MTecknology> hm..
<MTecknology> first google result - http://www.cyberciti.biz/faq/howto-unix-command-run-execute-bin-files-in-linux/
<EsatYuce> i will try that
<mdeslaur> soren: the OATH Yubikey is available now!
<EsatYuce> MTecknology : The terminal said me this: chmod: cannot access
<soren> mdeslaur: You you push it and it pretends to be a USB keyboard that sends your one-time password?
<mdeslaur> soren: yes
<MTecknology> !details | EsatYuce
<ubottu> EsatYuce: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<mdeslaur> soren: they had their own algorithm, but they now sell OATH ones too
<soren> mdeslaur: Excellent.
<soren> I'm just wondering if there are reasonable cases where you don't actually have USB access, but these days, I guess there isn't really.
<EsatYuce> i have Ubuntu 9.10 i want to install Google Erath application, i downloaded GoogleEarthLinux.bin file from site. How can i run this application?
<soren> EsatYuce: Try in #ubuntu.
<EsatYuce> soren: how?
<Jeeves_>  /j #ubuntu
<soren> EsatYuce: Ask your question in #ubuntu instead of in #ubuntu-server
<EsatYuce> ok
<EsatYuce> thnaks
<soren> Sure thing.
<Ng> zul: do the current whiteboard comments on the server-lucid-canonical-application-support spec mean that drupal6 is going to languish with asterisk? :(
<zul> Ng: yeah for now
<Ng> that's unfortunate
<rj175> i keep getting this error when trying to launch a instance in ubuntu cloud "in MANAGED-NOVLAN mode, priv interface 'eth1' must be a bridge, tunneling disabled"
<jeeves_Moss> ho do I find out what program is running on a port?
<Pici> jeeves_Moss: sudo netstat -pant
<jeeves_Moss> Pici, how can I grep out just what's on port 80?\
<Pici> jeeves_Moss: sudo netstat -pant | grep :80\
<Pici> jeeves_Moss: Theres a space after that slash
<jeeves_Moss> how can I fix this error with apache2?  http://pastebin.ca/1705701
<jpds> Pici: I prefer netstat -ltpn personally.
<jeeves_Moss> Pici, did you get a chance to look @ that pastebin?
<jeeves_Moss> jpds, did you get a chance to look @ that paste bin
<genii> jeeves_Moss: You can also do something like: sudo lsof -i:80
<jeeves_Moss> genii, thanks
<Pici> jeeves_Moss: your site configuration file(s) are incorrect. Did you define a NameVirtualHost before the rest of your virtualhost entries? I don't think you can do that.
<jeeves_Moss> Pici, I think it's the flashMediaServer that's causing a headache
<jeeves_Moss> Pici, it worked well before I started playing with subsonic
<jeeves_Moss> Pici, what's the apache command that looks through your config files again?
<Pici> jeeves_Moss: er. doing a apache2 reload or restart will surely do it.
<Pici> I'm not sure if thats what you're looking for though.
<jeeves_Moss> Pici, well, the output from that paste bin is what I get when I try to restart the server
<Pici> jeeves_Moss: Normally that would mean that you have a problem in one of your /etc/apache2/sites-enabled/ files
 * genii thinks about apachectl configtest
<jeeves_Moss> Pici, that's the issue, I don't know what file is hooped and WHY
<Pici> jeeves_Moss: try genii's command and perhaps it will tell you which file.
<jeeves_Moss> Pici, command again?
<Pici> jeeves_Moss: apache2ctl configtest
<jeeves_Moss> thanks.
<jeeves_Moss> Pici, I think it's the execwrapper we're having issues with
<jeeves_Moss> Pici, http://pastebin.ca/1705726
<jeeves_Moss> genii, http://pastebin.ca/1705726
<jeeves_Moss> well, now I don't have a MySQL connector!  ARRGGHH
<alex88> the ending "Syntax OK" it's nice..=)
<genii> jeeves_Moss: I've not seen that particular SUEXEC issue before, but this Debian bug seems possible cause: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395828
<uvirtbot> Debian bug 395828 in apache2.2-common "apache2.2-common: suexec is not detected by apache2" [Important,Fixed]
<jeeves_Moss> genii, lol, and to think everything was working untill I rebooted last night!
<DyGyTyL> so i havent used ubuntu since like 2.x but decided to use 9.10 for my server.  at one point, it was up and running even had x installed then i rebooted it for the first time and bam - it wouldnt load just 99 99 99 99 99 99 99
<tolbrino> hey there, I have just installed Ubuntu Enterprise Cloud with one node. I ran into problems starting up instances, so I'd like to inspect the nodes logs. but I can't find information on how I can connect to the node with ssh. Do you have any advice on how to do that?
<DyGyTyL> after some research i found out somethin goofy with my boot loader so i blew up my install and the MBR now after the ubuntu installation completes it boots up and says missing operating system or nonsystem disk or disk error replace and strike key when ready =o
<genii> DyGyTyL: There were no 1.x 2.x or 3.x versions of Ubuntu
<uvirtbot> New bug: #493667 in postfix (main) "Postfix SASL authentication does not work with Dovecot SASL in default configuration" [Undecided,New] https://launchpad.net/bugs/493667
<DyGyTyL> maybe it was 5 was awhile back :P
<DyGyTyL> 2.x must've been the kernel
<DyGyTyL> shit just versioned the whole channel by accident >_>
<genii> DyGyTyL: Is this machine one with some builtin RAID5 controller, which you're trying to install the system onto?
<DyGyTyL> no raid but it does have multiple(3) hard drives
 * zul kicks launchpad
<tolbrino> During the installation of UEC on the node there is no prompt for creating a standard user, so I assume that ssh access is key-based. But I can't find a key which allows me to access the node without asking for a password or a passphrase. Any hints?
<Hypnoz> does anyone know how to apt-get install nis without being prompted for NIS domain, so I can script it into an install?
<jmarsden> Hypnoz: You could pre-seed the answer for the question.
<Hypnoz> so i can't use apt-get then
<jmarsden> Yes, you set the answer in the question database and apt-get the package.
<Hypnoz> what and where is a question database?
<jmarsden> I'm trying to find a web page about it... preseeding for a whole install is discussed at https://help.ubuntu.com/9.10/installation-guide/i386/appendix-preseed.html
<jmarsden> But that's not quite what you need...
<jmarsden> man 7 debconf   # seems very relevant
<jmarsden> based on that man page, the database is under /var/cache/debconf/
<jmarsden> Looks like you can use apt-utils and dpkg-reconfigure to do what you want.
<Hypnoz> hmm ok I'll see if I can find more info
<Xpistos|work> I need help adding a signing key from the command line. Could someone give me a hand or point me in the correct direction.
<Xpistos|work> my sudo add-apt-repository command says it is not found?
<Xpistos|work> in ubuntu 9.10
<unit3> you probably don't have the package installed then.
<unit3> run it without sudo, and it'll tell you what package to install.
<genii> Xpistos|work: http://packages.ubuntu.com/search?searchon=contents&keywords=add-apt-repository&mode=exactfilename&suite=karmic&arch=any
<Xpistos|work> not there
<uvirtbot> New bug: #492734 in ntp (main) "App-Armor and NTPd in Xubuntu 8.04 LTS unconfined!" [Undecided,New] https://launchpad.net/bugs/492734
<billybigrigger> the package is add-apt-key isn't it?
<Xpistos|work> I found it
<Xpistos|work> I needed to apt-get install python-software-properties
<Xpistos|work> and it is there now
<Xpistos|work> thanks genii
<genii> Xpistos|work: Yer welcome
<moonpup> hi, do caching nameservers typically need a search path?
<Xpistos|work> maybe one more thing. I am trying to upgrade my deluge and I have the new PPA installed but it says that files are being kept back when I do an apt-get upgrade? Could this be becuase I manually installed the package instead of using the repo?
<Xpistos|work> sudo apt-get dist-upgrade worked however
<ruben23> hi
<billybigrigger> anyone here familiar with awstats, should /etc/awstats be owned by root or www-data?
<billybigrigger> i'm having permissions errors on my .conf file, saying it can't be located in /etc/awstats, while in fact it is, tried to chown -r /etc/awstats to both root, and www-data, both give the same error
<ruben23> http://pastebin.com/m3768ef60 using ubuntu-server
<billybigrigger> ruben23, https://help.ubuntu.com/community/ApacheTomcat5
<billybigrigger> shows you right there how to set the variables for tomcat to work
<billybigrigger> actually...here's an updated one for 9.10
<billybigrigger> https://help.ubuntu.com/9.10/serverguide/C/tomcat.html
<billybigrigger> set JAVA_HOME in /etc/default/tomcat6
<Xpistos|work> okay how about this one. I have an sshfs share on my laptop  from my server (both 9.10) how do I set my permissions so I can delete items out of my share? Right now when I try it says i do not have perms.
<unit3> as long as the user you're logging in as has permissions to delete, it should work.
<Xpistos|work> its not
<Xpistos|work> it's not working I mean
<Xpistos|work> If I SSH in to the server I can delete all day
<Xpistos|work> and I can create from my sshfs, but not delete
<unit3> that's really weird. maybe a bug in sshfs?
<cj> has anyone else noticed that /etc/debian_version has a somewhat strange value?
<cj> it also has a somewhat strange name, but that's beside the current point ;)
<Xpistos|work> is anyone using kslice on their server?
<billybigrigger> cj, billybigrigger@timmy:/etc$ cat debian_version
<billybigrigger> squeeze/sid
<billybigrigger> looks ok to me
<ssd5> just now I installed nfs-kernel-server package on ubuntu server 9.10. but now its saying "Not starting NFS kernel daemon: no suppport in current kernel". o/p of uname -a 2.6.31-14-generic-pae. what should I do?
<cj> billybigrigger: are you running sid?  karmic?  lucid?  I'd expect something similar to lsb_release -c
<billybigrigger> karmic
<jpds> cj: The file is taken from Debian really...
<majuk> Hey fellas. I'm looking for a way to get around using the Windows System Policy Editor. Anyone know a good howto for building your own NTConfig.POL or something similar? Googling has failed me. I found a large file of examples (http://is.gd/5fhID), but it appears to be only the configuration for the SPE program and not the policy itself... though I could be wrong.
<majuk> If anyone can point me in a direction, I'd appreciate it.
<majuk> Rawr, that link is to an adm file, I guess that's why it looks like it's in the wrong format. gg
<kirkland> cjwatson: hi there ... just coming online now
<kirkland> cjwatson: i'm in Portland this week
<cjwatson> kirkland: you can disregard my questions in scrollback - ttx helped me out today
<kirkland> cjwatson: ah, okay, i was just about to start responding to those
<cjwatson> oh, actually
<cjwatson> 21:15 <cjwatson> kirkland: if the eucalyptus CLC and CC are on separate machines, do they each need their own SSH key?
<cjwatson> kirkland: ^- I didn't ask ttx about that, so if you happen to know ...
<kirkland> cjwatson: hmm, i've never really considered sharing a common host key across different machines
<cjwatson> hmm, no, I don't think that can have been what I meant
<kirkland> cjwatson: okay, can you clarify?
<kirkland> cjwatson: you mean eucalyptus@CLC and eucalyptus@CC ?
<kirkland> cjwatson: user keys, you mean?
<cjwatson> kirkland: I believe I meant, does the CLC need its own SSH key (not host key, I mean one in ~eucalyptus/.ssh/id_rsa)
<cjwatson> right
<kirkland> cjwatson: ah, right; i'd think a single private key would make the most sense
<cjwatson> well, I'm not sure I was actually contemplating sharing
<cjwatson> if I remember my state of mind correctly, I was actually trying to discover whether the CLC needed a key at all
<cjwatson> sharing's probably tricky, I'm not sure I fancy putting private key text in a preseed file
<kirkland> cjwatson: definitely not
<kirkland> cjwatson: definitely not -> putting private key text into a preseed file
<cjwatson> the reason I ask is that the only thing that runs ssh-keygen automatically right now is eucalyptus-cc.postinst
<cjwatson> so if the clc needs a key too, it needs a better postinst
<kirkland> cjwatson: i *believe* that it will
<kirkland> cjwatson: nurmi will be here later tonight; i'll ask him then, as I'm not positive
<kirkland> cjwatson: should we start testing the ISOs soon?
<kirkland> cjwatson: ie, are there bits landing on the server ISOs that are ready for some exercise?
<cjwatson> sure
<cjwatson> I was actually hoping to get the whole installer spec in for a1, but I'm not sure whether I'll quite manage it
<uvirtbot> New bug: #493781 in bind9 (main) "Karmic: Bind9 startup script fails after upgrade" [Undecided,New] https://launchpad.net/bugs/493781
<davidlenwell> anyone know of an apache 2.2.14 package for karmic ?
<jeeves_Moss> I'm having this issue with my server.  it's a v-hosted install of Apache2, and now, after a reboot, I'm getting a "SUEXEC wrapper" error.  Nothing that I know has changed since the last reboot.  and now, I can't get any kind of connections to my database server
<moldy> hi
<moldy> i am (still) having very weird problems with raid+lvm on karmic
<moldy> when i boot the machine with both mirror disks of a raid1 attached, i don't see the partitions on the disks
<moldy>  /proc/partitions shows sda, sdb, dm0 and dm-[0..3]
<moldy> when i remove one of sda/sdb, i see the partition (sda1 / sdb1). what is going on here?
<unit3> are you using linux md raid, or fakeraid on your motherboard?
<moldy> linux md raid, to the best of my knowledge
<unit3> ok, that is weird. what does /proc/mdstat say?
<moldy> fakeraid is disabled in bios setup
<moldy> one second, pasting it
<unit3> k.
<moldy> when i plug put one of the disks and attach it via usb, all works normally
<moldy> i see sda1 and sdb1 and can add the missing disk to md0
<moldy> i then waited for the raid to sync. shutted down the system, attached disk using s-ata again: problem is there.
<moldy> unit3: mdstat: http://pastebin.com/f3914e90c
<unit3> oh yeah, it's creating the dm devices, and then getting confused. that's weird.
<unit3> hmm.. check dmesg, see if it says why it's creating those dm devices.
<unit3> since it shouldn't be, if you're just doing disks->md->lvm.
<moldy> unit3: mdadm -D: http://pastebin.com/f2e24855a
<moldy> why is it using that /dev/block alias instead of /dev/sda1?
<unit3> no idea. It shouldn't be, really.
<moldy> i used the installer to setup the raid/lvm, btw
<moldy> so this might be an installer bug
<moldy> dmesg|grep -i "dm-" -C5: http://pastebin.com/f48886f75
<moldy> i'm not knowledgeable enough to make much sense of those log messages
<unit3> No idea. It really shouldn't be setting up DM devices unless you're using bios / motherboard fakeraid. I can't really explain that log at all.
<moldy> hm ok, thanks anyway
<moldy> i guess this will take some time to fix... i probably should attach another mainboard to the system to rule out that the motherboard's fakeraid is somehow interfering
<unit3> might be a good step, yeah. or at least doublecheck the bios settings, or try some alternate ones for the SATA controller.
<moldy> nvidia fakeraid is disabled in bios setup, i already played with all the other settings
<unit3> yeah, don't know what else to suggest.
<moldy> another thing that is weird is that there are devices with the name "nvidia" in them present
<moldy> /dev/mapper/nvidia_ddeaefgd /dev/mapper/nvidia_ddeaefgd1
<moldy> it looks like something is trying to be too clever... but i don't know much about this dm stuff
#ubuntu-server 2009-12-08
<Doorman352> How do I setup software raid 1, I just want to mirror a hard drive for redundancy, not performance.
<qman`> Doorman352, it's done easiest at install time
<qman`> in the partitioner
<Doorman352> OK, 9.10 didn't give me anything to work with..... sorry got a call. BRB
<unit3> desktop installer doesn't do raid / lvm setup, IIRC.
<unit3> which is too bad.
<yann2> its not suited for most people... for those who wish, there is still the alternate right?
<qman`> well, this is #ubuntu-server
<qman`> I simply assumed that's what he was using
<unit3> oh, good point.
<unit3> yeah. server install it should be right there.
<qman`> IIRC, it's even an option right in the menu now
<qman`> but even if it isn't, you can still do it manually
<unit3> yeah, it's in the partitioning setup, I used it recently.
<unit3> The defaults are fairly dumb for things like stripe size, mind you, but it is there. ;)
<Yagisan> G'day all - has anyone in here deployed buildbot on ubuntu server in here ?
<Yagisan> I deployed it on the weekend, but it is crashing in the buildsteps ( bug #493575 )
<uvirtbot> Yagisan: Error: Could not parse data returned by Launchpad: The read operation timed out
<Yagisan> I was hoping someone could have a quick look at the bug and confirm or deny it's a bug
<Yagisan> rather than user error on my behalf
 * Yagisan grabs a linky https://bugs.launchpad.net/ubuntu/+source/buildbot/+bug/493575
<uvirtbot> Yagisan: Error: Could not parse data returned by Launchpad: The read operation timed out
<bcurtiswx> i have a question about the setup of a three computer mini cluster
<bcurtiswx> we have Ubuntu 8.04, and we want /home on one computer
<bcurtiswx> and an FTP server on one
<bcurtiswx> two will be workstations
<bcurtiswx> we have a www server as well
<bcurtiswx> how should we set it all up
<unit3> that's sort of a design question depending on more factors than you've listed here... it's really up to you what makes the most sense.
<unit3> I mean, generally you'd do all the serving from one system, and the workstation stuff from the other two, but it'll really depend.
<Yagisan> bcurtiswx, that is hard to say - it's a design issue
<jeeves_Moss> is there a way to make a totaly fresh install of Apache?  I think I've got this system so hooped it dosn't know who it is.  I'm still getting the suexec wrapper errors
<Yagisan> bcurtiswx, I can say that for _my_ setup - my server supports kvm, so I put my www server into a virtual machine on there, and other servers into different virtual machines
<unit3> well, normally you'd just purge the packages and then reinstall them. but IIRC you said you had some atypical install?
<bcurtiswx> unit3, Yagisan: thx.. I think the smarter decision is all outgoing stuff (apache, ftp, etc..) should be all on one computer.. leaving the other 2 for heavy lifting (code compiling/running)
<unit3> bcurtiswx: that'd be my feeling, unless you have any reason to do it differently.
<bcurtiswx> Yagisan: how can you do it with Virtual Machines?? would virtualbox work?
<Yagisan> bcurtiswx, I'm using kvm and virt-manager - just set each one up as if it was a "real" machine
<unit3> Yagisan: that seems overly complicated for what he wants, considering he has 3 different physical machines.
<bcurtiswx> Yagisan: im going with my previous mention.. i'm just thinking about how Yagisan has that going.. thx for the reply about that
<Yagisan> unit3, possibly - I was just giving one example of a possible setup
<unit3> true.
<Yagisan> unit3, in my case I have 6 physical machines here, and 22 virtual machines
<Yagisan> so I have a slight bias towards sticking things into virtual machines
<unit3> heheh.
<unit3> yeah, I'm big on VMs too, but unfortunately (in my testing) the open source framework stuff still has a fair amount of bugs in it... so I don't advise people commit to it unless they really know what they're doing. ;)
<Yagisan> and if I ever solve my buildbot problem, I can expect a large increase in virtual machines :D
<unit3> hahaha
<unit3> never played with buildbot, I probably should at some point.
<Yagisan> I haven't used it since dapper
<Yagisan> then it was with a subversion repo
<Yagisan> since then buildbot has had security issues, and I switched to Git, so I thought, lets deploy it on karmic
<Yagisan> well - I built the slaves first, then the master
<Yagisan> and got nothing :/
<qman`> Jeeves_, sudo apt-get purge apache; sudo apt-get install apache
<qman`> I think that's the right package name
<qman`> oops, jeeves_Moss ^
<jeeves_Moss> qman`, lol. I think this server is a mess.  and I'm tempted to rip out everything and start over.  all I know is that this vhost is causing problems
<Yagisan> ls
<Yagisan> gah
 * Yagisan still isn't used to this small keyboard
<Yagisan> keep missing the tab key :/
<Doorman352> sorry, got a phone call.
<Doorman352> I'm setting up a Dell PowerEdge 850 as a server, but per the advice here I used the desktop media so I can use the gui...... I'd like to setup Raid 1 on this system for redundancy.
<Doorman352> Server does NOT have a hardware raid controller.
<Hypnoz> you would use the command mdadm
<Hypnoz> might have to apt-get install mdadm
<Doorman352> OK, read the Ubuntu How-to on mdadm and It is not clear how to mirror a drive. It looks like it has to be done before installing, but then how would I use mdadm?
<qman`> Doorman352, I can't really help you with doing it on desktop, but here is a simple guide for server: http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/
<qman`> if you want to mirror the partitions the system is installed on, then yes, it has to be done during install, at the partitioning stage
<qman`> I don't know who advised you to use desktop or why, precisely, but the GUI is not supported in this channel
<qman`> it depends entirely on what you want to do
<Doorman352> I asked a while ago about using a gui to build and familiarize myself with ubuntu server and was told in this channel that the distros were interchangeable and to use the desktop until I was comfortable. Sorry to have crossed the boundary here.
<unit3> well, it's not a boundary, it's just use cases. the desktop installer doesn't include a bunch of server functionality, like RAID setup.
<unit3> you really need to install the server version to configure these things properly, unless you really know what you're doing.
<Hypnoz> i believe you could apt-get install linux-server
<qman`> yeah, it's not that big a deal
<Hypnoz> and that would give a bunch of server packages
<qman`> I just meant, we don't support the GUI installer and tools here, so I can't really help with that part of it
<unit3> yeah, exactly.
<Doorman352> sorry, but I was told here to do it.....
<qman`> not knowing how to accomplish raid 1 with the GUI, I'd suggest using server or alternate, and installing the GUI on top with the ubuntu-desktop package
<Doorman352> I had that before, and tried ebox and webmin, neither worked very well at building new servers..
<qman`> I'm not fond of any of the web GUIs
<qman`> webmin is not nice to debian-style conf, and ebox has a long way to go
<qman`> the ubuntu-desktop package installs the same GUI that ubuntu desktop uses
<unit3> yep. generally you're better off just doing work on the CLI.
<qman`> but doing it taht way would allow you to install the system using the server menus and RAID functions
<qman`> and then install the GUI on top
<Doorman352> Ok, well my microsoft server experience doesn't translate well to the terminal.
<jmarsden> Doorman352: Use a Desktop install to learn Ubuntu and play with if you want, but when it is time for a production server install, install from the server CD and ssh into it.
<Doorman352> Thats what I'm doing.
<qman`> that's very true
<qman`> but all the server functions on linux are CLI-based
<qman`> so even with a GUI, you still really need to learn the commands and configuration files
<unit3> Doorman352: nope, unix-y OSes are *very* different from Windows.
<jmarsden> Doorman352: cacls is pretty hardcore commandline stuff, if I remember rightly :)  Theres a bunch of command line things necessary as a good Windows server admin.  ntdsutil has no GUI either, does it?
<qman`> jmarsden, that's right, but you only need to use those things when you have a problem
<Doorman352> yes, but I don't have to do most things from a command prompt.
<qman`> and unixy command lines are MUCH easier than windows command lines
<qman`> windows is too wordy and lacks the nice features like proper tab completion
<unit3> not to mention proper documentation. :P
<Doorman352> qman`: perspective, I'm more comfortable with DOS/Windows because I've been using them for many years....
<jmarsden> qman`: never had a problem?  So either you've never had a problem with Windows over some time (in which case, stick with it!), or you've not been a Widnows admin for very long? :)
<qman`> Doorman352, I started on windows/DOS too, linux is far better
<qman`> jmarsden, plenty of problems, but it usually ended up googling the microsoft site and copy/pasting some bits
<Doorman352> no doubt, but I have to start somewhere and so far Linux isn't very easy to work with at the prompt without guides and there are some really bad ones on the web.
<qman`> never bothered to actually learn windows commands like I do linux ones
<jmarsden> Doorman352: The one you care about is the Ubuntu Server Guide.  The one in the topic of this channel.
<qman`> yeah
<qman`> the server guide is great
<Doorman352> Yep, read it and had a horrible time with Samab and my domain controllers.
<qman`> well, there's the problem
<qman`> integrating with windows domains is always a pain
<Yagisan> +1
<qman`> no two ways about that, not until samba 4 comes out
<jmarsden> Doorman352: How will a GUI on Ubuntu Desktop fix windows domain integration issues??
<Doorman352> well, I can't just throuw my WAn away and use linux yet, so I have to start somewhere.
<Yagisan> NT4 style domains work very well
<skrite> hey all, looking for some hardware advice, going to upgrade company webserver soon, and had a couple of questions.
<Doorman352> jmarsden: the more tasks I can accomplish with ubuntu, the closer I get to replacing my wiindows servers. The Gui is a means to familiarize myself.
<qman`> yeah, but full AD integration isn't possible, and the parts that are are very difficult to get working
<Doorman352> qman`: I noticed.
<qman`> it's largely due to the complete lack of documentation and standards in AD
<jmarsden> Doorman352: Cool, so run it on a workstation or in a VM on your windows workstation, then when you are familiarized, set yup the server.
<Yagisan> well, to be fair, AD is only meant to be "integrated" with AD
<qman`> skrite, go ahead and ask
<jmarsden> skrite: Ask your real question(s), if you want people to have a chance of answering them :)
<Doorman352> AD works in the Microsoft world, but not so good for other things.
<Doorman352> I'd dump AD and use an alternative, but I lack the skills to use Linux. But I keep trying.
<qman`> Doorman352, while you continue to have windows clients, there isn't much of one
<qman`> but samba 4 will change that
<qman`> a ways off but it's coming
<skrite> ok, thanks.  what is more important, more cores? or higher clock speed. I am looking at a system with two quad cores at like 2.23ghz.. Just wondering how much bang i would get trying to get higher clock speed
<Yagisan> qman`, that would depend on how he has his network set up, and what he uses from AD
<qman`> skrite, for a server with threaded applications, more cores would be more valuable
<Doorman352> qman`: I'm hoping so, but the Samba.org guide for Kerberos and LDAP is terribly wrong and breaks Domain Controllers....
<skrite> qman`, my system has a lot of different processes going on all at once.
<skrite> so more cores.
<skrite> thanks
<Yagisan> skrite, have you measured the bottleneck ?
<jmarsden> skrite: It all depends on your workload.  On a fixed budget, add RAM before bumping CPU clock speeds
<skrite> ok
<skrite> is there much speed increase in having 5 drives in a RAID 5 over having 3 drives?  they are SATA 15krpm
<qman`> skrite, your read speeds will increase a bit
<Yagisan> skrite, it's workload dependent
<jmarsden> skrite: "It all depends on your workload" ... is the server CPU bound or I/O bound, the current server I mean?
<skrite> jmarsden, i don't know.
<Yagisan> skrite, indeed - could it also be network bandwidth bound ?
<jmarsden> skrite: Then measure it before you spend your dollars... :)
<skrite> no, not network
<skrite> ok
<skrite> what kind of workload is better to have more drives?
<jmarsden> An I/O intensive workload.
<skrite> our server does more writing than reading to the db
<Yagisan> databases/file servers
<skrite> okk
<skrite> ok, gotcha.
<skrite> like what i am doing
<skrite> speed increase very significant?
<skrite> with more drives?
<Yagisan> virtual machine hosts also hammer disks
<Yagisan> skrite, there are diminishing returns - it depends on the system, and the type of I/O
<qman`> skrite, if you need more write performance, instead of going raid 5, go raid 0+1/10
<skrite> Yagisan, ok, not doing that
<jmarsden> skrite: First you said is was a web server... now you are saying it is a fileserver/database server?
<Yagisan> skrite, raid5 writing is both CPU and I/O bound (need to calculate those checksums)
<skrite> jmarsden, well, it is both
<laen> skrite: raid 0+1/10 increases read performance above raid 5/6 too afaik
<Doorman352> Anyone use Ubuntu as a inter-vlan router?
<jmarsden> skrite: Ok, so how many database transactions per second is the current hardware doing?  And is that the majority of disk I/O on the machine?
<skrite> we take data in from machines and show the customers all kinds of performance data, graphs, etc.. but we are writing about 8 records per second
<Yagisan> Doorman352, no - but quagga IIRC is suitable for routing
<skrite> yes, is majority of disk i/o
<skrite> don't know how many transactions per second.
<skrite> lots :)
<skrite> we actually write more than that, because all the records get updated often as the machines change state
<jmarsden> skrite: Then a RAID 10 setup might buy you extra speed for the database.  Maybe Raid10 for the database and raid1 for the rest of the filesystem, if you can afford lots of drives... but without numbers it's very hard to really advise you.
<skrite> ok, well cool
<skrite> will try to benchmark out what we are doing here
<skrite> exactly the bottlenecks, then will come back with numbers.
<skrite> thanks all
<jmarsden> Go for it :)  You're welcome.
<Yagisan> skrite, useful tools include iotop and top
<skrite> thanks
<Yagisan> np
<Doorman352> Yagisan: Doesn't say it supports vlan routing....
<jmarsden> Doorman352: ?  Surely that's more a matter of whether your NICs support VLAN tags, all Linux kernels will have an 801q module you can use...
<jmarsden> Quagga itself does not need to directly support VLANs, as long as you can gen your NICs to do so and set up a virtual interface per VLAN that quagga can route to and from.  I'm pretty sure...
<uvirtbot> New bug: #493864 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.2 failed to install/upgrade: å­è¿ç¨ å·²å®è£ç post-installation èæ¬ è¿åäºéè¯¯å· 1" [Undecided,New] https://launchpad.net/bugs/493864
<Doorman352> jmarsden: Are you describing using physical NICS for each subnet instead of trunking? I was interested in trying to use a linux server as a router for 4 VLANS with a single nic setup as a trunk. Instead of a CISCO router or layer 3 switch. Lots of chatter about it, but nothing in detail about how.
<jmarsden> No... you can configure one NIC to be seen as multiple virtual interfaces, one per VLAN... then quagga routes between those virtual interfaces.
<Yagisan> Doorman352, your NIC needs to support 802.1q vlan tagging, if so you can configure subinterfaces for each vlan
<qman`> Doorman352, no, you'd only need to set up virtual interfaces for the vlan on one NIC
<Yagisan> Doorman352, then you can set up a routing daemon like quagga to do the work for you
<jmarsden> Right.  It's  much more about NIC choice than anything else :)
<bcurtiswx> another question.. should a machine that interacts with the outside (www, ftp, etc...) also contain the data it's hosting.. or is it better for that to be hosted on another computer?
<Yagisan> Doorman352, eg Billion does exactly that for my home ADSL router
<jmarsden> Nice to see we're all in agreement on this :)
<qman`> bcurtiswx, that depends on the amount of hardware at your disposal and how sensitive the data is
<qman`> I would advise against hosting multiple services on one machine connected to the net
<qman`> connected directly*
<qman`> I'd also advise against running certain services together without proper chrooting
<bcurtiswx> qman`, i've got three
<bcurtiswx> earlier discussions make me think having outgoing stuff like www,ftp etc... on one computer
<jmarsden> bcurtiswx: Without knowing your budget and info security plan, that might be fine, or it might be terrible :)  Your question is really too broad to be easily answered here.
<bcurtiswx> but it will need to have access to data.. would it be better to have that on one of the other two computers?
 * Yagisan goes for the virtual machine rather than chrooting - but yes - I'd separate services if possible
<qman`> bcurtiswx, the issue at hand here is contingency
<qman`> should one service get compromised, you don't want that to grant access to the data for the others
<qman`> ftp is a relatively insecure service
<qman`> so it should be chrooted and preferrably separated from other data as much as possible
 * Yagisan would ask - do you really need ftp before deploying it
<bcurtiswx> ok
<Yagisan> do you expect outsiders to upload data to your server ?
<Yagisan> or you to remotely do so ?
<bcurtiswx> we have outsiders constantly changing and updating the data (trusted people) not random
<bcurtiswx> im no where near an expert, sorry if i'm not quite forming the correct information in my questions
<jmarsden> bcurtiswx: CAn you persuade them to use something other than FTP?  Like something ssh-based -- FileZilla if they need a GUI tool to upload with?
<bcurtiswx> i can def talk with them about it
<jmarsden> If you can, that's one less service to run... which is a Good Thing <TM> for your overall security
<bcurtiswx> jmarsden: all good things to think about.. im gonna think through this and i'll probably have a few more questions
<jmarsden> Thinking ahead of time is good :)
 * Yagisan needs to head out now - back in a few hours. Would love it if someone could offer advice on my buildbot issue #493575
<Doorman352> qman`: I checked and my adapter supports 1q tagging, so how would I configure it in Ubuntu, as the Intel proset tools are windows based.
<qman`> Doorman352, this should help: http://www.cyberciti.biz/tips/howto-configure-linux-virtual-local-area-network-vlan.html
<qman`> it's debian-oriented, so you'll have to insert some sudos
<qman`> err
<qman`> shows centOS, but looks like debian?
<qman`> let me find something better
<jmarsden> Doorman352: Simple overview at https://wiki.ubuntu.com/vlan
<qman`> http://ubuntuforums.org/showthread.php?t=703387
<Doorman352> qman`/jmarsden: Thanks, I'll try working through the guide.
<bcurtiswx> jmarsden: whats the best way to handle backing up computers..right now we back up our /home directories and the data, but this is all over the place, no central location.. how should this be handled best? (sorry if i haven't framed the question in the right way)
<jmarsden> Well, "best" is always subjective... a central on-site archive machine is a common approach, backup to that using rsync-based backup tools, keep multiple revisions not just one, and backup anything critical offsite as well.
<jmarsden> How fancy you get depends on the time and hardware and network bandwidth and money available :)
<bcurtiswx> haha, ok
<qman`> yep
<qman`> and for relatively inexpensive backup media, I'd suggest hard drives for large data, and flash drives or DVDs for smaller data
<jmarsden> bcurtiswx: Simple tools like rdiff-backup can work well, if you need more complexity look at bacula or amanda.  And yes, here at home, DVD's work fine :)
<qman`> hard drives are still the cheapest media per gigabyte, and building a system around them is cheap too
<bcurtiswx> we have growing data amounts.. up to about 1TB so far.. and growing
<bcurtiswx> all on hard disks at the moment
<qman`> it's all budget permitting, but I'd suggest an active server you back up to, then copying backups to removable drives and sending them offsite if needed
<bcurtiswx> how would you set the initial rdiff start?, i know rdiff would be great for a "time machine" esque app
<bcurtiswx> would it be backing up the system and rdiff nightly based on current filesystem and backup?
<jmarsden> bcurtiswx: Once you have an initial copy of each machine on the archive server, you can just do nightly updates that copy, keeping older versions around... rdiff-backup and many other similar tools do this for you.  You have to decide how far back to keep incremental copies, of course.
<jmarsden> You might want to play with rdiff-backup for a few unimprtant files and get comfortable with how it works, then start using it "for real".  Same with any backup approach really!
<bcurtiswx> yeah, thats how i typically do things.. testing phase first in a very basic setting
<bcurtiswx> well thanks for your help all.  ttyl
<alex88> why does apt-get upgrade don't update packets?
<alex88> it writes something like "packets are keeped at current version" and the list of packets to update..but it doesn't do it
<jmarsden> alex88: You need to provide more detailed information if you want a helpful answer.   Can you pastebin the exact output so we can see it?
<alex88> jmarsden: how can i output it in english? it's in italian now
<jmarsden> alex88: LANG=C apt-get update
<jmarsden> But I can probably read it in italian if necessary :)
<alex88> np..pasting in en
<alex88> http://pastebin.com/m6f1d4a2b
<alex88> i've configure ubuntu 9.04 with unattened-updates as in ubuntu wiki...screen shows 10 packets to be updated but the result of apt-get upgrade is that
<qman`> alex88, those packages require installing some new packages, so they are not automatically upgraded
<qman`> if you want to upgrade them, do sudo apt-get dist-upgrade
<jmarsden> You just need to do a full-upgrade to let the system update those.  sudo apt-get dist-upgrade
<jmarsden> qman beat me to it :)
<alex88> oh thanks you all guys..
<alex88> that worked fine..
<jmarsden> You're welcome.
<alex88> btw, going to sleep.. 3 am here in italy..cya tomorrow guys..
<qman`> back to visual basic homework...*/headdesk*
<Clusty_> hey
<Clusty_> is there a way i could create a username on a machine such that he is just able to upload stuff with ssh, but cannot log in interactively ?
<qman`> Clusty_, http://www.debian-administration.org/articles/590
<Clusty_> qman`: the match part is a aprt of sshd_conf file?
<trimeta> I'd like to turn my server into a DNS server; presumably I could Google for a tutorial, but there was a checkbox on the installer which I didn't tick. Is there a way to simply add whatever packages that checkbox would have pulled in?
<qman`> Clusty_, yes
<qman`> trimeta, sudo tasksel
<Clusty_> qman`: i need to make sure i am not screwed (lock myself out). if i restart the sshd server all existing connections remain open?
<qman`> Clusty_, I don't think so
<qman`> make sure you only add that at the end of the file
<qman`> a match block includes all code until the next match block or the end of the file
<qman`> so if you just add it onto the end, users not defined in the match block won't be affected
<Clusty_> qman`: /etc/ssh/sshd_config: line 81: Bad configuration option: ChrootDirectory
<Clusty_> /etc/ssh/sshd_config line 81: Directive 'ChrootDirectory' is not allowed within a Match block
<qman`> oh, you must be using an older version
<qman`> this is a somewhat recent thing in sshd
<qman`> you'll probably have to do it the old fashioned way with full jailing
<Clusty_> qman`: on ubuntu 8.04
<qman`> yeah, it's not in 8.04
<Clusty_> how can i jail the user?
<qman`> I've used jailkit in the past
<qman`> http://olivier.sessink.nl/jailkit/howtos_jailkit_pam_chroot.html
<qman`> it allows for jailed and non-jailed users side by side
<qman`> the hardest part is building a working jail, but that's what jailkit helps with
<Clusty_> ok
<trimeta> qman`: Thanks.
<Clusty_> this makes it a salto mortale: 1 wrong move and I am screwed
<Clusty_> gonna wait on the jailing for now
<Clusty_> will update in 2 weeks to karmic
<Clusty_> is that a good idea actually?
<Clusty_> since it is not LTS
<qman`> karmic has a recent enough version of sshd to do it the first way
<Clusty_> qman`: i mneant if it's a good idea generally
<qman`> depends on your needs, but truthfully you're probably going to upgrade to lucid in april anyway
<Clusty_> if this machine goes down a lot of ppl will cry
<Clusty_> :D
<qman`> and it'll be a single step from both hardy and karmic
<Clusty_> machine is NFS/LDAP/DNS/Router
<qman`> well, karmic itself is plenty stable enough, it's the package versions and odd bugs you might worry about
<Clusty_> i can imagine that
<qman`> it was a little rough right at launch but most of those problems have already been sorted
<Clusty_> i still annot change the passwords proprely: make PAM synch unix passes with LDAP ones
<Clusty_> the other nodes are karmic
<qman`> but if downtime is your main concern, running an upgrade may break you
<Clusty_> problem is i am working remotely
<Clusty_> if the machine is unaccesible i need to go to germany :D
<Clusty_> in 2 weeks i am going for 4 days :D
<qman`> upgrading from hardy to karmic is a three-upgrade process and could cause some problems
<qman`> if you're right in front of it, it shouldn't be that big of an issue
<Clusty_> qman`: ohh. so from 1 LTS to another is 1 step move?
<qman`> yes
<Clusty_> then it is settled
<Clusty_> no upgrades now
<qman`> so if you can wait until april that's preferred
<Clusty_> only reason is no postgres 8.4
<Clusty_> but that si not a major crime
<Clusty_> got another pg 8.4 machine
<Clusty_> qman`: for FTP what ports need to be open?
<Clusty_> 21 is enough?
<qman`> nope
<Clusty_> i know it uses 2 ports
<qman`> I'm guessing you're running passive FTP
<Clusty_> i got no ftp for now
<qman`> and in that case you need port 21 and the upper port range all open/forwarded to your FTP server
<qman`> and you need to allow outgoing on 20
<Clusty_> but it was a pain punching the right holes insde the FW
<qman`> FTP is legacy and always a pain with firewalls
<qman`> it was designed before firewalls existed
<Clusty_> i set up some lame machine in the DMZ
<qman`> if at all possible, you should avoid using FTP
<Clusty_> but this is a quick patch not a proper solution
<Clusty_> are people aware of non-FTP ways to put/get data?
<Clusty_> most ppl give me faces when i give them WinSCP
<qman`> web interfaces and SFTP
<qman`> filezilla is another free SFTP-capable client
<qman`> and many non-free clients like smartftp support it
<Clusty_> but is popular?
<Clusty_> i guess so..
 * Yagisan wanders back in
<jongbergs> hi, i
<jongbergs> hi, i'm planning to setup an ubuntu dns server, however we onl have 1 public ip..how would i configure my dns to work behind the router?
<jongbergs> is it alright with this kind of setup?
<jmarsden> jongbergs: You can open TCP and UDP ports 53 inbound through your router to the DNS server and it should work, is that what you mean?
<jmarsden> OR do you need the DNS server go give two different answers depending on whether the client asking it is on your LAN or on the Internet??
<jongbergs> jmarsden: yes, can i have both roles LAN and Internet? I also wondering whether it the dns server should act as authority or cache
<jongbergs> jmarsden: which dns funtion should i choose: caching, primary ,secondary or hybrid?
<Yagisan> what do you want it to do ?
<jmarsden> jongbergs: You can, it's just more work to configure it.  And whether it should be authoritative or caching only depends on whether you want it to do/
<jmarsden> Do you have domains you need it to be authoritative for, or just to get info from other existing DNS servers out there and make that info locally available.
<jmarsden> The first measn authoritative, the second is caching.
<jmarsden> But if you don't already know this you could find setting up a DNS server quite difficult, I think :)
<jmarsden> WHat are you trying to achieve by setting up this DNS server?  How will it help you do something?  What do you want it to *do* for you?
<jongbergs> jmarsden: we plan to put up a campus website in which we have our own registered domain name
<jmarsden> And the new DNS server will be authoritative for that domain?  Is there another one somewhere which will be the secondary for it?
<jongbergs> jmarsden: no dns servers yet except from our ISP
<jmarsden> well, you need two when you register a domain, so which two did you provide to the registrar?  or is the domain not set up yet?
<jmarsden> You could try using a public (free) DNS service for the secondary and use your own as the primary authoritative server for your domain.
<jongbergs> jmarsden: not setup yet..the domain name is in the process of approval
<jmarsden> OK.  well, somehow or other you will need there to be 2 authoritative DNS servers for it before it will "work" on the Internet.
<jongbergs> jmarsden: you mean i need two dns servers?
<jmarsden> Either that or you needs yours plus use someone elses for the second one, yes.
<jongbergs> jmarsden: is it ok for now if im going to setup only one dns server to be authoritative?
<jongbergs> jmarsden: will it work?
<jmarsden> Yes it will work for you to test with
<jmarsden> But I don't think you will be able to make your domain go "live" with just one DNS server.  Your registrar will not allow that.
<jmarsden> For now set up this one, then find a free secondary one and use that.
<jongbergs> jmarsden: i was thinking of that also when i review their requirements, you need to have at least two
<jongbergs> jmarsden: free dns like OpenDNS?
<jmarsden> Not exactly.  Free secondary DNS service.  I don't know if OpenDNS offers that.  Let me look for a provider for you...
<jongbergs> jmarsden: thanks
<jongbergs> jmarsden: i also happen to drop into www.everydns.com website it says they offer free dns service, but im not sure exactly
<jmarsden> Could work.  freedns.afraid.org may also work for you.  The one I was thinking of no longer exists, it has been a while since I used a free secondary :)
<jongbergs> jmarsden: ok i'll try that, so what's the first thing that im going to do now?
<jongbergs> jmarsden: i have the ubuntu server already running
<jongbergs> jmarsden: ready to be configured
<jmarsden> I can't handhold you through all of this, it's too much.  You could configure your server to be authoritative for your domain and create the zone file, and test that.  Then open ports in your router, then set up the secondary to use your server  as the primary for that domain, and test *that*.
<rags> Hi, I'm using Hardy and I use IPsec-tools version 0.6.7, which I want to update to the latest available.  0.7 is available in intrepid. Can I just install the .deb on hardy?
<jmarsden> Probably not; most likely they depend on versions of other libraries that are not in Hardy either.
<rags> It's not available in the backports repo
<jmarsden> You could try it, but no guarantees it will work :)
<rags> Will it break anything...I mean if anything goes wrong would I be able to recover easily?
<jmarsden> If you know what you are doing with dpkg, you could recover easily enough, it's not like ipsec-tools is a system library or anything like that.  BTW, latest in Ubuntu seems to be   ipsec-tools | 1:0.7.1-1.5ubuntu4 |         lucid | source, amd64, i386
<jmarsden> So if you truly need "latest", 0.7 in Intrepid is not it.
<rags> I thought that will be too bigger a jump...intrepid being after Hardy unlike Lucid which is still in dev...:)
<rags> Plus I have to get racoon as well...I'll get them from Lucid and hope it works...
<jmarsden> Good luck... I think you'll need it :)
<Clusty_> rags: any reason for not self compiling it?
<Clusty_> if it follows the trivial configure/make/make install pattern and there are no crazy things being done you can even make a deb out of source directly
<twb> I do that sometimes.
<rags> Clusty_: I guess I can...but I hope it wouldn't make a dependency mess...I'll give a try then...My main concern is that it should not affect my current config...:-S
<Clusty_> rags: can even get: apt-get build-deps <fill in package name>
<Clusty_> to get dependencies to build the stuff
<rags> oh...ok..I'll try that as well..
<twb> Clusty_: what's he packaging?
<BalSak> hi guys. I
<Clusty_> twb: ipsec
<Clusty_> i never used it...
<BalSak> 'm having trouble logging into my enterprise cloud I've just ser up. credentials I'm able to use via ssh doe not take on https
<BalSak> any ideas please?
<Clusty_> only package i recompiled from sources into a package was netatalk
<twb> rags: you need ipsec 0.7 on hardy?
<rags> twb: Yes...mainly because I can't get some functions working in the current version, such as deleting individual SA's and manipulating individual tunnels...
<twb> The first thing I would normally try is adding a deb-src for (say) intrepid, and then apt-get build-dep'ing and apt-get --build source'ing ipsec/<version>
<BalSak> *bump*
<rags> twb: That's cool....That will be way simpler then getting the tar balls...
<rags> twb: Only concern, hope it does not break anything and is recoverable...:-S
<twb> rags: well, it'll be completely unsupported and unmaintained.  You certainly won't automatically get any security updates that are made to intrepid's ipsec package.
<twb> But that'd be the case if you installed from the upstream source, too.
<rags> No matter....I'll keep a manual check...till I do a dist upgrade...
<RoyK> zz
<`jpg> Anyone got any tips on helping make Eucalyptus's control services more redundant other than running them on a HA cluster?
<`jpg> Currently I am thinking run 2 (or more) servers with heartbeat.
<maxagaz> i have a printer/scanner plugged on a switch, the printer works well in the network, can i also use the sanner through the network or do i need to plug it to a machine first ?
<arj> only god knows
<arj> and maybe the manufacturer/manual of your printer/scanner
<maxagaz> arj, according to the docs i'm reading, it seems i have to plug it first to a computer via usb
<jiboumans> morning
<uvirtbot> New bug: #493982 in munin (main) "Munin-Node missing device files in iostat" [Undecided,New] https://launchpad.net/bugs/493982
<SandGorgon> guys.. i'm on Hardy Server. I have a service installed that I want to disable - but NOT uninstall. How do I do that?  is there a utility to do service management from cmdline ?
<qman`> SandGorgon, services in Ubuntu are handled with init scripts, started and stopped with /etc/init.d/, and enabled and disabled with update-rc.d
<qman`> not sure how upstart complicates things, but in hardy it still basically works like sysv-init
<SandGorgon> qman`, thanks.. i found 'sysv-rc-conf'. Looks good
<twb> I like rcconf, but I think insserv breaks it
<twb> As a text GUI for update-rc.d, that is
<smoser> wow, ec2: *Free Inbound Data Transfer (until June 30, 2010)*
<zul> morning
<ttx> smoser, zul: o/
<smoser> hi
<zul> hey ttx
<Yagisan> anyone have any suggested alternatives for buildbot ?
 * Yagisan has confirmed a bug in it on 3 different versions of ubuntu, so it's not working out for me
<uvirtbot> New bug: #494015 in bind9 (main) "named warns: max open files (1024) is smaller than max sockets (4096)" [Undecided,New] https://launchpad.net/bugs/494015
<hackeron> I see error messages like: "Dec  8 12:58:12 AmurgDVR udevd-work[598]: pipe failed: Too many open files" and "unable to create db file '/dev/.udev/db/block:sda': Too many open files" - even though there are only ~3k open files according to lsof? - any ideas?
 * zul really really needs to move to somewhere warmer
<sommer> it's warm in NC :-P
<hackeron> sommer: newcastle? - no it isn't, lol
<sommer> heh, north carolina :)
<hackeron> ah
<zul> sommer: 20-30 cm of snow expected tomorrow
<sommer> fun fun, heeh
<zoopster> it's warmER in Tampa today  and the sun is coming out after a foggy morning
<zoopster> come on down zul...plenty of room for you and the fam
<zul> meh
<SandGorgon> guys.. i'm trying to get php5-cgi and nginx working under ubuntu 8.04. I am able to see .html files properly, however for .php files I am getting constant "connection refused" errors. Any idea why ?
<arj> what does telnet say?
<arj> (to the port nginx should connect to)
<SandGorgon> arj, checkin
<SandGorgon> arj, telnet works for the port
<Jeeves_> grmbl
<Jeeves_> chpasswd no longer accepts '-e' as an option
<Jeeves_> does anyone know why that is?
<soren> chpasswd uses pam now. PAM does not support providing encrypted passwords.
<Jeeves_> soren: Hmm, that sucks. I don't like putting plaintext passwords in scripts
<Jeeves_> Any clue how I can nicely work around this (imho regression)?
<orudie_> how can I archive a directory with all the subdirectories and files ?
<soren> Jeeves_: usermod --password
<soren> orudie_: tar?
<Jeeves_> soren: Thanks
<soren> Jeeves_: np
<uvirtbot> New bug: #494047 in bind9 (main) "package libdns53 1:9.6.1.dfsg.P1-3ubuntu0.2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 2 zur?ck" [Undecided,New] https://launchpad.net/bugs/494047
<Jeeves_> grmbl
<Jeeves_> those bloody germans!
<Jeeves_> :)
<smoser> ttx, ping
<smoser> or kir
<smoser> kirkland
<smoser> can one of you verify that images currectly bundled with '--arch' have that --arch represented in describe-images ?
<ttx> smoser: yo
<ttx> smoser: I could verify that. It would have recently changed ?
<ttx> I remember checking that for karmic RCs
<smoser> john pugh is seeing images loaded from the store all showing up as x86_64
<smoser> so i wanted to verify that images bundled otherwise weren't also
<smoser> i dont think they are
<smoser> so i think the store is incorrectly bundling
<mrchucho> I'm using vmbuilder on karmic: if I put "bridge = br0" in the [kvm] section of my config file, will that set the $bridge in the libvirtxml.tmpl?
<ttx> smoser: what is sure is that if you don't specify --arch, it does x86_64, even if you are on a i386 UEC.
<smoser> i thought that it defaulted to 'uname -a'
<smoser> err.. .uname -m
<ttx> https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/451358
<uvirtbot> Launchpad bug 451358 in eucalyptus "euca-describe-images reports all UEC images as x86_64" [Low,Invalid]
<ttx> smoser: it defaults to x86_64.
<ttx> smoser: do you still need the verification ? Or can it wait until my alpha1 tseting tomorrow ? I'm pretty sure it works (as long as you pass the -r option)
<smoser> it can wait.
<hackeron> I see error messages like: "Dec  8 12:58:12 AmurgDVR udevd-work[598]: pipe failed: Too many open files" and "unable to create db file '/dev/.udev/db/block:sda': Too many open files" - even though there are only ~3k open files according to lsof? - any ideas?
<ttx> smoser: cool. I prefer not to spin up the setup if I can avoid it.
<smoser> mainly i was doing the same
<alex88> if i've on eth0 2 ips, does apf firewall protect both? cause it's eth0 and eth0:0 but on apf reload says: determined (IFACE_IN) eth0 has address (IP), but nothing about the second ip
<mrchucho> ah, answered my own question... according to docs "--bridge=BRIDGE     Set up bridged network connected to BRIDGE."
<orudie_> how can I disallow access to all my users to use dftp except for one user ?
<orudie_> how can I disallow access to all my users to use vsftpd except for one user ?
<alex88> orudie_: there is a user list that cannot connect to ftp
<alex88> in default vsftp server install
<orudie_> aleks, yup I remember now, trying to find the list :)
<alex88> it has something about pam auth..so search in the pam folder, you'll find the vsftp plugin with the name of the file
<marks256> can i setup a machine that will only allow users on the other end of the machine to download/upload at a set rate? For example, if i had a 15MB/s internet connection, but only wanted half of my users to be allowed 5MB/s, how would i do that? i believe it is called QoS (Quality of Service)
<yann2> hi
<yann2> should whole discussions happen her: https://wiki.ubuntu.com/LucidServerSeeds#proposed-universe-demotions ?
<alex88> marks256: you can limit the connection speed via ip-tables
<LaireTM> Somebody here have expirience with plesk?
<arj> a little bit
<marks256> alex88, server side?
<alex88> yes
<alex88> marks256: http://zedomax.com/blog/2008/09/25/linux-server-hack-how-to-limit-bandwidth-with-linux-tc-and-iproute2/
<marks256> alex88, that looks be be exactly what i want to do. thank you kind sir!
<alex88> marks256: glad to help! =)
<Guest57254> hi, I have a 32-bit computer, can I use ubuntu server 9.10?
<jmarsden> Guest57254: Yes, just pick the x86 (32bit) version of the Ubuntu Server install CD.
<Guest57254> ok, thanks
<jmarsden> You're welcome.
<arturo_on_rails> Hi all, quick and simple question.  I want my servers to send me monitoring e-mails (cron status, periodic monitoring, etc...).  What package should I use? sendmail?
<arturo_on_rails> I would like to use 'what everybody else uses'...
<jmarsden> arturo_on_rails: Any MTA is fine for that.  Postfix is a common choice.  Sendmail is relatively rare these days.
<ScottK> One potential source of confusion about this is that Postfix, Exim, etc all provide a binary called sendmail for compatibility purposes.
<arturo_on_rails> jmarsden: but isn't postfix a bit too much?  I just want to execute 'sendmail'  I have my own MTA in the network running postfix
<jmarsden> Then you can use something less common; you said you wanted to use what "everyone else uses".  Try ssmtp or similar for a minimal MTA if that is what you seek.
<arturo_on_rails> jmarsden: ScottK: Oh, so people ACTUALLY use postfix for this...
<arturo_on_rails> jmarsden: ScottK: no probs... ok, so for minimal, ssmtp.
<jmarsden> Or msmtp, or one of a few other minimalist ones.  But it's easier to find config help on Postfix, so there's a mild tradeoff there.
<arturo_on_rails> thanks guys.  Bye for now...
<hans38> hi
<hans38> can some one here hlp me
<hans38> hello
<hans38> some one hereÂ¨
<Pici> hans38: You'll need to ask a question before we can help :)
<laen> Or, we just answer the question. hans38: Yes :)
<laen> Did that solve your problem so far?
<hans38> no
<laen> Guess you asked the wrong thing then hehe.
<hans38> how to become root user in ubuntu
<laen> Sudo?
<Pici> !sudo | hans38
<ubottu> hans38: sudo is a command to run programs with superuser privileges ("root"). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (Gnome, XFCE), or !kdesudo (KDE)
<hans38> i try to login as root
<laen> hans38: never do that
<hans38> why
<laen> Security issues..
<laen> See it like this: You are a user on the machine.. root is not, it's just a privilege.
<hans38> i want to change some files in var/www/
<hans38> and i cant write there
<laen> hans38: no problem, just use sudo in front of your commands.
<Pici> hans38: The website that ubottu linked to explains why we use sudo and the proper commands for invoking it.
<hans38> okay. but the problem if i sudo is that the one and only pwd i use
<hans38> dont work
<laen> You're giving your own password, right?
<hans38> yes
<hans38> same that i'm loging in with
<majuk> capslock?
<AndyGraybeal> can anyone help me w/ ubuntu virtualizatio (kvm) i have a kvm server on 8.10; i rebooted the machine out of frustration, i log back in and run virsh, and type 'list --all' and nothing shows up - can anyone help me?  i feel panicky.
<laen> hans38: did you make another initial user when installing the machine, besides yours?
<hans38> none
<hans38> some thing else,,  how to run xwindow ?
<laen> hans38: i have a slight feeling you haven't read any documentation at all, maybe start with that first.
<atyson01> Can anyone help me with ldap and tls?
<alex88> atyson01: never tried ldap
<noobuntu> anyone having some experience with LVM so far?
<fullstop> Hi all.  I'm new to Ubuntu server, but I have experience with RHEL.  I'm trying to install a guest 9.10 using KVM, but I'm not following the network settings.
<fullstop> When I used Xen, I was able to specify a real (not private) ip address for each guest.  Is this possible in ubuntu with KVM?
<noobuntu> i installed ubuntu LAMP with openSSH, partitions are swap, / and /home. /home should be in LVM as it will expand later on second disk. but, after completing installation proces, there is nothing in fcstab about mounting /home as separate partition. I edited fcstab, but since this is the first time i use LVM, a would appreciate if someone more experience would review the file before I reboot the machine
<JoeSomebody> hi, i am failry new to linux, old windows man here, have 2003, xp vista and w7 boxes, now a karmic desktop too
<JoeSomebody> i am wondering if the server edition has no gui?
<JoeSomebody> if not can i add one? :)
<arj> it doesnt come with one by default
<arj> and yes you can add one
<JoeSomebody> ok sounds great
<JoeSomebody> is it good for vm-ing with say virtualbox ? or does it have its own?
<arj> depends on what you want
<arj> if you want to run a server with a bunch of virtual machines have a look at kvm
<arj> if you want graphical stuff virtualbox rocks
<JoeSomebody> vm for running various windows as a support tech
<arj> then I'd go for ubuntu desktop with virtual box
<arj> works for me
<JoeSomebody> i have that now, but since i know win2003 server a bit, i guess i am curious
<arj> then I'd go for ubuntu server with kvm :)
<JoeSomebody> karmic desktop is really great
<zul> smoser: users on the ec2 google group complaining about the mirror being down
<JoeSomebody> i have looked at redhat, fedora, slackware, knoppix and one i cant remember :)
<smoser> yeah, and me resonding :)
<JoeSomebody> like ubuntu best so far
<zul> smoser: oh you saw that..i have to get with th e times
 * zul goes back to fibre channels
<JoeSomebody> arj thanks for the advice
<noobuntu> i installed ubuntu LAMP with openSSH, partitions are swap, / and /home. /home should be in LVM as it will expand later on second disk. but, after completing installation proces, there is nothing in fcstab about mounting /home as separate partition. I edited fcstab, but since this is the first time i use LVM, a would appreciate if someone more experience would review the file before I reboot the machine
<mneptok> noobuntu: what does "df -h" reveal
<Aison> can I create a software raid1 while installation of ubuntu server?
<Aison> and install on it?
<andol> Aison: yes
<noobuntu> mneptok: http://paste.ubuntu.com/337499/
<noobuntu> mneptok: first part is what I want to add to fcstab, second part is df -h listing
<mneptok> noobuntu: what is in /dev/VolGroup*/ ?
<noobuntu> mneptok: /dev/vg01/@vg01home
<mneptok> noobuntu: then you should be able to add the device to fstab without issue
 * RoyK uses zfs instead of lvm these days
<noobuntu> mneptok: like stated in fcstab file I presented to you?
<mneptok> noobuntu: no way to tell, as i can't mind-read your UUIDs ;_
<mneptok> ;)
<noobuntu> mneptok: UUID is correct, unless copy-paste behavior changed lately :D
<noobuntu> mneptok: i suppose i will lose everything what is now in /home ?
<mneptok> noobuntu: not if you make a backup onto the LVM
<mneptok> noobuntu: manually mount it (which will allow you to ensure the UUID info is correct) and then rsync to it
<noobuntu> mneptok: never did manual mount in terminal
<mneptok> sudo mount -t ext(whatever) /dev/VolGroup(whatever)/(whatever) /path/to/a/mount/point
<noobuntu> mneptok: thank you very, very much. I hope I will be able to return you the faver sometime in the future. I will do backup of /home first, it will not hurt :-)
<noobuntu> faver=favor
<mneptok> noobuntu: my PayPal address is ....
<mneptok> ;)
<noobuntu> hahahaha
<noobuntu> I don't have paypal. what would you charge for such advice? (maybe I open it and start charging like you :D)
<mneptok> hmmm ....
<mneptok> i'd really like a golden chalice filled with the still-warm blood of my enemies.
<mneptok> can you do that?
<noobuntu> depends on size of a chalice, hm
<mneptok> well, let's use LVM for it so you can increase its size later when you have more money.
<neonfreon> depends on size of your enemies
<noobuntu> mneptok you play fantasy games?
<mneptok> noobuntu: i'm on IRC. does that count?
<noobuntu> mneptok always
<mneptok> and i like to think of myself as a golden-haired Adonis that is the envy of all who encounter him.
<mneptok> my wife tells me that's a fantasy game.
<noobuntu> hahahaha, you have good sense for humor
<noobuntu> beside good knowledge of linux
<Italian_Plumber> are you guys talking about the Sacred Chalice of Reex?
<Bubba_> hi
<rtg> kirkland, have you ever setup an iscsi target and initiator? I could used some examples of working setups.
<RoyK> rtg: google is a nice thing https://wiki.ubuntu.com/IscsiInitiator
<kirkland> rtg: i have
<kirkland> rtg: i'm a bit tied up right now at a customer/partner site
<kirkland> rtg: i'll see if i can find some docs for you
<kirkland> rtg: otherwise, mathiaz has done it too
<rtg> kirkland, i've been groveling conf files and such, but can't seem to get anywhere after discovery.
<rtg> I'll bug mathiaz
<kirkland> rtg: http://www.howtoforge.com/using-iscsi-on-ubuntu-9.04-initiator-and-target
<kirkland> rtg: that one looks pretty good
<rtg> ah ha!
<kirkland> rtg: i just skimmed it
<kirkland> rtg: it has the key commands
<rtg> cool, thanks
<jsalisbury> rtg:  I do this on a daily basis with EqualLogic arrays.  I can send you my email you if have specific questions that I can help with.
<rtg> jsalisbury, lemme mess with it a bit. I'm just verifying that the iscsi target driver in Lucid functions
<jsalisbury> rtg: Ok
<RoyK> hm... http://en.wikipedia.org/w/index.php?title=Comparison_of_file_systems&oldid=209063556#Features <-- see last column :)
<rtg> jsalisbury, so, the initiator/target pairing works in karmic, correct?
<glphvgac1> hi, i'm trying to boot a mac using netinstall image. My server is running dhcpd with fixed-address for the mac machine. dhcp works and i get correct ip addr. netboot doesn't; do i need to run something to server bsdp on the server?
<tgm4883> Would this be an acceptable place to ask a question regarding mysql?
<sommer> so I just upgraded a hardy machine to kvm 84, and now my guests have ata errors... and can't login using pam
<Hypnoz> say I wanted to chgrp -R /var/log from adm to something else
<Hypnoz> thats all find and good, but once logrotate created new logs, would they be owned by adm group again
<Hypnoz> /etc/logrotate.conf has nothing about the adm group, and /etc/logrotate.d/ has info for some logs, but not all
<uvirtbot> New bug: #494243 in samba (main) "package samba 2:3.4.0-3ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/494243
<alex88> how can i find a file in linux?
<kringell>  find
<kringell> :)
<andol> alex88: a specific file, or just any file? :)
<kringell> "find /path/of/where/to/look -name nameoffile"
<andol> alex88: if the file permissions are "right" the command locate is usually the fastes way.
<kringell> it has a lot of options though
<kringell> see manpage
<alex88> i've found a process "afserver" running
<alex88> and i what to just search recursively in / to find it
<alex88> i've seen it's the afbackup server but i haven't installed it
<andol> alex88: well, if it's a binary, and it's in the path, you can always try: which afserver
<alex88> it's not in the path..
<alex88> btw, searching with find
<alex88> cause i have another user using this vps for a irc server, but i don't think that afserver is related with it..
<kringell> locate is much cooler!
<kringell> (i just found out)
<kringell> :)
<alex88> no results.. find / -name afserver and also locate
<kringell> sudo find
<kringell> etc
<alex88> i'm already root in the / dir
<alex88> i think that if i can see it on netstat -tapn i can found the binary somewhere
#ubuntu-server 2009-12-09
<jfig1234> hi all, having a problem here at home, I have a server running for months without problem, now without any change (except for upgrades to ubuntu) the server only works for a few minutes connected to a specific network switch and then stalls. connector to another switch seems to work to. other equipment (freeNAS, router, etc) works fine
<uvirtbot> New bug: #494267 in nagios3 (main) "package nagios3-cgi 3.2.0-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/494267
<twb> jfig1234: do you have physical access to the host?
<jfig1234> twb: yes
<twb> jfig1234: is the problem currently occurring?
<jfig1234> twb: no, but i can easly re-plug the server on the switch
<twb> jfig1234: you want to collect information like "dpkg -l network-manager", "ethtool", "ip addr" and "ip route" both before and after the problem occurs.
<twb> jfig1234: you may also want to use tshark or tcpdump to perform packet sniffing
<twb> It may just be a switch or cable is dead, and needs to be replaced.
<jfig1234> thanks, i'll give those a try, has for ports, cables, et all i've tried several... and oother equipment on that switch works fine
<jfig1234> since its a test version i'll also try and install a older version of ubuntu and see if it works again
<twb> I do not think a different release will change anything.
<cef> anyone used the 'rescue mode' on the server disk? why is it asking me about a root fs? the root fs on this machine is trashed and the disks are going to fail. All I want to do is boot up a minimal install and copy the files off the machine, preferably across the network.
<jfig1234> twb: i dont see how either but this has gotten me very bugged... same server works on one switch and not on another, switch thats causing the problems works fine with other equipment... that server was working for several months - on that switch - without and problem.....
<twb> I assume you have rebooted the switch
<jfig1234> :) several time
<twb> cef: the rescue target will not help you there
<cef> twb: yeah.. and there isn't even an ftp client on the thing.. grr
<twb> cef: at least, it'll be far less hassle to find generic live media that includes lvm2/mdadm/whatever you need.
<cef> or scp
<twb> cef: you need to request sshd specifically
<twb> cef: it will appear as a checkbox if you boot with expert
<cef> twb: in the rescue? ahh ok.. I didn't boot  with expert on the rescue mode
<`jpg> jfig1234: Clear the cache on the switch if it doesn't on reboot?
<twb> cef: try "rescue priority=low"
<twb> cef: but it'd be easier to just use a knoppix or centos live cd
<cef> just frustrating that the rescue mode is next to useless if the root fs is trashed, which, imho is one of the reasons you need a rescue disk
<twb> The ubuntu ones won't do because they don't include mdadm and lvm2 out of the box, and it's a PITA to install them
<cef> don't need either.. hardware raid
<twb> cef: I don't think rescue mode is intended to be a full-featured rescue system
<cef> but it's an older machine so any livecd that has a gui is going to run like a dog
<twb> cef: both centos and knoppix live CDs do not force you to run a GUI
<twb> This is another reason they are better than ubuntu's live CD for rescue purposes.
<`jpg> cef: Also take a look at hirens boot cd etc, there are lots of console only rescue cds out there that do a great job.
<twb> Yu
<twb> *Yup
<twb> I sometimes roll my own using Debian's live-helper
<cef> `jpg: ta
<`jpg> I am wanting to build a high availablity cloud using Ubuntu UEC. Has anyone deployed a cloud that can advice in making the cluster controller more redundant.
<`jpg> *advise on
<cef> well can't find anything at short notice that has the mylex DAC960 driver in it, so trying expert mode just in case
<twb> LSI make real hardware raid?
<cef> ahh openssh-client-udeb option :D
<cef> Mylex, not LSI
<cef> (at least, in this system)
<twb> "September 2002 - LSI acquired Mylex from IBM."
<cef> well, this IS an old machine
<twb> Shrug
<cef> and this is a Mylex card
<cef> and hey, it works. :D
<marcelcohrs> hey geys
<cef> twb: ta for the help btw re: expert mode on the rescue disk
<twb> cef: no problem
<twb> cef: the reference is [...]/dists/hardy/main/installer-i386/current/images/netboot/pxelinux.cfg/default
<twb> Or just isolinux/isolinux.cfg if you have the CD in front of your :-)
<duvnell1> hi, I've livebooted a ubuntu 9.10 CD on a dell, when I plug in my usb external HDD, it's saying a device 2-1 was plugged in, but it is not creating a device.  Any ideas?  should I just get the newest version and hope for the best, or is there something that I can do to prod it alone to create a device?
<twb> duvnell1: we can't help you with the live CD, since it's effectively ubuntu *desktop*.
<`jpg> Never seems to be any Cloud experts about. :(
<twb> `jpg: is there a cloud-specific channel?
<twb> e.g. #eucalyptus
<`jpg> Hmm..will check, cheers twb.
<uvirtbot> New bug: #494291 in kvm (main) "kvm: xp won't talk to USB device with host linux-image-2.6.31-16-generic" [Undecided,New] https://launchpad.net/bugs/494291
<oh_noes> is there an inittab on hardy server?
<cef> is there much different from the server install and the desktop install (apart from default server apps being installed and a gui on the desktop).. just the kernel, isn't it?
<cef> or is there base differences in the core somewhere?
<twb> oh_noes: upstart only understands a strict subset of inittab
<twb> oh_noes: and hardy runs upstart, IIRC
<oh_noes> oh thx, didnt realized it was upstart.
<twb> oh_noes: most of what would be inittab is in /etc/event.d
<ScottK> oh_noes: Dapper was the last Ubuntu release with inittab.
<twb> With a default one, that is :-)
<oh_noes> thanks guys, looks like upstart has an easier config than inittab too
 * cef realises that if he wants to boot off a cdrom, it might be useful to have one in the machine.. oops!
<oh_noes> The reason I ask is, I have an OS Appliance where I want to create a "Press F1 to do something" at the console CLI login
<oh_noes> so I think (and please tell me if im wrong), modify /etc/event.d/tty1 and use a different getty?
<oh_noes> I wonder if any getty alternatives have a 'create a keypess script' so when a keycombo is pressed it just runs a script
<maxagaz> is there a tool that can compare the content of files
<maxagaz> ?
<maxagaz> between two servers
<maxagaz> in order to synchronize it
<maxagaz> like comparing configuration files
<pmatulis> maxagaz: you want one file to become like the other?
<pmatulis> maxagaz: or give each file what is missing from the other?
<maxagaz> pmatulis, i want some config files to have some common content
<maxagaz> pmatulis, but keeping also some special content too
<maxagaz> i hear about something like ogeas...
<pmatulis> !info ogeas
<ubottu> Package ogeas does not exist in karmic
<ScottK> augeaus I think.
<pmatulis> !info augeaus
<ubottu> Package augeaus does not exist in karmic
<ajmitch> !info augeas
<ubottu> Package augeas does not exist in karmic
<ajmitch> bah :)
<ajmitch> it's augeas-tools, augeas-lenses
<pmatulis> !info augeas-tools
<ubottu> augeas-tools (source: augeas): Augeas command line tools. In component universe, is optional. Version 0.5.1-1ubuntu1 (karmic), package size 27 kB, installed size 92 kB
<pmatulis> maxagaz: go for it
<maxagaz> thanks!
<marks256> when i try to use rsync via ssh to back up to a module, rsync errors out with rsync: connection unexpectedly closed (0 bytes received so far) [sender]
<marks256> rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.5], but it works fine if i use a direct path. what gives?
<tbielawa> soren: did you have any difficulty merging jaunty's libvirt from debian? I'm running into libtool errors but I see no mention of it in the changelogs.
<tbielawa> i backported the patch from libvirt 0.6.5 to fix Bug #368084, I just can't get it to build.
<uvirtbot> Launchpad bug 368084 in virt-manager "internal error creation of non-raw images is not supported without qemu-img" [Undecided,New] https://launchpad.net/bugs/368084
<tbielawa> perhaps I should poke around in motu while he's away, they may be more recent on libtooling issues
<hackeron> I see error messages like: "Dec  8 12:58:12 AmurgDVR udevd-work[598]: pipe failed: Too many open files" and "unable to create db file '/dev/.udev/db/block:sda': Too many open files" - even though there are only ~3k open files according to lsof? - any ideas?
<tbielawa> check out `cat /proc/sys/fs/file-max`
<hackeron> tbielawa: 96570
<tbielawa> not sure, but I'm reading this. http://www.netadmintools.com/art295.html it mentions the difference between lsof and /proc/sys/fs/file-nr
<jmarsden> hackeron: ulimit -n   is another way max open files can be restricted
<hackeron> jmarsden: ah, ok, that shows 1024 and udevd has 1075 open -- hmmm?
<jmarsden> udevd may have been started from an environment with a higher limit.  Also check /etc/security/limits.conf
<hackeron> http://dpaste.com/131078/ < what's happening there?
<hackeron> jmarsden: that file has nothing but comments - this is a vanille ubuntu karmic
<jmarsden> OK.  Your pastie... I'm not sure what that means, looks almost as though udev is finding the drive, losing it, finding it again, losing it... ??
<hackeron> same thing on a few other ubuntu karmic servers I have
<hackeron> is udevd broken in karmic? -- what does your lsof -n | grep udev | wc -l show?
<jmarsden> 37 here on Karmic desktop amd64.
<hackeron> mine's a karmic server amd64
<jmarsden> But of those, most are GNOME-related
<jmarsden> lsof -n | grep udevd | wc -l    # shows only 4
<hackeron> # lsof -n | grep udevd | wc -l
<jmarsden> I can boot  a Karmic server VM and try it there too...
<hackeron> 1073
<jmarsden> Wow... that's... a lot :)
<jmarsden> Have you modified the udev rules in any way from the defaults?
<hackeron> everything seems to work just fine, but I get occational messages in syslog that udevd pipe failed: too many open files
<hackeron> nope, everything is completely vanilla
<jmarsden> Then that looks like a bug of some sort to me.
<hackeron> only thing I changed is the apache config and the flag not to prompt on fsck during boot in /etc/default/rcS
<jmarsden> I get 55 in a freshly booted Ubuntu Karmic Server VM, so there is something different about udevd action on servers, it would seem
<jmarsden> And it seems to be slowly increasing over time... 57 now...
<jmarsden> Have you searched Launchpad for relevant bugs?
<hackeron> hmm, this looks relevant < https://bugs.launchpad.net/ubuntu/+source/udev/+bug/463347
<uvirtbot> Launchpad bug 463347 in udev "devices not detected -- too many open files" [High,Fix released]
<hackeron> I'll try to distupgrade - haven't done so in a couple of weeks
<jmarsden> It's not clear that fix is in karmic-updates yet, at least not from the bug report... you might have to grab it from karmic-proposed
<hackeron> jmarsden: how do I do that?
<KismetGFX> does it matter how i partition my stuff with 3 hard drives cant seem to get it to boot. as in /boot /usr /var swap on one drive, root and swap on 2nd, home and swap on 3rd had it workin at one point rebooted and it was borked
<jtaji> KismetGFX: sata drives? using /dev/names or UUIDs?
<jtaji> in your fstab
<jmarsden> KismetGFX: Or, if you have a machine you can experiment with, first try a single drive default install, let the installer partition it for you and see if *that* boots OK?
<KismetGFX> jtaji:  one ide two sata i didnt manually specify a /dev
<jtaji> KismetGFX: no I mean are your drives listed as, e.g. /dev/sda1 or UUID=xxxxxxxxxxxxxxxxx?
<jmarsden> hackeron: Correcting myself, udev 147~-6.1 is in karmic-updates, so that should take care of your issue.
<KismetGFX> jtaji: ya sda1 sdb and sdc each partition tried moving /boot to each drive didnt make any difference huhu
<hackeron> jmarsden: ok, trying :) - been bugging me since beta karmic, every 4 hours I get emails from syslog with this udev error - hope this fixes it!
<KismetGFX> er sda
<jtaji> KismetGFX: problem is sata drives can change order, best thing is to use UUIDs
<jtaji> !uuid | KismetGFX
<ubottu> KismetGFX: To see a list of your devices/partitions and their corresponding UUID's, run this command in a !shell: Â« sudo blkid Â» (see https://wiki.ubuntu.com/LibAtaForAtaDisks for the rationale behind the transition to UUID)
<KismetGFX> jtaji: kewl thanx i thought it was a MBR issue i was doing fdisk /mbr's and fixmbr i'll check that out
<oh_noes> is it possible to make upstart set tty2 to automatically login instead of displaying a LoginPrompt
<oh_noes> ie. run /sbin/sulogin instead of /bin/login
<jmarsden> oh_noes: edit /etc/init/tty2.conf to suit your peculiar needs :)
<oh_noes> can;t ... im on hardy which is upstart
<oh_noes> I'm playing around with it now ...
<holiday> Hello, is it possible to configure ssh to use password authentication for a single user, while the others use public key authentication?
<jtaji> and the others can't use password?
<holiday> yes, the others cant use password
<jmarsden> Create keypairs for all the others, passwd -l all the others ... seems weird, but should work??
<jtaji> it should
<holiday> okay, would you recommend just forcing everyone to use a public key?
<holiday> it worked btw thanks
<jmarsden> No problem.  Why are you forcing things?  Who is the special person... if he determines your salary, do not force him :)
<jmarsden> oh_noes: Did you get the sulogin on tty2 idea to work?
<oh_noes> still looking at it now ..
<oh_noes> not having any luck, hardy uses upstart so Im modifying /etc/event.d/tty2
<oh_noes> exec /sbin/getty -l /sbin/sulogin 38400 tty2
<oh_noes> doesnt seem to work which is kinda wierd.  You would expect it to.
<jmarsden> Sounds like it should, yes.
<jtaji> oh_noes: do you have an /etc/init/tty1.conf ?
<jtaji> tty2.conf
<jmarsden> jtaji: On Hardy it is all in /etc/event.d/ instead
<jtaji> oh ok
<oh_noes> i'll pastebin my /etc/event.d/tty2
<oh_noes> http://pastebin.com/m6704fcbe
<oh_noes> when I go to tty2 ... it still displays /bin/login .... which is weird.
<jmarsden> oh_noes: This is after a reboot to make sure you picked up the changes, right?
<oh_noes> of course
<jmarsden> Could you just exec a program that will output something, instead of getty, there, as a test?  Like top or whatever?  Just thinking out loud, I have not messed with getty and ttys for a very very long time...
<oh_noes> yeah same ... im trying all those things now.
<oh_noes> naa you cant exec straight into top.   Which kinda makes sense, it's getty job to handle all character displays in/out (I think)
<cef> oh_noes: tried passing the standard getty the -l option?
<cef> nah ignore that
<oh_noes> cef: even with -l it's still displaying a login prompt.
<jmarsden> oh_noes: He already said <cef> nah ignore that
<cef> btw: -l option of getty runs the program with the 'username' as a command line option afaik
<jmarsden> oh_noes: Is the -n option any use to you?  Don't prompt for a login name?
<jmarsden> In combination with -l ...
<oh_noes> cef: i thought -l was to "use a different login program"
<oh_noes> Trying -n -l /sbin/sulogin now
<cef> note: if it does, it runs as rooot
<cef> err root
<jmarsden> oh_noes: For me on Karmic, editing /etc/init/tty2 to do  exec /sbin/getty -8 -n -l /usr/bin/top 38400 tty2     # works
<jmarsden> Major security risk, but it works :)
<oh_noes> OH NICE, yep -n -l works :D
<oh_noes> well -n -l /any/bin works
<oh_noes> thanks jmarsden, i knew it was missing a single option
<jmarsden> You're welcome.
<|saturn|> Ã¥Ã±Ã²Ã¼ ÃªÃ²Ã®-Ã­Ã¨Ã¡Ã³Ã¤Ã¼ Ã°Ã³Ã±Ã±ÃªÃ®Ã¿Ã§Ã»Ã·Ã­Ã»Ã©?
<jmarsden> |saturn|: Wrong language, unfortunately I can't figure out which one :)  This channel uses English.
<jmarsden> !cn
<ubottu> For Ubuntu help in Chinese æ¨å¯ä»¥è®¿é®ä¸­æé¢éï¼ #ubuntu-cn æè #ubuntu-tw  æè #ubuntu-hk
<maxagaz> how to reload /etc/fstab once it has been changed ?
<Jeeves_> maxagaz: you should mount / unmount stuff
<Jeeves_> maxagaz: What did you change?
<maxagaz> Jeeves_, I changed the uuid of the swap
<Jeeves_> Ah, than you need to run swapoff and swappon
<uvirtbot> New bug: #494383 in ntp (main) "package ntp 1:4.2.4p6+dfsg-1ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 102" [Undecided,New] https://launchpad.net/bugs/494383
<uvirtbot> New bug: #493565 in samba (main) "Cifs mount fails when DFS referrals are used by server, keyutils needed" [Undecided,New] https://launchpad.net/bugs/493565
<maxagaz> Jeeves_, thanks!
<Jeeves_> np
<uvirtbot> New bug: #494390 in net-snmp (main) "package libsnmp15 5.4.2.1~dfsg-3ubuntu2 failed to install/upgrade: problemi con le dipendenze - lasciato non configurato" [Undecided,New] https://launchpad.net/bugs/494390
<maxagaz> how is set the uuid ?
<maxagaz> where is it taken or generated from ?
<gamla_kossan> hi people!
<gamla_kossan> where can I find a log containing a log for the latest packages installed?
<arj> dpkg.log?
<ghostlines> anyone know any howto's for installing xen on ubuntu karmic?
<jpds> ghostlines: I don't think you can.
<jpds> Well, you could technically, but I think support for it was dropped after Hardy for the preference of KVM.
<Daviey> it works, but i'd rather pull my eyes out.
<ghostlines> lol
<gamla_kossan> arj: sweet, tahnks =)
<tolbrino> Hi, I'm desperately trying to configure dhcpd to ignore a range of mac addresses without success so far. See http://gist.github.com/252448 .But the dhcpd still gives out IPs to machines with mac addresses starting with "d0:0d". Any hints on what to change in that file? Thanks
<sponzor> ok i m installing ubuntu server, but i have problems with partition.. i want to do this.. http://pastebin.com/m8365263 but it is text mode install so i dont really know what to do :P is there any howto for advenced partition?
<uvirtbot> New bug: #494376 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1 (dup-of: 437783)" [Undecided,New] https://launchpad.net/bugs/494376
<sponzor> anyone?
<ttx> Team meeting on #ubuntu-meeting
<smoser> soren, or others interested, i'm looking at bug 494185.
<uvirtbot> Launchpad bug 494185 in ec2-init "ec2-init selects us-east-1 mirror when running in us-west-1 region" [Medium,New] https://launchpad.net/bugs/494185
<smoser> do you think it is reasonable to
<smoser> a.) check if <region>.ec2.archive.ubuntu.com exists
<smoser> b.) verify that http appears up on that host
<smoser> maybe 'b' isn't necessary
<zul> shouldnt it already be doing a?
<smoser> it is not doing a right now. it just picks a, not checking the host.
<smoser> and is busted (code is pasted into that bug)
<zul> ah ok
<smoser> ttx, just for the record, i can't do that right? i have to ask an iso team person ?
<smoser> zul, above, i was asking about 'b' because if it tried that now and quickly timed out, we'd be ok
<ttx> smoser: i can't do that either.
<smoser> i know only of slangesek. are there others i can ping?
<zul> smoser: ping ara i think
<zul> smoser: yeah that would work also a mirror in us-west-1 would work as well
<smoser> well right now a mirror in us-west-1 wouldn't fixt he problem.
<smoser> because it picks 'us.ec2.archive'
<smoser> anyway. i was mainly afraid of "checking" and having that check hang or cause other general mishap
<zul> yeah that would have to be done very carefully if that was done
<soren> smoser: I've talked to one of the "other cloud providers" about kernels. Everyone offers Ubuntu, but with all sorts of odd kernels. I would like for them to use our kernels so that security updates come from us in a timely manner and everything is just more straightforward. Because they offer lots of other distros and want to use the same kernels everywhere, they compile everything into the kernel to avoid having to shove modules into all their im
<soren> smoser: If they were to use our kernels, they would have to follow the same approach: No modules, everything built in.
<smoser> 100% "no modules" is not reasonable or possible
<illuminai> hello there
<smoser> and realistically, i dont think we can promise that our kernels will run everyone elses user space perfectly. i'm certain the kernel team isn't willing to sign up to support that.
<smoser> well, i didn't ask them, but..
<illuminai> i've a strange problem on my server (ubuntu 9.04, 2.6.28-16-server)
<illuminai> after swapping drive /dev/sdb fdisk says: Unable to read /dev/sdb
<illuminai> but dmesg |grep SCSI
<illuminai> says it is there, [    3.528223] sd 3:0:0:0: [sdb] Attached SCSI disk
<soren> smoser: I'm not suggesting we explicitly volunteer to support everyone's user space.
<illuminai> also, i'm using software raid 1
<smoser> right, but building everything in just isn't reasonable. there are loads of kernel modules, iirc some dont even allow a 'Y' (that could be false)
<illuminai> any clues what could it be?
<soren> smoser: I know there's a lot of them. Luckily, only a subset are reasonably needed in a cloud context.
<smoser> well, some that are reasonable are not reasonable to build in
<smoser> i'm thinking fuse
<soren> Why not?
<soren> (fuse, specifically)
<smoser> i dont know... just sdoesn't seem reasonabl e to me. one thing i would think is not so nice about everything built in is that it then can't be switched out.
<smoser> but i coudl be wrong about that too
<smoser> ie, i would think that if fuse is built into kernel than i can't service it with a kernel module upgrade
<smoser> that may not be that big of a deal
<soren> Right, they'd have to upgrade the kernel images for all updates, even the ones that don't break ABI.
<smoser> i was thinking even on a lower level, as in a user wants to build a more functional version of a kernel module in their instance
<smoser> and use it , and maintain it.
<smoser> lots of pepole do that for the ec2 provided kernels (xfs) for example.
<soren> smoser: Eh? Why?
<smoser> because the amazon kernels a.) dont get serviced frequently b.) dont have enough stuff built in or as modules
<smoser> the idea of "build more into the kernel" generally seems perpendicular to where things are going
<smoser> things needed for boot i woudl consider a different category than "everything else"
<erichammond> For some reason we also needed to build the latest fuse kernel module from source when using the Amazon kernels: http://groups.google.com/group/ec2ubuntu/web/compiling-2-6-21-kernel-modules-from-source-for-amazon-ec2
<erichammond> Well, the sun's up, so I'm heading to bed.
<RoyK> erichammond: bah - it's 4pm and the sun set an hour ago
<erichammond> I just realized I'm wrapping up my 3rd decade programming in January.  That's 30 years.
<savid> I'm a bit new to administering ubuntu servers -- I have a production server for a website & database running ubuntu 8.10  Do server admins usually do dist-upgrades on servers, or just keep the current distro as long as possible?
<savid> The reason I ask is because I have rkhunter installed, and it is complaining about GPG, OpenSSL, and OpenSSH being outdated
<alvin> savid: dist-upgrade will not update the release, only the installed packages. It is pretty safe.
<savid> alvin, ok, thanks :)
<alvin> savid: $ sudo do-release-upgrade will upgrade to a newer release. In your case, that will be jaunty (9.04) After that, you can run do-release-upgrade again to upgrade to 9.10. There could be issues.
<savid> I see.
<savid> Well, it looks like it wouldn't matter because even 9.10 has outdated versions of those programs :-P
<savid> Would that be a bug in ubuntu, a bug in rkhunter, or neither?
<alvin> savid: hardy has Gnupg 1.4.6, karmic has 1.4.9. What version does rkhunter needs?
<savid> gpg on my my server is updated to 1.4.9,   not sure what version rkhunter is expecting
<savid> looks like I'm not the only one:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560157
<uvirtbot> Debian bug 560157 in rkhunter "rkhunter: RKHunter complains about outdated versions of packages installed despite security updates" [Important,Open]
<alvin> savid: Ubuntu 10.04 will also have gnupg 1.4.9, (this can still change)
<alvin> savid: Ah, it's a bug in rkhunter then. If really needed you can ask for an upgraded package (see: https://wiki.ubuntu.com/UbuntuDevelopment/NewPackages)
<smoser> kirkland, ttx can you verify... if=<what> for kvm booted eucalyptus instances ?
<smoser> i think its 'scsi'
<ttx> smoser: no setup running right now, maybe in a few
<ttx> smoser: test(s) in progress
<smoser> i dont know how they will run
<ttx> + the "i386 bundled without -r, does it run on UEC/i386" test
<smoser> jjohansen, bug 494565
<uvirtbot> Launchpad bug 494565 in linux "support ramdiskless boot for relavant kvm drive interfaces in -virtual" [Low,New] https://launchpad.net/bugs/494565
<TeTeT> what to do when eucalyptus reports 'user admin not found' after just installing it?
<smoser> ttx what did that mean, are you asking ?
<ttx> smoser: no, I mean: "i will be running that test as well"
<smoser> oh. ok.
<TeTeT> nevermind, after a five minute wait it's here
<smoser> i was thinking that '-r' == '--ramdisk', which i'm wondering about. see bug above.... i couldn't get it to work on "plain kvm" right now.
<ttx> smoser: right, the current uec image tarballs do not have ramdisk
<smoser> that is true
<smoser> and by design
<smoser> my question is if they boot
<smoser> :)
<ttx> hm
<ttx> I have to adjust my testing script
<smoser> i swear that i tested this, but today couldn't make kvm -ddrive if=scsi work with that kernel
<smoser> ttx, you may want to utilize http://bazaar.launchpad.net/%7Eubuntu-on-ec2/ubuntu-on-ec2/uec-tools/annotate/head%3A/register-uec-tarball
<sponzor> i want to do this http://pastebin.com/m8365263 is it posiblle?
<ttx> smoser: if=scsi, confirmed
<ttx> smoser: I confirm that it does not boot
<smoser> bugger
<ttx> smoser: i confirm that UEC i386 doesn't seem to mind booting an image marked x86_64
<smoser> ttx, can you put that in that bug
<ttx> smoser: do you need the euca-get-console-output for this one ?
<smoser> ok, first, please comment in https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/494084 that i386 doesn't seem to mind booting an image marked x86_64
<uvirtbot> Launchpad bug 494084 in eucalyptus "arch parameter is not passed by the image proxy during image install from store" [Undecided,Confirmed]
<ttx> smoser: sure
<smoser> second, this really sucks.
<smoser> because according to https://wiki.ubuntu.com/ServerLucidCloudKernelRamdisk i verified boot of 20091201 on uec
<ttx> you want the console output ? Which bug ?
<smoser> but 20091201 has since fallen off, so i can't easily confirm or refute my assertion
<smoser> we need a new bug for "uec images dont boot". you can but console output there, please.
<smoser> jjohansen, ping
<ttx> smoser: bug against what package ? "linux" ?
<smoser> yeah
<smoser> linux-virtual
<smoser> fails for both i386 and amd64 ?
<ttx> hm, no time left to test /that/
<ttx> smoser: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/494611
<uvirtbot> Launchpad bug 494611 in linux "UEC Lucid 20091209 image fails to boot on UEC" [Undecided,New]
<ttx> smoser: sorry I don't have time for more complete tests, just posted what I have
<smoser> ttx, thanks. its good enough.
<jongbergs> hi, which dns software is reliable and recommended for production use: bind, powerdns, mydns, djbdns, to name just a few..
 * ScottK likes unbound
<zul> bind
<soren> I use bind.
<alex88> how can i set the owner of file transferred with samba?
<arj> force something
<alex88> in which file? sry but i haven't used samba
<mneptok> alex88: the Samba config file
<alex88> mneptok: there are the samba shares there? and i force with "force create mode = 0770
<alex88> ?
<mneptok> alex88: unsure. i'm not a Samba user. but i know permissions are forced via the config file. i'm sure there are many examples on the web.
<alex88> searching for them
<arj> force create user I think
<blackxored> hello guys, I need a compressed, incremental, and windows-aware backup solution for setting up an enterprise backup server, I'm taking a look at amanda, after giving up with bacula because of it's complexety, do you think I'm in a good path? If I am, can you point me to some updated documention about setting this up with 8.04.3??
<RoyK> alex88: samba has unix extensions enabled by default, so it should work out of the box, given the same UIDs on both sides
<RoyK> without identical UIDs, there's no way it'll work
<alex88> ok, thank you all..
<blackxored> anyone?
<blackxored>  hello guys, I need a compressed, incremental, and windows-aware backup solution for setting up an enterprise backup server, I'm taking a look at amanda, after giving up with bacula because of it's complexety, do you think I'm in a good path? If I am, can you point me to some updated documention about setting this up with 8.04.3??
<alex88> blackxored: i've also tried bacula and i can agree that's complex..
<blackxored> alex88, extremely to my goals
<alex88> i'm now using webmin ftp backup..but it's not incremental
<blackxored> alex88, you're using something for personal back-ends I assume
<blackxored> I need something enteprise-grade, centralized, incremental, compressed, windows smb/<custom soft> backups and the like
<blackxored> so I'm now installing amanda
<alex88> good luck so.. btw yes, personal, my small vps..
<RoyK> blackxored: I'd rather take a look at opensolaris, the later -dev releases with dedup
<RoyK> linux can't do that stuff
<blackxored> RoyK, hheheh really, don't make me laugh
<blackxored> amanda does all that
<blackxored> bacula does taht
<blackxored> <some other software I haven't even heard off> does that
<RoyK> realtime deduplication and compression on disk?
<blackxored> and in the end time
<blackxored> solaris = unix
<blackxored> :P
<RoyK> all the while open source and very fast and very secure?
<blackxored> is not something martian
<arj> but block level dedup is
<blackxored> RoyK, don't market solaris here, I was just asking a question
<RoyK> opensolaris works with native cifs sharing and ACLs and so on
<blackxored> RoyK, be happy to heard that I'd prefer that to windows
<blackxored> RoyK, linux too
<RoyK> and cifs/smb without samba, that is
<RoyK> in-kernel cifs server
<arj> wait what?
<RoyK> opensolaris rocks, even if you don't like it
<RoyK> arj: what what?
<arj> in-kernel cifs?
<alex88> but this isn't #opensolaris..xD
<RoyK> arj: yeah, with full ACL support
<RoyK> nfs4 compatible
<blackxored> alex88, +1
<blackxored> RoyK, see:
<blackxored> <blackxored> RoyK, don't market solaris here, I was just asking a question
<RoyK> alex88: I know, but blackxored asked for stuff not in linux, so I just suggested something else
<blackxored> RoyK, I have windows *clients*
<RoyK> blackxored: I'm not 'marketing', I'm suggesting something that works
<blackxored> that's what I said
<alex88> oh, so i haven't seen that request.. i'm sorry..
<blackxored> alex88, neither did I, my fingers may have betrayed me :P
<alex88> =)
<blackxored> smb or custom software for windows clients
<blackxored> RoyK, but help is always welcome, I'm not blaming you, but see ^^^^
<RoyK> btw, anyone here ever managed to make windows ACLs work with samba? as in changing them?
<blackxored> I'm starting a virtualization setup at work, and this is my first step, the backup server
<RoyK> that's why I suggested what I did - disk backup with dedup is very nice
<blackxored> but my setup = linux hosts <=> linux guests <=> windows clients
<RoyK> then either setup an opensolaris guest or even better, install a new box with a bunch of el-cheapo SATA drives with opensolaris and raidz2 for backup
<RoyK> no hardware raid - just raidz(2)
<RoyK> and dedup and compression
<RoyK> raidz is WAY safer and faster than 'hardware raid'
<blackxored> RoyK, linux user and developer, sorry I won't consider anything besides linux, probably only netbsd for the firewall
<RoyK> same idea as BTRFS, except BTRFS isn't stable
<RoyK> blackxored: heh - as you like - I was a sceptic myself too before I dug into it
<Aison> is there some documentation of to configure pppoe? in my case, I would like to setup 3 pppoe connections  on the same machine
<blackxored> RoyK, also if we're going to market, I'm debian/ubuntu developer so I'm practically stuck to those distros for principles hehehehhehe
<Aison> I already found this documentation, but I dont know if this pppoeconf let me setup 3 distinct connections
<Aison> https://help.ubuntu.com/community/ADSLPPPoE
<RoyK> blackxored: I don't think people will hate you if you use something else for the backup solution
<RoyK> blackxored: that is, unless you want to rely on btrfs, which doesn't have dedup and whose structure is still not fixed
<blackxored> RoyK, finished installing, tweaking it, thank you
<jumbers> Hi, I'm having a frequent problem on my server which is becoming quite an issue. Soon after rebooting, my server will halt without warning. I've checked my logs, but I don't see anything in them that would cause this
<jumbers> Does anybody have a suggestion as to what could be wrong here?
<Sam-I-Am> jumbers: halt as in lock up or shutdown cleanly?
<jumbers> As I don't have physical access to the datacenter, I do not know. I assume a lock up because the logs just show normal messages and then silence in the log until the next time it boots up
<jumbers> Sam-I-Am: It almost feels like a RAM problem because it only happens very soon after boot, which I would think is when the most memory would be getting allocated
<Sam-I-Am> if it just locks up its a hardware problem
<Sam-I-Am> kernel issues will generally throw out a bunch of panic info
<jumbers> The only kernel messages I see are say 10 minutes after the problem, at the next boot. And they're just normal kernel boot messages
<jumbers> Would a faulty RAM stick make the most sense here? Like I said, it only happens soon after a reboot, which I try to only do when a kernel update is released
<Sam-I-Am> who knows
<Sam-I-Am> could be anything
<Sam-I-Am> bad ram is usually a good first shot for testing
<Sam-I-Am> try memtest86
<Sam-I-Am> download it, boot from it, let it run
<jumbers> Again, no physical access to the machine :-/
<jumbers> I guess what I'll do is put in a support ticket and explain that this has become a recurring problem and that I think the RAM may be faulty
<neonfreon> kernel issues can also cause lockups
<neonfreon> fyi ;)
<jumbers> I remember this same sort of problem I had once on a Windows machine. Whenever I would play a certain game that used a lot of RAM, I'd be playing and then suddenly the thing would BSOD and die. Turned out the stick was faulty
<neonfreon> what changed when it started happening
<jumbers> It's been 2 months, I'm honestly not sure
<jumbers> A kernel issue wouldn't spit out any sort of message before dying?
<neonfreon> not necessarily no
<Sam-I-Am> neonfreon: i think they're rare these days
<Sam-I-Am> i havent had a linux machine lock solid due to a kernel problem in years
<Sam-I-Am> and when they have, i've gotten kernel spew
<neonfreon> perhaps you haven't been trying enough kernels! =)
<Sam-I-Am> neonfreon: yeeeah...
<jumbers> I just use the ones released via the repos :p
<Sam-I-Am> i havent run bleeding edge stuff in a long time
<Sam-I-Am> nor on bleeding edge hardware
<neonfreon> ah
<jumbers> I guess we shall see if they can find a hardware problem
<AndyGraybeal>  /part
<jiboumans> ScottK: regarding server-lucid-more-mail-integration, I agree with ttx's review. For clarity I've added that to the blueprint.
<ScottK> jiboumans: That's fine, I just want to get it marked approved so I don't get caught up in feature approval deadline issues.
 * ScottK will fix it or convince ivoks to do it.
<jiboumans> scottk: you're fine in that regard, although both me and ttx would love to see how we can avoid the pain from the issues we saw
<ScottK> OK.
<ScottK> Thanks.
<jiboumans> no problem; sorry for not being clearer on that point earlier. i asked ttx to take a look and add the review as soon as you requested it, but i failed to let you know that.
<ScottK> jiboumans: He did give me some feedback, I've just been slammed with $WORK.
<jiboumans> scottk: i feel your pain :)
 * ScottK has been wanting to do this since Intrepid, so I think I've got it worked out how, even if I didn't explain it very well in the spec.
<uvirtbot> New bug: #494746 in image-store-proxy (main) "image-store does not use server proxy configuration" [Undecided,New] https://launchpad.net/bugs/494746
<unit3> heh, was just about going to ask about exim4 hubbed_hosts behaviour because it wasn't working, and then saw a big typo. whoops.
<unit3> Works fine now!
<sponzor> will this work? http://pastebin.com/m8365263
<Sam-I-Am> anything works, it whether or not it works in your situation :)
<unit3> Not gonna do the math, but if those disk sizes add up, it should be fine.
<Sam-I-Am> which from a random pastebin, we cannot tell
<unit3> Just make the partitions the sizes you want, add then to the raid devices.
<sponzor> ok i will give it a try :P
<uvirtbot> New bug: #494756 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/494756
<slide> How do I see what the current dns lookup ip is?
<unit3> errr... do you mean "how do you see what name servers your computer is currently using to do dns lookups"?
<unit3> that'll be in /etc/resolv.conf.
<slide> is there anyway to refresh it?
<unit3> err, it's a live file. the values in there are the values the system uses.
<unit3> I'm not sure what you mean.
<slide> ok i guess is there anyway to update that file based off a dhcp server but still use a static ip?
<unit3> maybe... I'm unsure why you'd want to do such a thing, though. If your IP is static, then certainly your DNS servers are static.
<slide> well, i move this server between my home in tx and la, and since they both use 192.168.1.x ips i just set its ip to be .99 so that i can always access it the same way
<unit3> ahhh... well, it might be easier to just give it a static IP via the DHCP server at each location, and then just use DHCP as normal.
<slide> one of the routers doesnt have the ability to assign static ips based on the mac =\
<unit3> oh...
<unit3> well, the other thing you could do is use Google's public DNS servers, 8.8.8.8 and 8.8.4.4.
<unit3> Those'll work everywhere.
<unit3> and then you can leave it with a static IP.
<slide> hrm true, let me see
<slide> i know my isp here blocks outside mail servers, it may do the same with dns
<unit3> shouldn't do, since there's no spam related problems to using external dns.
<unit3> but try it.
<unit3> you can do something like "dig yahoo.ca @8.8.8.8"
<unit3> and see if it works. ;)
<slide> worked
<slide> cool thanks
<slide> awesome now my downloads are going at 1.2MB/s haha
<unit3> heheh there you go.
<sponzor> is there any faster way to delite all partitions in installation? becose one by one is long... :P
<sponzor> erasing data on... it takes ages and i have like 20 partitions to modify.. :/ i will be deliting this like 10  days :P
<ruben23> hi any simple but reliable backup system for enterprise setup..
<unit3> sponzor: in the installer, if you select the disk it should ask you if you want to remove all partitions.
<unit3> I believe. I can't remember exactly.
<unit3> but there's an option for sure.
<KismetGFX> ya that works
<sponzor> ok i will check it
<sponzor> ok i did it.. tnx
<unit3> np
<KismetGFX> only reason i was able to verify that is coz i've reinstalled/repartioned ubuntu over 20 times it seems past 4 days str8 lol still no success
<unit3> heh
<KismetGFX> windows sadly installs just fine. i've ran fixmbr install looks successful boot up and i get non-system disk or disk error replace and strike any key when ready as if theres no OS installed
<KismetGFX> when booting from the 9.10 cd and executing the shell after a complete install, i can see my install in /target
<Aison> I installed snmpd on 3 ubuntu servers
<Aison> all are using the same snmpd.conf
<Aison> but I can do snmpwalk only on one
<Aison> im really confused what's wrong :(
<unit3> hard to say without seeing your snmpd.conf.
<Aison> I only enabled com2sec readonly  default         public
<Aison> besides that, i didnt change anything
<Aison> ah yes, snmpwalk on the host itself works on all machines
<Aison> just over network it isn't
<KismetGFX> i think i've ran fdisk/mbr, fixmbr and reinstalled lilo and grub so many times it is so hosed up can't figure it out :|
<KismetGFX> cant tell if grub or lilo is loaded no trace of either on startup
<sponzor> when the installation ask me how many active devices for the raid array? i have 5 disks so i should put there  4? or 3? or 5? :P
<unit3> uhhh... however many you want active, so probably 5?
<sponzor> so the installation will configure raid 5? that 5 disks are active and one is for failsafe?
<DrUnKnMuNkY> i'm running apache 2.2.8 on ubuntu 8.04 and apache won't shut down cleanly anymore (apache2ctl, init.d, killall). i need to do a "killall -KILL" to stop it. nothing in error.log. any ideas?
<sponzor> uh i understand now.. is this it.. 5 disks are active and if one failes you have to change it by your self. and if you put there 4 and one dies the spare disk then become the active one?
<unit3> if we're talking raid5, then yes, that's what'll happen.
<sponzor> ok i was a little confused with the part active.. tnx
<KismetGFX> super grub is truly super found out i have a mismatched or corrupt version of stage1/stage2
<Aison> how can I setup network device with NO ip, subnetmask ,etc.. aplied? just a NULL device
<Aison> of course in /etc/network/interfaces
<unit3> you use the "manual" interface method, instead of dhcp or static or whatever.
<Aison> ok :)))
<czajkowski> kirkland: thanks for making your testdrive much easier to follow and test :)
<kirkland> czajkowski: thanks
#ubuntu-server 2009-12-10
<uvirtbot> New bug: #494804 in vm-builder (universe) "lacks ext4 support" [Undecided,New] https://launchpad.net/bugs/494804
<uvirtbot> New bug: #494808 in eucalyptus (main) "Eucalytus-cc motd announces the wrong url for the CLC" [Low,Triaged] https://launchpad.net/bugs/494808
<uvirtbot> New bug: #494811 in image-store-proxy (main) "image-store-proxy restart does not kill the existing process" [Undecided,New] https://launchpad.net/bugs/494811
<jbernard> does anyone know what "owner" the cerficate for the dovecot-postfix package is generated with?
<jbernard> ahh, $HOSTNAME
<uvirtbot> New bug: #494812 in eucalyptus (main) "NC avahi announcement should be unified" [Undecided,New] https://launchpad.net/bugs/494812
<jbernard> does anyone know how to get dovecot-postfix to generate a certification with the FQDN and not just the host part?
<jbernard> s/certification/certificate
<moldy> jbernard: i suggest you generate your certs yourself :)
<trimeta> Quick problem: sshfs is giving me an error reading "option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf", even after I modified the specified file as requested and then logged out and logged back in.
<trimeta> Is there something else I need to start, some module I need to remove and readd to the kernel?
<trimeta> gpasswd -a <user> fuse was my problem.
<maxagaz> is there a good alternative to bacula for server backups ?
<twb> I use VCSs and rsnapshot.
<twb> Amanda is mentioned a lot, usually in the context of "how the hell do I make amanda work?"
<kpettit> Is there any virtualbox guest startup scripts?
<twb> Try virt-manager
<kpettit> I want a virtualbox vm to start like a init.d service but it doesn't seem virtualbox comes with any
<twb> Maybe it has virtualbox support by now
<kpettit> ok I'll take a look thanks
<kpettit> nope, doesn't look like it
<jumbers> I can't remember who it was that I was talking to earlier about my random server halts, but if anybody was curious, it turned out that one of the RAM sticks was faulty
<twb> jumbers: were you the guy with the possibly dodgy switch?
<jumbers> twb: Nah, just a faulty RAM stick that was causing halts after reboots
<twb> Probably wasn't me, then
<castis> question: trying to compile an old version of php5-ffmpeg. ./configure tells me use --enable-shared. where would i put that?
<RoAkSoAx> castis,  './configure --enable-shared'
<twb> castis: is there a good reason you're not using the standard packages?
<Sam-I-Am> jumbers: nice.
<jumbers> Sam-I-Am: Aha, thanks for the halps
<Sam-I-Am> sure
<castis> i looked around a whole lot. in trying to compile php5-ffmpeg v0.5.1 i get " ffmpeg headers not found. Make sure ffmpeg is compiled as shared libraries using the --enable-shared option" so my original question was a bit misleading.
<Sam-I-Am> castis: so the way that works is you get to compile all the dependencies first
<castis> and to answer your question. php5-ffmpeg 0.6 removed the resize() function.
<Sam-I-Am> THEN you can build php-ffmpeg
<Sam-I-Am> or you can install the development libs from packages if they're the versions you need
<Sam-I-Am> castis: is there another way around it?  like... changing your code.
<Sam-I-Am> you could also try installing an older version... sometimes works.
<castis> tried apt-getting it, no previous versions exist. if i cant get it working by tonight ill just change the other code around. figured it would be fun to dive in and try this though.
<Sam-I-Am> theres probably a reason resize went away
<Sam-I-Am> maybe theres a mailing list for it you can ask
<castis> hmm, i appreciate your help but i do believe im just going to rewrite the php to work around what the extension author is doing..
<jmarsden> kpettit: http://libvirt.org/drvvbox.html   # Sure looks like libvirt has virtualbox support to me :)
<twb> jmarsden: nice
<jmarsden> kpettit: Also, have you looked at the vboxmanage command for writing scripts that stop and start virtualbox VMs ?
<twb> Will LXC be a well-supported virtualization method in 10.04?
<jmarsden> I
<twb> Specifically, will it be better supported than bloody OpenVZ, which I am sick of?
<jmarsden> I'm not sure, I keep hearing more and more about it, but I'm not sure who supports lxc yet.
<twb> Well, there's at least http://libvirt.org/drvlxc.html :-)
<twb> One cool thing about LXC is you can pick which resources to virtualize.
<twb> e.g. in a one-liner I ran a dhclient3 process with a virtual networking stack, but the rest not virtualized, and I successfully got a DHCPACK from the server.
<twb> That was really cool (if useless)
<jmarsden> Hmmm, I see what you mean :)
<twb> I'd have played further but I only have a 512MB device runnign >=2.6.30
<twb> 512MB disk, I mean
<billybigrigger> any security gurus around?
<jmarsden> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<jmarsden>  :)
<twb> jmarsden: !anyone would be more pertinent
<jmarsden> Yes, I think that's what I intended :)
<billybigrigger> http://pastebin.ca/1709276
<twb> I'd be more inclined to deploy a normal OpenBSD, Debian or OpenWRT box as the bastion
<billybigrigger> ok well i was wondering through awstats output on my server, and found a wierd connection from ::1 which i found out later was one of apache's internal connections, which led me to discover the output of that pastebin, definitely a bunch of attempts to slip into my system, anyway to block these attempts, besides stopping apache and port 80 since they're all https requests...
<billybigrigger> iptables could block the ips, but i wouldn't know an ip address until after the attack...
<jmarsden> billybigrigger: As long as you are not running any of the old buggy software those scans look pretty boring... you can look at things like mod_security if you want to harden Apache itself, not sure where getting that into Ubuntu got to, licencing woes I think...
<billybigrigger> ok, so as far as you can tell they're harmless...
<billybigrigger> fair enough
<kringell> billybigrigger: with a bit of luck Morfeus is as loud once he attacks .-)
<jmarsden> billybigrigger: Well, Morfeus is a bot-based scanner, constantly being updated, but I can see that those are looking for OLD exploits, such as the Roundcube one from about six months ago...
<billybigrigger> it's an up to date jaunty server, with no self compiled packages, all security updates and services are installed from ubuntu repos
<billybigrigger> i was going to say, maybe a script kiddie?
<twb> ::1 is an IPv6 localhost address
<jmarsden> billybigrigger: Any "web apps" or self made PHP scripts would be more of a worry to me than being scanned by a bot.  if you allow others to upload PHP stuff, then if they upload and run and older version of some app you can get caught out...
<twb> Oops, that "bastion" comment was for #netfilter.
<billybigrigger> only "web apps" i run are roundcube 0.31 and whatever is the latest phpmyadmin package
<billybigrigger> any php scripts were made by me and highly doubt any security risks there :) pretty basic php stuff...still learning :P
<twb> Heh.  "The only app I run is one that gives superuser privileges to the database to anyone who can brute-force a password."
<billybigrigger> jmarsden, well thanks for the re-assurance
<billybigrigger> :)
<billybigrigger> my passwords are pretty secure
<jmarsden> billybigrigger: well, Roundcube *used* to have holes, but seems to be Ok at the moment, so keep a watchful eye on that.  BTW if you want to check, use the web scanners from http://sectools.org/web-scanners.html against yourself and see if you find any issues :)
<twb> billybigrigger: password-based authentication is INHERENTLY insecure.  Always.
<billybigrigger> any db passwords are md5 generated and only written down on a peice of paper in front of me
<billybigrigger> have fun brute forcing those
<jmarsden> billybigrigger: And the pws are also in the config files of the apps that use them, so if those files become read accessible...
<billybigrigger> :)
<twb> My point is that if you use password-based auth, brute-force guessing WILL eventually work.
<billybigrigger> just double checked, but only readable by root and www-data, just like i suspected :P
<billybigrigger> twb, point taken
<twb> Whereas assymetric authentication can't be brute-forced
<billybigrigger> oooh...a new term :P
 * billybigrigger googles assymetric authentication
<twb> billybigrigger: http://en.wikipedia.org/wiki/Asymmetric_encryption
<twb> billybigrigger: also http://en.wikipedia.org/wiki/Multifactor_authentication
 * billybigrigger bookmarks
<billybigrigger> too much reading for this guy tonight :P take it easy guys im going to bed thanks again for the useful information
<twb> Which is why ssh -t mysql with key-based auth would be better than a phpmysqladmin protected by a mere password.
<arooni-mobile> hi folks!  having trouble mounting /dev/md1 as my home partition.  md1 is a raid 1 device across two hard drives.  running karmic.  i changed nothing except for the locatoin of the PC (moved it without dropping it).  now when i try to mount /dev/md1 i see: "EXT3-fs: unable to read spuerblock; mount: wrong fs type, bad option, bad superblock on /dev/mda1" ....   what should i do now?
<uvirtbot> New bug: #494380 in bacula (main) "mtx-changer.conf is missing in bacula-sd" [Low,Incomplete] https://launchpad.net/bugs/494380
<cell0> anyone know how to check which processes are using the most disk io in linux?
<uvirtbot> New bug: #494888 in apache2 (main) "Please merge apache2((2.2.14-3)(main) from debian testing(main)" [Undecided,Confirmed] https://launchpad.net/bugs/494888
<jmarsden> cell0: iotop
<cell0> i've used "sar" to identify high %util on a given disk. How do i translate this into a offending process?
<jmarsden> cell0: If you run iotop you don't see the processes near the top of the list being the one causing the high % util ???
<cell0> the processes switch very rapidly, between postgres, apache and freeradius
<cell0> it's very difficult to isolate the problem like this, is that another way? someone suggested iostat to me, but not sure how to use it
<jmarsden> run iotop with a larger -d delay interval?
<jmarsden> You have postgres, apache and freeradius all on the same disk?    You could also see if iotop -a mode will show you the real culprit.
<jmarsden> Obviously one way is to stop each of the 3 services in turn and see when the io goes away... but that has consequences if this is a production server :)
<cell0> yip, its a production server. iotop doesn't have -a option
<jmarsden> does iotop -d 10 -o   work better for "by eye" analysis of who is causing all the i/o ?  BTW I need to go to bed... interesting problem, but I need to get some sleep :)
<jumbers> My host apparently provides 2 IPs for my server. How would I take advantage of this second IP address?
<jmarsden> jumbers: Use it for a second ssl web server, for example.  If both IPs are public, that is -- some places have an internal interface for doing backups, plus the external Internet-facing interface.
<jumbers> Er, what I meant is how would I get the IP to resolve to the machine
<jumbers> There's only 1 NIC on the box
<jmarsden> Oh, one NIC can have many IPs assigned to it at once.  Virtual interfaces...
<jumbers> I haven't had any experience with virtual interfaces :p
<jmarsden> I forget the syntax that is currently used... used to be eth0:0 and eth0:1 and so forth, but I think that was years ago and there is now a "better" way... good it and man ifconfig and you should get somewhere... usually I'd help more but I was already /away'ed and abou to go to sleep when you asked your question...
<jmarsden> jumbers: http://74.125.155.132/search?q=cache:UtPC36ohgBEJ:ubuntuforums.org/showthread.php%3Ft%3D555319+ubuntu+virtual+interface&cd=1&hl=en&ct=clnk&gl=us  has an old example you can probably use as a basis for what you want... and goodnight :)
<jumbers> Night, thanks
<alex88[sleep]> nick alex88
<thenetduck> hey how do you install a font on a ubuntu server so my css can use it?
<twb> thenetduck: copy it into ~/.fonts/
<thenetduck> twb: that's it? it almost seems to easy
<twb> That's on the client side
<thenetduck> ok will do :)
<thenetduck> oh
<twb> AFAIK you can't install fonts on a web server and export them to end users
<thenetduck> oooh... so I have to use an image I guess then
<twb> Other than saying "you must install this font to view my page"
<thenetduck> for my logo
<twb> Logos shouldn't contain text
<thenetduck> ya I wouldn't wanna do that ... ok that's good to know
<twb> Becaus blind users can't see the logos, and thus can't see your text
<twb> Unless you're going to write proper ALT tags, which would be great.
<thenetduck> oh .. thats intersting I never hought of that
<thenetduck> thought*
<twb> tidy --accessibility-check 3 is your friend!
<cell0> how do i find which files are read/written to the most on my system?
<uvirtbot> New bug: #494958 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10 failed to install/upgrade: el subproceso post-installation script devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/494958
<twb> cell0: why do you want to do that?
<SockPants> hi all, i'm stuck trying to set up a git server
<SockPants> i'm reading this:
<SockPants> http://batterypowered.wordpress.com/2008/07/04/deploying-a-git-repository-server-in-ubuntu/
<SockPants> at some point it says "Next copy your public key, i.e the rsa_id.pub file, to the server", and i have no idea what he's talking about.
<Jeeves_> Have you even run ssh-keygen?
<SockPants> actually, i just found that part, and no i hadn't
<SockPants> but now i have, and the error i get on the next step isUsername contains not allowed characters: 'SockPants@mbp_wifi.local'
<Jeeves_> I don't know about git, I only knew what he meant with 'public key'
<SockPants> ok.
<SockPants> i've got that now, it hink
<SockPants> except i think it doesn't like the @
<uvirtbot> New bug: #494968 in ntp (main) "package ntp 1:4.2.4p6+dfsg-1ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/494968
<alvin> SockPants: I found http://blog.drewolson.org/2008/05/remote-git-repos-on-ubuntu-right-way.html to be an easier guide to installing git (more basic, without gitosis)
<cell0> twb: trying to find the process which is doing the most disk io
<twb> iotop
<twb> But it'll either be your RDBMS or your kernel's software RAID5 handler, IME
<jacko_bello> hi I'm using zeroshell distro with 2 pc's but when I reach to enter in configuration webpage by https://192.168.0.75 can't find this ip
<uvirtbot> New bug: #488835 in irqbalance (universe) "MIR for irqbalance" [Undecided,New] https://launchpad.net/bugs/488835
<cell0> twb: ideally i would like to know which file/s have been accessed the most within say the last hour
<uvirtbot> New bug: #494513 in samba (main) "package samba 2:3.4.0-3ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/494513
<Aison> hello
<Aison> is it possible that samba pdc LDAP is not dereferencing aliases?
<ttx> jiboumans:  hmm, so the diskthing in the frankenbox doesn't get detected with the lucid amd64 kernel. Works with i386. So I cannot test UEC/amd64 for alpha1
 * ttx looks for a relevant bug, but I think it might be frankenbox-specific
<jiboumans> ttx: i thought the frankenbox was an intel one..
<jiboumans> would we expect it to work with an amd64 kernel?
<ttx> jiboumans: yes. The "amd64" is x86_64 and the frankenbox has some variation of a Core2Duo
<ttx> worked in karmic
<uvirtbot> New bug: #495027 in bacula (main) "package bacula-sd 2.4.4-1ubuntu9 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/495027
<jiboumans> ttx: understood. all the more reason to get some different hardware in i suppose. what are we losing right now in terms of test coverage?
<ttx> We are losing the 64-bit UEC image, the UEC/node and UEC/instace run tests
<ttx> I'm reasonably confident that they should be alright though, which could be sufficient for alpha1
<jiboumans> ttx: i assume switching with the dell box isn't possible?
<ttx> no, frankenbox doesn't do VT :)
<jiboumans> of course
<jiboumans> ok, not much we can do on the really short term; let's get you some more decent hardware
<jiboumans> mdz seems to be in favour of more laptops. if we can get the ethernet-over-usb confirmed working, i'm happy with that
<ttx> ok.
<alvin> Is setting 'ForwardX11 Yes' in ~/.ssh/config the same as 'ssh -X'? I'm getting the error: 'Bad yes/no argument'
<ttx> smoser: could you set up a UEC/amd64 for tests ?
<ttx> zul: could you run the EC2 image tests ?
<jiboumans> alvin: your /etc/ssh/ssh_config should give youa  good overview of the syntax
<jiboumans> alvin: could be a simple matter of case sensitivity
<alvin> jiboumans: thx, it is indeed case sensitivity!
<zul> ttx: sure besides amd64 is overrated ;)
<lau> hi, how can I identify the Ethernet Controller brand and size and capacity (w/o lshw) ?
<lau> I tried dmesg, lspci, /var/log/messages w/o any success
<toabctl> lau, maybe "lscpi -vv"
<lau> oh yes ! i remember it now
<lau> :( same output 0000:00:19.0 Ethernet controller: Intel Corporation Ethernet Controller (rev 02)
<lau> i am trying with dmidecode but do not know how to translate manufacturer codes
<mdz> jiboumans, ttx, Daviey has one and might be able to do a quick test
<mdz> but we've confirmed the module is available and that's really all that's needed
<ttx> right.
<ttx> mdz: So two options here:
<ttx> Go for a 5-laptop setup (i.e. order two more, + two USB Ethernet adapters)
<mdz> (see #-devel)
<Daviey> will do.. gonna be odd PXE booting to get to d-i then swapping the cat5 cable to the usb module.
<ttx> Go for 4 laptops and use the Dell workstation (noisy, but working) as part of the setup (i.e. order one more laptop, one USB Ethernet adapter, and one PCI NIC)
<ttx> mdz: The test cases needing 5 machines are sufficiently rare that I can bear the occasional blower noise.
<mdz> Daviey, a test with kvm -usb -usbdevice host:... would be sufficient if that's more convenient
<Daviey> oo
<mdz> ttx, you might even be able to do a test without the hardware at all using kvm -usb -usbdevice net: but I didn't know that existed until just now
<mdz> ttx, having an extra machine in the mix would be a good idea (e.g. if one fails we can ship it out as a replacement)
<ttx> mdz: so i should aim for option 1 and keep the dell as a wildcard ?
<mdz> ttx, that's my suggestion
<mdz> jiboumans, thoughts?
 * jiboumans reads back
<ttx> mdz: I'm perfectly happy with that if you approve it :)
<jiboumans> i agree with ttx there
<jiboumans> if ethernet-usb works, let's go with that
 * ttx tests -usb -usbdevice net:
<smoser> ttx, you want me to run the image tests in uec ? or in ec2?
<smoser> or both
<ttx> install UEC cluster, install UEC node, test UEC instance run with UEC image
<ttx> smoser: ^
<smoser> freaking eh, ttx! :)
<smoser> i can do that, yeah. the 64 bit ?
<ttx> smoser: yes
<smoser> ah, and you asked zul to run the ec2, then i'm ok with that.
<smoser> i thought i was on both those request above.
<ttx> smoser: I think that's the optimal use of our currently limited resources ;)
<smoser> did you see my comment in bug regarding "don't boot" ?
<ttx> smoser: I tested the UEC/i386 image alright
<smoser> i have no idea why it was failing on 'small' for me.
<ttx> smoser: I didn't test that. The test case says "c1.medium" :)
<ttx> there might be some size check that fails only on 64bit
<smoser> i was on 64 bit host testing 32 bit instance, but the 32 bit karmic release instance booted.
<ttx> mdz: installer doesn't seem to pick up the USB NIC when run from "kvm -usb -usbdevice net:"
<mdz> ttx, can we have this conversation on #ubuntu-installer or #ubuntu-devel with cjwatson?
<ttx> sure
<Aison> is there some ubuntu docu about bind9 and zones in ldap? cant find a good one :(
<Aison> for me it looks like there are 2 different possibilities
<smoser> ttx, to be clear, you want me to run http://testcases.qa.ubuntu.com/Install/ServerECluster (intsall from iso for server and node, then test uec images, right)
<smoser> where is that URL linked from ? ie where do i record results of UEC intsall test
<ttx> smoser: yes. That should also take care of the amd64 UEC cloud image test
<ttx> smoser: I'll paste the testcases here
<ttx> http://iso.qa.ubuntu.com/qatracker/result/3436/334
<ttx> http://iso.qa.ubuntu.com/qatracker/result/3436/336
<ttx> http://iso.qa.ubuntu.com/qatracker/result/3436/361
<ttx> http://iso.qa.ubuntu.com/qatracker/result/3470/342
<smoser> how do i find those tests from navigation ?
<smoser> in case i forget the numbers 3436/334
<ttx> smoser: drill down from http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
<mdz> smoser, from http://iso.qa.ubuntu.com/ click on Ubuntu Server
<smoser> ttx, ok. i see it now as a test for the server iso. i had previously thought there wsa a separate 'uec install' at that top level.
<rickspencer3> smoser, hi
<smoser> rickspencer3, hi.
<rickspencer3> smoser, https://blueprints.edge.launchpad.net/ubuntu/+spec/desktop-lucid-desktop-cloud
<rickspencer3> we should probably get started on this
<rickspencer3> other than saying "I think we should use the nx server from Google" is there anything else you need from me?
<smoser> i think i'm a couple hours away from having desktop builds available... i did a bunch of work on it last few days but didn't want to push it to the build system before we tested alpha1
<smoser> so i think i'm a couple hours from having the first 3 TODOs done.
<smoser> couple hours of work time, not clock. got to test uec now.
<Aison> can I configure my pppoe connections in interfaces?
<Aison> man 5 interfaces is quite spare
<smoser> ttx, did the node controller find the cloud controller automatically for you?
<ttx> smoser: no.
<smoser> bug?
<ttx> smoser: it's because the new UEC installer is half-landed
<ttx> smoser: known issue
<smoser> so is there a bug for that? should i open one ?
<ttx> smoser: there is no bug for that, you can, but don't need to, file a bug about it
<ttx> smoser: enter the cloud IP adress and insist on installing a node :)
<smoser> yeah. thats what i did.
<Aison> what are my options for iface eth0 inet manual
<Aison> so when I use manual?
<Aison> I did ifdown [mydevice]
<Aison> now I called ifup [mydevice]
<Aison> eth3.100: ERROR while getting interface flags: No such device
<Aison> Failed to bring up eth3.200.
<Aison> why do I get this error?
<Aison> of course I can do /etc/init.d/networking restart
<Aison> but then everything is restarted
<t0rc> Is there a way to see why my server says it needs rebooted?
<rickspencer3> smoser, thanks
<smoser> ttx, maybe this is user error, but
<smoser> euca-run-instances -k mykey $EMI -t c1.medium
<smoser> FinishedVerify: Not enough resources available: addresses (try --addressing private)
<smoser> $ grep "^VNET_PUBLICIPS=" /etc/eucalyptus/eucalyptus.conf
<smoser> VNET_PUBLICIPS="192.168.1.224-192.168.1.131"
<ttx> smoser: hm
<ttx> 224>131
<ttx> that probably translates to 0
<ttx> smoser: fix VNET_PUBLICIPS and sudo stop eucalyptus CLEAN=1 / start eucalyptus CLEAN=1
<smoser> i read that several times before i pasted
<smoser> :)
<smoser> each time replacing that '1' with a '2'
<ttx> or you can test with private addressing)
<pmatulis> on jaunty i've made an lvm snapshot (of a kvm guest disk/volume) and then tried to mount the snapshot but was unsuccessful.  mount complains about filesystem
<ttx> smoser: non-double-base64-encoding euca2ools is now in karmic-proposed
<smoser> whoowhoo
<Aison> are iptables settings stored/restored on shutdown/boot?
<jiboumans> aison: that's what iptables-save & iptables-restore is for
<arj> not by default I believe
<jiboumans> aison: you'll have to make the changes permanent yourself
<Aison> jiboumans, yes I know those. But I also know several linux distributions and some have got init scripts that store/restore iptables rules
<Aison> ok, what's best way to go? create my own init script?
<Aison> pre-up / post-down in interfaces maybe a problem ,because I've got over 15 LAN devices  ^^
<jiboumans> aison: i'm not sure off the top of my head. a quick google comes up with a very recent: https://help.ubuntu.com/community/IptablesHowTo
<Aison> yes, I already reading this nowto ;)
<Aison> they do it with interfaces pre-up post-down
<jiboumans> that is the intuitive way i'd say
<Aison> ok, there's also some small script for if-post-down
<Aison> nice
<Aison> ok, now the hardcore test, rebooting my router ^^  there are so many rules, devices, routes, etc...
<Aison> I hope everything is setup nice
<benedikt> I have a 100mb /boot partition which has now filled up (100% full). What can i do ?
<J_P> hi all
<jmarsden> benedikt: Remove some stuff from it :)   Is there an older kernel package you can now safely remove, for example?
<J_P> people, I have a old app that use -lboost_date_time. And today I try to compile and I have this message: g++ -o simple_server ServerSocket.o Socket.o simple_server_main.o -lboost_date_time /usr/bin/ld: cannot find -lboost_date_time. I have installed libboost-date-time. Any idea?
<benedikt> jmarsden: wasnt sure if i woulc ro right ahead and just remove the older kernels, wouldnt grub turn grumpy about that
<J_P> I'm using 9.10
<benedikt> i have kernels from 2.6.28 it looks like
<jmarsden> benedikt: Do you need them all?
<benedikt> nope
<benedikt> it just installed 2.6.31-16 today but i am running 2.6.31-14 (server is at a remote location and i really dont want to reboot in case it doesnt come up again)
<J_P> anyone?
<benedikt> jmarsden: rm /boot/*2.6.2*
<J_P> find /usr/lib -name libboost_date_time-mt.so
<J_P> /usr/lib/libboost_date_time-mt.so
<benedikt> and then run grub-install
<benedikt> is that safe?
<jmarsden> benedikt: No....    sudo apt-get remove all the unwanted old kernels (leave one older one just  in case)
<benedikt> ill leave one below the running one
<benedikt> dont know why i didnt think about the package manager..
<jmarsden> benedikt: Do it as packages not rm, so you get everything related to each kernel and keep things clean... OK :)
<ttx> smoser: you should mark http://iso.qa.ubuntu.com/qatracker/result/3436/361 as passed as well, I guess, since you ran a UEC image
<benedikt> removing linux-image-2.6.28-15-server saved 14 mb.. yay
<benedikt> why did i have a separate /boot , again?
<smoser> done
<dru> Im haveing quite hard time setting up something as rudementary as a samba server
<dru> the file permissions are set at 700, testparm tells me the cfg is fine...however user1 can look at user2s folder contents and vice versa
<pmatulis> dru: how are you accessing these shares?
<dru> hey pmatulis
<dru> umm they are accessed via afp i think its called ....via macs
<dru> using smb://address
<dru> they are accessed locally as well as via vpn
<RoyK> afp != smb
<dru> kool
<RoyK> afp:// is afp
<RoyK> but there really isn't much reason to use that anymore
<dru> in the "global" section of the cfg i have a list of all users under "valid users, read list, write list...
<RoyK> dru: that shouldn't be necessary
<dru> yeah ....i removed it but it still dosnt help to secure the single sares from "other" users
<RoyK> just allow "public access" and the users will be allowed access after authenticating
<RoyK> dru: samba specific stuff is best answered at #samba, btw, but most of the stuff is in man smb.conf
<dru> awsomeo ...thanks RoyK
<J_P> I have a server with 7.10 but somes sources.list not works.. are there another server (old server) with ubuntu 7.10 ?
<J_P> How I use http://old-releases.ubuntu.com/releases/ in sources.list?
<neonfreon>           #ubuntu-server
<neonfreon> 09:58 < J_P> I have a server with 7.10 but somes sources.list not works.. are
<neonfreon>              there another server (old server) with ubuntu 7.10 ?
<neonfreon> sorry
<jpds> J_P: You don't.
<jpds> J_P: You use: http://old-releases.ubuntu.com/ubuntu/
<jpds> J_P: And seriously consider upgrading your server if you want it to be secure.
<J_P> jpds: what is woring with this? deb http://old-releases.ubuntu.com/ubuntu/dists/ gutsy main restricted
<jpds> J_P: The "dists" bit.
<jpds> Not suppose to be there.
<J_P> jpds: ahh ok just deb http://old-releases.ubuntu.com/ubuntu/ gutsy main restricted
<J_P> works ;-)
<jpds> :)
<Aison> I would like to use quota with ldap lookup
<Aison> I don't know here to start ;)
<Aison> ldap is working
<Aison> crap quota :(
<Aison> it's not even working with lvm here
<Aison> quotaon: quotactl() on /dev/mapper/vg0-lv0: Function not implemented
<Italian_Plumber1> sudo apt-get install girlfriend-generator
<smoser> good night all.
<ruben23> hi is it possible to have to wan connection on my ubuntu router gaetway, form different ISP.
<ruben23> mostl likely 4 port of ethernet- 2 for wan and 2 for local
<benedikt> ruben23: uh, yes.
<ruben23>  benedikt: any guides how to do it,
<benedikt> just assign the appropriate ip addresses to each interface (eth0-3) and connect them to the right ports
<ruben23>  benedikt: how about the routing and the gateway..?
<ruben23> the iptable rules for it
<benedikt> just use the approrirate eth names in the rules
<ruben23> benedikt: should NAT still be used..?
<benedikt> if you want to NAT a private ip network then yes
<benedikt> but if you are routing an ip network (and not NAT-ing) then no
<qman`> ruben23, I think what you're really wanting to know is how to load balance two internet connections
<qman`> that's a bit more complicated than just connecting them
<ruben23> qman: i have a pc client need to directly registered on a public hosted server. what you think i need, i think NAt is problem, but another problem is, it is not only one client pc but its multiple client pc
<qman`> ruben23, sorry, I don't follow -- if you just need port forwarding, that's easily done through iptables
<ruben23>  qman`:  i have voice traffic form my client pc generated form soft phones, whihc the server or system runs it is hosted on a remote location, multiple client pc are using it..if i used my gateway server the linux router i have, would it be ok,
<ruben23> my client pc is in private IP, so basically they need NAt, can it be possible without NAT on my linux router
<jiboumans> Night guys
#ubuntu-server 2009-12-11
<MTecknology> Where are teh ufw logs at?
<jdstrand> kern.log
 * jdstrand is just passing by
<MTecknology> thanks :D
<jdstrand> sure
<cyphermox> not quite related, but is anybody else having issues with ec2 instances?
<cyphermox> issues as in inability to connect to them :)
<MTecknology> kindofabuzzkill: hi
<kindofabuzz> how do i change auto security updates to manual updates?
<kindofabuzz> MTecknology: hello
<MTecknology> it's a cron task
<kindofabuzz> MTecknology: oh ok
<kindofabuzz> MTecknology: sudo crontab -e shows nothing
<MTecknology> kindofabuzz: ls /etc/cron.*
<kindofabuzz> MTecknology: /etc/cron.daily: apache2  apport  apt  aptitude  bsdmainutils  dpkg  logrotate  man-db  mlocate  popularity-contest  standard
<kindofabuzz> maybe aptitude?
<MTecknology> kindofabuzz: look in the files and see what they do ;)
<kindofabuzz> MTecknology: i've looked through ever one of those scripts and could not find anything about updating, except mlocate had something about updatedb
<MTecknology> kindofabuzz: read the apt script ;)
<MTecknology> kindofabuzz: don't disable it - but do look at it
<kindofabuzz> MTecknology: lol i missed that one. read them all 'cept that one
<kindofabuzz> MTecknology: found /etc/apt/apt.conf.d/50unattended-upgrades, can i just comment out the security line?
<kindofabuzz> yup. https://help.ubuntu.com/9.10/serverguide/C/automatic-updates.html
<maxagaz> hi, what should I add to /etc/apt/mirror.list to have karmic repositories ?
<twb> Never heard of mirror.list
<twb> Surely you mean sources.list?
<jmarsden> twb: mirror.list is used by apt-mirror
<twb> Hm.
<jmarsden> maxagaz: Lines like    deb http://us.archive.ubuntu.com/ubuntu karmic main restricted universe multiverse
<jmarsden> Also similar ones for karmic-updates, karmic-security, karmic-backports and karmic-proposed if you mirror those too...
<maxagaz> ok
<maxagaz> thanks
<jmarsden> You're welcome.
<bep> right now i have my 2 1tb drives rsync eachother, and I want to do a raid so things are easier. But for one reason or another i do a lot of fresh installs, so if i decide to reinstall ubuntu server will i have any problems setting the raid back up without losing data?
<jmarsden> bep: Assuming you partition them sanely, and don't format/recreate the /home partition where your data is, you should be OK... and you have backups anyway, offline, right?  If not, rsync is safer than RAID for you anyway.
<bep> no right now I jsut have the 2 drives in the one machine. i know its not smart. only thing I have i couldnt lose are family pics etc and i do have those backed up else where
<jmarsden> It's not smart to "do a lot of fresh installs" either.  Use virtual machines for test installs, not your main/only real physical hardware.
<jmarsden> I'd suggest removing one drive, putting in an external case, then use it for regular backups and disconnect it from the machine when not actually backing up...  Since you can "rsync to each other" you must have under 1Gb total family pictures etc. anyway.
<jmarsden> You will get more benefit from a good backup regime than from using RAID1, in your current circumstances.
<bep> ok thanks, definitely something ill consider
<jmarsden> You're welcome.
<jmarsden> bep: One example of why ... RAID1 would make you very prone to "accidentally deleting the wrong files" kind of failure... having a separate disconnected backup makes that a lot easier to recover from.
<bep> ya, thats exactly why i went with rsync to begin with. because i do web sites and sometimes with a ton of small files with a ton of edits it nice to go back to the rsync files from a few hours before
<jmarsden> bep: Yes... also learn to use a version control system for that kind of work :)
<bep> heh ya. i dont do web sites professionally or anything (well kinda i do sometimes) but ya
<bep> im trying to get organized
<bep> i would really like a nas with tiny power consumption to run 24/7 then just have htpc on when needed
<bep> but I cant find anything that i like so far
<bep> ive looked at the atom boards but idk
<jmarsden> bep: Build one you do like? :)  Have you seen the Jetway board: http://www.newegg.com/Product/Product.aspx?Item=N82E16813153096
<bep> ya , but i need gigabit lan and would like around 4 sata ports just in case of future expansion
<jmarsden> That's not going to be quite so "low power" then...
<bep> ya
<bep> hence my problem
<bep> im hoping the next round of atoms will be better but i have a feeling they wont be
<jmarsden> Your problem is at least partly caused by physics... doing stuff faster uses more power... it's not really fair to blame the Atom for that :)
<bep> ya
<bep> im not atom does seem like a nice platform
<bep> especially with ion etc
<bep> i dont mind having drives spin down etc
<bep> but id like to have it idle at 30 watt or less
<bep> with bill here 30 watts would add $3 a month, and for the convenience of the always on its definitely worth it
<jmarsden> bep: How much does the HTPC draw?  You might find leaving that always on would work for you, at close to those kind of power levels?
<bep> 70 watt
<twb> Presumably you've already considered IBM SSDs?
<bep> yes but 1tb ssds are not in my price range :)
<twb> Nod.
<jmarsden> Hmmm, interesting tradeoff... running the HTPC costs you $4/month more than running a not-yet-purchased NAS... if the NAS costs you $200 to construct, that's over 8 years to recoup its cost.  I'd just run the HTPC :)
<jmarsden> Oh, wait... did I mess up my mental math...?
<twb> Signs point to ye
<jmarsden> $200/4 = $50, so a year or so recoups the cost.... my bad.
<bep> ya ive been considering that
<jmarsden> $200/4 = $50, so 50 months recoups the cost.
<bep> ive only been planning on spending like 75 though since all i need is motherboard & processor
<bep> plus  i have a 25$ credit at newegg so really only out about $50
<jmarsden> No case, RAM, PSU?
<bep> have it all
<jmarsden> OK.
<bep> though I would like a new smaller case but its not a must
<bep> right now my htpc is about to become both so i am going to see how it works out for me
<wizardslovak> hello people
<wizardslovak> saturday i will be getting new server box and i need to know how to back up or transfer settings from my current ubuntu box
<ScottK> jiboumans: https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-more-mail-integration ready for review again.
<qman`> wizardslovak, tar up your /etc directory and copy it over
<wizardslovak> what if i want to backup just firewall and apache
<SandGorgon> hi guys.. we are migrating from one hosted UBuntu 8.04 box to another. I want to migrate all users and passwords as well. Is this possible ?
<qman`> wizardslovak, /etc/apache2
<qman`> for firewall, it depends on how you have it set up
<qman`> SandGorgon, yes, assuming they're system users. Just copy the users from your /etc/passwd and /etc/shadow files
<SandGorgon> qman`, does it mean if I copy the relevant entries for /etc/passwd and /etc/shadow - it should all work right ?
<SandGorgon> i would have to create the userhomes using a script
<qman`> yes, just copy the users you want to keep out of both files to the destination system
<qman`> and recreate the directories
<qman`> you probably want to copy the homes over anyway
<uvirtbot> New bug: #495372 in bacula (main) "Please upgrade to 3.0.3 for lucid" [Undecided,New] https://launchpad.net/bugs/495372
 * starsunflowersu is away: I'm busy
<jiboumans> good morning guys
<jiboumans> ScottK: i'll take a look today, thanks for pointing me at it
<jiboumans> ScottK: thanks for the updates; looks great now so I've approved it
<uvirtbot> New bug: #495394 in libvirt (main) "autostart almost always fails on boot time host" [Undecided,New] https://launchpad.net/bugs/495394
<lenios> ScottK, is it necessary to have subtasks: basic (current mail-server) and mail-delivery (dovecot-postfix) ?
<uvirtbot> New bug: #494476 in linux (main) "Samba  blocked for more than 120 seconds." [Undecided,New] https://launchpad.net/bugs/494476
<seeker_> hello all
<seeker_> I am using Eucalyptus 1.6. when I try to run the image I am getting some error,
<seeker_> can some one help me in this?
<jiboumans> seeker_: what is the 'some error' you are getting?
<seeker_> Server: SERVICE: FinishedVerify PROBLEM: null MSG-TYPE: RunInstancesType
<seeker_> got the above error.
<seeker_> can you help me to resolve this?
<jiboumans> seeker_: hmm, that's very sparse. any chance of a log file or so to go with that?
<jiboumans> ttx may be more suited, if he's around though
<ttx> o/
<ttx> seeker_: what command did you run to get that error ?
<ttx> seeker_: double check with "euca-describe-availability-zones verbose" that there is enough "space" in your cloud to run your instance type
<seeker_> it is failing in ec2-run-instances cmd itself
<seeker_> so I cannot  do "euca-describe-availability-zones verbose"
<ttx> seeker_: could you paste the ec2-run-instances comand line you used ?
<seeker_> am i correct?
<seeker_> yes I'll do that
<ttx> you can run "ec2-describe-availability-zones verbose
<seeker_> ec2-run-instances $EMI -k mykey
<seeker_> emi number I got it, when I registered
<ttx> seeker_: what does "ec2-describe-availability-zones verbose" return ?
<ttx> seeker_: you end up using a default instance type
<ttx> seeker_: for which you might not have any "space" in your cloud for
<seeker_> no its (ec2-describe-availability-zones verbose) not printing anything.
<ttx> seeker_: I'd recommend first getting everything described in the docs working, before starting to deviate
<ttx> https://help.ubuntu.com/community/UEC
<ttx> theat involves using the euca2ools commands (euca-*)
<ttx> if everything works ok, then it's time to try something smarter
<ttx> like running with ec2-* commands
<seeker_> i am using "Eucalyptus-Jaunty "
<ttx> ah! Then your basic premise (" I am using Eucalyptus 1.6") is false
<ttx> or is it not ?
<ttx> Jaunty is 1.5
<seeker_> ohh I am sorry then.
<seeker_> I followed https://help.ubuntu.com/community/Eucalyptus-Jaunty
<seeker_> the above steps
<ttx> right
<seeker_> I have reached till step6
<ttx> seeker_: I fear my experience running the 1.5 "technology preview" is very limited. I'd strongly recommend using the karmic UEC (based on euca 1.6)
<seeker_> ttx: you want  me to switch to 1.6 version
<seeker_> jiboumans: any help from your side?
<jiboumans> seeker_: a lot of improvements in 1.6; switching is much recommended
<seeker_> ok I will do that..but is there any solution for this?
<seeker_> because I have done lot of work for this
<seeker_> jiboumans: ok I will do that..but is there any solution for this? because I have done lot of work for this
<VSpike> Is saned on ubuntu server configured by default to bypass inetd/xinetd?
<dashnu> Im runing ubuntu-server on Virtual PC 07, The ubuntu server date keeps changing.. Nothing can fix it short of a hard reboot. cant sudo when it happens
<dashnu> anyone know why ?
<dashnu> i even have ntp installed and running still no luck
<dashnu> when i reboot tims is ok again
<seeker_> ttx: you want  me to switch to 1.6 version
<ttx> seeker_: I encourage you to :)
<seeker_> ok...but is there any way to fix this issue?
<seeker_> ttx: in this link also http://open.eucalyptus.com/wiki/EucalyptusKnownBugs_v1.4 they mention the issue
<seeker_> but i dont know how to change the parameter for VM type
<VSpike> Having trouble with saned... it seems to be only binding to ipv6... http://pastebin.com/d4f6d0133
<VSpike> It used to work, and other than any updates I'm not aware of having changes anything
<VSpike> Also http://pastebin.com/d12914ac2
<ttx> seeker_: pass a "-t " to ec2-run-instances ?
<ttx> like "-t c1.medium" if your image fits into 4Gb
<VSpike> This looks relevant, except that he is using inetd and I'm not. https://bugs.launchpad.net/ubuntu/+source/inetutils/+bug/379621
<uvirtbot> Launchpad bug 379621 in inetutils "inetd fails to listen on IPv4 addresses" [Undecided,Confirmed]
<seeker_> ttx: I getting the same error
<seeker_> ttx: my image will fit in 4gb
<VSpike> Oh, getting closer http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg352293.html
<VSpike> Ah well, I can probably disable ipv6 on the server. Not actually using it
<VSpike> It seems that whenever I have IPv6 enabled on a system, it just seems to cause problems :)
<jiboumans> VSpike: taking a quick look at the manpage, the saned.conf file is supposed to allow you to set this stuff up
<jiboumans> no guarantees that it actually *does* though
<ScottK> lenios: I'm not sure, in the end, how we will work out the multiple configurations of mail servers question.  dovecot-postfix exists today and I'm going to do amavis-postfix for Lucid.  Stitching them together is a bit TBD.
<ttx> seeker_: my guess would be that there is no room for any instance, like the node controller isn't registered (and you don't get anything in "ec2-describe-availablility-zones verbose"
<ttx> but that's a 1.5-uneducated guess
<seeker_> ttx: but from the front (using url)  end I am able to see the image and I got the emi number too
<ttx> the emi is registered. There is just no free capacity in the cloud to launch it
<seeker_> ttx: ok..how to approach this?
<VSpike> jiboumans: it seems that if saned binds an address and port in ipv6, it is then prevented from doing so in ipv4
<ttx> seeker_: that's the thing, I'm not sure how to debug this in 1.5 :)
<seeker_> ttx: have you seen this http://open.eucalyptus.com/wiki/EucalyptusKnownBugs_v1.4 they mention the issue
<seeker_> ttx: by going through this, can you provide help?
<ttx> That's 1.4 doc and they say the proper solution will appear in v1.5.
<ttx> seeker_: I can't, I don't have a 1.5 setup to test with
<ttx> hence my recommendation.
<uvirtbot> New bug: #495469 in openssh (main) "E: openssh-server: subprocess installed post-removal script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/495469
<zul> ttx: once the package is in main for the canonicala-application-support spec should it be removed from the workitems list?
<ttx> zul: no, keep it there with "DONE"
<ttx> otherwise it will look like you never worked on anything
<zul> ttx: k
<VSpike> I'm puzzled.  My scanner is only accessible to root, and I can't see why
<VSpike> It's a USB scanner, and it is mention is /lib/udev/rules.d/40-libsane.rules
<VSpike> s/mention is/mentioned in/
<VSpike> Bus 003 Device 002: ID 04b8:0104 Seiko Epson Corp. Perfection 1200
<VSpike> ATTRS{idVendor}=="04b8", ATTRS{idProduct}=="0104", ENV{libsane_matched}="yes"
<VSpike> crw-rw-r-- 1 root root 189, 257 2009-12-11 14:01 /dev/bus/usb/003/002
<VSpike> What am I missing?
<fullstop> Hi all!  Does anyone here have experience with kvm and gpt partitioned block devices?
<fullstop> http://www.pastebin.org/63522
<fullstop> I created a /dev/sda3, 400 GB, and gave it to a KVM guest to use.  When I installed Ubuntu server 9.10 on the guest, I partitioned /dev/sda3 in the installer.. using DOS partitioning with fdisk.
<fullstop> After this, the host linux will no longer boot from grub, and I have to boot into rescue mode and delete /dev/sda3 before it will boot.
<fullstop> quiet in here.  :)
<VSpike> sure is
<fullstop> is that normal for here?
<ScottK> It varies a lot
<hackeron> I get messages like this in my syslog every hour or so for the past year: "smartd[2644]: Device: /dev/sda, 8 Currently unreadable (pending) sectors" -- what does pending mean and what do I do about this? (specifically to stop the messages flooding my logcheck reports)
<_ruben> replace the disk?
<hackeron> _ruben: well, it's been working with these bad sectors for a year so far, another similar disk has been working for 3 with 5 unreadable sectors -- why bother replacing?
<VSpike> hackeron: perhaps you could run badblocks on it?
<_ruben> or just add an ignore to your logcheck config, if you dont care about the message
<VSpike> hackeron: "e2fsck -ck/dev/sda" or something like that
<VSpike> hackeron: "e2fsck -ck /dev/sda" even
<hackeron> VSpike: I'm using raid though
<VSpike> ah
<hackeron> VSpike: so there is no filesystem on /dev/sda
<hackeron> VSpike: I just have /dev/md0 which maps to /dev/sda1 and /dev/sdb1
<hackeron> _ruben: I don't want to ignore it, I want the disk to remap the blocks and reconstruct the array
<_ruben> could try to break the mirror, wipe the disk (possibly with a disk management tool from the vendor), recreate the raid
<[diablo]> afternoon all.. guys, can abgx360 change the region code of an ISO or not please?
<[diablo]> whoops wrong window
<stacmandu> i just plugged a modem into my ubuntu-server 9.04.  how do i tell if it's working?
<hackeron> _ruben: seems all I need to do is echo repair > /sys/block/mdX/md/sync_action -- and the drive appears to remap the bad sector
<_ruben> hackeron: nice to know :)
<zul> has anyone thought of packaging spice now for kvm since its open now
<Status0> hello ppl
<zul> http://www.spice-space.org
<Status0> i have installed to my qa the ubuntu 9.10 server
<Status0> and i have some question
<Status0> i personaly try develop ubuntu community in israel
<Status0> can anybody help me about ubuntu server ?
<zul> Status0: someone might be able to answer
<Status0> thanks, i wonder why there is no gui to server ?
<arj> i wonder why one would need a gui to server
<Status0> arj, becuse ppl are stupid [most of them] but again this is some required by consumers
<Status0> the want to make one click and it will work
<Status0> some-where i can understand them
<Status0> about this point of view
<arj> they can use webmin
<arj> or plesk
<Status0> yeh but i want "sell" ubuntu server and i have nothing why ubuntu server better ?
<Status0> ok i will re-ask the question : why ubuntu server is better ?
<arj> better than what?
<arj> if you want a gui, ubuntu-server might not be the best choice
<Status0> arj, generaly why is better ? (not about the gui) i try to promote more ubuntu. but i cant find resone..
<lau> hi, i am trying to set an tls signed mta in order to send signed emails thru my web php/mail() function
<lau> i am running hardy, apache2 and apache2/php5/php.ini shows nothing particular except SMTP = localhost and smtp_port = 25
<lau> i assume exim is my mta but ps aux|grep exim returns nothing
<lau> how does the php/mail() function send mail ?
<Status0> yes
<Status0> lau, but you need to configure the php.in
<Status0> to use your mail
<lau> Status0: currently the .php application is sending mails
<lau> I want to add tls functionnality in order to sign the emails sent thru this application
<lau> thus I am assuming a mta is already up and running on my server, is that a good assumption ?
<ScottK> lau: Why do you assume exim is your MTA?
<Jeeves_> ScottK: It's the only sane mailserver ;)
<Status0> try opensocket to tls
<ScottK> Since Ubuntu Server ships no MTA by default and prefers Postfix in general, assuming Exim is an odd choice.
<Jeeves_> ScottK: I know :)
<ScottK> One might prefer Exim (I don't), but I don't see how one should assume it.
<Jeeves_> But so is the preference for Postfix :)
<lau> ScottK: dpkg -l exim4 returns something, I got files in /etc/exim4/...
<ScottK> lau: OK.  That's a good reason then.
<lau> also I ls -lsa /usr/sbin/sendmail
<lau> and this returned /usr/sbin/sendmail -> exim4
<lau> thus now I am assuming that the php application is sending emails thru calls to sendmail
<lau> that is a simlink to exim4
<lau> so exim4 is used in order to send emails
<lau> am i right ?
<Jeeves_> probably
<lau> (enven if apache2/php5/php.ini is not configured)
<lau> if I setup TLS/SSL for exim4 I should be ok ?
<zul> kees: ping
<TopKatz> what procedure do you guys use that have hardware raids when a update to the headers comes out?  I know Im not doing it right.
<arj> what's the relation between hardware raids and "the headers"? :)
<TopKatz> after installing new headers, the driver is gone
<TopKatz> so the raid comes up as seperate disks, causing parity faults (I think)
<TopKatz> and all around bad times
<arj> seperate disks should not cause parity faults
<arj> are you sure it's hardware raid and not fake raid?
<TopKatz> not really
<TopKatz> Im using a rocketraid 1740
<TopKatz> I have the driver installed
<TopKatz> and the managment software
<TopKatz> so I think Its a real raid
<arj> reinstall the driver for the correct kernel before you reboot
<TopKatz> hmm
<arj> if you need a driver I doubt it's real
<TopKatz> I jsut dont think its suported out of the box
<TopKatz> so your sugesting a make install before rebooting after header update
<TopKatz> will it use the new header in that case?
<TopKatz> I never tell it which to use, it just does it right now
<arj> I don't know, if you're lucky you can specify what kernel to build for
<TopKatz> hmmm
<TopKatz> its an interesting idea
<TopKatz> right now I jsut go to the driver dir and do sudo make install and it does the whole thing
<arj> is the root or boot fs on those disks?
<arj> if not, I'd halt, disconnect them, boot the new kernel, build the driver, connect them, boot
<TopKatz> no, it has my mysql and www stuff
<TopKatz> yeah, I have been thinking about that
<TopKatz> or, how to do all that
<arj> and I'd also check how well a raid card this card is, and consider software raid
<TopKatz> its not a high end one, but this is also just a test dev enviorment
<arj> if it's not high end, consider using it as a sata controller and do mdraid
<arj> or run some benchmarks on the driver thingy and mdraid
<TopKatz> when you update the header does it put it in /lb/modules... before the reboot?  so would they be there after update but before reboot?  The driver make builds against that
<TopKatz> so in theory your inital idea might work
<arj> I got to go now, good luck :)
<TopKatz> thanks for your time
<arj> no problem
<jiboumans> time to pretend it's weekend; later guys
<zroysch> I have an ubuntu 9.04 server that is having a multitude of problems that seem to be all related to network activities. rtorrent will randomly crash, mpd server also randomly crashes. My ssh and any other tcp connection will randomly go down for a few minutes at a time while i can still ping it, then tcp will come back up again. I have found no logs to tell me what the hell is going on. could anyone tell me where to find 
<uvirtbot> New bug: #495605 in samba (main) "lucid alpha1 shares-admin segmentation fault" [Undecided,New] https://launchpad.net/bugs/495605
<fullstop> are there any known issues w/gpt KVM setups and grub2?
<fullstop> I have a KVM host which uses GPT due to large partition sizes.  I gave a KVM guest a raw partition to use.   The guest used a MS-DOS partition table on that raw partition, such that fdisk -l /dev/sda3 would show sda3p1 and sda3p2.
<fullstop> However, this messed up grub2, which was noticed after a reboot.  It just sat there at "Loading GRUB"
<fullstop> booting into rescue mode and deleting /dev/sda3 and re-installing grub recovered.  I don't know if reinstalling grub was necessary.
<fullstop> I am more familiar with xen, but KVM seems to be the way the winds are moving right now.
<fullstop> wow, netsplit sucks
<Belgarath> hi
<Belgarath> does anybody know how to clear kerberos instalatioon/configs
<Belgarath> so I can start all over
<Belgarath> without reinstalling ubuntu ?
<Belgarath> dpkg --purge is nto good enough apparently
<Listerthrawn> I want to set up KVM on a server with LVM on Raid and use the LV's as the disks for KVM.  Anyone know a good guide on aligning the 3?
<Clusty_> still trying to jail a user and allow him to use just scp and not ssh nor to snoop around and reall all the stuff
<Clusty_> i tried this: http://geekzine.org/2007/09/28/easy-sftp-and-chroot-sftp-with-scponly/
<Clusty_> but it chokes
<Clusty_> connection closes for no good reason
<mjs2> hey - just installed karmic koala but i'm stuck behind a firewall.  what's the proper way to make apt use an http proxy?
<mjs2> simple google resulted in a few methods - setting "http_proxy" env var (didn't work), setting /etc/apt/apt.conf (doesn't exist, apparently changed in 9.1)..
<mjs2> well, never mind.  apparently i have to apt-get update
<ruben23> hi
<BlueT_> ruben23: morning
<ruben23> BlueT_:what time in your place now..?
<BlueT_> ruben23: 4:51am here in Taiwan :P
<[diablo]> evening #ubuntu-server
<Clusty_> ahoy
<[diablo]> guys, I have a box I wish to run ubuntu server 8.04 on ...
<[diablo]> I can only slap a wireless (atheros) pci card in it... will server still have support for the ath card?
<Clusty_> [diablo]: this is a kernel issue
<Clusty_> 8.04 is running 2.6.24
<Clusty_> if support is not there you can add it
<[diablo]> sure, true
<[diablo]> actually I should really set up an AP -> ethernet
<[diablo]> less messy
<Clusty_> any reason to put 8.04 and not 9.x?
<[diablo]> yeah, the project I wish to develop I prefer LTS
<Clusty_> i see
<[diablo]> either that or would have to go RHEL or CentOS
<Clusty_> i am also unfortunately on 8.04
<[diablo]> but for server, its a good move
<Clusty_> cursing already for 2 days cause of this
<Clusty_> i want to set up a username that cnot see stuff outside his home folder via sftp
<Clusty_> next from 8.04 works out of the box
<[diablo]> that can be done
<[diablo]> Clusty_, there is an option in sshd to do it
<Clusty_> yeah, chroot with scponly
<[diablo]> nope
<Clusty_> [diablo]: for next version from 8.04
<Clusty_> :D
<[diablo]> well, sort of
<[diablo]> you sure?
<Clusty_> 8.04 has old openSSH
<[diablo]> one second
<Clusty_> yeap
<[diablo]> Clusty_, http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config
<[diablo]> Clusty_, check the ChrootDirectory option
<Clusty_> the message is: cannot do chroot inside a blahhh block
<Clusty_> the one that catches one user
<[diablo]> Clusty_, do a man sshd_config
<[diablo]> does it show the ChrootDirectory in there?
<Clusty_> nope
<[diablo]> Clusty_, what version of sshd is it?
<[diablo]> Clusty_, actually if its not supported in the version shipping with LTS, personally, for I would just build from source the openssh server..
<Clusty_> OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
<[diablo]> Clusty_, you could even have it running on a higher port and not mess up your ubuntu sshd
<[diablo]> Clusty_, you should be able to have it up and running in a couple of minutes
<[diablo]> Clusty_, openssh is easy to compile
<Clusty_> [diablo]: i would have to write my own rc.d script, which feels scary :D
<[diablo]> Clusty_, just copy the existing one
<Clusty_> [diablo]: plus machine is behind a firewall and i do not have easy access to firewall to punch holes through
<[diablo]> Clusty_, then rebuild the source package with the latest version
<Clusty_> good point
<[diablo]> Clusty_, also double check your sshd_config file to be sure the ChrootDirectory is not listed
<Clusty_> i searched through man
<[diablo]> yeah, but look in the actual config file too
<Clusty_> ohh ok
<Clusty_> nope
<[diablo]> ah ok...
<[diablo]> apparently it seems its from 4.8 onward
<[diablo]> you could try grabbing the .deb from 8.10 ... and installing it
<[diablo]> sorry Clusty_ I have to walk my dog... bbl
<Clusty_> :D
<Listerthrawn> I notice you can create a 2 device raid10 array in mdadm.  Are there any benefits/drawbacks with using raid10 over raid1 with 2 disks?
<qman`> Listerthrawn, that would effectively be exactly the same
<qman`> different in name only
<jeiworth_> Listerthrawn: i wouldn't do it, so the idea is to have 2 equally sized partitions on each disk, mirror the 2 disks and  use 1 partition each for striping?
<Listerthrawn> What I want to do is this: -
<Listerthrawn> I have 4 disks 2x500Gb and 2x750Gb (I think, it's been a while since I've seen them)
<Listerthrawn> I want to install a small raid1 on the 2x750's and install ubuntu server.
<ruben23> hi, any application whihc i can make a clone image of my local server form an ubuntu server then can restore then any time to the state i imgae thm.
<jeiworth_> ruben23: dd
<jeiworth_> Listerthrawn: ok...
<neonfreon> Listerthrawn i like to setup 2 disk RAID 1 groups and then if i want to extend beyond that use LVM
<neonfreon> add another 2 disks for another raid 1 group and then just add the new physical volume to my volume group
<Listerthrawn> I then want to use the rest of the space on the 2x750's as another raid1, then the 2x500's as another raid1 then LVM them
<neonfreon> yes
<Listerthrawn> neonfreon, We are so on the same wavelength here.  Great so far :)
<neonfreon> i think that's a good setup
<neonfreon> except i didn't raid1 my OS
<neonfreon> because it's easy to replace
<neonfreon> (compared to data)
<qman`> Listerthrawn, the correct thing to use for that setup is raid 1, not raid 10
<Listerthrawn> True, but I want to run KVM on top of this and use the LVM'd RAID arrays as backing storage for VM's.
<qman`> raid 10 would be if you want to set aside 500GB on all four disks for one array
<Listerthrawn> so while the OS is easy to replace, the downtime isn't easy to stomach.
<ruben23> jeiworth_: i read on ubuntu pro book- about DRBL and clonezilla..to do imaging of server.
<neonfreon> sure Listerthrawn makes since for time critical setups
<neonfreon> sense
<jeiworth_> you could also create a 4x500gb raid5 or 6 and use the 2x250gb that are over for another raid1 for system, programs, etc...
<neonfreon> boo software raid5
<qman`> ruben23, that's more suited to making multiple copies, like setting up a bunch of identical client computers
<Listerthrawn> What I'm really having trouble with is finding a good guide on how to align all the different chunk/stripe sizes from disk/raid/lvm/filesys
<qman`> ruben23, you can use dd to make a single raw backup, and compress with gzip or bzip2
<neonfreon> software raid5/6 is a no go for me
<jeiworth_> ruben23: no, but i also read about drbl, on the fly synchronization between 2 machines over network
<Listerthrawn> i've used software raid5 before when I wanted to store lots of static data with some resilience but with the relatively high random writes I expect from the VM workload it wouldn't be suitable I don't think.
<jeiworth_> ruben23: is this a one time thing or do you want to make regular backups that way?
<ruben23>  jeiworth_: yes, regular backup and aside that i have an imgae of my server so i can restore it on a good working condition then copy my backup files to make it run if any donw time..
<jeiworth_> Listerthrawn: well, if you prefer you culd make a raid10 the same way, 4x500gb and a raid1 for the remaining 2x250gb
<qman`> I use software raid 6 on my file server, but VMs are a much heavier load
<ruben23> or what steps you can suggest best would fit on the purpose of failover.
<qman`> ruben23, for failover you need two servers up and running
<qman`> dedicated to that purpose
<Listerthrawn> I could I suppose but eventually I'll run out of disk space and I intend to replace the 2x500's with 2x1TB by adding them in as another raid1 and pvmoveing the LVM off the 2x500's
<Listerthrawn> Anyone got any advice on how to align all the stripe stuff?
<Listerthrawn> anyone still here?
<Listerthrawn> i've not used IRC for nearly 10 years.  Thought they'd have fixed netsplits by now!
<neonfreon> what size writes and reads will you be doing?
<neonfreon> if you're doing raid 1 there is no stripe size to configure
<neonfreon> at the raid level
<IrCYop> Could someone be so kind to paste me their /etc/init.d/networking file for 9.10?
<qman`> IrCYop, http://pastebin.com/f2ff08c3c
<IrCYop> qman`: <3
<crohakon> Awww, a cute couple.
<qman`> IrCYop, this system has been upgraded since 7.10, so that might not be the stock 9.10 file, but it's a working 9.10 system
<qman`> and I haven't messed with it
<crohakon> Should I bother upgrade my server to 9.10?
<crohakon> I just upgraded my laptop, and it seemed to go well...
<ruben23>  jeiworth_: what is best option on an external drive or another server..?
<qman`> crohakon, if it's 9.04, yes, if it's 8.04, no
<qman`> reason is, unless you really need something, 8.04 will be able to upgrade straight to 10.04
<ruben23>  jeiworth_:how do dd backup an entire image of my linux server
<qman`> so you can avoid a lot of hassle if you can wait until april
<jeiworth_> ruben23: hehe well, that really depends, do you want to be able to move your backup to safe places or is the other server in a safe place, i.e. far away from the 1. server, another building, another city, another country or even continent? ;)
<qman`> ruben23, dd if=/dev/sda1 of=/path/to/backup-file
<jeiworth_> yes, with dd you can backup the entire block device as is, e.g. dd /dev/sda
<qman`> where /dev/sda1 is your server's filesystem
<jeiworth_> haha
<qman`> or you can compress on the fly, dd if=/dev/sda | gzip > /path/to/backup-file
<ruben23>  jeiworth_:how about the restoration..?
<jeiworth> ruben23: if you make e.g. sudo dd if=/dev/sda of=//server/share/backup this will actually backup the entire disk including mbr and everything, you should pipe it through tar and bzip2 though, just to decrease size
<jeiworth> ruben23: exactly the same, boot with a live-cd and then: sudo dd if=//server/share/backup of=/dev/sda
<qman`> yeah, dd will create a raw file, including free space, so you definitely should compress it with something, even if you can't use the CPU on good compression
<jeiworth> qman`: say, doesn't dd itself also have a parameter to ignore unused blocks?
 * jeiworth checks man:dd....
<qman`> not that I know of, it would have saved me a lot of effort in the past
<jeiworth> hehe so i better not find it then, not to embarass you? ;o)
<qman`> learn something new every day :)
<Listerthrawn> neonfreon, I'm not too bothered about the size, the default may well be OK,  I just want to make sure that 1 fs block is 1 lvm block is one Raid block.  If they don't align 1 fs read can mean reading 2 raid blocks from disk and that's gonna kill performance
<jeiworth> hmm qman`nope, don't find anything in the man doc
<ruben23> i will find how to for dd...
<ruben23> are there any, just a guide for reading
<jeiworth> hehe i think for dd you won't have trouble finding
<ruben23>  jeiworth: if you have a good link there, that would be deeply appreciated..:-D
<neonfreon> Listerthrawn: i dont think there is anything to worry about if you're doing raid 1 and linear LVM
<neonfreon> there is no striping occuring there
<crohakon> How do I upgrade to 9.10 from the command line?
<neonfreon> so you just want to look at your file system's block size to make sure it's most appropriate for the size of writes you'll be getting typically
<jeiworth> sry ,eetnig
<jeiworth> meeting
<Listerthrawn> neonfreon, I'm not sure.
<crohakon> How do I upgrade to 9.10 from 9.04 from the command line?
<ScottK> crohakon: You mean 9.04 to 9.10?
<crohakon> ScottK, thats what I said...
<crohakon> to 9.10 from 9.04
<ScottK> Ah.
<crohakon> hehe
<ScottK> Right.
<ruben23> hi
<ruben23> guys
<ScottK> crohakon: sudo do-release-upgrade should do it.
<crohakon> okay
<crohakon> thanks
<ScottK> No problem.
<jumbers> Does update-motd run every time a user logs in? I've added a script to the update-motd.d folder and now every time I log in, it takes a while before the motd displays
<jumbers> I see there's an update-motd cron job, but it seems like it also runs every time somebody logs in
<neonfreon> Listerthrawn: what are you not sure about
<Listerthrawn> http://wiki.tldp.org/LVM-on-RAID
<Listerthrawn> neonfreon, the link i just said
<Listerthrawn> neonfreon, My head's just toast at the moment lol.
<Listerthrawn> neonfreon, I've been trying to work this out whilst off work sick with Swine Flu.  Trying to get your head around Raid/LVM and aligning the lot with a fever of 104 has been a challenge I'll tell you.
<Listerthrawn> neonfreon, I think I may have just worked it out.  If I set my partition tables to start say 1024k into the disk rather than skipping 1 sector everything should align.
<neonfreon> ah cool
<neonfreon> start of your partition tables or start of your partitions?
<Listerthrawn> partitions
<neonfreon> yeah that's the conclusion i came to as well
<neonfreon> if there are any alignment issues that will be it
<neonfreon> issues caused by label or whatever at start of disk
<Listerthrawn> i'll have to do this on a test rig.  do a bit of bonnie'ing
<neonfreon> ya
<Listerthrawn> see if it actually does make a difference.
<Listerthrawn> you on here often?
<neonfreon> have been lately
<Listerthrawn> I'll let you know what I find.  Thanks for the help, much appreciated.
<Aison> evening, i'm searching a way that my server can send SMS to my cellphone
<neonfreon> i've tuned stripe alignment with raid 5 and XFS before
<neonfreon> i used ioread to do my perf tests
<Listerthrawn> i'll look at that tool too
<neonfreon> i only saw differences on read performance, but it was really big
<neonfreon> err, iometer
<neonfreon> sorry
<Aison> I heard, that it's possible to connect nokia devices with the server
<Aison> but i cant find anything that explains that
<neonfreon> lets you set size of write/read, number of streams, and change what % are sequential
<Listerthrawn> only trouble is, the machine I want to use for this is currently used hosting Xen VM's and one of which is my firewall/router.  Arranging downtime with the wife is harder than arranging it at work.
<bep_> does ubuntu server support sleep etc or do i need to install something else?
<RoyK> bep_: sleep?
<jumbers> RoyK: Suspend
<RoyK> afaik suspend to disk should be there
<jumbers> Suspend to disk would be hibernate, suspend is the one where it suspends to RAM
<RoyK> but not sure if the userspace parts are installed by default
<RoyK> k
<RoyK> I don't really want that on a server, though
<jumbers> Neither would I, especially because I don't have physical access
 * RoyK only has ubuntu server VMs by now
<jumbers> My box runs Ubuntu server on a dedicated machine. Pretty cheap monthly costs too
<RoyK> I have an opensolaris pizzabox with three ubuntu VMs
<RoyK> zfs for storage management and ubuntu for the apps part
<IrCYop> Could anyone give me a hand with openvpn
#ubuntu-server 2009-12-12
<IrCYop> When I try to start it I get nothing but a [fail]
<IrCYop> ah brb
<crohakon> I just upgraded my server to 9.10 and now I am having an issue starting bind9
<crohakon> Forgive the flood, but I do not have a DNS server at the moment... So I cannot get to paste page stuff
<crohakon>  * Starting domain name service... bind9                                                                                                                        [fail]
<crohakon> invoke-rc.d: initscript bind9, action "start" failed.
<crohakon> dpkg: error processing bind9 (--configure):
<crohakon>  subprocess installed post-installation script returned error exit status 1
<crohakon> E: Sub-process /usr/bin/dpkg returned an error code (1)
<crohakon> Any ideas?
<uvirtbot> New bug: #495716 in cyrus-sasl2 (main) "cyrus-sasl2 should be updated to db4.8" [Medium,New] https://launchpad.net/bugs/495716
<zurh> hi
<crohakon> After upgrading to 9.10 bind9 failed to start
<crohakon> so I removed it
<crohakon> and reinstalled it
<crohakon> but the install fails
<jmarsden> crohakon: "The install fails" ... be specific, what error message do you get from apt-get install bind9 ?
<crohakon> oh, I resolved it. Apparent apparmor stopped liking bind9 after the upgrade.
<jmarsden> OK, cool.
<jmarsden> I just got home and saw no-one here had tried to help you out...
<crohakon> so I just stopped the apparmor service, started the bind9 server, and restarted apparmor. Seems to work now
<crohakon> Yeah, well, it happens =)
<ChrisRut> where can I find an image file of Ubuntu Server Hardy, that is compatible with Xen *.img
<RoyK> fuck
<RoyK> something fscked up in my xfs root fs
<jmarsden> !language
<ubottu> Please watch your language and topic to help keep this channel family friendly.
<RoyK> so some files appear like 0 bytes large
<RoyK> jmarsden: I really don't care about the general christian's view of my language
<jmarsden> Your use of #ubuntu-* channels is subject to the Ubuntu Code of Conduct, I believe.
<RoyK> jmarsden: do you know how I can fix this problem or are you just an anti-swearing-bot?
<jmarsden> Given that attitude, I'm not really all that interested in spending time helping you right now, I'm afraid.
<jmarsden> Check the channel logs on http://irclogs/ubuntu.com if you think I am "just an anti-swearing-bot".
<RoyK> jmarsden: I really don't care about the general christian's view of my language
<RoyK> jmarsden: do you know how I can fix this problem or are you just an anti-swearing-bot?
<RoyK> I really, really do not like people whining over details on IRC without having something to say
<RoyK> jmarsden: then fuck you very much, sir
<jmarsden> Without the language impediment, it's possible I'd have had more to say.  Goodnight.
<RoyK> jmarsden: if you find it so hard to read these BAD BAD WORDS, then find another place to hang out than on IRC
<RoyK> jmarsden: I've been in here for a while
<RoyK> jmarsden: anyway - I really don't know you _do_ know what to do about it, but it's so much pride in not answering a man who uses non-christian words, isn't it?
<Drmanhattan> the ubuntu code of conduct is not applied equally.
 * Drmanhattan awaits yet another ban in another ubuntu channel for noticing hypocrisy.
<RoyK> Drmanhattan: noticing is allowed, commenting is hypocracy
<Drmanhattan> I see
<Drmanhattan> ;))
<RoyK> luckily there aren't too much idiots like jmarsden in here
<Jeeves_> RoyK: It's a bit weird that you match 'decency' and 'cristianity' :)
<Jeeves_> As if non-cristians cannot be decent.
<Jeeves_> Aren't you decent?
<RoyK> did I mention decency?
<Jeeves_> No, but keeping in mind that some words offent others is decent.
<Jeeves_> Which you don't bother to be, which is fine by me.
<Jeeves_> But nobody mentioned cristianity either, except you.
<Drmanhattan> Christianity is kind of offensive to me, at least the politics involved.
<Jeeves_> So make up your mind, try to behave, and maybe people will be willing to help you.
<RoyK> words like 'fuck', 'shit' etc are perfect words for expressing feelings. mr jmarsden did not wait a second before throwing !language at me
<RoyK> this 'decency' about not using 'swear words' comes from christianity, not from somewhere else
<Drmanhattan> the religion itself doesn't bother me, but the protesting of funerals and oppressing gay folk makes me sick.
<Jeeves_> Drmanhattan: Try moving to a normal country, that helps :)
<RoyK> some people think 'try to behave' means 'follow the paths of our ancestors' meaning those who actually beleived there was a god and so on
<Jeeves_> RoyK: How old are you, 11?
<Drmanhattan> RoyK, most modern "swear words" are words from the native languages that were deemed "vulgar" when the Christians invaded them.
<Drmanhattan> Jeeves_, yay amsterdam
<RoyK> I can behave perfectly normal, be nice and so on, but if my filesystem goes boom, I'll be shouting SHIT nevertheless
<RoyK> Jeeves_: no, I'm not 11
<Jeeves_> RoyK: Younger?
<Jeeves_> If not, you are behaving like a 11 year old.
<Jeeves_> Decent (they do not need to be cristian) people try to follow the rules of surroundings a bit
<Drmanhattan> I haven't seen a lot of decency out of some of the ubuntu channel mods though.
<RoyK> Jeeves_: either you try to make me look like something I'm not, or you're not the smartest guy alive. I guess the former
<RoyK> Jeeves_: yeah, but those rules are not absolute
<RoyK> Jeeves_: your rules on 'good language' obviously doesn't match your neighbor's
<RoyK> or his neighbor, or relatives
<Drmanhattan> I guess thats what happens when you put 19 y/o's in charge of things, especially ones that were obviously picked on in their younger years.
<Drmanhattan> sorry 18yo's
<RoyK> Jeeves_: tell me, if you get a corrupt filesystem, do you feel like shouting out some dedicated words, or would 'pizza' or 'pancake' do?
<Jeeves_> RoyK: The rule is pretty simple. It's "Do not swear in the #ubuntu-channels". You said yourselve that the words you're using are swear words.
<Jeeves_> So, what's your problem?
<Jeeves_> Try and shout at your monitor, and not into the channel.
<Jeeves_> That way, you might get help. And your monitor probably won't mind you yelling at him.
<RoyK> Jeeves_: my problem is that you're blocking a big segment of the English language, at times a good segment too
<RoyK> Jeeves_: because someone said 'this is bad'
<Jeeves_> You're mom might.
<RoyK> can someone please kick mr Jeeves_ in his ass?
<Jeeves_> RoyK: Seriously, are you in need of help or are you here to comment on the #ubuntu-* rules?
<RoyK> Jeeves_: do you actually beleive that behaviour is about not swearing?
<RoyK> Jeeves_: your rudeness is, by those rules, ok, but if I say 'shit', well, that's worse?
<RoyK> well, if that's the rules, I guess some pretty fucked up christians must have been behind them
<Jeeves_> I'm not rude. I'm trying to explain to you why those rules are. And that those rules should be followed within the ubuntu-channels/
<Jeeves_> What's rude about that?
<RoyK> well, your attitude doesn't help you
<Jeeves_> I'm guessing you age by your behaviour, that should give you a hint on your behaviour, not mine
<RoyK> Jeeves_: heh
<Jeeves_> So, what's your problem?
<RoyK> Jeeves_: your behaviour is generally about one thing, 'do not swear'. with that as a base, you seem to beleive you can be as rude as you like. you haven't put a single argument forth on why certain words should be banned from usage in here, just that 'the rules say...' Those rules are conservative ones, mostly ruled out the christian right wing in most countries, especially in the US, but also in parts of Europe. Luckily, in Europe, most pe
<RoyK> ople don't beleive in that sort of gods anymore, so the language is generally more free than it is in other, more conservative parts of the world, such as the extreme islamic parts and parts of the US
<RoyK> Jeeves_: if you want to say something more about this, be my guest, but please don't rephrase the current ruleset
<RoyK> Jeeves_: lol - you didn't really understand that, did you?
<Jeeves_> RoyK: I do have better things to do dan await your four minute break to think about this.
<Jeeves_> The point is, it doesn't matter which words are of aren't banned from usage.
<RoyK> Jeeves_: it's funny. people like you fall back to bullshit when you have no arguments, not even bad ones
<Jeeves_> The point is that you're using a service of somebody else, and you should behave according to this parties rules.
<RoyK> 'my minute break'
<RoyK> Jeeves_: did you even _try_ to read what I wrote above?
<Jeeves_> RoyK: I did, and I understand what you said.
<Jeeves_> The point is that your or my personal point of view doesn't matter.
<Jeeves_> What matters is that there are rules in this channel, and you should behave according to those rules.
<Drmanhattan> well, I'd be happy to behave as some of the operators want, When I am kicked, banned, and shoved into channels to debate the matter, I generally tend to become uncooperative.
<Jeeves_> I understand your view on extremist cristians
<Jeeves_> I share some parts of that view
<Jeeves_> But it just doesn't matter :)
<Drmanhattan> I don't understand why Christians have such a problem with gay folk, it isnt like Jesus ever showed any interest in women, and he surrounded himself with 12 other men with a similiar disinterest in women. I don't know any straight men who do that.
<RoyK> Jeeves_: fuck you very much, idiot. obeying the rules because they're rules is idiocy of the worst sort. try to tell the people in Iran to obey the law because it's the law. also, all sorts of countries have stupid laws, also the 'western' ones.
<Jeeves_> ok, I give up. :)
<RoyK> Jeeves_: in obeying laws for the sake of their being laws, you make a big mistake
<Jeeves_> A silence!
<Jeeves_> !/ignore++
<RoyK> Drmanhattan: the christians have problems with gay folk, just because they're not allowed to join in
<RoyK> it's sad, really :)
 * RoyK &
<eagles0513875> hey guys is glibc6 installed on 9.10 by default
<Jeeves_> libc6?
<eagles0513875> ya
<eagles0513875> need it for shoutcast
<Jeeves_> Yes, it is.
<eagles0513875> ok ty :)
<Jeeves_> But shoutcast is in the repo's, isn't it?
<arj> http://packages.ubuntu.com
<eagles0513875> no Jeeves_its not
<eagles0513875> im getting it from shoutcast.com
<Jeeves_> icecast is
<Jeeves_> that's about the same, isn't it?
<Alpha6> can ubuntu server and dyndns work together?
<kringell> Alpha6: yes
<jmarsden> Alpha6: https://help.ubuntu.com/community/DynamicDNS
<Alpha6> Thanks kringell and jmarsden
<Drmanhattan> dyndns is nice, no-ip is better
<eagles0513875> my router is nice enough to automatically update my account on dyndns for me :)
<Drmanhattan> my router does the same with no-up
<Drmanhattan> no-ip
<Drmanhattan> Gotta love tomato linux
<DrManhattan> I appear to be unable to increase my desktop size past 800x600
<incorrect> i wish there were more custom kernels to use
<incorrect> generic and server aren't really all that is needed
<kringell> incorrect_: what more do you need?
<incorrect_> kringell, well when i build a nice custom kernel for my opterons i get a good performance boost, same with my xeon
<incorrect_> generic64 isn't so hot
<incorrect_> also i wouldn't mind a 250hz server kernel
<ghostlines> does anyone know or use any networking gui tools?
<ghostlines> my boss runs ubuntu server and doesn't want to install the whole desktop package to configure networking
<Cromulent> just use the command line then
<ghostlines> does anyone know any network configuration gui tools?
<kringell> ghostlines: you could quite easily teach him the basics of /etc/network/interfaces ?
<uvirtbot> New bug: #345234 in kvm (main) "Network interfaces names changed in KVM guest cloned with virt-clone" [Undecided,Confirmed] https://launchpad.net/bugs/345234
<ghostlines> kringell, looks like that's my only choice
<newbbiesss> hello good day to you all can i get support in here?
<guntbert> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<newbbiesss> ok
<newbbiesss> i am trying to install a ZTE MF626 from telcel following this gui: http://www.ubuntu.org.uy/main/?q=node/986 but when i reach the 8 step i got this: http://pastebin.com/m39113374
<newbbiesss> and i just can get it to work
<newbbiesss> help pls
<OscarTG> Ok I can't belive I am asking this question.  I need to figure out if the Ubuntu server install I am working on is 64 or 32 bit.  Is there a command to see this?
<OscarTG> I was looking at uname but didn't see anything
<OscarTG> wait sorry about this.  could I tell from the kernel version?
<OscarTG> If you were given a per installed server to work on  and was told that "automatic security / system updates were configured" any suggestions on were to look to turn this off?
<sub> OscarTG: starting at the beginning, re: 32-bit vs 64-bit if someone installed a 32bit kernel on a 64bit system the kernel version would be inaccurate
<sub> `cat /proc/cpuinfo` and see if it tells you anything
<OscarTG> hrmm.  but I can tell from that what os I am working with?  it is i686
<OscarTG> that is 32 bit correct?
<OscarTG> wow cpuinfo is pretty helpfull
<OscarTG> ahh it is a quad core intel xeon.  what is funny is ubuntu sees it as 4 1 core processors
<sub> yep
<OscarTG> so any thoughts on the auto updates.
<sub> I think you can remove the package "unattended-upgrades" but I don't know if that's the correct way
<sub> Anyone else here know if that breaks anything?
<OscarTG> i will look around a bit more.
<sub> there's some apt config directives
<sub> check the comments in the header of /etc/cron.daily/apt
<OscarTG> i just love that fact that we ordered a server, 9.04 server minimum install, no additional packages, only add ssh.
<sub> in particular "#  "APT::Periodic::Unattended-Upgrade""
<OscarTG> and I got 9.10, ssh and LAMP, and auto updates.  sorry /end rant
<OscarTG> thanks.
<sub> hah, understandable
<sub> if you didn't get what you want, you might want to start with a clean install
<OscarTG> if i had access to the server I would.  we are moving one of our vmware servers to a hosting center and my boss yester day handed me an email and said he got want I wanted and needed it up by monday.
<OscarTG> luckly i talked him into two extra paid vacation days around christmas
<sub> ah ok
<sub> well good luck with shaping it down to what you want
<OscarTG> I will get it close but I haven't decided if I want to even worry about the LAMP part
<OscarTG> I wish uninstalling LAMP was as easy as it is to install all of that during the OS install.
<OscarTG> one click = so much more than what a lot of people realize
<sub> you don't want it at all?
<sub> any of it?
<sub> OscarTG: sudo tasksel remove lamp-server
<OscarTG> oh your kidding me.  You rock.
<cottle> if I'm willing to learn how to securely maintain my server, and I'm willing to spend a couple of hours doing the initial configuration, how much time does it take from then on if security is essential? 30 mins per week? several hours per day?
<sub> check tasksel's man page and tasksel --list-tasks
<OscarTG> that just made my life so much easier
<sub> cottle: depends to what extent you want to actively maintain the security of the server. some people may just install security updates once a week, some review logs meticulously, and others are active on all the relevant security/announce mailing lists
<sub> cottle: really it just comes down to how much time you want to put into it
<OscarTG> and some like to set it up to happen automaticly.  they should be shot and use windows.  ok sorry, no they shouldn't and there is probly a god case to use it some were.  :)
<cottle> sub: not that I find it likely, but just assume that my web project gains popularity and potentially more people want to hack into my system. if I just update the system once every 3 days or so and don't do anything else, will I sooner or later lose the battle and get rooted?
<sub> cottle: security is about risk management and there aren't any guarentees. it's essentially a well-calculated gamble where you try to stack the odds in your favor. sure, that could happen, but as long as your system is up to date AND you're following security best practices (both on the admin side of things and on the web project's development side of things) then it's likely you'll be fine for a very long time
<cottle> sub: and if something should happen, I should keep a current backup and learn from my mistakes.
<sub> yes, a current off-site backup
<sub> and
<sub> you should have a disaster recovery plan in case this does happen
<sub> disaster recovery/business continuity
<OscarTG> cottle: i think I am in a boat similar to what you are in.  Running your own server can be fun, save some money, and you can learn a ton.  If youproject goes big though, i would suggest looking into finding a good host to work with, not a cheep one, a good one.  That way you can focus on one part of it and the server side of things is handled by hopefully a group of people with much more experience.  It also allows you to make someone else responsible
<OscarTG>  for a major part of it and everything doesn't fall onto you.
<cottle> sub: I guess even a complete root attack isn't so bad, if you e.g. don't store passwords as plain text but instead use a hash with salt and things like that. you just reinstall the OS with the backup, learn from your mistakes and even if the attacker downloaded the entire database he has not much to gain. right?
<sub> depends what their goal was but more importantly what you lose during the attack, such as the trust of your users, or money
<cottle> OscarTG: I completely agree with you there. the point that worries me though is that the host with the group of people who will manage my server then doesn't support the web application interface I'm using, but just PHP. Or they don't support the database I'm using... and so on.
<cottle> sorry for the bad English, I type faster than I can think...
<sub> gotta go, racking a couple of servers and a SAN today
<OscarTG> cottle: don't worry
<cottle> sub: okay, thank you though :)
<OscarTG> sub: thanks a ton for the help
<cottle> OscarTG: what do you think regarding my last point?
<OscarTG> cottle:  what insterface are you using? and is there a reason you are using PostgresSQL over  MySQL?
<cottle> OscarTG: I'm use CGI, maybe FastCGI. maybe I implement my web application as a small web server that runs behind apache. currently I'm flexible enough that it only takes a few days of coding to switch between these possibilities. and I'm using PG over MySQL because I was told that is superior in both security and reliability.
<cottle> s/I'm use/I use
<pg1054> I'm setting up a number of sshfs mounts for automount via /etc/fstab.  I've a question about 'proper sytax' in the fstab.  All is clear re: passing *fuse* options.  I would like to also pass an SSH option, specifically a non-standard SSH config file.  That's, of course, the "-F" option to ssh.  What's the right syntax/usage for including that opt in fstab?
<pg1054> I.e., where do I put it in: "sshfs#guest@guest.login.com:data /mnt/guest fuse uid=1003,gid=100,umask=0,allow_other 0 0" ?
<LyonJT> hey
<LyonJT> i have created a folder in /var/www and i need to give a user called lyon full access rights how can i do this?
<freakynl> hi, are there any good root kit detectors in ubuntu server 8.04? Mainly looking for something that detects php shells and the like. we migrated an old server to a new ubuntu 8.04 and want some additional scans on possible left behind php shells etc (like r57 and c99)
<freakynl> not really a rootkit thing thus only mysql db's and /var/www/vhosts came from old server. additional checks won't hurt tho'
<bep> i added xorg on top of ubuntu server and when i do startx I am getting "X: user not authorized to run the X server, aborting."
#ubuntu-server 2009-12-13
<fulat2k> hi folks, i'm using jaunty and it's giving broken packages error when installing freeradius-mysql.  any ideas?
<sudit0> hola
<sudit0> tu si hablas espaÃ±ol no? xD
<jpds> !es > sudit0
<batfastad> Hi guys. Trying to install msttcorefonts in 9.04 and getting a message saying its been obsoleted, tried ttf-mscorefonts-installer as well with the same result. Any ideas?
<Sam-I-Am> have you tried ttf-liberation?
<batfastad> No I havn't. Will they all have the same names? I need them for the JPgraph PHP class
<rashed2020> How would I go about setting up jabber gateway servers that would work with Google talk as the client?
<rashed2020> I've got a few general ideas but I don't want to invest a lot of time in them only to find out I'm doing it wrong.
<xperia> hello to all. i have a full working bind9 dns server in my lan and want now to log all the querys for debuging some network stuff.
<xperia> i have included this lines
<xperia> http://paste-bin.com/view/d60fac37
<xperia> to /etc/bind/named.conf.local and executed also
<xperia> sudo touch /var/log/query.log
<xperia> sudo chown bind /var/log/query.log
<xperia> sudo /etc/init.d/bind9 restart
<xperia> my problem is that after this steps the file /var/log/query.log is still empty even when i call up some domains that my bind dns server only can resolves ! what could be wrong with the steps is some caching active or what else ?
<xperia> okay it looks like app-armor needed to be informed about this too !
<xperia> https://help.ubuntu.com/8.04/serverguide/C/dns-troubleshooting.html
<xperia> Before named daemon can write to the new log file the AppArmor  profile must be updated.
<xperia> strange thing is that i dont have still named query-logs in my log file !
<xperia> are the permission of my new logfile really good ?
<xperia> -rw-r--r--  1 bind   root       0 2009-12-13 03:06 query.log
<xperia> oohhh woow it worls now :-))
<xperia> thanks for the help still :-)) see you next time again ! bye !
<lingga> hi all.. could you tell me how do controlling services by console. is there an application like gnome has ?
<MTecknology> lingga: you mean like top?
<lingga> no, I want to disable or enable the services..
<MTecknology> I should know the name off the top of my head...
<MTecknology> update-rc.d
<MTecknology> lingga: I wish it could just list the current settings - there's another great app but I can't think of it's name now
<lingga> MTecknology: for example, I need to disable mysql service what should I do
<MTecknology> update-rc.d mysql stop 2 3 4 5
<lingga> MTecknology: ha, thanks. but is there an application to control it like yast in suse ?
<MTecknology> 21:12 < MTecknology> lingga: I wish it could just list the current settings - there's another great app but I can't think of it's name now
<lingga> MTecknology: did you meant update-rc.d mysql enable 2 3 4 5 ?
<MTecknology> I meant disable
<MTecknology> 21:13 < lingga> MTecknology: for example, I need to disable mysql service what should I do
<lingga> MTecknology: Ok thanks a lot :)
<twb> I recommend rcconf as a simple GUI wrapper for update-rc.d
<MTecknology> twb: THAT! That's what I couldn't think of :)
<twb> Although it occurs to me now that I hadn't noticed update-rc.d STOP -- I had been using REMOVE, and then digging through the relevant .postinsts when I wanted to turn it back on...
<MTecknology> !info sysv-rc-conf
<ubottu> sysv-rc-conf (source: sysv-rc-conf): SysV init runlevel configuration tool for the terminal. In component universe, is optional. Version 0.99-6 (karmic), package size 23 kB, installed size 104 kB
<twb> Yeah, I don't like sysv-rc-conf
<MTecknology> !info rc-conf
<ubottu> Package rc-conf does not exist in karmic
<twb> !info rcconf
<ubottu> rcconf (source: rcconf): Debian Runlevel configuration tool. In component universe, is optional. Version 2.2 (karmic), package size 22 kB, installed size 132 kB
<MTecknology> oh...
<twb> Mainly because it provides runlevels as individual checkboxes, and is laid out to generally be overwhelming
<twb> rcconf also used to suppress rcS services (a bug), which I considered to be a huge feature.
<MTecknology> nicex
<twb> Since you usually want to disable, say, apache -- not mountall
<MTecknology> looking at pics - I do like it better
<crohakon> So, is it possible to limit a user to only certain directories?
<twb> crohakon: depends on what you're limiting.
<crohakon> for example, could I limit a user to their directory and, say, /srv/www/whatever/ ?
<fulat2k> hi folks, some help for the freeradius-mysql installation in Jaunty
<fulat2k> ?
<twb> crohakon: how is that "their directory"?
<twb> crohakon: how is the user using the system?  For example, are they simply putting and getting files over SFTP?  Do they have a shell account?
<crohakon> twb, I was considering giving a friend a shell account to my little server in my basement for her to play around on. But I would rather she did not have access to anything to important.
<twb> Unless you give her ssh access, she won't be able to break anything but her own stuff.
<twb> She will be able to *read* files outside her home directory.
<twb> She will also, by default, be able to do things like forkbombing.  Restricting filesystem access won't help you there.
<fbdystang> I just installed 9.10 server, this is my first server. 9.10 desktop comes with an operating system with guis and such. However, I just booted up the server and all I get is a command prompt. Is that how it is supposed to be?
<twb> fbdystang: the server install media will not install any GUI by default.
<fbdystang> twb: How do I tell if it is working then? thanks
<twb> fbdystang: define `working'.
<fbdystang> twb: running, and giving me some fileserver space for other ubuntu and windows boxes
<twb> It's obviously running, because you can see stuff on the screen.
<twb> As to whether it is serving files, you can check this by attempting to connect to it from a client, and if that doesn't work, by testing lower-level things, like whether the service has an active process and is binding to the appropriate ports.
<fbdystang> This really is new to me, how can I find it from other ubuntu desktops then? it is all on a router
<fbdystang> does ubuntu desktop come with such a client?
<twb> You presumably know what IP it has.
<rashed2020> fbdystang: If all you're looking for is file sharing I'd recommend a specialized distro.
<crohakon> sudo apt-get install gnome.... *innocent expression*
<twb> If you control the router, you can configure the router to give it a static IP and a name.
<fbdystang> NOPE :( but i can check from logging into my router
<twb> crohakon: ITYM "ubuntu-desktop".
<twb> fbdystang: you can also check the IP from the ubuntu server console, of course.
<fbdystang> twb: what is that command for IP?
<twb> "ip address"
<crohakon> fbdystang, https://help.ubuntu.com/9.10/serverguide/C/index.html
<sub> ip addr
<fbdystang> thankx
<fbdystang> OK there are a bunch of IP addresses with that, is INET the one I am looking for?
<jmarsden> fbdystang: Yes.  The inet one for interface eth0
<fbdystang> rashed2020: that is all I am looking for, I thought 9.01 ubuntu server was a specialized distro, what do recommend then?
<crohakon> fbdystang, ubuntu server is a specialized distro, for general server needs (exempli gratia, LAMP)
<jmarsden> fbdystang: If this is just serving a few files on a local LAN for a few workstations, and you are already familiar with Ubuntu 9.10 desktop, then you could just use that.
<rashed2020> fbdystang: Take a look at FreeNAS. Not as expandable as Ubuntu Server, but much simpler if it's just file sharing.
<fbdystang> I tried that with samba to no avail :( I have an old desktop that I am making into a simple fileserver for both windows and linux computers at home
<crohakon> Can windows access NFS?
<fbdystang> I couldn't get it to access ntfs
<crohakon> I did not say ntfs =)
<rashed2020> Windows can access NFS, there's an official MS how to.
<rashed2020> http://support.microsoft.com/kb/324055
<fbdystang> That means a repartition then right?
<rashed2020> If it's just a local thing though, I'd stick with Samba.
<rashed2020> No.
<crohakon> fbdystang,  I was going to suggest using NFS (id est Network File System) but was not sure if windows can access it
<rashed2020> And for Samba you can just use Ubuntu 9.10.
<rashed2020> fbdystang: Have you tried following a tutorial?
<fbdystang> rashed2020: haha, many, but it is always tuff understanding terminology, especially in networking
<rashed2020> https://help.ubuntu.com/9.04/serverguide/C/samba-fileserver.html
<rashed2020> Just follow that exactly. It should get you up and running.
<jmarsden> fbdystang: Why not start by enabling samba on one of the existing "Linux computers at home" and share a few directories that way, on a computer you already know and understand.  Then come back later and create a dedicated server when you have more confidence and understanding of setting up samba.
<fbdystang> Good idea, rashed: i actually just found that page. I will install gnome and create some shared directories as you have advised ;)
<fbdystang> Thanks all
<crohakon> jmarsden, when I set up my first lamp server I had no idea what I was doing. Jumping right in and getting dirty really helped me learn quickly. Also, since the box was not needed for anything else it was okay if I made mistakes. I could just reinstall.
<crohakon> fbdystang, that being said, I say set up your dedicated server and learn as much as you can doing it.
<fbdystang> yea, thats where I am at, most important is learning to set it up
<jmarsden> fbdystang: Then read the Ubuntu Server Guide and try it out.
<jmarsden> Learning to set up samba is the same on an existing Linux box with a GUI as on a dedicated server box with shell access only... but which way you learn is up to you.
<rashed2020> I try to never use the GUI
<rashed2020> So if worst comes to worst I have a general idea of what to do.
<fbdystang> Well... I just ran into that. How can I edit these files without gnome? is there a terminal command to open smb.conf?
<sub> there are several text editors you can use
<sub> nano is probably one of the easiest to use, although i personally use vim
<terinjokes> anyone know how to have the beep ring the system (aka motherboard) bell?
<fbdystang> sub: that worked after installing it, thanks
<jmarsden> terinjokes: sudo modprobe snd-pcsp   # Or something close to that... you need the driver for the PC Speaker, basically.
<terinjokes> jmarsden: i'm still getting o terminal bell, not a system bell
<crohakon> fbdystang, I highly suggest that you do not install gnome on your server. Stick to the command line. It will really improve your understand of the OS.
<jmarsden> terinjokes: Hmmm.  Most people ask this question the other way around... they want to get rid of the PC speaker beep :)
<fbdystang> crohakon: Yea, that is what I am doing. But I may chime in every once in a while to get command line help :(
<fbdystang> dir
<terinjokes> jmarsden: i know ;) the problem is that if my workstation is off, or i'm not ssh'd into the box, i'm going to be missung critical system beeps, no?
<crohakon> fbdystang, dir?
<fbdystang> haha wrong computer, hahaha
<fbdystang> I have two computers with 2 keyboards in front of me :)
<crohakon> fbdystang, are you a dos user? ;)
<fbdystang> yup
<terinjokes> fbdystang: an you're either using DOS/NT or on an FTP on one of them ;)
<crohakon> fbdystang, I prefer the ls command just because of the highlighting
<fbdystang> terinjokes: actually, most dos commands are also available in unix/linux
<jmarsden> terinjokes: critical system beeps?  When would you expect those?  People put servers in machine rooms and do not then employ staff to sit around all day listening for "critical system beeps" ... so it's probably OK to leave your own Ubuntu server without hearing it beep, too?
<jmarsden> If you want to monitor it, set it up to send you email or SMS messages or whatever, rather than staying within earshot of it 24x7.
<terinjokes> jmarsden: this particular box runs here at my desk... but yes, generally it would go to the pagers
<terinjokes> jmarsden: and by "critical system beeps" i mean various notifications i have
<jmarsden> Loading that module should make that device visible... or it used to... trying it now on a Karmic desktop...
<fbdystang> wow, ls is even in color now ;)
<crohakon> fbdystang, yes, now change all the files to random permission and look at the beautiful art!
<jmarsden> terinjokes: OK, on my PC here after modprobe snd-pcsp I have a new device /dev/dsp2 which is the PC speaker, so at that point catting junk to it produces audio from it... how to actually make it beep is left as an "excericse to the reader" :)
<terinjokes> jmarsden: no luck
<terinjokes> let me reboot and try again
<fbdystang> OK, I think I have a samba share set up. How do I access it from windows? through workgroup? or can I just us IP in internet explorer?
<terinjokes> jmarsden: no luck
<terinjokes> (in other news, that's how online games should handle the should disappearance of the gateway)
<jmarsden> fbdystang: From DOS you can do   net use Q: \\1.2.3.4\sharename       stuff.    From Windows Explorer you can click Tools -> Map Network Drive.
<terinjokes> while i'm in this channel, anyone know why the fink package depends on gstreamer, which seems to pull in half of X?
<qman`> terinjokes, did you try --no-install-recommends?
<terinjokes> qman`: it's depends, not recommended
<qman`> ah
<terinjokes> qman`: which makes no since, to pull half of X for a console application
<terinjokes> finch*
<qman`> hmm
<qman`> I just checked on a hardy server, it only recommends gstreamer
<qman`> not depends
<qman`> might be a bug with the newer package
<terinjokes> right... for hardy
<terinjokes> although, i just checked online, and it's recommending gstreamer-plugins, but still depending gstreamer
<terinjokes> (for hardy)
<qman`> also only recommended in jaunty
<qman`> well, it depends on libgstreamer, but that shouldn't also pull in X packages
<terinjokes> qman`: correct, i think i subconsciencely (i can't spell, don't worry) i droppe the "lib"
<qman`> but it would pull in a lot of stuff if you are installing recommends, which is the default
<terinjokes> i'm on karmic, which depends (diff from juanty) libdbus, libdbus-glib, libgstfarsight, libgstreamer-plugins-base, libidn11
<qman`> might have a protocol in there or something
<qman`> can't see any other reason a text-based client would use anything gstreamer
<fbdystang> It Works!! Thanks for your help guys, Anyone know if I can also see these on a MAC? if so, do I just have to map it?
<terinjokes> qman`: well it's pulling in support of every a/v codec in the world it seems... think a maintainer is using a GUI and not realizing what's happening (perhaps?)
<terinjokes> i don't think a simple text-based client should be 109MB
<qman`> terinjokes, it shouldn't be doing that if you're not installing recommends
<terinjokes> qman`: did ---no-install-recommends
<terinjokes> (except 2 dashes ;) )
<qman`> in that case, I'd file a bug
<qman`> because it certainly doesn't depend on all that nonsense in previous editions
<qman`> it DOES depend on a lot of libraries, but not codecs
<terinjokes> qman`: http://pastebin.ca/1712912
<terinjokes> i realize all those aren't a/v codecs, but still
<qman`> that's far too much
<qman`> if I had to guess, I'd say gconf is pulling most of that in
<qman`> the gtk and X stuff, anyway
<qman`> it's also depending on some sound codecs, likely the work of gstreamer, unless it has voice chat or something
<terinjokes> and video
<terinjokes> (i see libv4l in there)
<qman`> another possibility is that keyring package
<qman`> if they implemented that functionality, and the keyring package depends on gtk, that would cause a big mess
<terinjokes> qman`: it i gtk, wouldn't I just use pidgin?
<terinjokes> if i had*
<qman`> well
<qman`> that's just libraries
<qman`> it's not actually installing X, just a lot of libraries generally used in gtk and X applications
<qman`> and some fonts
<qman`> I agree though, that's way too heavy for a console-based application
<terinjokes> qman`: i know that, i recognize most of these from by brief stint as a fink maintainer... but still, i don't want to install a bunch of unneccesary libraries
<qman`> but that's either a design choice or packaging error
<terinjokes> exactly, creating a launchpad account now
<qman`> I gave up on instant messaging networks a long time ago, IRC does it better :)
<terinjokes> qman`: it's fine and dandy it the other people use IRC ;)
<terinjokes> Launchpad #395001
<uvirtbot> Launchpad bug 395001 in pidgin "apt-get install of finch requires X11 (deps wrong)" [Undecided,New] https://launchpad.net/bugs/395001
<lwizardl> hi
<lwizardl> other then the howtoforge guides whats a good guide to follow for configuring a complete working web server ?
<twb> lwizardl: the ubuntu serve admin guide?
<twb> *server
<twb> http://tinyurl.com/ubuntuserverdoc
<qman`> not sure what exactly you're after, since a "complete working web server" is provided by checking that little box next to LAMP in the installer
<lwizardl> qman`, yeah I know it does but I seem to fail at being able to get any working sites on the server. example domain.tld when i have my registar pointing to my server they just time out
<qman`> do you mean that you have a DNS service pointing names to your IP, or you have your registrar pointing to you for DNS?
<qman`> because in the latter case you need a DNS server
<lwizardl> no i use zoneedit for the dns servers but then i have zoneedit pointing to my ip and then i have port 80 forwarded to the server.
<qman`> so when you run a dig on your domain, it points to the right IP?
<lwizardl> yeah
<qman`> in that case, the problem is most likely to do with the apache site configurations
<qman`> if you're getting any errors, troubleshoot those, otherwise pastebin one of your site configurations and I'll have a look
<twb> qman`: or his DNAT rule
<qman`> yeah, that too
<qman`> are you sure the port forward works?
<twb> You have to test the port forward from OUTSIDE your local network
<twb> e.g. ssh into alioth and run a w3m there
<lwizardl> i followed the guide on the howtoforge site for 9.04
<qman`> guides can be wrong, you need to test it
<lwizardl> i'll try it again and if it fails this time then i'll post the configs
<twb> IME guides are almost always wrong
<qman`> also, you should always look at ubuntu-specific documentation first
<qman`> a lot of things are different distro to distro
<qman`> and if you don't notice it can really mess you up
<twb> You should start with Ubuntu's OWN documentation for the release you're running.
<lwizardl> k
<twb> One guy here was configuring openldap (on 8.04) based on what he found on some blog for 6.06 or something
<twb> Which is obviously going to have differences
<qman`> yeah, a lot can change over two years
<Hajuu> Hi, i'm trying to setup samba, but when I try to connect from my windows 7 computer, it seems like even though as my username I enter 'hajuu' it tries to use 'MICHAEL1\hajuu' as my username. Which is wrong obviously.
<twb> Quite apart from the unreliability of "stuff I found on a blog"
<twb> Hajuu: MICHAEL1 is your domain
<Hajuu> Thats my windows pc's name
<Hajuu> which obviously has no relevance to my samba username on my other computer :(
<qman`> Hajuu, that shouldn't make a difference in a workgroup configuration
<qman`> unless you're actually in a domain setup, the domain field is generally ignored
<Hajuu> do I need to define my samba password for my user or something maybe?
<twb> qman`: I think it depends on how he's doing samba auth
<qman`> I've always had to do that
<qman`> at least for any users that existed before configuring samba
<qman`> smbpasswd -a
<Hajuu> thanks ill try, sec.
<Hajuu> hmm
<Hajuu> I *think* im connected
<Hajuu> how do I make a share?
<qman`> Hajuu, /etc/samba/smb.conf
<qman`> though the magic homes share should be enabled by default IIRC
<Hajuu> yeah I had a look through heh
<qman`> try \\server\hajuu
<Hajuu> it seems to connect to \\server
<Hajuu> but not \\server\hajuu
<qman`> perhaps it isn't defined then
<qman`> the shares are defined in smb.conf, at the bottom
<qman`> there should be plenty of examples commented out
<Hajuu> yay
<Hajuu> connecting to \\share\hajuu now
<Hajuu> but still cant see my home folder
<twb> Run "smbclient -L 127.0.0.1" on the server
<twb> That should tell you about the available shares
<Hajuu> haha oh im dumb
<Hajuu> the folder *was* empty
<Hajuu> xD
<Hajuu> thanks so much guys
<danielrheath> Hi everyone
<danielrheath> I'm having trouble installing ubuntu 9.10 server
<danielrheath> when I select the install option
<danielrheath> I get a message about kernel requires an x86-64 CPU, but only detected an i686 CPU
<danielrheath> sorry, that was meant to have quotes
<danielrheath> "kernel requires an x86-64 CPU, but only detected an i686 CPU"
<danielrheath> I
<danielrheath> I'm installing on an HP pavilion machine
<qman`> danielrheath, that means you don't have a 64-bit CPU and need the i386 version of ubuntu
<danielrheath> OK
<danielrheath> so just get the other ISO and all should be OK?
<qman`> yes
<twb> danielrheath: or change CPU
<twb> But that might require a new motherboard and stuff
<danielrheath> it's just a home server with an old machine
<qman`> the oldest 64-bit CPUs are the original athlon 64s and Pentium 4 extreme 3.0GHz+ models
<qman`> anything older than that is only 32-bit and requires the i386 ISO
<danielrheath> ok
<qman`> there are very few differences between the two as far as user experience is concerned
<danielrheath> thanks very much :)
<Hajuu> hm. I made a new share entirely other than the magic homes share
<Hajuu> and I can see it fine
<Hajuu> but even though I set writable = yes
<Hajuu> I still can't write/delete
<qman`> Hajuu, try writeable = yes and read only = no
<twb> qman`: within the 80x86 family, at least
<qman`> yeah
<twb> Alpha, POWER and SPARC had 64-bit CPUs much earlier.
<qman`> IA64 too
 * Hajuu has a sparc station heh xD
<qman`> but I meant x86-based
<Hajuu> and a thinware client
<qman`> I'm excited for ARM netbooks :)
<twb> Nod nod nod
<twb> I should write to Pegatron again
<Hajuu> heh easy question im sure
<Hajuu> how do I add a user to a group?
<Hajuu> like I want to add my samba user to my webservers group so that it can access the hosted files
<qman`> oh, there's about a thousand ways to do that ;)
<twb> Hajuu: usermod
<Administrator_> i have question , why do we need to setup ubuntu server what its use?
<qman`> adduser user group
<qman`> edit the /etc/group file
<qman`> all these ways work
<Hajuu> ahh its ok, did it with usermod
<Hajuu> heh
<Hajuu> cheers
<qman`> Administrator_, Ubuntu Server can be used for just about any use you want, including but not limited to mail, web, and file servers
<Hajuu> ok and final dumb question (hopefully)
<Hajuu> how do I set the file permissions so that the owner group (not username) can read and write to the files
<qman`> Hajuu, chmod 775 for executables, 664 for regular files
<Hajuu> what do the two mean exactly
<qman`> the numbers are based on read/write/execute, user/group/world
<qman`> read is 4, write is 2, execute is 1
<qman`> add them up for the number
<qman`> each digit refers to user, group, world, in that order
<Hajuu> ah ok
<Hajuu> sweet
<qman`> you can also use the textual syntax if that doesn't sit well with you
<Hajuu> cheers
<qman`> it's in the man page for chmod
<Hajuu> meh nah thats much better
<Hajuu> yeah
<Hajuu> heh now I cant connect at all for some reason
<Hajuu> what fun xD
<Hajuu> hmm now im confused
<Hajuu> I can see my share
<Hajuu> like if I connect to my server I see a list with my share in it
<Hajuu> but it says I dont have permission to access it all the sudden
<uvirtbot> New bug: #496008 in openssh (main) "public key authentication grants access even for locked accounts" [Undecided,New] https://launchpad.net/bugs/496008
<jtaji> lol, that's not a bug
<Hajuu> im guessing that my samba user is somehow prohibited from accessing the path
<Hajuu> what user does samba run as?
<Hajuu> hmm ok if its running as root, seems unlikely that it cant access the folder :/
<Hajuu> any other ideas?
<klear> hello, I am having problems with static IP on my fresh installation of Ubuntu Server -- problem is I cannot ping/connect to machine from outside but I can ping other IPs from the Ubuntu Server
<qman`> Hajuu, despite separate authentication, samba doesn't actually have separate users, it uses system users for access
<jmarsden> klear: By "outside" do you mean other machines on the same local LAN subnet?  Did you attempt any firewalling of any kind?
<qman`> it's pretty odd but that's how it works
<klear> jmarsden: I try to ping it from an external IP (96.57.xxx.2) to Ubuntu's IP (96.57.xxx.4) -- I flushed and stopped the firewall, no rules active
<Hajuu> blah dont even know why I was bothering with samba, ssh's inbuilt sftp is just as good
<jmarsden> klear: So the server is directly connected to a public Internet IP address -- no router at all in the way?  No NAT or anything?
<klear> yup, well it's connected to a CISCO router that comes from my ISP but it doesn't have any NAT as far as I know, it just serves as an IP delegator of sorts
<Hajuu> can I change the password of the www-data user or will that break apache?
<qman`> Hajuu, that user should never have a password
<Hajuu> heh well ok im trying to mod that directories files but not having much luck as the user I added to the www-data group
<jmarsden> klear: OK, and you know that Cisco allows pings through in both directions?
<klear> yes, as I have 2 other IPs using the same CISCO and those IPs can be pinged fine
<jmarsden> OK.  You could try using tcpdump to watch for incoming packets on the relevant interface and so see if they get to your new Ubuntu machine?
<klear> but this is not just ICMP though, it's definitely blocking any type of access
<klear> ok
<klear> jmarsden: I'm definitely getting responses from "tcpdump -i eth0" ... what am I looking for exactly?
<jmarsden> Well, the question is who or what is "blocking"... Use  something more like sudo tcpdump -i eth0 icmp   # so you only see ICMP traffic.
<jmarsden> Then ping the .4 machine from another machine on the same local LAN and see whether any of the incoming pings show up in tcpdump.
<klear> ok, listening, nothing moving, let me ping now
<klear> hm... cannot get local because Ubuntu is the only machine connected to .4
<jmarsden> You said you had 2 other IPs behind that CISCO... so those should be on same subnet, right?
<klear> oh right, same subnet, sorry misunderstood you
<jmarsden> Use one of those machines... or am I misunderstanding this?
<jmarsden> OK.
<klear> yeah, doing that right now, pinging from .5 and nothing showing up on tcpdump
<klear> right, so CISCO has 4 ports and 2 of them have Linksys routers with a bunch of computers each. Right now I'm on .5 which is behind a NAT (Linksys) connecting to the CISCO
<Hajuu> blah this file permission thing is really annoying, my user is a member of the www-data group, he can connect and browse folders, including his home which he can write to
<Hajuu> however he cant see any files in /var/www
<klear> Hajuu: did you try to jail users?
<Hajuu> he can go into the folder, but its empty and unwritable
<Hajuu> nope just trying to connect to a remote server
<Hajuu> /var/* is set as 764
<qman`> klear, sounds like a routing issue to me
<jmarsden> klear: Hmm.  Either .5 is on the same subnet, or it isn't... behind a linksys doing NAT means it isn't...
<jmarsden> klear: Can you document your routing setup and pastebin it somewhere?
<qman`> Hajuu, that's the problem
<klear> sure, give me one sec
<qman`> should be 775
<qman`> err
<qman`> the directory, /var/www should be 775
<Hajuu> I dont want people being able to execute stuff in the documents folder..
<jtaji> Hajuu: execute for a directory means to list it's contents
<qman`> executable means something different for files versus directories
<twb> Hajuu: mount it -o noexec, then
<Hajuu> oh realyl
<Hajuu> heh
<qman`> the executable bit toggles whether you're allowed to list contents in a directory
<twb> Anything like /home or /srv/www should be mounted -o noexec,nodev,nosuid
<Hajuu> im not using samba anymore.
<Hajuu> I'm using ssh-ftp
<twb> Hajuu: you mean SFTP?
<Hajuu> yeah
<Hajuu> ok I corrected its permissions but still isnt working
<Hajuu> I cant just not list, I cant write either
<Hajuu> although I still cant list either
<twb> Is the connecting user trusted?
<Hajuu> its just for me :/
<Hajuu> to get files from production to live
<klear> jmarsden: http://pastebin.com/d76b3d084
<twb> Hajuu: does ssh work?
<twb> Hajuu: you need to isolate the problem.
<Hajuu> yes, both *work* though, I can ssh in with this account, I can write to the users home folder through both sftp and ssh.
<Hajuu> I just cant write to, or list the contents of, /var/www
<twb> Hajuu: which user are you connecting as?
<qman`> Hajuu, ls -alh /var | grep www
<jmarsden> klear: OK, so can you check or pastebin or both (!) the IP address, subnet mask and default gw of the Ubuntu server, the Linksys router at .5, and the machines behind the Linksys router?  This sounds like a misconfiguration somewhere...
<Hajuu> one I created, 'phpnet'
<twb> Hajuu: and why should this user have execute permissions on /var/www/?
<Hajuu> drwxrw-r-x  3 www-data www-data 4.0K 2000-01-01 23:25 www
<Hajuu> I said I DONT want them to have execute permissions.
<klear> sure thing, give me a few minutes
<Hajuu> Let's try to stay on point here.
<Hajuu> :P
<qman`> Hajuu, that's 765, not 775
<twb> Hajuu: you cannot list a directory unless it is executable
<qman`> the user is not allowed to list the contents of /var/www
<Hajuu> bleh I just made it 777
<Hajuu> still cant.
<twb> Hajuu: you do "ssh phpnet@fs ls /var/www/" ?
<Hajuu> im using nautilus
<Hajuu> for the file operations atleast
<twb> I canot help you with nautilus.
<qman`> are you sure the permission change stuck?
<Hajuu> hajuu@phpnet:~$ ssh phpnet@10.1.1.9 ls /var/www/
<Hajuu> ssh_exchange_identification: Connection closed by remote host
<Hajuu> No, I dont think it did
<qman`> 'sudo chmod 775 /var/www'
<Hajuu> sudo: /var/run/sudo writable by non-owner (040765), should be mode 0700
<twb> Hajuu: you have broken sudo
<jmarsden> twb: He's broken permissions on a lot of things under /var I think...
<Hajuu> yay.
<twb> I don't understand why www still defaults to /var instead of /srv
<twb> I guess because policy says /srv is for the local admin alone...
<klear> jmarsden: done -- http://pastebin.com/d41f689e1
<Hajuu> eh great so now I cant change any permissions and I cant become root
<Hajuu> how wonderful.
<twb> Hajuu: this is why you do not just make changes at random and hope it fixes things
<jmarsden> klear: You can check the default gw on the Ubuntu server using   netstat -nr
<Hajuu> no, this is why you dont hand complete administrator control over to some random easilly disabled application.
<klear> hmmm, it says 0.0.0.0
<qman`> Hajuu, it is only possible to break sudo with root access
<klear> but I have defined it in /etc/network/interfaces though, how can this be?
<Hajuu> if I could become root, it would be easilly fixed, and the ability to log into root is pretty hard.
<qman`> root is the highest level of access there is
<twb> Hajuu: if you deliberately make sudo's infrastructure insecure, it is fully justified in refusing to be a gaping security hole.
<Hajuu> Yeah break sudo..
<Hajuu> not break root
<Hajuu> then atleast I could fix it.
<Hajuu> what am I supposed to do now.. reinstall my fucking os?
<Hajuu> :(
<twb> If you have physical access, you can easily become root.
<qman`> yeah
<Hajuu> I do
<Hajuu> urgh
<qman`> though it's likely more work to fix than to reinstall
<qman`> what I assume you've done is blanket change permissions on everything in /var
<qman`> which is a very bad thing
<Hajuu> yeah ill livecd it up
<qman`> don't need a live CD, just hit escape when grub is loading
<twb> Indeed.  If you fuck up badly enough to break sudo, it's likely that you have broken a lot of other things.
<qman`> and choose recovery mode
<jmarsden> klear: The second column of the line of netstat -nr output should be the gateway, in the line that starts with 0.0.0.0
<twb> jmarsden: still using netstat instead of ss? ;-)
<Hajuu> bleh yeah I dont even know what the correct permissions of any of the folders are.
<Hajuu> ill just reinstall.
<jmarsden> twb: Old habits die hard :)
<klear> jmarsden: you mean the 2nd row? because on 2nd row I do see the gateway IP
<Hajuu> and waste 3 hours of my time.
<Hajuu> yay.
<jmarsden> klear: CAn you pastebin the whole netstat -nr output ?
<klear> sure, one sec
<qman`> I've always used the route command
<twb> qman`: route â  ss/netstat
<twb> qman`: route corresponds to ip route
<qman`> yes, I just mean to show the routing table
<twb> Oh, icky.  I didn't realize netstat even included that functionality
<qman`> I didn't either, always used route [-n]
<klear> jmarsden: here is netstat -nr: http://pastebin.com/d12d9c8e2
<qman`> but netstat -[n]r shows roughly the same thing
<jmarsden> twb: It's been there a long time, that functionality.  Works on Windows too... and on NetBSD and FreeBSD... I don't remember when or why I started using netstat -nr rather than route -n, both work.
<klear> what do the Flags "UG" mean?
<twb> klear: up, gateway
<klear> thanks
<jmarsden> Looks fine to me.  Hmm.  Want to reveal the xxx so I can try pinging your machine from here?
<klear> sure
<twb> I dunno why people bother to obscure IPs
<klear> haha, i know, i thought it was lame, too
<klear> 96.57.248.4 <- the Ubuntu Server
<jmarsden> It's perfectly pingable from here :)
<qman`> mm
<klear> wait, what
<qman`> you do realize that information is available to everyone on this network, just by viewing your host line?
<qman`> yep, responding here too
<klear> qman: I thought so, goddamnit, this is what corporate life has done to me :(
<jmarsden> I can ping 96.57.248.4  from here in Southern California...
<jmarsden> So the issue is with your other PC, the one behind the Linksys, or with that Linksys, I would guess.
<klear> ok, so it must be my .5 setup that needs a whooping
<jmarsden> Yes.
<qman`> what's most likely
<qman`> the machines behind the linksys don't know the route
<qman`> or the linksys itself doesn't know the route
<klear> how could that happen though
<qman`> or for some reason the cisco is blocking the traffic
<klear> Linksys has DNS servers from my ISP
<qman`> DNS and routes are two totally separate things
<klear> sorry, I'll take that back
<klear> how would Linksys not know the route in this case then?
<jmarsden> We're using IP addresses, not names, so DNS isn't (yet?) involved here.
<qman`> ah, I know what's up
<qman`> the cisco is not forwarding the packets out the other port
<qman`> using a switch instead of a router as a switch would solve it
<qman`> the linksys knows it's directly connected to the subnet your ubuntu server is on
<qman`> except it isn't
<qman`> it has to go through the cisco
<klear> right
<qman`> the cisco sees the packets coming from the subnet they're destined to
<qman`> and drops them
<klear> and the Cisco is just ignoring it
<klear> I see, it makes sense
<klear> let me try to ping another IP on the same subnet then
<klear> omg, that's right!!!
<klear> wtf man, I feel so good talkin to you guys about this!
<qman`> a true bridge of the cisco's ports should solve that, but using a switch would be easier
<klear> honestly I don't even know why they had to bring in the Cisco whereas a Netgear switch would do fine -- is that correct?
<qman`> yes, if everything connected to it is using statically assigned external IPs
<qman`> a switch is the right device for that job
<klear> but then how does this explain complete blocking of the system -- I understand Cisco dropping ICMP packets but I can't even access Ubuntu via SSH or anything from the same subnet
<jmarsden> klear: It just doesn't forward any packets to/from the same subnet.
<qman`> the router is preprogrammed to ignore traffic destined to the 'local' subnet of each port
<jmarsden> That set of pprts on the back of the Cisco are not acting like a switch
<klear> oh, i thought it was only applicable to ICMP packets
<qman`> no, all packets
<qman`> it's the router barrier
<klear> ohh
<qman`> if there's no routing to be done, they're simply dropped
<klear> is there any way I can change that in the Cisco myself or would my ISP have blocked it?
<qman`> you would have to bridge the ports together
<jmarsden> klear: ISP will not lightly give you their cisco password :)
<qman`> not sure if the router is capable of that
<qman`> what you could also do, is plug all your stuff into a switch, and plug the switch into one port on the router
<klear> on the Linksys router?
<klear> or the Cisco
<qman`> no, the cisco router
<qman`> modem -- cisco -- switch --{ everything else, linksyses and ubuntu server
<klear> but the switch would have to be configured with the static IP info... it would have to be a managed switch?
<qman`> no
<klear> oh
<qman`> the switch doesn't need an IP
<jmarsden> klear: everything that now goes to the back of the cisco goes into the new switch, and one port from the new switch goes to the back of the cisco.
<klear> analyzing...
<klear> hmm
<jmarsden> A cheap 10/100 5 port switch would do if you have nothing better :)
<klear> then I could configure the 2 differenet Linksyses to have static IPs and they would work?
<qman`> yes, as well as the ubuntu server having its own static IP
<jmarsden> klear: Yes, and plug both their WAN ports into the switch.
<klear> wow, never thought of it that way
<qman`> everything plugged into that switch would use a public, static IP
<klear> so a 4-port switch would have my 2 Linksyses and the Ubuntu Server... all 3 of these configured with Static IPs... then the Switch has the 4th cable going to Cisco
<qman`> yes
<jmarsden> klear: Yes.
<klear> I have to try that
<klear> but doesn't that just render Cisco useless though?
<klear> could I not just bypass it?
<klear> and connect that switch directly to modem?
<qman`> unless they have some strange proprietary configuration, yes
<klear> yeah, they probably configured the modem during provisioning to work with Cisco's MAC or something
<jmarsden> No it may be doing all kinds of stuff... it may see all the 96.57.248.* traffic coming in router to some other IP , for example... be careful...
<qman`> in theory all you need is a switch
<qman`> but your ISP could be doing some odd things
<qman`> so the safe thing to do is leave it there and just put your switch behind it
<klear> they are weird
<jmarsden> Why rock the boat, leave the Cisco in place.  Jut add a small switch behind it.
<klear> I have a couple of those small switches laying around
<klear> yeah, I'll have to
<klear> thank you guys, you're awesome
<klear> I didn't even expect this kind of help, honestly
<jmarsden> You're welcome.
<klear> Ubuntu rocks
<klear> sorry for a little outro rant but...
<klear> I'm falling in love with the damn thing
<klear> it's like the first time I started making music back 15 years ago... hearing music come out of the computer seemed wonderful
<klear> now I'm building a server and decided to go with Ubuntu precisely because of the huge community behind it
<klear> and, wow, Ubuntu really really rocks!
<klear> and everyone involved
<klear> thank you guys, I will install mIRC and try to come here regularly
<qman`> eww, mIRC
<klear> sorry, been a long time
<klear> what is used nowadays?
<klear> Pidgin?
<jmarsden> klear: Or switch to xchat :)
<qman`> irssi, xchat, pidgin, anything open source preferrably
<klear> damnit!
<klear> I feel old -- and I'm not!
 * jmarsden feels old, and *is* :)
<qman`> be wary of the "official" windows xchat port though
<qman`> it's trialware and violates the GPL
<klear> back in my day, "/me slaps X around the neck with a large trout" was the norm
<klear> yeah, xChat does look nice and simplistic but trialware doesn't sound good for an OS product
<jmarsden> There's an unofficial one from ... silver*something* that I've used on Windows... http://www.silverex.org/
<qman`> yeah
<qman`> and there's a number of other clients too
<qman`> mIRC just hasn't changed for the better at all, it's not standards compliant and looks straight out of 1998
<klear> we used to 'crack it' back then
<klear> it was trialware then too
<klear> what about Pidgin, I installed it once but could not get it off Windows ever... had to format my laptop
<klear> has it improved now?
<_ruben> its algo was so simple you could create a keygen its own scripting engine .. enough offtopic though :p
<qman`> I honestly haven't used it since they first changed the name from gaim
<qman`> I quit using other IM protocols around that time
<_ruben> lots of coworkers use  pdigin to connect to our jabber server
<klear> i'm using webchat.freenode.net right now... it's hot :P
<qman`> irssi is my favorite IRC client, but it's console based so not for everyone
<qman`> running xchat on this
<klear> yeah, it looked like a colorful Putty
<_ruben> irssi here as well .. running in putty ;)
<klear> yeah, Putty's nice allright but the Gnome default on 9.10 is just beautiful
<klear> I was expecting a GUI for the server edition at first but then blushed at the thought... it was embarrasing
<klearr> haha! here I come, Ychat up in here!
<klearr> thank you guys for your help and putting me up for other IRC clients
<klearr> I'll be back!
<Hajuu> heh ok
<Hajuu> and im back
<Hajuu> Error: Host key verification failed
<Hajuu> i'm getting that trying to ssh in
<Hajuu> (i've reinstalled)
<jmarsden> Hajuu: Delete the line from your local ~/.ssh/known_hosts file
<jmarsden> It still has a value from the previous install left in there.
<Hajuu> It shouldnt, I completely removed my partition table lol :(
<Hajuu> sec
<jmarsden> On your local machine that you are connecting from?
<Hajuu> the one im connecting to
<jmarsden> Hajuu: Delete the line from your local ~/.ssh/known_hosts file  -- LOCAL, the machine you use the ssh CLIENT on.
<Hajuu> ahh that worked
<Hajuu> yeah
<Hajuu> I got what you meant :P
<Hajuu> Worked perfectly, thanks :D
<_ruben> it even tells you the line number to remove :)
<Hajuu> meh I got that from nautilus
<Hajuu> so I dont think it does
<_ruben> ah, never used nautilus, so wouldnt know
<twb> sed -i 99d ~/.ssh/known-hosts to delete the 99th line :-)
<Hajuu> ok.. so. Now i'm back where I was.
<Hajuu> I am able to sftp in with nautilus to my server running sshd.
<Hajuu> the connected client can manipulate files in the users home directory
<Hajuu> however he cannot modify files in the server directory (for authoring files to the live server)
<twb> Hajuu: if this is just a private server, why not use ~/public_html?
<Hajuu> I did this command to add the user to the www-data group
<jmarsden> Hajuu: OK, so now you can sftp your files up to your home dir (NOT /var/www/) .  Then on the server (in a ssh session) you can move them around to whereever you need to.
<Hajuu> it IS ssh, it's all the same system
<Hajuu> same permissions
<Hajuu> and yes, I did test that.
<Hajuu> sudo usermod -G www-data --append hajuu
<Hajuu> thats what I did to add him to the www-data group
<Hajuu> and to give group full access to the folder I did..
<Hajuu> sudo chmod -R 775 /var/www/*
<twb> Technically, SFTP is a component subsystem of ssh.
<Hajuu> exactly :P
<Hajuu> its really awesome. I'm in awe of the way it just worked
<Hajuu> and its only like 4mb.
<Hajuu> Truely a standard to live upto :P
<Hajuu> this is purely a permissions error I still reckon
<Hajuu> but I cant get it to work as I want
<Hajuu> oh wait
<Hajuu> blah yeah I just cant get it to work
<Hajuu> drwxr-xr-x  3 root root  4.0K 2000-01-02 01:55 www
<Hajuu> whatever I do
<Hajuu> it seems to stay as root
<Hajuu> no matter how I try to chmod it
<Hajuu> :(
<Hajuu> hahah
<Hajuu> um
<Hajuu> looks as though
<Hajuu> ssh caches its permissions
<Hajuu> or something
<Hajuu> cause I terminated all my connections
<Hajuu> restarted ssh
<Hajuu> and now all is well
<Hajuu> one final question
<Hajuu> is it possible to use mount or fstab to mount an sftp to a place on the filesystem?
<twb> Hajuu: you are thinking of sshfs.
<twb> It isn't fantastic... but no network filesystem is.
<Hajuu> meh thats ok it just would have made synchronizing stuff to the live server easier
<_ruben> synchronize = rsync in my book :)
<Hajuu> itd be cool if they added like a filesystem wrapper sshfs:// or something and included it - it'd be like the complete package then
<Hajuu> I guess not everyone needs or wants that though
<Hajuu> anyway, thanks a lot for all your help :D
<Hajuu> peace
<uvirtbot> New bug: #493727 in php5 (main) "date('Y') returns 0000 on big endian machines" [Low,Triaged] https://launchpad.net/bugs/493727
<uvirtbot> New bug: #496247 in augeas (main) "Sync augeas 0.6.0-1 (main) from Debian testing (main)" [Wishlist,New] https://launchpad.net/bugs/496247
<erik78se> http://uk.groups.yahoo.com/group/thepirateparty/members
<Bilge> How does someone get started with C++ programming for Linux? Where is there documentation of the functions and stuff you have available on the platform?
<MTecknology> Bilge: aptitude install build-essential
<Bilge> That's documentation?
<Bilge> It's already installed on my machine
<Bilge> The description says it's for package building
<MTecknology> then any C++ programming guide ylou can find applies
<Bilge> Are you implying that any Windows functions and constants and whatever are also available on Linux?
<Bilge> Because I find that hard to believe
<Bilge> Therefore invalidating your claim that any guide applies
<Bilge> In any case I have no such definitive guide
<MTecknology> and the attitude invalidates me providing further help..
<Doonz> Afternoon guys, Is there a way i can install ubuntu server on to a server that has no monitor attached to it.
<Doonz> if i could just get the thing to boot off of an cd that would just provide me with ssh access to the box it would be all i needed
<MTecknology> Doonz: I think your easiest option would be to setup a virtual machine on your own system and mimic the keypresses you provide
<MTecknology> Doonz: You could use the installer to install openssh-server
<Doonz> hmm
<Doonz> so im kinda screwed i pretty much need a monitor to get the install going then
<MTecknology> The other option would be to try to build your own installation cd that would do it all automatically which is very likely far too painful to do fo that
<Doonz> well my settings would be fairly
<MTecknology> I think I could do most of a server install without seeing the screen - it's mostly just all enter
<Doonz> hm
<MTecknology> I did a server install once when I was royally wasted; just referencing a vm a little should be pretty easy I'd think
<Doonz> yeah i was just hoping there would be a unnatended install option
<MTecknology> There's network boot options too..
<MTecknology> Check out this page - https://help.ubuntu.com/community/Installation
<Doonz> yeah i was reading those
<MTecknology> Doonz: I'm not finding anything more helpful than what's on there
<Doonz> yeah thats ok
<Doonz> thanx tho
<Doonz> ill just pull it up stairs
<Doonz> :(
<MTecknology> Ya, it's hard to do anything without having some sort of interaction on the system
<MTecknology> hrm...
<MTecknology> if you're comfortable with an ssh install....
<MTecknology> Try out a systemrescuecd
<MTecknology> it'll get you to a liv evironmet with no interaction. I think you just need to run one command to enable ssh access to the system
<LizardK|ng> how is the server different than the desktop, other than having no gui?
<guntbert> !server
<ubottu> Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server-specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is 8.04. For more info see https://help.ubuntu.com/community/ServerFaq/ and https://help.ubuntu.com/8.04/serverguide/C/index.html - Use the #ubuntu-server channel for support
<MTecknology> LizardK|ng: different kernel; the install presents you with tasksel; and ya, all that
<LizardK|ng> tasksel?  why a different kernel?  optimized for server tasks?
<LizardK|ng> i am running jaunty as a server and i'm considering using ubuntu server, but i will want a gui.  would it be difficult to do that?
<pmatulis> LizardK|ng: kernel flavour differences are best discerned by examining the kernel config options used to compile them.  good question though
<ScottK> Starting with Karmic for i386, there is not a server specific kernel.  Server uses generic.
<Anril> is it normal for /dev/md0 to be clean after a forced reboot without resyncing?
<ghostlines> --pidfile: command not found
<ghostlines> I'm trying to make a star-stop-daemon script for an app but I'm getting an --make-pidfile command not found error. Any ideas?
<MatBoy> mhh I need some packagemanagement tool, but not landscape :)
<LyonJT> How can i give a user full access rights to a folder?
#ubuntu-server 2010-12-13
<eriksson25> How do I sett up a cron command, to run chmod -R 777 /path/
<The_Tick> eriksson25: why do you need to do that continually?
<eriksson25> have a folder that that my admin user creates folders in, and need to have 777 permissons on those folders to be able to change them with a other user over samba.
<eriksson25> in the crontab, shuld the actual comand be, or shuld it link to a other .cron that contains the comand?
<Cygnus_Rift> Hey guys, can anyone help me with a problem?
<Cygnus_Rift> If theres anybody paying attention
<Cygnus_Rift> Wow, the ubuntu channel is sprawling with people and yet nobody says a word on here
<Patrickdk> cygnus, as per the rules of irc, only solve questions, not questions about questions
<Patrickdk> but he is gone anyways
<uvirtbot> New bug: #689472 in quagga (main) "package quagga 0.99.15-1ubuntu0.1 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/689472
<fluvvell> Patrickdk, they never seem to stick around long
<stiv2k> wtf
<patdk-lap> ya, 2min is defently not long enough on irc
<stiv2k> I installed the ntp package and setup so my local network can sync off my ntp daemon but its not working
<patdk-lap> exactly how did you setup?
<stiv2k> trying to telnet on port 123 gives connection refused
<patdk-lap> ntp doesn't use tcp, won't work :)
<stiv2k> oops
<stiv2k> yeah, forgot udp
<patdk-lap> ntp.conf needs many changes also
<stiv2k> i used this parameter in ntp.conf
<stiv2k> restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
<patdk-lap> that should work fine
<stiv2k> and broadcast 192.168.1.255
<patdk-lap> use ntpdate on another machine to check it
<patdk-lap> forgot broadcast nothing really uses it at all
<patdk-lap> windows machines?
<stiv2k> i try and it says no suitable server found
<stiv2k> 12 Dec 21:06:35 ntpdate[8788]: no server suitable for synchronization found
<patdk-lap> well, ntp has too be running for awhile, (5-15min atleast) before it stabilizes, and will serve time
<patdk-lap> otherwise it will reject requests
<stiv2k> oh
<stiv2k> wow
<twb> I didn't know that, thanks.
<patdk-lap> unless it knows it has good time, it won't give out time :)
<stiv2k> patdk-lap: just when you said that, it worked
<patdk-lap> hehe
<stiv2k> patdk-lap: can I have ntpd serve time to people outside my lan too?
<stiv2k> or is that a bad idea
<patdk-lap> yep
<patdk-lap> I do it
<stiv2k> what do I need to change for that
<patdk-lap> ntp.patrickdk.com I think
<patdk-lap>  I chane the defaults to:
<patdk-lap> restrict -4 default notrap nomodify nopeer
<patdk-lap> restrict -6 default notrap nomodify nopeer
<twb> Not NN.pool.ntp.org
<twb> ?
<patdk-lap> twb, it's in pool also
<patdk-lap> but using my own domain, I have my own servers setup to use it, besides just the pool
<patdk-lap> my ntp servers are in the pool, but the clusters of servers behind and with them, just use mine
<twb> My DHCP server tells DHCP clients to use my local NTP server, but AFAICT Ubuntu ignores them (except d-i).
<stiv2k> patdk-lap: can you test if getting time from stiv2k.info works
<patdk-lap> server 72.188.7.219, stratum 2, offset 0.039795, delay 0.06297
<patdk-lap> 12 Dec 21:14:22 ntpdate[6344]: adjust time server 72.188.7.219 offset 0.039795 sec
<stiv2k> hmm so it already works then
<patdk-lap> you have a firewall on that machine?
<stiv2k> yes
<stiv2k> i already had the port forwarded
<stiv2k> from before
<patdk-lap> if you put it in the ntp pool. be careful
<patdk-lap> it will easily overflow conntrack
<stiv2k> why
<stiv2k> oh
<stiv2k> i'll get thousands of requests?
<patdk-lap> yep
<stiv2k> even with a large pool?
<patdk-lap> if you use some of the slower connection speeds, you won't *often* get a flood
<patdk-lap> but I normally only use the highest speed setting
<patdk-lap> actually, since that guy started redirecting all turkey dns traffic to a dummy server, it's been a lot better
<stiv2k> what do you mean speed setting
<patdk-lap> on the ntp pool website
<stiv2k> another issue i'm having is that my cups keeps pausing the printer with a backend error after every print job
<stiv2k> http://paste.neoturbine.net/98229
<stiv2k> that is the cups error log
<stiv2k> any ideas?
<wtse> how to fix the following security vulnerablity
<wtse> http://marc.info/?l=full-disclosure&m=129175358621826&w=2
<wtse> about econet issue?
<_Techie_> is there any way to install windows inside a ext partition?
<Psi-Jack> _Techie_: ##windows
<Psi-Jack> There is a way, but only under virtualization where Windows itself thinks it's a primary partition, or rather, a full raw hard drive, but I'm sure that's not what you were thinking.
<_Techie_> if it just emulated the HDD then im happy
<_Techie_> i just dont want it to emulate the CPU and everything else
<twb> AFAIK neither Windows' bootloader nor kernel contains drivers for ext, thus AT BEST you will only be able to store data (i.e. D:) on ext.
<twb> I'm not aware of any virtualization technology that can present a virtual HDD *to Windows* without emulating an entire system.
<twb> Obviously LXC/OpenVZ can approximate that for Linux clients, but that's because both host and guest share a kernel.
<_Techie_> okay, is there any way to safely resize the ubuntu-server partition and install windows side by side without screwing up everything
<twb> _Techie_: I don't know; I haven't used Windows for about ten years.
<twb> _Techie_: normal procedure is to install Windows *first*, because Ubuntu understands Windows partitions, but not vice-versa.
<_Techie_> yeah
<_Techie_> i would have done that, but only recently has the idea of doing windows stuff on this machine arised
<twb> I suspect you can simply shrink your ext partition, install windows, then boot a live medium and reinstall the bootloader.
<_Techie_> i can do that, but i dont trust gparrted that much
<fluvvell> HELP~ one of my linux servers has been overcome with about 50 processes running a command called dtmss!
<fluvvell> they are connecting from various random ip addresses, I can killall the processes, but I don't know where they came from!
<fluvvell> they are running under the www-data user
<The_Tick> ok, stop killing them all
<The_Tick> the www-data user, what does it look like in /etc/passwd?
<The_Tick> cat /etc/passwd | grep -i www-data
<The_Tick> and lsof | grep dtmss
<The_Tick> don't paste a huge thing from lsof in here, find a pastebot
<The_Tick> fluvvell: all of this is pointed at you
<fluvvell> The_Tick, Hi, ok just looking up www-data now
<fluvvell> The_Tick,  just  one entry     www-data:x:33:33:www-data:/var/www:/bin/sh
<fluvvell> Wait, why should www-data have a shell?
<The_Tick> set that to not have a shell
<The_Tick> starting off
<The_Tick> you're getting hacked
<The_Tick> you need to figure out where that dtmss lives on the box
<The_Tick> or
<The_Tick> it's a torrenting app
<fluvvell> a find command ?
<twb> fluvvell: sounds like you're running a PHP app
<The_Tick> find / -name 'dtmss'
<The_Tick> twb: sounds like torrents to me
<twb> The_Tick: yes, but the reason he got owned was he ran a PHP ap
<fluvvell> twb, my web server has php
<fluvvell> I have a locally written content manager in php
<The_Tick> twb: hehe
<The_Tick> fluvvell: you have a poorly written one most likely
<fluvvell> The_Tick, twb, I have found the dtmss  in /tmp
<fluvvell> yeah,
<The_Tick> fluvvell: don't rm it yet
<The_Tick> investigate that fil
 * fluvvell flogging my programmer
<The_Tick> file
<The_Tick> see who owns it
<fluvvell> www-data
<fluvvell> its binary
<The_Tick> well there you go
<The_Tick> ya, heh
<The_Tick> anything else in /tmp?
<The_Tick> see if www-data has a history of commands
<fluvvell> barbut
<The_Tick> if it were me
<The_Tick> I'd reimage the box
<fluvvell> uh, but they don't have a home directory?
<The_Tick> and restore from backup
<fluvvell> I think re-imaging might be a good idea
<The_Tick> and then harden the box
<The_Tick> then put it back on the net
<The_Tick> in other words
<fluvvell> Owch, re-writing the website under a new content manager??
<twb> Reimaging the box won't help if he doesn't also fix the shitty code
<fluvvell> twb, lol
<The_Tick> fix your shitty code
<The_Tick> why do you have a custom built local thing when there's 30 oss packages which are maintained normally?
<fluvvell> but you're right.  Its written by  shitty@code.com. I'll just send him an email.
<The_Tick> rewrite it in python ;)
<twb> The_Tick: because the 30 oss packages are also full of security holes :P
<fluvvell> The_Tick, I might have to get an off the shelf cms,  got any recommendations?
<The_Tick> twb: hehe
<twb> cough wordpress cough phpbb
<fluvvell> doh, asked the stupid question.
<The_Tick> fluvvell: depends on what you need
<fluvvell> Isn't w**dpress written in php twb ??? LOL
<twb> fluvvell: yes, which is a contributing factor in its poor security history
<fluvvell> twb, from what I've read, they've made a bit of progress in that area
<twb> IME CMSs are designed for stupid people, by stupid people.  I don't think I've seen one that I'd recommend, except maybe to an enemy.
<The_Tick> fluvvell: what exactly do you need to do?
<fluvvell> do either of you want a copy of the hackers code to look at?
<The_Tick> don't say "cms"
<The_Tick> nope
<fluvvell> he he
<twb> http://en.wikipedia.org/wiki/Functional_requirements
<fluvvell> Just a clients website, it wasn't too complicated. I think I could implement it in wordpress.
<The_Tick> no no
<The_Tick> what does the website need?
<fluvvell> before I answer, should I kill off the shells that my hacker still has open?
<The_Tick> umm yes
<The_Tick> rm the binary
<The_Tick> then kill them all
<The_Tick> change the shell
<The_Tick> check for anything in /etc/rc*
<The_Tick> for restarting their shittiness
<twb> fluvvell: http://www.porcupine.org/forensics/
<fluvvell> have heard about the coroners toolkit before
<twb> I was mainly pointing to the textbook (first link)
<fluvvell> Interesting
<fluvvell> Well I've shut down the web server, but of course that puts their website offline :(  So being 3 days from my summer holiday of 3 weeks, anybody got a quick suggestion that will keep my mental health intact?
<The_Tick> reimage, restore from backup, lock down
 * fluvvell kicks self, hunts for instant magic solution, fully aware it does not exist
<fluvvell> yes, reimage
<twb> Reinstall the machine, but leave the website turned off
<fluvvell> only a nights work I guess
<The_Tick> figure out how they got in
<The_Tick> then force the user to fix it
<The_Tick> before it goes online
<The_Tick> use virtual machines
<twb> The_Tick: since it was owned by www-data, it's a safe assumption is was something within the www-data group that was exposed
<twb> Using a VM won't stop the abitrary-execution-with-user-privileges hole in his CMS
<fluvvell> Users are all samba users, plus my programmer who has left to run kids camps, and only programs part time now.
<The_Tick> twb: agreed
<fluvvell> Yes, I'd say most definately it was a php vulnerability
<The_Tick> twb: it'll make it easier to revert the vm since I have a feeling he'll run into this again
<twb> The_Tick: true
<fluvvell> I'd probably best get someone to convert the4 website to wordpress
<The_Tick> fluvvell: again
<The_Tick> what does the user actually need
<The_Tick> you may not need a cms
<fluvvell> The_Tick, okay, I see your point. They havn't done a lot of content update themselves.
<fluvvell> The_Tick, checking it out, they have changed details here and there, contact names etc, added some text to their product line descriptions. It used to be about 5 pages with links etc, not much changed there.
<fluvvell> nope, all the /etc/rc* directories look standard, and rc.local is untouched from standard
<fluvvell> so twb, you'd be more keen on Django ? Being a python based content manager?
<twb> Look, the bottom line is that anyone can write an insecure web app
<fluvvell> twb, its true
<twb> PHP targets newbies, and newbies make more mistakes
<twb> So as a rule of thumb, I'd prefer python over php -- but that doesn't mean it won't be full of holes
<twb> And hey, python is targeted at newbies, too
<fluvvell> twb, yes
<fluvvell> twb, The_Tick, many thanks for the help.  I've got to go collecting for the food bank, but I'll schedule in a reimage on the server for tomorrow night.  warm regards to you both.
<twb> Whatever
<The_Tick> shut the box down now
<The_Tick> until you can work on it
<twb> Hear hear
<Frenk> Hey, for years I was a Windows-Admin now switching to Linux. I used Exchange behind a VPN. User can`t use IMAP and SMTP without VPN connection. Is it reasonable to do the same with my Ubuntu-Postfix-Cyrus installation?
<Frenk> I have OpenVPN. If it is reasonable how do I configure Cyrus and Postfix to accept connections only from local networks.
<twb> Frenk: don't run them on the bastion?
<Frenk> twb, sorry but i dont know what you mean =/ my english isnt as good
<twb> Frenk: the "bastion" is the host that sits between your network and other networks, and routes traffic between them
<twb> If cyrus runs on any other host, and the bastion firewalls it, then it will inherently be inaccessible from other networks
<Frenk> oh ok i got it
<twb> http://de.wikipedia.org/wiki/Bastion_Host
<Frenk> thx for german version hehe
<Frenk> is my idea right? = i set up a bastion host for vpn, the cyrus is on another host and is blocking all connections except from the bastions ip
<Frenk> because both hosts are servers pointed directly to the internet (root hosting)
<twb> If both hosts are directly on the internet, you do not HAVE a network
<twb> If it's just a VPS on the internet somewhere, you would put everything on one box, and configure the firewall to only allow connections to postfix/cyrus from the VPN's subnet.
<Frenk> oh ok
<twb> You could ALSO tell postfix and cyrus to only bind to that interface, but that requires you to use static IPs, and to bring up the network before starting postfix/cyrus.
<twb> If the VPN is only there to control access to IMAP and SMTP, I would instead just use SSL.
<twb> I'd also use dovecot instead of cyrus.
<Frenk> I use imapS only. but i thought that double authentification (vpn + cyrus) is good
<twb> I don't see why
<Frenk> Because people will need keys to access the network and then their passwords to access the mailbox
<Frenk> To prevent hacking of the mailboxes
<Frenk> or is it useless?
<twb> So you want it for multi-factor authentication?
<twb> i.e. so you need both a key and a password?
<Frenk> yes
<Frenk> right
<twb> I *think* you can do that with SSL, by configuring two-way SSL handshaking
<Frenk> ok ill google it
<Frenk> and why dovecot over cyrus?
<twb> i.e. each client machine also has an SSL keypair and an SSL cert
<Frenk> its all in all for 15 people so i think individual ssl key isnt a problem
<twb> Mainly because dovecot seems to be more active, and (I think) it's Ubuntu's preferred implementation
<twb> Yeah, cyrus is in universe, dovecot is in main.
<twb> https://help.ubuntu.com/10.04/serverguide/C/dovecot-server.html
<Frenk> Since i am new to *nix i use artica (postfix-cyrus-webinterface-amavid and many more features) for email with snort with snorby as ids
<twb> Do not trust just any article you find
<twb> In particular, check when it was written, and for which version of Ubuntu
<Frenk> ok
<twb> One of my coworkers keeps using really old articles and I have to hit him with a stick... :-/
<Frenk> hehe
<Frenk> aand artica is using cyrus as default - thats why im using cyrus =D
<Frenk> okay ill search for ssl handshake, thx a lot!
<udens> hi guys
<udens> i have i question, how do i create such system if server is down, i give user a static styled html msg with temp down info
<udens> i know its possible i just dont know how
<_ruben> udens: you'll need to put a reverse proxy in front of that server which would give you that functionality
<udens> so this reverse proxy would chek if site is down and then display static html?
<_ruben> basically,l yes
<udens> is it possible to show different html for different domain?
<_ruben> most reverse proxies offer that as a feature, yes
<udens> thanks _ruben
<twb> Of course, then your reverse proxy would be a SPOF
<udens> thanks guys im just new to this :)
<udens> google didnt help this time
<_ruben> twb: that probably isn't an issue, as without it, it already is an spof on its own ;)
<_ruben> just add one more spof ;)
<twb> two spofs is worse than one
<_ruben> twb: true, but if one wouldn't matter, why would two ? ;)
<twb> Bah
<twb> Enough of your "logic"
<_ruben> if one cares about spofs, the "backend" would be HA as well ;)
<_ruben> heh
<eagles0513875> hey guys i need some help with smtp. i have it setup to use startttls on my smtp server yet now its having problems sending out going emails :(
<eagles0513875> any one able to help me
<_ruben> eagles0513875: you'll need to be much more specific & elaborate .. good starting point would be to pastebin the config and relevant logs
<eagles0513875> _ruben: what port does starttls use
<eagles0513875> !postfix | eagles0513875
<ubottu> eagles0513875, please see my private message
<eagles0513875> basically _ruben starttls isnt able to establish a connection to my server :(
<eagles0513875> _ruben: this is the error message im getting as im trying to send this email
<eagles0513875> Sending of message failed.
<eagles0513875> An error occurred sending mail: Unable to establish a secure link with SMTP server eagleeyet.net using STARTTLS since it doesn't advertise that feature. Switch off STARTTLS for that server or contact your service provider.
<patdk-wk> starttls isn't a what or an it
<eagles0513875> thats odd
<eagles0513875> O_o
<ubax> Hi, I can use some advice as i'm setting up my first dedicated server and i'm not sure as to do i need to install a mail server like Postfix for PHP scripts to be able to send email using the mail() function or is there a better and more efficient method?
<eagles0513875> patdk-wk: i think i have isolated this issue to thunder bird
<patdk-wk> so you selected the, require encryption option, and didn't turn on encryption support on your server?
<eagles0513875> its been working up until this afternoon patdk-wk
<eagles0513875> what doesnt make sense
<eagles0513875> is that i can send an outgoign email from squirrelmail but not thunderbird mail client
<patdk-wk> well, when it installs, it installs a dummy certificate, did that dummy cert expire?
<eagles0513875> fixed it
<patdk-wk> hmm, dummy cert made for 10years here
<eagles0513875> patdk-wk: O_o it might have but i think its a port issue
<eagles0513875> patdk-wk: what file do i need to look at for the port smtp is using
<patdk-wk> master.cf
<patdk-wk> and maybe /etc/services
<eagles0513875> patdk-wk: where exactly would it tell me what port im using
<patdk-wk> netstat -atnp
<eagles0513875> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      <-- that good like that
<eagles0513875> instead of that smiley its supposed to be :*
<eagles0513875> : *
<patdk-wk> heh? what smiley?
<patdk-wk> you need a proper irc client
<eagles0513875> im using kvirc
<eagles0513875> does that look right to u though
<patdk-wk> it's ok, but you shouldn't be using that for thunderbird or stuff
<eagles0513875> im not
<eagles0513875> im accessing my mail server with it as my client
<patdk-wk> heh
<patdk-wk> you should never talk to a mail server using port 25 :)
<patdk-wk> it's unreliable
<eagles0513875> O_o
<eagles0513875> what other port can i use starttls with
<patdk-wk> 587?
<eagles0513875> firefox is defaulting to 587 should i use that instead
<eagles0513875> thunderbird i mean
<eagles0513875> patdk-wk: when it searches for the settings automatically it keeps setting the port to 587 for out going
<eagles0513875> for some reason
<eagles0513875> patdk-wk: i really need to get this back up :(
<mterron> Hi, any ubuntu server dev here?
<eagles0513875> :(
<eagles0513875> :(
<eagles0513875> patdk-wk: what i find odd is i can use squirrelmail to send emails just fine
<soren> Is squirrelmail running on mail server?
<Jeeves_> 15:12 < patdk-wk> you should never talk to a mail server using port 25 :)
<Jeeves_> Uh? :)
<patdk-wk> jeeves, way too many isp's, hotels, wifi hotspots, ... blocking or redirecting it
<patdk-wk> port 587 was always made for user access
<soren> Jeeves_: I think what patdk-wk is trying to say is that if you can, you should provide yourself with port other than 25 where you can connect to your smtp server, as port 25 is often blocked by ISP's.
<soren> It was simply rather poorly phrased.
<patdk-wk> I love how the iphone uses port 25 by default, and at&t blocks it in most places
<soren> You're supposed to use AT&T's SMTP server, aren't you?
<Jeeves_> soren: Indeed, you are.
<eagles0513875> interesting how can i reconfigure postfix to use 587 instead patdk-wk
<Jeeves_> patdk-wk: 587 never made it for normal use
<patdk-wk> oh ya, like at&t's smtp server is safe for sfp or dkim
<patdk-wk> eagles0513875, postfix uses port 587 by default :)
<soren> Did I say it was?
<Jeeves_> as if spf or dkim help :)
 * soren scrolls up
<soren> Nope.
<eagles0513875> O_O patdk-lap then what is port 25 used for
<patdk-wk> server to server
<Jeeves_> patdk-wk: Stop talking nonsense
<Jeeves_> You're talking RFC's, not use.
<Jeeves_> port 25 is used for delivering email from server to server, as well as from client to server.
<patdk-wk> heh? it's been that way on my servers for >10years
<patdk-wk> no user can use port 25
<eagles0513875> Jeeves_: well im having an issue though
<Jeeves_> patdk-wk: Than you're quite special :)
<patdk-wk> I don't allow use logins to port 25 and reject relay
<eagles0513875> its probably a thunderbird bug
<patdk-wk> user
<eagles0513875> thing is with squirrelmail things work fine with port 25
<soren> That's just silly.
<patdk-wk> squirrelmail is on the postfix box though isn't it? and thunderbird isn't?
<eagles0513875> patdk-wk: ya thats right
<eagles0513875> thign is im on the same network as the postfix box
<patdk-wk> ya, so completely unrelated
<Jeeves_> eagles0513875: If i see the message above, thunderbird is not going to use tls because the server isn't saying it supports is
<eagles0513875> same subnet and everything
<eagles0513875> Jeeves_: ?
<eagles0513875> Jeeves_: whats funny is it was working just fine earlier this afternoon
<eagles0513875> let me try again on my mac
<Jeeves_> 14:51 < eagles0513875> An error occurred sending mail: Unable to establish a secure link with SMTP server eagleeyet.net using STARTTLS since it doesn't advertise that feature. Switch off STARTTLS for that  server or contact your service provider.
<Jeeves_> That's where you client is connecting to port 25 (or 587 for that matter) and checking if postfix responds to EHLO with STARTTLS
<Jeeves_> It seems like postfix isn't doing that
<Jeeves_> so try and pastebin this:
<eagles0513875> Jeeves_: mac laptop is working fine :(
<Jeeves_> open a terminal
<eagles0513875> bah i swear this desktop is starting to frustrate me
<eagles0513875> let me test one other thing
<Jeeves_> type 'telnet <ip of your server> 25'
<Jeeves_> type EHLO .
<Jeeves_> type quit
<Jeeves_> and pastebin the output
<eagles0513875> Jeeves_: i have isolated the problem to this pc
<Jeeves_> eagles0513875: Ok, nevermind than. Have fun
<eagles0513875> Jeeves_: ha thats what i get for trying to run windows lol
<eagles0513875> i thought it was a problem with the email server at first
<patdk-wk> anti-virus doing a smtp redirect? killing ssl support :)
<eagles0513875> patdk-wk: nope
<mterron> Hi everyone, I'd like to report a problem with either ubuntu-server 10.04 installer or documentation regarding option "Minimal virtual system".
<mterron> someone from the dev team is around?
<eagles0513875> mterron: just post your problem and someone will answer if they know the answer
<mterron> I know eagles051387, I've already fixed it, but i'd like to report it to someone on the dev team
<eagles0513875> mterron: report any bugs on http://launchpad.net
<mterron> ok, thanks a lot eagles0513875
<eagles0513875> no problemo m8 :)
<hallyn_> soren: looking at lp:vmbuilder - do i understand right that you just take the bzr tree, drop in the debian/ dir, and call that the package?  Or is there some other process to it?
<soren> hallyn_: Honestly, I don't remember. There may be a packaging branch somewhere.
<soren> hallyn_: Let me look real quick.
<hallyn_> soren: I do see lp:ubuntu/natty/vm-builder as well
<soren> hallyn_: That happens automatically.
<soren> hallyn_: All packages have that.
<hallyn_> i see
<soren> Except the few that fail to get imported, but generally they are there for all packages.
<soren> hallyn_: mvo has been working a bit on vmbuilder recently.
<soren> hallyn_: He also did an upload. You could ask him?
<hallyn_> soren: will do, thanks
<soren> Sure.
<toast018> Hello all
<toast018> What happens when u create a new key if one is already in place? Will it replace the current key?
<toast018> Anyone? Lol...
<uvirtbot> New bug: #689715 in dhcp3 (universe) "package dhcp3-server 3.1.3-2ubuntu3 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/689715
<toast018> :(
<toast018> Goooood morning all
<hggdh> Daviey: ping
<zul> SpamapS: ping lemme know when you are around
<SpamapS> zul: pingalingadingdong
<zul> SpamapS: i started to look at the cobbler packaging stuff where is your cobbler packaging branch so I dont duplicate effort
<SpamapS> zul: all of our branches are linked to https://blueprints.launchpad.net/ubuntu/+spec/cloud-server-n-install-service
<SpamapS> https://code.launchpad.net/~clint-fewbar/+junk/cobbler-packaging-enhancements
<SpamapS> there's mine
<zul> SpamapS: whoops yeah
<SpamapS> actually I think I need to push some to that
<toast018> What could cause a mail server to flood my network... I have to restart it in order to regain internet...
<cdubya> Any recommendations on a CRM/ERP that would support trouble ticketing and possibly something like accounting/fixed asset management (or know of anything close)....?
<zul> request tracker
<toast018> Cdubya try spicworks 5.0 it has an awesome helpdesk for tickets and inventory and purchases
<Frenk> Hey, I have torubles with Postix =( mail postfix/smtp[9438]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter but I have smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password in my conf
<chandru_in> Does anyone here use pen for load balancing between servers in production?  I'd like to know your experiences with it.
<uvirtbot> New bug: #689747 in clamav (main) "package clamav-base 0.96.3+dfsg-2ubuntu1.0.10.04.2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurÃ¼ck" [Undecided,New] https://launchpad.net/bugs/689747
<Daviey> hggdh: o/
<hggdh> Daviey: do we still need a test on the Maverick for Euca?
<toast018> Can anyone help with an issue with my mail server? I have to keep restarting because the internet keeps going down...
<axisys> i have sun fire x4150.. before I install ubuntu i like to find out if it will recognize all the devices.. can alternate iso do that without installing ? in otherwords can I use alternate iso as live cd ?
<toast018> And inorder to get internet connection I have to rebooot
<toast018> As soon as the server is down my internet connection returns...
<axisys> i am planning to install ubuntu 10.04.1 LTS
<coxn> I'd like to install VMs directly to an LVM logical volume, but I see this: https://help.ubuntu.com/community/KVM/CreateGuests#Install%20on%20a%20raw%20block%20device
<coxn> I'm hoping there's a way that doesn't involve doing a dumpxml, sed, etc.
<coxn> maybe somebody has already written a script to migrate VMs from a file to an LV?
<Daviey> hggdh: Ideally.... i have some i386 packages here if that is suitable?
<hggdh> Daviey: suitable... IDK ;-) but yes, I will run them
<Frenk> Hey, I have torubles with Postix =( mail postfix/smtp[9438]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter but I have smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password in my conf
<Daviey> hggdh: hold fire...
<hggdh> Daviey: weapons safe
 * SpamapS chooses now to ATTACK
<coxn> what do others use to install VMs such that their disk is a logical volume?
<patdk-wk> coxn, for that I used to use debootstrap
<patdk-wk> still do for xen
<patdk-wk> but not so useful for building vmware, I just use the iso
<Daviey> hggdh: Just trying to get packages built elsewhere...
<Daviey> waiting on another team for them.
<coxn> patdk-wk: xen. noted. Thanks. :)
<hggdh> Daviey: no prob
<coxn> anybody doing something with kvm?
<patdk-wk> hmm, debootstrap does kvm also, I'm pretty sure :)
<hggdh> zul: bug 684304 has been updated with the lcpci, boot log, and lsmod.
<uvirtbot> Launchpad bug 684304 in linux "cciss module does not identify resources" [High,New] https://launchpad.net/bugs/684304
<zul> hggdh: cool...thanks i saw :)
<zul> kirkland: i been doing some cobbler packaging my work is at lp:~zulcss/+junk/cobbler
<uvirtbot> New bug: #689783 in bind9 (main) "package bind9 1:9.7.1.dfsg.P2-2ubuntu0.1 failed to install/upgrade: ErrorMessage: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/689783
<kirkland> zul: oh cool
<kirkland> zul: let's get your work and SpamapS' work merged ...
<zul> kirkland: sure im still working on some things though
<kirkland> zul: cool, on the front end, or the actual deployment?
<zul> kirkland: packaging for now
<kirkland> zul: ah
<kirkland> zul: oh, cool, you have SpamapS changes in there already
<zul> kirkland: yep
<kirkland> zul: could you push to lp:~ubuntu-virt/+junk/cobbler ?
<kirkland> zul: so that we're all basically working off of the same branch?
<zul> right
<Juanito2> Hi, i need redirect 2 IP's public to private
<Juanito2> iptables -t nat -A PREROUTING -p tcp -i eth2 -d IP_Public --dport 3389 -j DNAT --to-destination IP_Private ... is correct this?
<ZacLnxNewb> hi
<ZacLnxNewb> for some reason I can't connect to deluge...
<ZacLnxNewb> you know?  Nevermind, I'll just uninstall and reinstall
<genii-around> Is there some known issue which would cause disk designations to keep rotating every boot?  eg: boot1- sda=80G, sdb=160G#1,sdc=160G#2 then boot2- sda=160G#2,sdb=80G,sdc=160G#1  boot3- sda=160G#1,sdb=160G#2,sdc=80G  ..and so on
<genii-around> ( because this makes the raid1 of the 160G drives to be screwed 2 out of 3 boots for me, etc)
<axisys> should I use the Adaptec SAS Host Bus Adapter on X4150 or just use the disk and create software raid ?
<eriksson25> Need help. Have a lvm spanning over two Raids. I just extanded one of the raids with two more disk and the array grew. But how do I expand the lvm to use this space.
<ZacLnxNewb> Need help:  Deluge is being a bitch
<papertigers> eriksson25: I think this explains it http://www.randombugs.com/linux/howto-extend-lvm-partition-online.html
<eriksson25> Thx, also found it on https://raid.wiki.kernel.org/index.php/Growing
<hggdh> JamesPage: I have a LTP-lite running under KVM on Hudson
<Frenk> Hey, I have a question. I have a mail server and many (10 people) are using it from different countries
<Frenk> and one person in Monaco always gets Client host rejected: Access denied
<Frenk> I searched everywhere, added the ip to all whitelists i could think off
<Frenk> but no success
<Frenk> Any ideas anyone? Russia, Germany, Hungary are fine - Monaco = Troubles
<pmatulis> Frenk: maybe pastebin the exact error message
<Frenk> An error occurred sending mail: The mail server sent an incorrect greeting:  5.7.1 <87.91.209.88.dynamic.monaco.mc[88.209.91.87]>: Client host rejected: Access denied.
<Frenk> I tested it with portable version of thunderbird - outlook shows same error
 * genii-around ponders EHLO vs HELO signalling
<Frenk> postfix says: mail postfix/smtpd[19149]: NOQUEUE: reject: CONNECT from 87.91.209.88.dynamic.monaco.mc[88.209.91.87]: 554 5.7.1 <87.91.209.88.dynamic.monaco.mc[88.209.91.87]>: Client host rejected: Access denied; proto=SMTP
<axisys> is this valid? GRUB_TERMINAL="--timeout=5 serial console"
<Frenk> axisys - do you ask me? sorry my english is pretty bad
<axisys> Frenk: to all really.. but i will anyone's answer..
<Frenk> pmatulis any idea?
<Frenk> or anyone else ... damn i just do not get it
<pmatulis> Frenk: the client hostname is no good
<Frenk> why is the hostname no good? and how do i disable hostname check?
<pmatulis> Frenk: it should be 'CONNECT from some_name[some_ip]'
<pmatulis> Frenk: there's an ip address in the name and postfix doesn't like it
<uvirtbot> New bug: #595877 in mysql-dfsg-5.1 (main) "impossible to use Ports on mySQL - Upstart/Config Problem" [Undecided,Incomplete] https://launchpad.net/bugs/595877
<Frenk> Pmatulis: okay, I got the problem. But how can I fix it? I cant change the clients hostname. But what can I do about it on the server?
<pmatulis> Frenk: in main.cf tell postfix to be more lenient
<Frenk> Pmatulis: since i am new to postfix and unix in general, can you tell me how to manage that?
<pmatulis> Frenk: maybe pastebin (really pastebin this time, do not paste in this channel) the output to 'postconf -n'
<coxn> hurm. Anyone in here use ubuntu-vm-builder regularly? https://gist.github.com/739529
<Frenk> http://pastebin.com/pX83LRtB
<Frenk> Pmatulis: thats the output: http://pastebin.com/pX83LRtB of postconf -n
<pmatulis> Frenk: pastebin the contents of file /etc/postfix/postfix_allowed_connections
<Frenk> Pmatulis: http://pastebin.com/Tp881HGu
<Frenk> but he has a dynamic ip - so i need a solution which works for dynamic ips =/
<genii-around> Hm. Whitespace starts second line of that paste
<Frenk> already changed it
<Frenk> but any other suggestions?
<hackeron> hey, is there anyway to get apt-get to just dump the list of URLs it wants to download, so I can download them on a faster connection on a different server, then copy across?
<pmatulis> Frenk: did you set up postfix like this?
<Frenk> yes
<Frenk> this is my postfix config
<Frenk> pmatulis: is working with everyone - but not with monaco and bad hosts
<Frenk> pmatulis: or is this config that bad?
<hackeron> ahh --print-uris :)
<pmatulis> Frenk: did you update the map since editing that file?
<Frenk> Pmatulis: you mean postmap /etc/postfix/virtual?
<pmatulis> Frenk: no
<pmatulis> Frenk: 'postmap /etc/postfix/access'
<pmatulis> Frenk: sorry
<pmatulis> Frenk: 'postmap /etc/postfix/postfix_allowed_connections'
<Frenk> just did
<Frenk> pmatulis: no effect
<pmatulis> Frenk: how are you testing the monaco address so quickly?  is that where you are?
<Frenk> teamviewer
<pmatulis> Frenk: fair enough
<Frenk> sending the message and waiting for error
<pmatulis> Frenk: maybe try a complete restart, not just reloading
<Frenk> restart of the server?
<pmatulis> Frenk: no, of postfix
<pmatulis> Frenk: 'sudo service postfix restart'?
<Frenk> pmatulis: nothing
<pmatulis> Frenk: is the postfix server the final destination of the email?
<Frenk> yes
<Frenk> its a server with postfix and cyrus
<Frenk> pmatulis: and the only client this server is rejecting is the monaco client
<kirkland> SpamapS: yo
<kirkland> SpamapS: are you around today?
<pmatulis> Frenk: you have 'my_domain'=$myhostname
<Frenk> where can i check that?
<SpamapS> kirkland: yeah wassup?
 * SpamapS has buried himself in Upstart stuff today
<pmatulis> Frenk: your destination email is blah@bp-legal.com ?
<Frenk> yes
<kirkland> SpamapS: two things ... i added you to ~ubuntu-virt
<pmatulis> Frenk: so edit main.cf so that mydomain=bp-legal.com
<kirkland> SpamapS: and i pushed your my changes + yours + zul's + mine to lp:~ubuntu-virt/cobbler/ubuntu
<SpamapS> kirkland: can never have enough team badges on LP ;)
<kirkland> SpamapS: and sent a build to ~ubuntu-virt ppa
<SpamapS> kirkland: cool
<kirkland> SpamapS: hopefully you + me + zul can get cobbler installing and deploying natty this week (?)
<pmatulis> Frenk: this is not why the check_client_access is not working but it's probably why the client is being rejected by the reject_unknown_sender_domain restriction
<pmatulis> Frenk: (you can also remove that restriction to test)
<zul> kirkland: it still needs a lot of work
<kirkland> zul: no doubt
<SpamapS> kirkland: yeah we need to divide up the work a bit
<kirkland> SpamapS: yeah;  will you be working on it this week?
<kirkland> zul: what about you?
<zul> kirkland: off and on
<SpamapS> kirkland: indeed, I was hoping we could chat about what needs to get done tomorrow post-meeting
<kirkland> SpamapS: k
<Frenk> pmatulis: deleted that rule - restarted postfix -
<Frenk> no
<Frenk> doenst work =(
<Frenk> but i didnt change domain name yet
<Balli> Hi I am running JeOS. How do I find if DMA is enabled or not in jeos?
<Balli> I used hdparm command, but no such command exists in jeos
<pmatulis> Balli: install away
<CyVan> Greetings. I have a Dell R310 server, Quad Core , 4GB of memory BUT the PERC H200A RAID controller. An application we need ONLY runs on UBUNTU 9.10 but that version is not recognising the RAID card :(  10.04 LTS sees it fine but not 9.10. I've checked the dell site. I see drivers for redhat and suse but not Ubuntu? Are they compatible? any other ways to get 9.10 to see the raid card?
<Balli> pmatulis: Yes I was dumb, I installed it and its working. Thanks!!!
<Noobster> hi all
<CyVan> is there a way to copy the 10.04 LTS drivers to be used by 9.10?
<Noobster> is there anyone here that can help me? I am trying to get the backport ver of bind9 installed but can not fig it out
<Noobster> I need bind9.7.2
<guntbert> Noobster: this channel is much quieter, so pose your question and prepare for patience please
<Noobster> ok thanx
<Frenk> pmatulis: doenst work =(
<Noobster> :)
<guntbert> Noobster: on what ubuntu version are you? (I was not aware that there are backports already for 10.10)
<Noobster> 10.04
<Noobster> x64
<guntbert> Noobster: have a look at https://launchpad.net/~hauke/+archive/bind9?field.series_filter=lucid
<guntbert> Noobster: but be warned: ppa are not "official"
<zul> SpamapS: im double booked for the meeting tomorrow and i think it is my turn to run the meeting can you run the meeting for me?
<david506> I installed ifenslave, the document in /usr/share/doc/ifenslave-2.6 is different from the examples, and I don't know how to setup ethernet bonding. Right now it's load balancing between the two connections, I want it to keep the second connection has a hot spare. Using ubuntu 10.04
<pmatulis> Frenk: remove 'check_client_access hash:/etc/postfix/postfix_allowed_connections,'
<zul> or it might be smosers turn
<zul> SpamapS: nm
<david506> http://pastebin.com/L0qN42cs
<Frenk> pmatulis: deleted that entry - restarted postfix
<Frenk> and nothing
<Frenk> argh =((((((((
<patdk-wk> david506: http://pastebin.com/23g3tjCL
<pmatulis> Frenk: pastebin 'postconf -n' again
<genii-around> CyVan:  That controller apparently uses the driver called mpt2sas , which http://packages.ubuntu.com/search?searchon=contents&keywords=mpt2sas&mode=filename&suite=karmic&arch=any shows is available in the kernel images of 9.10 . You may need to build it into your initramfs
<Frenk> http://pastebin.com/hsHafxqa
<Frenk> pmatulis: http://pastebin.com/hsHafxqa heres the update. i havent changed mydomain
<david506> That's almost good, but I believe it is missing two lines, I am posting to pastebin.com now
<CyVan> genii-around: Thanks! Are there any instructions on how to do that?
<pmatulis> Frenk: please change domain, restart postfix, and pastebin
<CyVan> genii-around: doing a google search now
<david506> This seems to work for me, thanks patdk-wk for the corrections : http://pastebin.com/41h7ia5D
<genii-around> CyVan: Basically, edit the file:  /etc/initramfs-tools/modules  adding the module name     then do:  sudo update-initramfs -u
<david506> I added auto eth3, iface eth3 inet manual, this prevents "Ignoring unknown interface eth3=eth3"
<patdk-wk> david, heh? I don't have eth2/eth3 at all in my config
<patdk-wk> I don't see the slaves line, you removed it?
<patdk-wk> where do you see, ignoring unknown interface, I don't get that
<eriksson25> How do I calculate how many blocks (lvm) 16TB is?
<Noobster> guntbert, that got 9.7.2p3 installed easy!! you saved me hours of work doing it by source!! Thank You
<guntbert> Noobster: glad it worked - have fun :-)
<CyVan> genii-around: ahh but that sounds like u would have to have it installed on the box already. It refuses to install and the box has no other HD's. Can this be done on another box to prepare a new install CD?
<pmatulis> eriksson25: block size is a filesystem parameter
<axisys> will this create a raid10 of 6 disks ?
<axisys> mdadm --create /dev/md10 --level=10 --raid-devices=6 /dev/sdc /dev/sdd /dev/sde /dev/sdf /dev/sdg /dev/sdh
<Balli> Hi could some one please, let me know when exactly a DMA write happens.
<Balli> I found my hardisk is dma enabled
<highvoltage> Balli: dma is enabled by default if your disk supports it
<Balli> I believe when I download a package using apt-get, DMA write should happen. Am I correct?
<patdk-wk> balli heh, not really
<genii-around> CyVan: Conceivably with remastersys or so, although i have not done this in a long time, myself
<patdk-wk> when ever you read or write ANYTHING to the drive, DMA will happen
<Balli> highvoltage: Yes its enabled. I just checked it since I use a virtual hardisk
<eriksson25> pmatulis: I added 4TB to my 14TB lvm. And then ofc I couldent extand the file system since resize2fs dont suport >16TB system. I havent extended my ext4 but want to do it to 16TB manualy setting the perimiter. But dont know how to find the right one.
<echoprinter> Anyone know if this would be a good way to get the python-profiler on my Ubuntu 10.04 server? http://www.peterbe.com/plog/upgrading-ubuntu-lucid-lynx-downgrading-python2.4-python2.5
<Balli> patdk-wk: oh could you please gimme a test case where DMA write would take place
<patdk-wk> balli, turning on your computer? syslog logging anything, EVERYTHING to the harddrive uses dma
<patdk-wk> why doesn dma matter so much to you?
<Balli> Patdk-wk - I am debugging a qemu code running jeos for my work
<patdk-wk> well, as your doing a virtual disk, and a virtual machine, nothing about it is going be real dma
<patdk-wk> so who knows :)
<patdk-wk> probably the qemu people
<Balli> patdk-wk: Yes when I turn on the computer DMA write takes place.
<Balli> patdk-wk: But the function which writes to the memory is invoked only once, I xpected it to be called many times.
<patdk-wk> heh?
<patdk-wk> what function that writes to what memory?
<patdk-wk> the memory location will change, every time
<Balli> patdk-wk: Its a c function is qemu code named 'cpu_physical_memory_rw'.
<patdk-wk> well, I dunno qemu, only dma
<toast018> I am using wireshark to monitor my traffic to my mail server and I noticed there is a nearly constant DNS quesry to our DNS server asking for ircserver.jmchd.com
<Balli> patdk-wk: Ya I wanted to know only about dma not qemu. I will figure out what qemu does :)
<toast018> it comes back no such name but then the mail server asks again...
<Balli> patdk-wk: Could you please enlighten me why a network packet doesnt use DMA write?
<david506> The doc was wrong, so I am opening a ticket priority minor
<patdk-wk> balli, too slow :)
<Balli> small packets?
<patdk-wk> well, interrupts tend to slow down network interfaces, so generally it's switched to polling mode
<pmatulis> eriksson25: ouch, sorry to hear about not being able to resize to the maximum
<patdk-wk> I think the network card also has it's memory mapped right into memory space, so it can be accessed directly, no dma needed to copy stuff over
<Balli> when memory is mapped, I think dma would take place internally.
<patdk-wk> why?
<patdk-wk> the cpu can physically see the memory on the card
<patdk-wk> dma is the other way around, having the card directly see the memory in the computer
<Balli> But cpu seeing the memory on card, happens because DMA writes a network card info into the physical memory
<Balli> patdk-wk: One basic question.
<Balli> DMA write means, a device writes its data into physical memory and DMA read is vice versa right?
<Noobster> guntbert, I am having a homebrew to selabrate how awesome you are! I will make a tutorial when I have SAmba4 PDC for WIN7. You will find a thanx in there from me.   http://www.bryanpopham.com/tutorials
<Noobster> *celebrate
<toast018> I am using wireshark to monitor my traffic to my mail server and I noticed there is a nearly constant DNS quesry to our DNS server asking for ircserver.jmchd.com
<guntbert> Noobster: :-)
<david506> patdk-wk, I removed the extra lines I added, rebooted and it works well.
<patdk-wk> heh
<patdk-wk> balli, no idea, I haven't done dma programming since the 90's
<david506> I am opening a ticket now.
<Balli> patdk-wk: Its okay :) Im jus starting now.
<kirkland> SpamapS: hey
<Balli> patdk-wk: One question related to a test case. Could you please give me an example of when a DMA write takes place, so I could debug my code.
<kirkland> SpamapS: did you get auth working with cobbler?
<kirkland> SpamapS: if so, what module did you use?
<Balli> patdk-wk: I tried "cat <filename>" and I found that no DMA write takes place :(
<kirkland> SpamapS: i'm trying: #    authn_testing    -- username/password is always testing/testing (debug)
<kirkland> SpamapS: not work for me though
<Balli> patdk-wk: No DMA write, because of small file size?
<patdk-wk> ballie did you wait for linux kernel to actually write it?
<toast018> is it normal for a mail server to join an IGMP group?
<Balli> patdk-wk: Yes I have set a breakpoint to debug the kernel code using gdb
<Balli> patdk-wk: I basically wanted to do some modifications to the content before a DMA write takes place
<Balli> patdk-wk: But its wierd for me since DMA write happens only once during system bootup afterwards there is no DMA write at all.
<toast018> Total newb here any help would be awesome... :)
<toast018> my mail server is constantly asking my dns server where ircserver.jmchd.com is
<toast018> its streaming across my screen in wireshark
<patdk-wk> toast018, it's been hacked?
<toast018> I dont know...
<toast018> I have no idea how to find out.
<patdk-wk> well, something on it is requesting it
<patdk-wk> see if there is anything running that you don't know what it does
<toast018> I have had to restart the server multiple times because it continually brings my internet connection down
<patdk-wk> I guess if your using apache mod_* (php/perl/...) you can't really see what they are running though :(
<CyVan> genii-around: Thanks.. I'll look at remastersys. So there's no chance that the redhat or suse drivers could work?  hmm maybe no t.. might be diff kernel versions :(
<toast018> apache will also give me an out of memory error every few days
<patdk-wk> toast018, one of your websites was hacked
<toast018> its a mail server only
<patdk-wk> then why is apache running?
<CyVan> genii-around: The thing is the 9.10 installer gave me a list of drivers to try and I saw mpt2sas but when I tried to load it it didn't work. Is it possible the ones that come with 9.10 aren't worknig properly but were fixed in 10.04? Is there a way to copy the 10.04 drivers instead?
<toast018> only apache related item is the webmail
<toast018> squirrelmail
<patdk-wk> webmail == website == hacked :)
<toast018> what are my options?
<patdk-wk> I don't know, I know nothing about squirrelmail
<patdk-wk> but I should shutdown apache
<patdk-wk> and see if all goes back to normal :)
<patdk-wk> if it does, they probably didn't get root, and just squieerelmail was hacked
<patdk-wk> but not sure if I would count on that
<toast018> whats the fastest way to change any passwords that would keep them out? or is there any?
<patdk-wk> heh?
<patdk-wk> they probably didn't use any passwords to get in
<toast018> :(
<patdk-wk> what version of squerrilmail?
<patdk-wk> I so can't type that word
<toast018> I noticed a gam_server running I killed it
<toast018> "/usr/lib/gamin/gam_server"
<toast018> trivial-rewrite -n rewrite -t unix -u -c
<patdk-wk> that is postfix
<patdk-wk> guess you really dunno what normally runs on your server
<toast018> gam_server is postfix?
<toast018> I didnt set it up a former employee did.,,,
<patdk-wk> it's a service that is normally used to check for file modifications
<toast018> they fired him and now Im over it.
<patdk-wk> what version of ubuntu?
<toast018> I wished they would get someone else... I honestly have no idea whats going on...
<toast018> 8.04
<patdk-wk> is it currently up to date?
<toast018> I just seen this come across wireshark. v2 membership report / join group 239.255.255.253
<toast018> yes it is up to date
<patdk-wk> heh, I would probably just do a: chmod a-x /etc/init.d/apache*
<patdk-wk> and reboot
<patdk-wk> then start looking for odd stuff in wireshark
<toast018> what would that do?
<patdk-wk> disable apache/webmail/squirrelmail
<patdk-wk> and reboot, to clean out all odd running programs
<patdk-wk> unless they added stuff into cron/at/...
<toast018> is that IGMP join group something that I should not see?
<patdk-wk> dunno, if it's only email, probably not
<patdk-wk> but if it's doing something else, pacemaker, heartbeat, ...., it would be fine
<toast018> chmod is to change ownership how will that disable apache?
<patdk-wk> chmod DOES NOT change ownership
<zamarax> hello, I have this script http://pastebin.ca/2018851 in my rc.local file, and unfortunately the second script hylafax doesn't launch, any idea?
<zamarax> if I remove the sleep function it will launch, but it doesn't give enough time for the first script
<toast018> command ran...
<i0nic> so to make something run on run level 2 , runlevel2 can run things as root?
<i0nic> basically im trying to make a script that runs ntpdate as root
<i0nic> are 755 permissions fine on this?
<MBR89> hi guys
<MBR89> need help with xrdp / kde on ubuntu server
<zamarax> hello, I have this script http://pastebin.ca/2018851 in my rc.local file, and unfortunately the second script hylafax doesn't launch, any idea?
<zamarax> if I remove the sleep function it will launch, but it doesn't give enough time for the first script
<MBR89> KCMinit ... Segmentation fault
<patdk-wk> zamarax, sleep (10) == invalid syntax
<zamarax> should be sleep 10 right? that's what I thought but when I use that it doesn't sleep for 10 seconds
<zamarax> they execute back to back
<MBR89> no idea
<Fookin_Prawn> maybe string them together like etc/asdf/asdf start && sleep 10 && /etc/qwerty start
<Fookin_Prawn> that way they don't execute without prior executing
<zamarax> thank you I will try that
<Fookin_Prawn> caveat you may need parentheses
<econnell> On 10.10, i'm trying to do a PXE boot for a virtual machine install (kvm) using virt-install... i've specified --pxe on the virt-install command line, but i'm not seeing any DHCP requests on the network and there is no output on the virtual console
<econnell> anyone have a clue on how to even start debugging that? :)
<zamarax> Fookin_Prawn - thanks that worked perfectly
<zamarax> appreciated :D
<Fookin_Prawn> zamarax: good to hear :-) if you're interested in more things like that, check out bash scripting
<zamarax> thanks
<Fookin_Prawn> econnell: do you have dhcp declared in your rc.conf?
<econnell> rc.conf?
<econnell> Fookin_Prawn: on the host system you mean?
<Fookin_Prawn> econnell: sorry, I haven't used ubuntu in a while. in one of ubuntu's startup scripts it should specify things like modules to load, interfaces, daemons, etc. can't remember which script has it, but dhcpd must be declared in it. it's probably named rc.* something
<econnell> this is a virtual machine install....
<econnell> PXE boot on the host machine works fine
<Fookin_Prawn> econnell: ah I see. so you're trying to start a virtualization with a -pxe command?
<econnell> yes
<Fookin_Prawn> and this virtualization is an installation?
<econnell> i'm trying to run this: virt-install -n web1 -m 54:52:00:00:00:01 -r 256 -f /virtualdisk/web1.img --nographics -s 30 --pxe --accelerate --connect=qemu:///system
<econnell> the VM starts and i can connect to the console, but nothing ever happens on the console and there's no network I/O from the VM
<Noobster> I am having an issue that might be caused by apparmor. I chown /var/run/bind to root:bind, but when I reboot it is changed back to root:root?
<Amgine> Maybe I should ask this here... trying (failing) to compile pcntl.so for php5.  dpkg-buildpackage: error: debian/rules build gave error exit status 2
<Noobster> of course I get an error on reboot in /var/lod/daemon.log
<Fookin_Prawn> econnell: i'm stumped, but virt-tools has an irc channel http://virt-tools.org/contact/
<econnell> Fookin_Prawn: thanks
<econnell> in the meantime, if anyone else can figure it out, let me know
<econnell> or at least where to start debugging
<patdk-wk> heh?
<jdstrand> Noobster: apparmor would not change the permissions on the directory
<jdstrand> Noobster: /var/run is a tmpfs and /var/run/bind is recreated on each boot
<Frenk_> Hey, people told me to do the following on ubuntu:
<Frenk_> $(postconf -n | awk -F= '{ print $1 }'); do echo -n 'default: '; postconf -d ${parameter} ; echo -n 'current: '; postconf ${parameter} ; echo '--'; done | less
<Frenk_> but i dont know how to start - if i put it in console i got an error
<Frenk_> i mean for parameter in $(postconf -n | awk -F= '{ print $1 }'); do echo -n 'default: '; postconf -d ${parameter} ; echo -n 'current: '; postconf ${parameter} ; echo '--'; done | less
<econnell> oh i give up... pxe boot in a xen vm worked fine on centos5...  no clue why it's not working on ubuntu... i'm just going to on-demand nfs mount the ISO on the hosts... talk about a hack :)
<twb> What that is supposed to do is iterate over each postfix option, and print both its default and current values (side by side).
<twb> Frenk_: it works for me in 10.04.
<Frenk_> i left for parameter in out -.- stupid me
<twb> for x in $(postconf -n|cut -d= -f1); do printf 'default: %s\ncurrent: %s\n\n' "$(postconf -d "$x")" "$(postconf "$x")"; done
<Frenk_> twb and what does: modified_parameters=$(postconf -n | awk -F\= '{ print $1 }'); for parameter in ${modified_parameters}; do default_value=$(postconf -dh ${parameter} ); current_value=$(postconf -h ${parameter} ); test ${default_value} '=' ${current_value} && echo ${parameter} ; done
<Frenk_> ?
#ubuntu-server 2010-12-14
<twb> It appears to print each setting that is unchanged from the default
<aetaric> booting a thin-client ubuntu 10.04, it starts eth0 up, and then my cisco router(dhcp server) spews errors about malformed option 61. any ideas about how to solve?
<twb> What's option 61?
<aetaric> it's the client ident
<econnell> client-identifier
<twb> As in send host-name ?
<econnell>    It is expected that this field will typically contain a hardware type
<econnell>    and hardware address, but this is not required.  Current legal values
<econnell>    for hardware types are defined in [22].
<twb> So cisco appears to be more prissy  than the RFC
<aetaric> pretty much
<aetaric> this only happens when i boot a thin client.
<twb> FWIW, netbooting Works For Me, with 10.04 desktops and 8.04/dnsmasq as the server, and intel PXE ROMs.
<twb> aetaric: this is happening before pxelinux loads, right?
<aetaric> no
<aetaric> this is post pxelinux
<twb> OK, so pxelinux.0 loads -- does it get as far as displaying a menu and loading the kernel and ramdisk?
<aetaric> yes
<twb> OK, so the bad DHCP request is somewhere within Ubuntu itself?
<aetaric> right
<twb> How did you generate the netboot image -- live-build?
<aetaric> i followed the guide
<aetaric> ltsp-build-client
<aetaric> from https://help.ubuntu.com/community/ThinClientHowto
<aetaric> still works all the way up to 10.04
<aetaric> it worked when my tftp and nfs server was also a dhcp server
<twb> Ah, LTSP
<twb> All I can suggest is that you 1) packet sniff and examine the bogus flow; and 2) try building a smaller image
<aetaric> is there a newer/better way to go about this?
<twb> You might be able to replace ISC dhclient with some other dhclient.
<twb> aetaric: well, AFAICT the problem is that your client is sending something that Cisco have decided not to accept, so ultimately you have to either fix the Cisco or workaround it in the client
<aetaric> kk.
<aetaric> have another dhclient you recommend?
<twb> Not really
<twb> aptitude search ?tag(client)?tag(dhcp) or so
<twb> http://paste.debian.net/102350/
<Frenk_> whats the irc command to read the chanell topic eg /topic
<Frenk_> read /topic
<Frenk_> anyone suggestions?
<Frenk_> [ if you're joining for the first time, or are new to irc, the first thing you'll want to do is read the channel topic (/topic) ] but how do i do that?
<hallyn_> Frenk_: just typing '/topic' doesn't work for you?
<hallyn_> Frenk_: which irc client are you using?
<Frenk_> Insufficient arguments for command.
<Frenk_> webchat.freenode.net
<Frenk_> qwebirc
<Frenk_> #topic
<Frenk_> nope
<shauno> it's often displayed at the top of the channel window, or when you first enter.  /topic is meant to return it tho  (obviously not your fault if it doesn't ..)
<The_Tick> it's your fault for using a bad client
<hallyn_> Frenk_: maybe /topic #channelname?
<Frenk_>  
<Frenk_>  !topic
<ubottu> Please read the channel topic whenever you enter, as it contains important information. To view it at any time after joining, simply type /topic
<twb> Just have him ask the vendor about it
<aetaric> twb: does it when i remove isc, install a replacement, and rebuild the ramdisk
<aetaric> so, it might be a kernel issue
<twb> aetaric: 11:10 <twb> All I can suggest is that you 1) packet sniff and examine the bogus flow; and 2) try building a smaller image
<aetaric> yeah
<aetaric> define smaller image...
<twb> less things
<aetaric> it loads it via nfs :p
<twb> So it gets as far as NFS?
<aetaric> nope
<aetaric> kernel can't get an address to connect to nfs
<aetaric> i have it load the kernel and initrd.img via tftp
<twb> So the problem is in the ramdisk
<aetaric> ok, how do i change how the ramdisk gets a dhcp lease?
<twb> You can't without a lot of fucking about
<twb> It'll be easier to replace the cisco IMO
<twb> Or at least call Cisco and ask them how to tell it to ignore option 61 or so
<pting> is there a command to preseed user/group ids? i want to sync up all the system user/group ids
<twb> pting: that's called "centralized authentication"
<twb> Oh, sorry, *system* accounts
<twb> I don't know any way to get those synced, other than 1) put them in your central auth (e.g. LDAP); or 2) ensure that you install packages in the same order on every host.
<twb> Neither of which are very nice
<pting> twb, i see... i was thinking of using puppet to pre-create all the groups and users before installing the packages
<twb> I suppose that could work
<pting> heh, not sure if that's the brightest of ideas though
<twb> Note that purging packages will often try to delete the system account
<pting> i would hate to install a package i forgot to create users for beforehand
<twb> So if someone purges one package and installs another, the new one might get the UID that you wanted for your system account
<twb> But that's probably an unlikely occurrence
<pting> twb, thanks, i'll just have to pick one.. i'm most interested in ensuring services like mysql and www-data are the same to read from nfs shares and such
<twb> pting: many of them are standardized in base-files
<twb> Sorry, base-passwd
<twb> www-data is, at least
<pting> o.O, so i could add puppet code to append to /usr/share/base-passwd/passwd.master and grouip.master before installing packages?
<twb> #define DEFAULT_PASSWD_MASTER	"/usr/share/base-passwd/passwd.master"
<twb> #define DEFAULT_GROUP_MASTER	"/usr/share/base-passwd/group.master"
<twb> Dunno, try it in your test lab :P
<pting> o.O i definitely will, thanks
<pting> twb, so what's the recommended ubuntian way of assigning manual user/group ids? start from the max id for the segment and go descending from there?
<pting> like start from system user id 999 and go down?
<twb> pting: update-passwd seems to apply to global IDs (0-99)
<pting> twb, hah, no!!! that solution seems like the right way to go though
<Noobster> is there any way to use apt-cache to tell you the version #?
<pting> twb, looks like it still works for system user ids.. i added mysql as 999, both as uid/gid... ran update-passwd and it was added
<Pici> Noobster: version of what? A package?
<Noobster> yes
<Pici> Noobster: apt-cache show packagename  has a Version line.
<Noobster> thanx!
<Pici> apt-cache policy will show you what versions exist in the repositories  you have in your sources.list
<twb> pting: eeeexcelent
<pting> twb, so it looks like update-passwd doesn't change uid/gids if they already exist
<twb> That would be about right
<twb> It's intended to set up defaults, not clobber users' changes to those defaults
<pting> ya, that's probably for the best =)... i'll just write some checks to notify me if these user ids are out of sync on my servers
<dbowlby> hello all!
<dbowlby> I have a ubuntu server running KVM
<dbowlby> I'm using bridging
<dbowlby> for some reason, after setting it up, I can't communicate to the internet (through the default gateway)
<dbowlby> http://pastebin.com/siC29Sgj
<dbowlby> ^my netstat -r and cat of /etc/network/interfaces
<uvirtbot> dbowlby: Error: "my" is not a valid command.
<dbowlby> my netstat -r and cat of /etc/network/interfaces is in the pastebin
<twb> dbowlby: pastebin "ip r" format, please.
<twb> For bonus points, all of "ip l; ip a; ip r'
<dbowlby> http://pastebin.com/XMv3pU20
<dbowlby> bonus points: http://pastebin.com/BM1gpnqP
<twb> Well, the first problem is that you've configured BOTH br0 and eth0 as 192.168.1/24
<twb> Meaning that on a per-packet basis, it'll pick either br0 or eth0 at random
<dbowlby> ok, I can see that
<dbowlby> so br0 should be a different network?
<dbowlby> I want my VMs to be on the 192.168.1.0 network
<twb> ifdown eth0; then remove "auto eth0" from interfaces
<twb> If you're bridging across eth0, you shouldn't be referring to eth0 directly
<dbowlby> if I bring eth0 down, I loose connectivity to the box
<twb> Then remove "auto eth0" from interfaces and simply reboot
<dbowlby> ok, let me try that
<twb> Currently you're trying to run the same network both over raw eth0 and over the bridge br0
<twb> You need to only have one of those -- probably the latter
<dbowlby> lol probably?
<twb> Note that (obviously) you'll need to connect to .10 instead of .230
<dbowlby> as feared, now I can't access the box
<dbowlby> twb, thanks, I finally got my console hooked up and found that the damn reboot failed
<twb> Sorry
<dbowlby> twb, now I can access my box and it appears to be working properly
<dbowlby> twb, no I'm sorry hehe
<dbowlby> this would definitely explain my connectivity issues to the VMs :)
<twb> What I described is pretty much what *I* use
<twb> Maybe your router (on .27) doesn't know how to get to .10?
<twb> Or maybe there's another host on .10 and they're fighting
<dbowlby> twb, nah it's working now
<dbowlby> twb, I commented out the auto
<dbowlby> on eth0
<dbowlby> twb, the whole reason I was looking at this was because I was having insane ping times to my VMs
<dbowlby> twb, then I noticed I couldn't get out through my gateway
<twb> dbowlby: I bloody told you to comment out "auth eth0"
<dbowlby> twb, after I took out that auto eth0 I could ping outside my gateway
<dbowlby> twb, I know, and I did, but I rebooted and the box didn't come back up
<dbowlby> twb, I didn't have a console, so didn't know why
<dbowlby> twb, after I hooked up the console, I found the system at a crash screen
<twb> Is this a server, or is NetworkManager installed?
<dbowlby> twb, after rebooting it, it worked great :)
<dbowlby> twb, it's ubuntu server with the virtualization stuff installed
<twb> Please confirm that "dpkg -l network-manager" has "un" in the lefthand column
<dbowlby> no packages found
<twb> Good enough
<twb> I don't know what's wrong
<twb> I assume bridge-utils is installed?
<dbowlby> it says ii
<twb> What does "brctl show" have to say?
<dbowlby> bridge name     bridge id               STP enabled     interfaces
<dbowlby> br0             8000.406186e288dc       no              eth0
<dbowlby>                                                         vnet0
<dbowlby> virbr0          8000.000000000000       yes
<dbowlby> my pings are still all over the place to this darn windows vm
<dbowlby> even from the host itself
<dbowlby> goes from 1ms all the way up to 400ms
<twb> That might simply be because the VM is sleeping while idle
<dbowlby> twb, a continuous ping?
<dbowlby> seems to be better
<dbowlby> aight, well, hehe, thanks a lot twb!
 * twb shrugs
<dbowlby> twb, I think you're on to something with the idle, don't really see the delay with my rhel vms
<axisys> how do I install ubuntu server non-interactively ?
<twb> grep sambashare /etc/group
<twb> sambashare:x:111:cyber
<twb> grep sambashare /var/lib/dpkg/info/*
<twb> ...no hits.  What created this group?
<axisys> https://help.ubuntu.com/10.04/installation-guide/amd64/appendix-preseed.html is it the recom way to auto install ubuntu ? or there is something easier ? may be some project in sf.net or freshmeat?
<twb> axisys: that's the best way, yes
<twb> axisys: FAI can hold your hand, but I don't like it much
<axisys> twb: FAI ?
<twb> apt-cache search ^fai-
<axisys> twb: it is in maverick.. but not in lucid (LTS)
<twb> Answer: the samba postinst
<uvirtbot> New bug: #690042 in libvirt (main) "libvirtd tries to disable ipv6's accept_ra even when ipv6 is disabled outright in the kernel" [Undecided,New] https://launchpad.net/bugs/690042
<Noobster> I have started my tutorial on installing Samba3 as a PDC for Win7 on Ubuntu 10.04 x64 LTS. It is still in beta but if it helps anyone..  http://tinyurl.com/SMB4PDCWin7
<Noobster> oops Samba4
<uvirtbot> New bug: #690073 in backuppc (main) "Please merge backuppc 3.2.0-1.1 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/690073
<twb> What is the difference between x, * and ! in the passwd and shadow databases?
<twb> AFAICT x means "ask shadow", and ! and * in shadow are identical
<\sh> twb: * <- disabled account x <- encrypted password in /etc/shadow (and eventually is ! another indicator with the same meaning of x)
<\sh> s/disabled/deactivated/
<twb> I'm a bit confused as to why some accounts are ! and some are *
<twb> I *suspect* it's just a matter of some being there when "shadowconfig on" first runs, and some being created after -- but I don't want to assume that when my dodgy thing sets them all to *
<\sh> twb: man 5 shadow ;) "If the password field contains some string that is not valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in, subject to pam(7)."
<twb> I don't trust it
<twb> For example passwd(8) locks using a ! explicitly
<twb> So so passwd --unlock presumably works by removing the !
<twb> These are all system accounts so it PROBABLY doesn't matter
<twb> Yep
<twb> adduser --disabled-password uses a *, but --disabled-login uses a !
<twb> So obviously su and/or sshd treat them differently
<beric> Hello. How can I get rid of that fancy grub menu when booting the installation CD? I'm using SOL and it clutters the console.
<twb> beric: remaster it
<twb> beric: and it's not a grub menu, it's isolinux
<beric> thanks..
<beric> well that's quite a lot of work :( , keep it simple people.
<twb> You could just netboot
<twb> optical media are so passÃ©
<uvirtbot> New bug: #690131 in mysql-5.1 (main) "mysqlimport fails on table names which are keywords if unescaped" [Undecided,New] https://launchpad.net/bugs/690131
<uvirtbot> New bug: #690138 in tomcat6 (main) "tomcat6 installation failure on Ubuntu 10.10" [Undecided,New] https://launchpad.net/bugs/690138
<pmatulis> hard to accept
<pmatulis> couldn't confirm.  install went well
<tgywa> When I do: apt-get install php5-xdebug I got: php5-xdebug: Depends: phpapi-20090626.. how do I fix it?
<raubvogel> Doesn't ubuntu come with a default (mail) aliases file?
<pmatulis> with the latest and greatest (10.10) do i really need to do 'sudo /etc/init.d/networking restart'?  seems nothing else works?
<uvirtbot> New bug: #689351 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.4 failed to install/upgrade: le sous-processus nouveau script pre-removal a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/689351
<raubvogel> pmatulis, i think they are switching to the redhat-like "service some-application start/stop/restart"
<soren> pmatulis: To achieve what?
<pmatulis> soren: trick question?
<soren> pmatulis: 14:20 < pmatulis> with the latest and greatest (10.10) do i really need to do 'sudo /etc/init.d/networking restart'?  seems nothing else works?
<soren> pmatulis: No, no tricks involved :)
<pmatulis> soren: yes, i want to restart networking
<soren> pmatulis: If you want to restart networking, "really needing to do 'sudo /etc/init.d/networking restart'" seems perfectly reasonable, doesn't it?
<pmatulis> soren: i just figured we might be using 'service' thingy by now but it's broken
<soren> pmatulis: Oh, you prefer to do "service networking restart" instead?
<soren> Is that what you're saying?
<pmatulis> soren: right
 * pmatulis is here b/c he is configuring a bridge (which is broken on bootup btw)
<soren> pmatulis: Oh.
<soren> pmatulis: Right, I see why it doesn't work.
<soren> pmatulis: Yeah, that's probably what you're roing to have to do for now.
<pmatulis> soren: ok
<pmatulis> soren: any idea why bridge will not come up on boot?
<soren> pmatulis: In a standard 10.10? Not sure.
<soren> pmatulis: Can I see your /etc/network/interfaces?
<pmatulis> soren: one moment
<soren> sure
<pmatulis> soren: http://pastebin.ca/2019364
<patdk-wk> heh, networking hasn't been moved to upstart yet?
<patdk-wk> seems not, but network-interface and network-interface-security have
<soren> patdk-wk: Depends on what you mean by "networking".
<patdk-wk> the /etc/init.d/networking script :)
<soren> patdk-wk: That would not work. It's a shell script.
<soren> pmatulis: What does "ifquery --list --allow auto" output?
<soren> (with sudo)
<pmatulis> soren: i presume i should run that when br0 is not working?
<pmatulis> soren: b/c i just ran the networking script after boot (which does bring it up)
<soren> pmatulis: I don't think it matters.
<soren> With --list it just lists stuff.
<pmatulis> soren: then 'lo, eth0, br0'
<soren> ok
<pmatulis> soren: btw, this is also broken in karmic (and probably lucid)
<soren> It works for me, though.
<pmatulis> soren: really?  on which release?
<soren> Lucid and maverick, at least.
<soren> Let me double check to be sure.
<pmatulis> soren: interesting.  i wonder if the fact that my machine is a kvm guest
<soren> Is this a server? Is network-manager installed?
<pmatulis> soren: is to blame
<pmatulis> soren: cli only, yeah
<soren> kvm guest> Shouldn't matter.
<pmatulis> soren: i have to resort to rc.local and then start all network-dependent services.  it's horrible  :(
<soren> :(
<soren> pmatulis: slangasek spent quite a bit of time getting this working.
<soren> pmatulis: Succesfully, I believe.
<soren> Hmm...
<soren> I just tried a configuration similar to yours.
<soren> Failed.
<soren> Weird.
<soren> Let me look at it for a couple of minutes.
<pmatulis> soren: nice.  thanks
<soren> Hehh... misspelled "static" :)
 * soren reboots it aga in.
<soren> pmatulis: Worked brilliantly.
<soren> pmatulis: How did you install this kvm guest?
<pmatulis> soren: i suck
<pmatulis> soren: the karmic one was with the server iso.  this 10.10 one was with something called vmbuilder
<soren> Never heard of it :)
 * soren hides
<pmatulis> soren: ha ha ha
<soren> Well, it doesn't do anything that should affect this.
<soren> ...that I can think of, anyways.
<soren> It's kind of hard to debug from afar.
<soren> I'd file a bug against bridge-utils.
<pmatulis> soren: alright
<cap_00> anyone know how to check user access logs for a samba file server? i'm trying to track down which of my users might have deleted a folder
<Psi-Jack> Alright. So here's a question. For some reason, everytime I ifup/ifdown lo:X, which are VIPs for several clustered servers in 10.04.1, open-iscsi restarts. I need this reaction to stop. open-iscsi seems to be effected by anything in upstart resulting in the 'networking' event.
<Psi-Jack> Looking at /etc/init.d/open-iscsi, Required-Stop has networking in it, but does upstart even care about lsb-init that way at all?
<RoAkSoAx> it doesnt
<Psi-Jack> Okay, so why is it open-iscsi is being effected by ifup/ifdown for loopback network devices? Everytime it does this knee-jerk reaction, it completely breaks my gfs2 /home mount that's on iscsi because it completely stops and restarts open-iscsi causing a stale and broken lock. Only fix for that is a total cluster restart.
<Psi-Jack> Aha!
<Psi-Jack> It's in /etc/network/if-down.d/open-iscsi
<Psi-Jack> It ONLY checks if the interface is lo, and not lo:*
<cap_00> good job
<cap_00> ok, i found the logs, is there someway to search through multiple logs for a term?
<_ruben> grep term log1 log2 log3
<cap_00> ugggh.... can i search an entire dir?
<Pici> grep 'term' /path/*
<thomas_s> cap_00: add the -R option to grep if there are subdirs you need to search (and then, use the following command: "man grep" )
<cap_00> sweet
<cap_00> can i search for a term with a space?
<Pici> cap_00: enclose your search term in quotes.
<cap_00> hmmm guess it doesn't log who delete's something :(
<cap_00> ok, so new question, how do i turn on better loggin for smb? i had a backup, but i'd like to know who deleted a folder on the fileserver
<i0nic> what would be the best way to put 2 files into a archive to send to another server, tar?
<i0nic> its just that tar makes 405byte files into a 10k archive
<Daviey> JamesPage / hggdh: Is that hudson instance still supposed to be server iso only?
<hggdh> Daviey: not really, it has already been overloaded ;-)
<JamesPage> Daviey: no its gained a few friends...
<JamesPage>  I'll do some work on the views to make it a bit more accessible.
<Daviey> That is fine... might be a good idea to change the title :)
<Daviey> JamesPage: Rocking ;0
<JamesPage> Daviey: ack
<Daviey> JamesPage: Grab me at some point this week, regarding me setting up a node.
<JamesPage> OK; its pretty smooth now
<wng-> So I had to add a few rules to UFW to allow an external client to connect to my server for a while, now im trying to remove the rules
<wng-> is there a way to delete any rule that originates from a certain ip with ufw?
<jdstrand> wng-: just put 'delete' in front of the rule you added. alternatively, you can use 'sudo ufw status numbered ; sudo ufw delete <number of rule to delete>
<wng-> jdstrand: I know that, what I'm trying to do is delete all the rules at once, theres like 50 of them
<jdstrand> wng-: no. either by the full rule or by the number
<wng-> so I can't pass a range of numbers?
<wng-> eh, i guess i can
<njin> hello, can someone look at bug 579572 ? thanks
<uvirtbot> Launchpad bug 579572 in ubuntu "Lucid: Gave up waiting for root device (mptsas) resolved by rootdelay" [Undecided,Incomplete] https://launchpad.net/bugs/579572
<njin> At wich package can I assign this bug '
<njin> ?
<ScottK> njin: linux
<ScottK> (kernel issue)
<njin> ScottK: thanks
<ScottK> You're welcome.
<ne7work> hello all please someone tell me from where can I start to learing how to make programs and witch languages I need or only c++?
<datz> ne7work: c++ wouldn't hurt
<smoser> ne7work, if you're just learning, you might find some languages more easy to get started in than c++.
<datz> maybe start with some scripting languages
<smoser> ubuntu heavily favors python for many things.  http://wiki.python.org/moin/BeginnersGuide/NonProgrammers has lots of pointers.
<SpamapS> woot new version of upstart!
<pmatulis> SpamapS: anything for server peoples to be excited about?  :)
<zul> kirkland: how did you get it to work?
<zul> kirkland: the iso importing
<kirkland> zul: Fedora "just worked", as soon as I gave it a full DVD ISO
<kirkland> zul: i was trying to import the Fedora netinstall yesterday
<kirkland> zul: which did not work
<zul> kirkland: thats no fun
<kirkland> zul: over night, i downloaded the DVD
<kirkland> zul: yeah, I know :-)
<kirkland> zul: I just fixed wake-on-lan
<zul> kirkland: through the cli?
<kirkland> zul: that was *slightly* more fun
<kirkland> zul: what about the cli?
<zul> kirkland: you used the cli to import the cd?
<kirkland> zul: no, the web interface
<zul> kirkland: what if you do it through the cli
<kirkland> zul: dunno;  you tell me :-P
<zul> hmmm...ok
<kirkland> zul: i'll try it here, if you give me the CLI invocation
<kirkland> zul: ?
<zul> kirkland: looking around
<kirkland> zul: k
<zul> ill let you know
<smoser> SpamapS, when did you think your patch pilot session started?
<pmatulis> can i have a cron job PATH modified by PAM environment settings (/etc/security/pam_env.conf)?  the crontab manpage says cron supports pam_env but it doesn't have any effect
<pmatulis> http://manpages.ubuntu.com/manpages/maverick/man5/crontab.5.html
<pmatulis> (confusing)
<SpamapS> smoser: noon PST
<SpamapS> smoser: which is in 1 hour ;)
<SpamapS> pmatulis: debug stanza is pretty cool :)
<SpamapS> pmatulis: other than that, I'm not sure
<smoser> SpamapS, believe it or not, i wasn't actually being a jerk.
<pmatulis> SpamapS: halleluiah (spelling?)
<smoser> given different time zones, who knows what a half day is.  ie, mine started 8:30 is US/Eastern, it is really past.
<SpamapS> smoser: we've discussed this before.. its much easier for you to tell us when you're not being a jerk ;)
<smoser> yeah i know.
<smoser> well i guess you should jsut assume jerk unless you hear other wise.
<axisys> is the journaling added in ext4 or is it also available on ext3 ?
<patdk-wk> journaling exists in ext3
<patdk-wk> but extents only exist in ext4 and make it incompatable with ext2/3
<patdk-wk> if you use them
<LewisCawte> How do I configure my server install to connect to my Wireless network?
<MrPicard> Hello, how would i be able to install LAMP and PHPmyadmin in one command?
<patdk-wk> LewisCawte, edit /etc/network/interfaces
<LewisCawte> patdk-lap: whats the config for it?
<patdk-wk> no idea, I would never touch wireless on a server
<LewisCawte> I'm more than likely going to keep it as what I'm using it for now, but I'm testing stuff in my room, so I don't want to move it closer to the router for now
<zul> kirkland: ping can you do a small text file on how to on what you have done so far? i need to know how to confgiure the web interface
<kirkland> zul: sudo apt-get install cobbler
<kirkland> zul: sudo vi /etc/cobbler/modules.conf
<kirkland> module = authn_testing
<kirkland> zul: sudo stop cobbler
<kirkland> zul: sudo killall cobblerd
<kirkland> (there's a bug in the upstartization, all cobblerd aren't killed)
<kirkland> (rather, 2 are started, not sure how/why)
<LewisCawte> anybody have any idea of the config for wireless (USB adapter) on a Ubuntu Server install?
<kirkland> zul: sudo start cobbler
<zul> thanks
<kirkland> zul: sudo service apache2 restart
<kirkland> zul: then point browser to http://hostname/cobbler_web
<kirkland> zul: login with testing/testing
<kirkland> zul: daz it
<kirkland> zul: but yeah, we should wiki up this schtuff
<fluvvell> in server 10.04, what would all the ksoftirqd/n watchdog/n migration/n ksoftirqd/n  processes be for?   I have n=0-7 of each of these
<SpamapS> kirkland: want me to fix the upstart job?
<kirkland> SpamapS: please!  do you know what's wrong?
<SpamapS> kirkland: yeah, expect fork is hard to get right... just start with -F and remove expect fork
<kirkland> SpamapS: ah, sure, go for it
<SpamapS> oh there's no expect fork
<SpamapS> well thats actually the problem then ;)
<SpamapS> but...
<SpamapS> running with -F is better anyway
<SpamapS> let me read the daemon.. if it listens then forks, expect fork can actually be better
<SpamapS> yeah, listens way after forking so expect fork is not helpful
 * SpamapS pushes
<SpamapS> kirkland: I think I'm going to propose a lintian check for upstart jobs.. not having a 'stop on' is very dangerous.
<kirkland> SpamapS: okay
<SpamapS> kirkland: even 'stop on runlevel [016]' still has a race condition tho. :(
<RoAkSoAx> kirkland: btw.. is testdrive working now? (haven't had time to test it with the moving and all)
<kirkland> RoAkSoAx: yup, thanks!
<RoAkSoAx> kirkland: np ;)
<kirkland> RoAkSoAx: when do you think powernap will be ready for natty?
<stanman> hi, i've got an openvz box running hardy and simias/ifolder. I can't login to its webadmin and receive a: System.ObjectDisposedException in my ifolder.log. Anyone had this or knows a solution?
<cap_00> this might be a weird question, are partitions the only thing that can be mounted?
<cap_00> if i wanted to add a HD to my system and mount it to two different places in the system the only way i'd do that would be creating two seperate partitions?
<RoAkSoAx> kirkland: I'm rescheduling everything right now (because of moving, graduation, etc etc). But I'm gonna start working in full with PowerNap this week, to hopefully finish modifying the algorithm for the integration of the Monitors.
<RoAkSoAx> kirkland: before Xmas, which should also involve the monitors functional
<cap_00> i just don't want to have to determine ahead of time how big each partition is on the drive, i'd rather have both mount points using the full space and let them fill up the drive at the same time
<SpamapS> cap_00: no you can mount file system images
<cap_00> hmmm and those can grow?
<SpamapS> cap_00: you can also resize partitions
<cap_00> yes, but i'd like to make it as easy to manage as possible
<SpamapS> cap_00: once we have BTRFS, that will be easy. Until then.. partitioning everything onto one big / is probably still the simplest answer.
<SpamapS> cap_00: you can use LVM to manage the physical disks if you do that
<SpamapS> cap_00: with LVM you just ad the physical space to the pool, and then extend the FS onto it as needed.
<cap_00> hmmm
<SpamapS> cap_00: but, shrinking the FS is hard
<SpamapS> cap_00: look into LVM.. I think it will do what you want.. but just know that shrinking one logical volume, and the filesystem that rides on top of it, is not simple.
<SpamapS> cap_00: though it can be done
<uvirtbot> New bug: #690352 in net-snmp (main) "package snmpd 5.4.2.1~dfsg0ubuntu1-0ubuntu2.1 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/690352
<SpamapS> cap_00: you're saying you want to build a single RAID1 and then mount two different filesystems on top of that, right?
<cap_00> ya
<SpamapS> cap_00: lvm does that very easily
<SpamapS> cap_00: you partition the whole disk to lvm.. then do  pvcreate /dev/sdXX ; vgextend name-of-volume-group /dev/sdXX ; lvcreate -n foo -L 500G name-of-volume-group ; mkfs.ext4 /dev/name-of-volume-group/foo
<SpamapS> cap_00: and then to make another LV..   lvcreate -n bar -L 300G  ... get it?
<SpamapS> cap_00:  you can even use it for migrating data between physical disks w/o downtime.
<blistov> Waiting for br0 to get ready (MAXWAIT is 32 seconds).  What does this mean and why did am I getting it?
<blistov> If I bring up the bridge manually, it is instantaneous.  If I let init.d/networking handle it, it takes about 20 seconds so most of my dependent service fail to start.
<kirkland> RoAkSoAx: okay, i just bought a second watt meter, so i can help with testing
<blistov> Ok, I'm going crazy now.  br0 is brought up by init.d/networking but hangs on "Waiting for br0 to get ready".  Then when I do a networking restart, br0 can't be added because it already exists.
<blistov> So br0 isn't coming up properly, not going down properly.
<blistov> standard bridge setup.
<RoAkSoAx> kirkland: cool ;)
<hallyn_> blistov: can you pastebin your /etc/networking/interfaces ?
<blistov> hallyn_, http://pastebin.ca/2019758
<timholum1> does anyone know if it is possible to install ubuntu cloud on a single server ( combine the front end with a node ) ?
<blistov> hallyn_, this was all working yesterday, and I can not for the life of me figure out what's wrong now.  Built a new server just to test, and same issue.
<RoAkSoAx> kirkland: did you get one of those fancy ones that can pass the data to a machine?
<kirkland> RoAkSoAx: nah, just the cheapy $20 one
<blistov> hallyn_, and when i restart networking i get this:  http://pastebin.ca/2019766
<guntbert> blistov: I never used that kind of setup, but I'm surprised that you should be able to bridge to eth0 while it is down...
<blistov> guntbert, this is the setup according to https://help.ubuntu.com/community/OpenVPN
<blistov> And I'm sure I had this working yesterday based on this config.
<blistov> Yes, I'm sure something must have changed, but I can't for the life of me figure out what.
<blistov> I'm getting the nerd rage fog.
<RoAkSoAx> kirkland: oh, I was thinking if at the end we can gather the data and produce charts to kinda "sell" PowerNap by providing power saving charts
<guntbert> blistov: did you look at https://help.ubuntu.com/10.04/serverguide/C/openvpn.html ?
<hallyn_> blistov: how about if you just 'ifdown br0; ifup br0' ?
<kirkland> RoAkSoAx: yeah, would be cool
<blistov> hallyn_, like I said, if i do it manually, it all works.
<blistov> but something is screwy.
<hallyn_> blistov: oh, yeah i think i've had that happen about 6 months ago
<hallyn_> hm
<blistov> The fact that it takes 20 seconds to come up when using init.d/networking but goes immediately if i do it manually, is suspicious
<blistov> Gah.
<blistov> So many cheap monitors I could throw right now.
<blistov> Damn these social conventions!
<m4xx> ntpdate keeps failing, i've verified that port 123 is unblocked and i am able to ping the ntp servers, yet it keeps returning no server suitable for synchronization found
<m4xx> any ideas?
<kirkland> RoAkSoAx: hmm, i just launched a test drive vm and it's only defaulting to 384M of memory
<kirkland> RoAkSoAx: i have 8G in my laptop
<kirkland> RoAkSoAx: i used to have smarter logic in there that chose the amount of memory to give the guest a little more dynamically
<hallyn_> blistov: could you open a bug about that?  i think it needs to be investigated.
<hallyn_> (sorry, had another 'outage' due to window manager rioting and striking)
<patdk-wk> m4xx, try, ntpdate -qu pool.ntp.org
<m4xx> "no server suitable for synchronization found"
<patdk-wk> you defently have something blocking ntp or udp
<patdk-wk> nslookup pool.ntp.org :)
<m4xx> hah! udp was it ;]
<m4xx> ty
<m4xx> i was smart enough to not unblock 123 udp =x
<dany> hello everyone!. Can someone tell me if there is an active directory server alternative that runs on linux?
<dany> is LDAP a good replacement ?
<patdk-wk> dany, windows 2008 in kvm? :)
<patdk-wk> samba 4 is suppost to do AD I hear
<patdk-wk> and AD is much much more than just ldap
<m4xx> perhaps i can hit you with this one too? i've installed ubuntu server 10.04 then installed gnome-core. how can i add "extract here" to the right click menu? I thought it would be included with archive manager or file-roller but neither did the trick
<patdk-wk> m4xx ask #ubuntu, no gui here :)
<dany> ok ok
<m4xx> any idea how i can do this?
<dany> but i just want a sort of directory of users so that the mailboxes and shares and all that willl be automatically loaded
<RoAkSoAx> kirkland: do you have any config files on which you are hardcoding the default MEM?
<dany> is there a way to get that done?
<RoAkSoAx> kirkland: cause the logic is still there
<kirkland> RoAkSoAx: yes, /etc/testdriverc is hardcoding it
<kirkland> RoAkSoAx: maybe we just need to comment that out
<kirkland> RoAkSoAx: let me test
<RoAkSoAx> kirkland: ok :)
<dany> i just want to throw the bulky server 2003 in the bin
<kirkland> RoAkSoAx: nope
<kirkland> qemu: invalid ram size: -smp
<kirkland> RoAkSoAx: okay, that needs a bug :-)
<RoAkSoAx> kirkland: indeed ;)
<uvirtbot> New bug: #690387 in multipath-tools (main) "udev block naming breaks failover and sd kref release cycle" [High,Confirmed] https://launchpad.net/bugs/690387
<qman__> dany, there isn't a drop-in AD replacement as of now
<qman__> I don't know how far along samba4 is, but that's the closest thing
<dany> ok thank you qman
<dany> so Fedora Directory Server, OpenDS, or  Apache Directory Server  will not do ?
<fluvvell>  what causes a SMB PACKET: SMBreadX (REQUEST), a client with a new 10.04 server and their old smb.conf file  has a bunch of these appearing on a tcpdump
<fluvvell> Followed closely by SMB PACKET: SMBreadX (REPLY), then the whole thing repeats
<i0nic> anyone seen this before, "agent admitted failure to sign using the key"
<blistov> Why does openvpn and dhcp3-server try to come up before networking has started?
<blistov> Is there any way to force them to wait for the interface to come up?
<RoAkSoAx> kirkland: this is the code right? :http://pastebin.ubuntu.com/543829/
<kirkland> RoAkSoAx: yeah
<kirkland> RoAkSoAx: so MEM must be getting set to 384 somewhere else in the code
<kirkland> RoAkSoAx: before the len(MEM)
<RoAkSoAx> kirkland: apparently i removed the code... which seems extrange cause I remember a related issue when determing memory automatically... I guess I must have removed it... I;ll get it back
<fluvvell> i0nic, ssh-agent ?
<pting> is there a way to check a directory's permission to ensure it's 000 without first unmounting it?
<RoAkSoAx> kirkland: did you report a bug yet?
<RoAkSoAx> kirkland: neverming just got it
<kirkland> RoAkSoAx: yup
<RoAkSoAx> kirkland: fixed in the trunk ;) thansk for reporting bugs sir!! I think you are the biggest bug reporter :P
<kirkland> RoAkSoAx: hehe
<qman__> dany, those will do fine for linux clients, but windows, not so much
<kirkland> RoAkSoAx: also, while you're in there, add a stanza in that if-block to set MEM=1024 if total memory > 2000000
<qman__> the only system going for full windows compatibility is samba4
<lenios> pting, what do you mean without first unmounting it?
<lenios> ls -l should show it
<RoAkSoAx> kirkland: done! pushed to trunk already
<kirkland> RoAkSoAx: sweet;   you gonna upload to natty?
<RoAkSoAx> kirkland: I could do it now if you like?
<kirkland> RoAkSoAx: sure, i like bitesize uploads ;-)
<kirkland> RoAkSoAx: makes it easier to spot regressions
<clayd> can someone point me in the direction to som documentation explaining server set up for multi host, multi client web servers?  Like laughing squic, or one of the other big hosting groups would use.
<RoAkSoAx> kirkland: indeed! Ok then, will do so now! otherwise it will prolly be sitting there till I finish with the improvements and GRUB thingy
<pting> lenios, i want to ensure a directory is empty and the permissions on it is set to 000 before mounting; however, if it's already mounted, i want to check to make sure the permissions on it is 000 without having to unmount it first... if that makes sense
<lenios> ls -l should do it
<pting> the intent is to make sure the directory isn't writable unless it's mounted
<RoAkSoAx> kirkland: done
<lenios> unless it's mounted?
<patdk-wk> normally easy
<patdk-wk> umount, chown/chmod the path
<patdk-wk> mount it
<patdk-wk> Ive done that on a few systems
<lenios> what do you chmod if it's unmounted?
<patdk-wk> the path you would mount it to
<patdk-wk> whole paths and crap can exist under a mount
<patdk-wk> normally not accesable
<lenios> i see
<lenios> it's the same if it's mounted
<patdk-wk> like, for an encrypted homedir can work like that on my laptop
<patdk-wk> I have my .ssh path for login keys on it, but if I mount my home dir, it overlays it
<patdk-wk> and I get my ssh private keys and everything else
<patdk-wk> maybe it won't work on the mount directory itself
<patdk-wk> but only subdirs of the mount dir
<SpamapS> smoser: still around?
#ubuntu-server 2010-12-15
<uvirtbot> New bug: #690436 in openssh (main) "ssh-import-id requires wget and ca-certificates to function properly" [Undecided,New] https://launchpad.net/bugs/690436
<boatdink> ok, i have a question to ask
<twb> !ask > boatdink
<ubottu> boatdink, please see my private message
<boatdink> 10.04 server w/ubuntu-desktop. How can I make it handle my windows credentials?
<twb> You mean you have an AD or PDC and you want to authenticate against it instead of the local flat files (passwd, shadow)?
<boatdink> maybe. I want to store EVERYTHING on this server...user accounts, files, etc.
<twb> You want Windows *clients* to authenticate against your Ubuntu server as if it was a Windows server?
<boatdink> yes
<twb> Ah, OK.
<twb> The tool for that is "samba"
<boatdink> yeah im familiar with samba
<twb> If you need to be an AD, you need samba4, which is not production ready.  If you just need to be a PDC or BDC, samba3 will work.
<boatdink> i know pdc and bdc but what is AD?
<twb> Active Directory
<boatdink> can you decrypt my samba.conf file because i have no idea what most of it means. I managed to use two routers on my network by messing with the dns and ip's but this is too confusing
<twb> I'm a bit busy
<boatdink> should i be trying this with an earlier version than 10.04?
<twb> I don't see why
<boatdink> what does the hosts file do?
<twb> boatdink: you mean /etc/hosts?  It contains the host database; a mapping of IP addresses to hostnames (and back).
<twb> It has largely been supplemented by DNS.
<twb> *supplanted
<boatdink> Should I have to configure the Bind9.conf file at all?
<twb> These questions seem a bit schizoid
<twb> Work out what your goal is, and then only make the changes necessary to achieve it.
<twb> If you don't NEED a DNS server, don't run one.
<boatdink> When should I use a dns server. a WAN perhaps?
<boatdink> Im just trying to figure everything out and how everything works and connects to eachother before I give it another shot
<twb> Fair enough, I guess
<twb> When asking questions it helps to declare if your after pedagogy or pragmatism :-)
<smoser> SpamapS, here now
<K350> Can one install ubuntu-server on an regular ubuntu without first unistalling ubuntu?
<twb> K350: that question doesn't really make sense.
<K350> And can one install ubuntu-server from the terminal. What package do I need ot install then?
<twb> K350: "ubuntu desktop" and "ubuntu server" are mostly just different default package lists
<K350> Ok, what package do I've to install on my ubuntu to have ubuntu-server?
<K350> twb: Ah, so I can just install ubuntu-server..great
<twb> IIRC the ubuntu-server install CD will install ubuntu-standard metapackage, not include localization packages (language-base-NN), and prompt for various server tasks.
<twb> Please note that we discourage running servers with GUIs.
<K350> twb: Ah, this is my situation. I've Hardy installed in text-mode only, on a machine that has no screen or keyboard connected to it. I controll it over SSH. Now I wanted ot upgrade it to the latest version of ubuntu -server. So I was wondering what I'd to install
<twb> OK.
<twb> K350: basically you install whatever services you want to use, e.g. if you want DNS you install bind
<twb> K350: it would be slightly better to do the initial instal using the ubuntu-server CD, but probably not worth reinstalling.
<K350> twb: Ah, ok I got it:-)
<twb> I strongly recommend you read the Ubuntu Server Guide, which outlines some best practices
<K350> twb: well, I'll go for a list of packages and see what candy there's:-)
<K350> twb: I would actually want ot install somehting completely new. But I'm to lazy to connect screen, kehboard and everything. And It's obviously a pain to do such things rmotely
<JanC> heh
 * JanC has never had any problems to install/upgrade remotely  ;)
<K350> jetole: Well, now I meant another OS. Not package.
<K350> JanC: that one was for you
<K350> JanC: <tab>'ed wrong.
<twb> JanC: without an OOB console, it can be a pain
<twb> You have to automate at least up to the sshd udeb
<K350> JanC: What's a ODB console, never heard of?
<K350> JanC: Have you ever installed an OS remotely?
<JanC> I've used 2 ways that are actually similar: a PXE rescue console and debootstrap from inside an existing OS install  ;)
<twb> K350: OOB = out of band, e.g. ILOM
<twb> Or KVM over IP
<twb> JanC: bypassing d-i doesn't count :-/
<jetole> Evening guys. Does anyone know how I can view the libexec dir from an ubuntu source package?
<twb> Source packages don't have destination directories.
<twb> If you download a BINARY package (foo.deb), you can extract its contents with dpkg -x.
<jetole> twb: yeah but to be honest I'm not sure exactly what I am looking for to tell me it's the directory chosen by the libexec option.
<twb> I don't know what that means.
<jetole> and wasn't sure if it did come with directories or not. It's piles upon piles of variables and trying to find what $libexec means from all the makefiles gets confusing
<jetole> twb: I am trying to find the libexec directory for libvirt0 or libvirt-bin. I have downloaded the source and the compiled dpkg which I extracted and I looked right at the directory I'm pretty sure but I didn't know that it was that directory
<jetole> I mean I saw every file that comes from the compile .deb but which one is libexec?
<twb> Uh, libexec is a directory
<jetole> which directory?
 * jetole is getting the file again to have another look
<twb> It's set at ./configure type; the default is something like <prefix>/libexec/<package name>
<jetole> twb: right, I mean which one is the one that the compiled deb used
<twb> --libexecdir=DIR        program executables [EPREFIX/libexec]
<jetole> yes
<jetole> thats right
<twb> EPREFIX for a Debian package is usually /usr
<twb> For a hand-compiled package it is usually /usr/local
<jetole> there is no /usr/libexec folder
<jetole> I thought that too
<jetole> so I'm still pretty lost here
<twb> Why do you need to know this?
<jetole> a lot of progs will use something like /usr/lib/program_name/libexec but not libvirtbin
<jetole> twb: I doubt you want to know the answer
<jetole> I'm trying to do something I know you will tell me not to do
<twb> No package with "libvirt" in its name provides an inode path that contains "libexec".
<twb> No package with "virt" in its name provides an inode path that contains "libexec".
<jetole> ok
<jetole> but the program was compiled, didn't they have to give it a directory to use?
<twb> Just because ./configure supports a libexecdir doesn't mean the project uses it
<jetole> I'm bashing my head in trying to find what this seamingly simple string should be
<jetole> oh
<jetole> oh
 * twb resists the urge to break out the cluebat
<jetole> btw, on topic, do you know how I can download a deb from the term? Is there an apt-<name> command to save me from going to the packages.ubuntu.com site
<twb> jetole: aptitude download foo
<jetole> twb: I get it. I've been wasting my time looking for something that wasn't there
<jetole> ah I should start getting in the habbit of using aptitude
<twb> apt-get -d works, but you must be root and it'll put it in /var/cache/apt/archives, not $PWD
<jetole> I didn't know that but I guess I never did an ls -l on the archive. I just assumed that was left overs from when the package was installed
<jetole> also didn't know aptitude had non root features
<jetole> assumptions suck but I made the mistake of assuming anything apt/dpkg/aptitude almost always needed root
<jetole> neat. Never realized libvirt came with augeas lenses
<twb> augeas?
<twb> Oh, it's a configuration management system, like puppet
<jetole> it's a config tool that helps with say mass deployments and what not
<jetole> uh no
<jetole> it's a tool you commanly use with puppet
<jetole> allows you access a config file like a tree and make changes to aspects without having to whip your sed-fu and awk like skills
<jetole> it's pretty cool
<jetole> I use puppet a lot a work too
<twb> So it's a gconftool-2 UI for /etc
<jetole> uh
<jetole> ... yeah
<jetole> hehe. pretty much yeah
<twb> Or like UCI in OpenWRT
<jetole> augeas also plugs into puppet
<jetole> don't know. never got a openwrt box
<jetole> but what I meant about puppet is you can access augeas rules from puppet configs so you can write a puppet script that uses augeas to make changes.
<twb> In OpenWRT they store most stuff in /etc/config in a YAML-like format, which is queried/set by "uci" both from the CLI and from the web UI.  The init scripts then turn it into either flat files in /etc or (more commonly) just pass the appropriate arguments to daemons directly.
<twb> It sounds useful, but not useful enough that I'd actually go to the trouble of rolling it out on my own -- let Ubuntu do that heavy lifting for me for 12.04
<twb> My sed-fu is strong :-)
<jetole> that sounds neat but that last part of passing it to the daemon directly sounds kind of like an unreliable method
<jetole> sounds kind of like a hack
<jetole> yay. 18 more months to the next LTS
<twb> jetole: it exploits the knowledge that their daemons happen to accept arguments equally from either source, e.g. dnsmasq
<jetole> oh I think I misunderstood what you meant the first time then
<twb> e.g. instead of dnsmasq -f /etc/dnsmasq.conf they call dnsmasq $options
<jetole> Like I said, I don't really have any openWRT
<jetole> I see
<jetole> kinda like a wrapper?
<twb> Well, in the sense that any /etc/init.d/foo script is a wrapper around foo
<jetole> and /etc/defaults
<jetole> hehe. I see your point
<jetole> http://augeas.net/tour.html
<jetole> http://docs.puppetlabs.com/guides/types/augeas.html
<jetole> Alright. I'm gonna get back to work. Thanks for the insight @ libexec
<jetole> I'm gonna set my prefix as /opt and compile libvirt with every option I can find a proper dir for and see what else if anything gets sent to /opt
<twb> So I want a list of all the system accounts that Ubuntu typically creates
<twb> A quick and dirty way to do this is:
<twb> root@mimic:/var/tmp/delete-me# find /srv/mirror/ubuntu/pool/{main,universe} -name \*.deb -exec sh -c 'dpkg-deb -e "$0" "$(basename "$0" .deb)"' {} \;
<twb> root@mimic:/var/tmp/delete-me# grep -r adduser.*--system .
<twb> Plan B is just to pick a few packages I probably ACTUALLY care about, and install them into a scratch box, then getent passwd {100..999}||:
<shauno> strikes me as something that should probably be documented somewhere
<soren> twb: What do you need the list for?
<twb> I had a clever idea of keeping the system UIDs and GIDs in sync between my LXC containers and the dom0
<twb> That way when I did ls -l /srv/lxc/foo/etc/ssl on the host OS, it would show files being owned by ssl-cert, not some random other group
<twb> Unfortunately, I now see this is basically impossible because many postinsts will use a simple "getent passwd foo" check to avoid OTHER non-idempotent commands, such as adding that account to additional secondary groups, or creating its $HOME.
<ttx> zul: lots of noise around bug 458637, do you plan to have a look ?
<twb> So what I'll do instead is just ensure that the system accounts in the LXC container template and in the dom0 match, which will cover basics like syslog, postfix, ssl-cert, ssh.  Post-template system accounts like postgres, mysql, logcheck will just have to deal.
<uvirtbot> Launchpad bug 458637 in samba "Windows Live Sign-In assistant prevents samba from accessing Windows 7 shares" [Unknown,Fix released] https://launchpad.net/bugs/458637
<jasonmchristos> What is the best how-to for setting up an openvpn server on ubuntu?
<twb> https://help.ubuntu.com/10.04/serverguide/C/openvpn.html ?
<twb> peer-to-peer openvpn is trivial because you can use symmetric cryptography, but openvpn disallow this for political reasons for hub/spoke setups.
<twb> Personally I'll be looking at ipsec instead of openvpn in future, because that's what IPv6 blesses for ICMPv6
<jasonmchristos> twb: thanks for the info i know what to think about in the future but for now i will go ahead with openvpn
<jasonmchristos> can anyone tell me which ports to open on ufw to allow apt-get
<jasonmchristos> i locked everything down but ssh
<qman__> by default it allows outgoing connections
<qman__> apt uses standard http
<jasonmchristos> qman__: i have allowed 80 and 443 out but still cant use apt-get
<twb> outbound, or inbound?
<twb> pastebin the output of "apt-cache policy" and "iptables-save -c"
<jasonmchristos> twb: its dns not resolving i guess i needed to enable port 53 in from my router but still isn't resolving
<twb> DNS requires both 53/udp and 53/tcp.
<twb> Unless you mistrust your local users, it seems pretty stupid to block OUTPUT
<jasonmchristos> its going to be for openvpn server only
<jasonmchristos> ok got it to work by allowing 53 out and in
<twb> IIRC ufw implicitly allow return responses
<shauno> 53 is dns.  that shouldn't be required in either direction unless you are your own NS
<boneshaker> Hello All! May i ask for help? I have a little problem on my Ubuntu server
<twb> shauno: he needs to resolve archive.ubuntu.com so he can apt-get
<shauno> ufw doesn't drop outbound dns tho
<twb> shauno: I think he's being a bit silly and trying to :OUTPUT DROP -
<raubvogel> If you do an upgrade to a package that some services being run depend on, will the upgrade also restart those services?
<jasonmchristos> good question
<jasonmchristos> i imagine it should
<qman__> yes
<qman__> and yeah, an output drop policy is overkill unless you are directly connected to the internet
<qman__> or an otherwise untrusted network
<twb> qman__: even if you're directly on the internet, I wouldn't bother unless the host in question was likely to be compromised
<twb> I *might* do it for a LAMP server with a public IP
<shauno> output log once in a while could be instructive.  output drop is overkill in every situation I could think of
<boneshaker> I have problem on my Ubuntu server, maybe somebody can help me with it?
<boneshaker> when i try to send keysequence via xvkbd to client running on Xvfb - it kills Xvfb with fatal io error 11
<boneshaker> with other X servers (not Xvfb) it works fine
<boneshaker> it works with Xvfb only if i run x11vnc and connet/disconnect to it before sending keysequence
<boneshaker> any ideas? ty in advance
<qman__> I run output accept on my router
<qman__> just keep the attack surface minimal
<soren> boneshaker: Your question has nothing to do with Ubuntu server. Try #ubuntu or #ubuntu-x.
<boneshaker> thx - i will try
<leonardopires> Hi friends! Where i can get a documentation about Ubuntu's Virtualization
<[diablo]> afternoon #
<[diablo]> guys I have replaced a NIC with a new one...
<[diablo]> where can I can configure the new MAC -> ethX
<[diablo]> previous was eth1
<[diablo]> udev[454]: renamed network interface eth1 to eth1-eth2
<[diablo]> found that
<patdk-lap> hehe
<Jeeves_> [diablo]: /etc/udev/rules.d/70-persistant-net
<patdk-lap> oh heh, I thought he said he found it, but guess he meant he found that rename message
<[diablo]> hi Jeeves_ ... sorted
<[diablo]> cheers anyway
<zul> morning
<Daviey> afternoon zul
<zul> kirkland SpamapS Daviey: i added get-orig-source so it fetches a git snapshot based on the date for cobbler
<Daviey> zul: when did you push that?
<zul> Daviey: soon :)
<Daviey> zul: I was gonna say!  I just branched, and it wasn't there
<zul> Daviey: heh i have a whole bunch of changes in my branch ill be pushing by the end of the day
<Daviey> zul: push incrementally!
<Daviey> zul: code drops aren't cool :)
<zul> Daviey: yeah ill push after this change then
<Daviey> awesome
<Daviey> zul: Did you get the service started ok?
<zul> Daviey: no i have to use the web interface for now im not sure what is happening when i do cobbler check
<Daviey> zul: I had a hacky fix for that.... :/
<zul> patch?
<Daviey> lemme try and re-generate it now.
<uvirtbot> New bug: #690638 in net-snmp (main) "snmp tools fail to translate OIDs" [Undecided,New] https://launchpad.net/bugs/690638
<soren> I'm curious... Why is cobbler suddenly a priority? It's been on our list of stuff to get done for almost three years, never managed to get resources allocated to do it. What changed?
<TREllis> Daviey zul: I played around with one of your cobbler branches the other day, actually... I think it was kirklands', the deb package was missing a few python deps
<Daviey> TREllis: interesting... branches welcome :)
<zul> TREllis: ack...i have a couple of bug fixes
<TREllis> python-{simplejson,urlgrabber} if I remember irght
<Daviey> TREllis: Do you want to help develop?
<Daviey> TREllis: lp:~ubuntu-virt/cobbler/ubuntu is our tip, if you want to base branches from that
<TREllis> Daviey: cool, I'll take a look, not much of a python hacker but I'll happily test it
<Daviey> TREllis: we'll help :)
<Daviey> zul: Have you managed to install cheetah on Natty?
<zul> Daviey: yeah i havent had any problems recently
<Daviey> zul: Interesting... i'm getting python2.7 issues
<zul> but im always trailing edge when im using a devel version
<zul> ie when i slack off i upgrade ;)
<Daviey> zul: lol... same here :)
<soren> zul: Why is it you add an empty changelog entry to the nova package after every upload?
<zul> in the bzr branch?
<soren> Yeah.
<toast018> Good morning everyone!
<zul> soren: good question
<toast018> Can someone tell me in what directory should I place the .htaccess file on my server?
<soren> toast018: The for which you wish it to take effect.
<soren> err...
<soren> toast018: The one for which you wish it to take effect.
<zul> soren: i wont in the future
<soren> zul: Cool :)
<toast018> I placed it in the /var/www/ folder but it didnt work... then in the /var/www/squirrelmail dir and still nothing... :( even ran chmod 0755
<toast018> i ment directory not folder... .sorry still getting away from windows... lol
<soren> You need to adjust AllowOverride to allow htaccess to take effect.
<soren> It's in /etc/apache2 somewhere.
<toast018> would i set it to none ?
<zul> Daviey: just doing some bug fixes before i push
<toast018> woohoo tutorial found... I just needed the allowoverride to set me in the right direction.... Thanks soren
<soren> sure
<Krashk> Hi. I just got a mail from my ISP that my server has tried to establish contact with known botnet controllers. Any idea how I can check it I am part of a botnet or not?
<uba> Hi, I'm using SSMTP to send emails from my PHP scripts but even with the "FormLineOverride=YES" the from address on the emails being sent is "www-data@mydomain.com" which is the local user name for the Apache process. I have extensively searched on the web but I have not been able to find a solution to this problem. I would really appreciate any help on this.
<patdk-wk> you have a sample email?
<toast018> I have adjusted the properties of AllowOverride and also added the list of IPs from overseas. but how to i see if it works?
<toast018> how can I ping my site from say Russia? or China?
<patdk-wk> if you locate a russian/chinese web proxy service :)
<patdk-wk> there are some out there
<uba> patdk-wk: Yes i received them in my spam box.
<zul> kirkland SpamapS Daviey: alot of packaging changes this morning ;)
<toast018> can someone see if my site mail.jmchd.com is reachable from russia or china... I tried the proxies but I dont think I did it right... :(
<doko> Daviey: does my suggested fix work for eucalyptus?
<Daviey> doko: Not tried it yet... but will do soonish
<Daviey> doko: thanks for looking
<Daviey> zul: How far off are you having a cobbler-web package?
<zul> Daviey: havent started it yet...working on koan
<Daviey> zul: ok, np
<robbiew> redhat and eucalyptus huh...sounds like a match made in heaven
<robbiew> :)
<robbiew> Daviey: zul: (and whoever else might know):  who owns http://ubuntuserver.wordpress.com/
<robbiew> ?
<Daviey> robbiew: we do :)
<Daviey> robbiew: that is our "offical blog"
<robbiew> needs updated branding then ;)
<Daviey> (Many of us would, you know, prefer a blog hosted via ubuntu server :)
 * robbiew adds the wiki to his list of cleanups....whoohoo!
<Daviey> living the dream... :)
<hggdh> Daviey: I would even say *all* of us ;-)
<hggdh> Daviey: BTW -- kees' build works on AMD64
<hggdh> just finished the test
<hggdh> now... for i386
<Daviey> hggdh: passed the test run?
<hggdh> Daviey: sir, yes sir
<Daviey> hggdh: you rock.
<hggdh> now... download the i386 mav iso locally, upload the beast to the rig, install
<hggdh> why, oh why can't we get direct access to the ISO servers?
<Daviey> hggdh: I'm sure you can if you put in an RT
<Daviey> i added an RT for ppa archive access, and they granted that :)_
<hggdh> Daviey: nowadays we use akamai for trhe official ISO downloads
<hggdh> I am not sure how IS would react if we ask for it
<Daviey> hggdh: There are still plenty of non-akamai mirrors, tho?
<hggdh> IDK
<hggdh> probably it will be easier to just add them ISOs to tamarind, and leave them there
<hggdh> only 15 minutes more to end uploading ;-)
<Daviey> hggdh: gb.releases.ubuntu.com looks good to me :)
<hggdh> Daviey: hum. Being local, it is probably not a bad one...
<Daviey> :)
<hggdh> yeah, I will open a RT on iy
<Daviey> groovy
<Daviey> eek, hide - it's skaet
 * hggdh is just gone
<skaet> lol,  no release happening for a while....   you're safe ;)
<jpds> Daviey: Good.
<Daviey> skaet: :)
<Lars_G> Hey all.
 * hggdh is back
<Lars_G> Question, is there an offitial package that comes with all the schemas that are not included with slapd? like openssh.schema? and preferably if they're on the .ldif format used by the newer system already....
<Delemas> I have various Ubuntu 10.04 VMs built with vmbuilder. They respond to a virsh shutdown domainname issued on the host. Self build VMs ignore all similar commands, despite having similar packages. Can anyone tell me what listens for virsh shutdown commands in Ubuntu guests?
<hggdh> JamesPage: I am considering adding 'DEBCONF_DEBUG=developer' to the PXE boot on ubuntu-server-testing, do you mind?
<hggdh> JamesPage: I am having some issues on d-i, and I think having it there will not hurt if we find others later
<Delemas> Lars_G, I doubt it. I had to search for them. For example samba had some bits in the samba-doc package...
<Lars_G> meh
<Lars_G> it's as evil as finding MIBs then
<Lars_G> thanks Delemas
<hggdh> well, at least the MIBS are in snmp-mibs-downloader
<zul> Daviey: you said you had a hack for cobbler check?
<Daviey> zul: i had one that was in place, yeah
<zul> Daviey: can i see it?
<Daviey> zul: hmm... it's gonna be easy for you/me to regenerate tbh
<Daviey> it was a patch i wouldn't commit iirc
<zul> :(
<raubvogel> If you are doing virtual mail domains in postfix in ubuntu, is there a specific path for where the mailbox directory goes?  I have been using /var/spool/vmail but in https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto they use /home/vmail. Which one is the expected path for ubuntu?
<Delemas> Apparently shutdown only works properly if acpid is installed.
<toast018> O Nooooos Cannot initiate the connection to archive.ubuntu.com:80 (91.189.88.31). - connect (99 Cannot assign requested address) [IP: 91.189.88.31 80]
<a_ok2> are the settings in /etc/iscsi/iscsid.conf actually used when doing an iSCSI boot?
<coxn> lvm question. I've got an LV that claims "2" in the Open column, but it's not in /proc/mounts, I've already deleted the virtual machine that was using it as its disk, no kvm sessions are hanging, fuser doesn't show anything.... I'm running out of ideas as to how this could be open.
<coxn> # dmsetup info -c raid10-bootvm
<coxn> Name             Maj Min Stat Open Targ Event  UUID
<coxn> raid10-bootvm    251   3 L--w    2    1      0 LVM-9x3W5fj2SMJZwScutUEv7EWL3JaRfnWCwolLpVI2S8e9JAXoY9yqoszOekKSGYNH
<coxn> I dispute this                  ^
<coxn> I'd like to remove this LV, and I'm stuck. Several people have suggested a reboot or a vgchange -an for the whole volume group, but neither of those is palatable since there are other (running) VMs on the box.
<coxn> example: # lvchange -an raid10/bootvm
<coxn>   LV raid10/bootvm in use: not deactivating
<coxn> I'd like to know what tools (eg. fuser, lsof) I should be using (and how) so that I can kill whatever it is that's hanging onto that LV
<coxn> or at least know how it's getting hung if not fix it.
<hggdh> please pardon my ignorance, but why is ntfs-3g included in the basic server install?
<zul> if you want to mount ntfs partitions on your server maybe? :)
<patdk-wk> no idea, I remove it :)
<leonardopires> hi friends
<leonardopires> i have 2 ubuntu + kvm running guest os
<leonardopires> whats the tool for cluster this 2 physical ubuntu machines?
<leonardopires> im was looking for ganetti...
<leonardopires> but ganetti dont have full support from ubuntu...
<hggdh> zul: how many servers have you seen that mount a NTFS partition?
<zul> hggdh: none but i think that was pre ubuntu-server team
<ScottK> hggdh: It's not harmful just sitting there.
<hggdh> ScottK: I do not disagree, but are we not looking to more space in the ISO?
<ScottK> hggdh: Also it's in the Standard seed, so to remove it from Server, it would have to be removed from that seed and then explicitly seeded in the desktop flavours that want it.
<ScottK> It's not very big: Size: 91354
<zul> kirkland SpamapS: http://people.canonical.com/~chucks/2010-12-15_124012_import.log
<kirkland> zul: ooooh, getting close :-)
<ivoks> what can one do when mysql takes ages to finish the query?
<ivoks> is it possible to automatically kill that query after some_time
<hggdh> ScottK: thank you
<smoser> jdstrand, do you have a security test suite for kernel ?
<smoser> looking primarily to test for lack of major regression.
<smoser> (i'm asking the security team in general, mdeslaur kees )
<hggdh> smoser: qa-regression-testing
<kees> smoser: are you familiar with the qa-regression-testing bzr tree?
<kees> smoser: hggdh can show you were we put our tests. :)
 * kees goes afk again
<smoser> thanks kees
<smoser> hggdh, thanks.
<smoser> so, hggdh have you by chance run the current -proposed for maverick ?
<smoser> kernel
<hggdh> smoser: b co lp:qa-regression-testing, then look at ./scripts/test-kernel*.py
<hggdh> smoser: I have not, but pedro_ was doing it
<hggdh> s/b co/bzr co/
<RoyK> hi all. how can I report the physical ethernet speed?
<RoyK> the nic is gigE, so is the switch, I just want to see what is being used...
<jmedina> you can use ethtool ethX
<RoyK> jmedina: thanks
<jmedina> RoyK: probably this is interesting to you: http://datatag.web.cern.ch/datatag/howto/tcp.html
<RoyK> jmedina: seems that article is rather old - most new stuff is tuned to support gigE quite well out of the box
<RoyK> also, pci-x isn't very hot anymore either
<jmedina> RoyK: ok :)
 * RoyK has two 100TB boxes hooked up with 10gigE
<RoyK> btw. 10gigE on PCI-X would't be much fun
<patdk-wk> pci-x (66mhz) supports 8gbit (one way) :)
<patdk-wk> so really, pci-x 133mhz by itself could do 10gbit nic, but it would be maxed out
<RoyK> 133MHz 64bit is _theoritaclly_ 8,5Gbps, but for old PCI, add a spoonful of two of overhead
<patdk-wk> well, I can push 980mbit over pci, 32bit 33mhz
<patdk-wk> that is damn well close to the pci limit
<RoyK> most pci is pci 2.3, though, which is 66MHz
<RoyK> but then, why bother :P
<patdk-wk> oh, my pci isn't even pci 2.0 :)
<patdk-wk> that I did that test on
<RoyK> patdk-wk: 1996 hardware?
<RoyK> :)
<patdk-wk> yep
<i0nic> hi does this cron look right for every 5 minuts ? */5 * * *  echo 'Hello'?
<patdk-wk> it was available, and I was bored
<RoyK> i0nic: yes
<i0nic> im new to cron, just trying to understand it
<Pici> i0nic: Yes.  But where are you echoing to?
<i0nic> RoyK: thanks
<patdk-wk> but that was using jumbo packets :)
<RoyK> Pici: that one'll echo to stdout, which will send an email to the owner
<i0nic> Pici: would that not echo to my terminal if I am logged into the user that the cronjob is under?
<Pici> RoyK: exactly.
<Pici> i0nic: No, what RoyK just said will happen.
<i0nic> ahh
<i0nic> how would I echo to the terminal?
<Pici> Usually?  You wouldn't.
<i0nic> is there a cron log so I can confirm the cron is running as scheduled?
<RoyK> i0nic: why would it know which terminal to echo that to?
<patdk-wk> write or writevt :)
<RoyK> i0nic: you could always do something like echo wtf > /dev/console
<i0nic> ahh nice
<Pici> i0nic: It should drop an entry into /var/log/auth.log
<patdk-wk> my brother loves write, I ban him from it
<i0nic> looks like cron runs as UID 0?
<i0nic> is there anyway to make it run as the user its been scheduled under?
<QAH> Hi everyone!
<QAH> I have a question about Ubuntu Elastic cloud. Does it do virtualization like VMWare Server or something? What would be advantages to using it for a home server?
<i0nic> the only reason I can think of for having a virtualized home server is if you have the power.
<i0nic> and you wanted the multiple machines
<QAH> So UEC can virtualize?
<QAH> Because I always see that install option when installing Ubuntu Server, but I never realized what it really was.
<baggar11> what program do you use to manage the virtualization cloud when using that install option?
<SpamapS> QAH: it provides an EC2 API compatible "cloud" implementation
<SpamapS> baggar11: euca2tools or ec2tools
<QAH> SpamapS: Ok. So basically it allows you to create a cloud of virtual machines correct?
<SpamapS> baggar11: or any other EC2 management utility
<SpamapS> It also has its own web interface.
<SpamapS> QAH: right
<QAH> Because EC2 is MAD expensive.
<QAH> Cool
<SpamapS> uh
<SpamapS> EC2 is $17/month for a t1.micro
<SpamapS> actually
<QAH> That includes storage and everything?
<SpamapS> EC2 is *free* for *one* t1.micro
<QAH> That doesn't include bandwidth.
<SpamapS> which is reasonably priced given what you're getting
<SpamapS> which is the equivilent of a high end colo connection to the internet
<QAH> I guess. It's just out of my price range right now.
<QAH> I'm not really hosting much.
<i0nic> S3 is the file storage
<QAH> I actually removed VMWare Server from my server because virtualization was kinda overkill for me.
<QAH> I just wanted to know if UEC virtualized.
<i0nic> EC2 is typically used for off loading resources onto
<i0nic> UEC does not create virtualized servers.
<i0nic> Xen would be a program that does that.
<QAH> i0nic: ???
<QAH> Oh
<QAH> That's what I was asking.
<QAH> So basically, UEC just allows you to share the workload among different computers?
<QAH> I'm kinda confused as to its true purpose.
<panfist> i have a printer shared with cups. i have connected to it both at http://localhost:631/printers/Foo and http://my.ip:631/printers/Foo and it works fine, from the localhost
<panfist> i have tried to connect to the printer from another machine at http://my.ip:631/printers/Foo and it won't print
<panfist> here's the error log from the last two jobs i tried to send http://dpaste.com/287088/
<i0nic> QAH -> http://cssoss.wordpress.com/2010/06/22/pdf-version-of-eucalyptus-beginners-guide-uec-edition/
<QAH> Thanks
<baggar11> SpamapS: are those free tools, graphical or commandline?
<QAH> Ok. That clears up stuff. :)
<QAH> So overkill for me. :P
<uvirtbot> New bug: #690815 in openldap (main) "db_open(/var/lib/ldap/access/id2entry.bdb) failed: No such file or directory (2)" [Undecided,New] https://launchpad.net/bugs/690815
<smoser> hggdh, do you know how i run these 2 kernel tests ?
<smoser> just run them ? no args ?
<hggdh> smoser: you should not need any parms
<smoser> i'm wanting to run ./scripts/test-kernel-root-ops.py and ./scripts/test-kernel.py
<smoser> just run them, do i need to | output into tee or anything ?
<hggdh> --help would point to potential options
<hggdh> you might need to run them as root, though
<i0nic> hmmm..  "Received disconnect from IP: 2: Too many authntication failures for tablet"
<i0nic> what program is blocking tablet?
<i0nic> does ubuntu 10.04 lts have some sort of firewall installed by default?
<i0nic> besdies iptables*
<remix_tj> by default is installed iptables and his management tool ufw i0nic
<remix_tj> but set as ACCEPT ALL as default
<i0nic> who is the user voice?
<i0nic> or group i mean
<kirkland> SpamapS: so what's the output of + [clint-fewbar] Work with Cobbler development to upstream patches and coordinate release: DONE
<i0nic> ah pulse
<i0nic> im at a lost
<SpamapS> kirkland: They know we're here, 2 patches upstreamed, and some feedback on how well that went (seems like they'd prefer that we send them git formatted patches)
<SpamapS> kirkland: Hopefully also they'll provide some thoughts on 2.1 and when we can expect a 2.1.0
<kirkland> SpamapS: neat;  capture that in a note in the whiteboard?
<SpamapS> kirkland: done... this is cool.. its like.. it might actually work.. and be fun.. ;)
<jasonmchristos> morn'n folks using this howto https://help.ubuntu.com/10.04/serverguide/C/openvpn.html i am at the point of CONFIGURATION it says to specify the local ip , is it going to be a problem if the openVPN server I am using is on DHCP?
<SpamapS> jasonmchristos: only if your IP changes
<jasonmchristos> this is a problem
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<SpamapS> jasonmchristos: you may be able to specify it as a hostname and restart the service.. but IIRC, openvpn needs to know what its IP address is to act as a server.
<gholms> smoser: ping
<smoser> gholms, here
<gholms> How would you feel about cloud-init stuff shelling out to PK instead of apt wherever possible so stuff is more portable?
<smoser> PK ?
<gholms> PackageKit
<gholms> I'm thinking pkcon, its CLI.
<smoser> i've never used it.
<smoser> the 2 thoughts i would have are a.) its not in our images right now, so we'd have to get it there
<smoser> b.) there are some options that i pass to apt to make it really not prompt me (as thats just not going to work)
<smoser> and i'd hae to be able to do the same through pkcon
<smoser> also, you're aware that amazon did some work on cloud-init to make it non-ubutnu specific, right?
<gholms> IIRC, I was a little disappointed with how they did it, but yeah, I saw that.
<gholms> I just figured I would ask if you would have any philosophical objections or anything before I start working on a PoC.
<smoser> gholms, no i do not have any real objections
<gholms> Okee dokee.  Thanks.
<smoser> i've not looked extensively at the amazon changes, and i know that they weren't 100% happy with them either.
<gholms> It's been a while since I looked at their changes, but IIRC they basically just directly called pieces.
<gholms> I also have to figure out how to deal with disappearing disks since nobootwait isn't portable.  :-\
<SirDerigo> hi people
<uvirtbot> New bug: #606373 in cloud-init (main) "cloud-init output does not get to console when booted with pv-grub and ramdisk" [High,Fix released] https://launchpad.net/bugs/606373
<geekbri> so if you damage your /etc/passwd file there is no way to copy over /etc/passwd- back to /etc/passwd without booting into single user mode is there?
<jmedina> I have always restores passwd- on a running system without problems
<hggdh> duh. There I am, running a test on UEC with 5 NCs. Test is taking an awfully long time... and I noticed I had not powered on the NCs :-(
<jmedina> even in runlevel 2
<geekbri> jmedina: hrm?
<geekbri> jmedina: the problem is i can't SU because the passwd file is damaged so i dont have access to copy the file over
<jmedina> what about ssh?
<jmedina> well only if you have root access
<Lars_G> Question, is there any advantage to a 64 Bit kernel other than accessing over 4Gb of ram? something that I think pae in i386 mode can do anyhow.....
<The_Tick> Lars_G: google is your friend here
<The_Tick> lots of information on the pros and cons
<baggar11> I'm pretty sure 32bit linux can access over 4gb of ram
<The_Tick> I'm pretty sure 64 bit can access a ton more than 32 bit
<The_Tick> and that there are other benefits to 64 bit
<baggar11> for sure
<lenios> 32 bit can access a lot of memory with a pae kernel, it's a little slower though
<lenios> 64 bit should be the choice if hardware is capable
<patdk-lap> lenios, I have cpu's that can do 64bit, but not pae
<lenios> if your cpu is 64 capable, go with 64 bit
<lenios> it's default on server, anyway
<gallamine> hello, i'm a first time AWS user and I'm trying to get a Ubuntu image installed
<gallamine> when i run 'ec2-run-instances', as per the instructions on the Ubuntu website I get the error, "the AMI ID does not exist"
<gallamine> while the AMI is shown here:
<gallamine> http://uec-images.ubuntu.com/maverick/current/
<gallamine> ah ha! i was using a AMI from the wrong region
<gallamine> when i attemp to ssh into my aws instance, it asks for my passphrase
<gallamine> there is nothing in the instructions here (https://help.ubuntu.com/community/EC2StartersGuide) that mention this
<gallamine> any ideas whati've done wrong?
<gallamine> I'm on step #4
<jasonmchristos> looks likr you have to have static ip for openVPN config?
#ubuntu-server 2010-12-16
<twb> I don't see why
<twb> Admittedly I've never tried it with a dynamic IP on the hub.
<hggdh> kees: go ahead and publich eucalyptus, all is good
<kees> hggdh: thanks
<twb> Can anyone easily tell me when mountall-varrun.conf was added to lucid?
<twb> That is, /etc/init/mountall-varrun.conf
<timholum1> hello, I know ubuntu-cloud require's 2 server's to run, Does it require them to be in the same location? I am asking becouse I am looking at renting some rackspace from a company, and i would rather have only one server there
<twb> Hmm, changelog claims mountall 2.0
<patdk-lap> timholum1, 3 as far as I know :)
<patdk-lap> I dunno the real names, but, a director, a storage node, and a machine node
<timholum1> patdk-lap: I thought I read someware basicly just a management node, and a machine node
<patdk-lap> cluster controller, storage controller, and node controllers
<patdk-lap> your missing the storage node then that actually has the harddrives
<patdk-lap> but in the example you where reading they might of loaded both of them onto the same machine
<timholum1> ahh, ok. hmm I might have to look at a different option then :(
<timholum1> maybe install xen or kvm and find a web interface that can manage them
<patdk-lap> ya, looks like the smallest setup is two machines
<patdk-lap> one runs everything, except the node controller
<patdk-lap> so that means the cluster controller also has the storage controller on it
<timholum1> and I suppose that would not be the best performance over the net :)
<patdk-lap> depends :)
<timholum1> ( internet not network :) )
<patdk-lap> oh defently not :)
<timholum1> ya, I am defenetly going to have to look into a solution all in one box
<timholum1> my current budget for the project is about $3k and the solution has to be rackmounted in less then 2U's
<patdk-lap> heh, you can get 4 systems in a 2u case
<patdk-lap> but your talking about 12-20k
<patdk-lap> I guess you might be able to find a dual system case somewhere
<patdk-lap> or just use 2 1u servers
<timholum1> :) ya if I had 12 - 20k I could build some awsome server's
<timholum1> ya, but then I am wasting about 1k on a server that is only going to manage the other one,
<patdk-lap> then your not building a cloud :)
<timholum1> I already have the server picked out I want :) dual 8 core amd opteron with 32G of ram :)
<patdk-lap> a cloud has several nodes, plus one or more that checks that the nodes work, and failover them as needed
<timholum1> well it does not have to be a cloud persay, just a machine that has the ability to run vm's
<timholum1> :)
<patdk-lap> well, just install kvm :)
<timholum1> Citrix Xenserver would actuly meet all of my requirements
<patdk-lap> xen is slow :(
<timholum1> buy ya I am leaning tword kvm as well
<patdk-lap> kvm is fast, just run through memory quick
<timholum1> I thought kvm was better with memory management then xen
<patdk-lap> it may be better at it, but it still can't overcommit
<timholum1> :(
<patdk-lap> xen has some limited overcommit support
<timholum1> O well over commit is not a deal braker at this point
<patdk-lap> atleast kvm has memory dedup, that helps alittle
<timholum1> I am mostly interested in performance
<timholum1> the server I want has 32G and is upgradable to 128G which is plenty for what I am going to be running
<lucasreborn> hi guys, i have a ubuntu server 10.04 installed running tomcat and postgres, and sometimes the network hang up, cannot ping, it's not acessible at all
<patdk-lap> remember, your are unlikely to ever upgrade it past half of what it is able to do
<patdk-lap> due to memory pricing of the largest density ram being ungodly expensive, and well, replaced with something else quickly
<timholum1> I am going to be running 1-2 email server 1-2 asterisk server and 4 -6 lamp servers
<patdk-lap> hmm, I wonder how asterisk works in a vm these days
<timholum1> works great
<patdk-lap> I did not like it at all, a few years ago, only raw hardware
<timholum1> I am using voip.ms as a phone provider
<timholum1> so they have the tie in with the phone system
<timholum1> I just set up an IAX channel to them
<timholum1> my virtual server ( through rackspace cloud ) version of asterisk actuly sounds better then my in house one
<timholum1> my in house one is running asterisk 1.4 and my cloud one is running 1.8 so that is probably why
<lucasreborn> hi guys, i have a ubuntu server 10.04 installed running tomcat and postgres, and sometimes the network hang up, cannot ping, it's not acessible at all
<timholum1> lucasreborn: have you tested your nic and switch?
<lucasreborn> yeah
<lucasreborn> separetely i have another fileserver, and a another firewall
<lucasreborn> it's just my webserver
<lucasreborn> i need to do networking restart every time;
<timholum1> hmm
<lucasreborn> sometimes appear at the console: error in task cp:"pid", task blocked for 120 seconds, or something like this
<lucasreborn> it's so randomly
<lucasreborn> what would be your test?
<timholum1> when it happens how much free memory do you have?
<timholum1> and how close to full is your disk?
<lucasreborn> my disk usage is 8%, i have a NFS server with all data, using ~5% atm
<lucasreborn> i have 8gb, most of time, have 1gb free.
<lucasreborn> i fix doing a networking restart, have something to do about memory?
<timholum1> I have just seen used up memory and used up disk space do some weired errors before
<timholum1> and unfortuanatly I have never run tomcat or postgresql.
<timholum1> plus 95% of my servers are centos, I just came in this room to research ubuntu-cloud
<lucasreborn> what you mean "testing nic or switch"?
<lucasreborn> i mean, how to do a good testing?
<timholum1> I would personaly go into /var/log and poke around in the log files, look for things around the same time that your network went donw
<timholum1> I would also run memtest and a hardrive test on the system, just to eliminate bad hardware ( which can cause a ton of weired issues )
<timholum1> for memtest and a bunch of hardrive tests google for ultimate boot cd
<lucasreborn_> [23:49] <lucasreborn> what you mean "testing nic or switch"? [23:49] <lucasreborn> i mean, how to do a good testing
<timholum1> the switch does not apper to be the culprate due to you having other systems on that same switch that do not go down
<timholum1> on the nic, if I susspect a bad nic, I just replace it and see if it fixes the issue
<lucasreborn_> it's a Dell PowerEdge server nic.
<lucasreborn_> wth.
<timholum1> most dell poweredge servers have 2 ports on the back, I would try to plug in your nic to the second one,
<timholum1> make sure to set the same ip to it
<timholum1> If I remember back a while correctly, I think I ran into an issue once on one of my ubuntu desktop's that I set a static ip in after a dynamic ip that the route would keep getting erased on me.
<SpamapS> lucasreborn_: that "task blocked for 120 seconds" stuff is usually caused by disk problems
<SpamapS> lucasreborn_: though, are you using NFS?
<lucasreborn_> i'm using NFS to store website data
<lucasreborn_> it's a problem?
<lucasreborn_> a disk problem could cause the server freezes up completely, but needing just a networking restart to get it all working back again?
<lucasreborn_> this server was runnning about 15 days without problem, and problems appeared when both disks was full, but i did a clean install now, and the problem persists
<SpamapS> lucasreborn_: right, so NFS issues that are solved by a networking restart would also cause that 120 seconds error
<lucasreborn_> but it's not a nfs issue.
<SpamapS> the cp isn't touching any NFS mounts?
<lucasreborn_> no, i don't run a cp task
<lucasreborn_> the nfs mount is dedicated to tomcat, reading and writing.
<SpamapS> lucasreborn_: ok.. either way.. I'd suspect NFS problems due to network problems
<lucasreborn_> ok
<SpamapS> lucasreborn_: are you hooked up to a switch with auto-sense for the port speed?
<lucasreborn_> i'll umount the nfs filesystem, and work a bit without him
<lucasreborn_> yeah, a crappy dlink des 1008d
<lucasreborn_> i'm just the trainee..
<SpamapS> lucasreborn_: sometimes autosense fails with nicer switches.. it can help to specify the exact speed you want
<SpamapS> I've always found that odd, but cheap switches seem to do a better job of autosensing
<twb> is NFS mounted -ohard or -ointr?
<lucasreborn_> i don't have the exact mount cfg
<lucasreborn_> i will try to verify from here
<lucasreborn_> i'm at home
<lucasreborn_> i think is intr
<lucasreborn_> how to specify port speed?
<lucasreborn_> it's a gigabit nic connected to a fast nic
<lucasreborn_> maybe that difference is causing the freeze
<twb> lucasreborn_: pastebin the contents of /proc/mounts and /etc/nsswitch.conf on the client.
<lucasreborn_> guys
<lucasreborn_> thanks for helpinh
<lucasreborn_> here are the logs
<lucasreborn_> http://paste.ubuntu.com/544256/
<lucasreborn_> are you there guys?
<william_a> hello
<william_a> I have a little question
<SpamapS> lucasreborn_: sorry we're all kind of in and out between other tasks.
<william_a> who could help me
<SpamapS> william_a: just ask, sometimes it takes people a while to respond
<lucasreborn_> i'll be here waiting, ok? just don't forget
<SpamapS> lucasreborn_: just looking at your paste.. it does look like the link is dying
<william_a> I'm running my ubuntu server 9.10 without monitor. Sometimes when I want to look what happen, I need to plug the monitor. But after the monitor plugged, it shows blank screen. It works if I restart the server with the monitor attached. Maybe some configuration I missed?
<twb> lucasreborn_: did you try just putting a new cat5e cable in?
<SpamapS> lucasreborn_: I'd try ethtool -s eth0 speed 100 duplex full
<SpamapS> if it stops dropping, then you'll want to run that on ifup
<SpamapS> ooo mysql 5.5 GA!!
<SpamapS> lucasreborn_: I'm off ... good luck
<twb> There must be a better way than that
<twb> ip link set maybe
<lucasreborn_> hmm
<lucasreborn_> any other suggestions?
<lucasreborn_> william
<lucasreborn_> did you just try to press enter when you attach the monitor?
<william_a> yes
<william_a> enter
<william_a> numlock
<william_a> everything
<lucasreborn_> hmm
<lucasreborn_> i don't know anything about server
<lucasreborn_> i would boot my system with monitor attached and when needed reattach
<lucasreborn_> this way the monitor is "pre-loaded
<twb> william_a: that's just how PC video works, you can't do anything about that.
<lucasreborn_> it's a true server?
<twb> william_a: the BIOS is saying something like "hm, no monitor is plugged in.  Therefore I will disable this video output."
<lucasreborn_> i remember a option in bios postback video after resume, or something like this
<twb> It depends on the BIOS, of course.
<lucasreborn_> indeed.
<lucasreborn_> sorry guys for bad english
<lucasreborn_> self taught
<william_a> I remembered I can attach my monitor anytime with my older version of ubuntu
<william_a> maybe it's different hardware
<lucasreborn_> or a different driver/config
<lucasreborn_> try to find in google
<lucasreborn_> something that persists the driver loading etc.
<Igoru> can't stop mysql via 'sudo service mysql stop' and /var/log/mysql.err and mysql.log are empty. any idea about where i could start investigating the problem?
<lucasreborn_> tried mysqld?
<william_a> about twb reply, I'm thinking about dummy monitor that might cheat bios pretend that there is monitor plugged
<lucasreborn_> or /etc/init.d/mysqld restart?
<william_a> is there any?
<lucasreborn_> sure there is (noob talking)
<Igoru> mysqld restart cant stop it too
<twb> william_a: that's called a KVM
<william_a> Igoru: in ubuntu, log are stored in syslog
<Igoru> it tries to stop, fails. then tries to start, and says OK.
<twb> You can get a cheap four-port one for aroudn $20
<william_a> kvm.. it's software, right?
<lucasreborn_> no
<lucasreborn_> it's a hardware
<lucasreborn_> you can manage multiple pc's with one mouse, keyboard and monitor.
<lucasreborn_> it's a "switcher"
<Igoru> william_a i tried $ dmesg, but there's nothing about mysql there
<william_a> igoru: try cat /etc/log/syslog | tail
<Igoru> william_a this file doesnt exist o_O
<Igoru> i'm running ubuntu desktop 9.10
<lucasreborn_> it's /var/log/syslog
<william_a> I'm sorry, yes it's /var not /etc
<william_a> thanks lucas
<Igoru> Dec 16 01:08:55 igoru-ubuntu kernel: [87939.007575] type=1503 audit(1292468935.492:68): operation="open" pid=25051 parent=25050 profile="/usr/sbin/mysqld" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/sys/devices/system/cpu/"
<lucasreborn_> please
<lucasreborn_> pastebin in http://paste.ubuntu.com the cat /var/log/syslog and /var/log/dmesg last lines.
<qman__> william_a, the problem is not the monitor, it's the screen saver
<qman__> if you are using a PS/2 keyboard, you have to have one plugged in while the system boots or it won't work
<Igoru> sorry lucasreborn_, http://paste.ubuntu.com/544268/
<qman__> the workaround is leaving it in all the time, or using a USB
<william_a> qman_: the keyboard is plugged all the time
<qman__> what sort of graphics hardware are you using? onboard/discrete, VGA/DVI/etc
<qman__> it could be initializing the wrong connector or device
<jasonmchristos> In the openvpn.conf file it says that the listen address is optional if i do not specify an address as the ubuntu server docs suggest what is the effect will it listen on all interfaces specifying an address becomes a problem when using dhcp
<william_a> it's a PCI Express card VGA
<lucasreborn_> set your dhcp to lease always the sampe IP
<william_a> not sure about the brand
<qman__> william_a, does your system also have onboard graphics? if so, make sure it's disabled
<lucasreborn_> Igoru, these are all the lines?
<qman__> also, does your keyboard's indicators light up with the numlock, capslock, scroll lock keys?
<Igoru> lucasreborn_ yeah... before those there are just repetitions, 'cos i tried the commands a couple of times
<Igoru> those line keep repeating for every time i try to stop mysql
<qman__> jasonmchristos, that could be worked around with the firewall, just listen on all interfaces but configure the firewall to only accept connections from the desired interface
<uvirtbot> New bug: #690924 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/690924
<william_a> qman: when I've plug the monitor and it shows blank screen, I always tried to press numlock key to see if the server crash, the light is responded well
<lucasreborn_> did you mess up the logins etc?
<lucasreborn_> sounds like this
<lucasreborn_> i'm a begineer
<lucasreborn_> i'm afraid i can't help you, sorry.
<Igoru> haha ty anyway, lucasreborn_
<lucasreborn_> Igoru, sound like a permission or something
<Igoru> i'm a kind of noob too. and i cant imagine how i could mess up with login if i'm trying to stop the service.
<Igoru> and i'm always using sudo.
<lucasreborn_> did you installed mysql via apt-get or build manually/
<Igoru> apt
<Igoru> i had this kind of problem some time before, when updating mysql
<Igoru> the solution was killing mysql process, updating, and then restarting it
<lucasreborn_> but the database works?
<qman__> william_a, then it's definitely the graphics, somehow
<Igoru> yes yes
<Igoru> i use it everyday
<qman__> not sure if it's using the wrong one or if it's trying to be smart and not initialize because there is no monitor
<qman__> would be fixed with a KVM switch
<lucasreborn_> he could force initialisation ?
<uvirtbot> New bug: #690925 in mysql-5.1 (main) "Package MySQL 5.5.x for Natty" [Undecided,New] https://launchpad.net/bugs/690925
<lucasreborn_> but when you kill mysql process probably you're disconnecting something is connected.
<qman__> I haven't experienced this problem, and I do basically the same thing on several machines
<william_a> igoru: not sure, but you could check here: https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/448656
<Igoru> lucasreborn_ what do u mean? i killed it with htop and then started with service start
<uvirtbot> Launchpad bug 448656 in mysql-dfsg-5.1 "CPU information is inaccessible for MySQL (dup-of: 444479)" [Medium,Triaged]
<uvirtbot> Launchpad bug 444479 in mysql-dfsg-5.1 "missing apparmor access rule " [Medium,Fix released]
<lucasreborn_> igoru, check that link
<lucasreborn_> it's the problem you're having
<lucasreborn_> change the permission and owners of mysql using folders by chown
<Igoru> lucasreborn_ william_a reading, i think it will solve my problem. [noob speaking] but what is apparmor?
<lucasreborn_> same question here
<lucasreborn_> i'll search and post asap
<qman__> lucasreborn_, your issue looks like a hardware problem of some kind to me
<qman__> bad switch, cable, NIC, NIC driver, somethign
<lucasreborn_> https://wiki.ubuntu.com/AppArmor
<qman__> if you notice, eth1 keeps coming online right before/after your NFS drops
<lucasreborn_> this problem appeared after 15 days of uptime
<lucasreborn_> i'm really thinking it's that damn switch
<william_a> I'm out... thanks for the help everybody and good bye..
<lucasreborn_> this shit appeared suddenly
<lucasreborn_> good night william
<Igoru> g'night and thanks william_a! :D
<jasonmchristos> qman__: ok very good i didnt want to specify the ip anyway as i am on dhcp
<qman__> lucasreborn_, don't ignore the possibility of the NIC though, my file server's onboard NIC suddenly failed recently
<qman__> of course it was more obvious, since the forcedeth driver was filling the logs with garbage
<lucasreborn_> hummm
<qman__> but they don't always go that way
<lucasreborn_> two noob questions
<lucasreborn_> how to change the eth number?
<qman__> test one thing at a time, figure out what it is
<lucasreborn_> example, i want my eth1 became eth8
<qman__>  /etc/udev/rules.d/70-persistent-net.rules
<lucasreborn_> there i can remove a eth too?
<qman__> that is where the auto generated MAC to eth# associations are stored
<lucasreborn_> example: i have a eth0 onboard.
<lucasreborn_> added a nic, eth1
<qman__> it's pretty self explanatory when you look at it
<lucasreborn_> changed the nic, eth2
<lucasreborn_> i want to delete the eth1 and make eth2 become eth1
<qman__> yes, that's where it is done
<lucasreborn_> perfect!
<lucasreborn_> i appreciate a lot your help
<lucasreborn_> here it's 01:36 and i need to go to bed.
<lucasreborn_> a lot of work to do
<lucasreborn_> good night y'all
<jasonmchristos> the openVPN server docs says to add this to the openvpn.conf but doesnt explain its use push "route 172.18.100.1 255.255.255.0"
<jasonmchristos> will someone please explain this too me?
<jasonmchristos> is this the gateway in regular networking?
<jasonmchristos> of "default route"?
<qman__> jasonmchristos, no, that is giving the VPN clients routes to your network
<qman__> the clients already know where the internet is, but they don't know your network, only the VPN server
<qman__> so you push routes to tell them where your network is
<uvirtbot> New bug: #690937 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/690937
<twb> What sets $FROM_SINGLE_USER_MODE in /etc/init/rc-sysvinit.conf ?
<uvirtbot> New bug: #690983 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.8 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/690983
<SpamapS> twb: Wait.. I know this one....
<twb> Never mind, it was rcS
<twb> I wanted to throw away rc-sysvinit.conf because it reads /proc/cmdline, which is wrong for my containers (/proc/cmdline isn't virtualized), but it turned out to be too much trouble
<twb> It means if I start my VM server in single mode, then leave it and continue booting, all the containers will also try to enter single mode
<SpamapS> So the question is.. do we a) have special boot code for containers, or b) virtualize /proc/cmdline ?
<SpamapS> seems like there could be compelling arguments either way
<twb> The VM people say "you should not treat us specially"
<twb> The upstart people say "if you were doing your job, we wouldn't have to"
<twb> viz. detecting when you're inside a container and behaving differently, a la $debian_chroot handling in /etc/profile
<SpamapS> well the ubuntu people sit in the middle and choose which one to snub
<twb> I think Ubuntu is pretty much in upstart's bed
<twb> sucking on its toes
<SpamapS> Upstart is just so exotic.. we can't resist.
<alvin> Is discussion about replacing upstart even possible?
<SpamapS> that discussion is most likely going to come up a few times between now and 11.10
<alvin> I'm happy to hear that.
<SpamapS> Even if we don't choose systemd or another boot "thingy" ... upstart's development has started picking up pace again.
<SpamapS> alvin: what don't you like about upstart?
<alvin> SpamapS: I don't know the ideas behind Upstart very well, but in it's current state, it is not production ready. It's the cause of a lot of boot problems. I can give examples.
<SpamapS> alvin: that would be immensely helpful
<SpamapS> I think most of the problems arise from poorly selected start on / stop on criteria
<alvin> NFS mounting (in /etc/fstab) doesn't always work since upstart. Quasselcore starts before it sees a database, mdadm can't assemble drives and libvirt starts before its netfs drives are found. Sometimes nmbd doesn't start, and sometimes nfs-kernel-server starts before portmap,.. All in all, just 'booting' or rebooting a server has become imposible. You have to reboot some daemons after the normal boot in order to have the correct boot
<alvin>  order. That is very irritating.
<alvin> (All those bugs are in Launchpad, and I experience them all)
<SpamapS> alvin: I've seen a couple of them
<alvin> At least 'file serving' should be a primary goal of Ubuntu-server. Something that should work at all times. It's not a very exotic feature.
<SpamapS> and a few are also caused by missing post-start scripts to ensure that a service is *ready* before its 'started' event is emitted
<alvin> agreed, but it's still missing and interrupting production. How can one take Ubuntu on the server serious then? The other problem is: someone needs to create these scripts and only needs to create them for Ubuntu? I don't know if the quasselcore devs will care. After all, only Ubuntu has troubles with starting their app and the database in the correct order. (for example)
<SpamapS> One could argue that this actually MIGHT have affected sysvinit as well... as most sysvinit scripts return as soon as the daemon has forked.. but because everything is in serial.. the race between fork() and listen() and connect() rarely caused problems.
<SpamapS> alvin: Are these bugs just not getting attention?
<alvin> Yes, sysvinit was only flawed in theory. So, it's a good things replacements are made. But now we have taken some steps backwards.
<SpamapS> I'm kind of surprised that upstart causes mdadm issues.. thats pretty early in the boot.
<alvin> SpamapS: I don't think they do. Let me search the numbers a bit.
<c0nv1ct> SpamapS, i don't see how it could if it is handled at the right time
<alvin> The mdadm thing might be mountall or so. I don't know the details. I do know that I have to auto-assemble my RAID everytime after boot. Soemthing that should happen automatically during boot. (after all, it works automatically afterwards)
<c0nv1ct> my rootfs is a mdadm raid1, never had an issue
<SpamapS> alvin: mdadm has been really, really neglected in ubuntu server for a while.
<SpamapS> alvin: the kernel should be detecting and assembling your raid partitions...
<alvin> c0nv1ct: It's not rootfs in my case.
<SpamapS> mdadm doesn't get involved unless there are problems.
<c0nv1ct> alvin, it shouldn't matter really, they can all be assembled at the same time
<c0nv1ct> the kernel should really be handling that, not your init
<alvin> mdadm stuff: bug 27037 and bug 599135
<uvirtbot> Launchpad bug 27037 in linux "mdadm cannot assemble array as cannot open drive with O_EXCL" [Medium,Fix released] https://launchpad.net/bugs/27037
<uvirtbot> Launchpad bug 599135 in mdadm "mdadm cannot assemble array" [Undecided,New] https://launchpad.net/bugs/599135
<alvin> Quasselcore: bug 612729
<uvirtbot> Launchpad bug 612729 in quassel "quasselcore does not connect to database at boot" [Undecided,Expired] https://launchpad.net/bugs/612729
<alvin> NFS: bug 540637
<uvirtbot> Launchpad bug 540637 in nfs-utils "nfs-kernel-server fails to start after kernel upgrade" [High,Triaged] https://launchpad.net/bugs/540637
<alvin> and bug 540637
<c0nv1ct> hmm, havent ran into that one, then again i do have a pending reboot for a kernel update
<alvin> no, scrap that last one
<SpamapS> alvin: with mdadm.. I really don't think upstart is at fault for your drive disappearing.
<alvin> It doesn't always happen. The solution is: service nfs-kernel-server stop; service portmap stop; service portmap start (yes, no restart) and service nfs-kernel-server start
<SpamapS> alvin: unless you're using some kind of hotplug
<alvin> SpamapS: No hotplug. Upstart might not be at fault. Still, this has worked and no longer does.
<alvin> I even took a backup and recreated the RAID
<SpamapS> alvin: Right, the mdadm user space tools were allowed to lag WAY behind upstream for some reason
<SpamapS> alvin: looking at the NFS upstart jobs
<alvin> I'm happy that someone is looking into it. I had the feeling that NFS was being neglected (not only in Ubuntu) in favour of Samba for file sharing between linux machines.
<SpamapS> alvin: IMO, they accomplish entirely different things
<SpamapS> n
<alvin> Agreed
<SpamapS> alvin: right, so the quassel problem, btw, is caused by /etc/init/rc-sysinit.conf .. This is one that drives me nuts too.. net-device-up IFACE=lo means that you may not have eth0 up yet.
<alvin> and that's a problem, because the database is on another (virtual) server
<alvin> So, quassel doesn't see the database and asks the first user to create one.
<SpamapS> alvin: right, I haven't come up with a good generic solution to that. The workaround is to change rc-sysinit.conf to bring up init.d scripts on IFACE!=lo
<alvin> I see how that could work. Now I'm thinking where there could be trouble with that scenario
<SpamapS> alvin: because its an AND with filesystem.. there is one danger.. that the ifup script will get stuck waiting forever
<alvin> So, if your network card can't go up. You're screwed
<SpamapS> alvin: but no, ifup doesn't wait for net-device-up
<SpamapS> alvin: so yeah, it should be fine
<SpamapS> alvin: actually I think the NFS bug might be the same issue
<alvin> Yes, and it's definately worth a try. Thanks. I can't test now because too many users are using the servers, but I'll write it down for the next reboot.
<SpamapS> actually
<SpamapS> portmap will always come up before runlevel2 is triggered
<SpamapS> virtual-filesystems always happens before filesystems
<alvin> Ah, but I would want libvirt to wait for netfs filesystems before trying to start (and fail) machines that use those netfs filesystems. I forgot to give the bug number. Let's see
<SpamapS> virtual-filesystems is /proc, /sys, stuff like that
<alvin> bug 491273
<uvirtbot> Launchpad bug 491273 in libvirt "netfs storage pools are not autostarted at boot (karmic) (dup-of: 351307)" [Undecided,New] https://launchpad.net/bugs/491273
<uvirtbot> Launchpad bug 351307 in libvirt "Libvirt NFS mount on boot." [Low,Incomplete] https://launchpad.net/bugs/351307
<alvin> SpamapS: oops, ok
<SpamapS> it goes virtual -> local -> remote -> all
<SpamapS> alvin: btw, THANK YOU for reporting bugs like this. :)
<alvin> Remote fs can also be virtual :-) in another sense.
<alvin> yeah, I'm just a user (of a lot of different servers). Sometimes I wonder why other people do not run into stuff like that. (Well, they do, but not as much as I would think)
<SpamapS> alvin: well , know that its appreciated.. and we're trying as hard as we can to get stuff fixed in new releases and push what fixes we can into the stable release.
<alvin> I'm glad it's appreciated and that someone takes care of the reports. Should I change the 'expired' status of the Quasselcore one to 'new'?
<SpamapS> the libvirt one doesn't make much sense either actually
<SpamapS> libvirt starts at runlevel 2.. which is triggered by filesystem + net-device-up IFACE=lo ...
<SpamapS> oh wait that makes perfect sense. ;)
<alvin> Yes :-)
<SpamapS> hmm.. tho I thought filesystem was only triggered when all (remote, virtual, and local) were mounted
 * SpamapS is reading mountall's code and doesn't understand
<alvin> libvirt takes care of mounting itself. It's called 'storage pools'
<SpamapS> alvin: ah, so the NFS filesystems might not be auto-mount ?
<alvin> You can also mount NFS drives in /etc/fstab and tell libvirt it's a 'dir storage pool'. The problem is that if your network is a bit slow in coming up (don't know how to tell it), your NFS drives might not be mounted. Now, this problem is better, but I still see it from time to time.
<alvin> SpamapS: True. libvirt actually does the mounting when the daemon starts.
<SpamapS> alvin: so then its possible that filesystem triggered before eth0 came up
<alvin> Exactly
<alvin> I haven't tried iscsi. Libvirt can manage iscsi as well
<SpamapS> alvin: this is the focus of something I'm proposing right now actually..
<twb> alvin: isn't that an upstart issue?
<SpamapS> alvin: that we have one file.. /etc/init/network-services.conf  .. that defines when everything else gets started..
<alvin> Actually, that happens every time. The network is never up before libvirt.
<twb> i.e. just tell the libvirt job to depend on the network-filesystem job
<SpamapS> alvin: but, the workaround would be to have libvirt start on net-device-up IFACE=eth0
<alvin> twb: maybe it is, yes. But it's only an issue if you actually have remote storage
<alvin> SpamapS: yes (if you have remote storage)
<twb> I wasn't suggesting you'd make that change for everyone
<alvin> No, but can upstart know the difference?
<SpamapS> alvin: right, so change it from runlevel [2345] to net-device-up IFACE=eth0 ... or started networking if its a static interface.
<alvin> I'll have to set the static interfaces back one day... All my virtual servers use dhcp because of bug 446031, but that is no longer necessary.
<uvirtbot> Launchpad bug 446031 in ifupdown "statically configured network interface does not come up at boot" [High,Fix released] https://launchpad.net/bugs/446031
<SpamapS> alvin: even sysvinit will have a hard time with this one.. you just have to shove libvirt to the back of the line and hope the network is up by the time you get to it.
<SpamapS> but.. I digress.. this is why we need a single place where people can go to tweak the boot of most network services.
<alvin> Indeed!
<SpamapS> anyway
<SpamapS> 01:34 .. I should probably stop playing with upstart bugs. ;)
<alvin> Please do go on ;-) (No, it's 10:34 here. You can go to bed)
<uvirtbot> New bug: #691011 in tomcat6 (main) "package tomcat6 6.0.24-2ubuntu1.5 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 2" [Undecided,New] https://launchpad.net/bugs/691011
<_Techie_> are there any ways to share a tv tuner card across a network other than mythtv, preferably cross platform
<laen|work> We've got an Ubuntu 8.04 LTS server do-release-upgrade'd to 10.04, which rebooted perfectly fine. However, just installed the latest updates, and it's not booting anymore due to a Grub Error 24. Is that a known issue?
<krokus> 10.04, exclude php 5.2
<pmatulis> laen|work: docs show, "This error is returned if GRUB is told to execute the boot sequence without having a kernel to start."
<coconutz> hey, i registered a domain in godaddy and i want to make private name server (i have static ip and ubuntu + apache2) ... i setup in host summery a ns1.mydomain and ns2.mydomain to point to my static ip... but its wont redirect, anyone can help me out?
<pmatulis> coconutz: domain name?
<coconutz> mtoolz.org
<pmatulis> coconutz: confirmed, it doesn't resolve.  i guess you have a mistake in the DNS config
<pmatulis> coconutz: when did you make the change?
<coconutz> ?
<coconutz> 3 days ago
<coconutz> if i do a dns nameserver in go daddy i need to install bind in my home machine?
<coconutz> or godaddy do it already
<pmatulis> coconutz: godaddy is your DNS registrar as well as your DNS hosting, so no
<pmatulis> coconutz: you should open a support ticket with goddady hosting service
<coconutz> i should do hosting
<coconutz> the free hosting and then use thier dns or what?
<pmatulis> coconutz: i said 'no'
<coconutz> i need bind server?
<pmatulis> coconutz: i said 'no'
<coconutz> ok
<pmatulis> coconutz: you should open a support ticket with goddady hosting service
<pmatulis> (call godaddy)
<coconutz> k
<patdk-wk> how can I go about typing in odd chars into xterm? like 0xc0 and 0xff?
<Jeeves_> 0 x f f
<Jeeves_> Those are keys on your keyboard
<Jeeves_> Press them, and they show up
<jpds> Jeeves_: Well trolled, sir.
<Jeeves_> :P
<patdk-wk> heh
<patdk-wk> Jeeves_, just doesn't work
<patdk-wk> the byte value, not the hex :)
<Jeeves_> patdk-wk: I've got no clue which characters those are
<patdk-wk> the windows method isn't working, with alt-numkeys
<Jeeves_> patdk-wk: You can add the character applet to your gnome-toolbar
<jpds> patdk-wk: sudo apt-get install unicode; unicode 0xC0
<patdk-wk> char applet doesn't go < 0x41
<jpds> patdk-wk: Then look at UTF-16BE: and do: Ctrl-Shift-U and enter: 00c0<space>
<jpds> Ã¿
<pmatulis> Ã
<patdk-wk> control-shift-u just types u :(
<pmatulis> Ã¿
<jpds> patdk-wk: Install a better terminal? It's 2010.
<Jeeves_> jpds: :)
<jpds> I'll almost be able to say that it's 2011.
<patdk-wk> heh, jpds, thought I did :) it's lucid :)
<patdk-wk> gnome-terminal :(
<jpds> terminator++;
<patdk-wk> oh, you have to hold control-shift while typing the number also, didn't make that clear :)
<pmatulis> jpds: 2010 and Â¾ ?
<jpds> patdk-wk: Sorry.
<jpds> pmatulis: Yeahâ¢.
<pmatulis> he he
<jpds> â
<pmatulis> jpds: snowman?
<Pici> http://en.wikipedia.org/wiki/â
<pmatulis> Pici: wow, i was just guessing!
<laen|work> pmatulis: So, the normal procedure, doing apt-get upgrade, made sure the kernel wouldn't work?
<pmatulis> laen|work: i would guess that grub is currently misconfigured and is probably due to a bug.  may need to boot into a recovery session and re-install grub
<pmatulis> (re-install -> update it's config)
<garymc> Hi Guys Im looking at updating my servers. I currently have HP G3 servers. Now I ont know what to get for the update here is my choice
<garymc> Dell PowerEdge 2950 / 2 x Dual Core Xeon 1.6GHz / 4GB RAM / 2 x 300GB SAS
<garymc> or
<garymc> HP Proliant DL360 G4 / 2 x  Xeon 3.0GHz / 4 GB RAM / 4 x 146GB SCSI
 * patdk-wk has love going on for the bl490c g7's
<patdk-wk> I have two pe2950's I'm getting ready to scrap, dual core 3.0ghz 16gig ram
<Jeeves_> SCSI?
<Jeeves_> Does that still exist?
<garymc> hmmm im running on scsi now in office :S
<laen|work> pmatulis: yup, that's planned. Only problem is that the iLO and the whole HP Blade went down about 15 minutes later as well, stopped working completely. So, it's done ;p
<patdk-wk> amazingly, it does
<patdk-wk> the pe2950's where my first non-scsi servers
<Jeeves_> garymc: Still running it, ok. But can you still buy it? :)
<garymc> you selling them patdk-wk ?
<garymc> prob not jeeves but new servers cost a packet
<Jeeves_> garymc: You can a lot too :)
<patdk-wk> I doubt it, they will probably get loaded into the dev area or something
<Jeeves_> can?
<Jeeves_> gain
<patdk-wk> I wish to
<patdk-wk> or, I wish I could
<garymc> If I had to buy new what model would you recommend
<patdk-wk> depends what your needs are, and I dunno that :)
<garymc> ok Im running an LTSP server at the minute with 10 computers attached running off it
<garymc> its a little bit slow
<patdk-wk> what specs are slow about it?
<patdk-wk> cpu usage?
<patdk-wk> iowait times?
<patdk-wk> networking latency?
<robbiew> Daviey: ping
<garymc> that I dont know
<patdk-wk> then what ever replacement server you get, will be *just like* if it solves the issue :)
<patdk-wk> just luck
<garymc> ok
<garymc> I wanted 64bit as the ones we have only run 32bit software
<patdk-wk> ok, that is a requrement, but won't change any performance though
<axisys> how do I setup motd to display packages that needs to be updated ?
<axisys> is it update-motd pkg that does that ?
<[diablo]> evening
<[diablo]> anyone know if there is an Ubuntu package of pdflib please? We have a lot of legacy PHP code that currently depends on it.
<c0nv1ct> [diablo], nope, but have you tried this: http://blog.janjonas.net/2010-05-26/ubuntu-10_04-php-5_3-setup-pdflib-6-pecl
<[diablo]> hi c0nv1ct mmm problem is legacy code
<[diablo]> maybe we have to convert to php-fpdf
<[diablo]> c0nv1ct, will look at that option tho
<zul> kirkland: did you get the pxe working yet?
<kirkland> zul: not yet :-/
<zul> kirkland: whats wrong?
<kirkland> zul: i've been distracted, fixing other things
<zul> kirkland: like what?
<ncampion> who renier
<kirkland> zul: sudo breakage in natty, ssh-copy-id upstreaming, etc
<zul> k
<mdeslaur> soren: hi! Is there a way to tell vmbuilder to use virtio for disk and networking?
<kirkland> zul: i'm back looking at it now
<huerlisi> hi all
<huerlisi> trying to fix a grub2 problem
<huerlisi> afaik it all started when /boot run out of space
<huerlisi> now kernel package updates fail to run postinst hooks
<huerlisi> we did kind of ignore it
<huerlisi> but now after a reboot grub2 drops into rescue mode
<huerlisi> did boot up using ubuntu-server cd and drop into rescue mode
<huerlisi> actual problem now:
<huerlisi> 'grub-probe /' gives
<huerlisi> grub-probe: error: cannot find a device for / (is /dev mounted?).
<insomniaSalt> hi all
<mdeslaur> soren: actually, never mind...I just poked through the source. thanks!
<kirkland> zul: okay, for starters, tftpd-hpa is a "suggests"
<kirkland> zul: so I don't have that installed yet
<kirkland> zul: we might consider promoting that to a depends?
<zul> yes i already did that for rsync as well
<kirkland> zul: yeah
<kirkland> zul: what's the output of "sudo cobbler check" for you?
<zul> kirkland: im in the middle of eating lunch ill let you know
<kirkland> zul: sure thing
<kirkland> zul: i'm about to do the same
<RoAkSoAx> kirkland: ok, so this is what I've decided to do so far with PowerNap. First, revert Adam's changes from trunk, then, bump the version to 1.12 and apply all my changes for the new "PowerSave" method based on the original way of how PowerNap worked, and then release. Next release 1.13, will include the integration with Adam's monitor plugins based on the original daemon. What do you think?
<RoAkSoAx> kirkland:  \unless we should bump to 2.0 instead of 1.13
<RoAkSoAx> the next release after that will have the powerwaked daemon to track machines using PowerNap
<Frenk_> Hey where I can remove the remove check_sender_access hash:/etc/postfix/disallow_my_domain in Postfix?
<ChmEarl> getting "undefined reference to `xc_interface_open'" on natty while building xen. What libxc* should I have installed?
<ChmEarl> or any clues to where xc_interface_open should come from?
<kirkland> RoAkSoAx: i don't care much about the version ...
<kirkland> RoAkSoAx: you can bump to 2.0 if you like
<kirkland> RoAkSoAx: there's a fair amount of new stuff, so a major version bump makes sense to me
<RoAkSoAx> kirkland: ok then. Will work on that this week, and hopefully have evertyhing done by alpha 2
<kirkland> RoAkSoAx: sounds good
<RoAkSoAx> ;)
<ChmEarl> nm - its a xen interface
<jasonmchristos> QUESTION: When configure the bridge by editing /etc/network/interfaces do i have to configure the bridge with the same network ip as the openVPN server.conf to get it to work?
<uvirtbot> New bug: #691215 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/691215
<zul> SpamapS: you can add the debian iso import testing to your list now as well
<SpamapS> zul: I 'spose I should download a debian iso then. :)
<zul> SpamapS: or you can use an ubuntu iso too
 * SpamapS has quite a few of those lying around
<zul> because you can test that as well :)
 * patdk-wk wonders what exactly spamaps uses those iso's for
<SpamapS> patdk-wk: you really don't want to know. ;)
<robbiew> http://ubuntuserver.wordpress.com/
<robbiew> is rebranded!
 * robbiew loves him some GIMP!
<patdk-wk> but still on wordpress.com? :(
<robbiew> well...yeah
<robbiew> I choose to celebrate the small victories ;)
<patdk-wk> heh :)
<tarvid> where is the postfix chroot jail?
<patdk-wk> theres a chroot jail for postfix?
<dannf> /var/spool/postfix ?
<tarvid> i get mx not found errors for domains which work with dig
<tarvid> postfix cannot find bind on my server
<tarvid> guessing it is resolve.conf
<tarvid> guessing further that is a chroot problem
<tarvid> Found it - /var/spool/postfix/etc
<android60> I installed ubuntu server from a flash drive and during the installation it installed grub to the mbr of the flash drive. I have booted into the install and done "sudo grub-install /dev/sda" (positive sda is the right disk) but its not actually letting me boot from the disk after reboot
<android60> is there something im missing?
<android60> also tried live cd and doing it specifiying the root-directory=  stuff and still no go
<MTecknology> hm... tar czf file.tar.gz -C /some/base/path/to directory/*  .... should make file.tar.gz with directory/{files...} - right?
<SocAt> anyone know how i might initialize an rtsp video stream to a specific port without using vlc?
<sparc> Hi I'm a redhat customer, and i'm trying to address concerns that redhat is "old" by looking at Ubuntu
<sparc> I'm concerned that Ubuntu server may not have utilties and programs i've depended on redhat to bring me, like Kickstart and SystemTap
<sparc> and Redhat Network channels
<sparc> is that something Ubuntu has corresponding features for?
<pmatulis> sparc: ubuntu can use kickstart and preseed
<pmatulis> sparc: what is red hat network channels?
<sparc> it's like a package repository, that a set of computers can pull from
<sparc> they have a web interface that lets you place groups of computers in different channels, and schedule installs from those channels
<sparc> but i guess a reprepro? would work
<ppetraki> sparc, so kickstart works fairly well, to the degree we've supported it with our installer
<ppetraki> sparc, I use it on fairly regular basis
<sparc> that's good
<sparc> i guess i should try it out, to know all the details
<pmatulis> sparc: you can use Landscape
<ppetraki> sparc, systemtap works fine too, our debug symbol story has changed a little bit which makes it just a tad more difficult to obtain symbols
<sparc> hah, that's neat.  i didn't expect that
<ppetraki> sparc, but once you get them, it works fine, I use stap on daily basis for kernel triage
<ppetraki> sparc, LS actually has a ton of features, only a small portion of them are drummed up by the marketing
<sparc> very cool
<sparc> i'll check out the links in the topic and give it a try
<sparc> pmatulis, ppetraki: thanks you all
<ppetraki> sparc, http://sourceware.org/systemtap/wiki/SystemtapOnUbuntu
<ppetraki> sparc, you're welcome
<consumerism> if i grep --color=auto | less, i don't see colors. they work without the | less. how can i get colors in less?
<guntbert> consumerism: try with less -r
<consumerism> guntbert: doesn't work
<consumerism> neither does -R
<guntbert> consumerism: I see, then I don't know, sorry
<ubuntu> QUESTION: is it ok to chown -R $USER /etc/openvpn/, because while configuring client when trying to copy ta.cert i get permission denied.
<guntbert> ubuntu: better use sudo cp ...
<ubuntu> ahh ok ill try that instead
<consumerism> guntbert: works if i use color=always rather than color=auto
<consumerism> and less -r or -R
<consumerism> thanks
<guntbert> consumerism: ah, that makes sense because grep with auto sends colors only when sending to an interactive session (or so....)
<ubuntu> guntbert, how would i using ssh from the client tell it to sudo cp to the client?
<guntbert> ubuntu: use scp (secure copy - uses the ssh protocol)
<ubuntu> ok
<ubuntu> guntbert, using scp how do i still tell it to sudo since i will log in as user through scp
<guntbert> ubuntu: make it a two step process: scp it to your account, then sudo cp it to its destination
<consumerism> is there a shortcut to this: cp /long/path/file.c /path/that/does/not/exist/
<consumerism> (fails, then) mkdir ESC-.
<consumerism> up arrow twice, enter
<consumerism> i do this a lot unfortunately
<consumerism> can cp create directories somehow...
<consumerism> ?
<bobboau> for some reason GD just stopped working
<cemc> how do I select the kernel for a thin client on 10.04 LTSP ?
<cemc> I have more than one kernel installed and I would like to use an earlier one
<jasonmchristos> QUESTION: I cant seem to find my usb flash drive under /media/ after I plug it in. Does the server automount as desktop does?
<JanC> jasonmchristos: server doesn't automount
<baggar11> jasonmchristos: check your dmesg and mount the device
<jasonmchristos> ok thanks
 * jasonmchristos wipes sweat off forhead
<jasonmchristos> shew, openvpn is hard to setup
<iceflatline> oh so worth it though. it works great.
<Frenk_> hey i want to lock a file (its a config file which is updated and i want to lock it for writing and safe my configs) how do i do that via ssh?
<RoyK> Frenk_: set the file rights such that users can't update it?
<JordiGH> I got annoying Perl errors from dpkg about locales. In Debian, I would fix it by generating locales with dpkg-reconfigure locales, but here I'm getting http://pastebin.com/p9QTX1ga
<JordiGH> So how do you fix locales in Ubuntu?
<Frenk_> RoyK how is my question
<Frenk_> ^^
<uvirtbot> Frenk_: Error: "^" is not a valid command.
<jeus> hi
<JordiGH> Frenk_: I guess you could change its permissions?
<jeus> i want install mysql 5.5 on ubuntu   how is remote to my system to install mysql ?
<Frenk_> 555 doesnt work
<Frenk_> the file got chnged -.-"
<JordiGH> Frenk_: I mean, to read-only permissions.
<Frenk_> oh ok
<JordiGH> Oh, are you doing this as root?
<jeus> i want install mysql 5.5 on ubuntu   how is remote to my system to install mysql ?
<JordiGH> jeus: apt-get install mysql-server ?
<jeus> JordiGH, i want install mysql 5.5
<jeus> JordiGH, mysql 5.5 is too stable from 5.1 but not in repositorys
<JordiGH> jeus: Oh, you want to compile it.
<JordiGH> jeus: apt-get build-dep mysql should help you get the dependencies installed, and hope these dependencies work for 5.5
<jeus> JordiGH, http://dev.mysql.com/doc/refman/5.5/en/binary-installation.html
<JordiGH> apt-get build-dep mysql-server
<jeus> JordiGH, i do all command but i dont know what do know ?
<jeus> JordiGH, i do all command but i dont know what do now ?
<JordiGH> jeus: I'm sorry, I don't understand your question. I guess you speak Farsi?
<JordiGH> Oh, you don't know what to do now.
<jeus> yes :D
<Frenk_> JordiGH 444 doesnt work = WTF
<Frenk_> ?
<JordiGH> Frenk_: Is root writing to that file? root can ignore permissions
<JordiGH> jeus: well, is mysql installed? Do you have something in /usr/local/bin ?
<jeus> JordiGH, yes i have in /usr/local/mysql/bin
<JordiGH> jeus: Then just execute /usr/local/mysql/bin/mysql-server or something like that?
<jeus> i don't know
<RoyK> Frenk_: root will always have the right to write to a file
<RoyK> Frenk_: if you're trying to stop root from writing to a file, you're doing something wrong - no process should run as wroot and write to files out of its own system unless you really know what you're doing
<jeus> JordiGH, Username and password I still have not defined
<JordiGH> jeus: Did you read 2.12?
 * JordiGH wishes he could speak Farsi.
<jeus> JordiGH, I have not read yet, but seems a bit difficult
<jeus> JordiGH, Ø´ÙØ§ ÙÛ ØªÙØ§ÙÛ ÙØ§Ø±Ø³Û ØµØ­Ø¨Øª Ú©ÙÛ Ø
<JordiGH> jeus: I said I wish I could speak it, but I don't.
<jeus> JordiGH, are you from IRAN ?
<JordiGH> No, I'm from MEXICO.
<jeus> How you know Farsi?
<jeus> JordiGH, How you know Farsi
<JordiGH> :-(
<JordiGH> jeus: http://jordi.platinum.linux.pl/piccies/failure-to-communicate.jpg
<jeus> JordiGH, :D
<jeus> JordiGH, Do you love but can not speak Farsi
<JordiGH> jeus: Yes!
<jeus> JordiGH, Are you gonna teach you Persian
<JordiGH> It's difficult to find teachers.
<ubuntu> QUESTION: How can i specify my openVPN clients to use the same DNSproxy from my nat router that the server uses and also default route?
<jeus> I'm teaching you
<jeus> JordiGH, I'm teaching you
<vraa> what would be the easiest way to have ubuntu-server be my domain server?
<JordiGH> jeus: On the internet?
<jeus> JordiGH, Yes
<jeus> JordiGH, with Skype
<JordiGH> jeus: :D
<JordiGH> This actually sounds like a great idea.
<JordiGH> I need to find time for it.
<jeus> reading , Writing , gramer
<jeus> for start  Ø§ÙÙ = alef  Ø¨ = be  Ù¾ = pe  Øª = te
<jeus> JordiGH, 4  persian  alphabet
<JordiGH> I'm reading wikipedia now.
<jeus> JordiGH, Alef + Be  == > Ø¢Ø¨ ==> aab ==>  water
<jeus> JordiGH, One of our great poet Rumi
<JordiGH> jeus: This chat is not the best place for Farsi lessons.  :-)
<jeus> JordiGH, Yes I know it
<jeus> ; )
<jeus> my mail and chat is alkhandani@gmail.com  , khat.farda@yahoo.com
<JordiGH> We'll stay in touch.
<JordiGH> I have to get back to work.
<ubuntu> will somone please help me
<ubuntu> I am trying to brows the web through my openvpn
<ubuntu> im guessing i need to use push "route x.x.x.x x.x.x.x"
<ubuntu> the server is behind a standard netgear nat router so the gateway is 192.168.1.1
<uvirtbot> New bug: #691345 in tftp-hpa (universe) "buffer overflow" [Undecided,New] https://launchpad.net/bugs/691345
#ubuntu-server 2010-12-17
<j3z> hi
<j3z> i have an error while booting mount: mount point /dev/pts does not exist
<j3z> when i create that dir by hand it works
<j3z> but then, i have to mount rest vfses by hand, how to automate creation of that directory and what could be the source of that problem?
<j3z> the same sytuation i have with /dev/shm
<j3z> and yes, my /var/lib/udev/devices contents are correct (both directories exist there)
<twb> j3z: this is 10.04?
<j3z> no, it's even 9.10
<twb> Is a program called "mountall" installed?
<j3z> yes
<j3z> when i invoke it, i get that error
<twb> Pastebin the contents of /lib/init/fstab
<twb> Wait, never mind
<twb> mountall is correctly trying to mount it, but (say) udev has failed to create the mountpoint
<j3z> stat: cannot stat `/lib/init/fstab': No such file or directory
<twb> j3z: Are you running a stock Ubuntu kernel?
<j3z> it's a VPS, kernel is provided by linode :/
<twb> OK, I give up, talk to them about it
<j3z> i thought that it could be some incompability between kernel and userland
<twb> I was already just guessing
<j3z> i thought that in some magic way i can create these dirs ;)
<twb> I have had lots of problems with ubuntu's sucky init when using virtualization
<zkirill> Should all my files in /var/www/ be owned by root or am I doing something wrong?
<zkirill> Can I create an ssh key for a system user?
<jeeves__> has anyone here come accross VMWare not restarting after a reboot?  I'm getting "VMware Server Host Agent: failed
<twb> zkirill: you can; I advise against it.
<zkirill> twb: Thanks, already figured it out. And I had no choice :(
<twb> What are you actually trying to achieve?
<gobbe> zkirill: if your apache/lighttpd-user has read access to www-files it's ok that root owns them
<twb> www-data, IRIC
<zkirill> gobbe i just chowned the folder in question to www-data
<zkirill> seemed to solve the problem
<twb> permissions on directories managed by dpkg are not preserved on package upgrade
<twb> *I* would do it by telling apache to serve /foo out of /srv/foo or /home/foo/public_html or so, and simply tell the user foo to create files in there.
<twb> "serve /foo" and is http://example.net/foo
<gobbe> zkirill: yea
<kees> ScottK, hallyn_: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/691414  not sure what's going on. maybe the db itself has gone weird?
<uvirtbot> Launchpad bug 691414 in clamav "clamav taking extremely long time to load database" [Undecided,New]
<uvirtbot> New bug: #691414 in clamav (main) "clamav taking extremely long time to load database" [Undecided,New] https://launchpad.net/bugs/691414
<munyua> Greetings
<munyua> problem with server
<munyua> how do I install ubuntu server on the dell poweredge r310 I cant get past the detect hard drive part, I cant get the right drivers for the Perc s300
<munyua> hey there?
<laen|work> Hello, good morning, how are you *tutututuuu*
<xampart> how can i check the pid of sshd providing my current connection
<laen|work> xampart: check your tty with command tty, and then ps -ef | grep 'sshd:.*<that tty you got>'
<laen|work> I bet there's a better way, but oh well.
<xampart> laen|work: k
<ewook> so, who broke clamav-daemon? :)
<laen|work> I wish it was just clamav ;).
<uvirtbot> New bug: #691462 in libnss-ldap (main) "nssldap-update-ignoreusers overwrite symlinks" [Undecided,New] https://launchpad.net/bugs/691462
<marcriera> hello
<marcriera> I would like to migrate to 10.04 from debian 4 and debian 5.
<marcriera> hints?
<cnu_> hi......
<cnu_> can some one help me out....
<RoyK> someone should add to the topic that if people don't ask with what to help them, well, they should leave at once
<RoyK> like cnu_ here
<RoyK> marcriera: why on earth would you want to do that?
<ScottK> kees: Looks like it's time to push a microversion update for clamav (based on the discussion in the bug)
<ScottK> RoyK: I find the security hardening features a reasonably compelling reason to be using Ubuntu instead of Debian for servers.
<zul> Daviey: ping where are we with axis2c? ;)
<consumerism> where are apache access logs located? i have a bunch of vhosts set up without individual log files but the only thing in /var/log/apache2 is error log
<zul> /var/log/apache2
<Daviey> zul: axis2c is untouched
<zul> Daviey: ok thanks
<JamesPage> hggdh: hey - sorry missed you yesterday - well done on getting the ltp test running in a vm through Hudson
<hggdh> JamesPage: thanks :-)
<hggdh> JamesPage: now I just have to find out why libvirt gets to own the ISOs
<JamesPage> hggdh: that could be a tricky one (and is why I choose lucid for my two nodes)
<JamesPage> hggdh:  maverick+ does some security related permissions changes when you start/stop a virtual machine
<hggdh> JamesPage: yes... but it does not make sense to chown the ISOs, so I will open a bug for it
<Daviey> cjwatson: Is bug #689343 a dupe of your recent finding?
<uvirtbot> Launchpad bug 689343 in ntp "ntpdate has no /etc/default/ntpdate reference" [Undecided,New] https://launchpad.net/bugs/689343
<cjwatson> Daviey: hard to tell, have followed up
<Daviey> cjwatson: Yeah, i wasn't quite sure either - i thought it *might* be. :/
<Daviey> thanks
<JamesPage> hggdh: I temp disabled xango3 this morning as it was chewing through test failures v fast....
<JamesPage> hggdh: and you can now access without the port  - http://hudson.qa.ubuntu-uk.org/
<hggdh> JamesPage: yes, due to xango3 was barfing on being unable to update the ISOs -- bllody libvirt-bin got them
<hggdh> JamesPage: COOL!
<Daviey> JamesPage / hggdh: What is the process for using the results from hudson?
<hggdh> Daviey: no firm stance so far, AFAIK. There is the qadashboard that can summarise the data
<hggdh> Daviey: otherwise, right now, it is undefined
<Daviey> hggdh: Interesting, where is qadashboard?
<bobboau> hello, I'm having an issue with GD, for some reason it just stopped working, has there been an update recently that might have broken it?
<Daviey> hggdh / JamesPage: What caused the recent failures?  Looks like an issue not with the ISO's. :/
<Daviey> bobboau: Possibly... need to see an error message or traceback :/
<bobboau> I'm not getting any error messages, the image just doesn't show up on the client. when I don't set the headers it looks like it is trying to send binary data, but I don't know anything about the jpeg file format to try and trouble shoot from that.
<bobboau> so, it acts as though everything is fine, but for some reason the stream it sends out is invalid in some way. when I look at the raw dump I don't see any error messages embedded int the binary data or anything.
<hggdh> Daviey: http://reports.qa.ubuntu.com/reports/qadashboard/qadashboard.html
<hggdh> Daviey: akt-tbench barfed on the ISO
<Daviey> bobboau: Check there isn't an error message at the top, in the jpeg output stream
<Daviey> or deprecation warning
<Daviey> hggdh: oh
<bobboau> I have looked for that, I see nothing.
<Daviey> bobboau: url?
<hggdh> Daviey: I will look at the other failures soon; some of them may be due to differences on d-i/pressed on Natty
<Daviey> hggdh: do you still need an extra box for hudson?
<hggdh> Daviey: we certainly do :-)
<bobboau> the server is internal and fire-walled but a copy of the jpeg it produces is here: http://www.hexellent.com/files/80/fuct.jpeg
<hggdh> the more the merrier
<Daviey> hggdh: gimme some instructions :)
<hggdh> Daviey:  on the box, install ubuntu-server-iso-testing and hudson-slave (from JamesPage's PPA, just a sec)
<Daviey> bobboau: the problem is that you have a white space line in the output stream
<Daviey> bobboau: http://erk.daviey.com/fuct.jpeg
<bobboau> at the beginning or end? also why would it suddenly break, shouldn't it have been broken the whole time?
<Daviey> bobboau: Without seeing code, i can't comment :/   .... there is an empty line at the top of the file
<Daviey> bobboau: Perhaps an empty echo statement, adding for debugging?
<hggdh> Daviey: add ppa:james-page/usit to your apt sources list
<hggdh> Daviey: then install ubuntu-server-iso-testing and hudson-slave from there
<hggdh> Daviey: then we will have to go into Hudson and add your new slave
<bobboau> I did find a bit of whitespace at the end of one of the include files, but after getting rid of that it still doesn't work...
<hggdh> Daviey: so tell me when you are ready, and I will step you through
<JamesPage> hggdh, Daviey: sorry I missed that - stepped out for a coffee :-)
<Daviey> bobboau: add an echo 'foo'; statement just before the GD stream, and see if the whitespace is before or after the GD output.
<Daviey> JamesPage: slacker :P
<Daviey> hggdh: Well... my goal is to preseed setting up a slave, so i can take it out of rotation if i need it for other things ; but easily put it back in.
<Daviey> (especially in times of demand)
<hggdh> Daviey: this is the same I will do on two new machines I will be installing locally in a few days
<hggdh> and the same I currently do with my laptop
<Daviey> hggdh: you got the new hardware \o/
<JamesPage> Daviey: that should be pretty easy now; the hudson-slave package now includes an upstart script so everything can be automatically started
<hggdh> Daviey: not yet, not yet, PO has been submitted
<Daviey> ah
<Daviey> JamesPage: I am moderately excited!
<JamesPage> Daviey: let me just check that
<bobboau> before foo, it seems. it is the newline character you are seeing right? 0x0A?
<JamesPage> (did it on Tuesday PM while in pre Flu stupor)
<Daviey> JamesPage: heh
<JamesPage> yep - all up to date.  it does need a manual configure at the moment but its pretty easy /etc/default/hudson-slave
<Daviey> bobboau: Ah, you are seeing it before foo... that means that GD is certainly not responsible
<Daviey> bobboau: I think you need to move that foo, further back into the code and see when it appears before the output :)
<Daviey> JamesPage: If that is the only change, i can happily wget that as a post install.
<JamesPage> Daviey: OK - I might manage to get it setup using debconf but not pre xmas....
<Daviey> JamesHarrison: meh.. not sure the rewards is worth it :)
<Daviey> err, JamesPage
<JamesPage> Daviey: suggest you use lucid as a few nuances with qemu/permissions on maverick+
<blackxored> hey, I woke up sleepy today, how can I cancel and purge a postfix queue, i can't remember?
<JamesPage> Daviey; thought that you had the wrong window for a moment
<Daviey> JamesPage: Oh, ok
<bobboau> ... ok, it seems php or apache is prepending the output with a newline, I get it if echo 'foo;'; is the first instruction in the script or if simply foo is at the very start of the file before the <?php tag
<bobboau> so this is probly not related to gd at all and is some sort of config issue...
<hggdh> Daviey: the "few nuances" is bloody libvirt chown to itself the ISOs -- so when you later try to zsync them it fails with a errno=13
<Daviey> blackxored: I seem to remember last time i needed to do that, i used a loop ... output of postqueue -p  into postsuper -d $MAIL-ID
<bobboau> so, /*thinking out-loud*/ what would cause apache to prepend all output with a newline...
<qjcg> does anyone know if a do-release-upgrade (8.04 -> 10.04) will work if the server is a xen domU?
<blackxored> thanks I'll try that, but there was an easier way ;)
<qjcg> or are there any problems I should be aware of?
<Daviey> bobboau: Interesting!  I can't help further without smelling the code :(
<Daviey> zul might be the best person to speak to qjcg.
<Daviey> (AKA ping zul)
<qjcg> Daviey: thanks!
<zul> qjcg: there shouldnt be any problems if you are updating the domU
<bobboau> ok, well at least I'm not chasing that turkey anymore, you'd probably need the whole codebase to do anything, and I'm not quite desperate to make that sort of an upload yet
<Daviey> bobboau: heh
<bobboau> this is a cakephp based app, I should probably poke my head in their channel
<qjcg> zul: and on the dom0 side, I'm guessing the only thing that needs to be done is a kernel upgrade
<qjcg> (ie the kernel the domU boots from)
<Daviey> bobboau: bake it so.
<zul> qjcg: you are basically on your own dom0 side
<JamesPage> hggdh: FYI jibel has taken the ubuntu-server-iso-testing project and adapted it for desktop testing using the same model
<JamesPage> hggdh: we agreed to spend some time at the platform rally consolidating the two pieces of work.
<hggdh> JamesPage: nice -- -server-iso-testing is already overloaded
<qjcg> zul: ok, I'll go ahead and see what happens... thanks!
<consumerism> is there a way to see a live output of the size of a directory? i'm copying a large directory and want a better monitoring option than running du -hs  every minute or two
<hggdh> JamesPage: I opened bug 691590 for ISO and libvirt
<uvirtbot> Launchpad bug 691590 in libvirt "libvirt should not take ownership of ISO images" [Undecided,New] https://launchpad.net/bugs/691590
<JamesPage> hggdh: excellent; I'm setting up a couple of tests the try to compare the install speeds between natty and maverick as well.
<Daviey> consumerism: I'd use rsync :)
<hggdh> heh
<Daviey> hggdh / JamesPage: Hmm... i just had a *CRAZY* idea.
 * hggdh likes crazy ideas
<Daviey> hggdh / JamesPage: Is it possible to easily get the queue size, so i can do WoL if demand warrants it?
<JamesPage> Daviey: fire away
<hggdh> hum
<lunaphyte_> i'm having trouble with aptitude search.  the man page says "the command "aptitude search '~N edit'" will only show "new" packages whose name contains "edit" - but it seems like i'm seeing different behavior : http://dpaste.com/287735/ - what am i doing wrong?  i want to return all installed packages whose names begin with dhcp
<JamesPage> Daviey: let me take a look
<JamesPage> Daviey: maybe - http://hudson.qa.ubuntu-uk.org/queue/api/
<Daviey> interesting..
<Daviey> JamesPage: eeek, installing apt-cacher-ng ?
<uvirtbot> New bug: #549766 in php5 (main) "package php5-ldap 5.3.2-1ubuntu2 failed to install/upgrade: Versuche, Â»/usr/lib/php5/20090626+lfs/ldap.soÂ« zu Ã¼berschreiben, welches auch in Paket libapache2-mod-php5 0:5.3.1-5ubuntu2 ist" [Undecided,New] https://launchpad.net/bugs/549766
<JamesPage> Daviey: yep - apt is configured to use a local cache on the host to improve speed/limit download sizes
<Daviey> JamesPage: Hmm, this box is probably not ideal, it's i386 install :/
<JamesPage> Daviey: we can limit it to running i386 jobs;
<hggdh> with a tag
<Daviey> oh cool
<Daviey> JamesPage: What change to rc.local did you want to change?
<Daviey> I already pressed 'no' as i was about to give up due to the arch.
<JamesPage> Daviey: it does a 'fix' to tidy up the mess that libvirt-bin and dnsmasq make of each other
<JamesPage> not pretty
<Daviey> JamesPage: Have a diff handy? :)
<JamesPage> Daviey: http://paste.ubuntu.com/544910/
<JamesPage> Daviey: sorry - just re-read - you mean't rc.local right
<JamesPage> http://paste.ubuntu.com/544911/
<Daviey> yup
<Daviey> JamesPage: Has vector shown up?
<JamesPage> Daviey: not yet - let me just create his entry in Hudson (hostname vector?)
<Daviey> ack
<JamesPage> he has now  - and its trying to run something that won't work :-(
<JamesPage> how fast is your Internet connection?
<hggdh> JamesPage: I have found that, on my laptop, rc.local does not seem to work
<Daviey> JamesPage: it is zsync'ing atm
<JamesPage> hggdh: yeah - its an in-elegant solution.
<hggdh> i.e., I still have to stop/restart libvirt, pkill dnsmasq and service dnsmasq start again
<Daviey> JamesPage: sucking down at 880kB/s
<JamesPage> hggdh: and it does not really work with upstart
<hggdh> JamesPage: heh
<hggdh> will look into it more
<JamesPage> hggdh: what we really want is a fix for the bug (i'll dig it out) which means dnsmasq and libvirt-bin won't co-exist on the same server
<Daviey> JamesPage: I assume dnsmasq is listening on localhost only?
<hggdh> JamesPage: agreed -- or, perhaps, have all apps using dnsmasq start using the dbus interface
<hggdh> Daviey: no
<Daviey> !
<JamesPage> Daviey: dnsmasq listens on the bridge so that it can do PXE/TFTP kungfoo with the guests
<Daviey> ah, that is fine
<Daviey> just wanting to make sure it wasn't going to take over the network :)
<JamesPage> this conflicts with the one that libvirt-bin sticks up by default (even if its not configured to todo DHCP)
<hggdh> Daviey: we work by steps, first the local machine, then the world ;-)
<Daviey> lol
<JamesPage> listen-address=192.168.122.1
<JamesPage> don't worry!
<Daviey> JamesPage: Hmm,, can i kill this zsync ?
<Daviey> it's grabbing amd64
<JamesPage> I can - not much use is it.
<JamesPage> let me kick off a i386 test
<Daviey> JamesPage: great
<JamesPage> Daviey: so there is a sea of red at the moment
<Daviey> i noticed :)
<JamesPage> issue 1 is hggdh's qemu/permissions bug on xango3
<JamesPage> basically it fails fast so while bowlan and mercury are working through their test cases;
<JamesPage> xango3 speeds through the other 22 and fails them all.
<JamesPage> (now disabled.....)
<JamesPage> The other one is that tests are timing out; there is a 40 minute limit on the vm execution at which point the script gives up.
<JamesPage> terminates the vm and fails the test.
<JamesPage> we are hitting this *alot* with natty
<hggdh> yes
 * JamesPage worries that natty installs seem to take a lot longer than maverick
<hggdh> resons unknown -- in my case I noticed (but did not confirm yet) that VBox is faster than KVM (!?)
<JamesPage> http://hudson.qa.ubuntu-uk.org/job/natty-server-amd64_default/buildTimeTrend
<UndiFineD> <hggdh> Daviey: otherwise, right now, it is undefined <- sorry :(
<hggdh> UndiFineD: I am really sorry...
<UndiFineD> :P
<hggdh> JamesPage: and -- everything going fine -- soon-to-be xango4 and xango5 :-)
<Daviey> JamesPage: I suspect it might be the sync's with ext4... there is now an option in dpkg to avoid these, making install faster... might be a good idea to check with cjwatson.
<hggdh> Daviey: being correct, we can add it easily in the base preseed
<hggdh> Daviey: do you know the option? I can add it locally, and test
<cjwatson> there's no point changing it now
<cjwatson> there's going to be another dpkg release in a couple of days which changes things around some more
<hggdh> cjwatson: thanks, we wait, then :-)
<cjwatson> (1.15.8.7 - I'll merge it when I see it in unstable)
<cjwatson> chat on #debian-dpkg suggested Sunday
<hggdh> cjwatson: a Q: if I select "manual package selection" on d-i, is aptitude expected to start?
<hggdh> under tasksel
<cjwatson> yes
<hggdh> and -- after I select the packages, I should 'g' on aptitude, correct?
<cjwatson> IIRC
<hggdh> I did that, and had some of the packages fail to install (but seems it recovered later)
<hggdh> will have to repeat
<Daviey> JamesPage: Can you fire the same test again?
<JamesPage> Daviey: yep - doing
<JamesPage> Daviey: well I could if I knew what I was doing :-)
<Daviey> JamesPage: curently idle :(
<JamesPage> Daviey: yeah - I forgot about bowlan (also idle so picked up the job)
<Daviey> awesome :)
<Daviey> JamesPage: Fire *another* job? :)
<JamesPage> Daviey: just taking bowlan offline
<Daviey> JamesPage: cool
<JamesPage> Daviey: there we go
<JamesPage> Daviey: looks like its going for the full ISO again
<hggdh> lol
<Daviey> JamesPage: I have confidence it will work :)
<Daviey> JamesPage: I think it might have been my fault
<Daviey> :)
<JamesPage> Daviey: what did you touch?
<Daviey> I cleaned up the amd64 images ...  /var/lib/ubuntu-server-iso-testing/isos/ubuntu-server/*
<Daviey> ... i386 started quicker than i expecte
<Daviey> d
<JamesPage> you little tinker!
<Daviey> heh
 * Daviey blames hggdh 
<JamesPage> I remember a sys admin I once work with tidied up a production webserver once
<JamesPage> Got the wrong root directory - /
<JamesPage> not a great moment.
<Daviey> eek
<Daviey> JamesPage: Have you seen the "webscale" video?
<JamesPage> Fortunately it was farmed :-) (and yes I have)
<JamesPage> and we had automated rebuild
<Daviey> http://pb.daviey.com/WwP2/raw/
<Daviey> JamesPage: ^^
<Daviey> reminded me of that.
<smoser> JamesPage, still around ?
<smoser> Daviey, did you use pastebinit to load that ?
<smoser> i've heard it has support for pb.daviey.com now
<Daviey> smoser: maybe :)
<JamesPage> Daviey: nice
<Daviey> smoser: Yes, much sought after support aiui
<Daviey> smoser: The media is calling it an early xmas pressent
<JamesPage> smoser: sure am
<smoser> http://paste.ubuntu.com/544934/
<Daviey> yeah, 29seconds after you said something :)
<JamesPage> :-)
<JamesPage> I type slowly....
<smoser> JamesPage, ^ so that is the list of 23 libraries used by ec2-api-tools
<JamesPage> smoser: thats a nice list of Java
<smoser> so there are 23 libraries there, the majority of them packaged in ubuntu, but zero of them packaged and of the "correct" version
<smoser> i'm guessing that you're aware that this is the state of the world.
<JamesPage> so it seems to be.
<smoser> i'm just kind of wondering what you think could be done about it
<Daviey> *should* anything be done?
<JamesPage> well some will be OK - most of the commons-* packages maintain backwards compat.
<smoser> (in that list, the un-indended things are the ubuntu package and then version) the ones under them are the file that ec2-api-tools provides
<consumerism> what's the quickest way to delete a large directory?
<smoser> Daviey, i dont think anything shoudl be done explicitly to address ec2-api-tools.
<smoser> rm -Rf dir &
<JamesPage> others are pretty close; think we can find most of your unpackaged list as well
<smoser> or, if you need to recreate it right away: mv dir dir.old && mkdir dir && rm -Rf dir.old &
<smoser> JamesPage, oh ?
<JamesPage> they seem to ring bells
<smoser> i did'nt see anything when i went looking with apt-cache and apt-file search
<consumerism> smoser: rm -rf is the only way i know to do it, there's not a quicker way? i have read somehwere emptying the directory first makes it faster
<smoser> but... you're more aware than i
<JamesPage> what part of the archive is ec2-api-tools
<smoser> so basically, if i can, it seems "right" to use packaged versions, and depend on the java packages, right ?
<smoser> JamesPage, do you agree with that ? or should i not bother.
<Daviey> JamesPage: Seen the lovely failure?
<smoser> multiverse. other than those libraries, its closed source.
<bobboau> haza! fixed my problem, I had a newline at the end of a random model file!
<Daviey> bobboau: \o/
<JamesPage> Daviey: the couchdb instance might be in a bit of a twist.
<Daviey> JamesPage: tips for fixoring?
<JamesPage> Daviey: sometimes it does not startup on the bridge interface
<smoser> consumerism, i dont know... it could be that rm is for some reason less than ideal in how it implements -R, but really, that would be a bug / feature request against it.
<JamesPage> Daviey: you could try a restart of couchdb but a reboot might be better :-(
<Daviey> hmm
 * JamesPage thinks the install script needs to work better
<Daviey> need to see if i can reboot this
<Daviey> rebooting
<JamesPage> smoser: good question re packaged/bundled versions....
 * JamesPage thinks
<Daviey> smoser: get to the back of the queue, JamesPage is mine atm :)
<JamesPage> Daviey: we're on a break - you are rebooting
<Daviey> JamesPage: wanna fire that job again?
<Daviey> JamesPage: Doesn't make it ok to see other people!
<smoser> JamesPage, so for the packaging i did in iamcli recently, I did depend on the ubuntu packages and did not install as part of the binary package the .jar files that were in the "source" package.
<smoser> that seemed to work well, and in some cases means smaller download for someone with 'apt-get install iamcli'
<smoser> i was going to try to do that here, but it seemed like so many near misses.
<JamesPage> Daviey: going now
<Daviey> watching :)
<JamesPage> smoser: well it might but that would depend on how many deps they already had installed.
<Daviey> JamesPage: couch still seems poorly
<Daviey> (/me grumbles about couch)
<JamesPage> smoser: as the ec2-api-tools is prop. it may be better to stick with bundled versions.
<JamesPage> smoser: if something does break compat you can't fix is in ec2-api-tools
<smoser> hm... it just doensn't seem right.
<smoser> well, i can fix it by reverting to the included version in an updated package.
<JamesPage> smoser: I guess
<Daviey> JamesPage: Oddly, couch is running at port 5984 is working as expected
<JamesPage> Daviey: check that is running on 192.168.122.1:5984
<smoser> but i'm completely willing to accept your sage advice
<JamesPage> smoser: I'm nervous about 'break compat you can't fix is in ec2-api-tools'
<JamesPage> smoser: let me just look at the list again
<Daviey> JamesPage: not getting response on that IP
<Daviey> infact....
<Daviey> a traceroute looks even worse
<JamesPage> Daviey: can you check that you have a local config file in /etc/couchdb/local.d
<Daviey> JamesPage: I don't have the br
<MrPicard> Hello all!, Im running ubuntu on the EC2 cloud, ive used the offical Concanical Cloud AMI however it seems i cannot add new users and the server when ftping refuses new users and requires them to use an auth key file. is there anyway to get around this? i just want a working ubuntu LAMP server.
<JamesPage> No bridge?
<Daviey> nope!
<JamesPage> OK; try stopping dnsmasq, restarting libvirt-bin and see if bridge returns
<Daviey> nope
<smoser> JamesPage, i'll be back in 30 minuts or so.
<Daviey> JamesPage: it's bwoken. :(
<JamesPage> smoser: sorry I will be gone by then
<MrPicard> so, is there anything i can do?
<JamesPage> Daviey: this is related to the race condition between libvirt dnsmasq and normal dnsmasq
<JamesPage> for some reason this does not happen on my lucid servers.
<Daviey> JamesPage: How did you confirm this issue?
<MrPicard> i guess not <.<
<JamesPage> Daviey - if you disable dnsmasq it libvirt should startup fine including the bridge.
<JamesPage> Daviey: killing the dnsmasq instance is spawns and then restarting dnsmasq got me past this issue (hence rc.local stuff)
<Daviey> :(
<JamesPage> This is the bug 231060
<uvirtbot> Launchpad bug 231060 in libvirt "packages dnsmasq and libvirt-bin conflict with each other" [Low,In progress] https://launchpad.net/bugs/231060
<Daviey> JamesPage: Is there any way for me to fire to jobs?
<MrPicard> ..... its a shame no one can help me with my ec2 problem.
<JamesPage> Daviey: yes - I can set you up with an account
 * Daviey takes a break
<zul> Daviey kirkland: im going to update the git snapshot
<kirkland> zul: sounds good!
<kirkland> zul: how's it looking?
<zul> kirkland: lunch was good if that is what you were asking :)
<kirkland> zul: :-)  did you have "cobbler" for lunch?
<kirkland> mmm... blackberry cobbler mm....
<zul> kirkland: nope kd macroni
<kirkland> zul: i'm having mexican for lunch today ;-)  Mmmm.... Manuels....
<JamesPage> hggdh: I've left bowlan and mercury disabled in hudson while Daviey tries to get his node working.
<JamesPage> nothing for them todo at the moment so not really a problem.
<hggdh> JamesPage: ack. I will also keep xango3 off
<JamesPage> cool
<ScottK> kees: I just uploaded clamav 0.96.5 to lucid/maverick-proposed so we should be able to get that sorted reasonably quickly.
<kees> ScottK: okay, thanks
<ewook> lamont: well, so do I.
<ewook> I'm curious. Is it just my upgrades that has caused the "switch" to another startup-manager to fail and leave most of the services dead after a reboot? (from 8.04 to 10.04)
<qjcg> so, after my do-release-upgrade on a xen domU (8.04->10.04), my machine no longer boots cleanly (root mounted ro, other partitions not mounted at all...)
<qjcg> my domU uses a kernel on the dom0 (2.6.24...xen)
<qjcg> anyone know of a place where i can find xen kernels for 10.04?
<ScottK> ewook: I did several 8.04 -> 10.04 upgrades without problem.
<qjcg> or, any ideas why my domU no longer boots correctly? nothing in my config changed, just a do-release-upgrade that finished with no errors
<ewook> ScottK: mkay.. all services starts without problems ?
<ScottK> Yes.
<ewook> ScottK: also, postgrey simply fails on upgrade now..
<ewook> lucky bastard :P
<ScottK> What's the error?
<ewook> ScottK: http://pastebin.com/B4m6YN11
<ewook> ScottK: and no, I did not do a custombuild, almost everything on that machine is from the repos
<ewook> (otherwise, how would apt recognize postgrey?)
<ScottK> Let me give it a try.
<ewook> sure
<ewook> notice that it's an upgrade
<ewook> alas : tcp        0      0 127.0.0.1:60000         0.0.0.0:*               LISTEN      32046/postgrey.pid
<ewook> it gives an message about postgrey chaning ports to that exact port for compliance.. but yeah.. it's been "compliant" all the time :)
<ewook> aaw, my membership with ubuntu-server has expired *_*.
<ScottK> I tried installing the hardy postgrey in a lucid chroot and then upgrading it.  I got http://paste.ubuntu.com/544972/
<ScottK> So that matches your experience.
<ewook> oh.. darn. I was hoping it was just me :P
<ewook> better check for a bugreport then
<ewook> I forgot.. where those at again?
<ScottK> bugs.launchpad.net.
<ScottK> Also we get that package unmodified from Debian, so bugs.debian.org is worth a look too.
<ewook> ScottK: aah. great. thanks
<ewook> https://bugs.launchpad.net/ubuntu/+source/postgrey/+bug/537472
<ewook> there we go
<uvirtbot> Launchpad bug 537472 in postgrey "upgrade from hardy to lucid fails" [Unknown,Fix committed]
<ewook> not really the right one, but still the same error
<ewook> a fix commited for 4 months?
<zul> kirkland Daviey: the new cobbler snapshot should be in the ppa in about 13 minutes
<ewook> hrpmf. now to check out why init.d / service is breaking everything at boot
<ewook> any pointers?
<RoyK> ewook: is a service in init.d (or rc2.d) breaking things?
<RoyK> if so, start reading that script
<ewook> nono
<ewook> since some services started to use "service" instead of the init-structure they simply will not start at boot
<RoyK> oh
<RoyK> that's upstart config
<ewook> a
<ewook> h
<ewook> thank god ssh is still starting corretly
<ewook> correctly
<RoyK> iirc ssh doesn't use upstart :P
<ewook> that explains it... :P
<ewook> wow. I'm lost.
<MrPicard> Friendly greetings, i have been having a minor issue with Ubuntu 10.4 LTS, sad to say when i type in sudo apt-get install mysql i get a error saying that ubuntu cannot find the package, any ideas?
<_spacer_> hi room
<_spacer_> sever newb here
<_spacer_> i cannot access my server remotely via ssh, i could the otherday, but cannot today
<zul> MrPicard: mysql-server is what you want
<_spacer_> i cannot even ping my ip
<MrPicard> Ta Zul :-)
<_spacer_> but i am still serving webpages np
<_spacer_> ports forwarded ok..
<_spacer_> any idea what i can check?
<Slyboots> God almight; Anyone here know much about getting WPAD configration pushing going?
<Slyboots> I've configured DNSMasq to push the configuration by setting my Domain name (Then using a CNAME re-direct get get wpad.example.com to work; and using dhcp-option252,http://x.x.x.x/wpad.dat
<Slyboots> But it seems that only the DNS push is working
<ChmEarl> any estimate when natty will have linux-image-2.6.38-x-server out?
<ChmEarl> weeks or months or after release?
<latenite> Hi folks, my new ubuntu box can not go online. http://pastebin.com/E6kUYmT8 192.168..4.101 is my own DNS What did I do wrong?
<patdk-wk_> not running a dns server on your own system?
<soren> latenite: Your resolv.conf is wrong.
<latenite> soren, why I have this on all my boxes?
<soren> latenite: It's supposed to read "nameserver xxx.yyy.zzz.www", not just "xxx.yyy.zzz.www"
<soren> latenite: I haven't the faintest idea.
<latenite> soren, but doesnt ubuntu create the resolv.conf on startup?
<soren> No.
<teddymills> where are SSL certificates installed ?
<hggdh> usually /etc/ssl
<latenite> soren, no? like in No it not created on startup? why does it say : # Generated by NetworkManager ?
<hggdh> resolv.conf is changed if using NetworkManager to manage your interfaces
<hggdh> but I never saw NM writing this way
<latenite> ah ok..it works with by adding the "nameserver" prefix. thanks guys :)
<Slyboots> This crap is enough to break your will to live!
<Slyboots> All I want to do; is block ads locally (including youtube video ads and that crap) and replace them with a 1x1 transparent pixel
<Slyboots> So Id ont get huge freaking 503 DENIED! were the ads used to be
<Slyboots> And yet I cnat seem to find an easy way to do this
<OlsonCR> hi buddies
<OlsonCR> i got problem with my 10.10 server
<OlsonCR> that is giving me hard times
<OlsonCR> any one there?
<OlsonCR> dudes...?
<teddymills> I have a Verisign SSL cert installed. I can view it via https:  but I cannot find the actual CERT file. It is ubuntu 10.10
<teddymills> nothing in /etc/apache2/sites-available/default or default-ssl points to the CERT.
<uvirtbot> New bug: #691723 in openvpn (main) "OpenVPN Client Ignores DNS" [Undecided,New] https://launchpad.net/bugs/691723
<teddymills> It is the correct box, because I am using the same IP
<teddymills> It is the correct box, because I am using the same public  IP
<teddymills> there is an even an entire virtualhost container I cannot find.
<teddymills> If I can find either the missing SSL cert or the missing VHOST container that is where the SSL is configured I am sure.
<teddymills> i ahve search every line of /etc/apache2
<teddymills> i ahve search every line of of most files in /etc/apache2
<Olsoncr> hello?
<sparc_> hello
<Olsoncr> I got a problem with an external storage and 10.10 server
<Olsoncr> hey sparc
<Olsoncr> I got this situatiom
<Olsoncr> I got an external USB drive on this 10.10 server
<sparc_> there are other people that are much more skilled with ubuntu specifically, but maybe i can help
<Olsoncr> there is where I mirror the backups of my company and keep them outsite
<Olsoncr> dont worry
<Olsoncr> let's try
<Olsoncr> but..
<Olsoncr> the ubuntu always disconnect the USB and reconnect the drive
<Olsoncr> and the kernel assigns another letter..
<Olsoncr> let's say /dev/sdb to /dev/sdc
<Olsoncr> I have fixed that by making a udev rule..
<Olsoncr> fine..
<Olsoncr> no the drive is always (let's say) /dev/mydrive
<sparc_> ok
<Olsoncr> but since the drive is still getting disconnected I new have I/O errors on the mountpoint
<Olsoncr> :(
<sparc_> what kind of errors are you getting?
<Olsoncr> I/O
<Olsoncr> input output
<sparc_> what do they say?
<Olsoncr> ls: reading directory .: Input/output error
<sparc_> oh
<sparc_> darn that error doesn't say very much
<Olsoncr> I'm pretty sure this is caused cuz the USB drive is disconnected by the system
<Olsoncr> and connected again
<sparc_> maybe someone knows right off the bat, but i would look for more verbose errors in dmesg and /var/log/messages
<sparc_> i would also fsck the filesystem to see if there's anything wrong with it
<sparc_> and use SMART checks to see if the device is healthy
<sparc_> if those check out, then maybe there's something funny with udev, if you didn't have this problem before you wrote the rule?
<Olsoncr> no..
<Olsoncr> no problems with udev before
<Olsoncr> actually this is happening on my desktop also.. when I reboot the HD loses his 'letter' and
<Olsoncr> I have to remap all drives on /etc/fstab
<Olsoncr> in this case
<Olsoncr> on this server
<Olsoncr> I am sure the FS is fine..
<sparc_> i know you can put labels on ext filesystems
<sparc_> and mount the filesystems based on labels instead of drive letters
<Olsoncr> on messages I just have "usb disconneted" messajes
<Olsoncr> udev is a lower lower than labels
<Olsoncr> *lowe layer
<Olsoncr> *lower
<Olsoncr> sorry for my english
<sparc_> your english is good, no problem
<sparc_> i don't know what to say, i'm sorry.  maybe someone else has some ideas on how to get your disks to mount properly
<sparc_> i still think checking the filesysm might not be a bad idea
<Olsoncr> jus done buddy
<Olsoncr> *just
<sparc_> ok
<Olsoncr> and problems still bothering me
<Olsoncr> I may be a problem with the drive FS
<Olsoncr> it's using fuseblk
<uvirtbot> New bug: #691737 in unixodbc (main) "Dangling symlinks in /usr/lib/odbc created by installing unixodbc -- missing library files" [Undecided,New] https://launchpad.net/bugs/691737
#ubuntu-server 2010-12-18
<Ken> Gah but i'm in need of assistance if anyone has the time. I have a server that's worked well in the past. Tried to install the Zyental .iso but it failed to work properly, so went back to Ubuntu Server 10.10. On boot i'm constantly faced with "DISK BOOK FAILURE, INSERT SYSTEM DISK AND PRESS ENTER".  I've tried Ubuntu Server 10.04 and it's no different. I installed a copy of Windows XP and it installed and booted correct
<Ken> The odd thing is it's worked fine before.
<share> How can I restrict a user to his /home folder in openssh server?
<Ken> Maybe remove read/write access from all but the users home directory.
<Ken> For that user, that is.
<share> Ken: yeah i know that way  :P
<Ken> Share: Hmm. Try threatening them with a hammer?
<share> lol
<Ken> Share: I'm not sure. I'll do a bit of a search but I don't know any other way aside from that.
<share> ChrootDirectory
<Ken> The hammer thing I mean.
<Ken> share: There seems to be some discussion on forcing the use to use sftp instead of SSH too.
<Ken> And a little talk about lshell.
<share> Write failed: Broken pipe
<share> lolz
<Ken> I'd love to have some Chroot issues right now. I can't even get booting.
<pmatulis> Ken: wipe out the boot sector of your drives
<Ken> I have the Ultimate Boot CD. I'm not sure how to do that, Pmatulis, but i'll look it up now and try. Thank you
<Ken> Oh joy. The error has changed to "Error loading operating system." Pmatulis, I pledge you my first born!
<Ken> I appreciate the help. Thank you very much.
<Ken> Fix of Grub2 or a reinstall should have it all working again I suspect.
<Ken> pmatulis: Thank you! It's working. I've been fighting with this for hours.
<_Techie_> can anybody help me fix this , http://sprunge.us/RfdD
<pmatulis> _Techie_: what type of machine is this from?
<_Techie_> one built from old parts
<_Techie_> its a ECS KN1 SLI lite motherboard with a AMD Athlon X2 4200
<pmatulis> _Techie_: and you're using what release?
<_Techie_> 10.04.1
<_Techie_> 10.04.1
<_Techie_> beware if you say upgrade to 10.10 i will kill you
<_Techie_> =P
<pmatulis> _Techie_: does it boot or what?
<_Techie_> yes
<_Techie_> it functions fine but this error makes the oot process take longer thani would like
<_Techie_> boot*
<pmatulis> _Techie_: perhaps study bug #443113
<uvirtbot> Launchpad bug 443113 in linux ""Error probing SMB2" boot message on nVidia ION chipset (Acer Aspire Revo, ASrock ION 330, ASUS netbooks...)" [Medium,Triaged] https://launchpad.net/bugs/443113
<pmatulis> _Techie_: you don't have a netbook but there is a kernel boot option you may want to try
<pmatulis> _Techie_: see comment #29
<instabin> Hello I am having a problem with apache after doing the updates my php will work if I type www.mydomian.com but not if I use just mydomain.com
<instabin> When using just mydomain.com it try to download a file instead of displaying the php page
<_Techie_> pmatulis, will try that, gonna init 6
<_Techie_> pmatulis, it worked, the dmesg shows a much friendlier message, however i still need to disable acpi
<Sophia> Good day/night, I run Ubuntu 10.04 *32 on a VPS and suddently get segemtation fault when i run ap-get update or any other software
<Sophia> sudo rm -vf /var/cache/apt/*.bin, apt-get clean
<Sophia> did not help
<Sophia> could someone be so kind an help me pls?
<AkakuMatt> what are you trying to do?
<Sophia> update the system
<Sophia> and install php5
<AkakuMatt> why are u using apt-get clean?
<AkakuMatt> well reguardless sudo apt-get install php5
<Sophia> because im loged in as root
<AkakuMatt> lol
<AkakuMatt> why would you login as root?
<AkakuMatt> use a normal user and sudo
<Sophia> http://www.apollon-domain.co.uk/?p=221
<Sophia> followed this guid
<AkakuMatt> Ok
<AkakuMatt> Well that guide is not what you want to do
<Sophia> fair enough
<Sophia> but sudo doe snot change the problem
<AkakuMatt> you can do anything as root without being logged in as root
<Sophia> and it worke dfine for several week
<AkakuMatt> thats because your root already
<AkakuMatt> just use apt-get install php5 without sudo and clean
<Sophia> that what I did
<Sophia> I get segmentation faults
<Sophia> for any apt command that is
<AkakuMatt> use pastebin and show me what your talking about
<AkakuMatt> And first of all backup and update your ripositories
<AkakuMatt> apt-get update
<Sophia> http://pastebin.com/Z1PS9LBY
<AkakuMatt> ok
<AkakuMatt> im going to tell you to read man apt-get and check out the distro-upgrade option tword the top
<Sophia> u want me to upgrad to 10.10?
<AkakuMatt> no
<AkakuMatt> but it should update your 10.4
<AkakuMatt> have you tried doing the install php5 since you updated
<Sophia> yes
<AkakuMatt> and?
<Sophia> I get the same segmentation fault with apt-get upgrade
<AkakuMatt> you do realise that says there is a 0% segfault
<Sophia> as i said, any apt command
<AkakuMatt> Segmentation faultsts... 0%
<Sophia> well, its not installing anything
<AkakuMatt> sorry i cant help
<AkakuMatt> http://www.debianhelp.org/node/1972
<AkakuMatt> http://ubuntuforums.org/showthread.php?t=454316
<AkakuMatt> try there
<Sophia> I was on taht page before I cam ehere
<Sophia> i tried all these commands, mentione dit in my initial post
<AkakuMatt> Keep reading
<AkakuMatt> you obvisuly dont read more than the first post
<AkakuMatt> And they both referance to a memory issue
<AkakuMatt> use google
<Sophia> how can the cache size be soddenly to small?
<Sophia> *suddenly
<Sophia> ok, I did nano /etc/apt/apt.conf  added>
<Sophia> APT::Cache-Limit "20000000";  (file was empty) saved, retried apt-get update, same issue
<AkakuMatt> did you check your memory? or not?
<jetole> Hey guys. Does anyone know how the MAC times of files relates to when I'm looking at windows files via CIFS mounts?
<Sophia> i restarted the server again...works now
<Sophia> maybe the issue was caused by two winscp sessions running simultaniously
<Sophia> anyway, thank you fo ryour help
<clayd> i am working on a cloud server install of ubuntu 10.04 and tab completion is not working.  Any thoughts on how to turn it on?
<clayd> never mind found it.  needed bash-completion installed
<ScubaDogg> anyone still awake in here?
<ScubaDogg> guys, I am getting attr errors, on a md ext3 /home partition & have read that I need extended attribs for samba4 on an ext3 partition. Should I adjust my fstab like  /dev/md6 /home ext3 user_xattr 1 1 or more like /dev/md6 /home ext3 rw,acl,user_xattr 0 2
<ScubaDogg> srv is @ a colo s I don't want to break it.
<uvirtbot> New bug: #691819 in ntp (main) "ntpd stopped working when time server disappeared" [Undecided,New] https://launchpad.net/bugs/691819
<Psi-Jack> I need someone here that's somewhat formidable with ocfs2. I have a 2-node ocfs2 cluster over an iSCSI link, running under kvm. When I unplugged the vnic from cweb1, leaving it on for cweb2, cweb1 became faulted with no quorum, obviously, as did cweb2. But what happened was, cweb2 went into a kernel panick loop that would not recover for anything. cweb1 never panicked, nor rebooted, cweb2 never
<Psi-Jack> rebooted, but panicked continuously.
<Psi-Jack> I plugged the vnic back into cweb1, all was good. It restored everything, ocfs2 was usable. cweb2 remained in panick until forcefully rebooted by alternative means. Now, I know ocfs2's kernel designed fault tolerance is setup to reboot when quorum is lost, but it did neither reboot, nor properly even fence itself at all.
<ScubaDogg> does this look safe to put into my fstab?
<ScubaDogg> /dev/md6 /home ext3 rw,acl,user_xattr 0 2
<Psi-Jack> ScubaDogg: Do you know what all that does?
<uvirtbot> New bug: #691852 in clamav (main) "package clamav-base 0.96.3+dfsg-2ubuntu1.0.10.04.2 failed to install/upgrade: ErrorMessage: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/691852
<woutervddn> hey guys.. I've just installed ubuntu server to virtualbox I bridged my wlan0 installed sql, apache2,.. I've set up apache2 and I am connected to my router like it should.
<woutervddn> But I can't access the standard index.html page from my host computer..
<woutervddn> I'm guessing it's the portforwarding.. which ports are used by default?
<woutervddn> got it.. apperantly I was using the wrong ip: 192.168.1.108 instead of 192.168.0.108..
<woutervddn> hey guys I've got another question, I'm trying to connect true ftp and this is what I get:
<woutervddn> Status:	Connecting to 192.168.0.108...
<woutervddn> Response:	fzSftp started
<woutervddn> Command:	open "test@192.168.0.108" 22
<woutervddn> Error:	Could not connect to server
<woutervddn> I just tried ftp localhost on the virtual server and that works.
<woutervddn> but connect true filezilla won't work..
<woutervddn> anyone has an idea?
<WinstonSmith> woutervddn, "Command: open "test@192.168.0.108" 22" <== try port 21? 22 is ssh
<woutervddn> I tried that but that gives me following
<woutervddn> Status:	Waiting to retry...
<woutervddn> Status:	Connecting to 192.168.0.108:21...
<woutervddn> Status:	Connection attempt failed with "EHOSTUNREACH - No route to host".
<woutervddn> Error:	Could not connect to server
<WinstonSmith> No route to host sounds like the ip is wrong. what is your host OS? what ftp server are you using?
<woutervddn> ubuntu-studio 10.04 is my host system
<woutervddn> ftp server is vsftpd
<WinstonSmith> did you configure vsftpd to accept connections from all ips? e.g. not just from localhost?
<WinstonSmith> sry cant help you much there never configured vsftp myself
<woutervddn> yes.. i did.. but I'll look at vsftpd.conf again :)
<woutervddn> thx anyway
<WinstonSmith> yw
<g0bl1n> hi, are there ubuntu server 1010 ami available in amazon aws ?
<g0bl1n> official
<SpamapS> g0bl1n: http://uec-images.ubuntu.com
<SpamapS> I think
<SpamapS> right
<SpamapS> http://uec-images.ubuntu.com/maverick/current/
<g0bl1n> SpamapS, thank you, great
<woutervddn> hey any of you know an alternative for cpanel to use on ubuntu-server?
<pmatulis> woutervddn: some people use ebox but it's not officially supported by ubuntu
<root_> admin
<root_> ADMIN
<uvirtbot> New bug: #691956 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/691956
<woutervddn> is there something like a vhcs package for ubuntu?
<woutervddn> (sudo apt-get...)
<woutervddn> or does there exist another control panel with the same fnctionality?
<SpamapS> woutervddn: ebox
<SpamapS> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<woutervddn> thx.. I'll look for it :)
<woutervddn> it's installing ^^
<uvirtbot> New bug: #692043 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.4 [modified: usr/share/bind9/bind9-default.md5sum] failed to install/upgrade: el subprocÃ©s installed post-installation script retornÃ  el codi d'eixida d'error 1" [Undecided,New] https://launchpad.net/bugs/692043
<wizardslovak> hello people
<wizardslovak> i am building myself small home server , nothing fancy , media server little website with sql
<wizardslovak> and i dunno which spu to decide
<wizardslovak> amd or intel?
<wizardslovak> i want to run 64 bit ubuntu server on it
<SpamapS> wizardslovak: why do you want 64-bit?
#ubuntu-server 2010-12-19
<wizardslovak> SpamapS,  they perform better
<Datz> wizardslovak: are you buying a new cpu?
<Datz> or used?
<Datz> wizardslovak: if you're buying new stuff, and don't need much power, I'd personally get something like a efficient atom chip/board/
<Datz> http://www.newegg.com/Product/Product.aspx?Item=N82E16813128452&cm_re=atom-_-13-128-452-_-Product
<Datz> if not, just use any old machine, and run 32bit if you have to.
<wizardslovak> i want to build it myself , something with miniatx
<wizardslovak> but dont know what cpu
<wizardslovak> Datz, that perfect , will fit to my old shuttle pc
<wizardslovak> i am actually thinking about this one ;) btw would it hold some web traffic?
<wizardslovak> + id prefer 2 cores
<bluethundr_> when compiling from source, what does 'make world' buy you that a simple 'make' will not?
<Datz> wizardslovak: I'm not sure what you mean by "this one"
<Datz> also, that Intel Atom is a dual core cpu, with hyperthreading as well
<Clem> Hi guys, i have a question about ubuntu server. I was wondering, if the server .iso has the packages required by default for a LAMP installation. (I am installing the server at on my home network which does not have an internet connction at the moment)
<icekk> HI, I created a tcp server, running it on ubuntu-server each time i run it, only 400 tcp socket clients can connect to it...
<icekk> how do i increase this limit
<icekk> to unlimited
<SJr> How do I determine which hardisk in my machine is ata2?
<Patrickdk> ata2?
<SJr> I keep getting these ata2.00 error in the kernel
<Patrickdk> I don't think that means ata port 2, but not sure
<Patrickdk> I think that means something more like, invalid ata 2.0 command
<Patrickdk> as in ata spec version 2.0
<Patrickdk> but need more error message to go with that
<Patrickdk> been awhile since I had drive/interface errors
<Psi-Jack> heh
<Psi-Jack> Anyone here have any experience with ocfs2?
<AnAnt> Hello, I have a question about cloud, if I setup a cloud using 3 machines, is it possible to make a single process to use the processing (& memory) power of all those machines ?
<AnAnt> the reason I ask, is our work environment we use simulators & synthesis tools that (according to the design being worked on) might demand processing power (and/or memory) that is not available in just one single machine.
<qman__> AnAnt, no
<AnAnt> I see, so what's the use of cloud ?
<qman__> UEC works like standard virtualization, its main advantage is the automated balancing of the load
<qman__> if, for example, you had ten servers and needed 50 VMs, instead of having to predict where your load would be, UEC would automatically handle it
<AnAnt> I see
<qman__> the only system that ever existed (to my knowledge) that operates like you describe is openmosix
<qman__> there is nothing that is currently developed to do it
<qman__> the closest modern setup is a clustering system, but that requires threading your application
<AnAnt> some colleage attended some conference about clouds, and there they told him that: cloud = virtualization + clustering
<qman__> basically, yes
<qman__> but that's all theory
<qman__> in practice it's just a really smart virtual machine hosting system
<qman__> a great technology to be sure, but not the magical be-all end-all of IT marketers make it out to be
<AnAnt> qman__: do you know if  Azure (windows based) can't do clustering the way I described ?
<AnAnt> "The openMosix Project has officially closed as of March 1, 2008." :(
<qman__> it can't
<qman__> the way those services work, amazon EC2 and such, is just like UEC, but on a very large scale
<qman__> they have server farms which run VMs for you
<qman__> but any one VM never utilizes more than one bare metal server at a time
<qman__> it's just a very efficient and abstract way of running lots of virtual machines
<qman__> if you need more power than a single hardware core can give, you need to thread your application
<qman__> if you do that, you can cluster and take advantage of as many as you want
<AnAnt> qman__: even OpenMosix needed the application to be threaded ?
<qman__> that, I'm not sure of
<AnAnt> ok
<qman__> the only theoretical way to spread one thread across lots of hardware is to dynamically thread it on the fly
<AnAnt> qman__: btw, if an application already supports running on several processors, then it is threaded , right ?
<qman__> yes
<qman__> and if you set up a cluster, it can spread those threads across hardware
<AnAnt> qman__: thanks a lot, you were so helpful
<qman__> no problem
<uvirtbot> New bug: #692131 in squid (main) "package squid 2.7.STABLE9-2.1ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/692131
<wizardslovak> Datz,  i ment the one u sent
<intick> hi all
<intick> i have a problem with my FTP server ... i can access it and list folders content from local without problem but when i try using my public IP, it connects very well but does not allow me to list files/folders ..
<intick> i've checked rights i think it has a relation with passive/active mode
<intick> (pure-ftpd server)
<intick> none :( ?
<intick> plzzz need help with FTP server
<intick> (pure ftpd)
<qman__> it's because FTP is ancient, a total mess, and a security nightmare
<qman__> you shouldn't use it unless you absolutely have to
<ivoks> and, if you really need to, use vsftpd :)
<Syria> !Bazaar
<RoyK> ivoks++
<uvirtbot> New bug: #692171 in nut (main) "using BUS= in udev rules causes system boot error/warning" [Undecided,New] https://launchpad.net/bugs/692171
<Syria> Hi , I have just installed webmin and I am being prompted for a passwprd!
<qman__> !webmin | Syria
<ubottu> Syria: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Syria> ahhhh
<Syria> qman__ thnx
<Syria> qman__ is there any alternative please?
<qman__> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Syria> qman__ thnx.
<Syria> qman__ Can you tell me how to remove webmin now please?
<RoyK> apt-get remove --purge webmin
<RoyK> apt-get install ubuntu-operation-knowledge
<Syria> sudo apt-get remove webmin
<Syria> Thnx
<RoyK> :Ã¾
<Syria> sudo apt-get install ebox I am installing ebox using this command, is this the latest version?
<qman__> assuming your repositories are correct and up to date, it will install the latest supported version for the version of ubuntu you have installed
<Syria> qman__ I am installing it on my 10.10 Maverick.
<RoyK> Syria: keep in mind that for most setups, learning the basics needed to do the administration from the commandline is usually not too hard, and learning it means you'll understand things better than talking to a stupid gui trying to do your job
<RoyK> Syria: what sort of server is it you're installing?
<Syria> RoyK i am testing it now on my laptop, and then i will install it on my vps which is running on ubuntu 10.4 lucid
<RoyK> what sort of server? web? php? database? some wierd application?
<RoyK> if it's just web, I'd say forget about webmin/ebox, and learn the config files
<RoyK> it _really_ is't that hard
<qman__> I agree completely
<qman__> it's also mostly set and forget
<qman__> configure automatic updates and you won't have to touch it but once a year or so
<Syria> RoyK i want to install wordpress i have about 3 sites that I will host on that vps.
<RoyK> Syria: then do it manually. you'll learn a wee bit about it as well
<Syria> RoyK yeah I did this on the old server but I want to test something like webmin or zentyal.
<RoyK> why?
<RoyK> it's just another thing that can fail
<Syria> I want to know more about it.
<RoyK> and corrupt your config
<Nafallo> qman__: how about kernel upgrades?
<RoyK> Syria: I see :)
<qman__> Nafallo, scheduled reboots or ksplice
<RoyK> Nafallo: most of them aren't really needed :Ã¾
<Nafallo> ksplice doesn't do it automatically though
<qman__> it does if you add it to cron
<RoyK> Syria: still, I'd recommend focusing on manual config
<Nafallo> heh. point well made
<qman__> it's how I have run my router for the last year and a half
<qman__> zero downtime
<Syria> RoyK That's why I want to test it on my laptop first.
<Syria> RoyK I am not sure about installing it on the vps yet.
<RoyK> Syria: which is good - always test in a VM before trying to put it into prod...
<qman__> Syria, installing such a system is adding a lot more points of failure and increasing security risks significantly
<RoyK> Syria: keep in mind that databases don't usually run well on VMs, so you might want to ask the ISP if they have a dedicated mysql db for wordpress to use
<qman__> they're nice tools for the ignorant masses but for this type of thing it's much better to do it manually
<Syria> I have installed apache2 php5 and mysql on the vps server.
<RoyK> qman__: and the bad thing about those tools, is that the masses of ignorant people is shrinking as manual configuration gets simpler :Ã¾
<Syria> and if zentyal or anything else failed i can configure things manually right?
<qman__> the main problem is that these tools, if not carefully designed, leave a huge mess in their wake
<RoyK> Syria: possibly
<qman__> this is why webmin is not supported
<RoyK> Syria: but why bother?
<RoyK> Syria: doing it from the commandline is _simple_
<Syria> yeah i have been learning how to use the terminal recently.
<qman__> server administration is, in my opinion, something that should not be trusted to an abstracted tool
<RoyK> Syria: still, check if the ISP has a dedicated mysql server. VMs (including VPSes) aren't well suited for running DBMSes
<Syria> RoyK Yes I have installed a mysql server and things are just fine.
<RoyK> even though mysql is pretty close to flat files in the DBMS perspecitive...
<Syria> RoyK http://xtrahost.co.uk/
<RoyK> Syria: not saying it won't work - the I/O speed from a VM is usually far lower than on a dedicated box, so you really don't want to run something like a database on it
<Syria> RoyK How can i check? what should I ask about exactly.
<Syria> RoyK aha
<Syria> RoyK i will ask them if the vm machine can run data bases without causing any problems right?
<RoyK> just justask them if they have a mysql database you can use
<qman__> if your database is very low traffic it shouldn't pose a problem, but for anything above really light loads, you'll want something that performs better
<RoyK> last I checked, wordpress only supports mysql, so a postgresql db won't work too well
<Syria> Yeah it is a small wordpress data base, I am using it as cms.
<Syria> I hope that it will not pose any problems but I will ask them anyway.
<RoyK> Syria: if you expect some traffic on it, move the database OUT of the VM
<Syria> RoyK Thnx for the advice.
<Syria> Technical support is avialable monday to friday!
<Syria> 9 - 6 pm!
<Syria> ouch
<Nafallo> heh. at least you should get good connectivity to Ubuntu archives ;-)
<Syria> Can I move copy folders from my computer to the remoter compuer using ssh terminal?
<qman__> yes
<qman__> see sftp and scp
<Syria> qman__ yeah sure sftp.
<Syria> qman__ Connect to server from the places menu right?
<qman__> yes
<Syria> qman__ Can I do this using the terminal? i know it is useless just want to know if yes.
<qman__> yes, the commands "sftp" and "scp" can use ssh to transfer files
<qman__> sftp operates like ftp, while scp works like cp
<Syria> thnx again :)
<qman__> no problem
<olliel> Anyone here know how the mumble-server sends and recieves VoiP traffic? Does it all get routed through the server or does traffic only travel in a p2p fashion?
<RoyK> olliel: I think it uses RTP like everything else
<RoyK> olliel: and I somehow guess the traffic is routed through the server to ease NATing
<RoyK> sending RTP streams directly involves serious NAT hacking known to SIP and H.323
<AnirbanHazra> Can I run .NET apps on Ubuntu hardy ?
<eagles0513875> hey guys has anyone else experienced issues with formatting a single 2tb partition?
 * RoyK hasn't
<eagles0513875> why am i O_o
<eagles0513875> seems like anything larger then 1tb will format
<eagles0513875> O_o
<RoyK> what sort of problems?
<RoyK> what fs type?
<eagles0513875> formatting shows 33% then no activity light
<eagles0513875> ext4 the default
<RoyK> ext4 supports far more than 2TB
<eagles0513875> ya but im having issues
<RoyK> during install?
<eagles0513875> ya
<RoyK> what I'd do first is to overwrite whatever partition table the drive has
<RoyK> mind this will remove _all_data_ from the drive
<eagles0513875> already done and chose 1tb instead of 2
<eagles0513875> i set it up with lvm so i can increase the size to 2tb
<eagles0513875> formatting with 1tb formatted just fine
<eagles0513875> RoyK: outa curiosity what make is ur drive
<eagles0513875> bah :( ran into a corrupt den :(
<eagles0513875> let me go back again
<RoyK> also, with such a disk size, I'd use a smaller (20-50GB) root and then use another filesystem for the data
<eagles0513875> trying to setup ubuntu cloud feature
<RoyK> by resetting the partition table, I mean dd if=/dev/zero of=/dev/yourdevice
<eagles0513875> oh
<RoyK> just in case there is a bad-but-somehow-working partition table (layout) on the drive
<eagles0513875> ok
<eagles0513875> how can i do that off the installation cd?
<RoyK> just press enter through the first steps, then alt+right, and you have a console
<eagles0513875> right what?
<RoyK> right arrow key
<eagles0513875> ok
<eagles0513875> RoyK: do i do it from busybox
<RoyK> yes
<RoyK> but try to start with a small root fs
<eagles0513875> how can i check the device
<RoyK> no reason to make a root fs on the whole disk
<RoyK> just let the installer go so far as to find the drives, then you'll find them in 'cat /proc/partitions'
<eagles0513875> command is running
<RoyK> just interrupt it
<RoyK> it doesn't take very many milliseconds to overwrite what's needed
<eagles0513875> ok
<RoyK> then reboot onto the install cd, make a smallish root partition, install there, and make the data partition later
<RoyK> smallish is something between 5 and 50GB
<RoyK> depending on how much you plan to put there
<RoyK> 5 should suffice for most needs, 50 is plenty
<eagles0513875> what if i want to use lvm
<RoyK> you can set that up later
<eagles0513875> ok
<RoyK> just separate the data from the OS
<RoyK> that's always a good idea
<eagles0513875> let me erase the partitionsok
<eagles0513875> ya
<RoyK> you just erased all the partitions on that drive with dd
<adac> Someone familiar with "hardinfo"? I noticed that it can run as a command line program aswell, but the silly thing is that installation of "hardinfo" requires gnome (http://pastie.org/1390103) But on my server I don't want to install grafical interface
<RoyK> eagles0513875: just create a simple partition for root, one for swap (size of memory or so) and leave the rest for later
<eagles0513875> ok
<eagles0513875> RoyK: should i allocate 24gb for swap
<eagles0513875> i have 8gb in this machine
<RoyK> you probably won't need it
<RoyK> just allocate 8 gigs
<eagles0513875> ok
<RoyK> you can add more later if you need more
<eagles0513875> how exactly does cloud computing features work?
<RoyK> adac: looks like a gui for lshw to me
<adac> RoyK, you can also start it on command line only
<adac> ahh
<adac> lshw
<adac> is a program
<RoyK> :)
<RoyK> eagles0513875: it's just virtualization gone large
<adac> RoyK, I first thougt it was some nasty shorthand form for some word ;)
<RoyK> :)
<eagles0513875> RoyK: i have a server is the vt-x extension necessary
<RoyK> eagles0513875: last I checked, kvm needs that, yes
<RoyK> eagles0513875: http://www.linuxquestions.org/questions/linux-kernel-70/kvm-without-intel-vt-or-amd-v-530789/
<eagles0513875> :-/ i know i tried kvm on this machine but what services can i setup using cloud computing on this server which doesnt have it
<RoyK> seems you can run it without virtualisation hardware, but it'll be slow
<eagles0513875> RoyK: you said 8gb swap 50gb / then what bout the rest
<RoyK> just leave it for now
<RoyK> eagles0513875: if you don't know the difference between cloud computing and virtualisation, you don't need cloud computing
<RoyK> eagles0513875: then just setup a box, add VMs to it, relax, it'll work
<eagles0513875> RoyK: i know what virtualization is just not understanding what cloud computing is
<eagles0513875> i would like to eventually use cloud computing for my business
<RoyK> eagles0513875: if you need 1,000 VMs, you might need a private cloud
<RoyK> if you need 10 or 50 VMs, you probably just want a machine with kvm
<eagles0513875> atm dont need many
<RoyK> there you go, then no need for cloud
<RoyK> clouds aren't very simple to setup
<RoyK> and you can migrate to a cloud later
<eagles0513875> RoyK: ok resstarted installer and did the partitioning
<eagles0513875> i have 300mb partition for biosgrub 8gb swap 50gb root hat do i do with the 1.9 that i have left
<eagles0513875> wtf
<eagles0513875> RoyK: machine randomly restarted itself
<RoyK> oops
<RoyK> run memtest86
<eagles0513875> done already
<eagles0513875> ram is fine
<RoyK> hm
<eagles0513875> after getting em back from corsair
<RoyK> shouldn't reboot on its own, though
<eagles0513875> im thinking its a psu issue
<RoyK> check the logs first
<eagles0513875> i have nothign to boot onto os wise
<RoyK> erm - it rebooted during install?
<eagles0513875> while i was setting up the partitions prior to starting the format
<RoyK> eagles0513875: anyway - start over - partition as you did and try again. never mind the extra non-partitioned space - we'll deal with that later
<eagles0513875> ok
<uvirtbot> New bug: #589647 in net-snmp (main) "snmpd starts (and dies) before network is up" [Undecided,Confirmed] https://launchpad.net/bugs/589647
<eagles0513875> might have to do this later
<eagles0513875> RoyK: is it easy to install the necessary stuff later for cloud computing?
<SJr> http://www.pastebin.ca/2023686
<SJr> What would cause errors like that
<RoyK> eagles0513875: cloud computing is for a cluster of computers running VMs. when you need it, you will have time to set it up
<RoyK> eagles0513875: and no, it's not particularly easy to setup either way
<mrroth> X2 zone, why do I need to create a different zone *ip subnet* for x2 port that connects to the ssl vpn x0 port, are vpn user on a different ip subnet from lan user? is that the norm "
<wizardslovak> seriously i dont know which line to choose
<wizardslovak> phenom 2 black or intel i series
<wizardslovak> anyone?
<Datz> there are intel people, and amd people :P
<wizardslovak> yea i know
<wizardslovak> but id love to hear personal experience
 * Datz shrugs, I am an intel person
<wizardslovak> hehe
<User792> hey all im going crazy here trying to change the ssh port. Firt of all im diabling ufw then im editing /etc/ssh/ssh_config to aay and empty port then reloading the ssh service but ssh -p <port> localhost returns connection refused
<User792> any ideas?
<User792> im more familiar with centos but im pusshing to switch over to ubuntu
<Datz> User792: are you trying to access this machine locally?
<User792> yeah
<User792> same subnetwork
<Datz> humm, and you restarted sshd?
<Datz> oh I see you said that
<User792> i think that this is  right  /etc/init.d/ssh reload
<User792> right?
<Datz> I'd think that would work. I guess you could try restart as well.
<User792> alright let me give that a try
 * Datz is no expert
<mrroth> hey wha thappens when a road wwarrior has the same subnet as the remote vpn tunnel
<mrroth> what if he is setup on a different zone but both remote and local network interface are on the same subnet
<Datz> wizardslovak: you could go for the underdog :p http://www.networkworld.com/news/2010/060710-tech-argument-amd-intel.html
<vadi2> How come Ubuntu loops on the recovery menu after I asked it to shutdown?
<vadi2> 'sudo shutdown now' - shut down services - recovery boot menu (???) - restarts all services.
<Datz> just trying to shutdown? I usually "sudo shutdown -P now"
<vadi2> thanks much, that worked
<Datz> np
<Datz> vadi2: man shutdown
<SJr> What would cause errors like: http://www.pastebin.ca/2023686, I'm getting them for ata2.00 and ata8.00
<Datz> User792: no luck?
<maxagaz> hi
<Datz> hello
<maxagaz> my boss would like me to write a security check bash script for desktop computers, to check open ports and things like that, do you some existing scripts I could begin with ?
<maxagaz> I don't really know what should be checked actually
<pmatulis> maxagaz: get started with a freshly installed desktop and the nmap utility to scan it
<clayd> working with phpmyadmin and mod_fcgid on ubuntu10.04.  For some reason when i go to domain.com/phpmyadmin i just download a file called download.  Anythoughts?
<Nafallo> wouldn't it be easier to check netstat -ltun and determine the number of lines, and warn if the number is higher than the threshold?
<Nafallo> pmatulis, maxagaz ^--
<maxagaz> Nafallo, good idea
<Nafallo> might want to use -p as well and grep out some applications and stuff bound to 127.0.0.1
<clayd> if someone has time can you go to lb.1pristine.com/phpmyadmin and let me know if you have any ideas why it is not working?
<Datz> clayd: how did you install phpmyadmin?
<clayd> with the aptitude
<clayd> yes "the" aptitude  :) sorry about that
<clayd> sudo aptitude install phpmyadmin
<clayd> i think it is a configuration issue between using mod_fcgid and the default phpmyadmin install
<Datz> ok, just checking
<clayd> i found something talking about adding a .htaccess file that handled RewriteEngine and rrewriterule
<clayd> do you need to restart apache when you add a .htaccess file?
<Datz> not from my experience
<clayd> that is what i am thinking
<Datz> clayd: you might try #httpd if you have not already
<clayd> i am hoping not to but that is what i might end up doing.
<DormantOden> hey, I want to update a network card driver. But im worried the eth connection will drop and then I wont be able to reconnect to my server to put it back up? How likely is that?
<milligan> DormantOden, hard to say. If access to the hardware is impossible, I'd leave it.
<DormantOden> yea, I guess I'll have to
<DormantOden> cheers milligan :)
<milligan> Didn't do much to help, I'm afraid .. but afaic, if it ain't broken, don't fix it ;9
<DormantOden> its a super slow samba problem :P
<DormantOden> broken, but can't fix it until I go home :/
<milligan> You know for a fact the prob is caused by nic drivers? :(
<DormantOden> no, but there isn't a fix that has worked and the only one left (bar this) is: "buy a new nic card" which I dont really think counts xD
<DormantOden> any thoughts milligan? I'm going to be bored as hell without my samba =D
<milligan> What's the problem, exactly ? You're experiencing poor transfer speeds on samba ?
<milligan> And you're sure it's not some sort of switching problem in regards to speed negotiation etc ?
<DormantOden> not sure what it is really, just trying whatever I can.
<milligan> What are the symptoms? I doubt I'll be of any help,  but I can give it a shot :)
<DormantOden> well, over a gigabit lan it will transfer at anywhere from 1 to 10 meg/s
<DormantOden> but now im externally connecting I'm getting nothing higher than 100kb/s on a 17 meg line.
<DormantOden> just dosen't seem right... :/
<DormantOden> the servers connection has an upload speed of 2 megs, so I figured I should be getting at least 500kb/s
<milligan> it doesn't transfer stable on a lan connection .. ?
<DormantOden> it will usually stay stable. but it likes to stick at a certain speed for random amounts of time
<milligan> if your upload  on the server is 2mbit .. you won't be getting more than approx 250kb/sec download over the internet...
<milligan> hmm
<DormantOden> one day it will be going at 1 meg, a few days later its going at 6?
<DormantOden> reseting the routers and computers won't solve it, never tried reseting the server though
<DormantOden> well, I meant a speed tests upload rate will max at about 2 meg
<milligan> 2MB/sec ?
<DormantOden> yea
<DormantOden> we sacrifice download speed for upload speed =)
<milligan> to debug it, I'd do testing locally first. Check and double check that you get stable transfer speeds across the network using a proper protocol. iperf or simple ftp tests would suffice I rekon.
<DormantOden> ok
<milligan> if your network at home is stable, you're ready to check the next step .. if it's not, start looking at the equipment you have at home
<milligan> If you have a gigabit network at home .. you probably have a cisco or a hp layer 2 switch ?
<ivoks> why?
<DormantOden> not sure, switch is under some wood and all I can see is the word "Gigabit switch" =P
<ivoks> there are other brands that support gigabit :)
<ivoks> cheaper
<ivoks> like dlink :)
<Nafallo> eeeew
<Nafallo> yeah
<milligan> ivoks, just figuring that if one goes to the lengths of building fully supported gigabit, one would do it with proper equipment ;)
<Nafallo> milligan: not a valid assumption, at all.
<milligan> Whatever. Let's see you debug it :)
<ivoks> people don't do that for companies
<DormantOden> I actually bought it by accident. They were susposed to give me a normal 100mb/s switch :)
<Nafallo> gigabit is very very common these days
<ivoks> i'd like to see a person that has cisco at home :)
<milligan> DormantOden, do you have the single switch, or several ?
<DormantOden> single
<Nafallo> ivoks: o/
<ivoks> cashing out that much money for nothing...
<Nafallo> ivoks: but I'm a bit special I guess ;-)
<Nafallo> also, my equipment is all sorts of brands and stuff :-P
<DormantOden> milligan: I mean, even dropbox over the network is pretty instant. But your right I should properly test it using ftp.
<ivoks> Nafallo: well, you are an exception :)
<air^> :)
<air^> 1-10 MB/s over gigabit sounds like some serious problems.
<DormantOden> only with samba
<ivoks> samba between linux machines?
<DormantOden> linux and windows and macs
<DormantOden> well.. the macs dont really count
<air^> DormantOden: what speed do you get with some other protocol?
<DormantOden> fast.
<air^> I get 100+ MB/s over AFP (mac <-> ubuntu server).
<DormantOden> never got round to measuring because I can live with anything above 3 meg a second :P
<ivoks> wow!
<ivoks> someone is using netatalk!
<air^> yeah :D
<air^> at that speed it eats a lot of cpu as well :P
<air^> but it works pretty well :)
<ivoks> cause it emulates bunch of stuff
<ivoks> until a year ago i was using it on multiple locations
<ivoks> i even did some package uploads for netatalk
<DormantOden> air^: I only meant macs dont count because they dont really use the wired connection in our house :)
<DormantOden> wait, netatalk an alternative to samba?
<ivoks> just for macs
<DormantOden> hmm, but I could just replace samba and see if it works
<ivoks> i wouldn't advise that
<DormantOden> why not?
<ivoks> it won't work on windows and linux, only on macs
<ivoks> and even apple suggests using SMB/CIFS/NFS over AFP
<DormantOden> oh, yea, I meant somthing else entirely
<DormantOden> not sure what though
<ivoks> samba is the only way for all three
<DormantOden> ahhh
<DormantOden> lame
<ivoks> it's not lame
<ivoks> you just misconfigured it, probably
<DormantOden> *it shouldn't be lame
<air^> well. SMB + Mac doesn't ever work very well IMHO.
<air^> At least not in my experiences :)
<DormantOden> ivoks: maybe, but theres not alot of suggestions other than turn this or that off/on, and add TCP_NODELAY to socket options xD
<ivoks> mac usually doesn't work well if connected to anything but mac
<air^> well. that's true :D
<air^> but it works good enough over netatalk ;)
<air^> I rarely have any issues at all.
<ivoks> i won't forget how they broke IPP in first couple of OSX releases
<DormantOden> any downside to running two sharing programs?
<air^> IPP?
<ivoks> maybe i missed it, but i haven't seen yout smb.conf
<ivoks> your
<ivoks> air^: ipp = cups, printing
<air^> ah.
<ivoks> cups was broadcasting ipp://server/ipp/printer
<ivoks> but on mac, it was actually on ipp://server/printers/printer
<ivoks> (cups on mac)
<ivoks> it was something like that...
<ivoks> i wish windows would support proper ipp, including browsing and ps drivers
<air^> last OS X release broke some DNS things. IIRC it was related to using DNS aliases and the .local subnet. :/
<ivoks> ah...
<ivoks> famous .local
<ivoks> you do know that .local means different things to microsoft and apple
<air^> suddenly a few servers at work where unreachable to all os x users.
<ivoks> windows? :)
<air^> yeah. windows environment with a few mac users :)
<DormantOden> ivoks: http://pastebin.com/xSkGSsbj
<air^> got the dns guys to create new arecords instead so now it works :P
<ivoks> tell your windows admin that he should never create AD/local domain with .local
<air^> yeah. well. it's too late for that now :P
<ivoks> .lan is ok, everything is ok - but .local no
<ivoks> ubuntu wouldn't work too
<air^> another huge mistake our windows guys did.
<air^> they use 192.168.0.x for work network.
<air^> it causes major issues when people connect vpn from their home networks :D
<ivoks> hehe
<ivoks> pptp :p
<air^> I (as a mac user) use pptp. most people are not allowed too..
<ivoks> have they fixed that thing, in mac, that didn't allow you to mount 2TB+ shares? :)
<ivoks> i set up server for video editing studio, server with 10TB space
<air^> I think so. At least I can mount my 3.6TB share.
<ivoks> and macs can't connect :D
<air^> :D
<ivoks> they didn't enable big shares in smb, or something
<air^> ah. well, I can't say about SMB.
<ivoks> they managed to broke samba and cups... that's like, just take it and compile it
<ivoks> but no... let's break it :)
<air^> I use SMB at work of course (windows...) but don't think I got access to any large shares.
<ivoks> DormantOden: looks ok, i guess
<ivoks> macs look fancy and all that
<ivoks> but when it comes to heterogenus networks... omg
<ivoks> at least it was omg 1-2 years ago
<ivoks> one time they changed something in smb, after that update, all macs started crashing
<ivoks> finder would crash on connectiing to samba server
<ivoks> i think it was samba 3.0.12
<ivoks> http://linux.derkeiler.com/Mailing-Lists/Debian/2006-03/msg02407.html
<AtomicDryad> Hi, is 80x24 console with messages still unavailable without the use of a hatchet?
<AtomicDryad> (err, bootmessages. IE no splash screen)
<PleXuS> anyone did get a working pxe windows7 setup?
<datzy>  
<Hero_of_Mordor> hi, I'm ssh'ing into a server. How do I copy files from the server onto my client?
<datzy> Hero_of_Mordor, try sftp
<Hero_of_Mordor> datzy: ok
<datzy> if you're on windows, try putty or psftp
<datzy> otherwise, just put the files in a web dir :P
<eagles0513875> RoyK: my sata controller is shot on the motherboard lucid doesnt even boot just shows me a really long trace
#ubuntu-server 2011-12-12
<qman__> use the built in partitioner
<qman__> just choose 'manual' instead of 'guided'
<wedgeV> ok, thanks
<Canadian1296> Can someone help me disable the internet connection for good on Ubuntu 10.04?
<Canadian1296> Anyone alive here?
<mtphone> I have a pfsense vm. One nic is on the first bridged if which os able to talk to the outside. The other if is on the other bridge which is the if that i want everything grabbing dhcp from. I'm a bit stumped and only have my phone right now...
<mtphone> Google stuff says it should be working the way i set it up......
<qman__> Canadian1296, what exactly are you trying to do?
<qman__> I mean, killing internet access is easy and doable in many ways
<qman__> ifdown, route, ifconfig, you name it
<mtphone> My route table even shows that internal ip addy should go to that bridged interface...
<Canadian1296> qman_, im making a livecd and it's sole purpose is for gpg. The user will be root, and i already installed all the necessary packages for it. I need to diable the internet connection so the user cannot enable it
<qman__> well, if you don't need any network access at all
<qman__> just pull the NIC drivers out
<Canadian1296> yeah, i want no internet at all. how do i do that? I asked at the ubuntu channel and they sent me here :P
<qman__> compile your own kernel with networking disabled
<qman__> that's the only way to do it such that it can't be reenabled without compiling more modules
<Canadian1296> okay, is there a simpler way that simply disables it?
<qman__> plenty, but they can all be defeated
<qman__> no default route, no internet
<mtphone> Remove the card entirely
<qman__> kill off the networking upstart script
<qman__> blacklist all the networking modules
<Canadian1296> thats fine, as long as by default its disabled.
<mtphone> rm /etc/network/interfaces
<Canadian1296> What files or packages should i remove?
<qman__> uninstall dhclient
<qman__> delete /etc/network/interfaces, /sbin/ip, /sbin/route, and /sbin/ifconfig
<Canadian1296> qman_: i removed all of them but i still have internet  :|
<qman__> well yeah, your interfaces are still up from before
<qman__> but without those tools you can't bring internet back up after taking it down
<Canadian1296> okay, how do i take it down now?
<qman__> probably also want to remove network manager, ifup, ifdown
<twb> 11:23 <qman__> just pull the NIC drivers out
<twb> Pull the *NIC* out
<qman__> without those tools, you can't bring it down either, short of rebooting
<qman__> and yeah, if you have control of the hardware, the NIC itself is the easiest
<twb> What I do is: 1) blacklist the modules in the kernel; 2) rm the .ko; 3) add an /etc/kernel-post.d that does (2) if the kernel is upgraded.
<Canadian1296> qman_: okay, so when i boot from the livecd (the one i just did that too), i wont have internet. correct?
<twb> Although lately I have just been shipping rerolled kernels
<twb> Canadian1296: why do you want to revoke internet access?
<Canadian1296> twb: livecd for gpg only. no need.
<twb> That is not an answer.
<twb> That's like saying "they only need black and white so how can I disable all the red pixels on their screen"\
<Canadian1296> twb: haha yeah your rightâ¦ But im doing it because I'm just messing around with making livecd iso'sâ¦ More to learn how
<qman__> if you have a task that needs to be secured from the internet, you need to secure the hardware
<Canadian1296> I plan on eding up with a livecd that's loaded into ram. Truecrypt is installed on it, so a gpg keyring is loaded onto it from a removeable truecrypt drive. Then the user logs out and only logs in when he is at the computer. shutting it down will wipe the key out (everything is in ram). Theres a script that shuts down the computer as soon as someone types a bad username or password at the login prompt.
<qman__> for this plan to retain any kind of security, the hardware absolutely must be secured
<qman__> so just remove/disable it
<Canadian1296> the idea is the system is running from ram, and the key's in ram. no harddrive or livecd in the machine. To do anything on it you have to log in, or reboot from a different livecd. Rebooting wipes out the key, and failing to log in wipes out the key. I dont see the security hole...
<qman__> otherwise, what's to stop anyone from booting a different environment, or loading binaries off a flash drive, or copying sensitive data
<qman__> by design it's not going to get the latest security updates either
<Canadian1296> Can you load files onto it or boot without loggin in or shutting down the running ubuntu os?
<qman__> yes
<Canadian1296> how?
<qman__> rogue flash drive is your main problem
<Canadian1296> explain...
<qman__> but unless you lock out your bootloader, add "single" to the kernel line, and done
<qman__> without physical security your plan is moot, because people can bring in a flash drive with anything on it, and load files onto it
<Canadian1296> But if the computer is running a live version from ram, and theres just a login prompt, how do you propose they mount the files?
<qman__> google 'kon-boot'
<qman__> that's just one of many ways to completely defeat your plan
<Canadian1296> i know what konboot is, but it require you boot from it.
<qman__> and without physical security, they can
<Canadian1296> can you defeat the login prompt, with only one guess, and without shutting down the sstem?
<qman__> the point is, they don't have to
<qman__> without physical security they can boot or load whatever they want
<qman__> and defeat the protections you have in place
<Canadian1296> I understand anyone could shutdown the system and reboot from a livecd. Full access to the system. But theres nothing on the harddrive. The key was wiped out when the computer shut off.
<zaltekk> full harddrive encryption, /boot on a usb key that's removed after boot
<qman__> that'd work better
<qman__> then they'd need an exploit that works without booting
<zaltekk> well, they'd need a way to exploit the running system
<qman__> but again, that's physical security
<zaltekk> or a hardware keylogger(if the key is manually entered instead of being on the usb key)
<qman__> the keys to boot it are locked up
<zaltekk> right
<zaltekk> i use it only for my laptop
<zaltekk> in which case the usb key is on my car/house keys
<zaltekk> so if the laptop was stolen
<zaltekk> they'd not be able to get in
<qman__> it doesn't matter how you protect your live environment if the attacker can boot it, because they can pregame with things like kon-boot
<zaltekk> not that i have anything that secret :P
<Canadian1296> zaltekk: when booting from the livecd, you can load the entire cd into the ram , then remove the cd. Then all the files are in ram. i was under the impression if the computer shuts down they are gone. (not necesserily unrecoverable, just gone)
<twb> Go read Reflections on Trusting Trust
<zaltekk> what's the point Canadian1296?
<qman__> and even though there isn't one widely available as of right now, they'd only need a USB-based live exploit
<twb> Canadian1296: police have gear that can remove computers without turning them off, so RAM is still accessible
<qman__> and those have come up in the past, common on windows
<zaltekk> i'm not sure what there is to protect when you have no persistent storage
<zaltekk> twb: right. it's game over if they shutdown a well-encrypted system
<Canadian1296> okay heres my new question. If the cd was loaded into ram, and i created a file (lets just say i typed touch test), then turned off the system. when i rebooted test would be gone. Am i correct?
<qman__> yes, but you're accessing a flash drive
<qman__> which does have persistent storage
<zaltekk> qman__: usb-based stuf is bad on windows because of autoexecution and such
<Canadian1296> the flashdrive will be encrypted with truecrypt. used to load the key into ram, then unmounted and removed.
<zaltekk> you could have a worm automatically execute by being inserted that them copies itself ot all over removable media
<qman__> you didn't say that from the beginning
<qman__> if the flash drive and CD are not present when the users have access, then you have physical security
<qman__> but you're still not protected against a rogue flash drive unless you physically lock up the USB ports
<twb> Canadian1296: what attacks are you guarding against?
<twb> Canadian1296: your sister, your boss, or the DSD?
<Canadian1296> Im sorry, i didnt explain myself properly. One minute
<twb> Because the DSD can always rubber-hose you.
<twb> I suppose your sister can, if it comes to that...
<zaltekk> DSD?
<qman__> guessing it's an equivalent to the NSA
<Canadian1296> Livecd in the computer, boot to ram, remove livecd. Livecd is now out of the picture (assume its locked in a safe somwhere). Now the usb is mounted with truecrypt, and the key added into the keyring. usb removed and is also out of the picture. logout of system. now you walk up, log in, use gpg, log out. repeat. if someone types a bad password trying to log in, the computer shuts down.
<qman__> you still need to physically secure the USB ports
<zaltekk> why qman__ ?
<qman__> otherwise you're vulnerable to someone exploiting the system with a rogue flash drive, so users after them are exposed
<zaltekk> do you mean to prevent the port from having a mitm?
<Canadian1296> okay, assuming i am the only one who can log in, am i safe? and while we're on the topic of security, if i describe the setup on my mac can i get advice on how to improve it?
<qman__> dropping a rootkit
<qman__> no, you're not
<qman__> while there aren't any publicly available for current versions, there are exploits that merely require plugging in the flash drive and having it be detected to install
<zaltekk> qman__: assuming they have an exploit that attack the usb stack?
<zaltekk> *attacks
<Canadian1296> do they not have to manually mount the usb?
<qman__> no, just needs to exploit the kernel and then they can do nasty things with the current session
<zaltekk> Canadian1296: the system interacts with it
<zaltekk> think of a specially crafted partition table
<Canadian1296> okay, so ill rethink that one :)
<qman__> to prevent this in software, you'd have to disable USB altoegether
<zaltekk> which you could easily do after boot
<zaltekk> since you don't seem to plan on ever using it again
<twb> Yeah, DSD is .au Defense Signals Department, i.e. SIGINT, not NSA
<yann2> usb fun http://astr0baby.wordpress.com/2011/01/30/teensy2-0-and-metasploit/  <3 :)
<qman__> if you lock down USB, then you're reasonably secure
<twb> qman__: with epoxy resin?
<qman__> well, and remove the internal hard drive
<qman__> if an exploit gets loaded on there, all subsequent live sessions could be compromised
<Canadian1296> okay, so no internal hard drive. and how would i go about disabling usb after boot?
<qman__> modified kernel, probably
<zaltekk> rmmod and delete the modules
<qman__> if you do that, then it would require significant espionage tactics to get anything
<qman__> freezing and removing the RAM, or very expensive equipment to do stuff over the air
<twb> Boot a kernel with USB disabled
<twb> Also with kernel modules disabled
<Canadian1296> So basically the only simple solution is no harddrives, and once its booted physically disable the usb ports, thus making the computer useless for future sessions :P
<qman__> it would bring you to the level where joe random hacker with a flash drive can't do anything
<qman__> and unless you're CIA or something, that's all you really have to worry about
<zaltekk> qman__: any idea how the access to live ram works?
<twb> qman__: well, apart from rubber hoses &c
<qman__> I've only read about it
<twb> zaltekk: how do you mean "live ram"?
<qman__> but basically, get canned air, use improperly to freeze the RAM, hot swap it into a running system
<qman__> and recover data
<zaltekk> twb: as in using physical access to be able to get the contents of a stick of ram while the system is running
<qman__> they did it at some convention, probably defcon
<zaltekk> yann2: that adurino board looks pretty cool
<Canadian1296> haha okay thanks for your help guys :) and Im getting to the point where lighting the computer on fire and spreading the ashes in the ocean seems like the most logical solution :P
<twb> Canadian1296: shooting it into the sun would be safer
<qman__> the point is, physical security is key
<qman__> if you can't trust your hardware, you can't trust your software
<Canadian1296> twb: i assumed so, but theres so much that could go wrong on the way there. Fire always seems to work
<Ibyss> tilTillman32: I highly against the idea of installing an IRCD using apt-get or ubuntu's package manager. You're better off compiling an IRCD in a NON-root user account using default compile settings.
<twb> Ibyss: uh, why?
<Ibyss> twb: Tends to be outdated.
<twb> That's just another way of saying "stable"
<twb> If you want to bleed on the edge, LFS and gentoo are <over there>
<qman__> if you stick with the packaged version, the flaws are going to be either patched, or at least known so you can work around them
<qman__> latest isn't always greatest
<qman__> and it'll come from a fairly trustworthy, accountable source if something does go wrong
<uvirtbot> New bug: #903008 in samba (main) "System crashes when do mount.cifs" [Undecided,New] https://launchpad.net/bugs/903008
<Ibyss> Anyway. My point = Download from the distributor's website. Installing is easy.     Inspircd in ubuntu's respo is like 1 major version outdated. (many inspircd's stable releases gone by many times already).
<Ibyss> qman__: This is why you test.
<qman__> can't test everything
<Ibyss> Tillman32: Popular IRCDs being Inspircd, unreal, charybdis, You can see more on here: http://en.wikipedia.org/wiki/Comparison_of_Internet_Relay_Chat_daemons
<twb> If this is for an internal office IRCd, I would just use ircd-irc2
<Tillman32> I don't understand why this is being directed t'wards me.
<Tillman32> I'm using Empathy, and it's perfectly fine for "hovering" IRC channels.
<twb> Unless you KNOW you need something fancier
<Ibyss> Tillman32: I thhought you wanted an IRCD.
<twb> Tillman32: hovering?
<kirkland> MTecknology: kirkland isn't working for canonical.com anymore ;-)
<Tillman32> You got the wrong guy.
<kirkland> MTecknology: I have a copy of that javascript though, I'll put up somewhere else
<Tillman32> I didn't mention, this is my first 10 minutes ever spent in this IRC.
<twb> What's the turnover rate at canonical anyway?
<MTecknology> kirkland: oh- guess i been gone a long while
<MTecknology> kirkland: what ya doing now?
<kirkland> MTecknology: nah, next week is only my second week at the new gig
<kirkland> MTecknology: I have blog post tomorrow, but the short/skinny is that I'm working for a new startup on data encryption for the cloud around eCryptfs (company is called Gazzang)
<MTecknology> kirkland: neat
<MTecknology> kirkland: I saw the cloud last month! It was about 10,000 ft below me
<twb> kirkland: where are you now?
<kirkland> MTecknology: the overly flattering press release is at http://www.marketwatch.com/story/dustin-kirkland-joins-gazzang-as-chief-architect-2011-12-08
<twb> Oh, you said
<twb> It sounds like linkedin for OGs :P
<kirkland> twb: hi
<twb> "wazzup homie, hit up this url when you is looking for dogs to roll wit"
<kirkland> twb: I've been catching a pretty rough rap from you lately, as I read my backlogs;  I'm getting thrashed for update-motd and byobu on a nightly basis, it seems
<kirkland> :-)
<kirkland> twb: yeah, it's all about search-engine-optimization for startups nowaday
<twb> Well, at least byobu isn't given to people running "screen" now
<twb> At at point I don't care about what byobu does
<kirkland> twb: that was a mistake, in retrospect, admittedly
<MTecknology> I'm trying to set up a decent network from scratch....
<twb> if it makes any better I hate on SJR way more
<kirkland> I'm done with screen, anyway;  it's all about tmux
<MTecknology> I'd like to have it all running really cheap on a single server too :)
<twb> I would like tmux if it did some more screen things
<MTecknology> Apparently putting a routing device on a VM is a bit of a pain
<twb> Like, tmux you can either say "guess the title" or "let the title be fred".  You can't have both
<MTecknology> hm.. does anyone actually use byobu? (bring your own beer, you)
<twb> It gets it out of /proc instead of letting me change it from "emacs" to the buffer name, or whatever
<twb> MTecknology: kids
<twb> MTecknology: people who don't already have a .screenrc
<MTecknology> twb: my .screenrc is pretty minimal..
<MTecknology> maybe i should try it more sometime
<kirkland> MTecknology: hard for me to say objectively, but my inbox, irc logs, and google alerts are crammed with people raving abou it
<kirkland> MTecknology: on the other hand...
<twb> kirkland: good raving or bad raving? ;-)
<kirkland> MTecknology: there's plenty of sophisticated screen users (erm, twb?) who effing hate it, and do so pretty vocally
<kirkland> MTecknology: so the new approach has been to try and offend knowledgable users as little as possible
<kirkland> MTecknology: while still helping those who appreciate a nudge in the right direction
<twb> The goal of byobu AIUI is to improve feature discoverability.  Which IMO is a good thing.
<MTecknology> i never tried it enough to give it an honest shot... I kinda been sticking with what works since screen was a bitch to get used to and I don't wanna do that again
<twb> Plenty of people I met are like "OMG, you can have >1 window in screen?!?!"
<qman__> if only other projects would take that stance
<MTecknology> but i guess... i did learn dvorak and it's helped me a huge deal
<twb> Let alone people who are running minicom in it FFS
<MTecknology> terminator -m -b -T irssi -x ssh user@domain.tld -t screen -aAdr -RR irssi irssi
<MTecknology> :)
<twb> http://cyber.com.au/~twb/.tmux.conf is my tmux rant
<kirkland> twb: man, you give the lwn grumpy editor a run for his money
<kirkland> :-)
<twb> http://cyber.com.au/~twb/doc/grumbling.txt is the properly prepared one
<twb> corbet tends to assume people had a good reason; I assume they're just idiots
<MTecknology> kirkland: so you're a super brilliant guy, right? I should hire you... payment will come in the form of love
<kirkland> MTecknology: as interesting as the prospect is, my wife will object, I'm afraid
<MTecknology> I have a pfsense box that's running on a physical system. I want that system for something else. So.. I want to move the pfsense system into a VM on my VM host system. I guess that means i'll have two interfaces on the physical system that will need to be bridged.
<lifeless> twb: thats special - '# So if you want to use parens inside #(), you have to escape... only the closing paren.
<lifeless> '
<twb> lifeless: yeah, tell me about it
<twb> Silly openbsd people
<MTecknology> I'm a bit lost at how to make my server use the pfsense system that's sitting on top of it, of course if the vm doesn't come up, no networking at all will work
<zaltekk> twb: lifeless: i think that came along before tmux was included in openbsg
<zaltekk> *openbsd
<twb> MTecknology: why on earth are you trying to use a pfsense VM for your firewall
<MTecknology> twb: I'm not so much worried about using it as a firewall, it's all the other services on it that i love
<MTecknology> twb: I'd like to be able to just give eth0 to the vm and have everything else use eth1
<twb> uhuh
<MTecknology> twb: I know it's a bad idea... but I still wanna do it... I'm a bit short on systems laying around
<twb> AFAICT it's just a router distro, so the only real advantage of using it instead of Ubuntu as your bastion is pf (assuming you prefer pf to netfilter)
<MTecknology> it has a really pretty and retardedly simple web interface for people that don't want to think
<MTecknology> twb: despite it being a bad idea...... any chance you could help me figure out how to route traffic through the vm?
<qman__> it's just a convenient ready-made solution, we use untangle at work, same idea
<qman__> however, I don't think running it in a VM is a good idea
<qman__> just way too complex
<twb> I grant you that "router appliance!!1!" is a separate issue from "bastion in a VM"
<qman__> KISS works best
<twb> Personally I think both are stupid but the latter is stupider
<MTecknology> I'm also curious how to ever do something like this..
<qman__> in my opinion, the router has the hardest job and the most demanding requirements, because it is your first line of defense, and if it goes down, everything goes down
<qman__> I don't trust a VM setup to deal with that
<twb> qman__: and I don't trust an appliance to do it either :-)
<MTecknology> HAHAHA!!
<MTecknology> So... apparently I managed to set up the vm so that it took over for my other router
<qman__> I don't use it for my network, but untangle does have some cool features for the windows based clients we service
<MTecknology> the only thing missing was that the thing couldn't get out to the internet
<qman__> automatic inline antivirus and spyware and whatnot
<twb> qman__: ah, well, you know what my fix for THAT will be
<twb> Anyway it's probably just clamav and friends...
<qman__> the antivirus is, don't know about the phishing and spyware, it's got spam and a list-based web filter too, just makes it really quick to set up
<qman__> they've got pay-for modules like kaspersky too
<qman__> but we just use the free stuff
<qman__> I don't use it on my stuff because my stuff is set up right in the first place
<qman__> but it's a good bandaid, catch-all tool for those situations
<qman__> my job is, unfortunately, all about the bandaids and quick fixes
<twb> My job is usually to go back and fix it after the bandaid has worn away after being in place for ten years
<twb> And I say "you should do <right thing>" and they say "too bad we can only afford <bandaid>"
<MTecknology> WORKING!!!
<MTecknology> twb: I still realize that it's a terrible idea to rely on a VM for a firewall, I really only care about the dhcp, dns, ntp, nat, vpn, and static routes, i have a different device that functions as a firewall
<qman__> that's all fairly trivial to set up in pretty much any distro
<MTecknology> qman__: yup- the non-trivial part is making it work as a vm
<MTecknology> qman__: that's what i'v been fighting with
<qman__> don't see the point
<qman__> run it on the host
<MTecknology> I don't like making any server have more than one function, especially on a vm host
<qman__> except for VPN, that all runs on my router
<qman__> not sure what you're using for a firewall but if it's not capable of running that stuff, it's probably not a very good firewall either
<MTecknology> it's not
<MTecknology> it's also a home network
<qman__> doesn't make it any better/worse an idea
<qman__> a network's a network
<MTecknology> feel free to donate some hardware...
<qman__> I've thrown away machines that could do that job sufficiently
<qman__> if you want to pay shipping I have some pentium IIs, a willy P4, and some other crap that would work too
<twb> I thought willy made jeeps
<zaltekk> my router runs all of that minus vpn
<twb> I know a guy that still does everything with PIIIs because he's convinced they have epic MIPS/Watt
<qman__> they are good chips, that's why the core 2 was based on them
<qman__> but obviously the newer versions are better
<twb> I'd like some ARM kit aimed at server people rather than stupidly painful end-user appliances
<zaltekk> twb: ever looked into OpenWRT?
<twb> like, "oh sorry to replace the bootloader you need to jump through 100 hoops" type bollocks
<twb> zaltekk: sure, I run it
<twb> I guess come to think of it I run it on arm these days
<zaltekk> i have it on a MIPS
<ipl31> Any one see kernel messages with randomly missing characters on 11.10 server kernel?
<ipl31> and if so any idea what the cause might be
<uvirtbot> New bug: #901638 in unixodbc (main) "tdsodbc failed to upgrade from Oneiric to Precise" [High,In progress] https://launchpad.net/bugs/901638
<koolhead11> hi all
<zapotah> is libvirt interface management somehow broken?
<zapotah> trying to conf a bridged interface for a xen hypervisor
<zapotah> but it just shows with virt-manager when trying to configure interfaces that libvirt connection does not support interface management
<mjau^> morns!r
<mjau^> -r
<mjau^> redhat and suse have chkconfig, but ubuntu doesn't. would anyone happen to know how I can configure in which runlevels certain services should run?
<rbasak> mjau^: update-rc.d for sysv compatibility, but with upstart look at individual service definitions in /etc/init/
<mjau^> ah ok
<ogra_> and read about upstart override files ;)
<pmatulis> ogra_: since 11.10 right?
<ogra_> iirc, yes
<mjau^> oh, 10.04 doesn't run upstart?
<ogra_> might have been 11.04, i'm not sure
<ogra_> it does but an older version
<mjau^> ok
<pmatulis> ogra_,mjau^: i meant the override files began in 11.10
<pmatulis> ogra_,mjau^: upstart appeared in 10.04
<ogra_> pmatulis, upstart appreaed shortly after dapper ...
<ogra_> but it always ran in sysvinit mode
<pmatulis> ogra_: k, i mean upstart jobs
<ogra_> right, for that lucid was the first
<ogra_> though we used to use upstart jobs in ubuntu-mobile before
<ogra_> in jaunty i think
<ogra_> its not that the opportunity wasnt there ... just nobody else used it
<robbiew> utlemming:  ping
<utlemming> robbiew: pong
<robbiew> utlemming: hey...quick question
<utlemming> sure
<robbiew> any idea what's causing the failures here: https://jenkins.qa.ubuntu.com/view/Precise%20Daily%20ISOs/
<robbiew> for precise-server-ec2
<robbiew> is it a REAL failure....test case issue...or AWS?
<utlemming> AWS -- jamespage needs an exception for the number of running instances that he's allow to have
<robbiew> utlemming: that's what I thought :)
<robbiew> utlemming: so how do we fix this?
<robbiew> get his account increased?
<robbiew> or change the test
<utlemming> robbiew: its pretty easy, I'll chat with James
<robbiew> utlemming: excellent, thanks!
<smoser> utlemming, https://jenkins.qa.ubuntu.com/view/Precise%20Daily%20ISOs/job/precise-server-ec2/ARCH=i386,REGION=us-west-1,STORAGE=instance-store,TEST=cloud-config,label=ubuntu-server-ec2-testing/lastBuild/artifact/ is a valid failure.
<smoser> i'm interested in knowing how you would "fix" that
<utlemming> I was just looking at that
<jamespage> utlemming, robbiew: that is now resolved BTW (was using my old account for that run)
<utlemming> jamespage: how many is your current limit?
<utlemming> and do you need more?
<smb> smoser, jamespage What is that actually testing? Just curious as precise is reported to not boot at all on ec2...
<uvirtbot> New bug: #902429 in glance (main) "glance 2012.1~e2~20111209.1132-0ubuntu1 fails to install" [Undecided,Fix released] https://launchpad.net/bugs/902429
<smoser> smb, precise boots fine.
<smoser> with the 'idle=halt' work around. that makes everything other than hvm instances boot fine.
<smoser> hvm is doa, though.
<smb> smoser, Oh doh!
<smb> Confused HVM and PVM then
<smoser> (bug 881076 and bug 901305)
<uvirtbot> Launchpad bug 881076 in linux "precise kernels do not boot on ec2 without idle=halt" [High,Triaged] https://launchpad.net/bugs/881076
<uvirtbot> Launchpad bug 901305 in linux "precise fails boot on ec2 hvm" [High,In progress] https://launchpad.net/bugs/901305
<smoser> jamespage, that does bring up a question though...
<smb> smoser, So yes, I am currently on the HVM issue.
<smoser> we should probably at least in the "big run" test an hvm instance
<jamespage> smoser: yes agreed
<jamespage> that needs a change in the framework to support
<smoser> oh?
<smb> smoser, Btw, (just checked) a fix for bug 881076 was upstreamed for 3.2-rc5 and should be included in 3.2.0-4.10
<uvirtbot> Launchpad bug 881076 in linux "precise kernels do not boot on ec2 without idle=halt" [High,Triaged] https://launchpad.net/bugs/881076
<smoser> smb, woot. when is ETA for that to archive ?
<Daviey> \o/
<smb> smoser, rmadison says now
<Daviey> smb: make sure you leave some content for the meeting! :)
<smoser> $ cat /proc/version_signature
<smoser> Ubuntu 3.2.0-4.10-virtual 3.2.0-rc5
<smoser> rmadison seems to know its stuff.
<caribou> Question : I know that ubuntu-vm-builder is being phased out, but would it be possible to have a look at a 3 line patch I have ?
<smb> smoser, So, theoretically, that should boot without the idlealt
<smb> *idle=halt
<caribou> or is is just a waste time
<smoser> utlemming, https://code.launchpad.net/~smoser/vmbuilder/automated-ec2-builds.revert-lp881076-workaround/+merge/85352
<smoser> smoser, yes, verified.
<stgraber> hallyn: looks like adding /dev and /run to our lxc fstab (outside the container) allows us to boot without any change to the container (as far as mounts are concerned)
<utlemming> smoser: merged
<smb> smoser, Great. I think we can set the status to actually fix released (at least for the linux package)
<stgraber> hallyn: only issue is the utmp monitoring code that stops working. My guess is that it's initialized before the container's fstab is used and so doesn't monitor the right file, I'll see if I can easily re-order that bit in the upstream code
<hallyn> stgraber: the reboot patch at this point is tiny.  Perhaps we should ask #ubuntu-kernel to carry it.
<smoser> smb, yeah.
<smoser> smb, i'm fine with that...
 * smb likes to remove one from the list...
<stgraber> hallyn: what's the state of the upstream discussions? I seem to remember you mentioning multiple implementations of the patch, do we know what's the preferred one?
<hallyn> http://lkml.org/lkml/2011/12/11/114
<hallyn> stgraber: ^ that pretty much has Oleg's buy-in afaiui
<stgraber> hallyn: looks quit simple indeed. Not sure if we should wait for more upstream feedback or just go with that one for now, then rebase on whatever ends up being in the kernel (if not exactly that one)
<hallyn> me neither - my only concern is that we patch lxc to use that, then have to re-patch to use something different.  But I'm really hopeful that the churn is done.
<hallyn> Daviey: i can haz ipxe+etherboot dput?  plz?
<Daviey> hallyn: OTP, i will after this..
<hallyn> Daviey: thx
<uvirtbot> New bug: #903259 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/903259
<stgraber> hallyn: hey, just want to confirm, there isn't a magic mount flag to mount something at a specifc place in the mount stack? As in, I can't say I want my new devtmpfs to be mounted below the devpts mounts we already have?
<stgraber> hallyn: checking if there isn't a way to just let mountall mount the devtmpfs itself without affecting us. The other option is to have the mountall job move our mountpoints aside and move them back to place once /dev is mounted
<stgraber> (mounting a devtmpfs from LXC works but causes some error messages later in upstart that'll be tricky to workaround, so having the magic done in the container seems to be a better option)
<hallyn> nod: eh what?
<hallyn> sorry
<Daviey> lynxman: Hey, are you still working on a new upstream snapshot of ipxe?
<lynxman> Daviey: yessir, it's actually a bug in upstream :)
<lynxman> Daviey: will ping you back with more details
<Daviey> lynxman: are you sure?
<lynxman> Daviey: 100% positive, reproduced on source as well, the debian package tries to do a baserom make which is not included by default in the source but it's accepted as an option, that one breaks :)
<Daviey> ahh
<lynxman> Daviey: that's the solely reason why the makefile on the original source did work, because they didn't do that make, but it's an extra feature
<Daviey> lynxman: have you done a bisect to find the bad commit?
<lynxman> Daviey: it's a bit tricker than that, also my context switching today is rusty, being at Millbank and all :/
<Daviey> heh
<Daviey> lynxman: "make baserom" breaks it?
<lynxman> Daviey: yes
<Daviey> thanks
<jamespage> RoAkSoAx, is there a nice was to pull the ubuntu release into a preseed/snippet template in cobbler?
<hggdh> RoAkSoAx: good morning, Q on cobbler and Lucid and cloud-init
<smoser> RoAkSoAx, 'os_version'
<smoser> jamespage, and note, i found that by 'sudo cobbler system dumpvars --name <some-system-name>'
<smoser> and looking at output
<smoser> so you can use that in context of https://fedorahosted.org/cobbler/wiki/KickstartSnippets
<jamespage> smoser: thanks - I knew it got set in import
<RoAkSoAx> yeah ^^
<RoAkSoAx> jamespage: though, os-version also gets automatically obtained
<wmp> hello, i need help with mdadm. I have md8 in raid0, but i must change one disc from this volume. Is possible to move all data from sda(broken) to sdb? Sdb have enought space
<zul> SpamapS: ping where are we in the openstack sru stuff?
<jamespage> gah - stale iso/kernel
<SpamapS> zul: TB meets tomorrow, pitti and I agreed that we might as well just wait for that.
<zul> SpamapS: k
<zaltekk> can i not do do-release-upgrade from an LTS release to a non-LTS release?
<zaltekk> do i need to just modify sources.list and upgrade manually?
<genii-around> zaltekk: If /etc/update-manager/release-upgrades  contains Prompt=normal  and not Prompt=lts or Prompt=never ... then you should be able to upgrade to the next-up distribution to what you currently have
<zaltekk> genii-around: okay, thanks.
<zaltekk> it's on lts, so i'll move it to normal.
<genii-around> zaltekk: If you upgrade this way, you move from LTS to non-LTS.  Also if you are for instance now on 10.04 , it will take you to 10.10. So then you have to upgrade sequentially through 10.10, 11.04, 11.10.
<genii-around> ( whereas LTS releases can go directly to next LTS )
<zaltekk> hmm. i may be better off reinstalling 11.10, then.
<uvirtbot> New bug: #901180 in vsftpd (main) "cannot apt-get remove vsftp after installing it" [Undecided,New] https://launchpad.net/bugs/901180
<stgraber> hallyn: around?
<stgraber> hallyn: so after messing with the boot scripts and LXC's config for a while, I guess the easiest way of "fixing" our /dev issues is by adding a tiny bit of logic in mountall
<stgraber> hallyn: basically telling it never to mount a filesystem that would hide other mountpoints
<stgraber> hallyn: this should be safe for most use cases (as you generally don't want that to happen anyway) and will make it skip /dev in containers
<hallyn> jdstrand: does precise introduce a change in 'admin' user?
<hallyn> stgraber: sounds sensible i guess
<jdstrand> hallyn: for 'sudo'? Debian updated sudo to have an equivalent user, called 'sudo'. atm we honor both that and 'admin'
<hallyn> stgraber: i think we just need to let that sink in a bit and think of potential problem cases
<stgraber> hallyn: I'll spend a bit of time (until the TB meeting) trying to implement the change, if I don't succeed jodh said I can just file a bug and assign it to him :)
<hallyn> jdstrand: i only noticed that my user wasn't getting group libvirtd by default, then noticed there was no admin group.  On a VM created with vm-new
<jdstrand> hallyn: I think there is a bug on that-- it is open for discussion on whether we are going to honor both or just 'admin'
<jdstrand> hallyn: yep, that would do it
<hallyn> jdstrand: ok, so i don't need to worry about it right now then?
<hallyn> long as i don't have to change the libvirt postinst yet, i'm fine :)  thanks
<jdstrand> I don't think so, no
<stgraber> hallyn: people with broken /etc/fstab will see a difference in behavior, I guess a warning should be shown (Skipping /dev as it contains mountpoints) in that case
<jdstrand> hallyn: actually, I don't see a bug open atm-- it might just be mdeslaur, pitti, et al discussing it
<Guest65301> I am having trouble setting up wifi on my Dell Inspiron E1505. I installed bcmwl-kernel-source and it made ethernet stop working.
<Tophat> can anyone give me a hand setting up basic postfix for use with a relay?
<Duvrazh> Hey, can graphics card drivers be installed on server edition 10.04lts for gnu clients?
<erichammond> Tophat: Try setting "relayhost" in /etc/postfix/main.cf
<Tophat> thanks erichammond
<Duvrazh> gpu, not gnu
<Guest65301> Duvrazh Yeah i think so.
<Tophat> yup, no idea how to even configure postfix and what things mean in the installer lol.
<Duvrazh> Does anyone know if it's possible to install graphics card drivers via cli for ubuntu server 10.04 LTS for the purpose of GPU clients like Folding@Home?
<Duvrazh> Does anyone know if it's possible to install graphics card drivers via cli for ubuntu server 10.04 LTS for the purpose of GPU clients like Folding@Home?
<chz|bacon> hey guys anyone here willing to lend me a hand with some mdadm questions?
<pmatulis> !ask | chz|bacon
<ubottu> chz|bacon: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<chz|bacon> sorry pmatulis in the midst of trying to figure it out still
<chz|bacon> apparently i can't mount my /dev/md0 device on reboot
<chz|bacon> i'm using the following command sudo mdadm --create --verbose /dev/md0 --level=1 -n2 /dev/sdb /dev/sdc
<chz|bacon> then i add the output of mdadm --detail --scan to /etc/mdadm/mdadm.conf
<pmatulis> chz|bacon: you should be assembling the array if it exists, not creating it
<chz|bacon> right that's just my original line i used to create it
<zastaph> there's gotta be something easier than ESXI and KVM
<pmatulis> zastaph: what's wrong with KVM?
<zastaph> a very long (and commandline) process to set it up :| https://help.ubuntu.com/community/KVM
<zastaph> I didn't try Xen yet
<zastaph> neither OpenVZ
<zastaph> but are they any easier?
<pmatulis> zastaph: i don't see any long command lines on that page
<zastaph> how about on https://help.ubuntu.com/community/KVM/CreateGuests under "More complex example"
<zastaph> I did just sudo ubuntu-vm-builder kvm lucid but forgot the --libvirt, and have no clue how to access it now :)
<zastaph> or how to delete it.. because it's all hidden deep down below under several man pages
<RoyK> zastaph: virt-manager
<zastaph> i want a GUI interface where I can see all my VM's visually :)
<RoyK> zastaph: virt-manager
<pmatulis> zastaph: just install the s/w (sudo apt-get install virt-host^), set up your public ssh key so you can log in with SSH, and launch virt-manager.  then create a virtual machine
<zastaph> RoyK, I don't use Linux from my controlling PC
<RoyK> zastaph: windows?
<zastaph> mmm differs a bit.. but sometimes Linux.. Just I would like the controlling interface to be platform independent
<RoyK> zastaph: if using unix/linux/mac, X should work fine, if on windows, use xming and configure putty accordingly
<RoyK> zastaph: and the interface will be the same on all client platforms
<zastaph> I don't know, I have a bad feeling about KVM so far :) I want something as usable as VBox, just for servers
<RoyK> zastaph: you just got a perfectly good advice that will work with kvm and xen, and you don't even test it?
<zastaph> putty, xming.. setting up X forwarding.. ouch
<zastaph> virt-manager, maybe
<RoyK> zastaph: setting up x forwarding is not an ouch - it's a single tick box in putty. if that's too hard for you, hire a mickysoft consultant to setup hyper-v
<zastaph> mmm if you say so
<RoyK> if you find it hard and troublesome and annoying to setup x forwarding with putty and xming, then perhaps you should be working with other things than computing :Ã¾
<zastaph> no.. im just a lazy developer who would rather spend time finding the tool that requires the least maintenance/man pages
<zaltekk> X forwarding won't work just by having putty
<zaltekk> you need something to provide a local X server
<RoyK> I can see that - next time, perhaps you should try to do some tests before whining about things not working
<RoyK> zastaph: yes, that's where xming comes in
<zaltekk> so i just moved from 10.04.3 to 11.10(reinstall), and now slim works, but after i login it errors out
<zaltekk> tries to load fglrx(never installed catalyst)
<zaltekk> I don't have an xorg.conf, so i'm not sure where it would even get the idea of loading fglrx
 * RoyK has no idea what fglrx is
<zaltekk> RoyK: it's the driver from ATI
<zaltekk> xserver-xorg-video-ati/radeon is what's loaded
<zaltekk> i don't understand why slim works but the wm doesn't.
 * RoyK is off (zzz)
<Tophat> anyone mind giving me a hand on this error from postfix "Cannot open mailbox /var/mail/nagios: Permission denied"
<Tophat> how do i add permissions to nagios to use mail?
<hallyn> Tophat: what does 'ls -l /var/mail/nagios' and 'ls -ld /var/mail' show?
<ahs3> hallyn: i uploaded the netcf update; no confirmation back yet but i'll keep an eye on it.  thx for the fixes.
<hallyn> ahs3: \o/  thanks
<Rar9> hi can anyone help with installing solr 3.5 on tomcat7
<ahs3> hallyn: np
<Rar9> tomcat7 is running
<SpamapS> Rar9: doesn't SOLR include its own jetty webserver?
<Rar9> thatÂ´s a good question...
<Rar9> thought that there is a jetty version and/or Tomcat one
<SpamapS> Rar9: that would make sense
#ubuntu-server 2011-12-13
<Rar9> as said tomcat7 is already running fine.
<Rar9> just need to add the solr 3.5...
<Rar9> but the instruction on google have not gotten me any further....:-(
<stgraber> hallyn: Cced you on the mail I sent to James Hunt with the proposed mountall change. Test here shows that it does what I want, at least in my test environment.
<stgraber> (as in, container boots, mountall is triggered, goes through its list of mountpoints, detects that it should mount /dev but /dev contains some mountpoints and so skips it)
<nonotza> how can I tunnel server requests through a proxy?
<hallyn> stgraber: cool, thanks
<hallyn> nonotza: depends what you mean, but perhaps ssh tunnels (ssh -L localport:remotehost:remoteport otherhost) will work for you
<ntr0py> Is it possible to run x11vnc from xinetd?
<twb> ntr0py: uh, that would be silly
<twb> ntr0py: unless x11vnc is a server?
<ntr0py> twb: why?
<twb> You probably want x0rfbserver
<ntr0py> twb: i dont quite get it why?
<twb> OK, how about this: WHY do you want to run x11vnc from xinetd?
<ntr0py> twb: because it always polls my xserver on :0 and wastes CPU, also GDM freezes my whole box if i log out of Gnome (i added x11vnc at the end of gmd/init/default)
<twb> Do you need VNC to share the same session as the local user?
<ntr0py> twb: i want it to connect to :0 via XDMCP only if i really use it and exit directly after i close connection
<ntr0py> yes
<twb> Hum.  Maybe you really do want to run it via xinetd.
<twb> I can't think of a better solution
<ntr0py> I tried but i always get "rfbNewClient: write: Broken pipe  "
<twb> You probably need extra magic that I'm not familiar with
<twb> Doign stuff via inetd is usually bad juju so I don't.
<ntr0py> for fulltime services i agree but i only need it rarely for some admin stuff
<uvirtbot> New bug: #903521 in open-vm-tools (multiverse) "open-vm-dkms 2011.07.19-450511-0ubuntu2: open-vm-tools kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/903521
<twb> If you need a GUI to do administrative tasks, you are not a sysadmin and shouldn't be allowed to have a computer.
<twb> Further, you would do better to ssh -X <stupid GUI tool> than to use VNC
<ntr0py> When trying to run x11vnc via xinetd i ALWAYS get "rfbNewClient: write: Broken pipe" error message (i tried a zillion configs). Any ideas, what am i doing wrong ?
<ntr0py> twb: yes i know those, and i do use them too but i really want a GDM login via x11vnc/xinetd
<qman__> sorry, those are both technologies I avoid like the plague
<qman__> old, configuration and security nightmare
<ntr0py> yes if i could i would use NoMachine NX but its not an option i need vnc
<Martyn> ntr0py : VNC Viewerâs default setting is auto-encoding selection, which means first use ZRLE and then switch to hextile if possibleâthat creates a problem
<Martyn> ntr0py : Just pick one, and your rfb error might go away
<ntr0py> Martyn: thanks i will try that
<Martyn> i.e. vncviewer localhost:0 PreferredEncoding=Hextile
<Martyn> twb : Your attitude is strange.   I'm an old, bearded, grizzled unix sysadmin and I /know/ there are packages out there that still resort to a UI for configuration.
<Martyn> twb : Whether or not you use a UI doesn't make you a better or worse sysadmin.   Being knowledgable, patient, understanding when to use process and when to put it aside, and knowing the system you _are_ administrating does.
<twb> Martyn: if the package requires a UI to configure it, the package is broken.  If it has plain text files, and you're using a GUI to configure it ANYWAY because you're too stupid not to, then you're broken.  End of story.
 * Martyn raises eyebrows
<Martyn> twb, please never, ever, ever come near any systems at CERN
<twb> Heh, I bet they're all still hairy motif stuff
<Martyn> not quite that bad, but you're not that far off.
<Martyn> Some of those systems are still using software packages with a heritage from IRIX
<Martyn> and of course, plenty of Microsoft to go around.
<twb> And all the specialist equipment talks to a custom ISA to serial card which hasn't been made for ten years
<Martyn> *snort*  heh, no
<twb> That's what the astronomy stuff is like in .au
<Martyn> Thats a pity
<Martyn> The setup at CERN is actually very impressive...
<Martyn> and it has to be, given what the accelerator does, and the massive amount of information they throw around
<Martyn> they can't even keep all the data they generate.
<ntr0py> sometimes i need to configure GUI software clients are using, ans sure they store their config in files/databases but i need to use the GUI for that
<ntr0py> BTW:      server_args = -inetd -o /var/log/x11vnc.log -display :0 -env FD_GDM=1 -auth guess -rfbauth /root/.vncpasswd -shared -nomodtweak -noxrecord         with           wait = no        seems to work with xinetd ...
<twb> ntr0py: oh, x11vnc has an -inetd argument?
<ntr0py> yes
<twb> ntr0py: I was assuming he'd have to roll that stuff by hand which was way below my care threshold
<kaushal> Hi
<kaushal> Any step by step guide to install rsyslog server on ubuntu Linux server 10.04 LTS ?
<qman__> it's installed by default
<twb> kaushal: rsyslog is the default
<kaushal> ok
<kaushal> twb: any wiki to setup linux clients to use rsyslog server ?
<kaushal> any GUI web interface ?
<twb> kaushal: uh, so you have two hosts, both running rsyslog, and you want one to speak syslog protocol to the other?
<kaushal> basically a centralized rsyslog server and 100 linux clients connecting to this rsyslog server
<kaushal> and a web interface to access it
<twb> Well, to make them speak to one another you need...
<twb> http://paste.debian.net/149059/
<kaushal> twb: ok
<twb> I also highly recommend commenting out this: $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
<MTecknology> I decided my hardware sucks.
<MTecknology> twb: apparently the cpu ond that atx board is embedded, and i apparently paid no attention when buying it
<MTecknology> the chipset on the board is aweful too. I decided to buy some nice fast stuff including an LSI SAS Controller. :)
<twb> MTecknology: I don't care
<MTecknology> twb: of course you do
<hallyn> stgraber: no attachment on the emails
<uvirtbot> New bug: #903552 in openldap (main) "package slapd 2.4.23-6ubuntu6.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/903552
<tazmania> Why can't I run apache2 and n2n-supernode at system bootup?  What happen is that during system boots up, apache2 will fail to initialize.  If I remove n2n-supernode from the init.d scrip, then apache2 works.
<SpamapS> tazmania: what is n2n-supernode ?
<tazmania> SpamapS: n2n is a vpn and the server side is called "supernode". The client is called "edge"
<SpamapS> tazmania: is it possible that n2n-supernode listens on the same port?
<tazmania> I tried 2 ports, 8888 and 82 and apache2 failed to come up
<tazmania> I use start-stop-daemon command to bring up the supernode and I used "update-rc.d supernode defaults" to create the autostart script
<SpamapS> tazmania: surely one of them prints the problem they're having into log files.
<SpamapS> tazmania: for apache2, I'd expect logs in /var/log/apache2/error.log
<tazmania> it doesn't have any error
<tazmania> I have checked
<SpamapS> so it just exits for no reason?
<SpamapS> tazmania: service apache2 start should at least give you a reason why it failed
<tazmania> if I do it manually, /etc/init.d/apache2 start or restart, then it works
<tazmania> If I remove the supernode from the auto start init script, apache2 works
<SpamapS> tazmania: ok so perhaps apache2 needs n2n-supernode to already be started?
<tazmania> Let me check the logs to see if I can find anything
<tazmania> If I change the supernode script from "start-stop-daemon" to a plain "supernode -l 120 &", then apache2 works
<SpamapS> tazmania: is it possible they're using thes ame pid file maybe?
<tazmania> hmm.... there are two different application.  It should be very unlikely
<tazmania> in the init.d script, apache2 should be called before supernode
<mjau^> morns!
<mjau^> I'm wondering about hte runlevels in ubuntu 10.04; I only know the sysV way..
<mjau^> like, for instance, how do I check what runlevels a daemon will start on?
<uvirtbot> New bug: #903602 in autofs (main) "CIFS automount with "nounix" option create empty directories" [Undecided,New] https://launchpad.net/bugs/903602
<lynxman> morning o/
<jamespage> morning all
 * jamespage waves at lynxman
 * lynxman waves back at jamespage :)
<koolhead11> hi all
<ewook> morning. I'm a bit lost. Need to 'extract' the last installed .deb files from apt (ie, from the cache), any pointers how to do that?
<koolhead11> Daviey: sir
<rbasak> ewook: look in /var/cache/apt/archives/
<Daviey> koolhead11: hey
<koolhead11> Daviey: how are things? i find channel very silent these days. :(
<Daviey> koolhead11: really?
<Daviey> Things seem to be good!
<koolhead11> Daviey: cool. Seems like everyone relaxing after sprint :)
<Daviey> koolhead11: I'd be quite suprised if people are that tired from the sprint..
<koolhead11> Daviey:
<koolhead11> :D
<mjau^> anyone around?
<RoyK> jau
<koolhead11> !around
<mjau^> on ubuntu 10.04, is there a way to list what services that will start with different runlevels?
<mjau^> or should I simply do ls /etc/rc* | less?
<mjau^> what I'm looking for is something like chkconfig --list
<slakcphil> http://ubuntuforums.org/showthread.php?t=1642641
<slakcphil> this thread was marked solved
<slakcphil> i know they are talking about the generic kernel, but what about 10.04's kernel? I am having similar issues with 10.04 server, getting same speeds using 3.0 pcix and a external hdd
<slakcphil> 64bit DELL 2850 with 8 cofrfes
<smoser> adam_g, from conversation yesterday... just fyi, the ec2-api-tools should be installable, they're just in multiverse, and multiverse is not enabled by default in stock images.
<slakcphil> does anyone know if that was fixed or back ported?
<patdk-wk> slakcphil, that would be a no
<slakcphil> :(
<patdk-wk> I seriously doubt it would be fixed in the stock lucid kernel
<slakcphil> really? even the server edition?
<patdk-wk> hmm, ya, security patchs are backported
<slakcphil> how horrible is the idea of installing or compiling new kernel?
<slakcphil> 2.6.37?
<patdk-wk> just install a backport kernel
<patdk-wk> from natty, or oneiric
<slakcphil> how *safe* is that?
<patdk-wk> heh?
<patdk-wk> it's a kernel
<patdk-wk> if you have a issue, reboot with a different one
<slakcphil> yeah really
<slakcphil> where is the official place to find that? not kernel.org right?
<patdk-wk> to find what
<slakcphil> the natty kernel
<patdk-wk> apt-get
<zul> mmmmmorgning
<susman> Hi, trying to configure boot options for automatic network installation of 11.10 with preseed, language=en country=IL locale=en_US.UTF-8 is passed to kernel while booting, but for some reason installation process stops by "Configure locales" and waiting for human input.
<susman> Also we have configured preseeding installation process for 10.10, with same configuration - works like a charm... is it bug in 11.10? is it known? any workaround?
<slakcphil> oh ok, i will apt-cache search for it
<patdk-wk> yep
<slakcphil> thx, patdk-wk
<lynxman> slakcphil: this might help https://sites.google.com/site/lightrush/random-1/howtoinstalllinuxkernel2638onubuntu1004lucidfromubuntu1104nattytheeasyway
<patdk-wk> slakcphil, apt-get install linux-image-server-lts-backport-natty
<slakcphil> cool
<filo1234> hi
<zul> jamespage: https://code.launchpad.net/~openstack-ubuntu-testing/+junk/openstack-tests
<stgraber> hallyn: doh... sent
<uvirtbot> New bug: #903743 in vsftpd (main) "package vsftpd 2.3.2-3ubuntu4.1 failed to install/upgrade: subprocess installed post-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/903743
<susman> Hi, trying to configure boot options for automatic network installation of 11.10 with preseed, language=en country=IL locale=en_US.UTF-8 is passed to kernel while booting, but for some reason installation process stops by "Configure locales" and waiting for human input.
<susman> does anybody knows here something about linux? or everything beyond apt-get is forbidden for you?
<zul> smoser: hey suppose we can swith the emi to ami on the cloud-publish tools
<smoser> where?
<smoser> oh in publish-tarball.. that would probably be a bad idea. if someone is actually using it in a programmatic way, it'd break them.
<zul> image  : precise-server-cloudimg-i386.img
<zul> Tue Dec 13 10:31:42 EST 2011: ====== bundle/upload kernel ======
<zul> Tue Dec 13 10:31:47 EST 2011: ====== bundle/upload image ======
<zul> Tue Dec 13 10:32:18 EST 2011: ====== done ======
<zul> emi="ami-00000004"; eri="none"; eki="aki-00000003";
<uvirtbot> New bug: #903771 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.10 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/903771
<smoser> yeah, dont you think that would break anything parsing that ?
<zul> smoser: perhaps
<smoser> it writes that to stdout. the intent was that you could do : cloud-publish-tarball ... > result && . result && echo "you now registered: $emi"
<hggdh> RoAkSoAx: ping
<ewook> rbasak: Yeah thanks :p. a less on the files confused me at first, thus my question - but those are the files I was looking for ^
<ewook> ^^
<uvirtbot> ewook: Error: "^" is not a valid command.
<ewook> uvirtbot: And you, my botty friend, do not smile enough.
<uvirtbot> ewook: Error: "And" is not a valid command.
<hallyn> smb: if you think just adding alias for nfs4 to nfs in modprobe.conf ia all that would be needed, I can suggest that in a debian bug and let them take it from there
<smb> hallyn, Apreciated. Yes, its all that is needed
<tyska> guys
<tyska> i have 4 exactly same servers
<tyska> there is some tool that just replicate the installation from 1 server to the others 3
<tyska> ?
<hallyn> smb: cool, thanks, will submit it then - ttyl
<smb> hallyn, The problem for it is that mount.nfs4 is leading to a modprobe for a kernel module named nfs4 (which does not exist).
<smb> If you probed it before or tell modprobe by an alias all is good
<hallyn> heh, simpler than i thought.  thanks
<moretti> ...
<Error404NotFound> Not strictly related to ubuntu server, so feel free to ignore. My ubuntu server hosts abc.domain.com(IP: 1.1.1.1) where domain.com is hosted on another server. I have installed postfix and smtp is working fine. My question is: do i need to set 1.1.1.1 reverse dns? if yes, to what? domain.com or abc.domain.com?
<RoAkSoAx> hggdh pong
<tyska> guys
<hallyn> tyska: well 15 years ago we used to just boot a minimal livecd and install with rsync over ssh.  The usual answers now seem to be preseeds and orchestra, but as for copying one config to another machine I'm not sure what's recommended
<hallyn> tyska: (server meeting is going on, so wait 30 minutes and you may get more answers)
<tyska> hallyn: i just need to install the 4 servers with ubuntu server, without any modifications
<hggdh> RoAkSoAx: is cloud-init expected to work with Cobbler from a Lucid system>
<hggdh> ?
<hggdh> RoAkSoAx: meaning: Cobbled is based on an Oneiric, cloud-init is trying to contact it from a Lucid (and failing with timeouts)
<hallyn> tyska: i'd recommend preseeding (http://www.debian-administration.org/articles/394 and http://blog.dustinkirkland.com/2011/03/ubuntu-server-quick-install-no.html)
<hallyn> it's what i do for quick replicated test installs - but note that it's a bit finicky and limited
<tyska> ok thanks hallyn
<hallyn> np
<drt24> hallyn: the uquick link is borken so following Dustin Kirkland's instructions won't work
<edgy> Hi, kvm would crash my host when I make the guest full-screen and back (ctrl-alt-f twice)
<edgy> hallyn: hi
<drt24> kirkland: ping re uquick link being broken
<hallyn> edgy: which qemu on what release, with waht window manager?
<hallyn> edgy: (probably best to file a bug, though)
<edgy> hallyn: yes, I want to file a bug but I am not sure whether it's specific to me or general; host and guest are kubuntu precise
<edgy> I just want to confirm it first
<RoAkSoAx> hggdh: huh? cloud-init doe snot contact cobbler... cobbler feeds juju user-data and also meta-data through the preseed file
<RoAkSoAx> hggdh: err jujuprovides the user-data to cobbler, and cobbler feeds it to the machine throyugh the preseed
<hallyn> edgy: oh, yeah, mightb e specific to you, but still good to record it i think, others may run into it
<hallyn> edgy: using sdl?
<edgy> hallyn: what files I need to attach to help debug it?
<edgy> hallyn: yes
<hallyn> 'ubuntu-bug qemu-kvm' should DTRT, if this is in fact kvm
<hallyn> ok, lemme try under unity real quick (booting)
<hggdh> RoAkSoAx: Q came because all our profiles in the Lab use it, not only those juju-related
<Ursinha> SpamapS: do you watch The Walking Dead?
<hallyn> edgy: can't reproduce in unity on precise with a server guest image
<Ursinha> SpamapS: there's a character that looks a lot like you
<SpamapS> Ursinha: no, I have too many other television addictions, and I hear its really really good.
<SpamapS> Ursinha: oh gee thanks for the compliment.
 * SpamapS has always wanted to be a zombie
<Ursinha> he's the most bad ass in the show haha
<Ursinha> SpamapS: http://www.hypergeek.ca/wp-content/uploads/2011/01/Daryl_Dixon_promotional.jpg
<SpamapS> Oh ahha I love that actor
<RoAkSoAx> hggdh: no, only the juju related profiles install the user-data and meta-data into the system. The other profiles only install cloud-init (well all machjines installs orchestra-client-, which also pull cloud-init)
<Ursinha> hahaha
<SpamapS> Ursinha: thats actually my evil twin. :)
<edgy> hallyn: do you have a kubuntu desktop guest handy?
<Ursinha> SpamapS: that explains :P
<SpamapS> Ursinha: I was first told I looked a bit like him when people saw Boondock Saints.. another one where he's a badass. :)
<Ursinha> SpamapS: you should make use of the fame haha
<SpamapS> I haven't had anybody actually ask me directly, but walking around Hollywood, a few people have stared really hard
<edgy> hallyn: I just replied to https://bugs.launchpad.net/ubuntu/+source/qemu-linaro/+bug/902237
<uvirtbot> Launchpad bug 902237 in qemu-linaro "kvm-spice is very slow to boot" [Medium,Incomplete]
<hallyn> edgy: no, i don't
<hallyn> ok - i'm out for a bit, back in a bit
<hallyn> edgy: hm, I see, thanks for the comment.  biab
<adam_g> RoAkSoAx: i think hggdh is correct, on lucid systems cloud-init fires off during boot and polls the unreachable metadata service for however many minutes
<Ursinha> SpamapS: at least for me you really look like him :) I was watching the series with that feeling "I've seen this guy before.." and one of these G+ hangouts made me realize that the guy was you hahahaha
<SpamapS> haha
<edgy> hallyn: how can I help you more?
<SpamapS> Ursinha: I'll start bringing a shotgun to the hangouts just to make you feel less confused. :)
<Ursinha> lol
<Ursinha> good idea
<kirkland> SpamapS: so I've just finished setting up irc-hybrid + supybot for logging ...  it's an all-in-one system, but what would you honestly think about a juju charm to do this?
<hggdh> adam_g, RoAkSoAx: it tries for 100*10 seconds, blocking the boot progress
<RoAkSoAx> adam_g: can you pastebin the preseeds?
<kirkland> SpamapS: I don't know how repeatable this setup is, I'm afraid
<kirkland> SpamapS: but I've set it up once, and I don't really want to blow time on recreating this work again;  would much rather tweak a conf and juju-deploy
<adam_g> RoAkSoAx: one min
<RoAkSoAx> adam_g: but really, cloud-init cannot pull meta-data from cobbler
<RoAkSoAx> adam_g: the meta-data stuff was added only for oneiric, and its not pulling based.
<adam_g> RoAkSoAx: i know, but its trying to reach the ec2 metadata service
<RoAkSoAx> hggdh: ls /root/ and what do you see there?
<adam_g> because (i assume) the lucid cloud-init hasn't been updated since all of this stuff was added
<RoAkSoAx> adam_g: is it deploying with juju?
<hggdh> RoAkSoAx: I will have to reinstall with the original kickstart templates. This will take at least 30 min
<hallyn> edgy: I'm leaving kubuntu-desktop installing so should be able to test this afternoon
<RoAkSoAx> hggdh: are you testing with juju?
<hggdh> RoAkSoAx: nope
<hggdh> just cobbler
<adam_g> RoAkSoAx: i dont remember if i was doing a fresh ubuntu server or juju profile. this was on the QA lab, so you're welcome to test those
<edgy> hallyn: good, I will follow the bug close awaiting for any advice, thanks
<RoAkSoAx> hggdh: what's int /root of the deployed system
<hggdh> RoAkSoAx: I will need to reinstall Lucid to check, as I stated above
<RoAkSoAx> hggdh: ok ;)
<edgy> hallyn: in kvm-spice how can I make it full screen to test this bug too?
<RoAkSoAx> adam_g: ok, will probbaly do it later tonight, i'll be on and off this week as i'm already on vacation :D
<SpamapS> kirkland: sounds like it might be quite useful as a charm. :)
<adam_g> RoAkSoAx: actually, im 90% sure this was installing from the stock lucid-x86_64 profile
<adam_g> ill fire off an install and check
<RoAkSoAx> adam_g: ok, let me know your findings
<SpamapS> kirkland: I have a dream, where one day, users will judge a charm not by the task that it sets out to perform, but by the content of its hook scripts.
<adam_g> hggdh: were you hitting this on the original UEC cluster? (santol, cempedak, etc)
<hallyn> edgy: you could try http://people.canonical.com/~serge/qemu-kvm-spice_0.15.91-2011.11-0ubuntu2_amd64.deb to see if that's faster for you
<hggdh> adam_g: no, on the Lab machines (rukbah, tarf, phact)
<RoAkSoAx> adam_g: if the orchestra.preseed is being in used, then nothing should be placing meta-data into de deployed machine for cloud-init
<hallyn> for full screen - i dunno offhand, sorry.  maybe spice-gtk will do it?
<hallyn> now, for real, biab :)
<RoAkSoAx> adam_g: if that's the case, then its cloud-init itself who's doing the request
<hggdh> RoAkSoAx: it was orchestra.pressed. It includes a snippet for cloud stuff, this was there
<RoAkSoAx> hggdh: so someone erroneously modified the preseed then :)
<hggdh> the snippet is orchestra_client_package
<RoAkSoAx> hggdh: orchestra_client_package only installs cloud-init
<RoAkSoAx> that snippet only install cloud-init
<RoAkSoAx> hggdh: but there's not meta-data nor user-data that cloud-init will seed from
<hggdh> RoAkSoAx: indeed. But cloud-init does not work with lucid, so there we are
<edgy> hallyn: tried the ubuntu2 version but still same problem
<RoAkSoAx> hggdh: ok so a quick fix would be for you to do the follow: edit /var/lib/cobbler/snippets/orchestra_client_package and remove cloud-init from there
<adam_g> RoAkSoAx: yes, its cloud-init ala lucid, polling the 169.254.169.254 metadata service, because it thinkts its in ec2
<RoAkSoAx> adam_g: yeah,  its cloud init itself  then :) not cobbler :)
<RoAkSoAx> adam_g: though the preseed installs cloud init
<adam_g> right
<hggdh> RoAkSoAx: already did :-)
<RoAkSoAx> hggdh: :)
<RoAkSoAx> adam_g: hggdh I'll modify that in orchestra's orchestra_client_package snippet
<hggdh> RoAkSoAx: perfect, thank you. Do you want a bug on that?
<RoAkSoAx> hggdh: filing it already :)
<edgy> hallyn: wait ...
<hggdh> RoAkSoAx: another one -- IDK, yet if the profile has been changed or not, installing a fresh cobbler locally meanwhile
<hggdh> RoAkSoAx: the orchestra.pressed has a late_command to chmod a powernap script
<hggdh> there is no such script in Lucid
<hggdh> so the d-i install halts on an error, needing user attention (press Enter, and install proceeds)
<SpamapS> I'm still a bit nervous about orchestra pushing powernap onto servers by default.
<SpamapS> After it offlined half the CPU's on our emerald ridge box at the ODS demo, and couldn't bring a bunch of them back online, it definitely makes me nervous.
<edgy> hallyn: if I used -enable-kvm it boot quickly but when I login it would kick me out
<zul> SpamapS: ditto
<edgy> aha! biab = bak in a bit, ok then I will hfab (hang for a bit)
<adam_g> SpamapS: to be fair, we didnt really need *all* those CPUs, did we?
<SpamapS> adam_g: true, of the 40, we only needed 24 ;)
<RoAkSoAx> hggdh: can I see that preseed?
<hggdh> RoAkSoAx: http://pastebin.ubuntu.com/769190/
<hggdh> RoAkSoAx: the script '/etc/pm/power.d/01cpu_online' does not exist for Lucid
<RoAkSoAx> hggdh: is that default install? cause in the orchestra branch that doesn't exist
<RoAkSoAx> hggdh: i believe that's manually been added by jamespage
<hggdh> RoAkSoAx: ah, this is it, then. I did not participate on the build-up. Cool
<jamespage> RoAkSoAx, yes
<RoAkSoAx> hggdh: yeah then, but either if that chmod for powernap script fails, the installtion should continue to be successfull
<RoAkSoAx> jamespage: and yeah in precise that has been fixed already. That script is not executable by default ;)
<hggdh> RoAkSoAx: it will, eventually. But D-I stops with an error message, and someone must get to the console and press Enter
<jamespage> RoAkSoAx, going to SRU that to oneiric?
<RoAkSoAx> jamespage: yes
<jamespage> sweet
<RoAkSoAx> hggdh: try modifying it like this: http://pastebin.ubuntu.com/769198/
<hallyn> edgy: you log into kde on the guest?
<hallyn> wonder if -vga qxl has a problem with that
<hggdh> RoAkSoAx: roger wildo
<edgy> hallyn: I couldn't log into kde but I managed to log into unity with very very bad display
<edgy> hallyn: I am trying to attach the Xorg log file
<edgy> hallyn: done, please check the Out of surfaces errors there
<hallyn> edgy: thanks
<edgy> hallyn: btw definitely -vga qxl is the culprit because -vga std works well
<smoser> zul, https://github.com/boto/boto/pull/432 was merged.
<smoser> so, upstream boto now has 'ec2_connect_endpoint'
<zul> sweet...congrats
<smoser> i'm happy that eventually it wont be such a pita to connect to arbitrary ec2endpoint
<mjau^> so, which is the preferred way in ubuntu 10.04?
<mjau^> /etc/init.d/bind9 restart, or service bind9 restart?
<uvirtbot> New bug: #903752 in tevent (universe) "[MIR] sssd" [Undecided,New] https://launchpad.net/bugs/903752
<smoser> mjau^, they'll end up being the same.
<smoser> but 'service' is probably preferred as that will also work for upstartified jobs.
<mjau^> smoser: hm, can you elaborate on the last part?
<smoser> if a service has an upstart job, then it could potentially not work with '/etc/init.d/SERVICE' (although likely there is a wrapper script installed there that would make it work)
<smoser> but if you use 'service service-name restart', it will invoke upstart restart if the job is upstart and init.d restart if init.d
<adam_g> zul: ping
<zul> adam_g: pong
<adam_g> zul: ohhhh i see, openstack-dashboard package in the archive comes from the lp:ubuntu/precise/horizon source (not lp:ubuntu/precise/openstack-dashboard)
<zul> adam_g: yeah because it got renamed
<patrickmw> jamespage, I've given up trying to shove the square peg in the round hole with the jenkins dashboard.  I think its as good as it's going to get.  Any further extrapolation will require its own reporting mechanism
<adam_g> zul: in any case, http://paste.ubuntu.com/769287/
<zul> adam_g: lovely...can you open up a bug in launchpad please
<adam_g> zul: sure
<zul> adam_g: thanks
<adam_g> zul: doh, its just a typo , ill send a fix
<smoser> bug 903878
<uvirtbot> Launchpad bug 903878 in libvirt "libvirt lxc broken on precise" [Undecided,New] https://launchpad.net/bugs/903878
<smoser> weee! hallyn ^
<hallyn> but I'm sure you know how to fix it
 * hallyn lives in optimism
<smoser> i think it might have regressed with last upload
<smoser> i'm verifying
<smoser> but i think it worked previosly
<hallyn> does 'virsh net-list' show default up?
<smoser> well, shoot.
<smoser> can't easily test.
<smoser> i was thinkig my old cloud-image had libvirt and i could just test there (where i thought it worked before)
<smoser> but it did not
<smoser> did not have libvirt, and i couldn't easily get it from archive then.
<hallyn> ?
<smoser> i was trying to verify that it worked ~ a week ago
<smoser> but my plan failed as i would have to get the older libvirt from the archive (and, surprise, not there :)
<hallyn> ok i'll test on precise in a min
<smoser> regarding virsh net-list, yes, i think up
<smoser> hallyn, i'll give you access to a system in a minute
<hallyn> smoser: WFM
<hallyn> following your instructions to the letter
<hallyn> precise updated this morning
<smoser> you're confused.
<hallyn> always
<smoser> its not supposed to say "error: internal error"
<smoser> hallyn, ubuntu@10.55.60.207
<smoser> run byobu there so i can see
<hallyn> no errors on my system at all.
<hallyn> smoser: kernel
<hallyn> you don't have veth
<smoser> thank you, hallyn.
<hallyn> np.
<eagles0513875|2> hey guys im running ubuntu server. does anyone have experience setting up nagiosql i have it installed but when i come to use it and write changes it complains about permissions
<eagles0513875|3> hey guys im running ubuntu server. does anyone have experience setting up nagiosql i have it installed but when i come to use it and write changes it complains about permissions
<kaushal> Hi
<kaushal> I am stuck with http://ubuntuforums.org/showthread.php?t=1679536
<kaushal> Any clue ?
<uvirtbot> New bug: #903901 in openldap (main) "[Lucid] backport fix for ITS#6458" [Undecided,New] https://launchpad.net/bugs/903901
<kaushal> checking in again for the query ?
<hallyn> kaushal: i'm no expert here, but i'd recommend ignoring the raid disks during install and setting them up after the fact.  you say you can install on the spare disk just fine, right?
<hallyn> ppetraki: ^ in case you're looking for a diversion, raid install problem :)
<ppetraki> hallyn, I already found one on the lvm mailing list :-p
<ppetraki> hallyn, I can take a quick look though
<hallyn> your cup overfloweth
 * ppetraki scrollsback
<hallyn> just http://ubuntuforums.org/showthread.php?t=1679536
<hallyn> my guess is the asnwer is "don't do that", but...
<ppetraki> RAID 5 as root, yeah, MD anyways, but a HW RAID should just work
<ppetraki> unless it's fakeraid
<ppetraki> looks like he quit
<ppetraki> I think he's got the semantics wrong
<hallyn> bah
<ppetraki> trying to use iscsi installer to configure his onboard raid
<ppetraki> if it's even an onboard raid
<ppetraki> hallyn, http://ark.intel.com/products/46534/Intel-Server-Board-S3200SHV
<ppetraki> hallyn, that might be the new Intel SAS controller, Patsburgh or fakeraid
<ppetraki> hallyn, if it is PB, then 10.10 might not have the driver
<ppetraki> hallyn, brand new scsi controller
<hallyn> i'm confused - the link says it's EOL
<ppetraki> hallyn, hmm missed that
<ppetraki> hallyn, he just posted on ubuntu server
<ppetraki> hallyn, yeah... need more info, initial impression is he has the semantics wrong. If he was really using iSCSI I would expect IP config details and affirmation like "I'm logging in to the target correctly" or what iSCSI SAN he's using
<hallyn> ppetraki: ok - i was wanting to ask him to file a bug, but at the same time didn't want to steal helpful info for others from the forum site
<hallyn> but, since he's gone, guess i'ts moot
<hallyn> ppetraki: thx
<ppetraki> hallyn, np
<hallyn> edgy: running kde, maximize/unmaximize is not hurting anything for me
<njin> Hello guys, can someone look at bug 902140 , thanks
<uvirtbot> Launchpad bug 902140 in openobject-addons "When updating getting error (dup-of: 901647)" [Undecided,New] https://launchpad.net/bugs/902140
<uvirtbot> Launchpad bug 901647 in openobject-addons "column email_template.fetchmail_server_id does not exist" [Medium,In progress] https://launchpad.net/bugs/901647
<njin> sorry, bug 903140
<uvirtbot> Launchpad bug 903140 in ubuntu "Static IP doesn't work with driver tg3 on Broadcom card" [Undecided,New] https://launchpad.net/bugs/903140
<njin> In Ubuntu Desktop works, but not in server edition
<njin> can someone explain why?
<uvirtbot> New bug: #903928 in openldap (main) "package slapd 2.4.25-1.1ubuntu4.1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/903928
<axisys> mount.nfs4 192.168.0.24:/share /mnt
<axisys> mount.nfs4: No such device
<axisys> what is wrong with mount command?
<SpamapS> axisys: generally you would want to run 'mount -t nfs4 x.x.x.x:/share /mnt'
<SpamapS> axisys: and actually on more recent releases, nfs4 is deprecated, its just 'nfs'
<axisys> SpamapS: mount -t nfs worked
<axisys> SpamapS: but how do I make sure it is nfs version 4
<axisys> mount -t nfs4 worked too
<SpamapS> axisys: -o nfsvers=4
<SpamapS> axisys: thats from 'man nfs'
<axisys> SpamapS: :-) .. should have read it first.. thanks a lot
<SpamapS> axisys: any time, thanks for asking good questions. :)
<hallyn> jdstrand: jjohansen: apparmor policy q in bug 903962.  (to be clear, we'd be extending the apparmor policy for libvirt, in main, to support spice, in universe - but not depending on spice)
<uvirtbot> Launchpad bug 903962 in libvirt "support spice" [Medium,Confirmed] https://launchpad.net/bugs/903962
<jjohansen> hallyn: so the apparmor change looks fine to me, but I have never played directly with the libvirt apparmor driver, so I'll wait for jdstrand to comment
<hallyn> smb: d'oh, debian already has 'alias nfs4 nfs' in /etc/modprobe.d/aliases.conf'
<hallyn> jjohansen: thanks
<hallyn> smoser: zul: any objection to my making qemu-kvm now Depend on kvm-ipxe?
<hallyn> the one thing is it does slow down boot a bit to wait for ipxe...
<hallyn> (and 'boot c' doesn't seem to stop it trying, to my chagrin)
<zul> i dont have an opinon
<smoser> soren, ^
<smoser> hallyn, i hdont have any string disapproval of that.
<smoser> could you/have you opened a bug upstream on "'boot c' still wants to boot from network"
<smoser> or some such
<hallyn> smoser: no, it only just occurred to me that's happening.
<hallyn> hm, maybe it's not happening!
<hallyn> maybe that was a bad hd
<hallyn> (back in 30 mins)
<Lcawte> Hi, I've just installed Ubuntu server from a different machine (because it didn't like any install disk), then moved it downstairs, everything seems to be going ok, other than the network is broken, is there any way I can force ubuntu to automaticly reconfigure it (eth0 & eth1 are messed up in other words)
<ChmEarl> Lcawte, its a udev *.rules things - check 7*-persistent-network.rules (not exactly sure)
<hallyn> smoser: yeah all i actually get is 2-3 seconds of 'configure ipxe' - which is still annoying, though
<ChmEarl> Lcawte, in the *.rule file your ethX name is tied to a MAC
<Lcawte> Is there an easy way to force it to reset? Or will it be manual editing?
<ChmEarl> Lcawte, delete the offending lines
<ChmEarl> manual edit
<Lcawte> Ok, where abouts are those files?
<ChmEarl> /etc/udev*
<ChmEarl> or better /etc/udev/rules.d/70-persistent-*
<ChmEarl> Lcawte, try grep -i eth0 /etc/udev/rules.d/*.rules
<gavinc> hi folks, in a bit of pain. inherited a 6 server setup all running Ubuntu Server trying to make some sense of it's nfs setup, and none of the machines have UID/GIDs in common. Looking for the shortest path out of that :\
<uvirtbot> New bug: #903993 in cloud-init (main) "Don't hang waiting for input from commands" [Undecided,New] https://launchpad.net/bugs/903993
<gavinc> Options seem to be: setup Kerberos KDC on one of them, setup openldap (with or without kerberos), try and get their passwd files in sync, or have a bunch of world rw nfs mounts around
<gavinc> anyone have any other brilliant ideas :\
<hallyn> smoser: zul: still around?
<hallyn> soren: i intend to make qemu-kvm depend on kvm-ipxe in the next few days, any objection?
<hallyn> ahs3: Daviey: I've opened bug 904014 fwiw :)
<uvirtbot> Launchpad bug 904014 in netcf "[MIR] netcf" [Undecided,New] https://launchpad.net/bugs/904014
<ahs3> hallyn: kewl.  you saw that the netcf update hit unstable, yeah?
<hallyn> yup, just saw it a few mins ago, keep wiating for the FTBFS email :)
<hallyn> (not really)
<ahs3> heh
<hallyn> RoAkSoAx: hm, you about?
<kaushal> Hi
<kaushal> Please suugest about https://lists.ubuntu.com/archives/ubuntu-server/2011-December/006016.html ?
<kaushal> suggest*
<zul> hallyn: kind of
<hallyn> zul: good enough, would you mind, when you get a chance, just doing 'syncpackage -d unstable spice'?
<zul> hallyn: sure
<hallyn> zul: tests fine on my precise laptop, and hopefully it'll fix a slowness with -vga qxl for edgy
<hallyn> thanks
<zul> edgy?
#ubuntu-server 2011-12-14
<hallyn> yeah, as in the nick on this channel :)
<hallyn> (bug 902237 is the one)
<uvirtbot> Launchpad bug 902237 in qemu-linaro "kvm-spice is very slow to boot" [Medium,Incomplete] https://launchpad.net/bugs/902237
<zul> k
<kaushal> I am hit with this bug https://bugs.launchpad.net/ubuntu/+source/kickseed/+bug/548617
<uvirtbot> Launchpad bug 548617 in kickseed "Fresh kickstart installation of lucid fails, - asking for ISCSI volumes (dup-of: 546929)" [Undecided,New]
<uvirtbot> Launchpad bug 546929 in linux "most PATA/SATA modules missing in Lucid netboot" [Critical,Fix released]
<hallyn> i guess at this point i should resign myself to writing a ncftool manpage soon.  maybe this weekend.
<Lcawte> Oh, and final question from me tonight, can servers be run without a monitor attached?
<Lcawte> I know whenever I try it on a desktop edition of Ubuntu it just crashes...
<hallyn> Lcawte: yes, definately they can
 * hallyn out
<Lcawte> Good, is it easy to do (ie a simple command or just unplugging the screen?)
<IrishGringo> i am kind of new to ubuntu...
<IrishGringo> I am trying to Su into ubuntu... and it wont let me
<IrishGringo> I wan tto install some software
<IrishGringo> so what is the routine?
<IrishGringo> I wan tot apt-get install erlyvideo
<kaushal> Hi
<kaushal> Please suggest about https://lists.ubuntu.com/archives/ubuntu-server/2011-December/006020.html
<SpamapS> IrishGringo: sudo apt-get install erlyvideo
<soren> hallyn: I'd probably make it a "Recommends:" instead.
<IrishGringo> SpamapS: I was able to install it with the script in instructions
<IrishGringo> useing sudo
<IrishGringo> anyone have experience using erlyvideo/ or any video streaming?
<IrishGringo> I may wan to add ftp to this ubuntu server...  are there options better than ftp?
<IrishGringo> where I can use filezilla?
<qman__> sftp
<qman__> IMO, ftp should not be used by anyone, for anything, ever
<qman__> and there's no excuse for it anymore, now that sftp is easy to set up and use
<IrishGringo> qman__: how do I install it?  apt-get sftp?
<qman__> apt-get install openssh-server
<qman__> by default, all users have normal sftp access to the system
<qman__> you can further restrict who has access or set up chroots in /etc/ssh/sshd_config
<qman__> be aware that this also enables ssh by default
<IrishGringo> I am sftp into the box... very cool
<jvargas> hi
<IrishGringo> erlyvideo...   does anyone have expereince with it?
<jvargas> My company is growing and we can't have user accounts separated on every host, every server and every application or service. In Windows one could just setup an ActiveDirectory server for thatm, and have multiple services and hosts authenticating against it.
<qman__> OpenLDAP
<jvargas> Wht would be the best alternative to centralize authentication using a linux server and both windows and ubuntu desktop clients?
<qman__> windows clients are going to be the problem
<qman__> you need stuff like samba and winbind and kerberos, and getting it to play nice with active directory is a pain at best
<qman__> if NT4-style domains are good enough, samba 3 can handle it
<jvargas> i won't use a windows server at all, there are only linux desktops, and some windows virtual machines used for testing and legacy software.
<qman__> I'd bite the bullet on the windows machines and just go straight linux then
<qman__> way more trouble than it's worth if you don't have more than a few
<jvargas> I was reading OpenLDAPServer wiki and found nothing about windows.
<qman__> that's because OpenLDAP doesn't do windows
<qman__> samba does
<qman__> and integrating the whole mess is a task which is not for the weak
<qman__> however, if you just go linux to linux, you can set up just openLDAP
<jvargas> Well, there are some samba shares used across all offices, and current authentication is using smbpasswd, not external You mean that I can chain samba to authenticate against openldap? and also windows to authenticathe through samba?
<qman__> getting windows connected is hard
<qman__> if NT4-level of domains is acceptable, it's not too bad
<qman__> but IIRC that only works reasonably well up to XP and 2003
<jvargas> ok, let's discard windows at all.
<qman__> newer versions of windows require significant modification to work without a complicated kerberos setup
<qman__> without windows, you can set up a standard openLDAP network, get your clients authenticating, and then configure samba to authenticate against it
<jvargas> that's cool.
<qman__> while nontrivial, it's significantly less complicated than if you add in windows clients
<jvargas> and from the desktop client side, does it requires hacking a lot into config files for every workstation, or in ubuntu it could be easier?
<qman__> each workstation will need to be configured to authenticate against the LDAP server
<qman__> however, you can script it
<qman__> and if you preseed your clients or similar, you can include it in your new setups
<qman__> basically the client needs to install the ldap client, then configure pam to use it, and make sure that the local user configuration doesn't interfere
<jvargas> ok, in real life unified authentication works like this? I mean, they use OpenLDAP as server and desktops linux and apps authenticate against it?
<qman__> and the latter is best done by making sure the ldap network uses high uids
<qman__> except for special cases, everything in linux authenticates against pam
<qman__> so all you need to do is configure pam
<qman__> client configuration is very simple once your network is set up
<jvargas> there is another important question, what if the client is a notebook and not connected to network? Can I chain the authentication procedure to fall back to normal local login?
<qman__> yes
<qman__> in pam, you can configure it to accept both network and local logins
<jvargas> ok, i will dig a bit about that right now.
<qman__> a tip from personal experience
<qman__> whenever you are modifying pam configuration, leave a root terminal open
<qman__> because if you accidentally break it, you won't be able to log in
<qman__> and you won't be able to sudo
<jvargas> good one!
<hallyn> soren: ok, that was my original plan, will stick with that then.  thx
<uvirtbot> New bug: #904079 in irqbalance (main) "irqbalance crashed with SIGSEGV in readdir() (dup-of: 739364)" [Undecided,New] https://launchpad.net/bugs/904079
<uvirtbot> New bug: #904082 in krb5 (main) "package libkrb5support0 1.8.3+dfsg-5ubuntu2.2 failed to install/upgrade: pakiet libkrb5support0 jest juÅ¼ zainstalowany i skonfigurowany" [Undecided,New] https://launchpad.net/bugs/904082
<twb> What's acpi-support called these days?
<kaushal> Please suggest about https://lists.ubuntu.com/archives/ubuntu-server/2011-December/006020.html
<gemini420> hi there - having a weird issue with bind9, where the root servers are always the AUTHORITY
<gemini420> anyone seen this issue before
<gemini420> ?
<gemini420> if i take the local ip out of resolv.conf and leave just the forwarder DNS, then dig uses the upstream DNS
<gemini420> as expected
<gemini420> but when the dns cache is setup, all local dns queries go out to the root servers
<twb> I didn't think dig used resolv.conf at all
<twb> If you just want a caching resolver, I recommend unbound rather than bind
<gemini420> resolve conf set the DNS, and adding a localhost IP enables the dns cache
<gemini420> i want master using bind9, but ran into this weirdness
<gemini420> thanks twb for your suggestion
<twb> unbound and nsd are resolver and server respectively; bind tries to do both in one tool and IMO that makes it much more confusing and icky
<gemini420> i have an existing bind9 setup and am familier with it, so ...
<gemini420> i am hoping to fix this weirdness
<uvirtbot> New bug: #904126 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/904126
<soren> hallyn: Any particular reason you wanted to make it a hard dependency? As a Recommends:, it'll get pulled in automatically, but can be removed explicitly. That seems ideal to me, but perhaps I'm missing something.
<hallyn> soren: no as long as it gets installed automatically i'm happy
<soren> hallyn: Great!
<hallyn> I'll push an update to do that tomorrow
<hallyn> i really need to find me an amd box for qemu testing
<koolhead11> hi all
<e_t_> Hello koolhead11
<koolhead11> hi e_t_
<Daviey> rbasak: Do you want to sign up for some of https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-arm-service-orchestration items?
<rbasak> Daviey: I assumed I was already by default? Though I'm not sure quite what I'm signing up for yet, I've started playing with juju (not on ARM yet though)
<funkymonk> how do i check if my server box is blocking LAN connections?
<Daviey> rbasak: nah, the default is assigned to ~ubuntu-server
<Daviey> our are just the drafter :)
<Daviey> you are*
<RoyK> funkymonk: ?
<funkymonk> yes
<funkymonk> RoyK: yes?
<RoyK> what do you mean blocking lan connections?
<patdk-lap> iptables?
<RoyK> patdk-lap: since ufw/iptables must be enabled by the user, I wanted to know what he meant :P
<funkymonk> RoyK: Sorry this channel has been a bit slow so i've asked over in #ubuntu
<RoyK> funkymonk: you never asked a clear question, so it's not really strange noone has bothered to answer
<funkymonk> RoyK: I know I;m sorry just trying to get the terminology correct
<funkymonk> basically i can ssh and visit the webste using the public address but if i use internal IP address e.g. 192.168.123.123 and 192.168.123.124
<funkymonk> then nothing appears to work
<RoyK> you haven't said anything about how your network is configured, on which network the server and client is, etc
<patdk-lap> royk, lost your crystal ball?
<RoyK> yeah, or my temper, or both
<funkymonk> lol sorry guys
<funkymonk> server: ubuntu 11.10 server edition. clients: win7 and windows 7 all three boxes are wirelessly connected to a single cable router
<muhqu> hey, Is here someone in charge of http://us-east-1.ec2.archive.ubuntu.com/Â ? It's like one of its assigned IPs (10.252.111.96) doesn't serve the package repositoryâ¦ it's empty
<rbasak> utlemming, smoser: ^^
<rbasak> they probably won't be in for a few hours yet though
<muhqu> rbasak: ok.. I just wanted to let you guys knowâ¦ workaround is as easy as adding a fixed /etc/hosts entry for http://us-east-1.ec2.archive.ubuntu.com/ but you want to make sure you don't bundle such a modification into a custom AMI
<rbasak> muhqu: OK, thanks for the report!
<muhqu> if you want to repro the issue: curl http://10.252.111.96/ -H 'Host: us-east-1.ec2.archive.ubuntu.com'
<muhqu> results in empty apache file listing...
<rbasak> Well it's really /ubuntu/dists/oneiric/main/binary-amd64/Release (etc) that must exist first, but I presume that doens't work either?
<muhqu> so 10.252.111.96 should either be removed from the us-east-1.ec2.archive.ubuntu.com DNS rotation, or the missing directory structure should be added...
<muhqu> propably a wrong mount or NFS issue...
<muhqu> ec2 instances in us-east-1 do not cache the IP the get for http://us-east-1.ec2.archive.ubuntu.com/ â¦ so every N package you try to install will fail...
<Daviey> erk.
<muhqu> fyi: the issue with http://us-east-1.ec2.archive.ubuntu.com/ is solved
<rbasak> muhqu: thanks, I think somebody was concurrently working on it
<muhqu> rbasak: noâ¦ we got it sorted out in #canonical-sysadmin
<muhqu> lamont took care of it
<rbasak> aha
<uvirtbot> New bug: #904243 in apache2 (main) "apache does not start on server startup" [Undecided,New] https://launchpad.net/bugs/904243
<zul> good morning
<koolhead11> morning zul
<Vivek> My Orshestra installation is missing the management classes when I do a cobbler list mgmtclasses: is empty.
<Vivek> Also the oneric images have not been downloaded, I am using oneric.
<uvirtbot> New bug: #904248 in python-central (main) "python-central build-dependencies in main" [High,Triaged] https://launchpad.net/bugs/904248
<zul> Daviey: the tgt bug got fixed
<Daviey> zul: status is still opne, https://bugs.launchpad.net/ubuntu/+source/nova/+bug/871278 ?
<uvirtbot> Launchpad bug 871278 in nova "Cannot attach volumes to instances if tgt is used" [High,In progress]
<zul> Daviey: yeah the fix went upstream, will close it tomorrow when the new release will come out
<Daviey> zul: I mean, the upstream task is still open?
<zul> Daviey: dont know whats going on with that one but it did get in https://github.com/openstack/nova/commit/4419badf187acfc100dff1ba05bb1543eab60ba7
<sw0rdfish> heya
<edgy> hallyn: hi
<edgy> hallyn: I just updated that silly bug! I hope you can figure out something or tell me how can I help debug it more
<hallyn> edgy: thx i'll take a look.
<edgy> hallyn: as usual ctrl-alt-f for a kvm guest hangs my host and disconnect me and had to reboot
<hallyn> edgy: this is with SDL?
<edgy> hallyn: yes
<RoAkSoAx> Daviey: who can we ask to get a package reviewed from the new queue
<Daviey> RoAkSoAx: jdstrand is the usual conscript^D volunteer.
<RoAkSoAx> Daviey: cool thanks
<RoAkSoAx> jdstrand: howdy! If you have the time could you please process gfs2-utils from the NEW queue?
<zul> Daviey: can you have a look before i push: http://paste.ubuntu.com/770143/
<Daviey> zul: python-sqlalchemy not needed anymore?
<zul> Daviey: it was in their twice
<zul> i thought once was good enough ;)
<Daviey> zul: Are you sure that is correct usage of debian/pydist-overrides ?
<zul> Daviey: yeah
<Daviey> zul: sure, sure?
<zul> Daviey: lemme do a testbuild
<Daviey> zul: i thought that was for re-mapping pip names to deb package names?
<zul> Daviey: gimme a sec
<zul> Daviey: im 99.9% sure but still building
<Daviey> zul: I'm not certain either :)
 * Daviey pulls out the manual
<zul> Daviey: its correct usuage
<Lcawte> Hi, I was trying to update to the latest stable release this morning, and it seems I'm having some problems, I messed up the boot loader, when I boot the machine, it runs through to a screen and checks for a cd boot etc, and then stops, shows nothing below that... (so the cd boot check is done, but still on the screen), how do I fix this without reinstalling the machine?
<zul> Daviey: so yeah its ok
<drt24> Lcawte: https://help.ubuntu.com/community/Boot-Repair ?
<zul> Daviey:  uh ping
<Daviey> zul: ok.. i really didn't think it was designed to work like that, but if it does \o/
<zul> Daviey: ok pushed
<hallyn> jdstrand: are you around today, and able to take a quick look at bug 903962 to approve/reject the libvirt apparmor changes I propose for spice?
<uvirtbot> Launchpad bug 903962 in libvirt "support spice" [Medium,Confirmed] https://launchpad.net/bugs/903962
<hallyn> zul: Daviey: see any problems in making /usr/bin/kvm be offered by update-alternatives (so you can choose between qemu-kvm and qemu-kvm-spice)?
<uvirtbot> New bug: #904320 in euca2ools (main) "euca-run-instances --user-data expects file argument" [Undecided,In progress] https://launchpad.net/bugs/904320
<zul> hallyn: if you have broken symlinks then it can be a pain in the ass
<hallyn> zul: for libvirt to use spice, /usr/bin/kvm will need to be qemu-system-x86_64-spice (from universe).  can you think of a better solution?  diversion?
<zul> hallyn: diversion maybe but i dont have a better  solution
<hallyn> zul: do broken symlinks just happen if a package uninstall goes bad?
<zul> hallyn: check samba bugs ;)
<hallyn> heh.  do i have to?
<hallyn> ok, thanks, i'd better tkae a look
<zul> hallyn: heh no but samba did that and the number of bugs we got about it....holy <insert expletive here>
<hallyn> zul: i'll take another look at diversion
<zul> hallyn: k
<hallyn> zul: any rules you know about regarding a universe package diverting an executable from main?
<zul> hallyn: no but i think its generally frowned upon
<hallyn> uh, how about a symlink?
<zul> but samba4 might be a good example
<hallyn> it diverts stuff from samba?  will take a look, thx
<JanC> you can also make the package of the spice version of qemu conflict with the regular version?
<edgy> JanC, but most users would like to use both without uninstalling, I guess
<JanC> maybe
<hallyn> and right now it depends on it :)
<edgy> I agree with hallyn that update-alternatives is better
<hallyn> but i like to learn from past tragedies :)
<hallyn> i'm *really* not having good luck with precise kernel on vostro
<edgy> hallyn: please make kvm-spice works before you care about virt-manager ;)
<JanC> also, if the alternatives system breaks so easily, maybe that needs fixing...  ;)
<hallyn> i'm trying, but can't get the laptop to stay up long enough :)
<edgy> hallyn: linux is not so stable nowaday with modern hardware like before
<hallyn> edgy: nah, i'ts just the bleeding edge 3.x kernel in precise
<hallyn> well, at leaset on this simple vostro :)
<edgy> hallyn: for me, it's the hybrid graphics that causing me issues I think
<hallyn> hrm
<GamingX> Hey guys, I have a VPS with 1 GB RAM. I just installed Ubuntu 10.04 on it. But its using up about 200 mb of memory. Is that normal ?
<JanC> GamingX: depends on what software you installed and how you configured it...
<edgy> GamingX: very normal
<edgy> JanC: he installed nothing
<GamingX> I haven't setup any software yet at all. Just the LAMP installation. Is there a way to check the RAM usage via SSH ?
<edgy> ;)
<edgy> GamingX: free -m
<JanC> "LAMP" isn't nothing
<GamingX> JanC: Most of it was already installed since it is the server addition, so..
<JanC> Apache & MySQL both start multiple processes etc.
<GamingX> free -m just shows me what I know. Is it possible to check which process or what is using up the RAM ?
<edgy> GamingX: you can use top to see what processes uses how much ram
<GamingX> Mysql seems to be using up the most amount of memory which is 2.4%
<GamingX> I can see only about 15 processes running.
<edgy> GamingX: top -b
<GamingX> What's that do ?
<JanC> or install htop  ;)
<edgy> GamingX: display all the processes every x seconds
<GamingX> Its the same processes. Is it possible the OS itself is using a certain amount of memory + the processes executing is resulting in the 200 mb of memory used ?
<edgy> GamingX: try this: ps aux | awk '{print $2, $4, $11}' | sort -k2rn
<nonotza> does anyone know why a cron set for every minute or every 5 minutes would run on the server. but when I schedule it for say 12:01pm everyday, it doesn't run
<_Marcus> Can someone help me? I want to make it so that a user can only access a directory and it's directories under it, not / and all of it's directories. How would I do this?
<edgy> nonotza: may be you have a syntax error?
<nonotza> I think it's because my system time was set to a different timezone
<nonotza> thanks
<edgy> _Marcus: look for chroot'ing him
<nonotza> edgy: so I fixed the system time but this cron still didn't run: 15 12 * * * php /home/anthony/PHP-MySQL-Backup/backup_dbs.php
<nonotza> that should have run at 12:15 right?
<edgy> nonotza: yes
<nonotza> it didn't though :-/
<nonotza> any ideas?
<edgy> nonotza: how you know it didn't run?
<nonotza> no log/backup was created
<edgy> nonotza: and if your run it manually at that time, would it work?
<nonotza> yes
<nonotza> the weird thing is that I can set the cron to run every 5 minutes or every minute and it also runs fine
<edgy> nonotza: I can't believe you ;)
<nonotza> :-/
<nonotza> :(
<nonotza> wow this is frustrating
<edgy> nonotza: you know that 12:15 is at noon and not at night?
<nonotza> yes
<nonotza> it's noon here
<nonotza> http://pastebin.com/gMT7iLCF
<edgy> nonotza: if you put another command at that time, would it run?
<nonotza> let's give that a try
<edgy> nonotza: and why the need of sudo? you are already root
<nonotza> just trying it out
<nonotza> i omitted it before
<nonotza> no dice
<nonotza> I tried a different command
<nonotza> mkdir /root/test
<nonotza> here's what's in /var/log/cron: Dec 14 12:27:01 mobcaster-dev crond[1479]: (root) RELOAD (cron/root)
<edgy> nonotza: it created /root/test or not
<nonotza> it did not
<nonotza> the above line was the only thing logged at the time the cron was supposed to run
<edgy> nonotza: stop cron and run it in the front using -L 18
<ninjix> hi all
<ninjix> anyone experiencing apt hash sum mismatch errors?
<edgy> nonotza: I mean 15
<nonotza> 	ok
<nonotza> # service crond start -L 15; Starting crond:                                            [  OK  ]
<ninjix> running squid-deb-proxy for several months and today I noticed we are getting random hash sum errors
<nonotza> ok, edgy: the command was run now
<edgy> nonotza: service crond stop && crond -f -L 15
<nonotza> what exactly are we doing here?
<nonotza> # crond -f -L 15
<nonotza> crond: invalid option -- f
<nonotza> oops
<nonotza> forgot the service crond start
<edgy> nonotza: sorry I mean cron -f 15
<nonotza> ok, I did that. what does that do edgy?
<edgy> nonotza: cron -f -L 15 // last try
<nonotza> that ran successfully
<edgy> nonotza: it runs it in the foreground with debugging messages
<nonotza> well it didn't show it
<nonotza> but the command ran successfully
<nonotza> and was logged
<edgy> nonotza: fine
<nonotza> let me try with my script now
<edgy> nonotza: so now you don't have any problem, right? ;)
<nonotza> well I'm not sure
<nonotza> ok, my script ran now
<edgy> nonotza: nice, mostly cron was not running on your system
<nonotza> at the specified time
<nonotza> but it was!
<nonotza> I was able to set a cron for every 5 minutes
<edgy> nonotza: stop cron and restart the service now and see
<nonotza> ok
<nonotza> it ran again fine
<nonotza> weird or what ...
<edgy> nonotza: may be there was a devil playing with you ;)
<nonotza> wtf â¦!?!? lol
<Lcawte> Having another problem with booting etc, I brought the disk up here, reinstalled grub, updated to 11.10, and it all worked fine, I take it downstairs, but it won't even go into grub or past it... its stuck at a "hardware monitor" screen... any ideas how I fix it (and a live CD won't work, that machine doesn't like them for some reason)
<ninjix> Lcawte: how sure are you that the disk controller is working on the server?
<Lcawte> ninjix: the motherboard knows its there, its boot priority is correct, and the disk spins up (I can hear it), all the connections are fine, :/
<ninjix> Lcawte: can you try a live usb? also, have you reset the bios to factory defaults?
<Lcawte> ninjix: no, and yes
<ninjix> it not liking live CDs there's something about the disk IO control that is not normal
<Lcawte> I'll take the bios floopy disk down and try that quickly
<ninjix> anyone running a farm of servers with some kind of apt proxy/cache?
<batok> I need to reinstall a server with 9.10 ( Karmic Koala ) but there's a problem with sudo apt-get update
<batok> I don't if I can edit some file to get the index info from other place
<ninjix> I would rather run a proxy than a full mirror... but I'm considering it if I can't find a reliable way of centralizing apt packages
<Lcawte> ninjix: nope, still no luck
<batok> is there an up to date /etc/apt/sources.list for karmic koala?
<batok> karmic stuff isn't at us.archive.ubuntu.com
<smoser> SpamapS, ping
<smoser> so how should i fix that cloud-init snafoo?
<hallyn> Daviey: where did the idea that i woudl be doing much ceph stuff come from?  (not the uds sessions or blueprints...)
<hallyn> oh, you just mean qemu patches.  i think.  phew
<Daviey> hallyn: yeah
<hallyn> i do wonder why he wants to stick with libvirt 0.9.2
<hallyn> we've got 1.0 qemu and 0.9.7+ libvirt in precise, so it sounds like it should build - but maybe not run
<Daviey> hallyn: ahhh!
<Daviey> i got a little lost TBH
<hallyn> Daviey: my interpretation was we're on our own for getting it to work
<Daviey> :/
<Lcawte> Hi, I'm still having problems not being able to boot into grub / past bios/cmos whatever its called
<gary_poster> hallyn or SpamapS, lxc-create is now hosed on my machine.  Here are some details.  http://pastebin.ubuntu.com/770406/  This is quite possibly related to my noob mistake of accepting all -proposed oneiric changes in order to try and test the proposed lxc change.  Now I can move back and forth between the current and proposed lxc versions and I get the same error.  I and the other people I've asked have tried everything we could think of and find.
<gary_poster> Could you give some ideas?
<gary_poster> lxc-create worked on my machinea few days ago.
<hallyn> gary_poster: it sounds unrelated to lxc - you can't get to archive.ubuntu.com!
<gary_poster> My existing lxc container is also dead when I try to start it ("lxc-start: no configuration file for '/sbin/init' (may crash the host)")
<gary_poster> hallyn I can get to archive.ubuntu.com just fine from my host
<SpamapS> smoser: pong, sup?
<lifeless> gary_poster: could you grab sudo brctl show and ip route output  ?
<lifeless> gary_poster: ah, lxc-create starts out outside the container, running debootstrap
<lifeless> gary_poster: thats why hallyn says you cannot name resolve archive.ubuntu.com
<smoser> SpamapS, what should i do about the claud init lucid-proposed snafu
<smoser> i need .7 deleted from archive ?
<gary_poster> lifeless, http://pastebin.ubuntu.com/770412/ .  lifeless, ping archive.ubuntu.com works fine on the host, as does using apt
<lifeless> gary_poster: 'host archive.ubuntu.com'
<lifeless> interesting
<SpamapS> smoser: Its only in the queue
<gary_poster> lifeless, I'm not sure what you meant by 'host archive.ubuntu.com'
<lifeless> gary_poster: host is a command that will do a dns lookup
<smoser> SpamapS, so i can justfix and re-upload?
<gary_poster> lifeless, http://pastebin.ubuntu.com/770415/
<hallyn> gary_poster: does "sudo debootstrap precise ab" work for you?
<lifeless> cd /tmp; debootstrap --arch=i686 lucid outputdir http://archive.ubuntu.com/ubuntu
<SpamapS> smoser: yeah I'll reject the current upload right now
<hallyn> heh, yeah, that's better - ^ what lifeless said
<gary_poster> hallyn, I did what you said and got http://pastebin.ubuntu.com/770417/ .  Will now try other unless you stop me
<hallyn> yup go ahead
<gary_poster> hallyn, lifeless, http://pastebin.ubuntu.com/770418/
<Lcawte> Hi, I'm still having problems not being able to boot into grub / past bios/cmos whatever its called... anyway, the hard drive works fine and boots in my desktop upstairs, any idea why it doesn't work downstairs in the other machine
<lifeless> gary_poster: arch=i386 please; I didn't test the command first ;)
<lifeless> hallyn: ah, I think the cache layer has mislead the analysis
<lifeless> hallyn: see 'Checking cache download in /var/cache/lxc/lucid/rootfs-i386 ...
<lifeless> Copy /var/cache/lxc/lucid/rootfs-i386 to /var/lib/lxc/lucid-lp-beta2/rootfs ...
<lifeless> Copying rootfs to /var/lib/lxc/lucid-lp-beta2/rootfs ...Please change root-password !
<lifeless> '
<lifeless> hallyn: I think we're into the container after that
<hallyn> doh
<gary_poster> lifeless, command is working fine so far (retrieving diffutils)
<lifeless> gary_poster: you can interrupt it
<gary_poster> done
<hallyn> gary_poster: what does 'virsh net-list' show?
<gary_poster> hallyn, gary@macbuntry:/tmp$ virsh net-list
<gary_poster> Name                 State      Autostart
<gary_poster> -----------------------------------------
<gary_poster> default              active     yes
<gary_poster> hallyn, sorry, was supposed to be http://pastebin.ubuntu.com/770427/
<gary_poster> which has that info :-P
<hallyn> gary_poster: ok, still that's happening in a chroot, not a container, so actually that (virbr0) shouldn't matter
<lifeless> hallyn: *blink*
<hallyn> gary_poster: what does /etc/default/lxc show?
<gary_poster> hallyn, http://pastebin.ubuntu.com/770430/
<hallyn> lifeless: it's part of the tempalte installing python-software-properties in a chroot
<hallyn> gary_poster: meh, big stick - can you rm -rf /var/cache/lxc/* and try over?
<gary_poster> hallyn, heh, sure :-)
<hallyn> lemme set upa  lucid host to try this on too
<gary_poster> hallyn, so I did the rm, and now I am about to do the same lxc-create I showed initially, yeah?
<lifeless> hallyn: I think gary_poster is running O
<gary_poster> yes
<lifeless> hallyn: IMBW
<gary_poster> O running lucid container
<hallyn> oh
<gary_poster> sorry, I should have noticed the "host" part
<hallyn> gary_poster: yeah, the usual
<gary_poster> k, on it
<hallyn> lifeless: IMBW?
<gary_poster> I may be wrong
<gary_poster> lifeless likes his acronyms :-)
<hallyn> ah
<hallyn> gary_poster: WFM (on canonistack instance)
<gary_poster> hallyn, it worked.  I got at least three "W: Failure while installing base packages.  This will be re-attempted up to five times." along the way
<gary_poster> but seems to be ok hallyn
<hallyn> sigh - i thought i pulled resolvconf
<gary_poster> so I'll just remeber to blow away the cache in the future if this happens again. :-) thank you hallyn & lifeless
<hallyn> no, i guess not from lucid template
<hallyn> gary_poster: np - i've been thinking we should auto-purge the cache every week or so
<gary_poster> hallyn, huh, interesting.  OK, I'll make a note of the possible issue on our wiki for now
<hallyn> cool
<hallyn> stgraber: what do you think of adding a 'if cache is older than 5 days, nuke it' check to lxc-ubuntu template?
<lifeless> so the answer is 'apt-get remove resolvconf' ?
<gary_poster> lifeless, no the answer is to wipe out the lxc cache (rm -rf /var/cache/lxc/*)
<stgraber> hallyn: that sounds reasonable yes, maybe add a --force-cache or similar parameter to the template to use it even if expired
<gary_poster> the resolvconf had to do with the warnings I got while it was working
<stgraber> hallyn: or even a --expiry when creating it initially (though then we'd have to store the value somewhere :))
<hallyn> stgraber: I guess let's talk about it at sprint
<hallyn> lifeless: gary_poster: yeah, resolvconf is not nice on debootstrap :(
<gary_poster> hm
<lifeless> hallyn: if its gone, does dhclient do its own resolv.conf updating?
<hallyn> yes
<hallyn> for later releases we don't install it
<lifeless> cool, I'll purge it from my containers; I had quite some headaches with the /var/run content removal and the resolvconf symlinks
<hallyn> but up to natty we do
<hallyn> hm
<lifeless> hallyn: have you tried lucid w/out it ?
<hallyn> not sure i have, but maybe, since i did consider SRUing removal of it
<hallyn> i can't imagine it failing
<lifeless> :)
<hallyn> (quote me on that :)
<lifeless> would I do that ? :>
<Lcawte> Hi, I'm still having problems not being able to boot into grub / past bios/cmos whatever its called... anyway, the hard drive works fine and boots in my desktop upstairs, any idea why it doesn't work downstairs in the other machine?
<uvirtbot> New bug: #904410 in mailman (main) "Mailman configuration script causes syntax error in  "/var/lib/mailman/Mailman/mm_cfg.py", line 76" [Undecided,New] https://launchpad.net/bugs/904410
<stgraber> hallyn: and for Precise we'll bring back resolvconf, but by default this time ;)
<stgraber> hallyn: and not just for containers :)
<hallyn> oh?
<stgraber> https://blueprints.launchpad.net/ubuntu/+spec/foundations-p-dns-resolving
<stgraber> the plan is to use resolvconf everywhere
<stgraber> but a fixed resolvconf, not the one we have at the moment :)
<Lcawte> Hi, I'm still having problems not being able to boot into grub / past bios/cmos whatever its called... anyway, the hard drive works fine and boots in my desktop upstairs, any idea why it doesn't work downstairs in the other machine?
<hallyn> ok, cool
<sw0rdfish> RoyK, hi :D
<RoyK> hi
<raubvogel> If you are ssh'ing out, is the message "debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,password" from your machine or the server (telling you which authentications it will take)?
<raubvogel> "
<smoser> ok... who wants to review for me.
<smoser>  https://code.launchpad.net/~smoser/ubuntu/precise/euca2ools/new-snapshot-bzr495/+merge/85753
<smoser> adam_g, SpamapS ?
<smoser> and SpamapS i just re-uploaded cloud-init to lucid-proposed
<uvirtbot> New bug: #904474 in whois (main) "Update whois server for .rs zone" [Undecided,New] https://launchpad.net/bugs/904474
<uvirtbot> New bug: #904480 in nova (main) "change default networking to virtio in Ubuntu packaging" [Undecided,New] https://launchpad.net/bugs/904480
<SpamapS> Ursinha: hey are you around? I had an idea for an enhancement to http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html
<sw0rdfish> hey RoyK you still there?
<MACscr> did specify something wrong when trying to build partclone from source? http://pastebin.com/QZKFrtYg
<MACscr> i cant for the life of me figure out how to get part clone to work on my ubuntu server
<MACscr> and i need it in order to recover an image
#ubuntu-server 2011-12-15
<uvirtbot> New bug: #904532 in nova (main) "Provide a script to automate cleanup of _base" [Undecided,New] https://launchpad.net/bugs/904532
<animeloe> hi there
<animeloe> im having issues with booting 10.04 setver
<animeloe> it freezes after the init-bottom finishes
<animeloe> im running the latest ubuntu 10.04 kernel and updates
<animeloe> any ideas how i can get it working again.  also trying to use the last kernel doesnt work either
<kaushal> Hi
<GamingX> Hey guys. Can someone help in installing Eclipse-PDT on Ubuntu ? I tried installing it from the tutorial here, but I'm having some problems with it https://help.ubuntu.com/community/EclipsePDT
<mkonline> hi
<kaushal> Hi
<kaushal> Any clue about https://lists.ubuntu.com/archives/ubuntu-server/2011-December/006024.html ?
<Vivek> I have made a fresh install of Ubuntu Ubuntu 11.10
<Vivek> I have followed the following URL to install orchestra http://cloud.ubuntu.com/2011/09/oneiric-server-deploy-server-fleets-p1/
<Vivek> When I do a cobbler list: I am not able to view the oneiric-i386  or  oneiric-x86_64 in any of the distros:, profiles:, repos:,  the mgmtclasses is completely empty.
<Vivek> Why is this happening ?
<Vivek> The Host is Ubuntu 11.10 and I am running orchrestra on a host running in virtualbox.
<drt24> Vivek: you might need to run orchestra-$something to get it to initailise things properly
<Vivek> What is the $something ?
<Vivek> I am missing all oneric entries.
<drt24> so if you do tab completion on orchestra- you should get a selection of different scripts to choose from I don't remember which the correct one was
<drt24> potentially request isos or similar
<drt24> (I don't have my VM with orchestra running at the moment)
<Vivek> orchesta-import-isos
<Vivek> drt24: orchesta-import-isos
<drt24> ahh good :-)
<lynxman> morning o/
<jamespage> morning all
<jamespage> morning lynxman
<lynxman> jamespage: morning jamespage :)
<caribou> morning
<jamespage> Daviey, smoser, utlemming, lynxman (plus anyone else whos interested)
<caribou> Question : when /boot is setup as a separate partition, is there a requirement for it to be ext2 ?
<jamespage> the minimal virtual install is around +50MB oversized in precise ATM
<lynxman> caribou: requirement is only put by grub, I think it supports XFS as well and other filesystems
<caribou> thanks lynxman
<jamespage> two versions of python is some of that; but we are also carrying multi-arch overhead - should/can this be disabled for the minimal-virtual install?
<lynxman> caribou: "GRUB supports all commonly used Unix file systems, VFAT and NTFS used by Windows, as well as Logical Block Address (LBA) mode. GRUB allows users to view the contents of files on any supported file system."
<caribou> I'm working on a kdump patch to fix an issue when /boot is a separate partition
<caribou> lynxman: thanks, means that the patch will need to be more generic
<lynxman> jamespage: I reckon so, but I think Daviey was doing some work on that
<jamespage> lynxman, hmm - is Daviey around?  he might be on hols
<Daviey> jamespage: o/
<Daviey> holololowhat?
<jamespage> Daviey: lynxman thought you might be looking at the minimal-virtual install size on amd64?
<lynxman> jamespage: he's never on holidays :)
<jamespage> its about 50MB oversize - see above
<Daviey> jamespage: I don't know that we can disable multi-arch for a specific usecase
<Daviey> we might just have to lump it, unless there are other reasons for the expansion?
<jamespage> Daviey: well its only 50MB so I can update the test case to make an allowance for amd64 architectures
<Daviey> I did notice am64 iso recently ballooned, not clear why
<Daviey> (amd64 iso is currently oversized)
<Daviey> .. so we do need to fix that.
<jamespage> Daviey: OK - so I'll update the test case to account for the multiarch increase
<jamespage> it will still fail; so I'll raise a bug as well
<jamespage> I have looked but can't see why it is so much larger
<Daviey> right
<Daviey> I'd like to be certain that is the only reason for the bump
<jamespage> +25MB for multiarch
<Daviey> Out of interest, when was the last time anyone here used alien?
<BigRedS> Daviey: three or four years ago I'd have thought. Back when it was relatively new, and most things were packaged for rpm
<Daviey> BigRedS: right, we still ship it on the CD.. wonder if we still need to.
<sarthor> where can i get help about openerp? I want to know can i install openerp on ubuntu-server as a server? will i be able to connected via my browser?
<caribou> lynxman: looks like grub doesn't like XFS on /boot. my VM no longer boots :)
<lynxman> caribou: *doh*
<lynxman> caribou: it should supposedly work
<caribou> well, grub-rescue tells me "unknown filesystem"
<lynxman> :/
<jamespage> Daviey: bug 904681
<uvirtbot> Launchpad bug 904681 in ubuntu "precise amd64 minimal-virtual install is oversized" [Medium,Confirmed] https://launchpad.net/bugs/904681
<jamespage> I've also annotated the jenkins job with a link to this bug
<Daviey> jamespage: you are pretty good.. aren't you?
<uvirtbot> New bug: #904681 in ubuntu "precise amd64 minimal-virtual install is oversized" [Medium,Confirmed] https://launchpad.net/bugs/904681
<Daviey> jamespage: I'm /certain/ there is a deeper problem
<uvirtbot> New bug: #904694 in cloud-init (main) "Start/stop on EC2 does not reset private IPs/hostname" [Undecided,New] https://launchpad.net/bugs/904694
<lynxman> Daviey: the ath9k rom in ipxe is still broken, should I try to build a package skipping it? :)
<jamespage> Daviey: agreed
<soren> jamespage: You don't log what packages are installed in those images, do you?
<soren> jamespage: Like a package manifest of sorts?
<jamespage> soren: well we grab the d-i syslog
<soren> jamespage: i see the image size jumped 35 MB from 2011-11-29 to 2011-12-02.
<soren> In VMBuilder, I used to run "dpkg-query -W --showformat='${Package} ${Version}\n'" at the end to capture the manifest.
<soren> That was really useful in tracking down exactly like this.
<jamespage> soren: that would be a good addition to the data captured
<soren> Daily archive snapshots would also be awesome.
<lynxman> Silly question but how can I change the Ubuntu install partition editor to create MBR partitions instead of GPT? I'm using old hardware
<zul> lynxman: maybe in expert mode
<lynxman> zul: hmm I'll try, thanks :)
<koolhead11> hi all
<lynxman> koolhead11: hi o/
<koolhead11> hello lynxman . how are things :d
<lynxman> koolhead11: busy :)
<koolhead11> lynxman: awesome. i am reading OS. been a while i read hard copy of any book :P
<RoyK> http://www.xkcd.com/989/ lol
<uvirtbot> New bug: #904739 in euca2ools "euca-import-keypair does not work to EC2" [Undecided,New] https://launchpad.net/bugs/904739
<koolhead11> hey RoyK i hate you man :P
<uvirtbot> New bug: #904748 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/904748
<BigRedS> If I've an md array rebuilding, is there a way to ask it which device is being readded?
<Daviey> lynxman: how is it broken?
<zul> Daviey: hey did you see the security review that jdstrand did for keystone?
<Daviey> zul: sure did
<zul> Daviey: will put it on my list
<Daviey> \o/
<zul> so its going to be properiatary (i cant spell that word)
<lynxman> Daviey: the same rom as before doesn't work
<lynxman> Daviey: ath9k rom is broken, and nobody knows on #ipxe
<uvirtbot> New bug: #861650 in glance "Glance client packaging uses non-required dependencies" [Undecided,Fix committed] https://launchpad.net/bugs/861650
<lynxman> Daviey: I think I'll just exclude ath9k rom or maybe use the old one
<hallyn> kees: jjohansen: the seccomp2 stuff in ubuntu-precise kernel is supposed to be usable, right?
 * hallyn fixin' to have some fun with seccom2+lxc over break
<kees> hallyn: I still haven't examined the execness, but the code is there in precise, yes.
<kees> hallyn: I'll be excited to see what you come up with!
<hallyn> kees: cool, thanks.  First I'll actually play with the mini jail from google folks, so I'll verify with that whether the kernel is all right I  guess :)
<kees> hallyn: yeah, minijail is cool
<zul> adam_g: can you have a look http://paste.ubuntu.com/771266/
<adam_g> zul: is this to be the current delta between our branch and the ubuntu-openstack-packagers branch?
<zul> adam_g: yeah plus my fixes to it
<adam_g> zul: ah, looks good. i wanna check on "glance-manage db sync", im not sure if that command is still there.. even if it is, "glance-manage" wasn't functioning at all last night. im not sure if config files need updating or what
<zul> i installed that package this morning and didnt have the same problem
<adam_g> hmm ok
<smoser> adam_g, have you installed precise packagess of current nova?
<smoser> i was seeing db sync issues with nova on devstack yesterday (from git, not packaged)
<adam_g> zul: is there a branch somewhere with that diff? ill give it a go
<zul> adam_g: not yet gimme a sec
<adam_g> smoser: i haven't used anything that hasn't been in our archive this cycle. ill probably start working off milestone-proposed now
<adam_g> smoser: what was the issue? tables already exist?
<smoser> so... if someone could veirfy that nova db sync works on precise from package, that'd be good.
<smoser> adam_g, hold on. let me dig log.
<zul> adam_g: lp:~zulcss/glance/ubuntu-merg
<zul> smoser: hmmm?
<adam_g> smoser: ive been using packaged nova without problems
<smoser> but what level are they at?
<smoser> this is recent in last week i think
<smoser> http://paste.ubuntu.com/770272/
<smoser> now, clearly devstack does all that pip crap, so something else could be in the way. but i just hoped someone had seen it functionoing given recent nova on recent precise.
<smoser> that was tip of both yesterday morning.
<adam_g> smoser: ive seen that before a while ago, it was a bad migration config in nova's migrate repo
<smoser> adam_g, well it woekd on oneiric
<smoser> 85% sure they were the same things
<adam_g> smoser: the same nova versions?
<smoser> yeah.
<smoser> both at tip of af54e79b7815c233c6e800bc79e428fe23f92eb7
<adam_g> smoser: it might be related to mysql changes. i hit almost the exact same thing (if i remember correctly) only when mysql was configured using InnoDB instead of MyISAM
<smoser> adam_g, i just launched another one in canonistack.
<smoser> i just launch with: http://paste.ubuntu.com/771386/
<smoser> as user-data on  my precise amis
<adam_g> smoser: https://bugs.launchpad.net/nova/+bug/816236
<uvirtbot> Launchpad bug 816236 in nova "Initial 'nova db sync' migration fails on mysql (if InnoDB was used since the beginning)" [High,Fix released]
<smoser> if this reproduces now i'll open a bug, adam_g
<smoser> and you can poke at the system too
<adam_g> smoser: at the surface it looks like the same thing, id look at the patch that fixed that bug and see if the same could be applied to the migration thats failing. it might be triggered by our mysql changes, but ideally those migrations should run on any compatable db backend, id think
<adam_g> zul: that package doesn't work. none of of the dependencies i added in lp:~gandelman-a/glance/fixdeps exist in that pkg branch?
<zul> adam_g: shit gimme a sec
<zul> i totally forgot about your branch in my branch
<adam_g> :)
<zul> adam_g: fixed
<adam_g> zul: im curious to know why we're not doing all of this ontop of the upstream branch?
<zul> adam_g: becuse i have pushed to the upstream branch
<zul> i wanted someone to test it other than me before i pushed it
<zul> s/pushed it/merge request/g
<zul> but after those changes we will be sync for glance at least
 * zul goes back to writing man pages
<adam_g> zul: well i mean, why not rebase based on what is in the current upstream branch, add our changes and push back? that dependency change you just applied will be a merge conflict against the upstream change
<zul> adam_g: thats the goal essentially
<adam_g> zul: ah, im not tryin to bust your chops just trying to wrap my head around how this is supposed to work :)
<zul> adam_g: sure sure, but yes we need to sync everything up
<adam_g> zul: goin to #openstack-packaging
<broder> zul: what's your intent with the branches owned by ~openstack-ubuntu-packagers? my best interpretation of the intent is that changes should go there instead of the lp:ubuntu/* branches, but there's no Vcs-Bzr tag in the packaging to confirm that
<zul> broder: openstack-ubuntu-packagers is apart of the openstack project and thats where they keep their packaging, ubuntu packaing is kept in ubuntu-server-dev and the debian/control needs to be updated to reflect this
<EvilResistance> perhaps you all can help me...  i've got a system which tries to boot, but yells about a readonly filesystem and says it needs recovery (after which writing will become active again).  It dumps me into an initramfs prompt.  If I use a LiveCD to fsck the partition, will that fix the issue?
<EvilResistance> nevermind fixed it
<EvilResistance> running the fsck fixed the partition.
<zul> adam_g: is it ok for merging?
<adam_g> zul: crap hold on
<webPragmatist>  /usr/sbin/service: 9: Syntax error: EOF in backquote substitution
<webPragmatist> can i reinstall the service binary somehow?
<smoser> webPragmatist, sudo apt-get install --reinstall sysvinit-utils
<webPragmatist> smoser: what's up with this UUID=08f80e21-4bc5-4192-b77e-fe4c476c62b3 /               ext4    errors=remount-ro 0       1
<webPragmatist> should i restart?
<webPragmatist>  man this server is effed
<adam_g> SpamapS: ping
<smoser> webPragmatist, i dont know what you mean.
<smoser> that looks sane to me.
<SpamapS> adam_g: pong, sup?
<adam_g> SpamapS: mysql on precise, did the default storage engine change?
<webPragmatist> smoser: the drive is mounted read-only ?
<webPragmatist> i'm just confusedâ¦ maybe it needs to run fsck?
<SpamapS> adam_g: yes!
<SpamapS> adam_g: 5.5 has InnoDB by default.
<SpamapS> because MyISAM is doomed. :)
<smoser> webPragmatist, thats from fstab? its just telling you that if there are errors, it will be remounted read-only.
<smoser> so, if it is RO, then there might have been issues on fscheck.
<adam_g> SpamapS: ok, thats what i figured. thanks
<adam_g> smoser: ^^ thats why this is only turning up on precise
<smoser> hm..
<SpamapS> nova can't handle being innodb?
<smoser> adam_g, so you tihnk that 022_ migrates from InnoDB -> InnoDB and that causes issues ?
<adam_g> SpamapS: it can with special care during migrations.
<adam_g> smoser: probably, or a python-migrate not being able ot handle storage engines being swapped out from under it
<SpamapS> alter table foo engine=InnoDB; when it already is InnoDB is exacty the same as doing 'optimize table foo'
<webPragmatist> smoser: what should i do heh?
<sveinse> I'm setting up RAID5 md on 4 disks. Is it recommended to put LVM on top of the md? I have no need for more than one partition in this md. And I doubt the server will grow as its full.
<SpamapS> sveinse: LVM has other benefits
<SpamapS> sveinse: like snapshots
<zul> adam_g Daviey: so that glance-manaage bug doesnt affect the milestone-proposed branch (just tested it) so we should be ok
<Daviey> win
<Daviey> smoser: How did daily triage go?
<smoser> ;)
<Nafallo> hah! nice answer :-P
 * Daviey does some
<Daviey> Anyone fancy sponsoring, bug 903901 SRU?
<uvirtbot> Launchpad bug 903901 in openldap "[Lucid] backport fix for ITS#6458" [Medium,Fix released] https://launchpad.net/bugs/903901
<smoser> i'm looking at it Daviey
<Daviey> rocking!
<smoser> i hate the package importer failing
<Daviey> I hate disease, poverty and lack of world peace; we all have things we don't like, eh? :)
<smoser> disease.
<smoser> pft
<guntbert> says the young and healthy
<SpamapS> zul: were you going to respond to kees question about SRU's ?
<zul> SpamapS: i did
<SpamapS> stupid sup..
 * SpamapS digs back through archived threads
<SpamapS> zul: you  must have responded in private
<Daviey> I didn't see the reponse, i don't thik
<Daviey> oh, wait - i did
<SpamapS> the list didn't show it
<zul> SpamapS: stuck in the moderation queue again i bet
<Daviey> Yep.. zul - you'll need to poke sabdfl, mdz, Keybuk, cjwatson or pitti.
<SpamapS> Or join the ML
<Daviey> Hmm, not necessarily in that order.
<zul> lovely
<SpamapS> its only moderated for non-subscribers isn't it?
<Daviey> I assumed the subscribers was limited to the techboard, by design.
<Daviey> But i guess there is no reason for it to be.
<SpamapS> nope, I'm subscribed
<zul> so much to do so little time
 * Daviey sub's
<wmp> http://wstaw.org/m/2011/12/15/plasma-desktopLb1917.jpg - anyone know what is wrong?
<SpamapS> wmp: "Root-NFS: no NFS server address"
<SpamapS> wmp: that may be misleading, but basically it means the server wasn't able to mount the root partition
<wmp> this have all kernels, but only on this machne dont work
<SpamapS> wmp: in grub, what does 'root=' show ?
<wmp> SpamapS: wait ;)
<adam_g> zul: what release did you test?
<wmp> SpamapS: http://wklej.org/id/648592/
<zul> adam_g: you are using trunk (e3), release is (e2)
<zul> adam_g: i updated my branch so you should be able to just pull it
<zul> and rebuild yadda yadda
<adam_g> ok
<SpamapS> wmp: hm, I don't really know how to read that.. but typically I'd expect an 'initrd' somewhere
<wmp> SpamapS: i must change sda1 to hda1
<wmp> interesting...
<sanderlt> Heyo everybody! i need to get to (whole) bash terminal from gdm.. any suggestions?
<SpamapS> sanderlt: ctrl-alt-f1
<adam_g> zul: that pkg seems to be cool excpet for registry
#ubuntu-server 2011-12-16
<uvirtbot> New bug: #905029 in php5 (main) "unexpected end-of-file" [Undecided,New] https://launchpad.net/bugs/905029
<irx> hello. i'm having problems with 2TB drive attached to 8.04 server x64. does show up as /dev/sdb, but fdisk can't handle it, nor dows it show any partitions
<twb> Define "can't handle it"
<irx> Unable to read /dev/sdb
<irx> lshw does show some info, as does dmesg
<irx> http://pastebin.com/TS7swJwP
<irx> any ideas?
<twb> Are you running fdisk as root?
<irx> yes
<twb> Dunno, then
<twb> Could be a non-512b block device, and that is pissing it off
<twb> You can use MBR disk labels up to 2TiB, so a 2TB disk will be fine
<irx> so ... no luck on getting this to work?
<twb> I have no idea
<twb> I haven't experienced that issue before
<irx> according to manual it uses 4096 bytes per sector, is that what you meant by non-512b block device?
<irx> i'm assuming that this drive uses the new 4k format, so could that be unsupported by the 8.04 kernel?
<twb> Could be
<twb> I don't know if 8.04 handles those
<qman__> could be, I don't remember when that support was added
<qman__> however I also recall problems with fdisk in particular, have you tried parted?
<qman__> or cfdisk, or anything else
<twb> Mmm, IME they're all stupidly picky in different ways
<irx> "parted /dev/sdb" just returns, nothing ...
<irx> cfdisk also can't read the drive
<qman__> probably too old a kernel then
<irx> i'd love to update, but i'm using vmware server ...
<irx> and that beast just requires me to use 8.04
<qman__> well, provided you verify the drive works in a more recent system, there's not really anything else you can do
<qman__> get a newer kernel, or get a drive that doesn't have 4k sectors
<irx> drive came straight from my other machine, running windows server 2008 r2, no problems there ...
<qman__> if the drive is using GPT, that may also be an issue
<irx> don't think it's the case, dmesg shows it has 0 512b sectors
<irx> and if i'd use gpt, fdisk would at least be able to access the drive
<qman__> yeah
<irx> so it's just that my 2.6.24 can't handle 4k drives and vmware won't allow me to update it. f**l
<irx> guess i'll have to find another virtualization method then ...
<cjwatson> IIRC the point where WD sent me a 4k sector drive so I could make Ubuntu support it better was 9.10 or 10.04 or so
<cjwatson> yeah, changelogs suggest 10.04
<cjwatson> before that parted definitely didn't understand it properly
<qman__> yeah, that's about right
<irx> so out of luck with this drive and this kernel?
<qman__> bear in mind that 4k sectors didn't show up until the 3TB drives did
<qman__> even though many 1TB+ drives now use them
<cjwatson> I don't recall the kernel state, but the userspace was definitely not up to it in 8.04
<qman__> I can't say without any doubt, but that's my best guess
<qman__> you'd have to read through changelogs to know for sure
<cjwatson> I'm pretty certain
<cjwatson> sorry - it was a pretty invasive set of changes, not easily backportable
<irx> well yeah, who would have thought that you'd need such an old kernel with those drives ...
<irx> i guess it's time to get comfortable with KVM
<irx> thanks guys :)
<patdk-wk> hmm, I ran 4k sectore disks in 9.10 without any issues
<patdk-wk> currently running 10.04 on it though
<cjwatson> It might have worked by then if you could get it installed, ye.
<cjwatson> *yes
 * patdk-wk notes 3 out of 3 of them died a horrible death, so currently have 0 4k sector disks
<cjwatson> I have two, but one is in a USB enclosure and that doesn't pass through the topology information, and one is in a currently-dead machine.  Sigh.
<cjwatson> Must carve out time for some home sysadmin.
<SpamapS> cjwatson: EC2 has pretty much relieved me of all home sysadmin duties.. the only "server" I have is my WRT54G :)
<SpamapS> all media is stored on USB drives that I plug into whichever device needs to access said media.
<SpamapS> Actually lately I don't even use those.. I just use Amazon/Netflix
<cjwatson> You have a lot more bandwidth than I do
<SpamapS> True, 12Mb down, 1Mb up
<cjwatson> That, and I go over my charging thresholds as it is; it would be unaffordable to do everything over the network
<SpamapS> metered bandwidth would definitely be a problem for me too
<cjwatson> And yes, at 2Mb down it's not very exciting to put everything in the cloud
<SpamapS> I dunno, I got rid of my home server when I got my first 1.5Mbit down/up connection
<SpamapS> But I wasn't doing OS development at the time
<cjwatson> SpamapS: http://www.phdcomics.com/comics.php?f=1456
<SpamapS> :-D
<qman__> eh, I could never do it that wy
<qman__> I get mildy annoyed with gigabit
<qman__> waiting for 10g consumer devices
<SpamapS> qman__: what do you find yourself transferring?
 * SpamapS asks, while waiting for erlang's 32MB source file to upload to the ubuntu archive
<qman__> oh, everything
<qman__> all the normal media, and now with HD video it's a lot bigger
<qman__> but one of the more annoying tasks is backups
<qman__> in truth my array is far from optimal and actually the limiting factor
<qman__> but the main point stands, no way I could deal with my stuff on 10/100, much less go without my stuff on-site
<SpamapS> qman__: but, what actual media are you transferring?
<qman__> like I said, everything, TV and movies, music, games, I don't use discs anymore
<SpamapS> I don't either.. but I just stream it in off the net
<qman__> keep all my music in FLAC, and an HD show is usually over 1GB
<SpamapS> I do only have 8GB of music.. so I am I think odd
<SpamapS> I went through and purged all the music I hadn't paid for about 3 years ago.
<qman__> most things I use it for, 10/100 would be acceptable, but just enough
<SpamapS> qman__: I'm convinced that 90% of the hard drives sold to the consumer market are used primarily to house pirated content. :)
<qman__> but I also do a lot of fixing computers, and that means many gigs of backups
<qman__> I won't disagree
<SpamapS> Yeah backups definitely aren't tolerable w/o Gigabit. :)
<qman__> and I have about 6 users actually storing data here
<SpamapS> which is why I have no data anymore.. my backup is U1 syncing my Photos/Documents
<kirkland> hallyn: have you tried byobu's new feature to save and restore custom layouts?
<kirkland> hallyn: configure your tmux however you want, with vertical and horizontal splits, etc.
<kirkland> hallyn: and then ctrl-shift-f8, you'll be prompted to name your layout
 * SpamapS wanders off
<kirkland> hallyn: and then shift-f8, you'll see a list of layouts and you'll choose one
 * kirkland waves at SpamapS 
<kirkland> hallyn: it was pitti's idea
 * SpamapS waves back on his way to find an opener for the last Leffe Blonde Ale he just found in the fridge
<hallyn> kirkland: hm, that actually sounds good
<hallyn> kirkland: and what's more, you know who might be swayed by that?
 * kirkland tries not to concentrate on the word "actually"
<hallyn> paulmck
<kirkland> hallyn: heh :-)  he and i had a chat about something like that at uds
<hallyn> well!  my first reaction was "why would i need that".  i'm quite the sceptic
<hallyn> i know i was there
<hallyn> and he likes to fire off his xterms in certain layouts.  byobu layouts might help him
<kirkland> hallyn: cool, i'll reach out to him
<kirkland> hallyn: i'm trying to get mouse-mode working well, but i'm not there yet
<hallyn> eh, maybe best to just wait and mention it in person :)
<kirkland> hallyn: good point ;-)
<kirkland> hallyn: though i don't know when i'll see him again with the new job
<hallyn> you know there's a guy (paul t) working on something that might compete with byobu
<hallyn> oh, right
<kirkland> hallyn: neat
<kirkland> hallyn: who's paul t?
<twb> Does byobu speak tmux now?
<kirkland> twb: yes
<twb> huh
 * kirkland waits for twb's tirade...
<hallyn> tagliamonte
<twb> Why not just fix tmux
<twb> Seeing as how it has an active upstream
<twb> Incidentally, my netbook has no f8 key ;-)
<hallyn> after all i would prefer dvtm to tmux's panes if only it would do scrollbar
<twb> And can't type shift+<function key> in fbcon anyway
<kirkland> hallyn: what's it called?
<kirkland> twb: yeah, tmux is very active, that's nice
<hallyn> i forget, he keeps renaming it, but look through planet.ubuntu.com, he keeps mentioning it there
<hallyn> ah yes rokkaku
<hallyn> rolling his own all the way down to an ansi escape library
<kirkland> hallyn: i only see one post, http://blog.pault.ag/tagged/rokkaku
<hallyn> he had an older one when it was all called shibuya i think
<hallyn> http://blog.pault.ag/post/12642018666/silly-little-project-activity-for-this-week
<kirkland> twb: what are your blocking issues for tmux?  I know you were complaining about it earlier this week...
 * hallyn out
<twb> hallyn: cough
<twb> kirkland: the main ones are in http://cyber.com.au/~twb/.tmux.conf
<twb> kirkland: bottom line is I couldn't make it do everything I do in screen, in an afternoon of effort
<twb> i.e. inertia
<twb> If I spent a couple of weekends I probably could, with some C patching, but ICBF and screen is already installed on every box I have to babysit, so it would be a bit like learning zsh or dvorak
<kirkland> twb: interesting;  I had to solve a few of those same problems in byobu
<kirkland> twb: particularly the lack of separate refresh frequencies for status items
<twb> How did you do it?
<kirkland> twb: which i solved with a cache based approach
<twb> Yeah, figured :-)
<kirkland> twb: not many other options
<twb> HTFS
<kirkland> twb: but i retrofited that to work with both screen and tmux
<kirkland> twb: there is a nice upshot though
<kirkland> twb: which is that if you have multiple byobu/screen or byobu/tmux sessions
<kirkland> twb: they can all share the same cache file
<kirkland> twb: and each cache is updated at its own defined frequency
<twb> Meh
<kirkland> twb: it's quite functional and comparatively efficient
<twb> Incidentally that's that I did as a workaround too
<twb> imapbiff (using IMAP IDLE) writes to a file; screen tails -f it, byobbu poll's it with tail -1
<twb> Whereas before screen just ran imapbiff directly
<kirkland> twb: the two main parts of the profile are:
<kirkland> twb: http://bazaar.launchpad.net/~kirkland/byobu/trunk/view/head:/usr/share/byobu/profiles/tmux
<kirkland> twb: and
<kirkland> twb: http://bazaar.launchpad.net/~kirkland/byobu/trunk/view/head:/usr/share/byobu/keybindings/f-keys.tmux
<kirkland> (excuse LP's bad color coding)
<twb> I don't get colour anyway
<twb> I think tmux would've been better off just using liblua for its config files, tho
<twb> There's a screen git branch that does that
<uvirtbot> New bug: #905099 in ipxe (main) "package kvm-ipxe 1.0.0+git-2.149b50-1ubuntu3 failed to install/upgrade: trying to overwrite '/usr/share/qemu/pxe-ne2k_isa.rom', which is also in package ipxe 1.0.0+git-2.149b50-1ubuntu2" [Undecided,New] https://launchpad.net/bugs/905099
<angelete2> hi
<angelete2> i have my server with 2 hd, and 2 raid partitions (/boot and /)
<angelete2> my mysql didn't started, and searching for more info, i found there was a problem with permissions in my filesystem
<angelete2> when i looked the filesystem i found some files with ?????????? info instead of permissions, inode and so on
<angelete2> so i made a fsck /dev/md2
<angelete2> no my system does not reboot
<angelete2> and says that there are no partition on /dev/md2
<angelete2> what can i do?
<twb> pastebin /proc/mdstat
<angelete2> twb: it's fine, both mds are UU
<angelete2> i would like to know what could cause this problem
<twb> both as in md0 and md1, or md2 ?
<angelete2> in both md1 and md2
<angelete2> there wasn't md0
<twb> Dunno why fsck is sad then
<angelete2> now when i boot my server it shows only a initramfs console
<angelete2> but i cannot access to fsck
<twb> Did you read the error message at that console?
<angelete2> no, i was working using ssh console
<angelete2> but now i have to work using phisical console
<angelete2> i'm gonna try to use a usb linux, give me 10mins,
<angelete2> i'll be back
<matti> http://i.imgur.com/2I6LQ.jpg :)
<oCean> matti: please don't post offtopic here
<matti> oCean: Heh, sorry.
<koolhead11> hi all
<uksysadmin> morning koolhead11
<koolhead11> hey uksysadmin .
<uksysadmin> so I got an answer from the OS team meeting regarding updates... there's gonna be a 2011.3.1 release of Diablo soon
<twb> uksysadmin: uh, are you in the wrong channel?
<uksysadmin> not really - discussing OpenStack Ubuntu packages on my 11.10 server is valid isn't it?
<koolhead11> uksysadmin: sounds good. i am not touching OS till essex comes, not interested in getting frustrated anymore
<koolhead11> twb: hello there
<twb> uksysadmin: fair enough
<twb> I guessed "OS Diablo" was some plan9 knockoff or something :P
<koolhead11> twb: :P
<koolhead11> lynxman: hola
<Daviey> rbasak: Please can you sign up for some WI's regarding ARM, at the bottom of:
<Daviey> http://status.ubuntu.com/ubuntu-precise/group/topic-precise-servercloud-service-orchestration.html
<Daviey> hey uksysadmin o/
<uksysadmin> Hi Daviey
<uksysadmin> how goes it?
<Daviey> uksysadmin: Not too bad.. How closely are you following the stable branches?
 * rbasak looks
<uksysadmin> quite - as we're not insane enouugh to touch Diablo in production, its not much of a priority - but its good for my sanity doing stuff that should work
<uksysadmin> what's the plan for a bug fix set of packages coming to 11.10?
<rbasak> Daviey: how many would be sensible?
<Daviey> uksysadmin: Well.. zul and myself are on the openstack stable team.  We are currently looking at how best to backport it to Oneiric.
<Daviey> We are working on some CI testing, but it's not quite ready.
<Daviey> (almost!)
<Daviey> rbasak: *shrug* :), for a release team perspective - i was just concerned so many are in unassigned state, and wanted to shrink the list :)
<uksysadmin> awesome Daviey - I'll be lurking until its out ;-)
<koolhead11> uksysadmin: :P
<rbasak> Daviey: OK, I've taken three that I think would be most useful to do
<koolhead11> rbasak: hey there
<rbasak> hey koolhead11!
<querier> Hi there: what is normal way to add/remove/start jobs onubuntu desktop running as server?
<Daviey> uksysadmin: super :)
<koolhead11> Daviey: sir. what is there 4 my plate :D
 * koolhead11 needs some TODO :D
<Daviey> koolhead11: Well Essex-2 is landing in Precise today. :)
 * uksysadmin has a list of work as long as his arm for koolhead11 if he's that keen - shame not Ubuntu related
 * uksysadmin is just firing up a Precise VM in prep for that!
<koolhead11> uksysadmin: :P
<koolhead11> Daviey: cool i will have  2 machine setup of precious plus openstack
<koolhead11> uksysadmin: your yet to get me the cobbler manual partition preseed thing.
<koolhead11> :p
<uksysadmin> ahh, yes - I promised that didn't I?
<uksysadmin> when I work it out - I'll let you know :p
 * uksysadmin thinks installing everything under / is underrated
 * koolhead11 wants to write blog on cobbler/ubuntu. 
<koolhead11> uksysadmin: but what i have realized is this kickstart file its very perticular about syntax and spaces
<uksysadmin> is that Python based too!?
<koolhead11> uksysadmin: preseed in debian term. no it has notthing to do with python :P
<uksysadmin> ;-)
<querier> Is there a difference between ubuntu dekstop and server edition regarding the "startup" behaviour ?
<jamespage> querier, there are some differences, yes
<jamespage> querier, specifically which jobs do you want to add?
<querier> jamespage: for example , does ubuntu server use /etc/inittab ? Im having problems with /etc/init/<job>.confs
<jamespage> querier: no - both desktop and server use upstart as the init system
<jamespage> you can still install regular init scripts /etc/init.d
<jamespage> what issues are you having creating upstart configurations?
<querier> creating is no problem...let me exaplain
<querier> jamespage: on a (ubuntu desktop running apache et.c) livecd, that I produced, the initctl start <job> does not seem to work.
<querier> jamespage: on the host  system which is equal it works jsut fine. (I used relinux to make the live cd)
<jamespage> querier, do you get anything in /var/log/syslog?
<uksysadmin> I'm just installing Essex-2 on Precise and doing my usual: apt-get install -y rabbitmq-server nova-api nova-objectstore nova-scheduler nova-network nova-compute glance qemu unzip it is pulling in X11 deps... what uses X11 - what is the easiest way of finding that out? (It never used to...)
<jamespage> querier: you can also up the logging level by running sudo initctl log-priority debug
<querier> jamespage: I just looked into the /var/log/syslog it does not tell me anthing about my attempts to start things.
<querier> jamespage: now this was added to. (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete)
<querier> jamespage: I dont understand what the maxdepth means?
<jamespage> querier, only descend to one level of subdirectories when executing find
<querier> jamespage: ic.
<tewea> iam system admin one osf serevr iam using ubuntu to my server and in my serevr i cant acess it the page remotly ?it works somtime and after short of time it says"ERROR The requested URL could not be retrieved" and second thing i installed ssh allradey but i cant aces it remotly to the server
<tewea> is there any body who can asssist me?
<TeTeT> tewea: do you have console access to the system if ssh doesn't work?
<jamespage> Daviey: minimal virtual grew again today
<tewea> TeTeT:console means? by the way i can aces it even graphically
<TeTeT> tewea: graphically is as good as console :)
<tewea> TeTeT:ok
<TeTeT> tewea: is there a firewall installed on the system? can you ssh localhost from it?
<tewea> TeTeT:yeah it works
<TeTeT> tewea: with /sbin/ifconfig you can find out your ip address, try that instead of localhost
<tewea> TeTeT:yeah it works even when iam typing by it ipadress
<TeTeT> tewea: hmm, what happens when you ssh from the outside to your server? can you ping it?
<tewea> TeTeT:even this one is working proporly
<querier> jamespage: the output php: :trying[sudo /sbin/initctl start id_._name] NOTHING. the job is /etc/init/id_._name.conf
<TeTeT> tewea: ok, that's good. now with that being ok, onto the webpage
<TeTeT> tewea: but wait a second - if something over the network works one time and not the other - is the assigned ip maybe taken already? E.g. two systems share the same ip address
<tewea> TeTeT:but i can't accces it to the web page
<TeTeT> tewea: is there some sort of network monitor running that could detect that?
<TeTeT> tewea: can you access from the server via 'w3m http://localhost'
<tewea> TeTeT:but i can't accces it to the web page it says"ERROR The requested URL could not be retrieved"
<TeTeT> tewea: is there a webserver running on the server at all? what's the output of netstat -ntaup | grep 80
<jamespage> querier, I need some more context to help - is php trying to run the start command?
<querier> jamespage: yes it is. and as the correct user.
<querier> jamespage: expected is " <job> start/running process_id"
<jamespage> querier, anything when you up the logging level with sudo initctl log-priority debug?
<jamespage> in (/var/log/syslog) that is
<querier> jamespage: Ihave sent the only output I found regarding the certain job.
<jamespage> querier, and you get nothing else when you run sudo /sbin/initctl start id_._name ?
<querier> jamespage: if I do it by hand (user) everything is fine.
<tewea> TeTeT: it says it established
<TeTeT> tewea: so, what does w3m http://localhost do from the server commandline?
<querier> jamespage: oh. when I do it now i am asked the password, which should not be, according to sudoers file.
<jamespage> querier, thats probably your issue; it may be failing silently under php
<tewea> TeTeT: it says it works
<jamespage> querier: hence no syslog output
<TeTeT> tewea: ok, so from the remote computer you can ssh to the server, but not access the webpage?
<querier> jamespage: hmm yes seems so. sudoeres:[ user   ALL = NOPASSWD:  ... /sbin/initctl ]
<tewea> TeTeT: from the rmote computer i can acees the web page but after some minute when i refresh the browser it says"ERROR The requested URL could not be retrieved" and complutly  i cant ssh it
<TeTeT> tewea: you sure the server has a unique ip address?
<tewea> TeTeT: yeah
<tewea> TeTeT: but how can i make it shure it have unique ip adress
<TeTeT> tewea: do you have access to another system in the same LAN?
<tewea> TeTeT: yeah
<TeTeT> tewea: ping the server, check sudo arp -a for the mac to ip assignment, repeat that every 10 mins and see if the mac sometimes changes
<TeTeT> tewea: there should be more sophisticated tools, but I'm not aware of any
<caribou> lynxman: remember when I told you that grub wasn't able to boot with /boot as XFS ?
<lynxman> caribou: I do I do :)
<caribou> lynxman: well, I was wrong; it's the way I moved /boot from ext2 to XFS that was wrong
<caribou> lynxman: rebuilding a brand new VM with a native XFS /boot works
<lynxman> caribou: I was quite certain that grub supported xfs, not so sure about jfs
<querier> jamespage: hmm just now I retryied and it worked doing it by hand without being asked for password.
<lynxman> caribou: cool :)
<caribou> lynxman: I'll tell  you in a minute, I'm testing that now
<lynxman> caribou: cool
<jamespage> querier: you sudo session remains intact for a bit - so you will not be asked everytime
<caribou> lynxman: but I just can't figure out how to move from on FS type on /boot to another without rebuilding the whole VM
<caribou> lynxman: there must be hooks in grub to tell it that the FS has changed and that grub.cfg needs to be changed, but I haven't found yet
<lynxman> caribou: maybe reinstalling grub might help?
<lynxman> caribou: that's what I would do a least
<caribou> lynxman: well update-grub doesn't seem to work
<querier> Jamespage:But I did not enter the user password. I did root$ su user . user$ sudo /sbininitctl start job. now
<uvirtbot> New bug: #905313 in analog (universe) "Fails to recognise Android or iP* devices" [Undecided,New] https://launchpad.net/bugs/905313
<uvirtbot> New bug: #905315 in ipxe (main) "package kvm-ipxe (not installed) failed to install/upgrade: trying to overwrite '/usr/share/qemu/pxe-ne2k_isa.rom', which is also in package ipxe 1.0.0+git-2.149b50-1ubuntu2 (dup-of: 905099)" [Undecided,New] https://launchpad.net/bugs/905315
<angelete2> hi
<angelete2> i've just installed my server, and i get a black screen
<angelete2> but i have ssh access
<angelete2> does getty use any kind of video driver??
<patdk-wk> vt100?
<esde> Hello all, quick question, I am running ubuntu server 10.04 for some small projects. Right now I'm uploading all my files to my webserver than WGET'ing them into my server box. This sucks. I'd like to set up an SMB share for the /var/www directory (at least) so that I can simply drag and drop the files I'm working with. I have installed the required components but I'm in need of assistance with the .conf file, specifically configuring the WORKGROUP
<esde>  section, please help :)
<Sander^work> Anyone uses pureftpd here?
<Jasonn> yeah
<Jasonn> I have
<Jasonn> Sander^work: ^
<Daviey> Jasonn: it grew again?!
<Daviey> jamespage: ^^
<jamespage> Daviey: yes - I think the base install for amd64 is now around 600MB
<Daviey> jamespage: I think next week we'll have to dig deep to find out what is being pulled in.
<jamespage> agreed
<Daviey> crikey
<zul> morning
<Sander^work> Jasonn, I'm wondring how I can debug what's going wrong there.. I've tried to turn on the -D -D option for debug mode..
<Jasonn> Sander^work: whats the problem?
<Sander^work> Jasonn, i'm using pure-ftpd-ldap.. and I'm unable to log into the server.. just getting Login authentication failed. and it takes like 5 seconds to give that answer.
<Sander^work> Jasonn, wondring what could be wrong with the pure ftpd server.
<Jasonn> Sander^work: whats wrong with it...
<Jasonn> whats not working
<_ruben> Sander^work: sounds like your ldap server is timing out or something
<Jasonn> what is the connection you have on that server?
<Sander^work> _ruben, I tried to put in another ldap IP in the pureftpd config.. and then it answered pretty quick..
<Sander^work> Jasonn, what you mean with connection ?
<Jasonn> speed
<Jasonn> sorry, should have specified that
<Jasonn> and the uptime/quality
<Jasonn> Honestly, I would just screw pure, and go with vsftpd
<Sander^work> It's been quite stable actually..
<Sander^work> Jasonn, but not lately..
<Sander^work> Jasonn, it's 100Mbit, why?
<Jasonn> I havent used it recently
<Jasonn> just wondering whether the timeout would have to do with the quality of the connection
<Jasonn> that is, if you are running a home server or something
<Sander^work> _ruben, Do you know how I can debug that, what is wrong?
<Sander^work> Jasonn, does vsftpd comes with an ldap module?
<Jasonn> hummmmm
<Daviey> hallyn: Around?
<Jasonn> http://devzero.wikidot.com/debian
<Jasonn> Sander^work: ^^
<Jasonn> its a debian guide, but should be almost the same
<zul> ttx: still around?
<ttx> zul: yes
<zul> ttx: have you had the ubuntu security team look at your rootwrapper yet?
<zul> ttx: because i want to start using it
<ttx> zul: yes, they reviewed it
<zul> ttx: ok so we should be able to start using it next week
<ttx> zul: you should ask them to cc you on the result...
<zul> ttx: yeah ill talk to them
<ttx> you still have my packaging patch ?
<zul> ttx: no :(
<ttx> My patch basically implemented : http://wiki.openstack.org/Packager/Rootwrap
<zul> ttx: ok ill push somethin up for review then after i get the ubuntu packaging out the door
<ttx> http://paste.ubuntu.com/772265/
<ttx> zul: you might need a fuzz a bit to apply it now
<zul> ttx: yep yep
<ttx> A bit of extra testing couldn't hurt, as well :)
<zul> ttx: dont worry ill be testing it :)
<uvirtbot> New bug: #900888 in swift "swift package shouldn't contain man page files for swauth" [Medium,Fix released] https://launchpad.net/bugs/900888
<uvirtbot> New bug: #905357 in open-vm-tools (multiverse) "open-vm-dkms 2011.07.19-450511-0ubuntu2: open-vm-tools kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/905357
<SpamapS> oh wow.. starting with MySQL 5.5.18 they're putting out native .debs
<zul> oracle?
<querier> Hi. where to get a list of packages the ubuntu server edition installs ?
<jpds> querier: http://gb.releases.ubuntu.com/10.04/ubuntu-10.04.3-server-amd64.list
<querier> jpds: Thank you.
<SpamapS> zul: yeah
<jpds> querier: But you probably want to look at the preseed/ubuntu-server.seed file.
<zul> SpamapS: interesting are they providing the source package as well?
<SpamapS> zul: no
<SpamapS> :-P
<SpamapS> fail
<zul> yep
<zul> that would have made things alot easier
<pythonirc1011> does anyone run ubuntu in production environment here? especially web applications/servers.  I need to run a webserver on a cloud-- very small slice of a xeon box (512Mb RAM / 600 Mhz slice). Any suggestions for configuration?
<pmatulis> pythonirc1011: yes, ubuntu is used in production all over the world
<powergod> QZ87MYÐ©JÓ¨P4
 * powergod |;
 * powergod MÎÆ§Æ¬Î£Ð¯ Î£áÓ¨ÐÓ¨MIÎ£ Î£Æ¬ Æ§Æ¬ÎÆ¬Î£GIÎ£ D Î£ÐÆ¬Ð¯Î£PÐ¯IÆ§Î£
 * powergod à¹Ð³à¸£ Å¦à¸Ð³Ñà¸à¸  à¹à¹à¸£à¹ÑÑ à¹à¹à¸¢Ñ 		35 54 83/82 32 85 	à¹à¹×§lÃ´à¹Ñ à¸¢à¸ à¹×©ÑÐ³à¸£à¹tà¸à¹Ð³Ñ à¹Ñ tÑÏÑà¸ à¹là¹ï»®à¹Ñ 	Å¦Ð³à¸à¸ Ïà¸à¹à¸£,à¸à¸ ï»®là¸à¹à¸£,à¸Ð³à¸à¹Ñ
 * powergod ,|;?
<powergod> uke47*ikpex;
 * powergod lo9 cxz ;
 * powergod ADM!N
 * powergod uk
<powergod> uke47*ikp!qz
<pmatulis> i think we were just visited by an unidentifed flying object
<pmatulis> *unidentified
<uvirtbot> New bug: #905419 in cloud-init (main) "cloud-init messages going to syslog, not cloud-init.log" [Medium,Confirmed] https://launchpad.net/bugs/905419
<zul> Daviey/smoser: Can you have a quick look: http://paste.ubuntu.com/772493/
<Daviey> zul: why does it include prior versions?
<zul> Daviey: because i did bzr diff -r251..245
<Daviey> zul: why? :)
<Daviey> bzr diff -c-1, would be more useful :)
<zul> because i suck
<zul> Daviey: still looking?
<Daviey> zul: can i have an updated diff?
<adam_g> zul: typo in changelog (nova-console.intall)
<zul> adam_g: thanks
<Daviey> zul: wait, the diff includes debian/changelog old references but not the changes it references?
<zul> Daviey: right because the ubuntu/nova and ubuntu-server-dev is out of sync
<zul> so i just pulled in the debian/changelog from ubuntu/nova
<Daviey> ahh
<zul> minus the tyop that adam saw thats what is going to be uploaded
<Daviey> zul: should fix-traversal-via-image-register.patch be refered to being dropped, fixed upstream?
<zul> Daviey: yes
<Daviey> i'm not convinced we are not abusing pydist-overides TBH, but if it works.. :)
<zul> fixed
<zul> Daviey: once we get nosexcover and coverage into main it will be dropped
<zul> Daviey: anything else?
<zul> adam_g: did i miss anything else?
<gary_poster> hi hallyn and SpamapS.  I have another lxc problem I'd like some help with.  The instance I created the yesterday is now hanging when I try to start it.  This is the output.  http://pastebin.ubuntu.com/772509/  What can I do to fix or even diagnose?  This is after an apt update that was partially broken (me trying to see if bug #902190 were fixed) so this may simply be a hosed image, but this didn't happen before when I had the same problem.
<uvirtbot> Launchpad bug 902190 in lxc "udev fails to update (oneric host, lucid container)" [Undecided,Fix committed] https://launchpad.net/bugs/902190
<Daviey> zul: nah, looks good i thik :)
<zul> alright uploading
<zul> alrighty glance is next
<adam_g> zul: thats the only thing that popped out at me. is there a branch around? ill build and test if you haven't
<zul> adam_g: already have....tested it yesterday
<zul> its in the ubuntu-server-dev branch now
<adam_g> zul: cool
<adam_g> zul: ive got a script ive been working on that lets us define openstack juju deploymenst like this: http://paste.ubuntu.com/772517/   maybe next upload, we can prep everything in a testing PPA, point each service to it and test everything at once before uploading
<zul> adam_g: is that the jenkins ci stuff jamespage is doing in the testlab?
<adam_g> zul: well, my goal is to use it there as well, but right now im firing everything up in ec2. been using it to get everything up in one command so i can start working on keystone + horizon quickly
<edgy> hallyn: ping
<zul> adam_g: ah yeah that wouldnt be a problem
<zul> adam_g: besides there probably isnt going to be an upload until the new year since im goin to be on holiday starting next wed ;)
<edgy> with kvm or kvm-spice, shouldn't -enable-kvm be default?
<zul> Daviey: you wanted me to use invoke-rc.d in glance right?
<adam_g> where do bug reports for ubuntu cloud images go?
<adam_g> smoser: ^
<utlemming> ubuntu
<utlemming> agam_g: and then assign it to me
<utlemming> adam_g: what are you seeing?
<zul> adam_g: you know the db_sync stuff for glance-api/glance-registry we were talking about last night i think it should go into the glance-common.postinst since its going to be installed anyways if you are going to install either api or registry
<adam_g> utlemming: a friend is trying uec images + nova for the first time and his guests can't boot, no /dev/vda
<adam_g> zul: the api server doesn't touch the database
<utlemming> adam_g: humm...that doesn't sound right
<utlemming> adam_g: oneiric or precise?
<zul> adam_g: are you sure? so just glance-registry?
<adam_g> utlemming: oneiric
<adam_g> zul: almost certain, let me check
<zul> adam_g: yeah you are right, so ill put it in glance-registry.postin
<adam_g> zul: werd.
<utlemming> adam_g: probably a configuration issue. Is he using "root=label=cloudimg-rootfs" as the commandline argument? Also, the cloud-images for KVM don't need a kernel, they should just boot.
<adam_g> zul: db_sync is still weird issue with bug 883988 still around
<uvirtbot> Launchpad bug 883988 in glance "db migration failing when upgrading glance - trying to create existing tables" [High,Confirmed] https://launchpad.net/bugs/883988
<adam_g> utlemming: *shrug* he used cloud-publish-tarball pointed at nova. ttylinux booted fine
<zul> Daviey adam_g: glance http://paste.ubuntu.com/772531/
<adam_g> zul: its not specific to glance packaging, but most seem to only call 'db_sync' if an sqlite database is in use. but most of the components automatically migrate the database if necessary when the service starts (not true of nova, where that postinst logic originated i think)
<zul> adam_g: k
<Madkiss> hi there
<pmatulis> Madkiss: hi
<adam_g> zul: dont see the glance-registry.postinst
<adam_g> utlemming: meet madkiss. :)
<Madkiss> I was told I could fine Ben Howard here? I'm having a problem with his ubuntu-uec-images ;-)
<Madkiss> utlemming: hi! please to meet you :)
<utlemming> hello Madkiss -- I take it your using KVM?
<Madkiss> utlemming: that's correct
<utlemming> Madkiss: can you file a bug report against ubuntu and assign it to me?
<utlemming> I would like to see the details of the problem
<Madkiss> bugs.launchpad.net?
<utlemming> yes
<pmatulis> against what package?
<zul> adam_g: http://paste.ubuntu.com/772542/
<utlemming> just against ubuntu
<pmatulis> Madkiss: https://bugs.launchpad.net/ubuntu/+filebug
<pmatulis> maybe https://bugs.launchpad.net/ubuntu/+filebug?noredirect
<adam_g> zul: /var/log/glance /etc/glance should be 0700 glance:glance
<Madkiss> utlemming: just a sec, I am having a terrible suspect
<zul> adam_g: good catch
<zul> fixed
<adam_g> zul: also, not sure if its outside the context of those diffs, but shouldn't those directories be created in glance-common.postinst?
<zul> adam_g: they are in glance-common.dirs
<adam_g> zul: ah! wanna take this to #Openstack-packaging, ive got some other questions?
<zul> adam_g: sure
<Madkiss> utlemming: sorry, false alarm. It's just that I am too stupid (/var was full)
<utlemming> Madkiss: :) no worries
<utlemming> Madkiss: feel free to ping me here any time for image problems
<Madkiss> sure, thanks a lot
<Madkiss> oh,
<Madkiss> utlemming: turns out it wasn't false alarm, i will report a bug. the 10.04 images works nicely interestingly
<Madkiss> where's the web frontend for doing it?
<uvirtbot> New bug: #905464 in nova (main) "nova-common 2012.1~e2-0ubuntu2  installation fails" [Undecided,New] https://launchpad.net/bugs/905464
<Madkiss> utlemming: the thing wouldn't let me chose ubuntu, so I chose "I don't know"
<Madkiss> utlemming: here it is: https://bugs.launchpad.net/ubuntu/+bug/905469
<uvirtbot> Launchpad bug 905469 in ubuntu "UEC server image ubuntu-11.10-server-cloudimg-amd64 fails to boot in OpenStack Diablo" [Undecided,New]
<utlemming> Madkiss: do you have the entire console output?
<Madkiss> sure
<Madkiss> shall I paste it into the bug?
<Madkiss> done
<utlemming> Madkiss: have you tried the daily? I'm curious if that will work for you. http://cloud-images.ubuntu.com/oneiric/20111214/
<utlemming> I think I know the problem and it is fixed in the daily, but let me confirm it
<Madkiss> just a sec
<Madkiss> will do so straight away
<Madkiss> intresting
<Madkiss> it started downloading the image with 500k, and now it's up to 8.5mb/s
<Madkiss> utlemming: do you know offhand how I can remove the "old" image from the image store?
<utlemming> euca-deregister should do the job, if I recall. But then again, I'm not as farmiliar with NOVA as I'd like to be.
<Madkiss> thanks a lot. I'm uploading the new image-
<Madkiss> utlemming: yup, that's way better
<utlemming> Madkiss: thanks for confirm that for me
<utlemming> I'll be spitting out a new image on Monday or Tuesday then.
<utlemming> what happened was there was a bug in the build process that put the wrong kernel in the .tar ball and it looks like you hit that
<Madkiss> utlemming: could you make a short statement to the bug? i think people are going nuts already ,)
<utlemming> yup, its a dup of Bug 901826
<uvirtbot> Launchpad bug 901826 in ubuntu "cloud image have -generic kernel installed" [High,Fix committed] https://launchpad.net/bugs/901826
<hallyn> edgy: unfortunately enable-kvm is not the default on qemu.git.  Apart from patching (which we could do) not much to be done, but libvirt should do it for you, and you can alias it...
<Madkiss> utlemming: thanks for helping me out :)
<hallyn> btw, i'm on holiday today.  so slow and few responses
<hallyn> gary_poster: try 'lxc-start -n name -l debug -o outout' and look at outout
<utlemming> Madkiss: no, thank you for taking the time to point out the problem; much appreciated
 * hallyn slips quietly back away to holiday
<gary_poster> hallyn, np and thank you.  I made a new container.  I'll record that debug spelling for the future though.  Have a great holiday.
<Madkiss> utlemming: well, i'm in a rush of getting openstack knowledge, and interestingly enough, ubuntu provides the only images available not exclusively via AWS ... thanks for the work :)
<jca1981> why does halt not power my box off but shutdown now -h does?
<Madkiss> try halt -p?
<jca1981> halt is easyer to type :D
<jca1981> sorry thourght you typed why halt :P. Thanks
<Madkiss> jca1981: ;)
<jca1981> is the halt a wrong way of shutting down a server?
<pythonirc1011> is there a way to benchmark a ubuntu server i'm root on? what tools could i use? i'm mostly looking for io/cpu benchmarks
<Madkiss> jca1981: shutdown -h now doesn't do anything other than calling halt -p at the end, it just does numerous foo and magic around it.
<jca1981> do i need the Magic?
<smoser> Madkiss, 2 things regarding your 11.10 image
<jca1981> does halt shutdown my services corectly?
<smoser> a.) you should use the .img file rather than the .tar.gz
<smoser> b.) if for some reason you want the .tar.gz file, you can use a "loader kernel" which would get you booting with an initramfs.
<smoser>  "loader kernel" == http://people.canonical.com/~smoser/lucid-loaders/ which basically works as a bootloader to find kernel/ramdisk inside image.
<Madkiss> smoser: AIUI, these .tar.gz files provided by utlemming are supposed to be installable with cloud-publish-tarball, aren't they?
<smoser> Madkiss, yes, they are. its a bug, no doubt. but for 11.10 and 11.04, the .img file is superior.
<smoser> and you can publish that with "cloud-publish-image" which has as-simple an interface.
<Madkiss> great, thanks for the hint!
<mattrobenolt> Hey, any advice for adjusting the boot message after all of the startup scripts have been run? I don't even really know what it's called, but I basically want what you see when you login with the /etc/motd to be displayed on boot without logging in first.
<mattrobenolt> I'm bundling up a OVF and want some information displayed on boot, like the eth0 address and other misc things.
<koolhead17> smoser: hello there
<pythonirc1011> root@Mobile:~# sudo tasksel install lamp-server  ------> tasksel: aptitude failed (100)
<pythonirc1011> what am i doing wrong?
<smoser> koolhead17, hey.
<pythonirc1011> I think it might have been apt-get update...checking again...
<smoser> mattrobenolt, i think /etc/issue
<mattrobenolt> smoser: Can I populate that with dynamic data on boot? Or I guess I could hook in a little startup script to write the file on boot, correct?
<pythonirc1011> yup that was it
<mattrobenolt> How exactly is the /etc/motd generated on login? This is new to me, coming from Debian land.
<smoser> mattrobenolt, that is writtten every time getty runs (i think)
<smoser> s/written/written to the getty/
<smoser> i think you could update it on boot, yes.
<smoser> /etc/motd is dynamic, see man 'update-motd'
<mattrobenolt> Ok, so I could essentially write out to /etc/issue with a startup script, and it should be solid.
<smoser> but it is only written on login
<smoser> mattrobenolt, you might be able to tie into the starting of a getting via upstart (start on starting tty1) or something.
<mattrobenolt> Oh my, there's a whole update-motd.d scripts folder, haha
<mattrobenolt> smoser: That's pretty nice. Anything similar for /etc/issue ? Like an update-issue -esque script?
<smoser> mattrobenolt, no.
<mattrobenolt> smoser: I can work from this: http://humanreadable.nfshost.com/files/update-issue
<mattrobenolt> All good, you pointed me at least in the right direction. Thanks smoser. :)
<smoser> SpamapS, can you do 'start on starting tty*' ?
<smoser> err... 'start on starting JOB=tty*' i guess.
<SpamapS> smoser: I've never tried that, but it should work in theory
<SpamapS> smoser: you'd need an instance if you want it to run for *each* and not just for the *first*
<smoser> instance ?
<smoser> SpamapS,
<SpamapS> smoser: as in, instance $JOB
<SpamapS> I think its UPSTART_JOB btw
<SpamapS> I can't remember
<smoser> man 5 init says JOB
<SpamapS> yeah ok man 5 init is right
<uvirtbot> New bug: #904039 in horizon "setup.py does not install dashboard templates" [Undecided,Fix committed] https://launchpad.net/bugs/904039
<jcastro> zul: do you have a defaco overall blueprint that covers openstack for 12.04?
<jcastro> defacto even
<zul> jcastro: yep https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-openstack
<jcastro> zul: I'm writing up your tweet into a post.
<jcastro> zul: assuming from this blueprint, you're doing weekly snapshots?
<zul> jcastro: cool i was going to blog about it this weekend
<jcastro> blog it anyway
<zul> yeah weekly snapshots
<jcastro> in 12.04 or seperate PPA?
<jcastro> zul: ^
<zul> 12.04
<pythonirc1012> can anyone tell me what is this "none" in df-- http://paste.pocoo.org/show/521914/ ?
<pythonirc1012> also, if i want to build a binary copy of the machine's hard drive to boot it remotely, is this possible to do? if so how?
<koolhead17> Daviey: around :P
<SpamapS> hmmm
<SpamapS> 27713 root      20   0  135m 5732 1320 S   91  0.1 394:29.88 powernapd
<Daviey> koolhead17: no.
<koolhead17> Daviey: ok. :D
#ubuntu-server 2011-12-17
<pythonirc1011> I've a machine that is working in a cloud. It has 10GB hard drive space. Is there a way I can clone it on the network, and convert it to a vdi file? (ubuntu LTS) -- I'd like to have this to and fro , so that i can back it up, and make changes remotely, then deploy.
<pythonirc1011> Can someone explain how the setup works on this machine? fdisk -l output --> http://paste.pocoo.org/show/521935/ -- The machine works perfectly: Then why the error: Disk /dev/xvda1 doesn't contain a valid partition table ?
<genii-around> pythonirc1011: Because it's possible for instance to do mkfs on a raw root device
<pythonirc1011> genii-around: ?
<pythonirc1011> so fdisk doesnt understand what kind of device it is ?
<pythonirc1011> but mount tells me its ext3?
<genii-around> pythonirc1011: eg: on an unpartitioned /dev/sda for instance, you can mkfs /dev/sda    ... it will have no partitions be be mountable
<pythonirc1011> oh i see
<genii-around> ( as oppsed to first making a partition sda1 and then mounting that )
<pythonirc1011> how do you list from cylinder to what cylinder it spans?
<pythonirc1011> genii-around: Thanks.
<virusuy> howdy
<pythonirc1011> if i have a ubuntu box running, and i've a raw disk of exactly the size of the ubuntu box (but this one is more upto date), is there a way to push the update image as an update on the running box?
<qman__> you can clone it, if that's what you're asking, but you would overwrite all configuration and files
<qman__> if you just want updated packages, and you haven't run apt-get clean, you can copy the deb files from /var/cache/apt/archives and then update, and it won't have to download anything
<qman__> well, provided you have all the updates it needs
<pythonirc1011> qman__: thanks
<qman__> actually it would still have to download the package list, it'd just be able to skip all the package files you copied
<pythonirc1011> qman__: i've a machine in the cloud, whats the easiest way to replicate it as a vm locally?
<qman__> you could theoretically copy the package list too but I don't know where that is
<pythonirc1011> I was thinking of creating a raw disk image of the machine...but thats problematic clearly
<pythonirc1011> all config files will be broken
<pythonirc1011> including fstab
<qman__> no, cloning will only break a couple things
<qman__> fstab if it's by uuid
<qman__> and persistent network cards
<pythonirc1011> thats it?
<qman__>  /etc/udev/rules.d/70-persistent-net
<qman__> I might be forgetting something, but yeah
<pythonirc1011> device drivers would be different , isnt it?
<qman__> if they don't ever have to communicate on the same network, duplicate hostname and IP is fine
<qman__> drivers are all included in the kernel and modules
<qman__> the only time that would come into play is if you had to do something non-default to get your hardware to work
<qman__> just make up an archive of the handful of files you need to change for your non-production version
<qman__> then you can image, and unpack those configs over the image
<pythonirc1011> how do you fix this when you cant even boot? tell grub or boot loader to boot in single user mode? http://paste.pocoo.org/show/521953/
<pythonirc1011> thats what i was hoping to do, but have never done such a thing...
<qman__> well, your disk doesn't have a valid partition table
<pythonirc1011> am mainly worried about the hard drive part
<qman__> virtual to hardware may be the issue you're seeing
<pythonirc1011> indeed, and i've no clue how it will work when i move it into a vm
<qman__> in that case, copy the filesystem, or all files on the filesystem instead
<qman__> other way around that is to use the same VM software on both ends
<pythonirc1011> thats the problem -- the cloud people wont give me their vm -- i am on a cheap plan
<qman__> which has the additional benefit of being in a nice image file to begin with
<pythonirc1011> but i do have bandwidth, so i can copy the entire drive
<qman__> I'd rsync with exceptions then
<qman__> like /proc and whatnot
<patdk-lap> rsync with the -x flag, single filesystem
<patdk-lap> that is what I normally do so I don't need craploads of exceptions
<qman__> yeah
<patdk-lap> I think it's -x atleast :)
<qman__> I don't use it enough to know
<qman__> but I do know it's up to the job
<pythonirc1011> ok, i've machine A -- and B (blank machine) -- you install ubuntu same version on B, then run rsync A B ? that'll break B?
<qman__> basically, but it'd work better like this
<qman__> you rsync single filesystem and add exceptions for fstab, 70-persistent-net, /etc/hosts, /etc/hostname
<qman__> and you boot a live disc on host B first
<qman__> or any other method, just to give you access to the non-running host b
<pythonirc1011> i see
<pythonirc1011> sounds not that trivial. Hasnt someone written a script to do this already?
<qman__> you may run into other files that are better to skip too, but that's the basic idea
<pythonirc1011> A --> clone over network to B?
<qman__> it's a one-line rsync
<qman__> you can probably find it on google, but a script is overcomplicating it
<pythonirc1011> indeed it should be , except the list of config files
<pythonirc1011> in my case , "A" is heavily configured already. so even a install on B will be very different than A
<qman__> but that's my point, the list of config files is short and pretty much standard as long as you're using the same release
<qman__> it's reasonably hardware agnostic, by design
<pythonirc1011> qman__: where can i find the list?
<pythonirc1011> and perhaps i will have to reconfigure those files on B -- overwrite them or not copy them - eitherways.
<gateSmalls> hello i need help getting a mac book pro 15.5 in laptop to boot to an ex tunnel drive (1tb) with ubuntu server 11.10 64bit using eather a usb or a firewire port
<gateSmalls> hello??   <.<?     ?>.>
<Zanzacar> I am looking for some advice on software. I am trying to find something to keep track of my project and clients and everything
<Zanzacar> does anyone know of any software that would be good for doing this? I thought a database would work out great but I dont know what software to use and kind of lost on that frunt.
<Zanzacar> I guess I will start off checking out libre-base and see where that gets me.
<shey> hi, has anyone made any experiance running an ubuntu server with btrfs and can offer some general advice?
<smw> shey, ask you question
<shey> smw: i did
<smw> shey, I don't see a real question :-P
<smw> shey, is it a production system? If so, don't use btrfs
<smw> shey, if it isn't... what type of advice are you looking for?
<smw> I use it for my home fileserver
<shey> smw: its a nas device for my home, it's not for storing really important things
<shey> mainly nfs sharing
<shey> i just want to avoid using dmraid and converting it later
<shey> smw: have you encountered any problems along the way?
<smw> shey, nope, it just works
<Nafallo> well, there is no working fsck for it, so it has potential to be unfixably broken.
<shey> Nafallo: i'll roll with the fact that it will be available before my fs breaks then :p
<Nafallo> heh
<shey> smw: are you on 12.04 by any chance?
<smw> shey, no
<samba35> i have ubuntu server 10.04 ,how do i wake-up a system over internet
<patdk-lap> normally you have to use another system that has local lan access to it, to send the wol packet
<samba35> ok
<samba35> thanks
<samba35> patdk-lap, do u have any idea on kvm networking
<patdk-lap> sure, its the same as non-kvm networking
<samba35> i try but i am not able to configure guest for networking
<samba35> or rather i am confused in using mode of network
<edgy> hallyn: hi
<Sna4x8> I'm using Kerberos/NFS4.  I keep seeing this in my syslog: RPC: AUTH_GSS upcall timed out.  It appears infrequently - generally after a client mounts a share and does their first write.  Often times the first time a client tries to write to a file, it takes approximately 30-45 seconds (I'm not sure if the two problems are related).
<randallz> What are some of the places to look if ssh connections on a local virtual machine are refused?
<randallz> ufw status \ Status: inactive
<randallz> ps -ef | grep sshd \ root â¦ /usr/bin/sshd -D
<randallz> ifconfig \ eth0adn eth1 look fine. However using the terminal in the host machine I can neither connect to eth0 nor eth1. I am using VirtualBox and eth0 is using NAT, while eth1 is connected to "host-only" network. I cannot ssh to either IP.
<randallz> eth1
<edgy> randallz: what's the error you get?
<randallz> edgy: http://pastebin.com/HdvFYk0i
<randallz> I am trying to connect to eth1 on a virtual box machine that has "host-only" connected to eth1
<edgy> randallz: please paste the output of ifconfig
<randallz> edgy this is the guest http://i.imgur.com/C5DkR.png
<edgy> randallz: what's the output of iptables -nL
<edgy> randallz: you are trying to connect from the guest to the guest?
<randallz> I am trying to connect from the host to guest, but I cannot connect from guest to guest either
<randallz> iptables -nL for INPUT, FORWARD, and PUTPUT is empty
<randallz> ufw status is "Status: inactive" though so I think it shouldn't block anything
<randallz> nmap from the host gives me "All 1000 scanned ports on 10.0.1.33 are filtered (502) or closed (498)"
<edgy> randallz: I am not familiar with virtualbox but i think host only would only allow you to connect from guest to host not vice versa
<edgy> randallz: try nmap from guest to itself
<edgy> randallz: also paste netstat output and see is it really listening on that ip
<randallz> edgy: http://i.imgur.com/tF5ZV.png <-- netstat
<edgy> randallz: paste the output of netstat -tunap
<randallz> edgy http://i.imgur.com/7QDOm.png nmap localhost
<edgy> randallz: no, not nmap localhost, paste nmap 10.0.1.133
<edgy> randallz: no, not nmap localhost, paste nmap 10.0.1.33
<randallz> edgy: http://imgur.com/WCq0V netstat -tunap
<randallz> edgy: http://i.imgur.com/Y1H6R.png nmap 10.0.1.33 (from the guest)
<randallz> edgy: it looks like the problem is in the Virtualbox interface to the guest
<edgy> randallz: did you try to restart sshd?
<edgy> randallz: or even better stop it and run it manually in the foreground with ssh -d
<Zanzacar> Does anyone have any experience with project-open? I was just looking for opinions on it and everything.
<randallz> edgy: it gives the same "All 1000 scanned ports on 10.0.1.33 are filtered (502) or closed (498)"
<randallz> edgy:  doing nmap 10.0.1.33 from the guest was good, since I think it points to a problem in the vbox virtual network
<edgy> randallz: mostly
<edgy> randallz: i guess it's better to ask in #vbox
<randallz> edgy:  It's been a great development environment before to use ubuntu server in a guest. There may be a problem with trying to use 10.0.x.x rather than 192.168.56.x, but in the past I had difficulty when working at different locations and the possibility of an IP conflict. I am using a Mac rather than a PC, as before, and there may be something strange in the different implementation. However, being able to ping the eth1 interface
<randallz> the host says the host can at least find the guest's eth1. It is strange that it is refusing the connection though. I don't think that I am doing anything particularly exotic. Anyway, thanks a lot for the help.
<edgy> randallz: you are welcome, but why not try kvm?
<randallz> edgy: wouldn't that require a linux kernel rather than XNU?
<edgy> randallz: ah! I didn't notice you are working in a Mac
<MattJ> I couldn't find a relevant place for discussion of cloud-init development... is here a good place? (*looks in smoser's direction*)
<edgy> randallz: I would rather trash it and install linux ;)
<randallz> edgy: I wish that os x would run as a guest more easily. The latest does include some pretty nice interface conveniences though
<randallz> edgy: I might also choose Xen since the production machine is on linode
<randallz> edgy: being able to create a machine that I can use on xbox in linux, windows, and mac is pretty convenient though
<edgy> yes
<allowoverride> hi
<uvirtbot> New bug: #905804 in bacula (main) "Bacula-dir automated configuration makes a false mysql connection configuration " [Undecided,New] https://launchpad.net/bugs/905804
#ubuntu-server 2011-12-18
<virusuy> howdy
<blizzkid> lo all, I'm running hostapd on Lucid. When I try to connect my clients (wpa2) it keeps looping over "authenticated", "associated", "radius starting accounting session", "wpa pairwise key handshake completed (rsn)", "disassociated", "deauthenticated" and clients never get a completed connection
<Nivex> Are we early enough in the cycle to request a newer version of a package to be pulled from Debian unstable?
<holmen> hi
<holmen> has anyone made any experiances with native zfs on linux that he'd like to share? :)
<rurufufuss> any recommendation for tools to monitor process usage statistics and export them to html etc?
<ikonia> rurufufuss: cactai ?
<drbobb> hello, I need some tips on installing to a iscsi volume
<drbobb> the ubuntu-server installer seems to support this, but it insists on autogenerating some random initiator name, instead of prompting me for one
<drbobb> this doesn't make sense, because the iscsi server expects a specific initiator name
<drbobb> otherwise it won't provide the volume allocated to me
<RoyK> drbobb: never tried that - what version, btw?
<drbobb> 11.10
<RoyK> could you try with 10.04LTS?
<RoyK> no idea, really, I've never tried installing on iSCSI, but it might be worth a try
<RoyK> seems random initiator name is default in 10.04 too...
<drbobb> big fail
<RoyK> could you possibly "allow all" during ubuntu install and then restrict access later? seems others have done that
<RoyK> also, I'd file a bug on that one if I were you...
<drbobb> well I see a different way to handle this
<demolition> I have a "file", which contents filepath. Every line is like /home/user/dir/filename, except every filename is totally different. How do I batch process this to move every file listed in it to one dir? (with mv)
<drbobb> since I'm actually setting up a virtualbox vm, I'll just use the virtualbox iscsi support
<drbobb> also saves me fooling around with pxeboot
<RoyK> demolition: mv `cat filename` newdir
<RoyK> or
<RoyK> for i in `cat filename`; do mv $i newdir; done
<RoyK> the latter may work better if the number of files is huge
<drbobb> demolition: though you'll have some trouble if the filenames contain spaces
<demolition> yes, I have
<drbobb> I would use rsync, see the --files-from option
<RoyK> demolition: then start with adding quotes around each filename: perl -e 's/^/\"/; s/$/\"/;' -i filename
<RoyK> or do as drbobb suggested :P
<RoyK> drbobb: that won't move them, though
<demolition> solved it
<RoyK> how? quotes?
<drbobb> RoyK: true. But it just leaves deleting the source files afterward:P
<RoyK> drbobb: then same problem with spaces :P
<demolition> "while read -r line; do mv "$line" /path/to/destination/; done < filename"
<RoyK> ah
 * demolition is feeling cheered up, processing >500 files by hand is a hell
<pythonirc101> who is updating /etc/motd? I tried editing, but lost my edit?
<patdk-lap> did you visit /etc/update-motd.d/
<_johnny> hi, i'm having trouble starting named (BIND). i've had a working setup for a while, so i'm not sure what has changed. when i start /usr/sbin/named it just exists right away (gdb reports exit code 1). -d 1..100 does not give any verbose output. any ideas?
<_johnny> my bad - i had checked system.log, but apparently i missed this line: named.conf had a syntax error. still, would've been nice if named bin had said that, but.. i should've watched the syslog more closely, d'oh ;)
<pythonirc101> whats the best way to find files in ubuntu? with minimum disk/ram/cpu usage?
<pythonirc101> generally i use locate -- anythin better?
<RoyK> pythonirc101: locate is usualy the best so long as the data is indexed, which is usually done nightly
<RoyK> pythonirc101: for finding files in realtime, find is the only one I know
<patdk-lap> I find locate is a huge waste of resoures
<patdk-lap> it's the first thing I uninstall on a new machine
<pythonirc101> thats why i asked
<MattJ> Any idea why 'do-release-upgrade' returns "No new release found" on 10.04.3?
<pythonirc101> if not locate -- then ?
<pythonirc101> MattJ: that is the latest
<MattJ> There hasn't been a new major release for 18 months?
<pythonirc101> MattJ: thats the server LTS version
<pythonirc101> Thats the latest i think
<MattJ> I don't want LTS though
<MattJ> Even 'do-release-upgrade -d' says there is no release
<JanC> MattJ: is the mirror you are using up-to-date?
<MattJ> I should hope so, it's gb.archive.ubuntu.com
<JanC> and IIRC there is a config setting that keeps you on LTS if it is set (although I'd expect '-d' should get around that?)
<MattJ> I think I have an idea... bad network connection
<MattJ> I just tried -d again, and it started, then failed with an error
<MattJ> Right, yes, -d is working now (without -d still insists there's nothing new)
<MattJ> I suspected an LTS-only option, but I can't find it anywhere
<patdk-lap> you have to edit the config to change that
<MattJ> Which one?
<patdk-lap> one in /etc
<SJr> My video card is dead in my server, I rebooted my machine (unknowingly), and now when it boots up I can ping it but can't ssh
<SJr> I'm wondering what key combinations will let me do something without a monitor
<SJr> or knowing where I am
<patdk-lap> File /etc/update-manager/release-upgrades
<MattJ> patdk-lap, magic, works... thanks :)
<JanC> SJr: you're lucky it boots at all  ;)
<SJr> I can't get signal out of any of the ports
<SJr> not really this is annoying, I have no idea why there isn't a simple way to have ssh start up almost asap
<SJr> this is always so annoying to deal with.
<JanC> most BIOS implementations will halt booting if they find no graphics card...  :-(
<SJr> I'm not even sure why it can't find the video card but who knows
<SJr> this is the second video card that's died in this machine in 2 years I think
<SJr> and more importantly I do more with my server that want it to respond to pings
<MattJ> SJr, pings are handled by the kernel, not a running application... so it doesn't mean anything has started yet (including sshd)
<JanC> maybe something wrong with the monitor or kvm switch attached?
<SJr> no kvm switch, and no the monitors are fine, I'm seeing what you type on them
<SJr> I reseated the video card in another port
<JanC> maybe it could even be some remote access thing in the network card itself that responds to ping?
<MattJ> Yes, that's also possible in some cards
<SJr> I highly doubt that, by server I mean an expensive desktop motherboard :)
<JanC> SJr: I meant something wrong electrically that causes graphics cards to die soon
<MattJ> SJr, yeah, I gathered... real servers don't have video cards to begin with :)
<JanC> SJr: intel "Pro" desktop boards have something like that
<MattJ> SJr, real servers also typically have a serial port that links direct into a terminal for problems like this
<SJr> yeah I wonder if I should go find a real server on the next upgrade, but this mother board is so cool
<JanC> SJr: if the video card is broken, it's very likely that a desktop BIOS will refuse to boot at all
<SJr> yeah I'm not sure it does make some stupid beeping sound
<JanC> eh
<SJr> when I turn it on
<SJr> but I'm 99% positive that it's linux responding to the pings or else how would it know it's IP address
<JanC> try to find a beep reference for your motherboard/BIOS  ;)
<SJr> If it's doing a scan of the disks
<SJr> CTRL+C will stop that right
<SJr> and if it's at prompting for root it'll be asking for CTRL+D then the password?
<SJr> wtf?
<SJr> well the system finally rebooted
<SJr> Anyway I guess the question to address is
<SJr> what was my system doing
<MattJ> /var/log/syslog
<SJr> I don't see any references to drive scans
<SJr> odd I can no longer mount one of my drives, I wonder if that's why it stalled on boot.
<toddnine> Hi guys.  I'm trying to run a 10.10 instance image on aws.  I think the ami's linked here are incorrect.  The one's labeled as instance are actually EBS backed.  Who do I get in touch with to ask about this?
<toddnine> http://uec-images.ubuntu.com/releases/10.10/release/
<patdk-lap> toddnine, it's pretty easy
<patdk-lap> the ones that say ebs, or ebs backed
<patdk-lap> the ones that stay instance, aren't
<toddnine> patdk-lap: At first glance you're correct, but look at the us-east-1 region
<toddnine> the one labeled instance is actually the same instance as the ebs
<toddnine> I just started up 12 of them and they're all ebs backed
<toddnine> It seems to just be an error with the page, for instance the us-west-2 region has 2 separate instances
<patdk-lap> ah, someone duplicated the id's
<toddnine> patdk-lap: Any ideas on how to search for them manually?  I'm trying to use the ec2 console, but it's not really very helpful, even if I prefix the search with "099720109477/".  There just doesn't appear to be a instance image available with the latest build.
<toddnine> The text file looks correct.  http://cloud-images.ubuntu.com/releases/10.10/release/published-ec2-release.txt.orig
<toddnine> patdk-lap: Any ideas where I should report this?
<patdk-lap> nope
<patdk-lap> file a bug on launchpad
<amaroks> Hi guys
<amaroks> 	Looking for a paid assistance, Where is the best place?
<pythonirc101> how do i reverse the changes that this command makes --> update-rc.d paste defaults
<RoyK> amaroks: I'd use a local contractor
<RoyK> amaroks: but then, what's wrong?
<amaroks> We dont have contractors here
<RoyK> where?
<amaroks> its just small ,need to install SSL on Ubuntu LAMP Stack
<amaroks> Cyprus
<RoyK> ok
<amaroks> they don't even know what is Linux
<RoyK> there's probably linux geeks hiding in the woods there as well
<RoyK> anyway - setting up SSL for apache is doable even without help
<air_> look for the ones with long beard
<air_> :P
<air_> good evening.
<amaroks> I couldnt do it, I tried
<amaroks> thats why need help asap
<RoyK> have you bought a certificate?
<amaroks> Yes
<amaroks> I have it
<amaroks> and EC2 from amazon with elastic IP
<amaroks> generated CSR ,just not working for namecheap
<kaushal> Hi
<uvirtbot> New bug: #906080 in whois (main) "There's no man page for mkpasswd" [Undecided,New] https://launchpad.net/bugs/906080
<looseparts> Hello - I'm moving my servers from their own static IP addresses to an ISP where I'll be connecting via DHCP - I have installed ddclient, but do not know how to adjust my apache2 httpd.conf
#ubuntu-server 2012-12-10
<lvmer> Anyone got HDD price connections/coupons? Going to buy a bunch of 3TB HDDs this week. Best bet atm seems like amazon.com compared to newegg. Any help is welcome. :)
<jesusemelendezm> hey there
<uvirtbot> New bug: #1088312 in setserial (main) "package setserial 2.17-47 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1088312
<jeeves_moss> If I have the e-mail files from the %maildir% from my dovecot server, can I do anything with them to extract the e-mails out of the files to move them to my exchange server?
<ScottK> jeeves_moss: I think openchange offers tools to do things like this.
<jeeves_moss> ScottK, really?  cool!  I'd like something that I can just point it to the maildir folder, then supply the creds, and have it do the move, but I have a feeling that isn't going to be that simple
<jeeves_moss> looks like your option is for client side.
<ScottK> Dunno.  I haven't used it, just recall people discussing it.
<ScottK> A maildir is a maildir though, client or server side.
<alex88> hi guys, I've a server with byobu installed and enabled on login, when I ssh from my laptop I get an empty shell and none of the commands works (just the status bar is available) but when I login from another server in the lan I get the shell, since byobu nested shells are not enables..
<alex88> how can I check what's happening?
<alex88> seems due the high load (60)
<koolhead17> alex88: LA 60 is it?
<alex88> koolhead17, load, yes
<alex88> not sure why, cpu is 10%, ram is 63%
<koolhead17> alex88: interesting
<alex88> koolhead17, wanna help debug?
<alex88> a tip. htop never loads
<alex88> apt-get hangs randomly
<koolhead17> alex88: its happening because you running it with byobu is it?
<alex88> nope, with byobu it neither spawns shell
<alex88> without byobu I can get to shell, but launching htop gives a black screen
<alex88> root@server1 ~ # uptime
<alex88>  10:42:20 up 4 days, 20:54,  4 users,  load average: 73.03, 66.55, 48.27
<alex88> root@server1 ~ # uptime
<alex88>  10:46:30 up 4 days, 20:58,  4 users,  load average: 76.36, 71.57, 54.54
<alex88> seems increasing :S
<alex88> 90 now
<alex88> lol
<alex88> neither iotop shows an high I/O load
<alex88> that may cause high load due the md array
<alex88> wait is at 0.2%
<uvirtbot> New bug: #1088411 in cinder (main) "Cannot attach volumes to instances if using NexentaStor driver" [Undecided,New] https://launchpad.net/bugs/1088411
<schmidtm_> hi guys, is there a chance to see libvirt 1.0 in quantal soon
<gema> jamespage: we have an issue in smoke testing that seems to be in your area of expertise: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1087630
<uvirtbot> Launchpad bug 1087630 in ubuntu-meta "server minimal virtual installations are bloated" [High,Confirmed]
<jamespage> gema, thanks for the poke - downloading and iso now to reproduce
<gema> jamespage: thanks
<alex88_> if the server hangs on update-initramfs: Generating /boot/initrd.img-3.2.0-31-generic
<alex88_> will the server be bootable on reboot?
<vezq> alex88_: probably yes, try to get it fixed
<alex88_> vezq, I had a byobu problem causing a load of about 130..
<alex88_> and now it hangs every time I do dpkg --configure -a
<kaushal> Hi
<kaushal> I am running Ubuntu 12.04.1 LTS Server OS on 64 bit architecture, I am not able to set it to IST
<kaushal> any clue?
<alex88_> kaushal, IST?
<kaushal> Indian Standard time
<kaushal> I did /usr/sbin/ntpdate -s -b -p 8 1.in.pool.ntp.org
<kaushal> dpkg-reconfigure tzdata
<kaushal> nothing worked
<kaushal> rm /etc/localtime and ln -s /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
<kaushal> i dont have any clue
<kaushal> bios shows the correct current time
<kaushal> alex88_: any clue?
<alex88_> kaushal, after ln -s tried to reboot?
<kaushal> alex88_: i rebooted now
<kaushal> alex88_: please give me a moment
<alex88_> vezq, can I select an older kernel to boot on next reboot? so maybe it can avoid the initram problem
<kaushal> alex88_: still no luck
<alex88_> kaushal, dunno then :S I've never changed timezone
<alex88_> you mean the time is not correct?
<alex88_> vezq, seems I still have the old initrd http://pastie.org/5506003
<alex88_> so I can boot safely
<jamespage> Daviey, hmm - the d-i installer is back to blue in raring
<jamespage> gema, a clean minimal install is still undersize; I suspect that the testing overlay may have increased
<gema> jamespage: what do you mean?
<psivaa> jamespage: not sure if you mean utah for testing overlay, but i removed any utah related installations and still the size was larger,
<Daviey> jamespage: blue?!
<jamespage> psivaa, my local fresh install of todays image is ~611MB
<Daviey> jamespage: significant work went into changing the bulb to green!
<jamespage> Daviey, I remember :-)
<psivaa> jamespage: is that i386?
<jamespage> psivaa, no - amd64
<gema> jamespage: can you update the bug with your findings, so that I can reassign to the utah team?
<gema> jamespage: sorry about that
<gema> jamespage: correction, I will get nuclearbob to figure out the testing overlay and let you know for fixing the test case
<jamespage> gema, fine
<jamespage> bug updated
<gema> jamespage: thanks
<xsl> hello guys... i'm doing apt-get -s --no-install-recommends install lxc debootstrap libcap2-bin libpam-cap ( so i dont install cloud-utils - its like 10 more packages of "junk" )
<xsl> will this limit any feature not related to cloud images for lxc?
<RoyK> xsl: erm - just install the recommended packages - or are you low on diskspace?
<wiherek> hi
<wiherek> how can I change the default smtp client?
<xsl> RoyK, well not anymore... had to reboot the server and increase LVM size :P
<xsl> good thing i allways leave some free space unlocated
<RoyK> xsl: agreed - I usually start off with a small /boot and a somewhat larger /, perhaps a small /var as well, depending on server role - and then just add space as I need it
<zul> smb: ping
<smb> zul, hmmm?
<hggdh> jamespage: good morning, or afternoon. Have you seen bug 1087241?
<uvirtbot> Launchpad bug 1087241 in ubuntu-server-iso-testing "The test code needs to be changed to accommodate the renaming of vmlinuz to vmlinuz.efi for amd64 desktop kernels" [Undecided,New] https://launchpad.net/bugs/1087241
<zul> smb:  im going to upload a new xcp with fixed paths for xen-4.2 and the xenguest patch do you have anything extra?
<jamespage> hggdh, i heard about the error but I'd not realized it was in ubuntu-server-iso-testing
<smb> zul, No, not me. apw, do you have anything else (though I suspect nothing beyond)
<apw> smb, zul, nothing here
<zul> smb/apw: coolness
<xsl> RoyK, im a bit more .... complex wen i setup servers... i have like ... /boot / /tmp /usr /var /var/log /var/cache /home .... each with different set of mount options
<xsl> ohhh and /dev/shm ofcourse
<xsl> beside that... i have partitions shared trough lxcontainers so i can separate all kind of stuff
<xsl> takes a while to setup ... but makes it more secure  IMHO
<xsl> s/more/bit more/
<SpamapS> xsl: do you have good reason for all those partitions to be separate?
<SpamapS> xsl: like, you say its "more secure" but thats such an overloaded word
 * mdeslaur raises eyebrow at "more secure"
<ScottK> It's "more secure" to turn the computer off.
<_ruben> well .. those partitions are shared between various instances, so that must be way secure :)
<rbasak> Secure from an accident in /home from filling /var and breaking the system, I suppose
<uvirtbot> New bug: #1088540 in ec2-ami-tools (multiverse) "ec2-bundle-image gives error 'can't convert Fixnum into String'" [Undecided,New] https://launchpad.net/bugs/1088540
<hallyn> stgraber: this could just be a cloud problem, but raring cloud images with /etc/network/interfaces enslaving eth0 to br0 seem to take forever to come up.
<hallyn> whereas precise comes up immediately
<hallyn> (can test later ona  vm to see what's actually going on, but thought you might know offhand if there's a known problem)
<stgraber> hallyn: anything interesting in /var/log/upstart/?
<hallyn> could still be several minutes before i can log in :)  will check
<hallyn> stgraber: btw, lxc bzr tree is out of date...  do you have any idea why?
<stgraber> hallyn: the importer is probably confused... let me fix it
<RoyK> xsl: / /boot /var should do. /tmp can be on tmpfs, or bind-mounted to /var/tmp, having /usr on a separate filesystem is something very old-fashioned and really, I wouldn't recommend it, since a lot of things in /usr/bin is critical during bootup (even if it wasn't like that in the elder days)
<stgraber> hallyn: try now
<hallyn> stgraber: ok, the quantal test just failed because of /usr/lib/lxc being moved.  bad test.
<hallyn> :(
<hallyn> stgraber: bzr tree now uptodate, thanks :)
<uvirtbot> New bug: #1088611 in cloud-init (main) "using random hostnames to detect dns proxies allows for false positives" [Undecided,New] https://launchpad.net/bugs/1088611
<BoomerBile> I've just purchased 2 ssl certificates i'm going to activate... i have to choose from server types = apache openssl, apache modssl, apache raven, apache ssleasy, apache2 and apache + apache ssl.... which one does ubuntu ship with and how can i find out?
<Daviey> adam_g: Has anyone done any work to open a bug task for cloud archive prior to upload?
<adam_g> Daviey: not sure what you mean?
<adam_g> Daviey: for all of these? https://bugs.launchpad.net/ubuntu/quantal/+source/cinder/+bug/1085255
<uvirtbot> Launchpad bug 1085255 in quantum "Meta bug for tracking Openstack 2012.2.1 Stable Update" [Undecided,New]
<adam_g> Daviey: once that gets into quantal-proposed, i was going to put together a script to tag all of the bugs affecting CA.
<stiv2k> RoyK
<stiv2k> ping
<RoyK> pong
<stiv2k> im trying to setup munin on my server
<stiv2k> but this guide apparently sucks
<stiv2k> http://ubuntuserverguide.com/2012/08/how-to-install-and-configure-munin-on-ubuntu-server-12-04.html
<RoyK> apt-get install munin
<RoyK> that's a good start
<stiv2k> yes it's installed
<stiv2k> when i go to http://stiv2k.info/munin i get forbidden though
<RoyK> try http://localhost/munin
<stiv2k> oh shit
<RoyK> it's allowed only from localhost per default
<stiv2k> i know i changed that
<stiv2k> i think i got it
<stiv2k> http://stiv2k.info/munin/ <-- working for you?
<RoyK> you'll want to change the hostname, though
<RoyK> works
<stiv2k> i dont see any graphs though
<RoyK> although I don't get any images
<RoyK> check the apache logs
<Pici> stiv2k: has munin been running for enough time for it to pull data?
<RoyK> it shouldn't show up before then
<RoyK> (iirc)
<stiv2k> [Mon Dec 10 15:58:44 2012] [error] [client 65.51.94.15] File does not exist: /home/steve/websites/stiv2k.info/cgi-bin, referer: http://stiv2k.info/munin/localdomain/localhost.localdomain/index.html
<stiv2k> no i just installed it
<Daviey> adam_g: "i was going to put together a script to tag all of the bugs affecting CA" <-- okay, that is what i wanted to check :)
<Pici> You need to wait a few minutes for it to collect data.
 * RoyK needs some sleep
<stiv2k> um
<stiv2k> what is this fast cgi stuff
<stiv2k> in the munin config
<RoyK> fastcgi is a replacement for modphp
<patdk-lap> no
<stiv2k> do i need it for munin
<patdk-lap> royk, fastcgi is a replacement for cgi, not php :)
<RoyK> patdk-lap: well, yes
<stiv2k> doesnt look like its installed
<patdk-lap> munin does not use php
<RoyK> stiv2k: it shouldn't need it - munin uses statically created pages
<patdk-lap> you either run it in cron, or dynamically via cgi/fcgi
<stiv2k> ok maybe i just need to wait
<patdk-lap> fcgi kicks ass vs static
<stiv2k> should i enable it
<patdk-lap> it's much more painful to enable
<patdk-lap> and unless you are monitoring a LOT of things, not needed
<RoyK> patdk-lap: no reason to use fcgi with munin - it just collects data every five minutes anyway
<patdk-lap> royk, how large of a munin install have you done?
<RoyK> patdk-lap: heh - six hosts
<patdk-lap> when munin takes 3min for a quadcore cpu to generate the graphs, you rarely look at
<patdk-lap> fcgi kicks it's but :)
<stiv2k> RoyK you mean its more involved than a2enmod fcgi
<patdk-lap> you need to setup fcgi, setup munin for fcgi mode, then switch the munin.conf to use it
<stiv2k> the conf looks like it already is setup to use it if present
<RoyK> I mean, using fcgi with munin makes no sense
<stiv2k> why is it looking for cgi-bin
<stiv2k> [Mon Dec 10 15:58:44 2012] [error] [client 65.51.94.15] File does not exist: /home/steve/websites/stiv2k.info/cgi-bin, referer: http://stiv2k.info/munin/localdomain/localhost.localdomain/index.html
<stiv2k> RoyK, how do you change hte hostname
<RoyK> stiv2k: /etc/hostname
<stiv2k> no that one is set
<stiv2k> steve@pavilion:/var/log/apache2$ cat /etc/hostname
<stiv2k> pavilion
<stiv2k> munin doesnt get it though
<patdk-lap> depends, thre are many ways
<patdk-lap> royk, using fcgi makes perfect since for munin, why generate all those graphs every 5min, if you never view them, huge waste of cpu
<patdk-lap> fcgi makes the graphs only on viewing them
<patdk-lap> where fcgi is quicker at it than cgi, cause of spawning overhead
<RoyK> patdk-lap: usually I use a dedicated machine for monitoring, so it doesn't make sense for that to sleep well
<patdk-lap> well for me, it was tking >5min to make them
<patdk-lap> and that isn't good
<patdk-lap> monitoring lots of things on each machine, around 120 machines
<stiv2k> i dont understand why its looking for cgi
<stiv2k> patdk-lap
<stiv2k> cgi-bin i mean
<patdk-lap> cause it needs the cgi/fcgi program to run
<patdk-lap> that is how it works
<stiv2k> um
<patdk-lap> this is part of the manual setup that needs to be done
<patdk-lap> check the munin website for instructions
<stiv2k> based on what i gathered from your and RoyK's conversation you make it seem like it doesnt need fcgi
<patdk-lap> most people don't need it no
<stiv2k> ok
<patdk-lap> without it, you create all graphs every 5min
<stiv2k> so why is my server giving errors
<patdk-lap> with it, the graphs are not made
<stiv2k> [Mon Dec 10 15:58:44 2012] [error] [client 65.51.94.15] File does not exist: /home/steve/websites/stiv2k.info/cgi-bin, referer: http://stiv2k.info/munin/localdomain/localhost.localdomain/index.html
<patdk-lap> cause you enabled cgi mode
<stiv2k> i didnt enable anything
<stiv2k> :/
<patdk-lap> something did, and munin is using cgi's for it
<patdk-lap> instead of the static files
<stiv2k> maybe ubuntu automatically installs it that way
<stiv2k> ?
<patdk-lap> not sure, I haven't used the offical munin package for a long time
<patdk-lap> cause I've needed features it lacked
<stiv2k> oh
<stiv2k> god i hate these guides online
<stiv2k> they are so incomplete and vague
<stiv2k> http://ubuntuserverguide.com/2012/08/how-to-install-and-configure-munin-on-ubuntu-server-12-04.html
<patdk-lap> why would you use a guide
<patdk-lap> the documentation is good
<stiv2k> ^ zero mention whatsoever about that
<uvirtbot> stiv2k: Error: "zero" is not a valid command.
<patdk-lap> that assumes your not using cgi/fcgi
<stiv2k> well im not
<stiv2k> but apparently ubuntu configured it for me to use it
<stiv2k> and it's not working
<stiv2k> patdk-lap, cant find how to change it from cgi to static on the munin docs either
<patdk-lap> comment out any line with cgi on it
<stiv2k> patdk-lap, they are..
<stiv2k> patdk-lap, do i have to run a script to gen the images or something
<stiv2k> anyone?
<stiv2k> screw all you guys, i got it to work on my own by adding one line
<stiv2k> ScriptAlias /cgi-bin /usr/lib/cgi-bin
<uvirtbot> New bug: #1088681 in tomcat7 (main) "startup script prevents use of IPv6" [Undecided,New] https://launchpad.net/bugs/1088681
<hallyn> jdstrand: so the vnc virt-aa-helper-test patch was trivial, but the hugepages one stumped me.  Works fine with -f, but i can't get it to accept -F as an option.
<hallyn> I'd expect testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/**" "$test_xml"  to work
<hallyn> ahs3: sigh, i can't remember now if there was anything i was goign to change before pushing netcf 0.2.2 to ubuntu raring
<hallyn> i feel like there was, but have looked everywhere and can't find anything.  and it builds/installs fine.  i guess i'll push...
<hallyn> zul: hey, when you get in tomorrow, would you mind syncing netcf from debian to raring?
<hallyn> (0.2.2 should be in both sid and experimental)
<zul> hallyn: i guess i could be bribed
<hallyn> zul: with a big bowl of thanks?
<zul> hallyn: of course
<hallyn> zul: thanks :)
#ubuntu-server 2012-12-11
<uvirtbot> New bug: #1088720 in facter (main) "facter virtual runs lspci unconditionally" [Undecided,New] https://launchpad.net/bugs/1088720
<demona> Is there a definitive list of all the kernel boot parameters for Ubuntu Server? And yes, pointing me to source code is an acceptable answer.
<demona> After doing a mountain of PXE installs the last few days I figure it's time to learn more about boot options and preseed files
<scalability-junk> hey I'm looking into preseed files and think I got the hang with setting up raid1 and lvm, but now I wanna encrypt the lvm how can I do that?
<scalability-junk> I couldn't find any documentation...
<lvmer> sarnold, Hellowwwwzz  :)
<scalability-junk> hey I'm using preseed files and wanted to set the hostname, but I still get prompted when specifying get_hostname. I have dhcp enabled, but I sort of think dhcp should be enabled and the hostname should be set anyway...
<oneseventeen> is it possible to change the order apache modules get loaded?
<oneseventeen> I'm trying to use rewrite & vhost_alias, but rewrite appears to functioning based on /var/www/ being the document root, rather than the automagically created /var/www/%1/public document root.
<oneseventeen> nevermind, I just changed the redirect in my .htaccess, which I don't like but I'll just live with until I can find a way to make Apache generate a more accurate document root
<oneseventeen> looks like the issue with vhost_alias was fixed in apache 2.4, I'll just mess with my .htaccess files until apache 2.4 is integrated into ubuntu-server
<oneseventeen> (I realize that is not a small task)
<cloudman> lot of mysql updates today, anyone had problems after upgrade??
<Adri2000> zul or anyone familiar with openstack packages: why does nova-api-metadata breaks: nova-api?
<soren> Adri2000: nova-api provides all the various api frontends.
<soren> Adri2000: nova-api-metadata provides only the metadata frontend, so the two would conflict (each trying to grab the metadata port) if installed at the same time
<Adri2000> soren: ok. then do you know what's the use case of having a separate -metadata package? is -metadata supposed to be installed on all compute nodes? (in all/some network configurations?)
<jamespage> Adri2000, co-incidentally I was just looking into this
<jamespage> Adri2000, soren: I really think that should be some sort of Conflicts/Provides rather than a Breaks bearing in mind what that relationship is trying todo
<jamespage> i.e. prevent installation of nova-api + any of the other subpackages.
<soren> jamespage: How come?
<soren> Adri2000: Well, you just have the option of running the metadata server independently of the api servers. Whichever way you choose to do so is up to you.
<jamespage> soren, well Breaks is not quite as strong as Conflicts; a Conflicts relation ensures that the packages cannot be installed/unpacked at the same time
<soren> Adri2000: On each compute host is a good idea, but not required by any means.
<soren> jamespage: And what does Breaks prevent and why don't you think that's sufficient?
<soren> jamespage: There are no files in conflict. Only ports.
<jamespage> soren: I understand that;
<jamespage> soren: say I install nova-api and then I install nova-api-os-compute; I think this will force a deconfigure of nova-api prior to install on nova-api-os-compute
<jamespage> but not a removal...
<jamespage> which is what I think the behaviour should be
<soren> jamespage: Why?
<soren> I mean... dpkg doesn't just leave it there unconfigured. It'll get removed.
<jamespage> soren, will it?
<jamespage> i think it will just not let it be reconfigured
 * jamespage goes to try this
<jamespage> soren, OK - I'm wrong
<jamespage> it works just fine
 * jamespage scopes that
<jamespage> *wrong in the context of "i think it will just not let it be reconfigured"
<soren> Yeah. Installed, but not configured is a transitional state.
<soren> Hrm... Terminology fail there.
<soren> "Unpacked, but not configured" is what I meant.
<soren> "Installed" specifically means that it's unpacked and configured.
<soren> brb
<jamespage> soren, well whatever - its sufficient to ensure that the nova-api and nova-api-* packages don't get installed together
<soren> jamespage: indeed
<jamespage> soren, I still think Conflicts is the correct approach even though Breaks does the job
<jamespage> I normally use Breaks with Replaces (both versioned) when move files between packages.
<jdstrand> hallyn: re netcf, could it be the testsuite?
<VSpike> Hi. I just upgraded mysql-server (5.1) on my 10.04 server and it wont start because of missing /etc/init/mysql.conf ... that seems owned by mysql-server-5.1 according to dpkg -S and dpkg -L
<VSpike> A reinstall of mysql-server-5.1 doesn't fix it. Also strangely "debsums mysql-server-5.1" doesn't even list that file
<VSpike> What am I doing wrong here?
<vezq> VSpike: could try to purge the package, note it might remove databases too so make backup first
<vezq> so take a copy of /var/lib/mysql before purge
<VSpike> that sounds a bit harsh
<VSpike> Is there a way I can extract that specific file from the package and copy it into place?
<VSpike> Yep, that works :)
<sebastian__> Hi anyone knows an extreamly simple server management tool? something like a script on each server, that tells it's ip address and other infos to a master server?
<Pici> sebastian__: as a one-time thing?
<sebastian__> maybe a cron job every hour or so
<sebastian__> should work on linux & mac os x
<Pici> sebastian__: There are a few ssh clients that will do simultaeneous connections to remote servers that you might be able to script to acheive that.  mssh, mussh, pssh, taktuk, clusterssh seem to fit the bill (from apt-cache search multi ssh)
<Pici> Of course, there might be a better tool that does that out-of-the-box, but I don't know of any off the top of my head.
<sebastian__> well, to execute somthing wih mssh for example, I need a list of all servers. I would need my server to add itself to the master server
<hallyn> jdstrand: no, wasn't that (testsuite not runnable on buildds, netlink))
<jdstrand> I thought there might have been progress on that front, but I'll take your word for it
<hallyn> stgraber: jinkeys that guido guy is hard to parse
<hallyn> jdstrand: i'll kick off a test in ppa to make sure
<stgraber> hallyn: hehe, yeah. I think I vaguely understood what he wants, but I'm not planning to spend any time actually making that happen myself ;)
<zul> jamespage: ill trade you one
<jamespage> zul, sure
<zul> jamespage: https://code.launchpad.net/~zulcss/keystone/buh-bye-dbconfig/+merge/139215
<hallyn> kees: stgraber: ok, i see libseccomp 1.0.1 is in raring-proposed.  i'll fix up lxc to make it work with it, but are there other packages depending on libseccomp which will need updates?
<stgraber> hallyn: according to apt-cache, no
<hallyn> k
<stgraber> and reverse-depends seems to confirm that only lxc build-depends on it (reverse-depends -b libseccomp-dev)
<zul> hallyn: ping netdev right?
<hallyn> zul: ?
<zul> hallyn: the sync you asked me to do last night
<hallyn> zul: netcf, yeah
<hallyn> zul: (i'm doing a test run in ppa with tests enabled, but i expect those to still fail in buildds)
<hallyn> stgraber: the proper seccomp fix for lxc will require some autoconf.  do you object to an autoconf-free fix in raring package, expecting the nicer fix to come with the 0.9.0-alpha1 merge?
<hallyn> i'm fine doing it the other way, only downside is libseccomp 1.0.1 sits in -proposed longer
 * hallyn is torn
<hallyn> will do quick fix first locally to make sure it even works :)
<hallyn> oh, haha
<hallyn> actually all of the seccomp code is autoconf-free in the package.  never mind.
<stgraber> ok :)
<jamespage> zul: see mp - one minor problem
<zul> jamespage: k thanks
<paco1> hello masters!
<paco1> i have a problem on my server....from time to time, my server start a 'dhclient' and i loose my ip fix address....
<paco1> how can i fix that?
<paco1> thanks!
<binaryhat> im trying to disaBle virbr0.  i dont need it plus its flooding dmesg--->http://fpaste.org/7kZO/
<zul> jamespage: fixed up the comments
<hallyn> stgraber: so do i just upload a new lxc it'll build against the new seccomp, and both automatically get promoted?  or is there a different workflow?
<jamespage> ivoks, do you fancy finishing off bug 671065?
<uvirtbot> Launchpad bug 671065 in dovecot "deliver broken because dovecot.conf uses !include_try" [Medium,In progress] https://launchpad.net/bugs/671065
<ivoks> jamespage: i might
<jamespage> ivoks, I'll barter with you for a final review of the mail-delivery charm
<jamespage> :-)
<ivoks> heh
<ivoks> i need to take a vacation to actually finish the work on ubuntu stuff :)
<jamespage> ivoks, lol
<smoser> hallyn, ping.
<smoser> random curiosity. i think that i can attach disk images to lxc containers now ?
<jamespage> zul, sorry - more comments
<stgraber> hallyn: that should just work, yes
<zul> jamespage: argh
<CaptSammy> Stoopid question. How safe is it to upgrade an 11 server up to 12 that is running on mdadm?
<CaptSammy> I dont exactly have a place to backup my data
<scalability-junk> hey is there ANY documentation about how to configure raid1 + encrypted lvm at all for preseed files?
<xnox> scalability-junk: it's possible to do raid1+lvm and ecrypted+lvm via preseed, easily. I am trying to make all three, but failing so far.
<scalability-junk> xnox, yeah we talked a few days ago and I fail too.
<scalability-junk> thought doing a manual config and then make the configs into a preseed file, but that fails :P
<scalability-junk> only tab tab etc. choices... not really helping.
<xnox> yeah....
<scalability-junk> xnox, give me a shot if you figure it out :P
<ejv> CaptSammy: be very careful
<ejv> CaptSammy: first off, make sure you're using 12.04.1, 12.04.0 shipped with a particularly nasty mdraid bug
<smoser> rbasak, no -proposed cloud-imags. what i'd likely to do test this stuff is boot existing image, add proposed, update && upgrade, rm -Rf /var/lib/cloud /var/log/cloud && reboot
<rbasak> OK
<CaptSammy> ACK! Good to know
<ejv> CaptSammy: save all pertinent data about the array itself, /proc/mdstat, mdadm -D /dev/mdX, mdadm -E /dev/DEVICES, save it all into a notepad file somewhere, in case it melts down
<CaptSammy> If I am using the automated upgrade, how do you know what ver you are going to?
<ejv> if you're jumping to the most recent 12.04.1 you'll be using mdadm 3.2.5
<CaptSammy> mayube I dont NEED to upgrade :)
<ejv> unless its absolutely necessary, i really wouldn't, ask yourself why you need to upgrade to begin with
<demona> Gotta keep up with the Joneses!
<scalability-junk> xnox, that's my raid1 lvm setup not sure yet if it works... now trying to figure out how to merge it with my encrypted lvm setup...
<scalability-junk> http://pastebin.com/KsbYyhrY
<CaptSammy> I was going tro install newznab and figured it might be a good time to upgrade the system at the same time
<ejv> 11.04/11.10 are showing it's age, i think if you are simply prepared, you'll be fine
<ejv> if, after the upgrade, your array won't assemble, just don't panic, come to irc or email the linux-raid list for assistance
<CaptSammy> maybe I should grab an external 2T drive and backup first
<CaptSammy> The array is my big fear, I am not raid savvy
<CaptSammy> and I got the entire machine booting and running on that mdadm array
<scalability-junk> xnox, refined one: http://pastebin.com/BXGr6bZp I'll test it now and wish me luck.
<ejv> raid isn't a backup, so yes, you should have a backup
<CaptSammy> Whats a good app for backing up my server to an external nightly?
<ejv> cron + rsync
<CaptSammy> drives are cheap enough, might as well do things right
 * RoyK uses bacula
<CaptSammy> bacula might be more "user friendly"?
<RoyK> rsync won't keep old versions
<RoyK> bacula is a bit hard to setup at first, but working with it (with bat etc) is rather user-friendly
 * qhartman uses dirvish
<qhartman> all the benefits of rsync, but with historical snapshots and a really robust expiration policy manager
<RoyK> dirvish is a good alternative too
<CaptSammy> is it command line friendly?
<RoyK> afaik dirvish is only commandline ;)
<qhartman> Dirvish is really command-line only
<qhartman> no gui at all
<ejv> that's totally not true, you need to script rsync to properly handle versioning.
<CaptSammy> My system is of course headless and not GUI
<qhartman> yeah, I use dirvish to backup a server in Denver to a server in Eugene every day
<qhartman> have been for years, and it's been totally bullet proof
<RoyK> CaptSammy: my server is headless as well, but running bat from it over ssh is quite easy with x11 forwarding
 * RoyK usually have x libs installed on his servers
<RoyK> some software is easier to use with a GUI, after all
<RoyK> some software have a small webserver for local administration, usually listening to localhost only - running firefox http://localhost:something is way more userfriendly than using lynx or similar text mode browsers, and it doesn't make the system more insecure
<CaptSammy> does dirvish or bacula have web front ends?
<qhartman> dirvish does not. You basically build a config that defines your backup policy, set a cronjob to run the backup, and that's it
<qhartman> to get files or whatever, you just browse the file system
<qhartman> use normal commands to copy files back or whatever you need
<RoyK> CaptSammy: bacula has webacula, but like the rest of bacula, it's got a bit steep learning curve to get it installed - works well when it's installed, though
<jrib> I'll throw in another suggestion: rsnapshot
<RoyK> that is, you have webacula and a few others
<qhartman> jrib, I also use rsnapshot in a few places, and it also works well.
<qhartman> Really any of the mature tools are arguably good choices
<qhartman> you just need to decide which one fits your use case best
<RoyK> it's all a discussion between whatever fits or what you like
<RoyK> I've gotten used to how bacula works, so I use that...
<qhartman> indeed
<CaptSammy> On bacula.org they show the web front end, looks nice
<RoyK> url?
<CaptSammy> should be relativily easy since I am only backing the one machine up?
<CaptSammy> http://www.bacula.org/images/bweb1.png
<qhartman> CaptSammy, it really feels like you're overthinking this. Pick one, try it out, if you don;t like it, try something else.
<CaptSammy> tru
<RoyK> CaptSammy: setting up bacula is a bit hard anyway, since it's an enterprise system, really - it makes little difference in setting up bacula for one or fifty servers, somehow
<RoyK> CaptSammy: with bacula, you have to setup retention policies and virtual tapes, not quite like the others mentioned here
<qhartman> Bacula probably is overkill, RoyK is not kidding when he says it's got a learning curve. I've looked at it a couple times, and decided against it every time,.
<RoyK> qhartman: I originally set it up for a five-site backup with some 200 machines
<qhartman> the tape thing is the killer for me, it's designed to work with legacy tape library semantics, which is extra complexity I don't need, and am not used to.
<RoyK> qhartman: now I'm using it for 7 machines or so, single site
<qhartman> RoyK, right, and for that environment it probably made a lot of sense, and since it's still owkring, no point in changing.
<RoyK> but then, I've learned how to work with it :P
<CaptSammy> bummer, I like the web control
<RoyK> CaptSammy: spend an hour with the bacula config - it's a good howto on their sites - and bweb or webacula or something else can do fine
<RoyK> CaptSammy: there's also #bacula
<RoyK> on their *site* even
 * RoyK just uses bat
<RoyK> that's the bacula X interface
<CaptSammy> Thanks for all the insight
<CaptSammy> I am going to install a 3T drive and backup before trying an upgrade
<CaptSammy> Amazon has a 3T drive for 150 bucks
<CaptSammy> I remember when a ten meg drive was around six hundred bucks
<CaptSammy> and thought "who could ever fill this thing"?
<RoyK> CaptSammy: we've all thought that way ;)
<RoyK> CaptSammy: keep in mind that that single 3TB drive may just die one day without giving you a warning
<CaptSammy> Is there a way to spin down a drive when not used for an active backup?
<RoyK> CaptSammy: better get some cheap 1TB drives and setup a NAS (or a DIY-NAS with an old PC)
<RoyK> CaptSammy: yes, you can do that, but normally the best a drive can have, is a stable atmosphere with stable temperature
<CaptSammy> If that 3T dies the only way I could lose data is if my Raid5 dies atr the same time though
<RoyK> man hdparm
<paco1> It exists a ubuntu dnssec doc?
<RoyK> there's an "auto spindown" there iirc
<CaptSammy> Thanks again!
<CaptSammy> any of you run newznab?
 * RoyK doesn't
<zul> im surpised no one has asked for samba 4 yet
<SpamapS> zul: its been in Ubuntu/Debian for a long time as a beta/alpha
<blkperl> zul: why would I want to ask for it, my current samba server work just fine :)
<zul> SpamapS:  yeah but its no longer beta/alpha
<SpamapS> I know
<Pici> it looks like the RC is in raring
<SpamapS> I'm sure the final will ship
<stgraber> hallyn: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1065684 is quite a pain to fix ;)
<uvirtbot> Launchpad bug 1065684 in ifupdown "network-interface-security.conf needs to go away when the interface does." [Medium,Confirmed]
<stgraber> hallyn: I managed to decrease the number of -security devices by half at least
<stgraber> hallyn: the problem we still end up with is that upstart doesn't get any event when a device is moved to another namespace...
<stgraber> hallyn: so on a veth pair, we can only properly flush the host device but not the container device
<stgraber> hallyn: I think we already discussed this but I'm seeing a few options to make the problem completely go away, not sure if you have any preference
<stgraber> hallyn: 1) Get the kernel to emit net-device-removed + net-device-added when a device is moved between netns
<stgraber> hallyn: 2) Have lxc store the original name of the device and instead of destroying it in the netns, move it back to the host with its original name, then destroy it
<stgraber> hallyn: 3) Introduce some kind of net-device-moved kind of event we could use to stop the various jobs (though that's a bit tricky as we'd need to detect the case where a device is moved back to the host)
<stgraber> hallyn: 1 or 2 would fix a whole bunch of bugs we're getting at the moment where various piece of software try to do state tracking of net devices and fail with containers
<stgraber> hallyn: I actually believe that's the source of the memory leak I've seen in network-manager here as it's getting net-device-added events but no net-device-removed, it's still storing data as if it still existed
<stgraber> hallyn: which considering I created around a thousand veth devices since yesterday, wastes a fair bit of memory :P
<hallyn> jinkeys - now that's a backlog
<hallyn> stgraber: there is a kernel patch for sending event when dev is moved to another ns
<hallyn> it's in net-next
<hallyn> we could ask rtg to pull it into raring
<hallyn> in other words, option (1) is done in net-next
<stgraber> hallyn: can you point me to the commit and I'll e-mail ubuntu-kernel about it for inclusion so I can close that bug for good ;)
<hallyn> that's a problem :)
<hallyn> cause i can never find that tree.  lemme check linux-next
<hallyn> stgraber: http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=commitdiff;h=4e66ae2ea371cf431283e2cb95480eb860432856
<hallyn> stgraber: thanks for pursuing that :)
 * hallyn goes to finish this pair of libvirt bugs finally
<stgraber> hallyn: thanks! I was just going to tell you to that net-next is owned by David Miller but you were too quick to find the commit in -next ;)
<hallyn> hah - i know it's *owned* by dmiller, but i never know where to find it.  it's not on kernel.org lasti i knew
<hallyn> so i every time i want to do something based on net-next...  i end up stalling
<hallyn> :)
<hallyn> stgraber: feh.  i sent seccomp patches to the mailing list from hallyn.com.  lxc-devel is holding them.  i forgot the list admin password (or dlezcano changed it).  so i'm just going to push to staging...
<hallyn> stgraber: if you want to look first, it's github.com/hallyn/lxc.git #staging.dec11.1.seccomp.2
<stgraber> hallyn: can you hold on posting to staging? I'd actually prefer to have what's currently in staging be released as 0.9.0~alpha1 (so it matches my pull request)
<stgraber> hallyn: I'm trying to get Daniel to do the release ASAP so we can start pushing stuff to it again
<hallyn> stgraber: actually this might ought to go to alpha, bc otherwise it will FTBFS on debian
<stgraber> (I should have branched to 0.9.alpha1 on github and use that for the pull-request, but only thought of it after sending the e-mail...)
<stgraber> hmm, fair enough, push it then :)
<hallyn> stgraber: ok
<hallyn> pushed.  thx.  i likely won't touch the tree again until next year.
<hallyn> stgraber: heh 'hello *kernel*people*'
<paco1> Here can i take advantage to have any help about dnssec on ubuntu?
<stgraber> hallyn: :)
<hallyn> stgraber: no ':)' to the last paragraph though.  Y I K E S
<stgraber> hallyn: just took a look at the seccomp patch, looks good. I assume you did a test build with/without seccomp to make sure nothing blows up?
<hallyn> yup, and with old+new api
<paco1> anybody can help me on dnssec?
<_KaszpiR_> question
<_KaszpiR_> i've got server on some old motherboard with e6550, its on bios
<_KaszpiR_> now I'd like to move the ssytem to moterboard with UEFI - any ideas what to do/avoid etc?
<axisys> how do I check if network is the bottleneck? I have a tacacs+ daemon which intermittenly do not respond to router
<axisys> running on ubuntu-server
<axisys> netstat -ni shows TX-ERR 4304824 and TX-OK 1228922546
<axisys> no RX-ERR
<zastern> I'm having a weird issue - I have the resolvconf package installed, but nothing i put in /etc/resolvconf/resolv.conf.d/tail or /base has any effect
<_KaszpiR_> axisys depend on the card, on the wifi this can be ok, but on wired link you got serious issue
<Kartagis> hi
<Kartagis> I need help with http://232aae397ea4bcf2.paste.se/
<Kartagis> can you help me?
<hallyn> jdstrand: fwiw the netcf tests still fail on buildds :(
<hallyn> zul: jamespage: smoser: do you have any comments on the documentation/note in http://people.canonical.com/~serge/qemu-kvm-sysctl.debdiff ?
<hallyn> jdstrand: as the patches have been acked upstream, i'm going to push lp:~serge-hallyn/ubuntu/raring/libvirt/libvirt-hugepages to the archive.
<hallyn> (that is, if i don't see an objection before tonight :)
 * hallyn bbl
<jdstrand> hallyn: ack, I saw that. I clanced at them and they seemed reasonable
<demona> Even as Ubuntu's desktop flavor annoys me more, I keep finding new things to like about the server version
<jdstrand> hallyn: thanks for that :)
#ubuntu-server 2012-12-12
<axisys> _KaszpiR_: it is wired link on a server
<axisys> _KaszpiR_: where should I look to troubleshoot? planning to enable the tac_plus debug
<_KaszpiR_> first, check your cabling
<_KaszpiR_> like another network card, different switch port
<_KaszpiR_> replace cable
<axisys> _KaszpiR_: can you please tell me why ? (learning)
<_KaszpiR_> what is the length of the network cable between switch and the server?
<_KaszpiR_> is if a full duplex or half duplex switch, or maybe hub (ugh...)
<axisys> its a cat3528 switch in short distance
<_KaszpiR_> define short distance
<axisys> Duplex: Half
<axisys> yikes!
<Patrickdk> not quarter?
<axisys> _KaszpiR_: you are right on money.. thanks a lot
<axisys> _KaszpiR_: I will start monitoring this
<_KaszpiR_> replace cable, the first guess
<axisys> _KaszpiR_: thanks
<_KaszpiR_> or check the plugs, sometimes they are getting loosened up or the connection may be dirty etc
<_KaszpiR_> worse scenario when one of the cables is wrong or using poor quality cable
<_KaszpiR_> get some simple network cable tester for that
<axisys> ethtool eth1 shows half duplex.. dmesg | grep eth1 also shows it.. is there any other logfile that should have that info?
<axisys> _KaszpiR_: ^
<_KaszpiR_> i doubt it
<axisys> [   12.482613] igb: eth1 NIC Link is Up 100 Mbps Half Duplex, Flow Control: None
<axisys> that was from dmesg
<axisys> i wish I can tell when it switched to half
<axisys> i guess this will work
<axisys> # grep eth1 /var/log/dmesg
<axisys> that shows it too
<axisys> but I need to a timestamp
<axisys> or depend on the monitoring tool to catch it
<_KaszpiR_> you may try to change settings with the ethtool
<_KaszpiR_> but usually forcing certian settings is just dangerous or performance degrading
<axisys> _KaszpiR_: yeah, I am planning to do it.. may be when traffic is low :-)
<axisys> we have a scheduled reboot coming up on Sunday
<axisys> how do people usually handle ubuntu server security and kernel updates?
<axisys> other distro seems to be way behind and not much reboots..
<axisys> wish ksplice were available for all and not bought by oracle
<axisys> we reboot the ubuntu server more often than others to stay on top those kernel and security upgrade
<smoser> hallyn, just to be sure, the patch doesn't actually do anything
<smoser> right?
<_KaszpiR_> axisys ubuntu is imo the most often changed distro
<_KaszpiR_> sometimes it is not a good thing
<_KaszpiR_> on the other thing noone forces you to make reboots ;)
<_KaszpiR_> another story - some time ago I did kernel update (with distro update) and after reboot I was surprised that network card was no longer working
<_KaszpiR_> they moved drivers to nonfree
<_KaszpiR_> guess my enjoyment
<mdeslaur_> axisys: if you're comfortable with other distros updating the kernel less frequently, you can simply reboot your Ubuntu less frequently...
<Tohuw> Is there some better solution to the permissions conundrum WebDAV creates than setting the Apache umask to 000?
<ignarps> resolvconf -u doesn't seem to be updating my resolv.conf information from the settings in /etc/network/interfaces.
<ignarps> Does anyone know how to get resolvconf to reread the entries and generate a new resolv.conf file ?
<stgraber> hallyn: patched kernel + new ifupdown => no more network-interface-* entries left after the container is killed!
<ignarps> I have verified the /etc/resolv.conf is the proper symlink to /run/resolvconf/resolv.conf and I have checked that updates-enabled is set
<ignarps> I have tried to restart resolvconf via /etc/init.d/resolvconf restart;  tried the resolvconf -u that the manual shows
<ignarps> but my /etc/resolv.conf file won't update the dns list from /etc/network/interfaces
<hallyn> smoser: right
<hallyn> just installs a sample sysctl.conf file to show *how* to do it
<hallyn> stgraber: \o/
<hallyn> heh, s/blow/below/
<axisys> security updates may sometime need kernel upgrade or libc or openssl upgrade .. what's the workaround ?
<axisys> in other words how to keep the system security uptodate w/o reboot? looking for suggestions
<axisys> I guess looking for best practice
<pmatulis> axisys: you need to reboot to get the new kernel obviously
<axisys> pmatulis: right.. I do not want to upgrade new kernel unless it fixes security issue
<axisys> so on unattended-upgrade just uncomment the security line is all I needed. and if that means kernel upgrade sometimes then be it..
<axisys> I am on right track ?
<axisys> am I ?
<oneseventeen> any tips on making SSH stay open longer?  one site said change the ClientAliveInterval but I don't see that in the sshd_config file
<escott> oneseventeen,  ControlMaster auto  ControlPath /tmp/ssh_%r@%h:%p  ControlPersist 4h
<escott> oneseventeen, but on the server you have to make some modifications
<bradm> oneseventeen: you could possibly try TCPKeepAlive and ServerAliveInterval as well
<oneseventeen> TCPKeepAlive is already yes, but I don't see a ServerAliveInterval... should I just add that to sshd_config
<oneseventeen> escott: thanks, I'll do some searching on ControlMaster/Path/Persist
<bradm> oneseventeen: its a client side thing
<oneseventeen> ahh... I'm working with some 3rd party clients, I'll see what they have in the way of options.
<bradm> oneseventeen: ClientAliveInterval is definately the server side version of it, and I see it in the sshd_config man page
<bradm> oneseventeen: you can tweak it a bit more with ClientAliveCountMax as well
<Lartza> VPS with 3GB of RAM, 64-bit or 32-bit? I ran it 32-bit before but not sure if 64 would have any benefits
<Lartza> OpenVZ
<demona> Rule of thumb was always, 32-bit unless you have more than 4Gb RAM
<demona> whether virtual or physical server
<Lartza> Yeah I've thought to too, just never really thought about it :)
<Lartza> *so too
<Lartza> Bad english... not a native speaker :P
<demona> English is bad all over
<Lartza> That is too true ;)
<AnAnt> Hello, I am trying to install Ubuntu precise on a Dell PowerEdge T410 server, the installer is asking me for disk driver, can anyone help ?
<RoyK> AnAnt: what sort of disk controller does that thing have?
<RoyK> AnAnt: and which ubuntu version is this?
<AnAnt> Ubuntu Precise
<AnAnt> RAID controller
<AnAnt> PERC600 I thnk
<RoyK> what usually happens, is something new arrives and re-uses the old chipset, but with a new PCI ID, so that the driver doesn't find it
<RoyK> and btw, Dell normally supports RHEL and SuSE and that's about it... The custom drivers they might ship will probably *not* load properly on ubuntu
<Kartagis> anyone can help me with postfix?
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<AnAnt> RoyK: so why is PowerEdge T410 a certified machine on Ubuntu website ?
<Kartagis> http://daf2e3092688b173.paste.se/
<Kartagis> I get these errors
<AnAnt> http://www.ubuntu.com/certification/hardware/201011-6780/
<RoyK> AnAnt: erm - it is?
<Kartagis> my mysql server is running, and the credentials are correct (I've checked)
<RoyK> Kartagis: then I guess there's a new version of the hardware, with a new PCI ID - that happens - it shouldn't, but it may
<Kartagis> erm. you mean AnAnt, right?
<AnAnt> or the machine I got has a different storage
<Kartagis> new version of the hardware? /me is confused
<RoyK> anant: contact ubuntu/canonical support. if you have paid support for it, it'll be fixed quickly - otherwise it may take some time. Also, you might want to try to boot on Quantal
<AnAnt> the website says Samsaung
<RoyK> AnAnt: right - that doesn't list the PERC
<RoyK> try Quantal, please
<RoyK> probably new chipset or just pci id
<AnAnt> hmm
<RoyK> IIRC the PERC60 is just an LSI SAS2 controller
<RoyK> but different PCI ID
<RoyK> as usual
<RoyK> AnAnt: if it works with quantal, you should be able to hack up a custom precise boot cd or pendrive with the quantal kernel (so to avoid upgrading the whole thing to something non-LTS)
<RoyK> AnAnt: btw, is this a new T410?
<AnAnt> RoyK: erm, we just bought it, yes
<RoyK> please try with Quantal - probably new pci id with old, working chips
<RoyK> if you have console access (with networking), try lspci -vvv
<Kartagis> RoyK: can you help me with that?
<RoyK> Kartagis: looks like your pfuser mysql user has an issue connecting to its database - fix that
<RoyK> AnAnt: and lspci -vvvn
<RoyK> AnAnt: that'll list the PCI IDs associated with each PCI (express) unit in the system (including those soldered to the motherboard)
<Kartagis> RoyK: I wouldn't know where to start, since credentials are correct (I've checked)
<AnAnt> RoyK: I can run lspci -vvnn , since I am running the text installer
<RoyK> AnAnt: ctrl+alt+f2
<AnAnt> yes
<RoyK> there should be a console there
<RoyK> well, try quantal first
<AnAnt> RoyK: ok, how could I know which PCI unit is the disk controller ?
<RoyK> AnAnt: http://paste.ubuntu.com/1427051/
<RoyK> http://www.pcidatabase.com/
<RoyK> so with my 1849:8168, 1849 is vendor id, 8168 is device id
<AnAnt> RoyK: ok, how could I know which PCI unit is the disk controller ?
<AnAnt> RoyK: funny thing is that megaraid_sas driver is indeed loaded !
<AnAnt> yet it still asks for a disk driver
<RoyK> Quantal does?
<RoyK> AnAnt: have you tested Quantal (12.10)?
<AnAnt> not yet
<RoyK> https://help.ubuntu.com/community/InstallCDCustomization
<AnAnt> I thought of running lspci before rebooting
<RoyK> did you do so?
<AnAnt> yup
<RoyK> if you can find the PCI ID of that thing...
<AnAnt> but I didn't find out which is the disk controller !
<RoyK> run lspci -v first
<RoyK> without -n
<AnAnt> I just ran lspci
<RoyK> that should show you its position - in my example, it's 04:00.0
<RoyK> does that show something like RAID controller?
<RoyK> or SAS
<RoyK> well, forget it - try quantal
<RoyK> if it works, it works
<RoyK> then you can use a quantal kernel in a custom setup somehow
<AnAnt> wellI can only see SATA controllers
<AnAnt> isn't it little bit dangerous to mix stuff from different releases, especially the kernel
<RoyK> the kernel is usually the least dangerous - the worst is all the userspace stuff
<AnAnt> ah, there is the SAS controller
<RoyK> then lspci -n should show its pci id
<RoyK> perhaps try a kernel from http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.6.3-quantal/
<RoyK> I can check in 3.6.3 if that pci id is listed there
<RoyK> or - well - try quantal - if you can live with a non-lts build for another 18 months...
<RoyK> or 16
<AnAnt> I am trying to avoid non-LTS
<RoyK> so am I
<RoyK> just saying it's a wee bit tricky to install on something not supported by the kernel
<AnAnt> ok, so the PCI ID is 0104: 1000:0079
<AnAnt> where shall I go from there ?
<RoyK> try quantal
<RoyK> to see if it's in that kernel
<RoyK> then we can see where to go from there
<AnAnt> funny thing is that lspci says that this controller is indeed using megaraid_sas module
<RoyK> lspci doesn't say anything about kernel modules
<RoyK> but 1000 is indeed LSI
<AnAnt> lspci -v -s 05:00.0 did give this output at the end:
<RoyK> standard SAS2 controller
<AnAnt> Kernel driver in use: megaraid_sas
<AnAnt> Kernel modules: megaraid_sas
<RoyK> please
<RoyK> the PCI IDs are hardcoded in the driver
<RoyK> when a new PCI ID is introduced, like here, 0097 is not listed in the driver
<RoyK> meaning megaraid_sas won't load
<RoyK> or perhaps it'll load, but it won't find the card
<RoyK> s/card/controller/
<AnAnt> well, the install log did list some stuff from megaraid
<AnAnt> last line is: megasas: INIT adapter done
 * RoyK gives up and goes to do something better
<AnAnt> find, I'm trying quantal now
<RoyK> AnAnt: I guess no luck?
<AnAnt> RoyK: same problem with quantal
<RoyK> yeah, I checked the source up to linux 3.7, and that PCI ID is not there
<RoyK> however
<RoyK> http://www.mjmwired.net/kernel/Documentation/PCI/pci.txt
<RoyK> it seems it's possible to hot-add PCI IDs
<RoyK> I didn't know that
<RoyK> New PCI IDs may be added to a device driver pci_ids table at runtime
<RoyK> echo "vendor device subvendor subdevice class class_mask driver_data"> /sys/bus/pci/drivers/{driver}/new_id
<RoyK> though YMMV
<RoyK> I would consider using rhel/centos with the drivers shipped with the server (on a CD/DVD/something)
<RoyK> swearing in church, sure, but it's easier that way
<AnAnt> there is no /sys/bus/drivers during install
<AnAnt> oops
<RoyK> you'll probably want to load that driver first too
<RoyK> although I don't know how to fix this so it happens automatically after a reboot - it'll have to happen during kernel bootup or somewhere in the initrd
<RoyK> since nothing can be mounted before the driver is loaded
<AnAnt> funny thing is that the driver is already loaded !
<RoyK> well, that's good
<AnAnt> class_mask ?
<AnAnt> it's optional anyways
<RoyK> never tried that before, so no idea...
<AnAnt> still asking me for disk driver !
<RoyK> cat /proc/partitions
<RoyK> anything shows up?
<AnAnt> sr0
<RoyK> AnAnt: then no idea - sorry
<RoyK> AnAnt: what was the line you gave the driver?
<AnAnt> the echo line ?
<RoyK> yeah
<RoyK> TBH, what I'd do if I were you in this, was testing centos and shipped drivers from dell
<RoyK> centos is a PITA, but it works
<AnAnt> echo "1000 0079 1028 1f16 0104" > /sys/bus/pci/drivers/megaraid_sas/new_id
<RoyK> AnAnt: any output in dmesg after that?
<AnAnt> no
<RoyK> AnAnt: sorry - really no idea
<AnAnt> thanks
<RoyK> AnAnt: you may want to try to ask in #kernelnewbies @ irc.oftc.net
<RoyK> AnAnt: but really, just try centos
<AnAnt> RoyK: I'd rather give the server back !
<RoyK> AnAnt: well, if you can... There should be other servers around, or perhaps if you just got a PCI-ex controller, or perhaps even better, don't use "hardware" raid, you probably have sufficient hardware to run that part in software ;)
<RoyK> "hardware" raid is just software after all, it's just hidden
<RoyK> better let linux do that job - it's usually faster and just as safe
<AnAnt> RoyK: sorry for troubling you, I found out that I had to configure the RAID before installing the OS !
<AnAnt> I mean adding logical volumes
<RoyK> ROTFL
<AnAnt> it's first time I got a machine with RAID
<AnAnt> we didn't need the RAID actually, it just came with the machine
<jamespage> ivoks, around? I have a corosync question
<ivoks> jamespage: yep
<Daviey> jamespage: DO you happen to know what wordpress plugin we use for 'rebloggig' ?
<jamespage> Daviey, sorry - no
<jamespage> ivoks, I'm having trouble restarting corosync on quantal - but I can't figure out why - the process is just not responding to QUIT
<jamespage> ivoks, how can I diagnose further
<jamespage> ?
<ivoks> jamespage: are you sure it just doesn't take very long time?
<ivoks> jamespage: corosync spawns lots of other processes
<jamespage> ivoks, hmm - might be
<jamespage> let me check
<ivoks> jamespage: like crmd, lrmd, stonithd, etc... and then, depending on cluster configuration, it can take unlimited amount of time to stop it
<jamespage> maybe I was just being impatient!
<ivoks> jamespage: ideally, if nothing is set up, it takes a minute to get it to full start and then 10-15 seconds to stop it
<ivoks> meaning, after start it can't quit for next 60+ seconds
<jamespage> ivoks, ah - I see
<jamespage> ivoks, I see pacemaker running lots of those things
<ivoks> tbh, i haven't looked at pacemaker in quantal yet
<ivoks> i'm sure, once again, everything was redesigned :D
<jamespage> ivoks, ah - I see why "Dec 12 11:28:44 juju-openstack-lcy01-instance-10 corosync[987]:   [pcmk  ] notice: pcmk_shutdown: Preventing Corosync shutdown.  Please ensure Pacemaker is stopped first.
<jamespage> "
<ivoks> in the old days, corosync would start pacemaker
<ivoks> right
<ivoks> i think now pacemaker has its own init script
<ivoks> and one needs to stop it before corosync
<jamespage> ivoks, it does but its not enabled by default
<jamespage> ...
<ivoks> look at /etc/corosync/corosync.conf
<ivoks> if it has pcmk service configured, corosync starts pacemaker
<ivoks> grep -sr pcmk /etc/corosync
<jamespage> ivoks, nothing - I think roaksoax did that on purpose
<ivoks> :)
<ivoks> if that machine is available, i could check it out
 * cloud_away is now away - Reason : taking the dog out
<pmatulis> axisys: so don't upgrade the kernel then.  or upgrade it but don't reboot
<Daviey> zul: btw, CA for grizzly is open
<zul> Daviey:  yay!
<Daviey> adam_g: don't suppose you are around yet? :)
<zul> Daviey: its still like 5:50 am for him
<Daviey> zul: I know, he's slack. :)
<zul> totally
<Daviey> We were up jogging at this time,.
<koolhead17> Daviey: zul i thought adam_g is in Japan these days :P
<zul> Daviey: some of us who presumably had bears chasing us because thats the only reason to jog
<allballs> Good morning. I've been running an Ubuntu Server 10.04 instance on EC2 for about 8 months now. I would like to upgrade it to 12.04-LTS. Is there any recommended "EC2" way of doing this, or, should I just do the standard ol'fashioned do-release-upgrade?
<MrTorque> i got degraded raid-status just after creating the raid 1 and adding a partition. Is this because I did simultaniously create 3 raid 1 (each consisting of 2 hdds)?
<xnox> MrTorque: did they fully sync after creating?
<xnox> or is that what is happening now?
<simplexio> MrTorque: i think it works like it should be . i mean there is no mirrored data on new partition
<simplexio> MrTorque: so it has to rebuild
<smoser> hallyn, ping
<MrTorque> xnox: they are right now mirroring
<MrTorque> and while the first raid was about 1% complete i did create the next raid and another one. then i got 3 system mails that the raid is degraded...
<MrTorque> simplexio: so every raid is degraded after creation?
<simplexio> i think so . i can be wrong too
<Teduardo> Howdy friends, I'm trying to install 12.10 on a Supermicro machine that has the Intel Rapid Storage Enterprise SCU, the installer installs fine on the raid but then when the server reboots it doesnt seem to be finding grub.
<smoser> hallyn, ok. so when you see this, 2 things.
<smoser> a.) am i right that if i do 'lxc-start -n foo' (without '-d') then i can never detach from the container
<smoser> b.) could you add the escape/detach sequence (ctrl-a q) to 'man lxc-console'
<hallyn> smoser: a. right
<hallyn> smoser: b. of course.  i'll open a bug for it
<YamakasY> Hi guys, is there a package where I can manage applications like dns, apache, vpns, etc per node? I have look at all and webmin seems to come closest to this but it can not manage per node/ per service..
<smoser> hallyn, thanks. if you do 'b', you'll reduce your pingcount from me by ~ 1/month.
<smoser> maybe document in lxc-start man page also that there is no way to detach ?
<hallyn> smoser: i'll add that to the same bug
<MrTorque> simplexio: hm, i will wait the 5h it takes to rebuild and see if the status changed.
<MrTorque> thank you
<simplexio> MrTorque: send msg if my answer wasnt correct, it is good to learn
<MrTorque> I hope I won't forget :)
<Teduardo> hmm
<Teduardo> wonder why this thing wont boot =)
<Teduardo> I hate supermicro =D
<Teduardo> is there any easy way to boot with a live cd or something and check grub?
<Daviey> yolanda: Your karama is going to go through the rood :)
<yolanda> yes, that quantum SRU generated more than 100 tasks!
<uvirtbot> New bug: #800466 in quantum "OVS plugin allows VMs to communicate when no logical connectivity exists" [High,Fix released] https://launchpad.net/bugs/800466
<uvirtbot> New bug: #802772 in quantum "openvswitch plugin doesn't raise exceptions even under exception condition" [High,Fix released] https://launchpad.net/bugs/802772
<uvirtbot> New bug: #802892 in quantum "Remove unused configuration file" [Undecided,Fix released] https://launchpad.net/bugs/802892
<uvirtbot> New bug: #837174 in quantum "%(tenant_id)s referenced in unit tests logging statement but doesn't exist in locals()" [Undecided,Fix released] https://launchpad.net/bugs/837174
<uvirtbot> New bug: #837752 in quantum "Multi-nic support not functioning (for Cisco Plugin)" [Critical,Fix released] https://launchpad.net/bugs/837752
<uvirtbot> New bug: #838006 in quantum "Keystone support in Client library" [High,Fix released] https://launchpad.net/bugs/838006
<uvirtbot> New bug: #838318 in quantum "Providing Quantum database unit tests " [Undecided,Fix released] https://launchpad.net/bugs/838318
<uvirtbot> New bug: #841982 in quantum "API: list ports op apparently succeeds even if network does not exist" [Low,Fix released] https://launchpad.net/bugs/841982
<uvirtbot> New bug: #842190 in quantum "CLI: get rid of cheetah for output generation" [Undecided,Fix released] https://launchpad.net/bugs/842190
<uvirtbot> New bug: #845140 in quantum "L2Network plugin's multi-blade model needs unit tests" [Undecided,Fix released] https://launchpad.net/bugs/845140
<uvirtbot> New bug: #855151 in quantum "Remove keystone middleware from Quantum for Diablo release" [Undecided,Fix released] https://launchpad.net/bugs/855151
<uvirtbot> New bug: #859864 in quantum "OVS plugin exception when retrieving vif ports" [High,Fix released] https://launchpad.net/bugs/859864
<uvirtbot> New bug: #860160 in quantum "Add code coverage support to quantum" [Medium,Fix released] https://launchpad.net/bugs/860160
<uvirtbot> New bug: #863635 in quantum "remove cheetah import in cli file" [High,Fix released] https://launchpad.net/bugs/863635
<uvirtbot> New bug: #875458 in quantum "pep8 0.6.1 violations prevent checkins to master" [Critical,Fix released] https://launchpad.net/bugs/875458
<uvirtbot> New bug: #875468 in quantum "client lib has serialization bug when creating port with content" [Medium,Fix released] https://launchpad.net/bugs/875468
<uvirtbot> New bug: #887706 in quantum "Exlude pyc files from pep8 verifications" [Low,Fix released] https://launchpad.net/bugs/887706
<uvirtbot> New bug: #888811 in quantum "Brokenness in ubuntu oneiric" [High,Fix released] https://launchpad.net/bugs/888811
<uvirtbot> New bug: #890672 in quantum "ovs_quantum_agent should use sqlalchemy" [Undecided,Fix released] https://launchpad.net/bugs/890672
<uvirtbot> New bug: #903581 in quantum "etc/quantum.conf.sample is not valid" [Low,Fix released] https://launchpad.net/bugs/903581
<uvirtbot> New bug: #875995 in quantum "update README" [High,Fix released] https://launchpad.net/bugs/875995
<uvirtbot> New bug: #877525 in quantum "Unit tests dump log to stdout/stderr" [Medium,Fix released] https://launchpad.net/bugs/877525
<uvirtbot> New bug: #888207 in quantum "ovs plugin test output is split between client/server" [Low,Fix released] https://launchpad.net/bugs/888207
<uvirtbot> New bug: #888820 in quantum "pip_requires for specific plugins" [Low,Fix released] https://launchpad.net/bugs/888820
<uvirtbot> New bug: #889336 in quantum "Version number is specified in multiple places" [Low,Fix released] https://launchpad.net/bugs/889336
<uvirtbot> New bug: #890028 in quantum "Use run_tests or pylint and pep8 validation" [Low,Fix released] https://launchpad.net/bugs/890028
<uvirtbot> New bug: #890180 in quantum "ovs-vsctl default timeout" [Low,Fix released] https://launchpad.net/bugs/890180
<uvirtbot> New bug: #890498 in quantum "ovs plugin pip-requires should have mysql-python" [Low,Fix released] https://launchpad.net/bugs/890498
<uvirtbot> New bug: #891246 in quantum "The Makefile for building the openvswitch plugin agent tarball no longer works" [High,Fix released] https://launchpad.net/bugs/891246
<uvirtbot> New bug: #891267 in quantum "ovs plugin fails on stock xenserver" [Medium,Fix released] https://launchpad.net/bugs/891267
<uvirtbot> New bug: #903684 in quantum "import_class and import_object defined twice in utils.py" [Undecided,Fix released] https://launchpad.net/bugs/903684
<uvirtbot> New bug: #921743 in quantum "Quantum API 1.0 does not conform with spec for creates" [High,Fix released] https://launchpad.net/bugs/921743
<uvirtbot> New bug: #923510 in quantum "get_network call always queries all ports" [Medium,Fix released] https://launchpad.net/bugs/923510
<uvirtbot> New bug: #925372 in quantum "Remove deprecated webob attributes in Quantum API" [Medium,Fix released] https://launchpad.net/bugs/925372
<uvirtbot> New bug: #925596 in quantum "quantum console script in both quantum and quantumclient" [Undecided,Fix released] https://launchpad.net/bugs/925596
<uvirtbot> New bug: #934459 in horizon "virtualenv install script needs to avoid -E" [High,Fix released] https://launchpad.net/bugs/934459
<uvirtbot> New bug: #942713 in quantum "some plugins don't check tenant ownership" [Critical,Fix released] https://launchpad.net/bugs/942713
<uvirtbot> New bug: #943711 in quantum "pip-requires not in tarball generated by setup.py sdist" [Critical,Fix released] https://launchpad.net/bugs/943711
<uvirtbot> New bug: #943810 in quantum "update outdated OVS readme to point to website" [High,Fix released] https://launchpad.net/bugs/943810
<uvirtbot> New bug: #950374 in quantum "WebOb version dependency differs from other OpenStack projects " [Undecided,Fix released] https://launchpad.net/bugs/950374
<Pici> "|
<uvirtbot> New bug: #925074 in quantum "quantum tarball missing files, including OVS agent" [Critical,Fix released] https://launchpad.net/bugs/925074
<uvirtbot> New bug: #934115 in quantum "Quantum API returns 200 status code when wrong error of the API is specified on URI" [Undecided,Fix released] https://launchpad.net/bugs/934115
<uvirtbot> New bug: #938637 in quantum "quantum unit test doesn't pass with openvswtich or linuxbridge plugin" [Undecided,Fix released] https://launchpad.net/bugs/938637
<uvirtbot> New bug: #940732 in quantum "stack.sh can't match sql_connection string in default ovs_quantum_plugin.ini" [Undecided,Fix released] https://launchpad.net/bugs/940732
<uvirtbot> New bug: #943031 in quantum "After MySQL connection failure (or timeout), first request reports MySQL Server has gone away, following requests work" [High,Fix released] https://launchpad.net/bugs/943031
<uvirtbot> New bug: #943782 in quantum "ovs + nvp plugin missing some files in sdist tarball" [High,Fix released] https://launchpad.net/bugs/943782
<uvirtbot> New bug: #948467 in quantum "agents should not need to run as root" [Medium,Fix released] https://launchpad.net/bugs/948467
<uvirtbot> New bug: #949261 in quantum "Nova drivers need to be removed from Linux Bridge Plugin code base" [Medium,Fix released] https://launchpad.net/bugs/949261
<uvirtbot> New bug: #950535 in quantum "Doc: Example 3.10 title is incorrect" [Undecided,Fix released] https://launchpad.net/bugs/950535
<uvirtbot> New bug: #951089 in quantum "Wrong title descriptions in port API docs" [Undecided,Fix released] https://launchpad.net/bugs/951089
<uvirtbot> New bug: #954538 in quantum "Cisco plugin unit tests are failing" [High,Fix released] https://launchpad.net/bugs/954538
<uvirtbot> New bug: #954906 in quantum "Missing files in generated tarballs" [Critical,Fix released] https://launchpad.net/bugs/954906
<uvirtbot> New bug: #962282 in quantum "HTTP action in API doc for Delete Network should be DELETE instead of PUT" [Medium,Fix released] https://launchpad.net/bugs/962282
<uvirtbot> New bug: #962853 in quantum "After enabling authN, creating a second network for 'default' tenant fails" [Critical,Fix released] https://launchpad.net/bugs/962853
<uvirtbot> New bug: #963152 in quantum "Missing files in Quantum RC1 tarballs ?" [High,Fix released] https://launchpad.net/bugs/963152
<uvirtbot> New bug: #994652 in quantum "nova-scheduler crashes with the cisco Quantum scheduler" [Undecided,Fix released] https://launchpad.net/bugs/994652
<uvirtbot> New bug: #995438 in quantum "Quantum Service Terminates if database service is not running" [Undecided,Fix released] https://launchpad.net/bugs/995438
<uvirtbot> New bug: #1000251 in quantum "calling quantumclient CLI from cisco plugin CLI doesn't work" [Undecided,Fix released] https://launchpad.net/bugs/1000251
<uvirtbot> New bug: #1007153 in quantum "XS should not have the centos repo enabled by quantum this can break the system" [Undecided,Fix released] https://launchpad.net/bugs/1007153
<uvirtbot> New bug: #1089404 in lxc (universe) "lxc-console man page: document escape sequence" [Low,Triaged] https://launchpad.net/bugs/1089404
<uvirtbot> New bug: #921774 in nova "snapshot stays in saving state if the vm base image is deleted" [High,Fix released] https://launchpad.net/bugs/921774
<uvirtbot> New bug: #956559 in quantum "VIF driver and scheduler for UCS plugin are broken" [High,Fix released] https://launchpad.net/bugs/956559
<uvirtbot> New bug: #994758 in quantum "xen installer crashes on quantum agent installation" [Undecided,Fix released] https://launchpad.net/bugs/994758
<uvirtbot> New bug: #1001941 in quantum "Linux bridge print error" [Undecided,Fix released] https://launchpad.net/bugs/1001941
<uvirtbot> New bug: #1004791 in nova "When attach volume lost attach when node restart" [High,Fix released] https://launchpad.net/bugs/1004791
<uvirtbot> New bug: #1020555 in horizon "Wrong 'Download CSV Summary' link" [High,Fix released] https://launchpad.net/bugs/1020555
<uvirtbot> New bug: #1026210 in nova "Nova flavor ephemeral space size reported incorrectly" [Undecided,Fix released] https://launchpad.net/bugs/1026210
<uvirtbot> New bug: #1031291 in horizon "TypeError when trying to delete an unnamed volume via dashboard" [High,Fix released] https://launchpad.net/bugs/1031291
<uvirtbot> New bug: #1039077 in horizon/essex "open redirect / phishing attack via "next" parameter" [Medium,Fix released] https://launchpad.net/bugs/1039077
<uvirtbot> New bug: #1040537 in nova "Bridge port's hairpin mode not set after resuming a machine" [High,Fix released] https://launchpad.net/bugs/1040537
<uvirtbot> New bug: #1045152 in oslo "Heavily loaded nova-compute instances don't sent reports frequently enough" [High,Confirmed] https://launchpad.net/bugs/1045152
<uvirtbot> New bug: #1057125 in horizon/essex "stable/essex horizon installs unusable version of glance" [Critical,Fix released] https://launchpad.net/bugs/1057125
<uvirtbot> New bug: #1089402 in qemu-kvm (main) "qemu-utils installs dangling symlink in precise" [Undecided,New] https://launchpad.net/bugs/1089402
<uvirtbot> New bug: #996482 in nova/essex "failed to allocate fixed ip because old deleted one exists" [Medium,Fix released] https://launchpad.net/bugs/996482
<uvirtbot> New bug: #1017633 in nova/essex "deallocate_fixed_ip attempts to update an already deleted fixed_ip" [Medium,Fix released] https://launchpad.net/bugs/1017633
<uvirtbot> New bug: #1043999 in nova "nova usage-list returns  wrong usage" [High,Fix released] https://launchpad.net/bugs/1043999
<uvirtbot> New bug: #1046313 in nova "At termination, LXC rootfs is not always unmounted before rmtree() is called" [High,Fix released] https://launchpad.net/bugs/1046313
<uvirtbot> New bug: #1079745 in nova/essex "Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached" [Undecided,Fix committed] https://launchpad.net/bugs/1079745
<uvirtbot> New bug: #1088971 in squid3 (main) "squid3 is not compiled with ssl support" [Undecided,Won't fix] https://launchpad.net/bugs/1088971
<uvirtbot> New bug: #1089218 in munin (main) "Merge munin 2.0.9-1 (main) from Debian experimental" [Wishlist,New] https://launchpad.net/bugs/1089218
<uvirtbot> New bug: #1089342 in postfix (main) "Postfix uses temporary IPv6 address for outbound connections" [Wishlist,Confirmed] https://launchpad.net/bugs/1089342
<uvirtbot> New bug: #953093 in glance (main) "Add dbconfig-common support to glance" [Low,Won't fix] https://launchpad.net/bugs/953093
<Daviey> thanks for the update uvirtbot
<uvirtbot> New bug: #797419 in quantum "Quantum routes error on RHEL" [Undecided,Fix released] https://launchpad.net/bugs/797419
<uvirtbot> New bug: #798261 in quantum "Quantum API fails to generate JSON Faults" [High,Fix released] https://launchpad.net/bugs/798261
<uvirtbot> New bug: #813433 in quantum "Align API implementation with specifcation" [Critical,Fix released] https://launchpad.net/bugs/813433
<uvirtbot> New bug: #814012 in quantum "Malformed XML request body causes 500 error" [Low,Fix released] https://launchpad.net/bugs/814012
<uvirtbot> New bug: #1041396 in keystone/essex "Token validation includes revoked roles (CVE-2012-4413)" [Critical,Fix released] https://launchpad.net/bugs/1041396
<uvirtbot> New bug: #1046905 in keystone/essex "Memcached Token Backend does not support list tokens" [Critical,Fix released] https://launchpad.net/bugs/1046905
<uvirtbot> New bug: #1050025 in keystone/essex "Token invalidation in case of role grant/revoke should be limited to affected tenant" [Medium,Fix released] https://launchpad.net/bugs/1050025
<uvirtbot> New bug: #1056373 in keystone/essex "memcache driver needs protection against unicode user keys" [Critical,Fix released] https://launchpad.net/bugs/1056373
<uvirtbot> New bug: #1088857 in net-snmp (main) "LM-SENSORS-MIB includes thresholds" [Undecided,New] https://launchpad.net/bugs/1088857
<yolanda> !
<uvirtbot> New bug: #814518 in quantum "Request body parser should reject body with invalid elements" [Low,Fix released] https://launchpad.net/bugs/814518
<Pici> soren: uvirtbot is going a bit nuts, ideas?
<uvirtbot> New bug: #817813 in quantum "Default plugin in the plugins.ini" [High,Fix released] https://launchpad.net/bugs/817813
<uvirtbot> New bug: #814517 in quantum "XML serializer adds extra spaces / newlines to text" [Low,Fix released] https://launchpad.net/bugs/814517
<uvirtbot> New bug: #818321 in quantum "Inconsistent deserialization of integers" [High,Fix released] https://launchpad.net/bugs/818321
<uvirtbot> New bug: #821733 in quantum "Undefined variable in cli.py" [Medium,Fix released] https://launchpad.net/bugs/821733
<uvirtbot> New bug: #824145 in quantum "Quantum needs a setup script" [Undecided,Fix released] https://launchpad.net/bugs/824145
<uvirtbot> New bug: #827272 in quantum "collection actions for PUT and DELETE methods on resource extension routes to update and delete action of the resource." [Undecided,Fix released] https://launchpad.net/bugs/827272
<uvirtbot> New bug: #804237 in quantum "Avoid loading plugin multiple times" [High,Fix released] https://launchpad.net/bugs/804237
<uvirtbot> New bug: #834008 in quantum "Remove weak pattern in API" [Undecided,Fix released] https://launchpad.net/bugs/834008
<uvirtbot> New bug: #822890 in quantum "Quantum project is missing any sort of "LICENSE" file that is needed to ensure that we meet "legalese" requirements." [Critical,Fix released] https://launchpad.net/bugs/822890
<uvirtbot> New bug: #834013 in quantum "API: create operations should return 202" [Undecided,Fix released] https://launchpad.net/bugs/834013
<uvirtbot> New bug: #834491 in quantum "api alignment merge broke ovs plugin" [Critical,Fix released] https://launchpad.net/bugs/834491
<uvirtbot> New bug: #834694 in quantum "Integrity error when deleting a network with ports" [Medium,Fix released] https://launchpad.net/bugs/834694
<uvirtbot> New bug: #835216 in quantum "Arg values not being populated in exceptions report by CLI" [High,Fix released] https://launchpad.net/bugs/835216
<uvirtbot> New bug: #1089466 in horizon (main) "[SRU] Meta bug for tracking Horizon stable-essex update" [Undecided,Confirmed] https://launchpad.net/bugs/1089466
<halvors> I get an error from dovecot, and can't figure out how to fix it: http://paste.ubuntu.com/1427860/
<halvors> May anyone update the roundcibe package to the latest version?  0.8.4 http://www.roundcube.net/
<uvirtbot> New bug: #897882 in quantum "Quantum needs proper setup.py (was: command 'egg' not found when running install_venv.py)" [High,Fix released] https://launchpad.net/bugs/897882
<uvirtbot> New bug: #900093 in quantum "_check_duplicate_net_name in db/api.py" [Undecided,Fix released] https://launchpad.net/bugs/900093
<halvors> Nobody knows how to fix my issue?
<uvirtbot> New bug: #833163 in quantum "Pep8 Violations in recent packaging changes that were merged into the trunk" [Critical,Fix released] https://launchpad.net/bugs/833163
<uvirtbot> New bug: #900277 in quantum "cleanup in cisco plugin db api module" [Low,Fix released] https://launchpad.net/bugs/900277
<uvirtbot> New bug: #900316 in quantum "Installation with setup.py doesn't work" [High,Fix released] https://launchpad.net/bugs/900316
<uvirtbot> New bug: #902175 in quantum "nova-manage network delete fails with QuantumManager" [High,Fix released] https://launchpad.net/bugs/902175
<rbasak> soren: uvirtbot spam ^^  - any chance you could shut it up, please?
<uvirtbot> New bug: #903580 in quantum "avoid erroneous error about extensions path on boot" [Low,Fix released] https://launchpad.net/bugs/903580
<uvirtbot> New bug: #891705 in quantum "Extensions' CLI module in Cisco plugin is broken after packaging changes" [Medium,Fix released] https://launchpad.net/bugs/891705
<uvirtbot> New bug: #906636 in openstack-ci "quantum virtualenv doesn't build" [Critical,Fix released] https://launchpad.net/bugs/906636
<uvirtbot> New bug: #911663 in quantum "PEP8 quantum cleanup" [Undecided,Fix released] https://launchpad.net/bugs/911663
<uvirtbot> New bug: #916018 in openstack-ci "Need to have working quantum-tarball jobs" [High,Fix released] https://launchpad.net/bugs/916018
<uvirtbot> New bug: #917630 in quantum "quantum plugin setup scripts can't import version" [Undecided,Fix released] https://launchpad.net/bugs/917630
<uvirtbot> New bug: #919265 in quantum "Quantum create port API accepts invalid state value" [Undecided,Fix released] https://launchpad.net/bugs/919265
<uvirtbot> New bug: #1089488 in nova (main) "[SRU] Meta bug for tracking Nova stable-essex updates" [Undecided,Confirmed] https://launchpad.net/bugs/1089488
<uvirtbot> New bug: #920299 in quantum "quantum has outdated + duplicate README" [Medium,Fix released] https://launchpad.net/bugs/920299
<adam_g> Daviey: sup
<uvirtbot> New bug: #834449 in quantum "Plugin gets loaded twice" [High,Fix released] https://launchpad.net/bugs/834449
<Darkstar1> Hello everyone.
<RoyK> evening
<uvirtbot> New bug: #817826 in quantum "Incorrect param name in cli.py" [Medium,Fix released] https://launchpad.net/bugs/817826
<uvirtbot> New bug: #798262 in quantum "Faulty XML deserialization " [Critical,Fix released] https://launchpad.net/bugs/798262
<Darkstar1> Just a qq. The php max upload filesize is set at 64M I can't attach anything bigger than 8Mb to an email on the when trying to send
<Darkstar1> Anyone know what else could be the limiting factor?
<halvors> I get an error from dovecot, and can't figure out how to fix it: http://paste.ubuntu.com/1427860/
<halvors> Is the way to go to just make dir /var/www/Maildir and chown and chgrp to www-data?
 * RoyK guesses apparmor may be in the way
<rbasak> Why use /var/www/Maildir in the first place? I think a good answer depends on the answer to this question.
<rbasak> Or is this a dovecot thing?
<zul> adam_g: did you push the quantal sru into the CA
<adam_g> zul: no, i wasn't planning on putting any of them there until they get into quantal-proposed
<adam_g> back in 30
<zul> adam_g: k
<uvirtbot> New bug: #1089519 in clamav (main) "package clamav-freshclam 0.97.6+dfsg-1ubuntu1 failed to install/upgrade: package clamav-freshclam is already installed and configured" [Undecided,New] https://launchpad.net/bugs/1089519
<adam_g> zul: did you get a bug # from jay's keystoneclient issue yesterday?
<zul> adam_g: yeah i asked him to open up a bug against python-keystone but i wasnt able to reproduce this myself
<adam_g> zul: did one get opened? curious about it but cant find one
<zul> hld on
<zul> https://bugs.launchpad.net/ubuntu/+source/python-keystoneclient/+bug/1089194
<uvirtbot> Launchpad bug 1089194 in python-keystoneclient "Oddness in keystoneclient Folsom packaging in relation to Glance" [Undecided,Incomplete]
<bieb> I installed 12.04 server, I need gui for one of the people that will be using server.. I did apt-get install xinit, when I startx I get a small white box in the upper left with a command prompt.. any ideas?
<sarnold> you might also want to install a window manager
<RoyK> bieb: apt-get install ubuntu-desktop
<RoyK> just make sure network-manager* isn't installed - it'll mess up networking - binding it to the gui
<RoyK> you can easily uninstall it later, though I don't think ubuntu-desktop includes that
<bieb> RoyK: does that give teh same desktop as a regular 12.04 install?
<bieb> RoyK: unity.. I couldnt remember the name of it
<uvirtbot> New bug: #1089583 in dovecot (main) "Dovecot gets killed upon starting" [Undecided,New] https://launchpad.net/bugs/1089583
<RoyK> bieb: yes
<RoyK> it does
<RoyK> of course, you can change that later
<bieb> ehhh.. not a huge fan of unity
<RoyK> but it installs whatever needed for a good desktop
<bieb> can you install the ubuntu fallback?
<RoyK> I don't use X on servers
<RoyK> someone else might know
<bieb> ohh.. that would be a good reason to use the ubuntu desktop.. to give a good desktop
<sarnold> bieb: was that 'gnome-panel'?
<bieb> sarnold: not sure what the old ubuntu gui was.. I thought you could apt get ubuntu fallback.. I will have to look that up
<sarnold> heh, apt-cache search ubuntu fallback --> 0 results
<bieb> sarnold: gnome-session-fallback
<sarnold> bieb: nice. :D
<bladernr_> can someone give me a little basic info about the Cloud live image?
<bladernr_> Following the instructions here: https://help.ubuntu.com/community/UbuntuCloudInfrastructure#Use_Your_Cloud I am told to go to http://node-address/horizon and log in.  that returns a 404 error
<bladernr_> if I go to http://node-address (presuming that's actually the correct way), I DO get a login prompt
<bladernr_> however, the suggested UID/PW of admin/openstack does not work.
<Daviey> adam_g: bug 1029430 .. I can't quite grok what kernel/userspace combo this impacts. Is it clear to you?
<uvirtbot> Launchpad bug 1029430 in nova "KVM guests networking issues with no virbr0 and with vhost_net kernel modules loaded" [High,Confirmed] https://launchpad.net/bugs/1029430
 * Daviey wants a truth table :)
<adam_g> Daviey: yes. kernel 3.3. made vhost_net enabled by default. when its enabled, virtualized enviornments where a dhcp server is running on the host and serving to guests on the same machine (nova's multi_host, libvirt's default network) wont work without some extra IPtables rules. libvirt takes care of setting this up for its default network (and i believe other networks it manages), but other virt users (nova, for instance) that do not make us
<sarnold> adam_g: but off at 'make us'
<sarnold> s/but/cut/
<Neal_> Can I resize my partitions without rebooting the server?
<adam_g> sarnold: huh?
<sarnold> adam_g: you wrote too much in one line, you got cut off at "that do not make us"
<adam_g> oh
<adam_g>  other virt users (nova, for instance) that do not make use of libvirt for that  need to do so manually
<Daviey> adam_g: Ah, that is the issue you were working on!
<Daviey> makes sense now
<escott> Neal_, if you can umount them
<Neal_> escott: it's the main partition
<adam_g> Daviey: i imagine there are build options to avoid the change, tho
<escott> Neal_, then no. not with most normal filesystems
<sarnold> Neal_: resize2fs manpage says you can expand ext3 and ext4 without having to unmount the filesystem first
<sarnold> Neal_: whether you trust it is another matter :D
<Neal_> escott: I have 1.8TB on /home and only 10GB on / and I want / to have 100GB instead, but I can't take the server offline.
<Daviey> adam_g: but it's indicative of potential unnoticed regressions
<Neal_> sarnold: will look into it, thanks
<chilicuil> hi, good morning, I'm trying to setup bonding in my ubuntu machine, I use wicd as network manager, I've following wiki to get an bond0 device, https://help.ubuntu.com/community/UbuntuBonding , it works to set it up, however when I use wicd-curses to stablish a conection with 1 of the slave devices it pushes wlan0 out of the slaves interfaces, should I stop using wicd bonding?
<RoyK> chilicuil: what are you trying to accomplish?
<chilicuil> RoyK: to use 2 wireless connections as 1 in order to obtain as much assurance in the conection as possible
<RoyK> same access point?
<chilicuil> RoyK: no
<RoyK> same L3 network?
<chilicuil> RoyK: no
<RoyK> then you'll need a routing protocol of sorts
<chilicuil> they're 2 different isp
<sarnold> isn't bonding intended more for "doubling speed" than "doubling reliability"? sort of like a striped RAID rather than mirrored RAID?
<RoyK> sarnold: bonding is a lot of different things
<sarnold> RoyK: hehe, figures :)
<RoyK> sarnold: with LACP, you can have redundancy and higher bandwidth, with master/slave setup, you only get redundancy etc
<RoyK> read up about it
<sarnold> RoyK: thanks! :D
<chilicuil> RoyK: ok, I'll look at it, thanks for your time
<uvirtbot> New bug: #1089602 in ceph (main) ""ceph" package in Quantal (12.10) linked against libunwind7, which is not available" [Undecided,New] https://launchpad.net/bugs/1089602
<uvirtbot> New bug: #1089194 in python-keystoneclient "Oddness in keystoneclient Folsom packaging in relation to Glance" [Undecided,Invalid] https://launchpad.net/bugs/1089194
<hallyn> stgraber: so lxc-attach works (at leaset without userns) with the userns kernel...  but apparmor profile doesn't get changed of course.  which is sort of dangerous.  just something to heed
<stgraber> hallyn: hmm, indeed. I guess we'll want lxc to change to the container's apparmor profile too then
<hallyn> stgraber: probably safest with a lxc-attach-specific profile which allows bypassing lxc-start on the way to the container profile
<hallyn> sigh
<hallyn> somehow didn't see thta one coming
<hallyn> yeah and attach to userns does nto yet work
<stgraber> see, we still have lots of things to do for alpha2 ;)
<stgraber> (upstream lxc alpha2 that's)
<hallyn> well thats a kernel bug
<hallyn>  / missing feature
<hallyn> u guess ill file a bug about the profile switch
<hallyn> sigh
<hallyn> s/^u/i/
<jcastro_> smoser: new stable-apt fast release, feels more transparent than bolted on now.
<jcastro_> smoser: it's pretty insanely fast with aws mirrors
<smoser> ?
<smoser> link?
<jcastro_> http://www.iloveubuntu.net/apt-fast-181-released-aria2c-default-and-under-hood-improvements
<jcastro_> smoser: I put like three regions in the mirror= section and cranked up the connections to 35 and it was real fast.
<jcastro_> smoser: I have no science for you though, just anecdotes and possibly misleading localized performance.
<jcastro_> :)
<uvirtbot> New bug: #1089629 in lxc (universe) "lxc-attach must switch to container's apparmor profile" [High,Triaged] https://launchpad.net/bugs/1089629
<smoser> jcastro_, can i 'apt-get update' somehow ?
<jcastro_> apt-fast update
<adam_g> Daviey: still about?
<Daviey> adam_g: yah
<adam_g> Daviey: http://people.canonical.com/~agandelman/nova_2012.2-0ubuntu5.2~cloud0/
<adam_g> Daviey: just hit quantal-security. thats for ca. also, theres the 2012.2.1 update thats stewing in queue for quantal-proposed, that doesn't include that security update. should i just trump that with a new stable/folsom snapshot that includes this cve?
<Daviey> adam_g: yeah, the copy from quantal-proposed to updates could happen now
<Daviey> So base on quantal-proposed, and we'll fast track it
<keithzg> Hmm, is there any hope for qemu-kvm 1.2 to be backported to 12.04? Being unable to blockpull really puts a kink in external snapshotting . . .
<adam_g> Daviey: not sure i follow that
#ubuntu-server 2012-12-13
<Daviey> adam_g: Ah, i misunderstood.. I thought there was a set in folsom-proposed waiting to go to folsom-updates.. which needed copying
<adam_g> Daviey: theres a stable/folsom sanpshot i put into queue for quantal-proposed (2012.2.1-ubuntu0) that are still waiting to be accepted.  meanwhile, this security update just hit based on 2012.2-0ubuntu5
<Daviey> ahh
<Daviey> adam_g: if you want to rebase your chsange, i'll reject the current one from the queue?
<adam_g> Daviey: ya
<Daviey> adam_g: rejected.
<adam_g> Daviey: does this new vers for quantal-proposed require a version bump? or does it not, since it was never accepted to begin with?
<adam_g> Daviey: also, theres a nova 2012.2+stable-20121102-e76848a0-0ubuntu1 in the quantal-proposed queue that can be rejected, too
<adam_g> Daviey: [ubuntu/quantal-proposed] nova 2012.2.1+stable-20121212-a99a802e-0ubuntu1 (Waiting for approval) (the new one). gotta run now. cya
<jasonmsp> where can i find documentation on when php will go above 5.3.2 on 10.04?
<stiv2k> how come i dont have add-apt-repository command
<stiv2k> what package is it found in
<sarnold> stiv2k: python-software-properties
<stiv2k> no
<stiv2k> you're wrong
<stiv2k> i tried that and it wasn't in there
<sarnold> darn, then time to go hunting at http://packages.ubuntu.com
<stiv2k> lol
<stiv2k> i found it
<uvirtbot> New bug: #1069534 in libvirt (main) "libvirt doesn't include *.vnc files with apparmor profiles" [Medium,Fix released] https://launchpad.net/bugs/1069534
<sarnold> silly bot. "New bug...Fix released".
<Saturn2888> hi all! :). When running mdadm, if it's rebuilding your array, how do you watch to make sure? I wanna make sure it's actually doing a rebuild.
<Saturn2888> I have a feeling it's not working bc "cat /proc/mdstat" doesn't show any progress bars, it's just showing that there's an active raid1 but doesn't show the other drive in here. The drive and partition both do show up in /dev though
<Saturn2888> ok weird
<Saturn2888> it made a /dev/md127. I want to get rid of /dev/md127 and add that drive back into /dev/md0
<frodus> Hi Saturn2888,
<frodus> I have just started using RAID1 on ubuntu.
<frodus> To rebuild an array I do the following:
<frodus> * Delete the partision that is broken..  sudo mdadm --zero-superblock /dev/sdb1
<frodus> * Then re-add it to my array.. sudo mdadm --add /dev/md0 /dev/sdb1
<frodus> Then you will see that the array rebuild with cat /proc/mdstat
<frodus> or to see an update every 10 sec:   watch -n10 cat /proc/mdstat
<koolhead17> melmoth: sir
<melmoth> hola koolhead17
<koolhead17> melmoth: how have you been? too much travelling is it?
<melmoth> was in montreal last week.
<melmoth> this week, no travelling, and the 2 next ones; holidays (yep, _again_)
<koolhead17> melmoth: awesome!! Any india trip?
<melmoth> not for me.
<melmoth> having an indian visa is quite a challenge apparently
<YamakasY> morning all
<RoyK> mrnng
<Daviey> morning RoyK
<stiv2k> RoyK lost his vowels
<RoyK> stiv2k: usually happens before coffee
<stiv2k> lol
<lynxman> melmoth: isn't it too early for you mon ami ;)
<melmoth> hmmm ?
<melmoth> it s noon
<melmoth> and i havent eaten yet !
 * cloud_away is now away - Reason : sHOWER
 * cloudman is no longer away - Gone for 16 mins 25 secs
<zul> jamespage: so where is the info we need for the dep-8 stuff?
<jamespage> zul, all linked from https://wiki.ubuntu.com/QATeam/AutomatedTesting/Hackfest
 * smb cheers at xen-r not in proposed anymore
<yolanda> jamespage, zul, trying to verify that bug: https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1087183 - can i get some help on configuring cloud-init in maas?
<uvirtbot> Launchpad bug 1087183 in maas "MaaS cloud-init configuration specifies 'manage_etc_hosts: localhost'" [Undecided,New]
<zul> yolanda: im sooooo the wrong person for that :)
<yolanda> zul, do you have some candidate for that?
<zul> smoser should be able to help
<smoser> yolanda, i think yo ucan call it 'verified'.
<smoser> errr, confirmed.
<yolanda> i was trying to reproduce it by some way
<smoser> well, gettingto that stage will be fairly high curve.
<yolanda> and i should say "HIgh" importance?
<smoser> it *does* do that, i can validate that. and it was not happenstance.
<smoser> high would work.
<yolanda> ok
<uvirtbot> New bug: #1089833 in quantum (main) "Duplicate files provided by multiple packages" [Undecided,New] https://launchpad.net/bugs/1089833
<yolanda> mm, should i set the status to same bug but for different projects? or only for the maas(Ubuntu) one?
<uvirtbot> New bug: #1031147 in horizon (main) "precise-trunk-testing horizon" [Undecided,New] https://launchpad.net/bugs/1031147
<smoser> yolanda, you can leave the status of the others. or set them. if someone doesn't like how you set them, they can set them otherwise.
<yolanda> ok
<smoser> often times if i'm changing something i'm not sure about, i just put a comment in to that affect.
<smoser> "if you don't like this, please feel free to change it"
<uvirtbot> New bug: #1043564 in quantum (main) "quantum packages are broken" [Undecided,New] https://launchpad.net/bugs/1043564
<zul> Daviey: btw xen and xcp is fixed in raring
<uvirtbot> New bug: #1089982 in php5 (main) "Dependency Problem php5-common (= 5.3.10-1ubuntu3)" [Undecided,New] https://launchpad.net/bugs/1089982
<zapotah> Hi. Is the default apt repo apache httpd not built with ecc capability?
<Daviey> zul: what was the issue
<zul> Daviey:  incompatibility between xen-4.1 and xen-4.2
<Daviey> ahh
<zapotah> zul: what kind of incompatibility?
<zapotah> zul: what is the problem
<zul> zapotah: xcp is built for xen-4.1 but we have moved to xen-4.2
<zapotah> xcp uses by default the xm toolstack
<zapotah> if i remember correctly
<zul> zapotah: right we are waiting for some more bits from citrix
<zapotah> but it was modifiable to use xl
<zapotah> xcp is not maintained by citrix
<zapotah> citrix contributes
<zul> hallyn: so should put the lxc apparmor bits into the libvirt apparmor bits?
<hallyn> zul: not sure what you mean.  i think the answer is no
<hallyn> zul: we should find out whether jdstrand has thought at all about how to protect libvirt-lxc with apparmor "the right way"
<zul> hallyn: we should
<hallyn> how would we go about that :)
<berndt> Hey, I have recently started experimenting and using my desktop as a personal server
<zul> hallyn: something to look at after we are back from christmas
<hallyn> zul: agreed
<berndt> I want to add a web server so I can display my personal webpages but last time I tried apache, my system sort of messed up and I wasn't able to display anything
<berndt> Since I am completely new to server hosting, is there anything I should learn from start? So far I have been able to host a SSH which is working
<berndt> I also tried setting up an FTP but so far I have had little success getting it to allow people in. The tutorials I've used haven't been very good either..
<RoyK> berndt: which ftp server?
<berndt> vsftpd
<RoyK> I use that as well, having used it for years
<berndt> Then maybe you can help me out with my first problem
<RoyK> what is it that doesn't work?
<berndt> I followed a tutorial on how to install it and I have opened ports 20 and 21 through my router
<RoyK> you don't need to open port 20
<RoyK> that's the return port
<berndt> Well, it is open either way
<RoyK> what's the ip address?
<berndt> (but according to www.canyouseeme.com it is not accessible)
<berndt> 94.103.193.169
<RoyK> works for me
<RoyK> one directory, Filmer, which seems to be empty
<berndt> yeah, well what I want to do is create a closed FTP
<RoyK> then set 'local_enable=yes' and 'anonymous_enable=no' in vsftpd.conf and restart it
<berndt> BUT
<berndt> what I want to know
<RoyK> btw, keep in mind that FTP uses cleartext passwords, which generally isn't a very good idea
<RoyK> using sftp instead is far safer
<berndt> is if there is a way around having to create system user accounts, and just create a login for the ftp
<RoyK> using a client like filezilla
<berndt> That is exactly what I want!
<RoyK> you can chroot sftp users
<berndt> Excuse my ignorance, but I never really understood what chroot was
<berndt> I understand what the difference between ftp and sftp is, though
<jdstrand> hallyn, zul: I really haven't thought about libvirt-lxc because our preferred lxc solution is lxc and I thought we were going to try to submit a new libvrt driver for our supported lxc when the time was right
<RoyK> with sftp, all traffic is sent over ssh, so ssh is responsible fot the security
<zul> jdstrand: right
<RoyK> with ftp, you use the not-so-good-but-quite-old ftp protocol alone
<jdstrand> hallyn, zul: if I were to think about it, I would look at what selinux did and implement the hooks that were added there in the apparmor driver
<RoyK> berndt: ftp is generally only used for anonymous setups these days
<zul> jdstrand: i can probably poke at it
<jdstrand> s/selinux did/the svirt driver did for selinux/
<RoyK> berndt: chroot means a client is 'jailed' to her home directory (or some common dir)
<hallyn> jdstrand: yes, a driver for our lxc would be preferred for testing and duplication reasons
<berndt> RoyK, do I need a different server software than vsftpd to use sftp or do I just need to edit the settings?
<RoyK> jdstrand: so, first of all, shut down vsftpd - you don't need it
<hallyn> but, i'm heading out.  back briefly next week, but in case i miss y'all, happy holidays
<RoyK> sshd does this already
<jdstrand> hallyn: you too! :)
<RoyK> berndt: and close ports 20-21 in the router
<jdstrand> RoyK: I'm assuming that wasn't actually meant for me
<berndt> so I just need to have 22 open?
<RoyK> berndt: ssh runs over 22/tcp, and since sftp/scp runs over ssh, that's all you need
<berndt> jdstrand, it was meant for me :)
<RoyK> jdstrand: oops - no :)
<berndt> RoyK, so I could just uninstall vsftpd all in all if I have no interest in hosting an anonymous FTP?
<RoyK> yeah, remove it
<berndt> RoyK, okay 2 sec
<berndt> RoyK, there we go. It's gone
<RoyK> yep
<berndt> RoyK, Now, how do I configure this sftp?
<RoyK> now, just try to sftp localhost
<berndt> I could connect fine
<RoyK> yep
<RoyK> berndt: what you can see there, is your home dir, but you can also see anything else on that machine you have access to
<RoyK> pwd
<RoyK> and it'll probably show you /home/yourusername
<berndt> Indeed it does
<RoyK> now, create a dummy user for testing and use that further for this
<RoyK> http://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze
<RoyK> that lists pretty much what you'll have to do
<berndt> by dummyuser, you mean a user on my system, right?
<RoyK> yes
<RoyK> useradd -m somedummyuser
<RoyK> you might want to install rssh and use that as the dummyusers's shell
<berndt> I did this yesterday, although through the gui
 * RoyK never uses a gui on his servers ;)
<berndt> Well, cut me some slack. I have not very long ago migrated to ubuntu from windows, so I am still adapting to using the shell in combination with gui
<berndt> baby steps :)
<RoyK> berndt: apt-get install rssh # and use that for those sftp-only users
<berndt> Am I supposed to include the # sign in the command?
<RoyK> berndt: I'm aware of that learning the linux commandline will take time :)
<RoyK> that was only given in case you pasted the whole line :)
<RoyK> it's a comment sign in bash (your shell)
<berndt> yeah I have noticed that, but I am not that stupid.. :)
<RoyK> so the bash won't try to parse whatever's after it
 * RoyK hasn't named berndt stupid ;)
<berndt> anyway, I have done as told and installed rssh
<RoyK> then chsh -s /usr/bin/rssh dummyuser
<RoyK> btw, this one was a bit better http://ubuntuforums.org/showthread.php?t=128206
<RoyK> describes how to use rssh to chroot users to a given dir
<RoyK> your chroot path is likely to be whereever you pointed vsftpd to (or Filmer)
<berndt> Okay, what did chsh do? (I could 'man chsh' it but that takes time..)
<RoyK> change shell
<berndt> so I am using the users shell now?
<RoyK> the newly created users will probably be using dash or bash as default - you want rssh to restrict them to only sftp, chrooted, and not ssh login
<RoyK> erm
<RoyK> no
<RoyK> you're not
<RoyK> chsh -s /usr/bin/rssh dummyuser <-- set user 'dummyuser's shell to /usr/bin/rssh
<RoyK> DON'T set the root shell to rssh
<berndt> Oh, so if I were to log in with dummyuser, that would be my initial directory?
<RoyK> after you've configured rssh correctly, you'll see
<berndt> Oh, okay.
<RoyK> see the link I posted above on ubuntuforums
<berndt> Yeah, I wondered if you wanted me to read that and come back to you or continue bothering you for help :P
<RoyK> I think reading that will help a lot
<RoyK> better if you understand what you do than just listen to someone telling you all commands
<berndt> Okay, so I'll read that and try my best to get it working, and then I'll come back and report
<RoyK> break a leg :)
<berndt> It would be better for me to learn a text edit in a terminal rather than gedit I think. Everyone seems to be using either vi or nano..
<RoyK> nano is good for a start
 * RoyK just uses vim
<RoyK> berndt: if you want to learn vim, start by running vimtutor
<RoyK> but then, if you want sftp up - better start with nano
<RoyK> or gedit
<RoyK> or anything, really
<RoyK> learning vim takes some time
<berndt> I study CS and every now and then there is a heated debate wether vim or emacs is the best text editor
<RoyK> well, people will argue about that until the end of days, probably further
<berndt> Probably. Anyway,  I will start with nano
<berndt> question
<berndt> I am currently editing rssh.conf
<berndt> and the guide tells me to change the "chrootpath" to /home/chroot. Am I not supposed to change that to my dummyuser?
<RoyK> no, you'll want to chroot the users to the path you gave in vsftpd.conf
<RoyK> a common path from where users can download their stuff
<berndt> okay, but I should change the suggested "/home/chroot" to the one I had chosen before? (Which was /home/dummyuser")
<berndt> since I don't have a user called chroot..?
<berndt> RoyK ping
<RoyK> berndt: where do you have the Filmer directory?
<RoyK> berndt: a bit away here from time to time - it's irc - get used to it ;)
<berndt> my "dummyuser" is called ftpuser001
<berndt> so Filmer is "/home/ftpuser001/Filmer"
<berndt> should I edit it to chrootpath = /home/ftpuser001/ ?
<RoyK> berndt: do you have a common place from where all the users should download things?
<berndt> That is where I want them to download/upload things
<RoyK> yes
<berndt> then I am editing it that way!
<berndt> What command do I use in nano to "save"?
<RoyK> see bottom
<RoyK> ^X is exit (iirc) and that'll prompty you
<uvirtbot> RoyK: Error: "X" is not a valid command.
 * RoyK slaps uvirtbot 
<berndt> isn't there a normal save command?
<RoyK> afaics, no
<berndt> Alright
<berndt> well, saved
<RoyK> I don't use nano a lot (as in close to never)
<berndt> continuing with tutorial
<berndt> RoyK I have run into a problem - I am supposed to copy a libnss_compat.so.2 to the directory, but I don't have the file in its original directory (/lib/)
<berndt> RoyK, what should I do if I don't even have the file on my system? :S
<berndt> RoyK, I am apparently missing another system file. This time it's /etc/init.d/sysklogd which seems crucial to this tutorial...
<berndt> found it, it was located in /etc/rsyslog.conf
<freakynl> Hi, can I make aptitude (apt-get) work over socks? More specifically, ssh -D (socks 4/5)
<mathiaz> smoser: hello!
<mathiaz> smoser: long time no see
<smoser> mathiaz, hey.
<smoser> i've only got a few minutes. what sup ?
<mathiaz> smoser: playing with cloudinit
<Daviey> mathiaz: HEY!
<mathiaz> smoser: and using a multipart user data
<smoser> (oh yeah, and good to see you :)
<mathiaz> smoser: because I want to execute a script before cloud-config is run)
<Daviey> mathiaz is like, one of those really bad ex's... Only contacts you when they want something.
<mathiaz> smoser: however it seems that cloudinit is always started before the script
<mathiaz> smoser: even the script mime part is before the cloud-init mime part in the user data payload
<mathiaz> Daviey: hi!
<mathiaz> Daviey: good to see you to
<mathiaz> Daviey: *too*
<mathiaz> smoser: any quick idea why?
<smoser> thats how its designed.
<mathiaz> smoser: so there is no way to run a script before cloud-init?
<smoser> your saying the config modules are happening before your user-data part is handled.
<mathiaz> smoser: well I've got 2 parts in the user-data
<smoser> right.
<smoser> https://help.ubuntu.com/community/CloudInit
<smoser> you are wanting a boot hook.
<smoser> that is executed pretty much as soon as its read.
<mathiaz> smoser: great - I'll look into this
<smoser> (note, also, that cloud-config's "bootcmd" are similar)
<mathiaz> smoser: I need to fix an ami before cloud-config is run
<smoser> riht.
<smoser> boot hook will do.
<mathiaz> smoser: great! thanks!
 * lborda asks: Hello... would you know the reason why +x permission on usb mounted sticks have been removed on precise ? reproducer is here: http://pastebin.ubuntu.com/1430249/ ... It's works on Lucid though
<RoyK> what filesystem?
<berndt> RoyK, can you help me try my ftp?
<berndt> I'll pm
<lborda> RoyK, FAT32 or NTFS
<RoyK> well, find out which
<lborda> RoyK, sorry both have the same result...
<berndt> I am running Ubuntu 12.04 LTS x86 and am trying to set up a sftp. I have run into a bit of an issue where I need to change settings in files that are no longer in the same places..
<berndt> First file I don't have is /etc/libnss_compact.so.2
<berndt> Second file I don't have is /etc/init.d/sysklogd . This file has apparently been replaced by /etc/rsyslog.conf
<sarnold> berndt: you should perhaps take a step back and describe _what_ you're trying to accomplish.
<berndt> "I am running Ubuntu 12.04 LTS x86 and am trying to set up a sftp."
<berndt> I am following the tutorial http://ubuntuforums.org/showthread.php?t=128206
<berndt> but it dates back to 2006 and distributions have changed
<sarnold> berndt: I strongly doubt that any debian-derived distro has ever placed a shared lib (or symlink to a shared lib) in /etc, so I'm already skeptical of whatever guide you're following, and rsyslogd has been the syslog of choice for a long time...
<sarnold> "set up an sftp" is pretty vague. In what way doesn't "sftp localhost" work?
<berndt> sftp localhost does work
<patdk-wk> hmm, sftp is enabled by default :)
<patdk-wk> maybe what you mean is chroot sftp?
<berndt> yes
<berndt> indeed
<berndt> my bad
<patdk-wk> in that case look at the openssh instructions
<berndt> I am trying to chroot sftp
<patdk-wk> it's been builtin for awhile now
<berndt> patdk-wk I have no clue where to look
<patdk-wk> since 2009?
<patdk-wk> I just told you where, but you can ignore me
<berndt> patdk-wk where are the openssh instructions?
<berndt> man openssh?
<patdk-wk> man sshd
<jcastro_> Daviey: do we know who runs ubuntuserverguide.com?
<octeris> Hi all! I currently have a computer running Ubuntu Server 12.04.1 and I was wondering if it was possible to set up networking using a static IP with DHCP as a fallback through the /etc/network/interfaces file? i.e. I'd like the server to use the static ip setup in the interfaces file and then ask DHCP for an IP if the static IP fails for any reason.
<SpamapS> smoser: are you aware of issues booting quantal images on OpenStack?
<SpamapS> http://paste.ubuntu.com/1430358/
<SpamapS> smoser: ^^
<SpamapS> smoser: does not seem to detect the EC2 data source
<SpamapS> smoser: precise works fine
<SpamapS> utlemming: ^^ you have any ideas on that
<SpamapS> ?
<utlemming> SpamapS: up grade your quatnal image. that looks like a mountal bug
<SpamapS> upgrade beyond http://cloud-images.ubuntu.com/quantal/current/ ???
<SpamapS> Cloud-init v. 0.7 finished at Thu, 13 Dec 2012 19:35:50 +0000. Datasource DataSourceNone.  Up 270.37 seconds
<SpamapS> utlemming: note, did not find the data source
<utlemming> SpamapS: let me look
<utlemming> SpamapS: sorry, otp...can you give me a few minutes to look at it?
<SpamapS> utlemming: you can take all day :)
<SpamapS> utlemming: but, the sooner, the better of course :)
<patdk-wk> octeris, hmm, the whole point of static ip is it can't fail :)
<SpamapS> octeris: yeah, define "the static IP fails"
<SpamapS> patdk-wk: I guess your answer was good enough :)
<octeris> Hi all! I currently have a computer running Ubuntu Server 12.04.1 and I was wondering if it was possible to set up networking using a static IP with DHCP as a fallback through the /etc/network/interfaces file? i.e. I'd like the server to use the static IP setup in the interfaces file and then ask DHCP for an IP if the static IP fails for any reason.
<sarnold> octeris: in what possible way could "static ip" fail? The whole point of static ip is that it can't fail.
<sarnold> octeris: are you instead asking how you can use two ISPs to provide some kind of failover between them?
<octeris> sarnold: no
<octeris> sarnold: What if a computer on the network was already assigned the IP via DHCP when the server boots up?
<sarnold> octeris: then you find your DHCP administrator and smack him about the head for putting manually assigned IPs in the same range as DHCP-assigned IPs. :)
<octeris> sarnold: or in the current case I have, I moved the server to a new network here at my parent's house temporarily and the static IP was setup with a network with 192.168.1.1 as the default gateway, and here on this network the default gateway is 192.168.0.1 instead
<octeris> so it's attempting to assign itself to an invalid static IP
<sarnold> _ah_, now the real problem is known. :D
<octeris> was just giving you another example of a possible case where you might want to have this type of 'fallback' set up? :)
<sarnold> octeris: if it were me, I'd probably just route "ip route del .. " and "ip route add" commands until it's all set to work :) hehe
<octeris> in any case it'd simply be nice to have DHCP be the fallback so that even if the static IP fails I can still ssh into the 'marooned' server and modify the network interfaces file without having to reattach a monitor + keyboard/mouse temporarily
<octeris> sarnold: if that's my only option what man pages should I read up on?
<sarnold> octeris: does this machine move between the networks daily? I wonder if swapping between having /etc/network/interfaces and NetworkManager manage the network make some kind of sense... if it's moved daily, it might even make sense tochange the static configuration to dynamic, so you can just rely on dhcp...
<sarnold> octeris: if it only moves once every few months, you can probably delete your old default route, add a new route for the router's network, and then add the router as the new default route
<sarnold> octeris: the new tool for that is 'ip', though the older tools, 'ifconfig' and 'route' still work. all their manpages will be useful but perhaps assume a fair amount of knowledge ...
<octeris> sarnold: it'll move once more within the next couple of weeks and then it won't move for at least a year. only reason I need to get in there and bother with it anyway is because my music is hosted on it over samba shares
<sarnold> octeris: the lartc.org howto may be able to help, but (a) the clear majority of that is _way_ beyond what you're trying to do (b) doesn't have any distro-specific knowledge, so it won't be much help for fiddling with /etc/network/interfaces or networkmangler or whatever...
<octeris> hmmm, okay. thanks for pointing me in a direction! :)
<sarnold> octeris: have fun :) and good luck..
<octeris> and the only reason I don't let it be managed by DHCP is I'd like to avoid restarting the server for certain package upgrades to cause it to possibly switch IPs on me and then have to re-configure my hosts file or port forwarding
<octeris> especially since my network shares target the hostname instead of the
<octeris> IP
<sarnold> funny enough, with my new asus wifi+router deal, all the machines in the house (windows, os x, linux) all correctly dhcp with hostnames and it automatically serves dns; 'ssh dean' gets to my pandaboard and took no effort at all...
<sarnold> my old tomato-based router had a page to assign names to machines, it worked, but required administration effort. you might be able to do one or the other -- automagic dns entries for you or some semi-managed dns..
<octeris> sarnold: yeah I don't have any real control over the router here. once I get back onto my own network in my new apartment in a couple weeks I could probably serve DNS from the router
<octeris> sarnold: I use a WRT54GL so I think Tomato can run on that? but I've never tried
<sarnold> octeris: yeah, it should. (L == "Linux")
<sarnold> octeris: but the default wasn't so bad on that router ...
<octeris> sarnold: yeah it's actually not, but I've not looked into serving DNS from it
<SpamapS> utlemming: just to make things even more fun, I just accepted the quantal SRU for cloud-init :)
<octeris> sarnold: kind of an OT for the channel but relates to our discussion, if I configure Windows to use OpenDNS will it bypass the router DNS when looking up hostnames for local machines? my guess is yes but you might have more first-hand experience
<sarnold> octeris: yeah, if you override the dhcp-supplied dns configuration, then it'll skip it entirely
<octeris> sarnold: makes sense. thanks for all your help!
<sarnold> octeris: have fun :)
<bcessa> hi, I'm trying to get mail-delivery-stack up and running, however after many attempts I can't get SMPT AUTH to work properly
<jtane> hello, does anyone have exp with Upstart's user jobs feature?
<jtane> this is the only thing i seemed to find... http://bradleyayers.blogspot.com/2011/10/upstart-user-jobs-on-ubuntu-1110.html
<jtane> wondering if there is something more official
<jtane> oops just realized there is #upstart, sorry
<SpamapS> utlemming: any ideas on the cloud-init quantal thing I pastebinned earlier?
<utlemming> SpamapS: yup, its https://launchpad.net/bugs/1078926
<uvirtbot> Launchpad bug 1078926 in mountall "raring instance failed to find EC2 datasource" [High,Fix released]
<utlemming> SpamapS: the version in that daily is bad
<SpamapS> utlemming: thats the *current*
<utlemming> SpamapS: right, but it has a serial of yesterday
<utlemming> SpamapS: look http://cloud-images.ubuntu.com/quantal/current/quantal-server-cloudimg-amd64.manifest
<SpamapS> oh hah
<SpamapS> and I see, Fix Released 12/11
<utlemming> SpamapS: new image being spun
<SpamapS> utlemming: so like, you just published the fixed ones?
<SpamapS> But, I want to run 20121212's darn it ;)
<utlemming> SpamapS: I believe you'll have about a 50% success with that
<utlemming> but if you want...
<utlemming> in all seriousness I want to kick a new Quantal and Precise out the door shortly anyway
<SpamapS> mountall 2.42ubuntu0.1
<utlemming> I was waiting on this fix to land
<SpamapS> utlemming: I've booted 5 times, and had 0% success.
<SpamapS> utlemming: probably owing to my dedicated system which always does the race this one way ;)
<utlemming> potentially...it was tricky bug to troubleshoot
<SpamapS> Yeah races are the bain of all debuggers' existence :)
<SpamapS> utlemming: ok, anything I can do to help? I'll of course test as soon as they drop.
<utlemming> SpamapS: wait about 30 minutes :)
<SpamapS> I can do that. :)
#ubuntu-server 2012-12-14
<anepanal1ptos> http://ubuntuforums.org/showthread.php?t=1026747
<anepanal1ptos> bump?
<Patrickdk> dhcp doesn't support that
<Patrickdk> maybe check your dhcp client config?
<anepanal1ptos> well, in debian, the metric is 0
<anepanal1ptos> in ubuntu, the metric is 100
<anepanal1ptos> it has to be something in the init.d or somewhere, the script that actually calls "dhclient ethX"
<Patrickdk> heh? why does it have to be
<Patrickdk> I'm pretty sure it's not
<anepanal1ptos> well, my dhclient.config is the same as on debian and ubuntu
<sarnold> does the kernel even care about the metric?
<Patrickdk> oh, the answer is irght there even
<Patrickdk> in the documentation
<Patrickdk> anepanal1ptos, man interfaces
<Patrickdk> sarnold, it sure as hell better
<Patrickdk> if the kernel ignored metrics, so many networks would completely break
<anepanal1ptos> huh? sorry can you help me a little more or re-word it?
<Patrickdk> anepanal1ptos, type "man interfaces"
<Patrickdk> the answer lies within
<anepanal1ptos> dude, i'v read the rtfm. that's how i came across that point, by google-ing.
<anepanal1ptos> this is a dhcp problem. not related to the interface specifically.
<Patrickdk> heh?
<anepanal1ptos> the 'answer that lies within' as you claim, is for static ip.
<anepanal1ptos> this is a dhcp-obtained ip.
<Patrickdk> odd, mine is different
<anepanal1ptos> are you running ubuntu?
<anepanal1ptos> if your ip is dhcp obtained, hit route -n and look at your default gw metric, is it 100?
<Patrickdk> this is in debian
<Patrickdk> just not a *stable* version of debian
<Patrickdk> but it's in sid
<anepanal1ptos> debian has metric 0
<anepanal1ptos> which is what i want.
<Patrickdk> dunno why
<Patrickdk> I thought you wanted dhcp to be less perferred
<anepanal1ptos> oooh no my friend. sorry for mis understanding
<Patrickdk> either would actually be easy
<anepanal1ptos> when debian pulls an ip from dhcp, and it has a default route, it puts it in the routeing table with metric 0
<anepanal1ptos> when ubuntu does it, it gives it metric 100. i want it to pull the ip and give it metric 0, just like debian
<Patrickdk> yes, but to what end?
<Patrickdk> the metric itself has no bearing on what happens
<Patrickdk> there has to be another duplicate rule first
<anepanal1ptos> i have other routes in there. incl another default route from another host
<Patrickdk> how did they get in there?
<anepanal1ptos> i have quagga
<Patrickdk> sounds like ubuntu would work better than the debian metric 0 then
<anepanal1ptos> actually olsr. but i have another router broadcasting a 0.0.0.0 route
<Patrickdk> just have quagga push the route with a metric <100
<anepanal1ptos> see, that's one solution
<anepanal1ptos> but that's not quite what i want. there a few routers on this network..
<Patrickdk> you don't do it on the router
<Patrickdk> you do it in the zebra config on the client
<Patrickdk> most routing protocols don't do metrics
<anepanal1ptos> ooohkay.
<anepanal1ptos> i now understand
<anepanal1ptos> gotta read up a little on olsr and figure that out.
<Patrickdk> generally zebra daemon converts it to a metric
<Patrickdk> or the routing protocol does before it hands it to zebra
<anepanal1ptos> yeah
<anepanal1ptos> see, everything that gets added dynamicaly has metric 2
<anepanal1ptos> which is ok, cos on the debian box, the 'local' internet has metric 0, so cool.
<anepanal1ptos> but on ubuntu, everything dynamic has metric 2 again, but this time the 'local' default gw gets metric 100, so the box still prefers the gateway on the routed network.
<anepanal1ptos> but yeah i understand
<anepanal1ptos> i just wished this was a simple change in dhcp somewhere.
<Patrickdk> ya, I see how to change dhcp
<Patrickdk> but I can't locate where to make the change
<Patrickdk> probably cause I don't use dhcp
<anepanal1ptos> lol
<anepanal1ptos> my isp makes me :p
<txomon> hi, just wanted to announce I have installed bugzilla in ubuntu 12.04, and I have documented all the process in txomon.com
<txomon> hope anyone can see that link if he needs
<sarnold> txomon: nice enough :) but the formatting is really .. funny? :) .. how the little grey boxes have no relationship to the lengths of the line (which are sometimes quite long..) and the copy-paste isn't monospaced, which I found a touch odd.
<sarnold> txomon: but it does look like installing bugzilla without a guide would be a bit of a pain :) thanks
<scott__> top
<slide> Does anyone know what the default admin account is for slapd on 12.04? All the guides are saying its cn=admin,dc=example,dc=com and the password i entered, however it does not work
<aarcane> Can anyone provide an ISO of the netinst release that's preconfigured to start an SSH server on boot?
<uvirtbot> New bug: #1090255 in php5 (main) "Missing mysqlnd_ms package" [Undecided,New] https://launchpad.net/bugs/1090255
<Daviey> yolanda: hey.. So.. this isn't well documented.. but MIR (Main Inclusion Request) the status follows a different process.
<yolanda> hi, can you explain me about it?
<Daviey> yolanda: Yeah, so.. basically... ~ubuntu-mir does a review, often seeking input from ~ubuntu-security
<Daviey> yolanda: So, an Incomplete one still needs work from the reporter.
<Daviey> But a confirmed one means the MIR is approved
<Daviey> Mind you, Fix Committed is also often used to mean that
<Daviey> it's all a but messy
<yolanda> mm, so i should leave the status like incomplete, although it's assigned already to a person?
<yolanda> it's like this person is working on it?
<Daviey> yolanda: i bounced it back to NEW
<yolanda> ok
<Daviey> yolanda: that one is fine just to leave :)
<uvirtbot> New bug: #1089791 in nova (main) "route_info failed" [Undecided,New] https://launchpad.net/bugs/1089791
<txomon> sarnold, those lines (the one in my blog) that don't fit into space are due to preformatted text. I should change a pair of things on the them for that :D
<Daviey> jamespage: morning.  You don't hapen to know why adam_g reverted the SRU/bzr debian/changelog do you?
<jamespage> Daviey, sorry - no idea
<jamespage> Daviey, which branch?
<Daviey> yolanda: which branch ^ ?
<yolanda> daviey, let me check
<yolanda> all of that: lp:~openstack-ubuntu-testing/nova/precise-essex-proposed		lp:~openstack-ubuntu-testing/keystone/precise-essex-proposed		lp:~openstack-ubuntu-testing/horizon/precise-essex-proposed		lp:~openstack-ubuntu-testing/glance/precise-essex-proposed
<cmol> Hi guys, do you know what happens if a ubuntu server needs fsck with root a reboot? Will it ask for root or will it just run the fsck anyway?
<jpds> cmol: Should just run fsck.
<ttx> hallyn: I'm a bit confused by bug 1088295, mostly due to my ignorance of the lxc/livirt-lxc subtleties. Ping me when you have 5 minutes to explain me stuff.
<uvirtbot> Launchpad bug 1088295 in libvirt "lxc container can control  other container's cpu share,memory limit,or access of  block and character devices" [Medium,Triaged] https://launchpad.net/bugs/1088295
<RoyK> cmol: it'll run fsck
<cmol> jpds: do you know what they have done to make it run without root? I'm trying to get debians to do the same.
<uvirtbot> New bug: #1090297 in maas (main) "MAAS "View Documentation" link points to unrelated version of docs" [Undecided,New] https://launchpad.net/bugs/1090297
<henkjan> is it possible in apache to create dynamic logfiles, based on the fqdn from the server?
<ewook> it's possible per virtualhost to define the logfiles.
<henkjan> but i want generate the filename dynamic
<henkjan> so i can use the same vhost configs
<henkjan> and let a few servers write the logfiles to the same dir on nfs
<henkjan> but with filenames, based on the hostnames off the webservers
<ewook> you just said that you wanted it in the same file from different hosts.
<ewook> if you just want different filenames, simply specify it in each vhost config.
<henkjan> in that case i need to maintain to much vhost configs :)
<ewook> henkjan: if you wish to alter the layout of the content of the logs, look at LogFormat in the apache2.conf.
<ewook> henkjan: well..
<ewook> it's an optional extra to set specific logs per vhost.
<ewook> it's not mandatory.
<henkjan> no, i just want 3 servers using the same vhost config to log to /mnt/www/logs/`hostname`-access.log
<RoyK> henkjan: oh, you want to use a variable in the apache config_
<RoyK> ?
<henkjan> RoyK: yep
<RoyK> mod_macro, perhaps
<RoyK> but then, if it's three servers, it shouldn't be much problem just configure each of them
<henkjan> maintaining 3 different vhosts files per vhost is errorprone
<RoyK> well, it's 3, not 30
<RoyK> but I get your point - still - dunno how to do that if mod_macro won't fix it
<RoyK> do you use proxies in front of these?
<henkjan> no, just a loadbalancer
<henkjan> nodes are being configured with cfengine
<henkjan> i can do some editing with cfengine
<henkjan> but apache native would be nice :)
<CoderInTank> problem: server is gateway. It share Inet to other machines. But It can't ping other machines on his network. why?
<RoyK> henkjan: I'd use cfengine
<RoyK> henkjan: also, I'd look into varnish or even squid if I were you, to do some caching - it handles static load far better than apache
<uvirtbot> New bug: #1087451 in activemq (universe) "ActiveMQ does not successfully bind ports." [Undecided,Invalid] https://launchpad.net/bugs/1087451
<uvirtbot> New bug: #1090334 in maas (main) "MAAS (in precise) requires django >= 1.3.1-4ubuntu1.5" [Undecided,New] https://launchpad.net/bugs/1090334
<uvirtbot> New bug: #1090341 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-4ubuntu0.5 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/1090341
<henkjan> RoyK: just deployed the varnish config with cfengine on those hosts :)
<RoyK> henkjan: :)
<RoyK> henkjan: the usual "enterprise" setup is internet-balancer(s)-varnish server(s)-apache host(s)-database server(s)
<uvirtbot> New bug: #1090365 in freeradius (main) "fails to build from source" [Undecided,New] https://launchpad.net/bugs/1090365
<jamespage> jdstrand, would you be comfortable with me re-enabling the ceph-fuse packages and making sure they remain in universe?
<jamespage> they where dropped during the original MIR
<jdstrand> jamespage: my original comment was "demote ceph-fuse to universe or preferably build using --without-fuse"
<jamespage> jdstrand, ack - that sounds like an OK then :-)
<jamespage> thanks
<jdstrand> jamespage: so, I think it is 'ok' to have it in universe. that said, I also noticed in the MIR review "fuse module doesn't work on 32 bit"
<jdstrand> I don't know if that is still the case
<jamespage> jdstrand, OK _ I'll take a look at that again
<jdstrand> jamespage: is there a demonstrable need? I do prefer it be disabled cause fuse is notoriously hard to get right and we don't want to expose users to risk, even if it is in universe
<jdstrand> jamespage: really, I don't need that answer. I'll just pose the question and let you decide :)
<jamespage> jdstrand, just trying to minimise the delta between Ubuntu -> Debian and Ubuntu -> Upstream
<jamespage> makes my life a little easier....
<jdstrand> I don't have an objection so long as it isn't in main
<jamespage> jdstrand, ack
<uvirtbot> New bug: #1090377 in amavisd-new (main) "invoke-rc.d: initscript amavis, action "restart" failed.  dpkg: error al procesar amavisd-new-postfix (--configure):   el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1  " [Undecided,New] https://launchpad.net/bugs/1090377
<survietamine> hello
<survietamine> i've installed postfixadmin from packages, and got a /etc/apache2/conf.d/postfixadmin file, now i want to have virtual hosts (postfixadmin and sabredav), do i have to keep files in conf.d or put them in available/enabled directories ?
<uvirtbot> New bug: #1090410 in euca2ools (main) "bundle utilities do not handle '/' in bucket name" [Low,Confirmed] https://launchpad.net/bugs/1090410
<hallyn> ttx: I'll only be in next tuesday and wednesday.  we can chat then, or else stgraber and zul can probably help.
<stgraber> hallyn: context?
<popey> what's the recommended way of putting a server iso on a usb stick?
<popey> dd / unetbootin / usb startup disk creator / something else?
<SinZ> I use multiboot
<stgraber> (sorry, slow internet, at the moment, can't easily go through scrollback)
<justanomad> hey guys, I need to install an old version of python-ipaddr .. needs to be 1.1.1 how can I install older versions of a package?
<k1ng> justanomad, find the package on repo and install it using dpkg -i blah.deb
<justanomad> k1ng: I tried searching for it here: http://packages.ubuntu.com/ but only comes up with newer versions.. am I looking in the right place?
<k1ng> justanomad,  http://old-releases.ubuntu.com/
<k1ng> or just find the source and compile it
<justanomad> k1ng: k, thanks
<ttx> hallyn: ack
<ttx> stgraber: <ttx> hallyn: I'm a bit confused by bug 1088295, mostly due to my ignorance of the lxc/livirt-lxc subtleties. Ping me when you have 5 minutes to explain me stuff.
<uvirtbot> Launchpad bug 1088295 in libvirt "lxc container can control  other container's cpu share,memory limit,or access of  block and character devices" [Medium,Triaged] https://launchpad.net/bugs/1088295
<stgraber> ttx: well, in short, libvirt-lxc and lxc are two completely different implementation of containers, using the same kernel bits
<stgraber> ttx: lxc has apparmor support to prevent the container user to mess with the host and other containers
<stgraber> ttx: libvirt-lxc doesn't
<stgraber> we have a pretty vague plan to write a new libvirt driver that'll be based on our liblxc library (from the lxc project), that'd be a replacement for libvirt-lxc
<stgraber> and that way everything would be sharing the same code and the same features
<ttx> stgraber: any clue which one the openstack-lxc stuff is using ?
<stgraber> but so far, it's really just a vague longterm plan. Until then, you basically need to implement everything twice, once in lxc and once in libvirt-lxc
<stgraber> ttx: my (limited) understanding of openstack is that it's based on libvirt, so uses libvirt-lxc
<ttx> stgraber: so it's blatantly insecure ?
<ttx> zul: ^
<stgraber> ttx: in short, yes
<ttx> stgraber: cool :)
<stgraber> ttx: I believe we have a bug somewhere on Launchpad asking for apparmor support in libvirt-lxc where hallyn commented that it may be easier to just implement our own libvirt driver and fix that mess for good
<gondoi> this may be the wrong place to ask, but in /proc/fs/nfsd/versions there is "-4.1" does that mean that 4.1 is explicitly disabled?
<uvirtbot> New bug: #1090462 in lxc (universe) "lxc-info, lxc-stop and lxc-list doesn't work for non-root users" [Undecided,New] https://launchpad.net/bugs/1090462
<tgm4883> When apt-check returns the regular and security updates numbers, are the security updates a subset of the regular updates or are the two numbers completely separate?
<uvirtbot> New bug: #1090482 in cloud-init "over-ridding distro config still broken" [High,Confirmed] https://launchpad.net/bugs/1090482
<adam_g> zul: http://people.canonical.com/~agandelman/nova_2012.2-0ubuntu5.2~cloud0/
<Shakes> :)
<adam_g> jamespage: Daviey ^ look good for upload to precise-folsom-staging?
<root________> Can anyone provide a ubuntu netinst iso that launches an openssh server after network config and then waits, by default?  Preferably from a corporate site, someone trustworthy?    there's a howto at https://help.ubuntu.com/community/Installation/NetworkConsole but I'm not comfortable preparing that ISO or USB drive.
<ikonia> root________: please don't cross post
<ikonia> you're already asking in #ubuntu
<root________> ikonia: there are different users in each channel, adn the subject is relevant in both channels.
<ikonia> no
<ikonia> this is nothing to do with ubuntu-server
<root________> ikonia: the fact that I intend to select the server options and install as a server makes it applicable here.
<ikonia> no it doesn't
<ikonia> it's nothing to do with "server"
<adam_g> root________: just put the preseed data in a file on a webserver accessible to the node. then pass the 'url=' kernel parameter to the installer.
<ikonia> !crosspost | root________
<ubottu> root________: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<adam_g> root________: you may need to add some more to the preseed or kernel parameters to have it automatically step thru the installer to the point where the ssh server is up
<root________> adam_g: won't work.  I can't see any output at all on the terminal, I need the system to advance to the point that SSH is available and only then can I interact with it in any meaningful way
<adam_g> root________: you might want to look into netbooting the mini.iso and provisioning with something like MAAS or cobbler
<root________> adam_g: that's an option I didn't think of, but it sounds like a lot of setup for a one-time thing.  I'll keep that as plan B
<chromster> is there a terminal tool for managin upstart services (something similar to sys-rc-conf)?
<root________> chromster: you can't "manage" upstart services.  you can only start and stop them, you can't set them enabled or disabled.
<root________> chromster: that said, you can edit the /etc/init/servicename.conf files to alter the chriterion for a service' startup, which will net you the result I believe you expect.
<sarnold> you can put them into "manual mode", which is nearly the same as "disabled"
<chromster> root________: I was mainly interested in being able to quicjly see all services and which ones are enable and which ones are disabled.
<root________> chromster: man service
<root________> the application "service" is used behind the scenes to start and stop upstart AND init.d jobs.
<chromster> root________: ahh yes. service --status-all seem to show what I want...
<root________> chromster: some services don't support accurate reporting with status or --status-all, so beware.
<chromster> just curious - does Ubuntu have any plans in switching to systemd or is it set on upstart for the future?
 * root________ shrugs
<SpamapS> chromster: Its been discussed ad nauseum, it will likely be upstart for a long time
<SpamapS> chromster: https://lists.ubuntu.com/archives/ubuntu-devel/2012-April/035129.html
<SpamapS> !systemd
<SpamapS> ^systemd
<uvirtbot> SpamapS: Error: "systemd" is not a valid command.
<SpamapS> uvirtbot: somebody should team you about systemd
<uvirtbot> SpamapS: Error: "somebody" is not a valid command.
<SpamapS> teach even
<SpamapS> root________: also, thats not true what you said earlier. You can very easily disable upstart services.
<root________> SpamapS: I've been searching for a way to disable an upstart service for a long time.  Please tell me how to do so
<SpamapS> http://upstart.ubuntu.com/cookbook/#determine-if-a-job-is-disabled
<SpamapS> root________: echo manual | sudo tee -a /etc/init/jobname.override
<SpamapS> root________: that will disable automatic start of it
<root________> what version of ubuntu introduced override files?
<SpamapS> 11.04
<root________> nice
<root________> thanks, SpamapS!
<SpamapS> Even in 10.04
<SpamapS> just use the .conf for the same thing
<SpamapS> (its just a PITA because then you have a conffile difference which makes upgrades a pain)
<root________> I remember looking at upstart documentation and seeing .override files as a proposed solution later than 11.04 was released.
<SpamapS> root________: oddly enough, it never got mentioned in the NEWS file
<root________> SpamapS: Hmm, well, this interesting new feature is a blessing to us all then :)
<SpamapS> root________: indeed. Now we just need a chkconfig work-alike :)
<sarnold> now that we have a way to disable jobs, some clever utility to make it easy to see would be nice. :)
<urthmover> where is the equivalent to /var/log/messages in 12.04 server?
<urthmover> I don't have rsyslog on....so I'm wondering if there is anything installed and enabled by default
<root________> SpamapS: I can hardly wait for an ubuntu release that ships without an init.d directory, and warns on building packages with init.d scripts :)
<uvirtbot> New bug: #1088058 in mysql-5.1 (main) "Stack-based buffer overflow in MySQL" [Undecided,Fix released] https://launchpad.net/bugs/1088058
<mdeslaur> root________: your nick hurts my eyes...my ocd wants to fill in the blank line with magic marker
<sarnold> urthmover: so, uh, you uninstalled your syslog daemon and then wonder where the logs are stored? :)
<root________> mdeslaur: My other main nick is online on my PC at home, so I'm using one of my alts :)
<TheLordOfTime> root________, your nick with the billion _ is evil and should burn
<TheLordOfTime> personal opinion, one i think mdeslaur shares right now
<TheLordOfTime> (basically means "Choose a different alt!")
<root________> TheLordOfTime: I got it as a joke ages ago, and seldom use it :)
 * TheLordOfTime notices mysql crashed on his server.
<TheLordOfTime> oh great... not again.
<mdeslaur> hehe, well, I just thought it was funny :P
<TheLordOfTime> mdeslaur, the extra __________- ends up with the IRC client shifting text over very far :P  (low-res screen)
<root________> TheLordOfTime: I don't have any others right now.  I'll pcik a enw one when I'm at home, and register/link it later.
<TheLordOfTime> ends up one line being displayed on 3 or 4 lines
 * TheLordOfTime goes off to fix MySQL on his server
<mdeslaur> TheLordOfTime: but...yours is longer :P
<urthmover> sarnold: no I didn't uninstall syslog daemon.  Basically I have a user complaining that something happened .... and I'm looking at /var/log/syslog and it is virtually blank...only some cron messages
<TheLordOfTime> mdeslaur, mine shows up as "<me>" on my irc client ;P
 * TheLordOfTime modified the code for XChat and runs his own code changes.
<mdeslaur> *lol*
<urthmover> specifically this user said he started a shell script within a screen session, and he said that screen broke.
<sarnold> then replace root________ with <root_> in your patch and rebuild! :D
 * root________ is using Hexchat at home, but the webchat functionality here.
<root________> sarnold: but that defeats the point.  The point of the 8 underscores is to imply that 8 people before me, root_^0 ... root_^7 have all logged in prior to me...
<TheLordOfTime> whether that's the case or not, is irrelevant
<sarnold> root________: oh, you're right. It _should_ be <him>, then.
<TheLordOfTime> sarnold, or <evilthing>
<TheLordOfTime> :P
<uvirtbot> New bug: #1088747 in postfix (main) "package postfix 2.7.0-1ubuntu0.2 failed to install/upgrade: subproses installed post-installation script menghasilkan kesalahan status 'exit': 75" [Undecided,New] https://launchpad.net/bugs/1088747
<TheLordOfTime> ..... whaaaaa..?  that's... interesting, anyone know what would cause the kernel to kill MySQL (no segfaults or anything, just a record that a kill signal was sent to MySQL)
<mdeslaur> TheLordOfTime: anything in dmesg? an OOM perhaps?
<TheLordOfTime> if it OOM'd, i'd have expected Python, not MySQL, to OOm
<TheLordOfTime> since the Bugtracker plugin for supybot is a memory whore
<root________> TheLordOfTime: there's a procedure, not sure what it is, to immunize important services against OOM kills.
<root________> TheLordOfTime: alternatively, your system might be compromised and some user figured out how to kill it :)
<SpamapS> TheLordOfTime: OOM killer is a mysterious and dangerous beast ;)
<TheLordOfTime> SpamapS, true statement.
<mdeslaur> SpamapS: sssh! one must not speak of OOM!
<TheLordOfTime> root________, unlikely to be compromized, i've not yet seen someone spoof SSH key auth only.
<TheLordOfTime> and there's only one user: me/
<TheLordOfTime> :P
 * TheLordOfTime routinely purges the accepted SSH keys on that server, too.
<uvirtbot> New bug: #1088060 in mysql-5.5 (main) "Stack-based buffer overflow in MySQL" [Undecided,Fix released] https://launchpad.net/bugs/1088060
<root________> TheLordOfTime: maybe it was some sort of stack-based buffer overflow?
 * TheLordOfTime shrugs
<TheLordOfTime> whatever it was, the system's behaving now
 * TheLordOfTime bumps up RAM allocation to the VM running his site/related-services
<TheLordOfTime> the VM is on my server... and isolated from the other VM which handles my other site...
<TheLordOfTime> :P
<guntbert> TheLordOfTime: stop bragging :-))
<TheLordOfTime> guntbert, hehe
<root________> guntbert: I've got more VMs than you, I'm sure.
<root________> s/ guntbert / TheLordOfTime /
<TheLordOfTime> root________, i don't doubt it, i don't actually like VMs.  setting up IP routing is a PAIN
 * TheLordOfTime despises VMs.
<root________> TheLordOfTime: very few of mine are actually externally accessible.
<TheLordOfTime> whoops, apparently they all died xD
 * root________ is easily frustrated with VMs
<root________> o,.,0
<root________> careful, TheLordOfTime.
<guntbert> back to topic please
 * TheLordOfTime points at the timeouts :P
<TheLordOfTime> anyways...
<root________> so, does anyone have that modified iso I requested earlier?  :P
<TheLordOfTime> ... hmm, perhaps it was an OOM, mdeslaur what would an OOM return as in dmesg
<root________> TheLordOfTime: a bunch of OOM killer messages.  check syslog, too.
<mdeslaur> TheLordOfTime: dmesg | grep oom
<TheLordOfTime> yep, there's the OOM messages.
 * TheLordOfTime shurgs
<TheLordOfTime> where can i configure oomkiller to ignore certain processes and not ignore others?
<TheLordOfTime> (its ignoring oidentd and there's a known bug in which it spawns billions of itself eating up tons of memory)
<root________> TheLordOfTime: I was just googling that for myself, and came up with this: https://groups.google.com/forum/?fromgroups=#!topic/linux.kernel/57YakeotK90
<root________> TheLordOfTime: http://backdrift.org/how-to-create-oom-killer-exceptions looks more meaningful
<jamespage> adam_g, +1 if you have not already had it
<adam_g> jamespage: ty
<SpamapS> Hrm, I'm guessing smoser is offline
<ikonia> he's in this channel
<ikonia> so a bad guess
<SpamapS> Trying to figure out why cloud-init would only put the box's configured SSH keys in /root/.ssh and not the user's .ssh
<SpamapS> ikonia: he also hasn't spoken for *days*
<SpamapS> including not responding all day yesterday
<ikonia> he may not be at his desk
<SpamapS> ikonia: lol.. ok.. sure.. you know smoser well.. I'm just some idiot off the internet. :)
<uvirtbot> New bug: #1090554 in libnss-ldap (main) "id segfaults when looking up user information" [Undecided,New] https://launchpad.net/bugs/1090554
<ikonia> SpamapS: don't know him at all
<ikonia> beyond what he says in the channel
<SpamapS> ikonia: awesome. thanks for stopping by. ;)
<zastern> Some pro trolling right here - http://i.imgur.com/ytYAF.jpg
<sarnold> no kidding
<sarnold> get all us neckbeards all upset that there's no /usr/bin/rm
<zastern> sarnold: hah well that depends on your distro :P
<zastern> but yeah
<uvirtbot> New bug: #1090593 in bind9 (main) "D.ROOT-SERVERS.NET changing January 3rd 2013" [Undecided,New] https://launchpad.net/bugs/1090593
#ubuntu-server 2012-12-15
 * Bloodylizard[A] is now away - Reason : food time
<TuxLof> when I hold C it just goes straight to my bootloader
<recon_lap> hi, stuck trying to get static dns working on a ubuntu-server KVM. bit clueless. anyone able to help?
<Syria> Hello there ,, Please tell me how can I make this command run automatically on server start .. /usr/bin/VBoxManage startvm "Docs" --type headless
<brianw> anyone here mind helping me a bit w/ ldap (using starttls) and samba?
<SpamapS> Syria: the simplest way is to add that command to /etc/rc.local
<Syria> SpamapS:  This is the content of the file, http://paste.kde.org/625688,, please tell me how should I add the command please?
<SpamapS> Syria: it would need to be before the 'exit 0'
<SpamapS> Syria: also if that particular command does not return, you'll need to use something to make it return... an upstart job would do that.
<Syria> SpamapS: Thank you.
<voxadam> What container system is officially supported by Ubuntu?
<mauritslamers_> hey all, I have a problem installing gitlabâ¦ I have two users, git (grp git) and gitlab (grp gitlab git). I have a directory with perms 770 git:git and my gitlab user is not allowed to enter
<mauritslamers_> it works when I make git the primary group of the gitlab user, but that is not what I need
<mauritslamers_> id gives: uid=1002(gitlab) gid=1002(gitlab) groups=1002(gitlab),116(git)
<Linux101148> Does anyone know if the /dev/ directory deletes or overwrites folders or files on reboot?
<mauritslamers_> Linux101148: not necessarily overwrite, but things may be mounted on top of it
<Linux101148> mauritslamers: Okay so this is what happen I had created a directory inside the /dev/ directory and on reboot it no longer exist
<RoyK> Linux101148: /dev entries are handled by udev
<Linux101148> Is is possible to get that directory I created back through udev?
<RoyK> did you create a directory under /dev?
<Linux101148> RoyK: Yeah I did unfortuately
<RoyK> well, /dev is normally devtmpfs
<RoyK> meaning it won't survive a reboot
<Linux101148> RoyK: Yeah that seems to be the case...Is it all possible to get it back?
<RoyK> nope
<RoyK> it was in RAM
<RoyK> why did you put anything there? or what did you put there?
<Linux101148> Thats Great :(
<RoyK> but why did you put data under /dev /
<RoyK> ?
<Linux101148> RoyK: It seem to have the most usable space
<RoyK> well, now you've learned :)
<Linux101148> Yeah exactly right so what really happen to it was it overwritten or removed entirely?
<RoyK> Linux101148: I'd say, use a data partition for your data, and use the root (/) for system things
<RoyK> Linux101148: it's a ram drive - meaning it's held in memory
<RoyK> not on disk
<recon_lap> I got a micro VPS, only 3gb hdd. I just made one partition, starting to think that was a mistake.
<Linux101148> So on reboot the memory is reset?
<RoyK> recon_lap: for such setups, I think it's wise to keep a single partition
<RoyK> Linux101148: yes
<Linux101148>  There isn't a log of this memory?
<RoyK> no
<recon_lap> well, my biggest problem is that it's a static DNS setup and i cant get DNS working :(
<RoyK> well, that's not because it's a single partition ;)
<RoyK> probably something wrong in the dns setup, or in the zone file
<mauritslamers_> hey all, I have a problem installing gitlabâ¦ I have two users, git (grp git) and gitlab (grp gitlab git). I have a directory with perms 770 git:git and my gitlab user is not allowed to enter this directory, anyone an idea?
<mauritslamers_> only when the gitlab users has git as primary group it is allowed access....
<mauritslamers_> directory above is also fine (755)
<RoyK> mauritslamers_: dunno - perhaps try #git
<mauritslamers_> RoyK: it doesn't have to do with git :)
<mauritslamers_> it is a disk permissions issue
<RoyK> mauritslamers_: which ubuntu version?
<mauritslamers_> 12.04
<mauritslamers_> wherever I create a directory with user1:user1 and user2 is member of the user1 group, it is not allowed access when the permissions are 770
<mauritslamers_> s/it/user2
<mauritslamers_> there is no acl, if selinux was on, I turned it off etc etc
<escott> mauritslamers_, verify the output of "groups" and ls -l the folder in question and all folders below it down to root
<mauritslamers_> escott: did so
<RoyK> mauritslamers_: su - gitlab ; groups
<mauritslamers_> uid=1002(gitlab) gid=1002(gitlab) groups=1002(gitlab),116(git)
<mauritslamers_> (output of id)
<mauritslamers_> gitlab@DevMT2:/home$ groups
<mauritslamers_> gitlab git
<RoyK> mauritslamers_: are you sure the user has access to the parent directory?
<mauritslamers_> yes
<mauritslamers_> and it is granted access when the world executable bit is set, or the git group is being set to be the primary group of the gitlab user
<RoyK> well, I just did a quick test - useradd -m gittest ; groupadd git ; added gittest to group git, created a dir with ownership root:git and mode 770 - works for me...
<mauritslamers_> RoyK: that is not the situation
<mauritslamers_> when a user is created, you also get the personal group
<RoyK> mauritslamers_: oh - what did I misunderstand?
<RoyK> well, of course
<mauritslamers_> created two users: git  (having personal group git) and gitlab (having personal group gitlab)
<mauritslamers_> I added the git group to the gitlab groups
<mauritslamers_> and don't get access
<mauritslamers_> if it helps: this is how the users are created: https://github.com/gitlabhq/gitlabhq/blob/stable/doc/install/installation.md
<mauritslamers_> https://github.com/gitlabhq/gitlabhq/blob/stable/doc/install/installation.md#3-users
<RoyK> just tried to create git1 and git2, put git1 into git2's group, su - git1, cd ~git2, touch asdf
<RoyK> works for me - with 770 mode
<patdk-lap> you can't add a group to a group
 * RoyK didn't
<patdk-lap> now the issue you might have is, group permissions aren't updated unless you logout and back in
<mauritslamers_> patdk-lap: I know
<mauritslamers_> killed all the processes of the user, then su - user
<mauritslamers_> still not getting in
<mauritslamers_> RoyK: how is the perm settings groupwise? git1:git1?
<RoyK> in the last test, yes, that was it
<mauritslamers_> weirdâ¦ it just doesn't work here
<escott> mauritslamers_, please just paste the output of ls -l
<mauritslamers_> escott: drwxrwx--- 28 git  git  4096 Dec 15 14:25 repositories
<mauritslamers_> drwxrwxr-x 15 git  git  4096 Dec 15 11:39 .
<mauritslamers_> drwxr-xr-x  7 root root 4096 Dec 13 18:53 ..
<mauritslamers_> . => /home/git
<mauritslamers_> .. => /home
<escott> mauritslamers_, and "touch test" outputs what
<mauritslamers_> touch test in where exactly?
<mauritslamers_> in /home/git?
<escott> mauritslamers_, sure
<mauritslamers_> permission denied
<mauritslamers_> could it have to do with git having an id of 116 and gitlab of > 1000?
<mauritslamers_> *uid
<RoyK> no
<recon_lap> mauritslamers_: what are the permissions on the directory /home/git  instead of the files
<mauritslamers_> recon_lap: drwxrwxr-x 15 git     git     4096 Dec 15 11:39 git
<recon_lap> the member of the group git? and the output of whoami
<recon_lap> members*
<escott> mauritslamers_, did you logout after running the usermod?
<mauritslamers_> escott: as user gitlab yes
<mauritslamers_> not as user root
<escott> mauritslamers_, you shouldnt be logging in as root. but thats another issue.
<mauritslamers_> escott: I know :)
<mauritslamers_> gitlab@DevMT2:~$ groups
<mauritslamers_> gitlab git
<escott> mauritslamers_, "id" shows "git (116)
<mauritslamers_> gitlab@DevMT2:~$ whoami
<mauritslamers_> gitlab
<mauritslamers_> escott: indeed: uid=1002(gitlab) gid=1002(gitlab) groups=1002(gitlab),116(git)
<mauritslamers_> root@DevMT2:/home# grep ^git /etc/group
<mauritslamers_> git:x:116:git,gitlab
<mauritslamers_> gitlab:x:1002:
<escott> mauritslamers_, the only things i can think to check are things like "lsattr" or verifying that the mountpoint is not read-only or some such
<u01010> how can I write persian in consoe mode
<mauritslamers_> escott: root@DevMT2:/home# lsattr
<mauritslamers_> lsattr: Inappropriate ioctl for device While reading flags on ./gitlab
<mauritslamers_> lsattr: Inappropriate ioctl for device While reading flags on ./maurits
<mauritslamers_> lsattr: Inappropriate ioctl for device While reading flags on ./openqrm
<mauritslamers_> lsattr: Inappropriate ioctl for device While reading flags on ./bomt
<mauritslamers_> lsattr: Inappropriate ioctl for device While reading flags on ./git
<mauritslamers_> (sorry for the list)
<escott> mauritslamers_, what filesystem is this?
<mauritslamers_> escott: afaik ext4, but done by someone else as part of an Ubuntu Cloudcontroller
<mauritslamers_> so it is the main disk of a virtual host, but without physical devices
<mauritslamers_> had a lot of issues getting around kernel installations
<mauritslamers_> so I am actually guessing this is a NFS mount
<escott> mauritslamers_, could be something with that
<mauritslamers_> escott: true indeed
<akerok_> Does anyone have experience running ubuntu server using virtualbox?
<jesusemelendezm> I do
<jesusemelendezm> Akerok
<jesusemelendezm> I do run ubuntu server... why?
<akerok_> I need some help.  I want to run an IRC server off of it.  I'm not sure how to set that up.
<k1ng> akerok_, www.inspircd.org
<k1ng> you asking in wrong place
<akerok_> I do apologize.  I was sent here form another channel.
<recon_lap> akerok_: have you even look for an tutorials ? like http://www.the-tech-tutorial.com/?p=709
<akerok_> No.  I was hoping the community would be willing to help.  It's faster that way.
<recon_lap> akerok_: great attitude dude
<akerok_> What do you mean?
<recon_lap> akerok_: sure it's quicker to get someone else to do it for you, easier too. good luck with that.
<akerok_> I asked because I want to learn, not have someone do it for me.  I'm surprised that I'm being put down when I ask to be trained in somehting.
<recon_lap> akerok_: you seem like a nice person, why not have a go at one of those links and if you get stuck then come back and ask about what you don't understand.
<akerok_> I thank you.  I will.  I do apologize for the way I seem right now.  I'm really frustrated right now about some other things.
<trapni> hey. I'd like to upgrade my OpenStack cloud from Essex to Folsom on 12.04 LTS, and found http://blog.canonical.com/2012/09/14/now-you-can-have-your-openstack-cake-and-eat-it/ that tells me the repositorie URLs, however, I am missing its public GPG key
<trapni> anyone knows how to find out so I can add it? Because `apt-get update` refuses these repos to look at
<recon_lap> akerok_: did not mean to discourage you. but people are more likely to help those who help themselves first. good luck getting the irc server installed.
<trapni> recon_lap ?
<trapni> ah, sorry ;)
<akerok_> I understand.  I had an IRC server running on a Windows computer a few weeks ago, but I really wanted to run it on a server.  I will look at the links, and ask questions if I get stuck.
<julian_c> akerok_: The Ubuntu Server Guide has a section about installing an IRC server. It is basic, but it a good place to start.
<akerok_> Thank you.
<julian_c> However... there are multiple IRC daemons out there in wide use.
<nibbler> any clue why i cant install the package - the dependency is met.... http://nopaste.info/bf9c13f3ce.html
<ikonia> nibbler: they are not met
<ikonia> that's why it's saying "dependency not met"
<nibbler> ikonia: i might be blind, but i says ": Depends: roundcube-core (>= 0.5.1)"  and also "0.7.1-2" is in State: installed (roundcube-core)
<ikonia> yes, look at the version difference
<ikonia> nibbler: it looks like you are installing a package from an older release.
<nibbler> last time i checked 0.7.1- was >= 0.5.1
<ikonia> or you've pulled in roundcube-core from a much later release.
<nibbler> well, i'm using my hosters ubuntu 12.4 repository. but the numbers look fine to me anyway :/
<ikonia> nibbler: what version of ubuntu are you currently running
<nibbler> ikonia: server 12.4 lts
<ikonia> !info roundcube-core precise
<ubottu> roundcube-core (source: roundcube): skinnable AJAX based webmail solution for IMAP servers. In component universe, is extra. Version 0.7.1-2 (precise), package size 960 kB, installed size 4229 kB
<ikonia> !info oundcube-plugins-extra precise
<ubottu> Package oundcube-plugins-extra does not exist in precise
<ikonia> ops
<ikonia> !info roundcube-plugins-extra precise
<ubottu> roundcube-plugins-extra (source: roundcube-plugins-extra): skinnable AJAX based webmail solution - extra plugins. In component universe, is extra. Version 0.6-20111030 (precise), package size 283 kB, installed size 1325 kB
<nibbler> State: not installed
<nibbler> Version: 0.6-20111030
<nibbler> ...thats the one i have
<ikonia> so the versions match up spot on
<ikonia> why is the depend so low ? 0.5.1 is a mile away from 0.7
<ikonia> nibbler: looks like it's roundcube that's the issue here
<nibbler> don't knew the roundcube-plugin-extras progress etc, but somehow it does not add up here. apt is telling me it cant do it, but also tells me the deps are satisfied...
<ikonia> you've got roundcube 0.1~rc2-2 installed
<nibbler> E: Unable to correct problems, you have held broken packages.  <-- that does not point anywhere?
<ikonia> Breaks: roundcube (< 0.1~rc2-2), roundcube (< 0.1~rc2-2)
<nibbler> ikonia: roundcube and roundcube-core report 0.7.1-2
<ikonia> that output doesn't think so
<ikonia> I'd guess that is the real question
<nibbler> !info roundcube-plugins
<ubottu> roundcube-plugins (source: roundcube): skinnable AJAX based webmail solution for IMAP servers - plugins. In component universe, is extra. Version 0.7.2-4 (quantal), package size 292 kB, installed size 1517 kB
<nibbler> this one was installed without probelm
<ikonia> that's 12.10
<ikonia> not 12.04
<ikonia> I hope you've not got that on your 12.04 box
<nibbler> ah ok, well 12.04 version of this
<nibbler> ;-) hope so too
<ikonia> nibbler: out of interest, can you do a dpkg -l | grep roundcube
<ikonia> anything look odd there
<nibbler> http://nopaste.info/8c9ff1560f.html
<nibbler> would not say so
<SpaceBass> what happened to add-apt-repository ?
<ikonia> nibbler: so why does it think it's breaking something
<patdk-lap> dunno, SpaceBass works good for me
<nibbler> ikonia: even looks like a apt bug to me - but what about the held packages?
<ikonia> nibbler: any PPA's or 3rd party repos enabled ?
<nibbler> it says i'd have two of thos
<nibbler> no ppas
<ikonia> 3rd party ?
<nibbler> nada
<SpaceBass> patdk-lap,  odd, fresh install and I get command not found, even after installing python-software-properties
<nibbler> all fresh installed
<patdk-lap> what version? I stick to lts
<SpaceBass> 12.10
<ikonia> nibbler: most odd
<ikonia> nibbler: I've not got space to do a test VM at the moment
<nibbler> just booting a 12.4 livecd might help, i'll download one...
<nibbler> ill look into this, thanks for your help anyway ikonia
<nibbler> ikonia: i just booted 12.04 desktop live-cd, added the other ubuntu repositorys (deb http://de.archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse) and get same broken behaviour
<nibbler> so i'd say its either apt or some repository broken :/
<ikonia> nibbler: I wonder if it's just that packages meta data is screwed
<nibbler> ikonia: i'd be suprised if the displayed version would differ from the version in the metadata. but i'm already surprised
<ikonia> agreed
#ubuntu-server 2012-12-16
<uvirtbot> New bug: #1067779 in shadow (main) "missing pam_loginuid.so breaks getlogin()" [High,Confirmed] https://launchpad.net/bugs/1067779
<minashokry> hello, does anyone know a way to use ProxyPass to affect only requests coming from a specific subdomain?
<Patrickdk> that is what virtual hosts are for
<minashokry> Patrickdk, I have ProxyPass inside a virtual host, but it affect all requests even those directed to other virtual hosts
<Patrickdk> you did something strange then, it doesn't do that for me at all
<Patrickdk> I have it setup for 20 different subdomains, each proxy to a different server
<Patrickdk> and then one vhost without any proxy
<minashokry> I have it like this http://pastebin.com/6A9iLR2d
<Patrickdk> and you have a default vhost?
<minashokry> yes
<minashokry> but what happens is that when I access any url ending with example.com using https, it get directed to the application running on port 8081
<Patrickdk> well, I'm not going be able to help you I guess
<Patrickdk> really would have to see full configs, and your only pasting partials
<Patrickdk> cause if it matchs more than subdomain.example.com, then something outside the vhost is doing it
<minashokry> ok, what else you'd like to see? the default virtual host?
<minashokry> when I disable this vhost, everything else goes fine
<minashokry> the default vhost I have is the default-ssl file installed with ubuntu, here it how it looks like http://pastebin.com/FS8Pw7QG
<Patrickdk> so in other words, you don't have a default vhost
<Patrickdk> oh wait
<Patrickdk> multible ssl vhosts
<minashokry> let's be sure we are speaking the same language, what do you mean with default ssl vhost?
<Patrickdk> not sure about that, I never run multible ssl websites on the same ip
<Patrickdk> well, you need a default vhost per ip:port combination
<Patrickdk> I didn't realise the first one was ssl
<minashokry> and how to do that?
<Patrickdk> I dunno
<Patrickdk> like I said, I don't run multible websites on a single ssl ip
<minashokry> hmm... ok, thanks for your time :)
<Patrickdk> not sure what all is involved, but the ssl part could be messing it up
<Patrickdk> though, that should be easy to test, if you change it to non-ssl
<minashokry> I have many other vhosts running smoothly without ssl
<minashokry> it looks like an ssl problem
<minashokry> Patrickdk, I figured it out, if you are interested I can tell you how
<linocisco> hi all
<Syria> Hi, I want to execute a command at the startup.... and the command is /usr/bin/VBoxManage startvm "docx" --type headless,, please tell me how to do this.
<RoyK> Syria: add it to /etc/rc.local
<RoyK> or create a proper init script - see /etc/init.d/skeleton
<RoyK> Syria: btw, why do you use virtualbox when kvm probably does that job just as good (or better) and is better supported?
<RoyK> http://karlsbakk.net/fun/weather_forecast_december_2012.jpg
<ikonia> RoyK: ammusing as it is, please keep it out of the ubuntu channels
<RoyK> sorry ;)
<SpamapS> ikonia: oh please.
<SpamapS> "Amusing has no place in Ubuntu" -- One person, ever
<RoyK> SpamapS++
<ikonia> SpamapS: its just trying to keep the channel in line with it's function,
<ikonia> there is #ubuntu-offtopic which would appreciate such things,
<RoyK> well, keeping a channel 100% "professional" doesn't always make people happy
<RoyK> it's sunday, relax!
<ikonia> no, it doesn't have to be professional, I fully agree, but #ubuntu-offtopic would be more appropriate for a bit of fun
<RoyK> ikonia: so long it doesn't flood the already idle channel - what would be the problem?
<ikonia> it's not a "problem", but if you do it, then others are allowed to do it, and if they do it others are allowed
<ikonia> "why don't you ask Royk to stop, why just me"
<ikonia> it's better to just not have that sort of thing, when #ubuntu-offtopic would welcome it
<RoyK> well, so far my post of something funny, has generated more traffic on the channel due to your bossing around than others so far today ;)
<ikonia> RoyK: I can either explain it to you as you "asked" or you can try to justify it more
<ikonia> #ubuntu-offtopic is there for some fun stuff, it would be most appreciated if you could put that sort of post in #ubuntu-offtopic rather than #ubuntu-server
<RoyK> not trying to justify anything - just saying that it won't hurt to post some fun into an idle channel
<ikonia> RoyK: I've explained why, so please don't do it, you've been asked many times before,
<RoyK> no, I have not
<ikonia> you've never been asked to not post offtopic stuff ?
<RoyK> I have been confronted with "bad language" a couple of times, but no more
<ikonia> ok, well, in that case, I'll ask you to be clear now. "please don't post offtopic things in #ubuntu channels, #ubuntu-offtopic is there for friendly/fun stuff
<RoyK> just please rest, it's sunday, ok? all you anti-bad-christian-language people must know how to treat a sunday
<lwhalen> hey all, I'm trying to drop 12.04 LTS server on an HP Z400 desktop box
<lwhalen> but it's not detecting the disk drives
<lwhalen> HP lists the box as 'Ubuntu Certified", but the site only explicitly lists 11.04 and 11.10.  Is there something that's changed in 12.04 that would've broken the ability to detect disks?
<RoyK> lwhalen: any raid stuff?
<lwhalen> I'm POSTing the machine right now to figure that out
<lwhalen> (it takes its sweet time to post, aparently)
<lwhalen> looks to be just a single-disk Intel ICH7
<lwhalen> ah hah
<lwhalen> dead drive
<lwhalen> FML
<YuriRev01> would someone be able to help me with vsftp
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<YuriRev01> i need help with vsftp i can access it through filezilla but cannot read/write to root
<RoyK> you generally don't want to use FTP for access to the root, it uses insecure/cleartext passwords
<RoyK> you'd want to use sftp instead, ftp over ssh
<YuriRev01> I have php/msql setup the server will be used just for an administration program for a game server i didnt know the best way to do it
<escott> YuriRev01, do you have openssh-server installed?
<RoyK> filezilla supports sftp
<YuriRev01> i can connect through an ssh terminal session
<YuriRev01> from my other computer
<RoyK> sftp user@host
<escott> YuriRev01, so then you already have sftp on the system. just remove vsftpd and use sftp or scp
<YuriRev01> what would be the command to uninstall
<RoyK> apt-get remove
<YuriRev01> by itself?
<YuriRev01> im totally new to linux and im not understanding it 100% yet
<KM0201> apt-get remove vsftpd
<KM0201> or (if you're not root)
<KM0201> sudo apt-get remove vsftpd
<KM0201> what are you using your server for, if you dont mind me asking?
<YuriRev01> the only thing this server will be doing is hosting files to operate a web administration toll for a gameserver
<YuriRev01> tool*
<KM0201> i see..
<YuriRev01> so using ssh what user/pass do i connect with?
<escott> YuriRev01, best practice is to use auth keys, but you would ssh your_username@server and use your password
<escott> YuriRev01, to generate a key you can: ssh-keygen; ssh-copy-id user@server; ssh user@server. properly configured you will not be asked for a password
<YuriRev01> so it would be user@192.168.1.8
<KM0201> usually (at least in my experience)... a key is generated automatically..
<KM0201> the first time you connect...
<escott> KM0201, not the system key. the user id key
<YuriRev01> im using filezilla
<escott> YuriRev01, yes
<KM0201> oh ok, gotcha.
<YuriRev01> ok
<KM0201> wshy would you not want a password though
<escott> KM0201, because passwords are weak compared to auth keys
<escott> KM0201, and passwords are inconvenient
<KM0201> i dunno.. i guess i'm old school and just stick to the old "uppercase/lowercase and numbers" passwords.
<YuriRev01> it says the authenticity of host 192.168.1.8 cant be established ecdsa key fingerprint is (a long line that looks like a mac address)  im guessing i continue from there?
<YuriRev01> i comtinued and it states      Warning: permenently added 192.168.1.8 to the list of known hosts   Write failed:broken pipe
<escott> YuriRev01, every ssh server has a unique identification number that is supposed to be stored so that when you access that server in the future it can be compared
<escott> YuriRev01, protects against MitM attacks
<escott> YuriRev01, http://xkcd.com/177/
<YuriRev01> ok i connected so any files i want to use should be put in the home directory ?  it denies me access to make a new folder
<escott> YuriRev01, not sure why you would have any problems. what are the permissions on the folder
<chmuri> hi there
<chmuri> some one have maybe direct admin on ubuntu?
<YuriRev01> 755 is the numeric value
<escott> YuriRev01, and you are the owner of the folder
<YuriRev01> well this server sits next to me
<YuriRev01> mkdir /hydra: permission denied
<YuriRev01> i dont want anyone to have accecc but me
<YuriRev01> access*
<escott> YuriRev01, thats normal you would not have permissions to make folders on the system root directory
<escott> YuriRev01, "mkdir /hydra" != "mkdir hydra"
<YuriRev01> mkdir /hydra: no such file or directory
<escott> YuriRev01, seems you dont understand the basics of paths and relative vs absolute
<YuriRev01> pretty much
<YuriRev01> i dont understand much of anything yet
<escott> YuriRev01, http://www.physics.utah.edu/~detar/lessons/unix_intro/unix_intro/node2.html
<YuriRev01> well i understand that /home/hydra leads to a folder called hydra
<escott> YuriRev01, not really true
<YuriRev01> would you happen to have teamspeak or ventrilo>
<escott> YuriRev01, /home/hydra is /home/hydra. if you were in /home you would see a folder called hydra whose relative path is "hydra" or "./hydra" and whose absolute path is "/home/hydra" or "/home/./hydra"
<escott> YuriRev01, when you say "mkdir /hydra" that is saying make a directory inside "/"
<escott> YuriRev01, when you say "mkdir hydra" that means make a directory inside the current working directory "."
<YuriRev01> ok
<YuriRev01> ok ive created the folder
<YuriRev01> Now uploading files through filezilla and it denies me again'
<YuriRev01> im pretty sure i have write permissions
<escott> YuriRev01, other than saying "you did something wrong" i cant say much
<escott> YuriRev01, what folder did you create. how did you create it. what are you trying to do in filezilla
<YuriRev01> i created a folder called hydra in root
<escott> YuriRev01, why would you do that?
<YuriRev01> now im trying to upload some files/ folders to it
<YuriRev01> im not sure im just trying to get files to the webserver in a folder called hydra
<YuriRev01> the files in the folder communicate with mysql
<escott> YuriRev01, presumably those files should go in /var/www/hydra or something like that
<YuriRev01> ah ok
<YuriRev01> so sudo mkdir/var/www/hydra
<escott> YuriRev01, sudo mkdir /var/www/hydra; sudo chown www-data:www-data /var/www/hydra; sudo chmod 775 /var/www/hydra; sudo chmod g+s /var/www/hydra; sudo usermod -a -G www-data hydra
<YuriRev01> usermod: user hydra does not exist
<escott> YuriRev01, you were talking about /home/hydra earlier
<YuriRev01> basically the only ftp ive used before is shared hosting and when i was using that i created a folder and uploaded files to that folder and thats what im trying here
<YuriRev01> hydra is a folder
<YuriRev01> my name im assuming is the user?
<escott> YuriRev01, those commands create a folder called hydra in /var/www and make it owned by www-data and set it up so that other files and folders created in that folder will be owned by www-data and make it 775
<escott> YuriRev01, the last bit is meant to add your user to the www-data group
<YuriRev01> ok
<YuriRev01> ok i have the files uploaded now in /var/www/hydra now how would i access it through a web browser?
<ikonia> YuriRev01: through a web server
<YuriRev01> the files are on a web server
<escott> http://www.youtube.com/watch?v=ZkwrIZQDt50
<YuriRev01> pretty much lol
<escott> YuriRev01, its nearly impossible for us to tell you what to do
<escott> you need to pick some kind of software to setup for your webserver
<escott> YuriRev01, unless you just want to serve raw directory contents via apache
<YuriRev01> Right now i have a shared webhosting account with godaddy but with a shared hosting account i cant open certain ports i need, so i figured i would make my own dedicated box. i pretty much want it set up just like a shared hosting account. its hard to explain typing it out i guess
<YuriRev01> http://net.tutsplus.com/tutorials/php/how-to-setup-a-dedicated-web-server-for-free/
<YuriRev01> this is what a used
<linuxman> yo
<linuxman> when is ubuntu 10.04 server getting discontinued?
<ikonia> linuxman: 5 years from release
<linuxman> excellent
<linuxman> ubuntu 10.04, thats what i like
<linuxman> =)
<linuxman> ikonia why is ubuntu getting bloated and bloated
<escott> YuriRev01, setting up a webserver is easy. setting up a webpage is a bit harder
<linuxman> ubuntu 12.04 uses 100 cpu on my laptop
<linuxman> ubuntu 10.04 runs best..
<patdk-lap> odd
<ikonia> linuxman: it's not as far as I'm concerned
<patdk-lap> I have no issues with 12.04 on 5 different laptops
<ikonia> linuxman: if you find it bloated there are other distros you can choose
<escott> YuriRev01, do you want something that looks like this: http://archive.ubuntu.com/ubuntu/pool/main/a/apturl/
<YuriRev01> basically it was  www.mywebsite.com/hydra with godaddy and this brought up a control panel
<ikonia> YuriRev01: what are you actually trying to do
<YuriRev01> administrate a gamer server with a web based rcon control panel
<ikonia> YuriRev01: ok - so what's the problem that's blocking you ?
<YuriRev01> i have all files on ftp
<YuriRev01> in a folder called hydra. accessing the folder called hydra using 192.168.1.8/var/www/hydra should bring up a control panel but does nothing but htp404 not found
<ikonia> no, /var/www is the webserver root
<ikonia> so http://yourdomain.com/hydra should bring up something
<YuriRev01> (:
<YuriRev01> ok were in business
<ikonia> excellent
<uvirtbot> New bug: #1090992 in php5 (main) "Strict Standards: Redefining already defined constructor for class HTML_CSS in /usr/share/php/HTML/CSS.php on line 306" [Undecided,New] https://launchpad.net/bugs/1090992
<YuriRev01> thank you to everyone that helped me much appreciated
<ikonia> glad you're working
<streulma> hello, does anyone recommend Ubuntu Server for Drupal 7 ?
<YuriRev01> 1 more thing i guess lol is there a way to make sure no on e but me can view/edit/upload files to ftp
<ikonia> no more/less than any other distro
<ikonia> YuriRev01: permissisions
<ikonia> permissions
<ikonia> not using ftp would also be a good start
<streulma> YuriRev01: chmod 700
<YuriRev01> can i chmod root so everything is just usable by me?
<YuriRev01> its 775 right now
<streulma> YuriRev01: chmod -R 700
<streulma> YuriRev01: sudo chmod -R 700 folder
<ikonia> that's not going to work
<ikonia> as the web server will need access rights
<stiv2k> wat
<streulma> I want to install another OS on my servers that I run privatly and from the work, I don't know what to run. Likely NO CENTOS, but better Ubuntu, I now run Debian. I don't know
<blkperl> streulma: thats a statement not a question, choose the OS for the tasks you need it to do, all 3 will probably work fine for general cases
<streulma> blkperl: to run postgresql and other gis components, use Ubuntu/Server
<streulma> should I run my own mail server or Gmail :)
<storrgie> Anyone over here use KVM on their ubuntu-server box?
<blkperl> streulma: {apt|yum}.postgresql.org make that really easy, GIS stuff might be newer on Ubuntu
<storrgie> streulma: its a philosophical choice...
<rbasak> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<blkperl> storrgie: I use kvm via ganetti, whats up?
<storrgie> blkperl: I had two questions I asked over in the #kvm channel but it appears to be dead
<storrgie> lemme copy and paste really quick, sorry for so much spam:
<storrgie> I just manually created a bridge interface 'br0' is there a way to add it via virsh so its listed when I use my virt-manager?
<storrgie> I'm also very interested in doing something, I have some virtual machiens that need to talk directly to the host. I would like to do that through a virtual nic if I can (and use NFS) so I don't throw anything out on the network. Is this possible?
<escott> YuriRev01, you aren't using ftp. and since you uploaded the files yourself nobody else can upload. the web server is just for viewing
<escott> YuriRev01, hopefully you did not run streulma's command because that broke the setup from earlier
<YuriRev01> ah ok
<YuriRev01> i did not
<YuriRev01> how would i let public connect to my webserver if im behind a router
<escott> YuriRev01, forward port 80
<storrgie> blkperl: have you played with filesystem passthrough?
<berndt> Hey everyone, I need some help with my PPTPD not working properly.
<berndt> Current issue is: Clients can connect to my server, but once connected they lose internet access
<berndt> i.e. they are inside my server but my server won't allow them to connect elsewhere
<berndt> log from /etc/log/syslog last connection http://pastebin.com/vzQbTNhr
<berndt> My /etc/pptpd.conf http://pastebin.com/3Y5C60cx
<anepanal1ptos> berndt: windows users?
<berndt> Yes
<berndt> the client at least
<berndt> but I also tried connecting to the VPN with my phone, which also stopped its internet access
<berndt> (android, so running some kind of linux)
<anepanal1ptos> yeah i know what you mean
<anepanal1ptos> well im not a pro on this, so if anyone knows more jump in
<anepanal1ptos> but... what subnet is the pptp's lan interface on?
<berndt> I am very new to this
<anepanal1ptos> oh no problem with me
<berndt> so let me just start by telling you I don't really know how to configure this properly
<anepanal1ptos> what kind of IPs do you have on your network?
<berndt> oh
<berndt> I am using a d-link, so 192.168.0.X
<anepanal1ptos> tbh, i have never setup a poptop server, just read about it a bunch of times. i know how to do it in windwos, but that's cheating
<anepanal1ptos> ok, what's the ip of the server? (last part)
<berndt> 137
<anepanal1ptos> and what do you have set as the poptop server ip?
<anepanal1ptos> (the "virtual" one)
<berndt> try looking at this first, and you'll have a bigger idea http://pastebin.com/3Y5C60cx
<berndt> there's my configuration file
<anepanal1ptos> :)
<anepanal1ptos> hang on let me read
<anepanal1ptos> thanks!
<anepanal1ptos> hmm ok
<anepanal1ptos> seems you have set it up righ
<anepanal1ptos> t
<berndt> That's what I thought
<anepanal1ptos> oh, do you have bridgeutils installed?
<anepanal1ptos> open a console and type brctl and push enter
<berndt> I don't know... :(
<berndt> nope
<berndt> I am guessing I need it?
<anepanal1ptos> ok hang on let me test this on my ubuntu server
<anepanal1ptos> i dont know, im not a pro at this either. just thinking out loud.
<YuriRev01> ive forwarded port 80 but noone can connect
<zoidberg-> Hey guys, i have a really wierd problem on Ubuntu server (latest 64bit version).  i setup ssh keys, and now when i try logging in i get pubkey access denied errors repeatedly and then all of a sudden it allows me in, check out this: http://codepad.org/XD5lXU6d - It is a vmware guest, running on an vmware esxi host.  Whats even stranger is, when i get the failed ssh attempts, i jump onto the vmware console for that v
<zoidberg-> If that question got cut off, please let me know :)
<qman__> zoidberg-, my guess, you enabled encryption on your home directory
<qman__> which prevents openssh from being able to read your authorized keys file until you log in locally
<qman__> there's a workaround by placing the authorized keys file elsewhere, I forget the details but google should find it easily
<zoidberg-> ohhh right ok thanks for clearing that up :)
<zoidberg-> makes sense
<TheLordOfTime> are server ISOs set to automatically LVM by default?
<TheLordOfTime> LVM install *
#ubuntu-server 2013-12-09
<gdi2k> @andygraybeal did you try a reconfigure?
<andygraybeal> on postgres yes
<gdi2k> no interactive questions?
<andygraybeal> but it didn't pop up any message saying to set a paassword or anything
<andygraybeal> i'm going to purge
<gdi2k> ok
<andygraybeal> yea, no interactive quesitons
<andygraybeal> thank you for the response
<gdi2k> I have RT4 installed too, but can't remember how I installed it
<andygraybeal> yea, i've done it several times
<andygraybeal> you use it?!!?!!
<gdi2k> yes! :)
<andygraybeal> awesome!!
<andygraybeal> ^5
<andygraybeal> i love it
<andygraybeal> i can't be without it myself.
<andygraybeal> i just bought a linode host, and i have it up and running over on an ec2 instance.
<gdi2k> it's a bit clumsy and ugly, but it flexible beyond belief
<gdi2k> yeh, that's what I do, EC2
<andygraybeal> i agree with the clumsy and ugly.. but i still love it...
<andygraybeal> can you recommend the best way to purge stuff in ubuntu?
<andygraybeal> i want to start over again :)
<andygraybeal> without setting up another instance
<gdi2k> ah, I hate package management... sudo apt-get remove --purge package ?
<andygraybeal> k
<andygraybeal> thank you
<gdi2k> I think it will only remove the package you specify, so you have to figure out dependencies. I think aptitude may be cleverer at figuring it all out
<gdi2k> you can check your apt logs though
<andygraybeal> aah aptitude....
<andygraybeal> i'm not used to that
<andygraybeal> gah.. it keeps bitching about sqlite, and i never installed it
<andygraybeal> i was trying to use postgres....
<andygraybeal> i hate this stuff
<andygraybeal> i'll just try different things and be persistent...
<andygraybeal> yay!!!!!!! gdi2k it worked... i was doing apt-get purge.... and aptitude made all the idfference
<itzikb> Hi, is this the right place to ask about bug in cloud-archive?
<lifeless> itzikb: its a fine place to ask that
<itzikb> Thanks. I opened two bugs: https://bugs.launchpad.net/cloud-archive/+bug/1255420 , https://bugs.launchpad.net/cloud-archive/+bug/1257732 and I wonder how can I help to solve them
<uvirtbot> Launchpad bug 1255420 in cloud-archive "Neutron Mellanox plugin package is missing" [Undecided,Confirmed]
<Free_psyBNC> I am now offering free psyBNC access type !bnc to learn more.
<Free_psyBNC> I am now offering free psyBNC access type !bnc to learn more.
<cfhowlett> !spam|Free_psyBNC,
<cfhowlett> Free_psyBNC, please stop spamming the channel
<cfhowlett> Free_psyBNC, and stop PM spamming me
<KnownSyntax> No one wants a free bnc including one that no one has no idea about.
<KnownSyntax> ..
<cfhowlett> KnownSyntax, suspect that's a bot, but you are spot-on
<zzxc> Hey do I set the default sound card?
<jamespage> zul, libunwind build failure is isolated to just test-01
<jamespage> so I've bypassed it and backported manually for the time being
<jamespage> openvswitch is fine in icehouse-proposed so ignoring that issue for the time being as well
<jamespage> zul, adam_g: gonna sync up icehouse-proposed
<jamespage> zul, it would be good if we can get the other packages through into trusty
<rbasak> jamespage: http://status.ubuntu.com/ubuntu-t/group/topic-t-servercloud-overview.html seems incomplete? Eg. https://blueprints.launchpad.net/ubuntu/+spec/servercloud-1311-maas is missing from it. Do you know what we need to do to hook everything up?
<rbasak> jamespage: I was looking for a mongodb/arm64 work item to assign myself to it, but I can't find anything easily right now.
<jamespage> rbasak, its on https://blueprints.launchpad.net/ubuntu/+spec/servercloud-1311-juju
<jamespage> I thought that only approved blueprints got onto status.ubuntu.com
<jamespage> but it seems that's not the case
<jamespage> arosales, ^^ any ideas?
<rbasak> jamespage: thanks!
<rbasak> jamespage: I'll start on the mongodb package, I assume, and then we can port any patches to juju-mongodb?
<jamespage> rbasak, yes - but you will need to make it use the embedded libv8 copy
<rbasak> It looks like a first step would be to switch to gcc intrinsics for everything, which I can test (as best as is possible) on armhf too, and then send upstream.
<jamespage> (that's what we do for the juju-mongodb package currently stuck in -proposed due armhf build failure :-))
<rbasak> v8 looks like a major porting effort :-/
<rbasak> I don't see any 32-bit arm implementation either. Am I missing something?
<rbasak> Ah. The archive's v8 source has it, but not mongodb's embedded source.
<jamespage> rbasak, there is a 32 bit arm version in upstream v8
<rbasak> jamespage: yeah, spotted it, thanks.
<jamespage> that appears to have been stripped our as part of vendorfication
<rbasak> jamespage: so from my initial look, it seems to me that v8 has no interpreter mode, and doing the JIT stuff involves a major porting effort.
<jamespage> rbasak, mwhudson is looking at whether we can drop the v8 requirement for un-ported archs
<jamespage> and run without that bit of the mongo shell
<jamespage> might work
<rbasak> jamespage: OK, shall I focus on the non-v8 part for now, then?
<rbasak> That bit I can chug through, I think.
<jamespage> rbasak, I think that would be good
<jamespage> +1
<jamespage> zul, did you miss horizon last week intentionally?
<jamespage> or do I still need to ack a MP
<jamespage> I probably do don't I
<jamespage> zul, commented on https://code.launchpad.net/~zulcss/horizon/2014.1.b1/+merge/197957
<jamespage> zul, I don't see an upload for glance either - although the MP is merged
<jamespage> yolanda, that sounds better - yes
<yolanda> ok
<yolanda> i will do a try
<yolanda> jamespage, nova is FTBFS? wanting to add the patch there, but cannot build
<jamespage> yolanda, can you leave this until icehouse-1 is out of the door - should be today/tomorrow
<yolanda> jamespage, ok
<jamespage> there is a pending MIR that needs to complete
<yolanda> can i do it with other packages?
<jamespage> yolanda, nova ftbfs?
<jamespage> that was one that did go through
<jamespage> yolanda, oh - in the lab?
<yolanda> yes, in the lab
<yolanda> jamespage, using the ubuntu-server-dev packages to add the banners, am i right?
<jamespage> yolanda, well you could fix that problem at the same time - its probably just a patch refresh or drop
<yolanda> ok, i'll take a look
<yolanda> jamespage, what do you think should be the best way to show distribution on python? as i cannot send a var to precompiler as other languages, I was thinking in patching the file i need with some placeholder, and then do a sed to replace with right vars on debian/rules
<yolanda> can you think on something better?
<ice9> when I try to install zram-config on Ubuntu 13.04 VPS I get this error:
<ice9> invoke-rc.d: initscript zram-config, action "start" failed.
<patdk-lap> ice9 what did you expect? that seems a very valid result
<jamespage> yolanda, not quite sure what you are trying to achieve patching python itself?
<jamespage> or is this a general how do I do the banner for a python app thing?
<ice9> patdk-lap, you mean because 13.04 doesn't support zram?
<patdk-lap> no, cause you are using a vps
<yolanda> jamespage, patch is done in wsgi.py file, but i don't want to hardcode ubuntu
<yolanda> so i was looking for a way to dynamically set that
<yolanda> in other packages i was just sending a var to preprocessor using makefile, but with python i'm not sure on how to do it
<ice9> patdk-lap, so now how do I remove zram from apt-get is it's not installed and still giving an error when installing any other package
<patdk-lap> that I don't know
<zul> oh my god i hate the winter
<jamespage> yolanda, http://paste.ubuntu.com/6545838/ - that's what I see as test coverage for heat right now
<yolanda> mm, let me check if i haven't pushed
<jamespage> zul, cinder and nova need a dependencies version review - how's that tool coming along?
<zul> jamespage:  delayed
<jamespage> staging to proposed is a great place to spot these things
<zul> jamespage:  six?
<yolanda> jamespage, are you grabbing from here? ~yolanda.robla/charms/precise/heat/trunk/
<zul> 2cheeks
<yolanda> i don't have anything to push, and my coverage shows 85%
<jamespage> zul, yup
<jamespage> ditto on wsme
<zul> jamespage:  ack
<zul> jamespage:  we need to fix something for horizon after i get it uploaded today
<yolanda> i see heat_context tests differently: heat_context        34      8    76%   27, 34-40, 43-44
<zul> jamespage:  http://pastebin.ubuntu.com/6545845/
<jamespage> zul, oh great
<jamespage> that old chestnut
<zul> yep
<zul> jamespage: i opened #1259166 because of it
<jamespage> bug 1259166
<uvirtbot> Launchpad bug 1259166 in horizon "Fix lintian error" [Undecided,New] https://launchpad.net/bugs/1259166
<zul> jamespage:  https://code.launchpad.net/~zulcss/horizon/2014.1.b1/+merge/197957
<jamespage> zul, you need to include the new assets
<zul> argh
<zul> jamespage:  done..
<zul> jamespage:  wrt to waittress, the tests run fine locally but doesnt run in a build, ive added dep8 tests for them and ill ping mterry about it
<zul> jamespage:  lemme know when you get back
<hallyn_> zul: bug https://bugs.launchpad.net/ubuntu/+source/ipxe/+bug/948323, do know what path xen looks for for ipxe roms?  does it look for /usr/share/qemu or /usr/lib/ipxe?
<uvirtbot> Launchpad bug 948323 in ipxe "Rom images for e1000 and ne2k missing vendor and device id" [Low,Fix released]
<hallyn_> i'm wondering whether we still need that delta from debian
<zul> /usr/share/qemu i think
<zul> smb: ^^^
<smb> hallyn_, Probably yes as long as the xen build getting those for xm path
<smb> And yes, I think /usr/share/qemu
<zul> hallyn_:  i should have an updated libvirt for you today...if my uploads to the ppa wouldnt timeout
<smb> zul, Would your updated libvirt be actually tested with xen?
<smb> zul, As it is segfaulting fight now
<zul> smb: nope i dont have xen installed
<zul> smb:  1.2.0?
<smb> zul, May I slap you a little bit?
<zul> smb: no :)
<smb> Wishful thinking
<zul> you can wish for a little bit longer then :)
<smb> Nothing to do with libvirt upstream as with a mis ported patch of mine
<zul> doh
<zul> smb: well patches welcome
<smb> Right now I got it to be ok with xl stack but not working yet with xm
<smb> Theoretically we should move to xl as default anyways
<smb> Though xl has pxeboot issues
<hallyn_> smb: yeah if you want tested with xen beforehand i think you need to have zul ping you when he's merging, as he does me . (cause i' not gonna test xen either :)
<smb> hallyn_, That would be some progress at least
<smb> :-P
<smb> Better than to find out when I actually want to do something else
<zul> hallyn_:  maybe we should keep smb in the loop when we merge a new version
<jamespage> zul, bug 1259203
<uvirtbot> Launchpad bug 1259203 in python-wsme "require versioned dependency on python-six" [Undecided,New] https://launchpad.net/bugs/1259203
<smb> zul, Thats what he said
<zul> jamespage:  arrgh
<smb> zul, translating US to CA... ;)
<smb> or vice versa
<zul> smb: yes we actually use english ;)
<smb> zul, So give me a sec. The patch might not yet be good but better than before
<zul> smb:  ack
<zul> jamespage:  on it
<jamespage> zul, good man!
<jamespage> zul, they don't need an immediate upload btw - they can wait for other things
<smb> zul, chinstrap:~/smb/ubuntu-xend-probe.patch
<zul> jamespage:  ok i talked to mterry about webtest its on his todo list for today
<jamespage> zul, thanks
<hallyn_> zul: sounds worthwhile :)  (keeping him in the loop)
<zul> jamespage:  also ill have a nova merge for you shortly (just buidling locally for any surprises)
<lfaraone> smoser`: did you have a chance to check out that script?
<jamespage> zul, ok
<smb> zul, If you can point me (or drop me) your 1.2.0, I can switch fiddling around with that
<zul> smb: https://launchpad.net/~zulcss/+archive/libvirt-1.2.0
<smb> zul, thanks
<smoser`> lfaraone, i'm sorry. its on my todo list.. i just wrote it  there again today :)
<smoser`> lfaraone, link ? and i'll take a quick look now.
<lfaraone> smoser: neat, thanks. https://bazaar.launchpad.net/~lfaraone/+junk/configure-interfaces/view/head:/configure-cloud-interfaces
<smoser> lfaraone, fwi, there is '#cloud-init' channel also
<smoser> not that your comments are inappropriate here
<smoser> but that they my be more appropriate there.
<lfaraone> k, joined.
<zul> jamespage:  https://code.launchpad.net/~zulcss/nova/icehouse-sqlalchemy/+merge/198278
<jamespage> yolanda, the problem is that openstack does not have the same concept as apache
<yolanda> jamespage, zul, so my thought about a var in config file also, is that the way that openstack is deployed, with puppet or other tools, will make that this var is just ignored
<jamespage> I'd prefer that we have something config driven so that users can disable it - but that might not meet the objectives for this blueprint
<yolanda> people won't be adding any extra vars
<jamespage> as its easily disabled
<jamespage> yolanda, well you could have a sane default
<yolanda> mm, but then it will be done in runtime
<yolanda> if i check if var is not set,and then check for distribution... it will be wasting a lot of time
<jamespage> yolanda, for example platform.dist() return a tuple of useful information
<yolanda> but that's runtime, right?
<jamespage> yolanda, yes
<yolanda> so imagine that extra call for each api call...
<yolanda> i don't think that's a good idea
<jamespage> its probably cached
<jamespage> or maybe not
<jamespage> yolanda, I agree that sucks
<yolanda> and setting a var in keystone.conf will be mostly ignored, don't you think?
<yolanda> problem on what i did now is that is not easily movable upstream
<yolanda> so jamespage, zul, what alternatives do we have?
<zul> yolanda:  i still think if you do keystone --version thats good enough
<yolanda> but that's not the objective for server banners
<zul> true but its not always a good idea to do it in server banners
<yolanda> mm i checked with jamespage and we decided that this wasn't good, so we need some agreement
<a1fa> hello
<a1fa> in terms of monitoring cpu utilization, should one focus on %sys or %idle and or %soft?
<a1fa> on cpu load, should i really care about %idle versus anything else? how about si or hi?
<zul> roaksoax:  ping maas doesnt use beautifulsoup does it?
<roaksoax> zul: np[e
<roaksoax> nope
<zul> roaksoax:  awesome
<zul> Daviey:  ping
<hallyn_> zul: all right, qemu 1.7 working for me.  if you want to look at it before i push to trusty, shout
<hallyn_> oh wait, gotta look for a new version of linaro patchset.  heh.
<zul> hallyn_:  sure why not
<zul> hehe
<hallyn_> zul: ok, it (without linaro patchset) is in github.com/hallyn/qemu branch ubuntu_1.7.0+dfsg-2
<yolanda> so zul, jamespage, i'll need some feedback about it. We have several options, not sure what will be best, also smoser sent some feedback: https://code.launchpad.net/~yolanda.robla/keystone/icehouse_fix-distribution/+merge/198275
<smoser> yolanda, was i wrong ?
<smoser> surely something loaded in that wsgi.py is only loaded once, right?
<yolanda> but it should be loaded on every api call
<smoser> no...
<smoser> are you saying you'd want it to be ?
<smoser> or are you saying that wsgi.py will actually be loaded by python on every api call
<smoser> i could be wrong, but i surely wouldn't expect that it would be. and if it is, we can find somewhere else to put the DISTRIBUTION
<yolanda> smoser, i think wsgi should be loaded on each api call
<yolanda> but i'm not sure at this moment anyway
<yolanda> also we were discussing about using a config var for it
<smoser> sure. config var is no different. i'm fine with that.
<smoser> if you have something up, you can easily check if wsgi.py will be loaded on every call.
<yolanda> problem with config var, is as openstack is normally deployed using puppet or other tools, won't be easily used, people willl override it
<smoser> you just do open("/tmp/mfile.txt", "w+").write("loaded")
<yolanda> one solution that jamespage also proposed, is to set that in config, and it not present, default it with some python call (for example the approach you told)
<smoser> and if every api call gets appended to that file, then i'm wrong
<yolanda> yes,  i was thinking in testing it
<yolanda> also zul suggested just to patch the --version call, so we have several alternatives
<smoser> personally, i might just do it like a "config" that is a dict
<smoser> and allows you to specify 'X-Distribution: foo-bar'
<smoser> as well as
<jefgy> I have a server using a near-offset mdraid 1 I need to convert it to a far-offset raid 10.  There don't see anyway to do this without basically taking the machine down for a full rebuild and copying the data over.  any better suggestions?
<smoser> 'X-GoCubsGo: cubswintoday'
<smoser> and update the dict with the config value
<smoser> ie, it doesn't 'have to be distribution specific at all.
<smoser> just "additional headers"
<yolanda> smoser, and also you would add a section in .conf files for that?
<smoser> well, a config variable.
<smoser> so you'd ether have a config variable value tha tis then an array (or dictionary)... I think there are some values that are ',' delimited
<smoser> already
<smoser> ie, which have been 'shoved' into a single string
<smoser> or you can just refer to a file that has this data in it json encoded.
<smoser> the file reference is what I did for "vendor data" in openstack.
<smoser> s/openstack/nova/
<smoser> https://review.openstack.org/#/c/37964/
<smoser> that might be overkill here. as may be my generic "additional_headers"
<smoser> but it is very functional
<yolanda> ok, i'll take a look
<bogeyd6> a.net
<frojnd> Hi. What ftp server do u suggest? So Users could upload to /var/www/servers/ ?
<frojnd> Preferably users without shell and access to upload only to /var/www/servers/user1/ ?
<sarnold> frojnd: ftp is a horrible protocol, I'd rather offer sftp through sshd.
<frojnd> anyways if that filezilla supports I'm good with it?
<frojnd> it does..
<frojnd> Ok So I have only 2 demands. User can not ssh to server but is able to upload to /var/www/servers/user1/ directory and all subdirectories
<frojnd> Also this directory has following rights: drwxr-xr-x 10 www-data www-data
<frojnd> This means only www-data is able to write
<sarnold> frojnd: look at sshd_config(5), especially ForceCommand and internal-sftp
<sarnold> frojnd: I'd change the directory's owner and group -- you do not want your web server to be able to write to this directory, do you?
<frojnd> Nope. What is the common group user for websites on ubuntu?
<sarnold> I'd make a new group, myself, since I don't care for the use of www-data for both the webserver process -and- the webserver data files.
<hallyn_> sarnold: if i want to allow ext* and xfs mounting, do you know offhand if i can just say "mount fstype=ext* xfs," ?
<sarnold> hallyn_: try "fstype in (ext*,xfs)" -- though you might need (ext2,ext3,ext4,xfs) ...
<hallyn_> sarnold: in an apparmor profile?
<hallyn_> (the 'in' seems out of character)
<hallyn_> eh, i'll just list them out - clearer anyway.  thanks :)
<sarnold> hallyn_: yeah, the 'in' was introduced because 'mount' is funny -- we wanted something more flexible than "this exact set of options" to allow "anything in this list of options". so 'in' was introduced.
<hallyn_> in what release?
<sarnold> sorry, I don't recall.
<sarnold> sigh I need to set up some more-featured chroots, 'bash: man: command not found" ...
<hallyn_> yeah i need to tweak my canonical-containe-creation scripts to add things like that, as well as divert dpkg
<hallyn_> not today :)
<sarnold> :)
<sarnold> .. when waiting six seconds for a vm to spin up and ssh in is just too painful ..
<hallyn_> stgraber: well that was weird.
<sarnold> hallyn_: looks like precise has the mount 'in' rules. Not lucid, no real surprise there I guess.
<hallyn_> on 3.12 kernel, i did 'dd if=/dev/zero of=xxx bs=50M'.  when it got to 5.5G i ran out of disk
<hallyn_> sarnold: do you have a link to docs on it?
<hallyn_> dude htis happens on host too
<sarnold> hallyn_: nothing better than apparmor.d(5), sorry: http://manpages.ubuntu.com/manpages/precise/en/man5/apparmor.d.5.html
<hallyn_> oh, heh.  i see what i did there
<hallyn_> well, i need a reboot.  biam
<sarnold> .. you actually ran out of disk, right? :)
<hallyn_> yup
<hallyn_> stgraber: when you get a chance could you look at my debdiff to https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1257389 ?
<uvirtbot> Launchpad bug 1257389 in maas "cannot run maas-import-ephemerals inside lxc container" [Undecided,Confirmed]
<roaksoax> jamespage: silly question.. but do you think it would be better to rename maas-region-controller-min to maas-region-controller-common?
<stgraber> hallyn_: do you actually need to allow nesting in the -with-mounting profile?
<hallyn_> stgraber: not necessarily, but since you can't "combine" features, i thought i'd go for the lowest common denominator
<hallyn_> smoser: the containers wher eyou'd want to mount blockdevs, you wouldn't be using cgroups there right?
<stgraber> hallyn_: I think it'd be best to have the with-mounting profile only allow mounting and not allow nesting (so drop start-container, cgroup, proc, sys and the rw,bind of dev/shm)
<stgraber> hallyn_: if someone actually wants both, they should just add an extra profile which includes both with-nesting and with-mounting
<smoser> hallyn_, um... i don tthink so, but i'm not sure.
<hallyn_> stgraber: ok will update the debdiff on the bug
<hallyn_> stgraber: are you pushing soon to trusty with your new config layout?
<hallyn_> do you want to just add this to your upload if so?
<stgraber> hallyn_: next upstream push will be next Tuesday with the release of beta1
<stgraber> (17th)
<TeraJL> i have  a small USB (500mb) drive, is there any way to install ubuntu server? online instalation or something?
<fuga> hi i have some problem to receiving mail on my postfix/dovecot server...
<fuga> http://paste.ubuntu.com/6547378/
<sarnold> TeraJL: I've got to run out the door.. but perhaps try one of the 'mini' images on your usb stick, just dd the thing, that might do a live instance for you in the tiny space..
<hallyn_> stgraber: all right i'll push lxc with that fix, then.  i'll work upstream for the lxc-ubuntu-* template option to specify apparmor profile.  (if i can think of a good way to specify one)
<stgraber> hallyn_: I just applied a commit from caglar that adds that kind of documentation to ubuntu.common.conf, so you probably just want to add a section in there.
<hallyn_> ok
<fuga> no one to help me?
<rdw200169> fuga: it is extremely probable that your ISP is blocking port 25
<rdw200169> fuga: try telneting from a *remote* host that is nowhere near you, like from a amazon ec2 micro instance or something back to your ip:25 with postfix running
<fuga> my port are open...i've already a web server on the same computer using port 80 and i have opened 25 and 143 by the same way
<rdw200169> fuga: true, most ISPs allow you to open port 80 and host a page no problem; port 25 is another matter, though.  port 25 and an MTA leave you wide open with the standard configs as a spam relay host, which will trash your IPs reputation, and by proxy of that your ISP
<fuga> on my ISP/modem i have open the port..it's possible the portsstill close despite this?
<rdw200169> fuga: yup; email is a horrible dangerous game to play, and most ISP's don't want to see their customers bandwidth get aggregated to the hilt with spam traffic to some subscribers open MTA
<fuga> how can i do to have my domain email adress....like  john@mydomain.com?
<rdw200169> fuga: just trust me on this one, but give up trying to run your own mail server out on the open internets; it's fine if you want to *send* email to remote SMTP servers, just not receive
<rdw200169> fuga: you can, off the top of my head, use google apps; go daddy and most of the big registrars as well will host email for your domain
<fuga> di you have some help links for me?
<fuga> go daddy? i don't understand...
<rdw200169> fuga: godaddy.com
<fuga> ok just...it's a free solution?
<fuga> because money it's a problem to^^...
<rdw200169> fuga: probably not; there was a time when google apps was free, and that is when i got in, but i don't know if it is free any more
<ScottNYC> question, why is it that Ubuntu Servers guided LVM install creates a sperate ext3 /boot partition? Why isnt it part of /roots' logical volume or at least its own logical volume, why ext3?
<fuga> ok i look that
<ScottNYC> is it to make the boot partition easier to access?
<rdw200169> ScottNYC: that is probably an old doc; regardless, separating your partitions is always a good idea; particularly between variable and non-variable data
<rdw200169> ScottNYC: mostly it has to do with old versions of the boot loader (grub) and its idiosyncrasies regarding what types of partitions and whatnot it could read the boot stuff off of; my understanding now is that Grub2 can access pretty much anything, to include inside a mdadm raid array
<rdw200169> ScottNYC: And i am almost certain that there was a time when grub could not access partitions inside of LVM for the stage2 file
<ScottNYC> yeah that makes sense, thx rdw200169
<Pryath> I'm going to attempt to configure my iptables for ubuntu server, but I'm worried I'll end up locking myself out or screwing up the rules. This paste is basically two examples I found mashed up together into one (with an extra part at the bottom I'd manually add). Can anyone tell me if this will work or give me advice on how to improve it? http://pastebin.com/EsR9ZFpH
<frojnd> sarnold: I've used internal-sftp
<frojnd> sarnold: the problem is that when I try to login with newly created user that has only rights in /var/www/server/this_server he can also see other stuff
<frojnd> He can only write or do stuff in /var/www/server/this_server but still... I thought I've chrooted it properly
<frojnd> One newbie question. Let say I chroot sftpuser. Can this chrooted user still have access to read other directories?
<frojnd> if other directories have -r flags for other?
<soren> frojnd: Depends on where they are.
<frojnd> soren: if they are in /var/www/servers/server1/ ?
<frojnd> I'd like to create a sftp option for one user that wish to upload new stuff for site
<frojnd> directly to site
<frojnd> And I already this is a bad ieas since now while I'm testing it I can locate .crt, .key, .csr files
<soren> frojnd: WEll, they can only access things that are in the chroot.
<frojnd> soren: but I can go out of there
<frojnd> I can actually go to /
<soren> frojnd: Then you're not chrooted.
<frojnd> hm
<soren> That's what chroot means.
<soren> It redefines the meaning of /.
<frojnd> Yeah, I thought so
<frojnd> First I've created user: sudo useradd --home-dir /data/incoming --no-create-home sftpuser
<frojnd> ANd then add a passwrd.
<soren> So if you have a process that's been chroot('/var/www/whatever')'ered, that process will see /var/www/whatever as its /.
<frojnd> mhm ok I understand
<frojnd> I fucked something up on the way then
<soren> It won't see "/var/www/whatever" mentioned anywhere and just be blocked from going further up (or down, whichever way you typically visualise it) the tree.
<frojnd> anyways after creating a new user without shell I've chown already created directory: sudo chown /var/www/servers/server1/public_html
<soren> So when you say it can go to /, what do you mean?
<frojnd> It can actually go to / :) and go to /home/ and see all the users with shell
<frojnd> it can also go to /etc/nginx/ssl :P
<soren> Ok.
<frojnd> so I must have mispeeld or did something wrong
<soren> What did steps did you take to attempt to chroot it?
<frojnd> ok
<frojnd> 1) created a user: sudo useradd --home-dir /data/incoming --no-create-home sftpuser
<frojnd> 2) gave it a password..
<frojnd> 3) chowned dir: /var/www/servers/server1/public_html
<frojnd> 4) edited /etc/ssh/sshd_config to look like this: Subsystem sftp internal-sftp
<frojnd> and added this: http://sprunge.us/LIhG
<frojnd> And after it I've restarted ssh service
<frojnd> and I found something..
<frojnd> I made a typo :S
<soren> Can you paste the output of "ls -l..."
<soren> oh
<soren> Never mind, then :)
<frojnd> in sshd
<frojnd> let me try it
<frojnd> yeah
<frojnd> it was a typo, I didn't properly wrote sftp username in sshd
<soren> Looked ok to me?
<frojnd> I forgot to add sftpuser[server1] here
<frojnd> This is a nice feature. Chroot
<frojnd> Hm
<frojnd> Pam is douing a problem
<frojnd> or not
<ScottNYC> does it matter the order in which u create logical volumes? for example After creating logical volumes root, swap. and home, when viewing the partitions I just created, their listed from top to bottom, home, then root then swap.
<jpds> ScottNYC: No.
<ScottNYC> ok thx
<Pryath> welp I locked myself out of my server. It's a good thing it's non persistent (through restarts)
<jkyle> I'm noticing exceptionally long ifup -a times
<jkyle> over 5 minutes
<jkyle> is there some logs to help me narrow down what's stalling?
<PryMar56> jkitchen, ps aux | grep dhclient
<PryMar56> jkyle, meant for you
<PryMar56> I had a new server setup where dhclient was missing
<jkyle> yeah, I think I nailed it down to that. fella that set up the vm didn't bridge the interface so it wasn't serving dhcp
<jkyle> PryMar56: ^
#ubuntu-server 2013-12-10
<rostam> HI I would like upon ssh to my ubuntu 12.04, the /etc/profile to be sourced, is there a way to configured this on any login? thx
<Daviey> zul: hey
<sarnold> rostam: if you're using bash, that should just happen automatically...
<rostam> sarnold: that is what I thought but it does not,  I have to manually do . /etc/profile so the changes to take effect??
<sarnold> rostam: are you changes in /etc/profile over-ridden by settings in ~/.bashrc or ~/.*profile files?
<rostam> sarnold, it does not override that I am sure...
<rostam> sarnold there is a specific profile which I have placed it in the /etc/profile.d once the /etc/profile is source that file also gets source
<zul> Daviey:  still around?
<frojnd> Hi there.
<cfhowlett> frojnd, greetings
<frojnd> I have a huge problem. Somehow my IP is in /etc/hosts.deny
<cfhowlett> d'oh!
<frojnd> even if I remove that entry it keeps coming back :) so I can't ssh to it with another temrinal
<frojnd> luckily I'm still logged in by one terminal
<frojnd> would it helped if I put my Ip in hosts.allow?
<frojnd> but would like to know how my home ip ended up in hosts.deny in the first place
<frojnd> cfhowlett: any ideas? :=
<frojnd> :)
<cfhowlett> frojnd, sorry, no.  I'm silent on areas outside my range of knowledge --- i.e. most server problems.  As we seem to be the only ones awake here, perhaps moving the query to #ubuntu might be in order.
<frojnd> nice idea
<frojnd> noone there either
<frojnd> :)
<frojnd> It was denyhosts
<frojnd> interestingly
<cfhowlett> frojnd, so how ??
<frojnd> it was the configuraton file. I wasn't careful when I was updating and in /etc/denyhosts wasn't set PURGE_DENY
<jamespage> zul, you needed a allow-stderr restriction in tests/control
<jamespage> otherwise stderr output == test failure
<yolanda> jamespage, smoser, zul, what do you think about that? https://code.launchpad.net/~yolanda.robla/keystone/icehouse_fix-distribution/+merge/198275
<jamespage> yolanda, how would you feel about targetting that to upstream first?  I'd like to know that there is appetite to accept this type of header data as normal before we start adding patches to all of the packages.
<yolanda> jamespage, ok, what's the process to send some patch upstream? just submit like a code change to gerrit?
<jamespage> yolanda, yes
<yolanda> should i create some bug first?
<jamespage> yolanda, sounds good
<yolanda> ok
<jamespage> people can then comment on the bug
<jamespage> yolanda, that approach means it can be overridden by configuration right?
<yolanda> jamespage, yes, if you add this section to config, it will be overriden
<yolanda> it only shows platform.dist() on default
<jamespage> if so it would also be nice if there was a way to disable adding the header altogether
<jamespage> Distribution = None
<jamespage> or something similar
<yolanda> ok
<yolanda> i'll do some tests with it and then send upstream
<jamespage> zul: https://code.launchpad.net/~james-page/cinder/python-six-1.4.1/+merge/198378
<jamespage> zul, working through some neutron bugs today - might do an 0ubuntu2 later
<zul> jamespage:  can you look at that horizon merge from yesterday as well
<jamespage> zul, oh - yes of course
<Daviey> zul: you wanted me?
<zul> Daviey:  yeah when you get a sec can you do a source new review for me?
<Daviey> zul: oslo.rootwrap or swift-bench?
<zul> Daviey:  both
<Daviey> zul: Ok, should be able to do it in about 1.5 hours.  Tied up in meetings until then.
<zul> Daviey:  cool thanks..
<zul> jamespage:  horizon is ok?
<smoser> yolanda, that looks good
<yolanda> sent upstream
<mdeslaur> does anyone know how to create an explicit deny ACE in samba?
<smoser> is there any reason you wouldnt want to default to something like '/'.join(platform.dist)
<smoser> maybe not.
<smoser> yolanda, the only othe rcomment i have is why force 'X-' prefix ?
<smoser> as opposed to letting that be configured.
<yolanda> smoser, normally in http all extra headers are prepended with X- , right?
<yolanda> i just tried to send X-Distribution in config file but it was transformed to X_Distribution
<smoser> well that sucks.
<smoser> i understand all "extra headers" being normally prefixed with 'X-'
<smoser> but don't know who's definition of 'extra' is right.  if you allowed thatin the config, then the provider can choose to put 'X-' or not put 'X-'.
<yolanda> smoser, but then i'll need to replace the _ with - in headers, or they won't look right. And if some people just wanted to send a header with _ ?
<yolanda> maybe just look for starting X_ and transform to X-
<yolanda> smoser, jamespage, what do you think about the X- headers then?
<smoser> yolanda, i'm fine to let upstream discuss it and take it either way.
<smoser> if it were my choice, i'd not want to force any restrictions on the headers.
<smoser> but i dont think its a very big deal.
<smoser> annoying that config format squashes your '-'
<yolanda> smoser, yes, my first try was to don't force the X- and give freedom
<yolanda> let's see if people add comments there
<smoser> someone (me) might do it :)
<gyre007> can someone tell me if Precise LTS has ipvs support in kernel ?
<gyre007> basically lvs support is what Im after
<jrwren> gyre007: signs point to no: http://pastebin.ubuntu.com/6551563/
<gyre007> oh no
<jrwren> you can do lxc.
<jrwren> https://www.stgraber.org/2012/05/04/lxc-in-ubuntu-12-04-lts/
<gyre007> not really...can I ?
<gyre007> but I will need an image which has kernel with ipvs support compiled in
<jrwren> afaik, lxc does not use ipvs or lvs kernel mods
<gyre007> I just actually installed keepalived on KXC
<jrwren> instead it uses namespaces and cgroups, which are newer and better.
<gyre007> *LXC
<gyre007> and I get the http://askubuntu.com/questions/388768/lvs-support-lts-12-04
<jrwren> but I am not an expert in this area.
<gyre007> LXC runs of the host's KErnel AFAIK
<jrwren> yes, there is only one kernel with lxc
<gyre007> if host's Kernel' doesnt have lvs support you're screwed
<jrwren> so you really want to run keepalived ?
<gyre007> so am I :-)
<gyre007> well yeah
<gyre007> whats wrong with that ? :)
<jrwren> nothing, i'm just trying to understand what you want :)
<gyre007> basically I need something which will give me vrrp
<gyre007> and that's keepalived
<gyre007> but it needs lvs
<jrwren> you running routing protocols?
<gyre007> Im trying to set up HA load balancer...
<gyre007> with auto failover
<gyre007> and keepalived looks like a pretty good candidate
<jrwren> cool.
<gyre007> well not really :-) if the kernel doesn't support it then....
<jrwren> vrrpd or ucarp?
<gyre007> I dont think I need vrrpd
<gyre007> keepalived is actually filling the role of vrrpd right ?
<jrwren> i'm suggesting either of those instead of ipvs
<jrwren> i don't know keepalived or ipvs very well.
<gyre007> but can keepalived work with those ?
<jrwren> I think they would be used instead of keepalived
<gyre007> mm
<jrwren> i wish I knew someone esperienced with them to ask which to use, but I don't.
<arie_kiyoshi> hello guys
<zul> jamespage:  ping...horizon review?
<stgraber> hallyn_: hey, did you ever get sarnold to re-check lxc-user-nic? I'm getting tired of manually setting the setuid bit everytime I update LXC :)
<jamespage> yolanda, how about taking a look at active/active rabbitmq across the openstack charms
<jamespage> its on the blueprint and is an important delivery this cycle
<jamespage> https://blueprints.launchpad.net/ubuntu/+spec/servercloud-1311-openstack-charms
<yolanda> wow, sounds challenging!
<jamespage> yolanda, oh - and merges
<yolanda> yes, i was taking a look at merges right now :)
<jamespage> I'm sure there are still some on the list - stuff lands in debian all the time!
<hallyn_> stgraber: not since I pulled some code out
<beatstreet> I have an ubuntu server that keeps locking up and requires reboot to get it back online
<hallyn_> sarnold: ^
<beatstreet> what's the best log to look up
<zul> jamespage:  waitress and bs4 have been promoted fyi
<hallyn_> waitress?
<zul> hallyn_:  python-waitress -  dependency for python-webtest - dependency of keystone
<jamespage> zul, marvellous
<zul> jamespage:  ill wait for it to get out of proposed and run boom
<jamespage> zul, how are we on the rest of icehouse-1?
<jamespage> glance - dep wait
<zul> checking glance
<zul> jamespage:  argh..
<jamespage> zul, ceilometer - rebuilding now - bust on webtest
<zul> jamespage:  glance rebuilding now
<caribou> smoser: I saw that you mentionned merges during the meeting, any server specific list of merges or merge-o-matic is the source ?
<caribou> smoser: I started to look at those & a few ftbs
<zul> jamespage:  btw https://code.launchpad.net/~zulcss/horizon/2014.1.b1/+merge/197957
<jamespage> zul, doing it now
<zul> jamespage:  thanks
<smoser> caribou, i didn't think anyone would call me on that :)
 * smoser goes to look for some stuff
<smoser> grep-merges is helpful.
<smoser> caribou, but yeah, generally merge-o-matic is your friend there.
<smoser> i could look for something that looked "easy", but i dont hink you need something terribly easy.
<caribou> smoser: I've done a couple already
<caribou> smoser: I helped with crash & libpng only to find out that the original person responsible had done it already
<jamespage> zul, it was still missing static assets, so I re-did them and pushed, and uploaded
 * smoser should probably do mine.
<Daviey> zul: oslo.rootwrap, where did the orig tarball come from?
<smoser> caribou, yeah, its always best to try to ping the last touch'd
<caribou> smoser: I'll look around and see what I can find
<Daviey> jamespage: binNEW on ceilometer?
<jamespage> ?
<Daviey> jamespage: binNEW on ceilometer-agent-notification ?
<jamespage> yeah - thats OK
<zul> Daviey:  pypy
<jamespage> its new this cycle
<zul> Daviey:  er...pypi
<zul> Daviey:  we know the upstream author pretty well https://pypi.python.org/pypi/oslo.rootwrap/1.0.0
<Daviey> zul: right, but it makes it quite hard to verify the source when the only hint i get is "Source: https://github.com/openstack/oslo-incubator"
<zul> Daviey:  argh i need to fix that up
<Daviey> zul: Fany adding a get-orig-source?
<Daviey> fancy*
<zul> Daviey:  sure i can do that
<Daviey> zul: ok, rejected that.. with that change (& copyright entry) happy to accept
<zul> Daviey:  ok gimme a sec dont go anywhere
<beatstreet> nsk
<zul> Daviey:  just uploaded
<zul> jamespage:  https://launchpad.net/ubuntu/+source/glance/1:2014.1~b1-0ubuntu1/+build/5317701
<hallyn_> win 31
<jamespage> zul, rebuilding neutron as well - webtest dependency issues
<jamespage> zul, so i think
<jamespage> cinder: done
<jamespage> ceilometer: done
<jamespage> heat: done
<jamespage> glance: done
<jamespage> nova: done
<jamespage> neutron: inprogress
<jamespage> horizon: done
<jamespage> keystone: done
<zul> ack
<jamespage> swift: nothing todo right?
<jamespage> zul, ^^
<zul> jamespage:  well they just did a rc this morning
<jamespage> urgh
<zul> i noticed
<zul> so gimme a sec
<jamespage> ack
<hallyn_> stgraber: bug 1254338   can you see any downside to detecting kernel version in /etc/init/lxc-net.conf and donig the iptables rule for veth checksum offloading if needed?
<uvirtbot> Launchpad bug 1254338 in lxc "lxc containers failing dhcp (dup-of: 930962)" [Undecided,Confirmed] https://launchpad.net/bugs/1254338
<uvirtbot> Launchpad bug 930962 in lxc "dhcp3-server reports many bad udp checksums to syslog using virtio NIC" [Low,Confirmed] https://launchpad.net/bugs/930962
<stgraber> hallyn_: in theory there will be a small CPU overhead in doing that when it's not needed (recent dhcp client) but no, I'm not opposed to it. If we do it, I think it'd probably be easier to just always add that rule (like I believe libvirt does).
<zul> jamespage:  actually its milestone proposed...so i would rather wait til thursday for that one
<jamespage> zul, after christmas we should get trove out of -proposed and into CI as well
<jamespage> we don't need to MIR it yet
<zul> jamespage:  or before
<jamespage> but it should at least work :-)
<zul> in theory yes :)
<hallyn_> smoser: bug 1090223, maybe it's time to request vmbuilder be pulled from the archive
<uvirtbot> Launchpad bug 1090223 in vm-builder "The directory ubuntu-kvm disappeared after creating vms failed" [High,Confirmed] https://launchpad.net/bugs/1090223
<zul> hallyn_:  yes please :)
<hallyn_> stgraber: well id on't really want to end up with 200 copies of that rule though
<hallyn_> hm.  i wish iptables was a little more useful :)
<hallyn_> zul: how do we go about that?
<zul> hallyn_:  open up a bug and ask the archive admin to do it
<stgraber> hallyn_: isn't libvirt adding an interface-specific rule?
<zul> that reminds me we should remove xcp as well
<stgraber> hallyn_: yeah, it's:
<stgraber>     5  1656 CHECKSUM   udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68 CHECKSUM fill
<hallyn_> stgraber: ok, cool.  so i guess i'll add that in trust, but i don't wanna sru
<hallyn_> zul: open bug against vmbulider itself, or against ubuntu?
<stgraber> hallyn_: yeah, that's fine. I expect it'll mostly hit people upgrading from 12.04 anyway
<hallyn_> smoser: any objection to that (removing vmbuilder from archive)
<zul> vmbuilder itself
<hallyn_> stgraber: and those cloud-archive people zul likes to cultivate
<zul> hallyn_:  meh :)
<hallyn_> zul: <sigh> i wonder if we should firrst see if any users want to fork+maintain it
<hallyn_> nah, we can always add it back i guess
<zul> hallyn_:  i dont think anyone wants to maintain it
<zul> too buggy, too old
<Daviey> hallyn_: I'd like to see it proposed on ubuntu-server / ubuntu-devel first.
<Daviey> Some crazy people use it.. they should get the chance to step up and maintain it :)
<Daviey> (unlikely)
<hallyn_> jodh: btw, github pull requests for cgmanager and lxc get misfiled in my mail.  until i fix that, if anything urgent looks like it's being ignored pls just yell at me
<hallyn_> Daviey: poor slobs like https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/1090223 are losing data
<uvirtbot> Launchpad bug 1090223 in vm-builder "The directory ubuntu-kvm disappeared after creating vms failed" [High,Confirmed]
<hallyn_> but, ok.
<Daviey> hallyn_: you make a good point.. but it seems this will continue to happen for the foreseeable future if this is removed anyway.  I guess someone should fix it.. /me hides. :)
 * hallyn_ throws the broken code and a copy of vim under the blanket Daviey is hiding under
<hallyn_> "you'll need those" :)
 * Daviey wonders where soren is hiding.
<smoser> hallyn_, i have no such objection.
<hallyn_> best to have it out before trusty is released, i think
<Daviey> hallyn_: your right.  How about raise a bug for removal, lets do it.. then state the fact on the ML's and suggest it could be re-introduced with a reliable offer to maintain it.
<hallyn_> Daviey: too late, sent the email.
<jamespage> zul, urgh - testing from the trunk testing ppa; nova can't connect to libvirt
<hallyn_> 'll open the bug tomorrow
<jodh> hallyn_: ack, thanks.
<zul> jamespage:  log?
<jamespage> zul, http://paste.ubuntu.com/6552155/
<zul> jamespage:  why permission denied?
<hallyn_> stgraber: did i do anything stupid here?  http://people.canonical.com/~serge/lxc-dhcp.debdiff
 * hallyn_ fires up a precise host to test on
<hallyn_> jodh: oh hey, we now have the 'official' github tree at github.com/cgmanager/cgmanager.  probably best to start doing merge requests against it
<hallyn_> github.com/hallyn/cgmanager will become my devel archive, so i can push prettier commits to the real tree :)
<jodh> right. I have got one o/s pull request (https://github.com/hallyn/cgmanager/pull/3). Not sure why that's showing up against your branch though as I had thought I'd used the new official branch.
<hallyn_> jodh: also, the realpath_escapes() fixup, i think it's better to do it the other way
<hallyn_> so always have the actual raising of errors be in the top level function
<hallyn_> so we don't have to guess whether the fn we called already did it
<stgraber> hallyn_: you probably want a matching -D rule on stop?
<hallyn_> stgraber: not sure, i was wondering if it would jsut go away when we delete the device
<jodh> hallyn_: yeah, I did wonder about that.
<hallyn_> stgraber: oh but i'm using the network not the device :(
<stgraber> hallyn_: oh yeah, -o should be passed the interface name
<stgraber> hallyn_: and I just checked, iptables doesn't care whether an interface exists or not
<stgraber> hallyn_: so you'll need to clear it in stop
<hallyn_> drat
<hallyn_> well then i don't need the -o
<stgraber> you don't need it but you should have it
<stgraber> otherwise iptables will try to fill the checksum on all interfaces
<stgraber> what we want is: iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
<stgraber> and the same but -D in stop
<hallyn_> stgraber: and the device should be the bridge tiself?
<hallyn_> ok
<stgraber> hallyn_: right. We can't filter using -d and -s since the DHCP traffic is broadcast, so we need to use -o with LXC_BRIDGE
<hallyn_> jodh: so that's the downside of these pull reqeusts :)  I see a whole bunch of commits there.
<hallyn_> lemme try and apply them 1-by-1
<hallyn_> actually no,
<hallyn_> let's see if we can get the pll request aimed at cgmanager/cgmanager :)
<hallyn_> jodh: changed my mind again :)  pulling, will move the errors out, and push to the other tree.  thanks!
<yolanda> jamespage, what's that neutron plugin doc?
<jamespage> yolanda, ideas for how to manage neutron plugins via packaging a little easier
<jamespage> zul, b-o-m running
<zul> ack
<jodh> hallyn_: thank you!
<hallyn_> no, thank you :)
<jamespage> zul, CA staging should be all up-to-date now
<zul> jamespage:
<zul> jamespage:  ack
<jamespage> zul, OK - all done
<jamespage> going to the openstack meeting for beer now
<zul> lucky bastard ;)
<w0rmie> whats the fonctional difference between dhcp3-server and isc-dhcp-server?
<Nomad_> Can anyone help with making my 13.10 .iso into a valid usb bootable image?  I have used YUMI from the pendrivelinux team to make an image but every time I try to install the server just reboots.  If I try to do a rescue or memcheck it tells me /linux/* is missing.  I get the same thing with 12.10 and 13.10 desktop as well.
<jpds> w0rmie: $ apt-cache show dhcp3-server
<jpds> w0rmie: N: Can't select versions from package 'dhcp3-server' as it is purely virtual
<sarnold> Nomad_: just use dd: dd if=/path/to/ubuntu.iso of=/dev/sdg  (or whatever your usb device is, check using dmesg to see what address it is assigned..)
<w0rmie> jpds: the problem is that i need to modify /etc/default/dhcp3-server so i don't know really what's its equivalent by using isc-dhcp-server
<Nomad_> sarnold: dd the iso to the usb stick?
<Nomad_> didn't think that worked straight up
<sarnold> Nomad_: it does because the ubuntu ISOs are 'hybrid isos', designed to work that way. it's convenient, especially now that the isos are too large to fit on CDs. hehe.
<Nomad_> oh, nice to know
<Nomad_> thank you
<jpds> w0rmie: It'll be under /etc/dhcp/*
<hallyn_> stgraber: uh.  say.  in lxc blueprint, what does this mean?  Update the upstart job to setup the LXC profile as a namespace
<stgraber> hallyn_: I think there's an "apparmor" missing in there
<stgraber> hallyn_: from what I remember, jjohansen said we'd need to pass some extra flag to apparmor when loading the lxc profile so that it'd allow profile stacking by setting up a new namespace
<hallyn_> stgraber: ah, thanks
<syfhvbgos7> WARNING       WARNING      WARNING,                       WARNING
<syfhvbgos7> WARNING             WARNING              WARNING,     WARNING         WARNING
<syfhvbgos7>  YOU MAY BE WATCHED
<syfhvbgos7> YOU MAY BE WATCHED
<syfhvbgos7>                 YOU MAY BE WATCHED
<syfhvbgos7> Do usa&israel use chat&social communication prog(facebook&twitter) to collect informations,,,,can we call that spying!!!!
<syfhvbgos7> Do usa&Israel use chat &facebook 2 spy?!?!?!?
<NBeeuwsaert> Hey, would this be an appropriate place to ask about downloading the messages from one server to another?
<err-or> NBeeuwsaert: what?
<NBeeuwsaert> I need to have one server fetch mail from a user on another server, I was wondering if there was an efficient way to do that without having to set up imap or pop
<NBeeuwsaert> (Also if this is the appropriate place for asking that?)
<err-or> NBeeuwsaert: did you have a look on fetchmail already?
<err-or> NBeeuwsaert: don't ask to ask!
<err-or> NBeeuwsaert: but i'm not sure it works without mda
<NBeeuwsaert> yeah, but then I'd have to set up dovecot or courier on the server, and that seems excessive
<err-or> NBeeuwsaert: its not that much :P and you have lots of more experience you could add for your next job request ;)
<NBeeuwsaert> Yeah that's true :P
<NBeeuwsaert> I Was thinking setting up postfix to use Maildir, and then rsyncing down from the server
<err-or> i run fetchmail - postfix - dovecot - thunderbird (or any other imap capable mail-client)
<err-or> NBeeuwsaert: this one is a good one ;) https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHow
<jamespage> zul: everything flushed through to proposed
<jamespage> I'll re-run the deploy test I did with those packages
<zul> jamespage:  ack
<err-or> NBeeuwsaert: https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowTo sry :P
<err-or> NBeeuwsaert: arg... https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto
<NBeeuwsaert> lol did you type those by hand?
<err-or> NBeeuwsaert: nope first i forgot to copy the 'to' and entered 'To' manually. don't just copy & paste !! :D
<NBeeuwsaert> ok ok :P
<NBeeuwsaert> ack, hit a snag
<NBeeuwsaert> no permission to put fetchmail on the server
<d1n0> i have a ipmipower process consuming 100% cpu, i got a feeling its from a node i didn't delete properly
<NBeeuwsaert> just kidding, fetchmail was always there, and nobody can say otherwise >:)
<beatstreet> I have an ubuntu server that keeps locking up and requires reboot to get it back online
<beatstreet> what's the best log to look up
<guntbert> beatstreet: /var/log/syslog has lmost everything
<beatstreet> ok
<guntbert> *almost
<beatstreet> thanks
<w0rmie> nfs-commons is installed but no way to symlink /etc/network/if-up.d/mountnfs within /etc/rcS.d/S35mountnfs
<w0rmie> i can't find mountnfs in the /etc/network/if-up.d
<FunnyLookinHat> Hey - got a quick question for you guys - I'm trying to migrate a ton of files from one server to another ( slow transfer rate, long story ) and I want to run my rsync job only between midnight and 5am... can you think of a clever way to run an rsync for only that specified time period other than cronning a start and kill script ?
<NBeeuwsaert> FunnyLookinHat, cron?
<NBeeuwsaert> OH wait, I read that weird
<NBeeuwsaert> I think rsync has a --time-limit option
<sarnold> FunnyLookinHat: if you've got a spare few days to learn about tc, you could keep it running continuously but change the bandwidth allotted to the transfer during 'work' hours so it won't eat so much bandwidth...
<FunnyLookinHat> sarnold, already using --bwlimit
<FunnyLookinHat> Ooh I see what you mean
<w0rmie> nfs-commons is installed but no way to symlink /etc/network/if-up.d/mountnfs within /etc/rcS.d/S35mountnfs
<w0rmie> i can't find mountnfs in the /etc/network/if-up.d/ folder
<d1n0> Can anyone help with this error: could not access file '334b532c-c71f-483e-8f36-beea1905536d-provider-state': gomaasapi: got error back from server: 401 UNAUTHORIZED
<d1n0> I get that when trying to bootstrap the maas
<NBeeuwsaert> FunnyLookinHat, Looks like rsync has a "--time-limit" and "--stop-at" option in version 3.1 (with a patch) so if yours feeling upto compiling rsync you could give that a go
<FunnyLookinHat> Yeah but it's not built into the rsync I have
<FunnyLookinHat> so I just used timeout
<FunnyLookinHat> :)
<FunnyLookinHat> NBeeuwsaert, timeout <seconds> <command>
<FunnyLookinHat> And it just send a kill to the process after the seconds have elapsed :)
<NBeeuwsaert> huh I thought that was just for individual transfers, and would fail it if it took too long
<igalic> I. Hate. Preseed.
<FunnyLookinHat> NBeeuwsaert, Yeah that's what I thought too - but tested and it works  :)
<NBeeuwsaert> it won't cut a file off halfway?
<w0rmie> is there any way to capture current data on RAM and save it into recoverable image from HDD?
<Patrickdk> w0rmie, hibernate?
<w0rmie> Patrickdk: thank you for your answer, so can i recuperate the RAM image as a file to store on the HDD and "des-hibernate" it to make it readable?
<w0rmie> i'm installing a cluster to execute too much data on my 72GB of RAM so i would to save the current RAM work in order to reload other calculations
<sarnold> yikes, that does not sound fun, and not exactly something to try to get the hang of in the middle of an important job..
#ubuntu-server 2013-12-11
<blkperl> why are python-crypto and  python-mako showing throwing apt errrors, "cannot be authenticated" from the cloud archive
<sarnold> blkperl: there were problems with at least us-east-1 ec2 mirror earlier today; can you try again?
<blkperl> apt-get update, says the key is not availible....
<blkperl> maybe it failed to install during kickstart
<blkperl> sarnold: yeah seems to be fine now
<swaT30> does anyone know when Openstack 2013.1.4 is planned to hit the Ubuntu Cloud Archive?
<jrwren> swaT30: its in there.
<jrwren> swaT30: that is havana, right?
<utlemming_mobile> q
<utlemming_mobile> q
<RobbyF> isn't there a way to watch ssh sessions, what they are typing
<RobbyF> if your admin.
<sarnold> RobbyF: sure
<RobbyF> Thanks.
<sarnold> RobbyF: you could use pam_tty_audit (I haven't used it myself yet, I'm not sure what exactly it does) or you could modify the sshd to record input and output or you could configure a pty service to interpose between sshd and the 'real' ptys, or you could launch 'screen' or 'tmux' immediately upon connect and use simple screen sharing
<sarnold> RobbyF: or you could attack ptrace to the user's sshd and read syscalls that way (more or less keylogging and reading input/output)
<sarnold> s/attack/attach/
<lickalott> hello all.
<lickalott> having an issue with a bad partition.  After I upgraded to 13 the OS went all wonky. everything was read only and a lot of my processes weren't working (FTP, etc...).  So i googled a bit and found that people had luck with an fsck.  Not me....
<lickalott> i can't even boot the disk now.  At this point I'm pretty sure it's either a grub or mbr issue and i don't want to deal with that.  So i figured i would just mount the partition with my data on it and get some stuff.  Then - fresh install.  Turns out my sda5 (linux LVM) doesn't have a partition table so it won't mount.  i've tried lvm2 and all the associated commands but it refuses to
<lickalott> mount.
<lickalott> does anyone know of something else I can do to get some stuff off of that partition?
<ripthejacker> Hi everyone I am trying to setup apache solr backend for search on an amazon ec2 instance 'A' , which is accessed from another ec2 instance 'B' where the program which uses solr is hosted. What is the better way to go, open the port 8983 on instance 'A' or use proxy on 'A' for port 8983.
<makara> hi. i've installed ubuntu server 12.04, which includes squid-deb-proxy, and I installed squid-deb-proxy-client on my own machine
<makara> but when I do `apt-get install gimp` I get this error: Failed to resolve service geriatrix.local 'Squid deb proxy on geriatrix' of type '_apt_proxy._tcp' in domain 'local': Timeout reached
<makara> how can I debug this?
<rbasak> makara: sounds like a Zeroconf/avahi-daemon issue, if that helps.
<rbasak> makara: "getent hosts geriatrix.local" should resolve the server's IP on your client machine. That involves libnss-mdns on your client, and avahi-daemon on your server.
<rbasak> makara: (independent of squid-deb-proxy at that stage)
<makara> rbasak, you're saying my client isn't resolving the IP of the server?
<rbasak> makara: that's what your error message indicates to me, yes.
<makara> rbasak, `avahi-browse --all` on the client returns `+   eth0 IPv4 Squid deb proxy on geriatrix                  _apt_proxy._tcp      local`
<makara> so it sees it
<rbasak> makara: right, but can it resolve geriatrix.local itself?
<makara> rbasak, I can ping geriatrix.local
<makara> rbasak, `avahi-browse -a -r` fails to resolve geriatrix.local
<makara> it resolves everything else though
<makara> rbasak, its working now
<makara> i had to add our network CIDR to /etc/squid-deb-proxy/allowed-networks-src.acl
<makara> i'm assuming squid-deb-proxy is dependent on squid
<rbasak> makara: that's odd. I'd have expected a different, more relevant error in that case. Thanks for sharing - good to know for the future.
<makara> i'm trying to get lxc-create to use a cache for debs
<makara> but looks like it just uses wget
<makara> and squid isn't integrated with avahi
<makara> i really need to learn more about this avahi
<makara> just found out about today
<makara> squid is such a beast to setup
<makara> :(
<vila> Hi there, seeking advice on how to track respawn upstart events in general. My specific use case is jenkins slaves that are dieing occasionally in the ci lab for various reasons (none are properly understood yet)
<vila> So the plan is to 1) add 'respawn' and 'respawn limit' in the jenkins-slave upstart job, 2) send a nagios alert when a respawn happens 3) collect whatever we can to better understand why they crash
<rbasak> vila: you could try adding a post-stop stanza to your upstart job to perform cleanup, trigger an alert, etc. I'm not sure if that atually works in the case of your jenkins slaves dying, but you could try and see.
<vila> rbasak: I don't have (yet) a test environment where I could try that :-/ And I was under the impression that post-stop is explicitly called by upstart when cleanly stopping a service but won't be called when the service dies unexpectedly... Taking note of the suggestion to test it once I have a proper test env though
<rbasak> vila: it's a good question - I don't know the details of post-stop. Another thing that might work is to set up a second job that triggers on the "stopped your-service" event.
<rbasak> vila: though again, I'm not sure if that event gets called in the event of a respawn.
<vila> rbasak: wow, hold on, can I set that other job to trigger on "respawned jenkins-slave" ?
<rbasak> vila: that would be ideal, but I'm not sure that there is such an event.
<rbasak> vila: another option might be to use a pre-start stanza, which I presume definitely is called each time (including the first time though)
<vila> rbasak: right, so I definitely needs a test env for all those ideas
<rbasak> vila: if you can't find any documentation on this, I think it would be worth filing a bug asking for the respawn handling details like this to be documented.
<vila> rbasak: reading upstart-events(7)
<rbasak> vila: check http://upstart.ubuntu.com/cookbook/ too
<vila> rbasak: no 'respawned' there
<vila> rbasak: no 'respawn' even :-/
<rbasak> vila: init(5) defines respawn.
<vila> rbasak: in the man page I meant, reading (re-reading) the cookbook
<rbasak> But not in enough details for me to understand this behaviour.
<vila> rbasak: yup
<jamespage> yolanda, I still think you could get much better unit test coverage in the heat charm
<jamespage> specifically in heat_context
<yolanda> jamespage, i tried with identity but i had a conflict with a log() call, it wasn't working for me although i patched it
<yolanda> it should be working just adding log to the items to patch?
<jamespage> yolanda, no - that won't work
<vila> rbasak: ha ha, the 'stopping' event has a PROCESS env var set to 'respawn' denoting the job attempted to exceed its respawn limit, quite a good time for sending a nagios alert (another alert for each respawn would be good but not as important)
<jamespage> yolanda, that only patches objects in heat_context
<yolanda> jamespage, problem is with a log call inside a charmhelpers function
<jamespage> yolanda, yes - but you need to isolate your tests to the heat charm
<jamespage> let me dig out an example for this case
<yolanda> so i don't have to call the charmhelpers method?
<yolanda> the test should be too obvious then...
<jamespage> yolanda, actually I would - but I'd patch out the bits around the charmhelper context I don't want to execise
<jamespage> yolanda, you can use a patch annotation for the specific unit test:
<jamespage>  @patch('charmhelpers.contrib.openstack.context.log')
<jamespage> the cinder charm does this in a few places
<jamespage> you can also setup some fake relations
<yolanda> mm, i think i tried like that, maybe i did something wrong
<yolanda> i'll take another look
<yolanda> apart from it, i tested all the hooks, can you think on some more tests?
<vila> rbasak: for reference, http://upstart.ubuntu.com/cookbook/#id187 says: With this stanza (respawn), whenever the main script/exec exits, without the goal of the job having been changed to stop, the job will be started again. This includes running pre-start, post-start and post-stop. Note that pre-stop will not be run.
<vila> rbasak: I'm not sure I properly parse that but that's where I got the feeling I couldn't rely on pre/post-stop
<jamespage> yolanda, I'd probably add tests for relations where the context is not complete, to ensure that the hooks don't try to write configs
<jamespage> yolanda, but the main gap is in context testing
<yolanda> jamespage, ok, i'll take another look
<jamespage> zul, the nova-compute break is a packaging problem - the postinst for nova-compute was not renamed after the drop of libvirtd detection in d/rules
<jamespage> so nova never gets added to the libvirtd group
<makara> how can I get lxc to use deb instead of wget?
<makara> to take advantage of squid-deb-proxy
<yolanda> jamespage, pushed some more tests, finally i was able to solve the log problem
<jamespage> yolanda, looking
<jamespage> yolanda, could you do a make sync as well please - it will pull inthe icehouse pocket support for the cloud-archive
<jamespage> other than that I'm  going to push it to the store.
<jamespage> cheers
<yolanda> nice!
<yolanda> done
<jamespage> zul, I fixed subunit harder
<jamespage> it was dh_python3  causing the problems
<yolanda> jamespage, any documentation about active-active rabbitmq? currently looking at http://www.rabbitmq.com/ha.html
<jamespage> yolanda, openstack docs as well I thinkl
<yolanda> ok this one http://docs.openstack.org/high-availability-guide/content/ha-aa-rabbitmq.html
<yolanda> i'll read about it
<yolanda> btw, lots of pending points in that BP...
<yolanda> jamespage, should I replace what is there now for rabbit HA?
<krababbel> How can I change the NTP server ntpdate uses at boot? I assume ntpdate is generally invoked in a script when a network interface is brought up? I looked at the script but I can't see a server being specified.
<mardraum> krababbel: /etc/default/ntpdate
<mardraum> I encourage you to use ntp properly though, with ntpd running all the time
<mardraum> so that defaults file references ntp.conf anyway, which you would be using for the real ntp service.
<krababbel> mardraum: Thank you and I do want to run ntpd as well. Will ntpate still set the clock once at boot time when there is ntpd installed.
<krababbel> This server will run in a cloud service, and will be shut down often.
<mardraum> never tested that. ntpdate usually fails if the socket is in use by ntpd. it is likely there is some logic to avoid that though in the startup scripts
<krababbel> mardraum: I hope so. :) I will try anyway.
<mardraum> ntpd can handle large time jumps, provided it is configured to
<mardraum> and being cloud based sounds like a VM which will usually be provided with a decent enough time from the host on boot
<krababbel> OK, thanks for the hint, and yes, the host should give a good time at boot, but there is no time sync offered after boot I think. It is an EC2 instace. Can I create a copy of the config file in /etc/default? For example 'ntpdate.bak'?
<krababbel> Basically, the Amazon people advise to use ntpd on instances.
<mardraum> ntpd without ntpdate works just fine on ec2
<krababbel> Will a copy of the config file in /etc/default brake?
<mardraum> break?
<krababbel> break, yes :)
<krababbel> non native speaker here
<mardraum> I have never used ntpdate, so I don't know
<mardraum> I'd advise you as a native speaker to never rely on it either :p
<rbasak> vila: looks to me that post-stop is OK then?
<krababbel> mardraum: Thanks again, I wasn't thinking this through, ntpd should work, I see that. I had issues in Hyper V when the vm was saved instead of shut down, time would be frozen as well.
<krababbel> That's why I asked.
<mardraum> hyper v hey. *giggle*
<krababbel> :) Well, it works fine on my laptop for server stuff, but somehow time sync on standby got broken I think.
<mardraum> actually when I re-read yes, time gets saved when you save the vm state to disk
<mardraum> the startup scripts for ntpdate won't run when you resume the VM though
<mardraum> it just unfreezes, as such
<mardraum> so afaik ntpdate won't help, you need to configure ntpd to handle this.
<krababbel> I was sure the host had "fixed" the time when the vm was restored before. Maybe I didn't realize time was off, I am not sure.
<ikonia> keep in mind if your drift is greater than 300 seconds, you'll need to manually sync
<krababbel> I mean HyperV does have time sync for linux guests, unlike ec2
<krababbel> I understand that ntpd wouldn't want that, ikonia, if that's what you mean. :)
<mardraum> I don;t think this is considered "drift"
<krababbel> Well I am sure the host of the vm fixed it through virtualization drivers or something, I am sure I tested it.
<krababbel> When the vm was restored I mean
<mardraum> hey ntpd actually retired ntpdate by providing the -q option
<andygraybeal> so i'm no good at this mail stuff with postfix.  but i wonder, should i follow the official documentation or the community documentation on howto install postfix?  urls: https://help.ubuntu.com/12.04/serverguide/postfix.html & https://help.ubuntu.com/community/Postfix
<zul> jamespage: https://bugs.launchpad.net/ubuntu/+source/python-psutil/+bug/1259928
<uvirtbot> Launchpad bug 1259928 in python-psutil "[MIR] python-psutil" [High,New]
<zul> smoser: ping, nova needs a newer version of boto than what we have in ubuntu or debian (>= 2.12) im just worried about breaking things like euca2ools
<jrwren> yay! I get new boto! :)
<smoser> i think that euca2ools maybe doesn't even depend on boto now.
<smoser> i just did a sync request for it yesterday to remove our delta from debian
<smoser> yeah, it did
<smoser>   fbaa65b Stopped to use the Python libraries boto and m2crypto, and started to
<smoser>           use lxml, requestbuilder, requests, setuptools and six.
<zul> smoser: what about simplestreams?
<smoser> simplestreams does not use boto
<smoser> cloud-init does, but we can address that if it happens to fail. i dont think it wil.
<zul> smoser: i just did an apt-get rdepends python-boto and simplestreams came up
<zul> smoser: boto is imported in simplestreams/objectstore/s3.py
<smoser> ah. yeah. ok. it does for s3 storage. you are correct. i wouldn't worry about it.
<zul> ok cool
<smoser> boto is generally sane.
<zul> alright ill get this sucker packaged and uploaded
<smoser> where is there a report of why something is "stuck in proposed" ?
<zul> smoser: hold on
<zul> http://people.canonical.com/~ubuntu-archive/proposed-migration/
<smoser> zul, thanks.
<smoser> ok. i'm being stupid.
<smoser> https://launchpad.net/ubuntu/+source/euca2ools/3.0.2-1/+build/5321133
<smoser> that is the build. its in dependency wait on python-requestbuilder
<smoser> but python-requestbuilder is available
<smoser> (in universe)
<zul> smoser: needs a MIR then
<smoser> but that should'nt block build i dont hink
<smoser> hm.. maybe it does.
<Felipe_C> HI, Anyone could answer a couple of questions regarding JUJU - Manual provisioning?
<cfhowlett> felipe_, out of my area, but I think there's a juju support channel
<Felipe_C> Thanks cfhowlett!
<cfhowlett> felipe_, no problem
<jamespage> yolanda, https://jujucharms.com/fullscreen/search/precise/heat-0
<yolanda> wohoo!
<hallyn_> zul: not nagging, but just in case it's not what you expected, https://launchpad.net/~zulcss/+archive/libvirt-1.2.0 is empty...
<foursixnine> Hi guys, we've been having problems with live-build at work... we're trying to build a custom ubuntu image, but when running lb-build we get an error saying that busybox is not available
<zul> hallyn_:  argh gimme a sec
<foursixnine> we're able to build only a debian image (Over a debian host), but when trying to do it from an ubuntu host, it always fails with similar error messages... we basicly need a custom installer environment which requires no user interaction...
<foursixnine> any ideas?
<hallyn_> foursixnine: well utlemming does our automated cloud image building.  in general preseeded installs work ok, if it's ok to run something accelerated like kvm
<foursixnine> hallyn_: do you know if utlemming uses live-build? or his processes are documented somewhere?
<thurstylark> I want to mount a samba share using fstab and then prompt the user for the username and password for the share when it mounts. Is there a way to do this?
<foursixnine> i see there's a modified version of live-build in his github repo
<hallyn_> foursixnine: dunno.  he might use a modified vmbuilder.  he'll answer when he comes around.
<foursixnine> Thanks hallyn_, Ã­ll try to stay arround
<foursixnine> this has been killing us for like 3 months now :D
<ivoks> sigh
<zul> jamespage:  ping swift-bench made it into the archive do we want to do a MIR for it or just leave it as a suggests for swift
<hallyn_> ivoks: ?
<ivoks> i'd like to propose some changes to charms
<ivoks> like... getting adding keys and sources out of charmhelper's contrib domain
<ivoks> these should really be part of base
<ivoks> there's already add_source() and configure_sources() in fetch
<ivoks> but they are suboptimal
<ivoks> wrong place to bring this up? :)
<zul> hallyn_/smb: uploading to ppas are timing out for me so: http://people.canoincal.com/~chucks/libvirt
<smb> zul, thanks will use that next time I am looking at t
<d1n0> I have a maas node that fails the smoke/burn tests. On a older version of maas, I had no problem getting it to work.
<zul> smb:  np
<jamespage> zul, nah - leave it in universe
<jamespage> suggests
<zul> jamespage:  k
<jamespage> zul, adam_g: if either of you are feeling brave
<jamespage> https://code.launchpad.net/~james-page/neutron/ml2-ovs-cleanup-fixes/+merge/198546
<jamespage> I'd like to get that into the trunk testing packaging so I can do the associated charm work
<hallyn_> win 28
<jamespage> zul, new boto?
<zul> jamespage:  yeah tests were failing because of it (requirements.txt is asking for >=2.12.0)
<jamespage> zul, yeah - I saw
<zul> jamespage:  anyways nova builds fine now
<jamespage> zul, gonna do the backport for 12.04?
<zul> jamespage:  yeah do i run the boom script or the backport job (just making sure)
<jamespage> zul, either
<zul> jamespage:  ack
<jamespage> zul, aside from the dashboard not being django 1.6 compat it all looks OK
<zul> jamespage:  yay..
<zul> jamespage:  just fixing trove so we can get it past -proposed and then will ubuntize it
<jamespage> zul, thats wip upstream
<zul> jamespage:  django 1.6?
<jamespage> zul, yes
<zul> jamespage:  ack
<frojnd> Hi there.
<zul> jamespage:  lovely..trove has got sqlalchemy problems
<jamespage> \o/
<jamespage> zul, adam_g: want to try to get together to discuss the nova-compute-* rejigs we've been avoiding for the last month?
<jamespage> it would be good to get that out of the way
<adam_g> jamespage, sure
<zul> jamespage:  sure why not
<jamespage> adam_g, zul: how about now? we can do via irc I think
<zul> jamespage:  sure
<jamespage> OK _ so here's my thoughts
<jamespage> nova-compute is currently two libvirt centric so step one is to push out the libvirt bits and dependencies to the libvirt specific hypervisor packages
<zul> ok
<jamespage> that will then allow us to support proxy based stuff a bit easier - think nova-compute-vmware for example
<jamespage> adam_g, was that what you where thinking? I know you hit some issues during the charm work last cycle?
<adam_g> one sec, branching our current packaging
<jamespage> I think most of the deps for nova-compute need pushing out to hypervisor packages
<adam_g> im thinking: create a 'nova-compute-libvirt' package that has all the current dependencies of the 'nova-compute' package and provides nova-compute-hypervisor
<adam_g> make nova-compute-{kvm, lxc, etc} depend on nova-compute-libvirt and each adds hypervisor-specific deps
<adam_g> then we can implement other nova-compute-$foo's alongside the nova-compute-libvirt
<adam_g> the nova-compute package would be stripped of most/all of its current deps (iptables, kpartx, qemu-utils, etc)
<adam_g> i think its only dependency would be on nova-compute-hypervisor
<adam_g> thoughts?
<jamespage> adam_g, that sounds about right
<jamespage> I was wondering how much benefit having the nova-compute-libvirt package would actually give - but I guess it's a single place to add nova tothe libvirtd group if nothing else
<zul> no complaints from me
<jamespage> OK - so this sounds like a plan - who's go some time/inclination to work on this?
<adam_g> jamespage, well right now there are general libvirt requirements that we define as deps of 'nova-compute', around ~12 of them
<zul> jamespage:  do you want to take care of this?
<jamespage> adam_g, sure
<adam_g> in addition to nova-compute-libvirt, we can add packages (albeit dependency placeholders that only insatll the proper nova-compute.conf for now) for every driver in nova-compute
<jamespage> adam_g, but for deps would could just manage that using a substr in the packaging
<smoser> anyone have thoughts on $ dpkg-query --show "python-novaclient"
<smoser> python-novaclient       1:2.15.0-0ubuntu1
<smoser> $ dpkg-query --show python-keyring
<smoser> python-keyring  3.3-1
<smoser> oops
<smoser> funy
<smoser> https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1260017
<uvirtbot> Launchpad bug 1260017 in python-keyring "UncryptedFileKeyring broken " [Undecided,Confirmed]
<smoser> what is the right way to address that.
<adam_g> smoser, i think upstreams solution is to just uninstall keyring
<smoser> adam_g, ?
<hallyn_> zul: all right, building packages to test libvirt...
<smoser> adam_g, well, i posted a work around there.
<smoser> utlemming, if you want to open a bug on cloud-utils and say it should rewrite MBR to gpt on > 2TB, then please do so.
<zul> jamespage:  neutron looks ok to me
<smoser> it doesn't seem like a bad idea.
<jamespage> zul, the neutron-ovs-cleanup stuff worries me a bit - it needs some testing
<jamespage> but I'd like todo that pre-next release to archive via trunk testing
<utlemming> smoser: ack
<zul> jamespage:  yeah im not the best person to review neutron functionaility changes either though
<jamespage> zul, I potentially need to SRU that as well
<jamespage> zul, I think it might have been the cause of an odd issue I saw during havana testing
<zul> jamespage:  for the trove stuff im just going to get it building and uploaded I can de-debconf it tomorrow
<jamespage> zul, ok
<zul> jamespage:  why the SRU?
<jamespage> zul, people are running the cleanup by hand right now
<jamespage> which is sucky
<zul> jamespage:  ah ok
<jamespage> zul, I think our maas might be bust in the ci lab right now as well
<jamespage> but I'll look at that next week
<utlemming> smoser: I think there is a slight wrinkle in the idea of converting to GPT. 1) does the BIOS support GPT, or is BIOS/MBR; 2) since GPT uses a BIOS_GRUB (type EF00) partition, where goes that get made? ; 3) growpart would need run grub-install to populate the BIOS_GRUB partition
<smoser> well, it could convert it to the fully backwards compat gpt.
<smoser> (i thought there was such a thing)
<utlemming> smoser: there is, but it fragile
<smoser> and since its growing, there is room at the end for the gpt footer
<smoser> (or it wouldn't grow it)
<utlemming> smsoer: the gpt footer isn't the problem, per se. Consider the following:
<utlemming> you boot with a 2TB disk. Growpart resizes everything. Then you switch to a 4TB disk. Growpart resizes everything.
<utlemming> one the first resize, where do you the EF00 partition?
<utlemming> if you put it at the end, then you can't resize part 1
<utlemming> if you use the hybrid MBR/GPT, then root may not be partition 1
<utlemming> smoser: if this is a use case that is becoming common, I would almost rather we turn on UEFI iamges for 12.04 too. It seems a lot safer than trying a bunch of heuristics to figure out if there is enough space between the partition table and partition 1 to install a EF00 partition for grub.
<utlemming> smoser: we could probably make cloud images that work, but in the end, those rolling their own images might encounter a lot of pain
<smoser> utlemming, converting mbr to gpt is not converting mbr to uefi
<utlemming> smoser: so I think that I want to retract my idea of converting to GPT on 2TB or bigger
<utlemming> smoser: right, its not
<utlemming> smoser: for BIOS/GPT you need a partition to install grub to, type EF00
<utlemming> smoser: for UEFI, you need a partition to install UEFI bits, type EF02
<utlemming> smoser: you're only choice is a hybrid MBR/GPT and that is fragile and reportedly unsupportable.
<utlemming> s/you're/your
<smoser> then i agree.
<smoser> i did'nt realize that mbr/gpt hybrid was unsupportable
<utlemming> smoser: I made inquiries and was told in no uncertain terms to completely avoid it
<hallyn_> zul: ok, so no good yet.  just doing apt-get dist-upgrade gave me http://paste.ubuntu.com/6557253/ , but also it didn't cause the new libvirt-python to try to install
<hallyn_> (tested using reprepro)
<zul> hallyn_:  ok ill fix that up
<hallyn_> zul: (I assume you know this better than i do, but you need a python-libvirt package in libvirt-python, dpeending on the new pkg, to force the upgrade)
<hallyn_> zul: oh, ok. thanks
<hallyn_> i'll keep this instance running and hot :)
<zul> hallyn_:  yeah i didnt add that yet
<hallyn_> ok
<smoser> adam_g, jamespage zul random useful thing, harlowja pointed me at
<smoser> https://github.com/harlowja/gerrit_view/
<zul> smoser: thats pretty cool
<smoser> harlowja is super whiz bang cool.
<d1n0> argh, lol ... No PXE template found in u'/etc/maas/templates/pxe'
<swaT30> jamespage: any ETA on getting Grizzly 2013.1.4 into updates?
<hggdh> zul: ping
<zul> hggdh:  whats up
<hallyn_> smoser: kirkland: zul: stgraber: opened bug 1260062
<uvirtbot> Launchpad bug 1260062 in vm-builder "Please remove vmbuilder from the archive in 14.04" [Undecided,New] https://launchpad.net/bugs/1260062
<hallyn_> let's see who else i can piss off today
<smoser> hallyn_, wooohoo
<hallyn_> clearly a little war tangentially related to init systems is where i shoudl stoke the flames
 * zul hands hallyn_  some gasoline
<hallyn_> alas amazon hasn't yet shipped my firestarter stone
<w0rmie> i've installed saucy on NFSBOOT folder to be run from nodes machines on my LAN, do i need a grub configuration to make them run throught NIC-boot?
<kirkland> hallyn_: ;-)
<hallyn_> kirkland: given as this appears to be your baby, do you mind uploading http://paste.ubuntu.com/6558177/ ?
<kirkland> hallyn_: heh, that's my baby?  :-)
<kirkland> hallyn_: I don't mind sponsoring for you, but it's been eons since I touched that
<hallyn_> kirkland: eh, you did the last upload :)
<hallyn_> it's been eons since anyone touched that
<kirkland> hallyn_: done
<hallyn_> kirkland: thanks!  1 down, 2 to go (before vmbuilder can be dropped)
<kirkland> hallyn_: ;-)
<kirkland> hallyn_: what else?
<hallyn_> rbasak: bug 1242383, why is it not fixed in trusty?
<uvirtbot> Launchpad bug 1242383 in uvtool "missing yaml module dependency" [Undecided,Fix released] https://launchpad.net/bugs/1242383
<hallyn_> kirkland: sandbox-upgrader and auto-upgrade-tester, which are more intricate
<hallyn_> they need to either be dropped if not in use, or else switched to using rbasak's uvtool
<kirkland> hallyn_: gotcha; can't help with those
<hallyn_> kirkland: yup - thanks!  ttyl
<rbasak> hallyn_: it's fixed in trunk. I just haven't done an upload recently.
<hallyn_> ok.  planning one soon?
<rbasak> hallyn_: I can do an upload tomorrow if you need it? Since the consumers so far have mainly been manual (PPA users) or on cloud images (the dependency is pulled in by cloud-init), I didn't think it affected many people today, so I just had it down as "will be fixed on next upload"
<hallyn_> rbasak: yeah it's just im' about to shift some vmbuilder users over to uvtool, probably :)
<hallyn_> just testing manually right now, so i know what to do
<rbasak> hallyn_: I should finish and upload some manpages too, then :-/
<hallyn_> hm.  does it require the ability to mount filesystems?
<hallyn_> that woudl rock :)
<hallyn_> i'm flailing around like a fish otu of water here
<hallyn_> btw my typing is sucking bc my hands are SO COLD
<rbasak> No. It can run as a normal user, provided you're in the libvirtd group for the libvirt bits.
<sarnold> jump back in to the water!
<hallyn_> rbasak: so long as all the fs magic is done inside kvm it's ok,
<hallyn_> rbasak: but if uvt tries to mount anything then it won't run by default in the container i'm testing in
<hallyn_> (i'm trying to figureout why uvt-kvm wont' work for me)
<hallyn_> (trusty container)
<hallyn_> rbasak: and now i get RuntimeError: Multiple images found that match filters ['release=saucy'].
<rbasak> hallyn_: wasn't there some issue when danwest tried to run it in a container, that I then asked you about? I forget what it was exactly.
<rbasak> hallyn_: try "release=saucy arch=amd64". The latest PPA version might be more helpful. There you can do "uvt-simplestreams-libvirt query release=saucy" and it'll show you what you have so you can disambiguate.
<rbasak> hallyn_: (and I'll upload the PPA version soon)
<hallyn_> rbasak: that gets me back to the more familiar error: http://paste.ubuntu.com/6558409/
<hallyn_> yeah lemme try ppa, long as that's gonig itno archive soon
<hallyn_> whcih ppa?
<rbasak> hallyn_: does that file exist?
<rbasak> hallyn_: ppa:uvtool-dev/trunk
<hallyn_> no the file doesn't exist
<rbasak> hallyn_: sounds like there was a problem importing it.
<hallyn_> also why does uvt-simplestreams-sync not autocomplete
<rbasak> It uses argparse. I don't think we have an argparse autocompleter in the archive at all, do we?
<rbasak> uvt-simplestreams-libvirt sync
<hallyn_> no i just mean typing 'uvt-si<tasb>' doesn't even work
<rbasak> wfm
<hallyn_> weird
<hallyn_> rbasak: so i gather that during the sync i shouldn't be getting :  libvirt: Storage Driver error : Storage volume not found: no storage vol with matching name 'x-uvt-b64-Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTMuMTA6YW1kNjQgMjAxMzEyMDQ='
<zamadatix> Hello
<rbasak> hallyn_: that error is a libvirt API issue I have yet to try and track down. It can be ignored.
<hallyn_> ok.
<rbasak> hallyn_: libvirt API has no "do you have volume X" AFAICT. It just has "give me volume X", and on failure prints to stderr instead of quietly telling the caller.
<hallyn_> so yay, purge+sync with ppa version got me furhter
<hallyn_> now i get: libvirt.libvirtError: internal error: no supported architecture for os type 'hvm'
<rbasak> That happens when libvirtd didn't see KVM support on startup.
<hallyn_> oh i created the node but didn't chownit, my bad
<hallyn_> rbasak: thanks, i can work with this.  so, di you have any interest in updating vmbuidler users to uvtool?  :)
<rbasak> hallyn_: I guess it makes sense. I'd certainly like to update vmbuilder users to use our public cloud images and do what they want with those instead. If uvtool can help with that, then fair enough.
<rbasak> hallyn_: I need to catch up with documentation and so on though, and particularly for the vmbuilder use cases. I'm not clear on exactly what those are.
<hallyn_> rbasak: sandbox-upgrader and auto-upgrade-tester packages
<zamadatix> Does anyone have experience setting up multiple VLANs on a single physical adapter?
<rbasak> !anyone | zamadatix
<ubottu> zamadatix: A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<zamadatix> Having issues after defining the interfaces in /etc/network/interfaces
<zamadatix> There are about 30 different vlans defined, all IPs are static. I defined a gateway for each but they all seemed to use the gateway of the first defined vlan (1)
<zamadatix> if I try to manually add the route for a subnet it says it's already there but route says each adapters gateway is * and * is the gateway for vlan 1
<zamadatix> If i do ping -I vlanx I can ping anything in the layer 2 but obviously the traffic isn't being routed right so no other subnets can ping the server
<rbasak> VLANs don't really have gateways. The "default gateway" is a per-system thing, not a per-VLAN thing.
<Patrickdk> I have tons of vlans without gateways, normally only have 3 or so with gateways
<rbasak> If you're originating outbound traffic, then you need to make sure that the traffic uses the correct source IP.
<rbasak> You basically have the same problem as you would have if you had multiple interfaces.
<rbasak> http://lartc.org/howto/ might have some relevant help for you here.
<Patrickdk> multible switchs/nics
<zamadatix> Thanks for the link
<Patrickdk> unless you got a l3 switch, and told it to do routing
<Patrickdk> not something I would do, but
<zamadatix> There is a core router doing the layer 3 magic
<zamadatix> Thanks, I'll have to read over that link some more
<hallyn_> zul: libvirt-python package doesn't actually include the lbivirt bindings...
<hallyn_> while debian/tmp/usr/lib/python2.7 still exists - missing entry in .install?
<hallyn_> testing with that .install
#ubuntu-server 2013-12-12
<xibalba> know of a way to firewall a shell user on aa system? say i give you a shell on my box / 192.168.1.51. i dont want you accessing my home network at 192.168.0.0/24 but i , from my reza account, want ot be able to hit my home network
<Patrickdk> I can't remember if that is still supported with iptables or not
<xibalba> i wonder if the ol' tcpwrappers could do it
<Patrickdk> only if every program they used was build with tcpwrappers support
<sarnold> xibalba: no, tcpwrappers is a voluntary deal, it wouldn't be a very good firewall
<xibalba> ok
<sarnold> xibalba: iptables --uid-owner is probably what you;re looking for, I've never tried it though.
<xibalba> thanks i'll take a gander
<makara> i want to keep revisions of conf files
<makara> i've read of RCS
<makara> apparently the syntax is cumbersome
<makara> just looking for something simple and local
<jamespage> zul, urgh - the webob update that just trickled through busted nova
<makara> how can I measure the bandwidth savings that my squid proxy cache has provided?
<makara> and is it possible for to get squid hooked up to avahi (like squid-deb-proxy) so I don't have to reconfigure my browser settings every time I come to the office?
<makara> (i can't configure it as a transparent proxy)
<yolanda> jamespage, i'm looking at the heat failure, missing a build-dep
<jamespage> yolanda, yep - wanna propose a branch for that?
<yolanda> sure
<jamespage> yolanda, it might not build after that - webob just bumped version which is causing test failures as requirements < 1.3 in most projects
<jamespage> but please do try :-)
<yolanda> ok, trying now
<yolanda> jamespage, it built!
<jamespage> yolanda, if you wanted a bit of SRU practice: bug 1250654 looks like a good bit sized one
<uvirtbot> Launchpad bug 1250654 in python-keystoneclient "memcache key length error " [High,Fix released] https://launchpad.net/bugs/1250654
<yolanda> ok
<yolanda> jamespage https://code.launchpad.net/~yolanda.robla/heat/icehouse_add_lockfile/+merge/198699
<jamespage> yolanda, niggle but please leave the changelog entry as UNRELEASED  - and add your entries using dch -t
<yolanda> jamespage, i added entry with dch -t, is there something wrong?
<jamespage> yolanda, did you do a dch -r as well?
<yolanda> no
<jamespage> how did it change from UNRELEASED to trusty ?
<yolanda> i manually edited that
<yolanda> jamespage, updated MP
<jamespage> yolanda, so we should not be updating from UNRELEASED until someone actually does an upload to the archive
<jamespage> then they do dch -r which updates the target and the timestamp on the changelog and do the upload
<yolanda> good to know
<yolanda> i normally tend to set the latest distribution name
<yolanda> jamespage, i have a question about SRU process explained here. https://wiki.ubuntu.com/StableReleaseUpdates
<yolanda> it says i need to fill an [Impact] , [TestCase] and [Regression Potential] comments. Where do i have to do it, in the same bug?
<jamespage> yolanda, yes - in the description
<yolanda> jamespage, and then i grab the bugfix from trusty and i update the package for saucy?
<jamespage> yolanda, no
<jamespage> you will need to cherry-pick the fix from upstream github and make it work for the version on saucy.
<jamespage> yolanda, the bugfix in trusty is a new upstream release - you can't sru that
<yolanda> jamespage, i meant that, sorry
<yolanda> just look at that commit
<jamespage> yolanda, the bug reporter is quite friendly - maybe you could ask him for a more specific test case configuration
<jamespage> I suspect he'd also verify a fix for you as well once its in the proposed pockets
<yolanda> jamespage, and SRU comments should be filed in same bug description, or create some other bug? i saw that in Launchpad there are specific SRU bugs
<jamespage> yolanda, same bug - why would you raise another one?
<jamespage> the SRU fixes that bug after all
<yolanda> jamespage, just asking because I saw other independent bugs in Launchpad, I want to be sure that i'm doing the right thing :)
<jamespage> yolanda, if we have minor release exceptions, then yes we would probably raise a specific SRU bug
<rbasak> smoser: are we treating bug 1250390 as resolved? I know I haven't verified it, but it should be fixed now, right?
<uvirtbot> Launchpad bug 1250390 in maas "No published Saucy armhf ephemeral images" [High,Triaged] https://launchpad.net/bugs/1250390
<rbasak> jamespage: ^^
<jamespage> rbasak, ta
<zul> jamespage:  of course it did
<jamespage> zul, \o/
<swaT30> hey guys, sorry if you had already answered this, but any ETA on 2013.1.4 to be pushed into updates? I see that it has been in proposed for a while
<zul> jamespage:  ill look when i get in
<swaT30> @jamespage any idea?
<jamespage> swaT30, sorry - about what (guess I must have missed something)
<swaT30> any ETA on 2013.1.4 hitting updates in the UCA?
<swaT30> :)
<jamespage> swaT30, hmm - yes that has been sat in proposed for a while
<jamespage> lemme kickoff the automated testing - if its all ok I'll promote today
<swaT30> would be great to have it :)
<swaT30> thanks !
<swaT30> jamespage: I'll keep an eye on http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/grizzly_versions.html
<swaT30> I assume that's as good a spot as any?
<makara> i've logged in as user JIM and I need to run a command as GAX
<makara> what 2 do?
<makara> i don't know GAX's password
<jamespage> swaT30, yes - thats good
<jamespage> swaT30, there is also a notifications ML
<smoser> rbasak, its not fix-released for sure.
<smoser> as in no 'released' images.
<makara> any idea how to execute a script on system start as given user?'
<rbasak> makara: there are various ways. You could add something to /etc/rc.local that uses su or sudo. Or add an upstart job to /etc/init/ that uses setuid/setgid. Or even an @reboot job to cron.
<makara> rbasak, and if I put "su - teamcity runAll.sh" in /etc/rc.local then why wouldn't get hung up on asking me for a password?
<makara> like it would in a shell
<rbasak> makara: rc.local runs as root, which should be able to su to any user without a password. Check it works by using "sudo -i" to get a root shell, and then test the su command you propose there.
<jamespage> swaT30, tested OK - should be out on the archive in the next 2 hrs
<paws> hello, can anyone tell me whats a good Cloud storage software, that i can host on my own server ?
<zul> jamespage:  whats patch-branches in nova icehouse packaging?
<jamespage> zul, uh?
<zul> jamespage:  yeah...
<zul> jamespage:  anyways its gone
<jamespage> zul, I don't see that
<zul> jamespage:  its an empty file in the debian directory
<jamespage> not a clue
<Felipe_C> Hi all, Has anyone heard of or actually tried those Paralella Boards to create a proof of concept mini cloud cluster?
<jamespage> zul, its been there along time
<zul> jamespage:  yeah well if anything breaks then ill blame myself
<zul> jamespage:  https://code.launchpad.net/~zulcss/nova/webob/+merge/198751
<zul> jamespage:  https://review.openstack.org/#/c/61742/ as well
<zul> yolanda:  i just merged your heat fixed
<yolanda> thx
<swaT30> jamespage: thanks! on the ML, got the notifications
<zul> jamespage:  trove is in openstack-ci now
<zul> jamespage:  https://code.launchpad.net/~zulcss/cinder/webob/+merge/198752
<bittin> Hired an ubuntu server from azure :)
<jamespage> zul, how do you always manage to remove dep headers from patches?
<zul> jamespage:  i dunno its an art i think :)
<jamespage> zul, I'm putting in a conditional wait in nova-compute upstart that if libvirt-bin is installed, it will wait for it to reach running before starting
<jamespage> should close out a couple of race bugs I've seen
<jamespage> I *think* we need todo the same with neutron-ovs-cleanup
<zul> jamespage:  sounds good
<zul> jamespage:  yay trove needs a unpackaged dep
<jamespage> zul, feedback on your MP
<jamespage> sorry - git review
<makara> exit
<zul> jamespage:  i saw ill fix it up
<jamespage> zul, I don't think we should unbound it - but < 1.4 is OK imho
<zul> jamespage:  agreed
<jamespage> zul, adam_g: https://code.launchpad.net/~james-page/nova/compute-plus-others/+merge/198763
<zul> jamespage:  couple of things, while you are at it
<jamespage> zul, sure
<zul> jamespage:  i think the openssh-client can go away in the build-depends-indep
<zul> jamespage:  curl can go away as well
<jamespage> zul, what was that for?
<zul> jamespage:  im not sure i think it was a diablo thing
<zul> jamespage:  nova-uml should go away
<jamespage> zul, actually openssh-client - still a runtime I think
<jamespage> migrations
<zul> jamespage:  ah yes
<jamespage> live migrations and cold migrations
<zul> ssh key-gen as well i guess
<zul> jamespage:  but yeah git rid of uml as well :)
<jamespage> zul, we don't like uml do we?
<zul> jamespage:  makes the package less complicated ;)
<yolanda> jamespage, i added a fix to rabbitmq charm https://code.launchpad.net/~yolanda.robla/charms/precise/rabbitmq-server/ha/+merge/198768
<d1n0> I am having problems with maas. I have imported the boot images, but when I try and pxe boot a node.. it doesn't see the pxe template
<zul> jamespage:  https://code.launchpad.net/~zulcss/swift/1.11.0/+merge/198769
<yolanda> jamespage, currently rabbitmq is relying on HA to create clusters. That is different on active-active. Should we set a config var in rabbit to specify if we want active-active or active-passive?
<jamespage> yolanda, can we not determine which mode using relations?
<jamespage> its only HA if it gets related to hacluster
<jamespage> zul, can't drop openssh-client
<zul> jamespage:  ok cool
<yolanda> jamespage, i see, and act differently and set different vars depending on it. For example in active-active i need to send all the rabbitmq hosts
<jamespage> yolanda, yes - that's right
<yolanda> i could set a var in rabbitmq to tell glance for example, if rabbit uses active-active or active-passive, and glance reacts and create proper config
<yolanda> makes sense?
<jamespage> yolanda, I think it does - the current HA approach passed a VIP to signal its in HA mode right?
<yolanda> yes
<jamespage> yolanda, do we need rabbitmq >= 3.0.0 todo the active/active stuff? I think we might be not 100% sure
<yolanda> jamespage, i don't think so, openstack doc says it's tested with 2.7.1
<jamespage> yolanda, OK - the setting of HA policy in your change is scoped to >= 3.0.x
<yolanda> jamespage, that's only needed for version >= 3.0.x, just followed openstack guide
<jamespage> yolanda, ah - OK _ good-oh
<yolanda> jamespage, i am starting with glance, to make glance react to rabbit_hosts needed to grab version from precise-havana
<yolanda> doesn't seem to work with older versions
<zul> Daviey:  when you get a chance can you look at pytyhon-designateclient for me (its in source new, dependency needed for openstack-trove)
<hallyn_> rbasak: trusty is not supported by uvt-simplesreams-sync?
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/swift/1.11.0/+merge/198769
<rbasak> hallyn_: it comes from a different stream. uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily release=trusty arch=amd64 or similar.
<hallyn_> rbasak: any reason not to have uvt figure that out?
<hallyn_> (lxc-create does :)
<hallyn_> (you can see i'm big on not typing more than i need to :)
<rbasak> hallyn_: it would be nice, yes. It's a bit of a tricky thing to do with the simplestreams API, and I think it should probably be pushed back there in some way. lxc-create will have the same issue when it's simplestreamed.
<rbasak> hallyn_: I'd like to tell the simplestreams API "here are your streams, here are my filters, go". But I'm not sure about how multiple streams will interact that way.
<rbasak> smoser: ^^
<rbasak> hallyn_: btw, I uploaded the latest PPA earlier
<hallyn_> cool, thanks.
<jamespage> zul, OK - I think that nova mp is ready to go - ditto the neutron one
<jamespage> zul, looking at that now
<jamespage> why do we need to disable the tests?
<zul> jamespage:  they are broken for now
<zul> and we need to do a mir for nose
<smoser> rbasak, i dont hink i follow
<jamespage> zul, blimey - swift needs some love
<jamespage> zul, which bit of nose?
<zul> jamespage:  the functional test bits
<jamespage> zul, yeah - I mean't which dependency?
<zul> jamespage:  hold on lemme double check
<smoser> rbasak, com.ubuntu.cloud.daily:server:trusty:amd64 is very explicitly different than com.ubuntu.cloud:server:trusty:amd64
<smoser> that is by design.
<smoser> i woudln't suggest munging that all together.
<zul> jamespage:  libjs-jquery-hotkey, jquery-goodies, libjs-jquery-isonscreen, and javascript-common
<jamespage> zul, is that for docs?
<zul> jamespage:  i believe so
<rbasak> smoser: yes, they are. But uvtool should munge them together, as an exception, for the development release.
<rbasak> smoser: this makes them analogous to what people expect by setting their sources.list.
<smoser> i dont think so.
<smoser> there is no released trusty.
<smoser> if you say trusty released, it can't get you such a thing.
<smoser> if you say trusty and daily, it can
<rbasak> I want the latest available of everything. For stable releases, I want the stable image. For the development release, I want the development release.
<rbasak> Sorry. For the development release, I want the latest development image (ie. a daily).
<smoser> why?
<rbasak> uvt-just-give-me-it.
<smoser> that daily might not work at all.
<rbasak> That's fine. That's what using the development release means.
<rbasak> The CLI should provide sensible defaults. If I specify a release, then the sensible default is the stable release image for stable releases, and the daily image for the development release.
<jamespage> zul, sorry - don't get it
<rbasak> It is fine for this to be uvtool-specific and Ubuntu-specific. I'm just saying that I want some way to explain this to the simplestreams API.
<zul> jamespage:  http://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
<rbasak> Or else we need to figure out how uvtool should handle the interaction.
<jamespage> zul, there is actually no point in running them - SKIPPING FUNCTIONAL TESTS DUE TO NO CONFIG
<jamespage> https://launchpadlibrarian.net/154000942/buildlog_ubuntu-saucy-i386.swift_1.10.0-0ubuntu1_UPLOADING.txt.gz
<smoser> i personally dont really think that "daily image for development release, but stable imgaes for all others" is likely whta a developer wants.
<smoser> more likely i'd want dailies of everything.
<zul> jamespage:  agreed
<jamespage> zul, I don't see why that would require disabling tests
<smoser> cstack does handles this. sanely.
<jamespage> zul, also the swift-doc package is empty
<zul> jamespage:  ok ill have a look at getting this fixed then
<rbasak> hallyn_: ^^ interested in this conversation?
<jamespage> zul, thats a regression - 1.10.0 has it
<jamespage> populated
<hallyn_> no? :)
 * hallyn_ looks
<rbasak> smoser: I think you assume that the CLI somehow knows that this is a developer speaking. It doesn't know that.
<rbasak> smoser: given that it doesn't know, I think it's reasonable to default to the released image for stable releases.
<rbasak> smoser: but given that the user just asked for "trusty", and that there is no released image for that, and it's known to be a development release, I think it's reasonable to provide a daily in that case.
<hallyn_> 17:13 < smoser> i personally dont really think that "daily image for development release, but stable imgaes for all others" is likely whta a developer wants.
<hallyn_> i disagree.  that's exactly what i want
<smoser> its not what i want
<smoser> and i'm a developer
<hallyn_> it's myworkaround for you cloud image folks being too lazy to give mea  stable devel image
<smoser> hallyn_, its not cloud image folks.
<smoser> there is no stable devel image of any ubuntu
<smoser> when there is (next thursday)
<smoser> you'll have something in the stable stream of trusty
<hallyn_> that's alpha1?
<smoser> it will be correctly labelled 'alpha-1' rather than release
<rbasak> I'm happy to add a --developer option that changes sync's default to use the daily stream.
<hallyn_> in the end (ignoring smoser's being pedantic) i don't care who builts the smarts in - uvtool or simplestreams.
<rbasak> However, ifi the user doesn't do that, I still want trusty to be available by default, on request. And I don't think it's reasonable to default to daily images across the board.
<hallyn_> but i wanted to test something in canonical-kernel-team/ppa just now for trusty, and wanted the 'best' trusty cloud image i could find
<hallyn_> <shrug> i'm with rbasak.
<smoser> hallyn_, that would be the dailies ;)
<rbasak> So I think "best" is released for stable releases, and daily for development releases, despite any alpha-1.
<hallyn_> smoser: i'm just a user of uvtool.  i don't care where it comes from, i just want "the most stable" image that exists
<smoser> no you dont.
<rbasak> hallyn_: would you want alpha-1 or a daily for trusty, if both existed and the daily were newer?
<smoser> so its fine with me if uvtool has logic like:
<hallyn_> rbasak: i guess i'd want daily
<smoser>  if release_requestsed == ubuntu_development_release(): change_stream_to_daily()
<rbasak> smoser: trouble is that right now uvtool just passes through the release=... filter without understanding it.
<rbasak> I would prefer to not special case that understanding.
<smoser> you want a special case understanding
<smoser> but you dont want to special case it
<smoser> you want someone else to special case that
<rbasak> I want a general way of handling this case.
<smoser> but the someone else here thinks that when you say "released" you get "released". and when you say "daily" you get "daily"
<rbasak> I'm fine with telling the simplestreams API about this understanding. I want to do it in an API call.
<smoser> i dont think so. daily is explicitly and by design not released.
<rbasak> If the user specifies released or daily, then that should override default behaviour and do what you asked for.
<smoser> you can munge those two things together however you choose.
<smoser> as i said, cstack does this "right" for me.
<rbasak> If the user doesn't specify released or daily, released/dailiness should be based on the status of the release requested.
<rbasak> And of course the release requested should also have a default, but that wouldn't change this behaviour.
<smoser> rbasak, then you can implement that.
<rbasak> smoser: you want me to parse simplestreams filter rules myself?
<rbasak> smoser: I want the simplestreams API to do the parsing, but for me to give it the rule.
<smoser> you want 2 completely different things. available only from 2 completely different, completely unrelated sources.
<rbasak> Yet the release on one corresponds to the release on another.
<rbasak> They are not completely unrelated.
<smoser> happenstance
<rbasak> No. I have a specific reason for wanting that relation. Therefore, provided that my reason is reasonable, they are related.
<smoser> scott james remnant and scott moser are not related.
<rbasak> They relate at the CLI. 1) "Trusty!"..."ok, you want daily." 2) "Saucy!"..."ok, you want released."
<smoser> even if it would be convenient for robie basak if they were.
<rbasak> The names precise, quantal, raring, saucy, trusty are related. The daily images are related to that set. So are the released images.
<smoser> just like my example.
<smoser> same name
<smoser> different thing
<smoser> i can't fix your chromebook.
<rbasak> The daily ends up being a released.
<smoser> happenstance
<smoser> honeslyt.
<rbasak> Nothing like your example.
<smoser> you're welcome to buildin the knowledge that 'com.ubuntu.cloud.daily' is somehow related to 'com.ubuntu.cloud'
<rbasak> I think a problem here is that you do not accept the original use case that makes me want this.
<smoser> but you have to go to 2 completely different end points of data to find those things.
<smoser> i think this is easily solvable.
<smoser> and i've told you I'm ok for you to solve it.
<rbasak> Well, I can parse the simplestreams filters. So we can duplicate the code, and lock in the simplestreams filter query language. Great.
<smoser> you can create filters. and mirror 2 streams to 2 different locations.
<smoser> i dont see how that is duplicating anything.
<rbasak> I need to do that automatically. Without expecting the user to set it up for me. And I need to handle the transition of a release, where I want to switch from use of a daily image to a released image.
<rbasak> Oh look - they're related!
<smoser> they're not related.
<smoser> was that unclear ?
<rbasak> Where I was using a trusty daily image, I will after release want to use a trusty released image. Thus they're related.
<smoser> dont handle it.
<smoser> after trusty is released, get the released stream
<rbasak> The point of uvtool is to hide this complication, and just do what is reasonable.
<rbasak> Automatically.
<rbasak> The only way I can see of doing this is to either hardcode the assumption that the release key maps between daily and released, or to publish the mapping somehow.
<rbasak> (oh look - they're related)
<rbasak> I guess we're at an impasse, which basically just means that the pain will continue. Sorry hallyn_.
<smoser> cstack does this right.
<rbasak> Except that you've defined what you think is right, and we disagree.
<rbasak> Somebody who says "precise", without any further information, can be inferred to mean "stable, please". And someone who says "trusty" presumably means "development, please".
<smoser> and then based on some even that occurs at some point in the future, your interpretation of what they mean changes.
<smoser> which is odd.
<smoser> and unexpected.
<smoser> just because the calendar says 2014-04-17.
<hallyn_> that event being a release?
<rbasak> It matches how Debian releases work, so is not at all unexpected.
<hallyn_> that's not expected
<hallyn_> uh, not unexpected
<smoser> it is unexpected to the user.
<rbasak> It is not, since that's what the release names are defined to mean.
<rbasak> That's how we all use the term.
<hallyn_> the user to whomthat is unexpected would nto specify a release at all, and run latest LTS
<rbasak> You've invented your own system of daily and released for cloud images (with good reason), but that doesn't mean that these concepts apply to release names.
<smoser> it is not good design for behavior to change
<smoser> based on events non-controllable by the user
<smoser> "I did nothing, yet it broke"
<smoser> where "it broke" is "it behaved differently"
<rbasak> "I had a bug in Trusty, which I fixed, but why isn't showing up in my uvtool test? Wait, why is it using alpha-1?"
<rbasak> The development release is *defined* to behave differently.
<rbasak> It is not good design to surprise the user.
<hallyn_> would it help if 'uvt-s-s query' showed trusty entries in red for "danger"? :)
<smoser> rbasak, i dont know how to solve your problem. with the interface you have.
<zul> jamespage:  https://code.launchpad.net/~zulcss/trove/trove-cleanups/+merge/198803
<smoser> since you'd have to look at 'release=' which could be 'release~([tT][rR].*)'
<smoser> or something else that would match that.
<smoser> perhaps you should, being an 'ubuntu' tool, explicitly know certain things about releases, and treat them as releases. rather than just as arbitrary keys.
<smoser> ie: uvt-kvm trusty
<smoser> rather than
<smoser>  uvt-kvm release=trusty
<smoser> that is the bit that cstack knows.
<d1n0> where does a maas node get its sources.list from?
<d1n0> its a pxe boot node, and im getting a 403 error when trying the packages
<smoser> d1n0, it can be specified by maas.
<smoser> but it should default to archive.ubuntu.com
<d1n0> smoser; why would i be getting a 403 though, thats what confuses me
<smoser> agreed.
<smoser> that is confusing.
<smoser> are you able to pastebin it ?
<smoser> it == the console log
<d1n0> Unfortunately not, because after it gets the 403.. the pxe boot fails and it shuts down.
<d1n0> logfile: /var/log/squid-deb-proxy/access.log shows the 403 error
<sarnold> d1n0: note that s3 systems return '403' when they mean '404'.
<sarnold> it's confusing.
<d1n0> hmm, now you confuse me even more.. lol
<d1n0> smoser; how can I change what the maas sends over to it? I want it to use a local mirror
<smoser> d1n0, it depends on what version of maas.
<d1n0> whatever is in 13.10
<smoser> but i think in cloud-tools version or saucy, it is in the web ui.
<smoser> i think
<d1n0> i thought so too, but it looks like they took it out between 12.04 and 13.10
<smoser> sarnold, well, its not likely s3 is involved here.
<smoser> and to be fair, thats general good practice for security.
<smoser> ie, you dont tell the attacker "username not found" you tell them "username/password invalid".
<d1n0> editing the node only allows editing the hostname and mac addresses (along with changing the default release)
<sarnold> smoser: yeah, s3 seemed unlikely, but an s3 workalike crossed my mind. I figured I'd throw it out ;) hehe
<smoser> i do agree it sucks for s3
<smoser> mirrors explicitly.
<smoser> d1n0, it wouldnt be on the node
<sarnold> yeah; it's a reasonable enough position in general. hehe. :)
<smoser> it would be somwhere else.
<smoser> in d'setting' or something
<smoser> settings.
<d1n0> changed, now for another attempt at a pxe boot
<d1n0> now back to my vague invalid mac address error
<d1n0> nothing like getting one or more of your mac addresses is invalid when trying to commission a node :s
<zul> adam_g:  ping can you +1 https://code.launchpad.net/~zulcss/swift/1.11.0/+merge/198769 please
<adam_g> zul, done
<zul> adam_g:  thanks
<hxm> hi
<hxm> i have a server with many domains and I could want to let the users receive and send emails from their domains, as in example facebook does
<hxm> forwarding emails, is that possible without using postfix and all those tools that are hard to set up properly for not get as spam
<Demosthenex> so ubuntu LTS 10.04. after booting for FIVE MINUTES no one, not root, no accounts can login. timeout nonstop. ssh with key is ok, it seems to be a password authentication chain issue. ideas on debugging?
<Demosthenex> ah, i had to remove smb crap from pam common-auth.
<mgw> What is the purpose of the packages at http://archive.ubuntu.com/ubuntu/pool/?
<mgw> To answer my questionâ¦ it seems to host the actual packages pointed to from the various Packages.gz
<mgw> There's a package in pool that works fine in precise (python-gnupg), but it's not in Precise's Packages.gzâ¦. other than downloading the .deb, how could that be installed via apt?
<smoser> hallyn_, its not perfect, but it bevaves the way you happen to think it should
<smoser> https://code.launchpad.net/~smoser/uvtool/sm-features00/+merge/198838
<smoser> rbasak, ^
 * smoser gone
<hallyn_> smoser: don't be angry
<hallyn_> :)
<hallyn_> smoser: looks perfect
#ubuntu-server 2013-12-13
<thurstylark> is there a specific place that it is prefered i go to ask about minecraft server questions, or can I ask here?
<shodan45> does /boot have some magical (apparmor? selinux?) size limit? I don't have a separate partition, just a single big one, yet I'm getting out of space errors when trying to update kernels.
<shodan45> and if so how do I get rid of the #^%@!*& thing? >_>
<cfhowlett> shodan45, spring cleaning time: empty out the old kernels
<shodan45> cfhowlett: apt won't let me, no matter what I do, I get out of space errors from apt
<shodan45> I have 1.3GB free space; I have no idea why it thinks it's out of space.
<shodan45> which goes back to my original question: does /boot have some "invisible" space limit?
<cfhowlett> shodan45, dannnngggg!  I feel for you.  IIRC, boot is where the kernels get store.  linux doesn't autodelete upgraded kernels for obvious reasons and the "running out of space" alert doesn't seem to be designed in so ... one day you log in and no go.
<cfhowlett> shodan45, ask in channel or over on #ubuntu - I've only hit this error myself one time.  deleting old kernels doesn't require apt
<shodan45> cfhowlett: this is particular to ubuntu (debian?)... never seen this in RHEL >_>
<cfhowlett> shodan45, I don't have enough background to answer that
<cfhowlett> https://help.ubuntu.com/community/Kernel
<maxb> There is no invisible space limit on /boot unless it's a separate partition
<maxb> perhaps you should pastebin the output of 'df -h' so we can be sure about your filesystem layout
<shodan45> maxb: sure. http://paste.ubuntu.com/6565613/
<maxb> Hmm... I don't suppose you're in a VM with a sparsely allocated disk image, and the host has run out of space and can't expand it?
<maxb> (Noting that your root is a virtio device)
<shodan45> I asked about some "invisible" space limit because /boot is almost at 128MB: http://paste.ubuntu.com/6565618/
<cfhowlett> shodan45, mine is at 94 ...
<cfhowlett> shodan45, and didn't I read that /boot is auto set to 100 MB?
<shodan45> maxb: it's a KVM VM, and the disk image is located in the same place as that ~3TB /storage NFS mount
<shodan45> cfhowlett: I use custom partitioning
<maxb> I think it's definitely worth double-checking that there's free space where the disk image is located before puzzling on it further
<shodan45> here's apt complaining about no space left: http://paste.ubuntu.com/6565631/
<shodan45> not seeing anything in dmesg either
<maxb> The pathname in the error shows that it's not /boot that's the problem
<maxb> Oh, also, you could be out of inodes
<shodan45> maxb: ahhh didn't think of that
<shodan45> although, not sure how or why that could happen, this VM doesn't do much
<maxb> shodan45: 'df -i'
<shodan45> maxb: bingo :) 99% used
<shodan45> maxb: thanks!
<maxb> You're welcome :-)
 * shodan45 learned to not take his inodes for granted today
 * cfhowlett learned he doesn't know his inodes from his unodes
<jamespage> zul, adam_g: https://code.launchpad.net/~james-page/swift/daemon-test-fix/+merge/198892
<jamespage> well infact any ubuntu-server-dev or core-dev would do
<jamespage> :-)
<jamespage> rbasak, ^^
<yolanda> jamespage, have you seen feedback about API headers? https://review.openstack.org/#/c/61128/
<jamespage> yolanda, makes alot of sense
<jamespage> do it in one place, then everything gets it
<jamespage> yolanda, its positive it was not a nack
<jamespage> but a - just do it somewhere else :-)
<yolanda> i can take a look, they aren't objecting about sending extra headers in API calls, yes
<jamespage> yolanda, +1
<yolanda> i'll take a look today, will be great if we fix it on one place for all the packages
<igalic> I have the following cron job: * */3 * * * /usr/local/sbin/backup-gitlab.sh -- which produces the following, disk-filling backups: http://dpaste.com/1502915/ and.. I'm an idiot.
<jjohansen> stgraber, hallyn_: right. Its similar to the none stacking case with namespaces
<jjohansen>   apparmor_parser -n <nsname> profile
<jjohansen> will load a profile to a namespace nsname, and to execute a task within that namespace
<jjohansen>   aa-exec -n <nsname> -p <profilename> -- cmd
<jjohansen> will run the <cmd> confined by the profile in the namespace. Of course aa-exec is just using the change_profile interface. You can specify the profile and namespace directly
<jjohansen>   aa-exec -p :nsname://profilename -- cmd
<jjohansen> is the same as the above aa-exec using -n
<jjohansen> For stacking, its similiar you will be able to use the aa-stack cmd, or library fn, but can get the same thing via change_profile
<jjohansen>   aa-stack -n <nsname> -p <profilename> -- cmd
<jjohansen> is equiv to
<jjohansen>   aa-stack -p :<nsname>://<profilename> -- cmd
<jjohansen> assuming a current profile of <currentprofile> is equiv to
<jjohansen>   aa-exec -p <currentprofile>//&:<nsname>://<profilename> --cmd
<jjohansen> the stack cmd/interface just lets you not have to deal with what the current profile confinement is.
<yolanda> jamespage, one question. I'm trying to collect all peers from rabbitmq, to create the "hosts" settings. But with peer_units() i just have the unit name. Is there any way, given an unit name, to get the private ip? i only see unit_get working with current unit
<jamespage> yolanda, relation_get(rid, unit, 'private-address')
<jamespage> yolanda, look at the rabbitmq context - I think it already builds a list
<jamespage> (I thought about this a bit last cycle)
<yolanda> ok, i'll take a look
<WinstonSmith> hi. i seem to have found a bug related to the kernel and sshd, should i report that in the ubuntu bugtracker or on the kernel bugtracker?
<rbasak> WinstonSmith: pick the most appropriate one, provide your best explanation of how they're related, and a triager will figure it out.
<WinstonSmith> rbasak: maybe you could help me to pick the most appropriate?
<WinstonSmith> as i don't think i am qualified enough to judge that
<rbasak> HaltingState: one note for http://paste.ubuntu.com/6562305/: when you sync, you probably want to filter on arch as well. Then you won't download other arches' images, and you won't need an arch filter when you create.
<rbasak> Sorry, that was for hallyn_ ^^
<zul> jamespage:  when you get a chance: https://code.launchpad.net/~zulcss/trove/trove-cleanups
<jamespage> zul, ditto the swift fixup above
<zul> jamespage:  rbasak already +1ed it
<jamespage> zul, sorry - missed that
<jamespage> (was away)
<zul> no worries
<zul> jamespage:  thats why you have someone semi-conscious watching your back :)
<jamespage> zul, good work on re-enabling swift units tests btw
<jamespage> nice one
<zul> jamespage:  thanks
<jamespage> zul, swift needs a bit of polish - we are missing some upstart configurations and the man pages are all in one package
<jamespage> zul, I'll add it to the blueprint
<zul> jamespage:  ok
<zul> jamespage:  so what do we say if our packages are rpms :)
<jamespage> zul, ?
<zul> jamespage:  power openstack doc
<jamespage> zul, btw I have the openstack-on-openstack stuff working now with neutron overlay networking
<jamespage> I can float IP's and everything
<jamespage> zul, havana introduced some stuff that we needed
<jamespage> (namely mac-address learning)
<jamespage> so its all good now
<zul> jamespage:  sweet
<jamespage> zul, the procedure is pretty much as on bare metal
<jamespage> but post deployment you add an extra nic to the quantum gateway and set it in its configuration
<jamespage> then TADA!
<zul> jamespage:  docs?
<zul> jamespage:  we could possibly use this for lxc ci testing
<jamespage> zul, dude - I only just hacked it together - docs next week!
<jamespage> zul, I'm going to write up the juju-deployer configs, (and give those to jcastro as well) and then try to automate some testing that way
<jamespage> I was going to try to have a pre-christmas week hack on the CI bits we need
<jamespage> archive manager, build nodes, jenkins etc...
<zul> jamespage:  coolio!
<smoser> rbasak, http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/cloud-tools-next_versions.html
<smoser> uvtool failed to build, could you just look at that ? i've done nothing more than look at that chart
<smoser> and while i'm bothering you...
<smoser> https://code.launchpad.net/~smoser/uvtool/sm-features00/+merge/198838
<rbasak> smoser: I know why it failed to build. I'm doing stuff in tests that precise doesn't have. I didn't realise that uploading to trusty would make the backport attempt happen automatically, sorry.
<rbasak> smoser: I'm confused by patch_filters.
<rbasak> smoser: line 196 of the diff. Shouldn't that be % f?
<rbasak> smoser: and then line 197 will never match if the user said "trusty"
<rbasak> smoser: also, what if the user says "release=trusty"?
<smoser> rbasak, yes. line 196 is wrong
<smoser> if user says release=trusty they dont get this behavior.
<smoser> in that case they should explicitly state their mirror.
<rbasak> I think that's surprising. I think "trusty" could reasonably be expected to be an exact alias of "release=trusty"
<rbasak> Also, what about "... sync release~(saucy|trusty)"?
<smoser> thats fine. you can do that if you wnt.
<smoser> right.
<smoser> thats why you dont.
<smoser> dont bother.
<rbasak> With Ubuntu-specific knowledge, I know that release in the released stream correlates to release in the daily stream.
<zetheroo1> what is the default Chunk size for a RAID1 mirrored array?
<smoser> rbasak, yeah. you could just hit them both, and filter out 'daily'  somehow.
<rbasak> zetheroo1: easiest to check /proc/mdstat?
<smoser> but that requires the same basic flaw.
<smoser> interpreting 'label~(alpha1|beta2|release)'
<zetheroo1> rbasak: cat /proc/mdstat is not showing me much info
<ikonia> zetheroo1: 64k I think
<rbasak> zetheroo1: perhaps mdadm -E?
<zetheroo1> ikonia: ok
<zetheroo1> hmmm ... no Chunk Size info
<zetheroo1> http://paste.ubuntu.com/6566983/
<rbasak> zetheroo1: oh, RAID 1. In that case, what do you mean by chunk size?
<zetheroo1> I am using Webmin to make a RAID1 mirror and it's asking what Chunk Size I want
<rbasak> I could be mistaken, but I didn't think that chunk size made any sense on RAID 1.
<rbasak> What does it mean, anyway?
<rbasak> Also,
<zetheroo1> I read that RAID1 doesn't use chunk size ...
<rbasak> !webmin | zetheroo1
<ubottu> zetheroo1: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<zetheroo1> but it's still asking me
<zetheroo1> well we are using Ubuntu 12.04 ... and I think it was compatible with it back then ... no!?
<rbasak> I don't think so.
<ikonia> zetheroo1: it must use a chunk size as the disk is made up of blocks
<ikonia> zetheroo1: it's been dead since before 10.04 (webmin0
<ikonia> webmin
<zetheroo1> oh shucks
<zetheroo1> and there is no replacement or alternative ... ?
<rbasak> zetheroo1: look into Zentyal. I'm not sure if it's an exact equivalent, though.
<ikonia> they pushed ebox for a while....but I'd look at it before trying to use it
<zetheroo1> rbasak: Zentyal is an entire server built on a Ubuntu backdrop - no!?
<zetheroo1> how do you see which groups a user is member of?
<jrwren> zetheroo1: the id command is one way, maybe?
<zetheroo1> ok
<zetheroo1> doesn't look like zentyal is anything like webmin ...
<zetheroo1> webmin was all about administrating the server itself ... too bad it's not compatible any longer ...
<jrwren> does ssh a shell, coreutils and vim count as 'an alternative'?
<zetheroo1> nope ;)
<jrwren> every once in a while I wish I had a web interface
<zetheroo1> but it looks like I have to stick to ssh term for now :P
<jrwren> more for diagnostics than admin
<jrwren> but maybe common admin tasks.
<zetheroo1> it's strange that there are so many how-to's for installing it in 12.04 and even for 13.04 ...
<zetheroo1> well I especially liked it for the RAID GUI
<client> Hello
<hallyn_> rbasak: yeah one of the examples in my blog used arch to sync right?  At home I don't care, I've got a fat pipe.
<client> hallyn_ is it possible to setup A records if you're given a DNS without some CPanel type of setup?
<ikonia> client: of course
<ikonia> client: you set it up on the dns server
<client> ikonia the DNS server is being provided by my VPS host. How would I get access to it?
<ikonia> client: ask the vps host
<client> ikonia, they recommend that clients use their DNS network. Can it really make a difference using a different DNS?
<ikonia> client: yes
<client> ikonia how close should the DNS be to the actual server?
<ikonia> anywhere you want
<ikonia> no set rule
<client> Okay, I guess I will use 1 european DNS and 1 somewhere in the states
<ikonia> why would you do that ?
<client> Most of my users are in Europe and the States
<ikonia> client: are you talking about dns servers as a resolver or as a host of your domain records
<client> ikonia my host calls it "DNS provider"
<ikonia> client: not asking what your host calls it, I'm asking what it does technically
<client> They fail to mention that ikonia
<rbasak> hallyn_: right
<jamespage> krtaylor, hey!
<krtaylor> jamespage, hey!
<QnD>  Does anyone know a way of hardening against the ptmx exploit  on 12.04 server
<QnD> hello ?
<QnD> im gettn my box slammed and need to harden it quick..... but there seems to be no info about this exploit
<sarnold> QnD: do you have a CVE number handy?
<QnD> yeh 1sec... thx
<sarnold> QnD: hrm, is this it? http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0160.html
<uvirtbot> sarnold: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160)
<QnD> (CVE-2013-0160  several cve's dependin on attack
<uvirtbot> QnD: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160)
<QnD> yeh
<sarnold> QnD: do you have one of those, or newer, kernels installed?
<QnD> that and for some reason udev is actually mounting a strange device as /dev... im assuming for rkit purpose unless ubuntu has changed to some strange practice lol
<QnD> im on plain ol 12.04.3 server
<QnD> system got walked through like it was standing still a few times....
<QnD> im ready to try to honeypot the attack without using a prepackaged service
<QnD> im at a loss
<QnD> sarnold r u still there ?
<sarnold> QnD: yeah
<QnD> any ideas on those issues... im stumped
<mbnoimi> Does any one know any NAT 2 NAT server? I want to use a remote desktop by VNC in similar way to TeamViewer
<sarnold> QnD: do you have the latestkernel updates installed? did you reboot into those newer kernels?
<QnD> i tried both leaving it alone and with current sec updates including kernel
<QnD> it looks like all kernels are getting hammered...
<QnD> i updated a box and dumbed it down to just sshd running and I got hit
<sarnold> QnD: how exactly did you discover that one of your users / processes was timing keystrokes via inotify?
<QnD> basically I noticed FS changes
<QnD> I had btrfs mirroring to a /dev that was logging stuff.... great idea... but not good !
<QnD> i/dnode inconsistancies when I loaded backtrack to check out drive offline
<QnD> it is a bad state when OSX takes lead for security :(
#ubuntu-server 2013-12-14
<Picco> hi... stupid question! In python is there a way to have something similar if (!test) which means that if is executed if the test does not succeed?
<krababbel> Hi, I am looking for a guide on /etc/hosts, particularily the localhost part. I read many different ways to write the first two lines in hosts. For example why do some assign 127.0.1.1 to the hostname, while others do 127.0.0.1 hostname localhost? Is localhost.mynet valid, etc.?
<krababbel> Or specifically, is it OK to just write: '127.0.0.1 localhost.net localhost'? I will have a DNS in my network.
<Joe_knock> Hello
<sarnold> isn't it unreasonably early in south africa? :)
<Joe_knock> haha sarnold, yeah it's 6.30am . I am busy trying to configure my VPS
<sarnold> Joe_knock: hehe, 6:30am on a saturday morning, my goal is to flip the pillow over to the cool side.. :)
<Joe_knock> Your IP says comcast, so you'd only flip it over to the cool side cause you live in a warm area of the USA
<sarnold> haha, too true. oregon is nice and moderate :)
<Joe_knock> 10 hour time difference
<Joe_knock> sarnold, are you familiar with setting up a dedicated server/VPS?
<sarnold> Joe_knock: depends on the pieces involved :)
<Joe_knock> I'm at the beginning piece, so let me ask my question
<Joe_knock> Say I created a hostname as server.example.com for my VPS. They gave me an IP address, should I now use my domain registrar to create that specific subdomain and make the IP address point to it?
<sarnold> Joe_knock: does your domain registrar also handle your domain's DNS?
<sarnold> (many registrars only need the addresses of your DNS servers)
<Joe_knock> Yes, although my hosting company says they provide DNS services, I'd prefer to just keep it with my registrar for now.
<sarnold> Joe_knock: cool; one thing to keep in mind is that you can have as many names pointing to that IP as you want (A records, CNAMEs to other names), but the reverse lookup from that IP can only go to one name (a PTR record)
<Joe_knock> So should my hostname be the same as the domain name I want to use? For example, I want to host a webapp saved at: app.example.com , should my hostname then also be app.example.com or is there a way to keep the hostname as server.example.com and still run the webapp at app.example.com ?
<sarnold> Joe_knock: most webapps are happy to run on a name-based virtual host; be aware that name-based virtual hosting and TLS don't exactly play well together, so if you want it on https, look into http://en.wikipedia.org/wiki/Server_Name_Indication
<sarnold> Joe_knock: setting the hostname to server.example.com, adding an A record for server.example.com -> your ip, a PTR from your ip -> server.example.com, and a CNAME from app.example.com -> server.example.com, ought to work
<Joe_knock> okay, so I need to add a CNAME
<sarnold> yeah
<Joe_knock> sarnold, why do I need the PTR?
<sarnold> Joe_knock: it's convenient for ping and traceroute output, if you log in to other hosts from it using ssh, it'll be more easily visible in those other hosts's logs where you came from, and having a matching forward->reverse->forward chain of DNS will help improve the chances that emails sent from that machine won't be flagged as spam
<Joe_knock> Thanks sarnold. That makes a lot of sense. I doubt my VPS would be able to handle email though, it's a 1GB memory, 30GB SSD that I paid $7 for.
<sarnold> Joe_knock: you wouldn't want to send millions a month on that :) but it ought to have plenty of horsepower for low-duty mail..
<Joe_knock> The purpose of this VPS is to run Phabricator for a team of about 10-12 people
<Joe_knock> I'll try configuring email on it though, should be useful to send updates to people.
<sarnold> "oh whats that?" -> firefox -> "oh, the link is purple, apparently I have heard about it", hehe :)
<Joe_knock> sarnold are you primarily a webdeveloper?
<sarnold> "The arcanist command line tool gives you CLI access to most of Phabricator's functionality. Many cryptic commands.". Man, I think I like these guys :) hehe
<sarnold> Joe_knock: no, I do security things
<Joe_knock> white hat?
<sarnold> yeah
<sarnold> lucky for me, I'm horrible at exploit authoring :)
<Joe_knock> This whole hacking thing is weird, because I think I found a legal way to do something that shouldn't be possible.
<Joe_knock> sarnold I thought every white hat should be able to do black hat type of stuff?
<sarnold> Joe_knock: I'm content being able to find and fix flaws; actually weaponizing what I find is just much less interesting to me..
<Joe_knock> so it's a 2-step process. Exploiting a flaw requires a certain level of other skills?
<sarnold> Joe_knock: I don't know if it is a skill or a disposition.... it certainly takes persistence to iterate and refine an exploit, and I'd personally rather spend the time going to find more problems :) some people prefer the challenge of getting their exploit to function.
<mdeslaur> knowing how to write an exploit is one thing, wanting to spend a week writing the exploit is another
<Joe_knock> Wouldn't writing exploits be classified as a certain type of programming?
<Joe_knock> I was initially thinking of it as a '
<sarnold> mdeslaur: .. and that directly leads to not being very good at it. I have fond memories of nights up doing CTF preliminary contests and jj trying to help me get a simple buffer overflow exploit to work...
<Joe_knock> I was initially thinking of it as a 'reverse-process' type of programming.
<sarnold> sure, it sounds simple enough, throw _something_ at the overflow, try to find the offset, and change the length of nop slide to try to get closer, iterate your way there, but I sure found it harder to do in practice :)
<sarnold> just seeing the 0x41414141 is plenty good for me :)
<Joe_knock> sarnold how do you classify somebody that uses tools written by someone else? Like say a DDoS tool that makes a million headless requests to a website. I've heard them being called 'script-kiddies'. Is that the right term/
<Joe_knock> *?
<sarnold> Joe_knock: that seems a fitting description if they rely upon tools written by others.
<Joe_knock> something occurred to me whilst researching webscraping. The principle of scraping is a "gray area", yet if you consider what you were able to learn by scraping, you can apply that same knowledge to do harm too. Does a lot of bad hacking come from being able to do good/not-so-bad things?
<sarnold> Joe_knock: very much so, a recent court case involved a fellow who discovered that (AT&T, I think) exposed an interface for his billing information that included something like &customer_id=12345678 -- well, he added one to it, and found someone else's billing information
<sarnold> Joe_knock: seems like simple enough stuff so far; well, he went to the efforts of scraping together a few hundred thousand or million of them, and AT&T decided to sue.
<Joe_knock> I would blame AT&T for that. Nobody taught them how to use cookie-sessions to protect other customer data from being exposed.
<sarnold> well, that's the thing...
<sarnold> if you try one or two others, that's fair enough. let em know, and move on...
<Joe_knock> When you say billing information, are you referring to basically invoices and that type of stuff? or like the credit card details?
<sarnold> .. but when you collect a few hundred thousand of them, that's changed the color of your hat significantly.
<sarnold> Joe_knock: I presumed it was name, address, phone numbers, but probably not credit card numbers
<Joe_knock> but that's harmless data. Everything accessible via a phonebook
<sarnold> what's a phone book? :)
<Joe_knock> he must've scraped it from his home ip address, otherwise it can be very hard to track someone down these days.
<sarnold> alright time to pop off for the night :) have fun Joe_knock
<Joe_knock> take care sarnold.
<Joe_knock> thanks again.
<Joe_knock> When setting up your ubuntu server, is it advisable to create a user instead of using root?
<Joe_knock> hello everyone
<hengky> hi guy anybody can help me
<hengky> i am using ubuntu server 12.0.4
<hengky> my problem is i want to install ubuntu server on ibm system x3100 m4 with raid 1
<hengky> but when i finish partitioning
<hengky> the installer does not want to write the disk
<hengky> anybody can help me
<hengky> hello anybody
<bekks> hengky: state your issue in one sentence please.
<bekks> !details | henkjan_
<ubottu> henkjan_: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<bekks> gna
<bekks> !details | hengky
<ubottu> hengky: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."
<hengky> i have a problem with installing ubuntu server, i am running ubuntu version 12.0.4 when i try to write the disk hardware raid 1, the installer does not want to write the disk, the installer stay in the purple background and i cannot do anything after that
<bekks> hengky: Tell us the details like the exact error you get.
<hengky> there is no error message
<hengky> it just display a purple background and i cannot do anything
<hengky> it is stuck in that purple display
<hengky> any solution guys
<hengky> my server is ibm system x3100 m4
<hengky> i want to use hardware raid 1
<shauno> hengky: at the 'purple screen', you should be able to use alt+left/right (cursors) to view other VTs, one should have a lot more detail logged on it
<shauno> this might find you some angry-looking error messages that'd provide a much better clue
<hengky> i don't understand what u mean
<hengky> or do you have any tutorial how to install ubuntu server with hardware raid 1
<Joe_knock> hengky shauno is telling you to press ALT + left/right
<auronthas> anyone used to shorewall here ?  I run ubuntu server, I am trying to check what shorewall are blocking
<auronthas> [215972.861637] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:25:90:d4:c1:c6:00:26:0b:f0:00:ff:08:00 SRC=24.162.252.47 DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=14590 DF PROTO=TCP SPT=49546 DPT=23877 WINDOW=65535 RES=0x00 SYN URGP=0
<auronthas> xxx.xxx.xxx.xxx are ip given from ISP
<Patrickdk> why shorewall?
<Patrickdk> that is a normal iptables log entry, nothing to do with shorewall
<jhutchins> rennat41: Hey, don't give up yet.
<jhutchins> rennat41: Depending on what went wrong, your data files are almost certainly still accessible.
<rennat41> jhutchins: Sorry, I'm new to IRC is this a direct message?
<jhutchins> rennat41: No, this is the #ubuntu-server channel.  We encourage people to discuss their problem publicly so anybody can help, and other people can learn.
<jhutchins> rennat41: WHat's wrong with your system?  Does it boot?
<jhutchins> rennat41: This isn't really a server vs. desktop issue, but there's less noise here.
<jhutchins> rennat41: I'll be glad to try to help you if you're willing to provide some information and feedback.
<rennat41> It does not boot, I get this error: "Not Init Found. Try passing boot= bootarg"
<rennat41> jhutchins: sorry, I'm just a bit slow
<rennat41> So my first step was to boot from disk and run fsck /dev/sda1
<rennat41> but I got an error that fsck could not be fount
<rennat41> *found
<TheLordOfTime> by "disk" I assume you meant boot to the OS itself, not a liveusb or livecd or smth.
<TheLordOfTime> because if you can't boot to your system you can't fsck it, you should be doing that from a Live environment at the least
<rennat41> I burned 12.04 to a disk and booted from that disk
<jhutchins> rennat41: Sounds like grub isn't pointing to the right disk/partition.
<TheLordOfTime> fsck is on the livecd, if its not your disk is broken
<TheLordOfTime> jhutchins, or the /dev/sda1 is corrupted beyond measure, i've run into this issue before with dying hardware
<jhutchins> TheLordOfTime: I believe this was  afailed upgrade.
<TheLordOfTime> jhutchins, as i said, corrupted beyond measure
<TheLordOfTime> (many ways to corrupt a partition :P)
<rennat41> Interesting. Any way I could find out if the hardware is bad
<TheLordOfTime> rennat41, boot to the Live environment, and in the terminal do `sudo fdisk -l`
<TheLordOfTime> erm...
<rennat41> I have windows 7 running fine if that helps
<TheLordOfTime> no it doesn't...
<TheLordOfTime> :P
<TheLordOfTime> win7 != ubuntu, won't help us here
<rennat41> Okay
<TheLordOfTime> i think it's a lowercase "l", i have to check...
<jhutchins> rennat41: Linux is much more useful for fixing Windows than Windows is for fixing Linux.
<jhutchins> rennat41: Yes, fdisk -l
<rennat41> Ha, alright
<TheLordOfTime> hehe, yeah been a while since i had to deal with fdisk :P
<jhutchins> rennat41: THis should list the disks and partitions.
<TheLordOfTime> rennat41, pastebin the output from `sudo fdisk -l` (without the ` characters)
<TheLordOfTime> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<rennat41> what information do you need from fdisk?
<TheLordOfTime> ...
<TheLordOfTime> [2013/12/14 14:51:26] <TheLordOfTime> rennat41, pastebin the output from `sudo fdisk -l` (without the ` characters)
<TheLordOfTime> "the output"
<TheLordOfTime> i.e. everything it says
<rennat41> Well, my network card isn't working on ubuntu so I'm on a mac right now
<TheLordOfTime> well...
<TheLordOfTime> kinda stuck on helping you then, you could always, I don't know, use an ethernet cable... or stick the output into a text file on a USB stick and paste it from your Mac...
<rennat41> I'll do that
<TheLordOfTime> ... crap, not again, brb, one of my servers is being stupid... again...
<rennat41> No problem, here is the paste url: http://paste.ubuntu.com/6574268/
<zertyui> hi
<zertyui> i try to set vhost but unfortunately can't
<TheLordOfTime> rennat41, I'm... confused by this...
<TheLordOfTime> rennat41, when you said you were running a server on the system, there would be an ext2 / ext3 / ext4 partition there...
<TheLordOfTime> rennat41, is this a Wubi install?
<TheLordOfTime> (if it is, #ubuntu is where you need to be)
<rennat41> Oh, They told me on that channel that I should be here
<rennat41> But it's just a local server
<TheLordOfTime> rennat41, you didn't answer my question
<rennat41> I'm sorry, I'm not sure
<TheLordOfTime> did you install Ubuntu Server to the disk, or did you install Ubuntu (for desktops) inside of Windows with Wubi
<TheLordOfTime> because if it's the second of those two things, your actual question is "How do I recover my Wubi installation"
<TheLordOfTime> if its the first, then something else you did broke it, because there's no Ubuntu-usable partitions there.
<rennat41> I had windows and then installed ubuntu as a virtual os
<TheLordOfTime> (and I say "Ubuntu-usable" because Linux and NTFS don't play nice with the permissions)
<rennat41> If that answers your question...
<TheLordOfTime> rennat41, ahhhhhhhhhhhh
<TheLordOfTime> rennat41, so this is a virtual machine
<rennat41> Indeed
<TheLordOfTime> rennat41, that changes things
<TheLordOfTime> because running a server in a VM that works everywhere, and recovering data from that VM, tends to be a PITA sometimes
<rennat41> I seeâ¦
<TheLordOfTime> what virtualization software were you using?
<TheLordOfTime> virtualbox?  or something else
<TheLordOfTime> ... STUPID EVIL PIECE OF... *grumbles*
<TheLordOfTime> sorry, python's causing my servers to break... :/
<rennat41> Sorry, maybe I'm not describing this right. When I boot, I can chose between ubuntu or win7
 * TheLordOfTime kills python on his server
<TheLordOfTime> rennat41, then you installed Ubuntu from within Windows 7
<TheLordOfTime> that's called "wubi"
<TheLordOfTime> and your question is "How do I recover stuff from my Wubi installation"
<TheLordOfTime> and we can't really help with that here, you'll need #ubuntu for that
<rennat41> I think I just have a duel instal
<TheLordOfTime> you don't, rennat41
<rennat41> Oh
<TheLordOfTime> if you did then we'd see something else in your fdisk -l
<rennat41> Okay, well I'll go to #ubuntu and see if they can help. Thanks!
<TheLordOfTime> lemme grab an example fdisk -l for one moment
<rennat41> Okay
<TheLordOfTime> bleh stupid server...
<TheLordOfTime> rennat41, anyways, under the 'System' column we'd see "Linux" and probably "Linux Swap", and there'd be 3 or 4 partitions on your system on /dev/sda*
<TheLordOfTime> we only see 2 and they're both NTFS
<TheLordOfTime> which indicates that you've got Ubuntu installed, but not a dual-boot install, a Wubi install
<TheLordOfTime> in which Ubuntu installs to a file on your computer, and does some arcane magic to make Linux boot from outside of Windows, while everything still exists inside your Windows partitions
<TheLordOfTime> which means you don't actually have to mess with the partition table
<TheLordOfTime> the problem with this, is that it's a lot harder to fix Wubi
<TheLordOfTime> so you'll have to get help in recovering Wubi, which is your actual question.
<rennat41> Ah okay. That makes sense. Well thanks for the info.
<TheLordOfTime> you're welcome.
<TheLordOfTime> rennat41, ultimately, #ubuntu, or ubuntuforums.org or askubuntu.com, would be your best bet for getting help
<TheLordOfTime> although on Ask Ubuntu, we tend to say "ALL WUBI MUST BURN!"
<TheLordOfTime> because the veterans there (myself included) hate Wubi with a passion
<TheLordOfTime> rennat41, also, let me make you aware...
<TheLordOfTime> Ubuntu Server doesn't have a graphical interface.
<TheLordOfTime> non-server Ubuntu has the GUI.
<TheLordOfTime> so if you're using Ubuntu and it boots to a GUI it's nto Ubuntu Server.
<rennat41> Yeah I thought so. Now I know!
<TheLordOfTime> but like all other Ubuntus, that's irrelevant...
<TheLordOfTime> because server *packages* like LAMP or Apache, or nginx, or bind9, etc...
<TheLordOfTime> can all be installed on a standard Ubuntu desktop installation
<rennat41> What is the better alternative to a Wubi install?
<TheLordOfTime> dual boot installation direct to the hard drive, but you run the risk of your Windows exploding in the process
<TheLordOfTime> since Windows doesn't like its partitions changed.
<TheLordOfTime> (because you have to resize Windows to make space for Ubuntu)
<rennat41> I did change the partitions when I installed ubuntu
<TheLordOfTime> Wubi is okayish for people who don't want to mess with their partition tables
<TheLordOfTime> rennat41, not according to fdisk
<rennat41> That's why I'm confused
<TheLordOfTime> rennat41, how did you install Ubuntu in the first place
<TheLordOfTime> when you first installed it, did you boot to the Live disk, or did you open the wubi.exe file from within Windows?
<rennat41> I booted to the live disk
<rennat41> I didn't even know about Wubi to be honest
<TheLordOfTime> hmm
<TheLordOfTime> rennat41, and the system seriously has a 2TB disk?
<rennat41> Yes
<TheLordOfTime> did you upgrade Windows or something?
<rennat41> Not recently
<TheLordOfTime> because I don't see an ext partition which is necessary in your fdisk...
<TheLordOfTime> so this suggests that either your partition table is completely broken
<TheLordOfTime> and the ext partitions are just so damaged they're not retrievable or readable by fdisk...
<TheLordOfTime> or you never actually did a dual boot install and did Wubi
<TheLordOfTime> (which is possible)
<rennat41> I think it is. because when I said that I could see my documents from Ubuntu, I actually can't. All I can see is my windows files
<rennat41> Both windows and Ubuntu had the same username so I got confused
<TheLordOfTime> it's one of those two situations, and if its the first one you're kinda in for hell because it's *really* hard to recover data from so badly corrupted partitions that fdisk can't even see them...
<TheLordOfTime> and if it's Wubi that's equally hard.
<rennat41> So my guess is, all hope is lost
<TheLordOfTime> rennat41, I personally always tell everyone this:
<TheLordOfTime> RULE #1: Always back up your data. ALWAYS.
<TheLordOfTime> Rule #2: See rule #1
<TheLordOfTime> Rule #3: See rule #2
<TheLordOfTime> Rule #4: see rule #3
<TheLordOfTime> cardinal rule of all computers and servers: Always keep backups
<rennat41> I know, I've been beating myself up all day for that
<rennat41> I keep backups of windows and my mac, and never set it up for Ubuntu
<TheLordOfTime> rennat41, i actually run a few sites from only one server... my other servers all have mirrored data, so the data is the same, so if one goes dead, i can always recover.
<TheLordOfTime> but i have several servers and/or VPSes for that purpose, I'm atypical :p
<rennat41> You're smart!
 * TheLordOfTime looks out the window.
<TheLordOfTime> ehhhhhhhhhhhhhhhhhhhhhh....
<TheLordOfTime> it looks icy and slippery and crap out there...
<TheLordOfTime> crap, i have to go salt and shovel, back later...
<rennat41> Alright, thanks again for the help!
<zertyui> hello anyone ?
<zertyui> i just installed apache2
<zertyui> it works with sigle host but not virtual host
<zertyui> what to do ?
<GreatBacon> zertyui did you check with #httpd about that yet?
<zertyui> no
<zertyui> let me check that
<adamjames> i am trying to get an atheros usb wifi adapter working on 12.04. it has chipset AR5523, i have searched the web and followed the guides that seem to have worked for other folks. lsusb shows the device but no firmware. i have copied the firmware to /lib/firmware and done modprobe ar5523 and still no luck. can anyone help me get this going?
<Ben64> wifi on ubuntu server?
<adamjames> Ben64: yes, not for internet, for playing with a sandisk wfd.
<adamjames> http://www.sandisk.com/wfd/ it has webdav support...
<GreatBacon> anyone want to help troubleshoot my bind9 configuration?  I'm sure I missed something small and obvious but it's been evading me due to being zoned out on pain killers for a knee injury @__@
<GreatBacon> it's a new install / setup, not a production machine
<GreatBacon> Bueller......
<GreatBacon> Ruetobas, how is your comfort level with bind9?
#ubuntu-server 2013-12-15
<bitbyte_> Hey guys I'm looking at setting up a SMTP server so my server can email me log details any one know of any good guides ?
<bitbyte_> Cause at the moment I'm looking at : http://kylegoslin.wordpress.com/2012/06/05/116/   but where it has example@example.com can i just put anything there in the config ?
<moopers> is there someone online who can assist me?
<moopers> what is the best open source program to keep files on a computer synchronized with an external hd?
<client> moopers, why are you asking that here?
<ehnde> i have a fakeraid volume that worked fine in fedora, but ubuntu doesn't see it. is there anything i can do to check support for that? or do i have to go to mdadm?
<tboat> hey all, I am currently having an issue where IPtables is blocking samba from showing the share on my Windows Network.  The correct ports are being allowed, as I can direct connect to it, but it won't show automatically
<ehnde> screw this i'm going to rebuild it with mdadm
<arubi> Hey, anyone downloaded and installed server 12.04 lts 32bit lately?
<arubi> whatever I do, I always get an md5sum error during the integrity test
<arubi> tried to download on two different machines, two different internet isps
<arubi> two different usb sticks
<arubi> the md5sum of the iso is always correct, but it always fail during install
<arubi> I tried copying the image to the usb with unetbootin and dd, no difference
<arubi> both machines pass memtest
<TJ-> arubi: I can try it to a VM if that'd help
<arubi> Oh thanks TJ-
<arubi> that would help a lot
<TJ-> It'll have to wait until I've got KDE to replace Unity though - Can't get keyboard input focus to switch to Firefox on another X screen!
<arubi> sounds like something anything other than unity would solve :)
<TJ-> LOL yeah! Been remodelling my study and switched to a vidock with a 4-head GPU so the lappy can drive 6 monitors... got 4 up now, but Unity has problems with 2 heads, let alone 3 X screens!
<TJ-> OK, will be back momentarily... if KDE starts!
<arubi> Okay, gl
<nyRednek> i'm having a unique issue...i'm stuck behind a captive portal and can't access http. i can, however, ssh to my ubuntu server and would like to find a way around this captive portal if i could via a vpn...
<jrwren> if you can ssh you can ssh with -D portnum. that starts a socks5 proxy server on portnum, then just set your web browser to use localhost:portnum as proxy
<arubi> ls
<arubi> whoops
<mibofra> hi guys
<mibofra> a strange thing
<mibofra> I've set up a bind9 sever, so if I query it from localhost or another remote pc the records I've set are working and the query for other domains too
<mibofra> but I can't query the server for other domains that isn't my domain form remote
<mibofra> example
<mibofra> I can query mydomain.com to my ns server with both localhost and another remote pc and get an answer
<mibofra> I query ubuntu.com: on localhost I get an answer, on the remote pc I get ** server can't find ubuntu.com: REFUSED with nslookup
<jrwren> mibofra: do any recursive queries work?
<jrwren> mibofra: do you have the "." zone defined?
<jrwren> mibofra: its in /etc/bind/named.conf.default-zones by default
<mibofra> jrwren, ok I've tried, it does the same as it does with the normal queries
<mibofra> jrwren, I've the zones defined, 2
<mibofra> one normal, one recursive
<jrwren> mibofra: i think you need the '.' zone to resolve for anything that you don't have an explicit zone.
<jrwren> basically, you need the "root zone"
<mibofra> uhm
<mibofra> but It's strage that with the same server on localhost it works fine and on a remote pc no xD
<jrwren> oh!
<jrwren> so 'host www.ubuntu.com localhost' works on the same server running bind
<mibofra> jrwren, yes If I query the bind server on its own machine it can answer for its records and other domains, if I query on a remote machine it answer to me only for its own records, for anything else I get ** server can't find google.it: REFUSED
<mibofra> for example
<mibofra> so I think I need a special setting to allow this for the remote terminals
<jrwren> my bind config is modified a lot from what defaults in ubuntu
<jrwren> can you pastebin your /etc/bind/named.conf and all the includes?
<mibofra> jrwren, ok
<mibofra> jrwren, named.conf http://paste.ubuntu.com/6579104/
<mibofra> http://paste.ubuntu.com/6579119/ named.conf.options
<mibofra> http://paste.ubuntu.com/6579125/ named.conf.default-zones
<mibofra> that's all jrwren
<zotta> Is there a way to speed up tcp connections to my server? I need 4 parallel connections to fill the pipe.Is there a setting so that 1 connection will be fast enough?
<mibofra> ok jrwren I've solved
<mibofra> I need an allow-query { any; }; option
<mibofra> :)
<mibofra> jrwren, anyway thanks :)
<HiddenDjinn> trying to use a vps as a socks5 proxy...getting connection reset every time i try to access a page. any advice?
<zotta> HiddenDjinn: what program do you use?
<HiddenDjinn> ssh
<zotta> exact error message of browser?
<zotta> does it say something about proxy
<zotta> or not
<jrwren> mibofra: the weird part is that I don't have that and mine is working. *shrug*
<mibofra> jrwren, ubuntu server 12.10 bind9 1:9.9.3.dfsg.P2-4ubuntu1
<mibofra> you?
<jrwren> mibofra: not exactly, but I HAVE used exactly that with this exact config before.
<mibofra> lol
<jrwren> my config hasn't changed as I upgraded from 12.10 to 13.04 and 13.10
<mibofra> jrwren, the server is a vps so maybe the netconfig is strage xD
<mibofra> I've to try at home with ubuntu 13.10 / 14.04 dev branch and my internet connection
<jrwren> what about your named.conf.local ?
<mibofra> jrwren, I didn't send it?
<mibofra> no ok just a second
<jrwren> nope, just conf, conf.options and conf.default-zones is what you pasted
<jrwren> thanks, i'm trying to learn along with you here :)
<mibofra> http://paste.ubuntu.com/6579458/ jeffrubic
<mibofra> sorry jeffrubic XD
<mibofra> http://paste.ubuntu.com/6579458/ jrwren
<jrwren> wow, nothing there either.
<jrwren> our configs are nearly identical, yet I don't require the allow-query {any;}; option to allow hosts to use my bind as a recursive server.
<jrwren> so weird.
<lickalott> hello all, looking for a good backup/imaging solution for my server.  i've played with FSarchiver (didn't like) and clonezilla.  But clonezilla is a little more intrusive than I was looking for.  Looking for a simple 1 button/script backup capability > an external source.
<lickalott> any idea/opinions?
<phunyguy> hello, got a fresh install of ubuntu-server 12.04.... /boot is ext4, and grub install failed after install.   Any ideas?  It boots to a grub prompt because the install wasn't proper.
<krababbel> How is apt-get working when I install a package without doing 'apt-get update' first? Will it install the newer version or the one in my cache?
<lifeless> krababbel: it will install the version for which there is metadata in your cache
<krababbel> lifeless: Thank you.
<krababbel> I have a server running bind DNS and I want to install OpenLDAP. Do I have to manually edit /etc/ldap/ldap.conf to enter my domain, or can Bind DNS provide this information automatically? I am not sure what record I have to use with Bind.
<krababbel> What can I do when apt-get install does not see that a dependency is already installed? For example I want to install phpldapadmin, and it needs a webserver. I already use lighttpd, and it would satisfy this dependency, but apt-get install wants to install apache2 still.
<krababbel> I mean how can I prevent the installation of apache, because there is already lighttpd installed. I could do it in aptitude, but I'd need a command line solution.
<andol> krababbel: Odd, from what I can see lighttpd should do the trick in this case, given that phpldapadmin depends on apache2 | httpd, and that lighttpd provides httpd.
<andol> krababbel: Assuming lighttpd being installed by way of the package manager?
<krababbel> andol: yes, I just installed it via apt-get. I din't edit sourcer or anything.
<krababbel> andol: The webserver and ldap server are two separate hosts, I am trying to install phpldapadmin on the webserver, where lighttpd is running already.
<krababbel> The systems are updated, they are 13.10 servers, recently installed.
<krababbel> aptitude wants to install apache also, but there I can just unselect it.
<andol> krababbel: Hmm, might have been wrong, because it seems like it insits on apache on my local computer as well, even after having installed lighttpd.
<andol> krababbel: Ahh, here we have it.
<andol> There is also the dependency libapache2-mod-php5 | php5-cli, where libapache-mod-php5 not suprisingly depends on apache
<andol> If you beforehand instead install php5-cli it should be fine.
<krababbel> andol: Of course, thank you a lot.
<krababbel> I was wondering if there was some apt-get option I needed to use instead.
<krababbel> andol: Thank you. :)
<andol> krababbel: Glad it worked out.
<hallyn_> sarnold: so i've got libvirt starting qemu (under strace -f) as my desktop uid, with apparmomr policy permitting PUx for /usr/bin/pulseaudio.  As my uid on terminal i can run /usr/bin/pulseaudio --start.  But strace shows -EPERM (NOT -EACCESS) when running /usr/bin/pulseaudio.  I'm confused.  Ideas
<hallyn_> ?
<hallyn_> Oh!  hm, those fersnickety acls maybe
<hallyn_> nope, not that.
<hallyn_> so what else can cause a -EPERM there?
<adamjames> i am trying to get an atheros usb wifi adapter working on 12.04. it has chipset AR5523, i have searched the web and followed the guides that seem to have worked for other folks. lsusb shows the device but no firmware. i have copied the firmware to /lib/firmware and done modprobe ar5523 and still no luck. can anyone help me get this going?
<adamjames> i know its odd for wifi on the server machine. i have a device that connects only over wifi that i would like to use with this machine
<Cerales> I'm seeing some strange edge cases where, very occasionally, I get connection refused from apache while logrotate.d rotates apache's logs. I checked /etc/logrotate.d/apache2 and /etc/init.d/apache2, and confirmed that the right signals (USR1, i.e. graceful) are being sent. Has anyone encountered this before?
<Cerales> I'm seeing some strange edge cases where, very occasionally, I get connection refused from apache while logrotate.d rotates apache's logs. I checked /etc/logrotate.d/apache2 and /etc/init.d/apache2, and confirmed that the right signals (USR1, i.e. graceful) are being sent. Has anyone encountered this before?
<Cerales> whoops
<hallyn_> ah, secvomp i bet
<hallyn_> seccomp that is
<phunyguy> How can I specify manually the drive to install grub to in the 12.04 Server installation?  It keeps assuming /dev/sda, but that is not the drive I am installing to.  In fact, that is what the USB key shows up as.
<phunyguy> so it keeps installing grub to the USB key instead.
#ubuntu-server 2014-12-08
<kevindf> Does any of you have tried Zentyal before?
<kevindf> Would you guys recommend using Webmin on a Ubuntu home server?
<pmatulis> kevindf: nope, webmin is considered hostile to ubuntu.  do not use it
<kevindf> ok, thank you :)
<pmatulis> !webmin | kevindf
<ubottu> kevindf: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<kevindf> thanks
<pmatulis> np
<qman> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<qman> oh, whoops
<qman> I'm blind
<acmehandle> whats the difference between python3 and python3m?
<lnxmen> Does anyone know how to debug memcached?
<lnxmen> I have set it on VPS
<lnxmen> Added appropiate options to productive server
<lnxmen> PHP does not return any error in case of connection
<lnxmen> but I get dozens of error when PHP tries to get phrases from cache
<lifeless> acmehandle: 3m is the python3-minimal binary
<lvmer> what's the difference between name & iname?  I see examples with both, like$  find /share/pictures/1-Camera/ -name 'Test.tif'
<lnxmen> It's strange because I have two almost identical configs on two VPSes.
<lnxmen> First works, but second not.
<dustinspringman> anyone here familiar with disabling a service from the files on a non-booting OS?
<dustinspringman> I've crashed an important box with apt-get upgrade... =/
<dustinspringman> i've got access to teh files via mounting the disk with another vm, but.... I'm not certain how to kick out services that I don't want to start so I can troubleshoot which one is locking the vm on boot...
<pmatulis> dustinspringman: look into preventing upstart jobs from starting
<dustinspringman> pmatulis: I just ran across a thread about that!!
<dustinspringman> my problem appears to be that when the server boots now, it's flooding itself with smtp attempts/failures... I think I can get back into the vm if I can just stop postfix at boot for now..
<Patrickdk> just move the file out of /etc/init/
<Patrickdk> then after boot, slowly move them back in
<dustinspringman> Patrickdk: Was thinking about that, the upstart threads are saying to "echo manual >/etc/init/service~name.override
<pmatulis> dustinspringman: so edit the postfix upstart job
<dustinspringman> I can just rename it right?
<pmatulis> dustinspringman: what release is this?
<dustinspringman> 12.04.3
<Patrickdk> rename won't work
<dustinspringman> Patrickdk: rgr that
<dustinspringman> so, do I move it out of init or init.d ?
<Patrickdk> if it's upstart, init
<Patrickdk> if it's non-upstart init.d
<dustinspringman> it appears some of the services are upstart and some are not... is that accuratE?
<Patrickdk> depends
<dustinspringman> appears to be the case on this box..
<pmatulis> dustinspringman: postfix is not an upstart job on precise
<Patrickdk> it is for me :)
<dustinspringman> pmatulis: rgr that
 * Patrickdk doesn't use the ubuntu postfix init script though
<pmatulis> dustinspringman: http://paste.ubuntu.com/9420952/
<dustinspringman> w00p w00p, killing that service fixed it!
<dustinspringman> thanks pmatulis and Patrickdk for the help! saved me a ton of time
<pmatulis> dustinspringman: i'm glad it worked out for you.  w00p w00p!
<dustinspringman> BTW this was an Amazon EC2 instance... Otherwise I'd have had a much easier console access through a physical terminal or esxi console... Just to get to the files to be able to nix that faulty startup item, I had to launch a new EC2 instance, detach/attach the EBS volume from broken instance to the temp instance, mount the disk in the temp instance....... edit the init.d stuff and then re-attach to the original instan
<dustinspringman> time for a beer!
<riz0n> Hello, I am getting a "permission denied" error in cron, for awstats, my logfiles are in /var/log/apache2/custom ... What do I need to set the permissions for there to not be a permission errors?
<riz0n> cd ..
<riz0n> oops ;)
<lordievader> Good morning.
<yossarianuk> hi - we have a script on a server (java based) that sometimes dies - what would be the best way of ensuring the process gets automatically restarted?
<yossarianuk> i.e watchdog ?
<lordievader> Upstart has the ability of respawns.
<yossarianuk> lordievader: thanks - I would have to upstartify my init script first though ?
<lordievader> Suppose so, yes.
<yossarianuk> ok thank you
<pmatulis> morning
<NigeyS> Does anyone know if its possible to set rsyslogd to output via a different eth interface? i want to bind it to eth1 not eth0
<sarthor> Hi, I have extracted some .deb file, that became 3 files, control.tar.gz, data.tar.gz and debian-binary, How can I make this again file.deb, HELP
<sarthor> Hi, again , I have 3 directories, in one folder, naming. DEBIAN  etc  usr , I want them as somefile.deb How can I do it, And where i got these files, I extraced some .deb file, made some changes, now I want these same as before. HELP, googled buy failing.
<caribou> Is there an easy trick to boot a vivid cloud image with systemd as PID 1 ?
<caribou> looks like changing /etc/default/grub is not cutting it
<jamespage> caribou, you would need to update-initrd afterwards
<RoyK> jamespage: update-initramfs -u
<caribou> jamespage: ah, that's the trick, update-grub just isn't enough
<jamespage> as RoyK says
<caribou> jamespage: RoyK: thanks working fine
<acmehandle> I'm getting a pam.d cant open /etc/default/locale error in one of my logs.  I did a search and found a bug submt going back to 2010.
<acmehandle> How was it resolved recently?
<acmehandle> I'm on 14
<acmehandle> Is this related to sudo?
<hxm> is possible to create a sh script with fdisk instructions?
<rbasak> hxm: look into sfdisk(8)
<hxm> ok thanks
<hxm> i have other question
<hxm> what is the file in the system which starts up the enviroment?
<hxm> /boot/?
<hxm> if there is no grub, what other thing i can use
<hxm> uboot? that's binary, how can i select the kernel ?
<qman> hxm: grub is the default and supported bootloader
<hxm> ah, ok
<qman> Others exist such as lilo (old and not likely to work) and syslinux (usually used for cd or netboot)
<hxm> so what is uboot for? only embebed systems?
<qman> Never heard of it
<jhobbs> it's really popular for ARM
<jhobbs> for embedded systems and more
<jhobbs> phones, servers
<hxm> ah, those devices
<jhobbs> but it supports many architectures
<jhobbs> you're almost certainly not running it on an x86 system
<hxm> super correct
<acmehandle> How do I set vims system wide settings?
<lordievader> acmehandle: According to the manual /usr/share/vim/vimrc
<deever> hi
<deever> for mysql-server, can i somehow change datadir right upon installation?
<semiosis> jamespage: i'd like to get that process moving again, yes.
<semiosis> jamespage: i need to sync up my PPA package changes with debian experimental, then merge that into ubuntu.  the upstream devs did a bunch of work fixing static analysis issues raised by the MIR security review but i think some still haven't been backported to release branches
<smb> hallyn, So fwiw, I just uploaded a qemu to vivid which gives back the kvm-spice link
<jsmith-argotec> Samba question - Had the SSL cert expire for my LDAP server and all samba auth stopped working.  Corrected the cert issue but now getting a different auth issue with any user: "init_sam_from_ldap: Entry found for user: jake smith, passdb/lookup_sid.c:1684(get_primary_group_sid) Failed to find a Unix account for jake smithUser jake smith in passdb, but getpwnam() fails!
<sarnold> jsmith-argotec: on first guess that sounds like something that might go away if you restart samba and associated daemons; I could imagine "replaced an expired LDAP certificate" might not be commonly tested
<jsmith-argotec> I did restart ldap and samba (a few times now).  Checked nsswitch file - was files ldap - tried swapping without any change.
<sarnold> dang
<jsmith-argotec> yeah!
<jsmith-argotec> :-(
<sarnold> jsmith-argotec: if it were my problem to debug I'd either (a) go reading through the source to find one of those error messages or (b) break out strace and find the systemcalls samba makes when reporting those errors; neither one would be much fun but they might let you find variables we're missing
<jsmith-argotec> sarnold: ouch... might start getting outside my abilities to decipher what I would find but I will head that way
<pmatulis> jsmith-argotec: that sounds like a samba error.  look for slapd errors.  possibly run slapd in debug mode (add '-d -1')
<pmatulis> jsmith-argotec: also, did you ensure slapd started up properly?
<jsmith-argotec> pmatulis: you mean that sounds like an ldap error?
<jsmith-argotec> slapd rather?
<sarnold> pmatulis: oo
<pmatulis> jsmith-argotec: i meant, it sounds like an error found in the samba logs
<pmatulis> jsmith-argotec: check the slapd logs
<jsmith-argotec> pmatulis: it is an error from the samba logs.
<jsmith-argotec> ok
<pmatulis> jsmith-argotec: also try authenticating to slapd re TLS using a command line tool (ldapwhoami).  get samba out of the way
<jsmith-argotec> pmatulis: is this a similiar test?  ldapsearch -xLLL -vvv -H ldaps://192.168.x.x -b dc=domain,dc=com ou=people uid
<jsmith-argotec> pmatulis: nss_ldap: failed to bind to LDAP server ldaps://192.168.x.x/: Can't contact LDAP server
<jsmith-argotec> pmatulis: just found I still have an auth error around ldap ^^^
<pmatulis> jsmith-argotec: add -ZZ to enforce TLS
<NigeyS> Does anyone know if its possible to set rsyslogd to output via a different eth interface? i want to bind it to eth1 not eth0
<pmatulis> jsmith-argotec: and you should really not be using LDAP over TLS (ldaps) but StartTLS instead
<jsmith-argotec> pmatulis: ldapsearch -xLLL -vvvvvv -ZZ -H ldap://192.168.x.x -b dc=argotec,dc=com ou=people uid
<jsmith-argotec> successful ^^
<pmatulis> jsmith-argotec: very good
<pmatulis> jsmith-argotec: so slapd is running and TLS is working
<jsmith-argotec> pmatulis: that's good...
<pmatulis> jsmith-argotec: you can try starting slapd in high debug mode or try to find a less verbose debug mode, and then try connecting from samba
<jsmith-argotec> pmatulis: could it have really been that nscd cache was stale?!?!?!
<pmatulis> jsmith-argotec: oof
<jsmith-argotec> pmatulis: ??
<pmatulis> jsmith-argotec: sorry, i thought you got it running by restarting nscd
<pmatulis> jsmith-argotec: or flushing its cache
<jsmith-argotec> pmatulis: looks like I did!  just thought of it because of the nss-ldap error and restarted nscd... seems to be good now
<jsmith-argotec> pmatulis: I think that makes sense...?
<pmatulis> jsmith-argotec: good.  with nscd nothing makes much sense.  it's a piece of used jet trash
<jsmith-argotec> pmatulis: hahahaha!
<hadifarnoud> for some reason, we need to setup our own DNS servers. there are many options out there. since it's a critical part of our Saas app, I'd like to know your opinion on how to do it
<hadifarn_> for some reason, we need to setup our own DNS servers. there are many options out there. since it's a critical part of our Saas app, I'd like to know your opinion on how to do it
<pmatulis> hadifarn_: choose you poison, bind or dnsmasq and go from there
<hadifarn_> pmatulis: since I want to add domains to it via a php app on another server, which one you recommend?
<pmatulis> hadifarn_: no idea about PHP, sorry
<hadifarn_> pmatulis: which one is easier to setup?
<hadifarn_> no djbdns?
<zzxc> Hey I'm creating a new SSL keyfile. Does anyone know how to specify to use a SHA-256 signature?
<teward> zzxc: you mean the actual key file that you need to provide for the cert to work?  or the CSR?
<zzxc> teward: My understanding was you first generated a keyfile, then used the key to geneate the CSR
<avid_fan> zzxc: Maybe this might help: http://itigloo.com/security/generate-an-openssl-certificate-request-with-sha-256-signature/
<teward> zzxc: i think the key is just the key, not the signature, and that the CSR is created/signed with that key - at least, from what I've seen
<teward> zzxc: you can define -sha256 when you generate the CSR
<avid_fan> zzxc: Step 1 creates a key with a SHA-256 signature
<zzxc> So the inital keyfile, to answer your question teward.
<teward> ahhh yes ,i was wrong
<teward> zzxc: -sha256
<teward> add that to the arguments, forces the SHA-256 signature
<teward> also provide it with the CSR
<teward> CSR command if you want to enforce sha256 signature
<teward> (not necessary, I think, if the key is sha256, but i'm always overly paranoid about things not doing what I want)
<zzxc> avid_fan: Yeah that was what I was using as a reference but everything after the block length seems to be ignored. I accidently misplaces the -dec3 flag and it skipped it without complaing that it shouldn't have been there.
<zzxc> teward: Also if I add -sha256 to the arguements it complains that it doesn't know what the flag means.
<teward> heh, then the docs i have are old...
 * teward shrugs
<jsmith-argotec> sarnold: pmatulis: Thank you both for your help!
<zzxc> teward: *sign* man this is irksome. Well thanks I'll keep digging.
<teward> zzxc: i'm digging in the manpage now. but i'm going to poke ##openssl and ask
<zzxc> teward: Haha I was actually just about to head over there and ask the same thing
<avid_fan> zzxc: I'm not an expert in SSL, certs, keys, and the like, but I'm not sure that keys have a signature.
<qman> Keys have fingerprints or thumbprints, same idea, different name
<zzxc> Yeah. OpenSSL was complaing that my current key is sha1.
<zzxc> Sorry ssllabs*
<avid_fan> zzxc: Gotcha
<pmatulis> jsmith-argotec: welcome
<JosephDuffy> Hi everyone. I feel like I'm on the very last steps of getting my mail server working and could use some help. I'm using postfix and courier and can't get SMTP to authenticate. Is anyone able to help?
<pmatulis> !ask | JosephDuffy
<ubottu> JosephDuffy: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<JosephDuffy> Ok, I don't have a specific issue since I'm struggling to get to that point. Here's what I know: I followed a tutorial (http://www.pixelinx.com/2013/09/creating-a-mail-server-on-ubuntu-postfix-courier-ssltls-spamassassin-clamav-amavis/). I'm using MySQL to store the users, and when I use the command "testsaslauthd -u joseph@domain.com -p password -s smtp" I get "0: NO "authentication failed"". I can connect a
<JosephDuffy> nd recieve mail via IMAP and POP. I have nothing in /var/log/auth.log and I can see the requests reaching MySQL. In /etc/pam.d/smtp I have http://pastebin.com/agABukjE
<pmatulis> JosephDuffy: courier, interesting.  most 'buntu folks use dovecot
<JosephDuffy> I'm willing to start over. I'm not much of a server admin so I went for the tutorial that looked easiest. Apparently it didn't go so well
<pmatulis> JosephDuffy: well your choice but you are more likely to get further help on dovecot than courier
<pmatulis> (if using Ubuntu)
<pmatulis> JosephDuffy: but do things work with TLS turned off?
<pmatulis> JosephDuffy: so everything works except the testsaslauthd command?
<JosephDuffy> For SMTP? I'm not sure I've checked, but I've been doing most of my tests by telnet port 25 so not secure. I just posted the testsaslauthd because that's the only sort of error message I can get
<pmatulis> JosephDuffy: ok, so IMAP and POP3 work
<pmatulis> JosephDuffy: but SMTP does not
<JosephDuffy> pmatulis: Yes. SSL over those doesn't seem to but that's not a big deal right now. SMTP fails on auth
<pmatulis> JosephDuffy: does SMTP work with TLS turned off?  last time i used it, postfix and smtp-auth was a bit hacked together
<JosephDuffy> I'll try turning it off
<JosephDuffy> pmatulis: That didn't seem to help
<pmatulis> JosephDuffy: well, make sure non-TLS works before moving on to TLS
<pmatulis> JosephDuffy: you might find better help on #postfix . be prepared to provide a pastebin of 'postconf -n' and a chunk of postfix log messages
<JosephDuffy> pmatulis: Thanks, didn't even realise that was a room. I'll move myself over there. Thanks :)
<pmatulis> JosephDuffy: welcome
<NTQ> Hi. I have some problems installing a mailserver with postfix, postfixadmin, dovecot and roundcube on Ubuntu 12.04.5 LTS Server. Here are some more information: http://nopaste.info/ede8334a86.html
<NTQ> I used a german-speaking tutorial: http://wiki.nefarius.at/linux/der_perfekte_mail-server
<keithzg> NTQ: When you say you're trying to connect with Thunderbird, do you mean to your mailbox via IMAP, or to send a message via SMTP?
<patdk-wk> well, fix all those errors and warnings
<patdk-wk> nothing can work, when it says FATAL ERROR
<keithzg> Yeah, "fatal: no SASL authentication mechanisms" seems pretty definitive about that, heh.
<NTQ> I am new to set up a mail server. This is my first try. ;) So I have no idea where to look first when I see such errors.
<patdk-wk> google!
<patdk-wk> https://www.google.com/?gws_rd=ssl#q=ubuntu+fatal+no+sasl+authentication+mechanisms
<NTQ> Google is my friend, but there is also an IRC
 * keithzg currently has a postfix-related issue of his own, trying to figure out how to minimally filter out all messages with "X-Spam-Flag: YES" via postfix, on a server where SpamAssassin can't really be installed (but it's getting messages already flagged by spamassassin on another server, it just needs to notice and shelve or delete them)
<patdk-wk> sure there is irc
<patdk-wk> I just googled it for you
<patdk-wk> now you just need to read and fix it :)
<patdk-wk> keithzg, header_checks
<keithzg> patdk-wk: aha, thanks, all *my* google searches were overflowing with folks saying "of course, you just use this script that calls spamc . . ." which doesn't work when the server in question resists compiling the damn thing, heh
<NTQ> The directory /var/spool/postfix/private/auth does not exist. I was hoping you can lead me to the right direction to find the misconfiguration.
<patdk-wk> ntq, fix dovecot
<NTQ> Maybe I should reset all dovecot config files and start from the beginning. ;)
<NTQ> Or simply use a simple dovecot.conf and not that whole bunch of files in conf.d
<patdk-wk> both sound kindof insane
<patdk-wk> your using postfixadmin
<patdk-wk> you should have configured dovecot the way postfixadmin required
<patdk-wk> then you should have configured dovecot how postfix requires for sasl and lmtp
<patdk-wk> it looks like your using dovecot lda, that is not a very good option, but your using 12.04, and I can't remember if you have lmtp in that version or not
<patdk-wk> the fix is like 2 lines to dovecot
<patdk-wk> how many other problems? not sure
<patdk-wk> how many other problems will you have if you start over? not sure
<patdk-wk> if I must do your google for you: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
<NTQ> I already found that link, thank you. I'll give my best. :)
<NTQ> Now the path /var/spool/postfix/private/auth exists. I tried a new login attempt with Roundcube and in mail.log there are now some failed login attempts. But i think the problem is here that the method was PLAIN. I will try it with thunderbird now.
<NTQ> I got now this errors: http://paste.ubuntuusers.de/420773/
<patdk-wk> sounds like you have tls/ssl configured incorrectly
<Ironlenny> Has anyone dealt with nat port forwarding in kvm?
<patdk-wk> really funky you have pipelining disabled on submission port though
<patdk-wk> whoa, that tutorial you used is old as hell
<patdk-wk> dovecot 1.2? postfix 2.5?
<patdk-wk> what does your master.cf file look like?
<ScottK> IIRC the Ubuntu server guide has rather more up to date instructions.
#ubuntu-server 2014-12-09
<NTQ> patdk-wk: This is my master.cf: http://paste.debian.net/135565/  I only added the last two lines and activated "submission inet ..." and "smtps inet ..."
<NTQ> The rest was the standard master.cf from the repository
<patdk-wk> ok, in main.cf
<patdk-wk> remove smtpd_sasl_auth_enable = yes
<patdk-wk> in master.cf change, smtpd_client_restrictions to smtpd_recipient_restrictions
<patdk-wk> in main.cf, remove smtpd_tls_auth_only = yes, and in it's place put, smtpd_tls_security_level = may
<patdk-wk> oh wait hmm
<patdk-wk> wrong one
<patdk-wk> I mean, smtpd_use_tls = yes, remove that one
<patdk-wk> leave the smtpd_tls_auth_only = yes
<NTQ> okay
<patdk-wk> and for love of god
<patdk-wk> remove your server name from mydestination
<patdk-wk> unless you don't have it configured in postfixadmin at all
<NTQ> Oh yes. it did that already
<NTQ> If found it our some hours ago
<patdk-wk> oh, updated pastebin would be useful :)
<patdk-wk> so I'm working with the correct info
<NTQ> sorry. the only change was mydestination = localhost
<NTQ> The good thing is that there are no more erros in mail.err or mail.log after restarting up dovecot and postfix. But there are some authentification failures in auth.log from for ruser=webmaster and ruser@webmaster@testdomain.de with my IP address in rhost.
<patdk-wk> that file doesn't matter at all
<NTQ> And there are currently a lot of 'POSSIBLE BREAK-IN ATTEMPT!' from stocazzo.stocazzo.com with many different user names.
<patdk-wk> yes, but none of that matters
<patdk-wk> do those lines even say dovecot or postfix?
<patdk-wk> everything looks good, from what I see
<NTQ> Dec  9 01:12:21 loft1234 auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=webmaster@testdomain.de rhost=92.64.172.113
<NTQ> And some without @testdomain.de
<patdk-wk> is that your test?
<NTQ> The test with thunderbird
<NTQ> Thunderbird tries to find the correct configuration.
<patdk-wk> why is it doing an auth against pam?
<patdk-wk> I thought you where using postfixadmin?
<Ironlenny> Has anyone setup port forwarding for kvm?
<NTQ> I do.
<patdk-wk> then there should be no lines in auth.log about dovecot or postfix
<patdk-wk> so you have dovecot configured to auth against PAM instead of postfixadmin mysql
<NTQ> No. I guess not. I created many mysql_virtual_*.cf files with mapping for the mysql database.
<NTQ> And there were configured in main.cf
<patdk-wk> yes, but that is postfix, not dovecot
<patdk-wk> http://sourceforge.net/p/postfixadmin/code/HEAD/tree/trunk/DOCUMENTS/DOVECOT.txt
<patdk-wk> note the, userdb/passdb sections
<patdk-wk> and probably the whole dovecot sql setup section
<NTQ> Thank you. But for now I have to go to bed. It's 1:30 am ;)
<NTQ> I guess the main problem is that I used a very old manual.
 * keithzg is slowly being driven crazy by the zero result of adding blacklist_from lines to the spamassassin local.cf file . . .
<EuaD> howdy everyone, is it recommended to have iptables rules or no on a WAN facing server running apache, nginx, teamspeak, mumble, minecraft
<teward> EuaD: if there's something internet facing i'd set a default DROP or REJECT rule that doesn't match the specific ports you have listening
<sarnold> EuaD: even though that might feel very porous, it still feels like a good idea to reject whatever that system shouldn't be doing, to help avoid e.g. abuse complaints or overage charges etc
<teward> indeed.
<EuaD> for example, znc is currently facing the internet on port 60,000. can you explain what you mean by your first statement
<teward> EuaD: mine, or sarnold?
<EuaD> either or. lol   so basically i just add a rule that drops all traffic for any port if it's not port 60,000
<EuaD> in my example
<teward> um...
<teward> EuaD: lemme show you an example of what I meant, because my rules are a tad overkill but structured for a reason
<sarnold> EuaD: "feels very porous", you've got two web servers which are probably pretty decent but both are large codebases, teamspeak which is probably insufficiently reviewed, mumble, same thing, and minecraft, which is gigabytes of java if the rumours are true...
<teward> sarnold: s/if the rumors are true/of which the rumors are true/
<sarnold> EuaD: each one represents an attack surface, and some of them are probably not well-audited
<teward> i can confirm it eats memory
<teward> agreed with sarnold
<teward> effectively this is my ruleset:  https://pbin.dark-net.net/view/raw/7ac1a067
<EuaD> i've never bothered running a software firewall because my current xubuntu 14.04.1 server is behind a hardware firewall
<teward> ignore the logging section, i was experimenting with Splunk :P
<teward> ooop, Xubuntu 'Server'
<teward> GUI adds another exploit surface
<EuaD> how does Xorg add an exploit surface?
<sarnold> EuaD: you might want to look into UFW; install it, add some "allow" for the different services you need (do not forget ssh) and then enable it. it's also useful to install restrictive -outbound- rules, too, to avoid being a source of spam or attacks or something incase one of those services -is- hacked but the attacker doesn't get root
<teward> effectively though, what you have running is pretty 'huge' in terms of attack surface - minecraft, apache, and nginx being three big ones
<teward> agreed with sarnold
<teward> (the rules I posted were for this local system, but having the restrictive rules on both sides are a good idea)
<sarnold> EuaD: xorg -used- to run wide open on tcp by default. there's literally hundreds of opportunities for root bugs if X is installed
<teward> (and in my case, outbound is restricted by a hardware firewall)
<EuaD> sarnold, ah i didn't know that. does ubuntu do that by default with Xorg?
<sarnold> EuaD: I don't see any TCP sockets for trusty's X, it's probably safe by default
<teward> sarnold: mind if I poke you about something, maybe see if you can get someone in the merge reviewers to poke it because of a security concern (POODLE)?
<sarnold> teward: sure, what is it?
<EuaD> sarnold, yeah, it's got -nolisten tcp by default
<sarnold> EuaD: good good. do note the permissions on /usr/bin/X though, once an attacker has local access on the box, there's an opportunity to abuse X to gain root privs
<teward> sarnold: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1399967 is the merge request - i say security centric with regard to POODLE because it further mitigates POODLE SSL risks and adds a couple extra security measures WRT SSL (such as prefer-server-ciphers) to the nginx.conf which is then global in nginx.
<uvirtbot> Launchpad bug 1399967 in nginx "Please merge nginx 1.6.2-5 (main) from Debian Unstable (main)" [Wishlist,New]
<teward> (the merge is only targeted at Vivid, none of the fixes are on my backport radars, except for the PPAs)
<teward> sarnold: https://code.launchpad.net/~levlaz/ubuntu/precise/nginx/fix-for-1370478/+merge/243890 is the other thing on the radar, and that user reached out to me after filing it asking me to take a peek
<teward> but of course my Wireshark project is a lot higher on the radar than that
<teward> that second one needs sec team review
<teward> (the bug is about incorrect cached SSL)
<teward> sarnold: and i'm sorry to keep adding things to your radar :P
<sarnold> teward: nice merge, do note the '[atches' typo though
<teward> oopsies
<teward> that's an easy fix, gimme 2 minutes
<EuaD> is it easy to use a guide for setting up a LAMP server but instead of apache, use nginx?
<teward> wwwhoopsies, timeout o.o
<teward> sarnold: i might have to go stab #launchpad or canonical sysadmins - all uploads're timing out
<teward> aaand i had to use firefox, because chrome derped
<teward> sarnold: updated that, thanks for catching that typo :)
<sarnold> ugh I hate that kind of solution :)
<sarnold> hehe
<sarnold> thanks teward
<teward> sarnold: and better note: this is my *second* merge - first was to get -4ubuntu1 in :)
<teward> ooopsies
<teward> i forgot the bug number >.>
<teward> grrrrrrr
<sarnold> d'oh :)
 * teward beats himself and apologizes for the noise in the attachment upload
<teward> sarnold: so far these merges have worked easily, and it's easier going from -4 to -5 :P
<sarnold> could be worse, could be an 'apport-report NNNN' for e.g. X, those things are -noisy- :)
<teward> urgh...
<teward> yeah tell me about it
<sarnold> thirty emails later...
<teward> i see enough errors.u.c reports about the packages from nginx upstream...
<teward> it annoys and irks me... >.<
 * teward checks every day :/
<teward> it irks me that so many people use the upstream repository and not the PPAs - it causes a lot of package conflicts during updates and such
<teward> only bare minimum Debian policy compliant, AFAICT
<teward> at least the PPAs inherit the Debian policy compliance from Debian
<sarnold> both have their place; some people just want upstream nginx regardless of distro they use to host it and other people want good distro integration regardless of which webserver they pick
<teward> sarnold: the other merge request is not mine, but was on my radar because i was pinged about it.  Pinged you in -hardened too, so it'd end up on your radar
<teward> mhm
<sarnold> teward: thanks for the re-ping, I hadn't made it back to that tab yet since this morning, heh
<teward> sarnold: oh, another note on -5ubuntu1 is it brings in code in the scripts to remove naxsi extras from nginx-common, apparently some of the config files still were left behind
<teward> (and now actually finds the files and removes them if still present so purges work and such...)
<sarnold> teward: I'm happy to see naxsi gone, I didn't care for its coding style much iirc
<teward> sarnold: and no problem
<teward> sarnold: naxsi was a PITA... it was NOT trivial to maintain
<sarnold> .. a little worried about config files being deleted but there's no great solution there, either, is there
<EuaD> sarnold, i see what you're saying. i don't really understand how an attacked would gain access to the local machine but i see what you're saying
<teward> sarnold: no, but i mean that the files were left as remnants in nginx-common and such, so it's extra crap, but meh
<sarnold> EuaD: well, once an attacker has hacked a process they've become a 'local' attacker; having access to all the things on the filesystem can open up all kinds of opportunities for evil
<teward> sarnold: the biggest issue is one we might need to take up with the higher ups - Lua is still not 'updated' to 5.2, so we run into the problem of Lua possibly needing removed by the next LTS - because the Lua third-party module doesn't look like it's going to get support for later variants of Lua...
<EuaD> sarnold, hacked a process?
<sarnold> teward: blech.
<teward> sarnold: indeed - not pretty
<teward> the problem being that we can't keep older Lua in main forever...
<sarnold> EuaD: yeah, gained control over the process, say a buffer overflow or format string bug or java class loader bug, etc..
<teward> (i think this was even discussed during the MIR)
<sarnold> teward: yeah, though to be fair we've never done a security update on lua. so, as far as actual -costs- go, it might not be terrible to keep 5.2 around two years longer than we've already committed.
<teward> s/5.2/5.1/
<teward> 5.2 is incompatible
<sarnold> ah right
<teward> https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1324062 being relevant
<uvirtbot> Launchpad bug 1324062 in nginx "No lua 5.2 support" [High,Triaged]
<teward> sarnold: you're right, and that was discussed at the time of the LTS release and the MIR.
<teward> i think it was discussed in -devel or -release at one of those points
<teward> and the decision to keep 5.1 in main was made to not have to butcher the featuresets
<sarnold> and generate an even larger delta with debian
<teward> (and upstream on the LUa module has basically said that 5.2 is incompatible with 5.1", and essentially has also said that they won't have 5.2 support for the forseeable time
<sarnold> ditchin naxsi is a big help there though :) hooray
<teward> indeed
<teward> sarnold: sooooo much less crap for me to maintain
<sarnold> \o/
<teward> also FYI, i'm still seeking PPU for nginx i just haven't had time to submit the application.
<teward> also my schedule prohibits me from being present at DMB meetings which adds additional strife :/
<EuaD> sarnold, wow, i had no idea. lol
<EuaD> i currently only use nginx for it's rtmp module, i love that module. :)
<sarnold> EuaD: ideally, most people wouldn't ever have to know :) but hackers are currently on the leading edge of this arms race...
<teward> sarnold: i assume security updates still need security team review regardless of PPU rights, right?
<sarnold> teward: right, all security updates must go through the security ppa
<teward> that's what i thought
<teward> grrr evil client
<teward> sarnold: fortunately i lurk -hardened and end up being all "Hey, incoming security fix for CVE-XXXX-XXXX in nginx, here's the bug!  <link>"
<teward> i bet that gets old after a while, but meh
<teward> :P
<sarnold> teward: it's helpful, our normal cve triage process can't get everything in a timely fashion
<teward> mhm
<keithzg> patdk-wk: I feel like postfix is taunting me; every action I'd *want* it to take mentions in the documentation "This feature is not supported with smtp header/body checks" :P
<teward> sarnold: at some point it probably becomes annoying.  Anyways, I digress.
<Patrickdk> heh?
<Patrickdk> what do you want to do?
<keithzg> I'd be fine with DISCARD or REJECT, and if I had to I guess I could work with (although it seems like more effort than something so simple should be) FILTER or HOLD or REDIRECt and set up some script or such to then deal with it.
<keithzg> Literally all of those are listed as not working with header or body checks!
<keithzg> The only thing header checks can apparently do is DUNNO, IGNORE (which only deletes the current line), INFO, PREPEND, REPLACE and WARN.
<Patrickdk> you must be reading something wrong
<Patrickdk> ah, yes you are completely reading this wrong
<Patrickdk> smtp!=smtpd
<Patrickdk> exactly how do you redirect/filter/drop/hold, email CURRENTLY leaving your server?
<Patrickdk> you do it when your *receiving* it, incoming
<keithzg> ahh, so it's saying this isn't valid for *outgoing* checks, eh?
<Patrickdk> when using smtp_header_checks and smtp_body_checks
<Patrickdk> not smtpd header_checks and body
<Patrickdk> most people never use smtp_header_checks
<Patrickdk> I have one system I use it on though
<keithzg> Fair enough. And I did finally see an email come through that met the criteria, and the log shows it rejected just fine, so it does indeed work. Thanks!
<keithzg> Err, don't suppose I could bug you for why blacklist_from in my spamassassin conf appears to do nothing, then? I can't see any explanation in the documentation of quite how it's supposed to act (I would assume either outright blocking or just adding to the spam score, but neither appears to be happeneing from what I can see in logs).
<keithzg> To be specific, I'm defining these lines in my local.cf, and spamassassin --lint seems to have no issues so I presumably have the syntax correct, at least.
<Patrickdk> what should have matched blacklist_from and didn't?
<Patrickdk> blacklist* adds 100points to the score
<keithzg> I tried "blacklist_from *@*.link" since I'm seeing a *ton* of spam from .link domains and I've never heard of anyone using those legitimately yet; I also tried "blacklist_from *@favorableto.org" since a fair number from there seem to be showing up.
<sarnold> are you sure those are legal patterns for those fields?
<sarnold> they look like shell globs rather than regex rules
<Patrickdk> heh? I bought a .link domain a month or two ago
<pmatulis> no mail for you
<keithzg> sarnold: good thought, but I had read that globs are actually accepted these days in the postfix documentation
<Patrickdk> blacklist_from  *@cllearn.com
<Patrickdk> blacklist_from  *@55book.net
<Patrickdk> works for me :)
<sarnold> keithzg: aha :) back to lurking :)
<Patrickdk> keithzg, are you sure the FROM address is set to that? or the env from?
<Patrickdk> header SOMETLD_ARE_BAD_TLD          From:addr =~ /\.(link|pw)$/
<Patrickdk> describe SOMETLD_ARE_BAD_TLD        .PW & .LINK TLD Abuse
<Patrickdk> score SOMETLD_ARE_BAD_TLD           10.0
<Patrickdk> but what you really want is: http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
<keithzg> Patrickdk: ooh, thanks; yeah, I'm kindof fumbling around here, that looks like a great rule/conf set to crib from :)
<keithzg> Or I suppose just to wget via a cron job, heh
<Patrickdk> heh
<Patrickdk> sometimes he updates it daily
<Patrickdk> but most of the time it can go weeks
<praktikant> hi@ll, is there a how-to for a ubuntuServer behind a firewall (not a personal firewall) .... what i have to do for "apt-get"?(i just need the configuration of ubuntu, nothing else.)
<lordievader> Good morning.
<mardraum> TheTrainee_: don't ask a question then change your nick
<mardraum> TheTrainee_: there is no howto, it would depend what is blocked. If you can set a proxy server apt-get can use that, which is a common scenario.
<TheTrainee_> sry, of nicknamechange.
<TheTrainee_> i got it.
<TheTrainee_> there where a testing of the firewall .... i didn't know. noone told me.
<TheTrainee_> everything is now allright. :)
<TheTrainee_> but thx so far.
<TheTrainee_> i am hunting for my luck now.
<TheTrainee_> have a nice day. ;)
<TheTrainee_> bb.
<gnuoy> jamespage, Having looked at python-logutils, both ubuntu patches can be dropped. So, I've created Bug #1400649
<uvirtbot> Launchpad bug 1400649 in python-logutils "Sync python-logutils 0.3.3-2 (main) from Debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/1400649
<NTQ> Hi. I'm back.
<NTQ> patdk-wk:
<jetsaredim> if I opt for virtualization server on the server install menus - what does that actually install
<jamespage> gnuoy, one query on that sync
<jamespage> see bug
<zul> jamespage:  ping so oslo.messaging
<jamespage> zul, hello
<zul> jamespage:  1.5.1 is out today and have it packaged but the kombu tests fail because a newer kombu version is needed
<zul> jamespage:  ran the tox tests with our version of kombu and I get the same test failures in my sbuild
<jamespage> zul what does it need?
<jamespage> zul, I see a .24
<zul> kombu: >= 2.5.0 but it fails with 3.0.24 but works with >= 3.0.24
<jamespage> zul, lemme deal with it now
<zul> jamespage:  ack
<jamespage> can' t progress on any of my other challenges today...
<jamespage> zul, uploaded - has new support for qpid but not enabling that
<zul> jamespage:  cool
<jamespage> zul, or maybe not
<jamespage> letme have another run at that
<jamespage> zul, need a new amqp - fixing now
<zul> jamespage:  ack
<jamespage> zul, I have a list of picks for zmq that we  want as well
<zul> jamespage:  okie gimme :)
<zul> er...please
<jamespage> zul, https://review.openstack.org/#/c/128233/
<jamespage> zul, https://review.openstack.org/#/c/129114/
<Justice> Are there any program that allow for testing of traffic shaping?
<Justice> similar to glasnost
<Justice> traffic shaping and/or peering
<hariom> Hi, I am in the need of urgent help. I am upgrading 12.04 to 14.04 but in the mid way of fetching packages, I am getting error: Err http://security.ubuntu.com/ubuntu/ trusty-security/main linux-headers-3.13.0-40 all 3.13.0-40.69                   Connection failed [IP: 91.189.91.15 80]
<hariom> What should I do?
<lordievader> hariom: Figure out why you cannot connect to that ip/port.
<hariom> lordievader: I am able to ping to that ip from the same server
<lordievader> hariom: Can you connect to port 80?
<hariom> lordievader: how do I connect?
<Justice> bump
<jamespage> zul, kombu has a racey redis test - but it should appear shortly
 * jamespage hit the button of despair
<zul> jamespage:  okie dokie
<zul> jamespage:  rabbit hole?
<lordievader> hariom: You can check with nmap or netcat or something like that.
<hariom> ok. I will back. Need to step out for dinner.
<jamespage> zul, a bit
<jamespage> kickinz1_mob|off, smoser: nice work guys
<jamespage> zul, I also need to create a zmq-receiver binary package for oslo.messaging - have you uploaded yet?
<zul> jamespage:  i havent
<jetsaredim> can someone please tell me where to get an updated dkms for 14.10?
<jetsaredim> one that fixes the bash/sed issue?
<adam_g> zul, jamespage heads up, may want to rebase horizon 2014.2.1 to include https://review.openstack.org/#/c/140358/
<jamespage> adam_g, awesome
<jamespage> coreycb, ^^
<coreycb> adam_g, jamespage, thanks for the notice, will do
<zul> adam_g:  awesome-o
<hariom> I am getting error while upgrading to ubuntu 14.04: Err http://in.archive.ubuntu.com/ubuntu/ trusty-security/main linux-headers-3.13.0-40 all 3.13.0-40.69   Connection failed [IP: 91.189.91.14 80]
<hariom> I have tried another mirror but same result. How to trouble shoot.
<lordievader> hariom: Have you checked nmap already?
<hariom> lordievader: http://pastebin.com/a5Hzsswk
<lordievader> hariom: Your pc sees an open port 80.
<hariom> lordievader: What do you suggest ?
<hariom> How to fix this. I don't have firewall enabled. And all outgoing are allowed
<lordievader> hariom: Try to connect to it with netcat, see what happens.
<hariom> lordievader: I don't see any output from "nc 91.189.91.14 80"
<lordievader> hariom: Type something and hit enter a bunch of times.
<hariom> lordievader: http://pastebin.com/9t2knt5i
<lordievader> As I figured, you have no connection problems with the server.
<hariom> lordievader: I have simply typed that ip on brower and got apache page so means port 80 was fine.
<hariom> lordievader: any idea why there is error in fetching packages
<lordievader> hariom: You where performing those tests from the client with the connection problems right?
<hariom> lordievader: I am upgrading 12.04 on remote server from my laptop
<hariom> I am able to connect and perform actions on remote server. No issues in that
<lordievader> hariom: Is that a yes, or a no?
<hariom> no
<hariom> I had no connection problem between client and server. Server is fetching these repo
<coreycb> zul, can you review?  https://code.launchpad.net/~corey.bryant/horizon/2014.2.1-2/+merge/244199
<Vladimirov> Trying to change shell from /bin/sh to /bin/bash for a user with chsh but nothing happens, it changes to /bin/bash/ but the shell is still the same:/
<Vladimirov> i did it before on another server and it was all goodie but not on this one..
<coreycb> zul, hmm, I might need the sru bug # included in that
<zul> coreycb: it doesnt apply to 2012.2.1
<coreycb> zul, yeah, ok
<lordievader> hariom: Err what point does it make to test these things on a computer that does not have the problem?
<hariom> lordievader: didn't get what you mean
<hariom> I want to upgrade from 12.04 to 14.04
<hariom> Server is located far away
<hariom> Following: http://ubuntuserverguide.com/2014/06/how-to-upgrade-ubuntu-server-12-04-to-ubuntu-server-14-04-lts.html
<lordievader> hariom: You have a connection problem on your server (I think), I give you instructions on how to figure out what is causing these connection issues. You perform these instructions on a different pc (I think) that doesn't have the problem. <- this defeats the entire purpose of those tests.
<hariom> lordievader: nmap and nc were ran on the same server
<sarnold> hariom: then perhaps it was a transient failure? retry?
<hariom> sarnold: Already tried with 4 times. Changed mirros as well. Restarted remote server but nothing seems to work. and if you type that ip in browser, it is just an apache default page
<lordievader> hariom: Hmm, now I'm confused.
<sarnold> hariom: sure, that's sometimes how namebased virtual hosting sometimes works
<sarnold> if you load e.g. http://in.archive.ubuntu.com/ubuntu/ you'll see it actually has the pool/ and dists/ as expected
<hariom> sarnold: I am able to update. I did dist-upgrade and it went fine
<hariom> sarnold: why it says Connection failed [IP: 91.189.91.14 80]
<sarnold> hariom: dunno, I'm surprised it didn't include a more specific error that might help you troubleshoot the problem
<sarnold> hariom: normally, I'd expect something like that to come from firewalling between your host and the remote host; whether it's on the server or one of the routers between
<sarnold> hariom: try tcptraceroute to the IP, see what happens
<sarnold> hariom: if it keeps happening, maybe try a different mirror, mirror.anl.gov is my favorite -- wrong continent, perhaps, but it has serious bandwidth, and might be able to out-do a local mirror anyway
<hariom> sarnold: ok
<hariom> sarnold: ok, I tried again. It went upto 92% completion but then again showing failed to connect
<sarnold> hariom: interesting... do you have a rate-limited connection or something similar? o_O
<hariom> sarnold: no
<lucid_interval> I have a HP All-In-One network scanner that has been and is detected and configured using hplip (hp-setup). I want to share this scanner to other Linux clients using saned. I had a perfectly working setup on Precise 12.04. After upgrade to trusty, client connects (entries in /var/log/saned.log) but scanimage -l on client does not show any scanners.
<lucid_interval> Also tried adding localhost and 127.0.0.1 to /etc/sane.d/saned.conf and /etc/sane.d/net.conf on the server and server can't see scanner either through net backend (any more)
<lucid_interval> Any clues on what has changed in saned between precise and trusty?
<lucid_interval> scanimage -L on the server DOES detect the scanner - through the hpaio backend, but not through the net back end
<DenBeiren> lordievader: you there?
<lordievader> DenBeiren: Half, what is up?
<DenBeiren> i got my samba issue working (if you remember)
<DenBeiren> added inherit permissions = yes
<DenBeiren> and chmodded all to 2770
<lordievader> DenBeiren: That is good to hear :)
<DenBeiren> wanted to say thanks to help me out :-)
<DenBeiren> i do have a new problem tough :s
<DenBeiren> http://pastie.org/9770644
<sarnold> DenBeiren: ltrace that, it should give you a good hint where it was when it died
<DenBeiren> sorry sarnold i'm afraid i don't know what you want me to do (nog a linux guru i'm afraid)
<sarnold> DenBeiren: ah :)  run "ltrace -o /tmp/testparm.out testparm"  -- then read through /tmp/testparm.out, it'll include a lot of library calls and so forth, and hopefully it'll include the strings it read from the configuration files moments before it declares failure
<sarnold> DenBeiren: scroll right to the end of the /tmp/testparm.out and start reading backwards
<DenBeiren> http://pastie.org/9770655
<sarnold> DenBeiren: yikes :)
<DenBeiren> strange things huh
<sarnold> DenBeiren: that's way less helpful than I expected. sorry.
<DenBeiren> lol
<lvmer> Anyone remember how to change the default duration for pastebinit?  I remember each website listed in the config having it's own options file, but cannot seem to find them
<MrPPS> Is it just me, or are apparmor-utils stil broken in 14.04?
<mdeslaur> MrPPS: still broken, we'll have an update soon
<MrPPS> ah, cool :) I just saw some launchpad stuff from a couple months ago which mentioned it'd be updated
<MrPPS> just checking I hadn't somehow missed that update
<MrPPS> cheers!
<mdeslaur> MrPPS: yeah, sorry about that, it's taking longer than we hoped
<MrPPS> all good :) I imagine these sort of things are fairly complex, so I'm in no place to judge :D
<MrPPS> what sort of issues are you encountering, if I'm allowed to ask?
<mdeslaur> every time we were about to release an SRU to trusty, we'd get more fixes, so we'd defer
<mdeslaur> the tools are all new code, and we knew there would be issues, just not this many
<mdeslaur> but the good news is things have stabilized now, so we should be able to push an update soon.
<MrPPS> nice :) well, I'm looking forward to it
<MrPPS> to be honest, I've not mucked around with apparmor much; just started looking at it last night
<MrPPS> went to start the profile creation, and that's where I encountered that issue
<MrPPS> so I'm looking forward to playing around with it in the near future
<MrPPS> thanks for your work on it, whatever your role! :)
<mdeslaur> you're welcome
<jjohansen> MrPPS: if you are so inclined there is a backport PPA for the utopic version of the apparmor tools, it has many of the fixes in it
<patdk-wk> what does the util do?
<patdk-wk> atleast, I hadn't noticed an issue
<jjohansen> MrPPS: https://launchpad.net/~apparmor-dev/+archive/ubuntu/apparmor-backports
<patdk-wk> ah, I don't even use apparmor-utils, not installed
<patdk-wk> but apparmor works just fine :)
<jjohansen> patdk-wk: the apparmor-utils are tools used for developing profiles
<patdk-wk> ya, I normally just write the profiles myself by hand
 * patdk-wk notes, vi works well :)
<MrPPS> I'll take a look; thanks jjohansen
<patdk-wk> likely why I didn't notice
<jjohansen> patdk-wk: right apparmor should be working fine, its the utils that underwent a major rewrite, it started out as a Google summer of code project
<MrPPS> yeah; having not mucked around with it before, I wanted to generate a few profiles so I can see how it looks/works
<patdk-wk> ya, my usage was too broad, to use a profiler on, to generate the rules for me
<jjohansen> patdk-wk: the tools aren't automatic, they just help. They scan the logs, and ask you if you want to add a rule to the profile etc. I think if you know what you're doing manually authoring the profile is more flexible
<jjohansen> but for those that just want to get rid of a couple of denied messages, they work okay
<patdk-wk> yep
<NTQ> Hi. I need some help configuring Dovecot and Postfix. I can send mails to a virtual user, but I can not login as that user to get the mails. Here is my configuration: http://nopaste.info/fda2a674bb.html
<NTQ> patdk-wk: I started from beginning and using an up-to-date tutorial in contrast to yesterday. ;)
<NTQ> Maybe the password encryption is wrong or something like that. But I don't know how to debug this.
#ubuntu-server 2014-12-10
<JanC> NTQ: start debugging by watching logs on both client & server
<JanC> (client logs might require that you start your mail client from a terminal with certain options)
<NTQ> JanC: My client is thunderbird. And it says the username-password combination could be wrong. On the server side I see this: http://nopaste.info/index.html
<JanC> NTQ: wrong link?
<NTQ> yes, sorry
<NTQ> http://nopaste.info/8593b482dc.html
<NTQ> I was too fast
<JanC> that's for sending mail?
<NTQ> That's for trying to login into the IMAP account over STARTLS or SSL.
<JanC> all those messages are from Postfix, none from Dovecot?
<NTQ> Thunderbird has a mechanism to guess the right parameters for a new mailserver. So it tries different settings for connecting to the server.
<NTQ> I know, but I configured postfix to use dovecot for authentication.
<NTQ> But maybe I have some misconfigurations in postfix. I don't know. Because I am new to it.
<NTQ> In my first paste you can find the output of postconf -n
<JanC> you say "I can not login as that user to get the mails" --> "getting mails" requires IMAP/POP, and thus Dovecot?
<JanC> if you don't see any Dovecot messages, then you probably aren't connecting to Dovecot
<NTQ> According to this tutorial yes: https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql
<NTQ> As you can see I have a lot to learn about this mail server stuff.
<JanC> as there is no Dovecot log there, you probably want to check Thunderbird log output (and/or maybe use Wireshark)
<NTQ> Okay, now I have new logs from dovecot.log: http://nopaste.info/035691232e.html
<JanC> oh, and check if the Thunderbird config is actually correct
<NTQ> I guess "fatal unkown CA" is a problem from thunderbird, because of the self signed certificate.
<JanC> yes, probably something like that
<JanC> is it self-signed or do you use your own CA?
<NTQ> It's the standard dovecot certificate.
<JanC> ugh
<NTQ> I thought I can use this for testing
<JanC> you should always create your own certs (then you can test that too ;) )
<NTQ> What's about that snakeoil cert?
<JanC> there might be an option in TB to disable or relax the CA check
<JanC> NTQ: not sure if anything is wrong with it really, or what
<JanC> but usually default passwords/certs are not something you want to use  :)
<NTQ> Do I need a qualified certificate for each of the virtual domains or only one for the mail server itself?
<NTQ> The mailserver has the name loft1234.serverloft.de and then there are many other domains domain1.tld, domain2.tld and their MX record points to mail.domainX.tld. And mail.domainX.tld points directly to the loft1234 with an A record.
<JanC> NTQ: are you using a client cert?
<NTQ> No
<JanC> anyway, you should probably try to get client-side logs too
<JanC> also, google for error messages after removing the parts that are specific to your case (i.e. domains, IP addresses, usernames, etc.)
<JanC> and try what changes in the logs when you change certain settings
<JanC> (assuming you are trying this on a server that's not directly connected to the internet?)
 * JanC has to go
<NTQ> JanC: The server is directly connected to the internet
<NTQ> I got logs from thunderbird.
<NTQ> Does this help? http://nopaste.info/aa306323c2.html
<NTQ> There is always a "authlogin failed"
<NTQ> Is it because the mail address is webmaster@domain.tld, but the server is mail.domain.tld?
<NTQ> Because domain.tld resolves to an other IP than mail.domain.tld
<NTQ> But the MX record of domain.tld points to mail.domain.tld
<Patrickdk> ntq, nothing is wrong with dovecot
<Patrickdk> fix thunderbird
<NTQ> I added the certificate to thunderbird.
<NTQ> I can not change much in thunderbird except trying different login parameters.
<JanC> how did you add the cert?
<Patrickdk> why would you add the cert to thunderbird?
<Patrickdk> that has nothing to do with the problem
<NTQ> I deleted all certificates in thunderbird which belongs to domain.tld. Then I added the new mail account and TB asked me if I want to accept the certificate.
<Patrickdk> so? that isn't the problem
<Patrickdk> [AUTHENTICATIONFAILED] Authentication failed.
<Patrickdk> right from the log
<JanC> okay, adding it that way should be right
<Patrickdk> at the point it errors on username/password
<Patrickdk> it is LONG past dealing with certificates
<JanC> Patrickdk: Dovecot ay something about "fatal unknown CA" though
<JanC> says
<Patrickdk> no it doesn't
<Patrickdk> it's a warning, not an error
<Patrickdk> it should be an unknown, he is not using cert logins
<NTQ> Woah. I got it.
<Patrickdk> he enabled all kinds of extra debugging, that is confusing the issue
<JanC> true, is listed as a Warning
<NTQ> The login is not webmaster@domain.tld. it's webmaster@domain.tld@domain.tld
<JanC> not sure why it says "fatal"
<NTQ> I got mail
<Patrickdk> it is fatal :)
<Patrickdk> cert logins will not work, fatal failed, no certs are trusted :)
<JanC> NTQ: that sounds like a server config error
<NTQ> I guess the SQL statement is wrong
<Patrickdk> the sql looks fine
<JanC> maybe the SQL used to add an account was wrong
<NTQ> That was postfixadmin
<Patrickdk> but a question though
<Patrickdk> that sql seems so odd though
<NTQ> username="webmaster@domain.tld", local_part="webmaster", domain="domain.tld"
<NTQ> That's the entry in the database.
<Patrickdk> ya, the domain is probably screwing it up
<Patrickdk> here is what I use
<Patrickdk> password_query = SELECT username AS user,password, CONCAT('/var/mail/virtual/', maildir) AS home, 106 AS uid, 106 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
<Patrickdk> user_query = SELECT CONCAT('/var/mail/virtual/', maildir) AS home, 106 AS uid, 106 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
<Patrickdk> iterate_query = SELECT username AS user FROM mailbox where active='1'
<JanC> if you use postfixadmin you should probably check that your SQL/tables are compatible with that...
<Patrickdk> this was from my one and single postfixadmin install :)
<Patrickdk> normally I just do it all custom
<Patrickdk> if you use my sql above, you can do this: http://paste.ubuntu.com/9449319/
<Patrickdk> it makes it use less sql lookups
<JanC> I've never used postfixadmin even  :)
<NTQ> I need postfixadmin for some customers which wants to set up mail addresses for their domains.
<Patrickdk> instead of looking up user + password, it will lookup password first and get user info also
<Patrickdk> I adjusted my postfixadmin to use real password hashs though, md5 just sucks
<Patrickdk> I should add on my nice sql password rotation limits
<NTQ> That's a good idea.
<NTQ> Okay, next problem is that thunderbird doesn't want to send mails.
<NTQ> But I will go to bed now. It's already 2:10 am
<JanC> NTQ: same problem for sending?
<JanC> as it uses Dovecot SASL for auth?
<NTQ> I tryed both logins. with and without double domain
<Patrickdk> logs?
<NTQ> Only two lines from postfix/smtpd. "connect from ..." "lost connection after UNKNOWN ..." "disconnect from ..."
<Patrickdk> heh? there should also be some dovecot lines
<Patrickdk> and postfix should print more
<Patrickdk> if that is all, thunderbird failed to connect using ssl
<NTQ> Maybe
<Patrickdk> what does your master.cf look like today?
<NTQ> according to netstat dovecot is listening to 993 and 995 and master (postfix) is listeing to 587, 465 and 25
<Patrickdk> not what I asked
<Patrickdk> and remove that smtpd_use_tls = yes line, that was killed long long ago
<NTQ> master.cf : http://nopaste.info/8ca730c60b.html
<Patrickdk> it's all commented out
<Patrickdk> no wonder
<Patrickdk> remove those comments
<Patrickdk> from line 17 to 21
<Patrickdk> and comment out line 22
<NTQ> Okay. are the last two lines correct?
<Patrickdk> and when your ready to stop spam, the first thing to do, is learn about postscreen
<Patrickdk> you don't use the last two lines, and should never use them
<Patrickdk> lmtp is MUCH better
<Patrickdk> and your already using lmtp now
<NTQ> ok
<Patrickdk> to enable postscreen, comment out line 11, and uncomment 12 to 15
<Patrickdk> but lets leave that till after email works :)
<NTQ> I got now some warnings: " unused parameter: dovecot_destination_recipient_limit=1" and
<Patrickdk> just remove that line
<NTQ> Yes. Sending works. Thank you!
<NTQ> Wow. The good thing is I have learned many new things. :)
<NTQ> Good night, guys.
<Patrickdk> doing email is so much nicer in #postfix
<Patrickdk> where I have a bot to abuse :)
<NTQ> Better I write my own tutorial for postfix, dovecot and postfixadmin in german language. The next time I can come back to it. ;)
<pmatulis> NTQ: consider helping with the ubuntu server guide!
<pmatulis> https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation/UbuntuServerGuide
<bananapie> Does anyone know if/when systemd will fully replace startupd in ubuntu?
<Patrickdk> probably never
<Patrickdk> there is no startupd
<NegativeFlare> Patrickdk: systemd
<NegativeFlare> and yes there is
<NegativeFlare> Debian uses it
<NegativeFlare> I think
<Patrickdk> debian uses systemd
<NegativeFlare> <bananapie> Does anyone know if/when systemd will fully replace startupd in ubuntu?
<Patrickdk> but there is no such thing as startupd in debian/ubuntu
<NegativeFlare> Systemd
<NegativeFlare> oh
<NegativeFlare> Nevermind
<NegativeFlare> We use upstart
<Patrickdk> yep
<Patrickdk> debian never used upstart
<Patrickdk> upstart has grown on me
<Patrickdk> I was *kindof* excited to move to systemd, till I looked at it
<bencc> how can I check the file descriptor limit of a user?
<hallyn> smb: thanks for the kvm-spice fix.  i notice DEB_VENDOR is still used in 2 places, wonder what else breaks.
<EuaD> i'm using ufw for my linode servers firewall and I want to deny all traffic, allow only certain ports for znc and ssh on port 7926. is it better to reject by default or deny?
<Darknet> hi guys, what would you suggest to use as a management panel for free these days?
<EuaD> great question. i too am curious
<lordievader> Good morning.
<smb> hallyn, Oh did I miss other places. I thought I had checked at least the rules file for it. But it was a bit of a pass-by-shooting... :/
<soren> EuaD: Generally, deny is better.
<nivv> Hey guys! Is there a way to trigger automysqlbackup to send mail? I want to test if it works
<rioch> How can I find out which commands have been run on a linux box by other users, possibly using sudo?
<henkjan> rioch: you can check the users .bash_history if not removed
<henkjan> rioch: sudo actions should have been loggen in /var/log/auth.log
<henkjan> maybe have a look at snoopy syslogging al executed commands
<henkjan> https://github.com/a2o/snoopy
<rioch> henkjan: nice tips, thanks. Snoopy looks really useful1
<henkjan> rioch: snoopy is in the repo's. you can install it with apt-get
<samba35> if i want to add ethernet card with pci passthrought do i require vd-t
<samba35> is vt-d and iommu are same ?
<soren> samba35: IOMMU is a concept. VT-d is Intel's implementation.
<linuxmint> Could I get some help with the command I ran. # apt-get install rpcbind nfs-kernel-server. Output: #: Pakcage 'rpcbind' has no installation candidate. E: Unable to locate package nfs-kernel-server.
<soren> linuxmint: Try "apt-get update" first.
<soren> linuxmint: If that doesn't fix it, your sources.list is probably busted.
<linuxmint> soren: thanks. Even # apt-get update seems to output errors: Failed to fetch... and Temporary failure resolving...
<soren> linuxmint: The you need to.... your...
<linuxmint> soren: reinstall ubuntu server?
<soren> linuxmint: No, why would you do that?
<linuxmint> soren: don't know, if in doubt, reinstall.
<ObrienDave> naw, probably a temporary mirror issue. try a different mirror
<soren> linuxmint: But you see it's kinda hard to work out what the other person means when they just replace important bits with "..."?
<linuxmint> soren: sorry. Here's a sample, as I have to type it http://pastebin.com/S8m8QA0D
<soren> linuxmint: Why do you have to type it?
<linuxmint> soren: The output is on a machine next to me.
<soren> linuxmint: ssh?
<linuxmint> soren: yes, I could...let me see.
<dorftrottel> and dont use pastebin.com..
<linuxmint> dorftrottel: Howcome? I don't want to paste numerous lines here.
<dorftrottel> thats not what i meant..
<dorftrottel> pastebin.com tends to screw up code and uses cloudflare which is an annoyance for tor users and i hear its full of advertisement
<soren> linuxmint: Use another pastebin service. Like http://paste.ubuntu.com/ or whatever.
<linuxmint> soren: ok, kind of fixed the issue. Another package isn't downloading. # apt-get install nfs-kernel-server. I'll try the long nfs install version though.
<linuxmint> Hello, I installed NFS server. Any suggestions how I can manage the HDDs. I currently have one HDD running the Ubuntu server and NDS server. I plan to add 3 more HDDs which will store the backups and movies etc. Do I just connect the HDDs and NFS recognises/mounts them?
<lordievader> linuxmint: No, nfs only exports what is defined in /etc/exports.
<linuxmint> lordievader: that sounds confusing. I thought the NFS server will store the data from the computers with data (NFS clients).
<linuxmint> lordievader: so, on computer2 (an NFS client), I transfer a file to computer1 (the NFS server), I decide on computer 2 which HDD to transfer to on the NFS server?
<lordievader> linuxmint: Your nfs server doesn't really care about hdd's. The export file defines what clients have what rights on what shares.
<linuxmint> lordievader: ok, sounds like I need to go through the install walkthrough again to clarify that https://help.ubuntu.com/community/SettingUpNFSHowTo
<linuxmint> lordievader: I plan to let the NFS server export file allow the clients to to have all rights. The NFS server will just be a dumb place to dump data.
<linuxmint> lordievader: ok, have to go. Thanks, I'll figure it out tomorrow.
<jamespage> zul, stgraber: any ideas? - https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148
<uvirtbot> Launchpad bug 1401148 in lxc "Re/starting an lxc container corrupts all network namespaces on the same physical host" [Undecided,New]
<stgraber> smells like a kernel bug
<zul> jamespage:  what stgraber said
<smb> Though apparmor also can cause some pain... ok that can be a kernel bug, too
<smb> jamespage, I assume that is Vivid. Still the 3.16 kernel?
<smb> oops no
<smb> one just needs to read
<anomie21> Why does my document root point to /var/www/html/lunarrecruitment.co.uk ? http://109.74.192.130/ - I've checked the default-ssl.conf and the 000-default.conf and they're both set to /var/www/html
<smb> jamespage, Did that namespace issue just start to happen?
<teward> anomie21: check your other configurations for sites.  Paste them to a pastebin if you'd like me to take a look.  You might have a default_server entry somewhere still pointing to there
<anomie21> teward: New vps so only a few domains luckily - http://pastebin.com/70AhUT5n
<teward> ... i want to send pastebin.com to the depths of hell.
<teward> anomie21: i don't know the ordering of which file is seen first, but if I'm right, whichever listener is seen first seems to be what Apache will point at.
<teward> s/listener/VirtualHost/
<teward> in which case you might need to define a default if you want otherwise
<teward> note to self don't open 50 tabs in chrome .>.
<teward> anomie21: you might want to consider creating a default vhost that defines a specific docroot
<monkeynutts> would anybody be so kind as to take a quick look over this http://pastebin.com/hiCaWTYQ
<anomie21> It should order 00-deafult.conf surely?
<teward> (as a suggestion)
<monkeynutts> its a script for transpartent proxy with bypass ability
<monkeynutts> running on 14.04 in a vm on esxi
<monkeynutts> its working for some but not for others on my lan and its driving me potty
<teward> anomie21: in theory yes, it should.  which of the ones you pasted was first in 000-default.conf?
<anomie21> teward: These are the two defaults, 000 is first-  http://pastebin.com/SS78NPA8
<teward> anomie21: which is actually enabled and in sites-enabled? both of them?
<anomie21> both yeah
<teward> ... crap, i'm late for a meeting...................
<teward> >.>
<jamespage> smb, tbh I'm not sure - I've seen issues with namespaces in the past - but this is the first time I've been able to identify a possible cause
<jamespage> smb, I can reproduce at will but it knocks out access to our entire qa cloud :-)
<smb> jamespage, Ok, so that could have been there all along (in T). Question always is whether you can experiment with more recent kernels (like U)
<jamespage> smb, I could try with the hardware enablement kernel I guess :-)
<smb> Or probably whether one can cause the same with a smaller scale environment.
<jamespage> smb, yeah - we should be able todo that
<smb> jamespage, Its always good if we have something we can do locally without rendering destruction on shared infrastructure. :)
<smb> sforshee, ^ in case you missed it
<jamespage> smb, sforshee: OK - so I can reproduce quite easily
<jamespage> create a network namespace and then start an lxc container
<jamespage> before start - ip netns exec <nsname> ip addr
<jamespage> works OK
<jamespage> afterwards
<jamespage> seting the network namespace "test-tests" failed: Invalid argument
<smb> jamespage, Wait... maybe you could update the bug with those instructions (for dummies level)
<jamespage> smb, doing so now
<smb> jamespage, ok cool
<jamespage> smb, added
<jamespage> again that's on 14.04 with stock 3.13 kernel
<smb> jamespage, ok. ack. tahnks for the update
<frobware> is there some build rules (or repo) I could look at to see how UEC images are built?
<frobware> in particular the ...-disk1.img images
<jamespage> smb, I can reproduce on utopic and vivid as well
<smb> jamespage, ok, thanks. Will try to reproduce it on a VM. Might be tomorrow, though. Or maybe sforshee beats me there.
<Kaelten> so if I have 30 servers and I want to sync a drive so that all the files where available on all thirty drives, would gluster be a the fit or is there something else I should look at
<bekks> Kaelten: Why dont you just create a network share and mount it on all other servers?
<Kaelten> assume that's not a valid solution for this use case
<sarnold> Kaelten: take a look at ceph
<sarnold> Kaelten: depending upon what you want, you might also want to consider NFS
<keithzg> Arghhh, I just simply cannot figure out why an increasing number of hosts on my network are resolving as "hostname.local" instead of "hostname.our.fqdn" . . .
<hariom> I am following this debian readme as that is the only available for how to install Atlas linear algebra package. Will this work for Ubuntu 12.04?
<hariom> https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/atlas/trusty/view/head:/debian/README.Debian
<pmatulis> sarnold: i was going to mention cephfs but i'm not certain it has been released as production-ready
#ubuntu-server 2014-12-11
<keithzg> Hmmph. I feel like this entire scheme was based on using a hosts file, and everything we've done technologically since it was no longer viable to keep a copy on every machine is just a rickety hack keeping a now-untenable scheme alive :P
<bekks> What exactly is this "scheme" your a re talking about?
<bekks> Ensuring name resolution with a host file in case of loosing the DNS servers is quite viable, though.
<keithzg> bekks: I mean literally everything since we moved past that first scheme of using a hosts file, so mostly I guess I mean DNS.
<bekks> What exactly is this "scheme" your a re talking about?
<keithzg> Scheme: a plan, program, or policy officially adopted and followed
<bekks> The only "schemes" I know of are inside a database which is capable of schemes and roles.
<bekks> So actually you are talking about "we are using host files"?
<keithzg> Nope
<keithzg> I'm talking about "gee, it's way easier to remember names instead of numbers" and then the scheme that was invented to implement that.
<bekks> So you are talking about host files.
<keithzg> Nope.
<keithzg> Kindof.
<bekks> Then you are talking about WHAT exactly? :)
<keithzg> That was the initial iteration of the scheme.
<bekks> Of which scheme?
<keithzg> But that became untenable, so now we try to automate it with DNS.
<sarnold> bekks: I suspcet it's some thing they've written themselves ..
<keithzg> The scheme to map names and numbers together for ease of human understanding.
<bekks> I am giving up - you are puzzled inside theoretical terms and you cant even explain what you are doing, in particulat.
<bekks> *particular.
<bekks> So I am resting your case, sorry.
<keithzg> bekks: that's because I *am* talking in generalities.
<keithzg> I'm saying "this entire set of systems and technologies we've developed to ease human usage of networking addresses"
<bekks> Can you define your actual Ubuntu support question?
<bekks> Despite generalities?
<keithzg> Yeah, I did earlier but everyone ignored me for hours so I just started lamenting the generalities of it, heh
<bekks> Which led to nothing, as you can see.
<keithzg> Hosts on our network are increasingly resolving as "hostname.local"
<sarnold> is it this? < keithzg> Arghhh, I just simply cannot figure out why an increasing number of hosts on my network are resolving as "hostname.local" instead of "hostname.our.fqdn" . . .
<keithzg> sarnold: yup
<sarnold> apt-get purge avahi on all your systems
<keithzg> Already did.
<sarnold> apt-get destroy all your OS X and Windows systems? :)
<keithzg> Heh
<keithzg> Oh how I wish!
<sarnold> I think apple brought us this .local insanity
<maxb> You may wish to uninstall libnss-mdns (or unconfigure it in /etc/nsswitch.conf) if you don't want it to be used
<keithzg> Yeah, it generally comes from bonjour, eh?
<bekks> It does, yes.
<keithzg> I'm just slightly confused as to why it's overriding all the instances of"dns-search our.fqdn" defined in all the /etc/network/interfaces files on our local servers, and other such configs.
<sarnold> "search" just tells the resolver library what domain to append to all queries
<keithzg> maxb: Yeah, I *though* I did that everywhere too, but it's probably worth double-checking, thanks.
<bekks> keithzg: the order in nsswitch.conf rules.
<sarnold> so it'll ask for e.g. www.google.com.our.fqdn. before www.google.com.
<sarnold> it doesn't say anything about how reverse lookups are done, e.g. to turn 192.168.1.1 to router.our.fqdn.
<keithzg> sarnold: ah, fair enough.
<keithzg> bekks: so if it was trying to use mdns that'd be listed there in the hosts line, right? ex. "hosts: files mdns4_minimal dns" or such, right? (I do vaguely remember tangling with this before, now)
<keithzg> Well, I've gone around and made double-sure, and there was indeed still a service or two still running (the server setup here is a jungle I've only slowly tamed, alas), Seems to be free of .local hostnames now, thanks sarnold, bekks and maxb :)
<sarnold> keithzg: good luck keeping it that way :)
<keithzg> sarnold: heh yeah
<keithzg> Now if only I could figure out why reverse lookup is being so awfully slow, but since DNS is still handled here by the isc dns service on an ancient Trustix server that nobody at work wants me to remove yet I'm not sure there's much the ubuntu-server channel can help me on for that :P
<sarnold> trustix, wow :)
<keithzg> Yeah, if I want outside support for that I'd have to hop in my time machine ;)
<Logos01> Heheh...
<Logos01> I love fucking with apt-get sometimes.
<Logos01> "183 upgraded, 0 newly installed, 0 to remove and 4 not upgraded." "Need to get 65.0 MB/416 MB of archives." "After this operation, 8312 kB of additional disk space will be used."
<Logos01> (This is for a brand new, never-before-initiated, apt-get upgrade.)
<bekks> Whats wrong at that point?
<Logos01> Nothing.
<Logos01> I know why it's doing it.
<Logos01> It's just amusing because superficially it makes the process seem schizophrenic.
<Logos01> "I am psychic enough to only need 65 out of 416MB to update your software for you!" "Of course, once I grab all 416 MB, you'll have 8MB extra diskspace used."
<bekks> Do you have a specific support question?
<Logos01> Sorry, no -- I'm just amused by it.
<Logos01> NFS repositories are a good thing.
<lvmer> um kind of confusing question to explain:  1) Want user greg & user john to be able to edit all samba files.  But all other users as members of group: publicshare to only be able to read/execute. Which I think I have setup nearly correctly.
<lvmer> Should I make a new group called: smbeditors (or similar)  and put both greg and john in that group and then chown smbeditors:pubshare -R /sharefolder     ?  Right now all folders are:   john:pubshare  & chmod = 0755 for most folders and 0750 or 0700 for others.
<lvmer> This will let both john & greg change file names? Or is there a better way. Right now, john & sudo edit, but greg does not.  But I cannot make greg a member of group john because greg should not have access to other folders that are john:john.
<lvmer> kinda confused because file permissions are owner:group:other... and Idk how this will work because I think it makes both greg and john now in the group category.
<lvmer> ah I'll ask in samba
<linuxmint> So I installed NFS server on Ubuntu server. I have 2 computer clients to transfer files to the NFS server. I add 4 HDDs to the NFS server (1 running Ubuntu server OS). I'm not clear how to transfer files to the correct HDDs and format the HDDs?
<linuxmint> I think I need to install NFS client on the computer client too, which I'm researching now.
<bonhoeffer> thinking of installing a process monitor that kills and reboots bad processes. anyone install monit? is it a good way to go?
<keithzg> bonhoeffer: Personally I've always felt that if you need to monitor for, and then kill, bad processes, then you have some underlying problems that need fixing!
<Turner> This is a support channel for the ubuntu server right
<lvmer> Turner: yes
<Turner> Ok sorry just wanted to make sure. So I have a question, is there a way to like say reset everything to the way it was when i first logged into the server? The reason is was I was installing multicraft and the installation messed up so I had to reinstall it, then it kept giving me this one thing and so then i tried some other stuff and long story short it doesnt really work now. (anything that I did during the install) Im runni
<sarnold> Turner: you're cut off at "Im runni"
<Turner> What do you mean? At the end where it says Im running ubuntu 14.04
<sarnold> irc has line length limits, and you hit it :) hehe
<sarnold> it's so often nearly nothing..
<sarnold> Turner: you can use dpkg --purge to remove individual packages and their configuration files
<sarnold> Turner: so if multicraft was installed via dpkg or apt-get you can probably remove all its configuration easily
<Turner> it was installed with apt-get
<Turner> or that was in the front of the command
<sarnold> nice. then you can take those package names and run apt-get purge <packagename> and it'll delete that package
<sarnold> so you can then re-run apt-get install <packagename> and it'll re-install giving you a blank slate to work with
<Turner> and i take it the package names would be what ever came after apt-get install
<sarnold> yes
<Turner> Ok let me try this
<Turner> Ok so I think I removed all the packages i installed is there a way to list the ones that are on it atm?
<Turner> Ok so I removed all the stuff in added. But theres one thing that I cant remove with the apt-get purge its muticraft and I think why is because i used wget http://www.multicraft.org/download?arch=linux64 -O multicraft.tar.gz to get it
<Turner> know how to delete that file? if I go to cd multicraft its there
<Turner> Im sorry im a noob and I want to be a programmer -.- good luck to me
<Turner> oh wait maybe i got it. let me try and install everything now
<Turner> Oh wait this was the error I was getting " * Starting web server apache2                                                                                     AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using (IP NAME WAS HERE). Set the 'ServerName' directive globally to suppress this message" any ideas?
<linuxmint> Hello, my ubuntu server names the HDDs incorrectly. E.g, SATA 1,2,3,4 should be named /dev/sda,/dev/sdb,/dev/sdc,/dev/sdd, but /dev/ is all mixed up. Can I rename to correct this?
<andol> linuxmint: Mixed up, as in with completely different devices names, or just in the "wrong" order?
<andol> linuxmint: Dependings on the issue being caused, it might be worth using UUIDs instead.
<linuxmint> andol: wrong order. I've moved on as apparently the /dev naming can't be managed.
<linuxmint> Prob I have now is, my Ubuntu server install was running. I just pulled the physical HDD out of the computer bay and the monitor went snowy then black. Now the computer power LED doesn't turn on and monitor is black. CPU fan runs thought. No access to BIOS. Did I wreck the HDD or MOBO?
<linuxmint> ok, HDD works in another computer.
<linuxmint> Other computer won't download gparted, stopping me reformatting the HDD.
<linuxmint> I suspect the MOBO is blown, but no clear way to tell. CPU fan does run.
<zatricky> Hey, guys - possibly not an Ubuntu-specific query (though this is for an Ubuntu server). I'm attempting to track down outbound connections to the local Apache server. Unfortunately netstat shows dashes in the pid column - super useless. tcpdump shows the traffic is going over the loopback interface using the public IP addresses.
<zatricky> To answer my own query - lsof showed the culprit - I had to put it into a loop and quit as soon as it found something. I suspect the connections were so short-lived that typically the pid never existed by the time it was requested. But lsof appears to be more robust or "quicker" to get that data out. :)
<zatricky> while true ; do lsof -Pni | grep "$local_ip:80 " && break ; done
<linuxmint> So, HDD not found on server. Put HDD into LinuxMint and finds HDD. Reformatted HDD to FAT32, Mint finds HDD. Put HDD back into server and doesn't find HDD?
<linuxmint> Ok, walkthrough for NFS server setup says # exportfs -ra. I receive error: exportfs: /etc/exports:1: unknown keyword "re"
<soren> linuxmint: Clearly the first line of /etc/exports is busted.
<soren> linuxmint: Dude, seriously, read the error message.
<linuxmint> soren: I fixed it, coding typo.
<linuxmint> soren: I read the error message, but didn't understand what is was referring to, but now I do.
<soren> It's pretty clear. Line 1 of /etc/exports says "re" somewhere where it shouldn't.
<linuxmint> Can I ask though, the NFS walkthrough says to edit /etc/default/portmap to get rid of "-l" or "-i 127.0.0.1". When I open the file there's no data in it?
<lordievader> Good morning.
<linuxmint> Ok, NFS server restarted, but portmap is a worry. Hopefully remote clients will be able to access it.
<linuxmint> So, final problem I'm stuck on is an NFS client won't recognise an HDD. The HDD and SATA data cable are tested ok. I swapped the SATA port connection and now both HDDs aren't recognised? I think I'll have to check the BIOS.
<linuxmint> ok, checked BIOS which also doesn't find the HDD.
<lordievader> linuxmint: If you stick the hdd in another pc, does that one detect it?
<linuxmint> lordievader: yes, HDD works find in LinuxMint.
<linuxmint> *fine
<linuxmint> This Ubuntu server has a new MOBO so I assume BIOS is up to date...although maybe too modern BIOS for the HDD?
<linuxmint> lordievader: I tried different SATA ports, which all work, but don't recognise the HDD.
<linuxmint> lordievader: it's a Seagate Barracuda
<lordievader> linuxmint: Does dmesg say anything about it?
<soren> It's obviously not "LinuxMint" that finds it.
<soren> You could install Mint on the other server all day long, but if the BIOS doesn't see it, you won't see it once it's booted.
<linuxmint> lordievader: dmesg is too quick to see any message. I'll have to load the computer and try a command like $ dmesg or dmesg | tail -30. I still get stuck with viewing all the output of dmesg.
<linuxmint> soren: ye.s
<linuxmint> *yes.
<lordievader> linuxmint: Yes, search through it...
<linuxmint> Anyone recommend an alternative to pastebin? I'm not confident Terminal lets me see all of $ dmesg. I scroll to the top of Terminal and can't see my original command $ dmesg.
<linuxmint> lordievader: perhaps line 346? http://pastebin.com/wzP0GxkM
<lordievader> linuxmint: Do you have four ssd's in your system?
<lordievader> I see a bunch of Intel SSD's and one Hitachi HDD.
<zetheroo1> "implementation of systemd in upcoming Ubuntu releases might mean we should dump Ubuntu Server as systemd is bloated and not really what system admins need/want" - So I have heard ... I am not sold ... hence I am consulting the Oracle - you all! :D
<linuxmint> lordievader: yes, I'm thinking or learning how to make RAID. I thought I'd try RAID 5 but not sure if it will work or be worth it?
<linuxmint> lordievader: they're small, so I could afford them.
<lordievader> linuxmint: I have no experience with raids.
<linuxmint> lordievader: glad I'm not the only one. Thought I'd try, but don't see the worth in it really, apart from bragging rights.
<lordievader> Oh, I can see the advantages. It is simply that I never wanted to spend money on it ;)
<gnuoy> jamespage, If I'm creating a package merge request bug with an associated bzr branch I assume I don't need to upload deb diffs to the bug?
<jamespage> gnuoy, bzr or debdiff
<jamespage> not and :-)
<gnuoy> tip top
<gnuoy> thanks
<zetheroo1> so apparently systemd is only good for desktops and not server ...
<zetheroo1> anyone!?
<ogra_> zetheroo1, what alternative server distro would you use then
<zetheroo1> well I am being told to switch to BSD
<ogra_> i dont think any but slackware and gentoo will come without it
<zetheroo1> but is it really true that systemd is only useful for Desktops?
<ogra_> nonsense
<ogra_> thats like asking if upstart is only good for desktops ...
<zetheroo1> ok
<zetheroo1> another thing I am being told is "if you need to fix stuff, you need to recompile C++ programs" ...
<zetheroo1> true?
<ogra_> its is just an init system ... its is different to others and yes it swallowed (and replaced) a bunch of core functionality with new stuff ... and yes, it offers some extra features for better desktop integration ... but it will be the default in most linuxes in the future which means documentation can be unified etc etc
<ogra_> why dont you ask these questions in a systemd channel ?
<zetheroo1> ok ... sorry, didn't know there was one ...
<zetheroo1> is it on freenode?
<ogra_> no idea
<ogra_> it just doesnt seem like the right place to ask questions an upstream developer could answer you better
<zetheroo1> ok :)
<gnuoy> jamespage, Are you happy to sponser Bug #1401461 ? and if so should I assign it to you?
<uvirtbot> Launchpad bug 1401461 in python-logutils "Please merge python-logutils 0.3.3-2 (main) from Debian unstable (main)" [Undecided,Confirmed] https://launchpad.net/bugs/1401461
<johncarper_> Hello, this question might be abit offtopic here, but I recently purchased a 5.25 inch SATA Hard Drive mobile rack that has a molex connector for the power: http://i61.tinypic.com/2556k4n.jpg will I be able to power it trough my PSU with this cable: http://i59.tinypic.com/25i0p5v.jpg ?
<maxb> 5.25 inch SATA kit, really?
<maxb> The connector on the left does look like a molex power one
<linuxmint> So, can a faulty HDD stop a working OS HDD booting? Seems to make computer load into GRUB rescue?
<YamakasY> can't we run a centos mirror on Ubuntu ? we can run a Ubuntu mirror on centos
<makara> hi. I'm trying to relink a deleted file inode using debugfs, but it doesn't recognize the filesystem /dev/simfs. I have to use debugfs. What can I do?
<makara> i see this guy has the same problem: http://stackoverflow.com/questions/26326123/dev-simfs-no-such-file-or-directory-while-opening-filesystem
<linuxmint> I'm stuck in GRUB rescue, can't get out?
<linuxmint> I try boot, but error: Unknown command 'boot'
<dvargek> hi guys, anyonen tried to install kernel 3.16 kernel on ubuntu 14.04 ?
<dvargek> i had a problem last week, with a missing raidcontroller module
<dvargek> it seems, the module 'megaraid_sas' is not included in the package
<smb> hallyn, stgraber, I subscribed you both to bug 1401148 so we can figure out things. Last comment is a question which you probably can answer more quickly
<uvirtbot> Launchpad bug 1401148 in linux "Re/starting an lxc container corrupts all network namespaces on the same physical host" [Undecided,Confirmed] https://launchpad.net/bugs/1401148
<stgraber> smb: gave you a vague reply on there, hallyn would have more details
<smb> stgraber, ok, we may want the more info then. Like I noted a bit above the bad things don't seem to happen when one lets aa only complain about stuff
<caribou> rbasak: do you think that it would make sense to add a uvtool-simplestreams command to sync local images ?
<rbasak> caribou: what do you mean exactly?
<caribou> rbasak: to be able to load a local cloud image (i.e. an image file downloaded to local disk) as an image available for uvtool to use
<caribou> rbasak: for instance, I build my own debian jessie image that I want to use with uvtool
<rbasak> caribou: ah, I see. Yes - I'd like to have something like that. Better, integrate everything so you sync to only one place and everything can use it (including libvirt, tgz users and qcow users)
<rbasak> caribou: for your own image, you can use --backing-image-file
<caribou> rbasak: ah, let me look at that
<alex88> hi guys, https://gist.github.com/alex88/26b064ec9ce50bc6d961 I'm trying ot downgrade a package, it says it will be installed but it doesn't do anything
<alex88> any idea?
<caribou> rbasak: ah, it's the only option missing in man uvt-kvm!
<caribou> rbasak: want a bug for that ?
<rbasak> caribou: ah. Yes please - I must have missed it and I think the manpage should be comprehensive. Thanks!
<caribou> rbasak: ok, I'll create the bug & fix it
<jrwren> anyone ever have a bash variable behave readonly but its not in the readonly list? http://paste.ubuntu.com/9476396/
<jrwren> not being able to set SSH_AUTH_SOCK is pretty terrible.
<caribou> rbasak: do you want the bug on upstream uvtool or the ubuntu/uvtool ?
<caribou> rbasak: looks like hallyn has already done it : bug #1317266
<uvirtbot> Launchpad bug 1317266 in uvtool "add an option to specify a backing store disk file" [Undecided,New] https://launchpad.net/bugs/1317266
<jrwren> nevermind. I'm a fool over ssh_auth_sock
<rbasak> caribou: just a warning about uvtool. There's a spike for snappy that hasn't landed yet.
<caribou> rbasak: ok
<rbasak> caribou: https://github.com/smoser/uvtool is the spike - I need to review, modify and merge as required, and that's the top priority for now. Though I imagine a man page fix should merge in fine.
<caribou> rbasak: I'll ping you before doing anything
<caribou> rbasak: this --backing-image-file is just want I wanted. Was a good idea to ask first :-)
<rbasak> caribou: :)
<rbasak> caribou: I added it when I needed it once :)
<caribou> rbasak: I use uvtool to test makedumpfile & kdump-tools kernel dumps & I needed that for debian
<caribou> had to enable kdump-tools to work with systemd
<apw> hallyn, hey, this netns corruption thing.  the behaviour changes if apparmour is put in moan mode, what it prevents is your attempt to remount /run/netns -slave; if you are able to do that things work, so i think this is something you need permission from aa to do
<hallyn> jjohansen: ^ what would the rule be to allow the ms-slave mounts?  (we turn all pre-existing mounts into slave mounts in our own ns to avoid umounting things on the host when starting a container)
<apw> hallyn, i should say "appear to work to me" but i didn't do extensive tests there
<Azaril> hey
<Azaril> im getting
<Azaril> http://pastie.org/private/newqkpx9vyhhbqfia40jtq
<Azaril> i dont understant where this is coming from...
<hallyn> apw: it makes sense
<hallyn> apw: what is the bug# again?
<hallyn> oh got it
<apw> https://launchpad.net/bugs/1401148
<uvirtbot> Launchpad bug 1401148 in linux "Re/starting an lxc container corrupts all network namespaces on the same physical host" [Undecided,Confirmed]
<apw> i am not sure if this is a new behaviour mounts wise from "ip"
<avalon> i was installing server 14.04.1 onto a dell poweredge r300 earlier today and chose the manual partitioning option, and every step of that process took a long time for something that seems instant on other distros - is that normal, or is there a reason it might be laggy?
<teward> Azaril: looks like maybe there's an issue with the mirrors somewhere... if i remember right i get that sometimes in the US mirrors, and it might resolve itself
<hallyn> apw: start-container profile already has:
<hallyn>   mount options=(rw, slave) -> /,
<hallyn> oh
<apw> mount(NULL, "/run/netns", NULL, MS_SLAVE, NULL) = -1 EACCES (Permission denied)
<apw> but regardless, it fails according to strace
<Azaril> teward: its being doing it for a couple of weeks...
<Azaril> i get a valid response from the ip which is weird
<teward> Azaril: i poked the mirrors team to see if there's any known issues about it
<teward> Azaril: in the mean time all I can say is maybe try using a different archive mirror?
<Azaril> hmmm
<hallyn> apw: adding "remount options=slave," doesn' thelp.  so this seems like either an apparmor bug, or a misunderatnding of how to specify the policy
<hallyn> sarnold: ^ do you know offhand?
<apw> hallyn, (ro, slave) perhaps ?
<apw> mount options=(slave) -> /run/netns,
<apw> or
<apw> mount options=(ro, slave) -> /run/netns,
<apw> would be my guesses
<Azaril> different mirror seems to have worked, cheers
<tyhicks> apw, hallyn: this sounds like bug #1350947
<uvirtbot> Launchpad bug 1350947 in linux "apparmor: no working rule to allow making a mount private" [Medium,Confirmed] https://launchpad.net/bugs/1350947
<tyhicks> apw, hallyn: I'm only vaguely familiar with that bug but I think it may be what you're bumping into
<apw> tyhicks, i suspect that that is indeed, in part what we are bumping into, in that i think we need that rule, and could not specify it even if we want to
<hallyn> tyhicks: agreed,
<hallyn> just added a comment to 1401148 , only 'mount,' works for me
<hallyn> tyhicks: haha, and i noted htat in a comment in that bug
<hallyn> (so this was known in august)
<tyhicks> We've been prioritizing other bugs/features higher than that one
<tyhicks> hallyn: is it now a blocker for something you're doing?
<hallyn> tyhicks: not me.  jamespage ^
<jamespage> hallyn, ?
<hallyn> jamespage: you filed bug 1401148
<uvirtbot> Launchpad bug 1401148 in linux "Re/starting an lxc container corrupts all network namespaces on the same physical host (dup-of: 1350947)" [Undecided,Confirmed] https://launchpad.net/bugs/1401148
<uvirtbot> Launchpad bug 1350947 in linux "apparmor: no working rule to allow making a mount private" [Medium,Confirmed] https://launchpad.net/bugs/1350947
<hallyn> you didn't assign it a priority though
<hallyn> so the q is is this blocking something for you
<hallyn> tyhicks: i guess i'tll block use of containers in neutron?
<hallyn> for zul's nc-lxd, the answer may be that since the containers run unprivileged, we do in fact just allow "mount,"
<hallyn> (as workaround)
<tyhicks> ok
<tyhicks> we'll (the sec team) will discuss if we can give it more attention in the short term
<hallyn> in fact  based on the Description I guess it actually prevents some basic setups (without containers as guests, just containerizing some services on the host) are bein prevented
<hallyn> really i'd argue this comes down to poor design in 'ip netns', which is very limited, and should not have been used by neutron
<hallyn> (wonder if making /run/netns itself unbindable would be useful)
<sbtechcom> anyone here deal with MaaS?
<jamespage> hallyn, not immediately
<jamespage> hallyn, but its needs resolving for the target architecture we have for deploying openstack this cycle
<jamespage> right now putting anything under lxc on a neutron gateway node is not a great story
<hallyn> jamespage: tyhicks found the problem
<jamespage> hallyn, ok - so at least I'm not going mad
<jamespage> hallyn, medium is fine for now
<hallyn> cool, thx
<jamespage> hallyn, remind me again how I fix the mtu of the veth interfaces for an lxc container to 9000?
<hallyn> jamespage: lxc.network.mtu = 9000
<jamespage> hallyn, hmm yes
<jamespage> hallyn, OK - so I have another interesting bug then
<jamespage> hallyn, if I stop/start using the lxc-* commands - all's good.
<jamespage> hallyn, if I reboot within the container, the veth on the host gets reset to 1500
<jamespage> but inside it still thinks its 9000
<jamespage> that has some odd effects
<jamespage> I'll raise a bug shortly
<hallyn> jamespage: hm, drat, not sure where that'll be happening.  got a afeeling that may become a hairy interaction of upstart jobs
<johncarper> Hello, I'm trying to allow apache on iptables as i'm using a cups print server, I've tried adding serveral rules to my iptables but none of them worked. I'm trying to access it from my pc on tesame network, anyone know what might be wrong? Everything works fine with iptables disabled
<johncarper> here are my iptables rules: http://pastebin.com/0yT5u1eT
<Madkiss> hi folks
<Madkiss> If I device to install systemd on ubuntu 14.04, does that systemd come with a compatibility layer for upstart?
<lordievader> Madkiss: In 15.04 I could enable systemd without any modification. That said, systemd is to my knowledge not supported on 14.04 or 14.10.
<Madkiss> okay, thans
<dmsimard> Is there a specific channel for Ubuntu core ? #ubuntu-core is empty :)
<soren> #snappy
<soren> dmsimard: ^
<sacarde> hi
<sacarde> is possible to re-exec network configuration by consolle ?
<soren> Sure. restart networking
<sacarde> no no
<sacarde> I have to change config
<sacarde> by consolle, by script automated
<soren> Well, then say re-config, not re-exec.
<sacarde> yes
<sacarde> re-config
<sacarde> like during installation
<dmsimard> soren: ty
<jamespage> hallyn, https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401658
<uvirtbot> Launchpad bug 1401658 in lxc "Host veth mtu not preserved during container reboot" [Undecided,New]
<hallyn> jamespage: ok, thx
<lordievader> sacarde: You mean edit /etc/network/interfaces?
<hallyn> jamespage: though i'm not observering the same (on utopic)
<jamespage> hallyn, thats on 14.04 with stock 3.13
 * hallyn tries on a vm
<jamespage> hallyn, prob worth pointing out
<jamespage> eth0 (9000) <-> juju-br0 (9000) <-> veth (9000)
<hallyn> jamespage: and it's the host side veth that gets its mtu reset?
<jamespage> hallyn, yes
<hallyn> jamespage: oh, what guest release?
<jamespage> hallyn, all 14.04
<hallyn> k
<hallyn> jamespage: trusty VM with trusty containre still don't reproduce, using lxcbr0.
<jamespage> hallyn, I'll try make a reproducer up
<jamespage> but not tonight
<hallyn> jamespage: do you have other containers running with mtu 1500 by chance?
<hallyn> or, VMs attached to the juju bridge with 1500 mtu?
<jamespage> hallyn, all containers are set to mtu 9000
<jamespage> well at least the ones attached to the juju-br0 are
<hallyn> interesting.  yeah reproducer will be appreciated - thanks, good night
<blacknred0> I think I know the answer to this..... but is there a way to have crontab sending an email without having to install a mail server?
<keithzg> blacknred0: yup, in fact I swear by default it does; certainly you can use utilities like mailx
<blacknred0> thanks keithzg! - I tried without it and no mail was sent out.  I will give mailx a try.
<keithzg> blacknred0: no problem; worth mentioning, I don't think the traditional bsd-mailx can send without an MTA, you'll probably need to specifically use heirloom
<medecau> Evening all, I am trying to disable Logstash as a service. I whish to control it through supervisord. Not sure how to go about it. #ubuntu said #ubuntu-server is the place to ask.
<rberg_> I am trying to track down why the password on my iDRAC keeps getting reset during a debootstrap based install. looking at the time stamps it appears to be happening during package installation, has anybody here experienced this before?
<rberg_> BTW I agree that doesnt make much sense :(
<rberg_> NM found it, it was a custom package
<linuxmint> Could I get some help with formatting disks? I'm not sure whether to use ext1,2,3,FAT32. I only need the disk for storing backups, so maybe ext3. The command I have is # mksf.ext3 /dev/sde. Could someone confirm as it's a bit scary.
<linuxmint> Actually, how to check if the new disk is formatted or what's on it? I tried # cd /dev/sde, but error: Not a directory.
<keithzg> linuxmint: you can use fdisk or parted to look at how drives are partitioned or formatted from the terminal. If you have a GUI and you're new at this, you might want to use GParted instead.
<keithzg> linuxmint: fdisk is the classic way of listing partitions, but parted is the more modern one; "sudo parted --list" will show you how things are currently partitioned, and you can use to to format the drives/partitions themselves too.
<keithzg> (main reason to use parted instead of fdisk is that fdisk doesn't support GPT, which is the partition table scheme that is often used these days)
<linuxmint> keithzg: thank you. Yes, I'm familiar with # fdisk -l and GParted, however I'm SSHing into the computer, so I don't think the GParted GUI will work. The new HDD doesn't show any partitions...just 500 GB, so I thought I'd see if it's formatted or has any files, before trying to format to perhaps ext3?
<keithzg> linuxmint: Yeah, then gparted or fdisk are your friend (although to see if there are any files, you'll then have to mount any partitions you see). But you *can* get GUIs working, if you ssh with the -X flag! (Although that's slightly tricky since you'll probably need root to use GParted).
<keithzg> err, sorry, by gparted first there I just meant parted.
<keithzg> GParted is the frontend for parted.
<keithzg> Or more accurately, I think they both use libparted.
#ubuntu-server 2014-12-12
<YamakasY> pikkaachu: strange my server logs UTC and uptime gives local time
<YamakasY> oops
<kevindf> Hello, I'm planning on running the Zabbix Server on my CentOS server, but would like to set my Ubuntu Server as a client so the server gets monitored also. Would this take alot of hardware resources?
<samba35> if i use NIC (ethernet cards) with kvm in one guest can i use same card on another guest
<Patrickdk> no
<samba35> Patrickdk: thanks
<samba35> then can i use vlan on that card on guest ?
<Patrickdk> heh?
<Patrickdk> on guest?
<Patrickdk> why bother?
<Patrickdk> just attach that nic to a switch on the host os
<Patrickdk> then attach the kvm guest nics to that switch or vlan on that switch
<Patrickdk> or, just route everything from each guest to the nic
<Patrickdk> it's just normal networking basics, nothing fancy
<samba35> ok ,thanks
<delinquentme> So I've always configured SSH access with the entirety of a public key. Say in the manner which github has you add a new server to pull / push to a repo .....  and these are what I've pasted into ~/.ssh/authorized_keys
<delinquentme> however with fingerprints ... am I generating that public key from the fingerprint ?
<Draggin> Hi, good morning. I'm not sure if this'd be the right place to ask, but I'm looking for a good starting point to learn about MySQL running on Ubuntu (specifically running on Ubuntu - not just general MySQL information)
<delinquentme> Draggin, do you run ubuntu as your native OS?
<delinquentme> have you ever SShed into a machine?
<Draggin> delinquentme: I do. And yes. I've been playing around with Linux for a few years (but I still consider myself very much a newbie)
<Draggin> It's just that MySQL seems to behave oddly on Ubuntu from what I've seen on other systems.
<delinquentme> im not sure thats been my experience
<delinquentme> im assuming you're taking in installing it?
<delinquentme> taking = talking *
<Draggin> delinquentme: Firstly, it seems to be installed, but also not... :P Like Akonadi runs fine and claims to have found it, but when I run the command "sudo netstat -tap | grep mysql" as suggested by https://help.ubuntu.com/14.04/serverguide/mysql.html, I see nothing
<Draggin> What I really want to know, is things like - where does it store the configuration files, the database files,etc. Because there seem to be multiple locations with MySQL stuff in it, and I'm not sure what they all are.
<Draggin> I'm perfectly happy to read up about it all myself, but I'm not sure which resources to use...
<delinquentme> im not sure what Akonadi is
<Draggin> delinquentme: Not to worry. Irrelevant really. Point was just that Akonadi finds a DB server and stores it info there
<delinquentme> but typically you'd run maybe 4 - 10 actual commands to update all the prerequisite packages installed and then finally configure and install mysql
<delinquentme> well i'd say see if you can log into the mysql server all on its own -- as whatever root user you configured it with
<Draggin> Now, I see that MySQL Server Core is installed, but not MySQL Server 5.5
<delinquentme> and typically you'd be providing applications a localhost:3306
<Draggin> Ah, delinquentme - that's one of the issues. I haven't configured it. And this is where it gets confusing for me on Ubuntu. It was just already there after installation and I was never asked for a root password. This is contrary to my experience working with MySQL on other systems before
<delinquentme> so Akonadi, I'd guess would be installing via that url with a login / password you create for it
<delinquentme> yeah if you're looking at a fresh install 90% chance you're going to need to set a root password
<delinquentme> https://help.ubuntu.com/12.04/serverguide/mysql.html
<delinquentme> During the installation process you will be prompted to enter a password for the MySQL root user.
<Draggin> Right. But that's what I'm saying. Never was. Not during (K)Ubuntu installation. And after OS installation, MySQL just seems to be there already, without ever having asked for a root password
<Draggin> So now I'm trying to follow the first steps here : https://help.ubuntu.com/community/ApacheMySQLPHP#Set_mysql_root_password
<Draggin> But - and this is something that I've experienced on Ubuntu machine with MySQL all the time (being that I'm not that well-versed in Linux and MySQL, I probably just don't understand what the real issue is) - whenever I try logging into MySQL from the command line, I get this: ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<delinquentme> Draggin have you put any sensitive data in the db yet?
<Draggin> Nope
<Draggin> This is a completely clean install
<Draggin> Haven't been able to get to any databases yet :)
<delinquentme> rip it out and reinstall
<Draggin> Which is what I'm planning on doing, but...
<Draggin> That's why I'd like to know where exactly what is stored for MySQL in Ubuntu.
<Draggin> Because there's /etc/mysql
<Draggin> /var/lib/mysql
<Draggin> etc.
<Draggin> So - without having to read the entire MySQL manual - where's a good place to learn about these basics?
<delinquentme> Draggin, http://www.cyberciti.biz/faq/mysql-datadir-files-stored-unix-linux/
<a1fa> hi anywya to resize mounted root lvm ext3 partition w/o single user?
<lordievader> Good morning.
<tacklemcclean> I have a ZFS volume mounted over ISCSI on my Ubuntu 14.04 LTS Server. It is shared over Samba. When smbd is running, it prevents something from shutting down correctly so reboot/shutdown freezes the system. If I stop smbd service before reboot it works fine. Is there any way to have upstart shut down smbd before zfs-share? Any tip?
<gdi2k> hi all, I have a weird issue where I cannot add read permission for other users to files using chmod. Not seen this behaviour before. http://paste.ubuntu.com/9487075/ any ideas?
<tomstorey> gdi2k: does "chmod 644 vmlinuz*" do anything?
<gdi2k> tomstorey, thanks, yes, that worked :)
<gdi2k> crazy that +r doesn't
<tomstorey> that may have changed the perms on the symlinks too, which would have removed the execute permissions from them
<tomstorey> so to put them back, use chmod 777
<tomstorey> although, that gives everyone + dog write permissions, might not be a good thing :)
<gdi2k> tomstorey, it's ok, I used it explicitly on the actual files, not symlinks, so all good I think
<gdi2k> thanks!
<tomstorey> cool :)
<tomstorey> no idea why +r didnt work, im no filesystem guru
<gdi2k> :/
<gdi2k> beer time, gn! ;)
<vladdi> I got a problem, I reconfigured the the utf-8 in irssi, and now I can't type Ã¶Ã¤Ã¥ (swedish keyboard) neither in irssi nor in the system
<vladdi> there's no locale file either, (in /etc/default/)
<vladdi> s
<jamespage> coreycb, I think we can nail systemd in the first set of kilo uploads
<jamespage> coreycb, infact we could do it now
<jamespage> coreycb, http://paste.ubuntu.com/9488650/
<jamespage> its pretty easy imho
<jamespage> coreycb, https://code.launchpad.net/~james-page/cinder/systemd-support/+merge/244574
<jamespage> tested on my laptop
<Vladden> Can't change language with loadkeys, i get: Couldn't get a file descriptor referring to the console
<johncarper> Is it possible to create a CNAME record on your local network without having a internal DNS Server?
<mardraum> how would you modify a dns record without a dns server?
<johncarper> I don't know, that's why i'm asking :) Can't you add a alias in the host files to let it work on local network?
<mardraum> that's not at all what you asked
<mardraum> if you think modifying the local hosts file is a good idea, who are we to stop you?
<Odd_Bloke> johncarper: We might be better able to help you if you describe the problem you are trying to solve, rather than asking if a particular solution is possible. :)
<johncarper> I just would like to change 192.168.0.x for example to s1.local that's not possible without a internal dns server?
<Odd_Bloke> johncarper: So that (for example) "ssh s1.local" would SSH in to 192.168.0.x?
<johncarper> yes
<jrwren> johncarper: on an entire network, you would need DNS for that, unless you can update /etc/hosts on every machine in the lan.
<johncarper> it is a small network with about 3 pc's, in this case this would be doable just by changing the hosts files?
<johncarper> and 2 servers
<Odd_Bloke> johncarper: If you're happy maintaining those 5 hosts files then that's viable, yes.
<pmatulis> johncarper: it's not hard to set up dns server with dnsmasq.  can even have the server use its /etc/hosts file for information :)
<Odd_Bloke> You could also look at Avahi.
<Odd_Bloke> Though my experience with it is fairly limited.
<johncarper> ok, thanks
<YamakasY> can I fix an issue like this with puppet-apt module ? SystemError: E:Encountered a section with no Package: header, E:Problem with MergeList
<genii> YamakasY: I'm not sure specifically for puppet, but on a regular system you would purge the package lists in /var/lib/apt/lists.   and refresh it with sudo apt-get update
<YamakasY> genii: yap but I have to do 150 hosts or so
<bekks> YamakasY: do you get that error on one server or on 150?
<YamakasY> bekks: to be hones on 45
<kasad> hello
<kasad> Anyone got idea how badly upgrade from 10.04.4 LTS to current LTS would break Plesk 9 (9.5.4)
<kasad> (i fear the answer is horribly)
<bekks> Yes, it will break horribly.
<kasad> bekks, presumably with no chance of fixing it amirite?
<kasad> because plesk isn't exactly fixable once it goes awry (and i hate it, soz ot but have to note my hate)
<bekks> Correct.
<kasad> on the other hand, running 10.04.4 LTS isn't super smart either
<kasad> just now I wanted to do some stuff, I already see sources are acting up, stuff is missing, sigh
<bekks> You'll have to update from 10.04 next year in April, since support will end.
<kasad> yeah, that's why  I am bringing it up
<bekks> I'd reinstall 14.04 and I'd not install Plesk.
<kasad> because right now I have some time, not that it's exactly spare time, but I'm in the middle of moving to new place, and right now I'm waiting and fixing some backlogged stuff
<kasad> bekks: I hate plesk with all my heart, but company production server runs plesk
<kasad> so I keep it at home server just to be able to experiment/find solutions before I bring them to production enviroment
<kasad> (and trust me there are always issues with plesk)
<bekks> I've been using plesk myself.
<kasad> my condolences brother :(
<keithzg> kasad: You could always just turn the current state of your server into a virtual machine, and keep that to play around with.
<kasad> yeah been thinking about that, that will take some time, company is in el cheapo mode, I work from home because I have better equipment at home, the downgraded from 4 dedicated servers to 1 vps, money issues.
<kasad> and lately i've been having issues with diskspace (especially on my ssd) so I am not sure I have space to put VM on from where it will run at least semi-decently
<kasad> but seems that will be the end solution anyway
<bekks> "to put VM on"?
<keithzg> Yeah, it's worth working towards; and hell, VMs are great for that kind of experimentation anyways, since you can just snapshot/revert/repeat for testing.
<kasad> hard drive space on my home pc (which is running windows 8.1 - another recent mandatory upgrade)
<kasad> yeah keithzg, amen
 * keithzg definitely understands the quandry of the company not having the money to through around, too
<kasad> bekks: "to put VM on" - I am talking about my home setup, the only disk where I have space left, where there is currently my old win7 virtualized located
<kasad> is running slow as hell (on sandybridge i7-2600k with 16GB Ram)
<kasad> but bottleneck is small system SSD
<bekks> Then you are doing it wrong :) My VMs run fast here, on a i5-2500 with 16GB RAM.
 * kasad nods at keithzg with understanding, especially if zg stands for Zagreb
<kasad> bekko: never had issues before this win7 vm
<bekks> So it depends on your vm configuration.
<keithzg> kasad: heh, nope, it's just my last name (Zubot-Gephart) abbreviated.
<kasad> which is a bit too large for my ssd, because it includes 2 volumes (I was running out of space on my ssd while I was running win7, so I had to move some folders to another drive with junctions)
<kasad> ah, :)
<kasad> bekks: you mean like allocated memory, etc?
<keithzg> kasad: Yeah, storage access speed can really slow things down for VMs, but what are you using to run the VM? I've noticed KVM is *extremely* slow to run Windows VMs (especially without a lot of tweaking), but by contrast VirtualBox is fairly speedy.
<kasad> keithzg: noticed same things, but in both direction, some stuff works extremely fast on VirtualBox, other on VMWare
<bekks> kasad: I mean the entire vm configuration.
<bekks> kasad: Which hypervisor do you use?
<kasad> vmware
<kasad> 10
<bekks> You mean: "VMware Workstation".
<kasad> yes
<bekks> There are various other VMware products ;)
<kasad> well yeah, was typing with one hand, and gulping coffe :P
<kasad> Vmware Workstation 10.0.2 build-1744117 to be precise
<grendal_prime> hey guys, i got this situation where im gonna have a few different virtualized server and about 20 or so people accessing them.  I would like to do some sort of centralized auth..like ldap.
<kasad> also, the vm in question (the one that runs slow is on separate hdd from all the others, and it's virtualized physical machine
<grendal_prime> i have a machine installed and have phpldap up and running.
<kasad> (ie my pc before I had to mandatory upgrade to win 8.1 >_<)
<grendal_prime> kasad, what drivers are you using?
<kasad> I had it virtualized and running before upgrade, and in win7 it was working like a charm, unity was working superfast, now it doesn't
<grendal_prime> like..if i remember right there is some drivers you install for p2v.
<kasad> drivers?
<kasad> um, i had a little trouble with virtualization
<grendal_prime> ya like kvm uses virtio drivers for network, hd that sort of thing...they are block level drivers.
<kasad> so I ended up running some disk to .vdk
<kasad> then converted to vmdk
<grendal_prime> much faster than the emulated drivers.
<kasad> err, not vdk, the other format, gah my brain
<grendal_prime> yep thats called p2v... Physical 2 Virtual.
<bekks> kasad: vmdk
<kasad> no, that couldn't work
<kasad> vds?
<keithzg> I know the other format, in the VirtualBox world, is .vdi
<kasad> something older, something that worked in windows virtualpc if I recall correctly, I can't remember really
<grendal_prime> ya i dont mess with VMware..well not since i was certifed in it..hahaha...
<bekks> kasad: Look it up, we dont know what you are using :)
<kasad> that was the only way I found (tried the Virtualbox route too didn't worked)
<kasad> then I converted it to vmdk without problems
<bekks> The vbox route works fine here.
<kasad> and before windows8.1 upgrade vm was running super fine
<bekks> So blame it on W8.1 :)
<kasad> I do! I blame most of my life on W8.1
<grendal_prime> hmm dont know.  I run win 8.1 on kvm.  Works well enough to work. Especially with spice enabled
<kasad>  :D
<bekks> grendal_prime: You run W8.1 as a guest, he runs it as a host ;)
<kasad> vhd
<kasad> yes, I am ashamed :(
<grendal_prime> i use it for Testout...lab sim. sound everything works fine....oooooo you use windows as a host?  kinda a strange way of doing that.
<kasad> but I have cygwin set up and make heavy use of it in my defense :P
<kasad> I had to, beause main project has about 20% of stuff in written in .net, or c# to be precise
<keithzg> Yeah I've always found Linux as host to work a lot better, although I have two of the programmers at my work set up with VirtualBox on Win8.1 machines and it seems to work fine as a host for them.
<grendal_prime> anyone else using phpopenldap for an auth server?
<kasad> I begged to rewrite it all to node.js, because it's mostly db communication part
<kasad> but boss is adamant about reusing ancient dll's from some previous project, and completely retarded system that is currently in place which is written in c#
<grendal_prime> kasad...thats the perfect situation to have a linux host..and serveral windows guests.
<kasad> thats what I said
<kasad> but no, I was given retail windows
<kasad> and told that I have to use it as main os
<kasad> ...
<kasad> (kill me pls)
<grendal_prime> thats to bad.
<keithzg> Yeah I'm lucky that at my job they care about results, and don't really care as much how I get them. And being the entire IT department gives my argument for running Linux as my main OS some extra weight too, heh.
<kasad> yeah you are lucky
 * keithzg is thankful for it every day!
<kasad> my boss, who has like 30 years experience programming
<kasad> doesn't even allow us to use version control
<keithzg> ...oh my.
<kasad> (we were begging, literally)
<kasad> imagine when you beg for at lest subversion
<kasad> beause git is "too complicated" and he "doesn't trust them"
<kasad> then I found mercurial as middle ground, but still no
<kasad> we tried running it among us few devs
<kasad> but there's no point
<kasad> becaues he with his million folders, copying and hacking away
<kasad> always f**** up something
<kasad> in 2+ years since project started, we lost code at least 10 times, couple times HUGE ammount of work
<keithzg> Yikes, I can't imagine life without version control. My boss, also with 30 years of programming experience, *also* refuses to use version control . . . but he isn't insane enough to force that upon everyone else!
<kasad> he still thinks Borland C is the shizznit and talks daily about how he misses it
<kasad> and he wrote the main js framework, and it was first js anything he wrote in his life (he wasn't writting much code in last 10 years, was too busy driving around in his plane, yacht, speedboat, you name it, even has a ultralight aircraft)
<kasad> and he doesn't beleive in naming functions/classes/methods descriptively
<kasad> so, for example InitGuiModalWindows becomes Init
<kasad> *dialogs
<kasad> it's fun, sometimes feels like you are playing roulette, will you catch part of framework that has zero documentation, and then you have basicaly to rewrite, or follow code execution line by line and de-obfuscate his stuff in order to understand wth is going on
<kasad> life is good :P
<keithzg> Ughh. The classic "it worked fine in my day" attitude, when the way it was done back then was because it *had* to be done that way (due to limited resources, etc)
<kasad> yeap
<kasad> you nailed it
<kasad> not that he is bad coder
<kasad> he is talented, but messy and stubborn as hell
<kasad> anyways, I don't worry too much lately, had some family health issues, and then had to travel from hospital to hospital w/my fiancee
<kasad> and then we had to move to new apt (typing from floor now, still didn't assembled my desk)
<kasad> and my salary is about month and 10 days late
<kasad> and I think there is strong possiblity that we will end our relationship
<kasad> thing is, he is trying to involve his son, with whom I am friends for like 12 years (who used to be the DJ with all the best gear and zillion records who never performed anywhere - that's how we met, I was giving him music production lessons - used to work in music studio)
<kasad> and sonny boy contacted me, in the tone that we will be now working together on one part of project, like serious collab. every day
<kasad> gave me tons of stuff to do, and beside that asked if there is free solution for something his pops was about to shell around 3 my salaries for)
<kasad> so I find free solution, and can't reach him - he never mentioned or made a remark that I should keep everything secret from boss/his pops
<kasad> so I called boss to stop him from wasting my 3 salaries when there is perfectly adequave (for this stage) free solution
<kasad> and told him not to buy the s/w
<kasad> and since then, he kinda started to ignore me, then came family or to be (too much) open fertility issue with my fiancee, therapy she was on didn't work, last try we had on that therapy went poopoo
<kasad> and I went on journey from hospital to hospital, so I am unclear now if I am ever getting my salary, and if they are pissed on me because I did work that son of my boss was supposed to do and he found out, or they just vanished somewhere to chill
<kasad> which is also a possiblity (comes along with the airplane and yacht)
<keithzg> Wow, that is pretty extreme office politics
<kasad> but what worries me is that secretary who handles salaries is not returning my calls, and another programmer who is on project longer then me, is acting like he doesn't know anything about why ftp server with latest version is unavailable to me for the last couple weeks (and I know that he is the admin)
<kasad> keithzg, yeah, it doesn't smell right at all
<kasad> but I still can't beleive that it would be possible for them to get mad at me for that, like it was my fault he was dodging work and using me to finish his assignments, we know each other far too long
 * kasad changes channel name to #Life-Problem-Rants
<keithzg> haha
<kasad> s/problem/problems
<keithzg> Depending on where you live, they might be opening themselves up to a wrongful termination claim.
<keithzg> And/or trying to get you to quit yourself so they don't have to worry about it . . .
<kasad> i live in worst possible country for that
<kasad> so they can screw me whatever way they want
<keithzg> Damn.
<kasad> and NDA was so brutal, and since we were friends for more then a decade I signed it out of goodwill, and there are two things there that are not healthy
<kasad> one I can talk about is, it's mostly wording, it should have been changed, but basically it says that not only I can't use any parts of the code/techniques/etc which were developed for Company during my employmeent, but it's worded that way, that it implies that I can't even apply the knowledge i gained from all the research
<kasad> and work
<keithzg> That seems of questionable legality, yeesh.
<kasad> now, I am 99.99% sure, that if we terminate business relationship, it won't be an issue
<kasad> but small part of me worries
<genii> I think this is an issue which is beyond the scope of asistance that can be had in this channel.
<kasad> completely agreed genii
<kasad> just ranting since there's no one with some actual issue that asked for help
<kasad> plus I am waiting for some stuff to complete, idle hands ...
<kasad> apogies if I broke chan rules
<kasad> I'll shutup now
<keithzg> ehh, it's Friday :P
<kasad> black Friday here, so much s*** piling up in my life atm that it's not even funny, and yet, I sometimes laugh :P
<genii> kasad: Since it's pretty quiet here right now as far as actual support issues, I did let you go on for a while without giving you an !offtopic warning :)
<grendal_prime> I have and ultralight as well..but i would let  you use versioning.
<grendal_prime> hehehe
<kasad> hahaha
<kasad> genii :) thanks
<grendal_prime> anyone on the ldap server ?
 * keithzg uses openldap, but barely touches it
<kasad> not currently, nor recently, but i guess asking couldn't hurt
<grendal_prime> so keithzg do you use the php app to manage it?
<keithzg> Naw, I use Apache Directory Studio to control and edit things, so I probably can't help ya, sadly.
<grendal_prime> oh, is it easy to understand?
<keithzg> Pretty easy, yeah.
<grendal_prime> im not sold on any particular server..i just need to set something up.
<grendal_prime> how hard was it to set up?
<kasad> for authentication?
<keithzg> Apache Directory wasn't hard at all to set up, just have to have administrator credentials for logging into your openldap setup. But you do have to have an OpenLDAP server set up and running already at least as a minimum.
<grendal_prime> Oh, its just a front end..well i mean there is the apache ldap server hmmm.  I just downloaded the turnkey server it seems fairly simple and its up and working,  I just, well setting things up to access it seems like a lot of work.
<kasad> I have this in my apache playlist so it must have been useful at some point for something (I kinda have the goldfish syndrome) https://www.youtube.com/watch?v=ULmz_YuQ-Is (configuing openldap to authenticate users using apache dir. studio
<keithzg> I found it *relatively* easy to just install the openldap server and set an administrator account that could be logged in remotely. Then I connected with Apache Directory Studio, and from there added users.
<keithzg> What OSes/applications are you wanting to be authenticated against LDAP?
<kasad> *crickets*
<keithzg> grendal_prime: ^
<kasad> someone doesn't use nickname highlighting/alert
<kasad> or is driving his ultralight right now :P
<grendal_prime> hahah
<grendal_prime> i need new cloth for the ultralight.
<kasad> can you imagine working on 600k+ lines of code project (not counting precompiled dll's that are overspill from previous projects and are unfortunately still used) without version control, and not even accepting bug tracker, only single google doc, which every dev can edit
<kasad> grendal, keithzg asked ya what OSes/apps you want to auth. against LDAP
<kasad> grendal_prime that is
<keithzg> Which I mostly ask because I *have* found it super-simple to get both Linux and Windows desktops to authenticate users based on a simple OpenLDAP server, but there are tons of gotchas and potential complications depending on quite what you want to do and how you want it to act, grendal_prime.
<kasad> hey my WS is called Prime, but not after the robo-slposion porn that is transformers, after the alien from Peter F Hamilton's  Commontwealth Saga (Pandora's Star and Judas Unchained)
<kasad> damn, I wish I could reset my braiNand in order to read those books again
<kasad> actually I wish more that I had so much free time that I could read two 600ish page books
<kasad> how life learns us to be happy for small things we can't even have...
<kasad> s/*/ How life teaches us to be happy about small things that we can't even have
<kasad> now that sounds more like English, altho' I'm still unsure
<grendal_prime> did just get my dessert bike back up and running though!
<grendal_prime> sorry
<grendal_prime> phone...umm kasad i dont use version control myself.
<kasad> grendal_prime and if you are one person working on project that can be fine
<kasad> but if there's 12
<grendal_prime> the only programming i do is php,  its pretty much self documenting and i use virtual guests in  three stages.  dev, beta, production.
<kasad> and boss is grabbing fodlers from everyone, merging stuff, overwriting tons of work already done, then depositing archives on ftp (not even sftp server)
<grendal_prime> hmm you should open a competing company.
<grendal_prime> sounds like you could "efficiency" him out of business.
<kasad> I do the almost same (altho I do use at least mercurial if not git), with, well, I call them test, staging and production :P
<kasad> yeah, if only I didn't sign that stupid NDA
<kasad> note that I am talking about solo projects
<grendal_prime> sorrt keithzg to start with i want to set up an openfire server and have it auth against the ldap server
<grendal_prime> then i would like to reconfigure the filer to use it as well.  I think i can get that to work via webmin.
<bekks> !webmin | grendal_prime
<ubottu> grendal_prime: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
#ubuntu-server 2014-12-13
<grendal_prime> ya i know..but its easy to fix that stuf
<bekks> grendal_prime: Dont use webmin ;)
<kasad> ramen
<grendal_prime> well..the problem is..i have over 10 filers that use it.  I have trained several clients on user manage ment.  And it handles openvpn instalations and user management really well.
<grendal_prime> can you recommend something else bekks?
<kasad> !vesta
<kasad> !vesta | grendal_prime
<kasad> no vesta :P
<kasad> !VestaCP
<grendal_prime> zyntal i think may be good as well.
<kasad> !Ajenti
<kasad> didn't touch either
<kasad> tbh
<kasad> while we are at it
<kasad> what would you guys recommend as alternative to grendal_prime (and me as well, when I virtualize this plesk hell, I stlil want some automation, I am not like my friend who is like "You have shell, suck it up"
<bekks> grendal_prime: I suggest on of the various non-breaking management tools, like cPanel, ISPconfig, Ajenti, Kloxo, OpenPanel, ZPanel, EHCP, ispCP, VHCS, RavenCore, et al
<kasad> i have aversion towards ISPconfig,tho, I don't know how much it advanced in last 3-4 years
<grendal_prime> Most of the "panels" ive tried are more geared to like isp hosting or something specific.
 * kasad nods
<grendal_prime> i want something more systemwide.  zentyal seems to do most of what i want.
<bekks> grendal_prime: At least use a supported successor of webmin, like VirtualMin.
<bekks> Or Zentyal.
<grendal_prime> but, the strange part about that is when trying it out it had the exact same issue that webmin was experiencing.
<kasad> isn't virutalmin module for webmin
<grendal_prime> one of the reasons i want the ldap server configured is because most of the configurations that my clients use the webmin for is user management. then i could stear clear of setting up any management on the other servers.
<grendal_prime> so like im going to start switching things over to alfresco as the filers im going to install.  That system does documanagement along with samba integration..pretty badd ass actually
<bekks> kasad: Virtualmin started as a module for webmin, but is a separate "tool" nowadays.
<grendal_prime> i didnt realize that
<grendal_prime> why is it when you log into http://virtualmin-demo.virtualmin.com/  it says you are logging into webmin?
<bekks> Ask them, I did not setup that site.
<keithzg> The installer for Virtualmin appears to require webmin, so . . .
<kasad> <kasad> isn't virutalmin module for webmin
<kasad> so you lost me earlier
<keithzg> I'm not sure it's *only* a module for webmin, the virtualmin site mentions that that's one way to get virtualmin, but the other option appears to be to use their install script. But that script installs (at least a bunch of parts of) webmin as well.
<kasad> ahh
<kasad> 1:37
<kasad> almost leet
<kasad> 01:37:33
<kasad> 01:37:37
<keithzg> 17:37 over on my end here
<kasad> or "letet" which means to fly in my mother tongue
<kasad> actually leteti, but letet' is accepted as shorter form.
<kasad> since it's Friday, and we are mostly idling, no much activity. I know this has nothing to do with Ubuntu, but I find people who talked here so far to be pretty smartastic, so I'll just throw this question/idea/brainfart out there
<kasad>  before my current a bit over two years stretch of "working in IT sector" as they call it here, where I wasn't doing lots of web, and over 3 years before that of me being too ill rise out of bed
<kasad> I was quite a CMS Nazi
<kasad> I was like JoomlaMOomla, die in a fire, if it ain't propriteary and you are doing commercial stuff/business with it
<kasad> you suck and are cheap
<kasad> so, naturally I first wrote, then oversaw development of intra/inter-net CMS/IMS/insert ziliion other modules here system for  ex-ex-ex-ex company I worked for about 4 years, before I got ill (due to my immune system dying becaue of constantly pulling 20-25-30 hours "allnighters" or twodayers as I call them) (record stands at 39 hours, bio-breaks only, during severe DDOS attack that
<kasad> wasn't even targeted at us, but at datacentres that we had servers which were crucial at the time for current deals
<kasad> and now I do have software that was last updated in like 2008, but whole branch was fuglied, and it has fallen  back to even older version
<kasad> I don't really know much about current "in" such tools, ie WP/Joomla/Drupal and whatnot
<kasad> I mean don't get me wrong, when I had to do a favour to friend, I wrote him WP plugin in one day for what he needed, and that was my first time seeing firsthand how backend of WP looks like
<kasad> here comes the question/suggestion/idea
<kasad> I had very good, (female) friend who runs certain website and did most of the work herself, site is moderately successful, but it's important for the capitol, espec. because it's arts & culture oriented, and that's something that's painfully needed in my hometown
<kasad> anyways, long story short
<kasad> she asked me for favour if I could take a look and optimize her site
<kasad> zomg, when I saw that mumbo jumbo of WP plugins and shpagetti (may ye be blessed by His Noodly Appendage)
<kasad> I was like WTF how is this possible
<kasad> turns out it's really lotsa work to optimize that the "normal" way
<kasad> so, I was thinking and would love to hear opinion
<kasad> what if I completely ignored whole site, hosted it somewhere else from main domain
<kasad> maybe offload stuff to static/dynamic subdomains
<kasad> and then slap some variant of proxy with custom written code, to minify/gzip, concat everything that can be, etc ,etc
<kasad> if you get my drift
<kasad> does the idea make any sense to you?
<sarnold> kasad: I think you'd enjoy this: http://queue.acm.org/detail.cfm?id=2677720
<kasad> like i could pull the contect/and or rendered pages and cache whatever is cacheable, with custom script, and optimize everything, and she would be able to continue to do whatever she wants on her wp install, it would be completely separate, only content would be visible only trough proxy/whatever I cook up
<kasad> lemme see
<sarnold> kasad: caching is immensely difficult to get right; well, cache invalidation more than anything else. It would be very difficult to slap that onto an application after it is built.
<kasad> well, she doesn't have much dynamic content, she posts new articles maybe once/twice a week, I could make her a trigger to rebuild cache. maybe use adaptive images so she doesn't have to think about image size, etc etc
<kasad> reading
<kasad> Facets to Features to Modules ...The HTTP Archive estimates that the average Web site in 2014 includes approximately 290 KB of JavaScript across 18 different files.2 By comparison, the Netflix homepage today delivers, on average, a 150-KB payload in a single JavaScript file. This file actually consists of 30 to 50 different files concatenated together ... snip ....
<kasad> yeah, that's basically what I'm talking about
<kasad> plus opcode cashing for whatever needs to be interpreted, plus maybe adaptive images approach for images
<kasad> all mashed up together in some setup on some fast box running say ngnix
<sarnold> one pal generates his website's content entirely wish bash
<sarnold> he makes an edit, re-runs the generator, and out puts a few thousand HTML files and assorted content :)
<sarnold> another pal does the same thing but with C
<kasad> that's what I'm talking about
<sarnold> I suspect either of those approachs would be easier than trying to deal with after-the-fact staticifying wordpress plus random plugins
<sarnold> I'd pick C over shell, but you'd probably do better to pick ruby or python over C and shell :) haha
<kasad> ruby/maybe node.js, or even shell scripting for generating hmml, pulling it from her wp setup, mixed with some cache solutions for every type of content i can think off, plus CDN usage wheverit' convenient
<kasad> you got me
<kasad> think it makes sense?
<sarnold> everything except for keeping WP in the mix :) haha
<kasad> because doing it the "normal" optimization of her WP setup, is like hell
<sarnold> yeah. that's not what WP was designed for.
<kasad> well, she is comfortable with wp, her writers/editore are as well
<kasad> I guess I could pull out my old cms (uses tiny_mce)
<kasad> and mash something up, because it hasnt been updated in looong time
<kasad> but i have user management, auth, both front end and back end, custom image upload module with cropper
<kasad> but then again, it's old and I haven't touched it in years
<kasad> and there is so much more stuff they need that WP gives them on the platter
<kasad> (except speed :P)
<kasad> maybe they could continue using wp for main content, ie writting articles, and I pull from wp whatever else is usefull in discrete objects
<kasad> write modules for whatever else is neeeded, then put it all together optimized/minified/conctated/you know all adjectives I was gonna use here so i am gonna stop
<sarnold> kasad: you might be able to use the wordpress juju charm to scale the service more easily: http://manage.jujucharms.com/charms/trusty/wordpress
<kasad> lemme take a look
<sarnold> kasad: the juju charm can easily plug into a memcached caching layer
<kasad> me likey
<sarnold> kasad: if the database layer is too heavily loaded, you can also scale out the database server, see the "replication" piece here, http://manage.jujucharms.com/charms/trusty/mariadb
<kasad> me definitely likey likey
<kasad> thanks
<kasad> reading
<sarnold> the juju charms won't help you optimize the piles of javascripts that a client may need to download to use the site but it can definitely help you make the most of server-side resources without throwing out wordpress :)
<kasad> yes yes, i got it
<kasad> question, what would you reccomend as hosting solution
<kasad> with juju approach
<kasad> aws?
<sarnold> kasad: aws is probably best-tested; I understand someone put together a plugin for digital ocean; I'm not sure if it works in full-generality or not, though
<kasad> her current project is "her baby", but we have plans for something else entirely, and this could turn out to be great starting point
<kasad> you just made my day sarnold
<sarnold> :D
<kasad> thanks for this
<sarnold> kasad: there's also a #juju for the questions that are beyond me; I haven't done any charming for a year or so, things have changed drastically since I last used it
<kasad> yeah, saw
 * kasad rubs hands
<kasad> If I ever write a charm, I'll make sure it's called either Great Juju of the mountain or Great Juju from the bottom of the sea
<sarnold> haha
<kasad> out of respect for Richard Dawkins
<kasad> bookmarked everything, gonna do some heavy reading and testing tomorrow (it's 02:31:13 AM here)
<kasad> funny how brain "works" ... we were talking about something completely different, and now I miss Cristopher Hitchens all of a sudden. (not that I don't miss him in general, but it just hit me that I am so sad that he died)
<sarnold> word-association can lead to crazy places in only a few hops :)
<kasad> and naturally, next, I miss George Carlin,,,
<kasad> :) yeah, that's why I say, no hard AI, until we plug Hawking into cloud (not the one you play harp on :P)
<sarnold> might not be a bad idea to start our AI experiements with intelligences -less- powerful than our own...
<kasad> nah, I say, give it all we have
<kasad> if it pwns us, we deserved it
<kasad> did you saw "Singularity is near" by Ray Kurtzweil
<keithzg> I dunno, the fermi paradox is not the kind of thing you want to *solve* ;)
<kasad> xD
<sarnold> kasad: enjoy :)  http://www.slate.com/articles/technology/bitwise/2014/07/roko_s_basilisk_the_most_terrifying_thought_experiment_of_all_time.html
<kasad> imho the fermi paradox isn't paradox at all
<kasad> lemme :) gimme :)
 * kasad clicks and rubs hands
<kasad> haha (still reading)
<kasad> rofl
<kasad> please, Almighty Eliezer, donât torture me.
<kasad> a bit abrahamic
<kasad> but fun/ny
<kasad> reminds me of hitchen's reference to heaven as celestial North Korea
<sarnold> kasad: I figured you'd get a good laugh out of that :)
<kasad> with one crucial difference, you can escape from North Korea at least by dying :P
<kasad> you figured well my friend
<kasad> now I'm half excepting William Lane Craig to jump out of my closet and start talking about Boltzmann brains
<kasad> and by talking I mean spewing nonsense
<kasad> btw sarnold: you haven't told me, did you saw "Singularity is near" the documentary not the book
<sarnold> kasad: no, I haven't; I think I made it halfway through The Singularity (or some similar book) and gave up, hehe
<kasad> it's pretty rare, considering it's been like 4 years. A story is not that relevant, I mean, it's badly produced and could be much more imaginative, but B line, - Interviews with giants like Minsky, Drexler, Rothblatt and others are awesome
<kasad> you have to see the movie if you have slightest interest in the topic
<kasad> I repeat, it's not about Ray, it's about who he brought to talk with
<sarnold> nice, I'll add it to my list :) thanks
<kasad> not sure you will be able to find it
<kasad> it took me 2 years (unless you wanna pay for it, but I didn't had choice, my country got paypal this year)
<grendal_prime> ya
<grendal_prime> bekks, i simply must point out that the granularity of control that i have with the openvpn module in webmin is years ahead of anyting zentyal has to offer.
<grendal_prime> Also the jabber support although nice in that it is integrated with the ldap/ad side of zentyal, still lacks control needed for for what i need to do and is well supported by openfire.
<grendal_prime> there seems to be no support for setting up issued ip's to clients..anything that has to do with customization of connecting clients configuration is compleatly not there.
<grendal_prime> Sorry i was talking about openvpn again with that.
<grendal_prime> I like the idea of a cpanel that can do all of these things with the granularity needed for what i do, however every time i try something out, it appears to be focused on some other goal.  The webmin project although aged, has the flexibility for me to edit the plug ins to meet my needs. Its almost entirely written in perl.
<grendal_prime> more importantly i have the ability with it to export an existing module, make the changes i need and then create my own module that i can deploy to my other webmin managed customers.
<grendal_prime> I think this is probably the very reason that os's no longer support it. It is to versatile for them to keep pace. (Not a bad thing really when you think about it, just its own beast)
<danialbehzadi> Hey all,
<danialbehzadi> I have a VPS and want to run some services like Open-VPN on it and access them remotely, and I want to rn them via juju. Which method should I choose to bootstrap? local(lxc) or Maas?
<kevindf> I've installed a Zabbix server recently that is currently monitoring 2 servers on my small local network, I like it alot so far. But I have a few Windows Pc's running on my local network also, If i'm correct I can monitor these Client PC's also with Zabbix?
<kevindf> If I install the Zabbix agent on those Pc's
<bekks> If there is a zabbix agent for them, you can monitor them.
<kevindf> That's cool
<bekks> Otherwise the agent would be pointless.
<teward> do the vagrant cloud images pull from the same standard repositories as any given Ubuntu Server install?
<SJr> Hmmmmm, 11 hours ago my ubuntu server stopped accepting SSH connections giving key exchange errors, exim gave errors "421 Unexpected log failure, please try later.". Apache gave 404 errors for well defined aliases. I couldn't authenticate to a jabber server, and the syslog stopped logging things. I just got the system rebooted now (I'm not directly near it).
<SJr> Any ideas.
<SJr> I'm running Ubuntu 14.04, the system is about 5 years old. When I was running Ubuntu 10.04, I had a sporadic problem where every so often (say 5 or 6 months), my computer would stop working, and it would take the entire LAN down with it (if that machine was plugged into the switch, every other machine on the network lost connectivity). I saw a post about a bug in the sky2 module when being unloaded would cause this, but I never was abl
<SJr> e to figure out what caused the initial problem.
<dasjoe> Not enough free disk space?
<SJr> Root has 37 gb free.
<lnxmen> hello
<qman__> SJr: sounds like something stopped your system from being able to write to disk
<qman__> SJr: either full, or stopped, or disconnected, etc
<lnxmen> When I try to load my page, I get 500 (Internal Server Error)
<lnxmen> I can't find any user option in nginx config...
<lnxmen> It's commented.
<lnxmen> How to change root path in Plesk?
<bekks> lnxmen: sk the Plesk support please.
<bekks> lnxmen: Thats not an Ubuntu issue, honestly.
<lnxmen> I asked already.
<lnxmen> You are right... Sorry.
<zermanno> Hi, is it possible to list files that are not installed from apt?
#ubuntu-server 2014-12-14
<Vadim_> Hi, Ubuntu Server 14.04.1,  "mcedit" write error "Not an xterm or Linux console; the panels cannot be toggled.", i can't use subshell (CTRL+O).  TERM=linux .. please help,
<Vadim_> "mcedit" write error "Not an xterm or Linux console; the panels cannot be toggled.", i can't use subshell (CTRL+O).  TERM=linux .. please help
<Bert_2> Hi, I was wondering, was anything fundamentally changed recently to the apache and php-fpm packages?
<Bert_2> We are experiencing some very high load on our webservers (without any high cpu or memory usage) and without any hard load on our file server
<Bert_2> so we really can't explain what exactly is going wrong
<jak2000> hi all, why the command 'make' not work: http://pastie.org/9779307  (line 2) any advice how to install? thanks
<jakesyl> hey I'm trying to configure mailman on my server and none of the web administration is working
<jakesyl> here's my apache config file from sites-enabled https://gist.github.com/jakesyl/6be1fc8afdce3f2d1216
<bicly> I setup a printer on a Ubuntu Server with CUPS. When I print from a Windows box, which print setting are sent to the printer? What I setup in CUPS or what Windows pinter preferences has?
<Bert_2> jakesyl: You only pasted the install of the make command, not the output of you running it...
<Bert_2> sorry, that was meant for jak2000
<Bert_2> jakesyl: did you define a listen directive somewhere so apache knows to listen to port 80?
<jakesyl> yup, apache's working just not for this, based on the config file i gave should it be on lists.phishtrain.com
<Bert_2> also, did you configure mm_cfg.py?
<jakesyl> here's the python config file: https://gist.github.com/jakesyl/4af8c31d1ffc3a4bc731
<jakesyl> Also  uncommented line 13 of the first file i gave you
<Bert_2> Looks like there's no dns for lists.phishtrain.com
<Bert_2> so it can't lookup the server
<jakesyl> wait do I need to set that up in the records
<jakesyl> switch to mail, i know theres mx for that
<Bert_2> jakesyl: well, yes, either you set a wildcard for subdomains or you set all of them
<Bert_2> for apache you need an A-record
<Bert_2> because it has nothing to do with mail
<Bert_2> it's regular traffic
<jakesyl> so how do i do this wildcard a record config
<Bert_2> that depends on whether your run your own dns server or you use the one of your domain provider
<Bert_2> looks like you use a provider
<jakesyl> it's by my provider
<Bert_2> you just have to setup *.phishtrain.com on their panel
<Bert_2> and point it to your ip
<jakesyl> as a dns record
<Bert_2> then every subdomain will point to that IP, which is probably what you want
<jakesyl> so A *.phishtrain.com -> my.ip
<Bert_2> yeah
<jakesyl> awesome
<jakesyl> okay
<Bert_2> well, that's what you need to do to actually get apache stuff
<Bert_2> maybe it'll be fine then, maybe there's something up
<Bert_2> we'll see
<Bert_2> normally it shouldn't take too long for the record to become available
<jakesyl> okay, yeah dns propogation is super fast for me
<Bert_2> About the apache and php-fpm load issue: nevermind, we got it, lockd/statd/rpcbind problem on the fileserver which was very hard to detect, load is normal now :)
<rahuldroy> Hi guys
<rahuldroy> got a stupid question
<sheptard> I've got a stupid answer
<rahuldroy> I have a two php sites on one server, I am trying to debug one of the website and can't load the other
<rahuldroy> the two sites talk to each other via APIs
<rahuldroy> btw this is on my dev machine running ubuntu 14.04
<rahuldroy> anyone?
<ikonia> what is hte question ?
<rahuldroy> basically I have basic lamp stack
<rahuldroy> and need the ability to run two php scripts at the same time
<ikonia> so what's the problem ?
<rahuldroy> I can't run two php scripts at the same time
<ikonia> why not ?
<rahuldroy> thats my question
<ikonia> that's not a question, thats a statement
<ikonia> you can run as many php scripts as you want to
<rahuldroy> not when a debug session is running on one of them :/
<rahuldroy> xdebug
<ikonia> of course you can
<ikonia> you want to load the xdebug php module ?
<rahuldroy> xdebug runs fine
<ikonia> so what's the problem ?
<rahuldroy> when I am debugging one of the local site I am developing, it connects to the second local site.
<rahuldroy> it just waits until I close the debug session and then does its thing or it just times out
<ikonia> rahuldroy: I don't understand you're stating a php problem, not an ubuntu problem
<ikonia> your php code has a problem.... what do you want this channel to do about it ?
<rahuldroy> might be a configuration issue somewhere I guess
<ikonia> err why would it be ?
<ikonia> you're stating php is working fine
<rahuldroy> I guess its more of a php config issue that is preventing concurrency when xdebug is running
<ikonia> no
<Vadim_> Ubuntu 14.04.1,  "mcedit" write error "Not an xterm or Linux console; the panels cannot be toggled.", i can't use subshell (CTRL+O).  TERM=linux .. please help
<MasterPiece> Can I have Ubuntu Landscape without any limitation ( & || without support ) for myself  as free ?
<pmatulis> nope
<Vadim_> Ubuntu 14.04.1,  "mcedit" write error "Not an xterm or Linux console; the panels cannot be toggled.", i can't use subshell (CTRL+O).  TERM=linux .., if use "mcview" & "mc" - subshell is work (ctrl+o),  please help
<Vadim_> Ubuntu 14.04.1,  "mcedit" write error "Not an xterm or Linux console; the panels cannot be toggled.", i can't use subshell (CTRL+O).  TERM=linux .., if use "mcview" & "mc" - subshell is work (ctrl+o),  please help
<pmatulis> Vadim_: please don't spit out error messages.  tell us what you're doing and what's not working
<WhiteIntel> did you ever had the problem, that iso files copied on a samba share got corrupted?
<bekks> No.
<WhiteIntel> hmm very annoying all my isos worked fine before I copied them on a samba share :\
<bekks> How did you verify that they are corrupted?
<WhiteIntel> the most isos were games, and in the isos there are some cab and rar files, and every game I tried to install it says, the disk may be corruped due to some corrupted cab or rar files, or other corrupted files
<bekks> How did you verify that they are corrupted?
<Patrickdk> I've had this issue
<WhiteIntel> as I said, the installers of the games told me...
 * Patrickdk blames tcp checksum offloading :)
<Patrickdk> think the nic was causing a problem
<WhiteIntel> great -.-
<WhiteIntel> a way to fix the corrupted files?
<Patrickdk> for me, it would happen once per every 100gigs I transfered
<Patrickdk> WhiteIntel, fix the corrupted files? sure, recopy them
<WhiteIntel> HAHAHA THEN WELL FUCK -.- :D
<Patrickdk> it's called a *backup* :)
<Patrickdk> I dunno how you expect to *fix* something
<bekks> Compare checksums, recopy if they are different.
<WhiteIntel> lol a backup of 5tb of games -.- my backup with this sort of files is the internet :D
<qman__> it's also entirely likely that the medium they're stored on is responsible for the corruption, bad disks or corrupt filesystems or ...
<Patrickdk> that is possible too
<Patrickdk> in my case, the server used ecc ram, and zfs, so that wasn't possible
<qman__> silent corruption is not only possible but common with consumer grade disks
<Patrickdk> and I checked the files locally
<Patrickdk> so it had to be network
<WhiteIntel> my disks and fs are fine :)
<Patrickdk> disks are never fine :)
<Patrickdk> what is it, 1 in 100gigs of bytes read, WILL be corrupted
<qman__> unless you're running ZFS with ECC RAM, you can't be sure that didn't happen
<Patrickdk> ah, 1 in 91tb read, will be wrong
<Patrickdk> just off by one unit :)
<WhiteIntel> is there a way to test the nic for this issue, because I changed the mother board 2 weeks ago :)
<WhiteIntel> an why especially ZFS? all my disks are running on ext4 with normal ram :\
<WhiteIntel> hmm but every iso I tried to install was corrupted (I tried 6 : (()
<qman__> ZFS does block checksums to verify data is correct
<Patrickdk> you have a lot of issues that could be happening
<qman__> ext4 does not
<Patrickdk> could be disks, but not likely this time
<Patrickdk> could be filesystem, but again, not likely
<Patrickdk> could be ram, probably most likely
<Patrickdk> could be a bad nic or nic driver, maybe, but not as likely
<Patrickdk> I would check you ram, carefully :)
<qman__> one of the main goals of ZFS is data integrity, so it's designed in a manner to detect corruption at any of those levels, but requires ECC RAM to pull that off
<qman__> no normal filesystem does this
<WhiteIntel> wow I never had this issue with my ram :\
<WhiteIntel> But I will check that, thx : ))
<WhiteIntel> hmm ok, thanks for the information :)
<qman__> with disks getting bigger, but error rates staying the same, silent corruption is becoming a bigger problem
<qman__> you should always checksum your copied files before deleting the source
<Patrickdk> still we aren't sure they are bad
<Patrickdk> could just be bad ram :)
<Patrickdk> corrupting them when it's checking them
<Patrickdk> or transfering them
<qman__> it could be, but bad RAM normally manifests with much more serious symptoms as well
<qman__> like hard locks or segfaults
<Patrickdk> ya, maybe
<Patrickdk> It didn't for me
<Patrickdk> it just gave my hundreds of checksum errors :)
<Patrickdk> system ran fine for months
<Patrickdk> till I figured out to check ram
<Patrickdk> and the ram turned out to be completely broken
<WhiteIntel> ok, I think I will do a memtest ^^
<Patrickdk> and disable all cpu cache and acceleration stuff first :)
<WhiteIntel> ok why this is important?
<Patrickdk> cause you won't be reading and testing the memory
<Patrickdk> but the cpu :)
<Vadim_> pmatulis: i try edit file via mcedit and want try run this file in "subshell",
<bekks> Vadim_: Which file?
<Vadim_> any. php , bash script or others
<Vadim_> bekks: problem is not in file, problem in mcedit, him don't run subshell (ctrl+o)
<bekks> Did you try using another editor?
<Vadim_> another editor is not supported "subshell"
<bekks> Vadim_: USe another editor, not mcedit :)
<bekks> Vadim_: An editor like vim, nano, emacs, etc.
<Vadim_> bekks:  need subshell, vim, nano, emacs, supported it ?
<bekks> Vadim_: you dont need any subshell. USe an editor to edit a file. :)
<Vadim_> bekks, please say, what in the HIGHLIGHTING have other editor ?
<Vadim_> HIGHLIGHTING , php code, c# code, java code and etc ?
<bekks> Vadim_: I dont understand that sentence. Can you rephrase it please?
<Vadim_> you can say what is good programm have HIGHLIGHTING (php code, c# code and etc)
<Vadim_> check syntax  code
<bekks> vim, emacs, kate, and a lot of other editors.
<Vadim_> what you use ?
<bekks> It doesnt matter what I am using :)
<Vadim_> why not ?
<Vadim_> bekks, what you can recommend for use good editor in terminal, witout Xwin
#ubuntu-server 2015-12-07
<lordievader> Good morning.
<eahmedshendy> Hi
<lordievader> o/
<eahmedshendy> When you manager asks you to look at this file /proc/tomcat-pid/limits from this link and asks you to increase all values for our tomcat, so that we need our tomcat to use our system efficiently, I know he does not know about administration very well
<eahmedshendy> I am junior
<eahmedshendy> How we come to this?
<eahmedshendy> We have an issue "Too many opne files"
<eahmedshendy> That was a response from tomcat7
<lordievader> I don't know Tomcat, but blindly increasing values is allways a bad idea.
<lordievader> The too many open files is more likely generated by the kernel. There is a limit on how many files a process may open. Above that it (likely) gets killed.
<hateball> it's not a matter of ulimit ?
<hateball> non-root users will have a limit, and hopefully tomcat is not running as root
<eahmedshendy> The issue finished with this: http://paste.ubuntu.com/13784768/
<eahmedshendy> lordievader, hateball: I need to read to be able to answer closer to you
<eahmedshendy> What I topic I should read?
<lordievader> Usually you need to know what the value means before you start changing it.
<eahmedshendy> But after changing the value of /etc/security/limits.conf, cat /proc/tomcat7pid/limits, still have the low values
<eahmedshendy> lordievader: yes, I just need to make the move on in testing then I will finish my readings
<hateball> eahmedshendy: here is a nice read http://www.jayway.com/2012/02/11/how-to-really-fix-the-too-many-open-files-problem-for-tomcat-in-ubuntu/
<hateball> eahmedshendy: adjust ulimit for the user that tomcat runs as
<hateball> so if it runs as www, su www and set desired ulimit. the link above shows setting it in the init script
<lordievader> Isn't it better to research why that limit is reached in the first place?
<eahmedshendy> hateball: I read that link, so you see that It is better to do it like this?
<hateball> lordievader: The problem is that it's tomcat/java :p
<hateball> hard to get around!
<eahmedshendy> lordievader: do you ask me that question? anyway I find that tomcat didn't affected with the changes I did in /proc/tomcat7-pid/limits
<lordievader> eahmedshendy: Yes and no. It was more a general remark ;)
<eahmedshendy> lordievader: :), I really do not understand what you mean
<eahmedshendy> lordievader: I am doing research for that, but I prefer asking the professional about what I need to search for
<eahmedshendy> hateball: do you know where to put the "ulimit" lines from the link you gave to me in /etc/init.d/tomcat7
<eahmedshendy> http://paste.ubuntu.com/13785212/, http://paste.ubuntu.com/13785225/
<eahmedshendy> and Also I tried in /etc/init.d/tomcat7, but with no change
<bekks> eahmedshendy: The link he gave you states where to put it in :)
<bekks> eahmedshendy: It is: /etc/security/limits.conf
<Walex> bekks: note that 'limits.conf' applies at login time, not at dÃ¦mon startup time
<Walex> bekks: it is quite unlikely that a dÃ¦mon startup script would use PAM
<zertyuo> hi there
<zertyuo> i try to install vsftpd
<zertyuo> on my ubuntu server
<zertyuo> i would like to know how to restrict access to one of my user on /var/www just only ?
<david2> I'm trying to delete a partition that was used for LVM using the ubuntu server installer, but it's saying the partition is in use by the lvm group, and the installer doesn't seem to have fdisk/parted/etc
 * CornishPasty = david2
<david2> It does appear I fixed it by messing around with pvremove and then rebooting
<Wamphyri> is there a way to take / which is currently ext4 and convert it to lvm+ext4
<lordievader> Wamphyri: If you have multiple disk, dd.
<Wamphyri> single disk
<lordievader> Then it will be difficult, not impossible but difficult.
<jamespage> hey smoser - any opinion on https://code.launchpad.net/~james-page/simplestreams/multihypervisor/+merge/278127 ?
<smoser> i think loong ago i said somethign about that..
<smoser> forget what it was.
<smoser> jamespage, is 'hypervisor_type' a openstack documented thing ?
<jamespage> smoser, it is
<smoser> can it be a list ?
<smoser> http://docs.openstack.org/cli-reference/content/chapter_cli-glance-property.html
<jamespage> smoser, http://docs.openstack.org/cli-reference/content/chapter_cli-glance-property.html
<smoser> right.
<smoser> it woudlseem limiting for us to say 'qemu' when in all likelyhood that image shoudl run in xen at least
<jamespage> smoser, I don't think so but I'll check
<jamespage> smoser, yeah that was actually my concern about turning this on by default
<rbasak> kickinz1_: could you take bug 1518440 please?
<ubottu> bug 1518440 in tgt (Ubuntu) "tgt fails to install in LXD" [High,Triaged] https://launchpad.net/bugs/1518440
<smoser> jamespage, well, i'll put that comment there.
<smoser> but thats my only reservation
<acmehendel> Can someone provide me with some info on how to set up a streaming video server?  Going up stream and down stream?
<Wamphyri> lordievader, difficult sounds interesting
<acmehendel> where there is a cam on one end somewhere remotely that streams to another end like a browser?>
<Wamphyri> glad you said not imposable lol
<lordievader> Wamphyri: You create a secondary partition large enough to hold the root. On that partition you build a pv. Put an lv on there for your root-fs. Dd your root-fs over. Then remove the original root-fs and enlarge the pv in someway. (Ofcourse all of this should be done in a live-cd after making a backup)
<Wamphyri> it would all need to be done through a kvm
<lordievader> Even better, you can do everything from the host.
<lordievader> Assuming you have access to the host.
<kickinz1_> rbasak, OK, I'll take it.
<rbasak> kickinz1_: thanks!
<fuzzywuzzy> Can anyone recommend a simple to use HID for Ubuntu server?
<andol> HID, as in a keyboard? :)
<fuzzywuzzy> host intrusion detection
<fuzzywuzzy> =P
<DammitJim> do you guys know the proper way of getting iptable rules to load upon a server reboot?
<DammitJim> for some reason the rules I have added aren't getting set if I restart my server
<DammitJim> but the bottom line is that it seems that if I add a new rule, I'll have to > my iptables-save to a file?
<lordievader> DammitJim: Write a service that restores your iptable rules.
<DammitJim> I was reading about iptables-persistent
<DammitJim> my confusion is that every time I change my rules, I'm going to have to not only iptables-save, but also do what I described above... is that correct?
<lordievader> What did you describe besided iptables-save?
<DammitJim> iptables-save > /etc/iptable-rules
<DammitJim> I don't know why it feels odd to have to create a service to deal with this
<lordievader> For me that is the only thing I have to do to have it saved.
<DammitJim> so, you didn't create a service as you had suggested?
<lordievader> I did.
<DammitJim> are you using iptables-persistent ?
<lordievader> It loads ipset and then iptables and ip6tables. No, I do not use iptables-persistent.
<DammitJim> yikes
<DammitJim> ok, thanks lordievader
<fuzzywuzzy> anyone using Apache 2 seen an issue with corrupted .htaccess?
<patdk-wk> heh?
<patdk-wk> what does one have to do with the other?
<genii> fuzzywuzzy: the webserver doesn't write to those files, that would be a security problem
<Luke> what do I need to do to ensure the group level permissions are always matching the parent dir on newly created files in that dir?
<Luke> i have the dir as "2770" and the "2" bit preserves the group but not the group permissions
<Luke> i want all new folders to be 770 and all new files to be 660 when they're created in that dir
#ubuntu-server 2015-12-08
<grilled-cheese> If Iâve got a 12.10 box I need to run up to the latest LTS, is do-release-upgrade going to go straight to 14.04 or through all the in between releases one at a time
<grilled-cheese> it looks like from /etc/update-manager/release-upgrades it will be on the normal path instead of lts
<grilled-cheese> I assume if I change that to lts, it will stop at 14.04 instead of running all the way to 15.10
<bradm> grilled-cheese: pretty sure you'll have to do it release by release.
<lordievader> Good morning.
<jamespage> rbasak, morning - can I bring https://bugs.launchpad.net/juju-core/+bug/1517258 to your attention?
<ubottu> Launchpad bug 1517258 in juju-core "juju 1.24.7 precise: container failed to start and was destroyed" [High,Triaged]
<jamespage> rbasak, I think its something todo with the lxc version in the cloud-tools pocket for the cloud-archive
<jamespage> cloud-tools is quite out-of-date - https://launchpad.net/ubuntu/+source/lxc/1.0.7-0ubuntu0.9 is the latest trusty version afaict
<toMeloos> jamespage: could you tell me when the first maintenance release will happen for openstack liberty packages in the UCA?
<toMeloos> Trying to get liberty running and there are some important bugfixes in the stable/liberty branches (mostly neutron and nova) that we really need!
<jamespage> toMeloos, the plan was to track any point releases issued by the individual projects - I see neutron popped a 7.0.1 in the last 24 hrs, I'll findout what nova are going todo
<jamespage> toMeloos, we might be able to squeeze an stable update in pre-christmas but given that mitaka b1 is also in progress right now, the packaging team might be streched to make that
<jamespage> so most likely early Jan
<jamespage> but I need to checkin with them first
<toMeloos> that's too bad. nova for example has a serious regression which means ceph and libvirt won't work together. bugfix is merged, but waiting to be packaged...
<toMeloos> and neutron seems to have a lot of L3 DVR and HA fixes as well
<toMeloos> jamespage: can't building packages from point releases be automated by the way?
<jamespage> toMeloos, well we can pick and high priority bugs earlier if need be
<jamespage> toMeloos, like I said I need to catchup with coreycb and see what they have capacity for
<jamespage> toMeloos, can you point me at what is hurting you?
<toMeloos> jamespage: this one right now: https://bugs.launchpad.net/nova/+bug/1508230
<ubottu> Launchpad bug 1508230 in OpenStack Compute (nova) "regression in cloning raw image type with ceph" [High,Fix released]
<toMeloos> and as I'm sure you can understand getting liberty working is a work in progress, so I can't guarantee nothing else will pop up after getting past this hurdle...
<jamespage> toMeloos, ack
<jamespage> coreycb will be around in ~3 hrs or so
<toMeloos> jamespage: I see about half a dozen bugfixes each for cinder, glance, nova and neutron. Slightly less for ceilometer, horizon and keystone. Haven't tested heat yet, but worried seeing that this list of merged patches contains a lot of bugfixes... https://review.openstack.org/#/q/status:merged+project:openstack/heat+branch:stable/liberty,n,z
<toMeloos> I'll be around in ~ 3 hrs :-)
<Voyage> in usually daemon configs, can I use more than one bind address to allow access to servers? e.g redid server?
<rbasak> jamespage: for bug 1517258, what's enabling the cloud tools pocket on the Juju bootstrap node? Is that Juju itself doing it? It's been a while since I've had to care about that pocket!
<ubottu> bug 1517258 in juju-core "juju 1.24.7 precise: container failed to start and was destroyed" [High,Triaged] https://launchpad.net/bugs/1517258
<jamespage> rbasak, I think its juju on 12.04 installs
<jamespage> only...
<jamespage> I think
<rbasak> OK, so I think the bugfix is in precise-updates but agree it's missing from the precise/cloud-tools CA pocket if that's what you're saying?
<rbasak> So we should push Trusty'x lxc back into precise/cloud-tools?
<coreycb> toMeloos, jamespage, ceilometer and neutron are the only projects that have tagged point releases for liberty at this point.  nova doesn't have a point release out so the best we can do at this point is cherry pick patch(es).
<rbasak> cpaelzer: do dpdk consumers currently have to specify which split DPDK libraries they should link with?
<cpaelzer> rbasak: they can but don't have to IIRC
<rbasak> What happens if they don't?
<cpaelzer> rbasak: they can link against the linker script, the combined library, individual libraires or static build
<cpaelzer> rbasak: depending which way they choose they have to specify subibs or not
<cpaelzer> rbasak: static also being available as split or combined
<rbasak> Let's ignore static, since the end result will be the same I think? I presume it's easiest for static to just follow what happens with shared.
<cpaelzer> rbasak: yes
<rbasak> Red Hat want the combined library out, right?
<rbasak> Are they saying that the linker script should become unnecessary, or that the linker script should be used to end up with shared library dependencies on the split libraries?
<cpaelzer> rbasak: I understood it as "linker script replaces combined library"
<cpaelzer> rbasak: the linker script auto-refers to the individual libraries then
<cpaelzer> rbasak: so the second part of your question IMO
<cpaelzer> rbasak: "he linker script should be used to end up with shared library dependencies on the split libraries"
<rbasak> If a library consumer uses the linker script to end up with shared library dependencies on the split libraries, will it end up with dependencies on just the set of libraries required or all of them?
<cpaelzer> rbasak: I understood the mail discussion that he will only end up with those needed, btu I never seen it in action
<toMeloos> coreycb: I can live with that, but is there any chance of a maintenance release in the very short term?
<toMeloos> coreycb: recommend having a look at heat too. lot of bugfix commits merged in stable/liberty for it!
<rbasak> cpaelzer: OK, thanks.
<rbasak> cpaelzer: I'm drafting a reply, I'll ask for a review from you before sending.
<cpaelzer> rbasak: sure
<coreycb> toMeloos, those are questions for upstream. they are the ones deciding on when to cut point releases.
<coreycb> toMeloos, as for the existing point releases for ceilometer and neutron, we'll do our best to get those into the proposed pocket of the liberty cloud archive before the holidays
<toMeloos> coreycb: thanks! that would be a great start
<coreycb> toMeloos, ok good. and I just poked into #openstack-nova to ask if they have a point release coming soon.  if not I'll try to sru a fix for the but you mentioned earlier.
<coreycb> s/but/bug
<toMeloos> coreycb, jamespage: by the way, are there any plans for packaging Octavia? We need it to deploy Neutron LBaaS V2 and it should be declared stable with Liberty but it's not in the liberty cloud archive
<jamespage> toMeloos, no immediate plans
<grilled-cheese> thanks bradm
<rbasak> cpaelzer: first draft: http://paste.ubuntu.com/13826699/
<rbasak> cpaelzer: toned down a bit: http://paste.ubuntu.com/13826999/
<rbasak> (interesting URL diff)
<cpaelzer> rbasak: hehe, reading the new one
<davidic657> Hi, 14.04 proftpd has a major flaw
<davidic657> critical
<davidic657> you must be aware of it
<davidic657> ProFTPD Version 1.3.5rc3
<Sling> davidic657: http://www.cvedetails.com/cve/CVE-2015-3306/ ?
<sarnold> davidic657: can you prepare a debdiff for us to sponsor? there's a few bugs that need fixing, http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html
<davidic657> just get on with it
<Sling> lol
<davidic657> fix the darn thing
<sarnold> davidic657: protftp is community maintained; I think no one actually uses it, since no one has prepared updates yet.
<davidic657> your supposed to be the top notch distro
<davidic657> its a major exploit
<Sling> proftpd has nothing to do with the ubuntu server
<sarnold> davidic657: more information on how to prepare an update is available at https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
<Sling> unless you mean this has been fixed upstream and the package needs updating
<davidic657> Sling: yeah
<sarnold> Sling: that's probably the case; see the people.canonical.com url I pasted earlier for details
<Sling> ok, then I said nothing
<sarnold> davidic657: feel free to run vsftpd, which is in main and supported by the ubuntu security team
<davidic657> sarnold: proftpd is built into my CP
<davidic657> hate taking anything off default :)
<sarnold> davidic657: what's that?
<davidic657> Virtualmin
<sarnold> yikes, I hope you've got _that_ firewalled off to just your home IP too...
<davidic657> sarnold: that to me :)
<davidic657> I guess not
<plm> hi all. i'm trying install ubuntu server on a ts140 (2 disks, 3 tb each one). i installed the system and i configured the raid, but now i've problem with grub. seems i cannot install it (fatal error).
<plm> anybody can help me?
<plm> bios configured as: quick start disabled. secure boot disabled. boot mode legacy first. disks AHCI (i used the software raid during the installation).
<plm> the image i used is: ubuntu-14.04.3-server-i386
<sarnold> plm: what error do you get? irc works best with specifics..
<plm> the exectuion of "grub-install /dev/sda /dev/sdb" failed. this is a fatal error.
<sarnold> dang that's it? how about log files?
<plm> i'm in the installer. how can i access the log file?
<sarnold> maybe alt-f2 or control-alt-f2?
<plm> .
<plm> ok.
<plm> grub-install: warning : this GPT partition label contains no BIOS Boot Partition; embedding won't be possible. /// grub-installer: grub-instal: error: embedding is not possible, but this is required forRAID and LVM install.  /// grub-installer: error: running 'grub-install --force "/dev/sda/"' failed.
<quantic> plm: You need to fix partitioning. You need a small partition of GPT type ef02 (I think) at the start of each disk.
<plm> md: delaying resync of md2 until md1 has finished (they share one or more physical units).
<plm> what's ef02?
<quantic> plm: The GPT partition type ID for "reserved BIOS boot partition."
<quantic> plm: When installing a BIOS GRUB loader (not UEFI) on a GPT-partitioned disk, which yours are because they're >2TB, you require that partition in order for GRUB to have somewhere to embed itself.
<plm> but now, after did raid i cannot edit partitions. how can i do? have i rewrite the partition table?
<quantic> plm: Reinstall would be the easiest way.
<plm> ok, i'm rebooting the server.
<plm> ok, now i'm in the partitioning step. how should i proceed?
<quantic> plm: Create a small (1MB is fine) partition at the start of both disks. Set the type to "reserved BIOS boot partition."
<quantic> Then partition the disks normally other than that.
<plm> the partition tool shows me the raid
<plm> i need to delete it... before.
<ponyofdeath> trying to create a deb of nodejs 4.3.2 and running debuild after having this rules file seems to not include usr/bin/nodejs in the deb only the doc's any idea what is going on? https://bpaste.net/show/3a9c2cf852c7
<plm> quantic, i removed the previous partitions. but when i tryed to create a 1 Mb partition it says it's too small
<quantic> What did you enter at the size prompt, specifically?
<patdk-wk> I normally do 8mb
<patdk-wk> I think 1mb is just enough these days
<quantic> 1M is quite massive for a GRUB partition.
<quantic> On my servers, it's exactly 1MB.
<plm> but the partition tool don't allow to use a so small partition. while, if i ask to the partition tool to autocreate a partition table, it creates 1mb (free space) ; 1mb biosgrub ; 3tb / ; 17mb swap. can it be a solution?
<plm> or the 1mb empty space is a problem?
<quantic> plm: The 1mb biosgrub is what I'm talking about creating. o.o
<plm> of course, i understand. but it's not at the begin. there is 1mb free space before.
<plm> is it a problem?
<plm> quantic, have i create a md for biosgrub also?
<quantic> plm: No, it won't work. Just leave it as a bare partition.
<patdk-wk> no
<patdk-wk> it can be anywhere
<patdk-wk> ideally it should be within the first 500megs of the disk, or 8gigs or whatever bios limit you have :)
<patdk-wk> but otherwise it could be at the end of the disk
<plm> quantic, so i've to partition the two disks in the same way, and i'll obtain something like: so the partition table would be something like: 1MB free; 1MB biosgrub; 3TB RAID; 17GB RAID & 1MB free; 1MB biosgrub(?); 3TB RAID; 17GB RAID
<plm> but the 1Mb of biosgrub i've in the sda, what it would be in sdb?
<patdk-wk> a mirror image
<patdk-wk> if you expect to boot from it
<plm> so, patdk-wk i've to select also in the second disk biosgrub?
<patdk-wk> yes
<plm> however i cannot flag this partition as bootble.
<plm> is it normal?
<patdk-wk> and in your grub config, select it also
<patdk-wk> heh?
<patdk-wk> it should be flaggable as bootable
<quantic> GPT doesn't have a bootable/active flag.
<quantic> So, no, you shouldn't be able to flag it as bootable.
<plm> so, it's normal. ok. cool :D
<plm> so at the end i've sda1 and sdb1 biosgrub (1mb each one); MD0 3TB for Root; MD1 17GB for Swap. right?
<plm> quantic, patdk-wk  i'm going to arrive to the grub installer.. pls don't leave me now. :/
<quantic> plm: Sounds about right.
<Logos01> So. This is a real shot in the dark here, but is there any chance anyone here has written a CIS-benchmark compliant preseed for 14.04 ?
<plm> ok, finally i'm at the grub installer tool. it asks me to install it on mbr. but if i right understood, maybye i've install it on sda1 and sdb1 right?
<quantic> No.
<quantic> Install to MBR.
<plm> ok, finally it was succesfully installed thank you very much
<quantic> Cheers. :)
<genii> sda1 and sdb1 are partitions, sda and sdb are where you can install bootloaders
#ubuntu-server 2015-12-09
<Wamphyri> is there a way to check pureftpd's logs
<Wamphyri> only log i can find for it is transfer.log and its now telling me anything
<sarnold> Wamphyri: check lsof to see if it has open file descriptors to other log files; that may help you figure out where else logs may be written
<sarnold> Wamphyri: if it has a socket open to /dev/log then it may be logging to syslog, in which case the standard auth.log etc may include pureftpd information
<sarnold> Wamphyri: or you could 'grep -ri pureftpd /var/log' to see if there's other files with logs..
<Wamphyri> sarnold, nothing
<sarnold> darn
<Wamphyri> only file it seems to be accessing it transfer.log
<Wamphyri> but since i can't even connect to transfer files its empty lol
<sarnold> it may have directives to determine what gets logged
<sarnold> what errors do you get in your client?
<Wamphyri> knowing my luck probably
<Wamphyri> nothing thats the shitty part
<Wamphyri> lemmi try a different client
<Wamphyri> in netstat will it say pureftpd or just ftp?
<sarnold> programs can modify what gets reported there; probably pureftpd but it might change..
<Wamphyri> tcp        0      0 *:ftp                   *:*                     LISTEN  and tcp6       0      0 [::]:ftp                [::]:*                  LISTEN
<Wamphyri> thats my netstat, i used my cmd prompt in winblows and it said ftp: connect :Connection timed out
<sarnold> ahhh, -that- bit is the port from /etc/services, there's both ftp and ftp-data, and if you configure it to listen elsewhere (probably a bad idea for ftp) then it'll just be ftp
<Wamphyri> i havn't configured it to listen anywhere else lol
<Wamphyri> but i'll check anyways
<sarnold> normally folks use netstat with -n to disable name lookups because those take forever :) I thought you were asking about the process name that's reported with the -p flag, hehe
<Wamphyri> netstat -at
<sarnold> alright, connection timed out, that's nice and concrete. are there any firewalls between your client and server --perhaps on both those machines, too -- that might be dropping packets?
<Wamphyri> none on this machine i know that
<Wamphyri> lemmi check the server
<sarnold> is it hosted at a cloud provider? if so you may need to adjust the security groups to allow it through
<Wamphyri> na, its a dedicated server
<Wamphyri> ufw disable and i still get the same error connection timed out
<sarnold> what's the IP? I'll give it a check
<Wamphyri> 74.91.26.230
<Wamphyri> server isn't even listening to that ip lmfao
<Wamphyri> jesus i'm a idiot
<sarnold> * means "listen on all interfaces"
<Wamphyri> i know
<Wamphyri> but i don't have *.230 in interfaces or in networking at all
<Wamphyri> i only have 74.91.26.226 in there
<sarnold> ahhhhhh
<Wamphyri> i appreciate your help tho!
<Wamphyri> sarnold, you ever used a spider kvm?
<sarnold> Wamphyri: no, looks neat though expensive
<sarnold> I mean, I know they've got a full-blown computer in that thing, I know it does a difficult task, but .. ouch all the same :)
<Wamphyri> what a pain in the arse it is tho lol
<Wamphyri> my providor uses it for there dedicated servers some peopel have no issues others like myself can't get the thing to work for longer then 30 seconds
<sarnold> aww :(
<Wamphyri> ah well
<Wamphyri> least the dedi is working
<Wamphyri> time for bed, need to be up in a few hours to go salting just in time to crawl into bed to go salting again lol
<sarnold> good luck in the salt mines :)
<Wamphyri> lmao
<Wamphyri> its my two weeks to salt the parking lots
<sarnold> ugh that sounds miserable
<Wamphyri> meh its not bad, drive in flick a switch drive out flick the switch lol
<Wamphyri> 3 lots i have to get out grab a shovel of salt toss it on the walkway back in the truck and off i go
<Wamphyri> 2.5*7 but paid for 30 hours
<sarnold> well, alright, that's perhaps tolerable for two weeks :)
<Wamphyri> lol
<Wamphyri> until last weeks shit show
<Wamphyri> out of 30 hours friday morning (4am) till saturday morning (11am) i worked 24 hours combined with 3 hours zzzz's
<Wamphyri> 10am sorry
<Wamphyri> in 7 hours hours we got 30cm of snow (1 foot) lol
<sarnold> somehow I doubt salt was able to keep up
<Wamphyri> nope, it was shovels, trucks with blades and front end loaders lol
<patdk-lap> depends on the goal
<patdk-lap> stop ice, or melt snow :)
<Wamphyri> by saturday all you could see was black top
<Wamphyri> now today me going and salting is to stop ice
<patdk-lap> I'mupset we have no snow yet
<patdk-lap> last few years when I come back from vacation, there is a huge storm
<patdk-lap> nothing :(
<Wamphyri> if i don't see another flake of snow for the rest of the year i'll be happy
<pmatulis> Wamphyri: where are you?
<Wamphyri> but i live in newfoundland so thats not gonna happen lol
<pmatulis> ok
<sarnold> patdk-lap: oh, did you already do the mexico trip?
<patdk-lap> ya, got back sunday
<sarnold> patdk-lap: welcome back :) how was it?
<patdk-lap> the trip was ok, but total hell
<patdk-lap> way too much drama
<sarnold> aww :( sorry to hear it
<k1l_> hi, using ubuntu 14.04 and ran into an issue while trying to change the owncloud data dir. have a 2TB ext4 disk mounted on /media/Daten and set /media/daten/owncloud/data/ to the www-data user .
<k1l_> but when trying "sudo -u www-data ls -al /media/Daten/owncloud/data/" i get a "cannot access  /media/Daten/owncloud/data/: Permission denied"
<k1l_> same goes for the owncloud server, which is giving an error then.
<k1l_> ls -al /media/Daten shows: drwxrwxr-x  3 www-data www-data     4096 Dez  9 02:48 owncloud
<nacc> k1l_: is /media/daten mounted with permissions for that user to access the mountpoint (an strace might indicate what is giving you the EPERM specifically)
<k1l_> uh, thanks for the hint. i looked at /media now (again) and /media/Daten was 770 while www-data was not user or owner. works now
<nacc> k1l_: np
<nacc> k1l_: tbh, I always found it confusing debugging such permissions issue myself (between the dir/file ownership bits and the mountpoint's, when both return the seemingly same error message when misconfigured)
<k1l_> this issue with a changing data dir is very common with owncloud. and i looked at php settings like basedir, apache settings, even if selinux is running or such. and in the end its such a trivial thing.
<dent> Can my computer run ubuntu http://postimg.org/image/5xcjjqkhz/
<data> Hi, I am trying to install ubuntu server with the full installation, but can't get past "Configure the network". I have two dual networking cards, but no matter which one I choose, it just puts me back to the main menu and I can't select any other. I have manually run dhclient on the correct one, and it works: http://www.directupload.net/file/d/4197/wcxlyoyn_png.htm
<data> As you can see, there is no ok button as in the rest of the menus
<arcsky> is not allowed to execute '/bin/bash' as root on srv
<arcsky> anyone know whats wrong?
<arcsky> ah you need to relogin after usermod sudo
<andol> arcsky: In more general terms, you need to relogin for changes in group membership to take affect.
<caribou> Hi, does someone have a minute so sponsor the following merge : https://bugs.launchpad.net/ubuntu/+source/nut/+bug/1522346
<ubottu> Launchpad bug 1522346 in nut (Ubuntu) "Please merge nut 2.7.2-4 (main) from debian (unstable)" [Wishlist,Confirmed]
<caribou> more sponsorship request :
<caribou> jamespage: do you have time to sponsor the haproxy fix for Vivid (LP: #1481737)
<ubottu> Launchpad bug 1481737 in haproxy (Ubuntu Vivid) "HAProxy init script does not work correctly with nbproc configuration option" [Medium,In progress] https://launchpad.net/bugs/1481737
<arriandy> hello
<arriandy> any one ?
<jpds> !ask | arriandy
<ubottu> arriandy: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<jpds> arriandy: We haven't yet prefected the art of telepathy
<telldrak> Hello all
<telldrak> looking for some help with getting mail set up on my Ubuntu 14.04 server
<telldrak> I've installed postfix, but cannot get it to send out any e-mail
<arriandy> jpds
<telldrak> I'm also running Apache with several domains served on it
<jpds> arriandy: Hi
<OEP> telldrak: is there anything useful in your /var/log/mail.log ? Can you put it in a pastebin?
<arriandy> looking for hellp to set up a socks 4 or 5 proxy server on my server. i m trying dante but can t figure out to set it right
<arriandy> what about perl or python socks ? any advice ?
<jrwren> arriandy: for you or for many people?
<arriandy> jrwren: for one unique user with pass auth
<jrwren> arriandy: ssh has it built in. ssh -D
<arriandy> btw, what will the pefect commands looks like for ssh -D ?
<arriandy> i want to enable both methods
<beisner> jamespage, coreycb, thedac - tested against staging, now pushing lxc from staging to proposed for Juno cloud archive re: bug 1522183
<ubottu> bug 1522183 in Ubuntu Cloud Archive "lxc in the trusty-juno cloud archive is incompatible with newer kernels" [High,Fix committed] https://launchpad.net/bugs/1522183
<coreycb> jamespage, this is blocking python-hypothesis (needed by python-cryptography) from getting into the cloud archive for mitaka: https://github.com/DRMacIver/hypothesis/issues/237
<devster31> how do I skip the permission denied errors during the find command?
<Sling> devster31: add 2>/dev/null to your command
<beisner> coreycb, about to push these juno staging-->proposed re: rootwrap issue, please review:  http://paste.ubuntu.com/13871100/   tia.
<Sling> that will send all stderr output to /dev/null, rendering the errors invisible
<devster31> Sling, thanks, didn't realize those were on stderr
<coreycb> beisner, looks good. thanks.
<beisner> coreycb, ok, pushed to juno proposed.  thanks for the quick work there.
<coreycb> beisner, great thank you
<beisner> coreycb, yw!
#ubuntu-server 2015-12-10
<jamespage> smb, cpaelzer: hey would you have any objection if I update the dpdk package to just build the html docs? its a bit more lightweight and really would avoid a delta with backports to 14.04 where we have a problem generate pdfs...
<smb> jamespage, personally I would not have to many objections (I think the change was only minimal). If dropping a large amount of things previously provided is ok for SRU (wily case)
<jamespage> smb, cpaelzer: the other thing is that the dpdk init scripts mount hugepages at /dev/hugepages
<jamespage> but...
<jamespage> libvirt expects a mount at /var/run/hugepages ...
<jamespage> apparmor will deny access...
<smb> jamespage, thats because systemd already mounts it there... So libvirt is clearly doing it wrong
 * jamespage is between a rock and a hardplace where
<cpaelzer> jamespage: I'm fine changing to only html doc
<jamespage> cpaelzer, awesome - is there a repo for dpdk?
<cpaelzer> jamespage: yes, but the xenial branch is currently moving for dpdk 2.2
<cpaelzer> jamespage: hmm, do you need for devel or for wily?
<jamespage> cpaelzer, well both
<cpaelzer> jamespage: the xenial 2.2 branch is waiting for DPDK to finally release 2.2
<jamespage> cpaelzer, I can branch off the previous version if you like
<cpaelzer> jamespage: yeah that is possible the best - the current repo has what we uploaded ATM
<jamespage> where is it? (the repo)
<cpaelzer> jamespage: I can pull pick your patch from there when uploading for 2.2 later
<cpaelzer> jamespage: second I'll pass the link
<cpaelzer> jamespage: I'll send you the full .git/config ain a query so you see how SMB and I have set  it up
<cpaelzer> I have to dash shortly, smb also knows these branches well
<cpaelzer> jamespage: there are many more changes for 2.2 incoming by changes upstream
<cpaelzer> jamespage: did you hear if OVS-dpdk support for 2.1 was native or just relying on the fact that 2.1 is ABI compatible to 2.0?
<smb> cpaelzer, I would say as jamespage does not need to fetch and merge upstream he just could make a simple clone from launchpad
<smb> Might be less confusing
<smb> jamespage, only special thing then is that master follows vanilla upstream and the ubuntu versions are in branches (ubuntu-wily and ubuntu-xenial so far)
<jamespage> smb, has 2.0.0-0ubuntu1.1 been uploaded?
<smb> jamespage, I asked for it and it was sponsored at least. Dunno how far it came
<smb> jamespage, so still in unapproved queue
<jamespage> smb, so I see
<jamespage> smb, cpaelzer: pushed and uploaded for xenial
<jamespage> cpaelzer, smb: might be nice if Vcs-Git pointed at the packaging repository
<jamespage> so debcheckout DTRT
<smb> jamespage, only that we are not sure about it staying in that place.
<jamespage> smb, ack
<jamespage> just and obs...
<eahmedshendy> can anyone help me how to calculate number of threads available on Ubuntu 14.04 installed on Amazon Ec2 instance?
<eahmedshendy> http://paste.ubuntu.com/13890841/, http://paste.ubuntu.com/13891486/
<andol> eahmedshendy: What do you mean by number of threads availible? If you allow for context switching you have *lots* of threads. What's optimal all depends on what you are running, etc.
<eahmedshendy> andol: the java developer asks me what maximum number of threads that I can make my tomcat application use in the instance
<andol> In that case I'd imgaine you wanting one thread per core, unless you also need to consider availible RAM.
<andol> eahmedshendy: Wouldn't the developer know his application best? :) If so, just give him the HW specs.
<eahmedshendy> andol: mmm, he can't read the hardware specs
<eahmedshendy> I just want to learn that also
<Daviey> smoser: Hey, is bug 1506187 wrongly marked as private?
<ubottu> bug 1506187 in cloud-init (Ubuntu Vivid) "[SRU] Azure: cloud-init should use VM unique ID" [Critical,New] https://launchpad.net/bugs/1506187
<Daviey> smoser: oh weird.. i can see it now
<smoser> probably.  the cpc team files private bugs sometimes.
<utlemming> Daviey: that bug shouldn't be private....its not showing as private for me.
<utlemming> Daviey: launchpad must be having a moment
<Daviey> utlemming: yeah, weird - working now...
<smoser> Daviey, i think there *was* a private bug in there, somehow related.
<Daviey> smoser / utlemming: I see what the problem is... I was using the URL from this output.. http://paste.ubuntu.com/13897398/ .. which is in the wrong format.
<beisner> jamespage, coreycb - https://bugs.launchpad.net/charms/+source/nova-compute/+bug/1524177/comments/7
<ubottu> Launchpad bug 1524177 in Ubuntu Cloud Archive juno "[SRU] Juno nova-* ImportError: No module named rootwrap.cmd (when used without neutron)" [Critical,Fix committed]
<coreycb> beisner, great, ready to promote to -updates?
<beisner> coreycb, indeed, this is the fast-track one.  all but lxc would go:  http://paste.ubuntu.com/13901226/
<beisner> (lxc has a week to bake)
<coreycb> beisner, sounds good thanks
<beisner> coreycb, ok, pushing buttons.
<nat0> Can anyone tell me why preseeding a fresh install of 14.04 from a local mirror fails after booting from the install initramfs, starting anna, which then 404s trying to find Release signatures for wily-updates in the 14.04 directory?
<nat0> Why would anna need wily Release signatures for a trusty install?  There's nothing in my preseed file to instruct the new installation on upgrades.
<nat0> In addition, the Release signatures exist in Ubuntu-14.04LTS-x86_64/dists/wily/Release, so what could anna's problem be?
<nat0> It's not to do with the networking, or the way the local mirror is serving content over HTTP.
<nat0> Modifying the preseed file to deliberately disable upgrades doesn't get anna to not verify these signatures.
<nat0> Okay, I've just noticed the 404 is for Ubuntu-14.04LTS-x86_64/dists/wily-updates
<nat0> This is not being pulled in when I sync the local repo I'm seeding from.
<Synthead> I'm working on a pressed.  I want skip creating a normal user account, so I've added "d-i passwd/make-user boolean false" (as per https://help.ubuntu.com/lts/installation-guide/armhf/apbs04.html), but I'm still prompted to create a regular user during the install.  What am I doing wrong?
<Synthead> this is my preseed file so far, very small: http://pastie.org/10623763
<Synthead> oh strange, if I set a root password and allow root logins, it bypasses this prompr
<Synthead> I don't want to have any logins because I plan on putting an ssh key in there for root
<Synthead> is there any way to permit no logins at all?
<Synthead> When the ubuntu installer boots, it mounts /dev/sda1 to /media.  Is there a way to prevent this?
<jvwjgames> I have been trying for months to get my server network up but can't
<bekks> jvwjgames: Whats failing?
<jvwjgames> Persistent naming
<jvwjgames> Aka persistent file
<bekks> ??
<bekks> Persistent naming of what? Why are your network interfaces changing all the time? :)
<jvwjgames> Yes
<bekks> "Yes" is not a valid answer to "why?" :)
<bindi> lol, months
<jvwjgames> Sorry yes they changing but I don't know why
<bekks> Then what is changing exactly?
<bekks> You need to be a bit more specific :)
<jvwjgames> When every I use my server the internet will go out I switch Ethernet ports on the server and it works but then some time later I will have to switch it back
<bekks> Why do you switch interfaces?
<Synthead> can I do a network install from the generic ubuntu server CD (without PXE)?
<jvwjgames> Cause the internet goes out
<jvwjgames> And then I switch and it works
<jvwjgames> bekks: does that help
<bekks> jvwjgames: Maybe you should fix your internet connection issues then, rather than switching interfaces?
<jvwjgames2> It's not the internet it is something on the server cause all other computers work
#ubuntu-server 2015-12-11
<Synthead> is there a way to do a network install from the generic ubuntu server cd (14.04 LTS)?
<Synthead> well, I ended posting it on askubuntu anyway http://askubuntu.com/questions/708356/how-can-i-install-from-network-sources-using-the-generic-ubuntu-server-cd
<roaksoax> 3/win 3
<nacc> Synthead: do you mean making sure you're up to date during the install? or do you mean loading hte installer components over the network?
<Voyage_> Hi
<Voyage_> http://oi65.tinypic.com/r8s2ux.jpg  I have enabled headers and getting correct CORS in headers (access-control-allow-orig...	*) but still I cannot access the inner dome or page height of an iframe in side  a parent page. It says "Error: Permission denied to access property "document"" any clue?
<jak2000> hi all i have a crontab task (with mysqldump command) when run the task thhe backup was generated in 0 bytes, but when run same command manually it generate the correct backup, any advice how to know why? thanks
<andol> jak2000: Any stderr output, captured by mail? Perhaps some PATH or other environment issue?
<andol> jak2000: Unless you have a local MTA setup, perhaps you can modify the script to write STDERR to a separate file?
<roaksoax> q/win 13
<koolhead17> hello world
<jak2000> andol!
<jak2000> i have full paths
<jak2000> see please: http://pastie.org/10625270
<jak2000> andol?
<LzrdKing> how can i determine why a 12.04 server spontaneously rebooted?
<LzrdKing> logs look normal one moment, and then everything is starting up the next
<lordievader> Disk failure?
<LzrdKing> would that be logged anywhere?
<lordievader> Well that might be a problem ;) Suppose you want to write to the disk, but the disk failed...
<LzrdKing> the logging volume didn't fail
<lordievader> Hmm, I'd check SMART anyways.
<LzrdKing> yes, thats a good idea, thank you
<TJ-> power-loss would be the obvious candidate
<LzrdKing> TJ-: yes, but to only one server of many in a rack?
<LzrdKing> i'm not sure how the rack is powered, but i'd thikn there would be other issues too
<LzrdKing> i'll keep that in mind
<LzrdKing> but how could i tell if that was the issue?
<TJ-> LzrdKing: local PSU issues possibly. Does the server have IPMI? could remote-hands of accidentially nudged cables on that rack - or is it caged? etc
<LzrdKing> lordievader: Device does not support SMART
<LzrdKing> TJ-: yes it does
<TJ-> LzrdKing: anything in the logs of the *other* servers at the time that server died?
<LzrdKing> i'll look
<jge> good morning guys, happy friday. I have a question, I have a VM that takes long to boot up. It hangs saying the following: Waiting for network configuration, Up to 60 more seconds for network configuration .."
<jge> I use /etc/network/interfaces to configure networking
<LzrdKing> TJ-: IPMI might be able to indicate better what happened?
<lordievader> LzrdKing: Huh? Is it a non-standard disk?
<jge> not sure what could be causing this, Ubuntu Server 14.04 LTS
<TJ-> lordievader: could be behind RAID controller
<nacc> jge: so eventually it does come up w/ networking?
<TJ-> jge: that times out if the network isn't available; check the config, are you trying to automount remote network file-systems?
<LzrdKing> yes, its an SMC RAID
<lordievader> Ah, that explains it indeed.
<jge> nacc: yep it comes up fine
<jge> TJ-: nope
<jge> this is what my /etc/network/interfaces looks like:http://pastie.org/private/jcat5qnhb3debzh4fodxuw
<jge> very simple, I'm wondering if it's because the next hop for that static route is on a different subnet
<jge> I'll remove it and test
<jge> ha, that did it!
<jge> freaking booted in seconds :D
<LzrdKing> i have a laptop that hangs there for a while too, i should look at that
<TJ-> jge for the reasoning of that message see /etc/init/failsafe.conf
<jge> TJ-: will do, thank you.
<pod_> When ever I try to boot into ubuntu I keep getting this error http://postimg.org/image/yi2biav9n/
<nacc> pod_: and it doesn't boot? or do some devices not work? do you have a USB hub?
<pod_> I am using a desktop and only using the usb ports that are on my motherboard.
<pod_> Ubuntu is already installed on my hard drive
<nacc> pod_: is your concern the messages themselves, or is something specifically not working?
<pod_> I am just trying to fix the error
<nacc> pod_: I believe that is indicating an issue with a USB hub, including possibly the one on your mobo. Could be insufficient power (if it was external, e.g.) for the load, etc. Does it happen w/o anything plugged into the USB ports on the motherboard? Do any of the USB ports on your machine work?
<pod_> Yeah I tried booting back into Ubuntu when only the keyboard plugged in and still get the same error.
<pod_> When ever I use debian all the ports work fine
<nacc> pod_: ok, and do your devices work? e.g., your usb keyboard?
<nacc> pod_: what version of Ubuntu and what version of Debian?
<pod_> ubuntu 14.04 and debian 8.1
<nacc> pod_: 14.04.3 or 14.04.0? that is, which kernel probably matters, as 8.1 uses 3.16.7 (I think) and 14.04.0 used 13.13 (and each .x update has bumped that, so for instance, 14.04.3 is on 3.19
<nacc> if Debian 8.1 worked without the errors, I would guess it's just a kernel fix and I'd try the latest 14.04.3 release
<nacc> if possible
<pod_> Okay I'll wipe the older ubuntu and install newer ubuntu
<nacc> pod_: so you were on an older ubuntu before? shouldn't be ncessary to wipe it, just boot the live image and see if it works?
<LzrdKing> TJ-: ilo has nothing useful logged either
<pod_> I upgraded from 12.04
<patdk-wk> nacc, it only bumped it if you started with 14.04.2 as the install base
<patdk-wk> not if you upgraded to 14.04.3
<LzrdKing> is there a way to run a raid utility without rebooting?
<nacc> patdk-wk: good point, sorry
<patdk-wk> not sure why a raid utility would needa reboot
<patdk-wk> unless it requires dos/windows
<pod_> Software raid
<nacc> patdk-wk: my understanding was that 14.04(.0) was 3.13 based, 14.04.2 was 3.16 based, 14.04.3 was 3.19 based, and 14.04.4 will be 4.2 based? although those may be specific packages you pick to install from the HWE stack
<LzrdKing> i don't know, i've only ever seen raid info come up during a boot when it says siomehting like "press F2 to configure"
<patdk-wk> nacc, that is true
<patdk-wk> but you have to INSTALL 14.04.2 from a iso for HWE to be enabled
<nacc> patdk-wk: ah i see what you're saying
<nacc> patdk-wk: yep, makes sense
<patdk-wk> or enable it yourself
<patdk-wk> for me personally, hwe has been nothing but problems
<nacc> patdk-wk: like what?
<patdk-wk> due to kernel dmks build issues
<nacc> ah
<nacc> external modules?
<patdk-wk> external to the kernel
<nacc> yeah, sorry, that's what i meant
<patdk-wk> the packages dkms packages don't maintain kernel compatability with HWE kernels
<patdk-wk> so using open-vm-tools, xtables, ..., can cause you lots of issues
<patdk-wk> though, open-vm-tools is better lately though
<nacc> well, the (upstream) kernel doesn't guarantee API or ABI compatability release-to-release; that's probably the biggest issue?
<patdk-wk> yes
<pod_> I had to fix a broken part of the kernel from a old verison of ubuntu to fix error 71
<patdk-wk> and I had an issue with libc and hwe kernel
<patdk-wk> but that is so esoteric, I didn't dig into it much, once I found it was a libc issue
<patdk-wk> but that is the other kernel api/abi problem
<nacc> patdk-wk: interesting, i haven't personally seen those problems, but i bet a bug would be appreciated :)
<patdk-wk> I thought about it, but reproducing it, by not me, would be impossible :)
<patdk-wk> so I didn't bother
<nacc> heh
<patdk-wk> it's a closed source binary, that I have heavily hacked
<nacc> ah
<patdk-wk> and is failing on an exec call to run sendmail
<patdk-wk> or rather, it works, but stdin isn't working right
<patdk-wk> but in all other cases, it works
<Razva> hey folks! I would like to test the Unbuntu Cloud (MAAS, Juju, Landscape etc) on a couple of lased bare-metal servers. note that these servers don't offer a vlan, so all I have is external IPv4 IPs. can I work this out, or do I need to have everything in the same place? I'm reading about MAAS right now, and from my understanding it needs to be all in the same network, as MAAS is basically
<Razva> setting up LAN IPs via DHCP?
<sarnold> Razva: indeed, maas does pxe via dhcp. probably your ISP won't be impressed if you start offering dhcp over the internet :)
<Razva> sarnold yyyup. :) ok, so what's the solution in my case?
<Razva> I really don't have 5 PCs at home in order to test it out, nor a powerful PC to install/run eveyrthing virtualized.
<Razva> so I was thinking to buy 5 cheap (kimsufi) bare-metal servers and start playing
<dlb> can someone help me with kvm?  I have a 64 bit 14.04.3 install but kvm keeps making 32 bit vms. --arch is set for amd64. Any thoughts on what to look at?
<sarnold> dlb: are you perchance running 32bit guests by accident?
<dlb> I am trying to build the guests.  When I build them, they are 32 bit.  I expected 64 bit.
<sarnold> Razva: you may wish to try in #maas .. my best guess is something like set up an openvpn or ipsec vpn over your five cheap hosts, and virtualize a machine on each or something. it's not a great idea. hehe.
<dlb> The host is 64 bit
<Razva> sarnold already did, nobody is replying right now. :|
<Razva> is MAAS mandatory?
<sarnold> Razva: no
<sarnold> Razva: maas can make deploying openstack more convenient, since you can use juju to deploy the openstack software to the hardware; but you can certainly install openstack by hand on the machines
<sarnold> Razva: I hope kimsufi has some way to firewall those machines off from the internet; I slightly doubt openstack services are intended to be exposed on the public routable internet :)
<Razva> sarnold it's just some test machines, I won't store any data
<Razva> yeah so the whole idea was to use ubuntu cloud as I'm an OpenStack newb :|
<sarnold> Razva: good start; I'm just not convinced thta the services are sufficiently defensive about their inputs :/
<Razva> will Autopilot work, or is that MAAS dependant?
<sarnold> I think it requires maas
<Razva> darn
<Razva> so at this point basically ubuntu cloud is "useless" in my case?
<Razva> because Autopilot is the main reason to use the ubuntu cloud vs "standard openstack"
<sarnold> Razva: that might be the case. perhaps you can still use e.g. juju with the charms to deploy openstack if you use the ssh provider to juju..
<sarnold> autopilot may not work for you but you might still be spared the difficulty of setting up openstack services manually :)
<Razva> sarnold true... is there any manual of some sort, that will spare me of setting up?
<sarnold> Razva: not that I know of; I think it's mostly assumed that if you're interested in openstack, you've got the hardware on site to make it happen :/
<sarnold> Razva: so putting together something a bit piecemeal out of cheap servers already on a cloud provider is a bit off the well-worn path.
<sarnold> Razva: this looks like The Guide for using juju with the ssh provider: https://jujucharms.com/docs/1.24/config-manual
<sarnold> Razva: you may need to read the autopilot script to figure out which specific settings it's using for which services, and you can find the service charms at e.g. https://jujucharms.com/q/?tags=openstack
<Razva> I'm curious, how do you handle mutiple physical locations in this case?
<sarnold> you'd define different availability zones
<Razva> ok, but how can MAAS allocate IPs into a totally different physical location?
<Razva> you need to have vlans between physical locations or...?
<sarnold> I think each availability zone would have its own MAAS configurations; if one is flooded or vaporized or whatever, you wouldn't want services in the others to die as a result
<Razva> aha, so you have more MAAS configs into the same Landscape/Autopilot?
<sarnold> hmmmmm, I wonder, I forgot that autopilot is now integrated into landscape. :/  I wonder if I've been on the wrong foot this whole conversation. (I'm sorry, it'd been ~six months since I last looked into autopilot...)
<sarnold> I wonder if the "new" autopilot still requires brand new machines or if you can use landscape to add existing machines into a cloud..
<Razva> any idea where should I ask?
<Razva> http://askubuntu.com/questions/708608/playing-with-ubuntu-cloud-on-different-machines-without-vlan
<sarnold> jcastro_: http://askubuntu.com/questions/708608/playing-with-ubuntu-cloud-on-different-machines-without-vlan  ^^^
<Razva> oh, so I can run it in vSphere locally on my "medium-sized i7 PC"?
<jcastro_> on it
<Razva> yeah, on it
<Razva> just installed vSphere (free) so brb reboot
<sarnold> maybe; I saw int eh virtualized bit that there's a 8gigs memory suggestion/requirement for the machines.. and while that probably doesn't actually mean 40 gigs, it might not run great if you've only got e.g. 16 available ..
<Razva> sarnold I just want to see how it works...that's all...
<jcastro_> I think these days we can smoosh it onto like three servers
<jcastro_> zul: heya, is all your lxd/openstack stuff landed somewhere? That might be an interesting option
<jcastro_> sarnold: wow, you're not going to believe how simple the answer is
<jcastro_> http://openstack.astokes.org/
<sarnold> jcastro_: dude.
<geetar> Can someone help me determine why I cannot set up a print server on a ubuntu server?  "nmap" from a wireless laptop does not see the open 631 port but "nmap" from the server itself reports that the port is open.
<jcastro_> sarnold: I know right, dude look at the video: https://www.youtube.com/watch?v=1eUoamVBzFI
<sarnold> geetar: check netstat -lntp, make sure it's bound to a public IP address or *
<jcastro_> openstack on a nuc
<sarnold> jcastro_: I just watched the w hole thing. insane.
<sarnold> any idea how much RAM's in that?
<nacc> sarnold: quick googling indicate some models have capacity up to 16G, the latest ones seem expandable to 32G
<sarnold> nacc: it feels like a lot to ask of an 8gig machine but 16.. maybe. hehe. :)
<nacc> http://www.intel.com/content/www/us/en/nuc/overview.html
<nacc> sarnold: yeah :)
<nacc> might try that out when I reinstall my 32G box at home
<geetar> sarnold: I guess I am doing it wrong, what do you mean "bound" to a public ip address?
<geetar> sarnold:  otherwise I do not understand the output.
<sarnold> geetar: sockets are 'bound' to an <IP,port> pair; that lets you run one webserver locally on 127.0.0.1:80 but a different webserver on 192.168.1.2:80 and a third on 10.0.0.1:80.
<sarnold> geetar: so this is checking if cups is configured to only listen on e.g.127.0.0.1, in which case it won't be visible off the machine, or if it is bound toa specific IP that you're not talking with, or if it is bound to that port on any IP..
<sarnold> geetar: this lets you know if you need to fix the firewall configuration on a machine or router or if you need to fix the daemon configuration
<geetar> sarnold: ah, so I don't understand the output.  The result of "netstat -lntp" on the server is at http://paste.ubuntu.com/13942789/.  Note I can ping the server from the laptop.
<sarnold> geetar: on my system cups is listening on 631, it looks like the same for yours, lines 14 and 27
<geetar> sarnold:  Same for mine.  So, could it be the router is blocking 631 traffic?
<sarnold> geetar: is your router perhaps forbidding wireless connections from communicating with wired? try connecting to port 22 or port 80 to see if this is unique to this service or computer..
<sarnold> geetar: are you using iptables or ufw or similar firewall on this system?
<geetar> sarnold: port 80 works, I have a wiki on the server.
<geetar> sarnold: that I can access from wireless.
<geetar> sarnold: I will see if it is iptables or ufw.  I was thinking it was the router, but it should not be if I can access the wiki.  Thanks for helping me think it through.
<zul> jcastro_, yes we have bundles for them
<sarnold> geetar: it might still be the router.. hehe. lots of fun places for a firewall to live. ;)
<geetar> sarnold: drats.
<jcastro_> zul: I found the single node installer, I'm good
<jcastro_> zul: that thing is brilliant btw
<geetar> sarnold:  The first problem was the firewall as you suspected.  I fixed that and got into the CUPS webpage.  Still not printing because no admin access through browser but I think I can fix that.  Why did nmap run on the server report that its 631 port was open if it was blocked by its firewall?
<sarnold> geetar: the firewall probably only blocked packets coming into the ethernet cards or leaving via the ethernet cards; when run locally, they go over the lo interface, which is only rarely firewalled
<geetar> sarnold: thanks again
<sarnold> (well, I don't think I've _ever_ seen lo firewalled; it's possible, though. :)
<soahccc> when I install fail2ban does it do something out of the box? I only want it to do something custom not SSH, etc.
<RoyK> soahccc: iirc it does ssh out of the box - but it's easy to configure it to do whatever you want
<patdk-wk> well, it will detect
<patdk-wk> but if it blocks properly, based on whatever firewall your using
<patdk-wk> you might need to adjust it
<soahccc> RoyK: yeah if you know regex :) I'm afraid I ban all requests
<RoyK> soahccc: then learn regex ;)
<RoyK> soahccc: it's not too hard
<RoyK> soahccc: setup a VM first and try a bit before you go in production
<soahccc> RoyK: where is the fun in that ;) nginx + path + status code, can't be that hard
<soahccc> I hope fail2ban tails the file after reading it once :S It takes forever to parse my little 4 GB access log
#ubuntu-server 2015-12-12
<jak2000> hi all
<jak2000> why crontab not generate my backup of my databases? here more details: http://pastie.org/10626862    any advice?
<lordievader> I'm missing a #!...
<lordievader> Try running it with dash, it will likely show why the script doesn't work under cron.
<Gaz_> I'm running ubuntu server and both my root and boot partitions are full so I booted ubuntu live and used gparted to resize the root partition, applied the change and checked it showed the new size. When i boot back into ubuntu server the login screen is still telling me the old size, what am i missing to resize the partitions?
<TJ-> Gaz_: you've probably resized the partition, but not the file-system inside it
<Gaz_> Yeah, I have just r elised this but now when i use resize2fs it tells me the device or resource is busy, any ideas how to fix that?
<lordievader> Gaz_: Is it a ext filesystem?
<Gaz_> yes
<lordievader> Hmm, that should support online enlarging. At least ext4 does...
<Gaz_> it is ext4, im reading this currently http://unix.stackexchange.com/questions/138090/cant-resize-a-partition-using-resize2fs
<Gaz_> is this the way to do it do you think?
<lordievader> Do you have the exact same error?
<Gaz_> no, my error is resize2fs: device or resource busy while trying to open /dev/sda5 couldnt find a valid filessystem superblock
<lordievader> Yeah, so it's the same ;) Anyhow the second part, 'couldnt find a valid filessystem superblock', leads me to think that you have a broken filesystem.
<lordievader> I'd take a live-cd, check the filesystem and enlarge from there.
<Gaz_> what tool can  i use to enlarge the filesystem using the live cd? please excuse me being a noob
<lordievader> resize2fs ;)
<Gaz_> ok ill give it a shot now, thanks for the help so far
<Tsutsukakushi> hello
<Tsutsukakushi> how do i unlock a passwordless user?
<Tsutsukakushi> usermod -U doesn't work if the user has no password
<tarpman> Tsutsukakushi: how did you go about locking it?
<Tsutsukakushi> if you do useradd without a password it's automatically locked
<tarpman> Tsutsukakushi: locked in some way other than not having a password?
<Tsutsukakushi> we;;
<Tsutsukakushi> well
<Tsutsukakushi> it's just !
<Tsutsukakushi> by default
<Tsutsukakushi> so locked
<Tsutsukakushi> and no password
#ubuntu-server 2015-12-13
<tarpman> setting a password (passwd as root) is probably all you need to do, then
<grendal_prime> guys i got this situation where one of my linux guests locks up...takes up an entire processor.
<Tsutsukakushi> tarpman: this has to be non-interactive...
<tarpman> Tsutsukakushi: man 8 chpasswd
<grendal_prime> its used as a wedge device to connect users of on a smart phone to a java application Linux mint desktop.
<Tsutsukakushi> apparently --delete should remove any value... maybe this includes the lock too
<Tsutsukakushi> i'll try tat
<grendal_prime> it just decides...bam...
<Tsutsukakushi> that
<grendal_prime> where are the log files for individual guests stored again?
<grendal_prime> nevermind i found them
<grendal_prime> i never seen anything in these logs that seem to help.
<phi0xz> hey guys, trying to figure out how to make a folder location such as /downloads/ be really a combination of two different folder paths, /downloads/ and /home/downloads/. my drives are split up so that / is one drive and /home/ is another, however my /downloads/ folder is now getting full on / and i want to take the space from /home/downloads/ and link it up to /downloads/ so that files i write to /downloads/ actually write to /home/
<phi0xz> downloads/ if /downloads/ is full.
<andol> phi0xz: Wouldn't you rather solve this at a lower level, combining buth those drives using say LVM?
<phi0xz> sure. what happened was i have a rental server which was pre configured. they have a default system partition setup which i couldn't choose my own. didnt know if i could alter it easily?
<phi0xz> i've never altered partition tables in linux after a install has already been done.
<phi0xz> i've added drives but never altered.
<phi0xz> is there a guilde you could point me to which may help accomplish this?
<phi0xz> they also did software raid1 which i honestly dont need..
<phi0xz> but its preconfigured
<roasted> hi
<hipitihop>  I have installed LXD on my 14.04 desktop as per https://linuxcontainers.org/lxd/getting-started-cli/ and imported ubuntu via lxd-images but during launch apparmor complains "Incomplete AppArmor support in your kernel...lxc.aa_allow_incomplete = 1..."
<hipitihop> For the benefit of others I ended up adding `lxc.aa_allow_incomplete = 1` to  /usr/share/lxc/config/ubuntu.common.conf
<jvwjgames> My sftp is copying files but for some reason won't copy folders
<jvwjgames> I need help
<jvwjgames> I can't get past a server error 500
<lordievader> Good morning.
<Sagar> Hello, can anyone help us, our server is getting mad, not sure what is the issue and where it is http://paste.ubuntu.com/13990037/
<Sagar>  It says We have detected that load average of your VPS  is above the allowed limit.
<Sagar> Our vps was suspended, they said us to look into our VPS. Any help appriciated, SMTP and php fpm is getting made, not sure, why
<patdk-lap> sagar, well, you are infected with a vaunerable php program
<patdk-lap> and are sending spam
<Wamphyri> is there a way to find out if php is lagging or if its mysql?
<Capprentice> How to implement a spam filtering server?
<Capprentice> It has to be transparent :(
<Capprentice> and must have capasity to filter mails from gmail, hotmail etc.
<Paaltomo> hi
<Paaltomo> i'm trying to connect to an openvpn server i just set up on ubuntu
<Paaltomo> but the tls key negotiation is failing to occur / handshake is failing
<Paaltomo> what do
<Paaltomo> ubuntu 14.10 afaik and antergos
<Paaltomo> is it a port thing?
<RoyK> Wamphyri: usually, just use top
<RoyK> Wamphyri: large db?
<Wamphyri> nope not at all
<RoyK> Wamphyri: also, don't use mysql unless you really need to
<Wamphyri> mysql using 1.7% but php-cgi jumps between 5% to 70%
<RoyK> Wamphyri: install sysstat, enable it, install munin, watch the graphs or just use sysstat/sar
<qman__> Paaltomo: that usually means you cannot establish a connection, check firewall settings and make sure you can route traffic to the server properly
<RoyK> Wamphyri: it can be anything, you need to monitor things to see what's hanging
<Paaltomo> qman_ thanks
<Wamphyri> RoyK, thanks
<Wamphyri> i've been watching top, just php/mysql running stupid slow lol
<RoyK> Wamphyri: install the named tools
<RoyK> Wamphyri: it'll tell you if it's i/o or cpu
<Wamphyri> installed
<Wamphyri> also enabled logging :)
<RoyK> g99d
<RoyK> good, even
<Wamphyri> i'm beginign to get this feeling its i/o based
<Wamphyri> mind you sar just blew up php-cgi
<Wamphyri> used to be only one instance now i got about 30 of em
<Wamphyri> RoyK, ok that app sucks nuggets, almost made my machine unusable
<Wamphyri> RoyK, lmao 5 minutes trying to uninstall sysstat.. still sitting at building dependency tree
<RoyK> Wamphyri: something must be messed up, hten
<RoyK> Wamphyri: probably i/o fsckup
<RoyK> Wamphyri: what does 'uptime' say about the load?
<Wamphyri> dunno
<RoyK> Wamphyri: or what about a ps axf|grep D # ?
<Wamphyri> still at the same spot
<RoyK> Wamphyri: probably a lot of processes in D state
<RoyK> perhaps swapping?
<Wamphyri> ps aux returned apache2 and php-cgi and a huge list of em
<RoyK> Wamphyri: did you pipe it through | grep D ?
<Wamphyri> na just ps aux then restarted apache2
<Wamphyri> which helpped
<RoyK> Wamphyri: pastebin output of 'free'
<Wamphyri> alot, everything is moving again
<Wamphyri> ok
<Wamphyri> http://pastebin.com/1TZ1R8v8
<Wamphyri> first time running sysstat, is it going to use all resources pretty much?
<bekks> Wamphyri: Even without sysstat, your computer will use all available resources, when running linux.
<Wamphyri> i ment will it hog them all
<bekks> Which resources in particular do you talk about?
<Wamphyri> any / all of them, i installed sysstat and my system turned into a turtle, 14 minutes to uninstall sysstat
<bekks> Which resources in particular do you talk about?
<bekks> Do you know which resources sysstat is showing you?
<Wamphyri> alright, i'll rephrase. i installed sysstat, system became almost completly unusable, took 14 minutes to uninstall sysstat. (no point trying to run sysstat because system was virtually unusable)
<bekks> Then look at free -m, top, ps -ef, vmstat and see whats hogging your box.
<Wamphyri> here is the output of free http://pastebin.com/1TZ1R8v8
<bekks> Looks fine.
<Wamphyri> vmstat http://pastebin.com/KvfjPhu6
<bekks> Just one line from vmstat is pointless.
<bekks> Let it run for a minute, and post all of the output.
<Wamphyri> it stopped itself
<bekks> Because you did not tell it to run for a minute.
<Wamphyri> http://pastebin.com/BjqR6n4i
<bekks> Doesnt look like your system is "unusable".
<Wamphyri> lmao, ok, i installed sysstat, apache2 / php-cgi usage when insane (ps aux to list it) so i tried to uninstall sysstat, after 5+ minutes of it sitting there building database 0% i ran service apache2 restart, that took 4 minutes to run. afterwards system managed to uninstall sysstat in a more "timely" manor
<bekks> Wamphyri: Sounds like you should investigate your apache/php setup then.
<Wamphyri> php-cgi runs between 5% to 70%
<bekks> Doesnt mean anything.
<bekks> Check the apache/php logs for whats happening, actually.
<Wamphyri> would MaxRequestWorkers make it run slow?
<bekks> Wamphyri: Depends on the value and the rest of the setup.
<Wamphyri> bekks, php-cgi just exploded again, is there i can restore the system to original without direct access to it (through ssh preferable)
<bekks> You cant do anything without having access to the system.
<Wamphyri> physicial access?
<bekks> "access to the system" means either physical access or access by ssh.
<Wamphyri> jesus buddy do you not read my entire sentence?
<bekks> I answered your question. I'm not responsible for you not wanting to hear specific things.
<jelly> "exploded" is a bit nonspecific, best correlate whatever symptoms you're seeing with access.log
<jvwjgames2> I am trying to solve a 500 server error
<bekks> 500 server error on which server?
<bekks> webserver, mailserver, etc.?
<bekks> And running which Ubuntu?
<jvwjgames2> Yes Ubuntu
<teward> jvwjgames2: 500 means nothing without details on the software you're using that's generating it, the version of Ubuntu, etc.
<teward> jvwjgames2: is it Apache?  NGINX?  Postfix?  PHP?
<teward> what's generating the 500 error?
<bekks> firefox :P
<jvwjgames2> Here is the error log http://tfdatabase.net
<bekks> Error log of WHAT?
<teward> jvwjgames2: that's not useful
<bekks> jvwjgames2: Start answering my questions please.
<teward> jvwjgames2: the question at hand: What software generated that error.log, and are you seeing the 500 error when you navigate to a web site or what?
<teward> jvwjgames2: if you want help, answer questions
<teward> if you don't want help, don't answer questions, and continue to have the problem.
<jvwjgames2> OK sorry it is Ubuntu server 14.04 LTS running Apache2
<bekks> jvwjgames2: Fix all those "file not found" errors first.
<jvwjgames2> I did
<bekks> You didnt. They are in the log.
<jvwjgames2> The error is at the bottom
<bekks> Fix the "permission denied" error then.
 * teward thinks he knows the next question from jvwjgames2
<jvwjgames2> I cleared out the error.log but when I get the 500 error nothing generated
<jvwjgames2> Only in access.lo
<jvwjgames2> *log
<bekks> Yeah.
<bekks> And the access.log is what you posted.
<jvwjgames2> Just reposted error and access.logs
<jvwjgames2> Did you recheck cause I just reposted them
<BrianBlaze420> once I make my rules for ufw and then reload it is it saved on reboot?
<geetar> I can't print to a usb printer from a headless, non-gui ubuntu server using "lpr file-to-print.txt".  I *can* print from "cat file-to-print.txt > /dev/usb/lp0".  Any ideas what I can check?
<geetar> Now, I *can* print from  "lpr file-to-print.txt", but not printing from remote laptop.
<geetar> even  "lpr file-to-print.txt" using ssh is very slow though.
<geetar> should I install full gui on the server to print with this machine or has anyone else been able to print with a headless gui-less ubuntu server?
<geetar> I can print with the same printer on my ubuntu laptop flawlessly, but cant get the server to print
<geetar> or at least can get it to print-serve properly
<geetar> just now got it to print a test pdf through "lpr"
<JanC> did you look for errors in the logs?
<geetar> JanC: yes, but looking again ..
<geetar> JanC: I have a thousand "Unable to create SSL server key file "/etc/cups/ssl/server.key" - No such file or directory" entries in error_log .  I thought I avoided that problem by re-installing cups.  But that gave me other problems that I thought were resolved.  I cannot find on google or duckduck any other problems with cups and SSL.
<JanC> and logs or verbose errors on the laptop when you try to print from it?
<JanC> and I'm sure you don't need a GUI to print, but maybe you need some configuration change (permissions? is it listening "on the outside" or only on localhost? etc.)
<geetar> The SSL issue I think was why I could not get into this machine and manage the printers with the browser through 192.168.0.2:631.  I kept getting permissions errors.
<geetar> JanC: I am about to get into the server through 192.168.0.2:631 now.  After reinstalling CUPS.
<geetar> JanC: but I assume that the long delay I am getting it the server writing a thousand ""Unable to create SSL server key file "/etc/cups/ssl/server.key" - No such file or directory" in the error logs.  As I said, I uninstalled cups.  Re-installation did not re-create the config files.  I put them back and then it worked.  I got into the cups through the browser.
<geetar> The SSL folder in /etc/cups/ had links to ssl keys but they would not let me through the browser.  I can find nothing on the web about when or why or how the SSL certificates are created and how to fix this issue.
<geetar> They were not re-created when I uninstalled and then re-installed CUPS.  In fact, the default config files were not re-created when I re-installed CUPS.  Why is that?
<geetar> BTW it is still creating "Unable to create SSL server key file "/etc/cups/ssl/server.key" - No such file or directory" entries in the error log
<geetar> Can someone verify that in /etc/cups/ssl they have links to SSL certificates?
<geetar> Does anyone know how or why the ssl folder in /etc/cups/ssl gets created?
<OerHeks> geetar, mine during fresh install, http://paste.ubuntu.com/13999403/
<tarpman> geetar: how -> see /var/lib/dpkg/info/cups.postinst
<tarpman> geetar: why -> to provide a default self-signed server cert so that you can use cups securely without having to buy a certificate
<tarpman> geetar: if you delete a config file, dpkg respects your wish to have it gone and does not bring it back if you remove and reinstall a package. if you *purge* and reinstall the package, the default configs will come back
<tarpman> geetar: or reinstall the package using dpkg --force-confnew
<geetar> OerHeks: thanks, helpful, similar to mine before.  I will restore.
<tarpman> pardon me, --force-confmiss
<geetar> tarpman: thanks.  I "apt-get --purge" cups.  Which I thought would make it start over when I re-installed, but it did not re-create any config files when I re-installed.  Thanks, too, trying --force-confnew
<tarpman> geetar: pardon me, the package that sets up the certs (and some other configs) is cups-daemon, not cups itself
<geetar> tarpman: "sudo apt-get install cups-daemon" claims I am at the newest version.
<tarpman> geetar: I meant cups-daemon is the package you need to purge and reinstall if you want the configs re-created
<geetar> ah, k
#ubuntu-server 2016-12-12
<systemsgotyou> is the root account disabled by default is 16.04?
<nchambers> systemsgotyou, it worked fine for me when I used it
<terabyte> hey
<terabyte> I have a debian package that I uploaded to my own repo. It was signed by me (i know it's signed correctly because i verified it with debsigs-verify command).
<terabyte> When I try to do  "/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install packagename"   it says that the package isn't signed... is there another signature somewhere that i've missed?
<terabyte> specifically this is said "E: There were unauthenticated packages and -y was used without --allow-unauthenticated"
<terabyte> sudo apt-key list also shows the expected key listed...
<zhhuabj> jamespage, ping
<jamespage> zhhuabj, hello
<zhhuabj> jaemspage, seems we forgot to release it https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/kilo-staging/+build/11246354
<zhhuabj> jamespage, this is for https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1640676/
<ubottu> Launchpad bug 1640676 in libvirt (Ubuntu Trusty) "[SRU] libvirt 1.2.12 live-migration corrupts some instances" [High,Incomplete]
<zhhuabj> jamespage, the package was published on 07/12, but we still can't find it from -update pocket
<jamespage> hmm
<jamespage> zhhuabj, I see the problem - let me get that fixed
<zhhuabj> jamespage, great thanks -:)
<EvilAngel> any of you used nova compute kvm?
<jamespage> oh yes
<EvilAngel> you liking it?
<EvilAngel> was going to do vms like usual but thought i'd try lxd
<SipriusPT> hello guys
<jamespage> EvilAngel, those are not mutually exclusive options - you can mix KVM and LXD in the same cloud
<SipriusPT> i am having an issue with redirecting mail from an outside domain to another outside domain in my smarthost
<SipriusPT> http://www.linuxquestions.org/questions/linux-server-73/unable-to-forward-mail-from-external-account-to-external-account-4175595120/
<SipriusPT> Resuming, with alias_maps, i have the right relay but the wrong sender domain (@remote.domainX.pt), with virtual_alias_maps, it uses a wrong relay (localhost) and the right sender (@domainX.pt), as you can see above.
<EvilAngel> jamespage: oh ok. yeah i just noticed that at the end of th einstall
<SipriusPT> i am using postfix
<EvilAngel> it's tied to libvirt
<SipriusPT> anyone can help me?
<SipriusPT> i am able to pay a drink for the guy who discover where the problem is eheh i am almost 3 days trying to fix this
<SipriusPT> *how to solve it
<EvilAngel> sorry dude. im no good with mail. yet
<SipriusPT> this could be your worst nightmare
<SipriusPT> here is my warning lol
<EvilAngel> lol
<EvilAngel> dude i got a page long devtodo
<EvilAngel> you don't even want to see it
<SipriusPT> xD
<cpaelzer> I guess in general there is rarely a lot of response to "raise your hands if you are idling" :-)
<rbasak> cpaelzer: to triage bug 1609051, I think: not relevant for server users, so can leave it to other teams to triage. But I believe for issues in images going out in OTAs, you can add a task for canonical-devices-system-image to get the attention of the relevant devices people.
<ubottu> bug 1609051 in samba4 (Ubuntu) "File Manager crashes when Network is selected" [Undecided,Confirmed] https://launchpad.net/bugs/1609051
<cpaelzer> rbasak: thank you so much, I never had any contact with them so I didn't know who to ping to get the right focus
<metachr0n> hello everyone, does anyone have suggestions for cleanup after upgrades from 14.04 to 16.04 ... i'm seeing quite a few systemd failures in the syslog "Failed to foward Released message: No buffer space available" for example\
<EvilAngel> SipriusPT: there are people that will help for money. not sure who here, but for centos bahumbug will, for a steep price.
<EvilAngel> some guys will do it for dabs
<EvilAngel> lol
<metachr0n> chrom laughs at your centos
<EvilAngel> i fuckin hate centos
<metachr0n> i don't hate anything
<EvilAngel> but it's what companies use sometimes
<metachr0n> the right tool for the job
<metachr0n> but yeah
<metachr0n> centos isn't my prefered distro
<metachr0n> for anything
<EvilAngel> it's alright if you use it a bit but it's very limited
<metachr0n> XD
<metachr0n> commercial influences usually have a negative impact on things
<EvilAngel> ubuntu always works for me tbh
<EvilAngel> gotta beat it sometimes but it'll get there
<metachr0n> i like gentoo, debian ( and debian based ), and i have recently taken a liking to void
<EvilAngel> i like all those too
<EvilAngel> void i don't know
<metachr0n> depends on what you are trying to do i gues
<cpaelzer> menas he likes nothing :-)
<metachr0n> guess
<metachr0n> :D
<EvilAngel> i used gentoo for years. it was great.
<EvilAngel> ubuntu gave me back my time though. gentoo was always taking my attention away from work.
<cpaelzer> EvilAngel: that is kind of my gentoo story as well
<cpaelzer> I liked the suprt-control I had but eventually realized how much time I spent to control everything (on the builds especially)
<metachr0n> i'm using gentoo hardened ... never breaks as long as you follow one simple rule ... update frequently ... build world, depclean, revdep-rebuild
<EvilAngel> it's like a toy with too many options
<metachr0n> well getting it setup yes
<metachr0n> 3 days to setup properly even with scripts and stuff
<metachr0n> because i always forget some little thing here or there
<metachr0n> but yes
<metachr0n> initial install / setup a beotch
<EvilAngel> oh yeah. i think the best thign is stock gentoo. no outside sources etc
<metachr0n> after that ... smooth provided you've got a powerful enough machine to tear through the code
<EvilAngel> then it's rock solid
<metachr0n> yep ;)
<metachr0n> and best of all
<metachr0n> systemd is optional
<metachr0n> also for void linux
<EvilAngel> oh yeah, but i like systemd. even though it's a pita when it's not working
<metachr0n> it has some nice features
<metachr0n> but it should be optional if there are other ways of doing it
<metachr0n> its another topic ... but it came from freedesktop ... lennart and thus its a red hat product
<metachr0n> more or less :)
<metachr0n> opinions may differ
<metachr0n> and thats ok
<metachr0n> its not evil
<metachr0n> but it was a power grab
<EvilAngel> i know
<EvilAngel> i just don't care because they a bunch of whinny bitches
<EvilAngel> diversity is good
<EvilAngel> monoculture bad
<metachr0n> diversity is good for everyone
<metachr0n> monoculture is good for their profit
<EvilAngel> i love when people get excited about forks
<EvilAngel> that's what this is really all about
<metachr0n> yep
<metachr0n> and thats what makes it great sharing, taking, giving ...
<metachr0n> i worked for red hat for a very short time
<EvilAngel> cool
<metachr0n> some things about them are impressive and they have some great people
<EvilAngel> i'm studying for their exams
<metachr0n> which ones are you taking
<EvilAngel> rhcsa
<EvilAngel> then onward
<metachr0n> that one isn't bad ... i've got rhcsa, rhce ... both are pretty much cake if you study for a week you got those two
<EvilAngel> yeah
<EvilAngel> I don't know centos very well.
<metachr0n> the problem is the time ...
<metachr0n> well ... something interesting is how red hat likes to reinvent the ways of doing things every release
<EvilAngel> i've been doing freebsd and ubuntu a lot lately. i should have been studying lol
<metachr0n> to the extent that it drives their training profits ;)
<EvilAngel> oh
<EvilAngel> yeah but they change so slowly
<metachr0n> my opinion
<EvilAngel> when's rh8?
<metachr0n> rhel yes
<metachr0n> but rhosp for example ...
<metachr0n> and i know its a fast moving target
<metachr0n> to be fair
<EvilAngel> look at the centos kernel lol
<EvilAngel> i shouldn't laugh. it's working great on this x3850 m2
<EvilAngel> ubuntu didn't...
<metachr0n> red hat is super fast to respond to customer issues
<metachr0n> even backports and other patches
<metachr0n> sometimes same day
<EvilAngel> they would have to be
<EvilAngel> they wouldn't survive otherwise
<metachr0n> but they are using the system ... to the extent that they gain controlling interests in the development teams of major stuff ... and thus they are guiding the future of linux as much as they can
<metachr0n> thats what i don't like
<EvilAngel> but are they?
<EvilAngel> i mean, they're not getting in my way at all
<metachr0n> well systemd is nearly unavoidable
<EvilAngel> ahh
<metachr0n> that was their doing
<EvilAngel> ok, fair enough. i heard that was kinda nasty on their part
<metachr0n> it is difficult to use a new gnome-based anything without your freedesktop goodies
<metachr0n> and new software developed for those systems cannot be used on a *BSD box for the most part
<EvilAngel> yeah, we need a new server for sure
<EvilAngel> raster could do it
<EvilAngel> alone
<metachr0n> i personally in that regard use OpenBSD where possible ... then FreeBSD ... then Debian, Ubuntu, or Gentoo ( especially if i need something specialized / embedded )
<EvilAngel> someone should give him a bunch of cash to write a new xserver
<metachr0n> you mean Carsten Heitzler?  Rasterman?
<EvilAngel> yeah
<metachr0n> i know Raster ... used to work at VA Linux together back in the day
<EvilAngel> i seen him write code
<metachr0n> he is one of the few people i've seen code and talk at the same time
<metachr0n> yes
<EvilAngel> it's rediculous
<metachr0n> :)
<metachr0n> its insane
<metachr0n> and then it compiles
<EvilAngel> oh i know
<metachr0n> i can't walk and chew gum at the same time
<metachr0n> Raster is also a cool guy ... haven't been in touch with him lately
<metachr0n> he was in Japan last i heard
<EvilAngel> same
<EvilAngel> i left IT and became afarmer
<EvilAngel> lol
<EvilAngel> but came back of course
<EvilAngel> so no idea what's up with E
<EvilAngel> been reading cuddletech again though
<EvilAngel> ben's stuff
<EvilAngel> he's the shit too
<EvilAngel> helped make smartos and used to work on E back in the day
<metachr0n> are you serious?  sometimes i think about stuff like that ... to get away from the stress of modern life
<metachr0n> there are tons of people way better than me ... heroes if you will ... always good to have people we can look up to
<metachr0n> but we are each great in our own ... a part of the whole
<metachr0n> none insignificant ... none better or worse than the other
<metachr0n> just an important part of the whole
<EvilAngel> yeah
<EvilAngel> well i live in WA and I was farming cannabis
<metachr0n> XD
<metachr0n> bwahahahahahahaha
<metachr0n> getting away from the stress
<metachr0n> thats actually cool
<EvilAngel> it was awesome but I prefer pooters
<EvilAngel> i can't get away
<metachr0n> yeah computers are awesome
<EvilAngel> speaking of which
<EvilAngel> gotta crash
<EvilAngel> nice talking to you. i'll be back with question tomorrow about nova n stuff
<metachr0n> heya goodnight
<metachr0n> nice talking with you too man
<metachr0n> yep i'll be here
<coreycb> zul, ddellav: this is for the ocata glance unit tests failures - bug 1649300
<ubottu> bug 1649300 in Glance "ocata - webob.exc.HTTPBadRequest: The Store URI was malformed." [Undecided,New] https://launchpad.net/bugs/1649300
<zul> coreycb: ack
<ddellav> coreycb ah, thank you, i've been looking at that
<a8o> any of you guys have ssh connection issues with the latest Ubuntu?  For whatever reason I all my ssh connections time out to anything I connect to crazy fast.
<a8o> My older Ubuntu didn't do that.  But this newer one is driving me crazy with SSH.  I spend all day in SSH so it's killing me.  I've tried using mosh but I cna't use that on everything
<jamespage> zhhuabj, ok that should be fixed now
<jamespage> coreycb, ddellav: hey so we have a minor issue with python-mistralclient in newton and ocata having the same version but not being the same package (my bad)
<jamespage> I've fixed that
<jamespage> but it did block the PPA -> UCA sync process for a few days
<coreycb> jamespage, ok thanks for fixing that up
<Pinkamena_D> what is a simple way to test pam authentication?
<Pinkamena_D> without ssh?
<coreycb> jamespage, think we can upload networking-sfc 3.0.0 to ocata?
<jamespage> coreycb, probably :-)
<coreycb> jamespage, ok i'll look into it
<Teranet> good morning everyone
<Teranet> do we have anyone online here which knows JUJU quiet well ?
<SipriusPT> hello guys
<SipriusPT> i am having an issue with my smart host when tried to forward mail from an outside domain email to another outside domain email
<SipriusPT> and i have not figure out
<SipriusPT> how can i solve this
<SipriusPT> here i have all my logs
<SipriusPT> http://www.linuxquestions.org/questions/linux-server-73/unable-to-forward-mail-from-external-account-to-external-account-4175595120/
<SipriusPT> i am using postfix and getmail
<SipriusPT> anyone?
<Teranet> so what does your postfix mail log shows when you send an email ?
<SipriusPT> i have all the relevant mail.log entries in that tread over linuxquestions
<SipriusPT> if you could see it
<SipriusPT> i have there also my main.cf and master.cf
<SipriusPT> i have already done tests with aliases and virtual_alias_maps
<SipriusPT> Resuming, with alias_maps, i have the right relay but the wrong sender domain (@remote.domainX.pt), with virtual_alias_maps, it uses a wrong relay (localhost) and the right sender (@domainX.pt), as you can see above.
<SipriusPT> *as you can see in the thread
<SipriusPT> i am cracking my head in this one
<Teranet> I am looking at it right now hold on
<SipriusPT> ok thanks Teranet
<Teranet> I have now idea who did this but : relayhost = [cpanel.ideiasfrescas.pt]:25   should be without the brackets  : relayhost = cpanel.ideiasfrescas.pt:25
<Teranet> and now I look further for you
<Teranet> also : mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, x.pt   remove the , x.pt from it there is now need
<SipriusPT> ah yes
<Teranet> you already predefind it with $mydomain
<SipriusPT> i have it already set as $mydomain
<SipriusPT> yes
<SipriusPT> and relayhost i have a relayhost per user because of SMTP auth
<SipriusPT> i already made the changes
<Teranet> also I would do an adjustment at : mynetworks = 127.0.0.0/8, [::1]/128
<Teranet> do add at the end your local network with for example : 10.x.v.y/8   or what ever your own network ranges are
<Teranet> also the host you forward too it that a static IP or do you not know ?
<SipriusPT> cpanel.ideiasfrescas.pt?
<SipriusPT> the relayhost?
<SipriusPT> i didnt understand
<Teranet> Yes remove the brackets from the hostname
<Teranet> it's common you write it like this :    relayhost = mail.google.com:25
<SipriusPT> done
<SipriusPT> but i saw a lot of syntax using brackets
<Teranet> ok now : service postfix restart
<SipriusPT> but i didnt knew what for
<SipriusPT> ok
<SipriusPT> done
<SipriusPT> should i use virtual_alias_maps or alias_maps?
<Teranet> also correct this : #myorigin = $myhostname   and remove the # comment from the front just to be safe
<Teranet> let's first focus on the main issue
<Teranet> it's at line 93 ish
<SipriusPT> done
<SipriusPT> let me se
<Teranet> Let me know what you now get when you do your test mail
<SipriusPT> ok i will postfix reload
<SipriusPT> and test with virtual_alias_maps
<SipriusPT> sending from gmail account to a local account and then forwarding to another account in my remote mail server from another domain
<Teranet> ok
<SipriusPT> to=<test1@domainY.pt>, orig_to=<test2@domainX.pt>, relay=127.0.0.1[127.0.0.1]:10024
<SipriusPT> was send internally
<SipriusPT> same output
<Teranet> ok the first looks ok what it he error line ?
<SipriusPT> http://pastebin.com/Df3T3Bf4
<SipriusPT> mail.log there when it do the mess
<Teranet> your postfix is correct only this is the issue :
<Teranet> 550-Verification failed for <Xserver@remote.domainX.pt> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
<Teranet> your authentication fails
<SipriusPT> yes
<Teranet> so the way you authenticate you might use the wrong methode or like 550 states user not there : Xserver@remote.domainX.pt
<SipriusPT> yes
<SipriusPT> it uses xserver user but that is a local user, not a mail user
<SipriusPT> but i dont understand
<SipriusPT> : to=<test4<a>domainY.pt>, orig_to=<test<a>remote.domainX.pt>, relay=mail.domainX.pt[94.126.172.X]:587, delay=0.09, delays=0/0.01/0.06/0.02, dsn=5.0.0, status=bounced (host mail.domainX.pt[94.126.172.X] said: 550-Verification failed for <Xserver<a>remote.domainX.pt> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
<SipriusPT> this mail should be send as orig_to
<SipriusPT> and it sends as xserver
<SipriusPT> i was expecting that postfix would send as orig_to
<Teranet> your authentication user is the issue
<SipriusPT> yes
<SipriusPT> i cannot figure out how can i solve that
<SipriusPT> this is a root user
<SipriusPT> it would need to be a user with a right domainX.pt
<SipriusPT> to let mail pass through
<Teranet> let me check
<Teranet> have in another channel an issue going on as well hold on
<SipriusPT> ok
<SipriusPT> thanks a lot for the help Teranet
<Teranet> no problem I catch back up with you in a bit I have meeting to lead right now
<SipriusPT> ok no problem
<pmatulis> mmcc, hi, i'd like to try my luck at conjure-up again. is it at a stage where i can point it at a MAAS containing, say, 4 nodes, and it will build a cloud?
<mmcc> hi pmatulis, yes. The supported spell for deploying openstack onto MAAS uses the openstack-base bundle, here: https://jujucharms.com/openstack-base/ , which requires a minimum of 4 nodes in the MAAS. Note that this does not include the MAAS server or the machine that you run conjure-up from (which could be that server if need be)
<mmcc> check the readme of that bundle for the hardware requirements for each of the nodes
<pmatulis> mmcc, very nice, thanks. will be testing this soon
<pmatulis> mmcc, don't you need an extra node for the juju controller?
<mmcc> pmatulis: yes, that's right. so five nodes minimum
<mmcc> sorry about the confusion there
<pmatulis> mmcc, and how can i specify that controller node?
<pmatulis> obviously i don't want to have it end up on one of the big ones
<mmcc> conjure-up --bootstrap-to hostname.maas
<pmatulis> sweet, will try
<pmatulis> mmcc, seems it was possible in the past to have conjure use a pre-existing controller. still possible?
<pmatulis> i have odd proxy settings needed to create a controller
<mmcc> pmatulis: yes, it should show you a list of available controllers after you pick the spell
<pmatulis> interesting. but no way to "CLI it"?
<mmcc> oh, yeah - 'conjure-up spellname cloundname controllername'
<pmatulis> great!
<mmcc> pmatulis: actually that won't work with maas unless you specifically add it using 'juju add-cloud'
<pmatulis> yeah, i'm gonna have that done
<mmcc> on my test system, I have a maas controller but didn't add it as a cloud, so conjure-up doesn't find 'maas' in the list of clouds
<mmcc> ok, great
<mmcc> pmatulis: I'm only around for a few more minutes this afternoon, but please file any bugs you find at github.com/conjure-up/conjure-up and we'll look at them ASAP
<pmatulis> perfect
#ubuntu-server 2016-12-13
<EvilAngel> man, zfs set compression=gzip-8 keeps my quad core i5 pegged easy
<EvilAngel> nice to finally have software that actually uses all that hardware
<sarnold> btw why gzip rather than lz4?
<EvilAngel> cause these are archive drives
<EvilAngel> I use lz4 on active stuff like nas drives
<sarnold> aha :)
<EvilAngel> the default though is off
<EvilAngel> but i'm pretty sure everyone could put their cpus to good use rather than wasting those precious cycles on .... ahem stuff
<EvilAngel> so, question, do any of you develop a stable vm env at home and then export it to your production server somewhere to be run?
<EvilAngel> remote managing is easier when the vm is running on metal i can put my hands on. then once it's running well export it to the host somewhere else
<cpaelzer> rbasak: hi, when you are online we should sync on the strongswan merge (outstanding todos, do we call it a improvement, depsite we knwo we can do more next time, can I upload, can I push delta to Debian, ...)
<cpaelzer> rbasak: also if you tihnk you could do the ntp and logwatch merge review (really small reviews)
<AtuM> Does anyone know of a "howto" to get ubuntu to load PV drivers running on xen as a guest?
<ikonia> PV ?
<AtuM> ParaVirtual - xen driver
<smb> paravirt... but I am not sure I understand the question. if its blkfront / netfront they might even be built-in
<AtuM> I actually just checked.. those drivers do reside in the kernel modules
<lordievader> AtuM: Can you load them manually?
<smb> they were for most of the time (yakkety may differ)
<AtuM> I would now have to trick the hypervisor to present these as such.. I am running OracleVM (Xen based)
<AtuM> I can load them manually.. but i need to configure the vm definition first to present them as such
<smb> AtuM, are your disk drives called xvd*
<AtuM> smb, nope.. they are IDE emulated.. (hda)
<AtuM> sorry.. not true.. got them as xvd*
<AtuM> so I just need to fix the network part...
<smb> so the pv driver for that at least is loaded
<AtuM> currently the one in use is just too slow
<lordievader> AtuM: If you can manually load them you can also put them in /etc/modprobe.d/
<smb> AtuM, if /sys/modules/xen_netfront is there the pv driver for network is also running
<smb> AtuM, that one is just not so easy to see from the device name
<AtuM> smb, I'm not quite 100%, but I'd say it's already using netfront.. so I should have an optimal system already...
<smb> AtuM, at least using the pv drivers. I believe there was a change for stable updates at some point which was about performance issues. Not sure I can quickly find a link
<AtuM> smb, It seems alright.. hvm with pv drivers. So it's already up and running the way I need.. thanks smb. I was asking questions "while" examining the system. it needs no modification.. everything works fine
<AtuM> now to optimize the buffers and so on :)
<smb> AtuM, Hm, I probably mis-remembered. I think I was thinking of bug 1602755 but that is rather something that would be needed on the host kernel.
<ubottu> bug 1602755 in linux (Ubuntu) "Tunnel offload indications not stripped from encapsulated packets, causing performance overhead" [Undecided,Fix committed] https://launchpad.net/bugs/1602755
<metachr0n> anyone know the currently preferred "libnss-ldap" or "libnss-ldapd" ... i have some syslog spam about "systemd-logind.service" with lots of "Starting Login Service" ... "Stopping Login Service" ... "Failed to forward Released message: No buffer space available"
<metachr0n> assuming related to BZ #1024475
<metachr0n> er
<metachr0n> Bug #1024475
<ubottu> bug 1024475 in libnss-ldap (Ubuntu) "libnss-ldap causes boot hang on 12.04 precise, 14.04 trusty" [High,Confirmed] https://launchpad.net/bugs/1024475
<metachr0n> i'm on 16.04 after recent upgrade from 14.04
<metachr0n> as in last weekend during the wee hours of the night upgrade :)
<metachr0n> i've got everything ironed out
<metachr0n> except some slight login lag ... and tons of these sorts of messages
<metachr0n> btw -- predictable network interface names is a great thing
<metachr0n> oh was i talking with a bot :)
<cpaelzer> metachr0n: not only a bot, yet this oen happens to respond to any bug numbers :-)
<cpaelzer> metachr0n: I guess that has your answer https://wiki.debian.org/LDAP/NSS
<cpaelzer> metachr0n: which is a bit "you have to chose" I know
<cpaelzer> at least the answer to "currently preferred" libnss-*
<cpaelzer> I haven't had an idea on the "no buffer space" yesterday nor do I have one today - sorry
<cpaelzer> metachr0n: I can't find a a reasonable hint to share, but you likely searched the web as well without success
<cpaelzer> metachr0n: that means down to debugging :-/
<cpaelzer> metachr0n: if you think you have found a way to reproduce you might share that
<cpaelzer> but mostly LDAP-setup-complexity does not like reproducing cases
<rbasak> cpaelzer: FYI, 1636846 is a duplicate of 1592669, a known issue.
<rbasak> bug 1592669
<ubottu> bug 1592669 in mysql-5.7 (Ubuntu) "postinst fails when daemon is not running (or is disabled by policy-rc.d)" [High,Triaged] https://launchpad.net/bugs/1592669
<rbasak> I'll mark as such
<cpaelzer> thanks rbasak
<metachr0n> cpaelzer: rbasak: thanks and i will let you know if i find a workaround
<cpaelzer> rbasak: I just remembered that I asked this morning on strongswan and other merge review status - time for a short sync if you are around
 * cpaelzer considers that it might be lunchtime for rbasak
<rbasak> cpaelzer: I'm here, but still catching up :-/
<rbasak> cpaelzer: how long will you be around today?
<coreycb> zul, can you take a look at the libvirt-python backport failure for ocata?
<cpaelzer> rbasak: in 1.5 hours from now starts meetinmania, after that is done I'm dpleted of energy (ends with IRC meeting)
<metachr0n> i have attempted to restart systemd-logind and then i have got the status and journalctl info here:  http://pastebin.com/QrshipKR
<metachr0n> if anyone has any ideas
<rbasak> cpaelzer: OK, how about a hangout in five minutes?
<metachr0n> there are some "Failed to activate service 'org.freedesktop.systemd1': time out" but i've ensured dbus is good to go
<metachr0n> not sure what this is but ssh is a bit slower as well :)
<cpaelzer> rbasak: ok
<cpaelzer> jamespage coreycb zul : I think bug 1601986 is more for you to triage, could one of you take a look ?
<ubottu> bug 1601986 in python-cryptography (Ubuntu) "RuntimeError: osrandom engine already registered" [Undecided,New] https://launchpad.net/bugs/1601986
<cpaelzer> and if you want - let me know if you have a LP group that I should subscribe in case something is very "openstacky"
<coreycb> cpaelzer, agreed we can triage that
<arrrghhh> is anyone familiar with AptGet/Offline or apt-medium?  I'm a bit confused on how to proceed here, I'd just like to get as much in the way of updates onto a USB key for an upgrade from 14.04 to 16.04.  I'll have the software for 16.04 on a usb key, but I'd like to predownload as many updates as possible to expedite the process on-site...
<cyphermox> hi
<cyphermox> I've already asked for this to rbasak in a PM, but I would need juju-core and juju-core-1 imported, please :)
<cyphermox> rbasak: ^ in case you don't have the time
<rbasak> I'll do it now.
<cyphermox> ta
<cyphermox> we'll use those to prepare juju uploads from now on
<rbasak> It might take a while.
<rbasak> It's going back to raring for juju-core.
<nacc> :)
<rbasak> Also, it fails, so this might be a job for nacc. I'm just re-running with verbose.
<nacc> rbasak: i'm still catching up on last week's backlog, but i'll be looking at cron-ing this week
<nacc> rbasak: fun!
<rbasak> Now it appears to hang.
<rbasak> This may be that libgit Xenial bug thing.
<rbasak> nacc: can I hand juju-core over to you, please?
 * rbasak tries juju-core-1
<nacc> rbasak: yes
<nacc> rbasak: running it now, locally
<rbasak> juju-core-1 failed too, with a quilt push failure.
<rbasak> That was the same as the juju-core failure.
<rbasak> nacc: so both over to you please.
<nacc> rbasak: ack
<rbasak> This might be a fuzz thing perhaps?
<nacc> rbasak: will see
<nacc> rbasak: i've got to the zesty upload in juju-core-1 without error
<nacc> rbasak: and juju-core to 1.13.2-0ubuntu1 without error
<rbasak> nacc: interesting. Perhaps a consequence of Xenial?
<rbasak> Probably not worth investigating further until after I've upgraded if it recurs.
<rbasak> Thank you for processing those!
<rbasak> I'm running util-linux for a separate reason righ tnow.
<nacc> rbasak: ack
<nacc> cyphermox: juju-core-1 is done
<nacc> juj-core will take a while, i expect
<nacc> *juju-core
<teward> rbasak: since i missed the meeting.  Nginx merge candidate will be available probably by EOD Thursday in a PPA, with debdiffs for review.  Call for testing will go out over the ML for the usual tests: installation from clean, upgrade from existing, removal, etc. for installation issues, there shouldn't be any "upgrade" issues, though there may be since we introduce dynamic modules
<teward> (I missed the meeting for exams, sorry)
<rbasak> teward: sounds good. Thanks!
<rbasak> nacc: interesting error importing util-linux:
<rbasak> 12/13/2016 17:28:50 - DEBUG:stderr: dpkg-source: error: syntax error in /tmp/tmp3y515osf/util-linux-2.13~rc3/debian/control at line 14: duplicate field Depends found
<rbasak> Looks like that was in 2.13~rc3-5
<rbasak> That causes this failure:
<rbasak> 12/13/2016 17:28:50 - INFO:Command exited 25: dpkg-source --print-format /tmp/tmp3y515osf/util-linux-2.13~rc3
<nacc> rbasak: hrm, so that would be a case that would need a source level patch, possibly, again?
<teward> rbasak: and should I have issues with the dynamic modules being a pain (because I have to also determine which are Main and which are not), then we'll likely do what we did during Yakkety, grab the latest nginx stable (do we want to go to mainline?) and then just merge later after the fact.
<rbasak> I think so, unless we can find some other way instead of --print-format, or if we fix dpkg-source to not barf at that.
<nacc> rbasak: right
<rbasak> Filed bug 1649646
<ubottu> bug 1649646 in usd-importer "Failure parsing debian/control causes util-linux import failure" [Undecided,New] https://launchpad.net/bugs/1649646
<nacc> rbasak: thanks
<nacc> cyphermox: juju-core should be imported now too
<wwalker> (need) to set LANG=en_US.UTF-8 _early_  . I've set /etc/default/locale but that only affects interactive sessions.  I need daemons to have the corect LANG value and prefer to not edit every daemon separately.   Any ideas?  (also already tried /etc/environment, no joy)
<wwalker> ubuntu server 14.04
<terabyte> hey
<terabyte> what does it mean for an APT repo to be 'signed'.
<terabyte> I thought you only sign individual packages, not the 'repo'.
<sarnold> wwalker: try adding LANG=en_US.UTF-8 to your kernel command line: http://man7.org/linux/man-pages/man7/bootparam.7.html
<sarnold> terabyte: it's exactly the opposite -- packages aren't signed. there are hashes of signatures in files on the archives, and those files have hashes in signed files.
<terabyte> sarnold, i see.....
<terabyte> sarnold, so what is the purpose of the _gpgorigin file located in my package. no use in the context of apt-get when validating?
<sarnold> terabyte: where did you get a _gpgorigin file? I don't see any in any of the packages I've got unpacked
<terabyte> sarnold, it's the result of running a command like this: "debsigs --sign=origin -k E732A79A test_1.0-7_amd64.deb"
<terabyte> where E732 would be the private key on a keyring
<terabyte> I wrote the software in the package and signed it this way hoping that apt-get would be happy to see that signature on the package, and the packaging tool I used provided support for that functionality. It also provides support for signing 'source' and 'dsc' files, but I didn't know how they would be used since the package host I use only supports uploading of individual packages....
<terabyte> Sounds like the problem is that my provider doesn't allow me to sign my repo, and as long as I can't do that, individually signed packages are not authenticated in the eyes of apt-get, would you agree?
<sarnold> terabyte: well, there's a lot of different things going on. I think you can probably forget all you've learned about debsig, I don't think anything uses it anywhere
<terabyte> alright
<sarnold> terabyte: at least launchpad builders require a signed .dsc file before they'll build a binary package from source
<sarnold> terabyte: and apt-get will require that the apt repository itself be signed
<terabyte> i see...
<sarnold> but there's nothing that enforces source -> binary -> apt-get downlaods chain of trust -- launchpad does it for us in the ubuntu community but that's by no means a requirement..
<terabyte> one last thing. this snapcraft packaging thing... is that likely to gain traction and replace .deb?
<sarnold> supplant, perhaps
<sarnold> I think it's an awesome fit for mostly-unattended style systems, IOT things, maybe even cloud guests. I'm don't think it's going to take off in desktop and serverland.
<sarnold> over the last thirty years we've built up a fair number of expectations for how things work on those sorts of machines and snap just does things differently.
<terabyte> right
<sarnold> sorry, got distracted for a bit
<sarnold> anyway, a tool I use for a local apt repo is apt-ftparchive
<sarnold> it's wrapped in a few handy shell scripts but hopefully it's a good start for you
<terabyte> yeah the alternative is have my own repo manager as you say and manage it myself on some amazon free tier...
<terabyte> :D alright thanks for the info
<sarnold> terabyte: there's also this thing https://www.aptly.info/ which looks neat but I've never used it
<sarnold> complete with "Publish your repositories directly to Amazon S3 as public or private repositories"  :)
<terabyte> :)
<wwalker> sarnold: thank you , I was hoping to avoid that, but maybe not... :-)
#ubuntu-server 2016-12-14
<sarnold> wwalker: well, there's a good chance the init daemon won't even pass it along to the services. but it seemed worth suggesting :)
<wwalker> good point
<eagles0513875|2> hi all can someone help me understand what exactly is MaaS please is it a hypervisor of some sort that allows one to run vm's on top of it?
<eagles0513875|2> hi all can someone help me understand what exactly is MaaS please is it a hypervisor of some sort that allows one to run vm's on top of it?
<ikonia> no
<ikonia> it's a bare metal manager to manage interactions of tools/systems to do around build/provisioning
<frickler> jamespage: we need oslo.privsep 1.13.1 for newton please, see https://review.openstack.org/#/c/406504/ , this is blocking chef integration testing currently
<jamespage> coreycb, zul: ^^
<frickler> jamespage: thx, also, do you have a ceph-10.2.5 build yet? I'm hoping that this will finally fix all issues we have with 10.2.3
<jamespage> frickler, not yet and avoiding .4 on upstream advice :-)
<jamespage> frickler, my window for getting that done pre-christmas is rapidly diminishing
<jamespage> frickler, https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1649856
<ubottu> Launchpad bug 1649856 in ceph (Ubuntu Zesty) "[SRU] ceph 10.2.5" [Undecided,New]
<jamespage> I'll try get PPA builds up today
<frickler> jamespage: great, thx. if you ping me once they are built, I can give them a spin on my test cluster
<jamespage> frickler, they will appear here https://launchpad.net/~openstack-ubuntu-testing/+archive/ubuntu/ceph-sru/+packages
<jamespage> takes some time
<DirtyCajun> so... in apache... Why would a .conf file without an ssl cert pick up the cert from another .conf ?
<lordievader> Depends on how the value is set I suppose, if it is set as a global...
<DirtyCajun> see thats the thing. its defined explicitly in foo.conf in sites. bar.conf does not have it. If both are enabled... and you browse to bar it uses foo cert. if you disable foo then bar does not use the cert
<lordievader> Without seeing any configuration I cannot really help.
<coreycb> frickler, I've uploaded a new version of python-oslo.privsep with that fix to the yakkety review queue
<coreycb> jamespage, can you promote the following when you get a moment please? cinder 1:2015.1.4-0ubuntu1.1 and python-glanceclient 1:0.15.0-0ubuntu1~cloud1 are ready to promote to kilo-updates,  and liberty-proposed is ready to promote to liberty-updates
<cyphermox> smoser: not sure if it's directly related to the cloud-init upload that happened recently, but I have some issues with running cloud-init to build up an autopkgtest image: http://paste.ubuntu.com/23628778/
<cyphermox> oh, scratch that, I think I see what the issue is
<smoser> cyphermox, what was ait ?
<smoser> s/ait/it/
<cyphermox> my sponsored upload of os-prober missing a depends on grub-common. I suspect grub-common isn't typically on these images
<frickler> coreycb: thanks, can you tag it for xenial uca, too, or will that happen automatically?
<coreycb> frickler, it's tagged for newton uca, which is xenial
<cyphermox> how does one import a new upstream in the git imports?
<cyphermox> nacc: rbasak: smoser: ^
<smoser> cyphermox, a new upstream ?
<cyphermox> upstream tarball
<cyphermox> is it straight g
<smoser> you upload to ubuntu and then the importer pulls it.
<cyphermox> gbp?
<cyphermox> well, say I wanted to use that branch as a base for new uploads
<smoser> are you speaking locally ?
<rbasak> Interesting question.
<smoser> yeah.
<rbasak> I don't think we've considered that use case.
<rbasak> The importer doesn't particularly care what you do, as long as you end up with a commit whose tree matches your subsequent upload (currently patches-unapplied).
<rbasak> We don't have any tooling that will do that for you, I don't think.
<rbasak> But you could use uscan for example and then "git add -Af" or similar.
<cyphermox> alright, I think I can fudge around it and I'll write up doc for that use case
<rbasak> Or gbp tooling.
<cyphermox> right
<cyphermox> we'll use gbp and convince it to do the right thing
<rbasak> I'm not sure we have worked out how to feed the importer the upload tags properly yet.
<rbasak> So is it worth doing it this way right now?
<rbasak> We need to talk to the Launchpad team about this.
<rbasak> Or you can give your upload tag to nacc, smoser or to me. And we can push it.
<rbasak> But that has to be before anyone attempts to run the importer against lpusip.
<rbasak> Or more specifically, before someone does an importer run to push to lpusip.
<nacc> cyphermox: in my case (php), i've done a uupdate, which creates a new working directory, git added those contents in place of the current working tree, and committed that as a new version to publish. as rbasak suggests, you would then need a way to feed the upload tag in
<nacc> rbasak: sorry about the icingaweb2 bug, will fix
<cyphermox> my interest is not so much in the upload itself (presumably we can upload and go import again)
<cyphermox> but the whole process for doing a new upstream release seems broken
<cyphermox> or at least, you can't use gbp, because you have no upstream branch and no master, and if you fudge it, you likely still don't have the right ancestry
<nacc> cyphermox: ah i see what you mean
<cyphermox> (I know because I did some of the obvious dance to try to make it work)
<nacc> cyphermox: right, we don't have an upstream branch, but we do use upstream tags
<cyphermox> I have the commands here and I'll document what I did
<nacc> cyphermox: we actually use gbp import-orig in the importer to do that
<nacc> cyphermox: sounds good, we probably can abstract out our 'see if this is a new upstream' code to be a standalone command
<cyphermox> oh, I suppose I should have used a different master branch too, doh
<cyphermox> so what do you use instead of an upstream branch to keep just the pristine source without debian/?
<nacc> cyphermox: so we have an upstream branch we throw away, as all upstreams are reachable via tags
<nacc> cyphermox: our use case was purely smoser's which was being able to use pristine-tar to recreate the orig tarball
<nacc> so he could build locally after a clone w/o talking to launchpad at all (as we also have a the historical DSC files)
<cyphermox> that doesn't help cuttin new upstream releases though
<nacc> right, it's a different use case :)
<nacc> cyphermox: can you file a bug?
<cyphermox> yeah
<cyphermox> I will, just trying to grab enough documentation on how close we are to this working before I do
<nacc> cyphermox: all of the workflow use cases are 'new' in some sense -- we cover some by chance, but others, like this one, may  require more changes :)
<nacc> cyphermox: thanks!
<cyphermox> nacc: AFAIK all that is missing is some ancestry links, because I was very close to having the right commands
<nacc> cyphermox: ah ok, between the upstream tags? (which is basicaly what keeping the branch would get you)
<nacc> cyphermox: we *could* keep the branch, it was just that rbasak iirc, had a reason not to
<cyphermox> probably that
<cyphermox> or because gbp or git aren't finding  the upstream/2.0.0 tag behind the original upload of 2.0.0 in ubuntu/zesty-devel
<cyphermox> (looking at juju-core, to be precise)
<cyphermox> now I have a reproducer.
<nacc> always good :)
<cyphermox> where should I file a bug?
<nacc> https://bugs.launchpad.net/usd-importer please
<cyphermox> zug zug
<rbasak> nacc, cyphermox: I tend not to use tags unless they're supposed to be a thing that moves.
<rbasak> nacc, cyphermox: I tend not to use *branches* unless they're supposed to be a thing that moves.
<rbasak> And import artifacts generally don't move, so they're all tags.
<nacc> rbasak: right, but it he case of gbp, it has some presumptions i think
<rbasak> What parenting do the upstream tags end up with?
<nacc> cyphermox: i'd need to see the workflow int he bug, as it does seem like the tag has history correctly, so it might just be a tooling issue to get that correct
<nacc> rbasak: they *seem* to be correct (it just ends up being the sequence in which we see new upstreams)
<nacc> rbasak: but i'm not sure what correct would be for cyphermox's case
<rbasak> I suppose that's OK. I don't like the implication that they have a defined ordering though.
<nacc> rbasak: right, but using gbp import-orig doens't allow for any flexibility there
<rbasak> For example, although a packager shouldn't do it, bumping epoch could allow the upstream version to go backwards. I'm not sure what would happen then.
<nacc> so either we don't import upstreams or we right yet another tool, or we leave it :)
<nacc> *wrtie
<nacc> gah
<rbasak> gbp assumes that the packager is supplying correct upstream version ordering information, using import-orig or by pulling from an upstream git repo.
<rbasak> The importer doesn't have that luxury.
<rbasak> I think the solution is a uscan wrapper tool.
<rbasak> Or something to provide richer history if the packager wants to provide that.
<rbasak> Merging in the upstream branch would work too!
<nacc> *if* we had the upstream branch
<rbasak> If we don't, then a uscan/uupdate wrapper is the only option, right?
<nacc> and do you mean 'upstream' in the gbp sense or upstream VCS sense
<nacc> no, i mean, we explicitly don't pust the upstream branch from gbp right now
<rbasak> I meant upstream VCS sense, but I think they're equivalent.
<cyphermox> https://bugs.launchpad.net/usd-importer/+bug/1649940 for your hacking pleasure.
<ubottu> Launchpad bug 1649940 in usd-importer "can't prepare new upstream releases using gbp" [Undecided,New]
<nacc> they have different histories (gbp import-orig does nto provide a rich history afaict)
<cyphermox> well, something really simple is missing from the look of things
<cyphermox> but I don't know enough about git internals to know what
<nacc> right, so this goes back to we don't *really* use gbp int he importer
<nacc> we do, just to pull orig tarballs in
<nacc> so that smoser can work offline, but we don't necessarily maintain state in a way that gbp understands
<cyphermox> well, it's close enough tbf
<cyphermox> ie. git checkout -b upstream upstream/<previous version>   work well to get back an upstream branch
<nacc> right, that makes sense
<nacc> yeah, i think the other thing we don't do currently is merge upstream in
<nacc> it's a standalone history of just upstream objects
<cyphermox>  right
<nacc> that's probably what is most fundamentally broken for your use case :)
<cyphermox> well you could fudge that by adding the right bits, presumably?
<nacc> right, but we'd have to reimport probably, too
<cyphermox> ie. the upload itself is a merge of upstream and debian pieces
<nacc> and we'd need to figure out what is supposed to be there
<cyphermox> otherwise making a tool that DTRT wrt flipping the right bits so that an upstream branch can be attached or copied into the debian branch would work.
<nacc> yeah
<cyphermox> my opinion is until you have an equivalent to bzr merge-upstream you can't really claim it to be UDD
<cyphermox> cutting new upstream releases is a very import use case.. now whether or not we use gbp for it is not that important (at least, not to me)
<cyphermox> I was just tryin
<nacc> right, the claims of 'being udd' were never actually made :)
<cyphermox> ugh
<nacc> but yeah -- i also think we have a separate discussion to figure out, potentially, as even if this could be made to work
<nacc> the only thing the importer sees outside of launchpad is 'upload' tags
<cyphermox> trying to find a way to make it so the juju team can cut new releases based on the right things (basically, what is in the archive) without having to recreate branches every time
<cyphermox> nacc: it worked in bzr, so it's definitely possible
<nacc> cyphermox: oh i'm not saying it's not possible
<nacc> cyphermox: i'm saying we may not have covered this use-case :)
<cyphermox> AFAICT it's just a matter of doing the right grafting of the right bits in the right places ;)
<cyphermox> right right
<nacc> lots of "right" which tends to be easy to get "wrong" :)
<cyphermox> ofc that grafting operation might be quite complex ;)
<nacc> heh
<cyphermox> so far so good, I like the process
<cyphermox> it was very close to working.
<rbasak> I think we have the structure correct. We just need a tool that takes an upstream tarball into that structure.
<rbasak> And we need to make some decisions as to what form such an import should take, since the importer will accept anything.
<cyphermox> and merge that upstream structure into the ubuntu branches
<rbasak> Yes. That's a job to do locally. The importer will accept the parent it's given.
<nacc> right, i think this is a subcase of our generic "how to add an external upstream" discussion last week
<nacc> and how to find objects in it, of course
<nacc> presuming that could be made to work, you'd get rich history via merges (with a new 'upstream parent' parent)
<rbasak> I think we already have this solved (with no effort) when it's an upstream git branch you're pulling in. Just merge it, and it'll work.
<nacc> rbasak: true
<rbasak> It's the halfway cause of upstream-release-tarball but Ubuntu-side-in-git that we need tooling for.
<rbasak> halfway case
<xibalba_> a
<xibalba_> hey guys i'm looking at my ntp.conf and i see the default line, restrict default kod nomodify notrap nopeer noquery, but then there is an additional restrict line restrict 192.168.0.0 mask 255.255.255.255 nomodify notrap noquery, and i'm wondering which one applies here?
<xibalba_> also the 255.255.255.255 would make me thing it only allows one ip, but it appears many can connect to it
<sarnold> xibalba_: if you start fiddling with those lines it'd be best to understand this doc completely http://support.ntp.org/bin/view/Support/AccessRestrictions
<xibalba_> yeh no changes yet ust trying to understand this better
<xibalba_> ill go through that doc now
<sarnold> good good :)
<sarnold> it all made sense to me once, for one afternoon, hehe
<xibalba_> though im stepping back a moment, i think somewhere/somehow there is an acl in my network. did a tcpdump on the ntpd side and never saw an incoming packet from this particular how
<sarnold> filtering unexpected ntp at the borders seems like a useful thing to do, yes :)
<xibalba_> no borders, this is all internal :)
#ubuntu-server 2016-12-15
<Gorian> say
<Gorian> is anyone able to point me in a good direction to debug resolvconf?
<sarnold> the manpages aren't bad
<sarnold> do you actually need the thing though?
<patdk-lap> what exactly is there to debug?
<sarnold> most 'server' sort of users are static enough that it's not really helpful
<Gorian> well, running "resolvconf -u" updates /etc/resolv.conf, but it is adding a third line that i can't find defined in any configuration files for resolvconf
<Gorian> http://i.imgur.com/SoU1uow.png
<Gorian> oh, resolvconf is just shell script
<sarnold> Gorian: do you get different results if you put a newline at the end of the 'base' file? many tools can't handle input files that don't end with a newline
<Gorian> nope :/
<sarnold> is one of the resolvconf sources (say, a dhcp server) telling you to use 8.8.8.8?
<Gorian> not sure
<patdk-lap> what is in your /etc/network/interfaces file
<Gorian> 8.8.8.8 and 8.8.4.4
<Gorian> but, just once each
<patdk-lap> I can't see it
<Gorian> huh?
<patdk-lap> I wasn't concerned about those two ip addresses
<patdk-lap> or I wouldn't have asked to see the whole file
<Gorian> only ones defined
<ball> What server Linux alternatives are there to Ubuntu Server?
<jamespag`> frickler, 10.2.5 built in ppa:openstack-ubuntu-testing/ceph-sru
 * cpaelzer is handing jamespag` an 'e'
<cpaelzer> you see :-)
<Javezim> Anyone here running ZFS on Ubuntu 16.04 Server?
<rbasak> smb: do you have an opinion on bug 1396670 please?
<ubottu> bug 1396670 in xen (Ubuntu) "gdbsx missing" [Undecided,New] https://launchpad.net/bugs/1396670
<smb> rbasak, I am full of opinion... just not always good ones
<rbasak> smb: what is your opinion on bug 1396670 please? :-)
<ubottu> bug 1396670 in xen (Ubuntu) "gdbsx missing" [Undecided,New] https://launchpad.net/bugs/1396670
<smb> rbasak, I would have to look into the 4.7 case. Maybe moved or dropped by upstream
<smb> rbasak, can't tell you anything more specific right now
<rbasak> OK, thanks.
<OerHeks> Hi, what is a good tool to read/merge/sort pst files?
<Keykaps> Hi, quick question here : is using SAMBA 4 as an AD for ~30 users on Windows machines a viable option or should I forget it ?
<caribou> nacc: rbasak: jgrimm: I've redone the clamav merge and we're now down to one delta which is caused by tomsfastmath not being in main
<jgrimm> caribou, \o/ nice!
<caribou> nacc: rbasak: jgrimm: so if we MIR tomsfastmath, we can sync clamav
 * jgrimm checks the status
<jgrimm> https://bugs.launchpad.net/ubuntu/+source/tomsfastmath/+bug/1619239
<ubottu> Launchpad bug 1619239 in tomsfastmath (Ubuntu) "[MIR] tomsfastmath (runtime dependency of clamav)" [High,In progress]
<rbasak> Thanks!
<jgrimm> caribou, looks like there is a path forward on the MIR.. MIR team will accept enabling tests as good enough
<jgrimm> >>Either we can add a quick delta or wait for Debian to add it, but seems like any test would be good to enable
<caribou> jgrimm: I did open a but for basic test coverage that got fixed recently
<caribou> jgrimm: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838497
<ubottu> Debian bug 838497 in libtfm1 "libtfm1: Please add basic test coverage to build process" [Normal,Fixed]
<jgrimm> caribou, so that's enabled in the latest merge?
<jgrimm> if so, we are golden
<caribou> jgrimm: lemme check
<jgrimm> thanks!
<caribou> jgrimm: yes, it's in Zesty : 0.13-4
<jgrimm> caribou, cool, please update the MIR.  I've just subscribed 'ubuntu server', so that's covered now too
<rizonz> is there a known apt sources list which is needed for servers only ?
<rizonz> when you want to create a mirror and don't want to have all desktop packages as well ?
<sypher> rizonz: "Server" is just an Ubuntu release with a specified package set.
<rizonz> sypher: I agree
<rizonz> sypher: but there is to much packages I don't need
<rizonz> *are
<rizonz> my mirror is now 400G for I think 12 and 14
<sypher> rizonz: Then you've answered your own question. There isn't a "server only" repository because "server" is not a separate distro/release/package set.
<rizonz> sypher: it would be nice if we could excluded unneeded files
<sypher> On the other hand, a mirror with innumerable unsatisfiable dependencies sounds like a nightmare to me, so no thank you.
<jgrimm> caribou, nicely done. thank you
<rizonz> sypher: should not be needed if you have fallback to public mirrors if needed
<rbasak> rizonz: "it would be nice if we could excluded unneeded files"> then you'd need to define what is unneeded, since the server product does not define that for you.
<rizonz> otherwise, I don't need 12.04 anymore so I can ditch that one
<rizonz> rbasak: let's say X
<rbasak> rizonz: I believe some mirroring tools have some tooling around that.
<rizonz> who wants X on a server
<rizonz> gnome, kde, name it
<rbasak> Unfortunately X isn't just one package.
<rizonz> office packages (only needed when doing online openoffice applicances so can be done in some other way)
<rbasak> And you end up with stuff that depends on X libraries, for example ssh for X forwarding support.
<rizonz> rbasak: indeed, that is why it grows so much
<rizonz> with unneeded files
<rbasak> Sure. Just define the set of packages you don't want and don't mirror them. We don't define or maintain any such list, so you'll need to derive that from your own list and the dependency tree.
<rbasak> You might be interested in the "germinate" tool, which does the opposite - given a set of packages you _do_ want, it'll tell you all the dependencies you need, recursively.
<rizonz> rbasak: that sounds good
<rbasak> That's what is used to decide what goes on to the server ISO for example.
<rbasak> However, we do introduce new packages in a stable release, for example kernel (including security) updates come in a new package each. So you'll need to automate a regular run of that.
<rizonz> yeah can be cronned
<rizonz> rbasak: what do we need default, universe, the who shabang ?
<teward> rbasak: just an update, i'm likely going to do a non-merge update of the version to latest nginx stable just so we have something updated - i'm getting some strange build errors with regards to the dynamic modules, and am going to have to spend at least a whole day uninterrupted chasing it down.  This way at least we have an update to nginx that fixes some things... I'm fairly certain we don't want to track mainline right now, and that's got
<teward> its own build headaches.
<teward> blah too long a line >.<
<rbasak> rizonz: well, that's up to you.
<rbasak> teward: OK. Thanks!
<rizonz> rbasak: true but there were some default and some you don't want at all
<rbasak> rizonz: nothing in universe is on the ubuntu server ISO.
<rizonz> rbasak: ok, what kind of packages are in there, I try to find a list which says, ok these vendors, etc
<rbasak> rizonz: grep-dctrl can help you generate a list.
<rizonz> rbasak: ok, and multiverse is not on it as well ?
<rbasak> Use grep-ctrl to filter to whatever you want.
<rbasak> grep-dctrl
<nacc> caribou: nice!
<teward> rbasak: i've got something I'd like Server Team input on, which would then ahve to be bounced to the SRU team.  I assume the ML is the best place for it?
<rbasak> teward: yes. ML should be fine.
<teward> rbasak: ack.  i'll email in to the list within the next few hours.  In the mean time, build tests underway on the direct 1.10.2 upload, in a PPA.  If it passes it'll be pushed to the repos.
<teward> for Zesty
<GrandPa-G> anyone here able to help with dns-nameserver problem>
<nacc> GrandPa-G: it's probably better to just ask the question first
<GrandPa-G> ok - ubuntu 16.10 server, network manager, wpa_supplicant, wifi usb. I want static ip with dns-nameserver 192.168.0.18.
<GrandPa-G> I have put all of that in the interfaces file, but the dns names do not stick and always goes to 127.0.0.53
<GrandPa-G> Very confusing google stuff about what to do, so coming here to get latest, best answer
<GrandPa-G> of course, putting in resolv.conf gets overwritten next boot.
<nacc> you're using network manager on a server?
<GrandPa-G> putting in head stops interface from loading
 * nacc thinks nm and eni are not necessarily compatible
<GrandPa-G> nacc: yes, long story, I am willing to change if necessary as long it doesn't require a reinstall
<nacc> GrandPa-G: i think if you use nm, it runs a dnsmasq server locally?
<GrandPa-G> I will try anything, once, as long as it is somewhat legal
<GrandPa-G> what is eni?
<nacc>  /etc/network/interfaces
<nacc> GrandPa-G: need to step away, but i think you either want to use /etc/network/interfaces or nm, not both. And if you are using nm, then you need to configure your dns settings in nm, not in eni
<GrandPa-G> can you suggest how to remove nm? is it just sudo apt-get purge network-manager
<GrandPa-G> ?
<GrandPa-G> I am trying to run an apt-get purge, (or any other apt-get) and get error "The following packages have unmet dependencies:" and list. How do I fix this so I can go on?
<tarpman> GrandPa-G: apt-get -f install
<GrandPa-G> gives me the same thing
<tarpman> GrandPa-G: pastebin the output
<GrandPa-G> http://pastebin.com/Q2DW1sC4
<tarpman> that doesn't say anything about unmet dependencies
<tarpman> what you have there is buggy packages that aren't declaring correct Breaks/Replaces
<tarpman> you can probably work around it by removing zeroc-ice-compilers and then trying apt-get -f install again
<tarpman> GrandPa-G: where did you get your zeroc-ice from, anyway? 3.6.3-1000 isn't a version in ubuntu or debian that I can see
<GrandPa-G> If I remember I should have got it from zeroice.com distrubtion. apt-get install zeroc-ice-all-runtime zeroc-ice-all-dev
<GrandPa-G> unless something else put it in when I was installing something else.
<tarpman> hmm, maybe they don't support upgrading from the debian/ubuntu packages to their own
<tarpman> or they do and it's buggy
<GrandPa-G> How do I get out of this mess?
<tarpman> 10:20 < tarpman> you can probably work around it by removing zeroc-ice-compilers and then trying apt-get -f install  again
<tarpman> actually, if the layout of their packages is different from what you have installed, might be safer to uninstall/purge everything zeroc before installing theirs
<GrandPa-G> how would I get the compilers to go away? I can't do apt-get remove. I have to leave, but can you leave some more directions? Thanks in advance.
<tarpman> GrandPa-G: please pastebin output of 'apt-get purge zeroc-ice-compilers'
<ball> I'm tempted to try Ubuntu Server. Where can I find its system requirements?
<pmatulis> ball, probably in the installation guide
<pmatulis> https://help.ubuntu.com/lts/installation-guide/amd64/ch02.html
<pmatulis> https://help.ubuntu.com/lts/installation-guide/amd64/ch03s04.html
<ball> Thanks pmatulis
<sypher> pmatulis: I admit that I kept trying to read your name as pmautils. Like you're a package or something.
<pmatulis> sypher, i never thought of that :)
<sypher> pmatulis: My thoughts were along the lines of "huh, maybe he's the package maintainer for whatever that is."
<GrandPa-G> tarpman: back, sorry. The apt-get purge zeroc-ice-compilers gets the same errors
<tarpman> GrandPa-G: last time you said "the same", it was anything but. please actually pastebin the results
<GrandPa-G> http://pastebin.com/Nt6hn1z2
<tarpman> oh, apt being silly
<tarpman> GrandPa-G: so apt-get purge zeroc-ice-compilers zeroc-ice-all-dev libzeroc-ice-dev libzeroc-ice-java
<tarpman> GrandPa-G: or even just apt-get purge 'zeroc-.*'
<GrandPa-G> tarpman: did both as well as -f install http://pastebin.com/WdGn8nwJ
<tarpman> GrandPa-G: getting closer... probably need to go as far as apt-get purge 'zeroc-.*' 'libzeroc-.*'
<tarpman> GrandPa-G: or even just apt-get purge '.*zeroc-.*', and review the output carefully to ensure it doesn't pick up more than desired
<tarpman> oh, wait
<tarpman> GrandPa-G: ah, I see. hard to deal with this without taking out your mumble server at the same time, eh
<GrandPa-G> tarpman: if that will clean it up. ok
<GrandPa-G> tarpman: I am tempted to just start over with a new install of ubuntu. It would take me a day, but it might prevent future problems
<sarnold> can the ppa-purge program help here?
<sarnold> I've never tried to use it on non-ppa package archives but it might do the trick
<tarpman> GrandPa-G: the root problem here is that the zeroc.com packages you're trying to install are broken wrt upgrades
<tarpman> GrandPa-G: you should certainly report that to them as a bug. in the meantime, in your position I think I'd be downgrading to the ubuntu versions of all those packages (and removing ones that don't exist in ubuntu)
<tarpman> sarnold: interesting idea, I had the feeling it only worked on actual ppas but you could be right
<tarpman> GrandPa-G: installing a new system is certainly an option, then you could decide whether you want the ubuntu packages or the zeroc.com ones
<tarpman> GrandPa-G: or wait a few months for zesty to be released, which includes zeroc-ice 3.6.3
<GrandPa-G> fortunately I have a reasonable document on what has to be installed. I just don't like starting over.
<tarpman> GrandPa-G: just curious, is there a specific bug or missing feature that makes the current ubuntu package not suitable for your needs?
<GrandPa-G> no, I really don't know how I ended up with the wrong one. I have to downgrade to 10.4 to match zeroc. I can't use ppa-purge since it isn't installed.
<tarpman> er. installing packages from an external, non-ubuntu repository isn't really something that happens by accident
<blacknred0> how big of a squid server would i need to setup if i use ~200gb of data every month?
<macskay> hi guys im trying to set a rewrite, so i added a proxxy pass ProxyPass / http://127.0.0.1:50000/ however when calling sub.domain.com it tries to load the site http://127.0.0.1:50000/login or rather sub.domain.com/login, but it loads sub.domain.comlogin. How can I tell the apache to keep the / before the contextpath?
<sarnold> blacknred0: squid has a million tunables that you can use to try to make it fit your needs better
<blacknred0> sarnold: ok, it sounds that i need to do some reading
<blacknred0> now, i assume that once i have it setup i have to have the nodes pointing to it, right?
<sarnold> blacknred0: that's best, yes; it's possible to do it without configurating clients too, but that's less reliable and may not be worth the hassle
<sarnold> hey good news, the howto has been updated to use iptables :) http://www.tldp.org/HOWTO/TransparentProxy-6.html
<blacknred0> sarnold: ok, thanks mate :)
<sarnold> there's also this which may or may not work and may or may not be better :) https://en.wikipedia.org/wiki/Proxy_auto-config
<dasjoe> So, uh, l2tp/ipsec is not configurable in 16.04's NetworkManager?
<sarnold> hey dasjoe ;) maybe with strongswan-nm or network-manager-strongswan?
<blacknred0> thanks! i found this -> http://www.ubuntugeek.com/how-to-setup-transparent-squid-proxy-server-in-ubuntu.html
<blacknred0> i think the keyword for me is transparent proxy ;)
<dasjoe> Hey sarnold, long time no see :)
<sarnold> blacknred0: funny, on the one hand, I'm tempted to say "be careful, that guide is eight years old", but 95% of it looks identical to what I remember setting up back in 1997 or something... crazy. :)
<sarnold> dasjoe: aye, it's been too long.
<blacknred0> lol :)
<dasjoe> sarnold: no luck, network-manager-strongswan is installed, still no L2TP/IPsec in nm-applet when I'm trying to add a VPN. I'll check whether this is known
<dasjoe> sarnold: I see. It's a known, fixed bug in upstream: https://wiki.strongswan.org/issues/1429 and just known on launchpad: https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1570352 - would this need an SRU?
<ubottu> Launchpad bug 1570352 in network-manager-strongswan (Ubuntu) "strongswan vpn cannot be established via the network-manager" [High,Confirmed]
<sarnold> dasjoe: yeah, it'll need an SRU, pity tobias closed it with "fixed in 1.4.0" rather than "fixed with <patch>"... https://wiki.strongswan.org/issues/1406
<GrandPa-G> tarpman:When I do a fresh install, network manager is not installed, correct?
<tarpman> GrandPa-G: I have no idea, haven't used ubuntu in years :)
<GrandPa-G> tarpman: what do you use?
<tarpman> GrandPa-G: debian
<GrandPa-G> tarpman: and yet you hang out in ubuntu channel and are knowledegable?
<tarpman> it's mostly the same :)
<tarpman> GrandPa-G: these days, I'm here mostly in case anyone says the word "ldap" or "slapd"
<GrandPa-G> tarpman: unfortunately I have to install with only a wifi usb network interface.
<GrandPa-G> JanC: yes on default install
<dasjoe> So, Ubuntu's netinstall images don't come with a kernel command line enabling a serial console, this just bit me
#ubuntu-server 2016-12-16
 * compdoc passes dasjoe the calamine lotion
<dasjoe> :)
<ball> Well, I wouldn't have predicted this but I've just installed Ubuntu Server.
<ball> If I'm reading this right it took just 1.3 GB on disk.
<ball> (plus swap, which doesn't count)
<pmatulis> ball, sounds about right
<ball> Awesome.
<rbasak> powersj: on bug 1540323, I'm not sure I follow. The source package does need removing, and we need to create the binary from the seeds instead.
<ubottu> bug 1540323 in ubuntu-virt (Ubuntu) "ubuntu-virt is not generated from seeds" [Undecided,New] https://launchpad.net/bugs/1540323
<rbasak> (or get rid of the binary package entirely; that needs further checking)
<rbasak> powersj: I replied to bug 1649729
<ubottu> bug 1649729 in ntp (Ubuntu) "ntpd startup failures under xenial" [Undecided,Incomplete] https://launchpad.net/bugs/1649729
<powersj> rbasak: re: ubuntu-virt, so you expect the binary to exist, but to be generated by a different source package?
<rizonz> I really doubt if I need to mirror universe and multiverse for my servers
<rbasak> powersj: right. Actually I'm not sure if the binary should exist, but if it should, it should be generated via a seed through src:ubuntu-meta I think.
<rbasak> (which is semi-auto-updated from the seeds)
<powersj> rbasak: ok thanks, I was doing old bug triage and didn't quite understand if there was still an action. I see you added it to the backlog, so I think we are good then :)
<hasenov> hello everyone, i am running ubuntu novalxd openstack
<hasenov> and i imported an image from a remote host
<hasenov> i can see it when i go into the compute container and do "lxc image list"
<hasenov> but it is not present in the horizon ui
<hasenov> what is the way to make it visible in horizon?
<sarnold> are you "allowed" to mix the novalxd with normal lxd like that?
<hasenov> sarnold: oh i didnt realize they had different commands
<hasenov> can i do remote add with nova lxd?
<sarnold> hasenov: the usual lxd image store doesn't have any concept of tenants or 'owners' -- it's nice and simple :) -- but the novalxd thing is going to use glance for images, which do have owners, and so on..
<sarnold> so I suspect when you step out of the openstack tooling, you're probably going to have trouble integrating with novalxd; and when you step out of the lxd tooling, you're going to have trouble integrating with openstack
<hasenov> my situation is that someone just shared an lxc image with me from their repo and i downloaded it, i believe my only solution is to create a tar out of it and create new image through horizon ui?
<sarnold> that sounds plausible; there might be better choices but I can't think of anything off-hand
<hasenov> so i exported the image and create new one in horizon, and looks like through openstack the instance wouldn't start
<hasenov> but when starting with lxc it starts up fine
<hasenov> WARNING nova.compute.manager [-] [instance: 9cb756c9-a39c-42fe-8ce3-c069f8c86b1c] Instance shutdown by itself. Calling the stop API. Current vm_state: active, current task_state: None, original DB power_state: 4, current VM power_state: 4
<hasenov> is what is printed out in the nova var log
<hasenov> how would i be able to get a novalxd image from a remote Image Location?
<hasenov> can i use images.linuxcontainers.org?
<GrandPa-G> I have just been given responsiblity to manage a rack mount server with Ubuntu. I am looking for suggestion of how to manage
<GrandPa-G> it, especially for being up/down. I will have access to ssh. It will have mysql, apache and another socket based app.
<GrandPa-G> How to know status without looking? What tools. Any references are great.
<andol> 1) You will gradually want to get some configuration management in place, such as Puppet or Ansible
<andol> 2) Icinga 2 is not a bad choice for monitoring, to be able to see what is up or not, etc.
<andol> GrandPa-G: ^^
<andol> Or wait, are we just talking about one server now? In that case I guess it might be more effencience to use a hosted solution for monitoring, such as Pingdom or Monitis.
<GrandPa-G> One caveat is I am told no $ to spend. Just one server, not high usage, just don't want to have to monitor until something is going bad.
<andol> GrandPa-G: If we take Pingdom as an example you would probably me able to get away with their Starter tier for $15 a month.  Surely spending that small amount of money must be preferable to you spending a non-trivial amount of work time?
<GrandPa-G> If I were in charge, I would agree. It just that any funding is a big deal.
<andol> ...and your time is free?
<GrandPa-G> actually it is on this project
<DK2> my server brings a duplicate address up on eth2 after every reboot, are there any logs as to why this happens?
<DK2> i have 192.168.1.2/25 and after the reboot theres also a 192.168.1.2/32 , why?
<bekks> DK2: What does your configuration looks like?
<DK2> auto eth2
<DK2> iface eth2 inet static
<DK2>   address 192.168.1.2
<DK2>   netmask 255.255.255.128
<DK2> thats all.. lol
<dasjoe> That's all, no gateway, no DNS, no other interfaces configured?
<DK2> yes its not needed in this case
<bekks> Not even the loopback adapter configured?
<DK2> there is
<DK2> but not for eth2...
<DK2> eth2 ist just for interal access to some servers
<bekks> Guess why the loopback is named loopback and not eth2. :P
<DK2> ya well the loopback adapter is there :P
<DK2> i just dont know where that mysterious duplicate /32 comes from
<k2gremlin> Trying to add a second disk to my ubuntu server.. ran fdisk -l and the one I am adding is /dev/sdb  I want to mount it to /storage. In fstab I put in /dev/sdb /storage ext4 defaults 1 3 However, I get this error "Can't find ext4 filesystem... does it need to be formatted or something??
<tarpman> k2gremlin: yes, you should partition it first, and then make a filesystem in the partition
<k2gremlin> Do I need to use the mkfs.ext4 command?
<bekks> k2gremlin: you need to create a partition on it, like sdb1, and create a filesystem on sdb1 afterwards.
<bekks> Then, you can mount it.
<k2gremlin> bekks, should it be primary or extended?
<bekks> k2gremlin: Doesnt matter actually.
<dasjoe> Will mkfs.ext4 actually refuse to work on a raw block device? Let's see
<bekks> Not, it will work fine on whatever block device.
<dasjoe> Yeah, just tested: /dev/zd96: Linux rev 1.0 ext4 filesystem data, UUID=8a0923ec-5575-4234-8ddc-78d0ecb67a30 (extents) (large files) (huge files)
<k2gremlin> bekks, thanks.. got it working great :)
<tarpman> nacc: just saw your comment on bug 1436558. I haven't proposed a merge yet because I want to see what's happening with heimdal in debian (heimdal 7 RC just got uploaded to unstable)... if I'm going to be adding back heimdal support anyway, I'd kind of rather not merge in the current state with heimdal disabled
<ubottu> bug 1436558 in openldap (Ubuntu) "package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying to overwrite shared '/etc/ldap/ldap.conf', which is different from other instances of package libldap-2.4-2:amd64" [Medium,Triaged] https://launchpad.net/bugs/1436558
<nacc> tarpman: ah ok! thanks!
<tarpman> nacc: I understand it's a nasty bug, but it's also been around for a decade or so :)
<nacc> tarpman: 100% ack on that, mostly a note to myself as i triage
<tarpman> sure
<rizonz> meh my apache stopped serving my vhosts on a 14.04 to 16.04 upgrade
#ubuntu-server 2016-12-17
<EvilAngel> i wonder if zfs gets loaded before the x server gets started
<EvilAngel> https://www.youtube.com/watch?v=CXy7JBTosbs
<EvilAngel> oh shit
<EvilAngel> sorry
<Mis-anthrope> the best thing about a newly installed ubuntu server.... it comes with no destop environment!
<Mis-anthrope> I am trying to install virtual box guest additions.. and it fails everytime.. after some searching online, I realised the problem could be with the linux headers. Now, when I am removing the headers, I have the option of removing generic headers or actual header file linux-headers-4.4.0-31.. which one should I remove..
<Walex> Mis-anthrope: well, the generic one depends on the version one, so if you remove the generic one the version one will also be removed by default.
<Walex> Mis-anthrope: but is is very unlikely that the right version headers for your kernel give VirtualBox trouble.
<tomreyn> i concur. removing kernel headers wont solve a problem
<Mis-anthrope> Walex: I had the same issue in ubuntu desktop so all I did was update the kernel headers..
<Mis-anthrope> but the kernels are showing up to date in this case
<tomreyn> which variant of virtualbox are you using, the one from ubuntu or oracles' packages?
<Mis-anthrope> oracle's one
<Mis-anthrope> its vbox 5.1.2
<tomreyn> are you using this on a server?
<Mis-anthrope> yes.. I am
<tomreyn> why dont use use a proper HVM virtualization?
<Mis-anthrope> the error log for vboxguesteditions suggests I install gcc and make which I am doing now
<tomreyn> virtualbox is desktop virtualization
<Mis-anthrope> ik
<Mis-anthrope> I dont want bare metal
<Mis-anthrope> I just wanna play around with ubuntu server in vbox first..
<tomreyn> so your host is a desktop, runnign virtualbox, and below that you got ubuntu-server?
<Mis-anthrope> yes
<tomreyn> ah, okay that makes sense then
<Mis-anthrope> I dont want any bare metal virtualization till I am comfy with ubuntu server on type 2
<tomreyn> so your desktop runs which version of ubuntu, and the VM is which version of ubuntu-server?
<tomreyn> and whats the output you get when you try to install the guest utils on the ubuntu-server ?
<tomreyn> (use !pastebin / !pastebinit )
<Mis-anthrope> my desktop is windows 10.1/x64(to my despair) and I am running ubuntu 16.04 server(32 bit)
<tomreyn> thanks for providing some (but not all) of the information i asked for. ;)
<Mis-anthrope> um thats cuz my problem has now evolved :(
<tomreyn> sorry to hear that
<Mis-anthrope> me too :\
<Mis-anthrope> I need to understand the differences between Xorg.. X11.. desktop environement... display servers... window managers... any good books/links?
<Mis-anthrope> has anyone here used Ubuntu 16.04 server?
<funabashi> hey guys i had 2 unwanted reboots on my linux machine today. which important logs can i go for to find out the root cause ?
<tomreyn> funabashi: /var/log/syslog* /var/log/dmesg* /var/log/auth.log*
<tomreyn> funabashi: start by using 'last' to determine the reboot times, then look at these logs near these timestamps
<funabashi> tomreyn: ok i checked those files and i found nothing intresting
<funabashi> its a vps on KVM and the provider told me they got no issues..
<funabashi> dmesg file doesnt have timestamps
<tomreyn> if there's nothing on the logs then it means it's a hardware issue. which, in the case of virtualization, means it's a virtualization error.
<tomreyn> your provider may not spend time on investigating thier logs until you state that you have reviewed your logs and not found indication of a software malfunction.
<tomreyn> if, after you stated this, and went over this with them repeatedly, they still claim its not an issu eon their part without providing anything to back that claim up, then you should switch to a different provider.
<duper> does anyone know of terminal software that's capable of the VGA-style 24-bit true color w/ ANSI color escape codes besides suckless st? looking for something that's more..well, featureful.
<rizonz> which caching resolver is recommended for local usage ?
#ubuntu-server 2016-12-18
<arooni> what to do if i'm trying to SSH into my ubuntu-server and it looks hung
<arooni> reboot the vps?
<ziyourenxiang> try ssh -v to see what's stuck
<JanC> arooni: it might be lacking resources (RAM or CPU or sockets or file handlers or something else); rebootign usually "solves" that but you'd want to investigate afterwards what is causing it
<JanC> of course the issue might also be somewhere in between you & the VPS
<patdk-lap> or filesystem went readonly
#ubuntu-server 2017-12-11
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer How are you?
<cpaelzer> good enough for a monday :-)
<cpaelzer> and you?
<lordievader> Hahaha. I'm doing allright.
<jamespage> coreycb: nova and glance b2's uploaded - doing heat and neutron next
<ahasenack> good morning
<Nafallo> morning ahasenack
<ahasenack> hello Nafallo
<jamespage> coreycb: cinder done; neutron failing a test and heat generally being awkward
<jamespage> coreycb: doing keystone
<jamespage> coreycb: keystone done; I'm going todo a snapshot of aodh if I can make it work
<jamespage> coreycb: barbican done
<coreycb> jamespage: sounds good, i'll start in a bit
<jamespage> coreycb: neutron done
<coreycb> jamespage: getting started with horizon
<jamespage> coreycb: ok working through the neutron-*'s now
<coreycb> jamespage: are you using a bileto ppa?
<jamespage> coreycb: no
<jamespage> just local sbuild
<jamespage> coreycb: I've done a tweak to the watch file in my uploaded to tie the package to a specific series; dunno what you think about that
<jamespage> makes gbp import-orig --uscan dtrt
<coreycb> jamespage: ok. i'm going to use https://bileto.ubuntu.com/#/ticket/3076. you're welcome to use it if you want.
<coreycb> jamespage: ok i'll tie that in as well to the watch files
<coreycb> jamespage: i usually specify the version on uscan so i'm indifferent but i think this is fine
<LilleCarl> I was recommended to ask this here: "Can anyone explain why this part of interfaces config doesn't add the routes i'm asking it to add? https://gist.github.com/Lillecarl/d152e0f93405005ea2fd451f33645968" <- Running Ubuntu 16.04 server
<sdeziel> LilleCarl: those additional routes shouldn't be needed as they are relying on the default gateway anyways
<LilleCarl> @sdeziel Well actually the device's got one direct wan connection and one lan connection
<LilleCarl> It's acting as a VPN server-ish
<LilleCarl> So the default route goes over ens160
<sdeziel> LilleCarl: then I'd remove the "gateway 172.30.30.1" line then as this one too tries to add a default gateway
<LilleCarl> I'll do that
<sdeziel> LilleCarl: then if the "up" command still do not accomplish what you wanted, I'd suggest running them by hand and see if /sbin/ip spits an error on them
<LilleCarl> sdeziel: Now the up commands worked
<LilleCarl> Isn't that weird?
<LilleCarl> Also, thanks! :)
<sdeziel> LilleCarl: I don't know. Was br0 coming up at all before? Cause 2 default gateways could have prevent the second one (the one from br0) from working
<sdeziel> in other words, I don't know if ifup would capitulate on the "gateway" clause failing to apply
<LilleCarl> sdeziel: It was functioning indeed, and "ip link" showed it as up
<LilleCarl> But yeah that explains it, trying to override default gw could fail the up scripts
<sdeziel> LilleCarl: yeah but that's one level too low ;). I guess the question should have been: did br0 had an IP configured?
<LilleCarl> sdeziel: Wierdly enough it did, i was pinging it locally. I guess it's weird undefined behaviour
<sdeziel> LilleCarl: interesting problem :)
<LilleCarl> Indeed, caused by stupid human as usually though ;)
<jlacroix> Good {morning,afternoon,evening}. I'm still trying to get an external USB drive passed through to my KVM VM from the host. I tried going through virt-manager, and I also tried creating an XML file and attaching it. I've rebooted the host and guest many times. I also tried USB2/USB3 and switching the chipset. Has anyone been successful with this? (Ubuntu Server 16.04)
<cpaelzer> jlacroix: yes I've doen it - did you check out the related known apparmor issues
<cpaelzer> jlacroix: TL;DR while you are trying to attach in a 2nd window run "sudo dmesg -w"
<jlacroix> cpaelzer I have seen that during google searching. I flat-out disabled apparmor on the host and guest, that didn't solve it
<cpaelzer> likely you see apparmor denies, and likely the bugs I linked have the fixes that you can add to your conffiles
<jlacroix> Should I run the dmesg on the host or guest?
<cpaelzer> well if you disabled apparmor fully then this isn't the issue :-)
<cpaelzer> jlacroix: I recommend to track two things then
<cpaelzer> 1. in a 2nd console dmesg -w - what happens on the try to atatch
<jlacroix> Are these apparmor issues with the guest or the host? Or both? When reading I wasn't sure if they were referring to the guest or host when talking about apparmor
<cpaelzer> 2. in 3rd console track /var/log/libvirt/qemu/<guestname>.log - is there an issue reported
<cpaelzer> jlacroix: the issues were the host being more on the secure than on the comfortable side
<cpaelzer> jlacroix: this needed some work/research to sort out rules that work but are not considered insecure
<cpaelzer> but demsg will show you if this still is an issue
<cpaelzer> coreycb: I believe automation tricked you when picking 1710019 into cloud archive
<cpaelzer> coreycb: there is (a lot) detail in the bug - TL;DR this was cancelled from -proposed for zesty but picked for Ocata now
<coreycb> cpaelzer: got it, thanks. i'll update the bug.
<jlacroix> Thanks cpaelzer, I'll try that out when I get home. I'm remotely connected via SSH right now and so far I don't see anything in the logs on the host. But perhaps I will when I disconnect and reconnect the drive. But as of right now there is nothing in the log file and it has not cycled
<jlacroix> I'm assuming the usb disk would show up with lsusb or lsblk if successfully passed through
<coreycb> cpaelzer: are you +1 to reverting that then?
<cpaelzer> coreycb: well we reverted it in proposed until dannf had the chance to sort out the details
<cpaelzer> coreycb: so that particular change on the actual release did never show up
<cpaelzer> coreycb: thereby yes I'm +1 to also pull it out of UCA for now
<coreycb> cpaelzer: ack
<cpaelzer> jlacroix: give it a try and let us know
<cpaelzer> jlacroix: you could pastebin both logs if you are unsure what they show you
<jlacroix> cpaelzer the log for the VM in question contains no errors. The dmesg contains nothing regarding the usb drive, other than "new usb device found"
<cpaelzer> jlacroix: is this the demsg of the host?
<jlacroix> cpaelzer: yes, the host
<cpaelzer> well that means it was atatched (or tried to) and comes back to the host
<cpaelzer> that is why it is seeing it as new device
<cpaelzer> hmm
<cpaelzer> and what does virsh attach ... tell you
<jlacroix> Honestly the "new usb device found" could just have been when the host was booted
<cpaelzer> it must say failed "foo" then right?
<cpaelzer> jlacroix: that is why I meand sudo dmesg -w
<cpaelzer> that follows
<cpaelzer> so you can add a few empty lines with enter
<cpaelzer> then do the action
<cpaelzer> and report only what appears as new events
<cpaelzer> jlacroix: the same works on the guest log file if you use "tail -f" on it
<jlacroix> When I run "virsh attach-device" it says "device attached successfully"
<cpaelzer> jlacroix: then doesn#t that sound good to you?
<cpaelzer> jlacroix: so the host thinks all is fine
<cpaelzer> jlacroix: you can now do the same with dmesg but in the guest
<jlacroix> cpaelzer, yes that sounds great. But lusb, lsblk, and fdisk -l show no extra disks
<cpaelzer> jlacroix: when you detach/attach you should see the device appearing
<cpaelzer> do you?
<jlacroix> I do not
<cpaelzer> you do not see anything in guest dmesg when you do so?
<jlacroix> Correct, nothing
<cpaelzer> weird
<cpaelzer> sorry jlacroix I never had that combination
<cpaelzer> unfortunately all you do is what I do, so your steps are not valid to reproduce on my end
<cpaelzer> jlacroix: could you try various USB devices and check if all behave that way?
<jlacroix> Yes, I can try that when I get home. I don't have physical access until this evening
<TJ-> jlacroix: The guest OS needs the PCI hotplug drivers too; acpiphp and pci_hotplug usually
<TJ-> jlacroix: I saw similar issues with both raw PCI devices and USB devices with minimal 'cloud' kernels
<jlacroix> Thanks I'll try that now
<sdeziel> as anyone been able to run memtest86+ (or any other mem-test) on a UEFI machine?
<jlacroix> TJ I don't see those packages available
<jlacroix> I do have acpid
<TJ-> They're kernel modules
<jlacroix> Thanks for the response, but those modules are there.
<TJ-> sdeziel: as far as I recall it doesn't support UEFI since it's a 16-bit executable
<TJ-> jlacroix: are they loaded?
<sdeziel> $ grep -A3 EFI /etc/grub.d/20_memtest86+
<sdeziel> # We need 16-bit boot, which isn't available on EFI.
<sdeziel> if [ -d /sys/firmware/efi ]; then
<sdeziel>   exit 0
<sdeziel> TJ-: indeed, thanks. I'm going to try with the upstream provided ISO for now
<jlacroix> TJ: I'm not really sure, they are in the kernel config marked "y", I think that means compiled in and not module if I'm not mistaken
<TJ-> jlacroix: yes, that is correct. So the guest is a 'fat' bare-metal kernel, not one designed for virtual machines/'cloud' ?
<jlacroix> TJ: Correct. It was installed using the ubuntu-server ISO and not ubuntu-minimal or anything weird
<TJ-> jlacroix: in the guest does "lsusb" show USB hub(s)?
<jlacroix> It does, it shows four of them
<TJ-> jlacroix: also, is the device you're attaching a mass storage device? sometimes it needs "usb_storage" module manually loading
<jlacroix> TJ: The disk I'm attaching is a USB hard disk, no hub between them
<TJ-> jlacroix: there has to be a hub
<jlacroix> TJ: Sorry what I mean is, I didn't add one between them
<TJ-> jlacroix: OK, that's fine, the VM should have one already defined in its hardware description, and the kernel has default drivers for them
<TJ-> jlacroix: does 'virsh dumpxml' show the device with a "<hostdev mode='subsystem' type='usb' managed='yes'>" node?
<jlacroix> TJ: It does
<jlacroix> TJ: Sorry, managed: no
<TJ-> jlacroix: for USB that is ignored so it doesn't affect things
<TJ-> jlacroix: one data-point. When the device is removed from the host and attached to the guest, the HOST dmesg/kern.log should show something like "usb 2-2: reset high-speed USB device number 6 using ehci-pci"
<jlacroix> Thanks TJ and cpaelzer for all your help. I'll troubleshoot more this evening
<arooni> it appears that my ubuntu server is not allowing connections when i connect via unlimited vpn (my vpn provider).  any way to find out if certain ip's are blocked somehwo?  i have already stopped the fail2ban service
<tomreyn> arooni: what makes you think it's the server that's blocking it?
<sarnold> good question; on some services I wind up blocking entire VPN netblocks due to abuse from time to time
<sarnold> it could be your service provider has done the same
<tomreyn> some tests: (1) do a traceroute through the VPN, compare it to how it looks without VPN; (2) ping through the VPN and without the VPN, do both get through?; (3) run "nc -l -vv -p 8000" on the server and connect to it through the VPN and without the VPN from your client by running "nc -vv IP_ADDRESS_OF_SERVER 8000"; both server and client should report that the connection is established.
<arooni>                                                                                                        sarn
<arooni> sarnold: how do i test to see whether its the server or my hosting provider
<arooni> oops liooks like tomreyn mentions it
<arooni> i wish my networking knowledge was a bit better :)
#ubuntu-server 2017-12-12
<danrik> is it possible to use ssh to simulate vpn? as in - bridge 2 networks?
<sarnold> danrik: I've done one of these before, it feels plausible that it could do network bridging http://www.tldp.org/HOWTO/ppp-ssh/
<danrik> sarnold: thanks. im seeing that apparently these days ssh-vpn comes standard in fedora 27.
<danrik> package called NetworkManager-ssh, testing that
<sarnold> danrik: ha! :) that's awesome
<danrik> which group should I add myself to so I have access to tun|tap devices in ubuntu 12.04 ?
<jlacroix> I'm having a strange issue with passing an external USB hard disk to a KVM guest. Long story short, USB-passthrough works fine to this guest if I plug in a flash drive. However, my USB hard disk doesn't register on the guest at all whatsoever (the host does see it)
<cpaelzer> good morning
<cpaelzer> jlacroix: I remember I have seen another issue similar to yours
<cpaelzer> jlacroix: in the case a device didn't show up in the guest because the real device controller messed up usb1/2/3
<cpaelzer> jlacroix: the solution was to force it onto an (virtual) usb 2.0 controller
<cpaelzer> jlacroix: if you want to try - I think virt-manager adds 4 types of ich9 usb controllers
<cpaelzer> jlacroix: reduce that to one of them, then start a loop
<cpaelzer> jlacroix: shutdown the guest via virsh, start it and test
<cpaelzer> jlacroix: in that loop try all the different usb controllers that https://libvirt.org/formatdomain.html#elementsControllers lists
<cpaelzer> jlacroix: but you said you will try different devices as well, that should be just as good to find if it is that
<lordievader> Good morning
<tobasco> jamespage: coreycb has ubuntu changed static path for openstack-dashboard horizon package recently? had to change from /usr/share/openstack-dashboard/static to /var/lib/openstack-dashboard/static
<tobasco> is this change consistent for all ubuntu packages for openstack-dashboard (and not just cloud-archive for xenial/ocata)
<tobasco> if so, i'll push changes to the puppet modules
<tobasco> since they write their own apache2 config, it seems like that was a breaking change
<jamespage> tobasco: yes we switched static asset collection to use a guaranteed writeable location (/var/lib/openstackd-dashboard)
<jamespage> that was a while back tho
<tobasco> jamespage: ok, saw ut was changed now must have been in a hurry
<boxrick> Hello! I am installing /var to a ZFS volume in the pre-seed right at the end. However when I do /sbin/start-stop-daemon is not present on the install.
<boxrick> Any ideas why this may be?
<boxrick> Or perhaps someone could tell me when  start-stop-daemon  is installed during a typical install?
<rbasak> ahasenack: I think bug 1735744 should be fixed in beta. Just not stable. Did you find that it isn't?
<ubottu> bug 1735744 in usd-importer "lint won't run: "Multiple candidate branches found and they do not target the same series:"" [Undecided,Fix committed] https://launchpad.net/bugs/1735744
<ahasenack> rbasak: it's not in my snap
<rbasak> https://git.launchpad.net/usd-importer/log/ - tagged snap/beta
<ahasenack> I have 0.6.2+git49.967f050
<rbasak> Maybe the snap didn't build.
<ahasenack> does it build automatically on commit?
<rbasak> 967f050 is where snap/beta is at the moment
<rbasak> Yes
<rbasak> And it has the lint fix as a parent
<ahasenack> rbasak: oh, you are right
<ahasenack> I was confused because it still required --target-branch
<ahasenack> but once I provide that, the snap one works too
<coreycb> jamespage: hey i'm going to bump openstacksdk
<jamespage> coreycb: ack
<rbasak> ahasenack: I ran update-maintainer and committed and pushed that for the MySQL merge MP. But I just realised that I accidentally pushed it to alioth's ubuntu/devel (my real target branch) instead of rbasak/ubuntu/devel (my staging area).
<rbasak> ahasenack: just FYI. I'll leave things as they are, and sort them out once you've concluded the MP.
<HackeMate> hi
<HackeMate> i have 2 ethernet and i want to make route from one to the other one, when i try to use route add default gw <gateway> i get this: SIOCADDRT: Network is unreachable
<coreycb> jamespage: i'm fixing up openstack-dashboard for b2. the install is broken with the move of openstack_auth in tree.
<jamespage> coreycb: ack
<jamespage> coreycb: doing a fixup on glance - duped rootwrap.conf with glance-store
<coreycb> jamespage: ok
<jamespage> coreycb: I've uploaded updates for glance, cinder and nova to fix uid/gid to reservations as detailed in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884178
<ubottu> Debian bug 884178 in base-passwd "base-passwd: uid/gid reservations for OpenStack users/groups (nova,glance,cinder)" [Normal,Open]
<jamespage> coreycb: also mailed openstack-devel@debian with details on why
<coreycb> jamespage: ack
<jamespage> coreycb: zigo is going todo the same in openstack-pkg-tools for the debian variants
<coreycb> jamespage: ok great
<jamespage> coreycb: that should sort out the GPFS permissions consistency issues that the IBM team had; but I don't think we can retro that change into older releases
<jamespage> might be wrong but that's my perspective
<cpaelzer> Howdy all!  office hours is officially starting.  Please bring all questions
<cpaelzer> rbasak: ahasenack and myself are around, dpb1 might be busy
<cpaelzer> slashd: smb: anything from you this week to bring up?
<ahasenack> o/
<cpaelzer> teward: I wanted to ask you one thing - http2 in nginx
<cpaelzer> teward: I did apache2 in regard to https://bugs.launchpad.net/ubuntu/+source/nghttp2/+bug/1687454
<ubottu> Launchpad bug 1687454 in curl (Ubuntu) "[MIR] nghttp2" [Undecided,Triaged]
<cpaelzer> not sure but you might want to do so next time you touch nginx
<cpaelzer> so I wanted to ask what you think about that
<dpb1> thanks cpaelzer
<slashd> cpaelzer, nothing in particular, everything under control sorry for the late answer.
<cpaelzer> fine
<cpaelzer> there is no being late in our new less formal process
<slashd> cpaelzer, do you know if there is any SRU shutdown during the holidays ?
<cpaelzer> question for rbasak as he is member of the SRU team
<rbasak> I don't think we have a formal answer. IIRC generally people try to be extra cautious about releasing SRUs in case of regression.
<rbasak> I will be reluctant to release an SRU if I'm not around for the next few days.
<rbasak> Accepting into proposed shouldn't be problem as long as people are around to review them as normal.
<slashd> rbasak, sound good to me thanks
<fstoltz> Hi, I'm slightly confused as to why there are articles like this (first link) that talk about how to setup a normal user account with sudo priviliges. And then I read thomasrutters' answers on this (second link). Why does the first link explain in-depth of how to set this up when the default way seems to be the way the article tries to explain how to do yourself? Am I missing something or isn't Ubuntu-Server default way by
<fstoltz> doing it that way(that the first link explains)?
<fstoltz> first -> https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
<fstoltz> second -> https://askubuntu.com/questions/189907/what-is-the-default-root-password
<rbasak> Regarding the first link, Ubuntu cloud images set all of that up by default automatically.
<rbasak> You get a user called 'ubuntu' (by default) which can already sudo.
<cpaelzer> on an ISO install your initial user also can do that
<rbasak> I'm not sure why Digital Ocean aren't just using that. It sounds like they're just making things more complicated for their customers.
<cpaelzer> because that is the way to administrate
<cpaelzer> my mesg was not in reply to the last of rbasak but to the one before
<cpaelzer> I also think link #1 is makeing things complex that shouldn't be that way
<rbasak> fstoltz: does that answer your question?
<cpaelzer> in general I think sudo also provides a nice level of extra auditability
<cpaelzer> if (any)one can log in as root you have much less traction what happened why
<sdeziel> but then people use "sudo -i" and your audit track vanishes
<cpaelzer> true
<sdeziel> still slightly better than a direct SSH to root though
<cpaelzer> but it is better than handing all admins the key to root@
<cpaelzer> that is what I meant
<cpaelzer> I didn't want to say it is all needed for good tracking
<sdeziel> good tracking is hard
<fstoltz> Yes, it does, thank you. Since I'm still new to Ubuntu and the whole GNU/Linux world and I'm fiddling around with Ubuntu-Server for the first time I was unsure whether that step was necessary (firstlink) since it seemed to me that it was already setup like that(without me doing anything in particular). And like cpaelzer said it seems like they're just making it more complex, and that's what I just wanted to confirm, that I
<fstoltz> wasn't missing some detail. When I try typing "su" i get asked for a password that I do not know, and I'm assuming there is no password since I haven't touched 'root' user. I appreciate you talking about it, makes it clearer for me.
<sdeziel> fstoltz: with su, you are trying to change to another user so you have to know the other user's password
<sdeziel> fstoltz: unless you invoke su as the super user (sudo su) in which case you won't be require to provide the other user's password
<fstoltz> sdeziel: But when I type solely "su" I get asked for a password
<fstoltz> sdeziel: I don't specify a user, nor does the password prompt specify anything
<sdeziel> fstoltz: I think it asks for your own password then
<sdeziel> fstoltz: but invoking su alone is probably not very useful
<fstoltz> sdeziel: Doesn't accept my password
<sdeziel> fstoltz: sorry, I was wrong, su will by default try to auth as root
<sdeziel> fstoltz: could you share a little more context around what you want to achieve?
<fstoltz> sdeziel: Nothing in particular, it was more just to ease my confusement. I was looking around on this guide regarding ufw, and saw that their prerequisites was following the first link in my first message. And so I was pondering whether I actually needed to do that because it seems that's the way my setup already looks, so I just wanted to confirm that I wasn't missing anything. And seems like I wasn't, so I'll go ahead and
<fstoltz> start configuring ufw now :)
<fstoltz> https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-16-04
<sdeziel> fstoltz: alright then :)
<teward> cpaelzer: http2 is already good to go in NGINX in Ubuntu
<teward> cpaelzer: nginx rolls its own implementation, not nghttp2
<teward> this is one reason it was ACK'd by the Security team back in one of the earlier cycles
<teward> cpaelzer: so, in short, NGINX has been ahead of Apache2 wrt HTTP/2 for well over a year now.
<teward> i forget when we actually enabled it, I'd ahve to dig into the histories.
<sdeziel> I know I'm happily using http2 on Xenial so thanks teward :)
<teward> yep
<teward> cpaelzer: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1565043 i think is the relevant one
<ubottu> Launchpad bug 1565043 in nginx (Ubuntu) "Please enable HTTP/2 in NGINX for Xenial" [Wishlist,Fix released]
<teward> back in the 16.04 cycle we enabled it
<teward> cpaelzer: so, wrt nginx, there's nothing to do wrt HTTP/2 - it's been available since 1.9.14 in Xenial
<ahasenack> teward: nice
<albech> any tools similar to imapsync on ubuntu? I have looked at imapsync but it appears that it will require git source and compilation, which i dont want on a production system.
<albech> or possible imapsync on a repo
<albech> never mind seems like larch is what i was looking for
<teward> ...
<teward> rbasak: cpaelzer: either of you know how to fix an issue where dpkg doesn't realize changes are actually applied via a quilt patch but it sees them as 'unusual' changes?
<teward> and new non-upstream changes?
<teward> ... nevermind.
<teward> it's a Merge-o-Matic problem
<rbasak> teward: you might find http://people.canonical.com/~cjwatson/dpkg-quilt-setup helpful
<teward> rbasak: actually, it was a MoM issue
<teward> i fixed it by applying the same set of debian/* to a pristine upstream tarball
<rbasak> Indeed. That script works around the MoM issue :)
<teward> and it stopped complaining
<teward> rbasak: well, I use MoM as a 'base', then test against pristine
<teward> so meh
<teward> *Yawns*
<teward> I need more coffee
<teward> rbasak: i got it to build - https://launchpad.net/~teward/+archive/ubuntu/nginx-merge-bionic/+packages - could use some help testing, so I'll put a call for tests out on the ML because I'm busy the next couple days (final exams).
<teward> good news though: if I do well on these finals, GRADUATION GUARANTEED
<teward> no more school :p
<powersj> woohoo :)
<dpb1> teward: :)
<Laney> hey, is the server team responsible for cloud images?
<Laney> if so, wondering if anyone has investigated systemd-networkd-wait-online.service hanging on boot?
<Laney> happens with uvt-kvm
<Laney> (bug link would be ok)
<ahasenack> I heard something about that today
<ahasenack> Laney: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1737704 perhaps?
<Laney> yes someone mentioned it in #ubuntu-release
<ubottu> Launchpad bug 1737704 in cloud-init (Ubuntu) "Cloud-init fails if iso9660 filesystem on non-cdrom path in 20171211 image." [High,In progress]
<ahasenack> Laney: http://paste.ubuntu.com/26169046/ output (bad)
<ahasenack> (from the bug)
<Laney> yes sounds right
<Laney> thanks!
<ahasenack>   E: Failed to fetch http://br.archive.ubuntu.com/ubuntu/dists/bionic/main/i18n/Translation-en.xz  File has unexpected size (517768 != 517816). Mirror sync in progress?
<ahasenack> I was hoping these errors were behind us
<teward> rbasak: powersj: sdeziel: cpaelzer: dpb1: and anyone else who cares, just pushed an nginx merge up, assuming nothing explodes from it we're tracking Mainline now.  SRUs will behave as normal once Freeze hits, until then we're in sync with Debian except for upstream nginx version changes.
<sdeziel> teward: great, will give it a try soon-ish and report back any problems
<teward> sdeziel: well patience
<teward> it's been uploaded but *not* yet done building/syncing
<sdeziel> ack
<rbasak> teward: thanks!
<lucidguy> Setting up openldap with ppolicy and I was password complexity.  What pwdCheckModule do people recommend. pqchecker seems to be popular.  Recommendations?
<ktechmidas> Anyone know if it's possible to do something like this with a one-liner? lxc config set sf-dc-{seafile,mysql,ex} boot.autostart true
<ktechmidas> I thought that would generate three seperate commands...
<ktechmidas> but it doesn't
<ScottE> for i in seafile mysql ex; do echo lxc config set sf-dc-${i} boot.autostart true;done
<ScottE> Note "echo" - remove that to actually run the commands
#ubuntu-server 2017-12-13
<cpaelzer> teward: double thanks - for http2 info and for the nginx merge, lets see how it passed proposed migration and behaves then
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer How are you doing?
<cpaelzer> already planning how to reach conclusion of all my tasks before christmas (=impossible) :-)
<cpaelzer> so good I'd say
<teward> cpaelzer: indeed.
<teward> rbasak: cpaelzer: FWIW as this is an LTS, I'mma touch base with the TB / infinity to determine if we can get an after-release update to the stable branch of nginx
<teward> which *should* be a minimal diff at that point.
<teward> similar to what we had for the 16.04 cycle
<cpaelzer> teward: do you want a single agreement or a general MRE to do this for the full time of 18.04 ?
<teward> cpaelzer: single-case
<cpaelzer> ok
<teward> cpaelzer: we had a 'single case' agreement for 16.04 up through release, with a special-case SRU for the version bump only in -updates, when Xenial was released.
<cpaelzer> sound fine to me to do it the same way again
<teward> such that we did standard FFes through release, and then SRU after that.
<cpaelzer> yep
<teward> yeah there's precedent but I want to reach out at least to the Release team / infinity who helped a lot with this in 16.04
<lordievader> cpaelzer: Good luck ð
<teward> cpaelzer: and it's only during the LTS-cycle that I work on this, because getting to a stable branch is better than sticking to mainline :P
<cpaelzer> absolutely reasonable for fixes throughout the cycle
<teward> blurgh i'm tired but can't sleep
<cpaelzer> I already wondered to see you here still
<teward> yeah i'm not usually online at this hour, 02:15 here :P
<rbasak> teward: thanks. An email to ubuntu-release@ should be sufficient I think. No need for the TB.
<teward> yep, was thinking that recently.  I need sleep though so... gonna try and sleep now :p
<fstoltz> Regarding the 'ss' command for investigating sockets. Is it possible to get a live feed for example 'ss -t', getting the same view, but a "dynamic" view? Anyone knows about this?
<ahasenack> I didn't know about ss, nice
<fstoltz> ahasenack: :)
<fstoltz> Just stumbled upon 'tcptrack', maybe that could be something
<ahasenack> do you just want to see existing connections and their traffic perhaps?
<ahasenack> try iftop in that case
<fstoltz> Sory of ye, essentially just having a live TCP feed with info
<fstoltz> sort of ye*
<ahasenack> that will do it
<ahasenack> you can pass it filters in the tcpdump format
<ahasenack> like
<ahasenack> iftop -i eth0 -n -f "port not 22 and not udp", which would skip all udp traffic and ssh, in case you are remotely logged in on the machine
<fstoltz> ahasenack: Just installed iftop and having a look, it looks really good thank you
<ahasenack> nice :)
<ahasenack> cpaelzer: do you know if this is a valid use case? https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1737534
<ubottu> Launchpad bug 1737534 in samba (Ubuntu) "smbd/nmbd don't restart after upgrade if started but disabled" [Undecided,New]
<ahasenack> cpaelzer: tl;dr :
<ahasenack> cpaelzer: systemctl disable smbd.service nmbd.service
<ahasenack> cpaelzer: but the service is running still
<ahasenack> (and systemctl start works just fine)
<ahasenack> cpaelzer: then the package is upgraded
<ahasenack> cpaelzer: after the upgrade, the service isn't running anymore
<ahasenack> presumably because postinst does restart, or stop+start, and since the service is disabled, it doesn't start
<cpaelzer> hi ahasenack
<ahasenack> I can reproduce it, I just couldn't locate yet exactly in which maintainer script the "stop" happens
<cpaelzer> hmm
<cpaelzer> at first I wanted to say no
<cpaelzer> but reading more it sounds interesting
<ahasenack> let me see what systemctl restart does in that case
<cpaelzer> in any case if we say "yes this is a problem" it is not a samba but a generic problem
<ahasenack> restart works just fine
<cpaelzer> which needs much (much++) wider discussion consideration
<ahasenack> might be something related to the sysv compatibility layer
<ahasenack> as samba as sysv initscripts shipped in /etc/init.d
<cpaelzer> and as service?
<ahasenack> and upstart
<cpaelzer> or only syssv?
<ahasenack> and systemd
<ahasenack> what a mess :/
<ahasenack> all 3 are in the package
<cpaelzer> that is often done for backportability
<cpaelzer> only the systemd wins in that case
<cpaelzer> but if there are hardcoded calls in the *inst files that might be an issue
<ahasenack> systemd seems incomplete/not used
<ahasenack> there is just /lib/systemd/system/samba.service
<cpaelzer> I once had a case where the drop of a sysv script made the systemd service fail - as dh helpers added an invoke.rc to the sysv script which was mapped to start the systemd
<cpaelzer> just to encourage the feeling of https://xkcd.com/1172/ being eveywhere
<cpaelzer> ahasenack: if you think this is an interesting caseI tihnk you'd want to trace all calls to start/stop maintainer scripts are doing in this case
<cpaelzer> ahasenack: will be a lot as the sysv will call but map to systemd if the name matches)
<ahasenack> how can I do that? If I modigy the script inplace, but use --reinstall, the new one will overwrite my changes
<cpaelzer> once summarized and reproducible without actual install this might be an interesting mail to ubuntu-devel to discuss in general
<cpaelzer> ahasenack: there is a trick
<ahasenack> I'm sure :)
<cpaelzer> wanted to talk about it in the standup a while ago actually
<cpaelzer> but people complained my time is over :-P
<cpaelzer> ahasenack: https://trello.com/c/covf8RG6/543-virt-stack-for-1804#comment-5a2fd28ff56266c5c7aec3b4
<cpaelzer> ahasenack: I'm about to go to lunch, pleae check if this works for you
<ahasenack> ok
<ahasenack> hm
<ahasenack> I thought it would be export DEB_MAINT_SCRIPT_DEBUG=1 or something sensible like that :)
<ahasenack> deb packages are so easy, why would they need something sensible like that, right
<cpaelzer> ahasenack: actually such a env var exists
<cpaelzer> ahasenack: but it depends on the deb_helper which one (if any) they follow
<ahasenack> in the meantime I suggested the person use policy-rc.d
<cpaelzer> ahasenack: with the unpack/modify/pack I got most hard cases solved th ebest way
<cpaelzer> does it work for his case ahasenack?
<cpaelzer> policy I mean
<ahasenack> he said he needed to check a disk, and then decrypt it (mount it probably), and only then start sambe
<ahasenack> the decrypt bit might be impossible to do automatically, depending on his security policy
<ahasenack> but he could at least avoid the error of trying to start samba at boot
<ahasenack> if disk not mounted, exit
<ahasenack> and the restart would work just fine
<ahasenack> another option I have under my sleeve is to add the share at the same time his scripts mount the disk
<ahasenack> it doesn't have to be hardcoded in smb.conf
<ahasenack> from the getgo
<jamespage> coreycb: I uploaded a snapshot of ceilometer - that's going to have some charm impact as both -api and -collector services have gone from upstream and the packaging!
<coreycb> jamespage: oh wow. that is the advantage to releasing milestones. glad you did a snapshot early.
<coreycb> jamespage: we should be all caught up on queens packaging now
<coreycb> jamespage: probably need some promotions from staging
<jamespage> coreycb: I've been sweeping those throught hourly
<coreycb> jamespage: great, thanks
<cpaelzer> rbasak: could you check if 1737984 is also hash-abi-break tag worthy?
<cpaelzer> it is on pristine-tar not the actual package content
<jamespage> coreycb: I'll do the same with aodh and panko
<jamespage> coreycb: oh there was a bit of brokenness around swift as well - that should be fxied(needed to backprot swift-plugin-s3)
<coreycb> jamespage: ok
<coreycb> jamespage: horizon is partially py3 now. moving openstack_auth in tree forced me to do it for that code.
<jamespage> coreycb: ok
<rbasak> cpaelzer: thank you for the report. I'm not sure about hash-abi-break because a change to pristine-tar won't change the main imported commit graph, but a change to upstream/ might. So I'll tag it for now.
<cpaelzer> that is exactly why I was unsure
<cpaelzer> rbasak: and right chan :-)
 * rbasak hands cpaelzer a sticker :)
<cpaelzer> yay
<jamespage> coreycb: ok aodh snapshot uploaded
<jamespage> coreycb: fwiw I'm seeing some behavioural diff between stestr and testr
<jamespage> had to switch heat and aodh back to using testr directly
<coreycb> jamespage: hmm ok
<cpaelzer> rbasak: stgraber: and other ipv6 experienced users around - I'd like to ask for expertise on https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1737998/comments/2
<ubottu> Launchpad bug 1737998 in ntp (Ubuntu) "trying to bind on all interfaces is a good default, but fails on ipv6 link local" [Undecided,Incomplete]
<cpaelzer> rbasak: stgraber: the actual issue that got me there doesn#t exist atm, but I wonder in general if ntp binding on those is ever wanted/useful
<DevilTiger> i've downloaded a xenial cloud image; how do i go about logging into it?
<Nafallo> DevilTiger: ssh -l ubuntu ip :-)
<Nafallo> password is also ubuntu
<DevilTiger> oh, ok. well that was easier than i thought. was overthinking it. now if i can just get it to boot
<DevilTiger> stuck on blk_update_request: I/O error, dev fd0, sector 0
<cpaelzer> ahasenack: on the reply of powersj will you file a/the bug(s) for the discussion or do you want me to file my "extras" that came up separately
<cpaelzer> ?
<ahasenack> I think it's two issues
<ahasenack> one a bug, one an enhancement request
<ahasenack> each files his own
<ahasenack> as soon as I understand the difference between sponsor and signer
<ahasenack> in another topic
<powersj> thank you both :)
<ahasenack> why do all the samba bugs turn into support requests so easily
<cpaelzer> ok then I'll file my extra parts
<cpaelzer> ahasenack: actualyl let me file it in one
<cpaelzer> it really is the detection that is broken
<cpaelzer> while writing I found another issue
<cpaelzer> I'll start with one issue for it
<ahasenack> ok
<cpaelzer> and whoever works on it can decide to break out pieces if one is easier to sovle than the other
<cpaelzer> ahasenack: powersj: https://github.com/canonical-server/dev-summary/issues/7
<cpaelzer> powersj: no PR at hand (yet?) - sry
<powersj> cpaelzer: haha shucks :)
<powersj> cpaelzer: and of course, didn't expect one, but didn't want to loose your request
<cpaelzer> sure
<cpaelzer> the urgency is low
<cpaelzer> but I think especially the "invite to test from proposed" might be good
<cpaelzer> participation in this is too low anyway
<cpaelzer> so every bit helps
<cpaelzer> rbasak: can we all get another sticker please ?
<powersj> totally agree
<cpaelzer> when LP has its short hickup once a day it is nice to get all updates missed in that ~10 minutes at once
<cpaelzer> I always feel like "WTF happened to my inbox"
<DevilTiger> @Nafallo: ubuntu/ubuntu doesn't work
 * rbasak hands out stickers all round. But only to people active in _this_ channel :)
<rbasak> DevilTiger: Ubuntu cloud images have no default password. Otherwise they'd be insecure in production.
<rbasak> DevilTiger: you can either modify the image, or boot it via a tool that provides cloud-init with the desired authentication mechanism (usually a ssh public key but a plaintext password can also be used if you insist)
<rbasak> DevilTiger: to help you further, please explain how you're booting the image.
<rbasak> DevilTiger: if you want to hack the image locally for dev/test purposes, there's a handy tool "mount-image-callback".
<rbasak> That lets you mount the image in place.
<DevilTiger> i'm using hyper-v to mount vdk file that i converted from a ova file
<DevilTiger> @rbasak: how would i go about doing this?
<rbasak> DevilTiger: if not on Ubuntu or another Linux, then I'm not sure, sorry.
<rbasak> Perhaps the easiest way is to create a config drive.
<DevilTiger> i have linux subsystem on windows. if that wont work i could i could fire up 14.04 in a VM
<rbasak> Sorry I think that's technically "NoCloud"
<rbasak> DevilTiger: https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
<DevilTiger> im not sure what to do with that information
<rbasak> DevilTiger: two steps.
<DevilTiger> i dont see any steps listed anywhere
<rbasak> DevilTiger: 1) create a cloud-init metadata file that supplies your ssh public key or ubuntu password in the correct format
<rbasak> DevilTiger: 2) make that file available to the booting cloud image
<rbasak> DevilTiger: for step 1, see https://cloudinit.readthedocs.io/en/latest/topics/examples.html
<DevilTiger> i don't think i can do this. i don't understand the underlying concept. i think i'll just start with a non-cloud image
<rbasak> DevilTiger: the underlying concept is that all cloud images start off the same. That provides production reliability.
<rbasak> DevilTiger: but a consequence is that on first boot the image needs to find the stuff that'll differentiate it into what you want it to be.
<DevilTiger> i get that. i don't understand what cloud init is or what a metafile is or where to put it or how or the syntax. the link has several code examples that i have no idea which one is what i need
<rbasak> DevilTiger: cloud-init is the component inside the cloud images (of most distributions) that turns the image into what you want.
<rbasak> It might be easier to learn this if you start with a real cloud rather than hyper-v.
<rbasak> Since most people here won't know much about hyper-v's tooling.
<dpb1> DevilTiger: you need to inform that image about your ssh ID, the cloud image isn't something that you can boot and use like that.
<rbasak> Whereas on Ubuntu as a host we have tooling that does this all automatically by default./
<DevilTiger> i get that. i don't get how to tell it what my ssh keys are.
<dpb1> DevilTiger: you are on windows?
<DevilTiger> especially since i'm using a vhd file, not an img file. i am on windows but i have access to linux in a VM
<DevilTiger> i guess i'll just try to create my own image
<dpb1> DevilTiger: you should look at vagrant then?   I mean, if the WSL stuff isn't doing what you need.
<DevilTiger> tried vagrant, too much of a PITA to get running on server 08 R2
<dpb1> ok
<dpb1> ya, I mean, basically, what vagrant is doing is interacting with cloud-init to set that ssh key inserted
<DevilTiger> i'm trying to get xenial running in a VM so i can have pi-hole doing its thing on our windows server. i figured using a cloud image was the easiest way to get going fast without having to install it.
<dpb1> DevilTiger: or, you use the standard 16.04 server .iso that has a UI that walks you through options.
<DevilTiger> thats what i'm doing now
<dpb1> DevilTiger: ya, really, that is what I would do, unless it's at scale, then I would look into automation
<dpb1> but if it's a one off, that's what the server .iso is for
<DevilTiger> oh no this is just for a small office of 3-5 people. tired of ads
<DevilTiger> installing now, i should've just done this at first. silly me
<dpb1> DevilTiger: fwiw, for 18.04, we are making a better single-system installer called subiquity that doesn't have the miriads of questions that the 16.04 one does.  doesn't help you now, but figured I would let you know about it
<DevilTiger> oh sweet
<Ussat> dpb1, when you plan to have Aplas out of that, I would be interested in testing
<rbasak> dpb1: I prefer even one-off installs to be reproducible if they are going to be used for some production purpose.
<dpb1> rbasak: can't argue, but there is also something to be said, for just want to install this one thing and use it.
<Nafallo> time permitting, I'll build my own minimal image for lxd, and then use ansible to get it where I want it :-)
<Nafallo> so "cloudy", but for production.
<Nafallo> *shrugs*
<rbasak> Nafallo: very easy to trip up badly if you try hand rolling that kind of thing.
<Nafallo> rbasak: how so?
<rbasak> For example, ssh host keys.
<rbasak> cloud-init is the tool where all the distros put all the knowledge on how to do it right.
<Nafallo> rbasak: pre-installed ssh, host keys erased and a tiny systemd unit for running ssh-keygen -A oneshot :-)
<rbasak> Nafallo: and every other gotcha that I haven't mentioned
<dpb1> Ussat: it's ready to test now, if you are interested: http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/
<rbasak> Nafallo: well done. You've reinvented cloud-init :)
<Ussat> Thanks, will do
<Nafallo> rbasak: nah. that and pre-creating the ansible user is pretty much it. ;-)
<Ussat> got a full esxi test system to myself
<rbasak> /etc/hosts?
<rbasak> /etc/hostname?
<Nafallo> rbasak: also, I said small... debootstrap --include=python,netbase,iproute2,sudo,lsb-release,openssh-server --variant=minbase rootfs xenial http://se.archive.ubuntu.com/ubuntu/
<Ussat> dpb1, any particular way you all want feedback ? carrie pigeon, smoke signals ?
<Nafallo> rbasak: them two is lxd templates :-)
<rbasak> Anyway, it's Free Software. You're Free to reinvent the wheel :)
<dpb1> Ussat: haha
<rbasak> I just wouldn't recommend that to others to use in production.
<rbasak> Since it's quite error-prone, even if a good learning experience.
<Nafallo> rbasak: I'm not doing it to reinvent the wheel. I'm removing stuff I don't need to get a smaller attack vector, amongst other things :-)
<rbasak> Most people don't compile their binaries in production either.
<dpb1> Ussat: probably here: https://bugs.launchpad.net/subiquity
<rbasak> This is just the same thing but one level up.
<dpb1> rbasak: oh come on, gentoo ftw
<Ussat> done deal.....I work at a research hospital, and our labs are exclusively Ubuntu, so I might have some help with the testing
<rbasak> Nafallo: by deviating from everyone else you're also introducing attack surface: everything you've done differently is subject to your mistakes.
 * dpb1 waits for X to compile
<rbasak> Nafallo: we make mistakes too, but we have the benefit of a large number of people looking and examining what we're doing.
<Ussat> marking your calendar dpb1 ?
<rbasak> Someone finds a problem and we fix it for everyone. You'll get left out.
<Nafallo> ehrm. its not like I won't use packages...
<dpb1> Ussat: what's that?
<Ussat> waiting for X to cmpile
<Ussat> have you marked on the calendar a target date
<Nafallo> what sort of problem would you fix outside of a package in this scenario? :-)
<rbasak> Nafallo: it's not just the packages. Problems, including security problems, can also get introduced in the interactions between the moving pieces.
<rbasak> ssh host keys is just one example of that.
<rbasak> It's an example of an entire class of problems. You can't say that you're fine because you've covered one instance of that class.
<dpb1> Ussat: haha
<dpb1> Ussat: no kidding
<dpb1> you know, I ran gentoo for a while for fun.  for me, I knew it was a problem when I started scheming ways to set up distcc so I could compile faster and update packages faster.
<Ussat> dpb1, yea I did also, needed a space heater :)
<Nafallo> heh. I remember gentoo as well. ran it for almost a year solid before moving back to Debian :-)
<Ussat> stage1 installs FTW
<Nafallo> that was before they started with pre-compiled binaries and installers and stuff though :-P
<dpb1> Ussat: :)
 * Ussat remembers doin a stage 1 on a Pentium4
 * Ussat cries
<Nafallo> I did my first gentoo install on a P200 with 16MB memory IIRC. took a week to get Fluxbox :-)
<Nafallo> this would have been around 98-99 maybe?
<Ussat> yup
<Ussat> My first linux was with Gentooo, thats also about the time I started drinking :)
<Ussat> go figure
<Nafallo> 26 July 2000; 17 years ago â a little later :-)
<Nafallo> initial release date, btw
<teward> rbasak: FWIW i think the nginx autopkgtests are 'working', but... http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html#nginx - looks like some arm64 tests are hung, they've been in that state for a while now
<rbasak> cpaelzer: regarding 1737998, I was under the impression that NTP over local link IPs should be fine in principle, and was going to ask if there was a specific case where that doesn't work.
<rbasak> cpaelzer: but I think you've already asked that?
<hdon__> hi all :) i've been using linux since i was like 13, ten years later, i'm starting to identify some foolish notions i still harbor. i used to think that by deleting password with passwd -d <user> that i was disabling password authentication for that user. that my be so, but the user can also reset their password without knowing their existing password at that point.
<hdon__> my question is: what's the correct procedure for password reset?
<Ussat> passwd <username>
<metastable> hdon__: passwd -l <username> will disable password authentication.
<DevilTiger> installing ubuntu server with only 512MB of RAM takes forever
<dpb1> DevilTiger: uh, ya
<sarnold> I'll be curious if it even completes..
<DevilTiger> heh i had to restart it once due to grub failing. unplugged ethernet (why that has anything to do with grub failing is beyond me) and its gotten past that. at "running update-initramfs right now
<DevilTiger> annoyed me enough to order 3gb more ram for the hypervisor its under. 1 GB just ain't cuttin it
<sarnold> that 'unplug ethernet' thing sounds vaguely familiar, but from ages ago...
<DevilTiger> says install is completed. waiting on reboot now
<DevilTiger> since i didn't autoconfig my lan adapter what would i do to set that up? dhclient wlan0 ?
<sarnold> /etc/network/interfaces  .. mine is entirely too simple:
<sarnold> auto enp5s0f0
<sarnold> iface enp5s0f0 inet dhcp
<sarnold> (with lo of course, same as yours :)
<DevilTiger> i've added iface wlan0 inet dhcp to my interfaces file. that isn't going to be enough
<DevilTiger> as there is no wlan0 device
<sarnold> right, either rename the device or live with the name it has :)
<DevilTiger> uh maybe i'm confused but there is no device
<sarnold> and no idea about how to manage a wifi card via /e/n/i, sorry
<DevilTiger> like i said, there is no wlan0
<DevilTiger> err excuse me, i'm not adding wifi. eth0
<sarnold> so, "ip l" doesn't show you the nic you expect to be there?
<sarnold> maybe you need to load a kernel module for your nic
<DevilTiger> the NIC is there, yes. eth0
<DevilTiger> pihole
<DevilTiger> err wrong channel for the last one
<DevilTiger> adding eth0 to the interfaces file did it. ty. figured there was more to the process
<hdon__> metastable: ahhh thanks :)
#ubuntu-server 2017-12-14
<SlimG> Does /quit
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer
<lordievader> How are you doing?
<cpaelzer> as good as always (means I'm good but prefer to complain most of the time)
<cpaelzer> and you?
<lordievader> I'm dutch, we like to complain all the time. I.e. I'm doing good ð
<cpaelzer> \o/
<cpaelzer> jamespage: any ETA on https://code.launchpad.net/~paelzer/ubuntu/+source/nova/+git/nova/+merge/324778
<cpaelzer> jamespage: I'm ok rejecting the MP and saying do it in 18.04 - but I start with more real (no prep) libvirt work and really want to get bug 1694159 done
<ubottu> bug 1694159 in nova (Ubuntu) "Complete libvirt migration to Debian style packaging (dependencies, conffiles)" [Critical,Triaged] https://launchpad.net/bugs/1694159
<cpaelzer> as you are "the last one left" I raised the importance
<cpaelzer> let me know what you expect when this minor change could land
<cpaelzer> I don't mind if it is bundled with your actual nova upload or not :-)
<jamespage> cpaelzer: forgot will merge into master branch today
<jamespage> cpaelzer: done - I'll include it with the next upload to bionic
<jamespage> cpaelzer: follow up on that one - whats the actual name of the systemd unit for libvirt these days? I need to tweak the depends for the nova-compute service to align with any changed
<cpaelzer> libvirtd
<cpaelzer> I'll keep the libvirt-bin alias into 18.04 for safety
<cpaelzer> for the service
<cpaelzer> but want to drop the deps
<cpaelzer> as then I can finally clean up all remainders of that in 18.10
<cpaelzer> thanks for the reply jamespage
<cpaelzer> will that upload include the bug, so I'll see a ping on that when I'm subscribed?
<cpaelzer> usually it would, but I admit nova is complex enough that there might be reasons not to :-)
<jamespage> cpaelzer: yes
<cpaelzer> thx
<rh10> guys, what differencies between ubuntu desktop and ubuntu server? if i switch off xorg in ubuntu desktop, install needed packages e.g. LAMP - is it the same as ubuntu server?
<rh10> or they have different kernels?
<rh10> i mean 16.04
<Ussat> Same kernel, when it comes down to it, the difference is packages installed, at their core, Linux is Linux
<rh10> Ussat, got it thanks
<Ussat> Server by default does not have a GUI, workstation does, etc...
<rh10> yep. got it,
<Ussat> I have both here, as well as RHEL
<cpaelzer> rh10: default network management might be different, so switching of x11 isn't all
<cpaelzer> rh10: in general better start minimal on what you actually want and then add
<rh10> cpaelzer, got it
<cpaelzer> you can just as well install -desktop meta package on a -server install
<cpaelzer> e.g. I do that on NAS if upgrading to htpc with it
<rh10> thanks
<zioproto> hello all
<zioproto> I have a "not Openstack" question today :D
<zioproto> We run our datacenter with IPv6, and we found our Kernel suffers from a bug, that is fixed by this patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bbfcd77631573ac4a9f57eb6169e04256a111bc1
<Ussat> Yea I always start minimal and add what I need also
<zioproto> The patches is merged in 4.15, but our Xenial servers are running 4.4. I rebuilt the 4.4 kernel patching with this patch, and I can confirm it fixes the IPv6 networking issue
<zioproto> now, what is the best way to deploy the fix to my Xenial hosts ?
<zioproto> Should I open a bug on launchpad against the Kernel package, and give a pointer to that patch ? hoping in a backport to the Xenial stable kernel ?
<zioproto> Should I just starting using my own deb kernel packages ?
<zioproto> should I open the bug here ? https://launchpad.net/~ubuntu-kernel or there is a better place ?
<sdeziel> zioproto: this patch should be backported to stable kernels. I'd flag the kernel team that you need this on 4.4
<sdeziel> zioproto: better have it fixed for everyone and save you the trouble of rolling your own kernel .deb ;)
<Jeffrey4l> is any UCA guys could check and fix this issue? https://bugs.launchpad.net/cloud-archive/+bug/1738213
<ubottu> Launchpad bug 1738213 in Ubuntu Cloud Archive "in pike release, UCA changed the nova code and break the old qemu binary" [Undecided,Confirmed]
<zioproto> sdeziel: OK. How do I flag the Kernel team ? can you give me an URL where to submit the bug ?
<zioproto> sdeziel: thanks
<sdeziel> zioproto: I'd use: ubuntu-bug linux-image-$(uname -r)
<cpaelzer> Jeffrey4l: that is not really a supported case
<cpaelzer> the code in the UCA nova is tied to the versions in the UCA
<cpaelzer> Without that particular change it would not work with qemu >=2.9
<Jeffrey4l> cpaelzer, yes. but nova support all version of qemu. just bump the nova version please :(
<cpaelzer> I'm no UCA person, but the nova version in each release is kind of fixed, except bug-fixes
<cpaelzer> Jeffrey4l: if there is an upstream commit that makes this work with both old and new please link it
<cpaelzer> they might integrate this to help cases like yours
<cpaelzer> E.g. via a version or capability check before setting the option
<Jeffrey4l> cpaelzer, nova UCA compile qemu with ceph Luminous, which is bad. we just want to pin ceph version. But it result in pin the qemu version too.
<cpaelzer> you need someone else to sort this out
<cpaelzer> jamespage: coreycb: ^^
<Jeffrey4l> thanks. ping other guys. ( no familiar with this channel ;) )
<Jeffrey4l> just one line fix. i think it is worth to merged into UCA from upstream.
<zioproto> sdeziel: I am not sure I got it... is there a specific Launchpad project I should use to open the bug ?
<zioproto> https://launchpad.net/~ubuntu-kernel-team ?
<jamespage> Jeffrey4l: 16.0.3 is in proposed and drops the use of that distro specific patch in favor of the upstream fix
<sdeziel> zioproto: "ubuntu-bug" is a command that will automatically figure out how to open the bug on Launchpad based on the package your report as buggy
<Jeffrey4l> thanks is there any plan that when 16.0.3 will be the final(?) repo?
<Jeffrey4l> jamespage, ^^
<jamespage> Jeffrey4l: watch this bug - https://bugs.launchpad.net/ubuntu/artful/+source/nova/+bug/1734990
<ubottu> Launchpad bug 1734990 in nova (Ubuntu Artful) " [SRU] pike stable releases" [Undecided,Fix committed]
<Jeffrey4l> cool.
<jamespage> coreycb completed verification yesterday - nothing is blocking that for release so it should go out rsn
<Jeffrey4l> got. thanks.
<jamespage> Jeffrey4l: fwiw using UCA pockets in a mixed mode like this is not tested by the Ubuntu team
<jamespage> you're either in or out
<jamespage> ;)
<Jeffrey4l> understand. but we have to pin ceph to Jewel. ;( no other better solution right now ;(
<jamespage> Jeffrey4l: is the context here kolla?
<zioproto> I opened the bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1738219
<ubottu> Launchpad bug 1738219 in linux (Ubuntu) "the kernel is blackholing IPv6 packets to linkdown nexthops" [Undecided,New]
<Jeffrey4l> jamespage, yes.
<jamespage> Jeffrey4l: and why do you need to pin to jewel? is that image build or deployment problems?
<Jeffrey4l> jamespage, during the pike release, it is too late to implement this.
<necrophcodr> I've had some trouble with grub, and now I have grub-mkdevicemap processes from 2016 still running. They do not respond to `kill -9`. How do I solve this without rebooting?
<Jeffrey4l> and ceph Lunimous is just released. at that time. very new version, and no time to test it. and centos is not support Lunimous at that time.
<metastable> necrophcodr: Can you paste an example process?
<Jeffrey4l> so we do not bump to Luminous
<sdeziel> zioproto: thanks. You tested with 4.4.0-21 but that's terribly old. We are at 4.4.0-103 ATM so maybe you'd like to retest with a fresher 4.4 kernel?
<necrophcodr> metastable: you mean output from `ps aux` or what?
<metastable> necrophcodr: Yes.
<necrophcodr> metastable: root        6265  0.0  0.0  40744  2640 ?        D     2016   0:00 grub-mkdevicemap -m -
<metastable> necrophcodr: It's in an uninterruptable wait state. Rebooting is your only option, they won't respond to any signals.
<necrophcodr> if i reboot the system won't start again, so that'll suck a bit.
<necrophcodr> you're 100% sure there are no other options?
<jamespage> Jeffrey4l: ack - we don't often have to hold a distro patch like that one but sometimes is happens; we have to make assurances about the compatibility of pkgs within a UCA pocket
<metastable> necrophcodr: Yes.
<metastable> necrophcodr: Either it gets what it's waiting for (since 2016), or the system reboots. That's it.
<jamespage> coreycb: bumpped gnocchiclient to 6.0.0 - needed for ceilometer/gnocchi stuff
<jamespage> glad I shoved in that snapshot :-)
<coreycb> jamespage: ok. agreed :)
<Jeffrey4l> curiosity but no idea why qemu in UCA depends on the ceph version. in centos, it's qemu support ceph Jewel and Luminous. ( in fact, they are in the different repo ) jamespage
<jamespage> Jeffrey4l: well qemu gets built against the ceph/librbd version in the UCA - as to why that does not support use with Jewel for the Pike UCA I'm not sure
<jamespage> librbd should be backwards compatible I think
<Jeffrey4l> yes. i think so. than i guess we can change the qemu dependency. maybe it works.
<jamespage> Depends: libc6 (>= 2.14), libcurl3-gnutls (>= 7.16.3), libglib2.0-0 (>= 2.24.0), libiscsi2 (>= 1.10.0), librados2 (>= 0.72.2), librbd1 (>= 12.0.3)
<jamespage> note the last versioned depends; thats automatically generated based on symbols used
<jamespage> but I still think it should be backwards compatible i.e. librbd1@12.2.x should work with Ceph Jewel
<Jeffrey4l> let me search the dependency in centos.
<jamespage> but maybe its the other way around - librbd1@10.2.x is forward compatible with ceph luminous
<jamespage> providing that upgrade capability
<Jeffrey4l> i think librdb1 can be >= 10.x.x, then if librbd1 10 is install, the whole ceph jewel will be installed.
<jamespage> I'd hope not :-)
<zioproto> sdeziel: I will. But I downloaded the sources with apt-get source linux-image-$(uname -r) on a machine where I have 4.4.0-103-generic. And when I finished compiling those packages came out
<jamespage> ceph depends on librbd1
<zioproto> sdeziel: I guess I did something wrong when compiling the kernel
<zioproto> sdeziel: https://wiki.ubuntu.com/Kernel/BuildYourOwnKernel
<cpaelzer> Jeffrey4l: librbd1 definetly doesn't bring all of ceph from the archive
<sdeziel> zioproto: what I meant to say was to test with 4.4.0-103 as it's possible it has the commit already *maybe*
<zioproto> sdeziel: found the problem with my apt.list
<zioproto> deb-src were not good
<zioproto> building new kernel now
<cpaelzer> as jamespage says, the dep is vice versa ceph-common would depend librbd1 (= 12.2.1-0ubuntu1)
<Jeffrey4l> in the centos , qemu-kvm depends on  librbd1.x86_64 1:0.94.5-2.el7
<Jeffrey4l> so it works with ceph jewel and luminous.
<cpaelzer> but that is qemu 1.5 or such isn't it ?
<Jeffrey4l> oh wait. i am wrong. hold on.
<Jeffrey4l> cpaelzer, nothing is wrong. i am installing "qemu-kvm-ev" actually, and its version is 2.9.0
<cpaelzer> ok
<zioproto> sdeziel: the bug is in Incomplete. But this is a bug that does not have log files. Also, the bug is confirmed and fixed in the upstream kernel. What should I do ?
<Jeffrey4l> after installed "centos-release-ceph-lunimous" repo, when install qemu-kvm-ev, it will install librbd1.x86_64 2:12.2.1-0.el7
<Jeffrey4l> so i guess librbd is compatible.
<zioproto> sdeziel: I was able to mark it as Confirmed my self :O
<cpaelzer> Also https://www.rpmfind.net/linux/rpm2html/search.php?query=librbd.so.1()(64bit) suggests that the 0.94 dependency is since this is what is in CentOs atm
<sdeziel> zioproto: ubuntu-bug should have attached some information to the bug. In your case there are no logs of course
<zioproto> ok
<sdeziel> zioproto: you may want to hop on #ubuntu-kernel and ask for some instructions
<zioproto> ok
<jamespage> coreycb: some setuptools fun in the queens uca - patched out the offending dep change
<jamespage> in ca-patches
<lucidguy> Openstack users?
<boxrick> Is there any way to supress any ntp messages in preseed?
<boxrick> Not NTP, Namerserver
<boxrick> nameserver*
<boxrick> My DHCP server doesn't assign any DNS right now, and I want Ubuntu to carry on and suppress its warning
<boxrick> Any tips?
<metastable> boxrick: I'm interested in your use case, there. What's the reason to not hand out DNS with DHCP?
<boxrick> Because its early in the bootstrap process and DNS simply doesn't exist yet
<boxrick> Everything is done via IP through a proxy
<DevilTiger> my fresh install keeps pulling a WAN IP instead of a local IP from my router's DHCP. am i missing something?
<metastable> That sounds like something's bridged to something that's intended to be upstream from the router.
<metastable> I'd suggest confirming that everything's connected where it ought to be.
<DevilTiger> its running inside hyper-v on windows 10 which is connected to the switch->router
<sarnold> or something is configured to be in bridge mode when you expected NAT mode or something simlar?
<DevilTiger> i'm not sure
<Neo3> hi
<Neo3> Who know how work internet?
<sarnold> it's a series of tubes .. it's not a like a truck.
 * sarnold nods
<Neo3> I can access my site using domain name and IP?
<TJ-> sarnold: yours is tubes? Mine is box-section :)
<Neo3> why? Where DNS server? It resides between me and my server?
<sarnold> Neo3: every domain needs two or more DNS servers online, so that clients can figure out the IP address to use when asked to connect to a given name
<Neo3> if I use ip I'm bypassing DNS?
<sarnold> Neo3: if you're asking the question, then you absolutely do not want to run your own DNS servers. Probably your domain registrar or your hosting company can run them for you. If not, there are commercial service providers who can run them for you.
<Neo3> seems yes
<Neo3> I use digitalocean, just I'm interesting how it works
<Neo3> in internet exists many DNS servers?
<sarnold> probably millions
<Neo3> where placed DNS servers? It's some big key server that is redirect requests to servers with ip?
<Neo3> and see I have domain name, I put it to browser and browser send request to DNS server yes?
<sarnold> there's a few hundred 'root' dns servers that serve the top level '.' domain. They know the addresses of DNS servers running the .com., .org., .net., .io., etc domains
<metastable> I'm struggling to understand the scope of the actual problem we're trying to address, here.
<sarnold> those DNS servers know the address of example.org. dns servers
<Neo3> then DNS server says my browser my real IP and my browser send request to my real IP?
<sarnold> and the example.org. dns servers know the address of www.example.org., etc
<sarnold> your browser contacts a "recursive resolver" dns server run by your ISP
<sarnold> that server will contact the roots, the TLD servers, etc. on down the chain, and give you a single result
<metastable> Or on your router, which is a more common home configuration.
<sarnold> this diagram may help a bit http://dnsviz.net/d/www.ubuntu.com/dnssec/
<TJ-> Neo3: "How does the Internet Work?" see the diagrams and explanation in section 7 for DNS: http://www.theshulers.com/whitepapers/internet_whitepaper/index.html#dns
<Neo3> well, thanks! I've saved those link, will read later
<sarnold> TJ-: beautiful example.
<sarnold> Neo3: ignore more, TJ-'s link is better :)
<Neo3> this is better? http://prntscr.com/hnmgz6
<JanC> most routers don't run a recursive resolver
<sarnold> yeah
<sarnold> that whole page looks good
<metastable> JanC: Most home routers in fact do. Their default configuration is to pass itself as the DNS entry via DHCP, and perform resolution on behalf of LAN clients.
<Neo3> ok, there many diagrams and info. will read later
<sarnold> metastable: most are just forwarders, they ask the ISP-provided recursors..
<JanC> and they forward everything to the DNS from the ISP
<JanC> basically, those routers run dnsmasq or the like
<JanC> or something similar
<metastable> Doh, yeah. For some reason, I'm treating those as the same thing.
<metastable> Which is wrong, so yeah.
<sarnold> depends if you're trying to fix a problem with them or not :) hehe
<JanC> if you have some open source router firmware it might be possible to run a recursive resolver though
<JanC> (and some NAS devices have them as an option too)
<sarnold> or run a recursive server on a different machine on the lan, it doesn't have to be the router
<danrik> why all examples online re ubuntu 16.04 & varnish say that varnish service is located in `/etc/systemd/system/varnish.service`, but on my suystem it's under /etc/init.d....
<TJ-> danrik: It's actually at /lib/systemd/system/varnish.service
<danrik> ah ok. thx
<TJ-> danrik: You can use "dpkg -L varnish" to see all the files in the package, and where they live
#ubuntu-server 2017-12-15
<Art100> Hi - does anyone know about dual stack bridge in the new netplan?
<Art100> Hello
<sarnold> hi Art100
<sarnold> do the bridges care? I thought they just routed packets
<Art100> Hi sarnold
<Art100> I am looking for help with the new netplan configuring dual stack ipv6 ipv4
<powersj> Art100: you can ask in #netplan as well and best to paste your configuration as well to see what you have so far.
<Art100> ty powersj will do that
<cpaelzer> good morning
<cpaelzer> almost forgot, good morning !
<cp9> gma
<jamespage> coreycb: I've not done a full tempest test yet but queens proposed is sniffing ok (with my WIP ceilometercharm)
<rbasak> jamespage: do you care about mongodb at all? I see it is a Suggests against some ceilometer packages.
<ahasenack> I thought ceilometer required it
<dpb1> it does
<dpb1> and yes, the openstack team is interested in mongo for that reason for the moment.
<dpb1> rbasak: ^
<ahasenack> hm
<ahasenack> [Fri Dec 15 18:31:38.662090 2017] [core:notice] [pid 31544:tid 140455004985216] AH00051: child pid 32207 exit signal Segmentation fault (11), possible coredump in /tmp
<ahasenack> can't seem to get this core dump
<ahasenack> ulimit -c unlimited was set, confirmed with cat /proc/$(pidof -s apache2)/limits
<ahasenack>  /var/crash is also empty
<rharper> ahasenack: on trusty or xenial + ?  the systemd unit environment may be restricting;  alternatively you can gdb attach to the apache process  first and then trigger the core
<ahasenack> trusty
<ahasenack> trying to avoid the attach route, because of threads
<rharper> well, the threads will be in the core as well
<ahasenack> also removed apport
<ahasenack> maybe lxd is interfering
<rharper> can you crash with apache2 not as daemon? you could run in foreground under gdb as well
<ahasenack> but let's try attach
<ahasenack> or that, yeah
<rharper> oh, run unpriv
<rharper> see if that helps
<rharper> run the container unpriviledged
<ahasenack> rharper: I think it is unprivileged
<rharper> ok
<ahasenack> yeah, init is not root outside of it
<tomreyn> cat /proc/sys/kernel/core_pattern
<tomreyn> oh you did already
<ahasenack> hm
<ahasenack> ok, here is something
<ahasenack> since this is an lxd, that /proc file is from the host
<ahasenack> so removing apport from the container actually made things worse
<ahasenack> because it's still pointing at the apport script
<ahasenack> tomreyn: thanks, that was it
<tomreyn> glad it helped
<runelind_q> I'm using lxc 2.20 and I'm trying to troubleshoot one of my containers that refuses to start.
<tomreyn> i recommend asking questions (and providing much context) in case you're trying to get assistence with this (rather than just reporting it as a fact).
<runelind_q> how do I get more verbose output when starting containers?
<runelind_q> --verbose doesn't seem to produce anything
<rharper>  you may want to ask in #lxcontainers
<sarnold> how about log files?
<rharper> there are logs in /var/log/lxd/<container>/ which may have more info
<runelind_q> lxc 20171215194422.671 WARN     lxc_commands - commands.c:lxc_cmd_rsp_recv:177 - Command get_cgroup failed to receive response: Connection reset by peer.
<runelind_q> that's the only thing in the log file
<runelind_q> all my containers start except for this one.  It happens to be a snappy core container
<sarnold> runelind_q: are you running a release with systemd? or release without? if without, is the cgmanager service running?
<runelind_q> Linux lxd 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
<runelind_q> 16.04
<runelind_q> so it should have systemd
<sarnold> runelind_q: dmesg output?
<runelind_q> http://pastebin.ca/3948592
<sarnold> looks harmless enough
<runelind_q> I had hoped to be able to get some kind of verbose output when issuing lxc start
<TJ-> runelind_q: do you always start the containers in the same order? in other words, have you tried disabling autostart and then manually starting them?
<runelind_q> TJ-: I just have them autostart on boot, but even manually starting the container afterwards does nothing.
<TJ-> runelind_q: how many containers, roughly?
<TJ-> it sounds like it could be container-specific, but there is a known issue with lxc-monitord that sounds similar. See https://github.com/lxc/lxd/issues/3159
<runelind_q> five that start, the snappy core one doesn't.
<apb1963> Greetings!  I'm getting WSOD.  #php says no, it's raw php and it's an apache config issue.  ubuntu 16.04 ... About to lose my mind I've been running in circles for far too long.
<apb1963> greetonix.com is the site in question
<sarnold> looks like it's serving raw php. ew.
<apb1963> yeah... but I only see WSOD.  Neither is good.
<sarnold> apb1963: check your apache logs for errors and warnings
<apb1963> there's a phpinfo.php file there too.  But I get the same WSOD.
<sarnold> apb1963: double-check your php config, mod_php or fastcgi or whatever it is you're using
<apb1963> I've check the logs, all I ever see is: [Fri Dec 15 15:27:58.661971 2017] [mpm_event:notice] [pid 8214:tid 139677560584064] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
<apb1963> [Fri Dec 15 15:27:58.661979 2017] [core:notice] [pid 8214:tid 139677560584064] AH00094: Command line: '/usr/sbin/apache2'
<apb1963> I don't know.  whatever wordpress uses
<apb1963> #php people say it's the apache config
<TJ-> correct, it must be if phpinfo.php isn't being processed too
<apb1963> I've been over it literally a thousand times and I don't see anything wrong.
<apb1963> must be what?
<apb1963> apache? ok
<apb1963> https://hastebin.com/
<apb1963> Apparently that's a "sane" bin... whereas pastebin is not.  I don't really see the difference in how they display for the most part.
<apb1963> Anyway.  I've looked, I've tinkered... I've lost my mind.
<sarnold> pastebin normally throws in tons of adverts
<apb1963> oh... never noticed
<apb1963> guess I just tune them out.  lol
<TJ-> !paste | apb this if the Ubuntu one
<ubottu> apb this if the Ubuntu one: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<apb1963> yeah... every channel has their own pet bin...
<TJ-> I never see anything on hastebin because it relies on some 3rd party google javascript
<apb1963> ok
<apb1963> hang on
<apb1963> no... I'm not going to use that one.  It has no policy on expiration.
<apb1963> It's already on pastebin... let me get that one for you.  OK?
<sarnold> debian's pastebin has expirations if you want that
<apb1963> Doesn't matter to me... whatever you guys want
<apb1963> https://pastebin.com/37dFqPqF
<apb1963> TJ-, how's that one ?
<sarnold> how are you intending to execute php? mod_php? fastcgi?
<apb1963> no clue
<apb1963> I don't even understand why it's a question
<apb1963> None of that multitude of "tutorials" and articles, etc. I've read mentioned anything about it.
<apb1963> s/that/the/
<apb1963> maybe i've just been reading the wrong things
#ubuntu-server 2017-12-16
<sarnold> apb1963: does dpkg -l 'php*' | cat   show php packages installed?
<apb1963> checking
<apb1963> sarnold, There's a bunch of things... I don't know if it's got what's right or not...  https://pastebin.com/AbiHr9FC
<sarnold> apb1963: alright try something like 'a2enmod php' .. see if that gives anything interesting
<apb1963> a2enmod php
<apb1963> ERROR: Module php does not exist!
<apb1963> Quite interesting
<apb1963> But... why not?
<sarnold> maybe a2enmod php7?
<apb1963> ah
<apb1963> a2enmod php7
<apb1963> ERROR: Module php7 does not exist!
<sarnold> php7.0? :)
<apb1963> haha  let me google the error
<sarnold> I can't stand apache and detest php, so I've never tried to set it up before ..
<sarnold> but one of these times feels like we ought to be able to stumble on the name :)
<apb1963> https://askubuntu.com/questions/912638/error-module-php7-0-does-not-exist
<apb1963> what's utterly baffling to me is, this was working...  I didn't do anything in regard to what that page says so why now?
<sarnold> it _was_ working? what changed/
<apb1963> lots of things
<apb1963> mostly the config files I suppose.
<apb1963> what did not change is how I installed it.
<apb1963> And that page implies - strongly - that I need another module I didn't need before.
<apb1963> So 1+1=999
<sarnold> then maybe you were using fastcgi?
<apb1963> Again.. I didn't set anything special up
<apb1963> just the bare minimum install
<apb1963> plus configuration twisting
<apb1963> that's why it makes no sense
<apb1963> well, I guess I should try it
<apb1963> sarnold, I installed it, I enabled php7.0.... and apache won't restart
<apb1963> so... backing it out for a minute...
<apb1963> yeah, just disabling it is enough to bring apache back up
<apb1963> so it's definitely the module... or at least.. it's bringing out the bug in the config somehow.
<apb1963> well i've never seen it do this before... I was removing the same modules and it chose to INstall a different package. The following additional packages will be installed:
<apb1963>   php7.0-fpm
<apb1963> Suggested packages:
<apb1963>   php-pear
<apb1963>  
<sarnold> debian packages have requirements, suggestions, etc.; the first bits of the ubuntu wordpress package for example has: Depends: apache2 | httpd, libapache2-mod-php | php
<sarnold> if you have wordpress and libapache2-mod-php installed and try to remove libapache2-mod-php, apt will then ry to install the 'php' package
<apb1963> now neither module will let apache start so...i'm just going to purge and reinstall again... this will take a couple of minutes.
<apb1963> and now even that doesn't work
<apb1963> I really wish purge meant it and not this watered down version that won't actually purge files... I thought remove was to not purge files.
<apb1963> Is there a "nuke" files option?
<sarnold> if apt-get purge left behind configuration files, please file bugs on that. purge should mean _purge_
<apb1963> seems to be the case of every package
<apb1963> s/of/for/
<apb1963> so now I guess I need to hunt config files I might have changed.  sigh
<apb1963> Sigh.  I have sinned and now I must pay forever.  "Not replacing deleted config file /etc/php/7.0/apache2/php.ini"
<apb1963> Please read http://wiki.apache.org/httpd/php or see http://akat1.pl/?id=1 on why you shouldn't be using mod_php
<apb1963> should have put that in quotes :)
<apb1963> my brain  hurts
<apb1963> bbl
<fellas> how do i remove all the effects of conjure-up
<fellas> i followed the insturctions on here and it messed up my whole ubuntu server
<fellas> https://www.ubuntu.com/download/cloud/try-openstack
<sarnold> guessing, snap purge the lxd and whatever else snaps it installed, then apt-get purge snapd, and then look around and see what's left?
<fellas> when i did conjure-up it tried to install but got a lot of errors i had to cut it off short.  but now when i do ifconfig i get alot of made up virtual ethernet adapters
<fellas> sarnold give me the basics i dont use snap
<fellas> never used it
<stokachu> you have an incomplete juju deployment
<fellas> yes i do
<sarnold> fellas: me neither, try blind "snap purge lxd" and see what happens
<fellas> everything is all messed up
<stokachu> juju controllers; juju kill-controller <name>
<stokachu> well no your server is running a bunch of containers
<stokachu> so it's not all messed up
<fellas> jujud kills my processs need to totally kill it ..elminate it from my system
<stokachu> huh?
<fellas> once in a while jujud runs and sucks up all my process...when i put top command... isee it eatting all processes
<fellas> i want it out of my system
<stokachu> well do what i told you and then sudo snap remove conjure-up
<fellas> i followed the simple commands here but there were a bnunch of errors and i was never able to finish..now i dont kno whow to rollback
<fellas> https://www.ubuntu.com/download/cloud/try-openstack
<fellas> im using fresh installation of ubuntu server 16.0.4.3
<stokachu> but keep in mind that jujud runs on the containers who are also running a bunch of apt install commands etc
<sarnold> fellas: juju controllers; juju kill-controller <name> ; snap remove conjure-up
<stokachu> well what kind of hardware do you have
<fellas> dell server
<fellas> r710
<stokachu> and you keep mentioning errors but haven't actually said what they are
<fellas> raid
<fellas> raid 0 virtual drive
<stokachu> how much memory
<fellas> 40gb
<stokachu> uhm ok
<stokachu> how much storage
<fellas> 2tb
<stokachu> and what are the errors
<fellas> not sure.
<fellas> where would the logs be
<fellas> i wanna uninstall novi
<stokachu> novi?
<fellas> the whole thing i wanna remove ...this sucks
<stokachu> well we've told you how to do it twice now
<fellas> well i did snap remove conjure-up
<fellas> so hopefully that kills it
<fellas> thanks guys
<stokachu> who knows, since we didnt actually get to the root of your problem
<fellas> i think the reason i didnt get conjure-up to install was cause of my raid 0.  from what i read online but i dont remember
<stokachu> ok well that hardly warrants saying conjure-up sucks
<stokachu> but anyway, good luck
<fellas> no hopefully it works better in future
<fellas> dont mean to say it sucks..i just dont know what happened..i followed all commands as is but then it just crapped out on my system...fresh indstallation too so idk..
<fellas> either way thanks
<Art100> hello - need help to configure network bridge in netplan
<Shawn|i7-720QM> howdy
<Shawn|i7-720QM> anyone here know of any modifications for bash
<Shawn|i7-720QM> that enhance resolution and add a background?
<Shawn|i7-720QM> some special bash mode
<Shawn|i7-720QM> not in any desktop manager
<Shawn|i7-720QM> or window manager rather
<ren0v0> Hey, i've moved a cron script from /etc/cron.daily/ to /etc/cron.hourly/, but its not firing
<ren0v0> is there something i'm missing?
<ren0v0> It's for logrotate, and if i run the script manually it works just fine
<apb1963> ren0v0, "man anacron anacrontab".  Edit /etc/anacrontab.  I suspect you need to add in cron.hourly.  Just guessing, never modified it myself.
#ubuntu-server 2017-12-17
<Tobias92> Hi - I'm trying to run an Ubuntu cloud image using Qemu. I have set up cloud.txt, created cloud.img, and from the qemu output it looks like my user is set up and the authorized_keys file is initialized with my pubkey. Problem is, I can't seem to log in with it. When I tell Qemu to set up a port forward, the SSH port appears open, but no SSH-server is responding (no banner in netcat). I also tried setting up a tap device, and I get a
<Tobias92> response from SSH then, but no luck logging in (key is rejected).
<albech> i previously have written our own backup scripts based on rsync, but is looking for a more maintainable way of backing up a large number of VMs. Any recommendations?
<andol> albech: Part of a more maintainable solution might be not having to backup some/most/all of the VMs at all. That is, having a setup in place which allows you to automatically redeploy your VMs. Then you can instead focus on backuping up just the data.
<albech> andol: yes thats what we are doing now.. we backup data and configuration
<albech> been looking at bacula, but not convinced yet
<albech> I live the deamon concept however..
<albech> like*
<andol> albech: Ah, sorry about making assumptions.
<andol> albech: But yeah, I think something along the lines of bacula is what you want to get it a bit more structured, with a bit more overview.
<andol> Regarding Bacula, also looked at the Bareos fork?
<andol> BackupPC might also be an alternative?
<albech> cheers exactly the kind of recommendations i am looking for
<albech> andol: thanks for pointing me to Bareos.. Don't really want to waste time on a semi abandoned project.
<Shawn|i7-720QM> good night(although its morning)
<apb1963> albech, you could always ask in ##backup and see if anyone knows anything.
#ubuntu-server 2018-12-10
<kinghat> how do you get grub to show at boot?
<kinghat> would it not have been installed?
<kinghat> I don't get grub when I boot up.
<kinghat> left shift or ESC doesn't work.
<kinghat> hmm not installed. is grub not being installed by default normal?
<teward> kinghat: no it's not normal.
<teward> and had there been a grub installation failure it probably would've said so in the logs as a failure to install
<kinghat> so is my system borked?
<kinghat> looks like grub is installed but i just cant get it to show up for some reason: http://paste.debian.net/hidden/046574cb/
<kinghat> is it the ESC or left SHIFT or something like that?
<kinghat> lol that's the grub i get. no keys do anything https://usercontent.irccloud-cdn.com/file/cGioOJe6/irccloudcapture2268390190753378140.jpg
<Ouyes> hey guys,  the memory usage is going higher and higher on my server, both the ram and swap, is this indicating a memory leakage?
<qman__> not directly, no
<qman__> it means you're using more resources, which could have any number of causes including normal activity
<kinghat> ikonia: you still around?
<OerHeks> odd, first you stated grub was borked visable on your system..
<kinghat> ya
<kinghat> not sure why. maybe it was the monitor? i started a live usb to see if i could run boot-repair, and did, but that didnt fix it. so i figured i could use the live usb to alter the sudoers file, which worked.
<MJCD> heya
<MJCD> I have never set up or run a mailserver before
<MJCD> but want to do so for a new site, hosted locally
<MJCD> what's the easiest method of doing so :)
<ducasse> MJCD: postfix, plus dovecot for pop3/imap. see the ubuntu wiki, there's an article on setting up postfix.
<MJCD> ducasse, someone else just recommended in terms of management postfixadmin
<ducasse> MJCD: i've not used that myself, so can't comment - sorry
<ducasse> MJCD: you should do a bit of research and reading, running a mailserver is not for the faint of heart or newbies (not saying you're either)
<MJCD> I'm a newb at mail servers
<MJCD> but network admin and programmer of 20 years
<MJCD> I
<MJCD> should be able to figure something basic out haha
<MJCD> I mainly want a gui
<MJCD> because i'm a gui-guy
<ducasse> i can't help with that, i just use ssh and vim :)
<MJCD> haha grooooosss ;p
<MJCD> I want a puppet gui too
<MJCD> manage network SOE graphically
<ducasse> there's also #postfix if you run into problems
<MJCD> appreciated
<MJCD> thanks for your time
<jamespage> o/
<die7> somehow ntp settings in preseed file are ignored
<die7> # Time zone config
<die7> d-i time/zone string Etc/UTC
<die7> d-i clock-setup/utc boolean true
<die7> d-i clock-setup/ntp boolean true
<die7> d-i clock-setup/ntp-server string myserver.com
<oskie> hello, trying to set up md/LVM on boot disk during Bionic server installation, but the partitioner menu doesn't allow me to continue
<oskie> is it even possible?
<bipul> Hi , I'm facing Network issue while running Ubuntu-server 18.04 in bridge mode in VirtualBox. Does anyone know how to resolve this?
<bipul> die7, Which ubuntu server are you installing via preseed method?
<die7> bipul: 16.04
<bipul> die7, Are you modifying the .iso file?
<die7> bipul: no, using cobbler
<bipul> cobbler?
<die7> bipul: yepp, using cobbler for automated system deployment, using cobbler and preseed file
<bipul> Link please?
<die7> bipul: what you mean with link?
<ahasenack> good morning
<kstenerud> Can anyone help setting up sbuild? I'm following the instructions at https://wiki.ubuntu.com/SimpleSbuild but I get stuck on step 10: mk-sbuild bionic
<kstenerud> E: 10mount: mount: /run/schroot/mount/bionic-amd64-68f38ca0-4bcb-49c5-846c-c658ada8421e/scratch: special device /home/karl/schroot/scratch does not exist.
<kstenerud> E: bionic-amd64-68f38ca0-4bcb-49c5-846c-c658ada8421e: Chroot setup failed: stage=setup-start
<ahasenack> kstenerud: not that I have seen that error before, but are you doing this in an lxd?
<kstenerud> yes
<ahasenack> maybe apparmor is denying something
<kstenerud> hmm strange... I've made the container privileged
<ahasenack> kstenerud: rbasak hi, what's up with https://code.launchpad.net/~kstenerud/ubuntu/+source/at/+git/at/+merge/358655, does it need sponsoring or is it stuck somewhere?
<ahasenack> rbasak: what should the merge state of this mp be: https://code.launchpad.net/~ahasenack/ubuntu/+source/symfony/+git/symfony/+merge/359137
<ahasenack> rbasak: because since then, it became a sync
<ahasenack> https://launchpad.net/ubuntu/+source/symfony/+publishinghistory
<ahasenack> so it was merged at that time, but now?
<ahasenack> kstenerud: rbasak: are you guys around?
<kstenerud> yes
<kstenerud> I think it just needs sponsoring
<ahasenack> kstenerud: I have the above question about at, and bug #1606331 where rbasak asked a question about a fix for tomcat you did and I sponsored in november
<ubottu> bug 1606331 in tomcat8 (Ubuntu Xenial) "StringIndexOutOfBoundsException - Tomcat8.0.32" [High,In progress] https://launchpad.net/bugs/1606331
<oskie> it is 2018 (almost 2019). do we need a separate swap partition still
<cpaelzer> umm, do we have any php7.2 on trusty?
<cpaelzer> rbasak: ahasenack: kstenerud: ^^ ?
<cpaelzer> I didn#t think so
<kstenerud> not sure a ctually
<cpaelzer> there is none (as I expected) according to my checks
<cpaelzer> just wondereing as I hada  bug on triage with apache mod 7.2+5 breaking when both enabled on trusty
<nacc> cpaelzer: that's a bogus bug
<nacc> they eitehr are running ondrej's ppa
<nacc> cpaelzer: or they have hacked their system together
<nacc> pretty sure i know which one you mean
<nacc> L: #1807484 ?
<nacc> LP: #1807484 ?
<ubottu> Launchpad bug 1807484 in php7.2 (Ubuntu) "libapache2-mod-php7.2 crash when apache enmod php5" [Undecided,Incomplete] https://launchpad.net/bugs/1807484
<cpaelzer> yep
<cpaelzer> nacc: hiho btw
<cpaelzer> yeah such a ppa would be my assumption as well
<nacc> cpaelzer: hi! :) and yeah
<teward> cpaelzer: bet you $10 that it's using Ondrej's PPA
<teward> also good morning to all
<cpaelzer> hiho teward
<cpaelzer> the problem is no one is betting against it
<teward> cpaelzer: which means I:InstantWin :P
<teward> ... now if only the systme would stop yeling to me about nginx being stuck in proposed because IT'S PERL'S FAULT I'd be able to focus on things like trying to help with backports' queues >.<
<kinghat> so after i mistakenly removed my only user from the sudoers group, i was able to statically set it via visudo by sshing into the machine by using a live boot in root mode. now that i have added the user back to the sudo group can i remove the user from the static line in sudoers?
<nacc> kinghat: now that you know how to fix it, test it and try? seems like that should be fine, presuming you did it right :)
<kinghat> also, there is a group in the sudoers file called admin. it has less privs than the sudo group so a user doesnt need to be a part of admin if they are already part of sudo?
<mason> teward: The only problem with Perl is that not enough people understand its pure, unadulterated goodness!
<nacc> kinghat: did you read the corresponding comment?
<teward> mason: no, actually, it's because perl works with everything and things'll explode if you aren't careful in version bumps
<teward> so it's not autoreleased from proposed :P
<mason> teward: Is that a Perl issue or a CPAN issue?
<teward> neither.
<kinghat> nacc: your comment? or is there a comment you are referring to in the sudoers file?
<nacc> kinghat: in the sudoers file by default
<teward> mason: too complex to explain here, at least not with the time I have.
<mason> teward: Alright. My personal experience is that base Perl is wonderfully backwards-compatible, and that it's when you start pulling in random other bits that the whole tower becomes unstable.
<kinghat> "# Members of the admin group may gain root privileges"?
<nacc> kinghat: right
<kinghat> may?
<kinghat> "# Allow members of group sudo to execute any command" for sudo.
<Ussat> does Ubuntu server have anything like :  authconfig --enablekrb5 --enablekrb5kdcdns --enablekrb5realmdns --update . this configures kerberos to use t=whats already in krb5.cong without a gui
<ahasenack> rbasak: can you perhaps sponsor this? https://code.launchpad.net/~kstenerud/ubuntu/+source/at/+git/at/+merge/358655
<ahasenack> since you approved it
<rbasak> OK
<sarnold> no doubt if you write your perl like it's 5.004 then things will just work for decades
<teward> sarnold: so then all you have to worry about is {InsertOpenSSLChangesHere} :P
<teward> and it explodes everything xD
<mason> sarnold: Don't give away my secret.
<sarnold> teward: but when that ssl 0.9 client connects, it'll Just Work! :D
<sarnold> mason: hehehe
<teward> sarnold: lol.
<mason> sarnold: SSLeay please. Let's not get all postmodern.
<teward> sarnold: is that before or after the server disables TLS1, 1.1, and 1.2 in favor of TLs 1.3 + Modern ciphers LOL
<teward> the server the scripts connect to*
<sarnold> mason: lol ssleay.. man..
<Angryele> Hey don't suppose anyone can give me a hand? Running Ubuntu Server 18.04.1 LTS having dpkg issues while installing mysql
<teward> Angryele: what issues specifically?
<Angryele> I'm trying to figure out the main problem, when I sudo apt-get install mysql-server I get  this error http://prntscr.com/lt7vz7    dpkg dependency, sub process /usr/bin/dpkg returned an error code (1)
<sarnold> scrollup
<sarnold> the first error is probably higher up the terminal
<teward> sarnold: it's in the screenshot - configure-symlinks: no such file or dir
<sarnold> teward: but *why* didn't mysql-common unpack correctly?
<Angryele> http://prntscr.com/lt7y6n  entire thing incase you wanted it
<sarnold> dang
<sarnold> apt-get purge all the mysql packages and try again?
<Angryele> Yeah done that before but I'll show you that message if its different
<Angryele> Tried updating/upgrading everything before  and when I try apt purge mysql "E: Unable to locate package mysql"
<TJ-> Angryele: did you confirm mysql-common was correctly installed?
<Angryele> No have not
<TJ-> Angryele: that's the package the contains the file that is apparently missing, so I'd "sudo apt --reinstall install mysql-common" first to ensure that is good
<Angryele> http://prntscr.com/lt82n2  Full error I got
<nacc> uh, not using ubuntu packages
<nacc> Angryele: you are using mariadb's packages and mixing them with the ubuntu ones
<TJ-> nacc: nicely spotted
<Angryele> I might of actually, been stuck on this problem for a good couple of hours so might of done that once is one of the google search fixes
<nacc> TJ-: it's probably the number one user error in this channel :)
<Angryele> Whats the recommended fix? Have a mediocre amount of skill, doing this on my friends request as he wants to transition from windows server to ubuntu server but promptly fainted seeing the "all terminal" interface
<nacc> Angryele: remove that repository and all packages from it
<Angryele> Ok now I remembered what happened. Was going through old stuff was installing the pterodactyl game panel I must of installed mariaDB there. Thanks Nacc!
#ubuntu-server 2018-12-11
<cpaelzer> good morning
<lordievader> Good morning
<ahasenack> good morning
<ahasenack> cpaelzer: build-procenv        SKIP Test requires machine-level isolation but testbed does not provide that
<ahasenack> cpaelzer: looks like we don't have machine-isolation for armhf
<ahasenack> I'll have to change that one to use a directory other than /tmp for the debootstrap chroot
<ahasenack> (wrt sbuild dep8 fixes)
<cpaelzer> yeah not for hf
<kstenerud> Is it normal nowadays for lxc containers to have an empty /proc/net/route?
<ahasenack> cpaelzer: so, strongswan
<ahasenack> cpaelzer: I brought up two disco vms, configured like you said, but didn't see apparmor denied messages
<ahasenack> cpaelzer: also, did you figure out where @{pid} gets inserted into the path?
<ahasenack> cpaelzer: and, what is the other way to start up charon? systemd and...? Your instructions say to use "sudo restart ...", but that's from upstart
<cpaelzer> ahasenack: I used systemctl, let me spawn my guests and compare your setup
<ahasenack> cpaelzer: is the apparmor profile enabled by default?
<ahasenack> yep
<ahasenack>  /usr/lib/ipsec/charon (enforce)   742 ?        Ssl    0:00  \_ /usr/lib/ipsec/charon
<cpaelzer> yes it is
<ahasenack> cpaelzer: that iptables line, I copied it as-is, just adapting --local-node
<ahasenack> I'm not sure where that mac came from
<ahasenack> it's not the usual mac for vms, so I figured you made it up
<cpaelzer> do you have actual clusterip entries $ sudo find /proc -iname '*cluster*'
<cpaelzer> ahasenack: that mac is a virtual one for the clusterip
<cpaelzer> ahasenack: no need to match anything, can keep it as is
<ahasenack> ok
<ahasenack> so I ran that, just changing --local-node to 1 or 2 depending on where I run it
<ahasenack> and I have results for that find command
<cpaelzer> ahasenack: I only set it up on one side
<cpaelzer> no need to fully config both ends
<cpaelzer> for th ebug at least
<cpaelzer> ll /proc/net/ipt_CLUSTERIP if it exists
<ahasenack> yes, and it contains
<ahasenack> -rw------- 1 root root 0 Dec 11 12:06 10.10.10.10
<ahasenack> charon was started automatically on system boot
<ahasenack> and I ran the iptables command after
<ahasenack> let me restart strongswan
<ahasenack> maybe it's a plugin that needs loading?
<ahasenack> Dec 10 19:50:25 disco-vpn2 charon: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
<ahasenack> door, 1sec
<cpaelzer> iptables v1.6.1: can't initialize iptables table `filter': Memory allocation problem
<cpaelzer> thanks, my guest seems to have other problems - need that to get my clusterip back ...
<cpaelzer> I'll use a new guest
<cpaelzer> [106082.284333] audit: type=1400 audit(1544530589.122:65): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/5311/net/ipt_CLUSTERIP/" pid=5311 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
<cpaelzer> ahasenack: on a new guest again
<cpaelzer> I realized that the ha.conf is picky on whitespace
<cpaelzer> and the local/remote IP in there seem to at least need to exist
<cpaelzer> ahasenack: http://paste.ubuntu.com/p/Gwn8jbMqGz/
<cpaelzer> that is a ha.conf that worked
<cpaelzer> to be sure on whitespaces
<ahasenack> back
<ahasenack> let me check
<cpaelzer> ahasenack: I tested disco
<cpaelzer> ahasenack: what are you on so we really have the same?
<ahasenack> cpaelzer: https://pastebin.ubuntu.com/p/VKzxrc9wmK/
<ahasenack> I have tabs in one, spaces in another
<ahasenack> cpaelzer: disco
<cpaelzer> well then
<cpaelzer> should be the same
<cpaelzer> still not hitting the apparmor issue?
 * cpaelzer is starting from scratch in a fresh KVM guest
<ahasenack> cpaelzer: then just a restart of strongswan?
<ahasenack> I have this on both:
<ahasenack>  *** 5.7.1-1ubuntu1 500
<ahasenack>         500 http://br.archive.ubuntu.com/ubuntu disco/main amd64 Packages
<cpaelzer> ahasenack: do you have package libcharon-extra-plugins installed?
<ahasenack> cpaelzer: nope
<ahasenack> just standard plugins
<cpaelzer> that is it then
<ahasenack> so it is a missing plugin
<cpaelzer> I updated the description
<cpaelzer> let me know if it now triggers for you please
<ahasenack> installing
<ahasenack> right, and now I actually have a default ha.conf
<ahasenack> I had to create that file before
<ahasenack> [ 1356.947338] audit: type=1400 audit(1544531019.361:77): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/2588/net/ipt_CLUSTERIP/" pid=2588 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
<ahasenack> ok, confirmed
<cpaelzer> thanks
 * cpaelzer slaps himself for imperfect testcase description
<cpaelzer> the text said that it would drag that package in by dependencies
<cpaelzer> but only default plugins are auto-istalled
<ahasenack> cpaelzer: the usr.sbin.charon-systemd profile, do we even install that?
<ahasenack> I can't find it in /etc/apparmor.d
<cpaelzer> not sbin
<ahasenack> I also don't have a /usr/sbin/charon
<cpaelzer> it is /etc/apparmor.d/usr.lib.ipsec.charon
<ahasenack> right, but you are changing both, it's just to keep them in sync?
<cpaelzer> matching the profile in your warning
<ahasenack> not that we use the other one?
<cpaelzer> I change both to keep them in sync
<cpaelzer> there are two ways to start it in the debian package
<ahasenack> what's the other way?
<cpaelzer> and it resolves to one or the other
<cpaelzer> it is installed as profile /etc/apparmor.d/usr.sbin.charon-systemd when you install package charon-systemd
<cpaelzer> not the main route to do things
<cpaelzer> but keeping the profiles in sync usually is correct
<ahasenack> what a peculiar package :)
<cpaelzer> I only try to make it less broken
<ahasenack> did you find out where the pid is inserted into that path? or didn't bother
<cpaelzer> not that it would not have systemd support without it
<cpaelzer> I didn#t see it in the code, but also never tried hard to track it down
<cpaelzer> if I'd need it I'd gdb open calls with a filter
<cpaelzer> but I didn't see the need to
 * cpaelzer -> lunch
<ahasenack> that's fine
<ahasenack> thanks
<muhaha> Guys? Why this: https://pastebin.com/fDKru7Df will not pass exit code 1 from crontab job to dumb-init and container is still running?
<muhaha> I get it, crontab will still run, even if gets exit code 1 from jobs
<cpaelzer> ahasenack: I'll move mysql as well
<cpaelzer> thanks for spotting
<cpaelzer> not sure about swanctl yet, need to take a look
<ahasenack> i don't know what type of socket that is
<ahasenack> seqpacket, protocol 0
<ahasenack> apparently it's a thing
<cpaelzer> maybe it is new'ish nad therefore not covered yet
<ahasenack> cpaelzer: I'm fine with a new bug and leaving that for later
<cpaelzer> no lets do it at once
<cpaelzer> I'm just striggling to get the rule right
<cpaelzer> what I expected to work doesn't
<cpaelzer> (still blocking)
<cpaelzer> I'll ping our appamor/security friends
<Mr_Pan> Hello i have a server with postfix + spamassasin + amavis ...    Is it possible to change in automatic (via Amavis) the subject of an email when there is a certain attachment?  (i.e. .doc  >>   in subject i would add  ++++ Warning +++)
<cpaelzer> ahasenack: the MP is updated if you want to take a look again
<ahasenack> doing so now
<ahasenack> cpaelzer: opinion on adding the bug number to the comment?
<ahasenack> +  # for af-alg plugin
<ahasenack> +  network alg seqpacket,
<cpaelzer> I didn't add it as on next merge this change will be fused with the "mass enablement of extra plugins"
<ahasenack> ah, it's in the d/changelog
<ahasenack> ok
<cpaelzer> but I see no big harm in adding it either, yeah changelog and commit message have the bug ID
<ahasenack> no need then
<ahasenack> changelog is good enough
<ahasenack> cpaelzer: how did you know about that hints MP wrt symfony?
<cpaelzer> I'm subscribed to any hint updates
<ahasenack> good plan
<cpaelzer> ahasenack: here https://code.launchpad.net/~ubuntu-release/britney/hints-ubuntu
<cpaelzer> top right
<ahasenack> done
<kstenerud> Can someone help me with using sbuild? I'm following the instructions at https://wiki.ubuntu.com/SimpleSbuild but it doesn't actually show how to build a package
<tafa2> Does anyone know if there's a simpler Freenas equivalent for Ubuntu or CentOS? Something that allows you to create SFTP accounts and/or add SSH keys (Not webmin though? :P)
<ahasenack> kstenerud: "Using the schroot"
<ahasenack> kstenerud: there is a bit that starts with "Or building via sbuild directly:"
<kstenerud> ahasenack: I've tried that but it doesn't work: https://pastebin.ubuntu.com/p/FRh6sxmBsd/
<ahasenack> kstenerud: sounds like missing build dependencies
<kstenerud> OK, then I'm confused. I though the point of schroot was to get the dependencies?
<kstenerud> without polluting your main sytem
<ahasenack> it's been a while since I last used sbuild, I would hope something would take care of the dependencies, yes
<kstenerud> Otherwise how is this different from apt build-dep && dpkg-buildpackage -S
<kstenerud> Basically: I have a package (for example tomcat8) which I grabbed via git ubuntu pull. How would I go about building it with sbuild?
<kstenerud> without it using whatever happens to be installed on my dev machine
<ahasenack> rbasak is the sbuild expert, I'm sure something small is missing :)
<ahasenack> --build-dep-resolver=resolver
<ahasenack> default is apt
<ahasenack> kstenerud: try -v (verbose)
 * ahasenack lunches
<nacc> kstenerud: was that all the output? or did you filter
<nacc> kstenerud: also -d seems weirdly specified. Did you mean -c ?
<nacc> kstenerud: -d is for specifying the distribution manually
<nacc> but it's also been a while since i used it too
<kstenerud> nacc: That's exactly as it output
<kstenerud> Regardless of how it's supposed to be called, all I want to do is build for example tomcat8 without having to install a bunch of stuff on my dev machine directly
<kstenerud> Here is what happens with -c: https://pastebin.ubuntu.com/p/rBCyMN2bMN/
<rbasak> kstenerud, ahasenack: --resolve-alternatives
<kstenerud> rbasak: I get the same result with --resolve-alternatives
<kstenerud> rbasak: do you have time for a quick chat?
<rbasak> kstenerud: just grabbed something to eat. Ten minutes?
<kstenerud> ok
<MACscr> any recommendations on how i can setup my php-fpm so i dont get this notice every time i update through apt? http://paste.debian.net/1055354/
<MACscr> i am indeed running php7.1-fpm and have for some time now
<MACscr> so i dont get why it need reenabled every time
<MACscr> according to it
<nacc> kstenerud: something else is wrong
<nacc> it should be *much* more verbose
<ahasenack> rbasak: if you are still around, could you please import bind-dyndb-ldap and add it to the whitelist?
<rbasak> ahasenack: done
<ahasenack> rbasak: \o/
<ahasenack> thx
<MACscr> no ideas on my php-fpm question from this morning?
<sdeziel> MACscr:
<sdeziel> MACscr: those are only notices, right? any harm in just ignoring them?
<MACscr> sdeziel not really, but it makes me feel like something is wrong. Not sure why it would be happening
<sdeziel> MACscr: seems just informal messages to me
<MACscr> eh, doesnt make sense to give it if nothing is needed to be done
<sdeziel> MACscr: if you'd like the postinst script to have more smart, you should report this to the PPA owner
<evit> Anyone know when Ubuntu will get latest updates to PHP?
<evit> Quite a few are security related... http://php.net/
<teward> evit: patches for security issues are backported
<teward> the versions themselves usually don't get version bumps for various reasons
<teward> (https://askubuntu.com/questions/151283/why-dont-the-ubuntu-repositories-have-the-latest-versions-of-software is a pretty good way to explain it)
<sdeziel> evit: please open a bug asking for an update of the micro releases
<teward> ^ this as well
<teward> unless you have specific security issues you're specifically referring to
<sdeziel> teward: php 7.0 and 7.2 are special as Ubuntu tracks micro releases
<teward> sdeziel: we don't know which version of Ubuntu evit is using
<teward> sdeziel: but good to know
<teward> evit: might I ask which PHP you're looking at?
<teward> sdeziel: that said if they want mroe than a microrelease bump... :P
<sdeziel> teward: indeed, php5 gets a different treatment
<teward> sdeziel: also wouldn't those partly be handled by Security for security bugs?
<teward> cc sarnold
<sdeziel> teward: yes, the security team usually get to publish those
<sarnold> which CVEs are you interested in?
<teward> evit: sarnold's the server packages security team contact ;)
<sdeziel> evit: you can use LP: #1744148 as template
<ubottu> Launchpad bug 1744148 in php7.0 (Ubuntu Xenial) "[MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3" [Wishlist,Fix released] https://launchpad.net/bugs/1744148
<teward> *hands sarnold the ball, then disappearifies*
<sarnold> I suggest skipping the bug for security issues, we don't track security issues there
<sarnold> if you want an sru for non-security fixes then it's probably fine
<evit> @teward,  I just didn't understand how and why it happens but I do now.
<teward> evit: MRE requests for SRUing bugfixes
<teward> SEcurity team intervention for security packages
<teward> s/security packages/security fixes/
<keithzg[m]> If there's anyone else out there still running FogBugz "For Your Server" on Ubuntu (or any other Linux distro), let me know, we should form a support group in all senses of the term :P
<genii> !info fogbugz
<ubottu> Package fogbugz does not exist in bionic
<JanC> seems like it never supported other versions than 32-bit 10.04 & 12.04
<JanC> so what you really need is to get rid of it
<keithzg[m]> JanC: Don't I know it! Alas, the Engineers at work fear change, and one of them is my boss, so I'm stuck with it for the foreseeable future.
<JanC> I hope it isn't accessible from outside the intranet?
<keithzg[m]> I've already set up an alternate bugtracker (Phabricator) and written largely from scratch a full read-only interface for FogBugz in case the company that owns it decides to finally turn off the licensing server.
<keithzg[m]> JanC: Sure isn't! And it's running on its own VM, as a non-root user, on an 18.04 server, so it's as locked-down as I can get it otherwise.
<JanC> I see some bug trackers have import scripts for fogbugz
<JanC> oh, so it actually works on newer versions?
<keithzg[m]> Yup, I had to write a systemd unit file IIRC? But other than that it's been surprisingly smooth sailing, going up the versions, all the way to 18.04 now.
<JanC> at least that should mean the OS is up-to-date
<keithzg[m]> Yup, and the database too even, since it's actually pointed towards a modern MariaDB installation. It's just the old, terrible server software itself, written in a bespoke variant of Visual Basic (!) compiled into Mono, that's so grievously outdated.
<JanC> I guess they don't depend on a lot of external libraries?
<JanC> ah, Mono
<keithzg[m]> Yeah naw it's pretty much all bundled with it.
<JanC> it's written in VB.NET?
<keithzg[m]> Nope, although maybe it compiles down to that at some point? The language it's written in is "Wasabi", a VB-like language developed in-house by Fog Creek, very ironically since, well, there was a whole thing about that back in the day: https://blog.codinghorror.com/has-joel-spolsky-jumped-the-shark/
<keithzg[m]> Luckily the modern versions of FogBugz aren't written in this proprietary language. Unluckily, they're only available to run on Windows Server using MS SQL for the database backend, and yeah, nope, hard no on that one.
<keithzg[m]> (Also they were nearly an order of magnitude more expensive. And all that's up in the air now since Fog Creek sold off FogBugz to a somewhat sketchy company called DevFactory now.)
<CodeMouse92> keithzg[m]: Y'know, that's kinda a surprising post, since Joel and Jeff have been friends for years, and founded StackOverflow together
<CodeMouse92> I dunno how I feel about either of them, now. Jeff kinda jumped the shark a while back himself.
<keithzg[m]> CodeMouse92: Yeah I know what you mean.
<keithzg[m]> (I don't remember when I noticed, but I distinctly remember thinking "oh hey, now Jeff has jumped the shark" ;)
<CodeMouse92> keithzg[m]: Well, and his dismissal out-of-hand of developing a language is rather alarming. Joel's logic may not have been sound (I don't know, this is just Jeff's interpretation)...but there are valid use cases for developing a language.
<CodeMouse92> I think the both of them just started believing their own press releases, is all.
<keithzg[m]> CodeMouse92: Yeah undoubtedly true.
<keithzg[m]> And yeah that's fair, developing your own language can certainly have a place, although having trounced around FogBugz's source code a while back for my job I . . . don't think it was worth it. (And it really is basically just VisualBasic, Kate's syntax highlighting for VB worked 100% perfectly from what I remember.) And certainly Fog Creek themselves appear to have reconsidered since they eventually abandoned not
<keithzg[m]> just that version of FogBugz but the Wasabi language itself.
<CodeMouse92> keithzg[m]: No, that particular application didn't sound logical.
<JanC> wait until you hear about the guy who wrote a language for creating meta languages...   ;)
<CodeMouse92> keithzg[m]: I think I'm just sitting here and thinking "well, crap, there goes more of the old guard. We're screwed."
<keithzg[m]> CodeMouse92: Hah!
<CodeMouse92> But...I guess we aren't as long as we still have sane people. My current icons include Ben Halpern and April Wensel.
#ubuntu-server 2018-12-12
<cpaelzer> good morning
<lordievader> Good morning
<kstenerud> Good morning!
<Goop> Not really sure if this is the place to ask, but what is a good piece of software to run that I can on Linux where I can create users and it be inserted into a Single-Sign-On solution, because I don't know how to *manage* users graphically, but I have figured a little about how to get SSO to work.
<Goop> Okay, so I have created a test server with one LDAP generic user, inside a posix group. You can see my directory tree: https://i.imgur.com/fIhdNIg.png . However, I cannot seem to figure out what settings I need to give Keycloak: https://i.imgur.com/rtFDc9S.png .
<Goop> Sorry, had to edit the image more. Here are the new links: https://i.imgur.com/fIhdNIg.png and https://i.imgur.com/59YFGao.png
<ahasenack> good morning
<baffle> Hi, I have a systemd/boot problem I can't wrap my head around. I want frr.service to be started at boot. It is referenced here: /etc/systemd/system/network-online.target.wants/frr.service.. network-online.target also wants /etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service ... But systemd-networkd-wait-online.service is never started? systemd-networkd.service is
<baffle> started fine, and network interfaces are configures. I'm using netplan for configuration, as that seems to be the new cool way.
<baffle> frr.service is dead, network-online.target is dead, systemd-networkd-wait-online.service is dead.. Why are they not loaded? :)
<baffle> This is on 18.04.
<Goop> I don't really know how to ask this question, but I've seen several programs that I've ran on Linux CLI that don't do the usual text scrolling, and wanted to know how to code that type of thing. Like, I've ran a Minecraft server, and what it does is it has the user command input on the very bottom line of the terminal, and displays all the server output on lines above (without interfering with the displayed user input).
<lordcirth_> Goop, probably using ncurses or something like that
<baffle> Maybe it uses curses or a similar library.
<ackk> rbasak, hi, do you guys by chance build the git-ubuntu snap in jenkins?
<powersj> ackk, we have a nightly build https://jenkins.ubuntu.com/server/view/git-ubuntu/
<Ussat> what version of ansible comes with 18.04 ?
<ackk> powersj, thanks, i'm asking because we're having some issues building our snap and I wanted to look at similar configs for building in jenkins. will look at the JJB config (we use it too)
<ackk> powersj, oh but you run the build inside a vm?
<powersj> ackk, yeah for a cleaner env.
<ackk> powersj, no multipass? :)
<powersj> ackk, if we were to write it now, we'd use it :)
<ackk> powersj, we tried that but didn't work for us
<powersj> ackk, too bad, did you happen to file a bug?
<ackk> powersj, yeah, our current issues are 1) proxies are not propagated, so VMs can't access archives and 2) the jenkins user would have to be in the sudo group as that's currently required to use multipass
<ackk> the latter can be workarounded, but the former is a blocker for us ATM
<Ussat> NM found what I need thanks
<powersj> ackk, you can use cloud-init to setup apt proxy https://cloudinit.readthedocs.io/en/latest/topics/modules.html#apt-configure "Configure apt proxy"
<ackk> powersj, can you feed that to multipass?
<powersj> yep!
<ackk> oh, that's interesting
<ackk> powersj, how I do that?
<powersj> ackk, https://powersj.io/post/cloud-init-multipass/ :)
<ackk> nice, thanks powersj!
<ackk> powersj, ah, wait but I'm not launching multipass directly, it's snapcraft doing it
<powersj> ackk, ah right, I am not sure if they allow passing arguments
<ackk> powersj, yeah I'm looking at snapcraft sources right now to see if it can be done
<ackk> powersj, oh it seems if you have a user-data.yaml file in your project dir it's passed to multipass
 * ackk goes to try that
<powersj> sweet
<ackk> powersj, is there a way to set the proxy for the whole system in cloud-init?
<ackk> ah that is for the whole system
<ackk> n/m
<ackk> powersj, turns out you can't pass the cloud-init, snapcraft generates one for multipass
<ackk> so, no way to pass the proxy there at the moment (should be a fairly trivial change in snapcraft though)
<powersj> ackk, can you report a bug to snapcraft about not being able to pass a proxy?
<powersj> or even a forum post
<ackk> powersj, i did already, lemme find it
<powersj> sweet! thanks
<ackk> powersj, https://bugs.launchpad.net/snapcraft/+bug/1807988
<ubottu> Launchpad bug 1807988 in Snapcraft "snapcraft should propagate proxy settings to multipass VMs" [Undecided,New]
<ackk> powersj, I also filed one for multiipass, as if multipass has a proxy set it should likely pass it to VMs as well
<axisys> why doesn't it add the routes from interfaces file?
<axisys> should I change `up ip route ..` with `post-up ..` ?
<teward> axisys: i'm confused with the question?
<teward> are you on 18.04?  16.04?
<axisys> teward: up ip route add 192.168.100.25 via 192.168.1.1
<axisys> teward: this route does show come up at reboot
<axisys> teward: I end up manuallu running the ip route add command after boot
<nacc> axisys: answer the second questions from teward for us to be able to help (18.04? 16.04?)
<axisys> ah.. 14.04
<lordcirth_> axisys, 'up' works for me on 16.04, but you could try post-up.
<axisys> lordcirth_: ok
<lordcirth_> axisys, also, note that 14.04 isn't supported much longer.  You should start planning to upgrade.
<axisys> lordcirth_: right.. our sdwan vendor testing their code on next release..
<axisys> lordcirth_: did not help
<axisys> lordcirth_: almost tempting to right a new upstart script to force it..
<axisys> any other ideas?
<teward> stupid suggestion is rc.local
<teward> i think 14.04 still has that enabled by default...
<teward> and then just add your route add rules there
<teward> but that presupposed that the interface is up :|
<axisys> heh
<axisys> upstart can check that ..
<teward> though as was said, 14.04 is near dead, 16.04 would be SystemD :P
<teward> ... which reminds me I need to get this one-run SystemD script working for my 18.04 server to do some final on-boot tasks...
<nacc> rbasak: kstenerud: i assume you've also seen the transition trackers for 7.2 and 7.3?
<nacc> https://people.canonical.com/~ubuntu-archive/transitions/html/php7.3.html
<nacc> https://people.canonical.com/~ubuntu-archive/transitions/html/php7.2-rm.html
#ubuntu-server 2018-12-13
<lordievader> Good moning
<tumbleweed> xenial amd64 images seem to be missing in AWS us-east-1: curl -s https://cloud-images.ubuntu.com/query/xenial/server/released.current.txt | grep 'amd64.*us-east'
<tumbleweed> (vs bionic)
<tumbleweed> filed https://bugs.launchpad.net/cloud-images/+bug/1808304
<ubottu> Launchpad bug 1808304 in cloud-images "Missing xenial amd64 images AWS us-east-1" [Undecided,New]
<tobias-urdin> coreycb: in cloud-archive bionic-updates/stein the aodh-api seems to not be dropping the apache config but postinst tries to a2ensite it
<tobias-urdin> coreycb: nvm, is probably my fault when puppet purges all configs :)
<tobias-urdin> coreycb: might need to bump python3-eventlet to > 0.21, upper-constraints says 0.24.1 is max, eventlet https is broken so for example glance running under https fails
<tobias-urdin> coreycb: seems like fedora bumped that to python3-eventlet to 0.24 for stein python3, i'm in pto tomorrow but maybe you could look into it
<tobias-urdin> let me know if you want a bug report to track it
<tobias-urdin> got info that https glance might not even work with eventlet 0.24 either, so maybe it doesn't matter, guess we'll have to disable glance https for now
<kstenerud> Has anyone ever had the situation where a freshly checked out repo has unstaged changes?
<tobias-urdin> coreycb: quoting a RDO packager "some issues are fixed in 0.24"
<ahasenack> good morning
<hays> cant figure out on this system why 127.0.0.1 is somehow getting to another machine on the network
<hays> tcpdump filtered by port doesn't show it leaving any interfaces, but I see it on the receiving end--i think on lo of all place
<hays> no ssh clients running (no tunnels i don't think)
<hays> iptables-save is blank, ufw is disabled
<hays> im pretty stumped
<peetaur2> hays: try nethogs and then send lots of data there to make it come up in nethogs
<tomreyn> hays: what are the facts you have so far about "127.0.0.1 is somehow getting to another machine on the network"?
<hays> tomreyn: both the machines are running a process that returns a GUID through a REST API
<hays> On machine 1 I can connect to that API on localhost and get the GUID for machine 2, but if I give the actual IP address of the machine, I get machine 1
<hays> localhost, 127.0.0.1, 127.0.1.1, ::1 all go to machine 2
<tomreyn> you connect (API consumer) using CLI utilities or web browsers?
<hays> it is a library called python requests
<bipul> How would i know my cloud init is diabled or not?
<bipul> I tried with echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg , but failed to do so..
<hays> tomreyn: i have a script that uses the python requests API
<hays> ive used it before, its pretty well tested
<tomreyn> hays: i see. if you can make the API log its responses, too, add the source of the information (hostname), maybe this will help. i'm puzzled, too. i'd say check arp tables (ip neigh), make sure the MAC addresses point to the right systems and check both systems' routing tables (ip route).
<tomreyn> my guess is on a caching issue due to an earlier (since resolved) misconfiguration on node 1.
<hays> ill keep digging.  i didnt see anything obvious with ip route or arp, but i honestly dont know exactly how to decode some of the more obscure routes, e.g., ip route show table lo
<hays> oddly, i've seen something eerily similar to this on another machine, but for some reason it was only ipv4
<hays> never figured out root cause
<tomreyn> there should be no table for lo in the first place.
<hays> that was a fedora box
<hays> tomreyn: try typing ip route show table local
<hays> this is the table i am not sure i understand
<hays> i think ip route show filters out some routes from display normally
<tomreyn> hays: as ip-route(8) explains, this will show the destinations assigned to the this very system. Packets addressed to these IP addresses, when handled by the systems' routing code (kernel), are looped back and delivered locally.
<muhaha> Anyone has experinece with SCEP and certmonger?
<kinghat> does livepatch work on ubuntu server?
<nacc> kinghat: yes, it'
<nacc> kinghat: yes, it's about the kernel, not the installation type, afaik
<kinghat> ah
<kinghat> how do you feel about snaps on server?
<nacc> kinghat: if you need an app that is packaged as a snap, then use it. Dunno what you mean, exactly, kinghat
<kinghat> sudo snap install canonical-livepatch
<kinghat> i thought there was contention around using snaps. especially with security.
<lordcirth_> There are a number of snaps that really should just be deb packages.  But they have their uses.
<lordcirth_> The problem is when people bundle their apps in a snap with the version of libraries they developed with, and then never update it.  And then your app is running with openssl way out of date.
<nacc> lordcirth_: the store automatically scans for stuff like that, fwiw
<nacc> and emails the owners
<lordcirth_> Ah, that's good
<nacc> citing "some...contention" is really not a way to discuss it
<nacc> specific issues would be good, otherwise, do some research
<teward> anyone got the bug about how LVM sets up only a 4GB LV inside the PV and doesn't autoset it to expand with subiquity?
<teward> I forget the exact bug number
<powersj> teward, https://bugs.launchpad.net/subiquity/+bug/1785321
<ubottu> Launchpad bug 1785321 in subiquity "LVM Entire Disk option does not use entire disk" [Undecided,New]
<teward> powersj: thank you kindly.
<ahasenack> teward: you just remembered the approximate bug number? :)
<ahasenack> starts with 1? :)
<teward> ahasenack: lol.
<teward> ahasenack: that's 90% of the bugs I work with xD
<ahasenack> wonder when we will reach 2
<teward> i have a few that start with 9 but :P
<ahasenack> yeah, precious old bugs
#ubuntu-server 2018-12-14
<arooni> is there an equivalent to htop but for say storage and high level dashboard of server status/health
<arooni> not necessarily every process thats running
<arooni> just important metrics?
<sarnold> almost too many
<sarnold> arooni: atop is popular, pcp atop is popular; running stats collection tools and feeding into grafana or observium is popular
<arooni> thanks for the overview :)
<hays> anyone interested to hear that the issue was ? i figured it out (localhost going to an adjacent server on the network)
<sarnold> wow, that's a pretty good trick, how'd you do that? :)
<hays> HTTP_PROXY was set
<hays> 127.0.0.1 and localhost traffic was sent to it, and then it returned localhost from that machine
<tomreyn> so it should have shown up in pcaps
<hays> that garbage stole 8 hours of my life
<hays> what tipped me off was curling to a dead port brought back a squid error
<hays> and then telnet to same port was refused
<sarnold> heh, I've had those surprise squid errors before..
<sarnold> thanks for the reminder to swap back to my home archive
<hays> tomreyn: pcaps were hard because the port was different than one might expect
<hays> was connecting to 9080, but no traffic out of 9080
<hays> i ended up putting a guid in the header, and grepping that instead of filtering on port
<tomreyn> hays: i see. debugging such things can be tricky, glad you worked it out.
<jmazaredo> im getting curtain command install preparing for installation configuring storage running 'curtain block-meta custom' curtain command block-meta removing previous storage device
<jmazaredo> when installing ubuntu server/desktop on raid 1 drive
<jmazaredo> ubuntu shows 2 drives instead of 1 . Also before, the os in the server is Centos7 which I also installed only shows 1 drive (hardware raid 1)
<jmazaredo> ubuntu server 18.10
<jmazaredo> I tried now ubuntu 16.04 it works no issue shows only 1 drive
<lordievader> Good morning
<ahasenack> good morning
<smoser> cpaelzer: https://code.launchpad.net/~smoser/ubuntu/+source/grub-legacy-ec2/+git/grub-legacy-ec2/+merge/360897 if you had some time, your thoughts there are appreciated.
<ahasenack> rbasak: not sure if I need a review, but it doesn't hurt. Two no-change rebuilds due to bind9 new sonames. Bind9 is uploaded already, currently running tests in proposed
<ahasenack> rbasak: https://code.launchpad.net/~ahasenack/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/360934
<ahasenack> rbasak: https://code.launchpad.net/~ahasenack/ubuntu/+source/debian-installer/+git/debian-installer/+merge/360936
<nacc> ahasenack: a no-chnage rebuild should just be a changelog entry, right? I'd say you don't need a review for that :)
<ahasenack> yeah
<ahasenack> but... :)
<ahasenack> we have standup in a few, I can wait until then
<nacc> heh
<wo0f> arooni: glances
<wo0f> imho
<DammitJim> if RemoveIPC is commented out in /etc/systemd/logind.conf, what is the default setting?
<cyberspectre> Hi all. I recently used certbot to get certificate for my ubuntu server. Ever since, clicking on a link to an image file from an index page leads to a 403 forbidden. But when you enter the URL for the image manually, it works
<rbasak> How did you install certbot?
<cyberspectre> hm, let me check, hang on
<rbasak> certbot does have a command to roll back configuration changes it performed.
<cyberspectre> rbasak, I installed via apt
<rbasak> I forget the name of the command
<rbasak> "certbot help" should tell you
<cyberspectre> But certbot did give me a certificate and I want that
<JanC> cyberspectre: do the index pages link to the images using HTTP or using HTTPS?
<cyberspectre> JanC, http://nutrigold.info/productimages/
<cyberspectre> I'm not sure. Their hrefs are relative
<JanC> yeah, so that's not the problem
<JanC> try checking the server logs if there are error messages explaining why it forbids access
<JanC> it seems as if it does the opposite of a "direct linking protection"...
<JanC> or "hotlinking protection" or whatever else it's being named
<JanC> so I wonder if something like that is misconfigured...
<cyberspectre> JanC, I will check the logs
<Gorian> say, does anyone here know anything about the "dialog.so" plugin on ubuntu server?
<TJ-> Gorian: there are several packages that have such; which do you mean?
<Gorian> TJ-: Sorry, mariadb
<keithzg[m]> So how in the world does one get the information on the state of an APC UPS unit from Ubuntu? I have a unit that's chirping away when the alarm isn't silenced, and apcupsd is running and it does at least send broadcast messages to my local shell sessions, but running `sudo apcaccess` doesn't return any fields that actually report anything being wrong as far as I can tell.
<Gorian> anyway, to answer my question: you have to install "libmariadbclient18" as "dialog.so" is not installed by either "mariadb-server" or "mariadb-client"
#ubuntu-server 2018-12-16
<NyanCat> I'm attempting to restart the networking service on a newly installed 16.04 armhf server
<NyanCat> And so far, neither `service` or `systemctl` will work
<cryptodan_mobile> NyanCat: tried it with sudo
<bindi> systemd-resolve seems to listen on all interfaces, how do I fix that? Fiddling with a 18.04 VM since a lot has changed, trying to replicate my current 16.04 setup for a reinstall
<bindi> actually it's 127.0.0.1 but dnsmasq wants that
<bindi> I can probably get rid of it then
<bindi> actually it's 127.0.0.53 :P
<bindi> ok, found the DNSStubListener
<lordievader> Good morning
<allquixotic> Hi, I have an Ubuntu Server 18.04.1 dedicated server that I migrated to a new server by copying the HDDs. Both old and new are similar hardware in a datacenter, with two static IP /27 subnets (publicly routable) used for LXD and libvirt/KVM guests. I migrated the subnets from the old to the new server, and all my LXD guests using macvlan are working great. But my KVM guests using macvtap have no network connectivity. I don't
<allquixotic> think it's a guest-side issue because the gateway is the same (and the same gateway works in the LXD guests), and the only host-side change I needed was to change the name of the Ethernet adapter in the libvirt macvtap configuration from eno1 to enp3s0f0. How can I diagnose the problem further?
<kinghat> i have a machine with ubuntu server on a smaller USB flash drive. is it possible to move the OS to a new drive seamlessly?
<kinghat> like make exact copy of OS to new drive, pull old drive, reboot, profit?
<allquixotic> kinghat: if the new drive is the same capacity or bigger, you can just use the dd command
<allquixotic> make triple sure you get the drive names right first, but something like `dd if=/dev/sd1st of=/dev/sd2nd bs=1M` (as root, of course) should do it, replacing "1st" and "2nd" with the correct letters
<kinghat> allquixotic: and everything should just work?
<allquixotic> well, if you leave both drives plugged in, you'll somehow have to indicate to your motherboard to boot the right drive, but if you unplug the old one it'll probably boot right up if you have USB drives higher in the boot order than anything else on the system.
<allquixotic> the rootfs drive letter might change and that could mess up your boot, but it'll probably be fine if you unplug the old drive first
<kinghat> ya the first drive is going to be unplugged.
<kinghat> tyvm
<allquixotic> there is nothing about that question that's specific to Ubuntu server, by the way; you can probably get a more active response in just #ubuntu (but don't use the word "server" or they will point you here ;))
<kinghat> #protip
#ubuntu-server 2019-12-09
<lordievader> Good morning
<gokhani> hi folks, I accidentaly removed all my /usr/lib file. How can I restore my server ?
<rbasak> gokhani: there isn't a reliable way to do that, apart from restoring from backup or reinstalling.
<gokhani> Ä± have an apt archive but it doesn't contain apt itself
<gokhani> rbasak, ^^
<gokhani> is it possible tol reinstall apt
<gokhani> tol *to
<mgedmin> if you have a second server with the same ubuntu version and architecture and maybe roughly the same packages installed, you can copy /usr/lib from it, then use debsums to discover what files are missing and reinstall those packages with apt install --reinstall
<gokhani> mgedmin, yes I have a second server with the same ubuntu version and architecture and same packages installed . ssh is broken so I am trying to find ways for copying files
<Aison> hello, i'm running a mail server (postfix) under ubuntu bionic
<Aison> besides that I have a ubuntu server with eoan and another one with bionic
<Aison> ssmtp on eoan is no longer working?!?
<Aison> but ssmtp on the bionic server works. The config is the same
<Aison> may the problem related to TLS?
<Aison> ok, it is a TLS problem...
#ubuntu-server 2019-12-10
<dabukalam> is there a default password to the 'ubuntu-server' user you get ttyed to from ubiquity?
<sarnold> hmm, what install media did you use? I don't recall seeing 'ubuntu-server' as the user account before
<sarnold> 'ubuntu' is sometimes the password
<lordievader> Good morning
<sarthor> HI, I just deleted rm -rf /usr/lib/systemd/ by mistake .. can i go back or reinstall ubuntu ?
<sarthor> did nothing after that.. just now deleted before a minute. :))
<lordievader> You might be fine after copying this folder from a live-cd. Though there may be missing services. Depending on what you have installed.
<frickler> jamespage: I've updated https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1839592 with my findings. Is there a chance to update to a new minor release of glibc in bionic-updates? I would want to avoid the task of having to find the relevant subset of patches for backporting
<ubottu> Launchpad bug 1839592 in glibc (Ubuntu) "Open vSwitch (Version 2.9.2) goes into deadlocked state" [Undecided,Confirmed]
<dabukalam> sarnold: sorry just saw this
<dabukalam> I did try ubuntu I think to no avail
<dabukalam> i suspect there is no password since I get thrown straight in
<dabukalam> maybe I could set one up though
<dabukalam> since sudo just works
<smoser> powersj, rcj, philroche i'm going to let my simplestreams membership expire unless someone objects.
<smoser> I have no objection to being in it, but don't really intend to look at reviews or do any work on it unless someone prompts me to.
<weedmic> dabukalam: the original account you create is a regular user who is in sudo users group.  sudo makes you root for that command session.  you can create a root account that can login, but it is not what most ubuntu users do.
<powersj> smoser, thanks for the heads up
<rcj> smoser: ack and thank you
<dennis38>  using uvt-kvm create --user-data filename and, while the vm is created, none of what I've specified in the user data file is being applied. I have tried including debug: verbose: true (properly formatted of course) and nothing at all is output to stderr or stdout.
<dennis38>  ubuntu 18.04, guest ubuntu 16.04
<powersj> dennis38, have you look at the cloud-init logs in /var/log?
<dennis38> I have just now noticed, at your prompting, that there are such files on the guest. I would have expected to find them on the host.
<dennis38> Thanks, now I have something to work with
#ubuntu-server 2019-12-11
<sdeziel> on a Ubuntu 16.04, do-release-upgrade says there are no new release found. What am I missing?
<lotuspsychje> !ltsupgrade | sdeziel
<ubottu> sdeziel: Upgrade from 16.04 to current 18.04 is now available, if you do not receive the upgrade window try update-manager -c
<sdeziel> lotuspsychje: I just found the problem: do-release-upgrade uses the apt proxy to try to connect to changelogs.ubuntu.com:443 but concludes that no update is available if it receive a "403 CONNECT denied"
<lotuspsychje> oh nvm, i missed were in -server here, no GUI update manager :p
<Odd_Bloke> sdeziel: I was about to point you to a relevant bug then... realised you just filed it. :p
<sdeziel> hehe
<weedmic> i have a linux machine which has corsair ddr4 2400 8gb non-ecc ram - 8 each - i get this error "EDAC sbridge: Couldn't find mci handler" - i thought I needed to change something in the bios, but found nothing about ecc.  how do I fix error?
<weedmic> is this RAM related or actually PCI slot related?
<genii> It's RAM related.
<ChmEarl> weedmic, in bios, set optimal defaults ?
<weedmic> q
<OerHeks> update bios, test ram per pair...
#ubuntu-server 2019-12-12
<neildugan> I am trying to get the 'minimal' server iso to work installing with raid1...  I tried using 2 md partitions (/,swap) ... this failed to install grub ... I tried to use 3 partitions ('bios/500M','raid1 as root 16GB','raid1 as swap 8G') this hung up at the ... Running "update-gurb" ... stage ... :-( ... and ideas on what I am doing wrong here?
<Aison> hello, just installed ubuntu server 19.10
<Aison> I tried to setup the network, therefore I placed some config files into /etc/systemd/network
<Aison> but somehow everything is ignored
<Aison> why?
<Aison> any help how to configure network on 19.10? in past I simply used /etc/network/interfaces
<Aison> but this is no longer working
<lordievader> Good morning
<coreycb> sahid: python-keystoneclient is uploaded, thanks
<coreycb> sahid: python-castellan uploaded
<coreycb> sahid: python-tooz and python-ironicclient uploaded
<coreycb> sahid: python-oslo.policy and python-zunclient uploaded
<sahid> coreycb: ack
<sahid> have you changed something in python-zunclient?
<coreycb> sahid: yes, sorry didn't ping you about it. it's in the log under "Merge cleanup".
<sahid> no worries thank you for your assistance on it
<Aison> hello
<Aison> can I use debian-sys-maint to change the root password in mysql?
#ubuntu-server 2019-12-13
<lordievader> Good morning
<ducasse> Aison: to get /etc/network/interfaces working you need to install the ifupdown package, but getting networkd working would be the better option
<Aison> ducasse, thx, I found the solution: I had to remove netplan
<Aison> now systemd networkd works :D
<ducasse> \o/
<RootChaos> anyone with experience on SCSI LUNs here?
<RoyK> RootChaos: yes
<RoyK> RootChaos: but that was some time ago ;)
<zetheroo> is there a way to execute a command at a certain time from the command line without using crontab?
<zetheroo> basically just want to "run command X at 15:30 today"
<cyphermox> Aison: fwiw, that's the wrong solution. you should only have to remove the files in /etc/netplan, because netplan's purpose is to render what is described there into files for systemd-networkd (and it drops them in /run/systemd/network, which is why yours would generally have lower priority)
<cyphermox> of course nothing wrong in itself if you really want to remove netplan from the system, but hey, then you're removing core stuff from the image, potentially getting ahead of other different problems
<cyphermox> zetheroo: the at command
<zetheroo> cyphermox: ok, will look it up. tks
<cyphermox> zetheroo: you can do fun stuff like 'at now + 5 minutes ...' or 'at 15:30', etc.
<zetheroo> cool
<Aison> cyphermox, yes, you are right of course
<sdeziel> zetheroo: I never really grok at's syntax so I quick and dirty alternative: tmux with "sleep 5h && command && exit"
<lordcirth__> sdeziel,  echo "command" | at 5h
<sdeziel> lordcirth__: right, not exactly rocket science ;)
#ubuntu-server 2019-12-15
<Aison0> hello, is radvd somehow borked in ubuntu eoan? systemctl start radvd always says: Failed to start Router advertisement daemon for IPv6.
<Aison0> but when I start radvd by "hand", it works (radvd -C /etc/radvd.conf -n)
<Aison0> radvd.service: Failed to set up mount namespacing: Stale file handle
<mybalzitch> so X11 forwarding in 19.10, does it still work for anyone else?
<mybalzitch> AMD64
